summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorBrian Attwell <brianattwell@google.com>2015-05-27 19:49:13 -0700
committerBrian Attwell <brianattwell@google.com>2015-05-27 19:49:13 -0700
commite3afdce8647e144c2d0c81f48860138deb976cdf (patch)
tree9c488e7ec96a57495878892038b4f67df2bfdd58 /src
parentd93008163a8a2a4a877506eacdc4c4b1b2ad840e (diff)
downloadpackages_providers_ContactsProvider-e3afdce8647e144c2d0c81f48860138deb976cdf.zip
packages_providers_ContactsProvider-e3afdce8647e144c2d0c81f48860138deb976cdf.tar.gz
packages_providers_ContactsProvider-e3afdce8647e144c2d0c81f48860138deb976cdf.tar.bz2
Stop enforcing {READ,WRITE}_PROFILE permissions
I should also remove all support for the Authorization API from CP2 now that we've decided there is no need for it. I'll leave cleaning this up for after I've finished unbundling the Contacts app. Bug: 21090207 Change-Id: I31e6ae7b0f49c3589071f6a95f8d69a9456c144d
Diffstat (limited to 'src')
-rw-r--r--src/com/android/providers/contacts/ContactsProvider2.java12
-rw-r--r--src/com/android/providers/contacts/ProfileProvider.java32
2 files changed, 7 insertions, 37 deletions
diff --git a/src/com/android/providers/contacts/ContactsProvider2.java b/src/com/android/providers/contacts/ContactsProvider2.java
index 8fce6a6..cd4f876 100644
--- a/src/com/android/providers/contacts/ContactsProvider2.java
+++ b/src/com/android/providers/contacts/ContactsProvider2.java
@@ -203,6 +203,7 @@ import java.util.concurrent.CountDownLatch;
public class ContactsProvider2 extends AbstractContactsProvider
implements OnAccountsUpdateListener {
+ private static final String READ_PERMISSION = "android.permission.READ_CONTACTS";
private static final String WRITE_PERMISSION = "android.permission.WRITE_CONTACTS";
/* package */ static final String UPDATE_TIMES_CONTACTED_CONTACTS_TABLE =
@@ -1512,8 +1513,6 @@ public class ContactsProvider2 extends AbstractContactsProvider
mProfileProvider = newProfileProvider();
mProfileProvider.setDbHelperToSerializeOn(mContactsHelper, CONTACTS_DB_TAG, this);
ProviderInfo profileInfo = new ProviderInfo();
- profileInfo.readPermission = "android.permission.READ_PROFILE";
- profileInfo.writePermission = "android.permission.WRITE_PROFILE";
profileInfo.authority = ContactsContract.AUTHORITY;
mProfileProvider.attachInfo(getContext(), profileInfo);
mProfileHelper = mProfileProvider.getDatabaseHelper(getContext());
@@ -2200,14 +2199,13 @@ public class ContactsProvider2 extends AbstractContactsProvider
waitForAccess(mReadAccessLatch);
switchToContactMode();
if (Authorization.AUTHORIZATION_METHOD.equals(method)) {
- Uri uri = (Uri) extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE);
+ Uri uri = extras.getParcelable(Authorization.KEY_URI_TO_AUTHORIZE);
// Check permissions on the caller. The URI can only be pre-authorized if the caller
- // already has the necessary permissions.
+ // already has the necessary permissions. And, we can't rely on the ContentResolver to
+ // enforce permissions for the ContentProvider#call() method.
enforceSocialStreamReadPermission(uri);
- if (mapsToProfileDb(uri)) {
- mProfileProvider.enforceReadPermission(uri);
- }
+ ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION);
// If there hasn't been a security violation yet, we're clear to pre-authorize the URI.
Uri authUri = preAuthorizeUri(uri);
diff --git a/src/com/android/providers/contacts/ProfileProvider.java b/src/com/android/providers/contacts/ProfileProvider.java
index ee18a5e..dfb8748 100644
--- a/src/com/android/providers/contacts/ProfileProvider.java
+++ b/src/com/android/providers/contacts/ProfileProvider.java
@@ -35,8 +35,7 @@ import java.util.Locale;
* database from the rest of contacts.
*/
public class ProfileProvider extends AbstractContactsProvider {
- private static final String READ_PERMISSION = "android.permission.READ_PROFILE";
- private static final String WRITE_PERMISSION = "android.permission.WRITE_PROFILE";
+ private static final String READ_CONTACTS_PERMISSION = "android.permission.READ_CONTACTS";
// The Contacts provider handles most of the logic - this provider is only invoked when the
// URI belongs to a profile action, setting up the proper database.
@@ -46,24 +45,6 @@ public class ProfileProvider extends AbstractContactsProvider {
mDelegate = delegate;
}
- /**
- * Performs a permission check on the read profile permission. Checks the delegate contacts
- * provider to see whether this is an authorized one-time-use URI.
- * @param uri The URI being accessed.
- */
- public void enforceReadPermission(Uri uri) {
- if (!mDelegate.isValidPreAuthorizedUri(uri)) {
- ContactsPermissions.enforceCallingOrSelfPermission(getContext(), READ_PERMISSION);
- }
- }
-
- /**
- * Performs a permission check on the write profile permission.
- */
- public void enforceWritePermission() {
- ContactsPermissions.enforceCallingOrSelfPermission(getContext(), WRITE_PERMISSION);
- }
-
@Override
protected ProfileDatabaseHelper getDatabaseHelper(Context context) {
return ProfileDatabaseHelper.getInstance(context);
@@ -83,14 +64,12 @@ public class ProfileProvider extends AbstractContactsProvider {
@Override
public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs,
String sortOrder, CancellationSignal cancellationSignal) {
- enforceReadPermission(uri);
return mDelegate.queryLocal(uri, projection, selection, selectionArgs, sortOrder, -1,
cancellationSignal);
}
@Override
protected Uri insertInTransaction(Uri uri, ContentValues values) {
- enforceWritePermission();
useProfileDbForTransaction();
return mDelegate.insertInTransaction(uri, values);
}
@@ -98,25 +77,18 @@ public class ProfileProvider extends AbstractContactsProvider {
@Override
protected int updateInTransaction(Uri uri, ContentValues values, String selection,
String[] selectionArgs) {
- enforceWritePermission();
useProfileDbForTransaction();
return mDelegate.updateInTransaction(uri, values, selection, selectionArgs);
}
@Override
protected int deleteInTransaction(Uri uri, String selection, String[] selectionArgs) {
- enforceWritePermission();
useProfileDbForTransaction();
return mDelegate.deleteInTransaction(uri, selection, selectionArgs);
}
@Override
public AssetFileDescriptor openAssetFile(Uri uri, String mode) throws FileNotFoundException {
- if (mode != null && mode.contains("w")) {
- enforceWritePermission();
- } else {
- enforceReadPermission(uri);
- }
return mDelegate.openAssetFileLocal(uri, mode);
}
@@ -173,6 +145,6 @@ public class ProfileProvider extends AbstractContactsProvider {
private void sendProfileChangedBroadcast() {
final Intent intent = new Intent(Intents.ACTION_PROFILE_CHANGED);
- mDelegate.getContext().sendBroadcast(intent, READ_PERMISSION);
+ mDelegate.getContext().sendBroadcast(intent, READ_CONTACTS_PERMISSION);
}
}