DO NOT MERGE Fix security vulnerabilities in permission of deleting MMS/SMS (ca20f500) · Commits · e / os / android_packages_apps_Bluetooth

src/com/android/bluetooth/map/BluetoothMapContentObserver.java

+14 −80

Original line number	Diff line number	Diff line
		@@ -34,6 +34,7 @@ import javax.obex.ResponseCodes;

		import org.xmlpull.v1.XmlSerializer;

		import android.Manifest;
		import android.app.Activity;
		import android.app.PendingIntent;
		import android.content.BroadcastReceiver;
		@@ -45,13 +46,16 @@ import android.content.Context;
		import android.content.Intent;
		import android.content.IntentFilter;
		import android.content.IntentFilter.MalformedMimeTypeException;
		import android.content.pm.PackageManager;
		import android.database.ContentObserver;
		import android.database.Cursor;
		import android.net.Uri;
		import android.os.Build;
		import android.os.Binder;
		import android.os.Handler;
		import android.os.Message;
		import android.os.ParcelFileDescriptor;
		import android.os.Process;
		import android.os.RemoteException;
		import android.provider.BaseColumns;
		import com.android.bluetooth.mapapi.BluetoothMapContract;
		@@ -1704,9 +1708,6 @@ public class BluetoothMapContentObserver {

		IntentFilter intentFilter = new IntentFilter();
		intentFilter.addAction(ACTION_MESSAGE_DELIVERY);
		/* The reception of ACTION_MESSAGE_SENT have been moved to the MAP
		* service, to be able to handle message sent events after a disconnect. */
		//intentFilter.addAction(ACTION_MESSAGE_SENT);
		try{
		intentFilter.addDataType("message/*");
		} catch (MalformedMimeTypeException e) {
		@@ -1737,20 +1738,7 @@ public class BluetoothMapContentObserver {
		return;
		}

		if (action.equals(ACTION_MESSAGE_SENT)) {
		int result = intent.getIntExtra(EXTRA_MESSAGE_SENT_RESULT, Activity.RESULT_CANCELED);
		msgInfo.partsSent++;
		if(result != Activity.RESULT_OK) {
		// If just one of the parts in the message fails, we need to send the entire message again
		msgInfo.failedSent = true;
		}
		if(D) Log.d(TAG, "onReceive: msgInfo.partsSent = " + msgInfo.partsSent
		+ ", msgInfo.parts = " + msgInfo.parts + " result = " + result);

		if (msgInfo.partsSent == msgInfo.parts) {
		actionMessageSent(context, intent, msgInfo);
		}
		} else if (action.equals(ACTION_MESSAGE_DELIVERY)) {
		if (action.equals(ACTION_MESSAGE_DELIVERY)) {
		long timestamp = intent.getLongExtra(EXTRA_MESSAGE_SENT_TIMESTAMP, 0);
		int status = -1;
		if(msgInfo.timestamp == timestamp) {
		@@ -1776,67 +1764,6 @@ public class BluetoothMapContentObserver {
		}
		}

		private void actionMessageSent(Context context, Intent intent, PushMsgInfo msgInfo) {
		/* As the MESSAGE_SENT intent is forwarded from the MAP service, we use the intent
		* to carry the result, as getResult() will not return the correct value.
		*/
		boolean delete = false;

		if(D) Log.d(TAG,"actionMessageSent(): msgInfo.failedSent = " + msgInfo.failedSent);

		msgInfo.sendInProgress = false;

		if (msgInfo.failedSent == false) {
		if(D) Log.d(TAG, "actionMessageSent: result OK");
		if (msgInfo.transparent == 0) {
		if (!Sms.moveMessageToFolder(context, msgInfo.uri,
		Sms.MESSAGE_TYPE_SENT, 0)) {
		Log.w(TAG, "Failed to move " + msgInfo.uri + " to SENT");
		}
		} else {
		delete = true;
		}

		Event evt = new Event(EVENT_TYPE_SENDING_SUCCESS, msgInfo.id,
		folderSms[Sms.MESSAGE_TYPE_SENT], null, mSmsType);
		sendEvent(evt);

		} else {
		if (msgInfo.retry == 1) {
		/* Notify failure, but keep message in outbox for resending */
		msgInfo.resend = true;
		msgInfo.partsSent = 0; // Reset counter for the retry
		msgInfo.failedSent = false;
		Event evt = new Event(EVENT_TYPE_SENDING_FAILURE, msgInfo.id,
		folderSms[Sms.MESSAGE_TYPE_OUTBOX], null, mSmsType);
		sendEvent(evt);
		} else {
		if (msgInfo.transparent == 0) {
		if (!Sms.moveMessageToFolder(context, msgInfo.uri,
		Sms.MESSAGE_TYPE_FAILED, 0)) {
		Log.w(TAG, "Failed to move " + msgInfo.uri + " to FAILED");
		}
		} else {
		delete = true;
		}

		Event evt = new Event(EVENT_TYPE_SENDING_FAILURE, msgInfo.id,
		folderSms[Sms.MESSAGE_TYPE_FAILED], null, mSmsType);
		sendEvent(evt);
		}
		}

		if (delete == true) {
		/* Delete from Observer message list to avoid delete notifications */
		synchronized(mMsgListSms) {
		mMsgListSms.remove(msgInfo.id);
		}

		/* Delete from DB */
		mResolver.delete(msgInfo.uri, null, null);
		}
		}

		private void actionMessageDelivery(Context context, Intent intent, PushMsgInfo msgInfo) {
		Uri messageUri = intent.getData();
		msgInfo.sendInProgress = false;
		@@ -1878,6 +1805,13 @@ public class BluetoothMapContentObserver {
		}

		static public void actionMessageSentDisconnected(Context context, Intent intent, int result) {
		/* Check permission for message deletion. */
		if (context.checkCallingOrSelfPermission(android.Manifest.permission.WRITE_SMS)
		!= PackageManager.PERMISSION_GRANTED) {
		Log.w(TAG, "actionMessageSentDisconnected: Not allowed to delete SMS/MMS messages");
		return;
		}

		boolean delete = false;
		//int retry = intent.getIntExtra(EXTRA_MESSAGE_SENT_RETRY, 0);
		int transparent = intent.getIntExtra(EXTRA_MESSAGE_SENT_TRANSPARENT, 0);
		@@ -1914,7 +1848,7 @@ public class BluetoothMapContentObserver {
		}
		}

		if (delete == true) {
		if (delete) {
		/* Delete from DB */
		ContentResolver resolver = context.getContentResolver();
		if (resolver != null) {