diff options
author | Brian Attwell <brianattwell@google.com> | 2015-05-28 17:36:20 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-05-28 17:36:21 +0000 |
commit | ce51d2418ae766feed51f05ea69735753fbacb68 (patch) | |
tree | c353e267872f2b553bc59a4dac70b2fba66f41b5 /src/com/android | |
parent | 3a83f4c60fbe7eb2ee31186d0675dcfbac3ee6b5 (diff) | |
parent | e3afdce8647e144c2d0c81f48860138deb976cdf (diff) | |
download | packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.zip packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.tar.gz packages_providers_ContactsProvider-ce51d2418ae766feed51f05ea69735753fbacb68.tar.bz2 |
Merge "Stop enforcing {READ,WRITE}_PROFILE permissions" into mnc-dev
Diffstat (limited to 'src/com/android')
-rw-r--r-- | src/com/android/providers/contacts/ContactsProvider2.java | 12 | ||||
-rw-r--r-- | src/com/android/providers/contacts/ProfileProvider.java | 32 |
2 files changed, 7 insertions, 37 deletions
diff --git a/src/com/android/providers/contacts/ContactsProvider2.java b/src/com/android/providers/contacts/ContactsProvider2.java index 0edb83c..b2cbc8b 100644 --- a/src/com/android/providers/contacts/ContactsProvider2.java +++ b/src/com/android/providers/contacts/ContactsProvider2.java @@ -203,6 +203,7 @@ import java.util.concurrent.CountDownLatch; public class ContactsProvider2 extends AbstractContactsProvider implements OnAccountsUpdateListener { + private static final String READ_PERMISSION = "android.permission.READ_CONTACTS"; private static final String WRITE_PERMISSION = "android.permission.WRITE_CONTACTS"; /* package */ static final String UPDATE_TIMES_CONTACTED_CONTACTS_TABLE = @@ -1512,8 +1513,6 @@ public class ContactsProvider2 extends AbstractContactsProvider mProfileProvider = newProfileProvider(); mProfileProvider.setDbHelperToSerializeOn(mContactsHelper, CONTACTS_DB_TAG, this); ProviderInfo profileInfo = new ProviderInfo(); - profileInfo.readPermission = "android.permission.READ_PROFILE"; - profileInfo.writePermission = "android.permission.WRITE_PROFILE"; profileInfo.authority = ContactsContract.AUTHORITY; mProfileProvider.attachInfo(getContext(), profileInfo); mProfileHelper = mProfileProvider.getDatabaseHelper(getContext()); @@ -2212,14 +2211,13 @@ public class ContactsProvider2 extends AbstractContactsProvider waitForAccess(mReadAccessLatch); switchToContactMode(); if (Authorization.AUTHORIZATION_METHOD.equals(method)) { - Uri uri = (Uri) extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE); + Uri uri = extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE); // Check permissions on the caller. The URI can only be pre-authorized if the caller - // already has the necessary permissions. + // already has the necessary permissions. And, we can't rely on the ContentResolver to + // enforce permissions for the ContentProvider#call() method. enforceSocialStreamReadPermission(uri); - if (mapsToProfileDb(uri)) { - mProfileProvider.enforceReadPermission(uri); - } + ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION); // If there hasn't been a security violation yet, we're clear to pre-authorize the URI. Uri authUri = preAuthorizeUri(uri); diff --git a/src/com/android/providers/contacts/ProfileProvider.java b/src/com/android/providers/contacts/ProfileProvider.java index ee18a5e..dfb8748 100644 --- a/src/com/android/providers/contacts/ProfileProvider.java +++ b/src/com/android/providers/contacts/ProfileProvider.java @@ -35,8 +35,7 @@ import java.util.Locale; * database from the rest of contacts. */ public class ProfileProvider extends AbstractContactsProvider { - private static final String READ_PERMISSION = "android.permission.READ_PROFILE"; - private static final String WRITE_PERMISSION = "android.permission.WRITE_PROFILE"; + private static final String READ_CONTACTS_PERMISSION = "android.permission.READ_CONTACTS"; // The Contacts provider handles most of the logic - this provider is only invoked when the // URI belongs to a profile action, setting up the proper database. @@ -46,24 +45,6 @@ public class ProfileProvider extends AbstractContactsProvider { mDelegate = delegate; } - /** - * Performs a permission check on the read profile permission. Checks the delegate contacts - * provider to see whether this is an authorized one-time-use URI. - * @param uri The URI being accessed. - */ - public void enforceReadPermission(Uri uri) { - if (!mDelegate.isValidPreAuthorizedUri(uri)) { - ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION); - } - } - - /** - * Performs a permission check on the write profile permission. - */ - public void enforceWritePermission() { - ContactsPermissions.enforceCallingOrSelfPermission(getContext(), WRITE_PERMISSION); - } - @Override protected ProfileDatabaseHelper getDatabaseHelper(Context context) { return ProfileDatabaseHelper.getInstance(context); @@ -83,14 +64,12 @@ public class ProfileProvider extends AbstractContactsProvider { @Override public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder, CancellationSignal cancellationSignal) { - enforceReadPermission(uri); return mDelegate.queryLocal(uri, projection, selection, selectionArgs, sortOrder, -1, cancellationSignal); } @Override protected Uri insertInTransaction(Uri uri, ContentValues values) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.insertInTransaction(uri, values); } @@ -98,25 +77,18 @@ public class ProfileProvider extends AbstractContactsProvider { @Override protected int updateInTransaction(Uri uri, ContentValues values, String selection, String[] selectionArgs) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.updateInTransaction(uri, values, selection, selectionArgs); } @Override protected int deleteInTransaction(Uri uri, String selection, String[] selectionArgs) { - enforceWritePermission(); useProfileDbForTransaction(); return mDelegate.deleteInTransaction(uri, selection, selectionArgs); } @Override public AssetFileDescriptor openAssetFile(Uri uri, String mode) throws FileNotFoundException { - if (mode != null && mode.contains("w")) { - enforceWritePermission(); - } else { - enforceReadPermission(uri); - } return mDelegate.openAssetFileLocal(uri, mode); } @@ -173,6 +145,6 @@ public class ProfileProvider extends AbstractContactsProvider { private void sendProfileChangedBroadcast() { final Intent intent = new Intent(Intents.ACTION_PROFILE_CHANGED); - mDelegate.getContext().sendBroadcast(intent, READ_PERMISSION); + mDelegate.getContext().sendBroadcast(intent, READ_CONTACTS_PERMISSION); } } |