Loading api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -7304,6 +7304,7 @@ package android.app.slice { } public abstract class SliceProvider extends android.content.ContentProvider { ctor public SliceProvider(java.lang.String...); ctor public SliceProvider(); method public final int delete(android.net.Uri, java.lang.String, java.lang.String[]); method public final java.lang.String getType(android.net.Uri); core/java/android/app/slice/ISliceManager.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -25,7 +25,8 @@ interface ISliceManager { void unpinSlice(String pkg, in Uri uri, in IBinder token); boolean hasSliceAccess(String pkg); SliceSpec[] getPinnedSpecs(in Uri uri, String pkg); int checkSlicePermission(in Uri uri, String pkg, int pid, int uid); int checkSlicePermission(in Uri uri, String pkg, int pid, int uid, in String[] autoGrantPermissions); void grantPermissionFromUser(in Uri uri, String pkg, String callingPkg, boolean allSlices); Uri[] getPinnedSlices(String pkg); Loading core/java/android/app/slice/SliceManager.java +5 −2 Original line number Diff line number Diff line Loading @@ -404,7 +404,8 @@ public class SliceManager { * Does the permission check to see if a caller has access to a specific slice. * @hide */ public void enforceSlicePermission(Uri uri, String pkg, int pid, int uid) { public void enforceSlicePermission(Uri uri, String pkg, int pid, int uid, String[] autoGrantPermissions) { try { if (UserHandle.isSameApp(uid, Process.myUid())) { return; Loading @@ -412,7 +413,7 @@ public class SliceManager { if (pkg == null) { throw new SecurityException("No pkg specified"); } int result = mService.checkSlicePermission(uri, pkg, pid, uid); int result = mService.checkSlicePermission(uri, pkg, pid, uid, autoGrantPermissions); if (result == PERMISSION_DENIED) { throw new SecurityException("User " + uid + " does not have slice permission for " + uri + "."); Loading @@ -424,6 +425,8 @@ public class SliceManager { Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION); // Notify a change has happened because we just granted a permission. mContext.getContentResolver().notifyChange(uri, null); } } catch (RemoteException e) { throw e.rethrowFromSystemServer(); Loading core/java/android/app/slice/SliceProvider.java +22 −1 Original line number Diff line number Diff line Loading @@ -149,10 +149,31 @@ public abstract class SliceProvider extends ContentProvider { private static final boolean DEBUG = false; private static final long SLICE_BIND_ANR = 2000; private final String[] mAutoGrantPermissions; private String mCallback; private SliceManager mSliceManager; /** * A version of constructing a SliceProvider that allows autogranting slice permissions * to apps that hold specific platform permissions. * <p> * When an app tries to bind a slice from this provider that it does not have access to, * This provider will check if the caller holds permissions to any of the autoGrantPermissions * specified, if they do they will be granted persisted uri access to all slices of this * provider. * * @param autoGrantPermissions List of permissions that holders are auto-granted access * to slices. */ public SliceProvider(@NonNull String... autoGrantPermissions) { mAutoGrantPermissions = autoGrantPermissions; } public SliceProvider() { mAutoGrantPermissions = new String[0]; } @Override public void attachInfo(Context context, ProviderInfo info) { super.attachInfo(context, info); Loading Loading @@ -402,7 +423,7 @@ public abstract class SliceProvider extends ContentProvider { : getContext().getPackageManager().getNameForUid(callingUid); try { mSliceManager.enforceSlicePermission(sliceUri, pkg, callingPid, callingUid); callingPid, callingUid, mAutoGrantPermissions); } catch (SecurityException e) { return createPermissionSlice(getContext(), sliceUri, pkg); } Loading services/core/java/com/android/server/slice/SliceManagerService.java +9 −2 Original line number Diff line number Diff line Loading @@ -168,7 +168,8 @@ public class SliceManagerService extends ISliceManager.Stub { } @Override public void pinSlice(String pkg, Uri uri, SliceSpec[] specs, IBinder token) throws RemoteException { public void pinSlice(String pkg, Uri uri, SliceSpec[] specs, IBinder token) throws RemoteException { verifyCaller(pkg); enforceAccess(pkg, uri); int user = Binder.getCallingUserHandle().getIdentifier(); Loading Loading @@ -210,7 +211,8 @@ public class SliceManagerService extends ISliceManager.Stub { } @Override public int checkSlicePermission(Uri uri, String pkg, int pid, int uid) throws RemoteException { public int checkSlicePermission(Uri uri, String pkg, int pid, int uid, String[] autoGrantPermissions) throws RemoteException { if (mContext.checkUriPermission(uri, pid, uid, Intent.FLAG_GRANT_WRITE_URI_PERMISSION) == PERMISSION_GRANTED) { return SliceManager.PERMISSION_GRANTED; Loading @@ -218,6 +220,11 @@ public class SliceManagerService extends ISliceManager.Stub { if (hasFullSliceAccess(pkg, UserHandle.getUserId(uid))) { return SliceManager.PERMISSION_GRANTED; } for (String perm : autoGrantPermissions) { if (mContext.checkPermission(perm, pid, uid) == PERMISSION_GRANTED) { return SliceManager.PERMISSION_USER_GRANTED; } } synchronized (mLock) { if (mUserGrants.contains(new SliceGrant(uri, pkg, UserHandle.getUserId(uid)))) { return SliceManager.PERMISSION_USER_GRANTED; Loading Loading
