Prevent SettingsSliceProvider from accessing unused packages (fad3b580) · Commits · e / os / android_packages_apps_Settings

res/values/config.xml

+3 −0

Original line number	Diff line number	Diff line
		@@ -178,6 +178,9 @@
		<!-- List of packages that should be allowlisted for slice uri access. Do not translate -->
		<string-array name="slice_allowlist_package_names" translatable="false"/>

		<!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
		<string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>

		<!-- Whether or not App & Notification screen should display recently used apps -->
		<bool name="config_display_recent_apps">true</bool>

src/com/android/settings/slices/SettingsSliceProvider.java

+16 −4

Original line number	Diff line number	Diff line
		@@ -27,6 +27,7 @@ import android.content.IntentFilter;
		import android.content.pm.PackageManager;
		import android.net.Uri;
		import android.os.Binder;
		import android.os.Build;
		import android.os.StrictMode;
		import android.provider.Settings;
		import android.provider.SettingsSlicesContract;
		@@ -367,19 +368,30 @@ public class SettingsSliceProvider extends SliceProvider {
		if (descendants == null) {
		Log.d(TAG, "No descendants to grant permission with, skipping.");
		}
		final String[] allowlistPackages =
		final List<String> allowlist = new ArrayList<>();
		final String[] packages =
		context.getResources().getStringArray(R.array.slice_allowlist_package_names);
		if (allowlistPackages == null \|\| allowlistPackages.length == 0) {
		if (packages != null) {
		allowlist.addAll(Arrays.asList(packages));
		}
		if (Build.IS_DEBUGGABLE) {
		final String[] devPackages = context.getResources().getStringArray(
		R.array.slice_allowlist_package_names_for_dev);
		if (devPackages != null) {
		allowlist.addAll(Arrays.asList(devPackages));
		}
		}
		if (allowlist.size() == 0) {
		Log.d(TAG, "No packages to allowlist, skipping.");
		return;
		} else {
		Log.d(TAG, String.format(
		"Allowlisting %d uris to %d pkgs.",
		descendants.size(), allowlistPackages.length));
		descendants.size(), allowlist.size()));
		}
		final SliceManager sliceManager = context.getSystemService(SliceManager.class);
		for (Uri descendant : descendants) {
		for (String toPackage : allowlistPackages) {
		for (String toPackage : allowlist) {
		sliceManager.grantSlicePermission(toPackage, descendant);
		}
		}

tests/robotests/res/values-mcc998/config.xml

+3 −0

Original line number	Diff line number	Diff line
		@@ -17,4 +17,7 @@
		<resources>
		<!-- List of packages that should be allowlisted for slice uri access. Do not translate -->
		<string-array name="slice_allowlist_package_names" translatable="false"/>

		<!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
		<string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>
		</resources>

tests/robotests/res/values-mcc999/config.xml

+5 −0

Original line number	Diff line number	Diff line
		@@ -86,6 +86,11 @@
		<item>com.android.settings.slice_allowlist_package</item>
		</string-array>

		<!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
		<string-array name="slice_allowlist_package_names_for_dev" translatable="false">
		<item>com.android.settings.slice_allowlist_package_dev</item>
		</string-array>

		<!-- Email address for the homepage contextual cards feedback -->
		<string name="config_contextual_card_feedback_email" translatable="false">test@test.test</string>

tests/robotests/src/com/android/settings/slices/SettingsSliceProviderTest.java

+20 −0

Original line number	Diff line number	Diff line
		@@ -43,6 +43,7 @@ import android.content.Context;
		import android.content.Intent;
		import android.content.res.Resources.Theme;
		import android.net.Uri;
		import android.os.Build;
		import android.os.StrictMode;
		import android.provider.Settings;
		import android.provider.SettingsSlicesContract;
		@@ -82,6 +83,7 @@ import org.robolectric.shadow.api.Shadow;
		import org.robolectric.shadows.ShadowAccessibilityManager;
		import org.robolectric.shadows.ShadowBinder;
		import org.robolectric.shadows.ShadowPackageManager;
		import org.robolectric.util.ReflectionHelpers;

		import java.util.ArrayList;
		import java.util.Arrays;
		@@ -638,6 +640,7 @@ public class SettingsSliceProviderTest {
		@Test
		@Config(qualifiers = "mcc999")
		public void grantAllowlistedPackagePermissions_hasPackageAllowlist_shouldGrant() {
		ReflectionHelpers.setStaticField(Build.class, "IS_DEBUGGABLE", false);
		final List<Uri> uris = new ArrayList<>();
		uris.add(Uri.parse("content://settings/slice"));

		@@ -645,6 +648,23 @@ public class SettingsSliceProviderTest {

		verify(mManager)
		.grantSlicePermission("com.android.settings.slice_allowlist_package", uris.get(0));
		verify(mManager, never())
		.grantSlicePermission("com.android.settings.slice_allowlist_package_dev",
		uris.get(0));
		}

		@Test
		@Config(qualifiers = "mcc999")
		public void grantAllowlistedPackagePermissions_hasPackageAllowlistAndDebuggable_shouldGrant() {
		ReflectionHelpers.setStaticField(Build.class, "IS_DEBUGGABLE", true);
		final List<Uri> uris = new ArrayList<>();
		uris.add(Uri.parse("content://settings/slice"));

		SettingsSliceProvider.grantAllowlistedPackagePermissions(mContext, uris);

		verify(mManager)
		.grantSlicePermission("com.android.settings.slice_allowlist_package_dev",
		uris.get(0));
		}

		@Test