Require caller be default dialer for call composer location

Remove the requirement for ACCESS_FINE_LOCATION for the CallComposerLocationProvider table and instead require that the caller be the default dialer on the device instead. Fixes: 179939801 Test: atest CallLogTest Change-Id: Iabe3c8f2682845da6756cf82ad70856faa5d58f9
author: Hall Liu <hallliu@google.com> 2021-02-10 17:22:59 -0800
committer: Hall Liu <hallliu@google.com> 2021-02-10 17:24:38 -0800
commit: 174482f1efd5e2cd450426874d113aa9709b8f8e (patch)
tree: 6af6bee794839f30a7b891bc0c48ecd466824ea0 /src
parent: cf6dc1b1e0a17e59dd0d0db515c96fed262aadb9 (diff)
download: ContactsProvider-174482f1efd5e2cd450426874d113aa9709b8f8e.tar.gz
1 files changed, 31 insertions, 8 deletions
diff --git a/src/com/android/providers/contacts/CallComposerLocationProvider.java b/src/com/android/providers/contacts/CallComposerLocationProvider.java
index 7a963cf0..568a1899 100644
--- a/src/com/android/providers/contacts/CallComposerLocationProvider.java
+++ b/src/com/android/providers/contacts/CallComposerLocationProvider.java
@@ -31,12 +31,18 @@ import android.database.sqlite.SQLiteDatabase;
 import android.database.sqlite.SQLiteOpenHelper;
 import android.database.sqlite.SQLiteQueryBuilder;
 import android.net.Uri;
+import android.os.Binder;
+import android.os.Process;
 import android.provider.CallLog;
+import android.telecom.TelecomManager;
+import android.text.TextUtils;
 import android.util.Log;
 
 
 import com.android.providers.contacts.util.SelectionBuilder;
 
+import java.util.Objects;
+
 public class CallComposerLocationProvider extends ContentProvider {
     private static final String TAG = CallComposerLocationProvider.class.getSimpleName();
     private static final String DB_NAME = "call_composer_locations.db";
@@ -85,8 +91,7 @@ public class CallComposerLocationProvider extends ContentProvider {
     @Override
     public Cursor query(@NonNull Uri uri, @Nullable String[] projection, @Nullable String selection,
             @Nullable String[] selectionArgs, @Nullable String sortOrder) {
-        getContext().enforceCallingPermission(Manifest.permission.ACCESS_FINE_LOCATION,
-                "Must have ACCESS_FINE_PERMISSION to access call composer locations.");
+        enforceAccessRestrictions();
         final SQLiteQueryBuilder qb = new SQLiteQueryBuilder();
         qb.setTables(TABLE_NAME);
         qb.setStrict(true);
@@ -126,8 +131,7 @@ public class CallComposerLocationProvider extends ContentProvider {
     @Nullable
     @Override
     public Uri insert(@NonNull Uri uri, @Nullable ContentValues values) {
-        getContext().enforceCallingPermission(Manifest.permission.ACCESS_FINE_LOCATION,
-                "Must have ACCESS_FINE_PERMISSION to access call composer locations.");
+        enforceAccessRestrictions();
         long id = mOpenHelper.getWritableDatabase().insert(TABLE_NAME, null, values);
         return ContentUris.withAppendedId(CallLog.Locations.CONTENT_URI, id);
     }
@@ -135,8 +139,7 @@ public class CallComposerLocationProvider extends ContentProvider {
     @Override
     public int delete(@NonNull Uri uri, @Nullable String selection,
             @Nullable String[] selectionArgs) {
-        getContext().enforceCallingPermission(Manifest.permission.ACCESS_FINE_LOCATION,
-                "Must have ACCESS_FINE_PERMISSION to access call composer locations.");
+        enforceAccessRestrictions();
         final int match = sURIMatcher.match(uri);
         switch (match) {
             case LOCATION_ID:
@@ -155,8 +158,7 @@ public class CallComposerLocationProvider extends ContentProvider {
     @Override
     public int update(@NonNull Uri uri, @Nullable ContentValues values, @Nullable String selection,
             @Nullable String[] selectionArgs) {
-        getContext().enforceCallingPermission(Manifest.permission.ACCESS_FINE_LOCATION,
-                "Must have ACCESS_FINE_PERMISSION to access call composer locations.");
+        enforceAccessRestrictions();
         throw new UnsupportedOperationException(
                 "Call composer location db does not support updates");
     }
@@ -168,4 +170,25 @@ public class CallComposerLocationProvider extends ContentProvider {
             throw new IllegalArgumentException("Invalid location id in uri: " + uri, e);
         }
     }
+
+    private void enforceAccessRestrictions() {
+        int uid = Binder.getCallingUid();
+        if (uid == Process.SYSTEM_UID || uid == Process.myUid() || uid == Process.PHONE_UID) {
+            return;
+        }
+        String defaultDialerPackageName = getContext().getSystemService(TelecomManager.class)
+                .getDefaultDialerPackage();
+        if (TextUtils.isEmpty(defaultDialerPackageName)) {
+            throw new SecurityException("Access to call composer locations is only allowed for the"
+                    + " default dialer, but the default dialer is unset");
+        }
+        String[] callingPackageCandidates = getContext().getPackageManager().getPackagesForUid(uid);
+        for (String packageCandidate : callingPackageCandidates) {
+            if (Objects.equals(packageCandidate, defaultDialerPackageName)) {
+                return;
+            }
+        }
+        throw new SecurityException("Access to call composer locations is only allowed for the "
+                + "default dialer: " + defaultDialerPackageName);
+    }
 }
author	Hall Liu <hallliu@google.com>	2021-02-10 17:22:59 -0800
committer	Hall Liu <hallliu@google.com>	2021-02-10 17:24:38 -0800
commit	174482f1efd5e2cd450426874d113aa9709b8f8e (patch)
tree	6af6bee794839f30a7b891bc0c48ecd466824ea0 /src
parent	cf6dc1b1e0a17e59dd0d0db515c96fed262aadb9 (diff)
download	ContactsProvider-174482f1efd5e2cd450426874d113aa9709b8f8e.tar.gz