diff options
author | d34d <clark@cyngn.com> | 2016-02-10 16:25:12 -0800 |
---|---|---|
committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2016-02-11 11:29:46 -0800 |
commit | e67ae8f6480412680601a52174d59a5db6344df8 (patch) | |
tree | 8a6352c6927ffdb8493705410c13b428406dc18e /packages/CMSettingsProvider | |
parent | cdf4d0d699ab063e7193fa83ac0dcd36d7f5eafa (diff) | |
download | vendor_cmsdk-e67ae8f6480412680601a52174d59a5db6344df8.zip vendor_cmsdk-e67ae8f6480412680601a52174d59a5db6344df8.tar.gz vendor_cmsdk-e67ae8f6480412680601a52174d59a5db6344df8.tar.bz2 |
CMSettings: Enforce correct permission for writing settings
If an application is writing to SECURE or GLOBAL they should only
be required to hold the WRITE_SECURE_SETTINGS permission and not
both.
Change-Id: Ife14b5e19340f04e2e3b7ebba121104253d1dc88
Diffstat (limited to 'packages/CMSettingsProvider')
-rw-r--r-- | packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java index 196c942..2f91e1e 100644 --- a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java +++ b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java @@ -316,12 +316,10 @@ public class CMSettingsProvider extends ContentProvider { // Framework can't do automatic permission checking for calls, so we need // to do it here. - if (getContext().checkCallingOrSelfPermission( - cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS) != - PackageManager.PERMISSION_GRANTED) { - throw new SecurityException( - String.format("Permission denial: writing to settings requires %1$s", - cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS)); + if (CMSettings.CALL_METHOD_PUT_SYSTEM.equals(method)) { + enforceWritePermission(cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS); + } else { + enforceWritePermission(cyanogenmod.platform.Manifest.permission.WRITE_SECURE_SETTINGS); } // Put methods @@ -342,6 +340,15 @@ public class CMSettingsProvider extends ContentProvider { return null; } + private void enforceWritePermission(String permission) { + if (getContext().checkCallingOrSelfPermission(permission) + != PackageManager.PERMISSION_GRANTED) { + throw new SecurityException( + String.format("Permission denial: writing to settings requires %s", + permission)); + } + } + /** * Looks up a single value for a specific user, uri, and key. * @param userId The id of the user to perform the lookup for. |