Clean up permissions

- All permission checks now always pass if the caller is self. - Remove uses-permissions that're enforced by self. Bug 20927020 Change-Id: I985338495ed947d317f37e1a8d674a40c5e6bfe4
author: Makoto Onuki <omakoto@google.com> 2015-05-12 15:58:37 -0700
committer: Makoto Onuki <omakoto@google.com> 2015-05-15 10:38:08 -0700
commit: 400e50c1efeb601f6162bd829fdf33e9dc5252f6 (patch)
tree: 2811fa8fe6a24bff6b62ba04ea757be9ecb6b976 /src/com/android/providers/contacts/util
parent: 61ec18168fea70e5c10a28776fd5b9257d9961bc (diff)
download: packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.zip
packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.tar.gz
packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.tar.bz2
1 files changed, 100 insertions, 0 deletions
diff --git a/src/com/android/providers/contacts/util/ContactsPermissions.java b/src/com/android/providers/contacts/util/ContactsPermissions.java
new file mode 100644
index 0000000..6dda50b
--- /dev/null
+++ b/src/com/android/providers/contacts/util/ContactsPermissions.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package com.android.providers.contacts.util;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.net.Uri;
+import android.os.Binder;
+import android.os.Process;
+import android.util.Log;
+
+public class ContactsPermissions {
+    private static final String TAG = "ContactsPermissions";
+
+    private static final boolean DEBUG = false; // DO NOT submit with true
+
+    // Normally, we allow calls from self, *except* in unit tests, where we clear this flag
+    // to emulate calls from other apps.
+    public static boolean ALLOW_SELF_CALL = true;
+
+    private ContactsPermissions() {
+    }
+
+    public static boolean hasCallerOrSelfPermission(Context context, String permission) {
+        boolean ok = false;
+
+        if (ALLOW_SELF_CALL && Binder.getCallingPid() == Process.myPid()) {
+            ok = true; // Called by self; always allow.
+        } else {
+            ok = context.checkCallingOrSelfPermission(permission)
+                    == PackageManager.PERMISSION_GRANTED;
+        }
+        if (DEBUG) {
+            Log.d(TAG, "hasCallerOrSelfPermission: "
+                    + " perm=" + permission
+                    + " caller=" + Binder.getCallingPid()
+                    + " self=" + Process.myPid()
+                    + " ok=" + ok);
+        }
+        return ok;
+    }
+
+    public static void enforceCallingOrSelfPermission(Context context, String permission) {
+        final boolean ok = hasCallerOrSelfPermission(context, permission);
+        if (!ok) {
+            throw new SecurityException(String.format("The caller must have the %s permission.",
+                    permission));
+        }
+    }
+
+    public static boolean hasPackagePermission(Context context, String permission, String pkg) {
+        boolean ok = false;
+        if (ALLOW_SELF_CALL && context.getPackageName().equals(pkg)) {
+            ok =  true; // Called by self; always allow.
+        } else {
+            ok = context.getPackageManager().checkPermission(permission, pkg)
+                    == PackageManager.PERMISSION_GRANTED;
+        }
+        if (DEBUG) {
+            Log.d(TAG, "hasCallerOrSelfPermission: "
+                    + " perm=" + permission
+                    + " pkg=" + pkg
+                    + " self=" + context.getPackageName()
+                    + " ok=" + ok);
+        }
+        return ok;
+    }
+
+    public static boolean hasCallerUriPermission(Context context, Uri uri, int modeFlags) {
+        boolean ok = false;
+        if (ALLOW_SELF_CALL && Binder.getCallingPid() == Process.myPid()) {
+            ok =  true; // Called by self; always allow.
+        } else {
+            ok = context.checkCallingUriPermission(uri, modeFlags)
+                    == PackageManager.PERMISSION_GRANTED;
+        }
+        if (DEBUG) {
+            Log.d(TAG, "hasCallerUriPermission: "
+                    + " uri=" + uri
+                    + " caller=" + Binder.getCallingPid()
+                    + " self=" + Process.myPid()
+                    + " ok=" + ok);
+        }
+        return ok;
+    }
+}
author	Makoto Onuki <omakoto@google.com>	2015-05-12 15:58:37 -0700
committer	Makoto Onuki <omakoto@google.com>	2015-05-15 10:38:08 -0700
commit	400e50c1efeb601f6162bd829fdf33e9dc5252f6 (patch)
tree	2811fa8fe6a24bff6b62ba04ea757be9ecb6b976 /src/com/android/providers/contacts/util
parent	61ec18168fea70e5c10a28776fd5b9257d9961bc (diff)
download	packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.zip packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.tar.gz packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.tar.bz2