Teach receivers, activities, providers, and services app ops.

Perform app op check in addition to the permisison check for all four paltform components - activities, content providers, broadcast receivers, services - if they are guarded by a permssion that has an associated app op. This ensures that legacy apps will behave correctly if the permission of the caller has been revoked, i.e. the app op for that permission was disabled. bug:22199666 Change-Id: Ia22d1c38d58b3cd6aabdc655cb7c7bddd85da7a2
author: Svet Ganov <svetoslavganov@google.com> 2015-06-27 13:15:22 -0700
committer: Svet Ganov <svetoslavganov@google.com> 2015-07-01 16:20:00 -0700
commit: 99b6043dad9d215cf15810b885b6b8c215dd5b5a (patch)
tree: ab714f7926640fbe8dafa4668f251e33e5f915c4 /core/java/android/content/ContentProvider.java
parent: 2438c9b2e7892a8515209cb1d440c3b5147165b2 (diff)
1 files changed, 22 insertions, 2 deletions
diff --git a/core/java/android/content/ContentProvider.java b/core/java/android/content/ContentProvider.java
index d4c443779d71..3cc76841bd70 100644
--- a/core/java/android/content/ContentProvider.java
+++ b/core/java/android/content/ContentProvider.java
@@ -475,18 +475,38 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
         private int enforceReadPermission(String callingPkg, Uri uri, IBinder callerToken)
                 throws SecurityException {
             enforceReadPermissionInner(uri, callerToken);
+
+            final int permOp = AppOpsManager.permissionToOpCode(mReadPermission);
+            if (permOp != AppOpsManager.OP_NONE) {
+                final int mode = mAppOpsManager.noteProxyOp(permOp, callingPkg);
+                if (mode != AppOpsManager.MODE_ALLOWED) {
+                    return mode;
+                }
+            }
+
             if (mReadOp != AppOpsManager.OP_NONE) {
-                return mAppOpsManager.noteOp(mReadOp, Binder.getCallingUid(), callingPkg);
+                return mAppOpsManager.noteProxyOp(mReadOp, callingPkg);
             }
+
             return AppOpsManager.MODE_ALLOWED;
         }
 
         private int enforceWritePermission(String callingPkg, Uri uri, IBinder callerToken)
                 throws SecurityException {
             enforceWritePermissionInner(uri, callerToken);
+
+            final int permOp = AppOpsManager.permissionToOpCode(mWritePermission);
+            if (permOp != AppOpsManager.OP_NONE) {
+                final int mode = mAppOpsManager.noteProxyOp(permOp, callingPkg);
+                if (mode != AppOpsManager.MODE_ALLOWED) {
+                    return mode;
+                }
+            }
+
             if (mWriteOp != AppOpsManager.OP_NONE) {
-                return mAppOpsManager.noteOp(mWriteOp, Binder.getCallingUid(), callingPkg);
+                return mAppOpsManager.noteProxyOp(mWriteOp, callingPkg);
             }
+
             return AppOpsManager.MODE_ALLOWED;
         }
     }
author	Svet Ganov <svetoslavganov@google.com>	2015-06-27 13:15:22 -0700
committer	Svet Ganov <svetoslavganov@google.com>	2015-07-01 16:20:00 -0700
commit	99b6043dad9d215cf15810b885b6b8c215dd5b5a (patch)
tree	ab714f7926640fbe8dafa4668f251e33e5f915c4 /core/java/android/content/ContentProvider.java
parent	2438c9b2e7892a8515209cb1d440c3b5147165b2 (diff)