api/current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -7304,6 +7304,7 @@ package android.app.slice { } public abstract class SliceProvider extends android.content.ContentProvider { ctor public SliceProvider(java.lang.String...); ctor public SliceProvider(); method public final int delete(android.net.Uri, java.lang.String, java.lang.String[]); method public final java.lang.String getType(android.net.Uri);
core/java/android/app/slice/ISliceManager.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -25,7 +25,8 @@ interface ISliceManager { void unpinSlice(String pkg, in Uri uri, in IBinder token); boolean hasSliceAccess(String pkg); SliceSpec[] getPinnedSpecs(in Uri uri, String pkg); int checkSlicePermission(in Uri uri, String pkg, int pid, int uid); int checkSlicePermission(in Uri uri, String pkg, int pid, int uid, in String[] autoGrantPermissions); void grantPermissionFromUser(in Uri uri, String pkg, String callingPkg, boolean allSlices); Uri[] getPinnedSlices(String pkg); Loading
core/java/android/app/slice/SliceManager.java +5 −2 Original line number Diff line number Diff line Loading @@ -404,7 +404,8 @@ public class SliceManager { * Does the permission check to see if a caller has access to a specific slice. * @hide */ public void enforceSlicePermission(Uri uri, String pkg, int pid, int uid) { public void enforceSlicePermission(Uri uri, String pkg, int pid, int uid, String[] autoGrantPermissions) { try { if (UserHandle.isSameApp(uid, Process.myUid())) { return; Loading @@ -412,7 +413,7 @@ public class SliceManager { if (pkg == null) { throw new SecurityException("No pkg specified"); } int result = mService.checkSlicePermission(uri, pkg, pid, uid); int result = mService.checkSlicePermission(uri, pkg, pid, uid, autoGrantPermissions); if (result == PERMISSION_DENIED) { throw new SecurityException("User " + uid + " does not have slice permission for " + uri + "."); Loading @@ -424,6 +425,8 @@ public class SliceManager { Intent.FLAG_GRANT_PERSISTABLE_URI_PERMISSION | Intent.FLAG_GRANT_WRITE_URI_PERMISSION | Intent.FLAG_GRANT_PREFIX_URI_PERMISSION); // Notify a change has happened because we just granted a permission. mContext.getContentResolver().notifyChange(uri, null); } } catch (RemoteException e) { throw e.rethrowFromSystemServer(); Loading
core/java/android/app/slice/SliceProvider.java +22 −1 Original line number Diff line number Diff line Loading @@ -149,10 +149,31 @@ public abstract class SliceProvider extends ContentProvider { private static final boolean DEBUG = false; private static final long SLICE_BIND_ANR = 2000; private final String[] mAutoGrantPermissions; private String mCallback; private SliceManager mSliceManager; /** * A version of constructing a SliceProvider that allows autogranting slice permissions * to apps that hold specific platform permissions. * <p> * When an app tries to bind a slice from this provider that it does not have access to, * This provider will check if the caller holds permissions to any of the autoGrantPermissions * specified, if they do they will be granted persisted uri access to all slices of this * provider. * * @param autoGrantPermissions List of permissions that holders are auto-granted access * to slices. */ public SliceProvider(@NonNull String... autoGrantPermissions) { mAutoGrantPermissions = autoGrantPermissions; } public SliceProvider() { mAutoGrantPermissions = new String[0]; } @Override public void attachInfo(Context context, ProviderInfo info) { super.attachInfo(context, info); Loading Loading @@ -402,7 +423,7 @@ public abstract class SliceProvider extends ContentProvider { : getContext().getPackageManager().getNameForUid(callingUid); try { mSliceManager.enforceSlicePermission(sliceUri, pkg, callingPid, callingUid); callingPid, callingUid, mAutoGrantPermissions); } catch (SecurityException e) { return createPermissionSlice(getContext(), sliceUri, pkg); } Loading
services/core/java/com/android/server/slice/SliceManagerService.java +9 −2 Original line number Diff line number Diff line Loading @@ -168,7 +168,8 @@ public class SliceManagerService extends ISliceManager.Stub { } @Override public void pinSlice(String pkg, Uri uri, SliceSpec[] specs, IBinder token) throws RemoteException { public void pinSlice(String pkg, Uri uri, SliceSpec[] specs, IBinder token) throws RemoteException { verifyCaller(pkg); enforceAccess(pkg, uri); int user = Binder.getCallingUserHandle().getIdentifier(); Loading Loading @@ -210,7 +211,8 @@ public class SliceManagerService extends ISliceManager.Stub { } @Override public int checkSlicePermission(Uri uri, String pkg, int pid, int uid) throws RemoteException { public int checkSlicePermission(Uri uri, String pkg, int pid, int uid, String[] autoGrantPermissions) throws RemoteException { if (mContext.checkUriPermission(uri, pid, uid, Intent.FLAG_GRANT_WRITE_URI_PERMISSION) == PERMISSION_GRANTED) { return SliceManager.PERMISSION_GRANTED; Loading @@ -218,6 +220,11 @@ public class SliceManagerService extends ISliceManager.Stub { if (hasFullSliceAccess(pkg, UserHandle.getUserId(uid))) { return SliceManager.PERMISSION_GRANTED; } for (String perm : autoGrantPermissions) { if (mContext.checkPermission(perm, pid, uid) == PERMISSION_GRANTED) { return SliceManager.PERMISSION_USER_GRANTED; } } synchronized (mLock) { if (mUserGrants.contains(new SliceGrant(uri, pkg, UserHandle.getUserId(uid)))) { return SliceManager.PERMISSION_USER_GRANTED; Loading
