From 603af61a7cd49f214743b286520419a3fe460774 Mon Sep 17 00:00:00 2001 From: Subir Jhanb Date: Mon, 6 Aug 2012 17:19:22 -0700 Subject: [PATCH] Add a new permission to have access to Gal Provider BUG:6897999 Change-Id: Ie60963b7f3911b402b971e794178754e1b4f0a43 --- core/java/android/provider/ContactsContract.java | 8 ++++---- core/res/AndroidManifest.xml | 7 +++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/core/java/android/provider/ContactsContract.java b/core/java/android/provider/ContactsContract.java index 8e123ac63f0ad..0c165653390c5 100644 --- a/core/java/android/provider/ContactsContract.java +++ b/core/java/android/provider/ContactsContract.java @@ -345,10 +345,10 @@ public final class ContactsContract { * directory provider URIs by themselves. This level of indirection allows * Contacts Provider to implement additional system-level features and * optimizations. Access to Contacts Provider is protected by the - * READ_CONTACTS permission, but access to the directory provider is not. - * Therefore directory providers must reject requests coming from clients - * other than the Contacts Provider itself. An easy way to prevent such - * unauthorized access is to check the name of the calling package: + * READ_CONTACTS permission, but access to the directory provider is protected by + * BIND_DIRECTORY_SEARCH. This permission was introduced at the API level 17, for previous + * platform versions the provider should perform the following check to make sure the call + * is coming from the ContactsProvider: * 
      * private boolean isCallerAllowed() {
      *   PackageManager pm = getContext().getPackageManager();
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index d636713be94ae..195b1efb8d718 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -278,6 +278,13 @@
         android:label="@string/permlab_writeContacts"
         android:description="@string/permdesc_writeContacts" />
 
+    
+    
+    
+