summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDave Santoro <dsantoro@google.com>2011-10-03 18:25:26 -0700
committerDave Santoro <dsantoro@google.com>2011-10-04 15:09:54 -0700
commit7d535138c15b3e9f90432fb942f9027fa334b681 (patch)
tree902ac46cfd7dd3073f72f834c4ec6559a88f1c50
parent121e805af449ccee802ae0001f4d8eaf531e6b2d (diff)
downloadframeworks_base-7d535138c15b3e9f90432fb942f9027fa334b681.zip
frameworks_base-7d535138c15b3e9f90432fb942f9027fa334b681.tar.gz
frameworks_base-7d535138c15b3e9f90432fb942f9027fa334b681.tar.bz2
DO NOT MERGE New permissions for social stream.
These permissions are needed to separate the (potentially invasive) access to the user's social stream from the existing read/write contacts permission. Per discussion with Android release team, we are also hiding the stream item API until we figure out a better way to guard the data. Bug 5406886 Change-Id: I8339d743c3ebe8923c7ee47f2900444efcf82a52
Diffstat
-rw-r--r--api/14.txt58
-rw-r--r--api/current.txt58
-rw-r--r--core/java/android/provider/ContactsContract.java37
-rw-r--r--core/res/AndroidManifest.xml17
-rwxr-xr-xcore/res/res/values/strings.xml12
5 files changed, 66 insertions, 116 deletions
diff --git a/api/14.txt b/api/14.txt
index 9f2a6df..e26311f 100644
--- a/api/14.txt
+++ b/api/14.txt
@@ -16583,10 +16583,6 @@ package android.provider {
field public static final java.lang.String PHOTO_FILE_ID = "data14";
}
- public static final class ContactsContract.Contacts.StreamItems implements android.provider.ContactsContract.StreamItemsColumns {
- field public static final java.lang.String CONTENT_DIRECTORY = "stream_items";
- }
-
protected static abstract interface ContactsContract.ContactsColumns {
field public static final java.lang.String DISPLAY_NAME = "display_name";
field public static final java.lang.String HAS_PHONE_NUMBER = "has_phone_number";
@@ -16844,10 +16840,6 @@ package android.provider {
field public static final java.lang.String DATA_ID = "data_id";
}
- public static final class ContactsContract.RawContacts.StreamItems implements android.provider.BaseColumns android.provider.ContactsContract.StreamItemsColumns {
- field public static final java.lang.String CONTENT_DIRECTORY = "stream_items";
- }
-
protected static abstract interface ContactsContract.RawContactsColumns {
field public static final java.lang.String AGGREGATION_MODE = "aggregation_mode";
field public static final java.lang.String CONTACT_ID = "contact_id";
@@ -16911,56 +16903,6 @@ package android.provider {
field public static final android.net.Uri PROFILE_CONTENT_URI;
}
- public static final class ContactsContract.StreamItemPhotos implements android.provider.BaseColumns android.provider.ContactsContract.StreamItemPhotosColumns {
- field public static final java.lang.String PHOTO = "photo";
- }
-
- protected static abstract interface ContactsContract.StreamItemPhotosColumns {
- field public static final java.lang.String PHOTO_FILE_ID = "photo_file_id";
- field public static final java.lang.String PHOTO_URI = "photo_uri";
- field public static final java.lang.String SORT_INDEX = "sort_index";
- field public static final java.lang.String STREAM_ITEM_ID = "stream_item_id";
- field public static final java.lang.String SYNC1 = "stream_item_photo_sync1";
- field public static final java.lang.String SYNC2 = "stream_item_photo_sync2";
- field public static final java.lang.String SYNC3 = "stream_item_photo_sync3";
- field public static final java.lang.String SYNC4 = "stream_item_photo_sync4";
- }
-
- public static final class ContactsContract.StreamItems implements android.provider.BaseColumns android.provider.ContactsContract.StreamItemsColumns {
- field public static final java.lang.String CONTENT_ITEM_TYPE = "vnd.android.cursor.item/stream_item";
- field public static final android.net.Uri CONTENT_LIMIT_URI;
- field public static final android.net.Uri CONTENT_PHOTO_URI;
- field public static final java.lang.String CONTENT_TYPE = "vnd.android.cursor.dir/stream_item";
- field public static final android.net.Uri CONTENT_URI;
- field public static final java.lang.String MAX_ITEMS = "max_items";
- }
-
- public static final class ContactsContract.StreamItems.StreamItemPhotos implements android.provider.BaseColumns android.provider.ContactsContract.StreamItemPhotosColumns {
- field public static final java.lang.String CONTENT_DIRECTORY = "photo";
