From 999901aaf1565c43147d1e40ad8f8d8f22b4997b Mon Sep 17 00:00:00 2001 From: Michael Groover Date: Sun, 19 Apr 2020 18:15:23 -0700 Subject: [PATCH] Revert READ_PHONE_STATE from an install to runtime permission After all of the sensitive APIs were moved out of READ_PHONE_STATE for apps targeting R+ READ_PHONE_STATE was downgraded to an install permission. However this granted apps targeting pre-R access to the device phone number without user consent. This commit reverts READ_PHONE_STATE to a runtime permission which will require apps targeting pre-R to still obtain user consent to access the device phone number while still preventing access to the phone group and the other sensitive APIs exposed there. Bug: 154368168 Test: Manually installed app requesting READ_PHONE_STATE and invoking getLine1Number; verified without permission granted the method threw a SecurityException. Change-Id: I410aa9f287f8fa2b076910e531d833bd87923ccb --- core/res/AndroidManifest.xml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 451363f6bd3d5..ebab6b0358e6c 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1109,12 +1109,13 @@ grants your app this permission. If you don't need this permission, be sure your {@code targetSdkVersion} is 4 or higher. -

Protection level: normal +

Protection level: dangerous --> + android:protectionLevel="dangerous" />