Gitiles
Code Review Sign In
review.blissroms.org / platform_prebuilts_clang_host_linux-x86_clang-r416183b1 / 6f0dfba61c9c60b3a6eac9476ba15cf862e21d1d^1..6f0dfba61c9c60b3a6eac9476ba15cf862e21d1d / .
commit6f0dfba61c9c60b3a6eac9476ba15cf862e21d1d[log] [tgz]
authorGil Cukierman <cukie@google.com>Thu Nov 17 14:32:12 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Nov 17 14:32:12 2022 +0000
tree0c6b9c2153f7db00d7783dc6fae8417469a2e72f
parenteb068a7bac036fc74d0d00713e2235ee652170b8 [diff]
parent1495e214841d0bfb9c1ae9673cb539c1e084d415 [diff]
Merge "Carrier Priviliged Apps Can't Use Security Reasons" am: 1495e21484

Original change: https://android-review.googlesource.com/c/platform/packages/services/Telephony/+/2240588

Change-Id: Icf06ad82feabb871beee9fa62360ad686f75e024
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
old mode 100755
new mode 100644
index b8909ef..5e9c1fd
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java

@@ -6503,6 +6503,17 @@
             @TelephonyManager.NetworkTypeBitMask long allowedNetworkTypes) {
         TelephonyPermissions.enforceCallingOrSelfModifyPermissionOrCarrierPrivilege(
                 mApp, subId, "setAllowedNetworkTypesForReason");
+        // If the caller only has carrier privileges, then they should not be able to override
+        // any network types which were set for security reasons.
+        if (mApp.checkCallingOrSelfPermission(Manifest.permission.MODIFY_PHONE_STATE)
+                != PERMISSION_GRANTED
+                && (reason == TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_ENABLE_2G
+                || reason == TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_USER_RESTRICTIONS)) {
+            throw new SecurityException(
+                    "setAllowedNetworkTypesForReason cannot be called with carrier privileges for"
+                            + " reason "
+                            + reason);
+        }
         if (!TelephonyManager.isValidAllowedNetworkTypesReason(reason)) {
             loge("setAllowedNetworkTypesForReason: Invalid allowed network type reason: " + reason);
             return false;