Close security hole in Email provider
* Prevent open access to sent or received messages
* Prevent open access to account info incl. passwords
* Allow access only to system apps
Bug # 2133080
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index b663480..3f87b7e 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -35,13 +35,22 @@
<!-- Only required if a store implements push mail and needs to keep network open -->
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
-
+
+ <!-- Grant permission to other apps to view attachments -->
<permission android:name="com.android.email.permission.READ_ATTACHMENT"
android:permissionGroup="android.permission-group.MESSAGES"
android:protectionLevel="dangerous"
android:label="@string/read_attachment_label"
android:description="@string/read_attachment_desc"/>
<uses-permission android:name="com.android.email.permission.READ_ATTACHMENT"/>
+
+ <!-- Grant permission to system apps to access provider (see provider below) -->
+ <permission android:name="com.android.email.permission.ACCESS_PROVIDER"
+ android:protectionLevel="signatureOrSystem"
+ android:label="@string/permission_access_provider_label"
+ android:description="@string/permission_access_provider_desc"/>
+ <uses-permission android:name="com.android.email.permission.ACCESS_PROVIDER"/>
+
<application android:icon="@drawable/icon" android:label="@string/app_name"
android:name="Email">
<activity android:name=".activity.Welcome">
@@ -226,11 +235,14 @@
android:grantUriPermissions="true"
android:readPermission="com.android.email.permission.READ_ATTACHMENT"
/>
+
+ <!-- This provider MUST be protected by strict permissions, as granting access to
+ it exposes user passwords and other confidential information. -->
<provider
android:name=".provider.EmailProvider"
android:authorities="com.android.email.provider"
android:multiprocess="true"
- android:grantUriPermissions="true"
+ android:permission="com.android.email.permission.ACCESS_PROVIDER"
/>
</application>
</manifest>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 610ede9..7affc8f 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -16,10 +16,17 @@
<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <!-- Permissions label -->
- <string name="read_attachment_label">read Email attachments</string>
- <!-- Permissions description -->
- <string name="read_attachment_desc">Allows this application to read your Email attachments.</string>
+ <!-- Permissions label for reading attachments -->
+ <string name="read_attachment_label">Read Email attachments</string>
+ <!-- Permissions description for reading attachments -->
+ <string name="read_attachment_desc">Allows this application to read your Email
+ attachments.</string>
+ <!-- Permissions label for accessing the main provider -->
+ <string name="permission_access_provider_label">Access Email provider data</string>
+ <!-- Permissions description for accessing the main provider -->
+ <string name="permission_access_provider_desc">Allows this application to access your Email
+ database, including received messages, sent messages, usernames and passwords.</string>
+
<!-- Name of application on Home screen -->
<string name="app_name">Email</string>
<!-- Title of Accounts screen -->
