diff options
author | Miao Chou <mcchou@google.com> | 2015-07-20 12:14:25 -0700 |
---|---|---|
committer | Michael Bestas <mikeioannina@gmail.com> | 2015-11-09 23:14:26 +0200 |
commit | 398e64066f62c3515ad7b3a93daa3dc82595c982 (patch) | |
tree | 4db6ee5ce0414f22dcfb64307595f570aee83caf | |
parent | a120bf11eed93430f4f9abaa896503b89de492c2 (diff) | |
download | android_packages_apps_Bluetooth-398e64066f62c3515ad7b3a93daa3dc82595c982.tar.gz android_packages_apps_Bluetooth-398e64066f62c3515ad7b3a93daa3dc82595c982.tar.bz2 android_packages_apps_Bluetooth-398e64066f62c3515ad7b3a93daa3dc82595c982.zip |
DO NOT MERGE Fix security vulnerabilities in permission of deleting MMS/SMS
This CL adds permission check to avoid unauthorized deletion of any MMS/SMS
messages in BluetoothMapContentObserver.actionMessageSentDisconnected
function.
Bug: 22343270
Change-Id: I30254036309733be4d54db17a8ef17a571cd1c5a
-rw-r--r-- | src/com/android/bluetooth/map/BluetoothMapContentObserver.java | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/com/android/bluetooth/map/BluetoothMapContentObserver.java b/src/com/android/bluetooth/map/BluetoothMapContentObserver.java index c66a03dbe..78503aecc 100644 --- a/src/com/android/bluetooth/map/BluetoothMapContentObserver.java +++ b/src/com/android/bluetooth/map/BluetoothMapContentObserver.java @@ -31,6 +31,7 @@ import java.util.List; import org.xmlpull.v1.XmlSerializer; +import android.Manifest; import android.app.Activity; import android.app.PendingIntent; import android.content.BroadcastReceiver; @@ -40,11 +41,14 @@ import android.content.ContentValues; import android.content.Context; import android.content.Intent; import android.content.IntentFilter; +import android.content.pm.PackageManager; import android.database.ContentObserver; import android.database.Cursor; import android.net.Uri; import android.text.format.Time; +import android.os.Binder; import android.os.Handler; +import android.os.Process; import android.provider.BaseColumns; import android.provider.Telephony; import android.provider.Telephony.Mms; @@ -1132,6 +1136,13 @@ public class BluetoothMapContentObserver { private void actionMessageSent(Context context, Intent intent, PushMsgInfo msgInfo) { + /* Check permission for message deletion. */ + if (context.checkCallingOrSelfPermission(android.Manifest.permission.WRITE_SMS) + != PackageManager.PERMISSION_GRANTED) { + Log.w(TAG, "actionSmsSentDisconnected: Not allowed to delete SMS/MMS messages"); + return; + } + int result = getResultCode(); boolean delete = false; @@ -1182,8 +1193,7 @@ public class BluetoothMapContentObserver { } } - private void actionMessageDelivery(Context context, Intent intent, - PushMsgInfo msgInfo) { + private void actionMessageDelivery(Context context, Intent intent, PushMsgInfo msgInfo) { Uri messageUri = intent.getData(); byte[] pdu = intent.getByteArrayExtra("pdu"); String format = intent.getStringExtra("format"); |