From f7f6d141483f98683e18a45307cc4a92b413e018 Mon Sep 17 00:00:00 2001 From: d34d Date: Fri, 13 Nov 2015 16:28:03 -0800 Subject: CMSettings: Validate name and value for System settings Verify that the name and value being inserted/updated are correct. Change-Id: I0243556701b1d303ca52135178b055c2fd87671c --- .../cyanogenmod/cmsettings/CMSettingsProvider.java | 29 +++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'packages/CMSettingsProvider') diff --git a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java index 9521364..cdd4291 100644 --- a/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java +++ b/packages/CMSettingsProvider/src/org/cyanogenmod/cmsettings/CMSettingsProvider.java @@ -20,7 +20,6 @@ import android.app.ActivityManager; import android.content.BroadcastReceiver; import android.content.ContentProvider; import android.content.ContentResolver; -import android.content.ContentUris; import android.content.ContentValues; import android.content.Context; import android.content.Intent; @@ -29,7 +28,6 @@ import android.content.SharedPreferences; import android.content.UriMatcher; import android.content.pm.PackageManager; import android.content.pm.UserInfo; -import android.content.res.Configuration; import android.database.AbstractCursor; import android.database.Cursor; import android.database.sqlite.SQLiteDatabase; @@ -505,12 +503,18 @@ public class CMSettingsProvider extends ContentProvider { CMDatabaseHelper dbHelper = getOrEstablishDatabase(getUserIdForTable(tableName, userId)); + // Validate value if inserting int System table + final String name = values.getAsString(Settings.NameValueTable.NAME); + if (CMDatabaseHelper.CMTableNames.TABLE_SYSTEM.equals(tableName)) { + final String value = values.getAsString(Settings.NameValueTable.VALUE); + validateSystemSettingNameValue(name, value); + } + SQLiteDatabase db = dbHelper.getWritableDatabase(); long rowId = db.insert(tableName, null, values); Uri returnUri = null; if (rowId > -1) { - String name = values.getAsString(Settings.NameValueTable.NAME); returnUri = Uri.withAppendedPath(uri, name); notifyChange(returnUri, tableName, userId); if (LOCAL_LOGV) Log.d(TAG, "Inserted row id: " + rowId + " into tableName: " + @@ -568,6 +572,13 @@ public class CMSettingsProvider extends ContentProvider { String tableName = getTableNameFromUri(uri); checkWritePermissions(tableName); + // Validate value if updating System table + final String name = values.getAsString(Settings.NameValueTable.NAME); + if (CMDatabaseHelper.CMTableNames.TABLE_SYSTEM.equals(tableName)) { + final String value = values.getAsString(Settings.NameValueTable.VALUE); + validateSystemSettingNameValue(name, value); + } + int callingUserId = UserHandle.getCallingUserId(); CMDatabaseHelper dbHelper = getOrEstablishDatabase(getUserIdForTable(tableName, callingUserId)); @@ -763,5 +774,17 @@ public class CMSettingsProvider extends ContentProvider { if (LOCAL_LOGV) Log.v(TAG, "notifying for " + notifyTarget + ": " + uri); } + private void validateSystemSettingNameValue(String name, String value) { + CMSettings.System.Validator validator = CMSettings.System.VALIDATORS.get(name); + if (validator == null) { + throw new IllegalArgumentException("Invalid setting: " + name); + } + + if (!validator.validate(value)) { + throw new IllegalArgumentException("Invalid value: " + value + + " for setting: " + name); + } + } + // TODO Add caching } -- cgit v1.1