Check UID in getUiccCardsInfoSecurity
To avoid the case where a caller calls
PhoneInterfaceManager#getUiccCardsInfoSecurity using reflection and
supplies a calling package with privilege which isn't their own package,
we confirm that the calling package UID matches the supplied package.
Bug: 146570216
Test: atest com.android.phone.PhoneInterfaceManagerTest
Change-Id: Id08009f2feb281c20aaad55aa89faae66b709f88
Merged-In: Id08009f2feb281c20aaad55aa89faae66b709f88
(cherry picked from commit 102b27765aadb26935faa9b89bb0c784d019fd18)
diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
index d0ed9bd..2061796 100755
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java
@@ -113,6 +113,7 @@
import com.android.ims.ImsException;
import com.android.ims.ImsManager;
import com.android.ims.internal.IImsServiceFeatureCallback;
+import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.telephony.CallManager;
import com.android.internal.telephony.CallStateException;
import com.android.internal.telephony.CarrierInfoManager;
@@ -1319,7 +1320,8 @@
}
/** Private constructor; @see init() */
- private PhoneInterfaceManager(PhoneGlobals app) {
+ @VisibleForTesting
+ /* package */ PhoneInterfaceManager(PhoneGlobals app) {
mApp = app;
mCM = PhoneGlobals.getInstance().mCM;
mUserManager = (UserManager) app.getSystemService(Context.USER_SERVICE);
@@ -6325,6 +6327,15 @@
@Override
public List<UiccCardInfo> getUiccCardsInfo(String callingPackage) {
+ try {
+ PackageManager pm = mApp.getPackageManager();
+ if (Binder.getCallingUid() != pm.getPackageUid(callingPackage, 0)) {
+ throw new SecurityException("Calling package " + callingPackage + " does not match "
+ + "calling UID");
+ }
+ } catch (PackageManager.NameNotFoundException e) {
+ throw new SecurityException("Invalid calling package. e=" + e);
+ }
boolean hasReadPermission = false;
try {
enforceReadPrivilegedPermission("getUiccCardsInfo");