diff options
| author | Brian Attwell <brianattwell@google.com> | 2015-05-27 19:49:13 -0700 |
|---|---|---|
| committer | Brian Attwell <brianattwell@google.com> | 2015-05-27 19:49:13 -0700 |
| commit | e3afdce8647e144c2d0c81f48860138deb976cdf (patch) | |
| tree | 9c488e7ec96a57495878892038b4f67df2bfdd58 /src/com/android/providers | |
| parent | d93008163a8a2a4a877506eacdc4c4b1b2ad840e (diff) | |
| download | packages_providers_ContactsProvider-e3afdce8647e144c2d0c81f48860138deb976cdf.zip packages_providers_ContactsProvider-e3afdce8647e144c2d0c81f48860138deb976cdf.tar.gz packages_providers_ContactsProvider-e3afdce8647e144c2d0c81f48860138deb976cdf.tar.bz2 | |
Stop enforcing {READ,WRITE}_PROFILE permissions
I should also remove all support for the Authorization
API from CP2 now that we've decided there is no need
for it. I'll leave cleaning this up for after I've
finished unbundling the Contacts app.
Bug: 21090207
Change-Id: I31e6ae7b0f49c3589071f6a95f8d69a9456c144d
Diffstat (limited to 'src/com/android/providers')
| -rw-r--r-- | src/com/android/providers/contacts/ContactsProvider2.java | 12 | ||||
| -rw-r--r-- | src/com/android/providers/contacts/ProfileProvider.java | 32 |
2 files changed, 7 insertions, 37 deletions
diff --git a/src/com/android/providers/contacts/ContactsProvider2.java b/src/com/android/providers/contacts/ContactsProvider2.java index 8fce6a6..cd4f876 100644 --- a/src/com/android/providers/contacts/ContactsProvider2.java +++ b/src/com/android/providers/contacts/ContactsProvider2.java @@ -203,6 +203,7 @@ import java.util.concurrent.CountDownLatch; public class ContactsProvider2 extends AbstractContactsProvider implements OnAccountsUpdateListener { + private static final String READ_PERMISSION = "android.permission.READ_CONTACTS"; private static final String WRITE_PERMISSION = "android.permission.WRITE_CONTACTS"; /* package */ static final String UPDATE_TIMES_CONTACTED_CONTACTS_TABLE = @@ -1512,8 +1513,6 @@ public class ContactsProvider2 extends AbstractContactsProvider mProfileProvider = newProfileProvider(); mProfileProvider.setDbHelperToSerializeOn(mContactsHelper, CONTACTS_DB_TAG, this); ProviderInfo profileInfo = new ProviderInfo(); - profileInfo.readPermission = "android.permission.READ_PROFILE"; - profileInfo.writePermission = "android.permission.WRITE_PROFILE"; profileInfo.authority = ContactsContract.AUTHORITY; mProfileProvider.attachInfo(getContext(), profileInfo); mProfileHelper = mProfileProvider.getDatabaseHelper(getContext()); @@ -2200,14 +2199,13 @@ public class ContactsProvider2 extends AbstractContactsProvider waitForAccess(mReadAccessLatch); switchToContactMode(); if (Authorization.AUTHORIZATION_METHOD.equals(method)) { - Uri uri = (Uri) extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE); + Uri uri = extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE); // Check permissions on the caller. The URI can only be pre-authorized if the caller - // already has the necessary permissions. + // already has the necessary permissions. And, we can't rely on the ContentResolver to + // enforce permissions for the ContentProvider#call() method. enforceSocialStreamReadPermission(uri); - if (mapsToProfileDb(uri)) { - mProfileProvider.enforceReadPermission(uri); - } + ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION); // If there hasn't been a security violation yet, we're clear to pre-authorize the URI. Uri authUri = preAuthorizeUri(uri); diff --git a/src/com/android/providers/contacts/ProfileProvider.java b/src/com/android/providers/contacts/ProfileProvider.java index ee18a5e..dfb8748 100644 --- a/src/com/android/providers/contacts/ProfileProvider.java +++ b/src/com/android/providers/contacts/ProfileProvider.java @@ -35,8 +35,7 @@ import java.util.Locale; * database from the rest of contacts. */ public class ProfileProvider extends AbstractContactsProvider { - private static final String READ_PERMISSION = "android.permission.READ_PROFILE"; - private static final String WRITE_PERMISSION = "android.permission.WRITE_PROFILE"; + private static final String READ_CONTACTS_PERMISSION = "android.permission.READ_CONTACTS"; // The Contacts provider handles most of the logic - this provider is only invoked when the // URI belongs to a profile action, setting up the proper database. @@ -46,24 +45,6 @@ public class ProfileProvider extends AbstractContactsProvider { mDelegate = delegate; } - /** - * Performs a permission check on the read profile permission. Checks the delegate contacts - * provider to see whether this is an authorized one-time-use URI. - * @param uri The URI being accessed. - */ - public void enforceReadPermission(Uri uri) { - if (!mDelegate.isValidPreAuthorizedUri(uri)) { - ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION); - } - } - - /** - * Performs a permission check on the write profile permission. - */ - public void enforceWritePermission() { - ContactsPermissions.enforceCallingOrSelfPermission(getContext(), WRITE_PERMISSION); - } - @Override protected ProfileDatabaseHelper getDatabaseHelper(Context context) { return ProfileDatabaseHelper.getInstance(context); @@ -83,14 +64,12 @@ public class ProfileProvider extends AbstractContactsProvider { @Override public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder, CancellationSignal cancellationSignal) { - enforceReadPermission(uri); return mDelegate.queryLocal(uri, projection, selection, selectionArgs, sortOrder, -1, cancellationSignal); } @Override protected Uri insertInTransaction(Uri uri, ContentValues values) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.insertInTransaction(uri, values); } @@ -98,25 +77,18 @@ public class ProfileProvider extends AbstractContactsProvider { @Override protected int updateInTransaction(Uri uri, ContentValues values, String selection, String[] selectionArgs) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.updateInTransaction(uri, values, selection, selectionArgs); } @Override protected int deleteInTransaction(Uri uri, String selection, String[] selectionArgs) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.deleteInTransaction(uri, selection, selectionArgs); } @Override public AssetFileDescriptor openAssetFile(Uri uri, String mode) throws FileNotFoundException { - if (mode != null && mode.contains("w")) { - enforceWritePermission(); - } else { - enforceReadPermission(uri); - } return mDelegate.openAssetFileLocal(uri, mode); } @@ -173,6 +145,6 @@ public class ProfileProvider extends AbstractContactsProvider { private void sendProfileChangedBroadcast() { final Intent intent = new Intent(Intents.ACTION_PROFILE_CHANGED); - mDelegate.getContext().sendBroadcast(intent, READ_PERMISSION); + mDelegate.getContext().sendBroadcast(intent, READ_CONTACTS_PERMISSION); } } |