diff options
author | Abhijith Shastry <ashastry@google.com> | 2016-02-16 17:46:00 -0800 |
---|---|---|
committer | Abhijith Shastry <ashastry@google.com> | 2016-02-18 11:01:43 -0800 |
commit | 8f2944bd39ce4eccb98f245bbe114e042debdb62 (patch) | |
tree | 0a87d68721c58b477375ded7e90994d2a1b586b2 /src | |
parent | 475ff5f05746b8a904bbd16bc72b00dc41a722d1 (diff) | |
download | BlockedNumberProvider-8f2944bd39ce4eccb98f245bbe114e042debdb62.tar.gz |
Update BlockedNumberProvider permission checks as documented in the contract.
BUG: 26232372
Change-Id: I40ccdff1f3820c080d3a6361f17fe6cb6506aa37
Diffstat (limited to 'src')
-rw-r--r-- | src/com/android/providers/blockednumber/BlockedNumberProvider.java | 64 |
1 files changed, 31 insertions, 33 deletions
diff --git a/src/com/android/providers/blockednumber/BlockedNumberProvider.java b/src/com/android/providers/blockednumber/BlockedNumberProvider.java index 2774aa6..257756c 100644 --- a/src/com/android/providers/blockednumber/BlockedNumberProvider.java +++ b/src/com/android/providers/blockednumber/BlockedNumberProvider.java @@ -22,7 +22,6 @@ import android.content.ContentProvider; import android.content.ContentUris; import android.content.ContentValues; import android.content.UriMatcher; -import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.database.Cursor; import android.database.sqlite.SQLiteDatabase; @@ -32,10 +31,10 @@ import android.os.Binder; import android.os.Bundle; import android.os.CancellationSignal; import android.os.Process; -import android.os.UserHandle; import android.os.UserManager; import android.provider.BlockedNumberContract; import android.telecom.TelecomManager; +import android.telephony.TelephonyManager; import android.text.TextUtils; import android.util.Log; @@ -150,6 +149,8 @@ public class BlockedNumberProvider extends ContentProvider { @Override public int update(@NonNull Uri uri, @Nullable ContentValues values, @Nullable String selection, @Nullable String[] selectionArgs) { + enforceWritePermission(); + throw new UnsupportedOperationException( "Update is not supported. Use delete + insert instead"); } @@ -331,59 +332,56 @@ public class BlockedNumberProvider extends ContentProvider { } /** - * Throws {@link SecurityException} when the caller is not root, system, the system dialer, - * the user selected dialer, or the default SMS app. + * Returns {@code false} when the caller is not root, the user selected dialer, the + * default SMS app or a carrier app. */ - private void enforceReadPermission() { + private boolean checkForPrivilegedApplications() { if (!canCurrentUserBlockUsers()) { throw new UnsupportedOperationException(); } - final int callingUid = Binder.getCallingUid(); - - // System and root can always call it. (and myself) - if (UserHandle.isSameApp(callingUid, android.os.Process.SYSTEM_UID) - || (callingUid == Process.ROOT_UID) - || (callingUid == Process.myUid())) { - return; + if (Binder.getCallingUid() == Process.ROOT_UID) { + return true; } final String callingPackage = getCallingPackage(); if (TextUtils.isEmpty(callingPackage)) { Log.w(TAG, "callingPackage not accessible"); } else { - final TelecomManager telecom = getContext().getSystemService(TelecomManager.class); if (callingPackage.equals(telecom.getDefaultDialerPackage()) - || callingPackage.equals(telecom.getSystemDialerPackage())) { - return; + || callingPackage.equals(telecom.getSystemDialerPackage())) { + return true; } - - // Allow the default SMS app and the dialer app to access it. final AppOpsManager appOps = getContext().getSystemService(AppOpsManager.class); - if (appOps.noteOp(AppOpsManager.OP_WRITE_SMS, Binder.getCallingUid(), callingPackage) == AppOpsManager.MODE_ALLOWED) { - return; + return true; } - // TODO: Add an explicit permission instead. - try { - ApplicationInfo applicationInfo = getContext(). - getPackageManager().getPackageInfo(callingPackage, 0).applicationInfo; - if (applicationInfo.isPrivilegedApp() || applicationInfo.isSystemApp()) { - return; - } - } catch (PackageManager.NameNotFoundException e) { - Log.w(TAG, "package not found: " + e); - } + final TelephonyManager telephonyManager = + getContext().getSystemService(TelephonyManager.class); + return telephonyManager.checkCarrierPrivilegesForPackage(callingPackage) == + TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS; } - throw new SecurityException("Caller must be system, default dialer or default SMS app"); + return false; } - public void enforceWritePermission() { - // Same check as read. - enforceReadPermission(); + private void enforceReadPermission() { + checkForPermission(android.Manifest.permission.READ_BLOCKED_NUMBERS); + } + + private void enforceWritePermission() { + checkForPermission(android.Manifest.permission.WRITE_BLOCKED_NUMBERS); + } + + private void checkForPermission(String permission) { + boolean permitted = getContext().checkCallingPermission(permission) + == PackageManager.PERMISSION_GRANTED + || checkForPrivilegedApplications(); + if (!permitted) { + throw new SecurityException("Caller must be system, default dialer or default SMS app"); + } } } |