@@ -398,135 +398,137 @@ private int enforceReadPermission(String callingPkg, Uri uri) throws SecurityExc
398398 return AppOpsManager .MODE_ALLOWED ;
399399 }
400400
401- private void enforceReadPermissionInner (Uri uri ) throws SecurityException {
402- final Context context = getContext ();
403- final int pid = Binder .getCallingPid ();
404- final int uid = Binder .getCallingUid ();
405- String missingPerm = null ;
406-
407- if (UserHandle .isSameApp (uid , mMyUid )) {
408- return ;
401+ private int enforceWritePermission (String callingPkg , Uri uri ) throws SecurityException {
402+ enforceWritePermissionInner (uri );
403+ if (mWriteOp != AppOpsManager .OP_NONE ) {
404+ return mAppOpsManager .noteOp (mWriteOp , Binder .getCallingUid (), callingPkg );
409405 }
406+ return AppOpsManager .MODE_ALLOWED ;
407+ }
408+ }
410409
411- if (mExported ) {
412- final String componentPerm = getReadPermission ();
413- if (componentPerm != null ) {
414- if (context .checkPermission (componentPerm , pid , uid ) == PERMISSION_GRANTED ) {
415- return ;
416- } else {
417- missingPerm = componentPerm ;
418- }
410+ /** {@hide} */
411+ protected void enforceReadPermissionInner (Uri uri ) throws SecurityException {
412+ final Context context = getContext ();
413+ final int pid = Binder .getCallingPid ();
414+ final int uid = Binder .getCallingUid ();
415+ String missingPerm = null ;
416+
417+ if (UserHandle .isSameApp (uid , mMyUid )) {
418+ return ;
419+ }
420+
421+ if (mExported ) {
422+ final String componentPerm = getReadPermission ();
423+ if (componentPerm != null ) {
424+ if (context .checkPermission (componentPerm , pid , uid ) == PERMISSION_GRANTED ) {
425+ return ;
426+ } else {
427+ missingPerm = componentPerm ;
419428 }
429+ }
420430
421- // track if unprotected read is allowed; any denied
422- // <path-permission> below removes this ability
423- boolean allowDefaultRead = (componentPerm == null );
424-
425- final PathPermission [] pps = getPathPermissions ();
426- if (pps != null ) {
427- final String path = uri .getPath ();
428- for (PathPermission pp : pps ) {
429- final String pathPerm = pp .getReadPermission ();
430- if (pathPerm != null && pp .match (path )) {
431- if (context .checkPermission (pathPerm , pid , uid ) == PERMISSION_GRANTED ) {
432- return ;
433- } else {
434- // any denied <path-permission> means we lose
435- // default <provider> access.
436- allowDefaultRead = false ;
437- missingPerm = pathPerm ;
438- }
431+ // track if unprotected read is allowed; any denied
432+ // <path-permission> below removes this ability
433+ boolean allowDefaultRead = (componentPerm == null );
434+
435+ final PathPermission [] pps = getPathPermissions ();
436+ if (pps != null ) {
437+ final String path = uri .getPath ();
438+ for (PathPermission pp : pps ) {
439+ final String pathPerm = pp .getReadPermission ();
440+ if (pathPerm != null && pp .match (path )) {
441+ if (context .checkPermission (pathPerm , pid , uid ) == PERMISSION_GRANTED ) {
442+ return ;
443+ } else {
444+ // any denied <path-permission> means we lose
445+ // default <provider> access.
446+ allowDefaultRead = false ;
447+ missingPerm = pathPerm ;
439448 }
440449 }
441450 }
442-
443- // if we passed <path-permission> checks above, and no default
444- // <provider> permission, then allow access.
445- if (allowDefaultRead ) return ;
446- }
447-
448- // last chance, check against any uri grants
449- if (context .checkUriPermission (uri , pid , uid , Intent .FLAG_GRANT_READ_URI_PERMISSION )
450- == PERMISSION_GRANTED ) {
451- return ;
452451 }
453452
454- final String failReason = mExported
455- ? " requires " + missingPerm + ", or grantUriPermission()"
456- : " requires the provider be exported, or grantUriPermission()" ;
457- throw new SecurityException ("Permission Denial: reading "
458- + ContentProvider .this .getClass ().getName () + " uri " + uri + " from pid=" + pid
459- + ", uid=" + uid + failReason );
453+ // if we passed <path-permission> checks above, and no default
454+ // <provider> permission, then allow access.
