Make sure to check write perms after rewriting destination table

The write-permission check must occur after any destination-table
rewriting, otherwise any application would be able to write to
any global setting, by supplying a fraudulent "system" namespace
in the uri, but with a key name that will be redirected to global.

Bug 7289965

Change-Id: I122098a64e40d14e00d3cb6608c50aeb74faf7ce

Author: Christopher Tate

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

@@ -849,7 +849,6 @@ private Uri insertForUser(Uri url, ContentValues initialValues, int desiredUserH
         if (TABLE_FAVORITES.equals(args.table)) {
             return null;
         }
-        checkWritePermissions(args);
 
         // Special case LOCATION_PROVIDERS_ALLOWED.
         // Support enabling/disabling a single provider (using "+" or "-" prefix)
@@ -869,6 +868,9 @@ private Uri insertForUser(Uri url, ContentValues initialValues, int desiredUserH
             }
         }
 
+        // Check write permissions only after determining which table the insert will touch
+        checkWritePermissions(args);
+
         // The global table is stored under the owner, always
         if (TABLE_GLOBAL.equals(args.table)) {
             desiredUserHandle = UserHandle.USER_OWNER;