1

I am trying to understand the native Android Code Base. I would like to know the part of the code where permissions are checked. For eg if I want to send an SMS, I need the function : public void sendDataMessage (String destinationAddress, String scAddress, short destinationPort, byte[] data, PendingIntent sentIntent, PendingIntent deliveryIntent) Together with this I need to declare the permission SEND_SMS in the Android Manifest. If I dont declare the permission, I get a security Exception. But I didn't find this part in the code in the SmsManager.java. This is the function: 

public void sendDataMessage(
        String destinationAddress, String scAddress, short destinationPort,
        byte[] data, PendingIntent sentIntent, PendingIntent deliveryIntent) {
    if (TextUtils.isEmpty(destinationAddress)) {
        throw new IllegalArgumentException("Invalid destinationAddress");
    }

    if (data == null || data.length == 0) {
        throw new IllegalArgumentException("Invalid message data");
    }

    try {
        ISms iccISms = getISmsServiceOrThrow();
        iccISms.sendDataForSubscriber(getSubscriptionId(), ActivityThread.currentPackageName(),
                destinationAddress, scAddress, destinationPort & 0xFFFF,
                data, sentIntent, deliveryIntent);
    } catch (RemoteException ex) {
        // ignore it
    }
}

So where exactly are the permissions checked. I am looking for the part of the code where before sending the SMS, Android checks for the SEND_SMS permission. I was expecting a call to various permission Check functions in the PackageManager but it is not the case. I found a few similar questions here where they talk about how the packages are linked to linux users. But I would like to go through the code where it is precisely checked.

Community
  • 1
  • 1
Ankur Bhatia
  • 996
  • 3
  • 17
  • 29

1 Answers1

1

The sendTextMessage() method instantiates an ISms object. It then calls the sendText() method defined in the interface.

 ISms iccISms = ISms.Stub.asInterface(ServiceManager.getService("isms"));
         if (iccISms != null) {
             iccISms.sendText(destinationAddress, scAddress, text, sentIntent, deliveryIntent);
         }

here ISms is an interface. so the object returned by getService() method must be implementing this interface. Luckily only two classes extend this interface. The first being IccSmsInterfaceManager and the other being IccSmsInterfaceManagerProxy (I ignored this one).

The IccSmsInterfaceManager class can be found in '/frameworks/base/telephony/java/com/android/internal/telephony/IccSmsInterfaceManager.java'. The sendText() method of this class performs the permission check which is our point of interest.

 mPhone.getContext().enforceCallingPermission(
            "android.permission.SEND_SMS",
            "Sending SMS message");

this enforceCallingPermission call ultimately lands up in the PackageManager through following classes,

context-> ActivityManager -> PackageManagerService

Source:Chasing Android System Calls Down The Rabbit Hole , last accessed: jul 20, 2016

Vishal Maral
  • 1,279
  • 1
  • 10
  • 30