From 9ca1852af1926ec857428f10c19a90963f6b5007 Mon Sep 17 00:00:00 2001
From: Luca Stefani <luca.stefani.ge1@gmail.com>
Date: Mon, 20 Dec 2021 13:48:49 +0100
Subject: [PATCH] settings: Also check WRITE_SECURE_SETTINGS perm for System
 table

In M+ Google changed the permissions required to access the System table
and forced every caller to either hold the WRITE_SECURE_SETTINGS
permission or target pre M API

Change-Id: Ie4a4dd11e28b1caff1a6cd9be52f79b236f9271f
---
 .../LineageSettingsProvider.java              | 27 +++++++++++++------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/packages/LineageSettingsProvider/src/org/lineageos/lineagesettings/LineageSettingsProvider.java b/packages/LineageSettingsProvider/src/org/lineageos/lineagesettings/LineageSettingsProvider.java
index 953e4dd5..54a72659 100644
--- a/packages/LineageSettingsProvider/src/org/lineageos/lineagesettings/LineageSettingsProvider.java
+++ b/packages/LineageSettingsProvider/src/org/lineageos/lineagesettings/LineageSettingsProvider.java
@@ -1,6 +1,6 @@
 /**
  * Copyright (C) 2015 The CyanogenMod Project
- * Copyright (C) 2019 The LineageOS Project
+ *               2017-2019,2021 The LineageOS Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -773,15 +773,26 @@ public class LineageSettingsProvider extends ContentProvider {
      * @throws SecurityException if the caller is forbidden to write.
      */
     private void checkWritePermissions(String tableName) {
-        if ((LineageDatabaseHelper.LineageTableNames.TABLE_SECURE.equals(tableName) ||
-                LineageDatabaseHelper.LineageTableNames.TABLE_GLOBAL.equals(tableName)) &&
+        final String callingPackage = getCallingPackage();
+        final boolean granted = PackageManager.PERMISSION_GRANTED ==
                 getContext().checkCallingOrSelfPermission(
-                        lineageos.platform.Manifest.permission.WRITE_SECURE_SETTINGS) !=
-                        PackageManager.PERMISSION_GRANTED) {
-            throw new SecurityException(
-                    String.format("Permission denial: writing to lineage secure settings requires %1$s",
-                            lineageos.platform.Manifest.permission.WRITE_SECURE_SETTINGS));
+                        lineageos.platform.Manifest.permission.WRITE_SECURE_SETTINGS);
+        final boolean protectedTable =
+                LineageDatabaseHelper.LineageTableNames.TABLE_SECURE.equals(tableName) ||
+                LineageDatabaseHelper.LineageTableNames.TABLE_GLOBAL.equals(tableName);
+        // If the permission is granted simply return, no further checks are needed.
+        if (granted) {
+            return;
         }
+        // If the caller doesn't hold WRITE_SECURE_SETTINGS and isn't a protected table,
+        // we verify whether this operation is allowed for the calling package through appops.
+        if (!protectedTable && Settings.checkAndNoteWriteSettingsOperation(getContext(),
+                Binder.getCallingUid(), callingPackage, getCallingAttributionTag(), true)) {
+            return;
+        }
+        throw new SecurityException(
+                String.format("Permission denial: writing to lineage settings requires %1$s",
+                        lineageos.platform.Manifest.permission.WRITE_SECURE_SETTINGS));
     }
 
     /**