[Catalyst] Enforce WRITE_SYSTEM_PREFERENCES permission (68bb5a04) · Commits · e / os / android_packages_apps_Settings

AndroidManifest.xml

+3 −3

Original line number	Diff line number	Diff line
		@@ -5515,12 +5515,12 @@
		android:exported="true"
		android:permission="android.permission.BLUETOOTH_PRIVILEGED" />

		<!-- Once b/364771256 is fixed, add android:featureFlag="com.android.settings.flags.catalyst_service". -->
		<!-- Permission is not yet finalized, use READ_BASIC_PHONE_STATE temporarily. -->
		<!-- Service based on settingslib ipc to expose Preference Metadata and Get/Set functionality. -->
		<service
		android:name=".SettingsService"
		android:exported="true"
		android:permission="android.permission.READ_BASIC_PHONE_STATE">
		android:featureFlag="com.android.settings.flags.catalyst_service"
		android:permission="android.permission.READ_SYSTEM_PREFERENCES">
		<intent-filter>
		<action android:name="com.android.settingslib.PREFERENCE_SERVICE" />
		</intent-filter>

+6 −8

Original line number	Diff line number	Diff line
		@@ -16,21 +16,19 @@

		package com.android.settings

		import android.content.Intent
		import com.android.settings.flags.Flags
		import android.Manifest.permission.WRITE_SYSTEM_PREFERENCES
		import android.app.AppOpsManager.OP_WRITE_SYSTEM_PREFERENCES
		import com.android.settings.metrics.SettingsRemoteOpMetricsLogger
		import com.android.settingslib.ipc.ApiPermissionChecker
		import com.android.settingslib.ipc.AppOpApiPermissionChecker
		import com.android.settingslib.service.PreferenceService

		/** Service to expose settings APIs. */
		class SettingsService :
		PreferenceService(
		graphPermissionChecker = ApiPermissionChecker.alwaysAllow(),
		setterPermissionChecker = ApiPermissionChecker.alwaysAllow(),
		setterPermissionChecker =
		AppOpApiPermissionChecker(OP_WRITE_SYSTEM_PREFERENCES, WRITE_SYSTEM_PREFERENCES),
		getterPermissionChecker = ApiPermissionChecker.alwaysAllow(),
		metricsLogger = SettingsRemoteOpMetricsLogger(),
		) {

		override fun onBind(intent: Intent) =
		if (Flags.catalystService()) super.onBind(intent) else null
		}
		)

+9 −1

Original line number	Diff line number	Diff line
		@@ -16,6 +16,8 @@

		package com.android.settings.service

		import android.Manifest.permission.WRITE_SYSTEM_PREFERENCES
		import android.app.AppOpsManager.OP_WRITE_SYSTEM_PREFERENCES
		import android.os.Binder
		import android.os.OutcomeReceiver
		import android.service.settings.preferences.GetValueRequest
		@@ -32,6 +34,7 @@ import com.android.settingslib.graph.PreferenceGetterApiHandler
		import com.android.settingslib.graph.PreferenceGetterFlags
		import com.android.settingslib.graph.PreferenceSetterApiHandler
		import com.android.settingslib.ipc.ApiPermissionChecker
		import com.android.settingslib.ipc.AppOpApiPermissionChecker
		import kotlinx.coroutines.CoroutineScope
		import kotlinx.coroutines.Dispatchers
		import kotlinx.coroutines.SupervisorJob
		@@ -47,10 +50,15 @@ class PreferenceService : SettingsPreferenceService() {

		init {
		val metricsLogger = SettingsRemoteOpMetricsLogger()
		// PreferenceService specifies READ_SYSTEM_PREFERENCES permission in AndroidManifest.xml
		getApiHandler =
		PreferenceGetterApiHandler(1, ApiPermissionChecker.alwaysAllow(), metricsLogger)
		setApiHandler =
		PreferenceSetterApiHandler(2, ApiPermissionChecker.alwaysAllow(), metricsLogger)
		PreferenceSetterApiHandler(
		2,
		AppOpApiPermissionChecker(OP_WRITE_SYSTEM_PREFERENCES, WRITE_SYSTEM_PREFERENCES),
		metricsLogger,
		)
		graphApi =
		GetPreferenceGraphApiHandler(3, ApiPermissionChecker.alwaysAllow(), metricsLogger)
		}