am 3ee0c635: Merge "System settings can be changed by system apps." into mnc-dev

    private boolean mutateSystemSetting(String name, String value, int runAsUserId,

    private boolean mutateSystemSetting(String name, String value, int runAsUserId,

            int operation) {

            int operation) {

        // Make sure the caller can change the settings.

        // Check for permissions first.

        enforceWritePermission(Manifest.permission.WRITE_SETTINGS);

        hasPermissionsToMutateSystemSettings();

        // Verify whether this operation is allowed for the calling package.

        // Verify whether this operation is allowed for the calling package.

        if (!isAppOpWriteSettingsAllowedForCallingPackage()) {

        if (!isAppOpWriteSettingsAllowedForCallingPackage()) {

            return false;

            return false;

        }

        }

        // Enforce what the calling package can mutate in the system settings.

        // Enforce what the calling package can mutate the system settings.

        enforceRestrictedSystemSettingsMutationForCallingPackageLocked(operation, name);

        enforceRestrictedSystemSettingsMutationForCallingPackage(operation, name);

        // Resolve the userId on whose behalf the call is made.

        // Resolve the userId on whose behalf the call is made.

        final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(runAsUserId);

        final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(runAsUserId);

        }

        }

    }

    }

    private boolean hasPermissionsToMutateSystemSettings() {

        // Write secure settings is a more protected permission. If caller has it we are good.

        if (getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS)

                == PackageManager.PERMISSION_GRANTED) {

            return true;

        }

        // The write settings permission gates mutation of system settings.

        if (getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SETTINGS)

                == PackageManager.PERMISSION_GRANTED) {

            return true;

        }

        // Excpet we let system apps change system settings without the permission.

        PackageInfo packageInfo = getCallingPackageInfoOrThrow();

        if ((packageInfo.applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {

            return true;

        }

        return false;

    }

    private void validateSystemSettingValue(String name, String value) {

    private void validateSystemSettingValue(String name, String value) {

        Settings.System.Validator validator = Settings.System.VALIDATORS.get(name);

        Settings.System.Validator validator = Settings.System.VALIDATORS.get(name);

        if (validator != null && !validator.validate(value)) {

        if (validator != null && !validator.validate(value)) {

        return userId;

        return userId;

    }

    }

    private void enforceRestrictedSystemSettingsMutationForCallingPackageLocked(int operation,

    private void enforceRestrictedSystemSettingsMutationForCallingPackage(int operation,

            String name) {

            String name) {

        // System/root/shell can mutate whatever secure settings they want.

        // System/root/shell can mutate whatever secure settings they want.

        final int callingUid = Binder.getCallingUid();

        final int callingUid = Binder.getCallingUid();