Revert "Revert "[SettingsProvider] enforce permission on openFile""
Prevent third-party apps to write to ring tone files without permission.
This reverts commit 3726d5247ac10578ff1677b085d2d905027613d8.
Reason for revert: use appops manager's permission check method
BUG: 222687217
Test: atest android.appsecurity.cts.ExternalStorageHostTest#testExternalStorageReadDefaultUris
Change-Id: I5121bb7975e7a3893eefbf2ddbe6c9c6a82c6c74
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index 077337c..aadfcea 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -818,6 +818,13 @@
getContext().enforceCallingPermission(Manifest.permission.INTERACT_ACROSS_USERS,
"Access files from the settings of another user");
}
+ final String callingPackage = getCallingPackage();
+ if (mode.contains("w") && !Settings.checkAndNoteWriteSettingsOperation(getContext(),
+ Binder.getCallingUid(), callingPackage, getCallingAttributionTag(),
+ true /* throwException */)) {
+ Slog.e(LOG_TAG, "Package: " + callingPackage + " is not allowed to modify "
+ + "system settings files.");
+ }
uri = ContentProvider.getUriWithoutUserId(uri);
final String cacheRingtoneSetting;
