Revert "Allow privileged apps to query contact provider across user" am: 94adfb0f85
am: 9324fca045
Change-Id: I528c2e567964947f30af28f3017aec7826177d80
diff --git a/src/com/android/providers/contacts/ContactsProvider2.java b/src/com/android/providers/contacts/ContactsProvider2.java
index 4cde137..5811aad 100644
--- a/src/com/android/providers/contacts/ContactsProvider2.java
+++ b/src/com/android/providers/contacts/ContactsProvider2.java
@@ -16,10 +16,6 @@
package com.android.providers.contacts;
-import static android.content.pm.PackageManager.PERMISSION_GRANTED;
-import static android.Manifest.permission.INTERACT_ACROSS_USERS;
-import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;
-
import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.OnAccountsUpdateListener;
@@ -218,6 +214,7 @@
private static final String READ_PERMISSION = "android.permission.READ_CONTACTS";
private static final String WRITE_PERMISSION = "android.permission.WRITE_CONTACTS";
+ private static final String INTERACT_ACROSS_USERS = "android.permission.INTERACT_ACROSS_USERS";
/* package */ static final String PHONEBOOK_COLLATOR_NAME = "PHONEBOOK";
@@ -5512,13 +5509,9 @@
return null;
}
- // If caller does not come from same profile, Check if it's privileged or allowed by
- // enterprise policy
- if (!isCallerFromSameUser()) {
- if (!callerHoldsInteractAcrossUserPermission()
- && !mEnterprisePolicyGuard.isCrossProfileAllowed(uri)) {
- return createEmptyCursor(uri, projection);
- }
+ // Check enterprise policy if caller does not come from same profile
+ if (!(isCallerFromSameUser() || mEnterprisePolicyGuard.isCrossProfileAllowed(uri))) {
+ return createEmptyCursor(uri, projection);
}
// Query the profile DB if appropriate.
if (mapsToProfileDb(uri)) {
@@ -5544,12 +5537,6 @@
.getCurrentUserHandle(getContext());
}
- private boolean callerHoldsInteractAcrossUserPermission() {
- final Context context = getContext();
- return context.checkCallingPermission(INTERACT_ACROSS_USERS_FULL) == PERMISSION_GRANTED
- || context.checkCallingPermission(INTERACT_ACROSS_USERS) == PERMISSION_GRANTED;
- }
-
private Cursor queryDirectoryIfNecessary(Uri uri, String[] projection, String selection,
String[] selectionArgs, String sortOrder, CancellationSignal cancellationSignal) {
String directory = getQueryParameter(uri, ContactsContract.DIRECTORY_PARAM_KEY);
@@ -8593,12 +8580,10 @@
if (!isDirectoryParamValid(uri)){
return null;
}
- if (!isCallerFromSameUser()) { /* From differnt user */
- if (!callerHoldsInteractAcrossUserPermission() /* no cross user permission */
- && !mEnterprisePolicyGuard.isCrossProfileAllowed(uri)
- /* Policy not allowed */){
- return null;
- }
+ if (!isCallerFromSameUser() /* From differnt user */
+ && !mEnterprisePolicyGuard.isCrossProfileAllowed(uri)
+ /* Policy not allowed */){
+ return null;
}
waitForAccess(mode.equals("r") ? mReadAccessLatch : mWriteAccessLatch);
final AssetFileDescriptor ret;