* commit '1e989663bcd778cda48e53759c595e5511983ae7': System settings can be changed by system apps.
This commit is contained in:
Svetoslav
@@ -904,16 +904,16 @@ public class SettingsProvider extends ContentProvider {
|
|||||||
|
|
||||||
private boolean mutateSystemSetting(String name, String value, int runAsUserId,
|
private boolean mutateSystemSetting(String name, String value, int runAsUserId,
|
||||||
int operation) {
|
int operation) {
|
||||||
// Make sure the caller can change the settings.
|
// Check for permissions first.
|
||||||
enforceWritePermission(Manifest.permission.WRITE_SETTINGS);
|
hasPermissionsToMutateSystemSettings();
|
||||||
|
|
||||||
// Verify whether this operation is allowed for the calling package.
|
// Verify whether this operation is allowed for the calling package.
|
||||||
if (!isAppOpWriteSettingsAllowedForCallingPackage()) {
|
if (!isAppOpWriteSettingsAllowedForCallingPackage()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Enforce what the calling package can mutate in the system settings.
|
// Enforce what the calling package can mutate the system settings.
|
||||||
enforceRestrictedSystemSettingsMutationForCallingPackageLocked(operation, name);
|
enforceRestrictedSystemSettingsMutationForCallingPackage(operation, name);
|
||||||
|
|
||||||
// Resolve the userId on whose behalf the call is made.
|
// Resolve the userId on whose behalf the call is made.
|
||||||
final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(runAsUserId);
|
final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(runAsUserId);
|
||||||
@@ -954,6 +954,28 @@ public class SettingsProvider extends ContentProvider {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean hasPermissionsToMutateSystemSettings() {
|
||||||
|
// Write secure settings is a more protected permission. If caller has it we are good.
|
||||||
|
if (getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS)
|
||||||
|
== PackageManager.PERMISSION_GRANTED) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// The write settings permission gates mutation of system settings.
|
||||||
|
if (getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SETTINGS)
|
||||||
|
== PackageManager.PERMISSION_GRANTED) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Excpet we let system apps change system settings without the permission.
|
||||||
|
PackageInfo packageInfo = getCallingPackageInfoOrThrow();
|
||||||
|
if ((packageInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
private void validateSystemSettingValue(String name, String value) {
|
private void validateSystemSettingValue(String name, String value) {
|
||||||
Settings.System.Validator validator = Settings.System.VALIDATORS.get(name);
|
Settings.System.Validator validator = Settings.System.VALIDATORS.get(name);
|
||||||
if (validator != null && !validator.validate(value)) {
|
if (validator != null && !validator.validate(value)) {
|
||||||
@@ -1000,7 +1022,7 @@ public class SettingsProvider extends ContentProvider {
|
|||||||
return userId;
|
return userId;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void enforceRestrictedSystemSettingsMutationForCallingPackageLocked(int operation,
|
private void enforceRestrictedSystemSettingsMutationForCallingPackage(int operation,
|
||||||
String name) {
|
String name) {
|
||||||
// System/root/shell can mutate whatever secure settings they want.
|
// System/root/shell can mutate whatever secure settings they want.
|
||||||
final int callingUid = Binder.getCallingUid();
|
final int callingUid = Binder.getCallingUid();
|
||||||
|
|||||||
Reference in New Issue
Block a user