[SettingsProvider] enforce @Readable for getAll*Settings methods (631dae9f) · Commits · e / os / android_frameworks_base

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

+20 −1

Original line number	Diff line number	Diff line
		@@ -1346,6 +1346,13 @@ public class SettingsProvider extends ContentProvider {
		// Anyone can get the global settings, so no security checks.
		for (int i = 0; i < nameCount; i++) {
		String name = names.get(i);
		try {
		enforceSettingReadable(name, SETTINGS_TYPE_GLOBAL,
		UserHandle.getCallingUserId());
		} catch (SecurityException e) {
		// Caller doesn't have permission to read this setting
		continue;
		}
		Setting setting = settingsState.getSettingLocked(name);
		appendSettingToCursor(result, setting);
		}
		@@ -1523,6 +1530,13 @@ public class SettingsProvider extends ContentProvider {
		continue;
		}

		try {
		enforceSettingReadable(name, SETTINGS_TYPE_SECURE, callingUserId);
		} catch (SecurityException e) {
		// Caller doesn't have permission to read this setting
		continue;
		}

		// As of Android O, the SSAID is read from an app-specific entry in table
		// SETTINGS_FILE_SSAID, unless accessed by a system process.
		final Setting setting;
		@@ -1785,7 +1799,12 @@ public class SettingsProvider extends ContentProvider {

		for (int i = 0; i < nameCount; i++) {
		String name = names.get(i);

		try {
		enforceSettingReadable(name, SETTINGS_TYPE_SYSTEM, callingUserId);
		} catch (SecurityException e) {
		// Caller doesn't have permission to read this setting
		continue;
		}
		// Determine the owning user as some profile settings are cloned from the parent.
		final int owningUserId = resolveOwningUserIdForSystemSettingLocked(callingUserId,
		name);