mirror of
https://github.com/nextcloud/android.git
synced 2024-11-26 15:15:51 +03:00
further hardening of Content Provider
This commit is contained in:
tobiaskaminsky
AndyScherzinger
parent
b11a77c44e
commit
e7ad1ddb4b
1 changed files with 83 additions and 38 deletions
|
|
@ -38,6 +38,9 @@ import android.database.sqlite.SQLiteDatabase;
|
|||
import android.database.sqlite.SQLiteOpenHelper;
|
||||
import android.database.sqlite.SQLiteQueryBuilder;
|
||||
import android.net.Uri;
|
||||
import android.os.Binder;
|
||||
import android.os.Build;
|
||||
import android.support.annotation.NonNull;
|
||||
import android.text.TextUtils;
|
||||
|
||||
import com.owncloud.android.MainApp;
|
||||
|
|
@ -63,6 +66,7 @@ import java.util.Locale;
|
|||
public class FileContentProvider extends ContentProvider {
|
||||
|
||||
private DataBaseHelper mDbHelper;
|
||||
private Context mContext;
|
||||
|
||||
private static final int SINGLE_FILE = 1;
|
||||
private static final int DIRECTORY = 2;
|
||||
|
|
@ -89,9 +93,13 @@ public class FileContentProvider extends ContentProvider {
|
|||
private static final String UPGRADE_VERSION_MSG = "OUT of the ADD in onUpgrade; oldVersion == %d, newVersion == %d";
|
||||
|
||||
@Override
|
||||
public int delete(Uri uri, String where, String[] whereArgs) {
|
||||
//Log_OC.d(TAG, "Deleting " + uri + " at provider " + this);
|
||||
int count = 0;
|
||||
public int delete(@NonNull Uri uri, String where, String[] whereArgs) {
|
||||
int count;
|
||||
|
||||
if (isCallerNotAllowed()) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
SQLiteDatabase db = mDbHelper.getWritableDatabase();
|
||||
db.beginTransaction();
|
||||
try {
|
||||
|
|
@ -100,11 +108,15 @@ public class FileContentProvider extends ContentProvider {
|
|||
} finally {
|
||||
db.endTransaction();
|
||||
}
|
||||
getContext().getContentResolver().notifyChange(uri, null);
|
||||
mContext.getContentResolver().notifyChange(uri, null);
|
||||
return count;
|
||||
}
|
||||
|
||||
private int delete(SQLiteDatabase db, Uri uri, String where, String[] whereArgs) {
|
||||
if (isCallerNotAllowed()) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
int count = 0;
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case SINGLE_FILE:
|
||||
|
|
@ -221,7 +233,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public String getType(Uri uri) {
|
||||
public String getType(@NonNull Uri uri) {
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case ROOT_DIRECTORY:
|
||||
return ProviderTableMeta.CONTENT_TYPE;
|
||||
|
|
@ -234,8 +246,12 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Uri insert(Uri uri, ContentValues values) {
|
||||
Uri newUri = null;
|
||||
public Uri insert(@NonNull Uri uri, ContentValues values) {
|
||||
if (isCallerNotAllowed()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
Uri newUri;
|
||||
SQLiteDatabase db = mDbHelper.getWritableDatabase();
|
||||
db.beginTransaction();
|
||||
try {
|
||||
|
|
@ -244,7 +260,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
} finally {
|
||||
db.endTransaction();
|
||||
}
|
||||
getContext().getContentResolver().notifyChange(newUri, null);
|
||||
mContext.getContentResolver().notifyChange(newUri, null);
|
||||
return newUri;
|
||||
}
|
||||
|
||||
|
|
@ -286,7 +302,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
|
||||
case SHARES:
|
||||
Uri insertedShareUri = null;
|
||||
Uri insertedShareUri;
|
||||
long rowId = db.insert(ProviderTableMeta.OCSHARES_TABLE_NAME, null, values);
|
||||
if (rowId > 0) {
|
||||
insertedShareUri =
|
||||
|
|
@ -299,7 +315,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
return insertedShareUri;
|
||||
|
||||
case CAPABILITIES:
|
||||
Uri insertedCapUri = null;
|
||||
Uri insertedCapUri;
|
||||
long id = db.insert(ProviderTableMeta.CAPABILITIES_TABLE_NAME, null, values);
|
||||
if (id > 0) {
|
||||
insertedCapUri =
|
||||
|
|
@ -311,7 +327,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
return insertedCapUri;
|
||||
|
||||
case UPLOADS:
|
||||
Uri insertedUploadUri = null;
|
||||
Uri insertedUploadUri;
|
||||
long uploadId = db.insert(ProviderTableMeta.UPLOADS_TABLE_NAME, null, values);
|
||||
if (uploadId > 0) {
|
||||
insertedUploadUri =
|
||||
|
|
@ -323,7 +339,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
return insertedUploadUri;
|
||||
|
||||
case SYNCED_FOLDERS:
|
||||
Uri insertedSyncedFolderUri = null;
|
||||
Uri insertedSyncedFolderUri;
|
||||
long syncedFolderId = db.insert(ProviderTableMeta.SYNCED_FOLDERS_TABLE_NAME, null, values);
|
||||
if (syncedFolderId > 0) {
|
||||
insertedSyncedFolderUri =
|
||||
|
|
@ -335,7 +351,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
return insertedSyncedFolderUri;
|
||||
|
||||
case EXTERNAL_LINKS:
|
||||
Uri insertedExternalLinkUri = null;
|
||||
Uri insertedExternalLinkUri;
|
||||
long externalLinkId = db.insert(ProviderTableMeta.EXTERNAL_LINKS_TABLE_NAME, null, values);
|
||||
if (externalLinkId > 0) {
|
||||
insertedExternalLinkUri =
|
||||
|
|
@ -347,7 +363,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
return insertedExternalLinkUri;
|
||||
|
||||
case ARBITRARY_DATA:
|
||||
Uri insertedArbitraryDataUri = null;
|
||||
Uri insertedArbitraryDataUri;
|
||||
long arbitraryDataId = db.insert(ProviderTableMeta.ARBITRARY_DATA_TABLE_NAME, null, values);
|
||||
if (arbitraryDataId > 0) {
|
||||
insertedArbitraryDataUri =
|
||||
|
|
@ -369,11 +385,11 @@ public class FileContentProvider extends ContentProvider {
|
|||
|
||||
return insertedVirtualUri;
|
||||
case FILESYSTEM:
|
||||
Uri insertedFilesystemUri = null;
|
||||
long filesystedId = db.insert(ProviderTableMeta.FILESYSTEM_TABLE_NAME, null, values);
|
||||
if (filesystedId > 0) {
|
||||
Uri insertedFilesystemUri;
|
||||
long filesystemId = db.insert(ProviderTableMeta.FILESYSTEM_TABLE_NAME, null, values);
|
||||
if (filesystemId > 0) {
|
||||
insertedFilesystemUri =
|
||||
ContentUris.withAppendedId(ProviderTableMeta.CONTENT_URI_FILESYSTEM, filesystedId);
|
||||
ContentUris.withAppendedId(ProviderTableMeta.CONTENT_URI_FILESYSTEM, filesystemId);
|
||||
} else {
|
||||
throw new SQLException("ERROR " + uri);
|
||||
}
|
||||
|
|
@ -412,8 +428,13 @@ public class FileContentProvider extends ContentProvider {
|
|||
@Override
|
||||
public boolean onCreate() {
|
||||
mDbHelper = new DataBaseHelper(getContext());
|
||||
mContext = getContext();
|
||||
|
||||
String authority = getContext().getResources().getString(R.string.authority);
|
||||
if (mContext == null) {
|
||||
return false;
|
||||
}
|
||||
|
||||
String authority = mContext.getResources().getString(R.string.authority);
|
||||
mUriMatcher = new UriMatcher(UriMatcher.NO_MATCH);
|
||||
mUriMatcher.addURI(authority, null, ROOT_DIRECTORY);
|
||||
mUriMatcher.addURI(authority, "file/", SINGLE_FILE);
|
||||
|
|
@ -437,15 +458,24 @@ public class FileContentProvider extends ContentProvider {
|
|||
|
||||
|
||||
@Override
|
||||
public Cursor query(
|
||||
Uri uri,
|
||||
String[] projection,
|
||||
String selection,
|
||||
String[] selectionArgs,
|
||||
String sortOrder
|
||||
) {
|
||||
public Cursor query(@NonNull Uri uri, String[] projection, String selection, String[] selectionArgs,
|
||||
String sortOrder) {
|
||||
|
||||
Cursor result = null;
|
||||
// skip check for files as they need to be queried to get access via document provider
|
||||
switch (mUriMatcher.match(uri)) {
|
||||
case ROOT_DIRECTORY:
|
||||
case SINGLE_FILE:
|
||||
case DIRECTORY:
|
||||
break;
|
||||
|
||||
default:
|
||||
if (isCallerNotAllowed()) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Cursor result;
|
||||
SQLiteDatabase db = mDbHelper.getReadableDatabase();
|
||||
db.beginTransaction();
|
||||
try {
|
||||
|
|
@ -600,14 +630,18 @@ public class FileContentProvider extends ContentProvider {
|
|||
|
||||
sqlQuery.setStrict(true);
|
||||
Cursor c = sqlQuery.query(db, projectionArray, selection, selectionArgs, null, null, order);
|
||||
c.setNotificationUri(getContext().getContentResolver(), uri);
|
||||
c.setNotificationUri(mContext.getContentResolver(), uri);
|
||||
return c;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
|
||||
public int update(@NonNull Uri uri, ContentValues values, String selection, String[] selectionArgs) {
|
||||
|
||||
int count = 0;
|
||||
if (isCallerNotAllowed()) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
int count;
|
||||
SQLiteDatabase db = mDbHelper.getWritableDatabase();
|
||||
db.beginTransaction();
|
||||
try {
|
||||
|
|
@ -616,7 +650,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
} finally {
|
||||
db.endTransaction();
|
||||
}
|
||||
getContext().getContentResolver().notifyChange(uri, null);
|
||||
mContext.getContentResolver().notifyChange(uri, null);
|
||||
return count;
|
||||
}
|
||||
|
||||
|
|
@ -636,8 +670,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
case CAPABILITIES:
|
||||
return db.update(ProviderTableMeta.CAPABILITIES_TABLE_NAME, values, selection, selectionArgs);
|
||||
case UPLOADS:
|
||||
int ret = db.update(ProviderTableMeta.UPLOADS_TABLE_NAME, values, selection, selectionArgs);
|
||||
return ret;
|
||||
return db.update(ProviderTableMeta.UPLOADS_TABLE_NAME, values, selection, selectionArgs);
|
||||
case SYNCED_FOLDERS:
|
||||
return db.update(ProviderTableMeta.SYNCED_FOLDERS_TABLE_NAME, values, selection, selectionArgs);
|
||||
case ARBITRARY_DATA:
|
||||
|
|
@ -649,8 +682,9 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
}
|
||||
|
||||
@NonNull
|
||||
@Override
|
||||
public ContentProviderResult[] applyBatch(ArrayList<ContentProviderOperation> operations)
|
||||
public ContentProviderResult[] applyBatch(@NonNull ArrayList<ContentProviderOperation> operations)
|
||||
throws OperationApplicationException {
|
||||
Log_OC.d("FileContentProvider", "applying batch in provider " + this +
|
||||
" (temporary: " + isTemporary() + ")");
|
||||
|
|
@ -675,7 +709,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
|
||||
class DataBaseHelper extends SQLiteOpenHelper {
|
||||
|
||||
public DataBaseHelper(Context context) {
|
||||
DataBaseHelper(Context context) {
|
||||
super(context, ProviderMeta.DB_NAME, null, ProviderMeta.DB_VERSION);
|
||||
|
||||
}
|
||||
|
|
@ -686,7 +720,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
Log_OC.i(SQL, "Entering in onCreate");
|
||||
createFilesTable(db);
|
||||
|
||||
// Create ocshares table
|
||||
// Create OCShares table
|
||||
createOCSharesTable(db);
|
||||
|
||||
// Create capabilities table
|
||||
|
|
@ -797,7 +831,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
ADD_COLUMN + ProviderTableMeta.FILE_PUBLIC_LINK + " TEXT " +
|
||||
" DEFAULT NULL");
|
||||
|
||||
// Create table ocshares
|
||||
// Create table OCShares
|
||||
createOCSharesTable(db);
|
||||
|
||||
upgraded = true;
|
||||
|
|
@ -1259,7 +1293,7 @@ public class FileContentProvider extends ContentProvider {
|
|||
}
|
||||
|
||||
private void createOCSharesTable(SQLiteDatabase db) {
|
||||
// Create ocshares table
|
||||
// Create OCShares table
|
||||
db.execSQL("CREATE TABLE " + ProviderTableMeta.OCSHARES_TABLE_NAME + "("
|
||||
+ ProviderTableMeta._ID + " INTEGER PRIMARY KEY, "
|
||||
+ ProviderTableMeta.OCSHARES_FILE_SOURCE + INTEGER
|
||||
|
|
@ -1516,4 +1550,15 @@ public class FileContentProvider extends ContentProvider {
|
|||
c.close();
|
||||
}
|
||||
}
|
||||
|
||||
private boolean isCallerNotAllowed() {
|
||||
String callingPackage;
|
||||
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
|
||||
callingPackage = getCallingPackage();
|
||||
} else {
|
||||
callingPackage = mContext.getPackageManager().getNameForUid(Binder.getCallingUid());
|
||||
}
|
||||
|
||||
return callingPackage == null || !callingPackage.contains(mContext.getPackageName());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue