Allow holders of READ_PRIVILEGED_PHONE_STATE to access serial

Change-Id: I80e56dc87b34dc8f0e9c468a3078e86258837d1f
2016-10-05 18:24:31 -07:00
parent 1f195c70c9
commit 31c2bba542
1 changed files with 10 additions and 3 deletions
--- a/services/core/java/com/android/server/os/DeviceIdentifiersPolicyService.java
+++ b/services/core/java/com/android/server/os/DeviceIdentifiersPolicyService.java
@@ -20,6 +20,7 @@ import android.Manifest;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.content.Context;
+import android.content.pm.PackageManager;
 import android.os.Binder;
 import android.os.Build;
 import android.os.IDeviceIdentifiersPolicyService;
@@ -53,9 +54,15 @@ public final class DeviceIdentifiersPolicyService extends SystemService {

        @Override
        public @Nullable String getSerial() throws RemoteException {
-            if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID) {
-                mContext.enforceCallingOrSelfPermission(
-                        Manifest.permission.READ_PHONE_STATE, "getSerial");
+            if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID
+                    && mContext.checkCallingOrSelfPermission(
+                            Manifest.permission.READ_PHONE_STATE)
+                                    != PackageManager.PERMISSION_GRANTED
+                    && mContext.checkCallingOrSelfPermission(
+                            Manifest.permission.READ_PRIVILEGED_PHONE_STATE)
+                                    != PackageManager.PERMISSION_GRANTED) {
+                throw new SecurityException("getSerial requires READ_PHONE_STATE"
+                        + " or READ_PRIVILEGED_PHONE_STATE permission");
            }
            return SystemProperties.get("ro.serialno", Build.UNKNOWN);
        }