am 0cc888b3: am 22722207: Close security hole in Email provider

Merge commit '0cc888b337fbd6f621bcaf40c0f5fb3b9528ee97'

* commit '0cc888b337fbd6f621bcaf40c0f5fb3b9528ee97':
  Close security hole in Email provider
This commit is contained in:
Andrew Stadler 2009-09-20 17:36:57 -07:00 committed by Android Git Automerger
commit 1f9c223d24
2 changed files with 25 additions and 6 deletions

View File

@ -35,13 +35,22 @@
<!-- Only required if a store implements push mail and needs to keep network open -->
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<!-- Grant permission to other apps to view attachments -->
<permission android:name="com.android.email.permission.READ_ATTACHMENT"
android:permissionGroup="android.permission-group.MESSAGES"
android:protectionLevel="dangerous"
android:label="@string/read_attachment_label"
android:description="@string/read_attachment_desc"/>
<uses-permission android:name="com.android.email.permission.READ_ATTACHMENT"/>
<!-- Grant permission to system apps to access provider (see provider below) -->
<permission android:name="com.android.email.permission.ACCESS_PROVIDER"
android:protectionLevel="signatureOrSystem"
android:label="@string/permission_access_provider_label"
android:description="@string/permission_access_provider_desc"/>
<uses-permission android:name="com.android.email.permission.ACCESS_PROVIDER"/>
<application android:icon="@drawable/icon" android:label="@string/app_name"
android:name="Email">
<activity android:name=".activity.Welcome">
@ -226,11 +235,14 @@
android:grantUriPermissions="true"
android:readPermission="com.android.email.permission.READ_ATTACHMENT"
/>
<!-- This provider MUST be protected by strict permissions, as granting access to
it exposes user passwords and other confidential information. -->
<provider
android:name=".provider.EmailProvider"
android:authorities="com.android.email.provider"
android:multiprocess="true"
android:grantUriPermissions="true"
android:permission="com.android.email.permission.ACCESS_PROVIDER"
/>
</application>
</manifest>

View File

@ -16,10 +16,17 @@
<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
<!-- Permissions label -->
<string name="read_attachment_label">read Email attachments</string>
<!-- Permissions description -->
<string name="read_attachment_desc">Allows this application to read your Email attachments.</string>
<!-- Permissions label for reading attachments -->
<string name="read_attachment_label">Read Email attachments</string>
<!-- Permissions description for reading attachments -->
<string name="read_attachment_desc">Allows this application to read your Email
attachments.</string>
<!-- Permissions label for accessing the main provider -->
<string name="permission_access_provider_label">Access Email provider data</string>
<!-- Permissions description for accessing the main provider -->
<string name="permission_access_provider_desc">Allows this application to access your Email
database, including received messages, sent messages, usernames and passwords.</string>
<!-- Name of application on Home screen -->
<string name="app_name">Email</string>
<!-- Title of Accounts screen -->