diff options
author | Jae Seo <jaeseo@google.com> | 2015-06-23 12:56:08 -0700 |
---|---|---|
committer | Jae Seo <jaeseo@google.com> | 2015-06-23 13:17:01 -0700 |
commit | b58138a677e9b08f22339c29743da41c999c25f5 (patch) | |
tree | 86b152bb8121d88c9ecefc45d642631eefe902d5 | |
parent | 2ff926c4c6a7d848467781f0080ec43ba9adffb7 (diff) | |
download | TvProvider-b58138a677e9b08f22339c29743da41c999c25f5.tar.gz |
Consolidate permission checking
Moved the permission check from needsToLimitPackage() to
createSqlParams() and removed needsToLimitPackage().
Change-Id: Ie046eae7ce10252cfd0a3971e8512fc0ce2c4827
-rw-r--r-- | src/com/android/providers/tv/TvProvider.java | 25 |
1 files changed, 8 insertions, 17 deletions
diff --git a/src/com/android/providers/tv/TvProvider.java b/src/com/android/providers/tv/TvProvider.java index 49f782a..734fb93 100644 --- a/src/com/android/providers/tv/TvProvider.java +++ b/src/com/android/providers/tv/TvProvider.java @@ -516,7 +516,7 @@ public class TvProvider extends ContentProvider { @Override public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) { - boolean needsToValidateSortOrder = needsToLimitPackage(uri); + boolean needsToValidateSortOrder = !callerHasAccessAllEpgDataPermission(); SqlParams params = createSqlParams(OP_QUERY, uri, selection, selectionArgs); SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder(); @@ -695,7 +695,7 @@ public class TvProvider extends ContentProvider { private SqlParams createSqlParams(String operation, Uri uri, String selection, String[] selectionArgs) { SqlParams params = new SqlParams(null, selection, selectionArgs); - if (needsToLimitPackage(uri)) { + if (!callerHasAccessAllEpgDataPermission()) { if (!TextUtils.isEmpty(selection)) { throw new SecurityException("Selection not allowed for " + uri); } @@ -764,10 +764,16 @@ public class TvProvider extends ContentProvider { params.appendWhere(Programs._ID + "=?", uri.getLastPathSegment()); break; case MATCH_WATCHED_PROGRAM: + if (!callerHasAccessWatchedProgramsPermission()) { + throw new SecurityException("Access not allowed for " + uri); + } params.setTables(WATCHED_PROGRAMS_TABLE); params.appendWhere(WATCHED_PROGRAMS_COLUMN_CONSOLIDATED + "=?", "1"); break; case MATCH_WATCHED_PROGRAM_ID: + if (!callerHasAccessWatchedProgramsPermission()) { + throw new SecurityException("Access not allowed for " + uri); + } params.setTables(WATCHED_PROGRAMS_TABLE); params.appendWhere(WatchedPrograms._ID + "=?", uri.getLastPathSegment()); params.appendWhere(WATCHED_PROGRAMS_COLUMN_CONSOLIDATED + "=?", "1"); @@ -891,21 +897,6 @@ public class TvProvider extends ContentProvider { } } - // When an application tries to create/read/update/delete channel or program data, we need to - // ensure that such an access is limited to the data entries it owns, unless it has the full - // access permission. - // Note that the user's watch log is treated with more caution and we should block any access - // from an application that doesn't have the proper permission. - private boolean needsToLimitPackage(Uri uri) { - int match = sUriMatcher.match(uri); - if (match == MATCH_WATCHED_PROGRAM || match == MATCH_WATCHED_PROGRAM_ID) { - if (!callerHasAccessWatchedProgramsPermission()) { - throw new SecurityException("Access not allowed for " + uri); - } - } - return !callerHasAccessAllEpgDataPermission(); - } - private boolean callerHasReadTvListingsPermission() { return getContext().checkCallingOrSelfPermission(PERMISSION_READ_TV_LISTINGS) == PackageManager.PERMISSION_GRANTED; |