Prevent SettingsSliceProvider from accessing unused packages (586f8ded) · Commits · e / os / android_packages_apps_Settings

res/values/config.xml

+3 −0

Original line number	Diff line number	Diff line
		@@ -201,6 +201,9 @@
		<!-- List of packages that should be allowlisted for slice uri access. Do not translate -->
		<string-array name="slice_allowlist_package_names" translatable="false"/>

		<!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
		<string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>

		<!-- Whether to use a UI variant that minimizes the number of UI elements on screen. This is
		typically used when there is not enough space to display everything, because pattern view
		doesn't interact well with scroll view -->

+16 −4

Original line number	Diff line number	Diff line
		@@ -29,6 +29,7 @@ import android.content.IntentFilter;
		import android.content.pm.PackageManager;
		import android.net.Uri;
		import android.os.Binder;
		import android.os.Build;
		import android.os.StrictMode;
		import android.os.UserManager;
		import android.provider.Settings;
		@@ -388,19 +389,30 @@ public class SettingsSliceProvider extends SliceProvider {
		if (descendants == null) {
		Log.d(TAG, "No descendants to grant permission with, skipping.");
		}
		final String[] allowlistPackages =
		final List<String> allowlist = new ArrayList<>();
		final String[] packages =
		context.getResources().getStringArray(R.array.slice_allowlist_package_names);
		if (allowlistPackages == null \|\| allowlistPackages.length == 0) {
		if (packages != null) {
		allowlist.addAll(Arrays.asList(packages));
		}
		if (Build.IS_DEBUGGABLE) {
		final String[] devPackages = context.getResources().getStringArray(
		R.array.slice_allowlist_package_names_for_dev);
		if (devPackages != null) {
		allowlist.addAll(Arrays.asList(devPackages));
		}
		}
		if (allowlist.size() == 0) {
		Log.d(TAG, "No packages to allowlist, skipping.");
		return;
		} else {
		Log.d(TAG, String.format(
		"Allowlisting %d uris to %d pkgs.",
		descendants.size(), allowlistPackages.length));
		descendants.size(), allowlist.size()));
		}
		final SliceManager sliceManager = context.getSystemService(SliceManager.class);
		for (Uri descendant : descendants) {
		for (String toPackage : allowlistPackages) {
		for (String toPackage : allowlist) {
		sliceManager.grantSlicePermission(toPackage, descendant);
		}
		}

+3 −0

Original line number	Diff line number	Diff line
		@@ -17,4 +17,7 @@
		<resources>
		<!-- List of packages that should be allowlisted for slice uri access. Do not translate -->
		<string-array name="slice_allowlist_package_names" translatable="false"/>

		<!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
		<string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>
		</resources>

+5 −0

Original line number	Diff line number	Diff line
		@@ -86,6 +86,11 @@
		<item>com.android.settings.slice_allowlist_package</item>
		</string-array>

		<!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
		<string-array name="slice_allowlist_package_names_for_dev" translatable="false">
		<item>com.android.settings.slice_allowlist_package_dev</item>
		</string-array>

		<!-- Email address for the homepage contextual cards feedback -->
		<string name="config_contextual_card_feedback_email" translatable="false">test@test.test</string>

+19 −0

Original line number	Diff line number	Diff line
		@@ -80,6 +80,7 @@ import org.robolectric.annotation.Resetter;
		import org.robolectric.shadow.api.Shadow;
		import org.robolectric.shadows.ShadowAccessibilityManager;
		import org.robolectric.shadows.ShadowBinder;
		import org.robolectric.shadows.ShadowBuild;
		import org.robolectric.shadows.ShadowPackageManager;

		import java.util.ArrayList;
		@@ -647,6 +648,7 @@ public class SettingsSliceProviderTest {
		@Test
		@Config(qualifiers = "mcc999")
		public void grantAllowlistedPackagePermissions_hasPackageAllowlist_shouldGrant() {
		ShadowBuild.setDebuggable(false);
		final List<Uri> uris = new ArrayList<>();
		uris.add(Uri.parse("content://settings/slice"));

		@@ -654,6 +656,23 @@ public class SettingsSliceProviderTest {

		verify(mManager)
		.grantSlicePermission("com.android.settings.slice_allowlist_package", uris.get(0));
		verify(mManager, never())
		.grantSlicePermission("com.android.settings.slice_allowlist_package_dev",
		uris.get(0));
		}

		@Test
		@Config(qualifiers = "mcc999")
		public void grantAllowlistedPackagePermissions_hasPackageAllowlistAndDebuggable_shouldGrant() {
		ShadowBuild.setDebuggable(true);
		final List<Uri> uris = new ArrayList<>();
		uris.add(Uri.parse("content://settings/slice"));

		SettingsSliceProvider.grantAllowlistedPackagePermissions(mContext, uris);

		verify(mManager)
		.grantSlicePermission("com.android.settings.slice_allowlist_package_dev",
		uris.get(0));
		}

		@Test