Merge "Prevent SettingsSliceProvider from accessing unused packages" into security-aosp-25Q2-staging

2025-06-19 10:17:12 -07:00
parent afcd445ef3 fc32bd01fa
commit 145b4a0870
5 changed files with 46 additions and 4 deletions
--- a/res/values/config.xml
+++ b/res/values/config.xml
@@ -201,6 +201,9 @@
    <!-- List of packages that should be allowlisted for slice uri access. Do not translate -->
    <string-array name="slice_allowlist_package_names" translatable="false"/>

+    <!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
+    <string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>
+
    <!-- Whether to use a UI variant that minimizes the number of UI elements on screen. This is
         typically used when there is not enough space to display everything, because pattern view
         doesn't interact well with scroll view -->
--- a/src/com/android/settings/slices/SettingsSliceProvider.java
+++ b/src/com/android/settings/slices/SettingsSliceProvider.java
@@ -29,6 +29,7 @@ import android.content.IntentFilter;
 import android.content.pm.PackageManager;
 import android.net.Uri;
 import android.os.Binder;
+import android.os.Build;
 import android.os.StrictMode;
 import android.os.UserManager;
 import android.provider.Settings;
@@ -388,19 +389,30 @@ public class SettingsSliceProvider extends SliceProvider {
        if (descendants == null) {
            Log.d(TAG, "No descendants to grant permission with, skipping.");
        }
-        final String[] allowlistPackages =
+        final List<String> allowlist = new ArrayList<>();
+        final String[] packages =
                context.getResources().getStringArray(R.array.slice_allowlist_package_names);
-        if (allowlistPackages == null || allowlistPackages.length == 0) {
+        if (packages != null) {
+            allowlist.addAll(Arrays.asList(packages));
+        }
+        if (Build.IS_DEBUGGABLE) {
+            final String[] devPackages = context.getResources().getStringArray(
+                    R.array.slice_allowlist_package_names_for_dev);
+            if (devPackages != null) {
+                allowlist.addAll(Arrays.asList(devPackages));
+            }
+        }
+        if (allowlist.size() == 0) {
            Log.d(TAG, "No packages to allowlist, skipping.");
            return;
        } else {
            Log.d(TAG, String.format(
                    "Allowlisting %d uris to %d pkgs.",
-                    descendants.size(), allowlistPackages.length));
+                    descendants.size(), allowlist.size()));
        }
        final SliceManager sliceManager = context.getSystemService(SliceManager.class);
        for (Uri descendant : descendants) {
-            for (String toPackage : allowlistPackages) {
+            for (String toPackage : allowlist) {
                sliceManager.grantSlicePermission(toPackage, descendant);
            }
        }
--- a/tests/robotests/res/values-mcc998/config.xml
+++ b/tests/robotests/res/values-mcc998/config.xml
@@ -17,4 +17,7 @@
 <resources>
    <!-- List of packages that should be allowlisted for slice uri access. Do not translate -->
    <string-array name="slice_allowlist_package_names" translatable="false"/>
+
+    <!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
+    <string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>
 </resources>
--- a/tests/robotests/res/values-mcc999/config.xml
+++ b/tests/robotests/res/values-mcc999/config.xml
@@ -86,6 +86,11 @@
        <item>com.android.settings.slice_allowlist_package</item>
    </string-array>

+    <!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
+    <string-array name="slice_allowlist_package_names_for_dev" translatable="false">
+        <item>com.android.settings.slice_allowlist_package_dev</item>
+    </string-array>
+
    <!-- Email address for the homepage contextual cards feedback -->
    <string name="config_contextual_card_feedback_email" translatable="false">test@test.test</string>

--- a/tests/robotests/src/com/android/settings/slices/SettingsSliceProviderTest.java
+++ b/tests/robotests/src/com/android/settings/slices/SettingsSliceProviderTest.java
@@ -80,6 +80,7 @@ import org.robolectric.annotation.Resetter;
 import org.robolectric.shadow.api.Shadow;
 import org.robolectric.shadows.ShadowAccessibilityManager;
 import org.robolectric.shadows.ShadowBinder;
+import org.robolectric.shadows.ShadowBuild;
 import org.robolectric.shadows.ShadowPackageManager;

 import java.util.ArrayList;
@@ -647,6 +648,7 @@ public class SettingsSliceProviderTest {
    @Test
    @Config(qualifiers = "mcc999")
    public void grantAllowlistedPackagePermissions_hasPackageAllowlist_shouldGrant() {
+        ShadowBuild.setDebuggable(false);
        final List<Uri> uris = new ArrayList<>();
        uris.add(Uri.parse("content://settings/slice"));

@@ -654,6 +656,23 @@ public class SettingsSliceProviderTest {

        verify(mManager)
                .grantSlicePermission("com.android.settings.slice_allowlist_package", uris.get(0));
+        verify(mManager, never())
+                .grantSlicePermission("com.android.settings.slice_allowlist_package_dev",
+                        uris.get(0));
+    }
+
+    @Test
+    @Config(qualifiers = "mcc999")
+    public void grantAllowlistedPackagePermissions_hasPackageAllowlistAndDebuggable_shouldGrant() {
+        ShadowBuild.setDebuggable(true);
+        final List<Uri> uris = new ArrayList<>();
+        uris.add(Uri.parse("content://settings/slice"));
+
+        SettingsSliceProvider.grantAllowlistedPackagePermissions(mContext, uris);
+
+        verify(mManager)
+                .grantSlicePermission("com.android.settings.slice_allowlist_package_dev",
+                        uris.get(0));
    }

    @Test