Merge "Add OrSelf to privileged permission check." into mnc-dev

author: Amit Mahajan <amitmahajan@google.com> 2015-07-30 23:54:06 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-07-30 23:54:06 +0000
commit: 53c750142332cb33e604266b7c6d09191c32691c (patch)
tree: 4b994a64aefc413fdb31ef6c105d6de270bcf50e
parent: 00f7cb924e6964c5403c55ae5e7348aad1c8ec7b (diff)
parent: a9e72a7653d25ae1974dac3f1156d126c807e40c (diff)
download: frameworks_base-53c750142332cb33e604266b7c6d09191c32691c.zip
frameworks_base-53c750142332cb33e604266b7c6d09191c32691c.tar.gz
frameworks_base-53c750142332cb33e604266b7c6d09191c32691c.tar.bz2
2 files changed, 13 insertions, 10 deletions
diff --git a/services/core/java/com/android/server/TelephonyRegistry.java b/services/core/java/com/android/server/TelephonyRegistry.java
index a06bb30..19a4851 100644
--- a/services/core/java/com/android/server/TelephonyRegistry.java
+++ b/services/core/java/com/android/server/TelephonyRegistry.java
@@ -362,10 +362,10 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub {
         }
 
         try {
-            mContext.enforceCallingPermission(
+            mContext.enforceCallingOrSelfPermission(
                     android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE,
                     "addOnSubscriptionsChangedListener");
-            // SKIP checking for run-time permission since obtained PRIVILEGED
+            // SKIP checking for run-time permission since caller or self has PRIVILEGED permission
         } catch (SecurityException e) {
             mContext.enforceCallingOrSelfPermission(
                     android.Manifest.permission.READ_PHONE_STATE,
@@ -481,9 +481,10 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub {
 
             if ((events & ENFORCE_PHONE_STATE_PERMISSION_MASK) != 0) {
                 try {
-                    mContext.enforceCallingPermission(
+                    mContext.enforceCallingOrSelfPermission(
                             android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, null);
-                    // SKIP checking for run-time permission since obtained PRIVILEGED
+                    // SKIP checking for run-time permission since caller or self has PRIVILEGED
+                    // permission
                 } catch (SecurityException e) {
                     if (mAppOps.noteOp(AppOpsManager.OP_READ_PHONE_STATE, Binder.getCallingUid(),
                             callingPackage) != AppOpsManager.MODE_ALLOWED) {
@@ -661,10 +662,10 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub {
     }
 
     private boolean canReadPhoneState(String callingPackage) {
-        if (mContext.checkCallingPermission(
+        if (mContext.checkCallingOrSelfPermission(
                 android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE) ==
                 PackageManager.PERMISSION_GRANTED) {
-            // SKIP checking for run-time permission since obtained PRIVILEGED
+            // SKIP checking for run-time permission since caller or self has PRIVILEGED permission
             return true;
         }
         boolean canReadPhoneState = mContext.checkCallingOrSelfPermission(
@@ -1589,9 +1590,10 @@ class TelephonyRegistry extends ITelephonyRegistry.Stub {
 
         if ((events & ENFORCE_PHONE_STATE_PERMISSION_MASK) != 0) {
             try {
-                mContext.enforceCallingPermission(
+                mContext.enforceCallingOrSelfPermission(
                         android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE, null);
-                // SKIP checking for run-time permission since obtained PRIVILEGED
+                // SKIP checking for run-time permission since caller or self has PRIVILEGED
+                // permission
             } catch (SecurityException e) {
                 mContext.enforceCallingOrSelfPermission(
                         android.Manifest.permission.READ_PHONE_STATE, null);
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index cd982d3..46bda8c 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -1668,8 +1668,9 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
     public NetworkPolicy[] getNetworkPolicies(String callingPackage) {
         mContext.enforceCallingOrSelfPermission(MANAGE_NETWORK_POLICY, TAG);
         try {
-            mContext.enforceCallingPermission(READ_PRIVILEGED_PHONE_STATE, TAG);
-            // SKIP checking run-time OP_READ_PHONE_STATE since using PRIVILEGED
+            mContext.enforceCallingOrSelfPermission(READ_PRIVILEGED_PHONE_STATE, TAG);
+            // SKIP checking run-time OP_READ_PHONE_STATE since caller or self has PRIVILEGED
+            // permission
         } catch (SecurityException e) {
             mContext.enforceCallingOrSelfPermission(READ_PHONE_STATE, TAG);
author	Amit Mahajan <amitmahajan@google.com>	2015-07-30 23:54:06 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-07-30 23:54:06 +0000
commit	53c750142332cb33e604266b7c6d09191c32691c (patch)
tree	4b994a64aefc413fdb31ef6c105d6de270bcf50e
parent	00f7cb924e6964c5403c55ae5e7348aad1c8ec7b (diff)
parent	a9e72a7653d25ae1974dac3f1156d126c807e40c (diff)
download	frameworks_base-53c750142332cb33e604266b7c6d09191c32691c.zip frameworks_base-53c750142332cb33e604266b7c6d09191c32691c.tar.gz frameworks_base-53c750142332cb33e604266b7c6d09191c32691c.tar.bz2