Update carrier privilege check in enforceSubscriptionPlanAccess

Remove isEmbedded() check, since this can be called on both PSIM and ESIM. Replace SM#canManageSubscription with TM#hasCarrierPrivileges, since it is a superset of the checks done in SM#canManageSubscription and applies to both PSIMs as well as ESIMS. Updated the documentation for the two APIs to clarify the differences. Test: atest CtsTelephonyTestCases (SubscriptionManagerTest) Fix: 180451446 Change-Id: Icb4e2c619dacaea9e74cedea31865ec1eb689dce
2021-02-23 12:21:24 -08:00
parent e1e036661c
commit 172f15e5e1
4 changed files with 21 additions and 11 deletions
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -3067,23 +3067,19 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
        // Verify they're not lying about package name
        mAppOps.checkPackage(callingUid, callingPackage);

-        final SubscriptionManager sm;
-        final SubscriptionInfo si;
        final PersistableBundle config;
+        final TelephonyManager tm;
        final long token = Binder.clearCallingIdentity();
        try {
-            sm = mContext.getSystemService(SubscriptionManager.class);
-            si = sm.getActiveSubscriptionInfo(subId);
            config = mCarrierConfigManager.getConfigForSubId(subId);
+            tm = mContext.getSystemService(TelephonyManager.class);
        } finally {
            Binder.restoreCallingIdentity(token);
        }

-        // First check: is caller the CarrierService?
-        if (si != null) {
-            if (si.isEmbedded() && sm.canManageSubscription(si, callingPackage)) {
-                return;
-            }
+        // First check: does caller have carrier privilege?
+        if (tm != null && tm.hasCarrierPrivileges(subId)) {
+            return;
        }

        // Second check: has the CarrierService delegated access?
--- a/telephony/java/android/telephony/SubscriptionInfo.java
+++ b/telephony/java/android/telephony/SubscriptionInfo.java
@@ -148,13 +148,14 @@ public class SubscriptionInfo implements Parcelable {

    /**
     * The access rules for this subscription, if it is embedded and defines any.
+     * This does not include access rules for non-embedded subscriptions.
     */
    @Nullable
    private UiccAccessRule[] mNativeAccessRules;

    /**
     * The carrier certificates for this subscription that are saved in carrier configs.
-     * The other carrier certificates are embedded on Uicc and stored as part of mNativeAccessRules.
+     * This does not include access rules from the Uicc, whether embedded or non-embedded.
     */
    @Nullable
    private UiccAccessRule[] mCarrierConfigAccessRules;
@@ -661,7 +662,6 @@ public class SubscriptionInfo implements Parcelable {
     * is authorized to manage this subscription.
     * TODO and fix it properly in R / master: either deprecate this and have 3 APIs
     *  native + carrier + all, or have this return all by default.
-     * @throws UnsupportedOperationException if this subscription is not embedded.
     * @hide
     */
    @SystemApi
--- a/telephony/java/android/telephony/SubscriptionManager.java
+++ b/telephony/java/android/telephony/SubscriptionManager.java
@@ -2631,6 +2631,10 @@ public class SubscriptionManager {
     * Checks whether the app with the given context is authorized to manage the given subscription
     * according to its metadata.
     *
+     * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns
+     * true). To check for permissions for non-embedded subscription as well,
+     * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}.
+     *
     * @param info The subscription to check.
     * @return whether the app is authorized to manage this subscription per its metadata.
     */
@@ -2643,6 +2647,10 @@ public class SubscriptionManager {
     * be authorized if it is included in the {@link android.telephony.UiccAccessRule} of the
     * {@link android.telephony.SubscriptionInfo} with the access status.
     *
+     * Only supported for embedded subscriptions (if {@link SubscriptionInfo#isEmbedded} returns
+     * true). To check for permissions for non-embedded subscription as well,
+     * {@see android.telephony.TelephonyManager#hasCarrierPrivileges}.
+     *
     * @param info The subscription to check.
     * @param packageName Package name of the app to check.
     * @return whether the app is authorized to manage this subscription per its access rules.
--- a/telephony/java/android/telephony/TelephonyManager.java
+++ b/telephony/java/android/telephony/TelephonyManager.java
@@ -8534,6 +8534,9 @@ public class TelephonyManager {
     * call will return true. This access is granted by the owner of the UICC
     * card and does not depend on the registered carrier.
     *
+     * Note that this API applies to both physical and embedded subscriptions and
+     * is a superset of the checks done in SubscriptionManager#canManageSubscription.
+     *
     * @return true if the app has carrier privileges.
     */
    public boolean hasCarrierPrivileges() {
@@ -8547,6 +8550,9 @@ public class TelephonyManager {
     * call will return true. This access is granted by the owner of the UICC
     * card and does not depend on the registered carrier.
     *
+     * Note that this API applies to both physical and embedded subscriptions and
+     * is a superset of the checks done in SubscriptionManager#canManageSubscription.
+     *
     * @param subId The subscription to use.
     * @return true if the app has carrier privileges.
     * @hide