Merge mainline-release 6664920 to stage-aosp-master - DO NOT MERGE
Merged-In: Iafec0500e7c2be4084cd43f39067500ed2500572
Change-Id: Ieb60a53704748982fbc07e1618aaffe365e307ea
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 9542e6d..0748e0f 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -84,7 +84,8 @@
</provider>
<!-- Handles database upgrades after OTAs, then disables itself -->
- <receiver android:name="ContactsUpgradeReceiver">
+ <receiver android:name="ContactsUpgradeReceiver"
+ android:exported="true">
<!-- This broadcast is sent after the core system has finished
booting, before the home app is launched or BOOT_COMPLETED
is sent. -->
@@ -94,6 +95,7 @@
</receiver>
<receiver android:name="PhoneAccountRegistrationReceiver"
+ android:exported="true"
android:permission="android.permission.BROADCAST_PHONE_ACCOUNT_REGISTRATION">
<!-- Broadcast sent after a phone account is registered in telecom. -->
<intent-filter>
@@ -101,7 +103,8 @@
</intent-filter>
</receiver>
- <receiver android:name="LocaleChangeReceiver">
+ <receiver android:name="LocaleChangeReceiver"
+ android:exported="true">
<intent-filter>
<action android:name="android.intent.action.LOCALE_CHANGED"/>
</intent-filter>
@@ -110,6 +113,7 @@
<activity android:name=".debug.ContactsDumpActivity"
android:label="@string/debug_dump_title"
android:theme="@android:style/Theme.Holo.Dialog"
+ android:exported="true"
>
<intent-filter>
<action android:name="com.android.providers.contacts.DUMP_DATABASE"/>
diff --git a/MODULE_LICENSE_APACHE2 b/MODULE_LICENSE_APACHE2
deleted file mode 100644
index e69de29..0000000
--- a/MODULE_LICENSE_APACHE2
+++ /dev/null
diff --git a/res/values-pt-rPT/strings.xml b/res/values-pt-rPT/strings.xml
index beaa2c7..8d94fbb 100644
--- a/res/values-pt-rPT/strings.xml
+++ b/res/values-pt-rPT/strings.xml
@@ -16,7 +16,7 @@
<resources xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
- <string name="sharedUserLabel" msgid="8024311725474286801">"Aplicações Principais do Android"</string>
+ <string name="sharedUserLabel" msgid="8024311725474286801">"Apps Principais do Android"</string>
<string name="app_label" msgid="3389954322874982620">"Armazenamento de contactos"</string>
<string name="provider_label" msgid="6012150850819899907">"Contactos"</string>
<string name="upgrade_out_of_memory_notification_ticker" msgid="7638747231223520477">"A atualização de contactos necessita de mais memória."</string>
diff --git a/src/com/android/providers/contacts/CallLogProvider.java b/src/com/android/providers/contacts/CallLogProvider.java
index ec1d40e..ebe111f 100644
--- a/src/com/android/providers/contacts/CallLogProvider.java
+++ b/src/com/android/providers/contacts/CallLogProvider.java
@@ -138,6 +138,7 @@
sCallsProjectionMap.put(Calls.FEATURES, Calls.FEATURES);
sCallsProjectionMap.put(Calls.PHONE_ACCOUNT_COMPONENT_NAME, Calls.PHONE_ACCOUNT_COMPONENT_NAME);
sCallsProjectionMap.put(Calls.PHONE_ACCOUNT_ID, Calls.PHONE_ACCOUNT_ID);
+ sCallsProjectionMap.put(Calls.PHONE_ACCOUNT_HIDDEN, Calls.PHONE_ACCOUNT_HIDDEN);
sCallsProjectionMap.put(Calls.PHONE_ACCOUNT_ADDRESS, Calls.PHONE_ACCOUNT_ADDRESS);
sCallsProjectionMap.put(Calls.NEW, Calls.NEW);
sCallsProjectionMap.put(Calls.VOICEMAIL_URI, Calls.VOICEMAIL_URI);
@@ -324,6 +325,13 @@
qb.setTables(Tables.CALLS);
qb.setProjectionMap(sCallsProjectionMap);
qb.setStrict(true);
+ // If the caller doesn't have READ_VOICEMAIL, make sure they can't
+ // do any SQL shenanigans to get access to the voicemails. If the caller does have the
+ // READ_VOICEMAIL permission, then they have sufficient permissions to access any data in
+ // the database, so the strict check is unnecessary.
