diff options
| author | Christopher Tate <ctate@google.com> | 2012-10-04 15:00:00 -0700 |
|---|---|---|
| committer | Christopher Tate <ctate@google.com> | 2012-10-04 16:01:10 -0700 |
| commit | 34637e57fc5bce01029806a67cf0cc2ef049e13b (patch) | |
| tree | e9c939fa1836eb5806e2115636fdd60f623e52f3 /packages | |
| parent | dce8b948320e933e46e4a38c496f56555472495f (diff) | |
| download | frameworks_base-34637e57fc5bce01029806a67cf0cc2ef049e13b.zip frameworks_base-34637e57fc5bce01029806a67cf0cc2ef049e13b.tar.gz frameworks_base-34637e57fc5bce01029806a67cf0cc2ef049e13b.tar.bz2 | |
Make sure to check write perms after rewriting destination table
The write-permission check must occur after any destination-table
rewriting, otherwise any application would be able to write to
any global setting, by supplying a fraudulent "system" namespace
in the uri, but with a key name that will be redirected to global.
Bug 7289965
Change-Id: I122098a64e40d14e00d3cb6608c50aeb74faf7ce
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java index 1701f6e..76a5022 100644 --- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java @@ -849,7 +849,6 @@ public class SettingsProvider extends ContentProvider { if (TABLE_FAVORITES.equals(args.table)) { return null; } - checkWritePermissions(args); // Special case LOCATION_PROVIDERS_ALLOWED. // Support enabling/disabling a single provider (using "+" or "-" prefix) @@ -869,6 +868,9 @@ public class SettingsProvider extends ContentProvider { } } + // Check write permissions only after determining which table the insert will touch + checkWritePermissions(args); + // The global table is stored under the owner, always if (TABLE_GLOBAL.equals(args.table)) { desiredUserHandle = UserHandle.USER_OWNER; |