Allow platform app to use USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission
This permission is intended for 3rd party apps only with appops, but it's not allowed to say 'appop' without 'signature' as android:protectionLevel. So also honor platform key signed app using this permission. Bug: 174263375 Test: `atest android.telephony.cts.TelephonyManagerTest#testTelephonyManager` pass on crosshatch Change-Id: I889c9342cae09ffeeb028cede30f59f2b35b4ea7
This commit is contained in:
Meng Wang
@@ -405,6 +405,10 @@ public final class TelephonyPermissions {
|
||||
*/
|
||||
public static boolean checkCallingOrSelfUseIccAuthWithDeviceIdentifier(Context context,
|
||||
String callingPackage, String callingFeatureId, String message) {
|
||||
// The implementation follows PermissionChecker.checkAppOpPermission, but it cannot be
|
||||
// used directly: because it uses noteProxyOpNoThrow which requires the phone process
|
||||
// having the permission, which doesn't make sense since phone process is the ower of
|
||||
// data/action.
|
||||
// Cannot perform appop check if the calling package is null
|
||||
if (callingPackage == null) {
|
||||
return false;
|
||||
@@ -413,7 +417,17 @@ public final class TelephonyPermissions {
|
||||
AppOpsManager appOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
|
||||
int opMode = appOps.noteOpNoThrow(AppOpsManager.OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER,
|
||||
callingUid, callingPackage, callingFeatureId, message);
|
||||
return opMode == AppOpsManager.MODE_ALLOWED;
|
||||
switch (opMode) {
|
||||
case AppOpsManager.MODE_ALLOWED:
|
||||
case AppOpsManager.MODE_FOREGROUND:
|
||||
return true;
|
||||
case AppOpsManager.MODE_DEFAULT:
|
||||
return context.checkCallingOrSelfPermission(
|
||||
Manifest.permission.USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER)
|
||||
== PERMISSION_GRANTED;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user