From 6ad2d66072795dd9836350b273dcde52910ab4c3 Mon Sep 17 00:00:00 2001
From: Billy Lau <billylau@google.com>
Date: Sat, 18 Jul 2015 00:26:58 +0100
Subject: Bug: 21589105 Rescope WRITE_SETTINGS permission (framework services
 perm check changes)

AppOpsManager:
Changed the default operating mode for WRITE_SETTINGS to MODE_DEFAULT from
MODE_ALLOWED.

packages/SettingsProvider:
We no longer do static permission checks for WRITE_SETTINGS in early checks and
defer that to app op when MODE_DEFAULT is returned. For some operations,
checking against WRITE_SECURE_SETTINGS is sufficient.

ActivityManagerService & PowerManagerService:
Incorporated app op checks and handled the MODE_DEFAULT case.

provider/Settings:
Added helper function to do checks on whether app ops protected operations
can be performed by a caller. This includes checks for WRITE_SETTINGS and
SYSTEM_ALERT_WINDOW.
Also added a public API (with javadocs) for apps to query if they can modify
system settings.
Changed the javadocs description for ACTION_MANAGE_WRITE_SETTINGS and
ACTION_MANAGE_OVERLAY_PERMISSION.
Added public API (with javadocs) for apps to query whether they can draw overlays or not,
and also javadocs description on how to use that check.

Change-Id: I7b651fe8af836c2074defdbd6acfec3f32acdbe9
---
 .../providers/settings/SettingsProvider.java       | 48 ++++------------------
 1 file changed, 8 insertions(+), 40 deletions(-)

(limited to 'packages/SettingsProvider')

diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index 2a68252..3e9b122 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -643,11 +643,6 @@ public class SettingsProvider extends ContentProvider {
         // Make sure the caller can change the settings - treated as secure.
         enforceWritePermission(Manifest.permission.WRITE_SECURE_SETTINGS);
 
-        // Verify whether this operation is allowed for the calling package.
-        if (!isAppOpWriteSettingsAllowedForCallingPackage()) {
-            return false;
-        }
-
         // Resolve the userId on whose behalf the call is made.
         final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(requestingUserId);
 
@@ -773,11 +768,6 @@ public class SettingsProvider extends ContentProvider {
         // Make sure the caller can change the settings.
         enforceWritePermission(Manifest.permission.WRITE_SECURE_SETTINGS);
 
-        // Verify whether this operation is allowed for the calling package.
-        if (!isAppOpWriteSettingsAllowedForCallingPackage()) {
-            return false;
-        }
-
         // Resolve the userId on whose behalf the call is made.
         final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(requestingUserId);
 
@@ -904,14 +894,13 @@ public class SettingsProvider extends ContentProvider {
 
     private boolean mutateSystemSetting(String name, String value, int runAsUserId,
             int operation) {
-        // Check for permissions first.
-        if (!hasPermissionsToMutateSystemSettings()) {
-            return false;
-        }
-
-        // Verify whether this operation is allowed for the calling package.
-        if (!isAppOpWriteSettingsAllowedForCallingPackage()) {
-            return false;
+        if (!hasWriteSecureSettingsPermission()) {
+            // If the caller doesn't hold WRITE_SECURE_SETTINGS, we verify whether this
+            // operation is allowed for the calling package through appops.
+            if (!Settings.checkAndNoteWriteSettingsOperation(getContext(),
+                    Binder.getCallingUid(), getCallingPackage(), true)) {
+                return false;
+            }
         }
 
         // Enforce what the calling package can mutate the system settings.
@@ -956,25 +945,13 @@ public class SettingsProvider extends ContentProvider {
         }
     }
 
-    private boolean hasPermissionsToMutateSystemSettings() {
+    private boolean hasWriteSecureSettingsPermission() {
         // Write secure settings is a more protected permission. If caller has it we are good.
         if (getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS)
                 == PackageManager.PERMISSION_GRANTED) {
             return true;
         }
 
-        // The write settings permission gates mutation of system settings.
-        if (getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SETTINGS)
-                == PackageManager.PERMISSION_GRANTED) {
-            return true;
-        }
-
-        // Excpet we let system apps change system settings without the permission.
-        PackageInfo packageInfo = getCallingPackageInfoOrThrow();
-        if ((packageInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
-            return true;
-        }
-
         return false;
     }
 
@@ -1102,15 +1079,6 @@ public class SettingsProvider extends ContentProvider {
         }
     }
 
-    private boolean isAppOpWriteSettingsAllowedForCallingPackage() {
-        final int callingUid = Binder.getCallingUid();
-
-        mAppOpsManager.checkPackage(Binder.getCallingUid(), getCallingPackage());
-
-        return mAppOpsManager.noteOp(AppOpsManager.OP_WRITE_SETTINGS, callingUid,
-                getCallingPackage()) == AppOpsManager.MODE_ALLOWED;
-    }
-
     private void enforceWritePermission(String permission) {
         if (getContext().checkCallingOrSelfPermission(permission)
                 != PackageManager.PERMISSION_GRANTED) {
-- 
cgit v1.1