diff options
| author | Brian Attwell <brianattwell@google.com> | 2015-05-28 17:36:20 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-05-28 17:36:21 +0000 |
| commit | ce51d2418ae766feed51f05ea69735753fbacb68 (patch) | |
| tree | c353e267872f2b553bc59a4dac70b2fba66f41b5 /src/com/android/providers/contacts/ContactsProvider2.java | |
| parent | 3a83f4c60fbe7eb2ee31186d0675dcfbac3ee6b5 (diff) | |
| parent | e3afdce8647e144c2d0c81f48860138deb976cdf (diff) | |
| download | packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.zip packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.tar.gz packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.tar.bz2 | |
Merge "Stop enforcing {READ,WRITE}_PROFILE permissions" into mnc-dev
Diffstat (limited to 'src/com/android/providers/contacts/ContactsProvider2.java')
| -rw-r--r-- | src/com/android/providers/contacts/ContactsProvider2.java | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/src/com/android/providers/contacts/ContactsProvider2.java b/src/com/android/providers/contacts/ContactsProvider2.java index 0edb83c..b2cbc8b 100644 --- a/src/com/android/providers/contacts/ContactsProvider2.java +++ b/src/com/android/providers/contacts/ContactsProvider2.java @@ -203,6 +203,7 @@ import java.util.concurrent.CountDownLatch; public class ContactsProvider2 extends AbstractContactsProvider implements OnAccountsUpdateListener { + private static final String READ_PERMISSION = "android.permission.READ_CONTACTS"; private static final String WRITE_PERMISSION = "android.permission.WRITE_CONTACTS"; /* package */ static final String UPDATE_TIMES_CONTACTED_CONTACTS_TABLE = @@ -1512,8 +1513,6 @@ public class ContactsProvider2 extends AbstractContactsProvider mProfileProvider = newProfileProvider(); mProfileProvider.setDbHelperToSerializeOn(mContactsHelper, CONTACTS_DB_TAG, this); ProviderInfo profileInfo = new ProviderInfo(); - profileInfo.readPermission = "android.permission.READ_PROFILE"; - profileInfo.writePermission = "android.permission.WRITE_PROFILE"; profileInfo.authority = ContactsContract.AUTHORITY; mProfileProvider.attachInfo(getContext(), profileInfo); mProfileHelper = mProfileProvider.getDatabaseHelper(getContext()); @@ -2212,14 +2211,13 @@ public class ContactsProvider2 extends AbstractContactsProvider waitForAccess(mReadAccessLatch); switchToContactMode(); if (Authorization.AUTHORIZATION_METHOD.equals(method)) { - Uri uri = (Uri) extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE); + Uri uri = extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE); // Check permissions on the caller. The URI can only be pre-authorized if the caller - // already has the necessary permissions. + // already has the necessary permissions. And, we can't rely on the ContentResolver to + // enforce permissions for the ContentProvider#call() method. enforceSocialStreamReadPermission(uri); - if (mapsToProfileDb(uri)) { - mProfileProvider.enforceReadPermission(uri); - } + ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION); // If there hasn't been a security violation yet, we're clear to pre-authorize the URI. Uri authUri = preAuthorizeUri(uri); |