aboutsummaryrefslogtreecommitdiffstats
path: root/packages/CMSettingsProvider
diff options
context:
space:
mode:
authord34d <clark@cyngn.com>2016-02-10 16:25:12 -0800
committerGerrit Code Review <gerrit@cyanogenmod.org>2016-02-11 11:29:46 -0800
commite67ae8f6480412680601a52174d59a5db6344df8 (patch)
tree8a6352c6927ffdb8493705410c13b428406dc18e /packages/CMSettingsProvider
parentcdf4d0d699ab063e7193fa83ac0dcd36d7f5eafa (diff)
downloadvendor_cmsdk-e67ae8f6480412680601a52174d59a5db6344df8.zip
vendor_cmsdk-e67ae8f6480412680601a52174d59a5db6344df8.tar.gz
vendor_cmsdk-e67ae8f6480412680601a52174d59a5db6344df8.tar.bz2
CMSettings: Enforce correct permission for writing settings
If an application is writing to SECURE or GLOBAL they should only be required to hold the WRITE_SECURE_SETTINGS permission and not both. Change-Id: Ife14b5e19340f04e2e3b7ebba121104253d1dc88
Diffstat (limited to 'packages/CMSettingsProvider')
-rw-r--r--packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java19
1 files changed, 13 insertions, 6 deletions
diff --git a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java
index 196c942..2f91e1e 100644
--- a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java
+++ b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java
@@ -316,12 +316,10 @@ public class CMSettingsProvider extends ContentProvider {
// Framework can't do automatic permission checking for calls, so we need
// to do it here.
- if (getContext().checkCallingOrSelfPermission(
- cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS) !=
- PackageManager.PERMISSION_GRANTED) {
- throw new SecurityException(
- String.format("Permission denial: writing to settings requires %1$s",
- cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS));
+ if (CMSettings.CALL_METHOD_PUT_SYSTEM.equals(method)) {
+ enforceWritePermission(cyanogenmod.platform.Manifest.permission.WRITE_SETTINGS);
+ } else {
+ enforceWritePermission(cyanogenmod.platform.Manifest.permission.WRITE_SECURE_SETTINGS);
}
// Put methods
@@ -342,6 +340,15 @@ public class CMSettingsProvider extends ContentProvider {
return null;
}
+ private void enforceWritePermission(String permission) {
+ if (getContext().checkCallingOrSelfPermission(permission)
+ != PackageManager.PERMISSION_GRANTED) {
+ throw new SecurityException(
+ String.format("Permission denial: writing to settings requires %s",
+ permission));
+ }
+ }
+
/**
* Looks up a single value for a specific user, uri, and key.
* @param userId The id of the user to perform the lookup for.