EuiccChannelManager: check privileges even in "unprivileged" mode

There is no true "unprivileged" mode because we need carrier privileges
either way.

app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelManager.kt

@@ -1,5 +1,6 @@
 package im.angry.openeuicc.core
 
+import android.annotation.SuppressLint
 import android.content.Context
 import android.os.Handler
 import android.os.HandlerThread
@@ -16,6 +17,7 @@ import java.lang.IllegalArgumentException
 import kotlin.coroutines.resume
 import kotlin.coroutines.suspendCoroutine
 
+@SuppressLint("MissingPermission") // We rely on ARA-based privileges, not READ_PRIVILEGED_PHONE_STATE
 open class EuiccChannelManager(protected val context: Context) {
     companion object {
         const val TAG = "EuiccChannelManager"
@@ -33,6 +35,8 @@ open class EuiccChannelManager(protected val context: Context) {
 
     private val handler = Handler(HandlerThread("BaseEuiccChannelManager").also { it.start() }.looper)
 
+    protected open fun checkPrivileges() = tm.hasCarrierPrivileges()
+
     private suspend fun connectSEService(): SEService = suspendCoroutine { cont ->
         handler.post {
             var service: SEService? = null
@@ -48,7 +52,7 @@ open class EuiccChannelManager(protected val context: Context) {
          }
     }
 
-    open fun tryOpenEuiccChannelPrivileged(uiccInfo: UiccCardInfo, channelInfo: EuiccChannelInfo): EuiccChannel? {
+    protected open fun tryOpenEuiccChannelPrivileged(uiccInfo: UiccCardInfo, channelInfo: EuiccChannelInfo): EuiccChannel? {
         // No-op when unprivileged
         return null
     }
@@ -99,12 +103,15 @@ open class EuiccChannelManager(protected val context: Context) {
     }
 
     fun findEuiccChannelBySlotBlocking(slotId: Int): EuiccChannel? = runBlocking {
+        if (!checkPrivileges()) return@runBlocking null
         withContext(Dispatchers.IO) {
             findEuiccChannelBySlot(slotId)
         }
     }
 
     suspend fun enumerateEuiccChannels() {
+        if (!checkPrivileges()) return
+
         withContext(Dispatchers.IO) {
             ensureSEService()
 
@@ -120,6 +127,8 @@ open class EuiccChannelManager(protected val context: Context) {
         get() = channels.toList()
 
     fun invalidate() {
+        if (!checkPrivileges()) return
+
         for (channel in channels) {
             channel.close()
         }

app-common/src/main/res/values/strings.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <resources>
-    <string name="no_euicc">No eUICC card on this device is accessible by this app.\nYou may want to try out the privileged OpenEUICC app instead.</string>
+    <string name="no_euicc">No eUICC card on this device is accessible by this app.\nInsert a supported eUICC card, or try out the privileged OpenEUICC app instead.</string>
 
     <string name="enabled">Enabled</string>
     <string name="disabled">Disabled</string>

app/build.gradle

@@ -16,7 +16,7 @@ android {
     defaultConfig {
         applicationId "im.angry.openeuicc"
         minSdk 30
-        targetSdk 31
+        targetSdk 34
         versionCode getGitVersionCode()
         versionName getGitVersionName()
 

app/src/main/java/im/angry/openeuicc/core/PrivilegedEuiccChannelManager.kt

@@ -9,6 +9,8 @@ import java.lang.Exception
 import java.lang.IllegalArgumentException
 
 class PrivilegedEuiccChannelManager(context: Context): EuiccChannelManager(context) {
+    override fun checkPrivileges() = true // TODO: Implement proper system app check
+
     override fun tryOpenEuiccChannelPrivileged(uiccInfo: UiccCardInfo, channelInfo: EuiccChannelInfo): EuiccChannel? {
         if (uiccInfo.isEuicc && !uiccInfo.isRemovable) {
             Log.d(TAG, "Using TelephonyManager for slot ${uiccInfo.slotIndex}")