DO NOT MERGE Fix security vulnerabilities in permission of deleting MMS/SMS (4d9eaceb) · Commits · e / os / android_packages_modules_Bluetooth

android/app/src/com/android/bluetooth/map/BluetoothMapContentObserver.java

+12 −2

Original line number	Diff line number	Diff line
		@@ -30,6 +30,7 @@ import java.util.Set;

		import org.xmlpull.v1.XmlSerializer;

		import android.Manifest;
		import android.app.Activity;
		import android.app.PendingIntent;
		import android.content.BroadcastReceiver;
		@@ -39,10 +40,13 @@ import android.content.ContentValues;
		import android.content.Context;
		import android.content.Intent;
		import android.content.IntentFilter;
		import android.content.pm.PackageManager;
		import android.database.ContentObserver;
		import android.database.Cursor;
		import android.net.Uri;
		import android.os.Binder;
		import android.os.Handler;
		import android.os.Process;
		import android.provider.BaseColumns;
		import android.provider.Telephony;
		import android.provider.Telephony.Mms;
		@@ -1014,6 +1018,13 @@ public class BluetoothMapContentObserver {

		private void actionMessageSent(Context context, Intent intent,
		PushMsgInfo msgInfo) {
		/* Check permission for message deletion. */
		if (context.checkCallingOrSelfPermission(android.Manifest.permission.WRITE_SMS)
		!= PackageManager.PERMISSION_GRANTED) {
		Log.w(TAG, "actionSmsSentDisconnected: Not allowed to delete SMS/MMS messages");
		return;
		}

		int result = getResultCode();
		boolean delete = false;

		@@ -1064,8 +1075,7 @@ public class BluetoothMapContentObserver {
		}
		}

		private void actionMessageDelivery(Context context, Intent intent,
		PushMsgInfo msgInfo) {
		private void actionMessageDelivery(Context context, Intent intent, PushMsgInfo msgInfo) {
		Uri messageUri = intent.getData();
		byte[] pdu = intent.getByteArrayExtra("pdu");
		String format = intent.getStringExtra("format");