diff options
author | Svetoslav <svetoslavganov@google.com> | 2015-06-23 19:26:22 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-06-23 19:26:22 +0000 |
commit | 1e989663bcd778cda48e53759c595e5511983ae7 (patch) | |
tree | cff4beeb0ae8f0b1ae56400a87fd7b2edc9d62b0 /packages/SettingsProvider | |
parent | 7f36f2eecdfe690fd3a0cfe4dfb2f7b66c2d2f58 (diff) | |
parent | 3ee0c635698d36f660ebb6dd139192f36a22c0dc (diff) | |
download | frameworks_base-1e989663bcd778cda48e53759c595e5511983ae7.zip frameworks_base-1e989663bcd778cda48e53759c595e5511983ae7.tar.gz frameworks_base-1e989663bcd778cda48e53759c595e5511983ae7.tar.bz2 |
am 3ee0c635: Merge "System settings can be changed by system apps." into mnc-dev
* commit '3ee0c635698d36f660ebb6dd139192f36a22c0dc':
System settings can be changed by system apps.
Diffstat (limited to 'packages/SettingsProvider')
-rw-r--r-- | packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java index aff6ad8..44b9d8b 100644 --- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java @@ -904,16 +904,16 @@ public class SettingsProvider extends ContentProvider { private boolean mutateSystemSetting(String name, String value, int runAsUserId, int operation) { - // Make sure the caller can change the settings. - enforceWritePermission(Manifest.permission.WRITE_SETTINGS); + // Check for permissions first. + hasPermissionsToMutateSystemSettings(); // Verify whether this operation is allowed for the calling package. if (!isAppOpWriteSettingsAllowedForCallingPackage()) { return false; } - // Enforce what the calling package can mutate in the system settings. - enforceRestrictedSystemSettingsMutationForCallingPackageLocked(operation, name); + // Enforce what the calling package can mutate the system settings. + enforceRestrictedSystemSettingsMutationForCallingPackage(operation, name); // Resolve the userId on whose behalf the call is made. final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(runAsUserId); @@ -954,6 +954,28 @@ public class SettingsProvider extends ContentProvider { } } + private boolean hasPermissionsToMutateSystemSettings() { + // Write secure settings is a more protected permission. If caller has it we are good. + if (getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS) + == PackageManager.PERMISSION_GRANTED) { + return true; + } + + // The write settings permission gates mutation of system settings. + if (getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SETTINGS) + == PackageManager.PERMISSION_GRANTED) { + return true; + } + + // Excpet we let system apps change system settings without the permission. + PackageInfo packageInfo = getCallingPackageInfoOrThrow(); + if ((packageInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { + return true; + } + + return false; + } + private void validateSystemSettingValue(String name, String value) { Settings.System.Validator validator = Settings.System.VALIDATORS.get(name); if (validator != null && !validator.validate(value)) { @@ -1000,7 +1022,7 @@ public class SettingsProvider extends ContentProvider { return userId; } - private void enforceRestrictedSystemSettingsMutationForCallingPackageLocked(int operation, + private void enforceRestrictedSystemSettingsMutationForCallingPackage(int operation, String name) { // System/root/shell can mutate whatever secure settings they want. final int callingUid = Binder.getCallingUid(); |