Prevent SettingsSliceProvider from accessing unused packages

DISABLE_TOPIC_PROTECTOR Bug: 388034510 Test: adb shell cmd slice get-permissions com.android.settings.slices atest SettingsSliceProviderTest Flag: EXEMPT security issue Change-Id: Ia655fbb9cb46f192559b82f957e3b2f0dd86946c Merged-In: Ia655fbb9cb46f192559b82f957e3b2f0dd86946c
2025-06-02 09:40:27 +00:00
parent 4f4deeaf16
commit fc32bd01fa
5 changed files with 46 additions and 4 deletions
--- a/src/com/android/settings/slices/SettingsSliceProvider.java
+++ b/src/com/android/settings/slices/SettingsSliceProvider.java
@@ -29,6 +29,7 @@ import android.content.IntentFilter;
 import android.content.pm.PackageManager;
 import android.net.Uri;
 import android.os.Binder;
+import android.os.Build;
 import android.os.StrictMode;
 import android.os.UserManager;
 import android.provider.Settings;
@@ -388,19 +389,30 @@ public class SettingsSliceProvider extends SliceProvider {
        if (descendants == null) {
            Log.d(TAG, "No descendants to grant permission with, skipping.");
        }
-        final String[] allowlistPackages =
+        final List<String> allowlist = new ArrayList<>();
+        final String[] packages =
                context.getResources().getStringArray(R.array.slice_allowlist_package_names);
-        if (allowlistPackages == null || allowlistPackages.length == 0) {
+        if (packages != null) {
+            allowlist.addAll(Arrays.asList(packages));
+        }
+        if (Build.IS_DEBUGGABLE) {
+            final String[] devPackages = context.getResources().getStringArray(
+                    R.array.slice_allowlist_package_names_for_dev);
+            if (devPackages != null) {
+                allowlist.addAll(Arrays.asList(devPackages));
+            }
+        }
+        if (allowlist.size() == 0) {
            Log.d(TAG, "No packages to allowlist, skipping.");
            return;
        } else {
            Log.d(TAG, String.format(
                    "Allowlisting %d uris to %d pkgs.",
-                    descendants.size(), allowlistPackages.length));
+                    descendants.size(), allowlist.size()));
        }
        final SliceManager sliceManager = context.getSystemService(SliceManager.class);
        for (Uri descendant : descendants) {
-            for (String toPackage : allowlistPackages) {
+            for (String toPackage : allowlist) {
                sliceManager.grantSlicePermission(toPackage, descendant);
            }
        }