In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1585.0, "function_hash": "98090093838874514743959095491257221978" }, "id": "ASB-A-189942529-61c33028", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java", "function": "onSetRuntimePermissionGrantStateByDeviceAdmin" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "244124307621395840514765948470814952109", "310538224167713455386875567898081692552", "85252730122784721239844221863843019970", "107813305455604471280726669704090380455", "28599776163267292011415944473705434877", "320559855082176353699487686772582864106", "313480284749953354070015147992117835600", "331320170299235338814276666772020326721", "69912247037910831691219059131960565762", "23950943548455525979724196928714964467", "181998409392176968384423922626698836926", "23424602319855905655783500197259227476", "175874183598896577851538410713530722375", "219902066758842369237103045658295952295", "159330725279913717373006103946837723832", "182548609187235165250868451508823467315", "232743074267986976845257773198575963758", "229646476515659504538081273937261467369", "17521530349187032722906553952958423170", "224394777539580883457658130491531793465", "23726345567086548616993380325534698714", "160879300934593729294865942557898940660", "91480412336157135014381303815890306871", "312846803733331298644414920157663069589", "256526236646781336976730747098199776972", "219902066758842369237103045658295952295", "159330725279913717373006103946837723832", "182548609187235165250868451508823467315" ] }, "id": "ASB-A-189942529-ae8154ca", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java" }, "signature_type": "Line" }, { "digest": { "length": 199.0, "function_hash": "171950238600846397207612931395752259196" }, "id": "ASB-A-189942529-b15beaf2", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java", "function": "mayAdminGrantPermission" }, "signature_type": "Function" }, { "digest": { "length": 153.0, "function_hash": "173595976166783624265209894879777934859" }, "id": "ASB-A-189942529-b349021c", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java", "function": "isPermissionRestrictedForAdmin" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "275077835771183303159974559785422247595", "261743703359616352197174920680081785052", "1634319847002174464404947494744909120", "131397531329404237658480183530454569429", "120638317716634515427798622691488875464", "295354374260402683756863687014259041051", "23192077907588890582162805630040384255", "190844211644446582271137667034745431153", "228153805065548331655547776652880914530", "135085326122109860790167210727523475167", "36322773630255531718576686301716289585" ] }, "id": "ASB-A-189942529-c2279e66", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java" }, "signature_type": "Line" }, { "digest": { "length": 344.0, "function_hash": "176928641914812896216984319922632258409" }, "id": "ASB-A-189942529-e4ca6208", "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d", "deprecated": false, "signature_version": "v1", "target": { "file": "PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java", "function": "mayAdminGrantPermission" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }