Extract code to build a list of blacklisted content providers/authorities

cketti · cketti · commit c067690baf2f · 2016-07-17T18:48:15.000+02:00
The list is now built on first access instead of when a SafeContentResolver
instance is created.
diff --git a/SafeContentResolver/src/main/java/de/cketti/safecontentresolver/Blacklist.java b/SafeContentResolver/src/main/java/de/cketti/safecontentresolver/Blacklist.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2016 cketti
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.cketti.safecontentresolver;
+
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import android.content.Context;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.PackageManager.NameNotFoundException;
+import android.content.pm.ProviderInfo;
+import android.os.Bundle;
+
+
+/**
+ * Stores a (lazily built) list of all of the app's content providers that are not SafeContentResolver-whitelisted.
+ */
+class Blacklist {
+    private static final String META_DATA_KEY_ALLOW_INTERNAL_ACCESS =
+            "de.cketti.safecontentresolver.ALLOW_INTERNAL_ACCESS";
+
+
+    private final Context context;
+    private Set<String> blacklistedAuthorities;
+
+
+    Blacklist(Context context) {
+        this.context = context;
+    }
+
+    synchronized boolean isBlacklisted(String authority) {
+        if (blacklistedAuthorities == null) {
+            blacklistedAuthorities = findBlacklistedContentProviderAuthorities();
+        }
+
+        return blacklistedAuthorities.contains(authority);
+    }
+
+    private Set<String> findBlacklistedContentProviderAuthorities() {
+        ProviderInfo[] providers = getProviderInfo(context);
+
+        Set<String> blacklistedAuthorities = new HashSet<>(providers.length);
+        for (ProviderInfo providerInfo : providers) {
+            if (!isContentProviderWhitelisted(providerInfo)) {
+                String[] authorities = providerInfo.authority.split(";");
+                Collections.addAll(blacklistedAuthorities, authorities);
+            }
+        }
+
+        return blacklistedAuthorities;
+    }
+
+    private ProviderInfo[] getProviderInfo(Context context) {
+        try {
+            PackageManager packageManager = context.getPackageManager();
+            String packageName = context.getPackageName();
+            PackageInfo packageInfo = packageManager.getPackageInfo(packageName,
+                    PackageManager.GET_PROVIDERS | PackageManager.GET_META_DATA);
+
+            ProviderInfo[] providers = packageInfo.providers;
+            return providers != null ? providers : new ProviderInfo[0];
+        } catch (NameNotFoundException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private boolean isContentProviderWhitelisted(ProviderInfo providerInfo) {
+        Bundle metaData = providerInfo.metaData;
+        return metaData != null && metaData.getBoolean(META_DATA_KEY_ALLOW_INTERNAL_ACCESS, false);
+    }
+}
diff --git a/SafeContentResolver/src/main/java/de/cketti/safecontentresolver/SafeContentResolver.java b/SafeContentResolver/src/main/java/de/cketti/safecontentresolver/SafeContentResolver.java
@@ -22,20 +22,12 @@
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
 
 import android.content.ContentResolver;
 import android.content.Context;
 import android.content.Intent;
-import android.content.pm.PackageInfo;
-import android.content.pm.PackageManager;
-import android.content.pm.PackageManager.NameNotFoundException;
-import android.content.pm.ProviderInfo;
 import android.content.res.AssetFileDescriptor;
 import android.net.Uri;
-import android.os.Bundle;
 import android.os.ParcelFileDescriptor;
 import android.support.annotation.NonNull;
 import android.support.annotation.Nullable;
@@ -80,12 +72,8 @@
  * </p>
  */
 public abstract class SafeContentResolver {
-    private static final String META_DATA_KEY_ALLOW_INTERNAL_ACCESS =
-            "de.cketti.safecontentresolver.ALLOW_INTERNAL_ACCESS";
-
-
     private final ContentResolver contentResolver;
-    private final Set<String> blacklistedAuthorities;
+    private final Blacklist blacklist;
 
 
     /**
@@ -107,7 +95,7 @@ public static SafeContentResolver newInstance(@NonNull Context context) {
 
     protected SafeContentResolver(@NonNull Context context) {
         this.contentResolver = context.getContentResolver();
-        this.blacklistedAuthorities = getBlacklistedContentProviderAuthorities(context);
+        this.blacklist = new Blacklist(context);
     }
 
     /**
@@ -136,7 +124,7 @@ public InputStream openInputStream(@NonNull Uri uri) throws FileNotFoundExceptio
         String scheme = uri.getScheme();
         if (ContentResolver.SCHEME_CONTENT.equals(scheme)) {
             String authority = uri.getAuthority();
-            if (blacklistedAuthorities.contains(authority)) {
+            if (blacklist.isBlacklisted(authority)) {
                 throw new FileNotFoundException("content URI is owned by the application itself. " +
                         "Content provider is not whitelisted: " + authority);
             }
@@ -164,37 +152,4 @@ public InputStream openInputStream(@NonNull Uri uri) throws FileNotFoundExceptio
     }
 
     protected abstract int getFileUidOrThrow(@NonNull FileDescriptor fileDescriptor) throws FileNotFoundException;
-
-    private Set<String> getBlacklistedContentProviderAuthorities(Context context) {
-        ProviderInfo[] providers = getProviderInfo(context);
-
-        Set<String> blacklistedAuthorities = new HashSet<>(providers.length);
-        for (ProviderInfo providerInfo : providers) {
-            if (!isContentProviderWhitelisted(providerInfo)) {
-                String[] authorities = providerInfo.authority.split(";");
-                Collections.addAll(blacklistedAuthorities, authorities);
-            }
-        }
-
-        return blacklistedAuthorities;
-    }
-
-    private ProviderInfo[] getProviderInfo(Context context) {
-        try {
-            PackageManager packageManager = context.getPackageManager();
-            String packageName = context.getPackageName();
-            PackageInfo packageInfo = packageManager.getPackageInfo(packageName,
-                    PackageManager.GET_PROVIDERS | PackageManager.GET_META_DATA);
-
-            ProviderInfo[] providers = packageInfo.providers;
-            return providers != null ? providers : new ProviderInfo[0];
-        } catch (NameNotFoundException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
-    private boolean isContentProviderWhitelisted(ProviderInfo providerInfo) {
-        Bundle metaData = providerInfo.metaData;
-        return metaData != null && metaData.getBoolean(META_DATA_KEY_ALLOW_INTERNAL_ACCESS, false);
-    }
 }
