Merge "Stop enforcing {READ,WRITE}_PROFILE permissions" into mnc-dev

author: Brian Attwell <brianattwell@google.com> 2015-05-28 17:36:20 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-05-28 17:36:21 +0000
commit: ce51d2418ae766feed51f05ea69735753fbacb68 (patch)
tree: c353e267872f2b553bc59a4dac70b2fba66f41b5 /src/com/android
parent: 3a83f4c60fbe7eb2ee31186d0675dcfbac3ee6b5 (diff)
parent: e3afdce8647e144c2d0c81f48860138deb976cdf (diff)
download: packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.zip
packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.tar.gz
packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.tar.bz2
2 files changed, 7 insertions, 37 deletions
diff --git a/src/com/android/providers/contacts/ContactsProvider2.java b/src/com/android/providers/contacts/ContactsProvider2.java
index 0edb83c..b2cbc8b 100644
--- a/src/com/android/providers/contacts/ContactsProvider2.java
+++ b/src/com/android/providers/contacts/ContactsProvider2.java
@@ -203,6 +203,7 @@ import java.util.concurrent.CountDownLatch;
 public class ContactsProvider2 extends AbstractContactsProvider
         implements OnAccountsUpdateListener {
 
+    private static final String READ_PERMISSION = "android.permission.READ_CONTACTS";
     private static final String WRITE_PERMISSION = "android.permission.WRITE_CONTACTS";
 
     /* package */ static final String UPDATE_TIMES_CONTACTED_CONTACTS_TABLE =
@@ -1512,8 +1513,6 @@ public class ContactsProvider2 extends AbstractContactsProvider
         mProfileProvider = newProfileProvider();
         mProfileProvider.setDbHelperToSerializeOn(mContactsHelper, CONTACTS_DB_TAG, this);
         ProviderInfo profileInfo = new ProviderInfo();
-        profileInfo.readPermission = "android.permission.READ_PROFILE";
-        profileInfo.writePermission = "android.permission.WRITE_PROFILE";
         profileInfo.authority = ContactsContract.AUTHORITY;
         mProfileProvider.attachInfo(getContext(), profileInfo);
         mProfileHelper = mProfileProvider.getDatabaseHelper(getContext());
@@ -2212,14 +2211,13 @@ public class ContactsProvider2 extends AbstractContactsProvider
         waitForAccess(mReadAccessLatch);
         switchToContactMode();
         if (Authorization.AUTHORIZATION_METHOD.equals(method)) {
-            Uri uri = (Uri) extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE);
+            Uri uri = extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE);
 
             // Check permissions on the caller.  The URI can only be pre-authorized if the caller
-            // already has the necessary permissions.
+            // already has the necessary permissions. And, we can't rely on the ContentResolver to
+            // enforce permissions for the ContentProvider#call() method.
             enforceSocialStreamReadPermission(uri);
-            if (mapsToProfileDb(uri)) {
-                mProfileProvider.enforceReadPermission(uri);
-            }
+            ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION);
 
             // If there hasn't been a security violation yet, we're clear to pre-authorize the URI.
             Uri authUri = preAuthorizeUri(uri);
diff --git a/src/com/android/providers/contacts/ProfileProvider.java b/src/com/android/providers/contacts/ProfileProvider.java
index ee18a5e..dfb8748 100644
--- a/src/com/android/providers/contacts/ProfileProvider.java
+++ b/src/com/android/providers/contacts/ProfileProvider.java
@@ -35,8 +35,7 @@ import java.util.Locale;
  * database from the rest of contacts.
  */
 public class ProfileProvider extends AbstractContactsProvider {
-    private static final String READ_PERMISSION = "android.permission.READ_PROFILE";
-    private static final String WRITE_PERMISSION = "android.permission.WRITE_PROFILE";
+    private static final String READ_CONTACTS_PERMISSION = "android.permission.READ_CONTACTS";
 
     // The Contacts provider handles most of the logic - this provider is only invoked when the
     // URI belongs to a profile action, setting up the proper database.
@@ -46,24 +45,6 @@ public class ProfileProvider extends AbstractContactsProvider {
         mDelegate = delegate;
     }
 
-    /**
-     * Performs a permission check on the read profile permission.  Checks the delegate contacts
-     * provider to see whether this is an authorized one-time-use URI.
-     * @param uri The URI being accessed.
-     */
-    public void enforceReadPermission(Uri uri) {
-        if (!mDelegate.isValidPreAuthorizedUri(uri)) {
-            ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION);
-        }
-    }
-
-    /**
-     * Performs a permission check on the write profile permission.
-     */
-    public void enforceWritePermission() {
-        ContactsPermissions.enforceCallingOrSelfPermission(getContext(), WRITE_PERMISSION);
-    }
-
     @Override
     protected ProfileDatabaseHelper getDatabaseHelper(Context context) {
         return ProfileDatabaseHelper.getInstance(context);
@@ -83,14 +64,12 @@ public class ProfileProvider extends AbstractContactsProvider {
     @Override
     public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
             String sortOrder, CancellationSignal cancellationSignal) {
-        enforceReadPermission(uri);
         return mDelegate.queryLocal(uri, projection, selection, selectionArgs, sortOrder, -1,
                 cancellationSignal);
     }
 
     @Override
     protected Uri insertInTransaction(Uri uri, ContentValues values) {
-        enforceWritePermission();
         useProfileDbForTransaction();
         return mDelegate.insertInTransaction(uri, values);
     }
@@ -98,25 +77,18 @@ public class ProfileProvider extends AbstractContactsProvider {
     @Override
     protected int updateInTransaction(Uri uri, ContentValues values, String selection,
             String[] selectionArgs) {
-        enforceWritePermission();
         useProfileDbForTransaction();
         return mDelegate.updateInTransaction(uri, values, selection, selectionArgs);
     }
 
     @Override
     protected int deleteInTransaction(Uri uri, String selection, String[] selectionArgs) {
-        enforceWritePermission();
         useProfileDbForTransaction();
         return mDelegate.deleteInTransaction(uri, selection, selectionArgs);
     }
 
     @Override
     public AssetFileDescriptor openAssetFile(Uri uri, String mode) throws FileNotFoundException {
-        if (mode != null && mode.contains("w")) {
-            enforceWritePermission();
-        } else {
-            enforceReadPermission(uri);
-        }
         return mDelegate.openAssetFileLocal(uri, mode);
     }
 
@@ -173,6 +145,6 @@ public class ProfileProvider extends AbstractContactsProvider {
 
     private void sendProfileChangedBroadcast() {
         final Intent intent = new Intent(Intents.ACTION_PROFILE_CHANGED);
-        mDelegate.getContext().sendBroadcast(intent, READ_PERMISSION);
+        mDelegate.getContext().sendBroadcast(intent, READ_CONTACTS_PERMISSION);
     }
 }
author	Brian Attwell <brianattwell@google.com>	2015-05-28 17:36:20 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-05-28 17:36:21 +0000
commit	ce51d2418ae766feed51f05ea69735753fbacb68 (patch)
tree	c353e267872f2b553bc59a4dac70b2fba66f41b5 /src/com/android
parent	3a83f4c60fbe7eb2ee31186d0675dcfbac3ee6b5 (diff)
parent	e3afdce8647e144c2d0c81f48860138deb976cdf (diff)
download	packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.zip packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.tar.gz packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.tar.bz2