- field public static final java.lang.String CONTENT_ITEM_TYPE = "vnd.android.cursor.item/stream_item_photo";
- field public static final java.lang.String CONTENT_TYPE = "vnd.android.cursor.dir/stream_item_photo";
- }
-
- protected static abstract interface ContactsContract.StreamItemsColumns {
- field public static final java.lang.String ACCOUNT_NAME = "account_name";
- field public static final java.lang.String ACCOUNT_TYPE = "account_type";
- field public static final java.lang.String COMMENTS = "comments";
- field public static final java.lang.String CONTACT_ID = "contact_id";
- field public static final java.lang.String CONTACT_LOOKUP_KEY = "contact_lookup";
- field public static final java.lang.String DATA_SET = "data_set";
- field public static final java.lang.String RAW_CONTACT_ID = "raw_contact_id";
- field public static final java.lang.String RAW_CONTACT_SOURCE_ID = "raw_contact_source_id";
- field public static final java.lang.String RES_ICON = "icon";
- field public static final java.lang.String RES_LABEL = "label";
- field public static final java.lang.String RES_PACKAGE = "res_package";
- field public static final java.lang.String SYNC1 = "stream_item_sync1";
- field public static final java.lang.String SYNC2 = "stream_item_sync2";
- field public static final java.lang.String SYNC3 = "stream_item_sync3";
- field public static final java.lang.String SYNC4 = "stream_item_sync4";
- field public static final java.lang.String TEXT = "text";
- field public static final java.lang.String TIMESTAMP = "timestamp";
- }
-
protected static abstract interface ContactsContract.SyncColumns implements android.provider.ContactsContract.BaseSyncColumns {
field public static final java.lang.String ACCOUNT_NAME = "account_name";
field public static final java.lang.String ACCOUNT_TYPE = "account_type";
diff --git a/api/current.txt b/api/current.txt
index 9f2a6df..e26311f 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -16583,10 +16583,6 @@ package android.provider {
field public static final java.lang.String PHOTO_FILE_ID = "data14";
}
- public static final class ContactsContract.Contacts.StreamItems implements android.provider.ContactsContract.StreamItemsColumns {
- field public static final java.lang.String CONTENT_DIRECTORY = "stream_items";
- }
-
protected static abstract interface ContactsContract.ContactsColumns {
field public static final java.lang.String DISPLAY_NAME = "display_name";
field public static final java.lang.String HAS_PHONE_NUMBER = "has_phone_number";
@@ -16844,10 +16840,6 @@ package android.provider {
field public static final java.lang.String DATA_ID = "data_id";
}
- public static final class ContactsContract.RawContacts.StreamItems implements android.provider.BaseColumns android.provider.ContactsContract.StreamItemsColumns {
- field public static final java.lang.String CONTENT_DIRECTORY = "stream_items";
- }
-
protected static abstract interface ContactsContract.RawContactsColumns {
field public static final java.lang.String AGGREGATION_MODE = "aggregation_mode";
field public static final java.lang.String CONTACT_ID = "contact_id";
@@ -16911,56 +16903,6 @@ package android.provider {
field public static final android.net.Uri PROFILE_CONTENT_URI;
}
- public static final class ContactsContract.StreamItemPhotos implements android.provider.BaseColumns android.provider.ContactsContract.StreamItemPhotosColumns {
- field public static final java.lang.String PHOTO = "photo";
- }
-
- protected static abstract interface ContactsContract.StreamItemPhotosColumns {
- field public static final java.lang.String PHOTO_FILE_ID = "photo_file_id";
- field public static final java.lang.String PHOTO_URI = "photo_uri";
- field public static final java.lang.String SORT_INDEX = "sort_index";
- field public static final java.lang.String STREAM_ITEM_ID = "stream_item_id";
- field public static final java.lang.String SYNC1 = "stream_item_photo_sync1";
- field public static final java.lang.String SYNC2 = "stream_item_photo_sync2";
- field public static final java.lang.String SYNC3 = "stream_item_photo_sync3";
- field public static final java.lang.String SYNC4 = "stream_item_photo_sync4";
- }
-
- public static final class ContactsContract.StreamItems implements android.provider.BaseColumns android.provider.ContactsContract.StreamItemsColumns {
- field public static final java.lang.String CONTENT_ITEM_TYPE = "vnd.android.cursor.item/stream_item";
- field public static final android.net.Uri CONTENT_LIMIT_URI;
