Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8dbb7c38 authored by Songchun Fan's avatar Songchun Fan Committed by Android Build Coastguard Worker
Browse files

[SettingsProvider] verify ringtone URI before setting 

Similar to ag/24422287, but the same URI verification should be done in
SettingsProvider as well, which can be called by apps via
Settings.System API or ContentProvider APIs without using
RingtoneManager.

BUG: 227201030
Test: manual with a test app. Will add a CTS test.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1b234678ec122994ccbfc52ac48aafdad7fdb1ed)
Merged-In: Ic0ffa1db14b5660d02880b632a7f2ad9e6e5d84b
Change-Id: Ic0ffa1db14b5660d02880b632a7f2ad9e6e5d84b
parent 6bc31b2a

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

+31 −0
Original line number Diff line number Diff line
@@ -1948,6 +1948,9 @@ public class SettingsProvider extends ContentProvider { 
            cacheName = Settings.System.ALARM_ALERT_CACHE;

        }

        if (cacheName != null) {

            if (!isValidAudioUri(name, value)) {

                return false;

            }

            final File cacheFile = new File(

                    getRingtoneCacheDir(owningUserId), cacheName);

            cacheFile.delete();
@@ -1980,6 +1983,34 @@ public class SettingsProvider extends ContentProvider { 
        }

    }



    private boolean isValidAudioUri(String name, String uri) {

        if (uri != null) {

            Uri audioUri = Uri.parse(uri);

            if (Settings.AUTHORITY.equals(

                    ContentProvider.getAuthorityWithoutUserId(audioUri.getAuthority()))) {

                // Don't accept setting the default uri to self-referential URIs like

                // Settings.System.DEFAULT_RINGTONE_URI, which is an alias to the value of this

                // setting.

                return false;

            }

            final String mimeType = getContext().getContentResolver().getType(audioUri);

            if (mimeType == null) {

                Slog.e(LOG_TAG,

                        "mutateSystemSetting for setting: " + name + " URI: " + audioUri

                        + " ignored: failure to find mimeType (no access from this context?)");

                return false;

            }

            if (!(mimeType.startsWith("audio/") || mimeType.equals("application/ogg")

                    || mimeType.equals("application/x-flac"))) {

                Slog.e(LOG_TAG,

                        "mutateSystemSetting for setting: " + name + " URI: " + audioUri

                        + " ignored: associated mimeType: " + mimeType + " is not an audio type");

                return false;

            }

        }

        return true;

    }



    private boolean hasWriteSecureSettingsPermission() {

        // Write secure settings is a more protected permission. If caller has it we are good.

        return getContext().checkCallingOrSelfPermission(Manifest.permission.WRITE_SECURE_SETTINGS)