diff options
| -rw-r--r-- | packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java index aca4fe456195..86b3765be5c4 100644 --- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java @@ -1338,6 +1338,13 @@ public class SettingsProvider extends ContentProvider { // Anyone can get the global settings, so no security checks. for (int i = 0; i < nameCount; i++) { String name = names.get(i); + try { + enforceSettingReadable(name, SETTINGS_TYPE_GLOBAL, + UserHandle.getCallingUserId()); + } catch (SecurityException e) { + // Caller doesn't have permission to read this setting + continue; + } Setting setting = settingsState.getSettingLocked(name); appendSettingToCursor(result, setting); } @@ -1515,6 +1522,13 @@ public class SettingsProvider extends ContentProvider { continue; } + try { + enforceSettingReadable(name, SETTINGS_TYPE_SECURE, callingUserId); + } catch (SecurityException e) { + // Caller doesn't have permission to read this setting + continue; + } + // As of Android O, the SSAID is read from an app-specific entry in table // SETTINGS_FILE_SSAID, unless accessed by a system process. final Setting setting; @@ -1777,7 +1791,12 @@ public class SettingsProvider extends ContentProvider { for (int i = 0; i < nameCount; i++) { String name = names.get(i); - + try { + enforceSettingReadable(name, SETTINGS_TYPE_SYSTEM, callingUserId); + } catch (SecurityException e) { + // Caller doesn't have permission to read this setting + continue; + } // Determine the owning user as some profile settings are cloned from the parent. final int owningUserId = resolveOwningUserIdForSystemSettingLocked(callingUserId, name); |