- field public static final android.net.Uri CONTENT_PHOTO_URI;
- field public static final java.lang.String CONTENT_TYPE = "vnd.android.cursor.dir/stream_item";
- field public static final android.net.Uri CONTENT_URI;
- field public static final java.lang.String MAX_ITEMS = "max_items";
- }
-
- public static final class ContactsContract.StreamItems.StreamItemPhotos implements android.provider.BaseColumns android.provider.ContactsContract.StreamItemPhotosColumns {
- field public static final java.lang.String CONTENT_DIRECTORY = "photo";
- field public static final java.lang.String CONTENT_ITEM_TYPE = "vnd.android.cursor.item/stream_item_photo";
- field public static final java.lang.String CONTENT_TYPE = "vnd.android.cursor.dir/stream_item_photo";
- }
-
- protected static abstract interface ContactsContract.StreamItemsColumns {
- field public static final java.lang.String ACCOUNT_NAME = "account_name";
- field public static final java.lang.String ACCOUNT_TYPE = "account_type";
- field public static final java.lang.String COMMENTS = "comments";
- field public static final java.lang.String CONTACT_ID = "contact_id";
- field public static final java.lang.String CONTACT_LOOKUP_KEY = "contact_lookup";
- field public static final java.lang.String DATA_SET = "data_set";
- field public static final java.lang.String RAW_CONTACT_ID = "raw_contact_id";
- field public static final java.lang.String RAW_CONTACT_SOURCE_ID = "raw_contact_source_id";
- field public static final java.lang.String RES_ICON = "icon";
- field public static final java.lang.String RES_LABEL = "label";
- field public static final java.lang.String RES_PACKAGE = "res_package";
- field public static final java.lang.String SYNC1 = "stream_item_sync1";
- field public static final java.lang.String SYNC2 = "stream_item_sync2";
- field public static final java.lang.String SYNC3 = "stream_item_sync3";
- field public static final java.lang.String SYNC4 = "stream_item_sync4";
- field public static final java.lang.String TEXT = "text";
- field public static final java.lang.String TIMESTAMP = "timestamp";
- }
-
protected static abstract interface ContactsContract.SyncColumns implements android.provider.ContactsContract.BaseSyncColumns {
field public static final java.lang.String ACCOUNT_NAME = "account_name";
field public static final java.lang.String ACCOUNT_TYPE = "account_type";
diff --git a/core/java/android/provider/ContactsContract.java b/core/java/android/provider/ContactsContract.java
index ca1d0d9..da0ad49 100644
--- a/core/java/android/provider/ContactsContract.java
+++ b/core/java/android/provider/ContactsContract.java
@@ -1611,9 +1611,16 @@ public final class ContactsContract {
}
/**
+ * <p>
* A sub-directory of a single contact that contains all of the constituent raw contact
* {@link ContactsContract.StreamItems} rows. This directory can be used either
* with a {@link #CONTENT_URI} or {@link #CONTENT_LOOKUP_URI}.
+ * </p>
+ * <p>
+ * Querying for social stream data requires android.permission.READ_SOCIAL_STREAM
+ * permission.
+ * </p>
+ * @hide
*/
public static final class StreamItems implements StreamItemsColumns {
/**
@@ -2669,6 +2676,14 @@ public final class ContactsContract {
* {@link ContactsContract.StreamItems} for a stand-alone table containing the
* same data.
* </p>
+ * <p>
+ * Access to the social stream through this sub-directory requires additional permissions
+ * beyond the read/write contact permissions required by the provider. Querying for
+ * social stream data requires android.permission.READ_SOCIAL_STREAM permission, and
+ * inserting or updating social stream items requires android.permission.WRITE_SOCIAL_STREAM
+ * permission.
+ * </p>
+ * @hide
*/
public static final class StreamItems implements BaseColumns, StreamItemsColumns {
/**
@@ -2963,6 +2978,12 @@ public final class ContactsContract {
* transaction correspondingly. Insertion of more items beyond the limit will
* automatically lead to deletion of the oldest items, by {@link StreamItems#TIMESTAMP}.
* </p>
+ * <p>
+ * Access to the social stream through these URIs requires additional permissions beyond the
+ * read/write contact permissions required by the provider. Querying for social stream data
+ * requires android.permission.READ_SOCIAL_STREAM permission, and inserting or updating social
+ * stream items requires android.permission.WRITE_SOCIAL_STREAM permission.
