Revert "Allow Instant Apps to read Settings defined by apps"

This reverts commit 7e794b7d22ab38713f0af9e6dabb127725f9d4c3. Bug: 37765840 Test: builds
author: Chad Brubaker <cbrubaker@google.com> 2017-04-28 17:34:36 -0700
committer: Chad Brubaker <cbrubaker@google.com> 2017-04-28 17:34:36 -0700
commit: a6830e748dff42e91b73873fcc46d4ac5647a321 (patch)
tree: 8420c86ee0808cfca5cc7b142d8d9069dae7d504
parent: 8f4ac4ac05b8278c84f3b27de05eb8ed325ea81a (diff)
1 files changed, 12 insertions, 26 deletions
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index a6347c67efd8..48429e8b2b05 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -898,14 +898,13 @@ public class SettingsProvider extends ContentProvider {
             Slog.v(LOG_TAG, "getGlobalSetting(" + name + ")");
         }
 
+        // Ensure the caller can access the setting.
+        enforceSettingReadable(name, SETTINGS_TYPE_GLOBAL, UserHandle.getCallingUserId());
+
         // Get the value.
         synchronized (mLock) {
-            Setting setting = mSettingsRegistry.getSettingLocked(SETTINGS_TYPE_GLOBAL,
+            return mSettingsRegistry.getSettingLocked(SETTINGS_TYPE_GLOBAL,
                     UserHandle.USER_SYSTEM, name);
-            // Ensure the caller can access the setting before we return it.
-            enforceSettingReadable(setting, name, SETTINGS_TYPE_GLOBAL,
-                    UserHandle.getCallingUserId());
-            return setting;
         }
     }
 
@@ -1063,6 +1062,9 @@ public class SettingsProvider extends ContentProvider {
         // Resolve the userId on whose behalf the call is made.
         final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(requestingUserId);
 
+        // Ensure the caller can access the setting.
+        enforceSettingReadable(name, SETTINGS_TYPE_SECURE, UserHandle.getCallingUserId());
+
         // Determine the owning user as some profile settings are cloned from the parent.
         final int owningUserId = resolveOwningUserIdForSecureSettingLocked(callingUserId, name);
 
@@ -1076,7 +1078,6 @@ public class SettingsProvider extends ContentProvider {
 
         // As of Android O, the SSAID is read from an app-specific entry in table
         // SETTINGS_FILE_SSAID, unless accessed by a system process.
-        // All apps are allowed to access their SSAID, so we skip the permission check.
         if (isNewSsaidSetting(name)) {
             PackageInfo callingPkg = getCallingPackageInfo(owningUserId);
             synchronized (mLock) {
@@ -1086,12 +1087,8 @@ public class SettingsProvider extends ContentProvider {
 
         // Not the SSAID; do a straight lookup
         synchronized (mLock) {
-            Setting setting = mSettingsRegistry.getSettingLocked(SETTINGS_TYPE_SECURE,
+            return mSettingsRegistry.getSettingLocked(SETTINGS_TYPE_SECURE,
                     owningUserId, name);
-            // Ensure the caller can access the setting before we return it.
-            enforceSettingReadable(setting, name, SETTINGS_TYPE_SECURE,
-                    UserHandle.getCallingUserId());
-            return setting;
         }
     }
 
@@ -1292,18 +1289,15 @@ public class SettingsProvider extends ContentProvider {
         // Resolve the userId on whose behalf the call is made.
         final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(requestingUserId);
 
+        // Ensure the caller can access the setting.
+        enforceSettingReadable(name, SETTINGS_TYPE_SYSTEM, UserHandle.getCallingUserId());
 
         // Determine the owning user as some profile settings are cloned from the parent.
         final int owningUserId = resolveOwningUserIdForSystemSettingLocked(callingUserId, name);
 
         // Get the value.
         synchronized (mLock) {
-            Setting setting = mSettingsRegistry.getSettingLocked(SETTINGS_TYPE_SYSTEM,
-                    owningUserId, name);
-            // Ensure the caller can access the setting before we return it.
-            enforceSettingReadable(setting, name, SETTINGS_TYPE_SYSTEM,
-                    UserHandle.getCallingUserId());
-            return setting;
+            return mSettingsRegistry.getSettingLocked(SETTINGS_TYPE_SYSTEM, owningUserId, name);
         }
     }
 
@@ -1650,22 +1644,14 @@ public class SettingsProvider extends ContentProvider {
         }
     }
 
-    private void enforceSettingReadable(Setting setting, String settingName, int settingsType,
-            int userId) {
+    private void enforceSettingReadable(String settingName, int settingsType, int userId) {
         if (UserHandle.getAppId(Binder.getCallingUid()) < Process.FIRST_APPLICATION_UID) {
             return;
         }
         ApplicationInfo ai = getCallingApplicationInfoOrThrow();
-        // Installed apps are allowed to read all settings.
         if (!ai.isInstantApp()) {
             return;
         }
-        // Instant Apps are allowed to read settings defined by applications.
-        // TODO: Replace this with an API that allows the setting application to say if a setting
-        // shoud/shouldn't be accessible.
-        if (!setting.isDefaultFromSystem()) {
-            return;
-        }
         if (!getInstantAppAccessibleSettings(settingsType).contains(settingName)) {
             throw new SecurityException("Setting " + settingName + " is not accessible from"
                     + " ephemeral package " + getCallingPackage());
author	Chad Brubaker <cbrubaker@google.com>	2017-04-28 17:34:36 -0700
committer	Chad Brubaker <cbrubaker@google.com>	2017-04-28 17:34:36 -0700
commit	a6830e748dff42e91b73873fcc46d4ac5647a321 (patch)
tree	8420c86ee0808cfca5cc7b142d8d9069dae7d504
parent	8f4ac4ac05b8278c84f3b27de05eb8ed325ea81a (diff)