+ if (!mVoicemailPermissions.callerHasReadAccess(getCallingPackage())) {
+ qb.setStrictGrammar(true);
+ }
final SelectionBuilder selectionBuilder = new SelectionBuilder(selection);
checkVoicemailPermissionAndAddRestriction(uri, selectionBuilder, true /*isQuery*/);
@@ -529,6 +537,18 @@
SelectionBuilder selectionBuilder = new SelectionBuilder(selection);
checkVoicemailPermissionAndAddRestriction(uri, selectionBuilder, false /*isQuery*/);
+ final SQLiteQueryBuilder qb = new SQLiteQueryBuilder();
+ qb.setTables(Tables.CALLS);
+ qb.setProjectionMap(sCallsProjectionMap);
+ qb.setStrict(true);
+ // If the caller doesn't have READ_VOICEMAIL, make sure they can't
+ // do any SQL shenanigans to get access to the voicemails. If the caller does have the
+ // READ_VOICEMAIL permission, then they have sufficient permissions to access any data in
+ // the database, so the strict check is unnecessary.
+ if (!mVoicemailPermissions.callerHasReadAccess(getCallingPackage())) {
+ qb.setStrictGrammar(true);
+ }
+
final SQLiteDatabase db = mDbHelper.getWritableDatabase();
final int matchedUriId = sURIMatcher.match(uri);
switch (matchedUriId) {
@@ -543,8 +563,7 @@
throw new UnsupportedOperationException("Cannot update URL: " + uri);
}
- return createDatabaseModifier(db).update(uri, Tables.CALLS, values, selectionBuilder.build(),
- selectionArgs);
+ return qb.update(db, values, selectionBuilder.build(), selectionArgs);
}
private int deleteInternal(Uri uri, String selection, String[] selectionArgs) {
@@ -559,14 +578,25 @@
SelectionBuilder selectionBuilder = new SelectionBuilder(selection);
checkVoicemailPermissionAndAddRestriction(uri, selectionBuilder, false /*isQuery*/);
+ final SQLiteQueryBuilder qb = new SQLiteQueryBuilder();
+ qb.setTables(Tables.CALLS);
+ qb.setProjectionMap(sCallsProjectionMap);
+ qb.setStrict(true);
+ // If the caller doesn't have READ_VOICEMAIL, make sure they can't
+ // do any SQL shenanigans to get access to the voicemails. If the caller does have the
+ // READ_VOICEMAIL permission, then they have sufficient permissions to access any data in
+ // the database, so the strict check is unnecessary.
+ if (!mVoicemailPermissions.callerHasReadAccess(getCallingPackage())) {
+ qb.setStrictGrammar(true);
+ }
+
final SQLiteDatabase db = mDbHelper.getWritableDatabase();
final int matchedUriId = sURIMatcher.match(uri);
switch (matchedUriId) {
case CALLS:
// TODO: Special case - We may want to forward the delete request on user 0 to the
// shadow provider too.
- return createDatabaseModifier(db).delete(Tables.CALLS,
- selectionBuilder.build(), selectionArgs);
+ return qb.delete(db, selectionBuilder.build(), selectionArgs);
default:
throw new UnsupportedOperationException("Cannot delete that URL: " + uri);
}
diff --git a/tests/src/com/android/providers/contacts/CallLogProviderTest.java b/tests/src/com/android/providers/contacts/CallLogProviderTest.java
index 9efdfaa..9baf1e4 100644
--- a/tests/src/com/android/providers/contacts/CallLogProviderTest.java
+++ b/tests/src/com/android/providers/contacts/CallLogProviderTest.java
@@ -18,6 +18,7 @@
import android.telecom.CallerInfo;
import com.android.providers.contacts.testutil.CommonDatabaseUtils;
+import com.android.providers.contacts.util.ContactsPermissions;
import android.content.ComponentName;
import android.content.ContentProvider;
@@ -59,7 +60,7 @@
Voicemails.DIRTY,
Voicemails.DELETED};
/** Total number of columns exposed by call_log provider. */
- private static final int NUM_CALLLOG_FIELDS = 34;
+ private static final int NUM_CALLLOG_FIELDS = 35;
private static final int MIN_MATCH = 7;
@@ -194,9 +195,12 @@
PhoneAccountHandle subscription = new PhoneAccountHandle(
sComponentName, "sub0");
+ // Allow self-calls in order to add the call
+ ContactsPermissions.ALLOW_SELF_CALL = true;
Uri uri = Calls.addCall(ci, getMockContext(), "1-800-263-7643",
Calls.PRESENTATION_ALLOWED, Calls.OUTGOING_TYPE, 0, subscription, 2000,
40, null);
+ ContactsPermissions.ALLOW_SELF_CALL = false;
assertNotNull(uri);
assertEquals("0@" + CallLog.AUTHORITY, uri.getAuthority());
