Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 34637e57 authored by Christopher Tate's avatar Christopher Tate
Browse files

Make sure to check write perms after rewriting destination table 

The write-permission check must occur after any destination-table
rewriting, otherwise any application would be able to write to
any global setting, by supplying a fraudulent "system" namespace
in the uri, but with a key name that will be redirected to global.

Bug 7289965

Change-Id: I122098a64e40d14e00d3cb6608c50aeb74faf7ce
parent dce8b948

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

+3 −1
Original line number Diff line number Diff line
@@ -849,7 +849,6 @@ public class SettingsProvider extends ContentProvider { 
        if (TABLE_FAVORITES.equals(args.table)) {

            return null;

        }

        checkWritePermissions(args);



        // Special case LOCATION_PROVIDERS_ALLOWED.

        // Support enabling/disabling a single provider (using "+" or "-" prefix)
@@ -869,6 +868,9 @@ public class SettingsProvider extends ContentProvider { 
            }

        }



        // Check write permissions only after determining which table the insert will touch

        checkWritePermissions(args);



        // The global table is stored under the owner, always

        if (TABLE_GLOBAL.equals(args.table)) {

            desiredUserHandle = UserHandle.USER_OWNER;