From 33b150937522ccda37567c1303117ac8f1bb6f7f Mon Sep 17 00:00:00 2001 From: Svet Ganov Date: Wed, 7 Mar 2018 19:53:43 -0800 Subject: [PATCH] Throw on revoked location permission - framework When we fixed proper handling of location permisison gating sensitive telephony calls we stopped throwing a security exception when the permission is not held by the caller. While this is not a security issue there is no reason to change this behavior which is checked by CTS. This CL starts throwing a security exception if the permission is not held. Test: atest android.permission.cts.NoLocationPermissionTest bug: 74074103 Change-Id: Ic891d62b408c692f84a345f24503f7f25d583e35 --- .../java/com/android/server/TelephonyRegistry.java | 3 ++- .../android/telephony/LocationAccessPolicy.java | 14 +++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/services/core/java/com/android/server/TelephonyRegistry.java b/services/core/java/com/android/server/TelephonyRegistry.java index 539c00135f6a1..83fe97697194f 100644 --- a/services/core/java/com/android/server/TelephonyRegistry.java +++ b/services/core/java/com/android/server/TelephonyRegistry.java @@ -1753,7 +1753,8 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub { long token = Binder.clearCallingIdentity(); try { return LocationAccessPolicy.canAccessCellLocation(mContext, - r.callingPackage, r.callerUid, r.callerPid); + r.callingPackage, r.callerUid, r.callerPid, + /*throwOnDeniedPermission*/ false); } finally { Binder.restoreCallingIdentity(token); } diff --git a/telephony/java/android/telephony/LocationAccessPolicy.java b/telephony/java/android/telephony/LocationAccessPolicy.java index 6480aab06febb..6db8e825dbf0d 100644 --- a/telephony/java/android/telephony/LocationAccessPolicy.java +++ b/telephony/java/android/telephony/LocationAccessPolicy.java @@ -40,17 +40,19 @@ import java.util.List; */ public final class LocationAccessPolicy { private static final String LOG_TAG = LocationAccessPolicy.class.getSimpleName(); + /** * API to determine if the caller has permissions to get cell location. * * @param pkgName Package name of the application requesting access * @param uid The uid of the package * @param pid The pid of the package + * @param throwOnDeniedPermission Whether to throw if the location permission is denied. * @return boolean true or false if permissions is granted */ public static boolean canAccessCellLocation(@NonNull Context context, @NonNull String pkgName, - int uid, int pid) throws SecurityException { - Trace.beginSection("TelephonyLocationCheck"); + int uid, int pid, boolean throwOnDeniedPermission) throws SecurityException { + Trace.beginSection("TelephonyLohcationCheck"); try { // Always allow the phone process to access location. This avoid breaking legacy code // that rely on public-facing APIs to access cell location, and it doesn't create a @@ -65,9 +67,11 @@ public final class LocationAccessPolicy { // where a legacy app the user is not using tracks their location. // Granting ACCESS_FINE_LOCATION to an app automatically grants it // ACCESS_COARSE_LOCATION. - - if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, pid, uid) == - PackageManager.PERMISSION_DENIED) { + if (throwOnDeniedPermission) { + context.enforcePermission(Manifest.permission.ACCESS_COARSE_LOCATION, + pid, uid, "canAccessCellLocation"); + } else if (context.checkPermission(Manifest.permission.ACCESS_COARSE_LOCATION, + pid, uid) == PackageManager.PERMISSION_DENIED) { return false; } final int opCode = AppOpsManager.permissionToOpCode(