Gitiles
Code Review Sign In
review.blissroms.org / platform_prebuilts_clang_host_linux-x86_clang-r416183b1 / ed121bfd373c4301aa76d9ac48c2a4011f21b926^1..ed121bfd373c4301aa76d9ac48c2a4011f21b926 / .
commited121bfd373c4301aa76d9ac48c2a4011f21b926[log] [tgz]
authorGil Cukierman <cukie@google.com>Thu Nov 17 14:58:30 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Nov 17 14:58:30 2022 +0000
tree1bf3b9e29eafa428cb8861283bd6ca9135c730d1
parentbbe17313c24d83eb995377dd4f6039e18f9801b1 [diff]
parent6f0dfba61c9c60b3a6eac9476ba15cf862e21d1d [diff]
Merge "Carrier Priviliged Apps Can't Use Security Reasons" am: 1495e21484 am: 6f0dfba61c

Original change: https://android-review.googlesource.com/c/platform/packages/services/Telephony/+/2240588

Change-Id: I2df61e80a9b0d3177279141c5f96dc26ac3800a0
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
old mode 100755
new mode 100644
index f8897e8..7ef6aad
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java

@@ -6510,6 +6510,17 @@
             @TelephonyManager.NetworkTypeBitMask long allowedNetworkTypes) {
         TelephonyPermissions.enforceCallingOrSelfModifyPermissionOrCarrierPrivilege(
                 mApp, subId, "setAllowedNetworkTypesForReason");
+        // If the caller only has carrier privileges, then they should not be able to override
+        // any network types which were set for security reasons.
+        if (mApp.checkCallingOrSelfPermission(Manifest.permission.MODIFY_PHONE_STATE)
+                != PERMISSION_GRANTED
+                && (reason == TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_ENABLE_2G
+                || reason == TelephonyManager.ALLOWED_NETWORK_TYPES_REASON_USER_RESTRICTIONS)) {
+            throw new SecurityException(
+                    "setAllowedNetworkTypesForReason cannot be called with carrier privileges for"
+                            + " reason "
+                            + reason);
+        }
         if (!TelephonyManager.isValidAllowedNetworkTypesReason(reason)) {
             loge("setAllowedNetworkTypesForReason: Invalid allowed network type reason: " + reason);
             return false;