From f097b16cfddce2dbb097b929458fe9b0a402963e Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Sat, 28 Jul 2012 12:43:48 -0700 Subject: [PATCH] Content Providers: change default for android:exported Change the default value of android:exported to true for applications which target a newer API version. This will help stop inadvertent content provider exposure to untrusted apps. Bug: 3306452 Change-Id: I8cb34e823aef9551319951ce92217345c54cee63 --- .../android/content/pm/PackageParser.java | 24 +++++++++++++++++-- core/java/android/os/Build.java | 9 +++++++ .../guide/topics/manifest/provider-element.jd | 3 ++- 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java index 3ce7c781ca17c..64b227b4395d7 100644 --- a/core/java/android/content/pm/PackageParser.java +++ b/core/java/android/content/pm/PackageParser.java @@ -2428,8 +2428,28 @@ public class PackageParser { return null; } + boolean providerExportedDefault = false; + + if (owner.applicationInfo.targetSdkVersion < Build.VERSION_CODES.JELLY_BEAN_MR1) { + // For compatibility, applications targeting API level 16 or lower + // should have their content providers exported by default, unless they + // specify otherwise. + providerExportedDefault = true; + } + + if (((owner.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) + && (owner.applicationInfo.targetSdkVersion == Build.VERSION_CODES.JELLY_BEAN)) { + // STOPSHIP: REMOVE THIS IF BLOCK + // To expose more bugs, pre-installed system apps targeting API level 16 + // should not have their content providers exported by default. + // This is only a short term check, and should be removed when the + // default SDK version changes to 17. + providerExportedDefault = false; + } + p.info.exported = sa.getBoolean( - com.android.internal.R.styleable.AndroidManifestProvider_exported, true); + com.android.internal.R.styleable.AndroidManifestProvider_exported, + providerExportedDefault); String cpname = sa.getNonConfigurationString( com.android.internal.R.styleable.AndroidManifestProvider_authorities, 0); @@ -2487,7 +2507,7 @@ public class PackageParser { } if (cpname == null) { - outError[0] = " does not incude authorities attribute"; + outError[0] = " does not include authorities attribute"; return null; } p.info.authority = cpname.intern(); diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java index 7cf869ceb6576..dd5d7a6b8e0e8 100644 --- a/core/java/android/os/Build.java +++ b/core/java/android/os/Build.java @@ -414,6 +414,15 @@ public class Build { /** * Moar jelly beans! + * + *

Applications targeting this or a later release will get these + * new changes in behavior:

+ *
    + *
  • Content Providers: The default value of {@code android:exported} is now + * {@code false}. See + * + * the android:exported section in the provider documentation for more details.
    • + *
*/ public static final int JELLY_BEAN_MR1 = 17; } diff --git a/docs/html/guide/topics/manifest/provider-element.jd b/docs/html/guide/topics/manifest/provider-element.jd index 455880035a9ca..7b4ca8fc21c0f 100644 --- a/docs/html/guide/topics/manifest/provider-element.jd +++ b/docs/html/guide/topics/manifest/provider-element.jd @@ -97,7 +97,8 @@ are by default) for the content provider to be enabled. If either is applications — "{@code true}" if it can be, and "{@code false}" if not. If "{@code false}", the provider is available only to components of the same application or applications with the same user ID. The default value -is "{@code true}". +is "{@code true}" for applications which target API level 16 (Jelly Bean) +and below, and "{@code false}" otherwise.

You can export a content provider but still limit access to it with the