am 22722207: Close security hole in Email provider

Merge commit '22722207f5cc68c91d4be8307a29a9adb711b6d3' into eclair-plus-aosp * commit '22722207f5cc68c91d4be8307a29a9adb711b6d3': Close security hole in Email provider
2009-09-20 17:32:35 -07:00 · 2009-09-20 17:32:35 -07:00 · 0cc888b337
commit 0cc888b337
parent 7ce7dae0e1 22722207f5
2 changed files with 25 additions and 6 deletions
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@ -35,13 +35,22 @@
    <!-- Only required if a store implements push mail and needs to keep network open -->
    <uses-permission android:name="android.permission.WAKE_LOCK"/>
    <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
-    
+
+    <!-- Grant permission to other apps to view attachments -->
    <permission android:name="com.android.email.permission.READ_ATTACHMENT"
                android:permissionGroup="android.permission-group.MESSAGES"
                android:protectionLevel="dangerous"
                android:label="@string/read_attachment_label"
                android:description="@string/read_attachment_desc"/>
    <uses-permission android:name="com.android.email.permission.READ_ATTACHMENT"/>
+
+    <!-- Grant permission to system apps to access provider (see provider below) -->
+    <permission android:name="com.android.email.permission.ACCESS_PROVIDER"
+                android:protectionLevel="signatureOrSystem"
+                android:label="@string/permission_access_provider_label"
+                android:description="@string/permission_access_provider_desc"/>
+    <uses-permission android:name="com.android.email.permission.ACCESS_PROVIDER"/>
+
    <application android:icon="@drawable/icon" android:label="@string/app_name"
        android:name="Email">
        <activity android:name=".activity.Welcome">
@ -226,11 +235,14 @@
            android:grantUriPermissions="true"
            android:readPermission="com.android.email.permission.READ_ATTACHMENT"
            />
+
+        <!-- This provider MUST be protected by strict permissions, as granting access to
+             it exposes user passwords and other confidential information. -->
        <provider
            android:name=".provider.EmailProvider"
            android:authorities="com.android.email.provider"
            android:multiprocess="true"
-            android:grantUriPermissions="true"
+            android:permission="com.android.email.permission.ACCESS_PROVIDER"
            />
    </application>
 </manifest>
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@ -16,10 +16,17 @@

 <resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">

-    <!-- Permissions label -->
-    <string name="read_attachment_label">read Email attachments</string>
-    <!-- Permissions description -->
-    <string name="read_attachment_desc">Allows this application to read your Email attachments.</string>
+    <!-- Permissions label for reading attachments -->
+    <string name="read_attachment_label">Read Email attachments</string>
+    <!-- Permissions description for reading attachments -->
+    <string name="read_attachment_desc">Allows this application to read your Email
+        attachments.</string>
+    <!-- Permissions label for accessing the main provider -->
+    <string name="permission_access_provider_label">Access Email provider data</string>
+    <!-- Permissions description for accessing the main provider -->
+    <string name="permission_access_provider_desc">Allows this application to access your Email
+        database, including received messages, sent messages, usernames and passwords.</string>
+
    <!-- Name of application on Home screen -->
    <string name="app_name">Email</string>
    <!-- Title of Accounts screen -->