diff options
author | Makoto Onuki <omakoto@google.com> | 2015-05-12 15:58:37 -0700 |
---|---|---|
committer | Makoto Onuki <omakoto@google.com> | 2015-05-15 10:38:08 -0700 |
commit | 400e50c1efeb601f6162bd829fdf33e9dc5252f6 (patch) | |
tree | 2811fa8fe6a24bff6b62ba04ea757be9ecb6b976 /src/com/android/providers/contacts/util | |
parent | 61ec18168fea70e5c10a28776fd5b9257d9961bc (diff) | |
download | packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.zip packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.tar.gz packages_providers_ContactsProvider-400e50c1efeb601f6162bd829fdf33e9dc5252f6.tar.bz2 |
Clean up permissions
- All permission checks now always pass if the caller is self.
- Remove uses-permissions that're enforced by self.
Bug 20927020
Change-Id: I985338495ed947d317f37e1a8d674a40c5e6bfe4
Diffstat (limited to 'src/com/android/providers/contacts/util')
-rw-r--r-- | src/com/android/providers/contacts/util/ContactsPermissions.java | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/src/com/android/providers/contacts/util/ContactsPermissions.java b/src/com/android/providers/contacts/util/ContactsPermissions.java new file mode 100644 index 0000000..6dda50b --- /dev/null +++ b/src/com/android/providers/contacts/util/ContactsPermissions.java @@ -0,0 +1,100 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +package com.android.providers.contacts.util; + +import android.content.Context; +import android.content.Intent; +import android.content.pm.PackageManager; +import android.net.Uri; +import android.os.Binder; +import android.os.Process; +import android.util.Log; + +public class ContactsPermissions { + private static final String TAG = "ContactsPermissions"; + + private static final boolean DEBUG = false; // DO NOT submit with true + + // Normally, we allow calls from self, *except* in unit tests, where we clear this flag + // to emulate calls from other apps. + public static boolean ALLOW_SELF_CALL = true; + + private ContactsPermissions() { + } + + public static boolean hasCallerOrSelfPermission(Context context, String permission) { + boolean ok = false; + + if (ALLOW_SELF_CALL && Binder.getCallingPid() == Process.myPid()) { + ok = true; // Called by self; always allow. + } else { + ok = context.checkCallingOrSelfPermission(permission) + == PackageManager.PERMISSION_GRANTED; + } + if (DEBUG) { + Log.d(TAG, "hasCallerOrSelfPermission: " + + " perm=" + permission + + " caller=" + Binder.getCallingPid() + + " self=" + Process.myPid() + + " ok=" + ok); + } + return ok; + } + + public static void enforceCallingOrSelfPermission(Context context, String permission) { + final boolean ok = hasCallerOrSelfPermission(context, permission); + if (!ok) { + throw new SecurityException(String.format("The caller must have the %s permission.", + permission)); + } + } + + public static boolean hasPackagePermission(Context context, String permission, String pkg) { + boolean ok = false; + if (ALLOW_SELF_CALL && context.getPackageName().equals(pkg)) { + ok = true; // Called by self; always allow. + } else { + ok = context.getPackageManager().checkPermission(permission, pkg) + == PackageManager.PERMISSION_GRANTED; + } + if (DEBUG) { + Log.d(TAG, "hasCallerOrSelfPermission: " + + " perm=" + permission + + " pkg=" + pkg + + " self=" + context.getPackageName() + + " ok=" + ok); + } + return ok; + } + + public static boolean hasCallerUriPermission(Context context, Uri uri, int modeFlags) { + boolean ok = false; + if (ALLOW_SELF_CALL && Binder.getCallingPid() == Process.myPid()) { + ok = true; // Called by self; always allow. + } else { + ok = context.checkCallingUriPermission(uri, modeFlags) + == PackageManager.PERMISSION_GRANTED; + } + if (DEBUG) { + Log.d(TAG, "hasCallerUriPermission: " + + " uri=" + uri + + " caller=" + Binder.getCallingPid() + + " self=" + Process.myPid() + + " ok=" + ok); + } + return ok; + } +} |