Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fd462246 authored by Willie Koomson's avatar Willie Koomson
Browse files

Remove flag for checkRemoteViewsUris 

This change removes the
android.appwidget.flags.check_remote_views_uri_permission flag. This is
required for security fixes (see bug comment #55).

Bug: 369137473
Test: atest "CtsAppWidgetTestCases:AppWidgetTest#testCheckRemoteViewsUri"
Flag: EXEMPT security fix
Change-Id: Ie83f78c6efe878dabe7a422bf6ca497f31761005
parent babdebb8

core/java/android/appwidget/flags.aconfig

+0 −10
Original line number Diff line number Diff line
@@ -96,16 +96,6 @@ flag { 
  is_fixed_read_only: true

}



flag {

  name: "check_remote_views_uri_permission"

  namespace: "app_widgets"

  description: "Check that the widget provider has permissions to access any URIs within its RemoteViews"

  bug: "369137473"

  metadata {

    purpose: PURPOSE_BUGFIX

  }

}



flag {

  name: "engagement_metrics"

  namespace: "app_widgets"

services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java

+1 −4
Original line number Diff line number Diff line
@@ -16,7 +16,6 @@ 


package com.android.server.appwidget;



import static android.appwidget.flags.Flags.checkRemoteViewsUriPermission;

import static android.appwidget.flags.Flags.remoteAdapterConversion;

import static android.appwidget.flags.Flags.remoteViewsProto;

import static android.appwidget.flags.Flags.removeAppWidgetServiceIoFromCriticalPath;
@@ -2560,9 +2559,7 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku 
        // Make sure the package runs under the caller uid.

        mSecurityPolicy.enforceCallFromPackage(callingPackage);

        // Make sure RemoteViews do not contain URIs that the caller cannot access.

        if (checkRemoteViewsUriPermission()) {

        checkRemoteViewsUris(views);

        }

        synchronized (mLock) {

            ensureGroupStateLoadedLocked(userId);