455+ if (allowDefaultRead ) return ;
460456 }
461457
462- private int enforceWritePermission (String callingPkg , Uri uri ) throws SecurityException {
463- enforceWritePermissionInner (uri );
464- if (mWriteOp != AppOpsManager .OP_NONE ) {
465- return mAppOpsManager .noteOp (mWriteOp , Binder .getCallingUid (), callingPkg );
466- }
467- return AppOpsManager .MODE_ALLOWED ;
458+ // last chance, check against any uri grants
459+ if (context .checkUriPermission (uri , pid , uid , Intent .FLAG_GRANT_READ_URI_PERMISSION )
460+ == PERMISSION_GRANTED ) {
461+ return ;
468462 }
469463
470- private void enforceWritePermissionInner (Uri uri ) throws SecurityException {
471- final Context context = getContext ();
472- final int pid = Binder .getCallingPid ();
473- final int uid = Binder .getCallingUid ();
474- String missingPerm = null ;
464+ final String failReason = mExported
465+ ? " requires " + missingPerm + ", or grantUriPermission()"
466+ : " requires the provider be exported, or grantUriPermission()" ;
467+ throw new SecurityException ("Permission Denial: reading "
468+ + ContentProvider .this .getClass ().getName () + " uri " + uri + " from pid=" + pid
469+ + ", uid=" + uid + failReason );
470+ }
475471
476- if (UserHandle .isSameApp (uid , mMyUid )) {
477- return ;
478- }
472+ /** {@hide} */
473+ protected void enforceWritePermissionInner (Uri uri ) throws SecurityException {
474+ final Context context = getContext ();
475+ final int pid = Binder .getCallingPid ();
476+ final int uid = Binder .getCallingUid ();
477+ String missingPerm = null ;
479478
480- if (mExported ) {
481- final String componentPerm = getWritePermission ();
482- if (componentPerm != null ) {
483- if (context .checkPermission (componentPerm , pid , uid ) == PERMISSION_GRANTED ) {
484- return ;
485- } else {
486- missingPerm = componentPerm ;
487- }
479+ if (UserHandle .isSameApp (uid , mMyUid )) {
480+ return ;
481+ }
482+
483+ if (mExported ) {
484+ final String componentPerm = getWritePermission ();
485+ if (componentPerm != null ) {
486+ if (context .checkPermission (componentPerm , pid , uid ) == PERMISSION_GRANTED ) {
487+ return ;
488+ } else {
489+ missingPerm = componentPerm ;
488490 }
491+ }
489492
490- // track if unprotected write is allowed; any denied
491- // <path-permission> below removes this ability
492- boolean allowDefaultWrite = (componentPerm == null );
493-
494- final PathPermission [] pps = getPathPermissions ();
495- if (pps != null ) {
496- final String path = uri .getPath ();
497- for (PathPermission pp : pps ) {
498- final String pathPerm = pp .getWritePermission ();
499- if (pathPerm != null && pp .match (path )) {
500- if (context .checkPermission (pathPerm , pid , uid ) == PERMISSION_GRANTED ) {
501- return ;
502- } else {
503- // any denied <path-permission> means we lose
504- // default <provider> access.
505- allowDefaultWrite = false ;
506- missingPerm = pathPerm ;
507- }
493+ // track if unprotected write is allowed; any denied
494+ // <path-permission> below removes this ability
495+ boolean allowDefaultWrite = (componentPerm == null );
496+
497+ final PathPermission [] pps = getPathPermissions ();
498+ if (pps != null ) {
499+ final String path = uri .getPath ();
500+ for (PathPermission pp : pps ) {
501+ final String pathPerm = pp .getWritePermission ();
502+ if (pathPerm != null && pp .match (path )) {
503+ if (context .checkPermission (pathPerm , pid , uid ) == PERMISSION_GRANTED ) {
504+ return ;
505+ } else {
506+ // any denied <path-permission> means we lose
507+ // default <provider> access.
508+ allowDefaultWrite = false ;
509+ missingPerm = pathPerm ;
508510 }
509511 }
510512 }
511-
512- // if we passed <path-permission> checks above, and no default
513- // <provider> permission, then allow access.
514- if (allowDefaultWrite ) return ;
515513 }
516514
517- // last chance, check against any uri grants
518- if (context .checkUriPermission (uri , pid , uid , Intent .FLAG_GRANT_WRITE_URI_PERMISSION )
519- == PERMISSION_GRANTED ) {
520- return ;
521- }
515+ // if we passed <path-permission> checks above, and no default
516+ // <provider> permission, then allow access.
517+ if (allowDefaultWrite ) return ;
518+ }
522519
523- final String failReason = mExported
524- ? " requires " + missingPerm + ", or grantUriPermission()"
525- : " requires the provider be exported, or grantUriPermission()" ;
526- throw new SecurityException ("Permission Denial: writing "
527- + ContentProvider .this .getClass ().getName () + " uri " + uri + " from pid=" + pid
528- + ", uid=" + uid + failReason );
520+ // last chance, check against any uri grants
521+ if (context .checkUriPermission (uri , pid , uid , Intent .FLAG_GRANT_WRITE_URI_PERMISSION )
522+ == PERMISSION_GRANTED ) {
523+ return ;
529524 }
525+
526+ final String failReason = mExported
527+ ? " requires " + missingPerm + ", or grantUriPermission()"
528+ : " requires the provider be exported, or grantUriPermission()" ;
529+ throw new SecurityException ("Permission Denial: writing "
530+ + ContentProvider .this .getClass ().getName () + " uri " + uri + " from pid=" + pid
531+ + ", uid=" + uid + failReason );
530532 }
531533
532534 /**
0 commit comments