[Catalyst] Enforce WRITE_SYSTEM_PREFERENCES permission
Bug: 374115149 Bug: 394744563 Flag: com.android.settingslib.flags.settings_catalyst Test: manual Change-Id: I63b84aea001033e81b1d811a2de983d8d107015c
This commit is contained in:
Jacky Wang
@@ -5515,12 +5515,12 @@
|
||||
android:exported="true"
|
||||
android:permission="android.permission.BLUETOOTH_PRIVILEGED" />
|
||||
|
||||
<!-- Once b/364771256 is fixed, add android:featureFlag="com.android.settings.flags.catalyst_service". -->
|
||||
<!-- Permission is not yet finalized, use READ_BASIC_PHONE_STATE temporarily. -->
|
||||
<!-- Service based on settingslib ipc to expose Preference Metadata and Get/Set functionality. -->
|
||||
<service
|
||||
android:name=".SettingsService"
|
||||
android:exported="true"
|
||||
android:permission="android.permission.READ_BASIC_PHONE_STATE">
|
||||
android:featureFlag="com.android.settings.flags.catalyst_service"
|
||||
android:permission="android.permission.READ_SYSTEM_PREFERENCES">
|
||||
<intent-filter>
|
||||
<action android:name="com.android.settingslib.PREFERENCE_SERVICE" />
|
||||
</intent-filter>
|
||||
|
||||
@@ -16,21 +16,19 @@
|
||||
|
||||
package com.android.settings
|
||||
|
||||
import android.content.Intent
|
||||
import com.android.settings.flags.Flags
|
||||
import android.Manifest.permission.WRITE_SYSTEM_PREFERENCES
|
||||
import android.app.AppOpsManager.OP_WRITE_SYSTEM_PREFERENCES
|
||||
import com.android.settings.metrics.SettingsRemoteOpMetricsLogger
|
||||
import com.android.settingslib.ipc.ApiPermissionChecker
|
||||
import com.android.settingslib.ipc.AppOpApiPermissionChecker
|
||||
import com.android.settingslib.service.PreferenceService
|
||||
|
||||
/** Service to expose settings APIs. */
|
||||
class SettingsService :
|
||||
PreferenceService(
|
||||
graphPermissionChecker = ApiPermissionChecker.alwaysAllow(),
|
||||
setterPermissionChecker = ApiPermissionChecker.alwaysAllow(),
|
||||
setterPermissionChecker =
|
||||
AppOpApiPermissionChecker(OP_WRITE_SYSTEM_PREFERENCES, WRITE_SYSTEM_PREFERENCES),
|
||||
getterPermissionChecker = ApiPermissionChecker.alwaysAllow(),
|
||||
metricsLogger = SettingsRemoteOpMetricsLogger(),
|
||||
) {
|
||||
|
||||
override fun onBind(intent: Intent) =
|
||||
if (Flags.catalystService()) super.onBind(intent) else null
|
||||
}
|
||||
)
|
||||
|
||||
@@ -16,6 +16,8 @@
|
||||
|
||||
package com.android.settings.service
|
||||
|
||||
import android.Manifest.permission.WRITE_SYSTEM_PREFERENCES
|
||||
import android.app.AppOpsManager.OP_WRITE_SYSTEM_PREFERENCES
|
||||
import android.os.Binder
|
||||
import android.os.OutcomeReceiver
|
||||
import android.service.settings.preferences.GetValueRequest
|
||||
@@ -32,6 +34,7 @@ import com.android.settingslib.graph.PreferenceGetterApiHandler
|
||||
import com.android.settingslib.graph.PreferenceGetterFlags
|
||||
import com.android.settingslib.graph.PreferenceSetterApiHandler
|
||||
import com.android.settingslib.ipc.ApiPermissionChecker
|
||||
import com.android.settingslib.ipc.AppOpApiPermissionChecker
|
||||
import kotlinx.coroutines.CoroutineScope
|
||||
import kotlinx.coroutines.Dispatchers
|
||||
import kotlinx.coroutines.SupervisorJob
|
||||
@@ -47,10 +50,15 @@ class PreferenceService : SettingsPreferenceService() {
|
||||
|
||||
init {
|
||||
val metricsLogger = SettingsRemoteOpMetricsLogger()
|
||||
// PreferenceService specifies READ_SYSTEM_PREFERENCES permission in AndroidManifest.xml
|
||||
getApiHandler =
|
||||
PreferenceGetterApiHandler(1, ApiPermissionChecker.alwaysAllow(), metricsLogger)
|
||||
setApiHandler =
|
||||
PreferenceSetterApiHandler(2, ApiPermissionChecker.alwaysAllow(), metricsLogger)
|
||||
PreferenceSetterApiHandler(
|
||||
2,
|
||||
AppOpApiPermissionChecker(OP_WRITE_SYSTEM_PREFERENCES, WRITE_SYSTEM_PREFERENCES),
|
||||
metricsLogger,
|
||||
)
|
||||
graphApi =
|
||||
GetPreferenceGraphApiHandler(3, ApiPermissionChecker.alwaysAllow(), metricsLogger)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user