ADHOC
/
replicant-vendor_cmsdk
3
0
Fork 0
Code Issues Pull Requests Releases Activity

CMSettings: Enforce correct permission for writing settings 

If an application is writing to SECURE or GLOBAL they should only
be required to hold the WRITE_SECURE_SETTINGS permission and not
both.

Change-Id: Ife14b5e19340f04e2e3b7ebba121104253d1dc88
This commit is contained in:
d34d 2016-02-10 16:25:12 -08:00 committed by Gerrit Code Review
parent cdf4d0d699
commit e67ae8f648
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java
View File

@ -316,12 +316,10 @@ public class CMSettingsProvider extends ContentProvider {
// Framework can't do automatic permission checking for calls, so we need // Framework can't do automatic permission checking for calls, so we need
// to do it here. // to do it here.
if (getContext().checkCallingOrSelfPermission( if (CMSettings.CALL_METHOD_PUT_SYSTEM.equals(method)) {
cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS) != enforceWritePermission(cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS);
PackageManager.PERMISSION_GRANTED) { } else {
throw new SecurityException( enforceWritePermission(cyanogenmod.platform.Manifest.permission.WRITE_SECURE_SETTINGS);
String.format("Permission denial: writing to settings requires %1$s",
cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS));
} }
// Put methods // Put methods
@ -342,6 +340,15 @@ public class CMSettingsProvider extends ContentProvider {
return null; return null;
} }
private void enforceWritePermission(String permission) {
if (getContext().checkCallingOrSelfPermission(permission)
!= PackageManager.PERMISSION_GRANTED) {
throw new SecurityException(
String.format("Permission denial: writing to settings requires %s",
permission));
}
}
/** /**
* Looks up a single value for a specific user, uri, and key. * Looks up a single value for a specific user, uri, and key.
* @param userId The id of the user to perform the lookup for. * @param userId The id of the user to perform the lookup for.