From 22722207f5cc68c91d4be8307a29a9adb711b6d3 Mon Sep 17 00:00:00 2001 From: Andrew Stadler Date: Sun, 20 Sep 2009 17:23:59 -0700 Subject: [PATCH] Close security hole in Email provider * Prevent open access to sent or received messages * Prevent open access to account info incl. passwords * Allow access only to system apps Bug # 2133080 --- AndroidManifest.xml | 16 ++++++++++++++-- res/values/strings.xml | 15 +++++++++++---- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/AndroidManifest.xml b/AndroidManifest.xml index b663480e0..3f87b7e8b 100644 --- a/AndroidManifest.xml +++ b/AndroidManifest.xml @@ -35,13 +35,22 @@ - + + + + + + + @@ -226,11 +235,14 @@ android:grantUriPermissions="true" android:readPermission="com.android.email.permission.READ_ATTACHMENT" /> + + diff --git a/res/values/strings.xml b/res/values/strings.xml index 610ede96d..7affc8fe1 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -16,10 +16,17 @@ - - read Email attachments - - Allows this application to read your Email attachments. + + Read Email attachments + + Allows this application to read your Email + attachments. + + Access Email provider data + + Allows this application to access your Email + database, including received messages, sent messages, usernames and passwords. + Email