diff options
author | Brian Attwell <brianattwell@google.com> | 2015-05-28 18:27:44 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-05-28 18:27:44 +0000 |
commit | 494d793abeb524321fc7192ead9e4ea22eb71573 (patch) | |
tree | a90be8de2d71d9178f8a4f28c6e044b3602de6c5 | |
parent | 2adee1b3012e1a2728fd9701419cc6214dd9fbac (diff) | |
parent | c9d68371fd908b2bfb447de2487cbebb21f71ba7 (diff) | |
download | ContactsProvider-494d793abeb524321fc7192ead9e4ea22eb71573.tar.gz |
am c9d68371: am ce51d241: Merge "Stop enforcing {READ,WRITE}_PROFILE permissions" into mnc-dev
* commit 'c9d68371fd908b2bfb447de2487cbebb21f71ba7':
Stop enforcing {READ,WRITE}_PROFILE permissions
-rw-r--r-- | AndroidManifest.xml | 7 | ||||
-rw-r--r-- | src/com/android/providers/contacts/ContactsProvider2.java | 12 | ||||
-rw-r--r-- | src/com/android/providers/contacts/ProfileProvider.java | 32 |
3 files changed, 8 insertions, 43 deletions
diff --git a/AndroidManifest.xml b/AndroidManifest.xml index 694f1911..29dfdce3 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -29,6 +29,7 @@ android:label="@string/provider_label" android:multiprocess="false" android:exported="true" + android:grantUriPermissions="true" android:readPermission="android.permission.READ_CONTACTS" android:writePermission="android.permission.WRITE_CONTACTS"> <path-permission @@ -40,12 +41,6 @@ <path-permission android:pathPattern="/contacts/.*/photo" android:readPermission="android.permission.GLOBAL_SEARCH" /> - <path-permission - android:pathPrefix="/data_enterprise" - android:readPermission="android.permission.INTERACT_ACROSS_USERS" /> - <path-permission - android:pathPattern="/raw_contact_entities_corp" - android:readPermission="android.permission.INTERACT_ACROSS_USERS" /> <grant-uri-permission android:pathPattern=".*" /> </provider> diff --git a/src/com/android/providers/contacts/ContactsProvider2.java b/src/com/android/providers/contacts/ContactsProvider2.java index 08953c3d..b01315a4 100644 --- a/src/com/android/providers/contacts/ContactsProvider2.java +++ b/src/com/android/providers/contacts/ContactsProvider2.java @@ -209,6 +209,7 @@ import java.util.concurrent.CountDownLatch; public class ContactsProvider2 extends AbstractContactsProvider implements OnAccountsUpdateListener { + private static final String READ_PERMISSION = "android.permission.READ_CONTACTS"; private static final String WRITE_PERMISSION = "android.permission.WRITE_CONTACTS"; /* package */ static final String UPDATE_TIMES_CONTACTED_CONTACTS_TABLE = @@ -1544,8 +1545,6 @@ public class ContactsProvider2 extends AbstractContactsProvider mProfileProvider = newProfileProvider(); mProfileProvider.setDbHelperToSerializeOn(mContactsHelper, CONTACTS_DB_TAG, this); ProviderInfo profileInfo = new ProviderInfo(); - profileInfo.readPermission = "android.permission.READ_PROFILE"; - profileInfo.writePermission = "android.permission.WRITE_PROFILE"; profileInfo.authority = ContactsContract.AUTHORITY; mProfileProvider.attachInfo(getContext(), profileInfo); mProfileHelper = mProfileProvider.getDatabaseHelper(getContext()); @@ -2245,14 +2244,13 @@ public class ContactsProvider2 extends AbstractContactsProvider waitForAccess(mReadAccessLatch); switchToContactMode(); if (Authorization.AUTHORIZATION_METHOD.equals(method)) { - Uri uri = (Uri) extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE); + Uri uri = extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE); // Check permissions on the caller. The URI can only be pre-authorized if the caller - // already has the necessary permissions. + // already has the necessary permissions. And, we can't rely on the ContentResolver to + // enforce permissions for the ContentProvider#call() method. enforceSocialStreamReadPermission(uri); - if (mapsToProfileDb(uri)) { - mProfileProvider.enforceReadPermission(uri); - } + ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION); // If there hasn't been a security violation yet, we're clear to pre-authorize the URI. Uri authUri = preAuthorizeUri(uri); diff --git a/src/com/android/providers/contacts/ProfileProvider.java b/src/com/android/providers/contacts/ProfileProvider.java index 2e836be3..fe274a0c 100644 --- a/src/com/android/providers/contacts/ProfileProvider.java +++ b/src/com/android/providers/contacts/ProfileProvider.java @@ -35,8 +35,7 @@ import java.util.Locale; * database from the rest of contacts. */ public class ProfileProvider extends AbstractContactsProvider { - private static final String READ_PERMISSION = "android.permission.READ_PROFILE"; - private static final String WRITE_PERMISSION = "android.permission.WRITE_PROFILE"; + private static final String READ_CONTACTS_PERMISSION = "android.permission.READ_CONTACTS"; // The Contacts provider handles most of the logic - this provider is only invoked when the // URI belongs to a profile action, setting up the proper database. @@ -46,24 +45,6 @@ public class ProfileProvider extends AbstractContactsProvider { mDelegate = delegate; } - /** - * Performs a permission check on the read profile permission. Checks the delegate contacts - * provider to see whether this is an authorized one-time-use URI. - * @param uri The URI being accessed. - */ - public void enforceReadPermission(Uri uri) { - if (!mDelegate.isValidPreAuthorizedUri(uri)) { - ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION); - } - } - - /** - * Performs a permission check on the write profile permission. - */ - public void enforceWritePermission() { - ContactsPermissions.enforceCallingOrSelfPermission(getContext(), WRITE_PERMISSION); - } - @Override protected ProfileDatabaseHelper getDatabaseHelper(Context context) { return ProfileDatabaseHelper.getInstance(context); @@ -83,14 +64,12 @@ public class ProfileProvider extends AbstractContactsProvider { @Override public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder, CancellationSignal cancellationSignal) { - enforceReadPermission(uri); return mDelegate.queryLocal(uri, projection, selection, selectionArgs, sortOrder, -1, cancellationSignal); } @Override protected Uri insertInTransaction(Uri uri, ContentValues values) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.insertInTransaction(uri, values); } @@ -98,25 +77,18 @@ public class ProfileProvider extends AbstractContactsProvider { @Override protected int updateInTransaction(Uri uri, ContentValues values, String selection, String[] selectionArgs) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.updateInTransaction(uri, values, selection, selectionArgs); } @Override protected int deleteInTransaction(Uri uri, String selection, String[] selectionArgs) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.deleteInTransaction(uri, selection, selectionArgs); } @Override public AssetFileDescriptor openAssetFile(Uri uri, String mode) throws FileNotFoundException { - if (mode != null && mode.contains("w")) { - enforceWritePermission(); - } else { - enforceReadPermission(uri); - } return mDelegate.openAssetFileLocal(uri, mode); } @@ -173,6 +145,6 @@ public class ProfileProvider extends AbstractContactsProvider { private void sendProfileChangedBroadcast() { final Intent intent = new Intent(Intents.ACTION_PROFILE_CHANGED); - mDelegate.getContext().sendBroadcast(intent, READ_PERMISSION); + mDelegate.getContext().sendBroadcast(intent, READ_CONTACTS_PERMISSION); } } |