Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 65c2dc24 authored by Hassan Ali's avatar Hassan Ali
Browse files

Move enforceReadPermission to Setting.config 

As part of moving DeviceConfig.java to packages/modules/ConfigInfrastructure.
Need to move activity thread dependency to setting.config as the new
module will not have access to hidden apis (ActivityThread).

For security purpose we cannot expose enforceReadPermission so we need
to move it to Settings.Config

Bug: 258220607
Test: m
Change-Id: Ibdd7c0489eb4f5238272705fd45e15b2b146a656
parent 112419e7

core/java/android/provider/DeviceConfig.java

+1 −16
Original line number Diff line number Diff line
@@ -25,7 +25,6 @@ import android.annotation.Nullable; 
import android.annotation.RequiresPermission;

import android.annotation.SuppressLint;

import android.annotation.SystemApi;

import android.content.pm.PackageManager;

import android.database.ContentObserver;

import android.net.Uri;

import android.provider.Settings.Config.SyncDisabledMode;
@@ -1173,7 +1172,7 @@ public final class DeviceConfig { 
            @NonNull String namespace,

            @NonNull @CallbackExecutor Executor executor,

            @NonNull OnPropertiesChangedListener onPropertiesChangedListener) {

        enforceReadPermission(namespace);

        Settings.Config.enforceReadPermission(namespace);

        synchronized (sLock) {

            Pair<String, Executor> oldNamespace = sListeners.get(onPropertiesChangedListener);

            if (oldNamespace == null) {
@@ -1295,20 +1294,6 @@ public final class DeviceConfig { 
        }

    }



    /**

     * Enforces READ_DEVICE_CONFIG permission if namespace is not one of public namespaces.

     * @hide

     */

    public static void enforceReadPermission(@NonNull String namespace) {

        if (Settings.Config.checkCallingOrSelfPermission(READ_DEVICE_CONFIG)

                != PackageManager.PERMISSION_GRANTED) {

            if (!PUBLIC_NAMESPACES.contains(namespace)) {

                throw new SecurityException("Permission denial: reading from settings requires:"

                        + READ_DEVICE_CONFIG);

            }

        }

    }



    /**

     * Returns list of namespaces that can be read without READ_DEVICE_CONFIG_PERMISSION;

     * @hide

core/java/android/provider/Settings.java

+16 −1
Original line number Diff line number Diff line
@@ -3366,7 +3366,7 @@ public final class Settings { 
        public ArrayMap<String, String> getStringsForPrefix(ContentResolver cr, String prefix,

                List<String> names) {

            String namespace = prefix.substring(0, prefix.length() - 1);

            DeviceConfig.enforceReadPermission(namespace);

            Config.enforceReadPermission(namespace);

            ArrayMap<String, String> keyValues = new ArrayMap<>();

            int currentGeneration = -1;










@@ -18355,6 +18355,21 @@ public final class Settings {













               .getApplicationContext().checkCallingOrSelfPermission(permission);















        }



























        /**













         * Enforces READ_DEVICE_CONFIG permission if namespace is not one of public namespaces.













         * @hide













         */













        public static void enforceReadPermission(String namespace) {













            if (ActivityThread.currentApplication().getApplicationContext()













                    .checkCallingOrSelfPermission(Manifest.permission.READ_DEVICE_CONFIG)













                    != PackageManager.PERMISSION_GRANTED) {













                if (!DeviceConfig.getPublicNamespaces().contains(namespace)) {













                    throw new SecurityException("Permission denial: reading from settings requires:"













                        + Manifest.permission.READ_DEVICE_CONFIG);













                }













            }













        }



























        private static void registerMonitorCallbackAsUser(















                @NonNull ContentResolver resolver, @UserIdInt int userHandle,















                @NonNull RemoteCallback callback) {

























core/java/com/android/internal/jank/InteractionJankMonitor.java



+2
−1






























Original line number
Diff line number
Diff line








@@ -97,6 +97,7 @@ import android.os.Handler;













import android.os.HandlerExecutor;















import android.os.HandlerThread;















import android.provider.DeviceConfig;













import android.provider.Settings;















import android.text.TextUtils;















import android.util.Log;















import android.util.SparseArray;










@@ -415,7 +416,7 @@ public class InteractionJankMonitor {













    @VisibleForTesting















    public InteractionJankMonitor(@NonNull HandlerThread worker) {















        // Check permission early.













        DeviceConfig.enforceReadPermission(













        Settings.Config.enforceReadPermission(















            DeviceConfig.NAMESPACE_INTERACTION_JANK_MONITOR);































        mRunningTrackers = new SparseArray<>();

































packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java



+2
−2






























Original line number
Diff line number
Diff line








@@ -1144,7 +1144,7 @@ public class SettingsProvider extends ContentProvider {













            Slog.v(LOG_TAG, "getConfigSetting(" + name + ")");















        }





























        DeviceConfig.enforceReadPermission(/*namespace=*/name.split("/")[0]);













        Settings.Config.enforceReadPermission(/*namespace=*/name.split("/")[0]);































        // Get the value.















        synchronized (mLock) {










@@ -1317,7 +1317,7 @@ public class SettingsProvider extends ContentProvider {













            Slog.v(LOG_TAG, "getAllConfigFlags() for " + prefix);















        }





























        DeviceConfig.enforceReadPermission(













        Settings.Config.enforceReadPermission(















                prefix != null ? prefix.split("/")[0] : null);































        synchronized (mLock) {

































packages/SystemUI/src/com/android/systemui/util/DeviceConfigProxy.java



+0
−7






























Original line number
Diff line number
Diff line








@@ -49,13 +49,6 @@ public class DeviceConfigProxy {













                namespace, executor, onPropertiesChangedListener);















    }





























    /**













     * Wrapped version of {@link DeviceConfig#enforceReadPermission}.













     */













    public void enforceReadPermission(String namespace) {













        DeviceConfig.enforceReadPermission(namespace);













    }





























    /**















     * Wrapped version of {@link DeviceConfig#getBoolean}.















     */