Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am 9d16c219: Merge "Content Providers: change default for android:exported" into jb-mr1-dev

Browse Source 
* commit '9d16c219f1ca0836a832e25a61fcaf9c1d0dd67b':
  Content Providers: change default for android:exported
This commit is contained in:
Nick Kralevich
2012-08-08 10:51:58 -07:00
committed by Android Git Automerger
parent 852f06b3fc 9d16c219f1
commit ebd997d866
3 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
core/java/android/content/pm/PackageParser.java
View File

@@ -2443,8 +2443,28 @@ public class PackageParser {
return null; return null;
} }
boolean providerExportedDefault = false;
if (owner.applicationInfo.targetSdkVersion < Build.VERSION_CODES.JELLY_BEAN_MR1) {
// For compatibility, applications targeting API level 16 or lower
// should have their content providers exported by default, unless they
// specify otherwise.
providerExportedDefault = true;
}
if (((owner.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0)
&& (owner.applicationInfo.targetSdkVersion == Build.VERSION_CODES.JELLY_BEAN)) {
// STOPSHIP: REMOVE THIS IF BLOCK
// To expose more bugs, pre-installed system apps targeting API level 16
// should not have their content providers exported by default.
// This is only a short term check, and should be removed when the
// default SDK version changes to 17.
providerExportedDefault = false;
}
p.info.exported = sa.getBoolean( p.info.exported = sa.getBoolean(
com.android.internal.R.styleable.AndroidManifestProvider_exported, true); com.android.internal.R.styleable.AndroidManifestProvider_exported,
providerExportedDefault);
String cpname = sa.getNonConfigurationString( String cpname = sa.getNonConfigurationString(
com.android.internal.R.styleable.AndroidManifestProvider_authorities, 0); com.android.internal.R.styleable.AndroidManifestProvider_authorities, 0);
@@ -2516,7 +2536,7 @@ public class PackageParser {
} }
if (cpname == null) { if (cpname == null) {
outError[0] = "<provider> does not incude authorities attribute"; outError[0] = "<provider> does not include authorities attribute";
return null; return null;
} }
p.info.authority = cpname.intern(); p.info.authority = cpname.intern();

9
core/java/android/os/Build.java
View File

@@ -414,6 +414,15 @@ public class Build {
/** /**
* Moar jelly beans! * Moar jelly beans!
*
* <p>Applications targeting this or a later release will get these
* new changes in behavior:</p>
* <ul>
* <li>Content Providers: The default value of {@code android:exported} is now
* {@code false}. See
* <a href="{docRoot}guide/topics/manifest/provider-element.html#exported">
* the android:exported section</a> in the provider documentation for more details.</li>
* </ul>
*/ */
public static final int JELLY_BEAN_MR1 = 17; public static final int JELLY_BEAN_MR1 = 17;
} }

3
docs/html/guide/topics/manifest/provider-element.jd
View File

@@ -97,7 +97,8 @@ are by default) for the content provider to be enabled. If either is
applications &mdash; "{@code true}" if it can be, and "{@code false}" if not. applications &mdash; "{@code true}" if it can be, and "{@code false}" if not.
If "{@code false}", the provider is available only to components of the If "{@code false}", the provider is available only to components of the
same application or applications with the same user ID. The default value same application or applications with the same user ID. The default value
is "{@code true}". is "{@code true}" for applications which target API level 16 (Jelly Bean)
and below, and "{@code false}" otherwise.
<p> <p>
You can export a content provider but still limit access to it with the You can export a content provider but still limit access to it with the