+ * </p>
* <h3>Operations</h3>
* <dl>
* <dt><b>Insert</b></dt>
@@ -3073,6 +3094,7 @@ public final class ContactsContract {
* </pre>
* </dd>
* </dl>
+ * @hide
*/
public static final class StreamItems implements BaseColumns, StreamItemsColumns {
/**
@@ -3133,6 +3155,12 @@ public final class ContactsContract {
* directory append {@link StreamItems.StreamItemPhotos#CONTENT_DIRECTORY} to
* an individual stream item URI.
* </p>
+ * <p>
+ * Access to social stream photos requires additional permissions beyond the read/write
+ * contact permissions required by the provider. Querying for social stream photos
+ * requires android.permission.READ_SOCIAL_STREAM permission, and inserting or updating
+ * social stream photos requires android.permission.WRITE_SOCIAL_STREAM permission.
+ * </p>
*/
public static final class StreamItemPhotos
implements BaseColumns, StreamItemPhotosColumns {
@@ -3164,6 +3192,7 @@ public final class ContactsContract {
* Columns in the StreamItems table.
*
* @see ContactsContract.StreamItems
+ * @hide
*/
protected interface StreamItemsColumns {
/**
@@ -3310,6 +3339,12 @@ public final class ContactsContract {
* Constants for the stream_item_photos table, which contains photos associated with
* social stream updates.
* </p>
+ * <p>
+ * Access to social stream photos requires additional permissions beyond the read/write
+ * contact permissions required by the provider. Querying for social stream photos
+ * requires android.permission.READ_SOCIAL_STREAM permission, and inserting or updating
+ * social stream photos requires android.permission.WRITE_SOCIAL_STREAM permission.
+ * </p>
* <h3>Operations</h3>
* <dl>
* <dt><b>Insert</b></dt>
@@ -3448,6 +3483,7 @@ public final class ContactsContract {
* <pre>
* </dd>
* </dl>
+ * @hide
*/
public static final class StreamItemPhotos implements BaseColumns, StreamItemPhotosColumns {
/**
@@ -3475,6 +3511,7 @@ public final class ContactsContract {
* Columns in the StreamItemPhotos table.
*
* @see ContactsContract.StreamItemPhotos
+ * @hide
*/
protected interface StreamItemPhotosColumns {
/**
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 9755f22..18194ee 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -263,6 +263,23 @@
android:label="@string/permlab_writeProfile"
android:description="@string/permdesc_writeProfile" />
+ <!-- Allows an application to read from the user's social stream.
+ @hide -->
+ <permission android:name="android.permission.READ_SOCIAL_STREAM"
+ android:permissionGroup="android.permission-group.PERSONAL_INFO"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_readSocialStream"
+ android:description="@string/permdesc_readSocialStream" />
+
+ <!-- Allows an application to write (but not read) the user's
+ social stream data.
+ @hide -->
+ <permission android:name="android.permission.WRITE_SOCIAL_STREAM"
+ android:permissionGroup="android.permission-group.PERSONAL_INFO"
+ android:protectionLevel="dangerous"
+ android:label="@string/permlab_writeSocialStream"
+ android:description="@string/permdesc_writeSocialStream" />
+
<!-- Allows an application to read the user's calendar data. -->
<permission android:name="android.permission.READ_CALENDAR"
android:permissionGroup="android.permission-group.PERSONAL_INFO"
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index e093fa9..f8f30b5 100755
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -937,6 +937,18 @@
information. This means other applications can identify you and send your profile
information to others.</string>
+ <!-- Title of the read social stream permission, listed so the user can decide whether to allow the application to read information from the user's social stream. [CHAR LIMIT=30] -->
+ <string name="permlab_readSocialStream" product="default">read your social stream</string>
+ <string name="permdesc_readSocialStream" product="default">Allows the application to access
+ and sync social updates from you and your friends. Malicious apps can use this to read
+ private communications between you and your friends on social networks.</string>
+
+ <!-- Title of the write social stream permission, listed so the user can decide whether to allow the application to write information to the user's social stream. [CHAR LIMIT=30] -->
+ <string name="permlab_writeSocialStream" product="default">write to your social stream</string>
+ <string name="permdesc_writeSocialStream" product="default">Allows the application to display
+ social updates from your friends. Malicious apps can use this to pretend to be a friend
+ and trick you into revealing passwords or other confidential information.</string>
+
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
<string name="permlab_readCalendar">read calendar events plus confidential information</string>
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
generated by cgit v1.1 at 2025-01-13 02:54:48 +0000