Moved Android manifest incomplete permission logic into library

Author: egregius313

java/ql/lib/semmle/code/xml/AndroidManifest.qll

@@ -180,6 +180,17 @@ class AndroidProviderXmlElement extends AndroidComponentXmlElement {
       attr.getValue() = "true"
     )
   }
+
+  /**
+   * Holds if the provider element provides only `android:readPermission` or `android:writePermission`.
+   */
+  predicate hasIncompletePermissions() {
+    (
+      this.getAnAttribute().(AndroidPermissionXmlAttribute).isWrite() or
+      this.getAnAttribute().(AndroidPermissionXmlAttribute).isRead()
+    ) and
+    not this.requiresPermissions()
+  }
 }
 
 /**

java/ql/src/Security/CWE/CWE-276/ContentProviderIncompletePermissions.ql

@@ -15,9 +15,8 @@ import semmle.code.xml.AndroidManifest
 
 from AndroidProviderXmlElement provider
 where
-  (
-    provider.getAnAttribute().(AndroidPermissionXmlAttribute).isWrite() or
-    provider.getAnAttribute().(AndroidPermissionXmlAttribute).isRead()
-  ) and
-  not provider.requiresPermissions()
-select provider, "Incomplete permissions"
+  not provider.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and
+  provider.isExported() and
+  provider.hasIncompletePermissions()
+select provider, "Exported provider $@ has incomplete permissions.", provider,
+  provider.getResolvedComponentName()