Check permissions before using associated APIs
Also, use sdkVersion=MNC. This way missing runtime permissions will
throw SecurityExceptions. This will make it easier to catch any
unchecked usage of permissions.
Bug: 21791169
Change-Id: I6118cc42e3aa6505b47df9470672f722600eca31
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 4bee141..1a33284 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -18,10 +18,9 @@
package="com.android.contacts"
android:sharedUserId="android.uid.shared">
+ <uses-sdk android:minSdkVersion="MNC" android:targetSdkVersion="MNC" />
<original-package android:name="com.android.contacts" />
- <!-- Whenever a permission is added here, it should also be added to
- RequestPermissionsActivity so it can be requested at runtime. -->
<uses-permission android:name="android.permission.CALL_PHONE" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.WRITE_CONTACTS" />
diff --git a/src/com/android/contacts/interactions/CalendarInteractionsLoader.java b/src/com/android/contacts/interactions/CalendarInteractionsLoader.java
index c3927ce..4813866 100644
--- a/src/com/android/contacts/interactions/CalendarInteractionsLoader.java
+++ b/src/com/android/contacts/interactions/CalendarInteractionsLoader.java
@@ -2,6 +2,8 @@
import com.google.common.base.Preconditions;
+import com.android.contacts.common.util.PermissionsUtil;
+
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -9,6 +11,7 @@
import java.util.List;
import java.util.Set;
+import android.Manifest.permission;
import android.content.AsyncTaskLoader;
import android.content.ContentValues;
import android.content.Context;
@@ -55,7 +58,8 @@
@Override
public List<ContactInteraction> loadInBackground() {
- if (mEmailAddresses == null || mEmailAddresses.size() < 1) {
+ if (!PermissionsUtil.hasPermission(getContext(), permission.READ_CALENDAR)
+ || mEmailAddresses == null || mEmailAddresses.size() < 1) {
return Collections.emptyList();
}
// Perform separate calendar queries for events in the past and future.
diff --git a/src/com/android/contacts/interactions/CallLogInteractionsLoader.java b/src/com/android/contacts/interactions/CallLogInteractionsLoader.java
index 46cd315..2340d3f 100644
--- a/src/com/android/contacts/interactions/CallLogInteractionsLoader.java
+++ b/src/com/android/contacts/interactions/CallLogInteractionsLoader.java
@@ -28,6 +28,8 @@
import com.google.common.annotations.VisibleForTesting;
+import com.android.contacts.common.util.PermissionsUtil;
+
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
@@ -48,7 +50,9 @@
@Override
public List<ContactInteraction> loadInBackground() {
- if (!getContext().getPackageManager().hasSystemFeature(PackageManager.FEATURE_TELEPHONY)
+ if (!PermissionsUtil.hasPhonePermissions(getContext())
+ || !getContext().getPackageManager()
+ .hasSystemFeature(PackageManager.FEATURE_TELEPHONY)
|| mPhoneNumbers == null || mPhoneNumbers.length <= 0 || mMaxToRetrieve <= 0) {
return Collections.emptyList();
}
diff --git a/src/com/android/contacts/quickcontact/QuickContactActivity.java b/src/com/android/contacts/quickcontact/QuickContactActivity.java
index 5bfbd10..d97d472 100644
--- a/src/com/android/contacts/quickcontact/QuickContactActivity.java
+++ b/src/com/android/contacts/quickcontact/QuickContactActivity.java
@@ -45,7 +45,6 @@
import android.os.Bundle;
import android.os.Trace;
import android.provider.CalendarContract;
-import android.provider.ContactsContract;
import android.provider.ContactsContract.CommonDataKinds.Email;
import android.provider.ContactsContract.CommonDataKinds.Event;
import android.provider.ContactsContract.CommonDataKinds.GroupMembership;