Prevent SettingsSliceProvider from accessing unused packages

DISABLE_TOPIC_PROTECTOR

Bug: 388034510
Test: adb shell cmd slice get-permissions com.android.settings.slices
      atest SettingsSliceProviderTest
Flag: EXEMPT security issue
Change-Id: Ia655fbb9cb46f192559b82f957e3b2f0dd86946c
Merged-In: Ia655fbb9cb46f192559b82f957e3b2f0dd86946c

res/values/config.xml

@@ -201,6 +201,9 @@
     <!-- List of packages that should be allowlisted for slice uri access. Do not translate -->
     <string-array name="slice_allowlist_package_names" translatable="false"/>
 
+    <!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
+    <string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>
+
     <!-- Whether to use a UI variant that minimizes the number of UI elements on screen. This is
          typically used when there is not enough space to display everything, because pattern view
          doesn't interact well with scroll view -->

src/com/android/settings/slices/SettingsSliceProvider.java

@@ -29,6 +29,7 @@ import android.content.IntentFilter;
 import android.content.pm.PackageManager;
 import android.net.Uri;
 import android.os.Binder;
+import android.os.Build;
 import android.os.StrictMode;
 import android.os.UserManager;
 import android.provider.Settings;
@@ -388,19 +389,30 @@ public class SettingsSliceProvider extends SliceProvider {
         if (descendants == null) {
             Log.d(TAG, "No descendants to grant permission with, skipping.");
         }
-        final String[] allowlistPackages =
+        final List<String> allowlist = new ArrayList<>();
+        final String[] packages =
                 context.getResources().getStringArray(R.array.slice_allowlist_package_names);
-        if (allowlistPackages == null || allowlistPackages.length == 0) {
+        if (packages != null) {
+            allowlist.addAll(Arrays.asList(packages));
+        }
+        if (Build.IS_DEBUGGABLE) {
+            final String[] devPackages = context.getResources().getStringArray(
+                    R.array.slice_allowlist_package_names_for_dev);
+            if (devPackages != null) {
+                allowlist.addAll(Arrays.asList(devPackages));
+            }
+        }
+        if (allowlist.size() == 0) {
             Log.d(TAG, "No packages to allowlist, skipping.");
             return;
         } else {
             Log.d(TAG, String.format(
                     "Allowlisting %d uris to %d pkgs.",
-                    descendants.size(), allowlistPackages.length));
+                    descendants.size(), allowlist.size()));
         }
         final SliceManager sliceManager = context.getSystemService(SliceManager.class);
         for (Uri descendant : descendants) {
-            for (String toPackage : allowlistPackages) {
+            for (String toPackage : allowlist) {
                 sliceManager.grantSlicePermission(toPackage, descendant);
             }
         }

tests/robotests/res/values-mcc998/config.xml

@@ -17,4 +17,7 @@
 <resources>
     <!-- List of packages that should be allowlisted for slice uri access. Do not translate -->
     <string-array name="slice_allowlist_package_names" translatable="false"/>
+
+    <!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
+    <string-array name="slice_allowlist_package_names_for_dev" translatable="false"/>
 </resources>

tests/robotests/res/values-mcc999/config.xml

@@ -86,6 +86,11 @@
         <item>com.android.settings.slice_allowlist_package</item>
     </string-array>
 
+    <!-- List of packages that should be allowlisted for slice uri access for debugging purpose. Do not translate -->
+    <string-array name="slice_allowlist_package_names_for_dev" translatable="false">
+        <item>com.android.settings.slice_allowlist_package_dev</item>
+    </string-array>
+
     <!-- Email address for the homepage contextual cards feedback -->
     <string name="config_contextual_card_feedback_email" translatable="false">test@test.test</string>
 

tests/robotests/src/com/android/settings/slices/SettingsSliceProviderTest.java

@@ -80,6 +80,7 @@ import org.robolectric.annotation.Resetter;
 import org.robolectric.shadow.api.Shadow;
 import org.robolectric.shadows.ShadowAccessibilityManager;
 import org.robolectric.shadows.ShadowBinder;
+import org.robolectric.shadows.ShadowBuild;
 import org.robolectric.shadows.ShadowPackageManager;
 
 import java.util.ArrayList;
@@ -647,6 +648,7 @@ public class SettingsSliceProviderTest {
     @Test
     @Config(qualifiers = "mcc999")
     public void grantAllowlistedPackagePermissions_hasPackageAllowlist_shouldGrant() {
+        ShadowBuild.setDebuggable(false);
         final List<Uri> uris = new ArrayList<>();
         uris.add(Uri.parse("content://settings/slice"));
 
@@ -654,6 +656,23 @@ public class SettingsSliceProviderTest {
 
         verify(mManager)
                 .grantSlicePermission("com.android.settings.slice_allowlist_package", uris.get(0));
+        verify(mManager, never())
+                .grantSlicePermission("com.android.settings.slice_allowlist_package_dev",
+                        uris.get(0));
+    }
+
+    @Test
+    @Config(qualifiers = "mcc999")
+    public void grantAllowlistedPackagePermissions_hasPackageAllowlistAndDebuggable_shouldGrant() {
+        ShadowBuild.setDebuggable(true);
+        final List<Uri> uris = new ArrayList<>();
+        uris.add(Uri.parse("content://settings/slice"));
+
+        SettingsSliceProvider.grantAllowlistedPackagePermissions(mContext, uris);
+
+        verify(mManager)
+                .grantSlicePermission("com.android.settings.slice_allowlist_package_dev",
+                        uris.get(0));
     }
 
     @Test