From 22722207f5cc68c91d4be8307a29a9adb711b6d3 Mon Sep 17 00:00:00 2001
From: Andrew Stadler <stadler@android.com>
Date: Sun, 20 Sep 2009 17:23:59 -0700
Subject: [PATCH] Close security hole in Email provider

* Prevent open access to sent or received messages
* Prevent open access to account info incl. passwords
* Allow access only to system apps

Bug # 2133080
---
 AndroidManifest.xml    | 16 ++++++++++++++--
 res/values/strings.xml | 15 +++++++++++----
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index b663480e0..3f87b7e8b 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -35,13 +35,22 @@
     <!-- Only required if a store implements push mail and needs to keep network open -->
     <uses-permission android:name="android.permission.WAKE_LOCK"/>
     <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
-    
+
+    <!-- Grant permission to other apps to view attachments -->
     <permission android:name="com.android.email.permission.READ_ATTACHMENT"
                 android:permissionGroup="android.permission-group.MESSAGES"
                 android:protectionLevel="dangerous"
                 android:label="@string/read_attachment_label"
                 android:description="@string/read_attachment_desc"/>
     <uses-permission android:name="com.android.email.permission.READ_ATTACHMENT"/>
+
+    <!-- Grant permission to system apps to access provider (see provider below) -->
+    <permission android:name="com.android.email.permission.ACCESS_PROVIDER"
+                android:protectionLevel="signatureOrSystem"
+                android:label="@string/permission_access_provider_label"
+                android:description="@string/permission_access_provider_desc"/>
+    <uses-permission android:name="com.android.email.permission.ACCESS_PROVIDER"/>
+
     <application android:icon="@drawable/icon" android:label="@string/app_name"
         android:name="Email">
         <activity android:name=".activity.Welcome">
@@ -226,11 +235,14 @@
             android:grantUriPermissions="true"
             android:readPermission="com.android.email.permission.READ_ATTACHMENT"
             />
+
+        <!-- This provider MUST be protected by strict permissions, as granting access to
+             it exposes user passwords and other confidential information. -->
         <provider
             android:name=".provider.EmailProvider"
             android:authorities="com.android.email.provider"
             android:multiprocess="true"
-            android:grantUriPermissions="true"
+            android:permission="com.android.email.permission.ACCESS_PROVIDER"
             />
     </application>
 </manifest>
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 610ede96d..7affc8fe1 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -16,10 +16,17 @@
 
 <resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
 
-    <!-- Permissions label -->
-    <string name="read_attachment_label">read Email attachments</string>
-    <!-- Permissions description -->
-    <string name="read_attachment_desc">Allows this application to read your Email attachments.</string>
+    <!-- Permissions label for reading attachments -->
+    <string name="read_attachment_label">Read Email attachments</string>
+    <!-- Permissions description for reading attachments -->
+    <string name="read_attachment_desc">Allows this application to read your Email
+        attachments.</string>
+    <!-- Permissions label for accessing the main provider -->
+    <string name="permission_access_provider_label">Access Email provider data</string>
+    <!-- Permissions description for accessing the main provider -->
+    <string name="permission_access_provider_desc">Allows this application to access your Email
+        database, including received messages, sent messages, usernames and passwords.</string>
+
     <!-- Name of application on Home screen -->
     <string name="app_name">Email</string>
     <!-- Title of Accounts screen -->