From e67ae8f6480412680601a52174d59a5db6344df8 Mon Sep 17 00:00:00 2001
From: d34d <clark@cyngn.com>
Date: Wed, 10 Feb 2016 16:25:12 -0800
Subject: [PATCH] CMSettings: Enforce correct permission for writing settings

If an application is writing to SECURE or GLOBAL they should only
be required to hold the WRITE_SECURE_SETTINGS permission and not
both.

Change-Id: Ife14b5e19340f04e2e3b7ebba121104253d1dc88
---
 .../cmsettings/CMSettingsProvider.java        | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java
index 196c942..2f91e1e 100644
--- a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java
+++ b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java
@@ -316,12 +316,10 @@ public class CMSettingsProvider extends ContentProvider {
 
         // Framework can't do automatic permission checking for calls, so we need
         // to do it here.
-        if (getContext().checkCallingOrSelfPermission(
-                cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS) !=
-                PackageManager.PERMISSION_GRANTED) {
-            throw new SecurityException(
-                    String.format("Permission denial: writing to settings requires %1$s",
-                            cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS));
+        if (CMSettings.CALL_METHOD_PUT_SYSTEM.equals(method)) {
+            enforceWritePermission(cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS);
+        } else {
+            enforceWritePermission(cyanogenmod.platform.Manifest.permission.WRITE_SECURE_SETTINGS);
         }
 
         // Put methods
@@ -342,6 +340,15 @@ public class CMSettingsProvider extends ContentProvider {
         return null;
     }
 
+    private void enforceWritePermission(String permission) {
+        if (getContext().checkCallingOrSelfPermission(permission)
+                != PackageManager.PERMISSION_GRANTED) {
+            throw new SecurityException(
+                    String.format("Permission denial: writing to settings requires %s",
+                            permission));
+        }
+    }
+
     /**
      * Looks up a single value for a specific user, uri, and key.
      * @param userId The id of the user to perform the lookup for.