Merge "[Catalyst] Enforce WRITE_SYSTEM_PREFERENCES permission" into main

2025-02-06 05:03:02 -08:00
parent 538cc35aed 68bb5a04c9
commit bf792b4081
3 changed files with 18 additions and 12 deletions
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -5515,12 +5515,12 @@
            android:exported="true"
            android:permission="android.permission.BLUETOOTH_PRIVILEGED" />
-        <!-- Once b/364771256 is fixed, add android:featureFlag="com.android.settings.flags.catalyst_service". -->
+        <!-- Service based on settingslib ipc to expose Preference Metadata and Get/Set functionality. -->
        <!-- Permission is not yet finalized, use READ_BASIC_PHONE_STATE temporarily. -->
        <service
            android:name=".SettingsService"
            android:exported="true"
-            android:permission="android.permission.READ_BASIC_PHONE_STATE">
+            android:featureFlag="com.android.settings.flags.catalyst_service"
            android:permission="android.permission.READ_SYSTEM_PREFERENCES">
            <intent-filter>
                <action android:name="com.android.settingslib.PREFERENCE_SERVICE" />
            </intent-filter>
--- a/src/com/android/settings/SettingsService.kt
+++ b/src/com/android/settings/SettingsService.kt
@@ -16,21 +16,19 @@
 package com.android.settings
-import android.content.Intent
+import android.Manifest.permission.WRITE_SYSTEM_PREFERENCES
-import com.android.settings.flags.Flags
+import android.app.AppOpsManager.OP_WRITE_SYSTEM_PREFERENCES
 import com.android.settings.metrics.SettingsRemoteOpMetricsLogger
 import com.android.settingslib.ipc.ApiPermissionChecker
 import com.android.settingslib.ipc.AppOpApiPermissionChecker
 import com.android.settingslib.service.PreferenceService
 /** Service to expose settings APIs. */
 class SettingsService :
    PreferenceService(
        graphPermissionChecker = ApiPermissionChecker.alwaysAllow(),
-        setterPermissionChecker = ApiPermissionChecker.alwaysAllow(),
+        setterPermissionChecker =
            AppOpApiPermissionChecker(OP_WRITE_SYSTEM_PREFERENCES, WRITE_SYSTEM_PREFERENCES),
        getterPermissionChecker = ApiPermissionChecker.alwaysAllow(),
        metricsLogger = SettingsRemoteOpMetricsLogger(),
-    ) {
+    )
    override fun onBind(intent: Intent) =
        if (Flags.catalystService()) super.onBind(intent) else null
 }
--- a/src/com/android/settings/service/PreferenceService.kt
+++ b/src/com/android/settings/service/PreferenceService.kt
@@ -16,6 +16,8 @@
 package com.android.settings.service
 import android.Manifest.permission.WRITE_SYSTEM_PREFERENCES
 import android.app.AppOpsManager.OP_WRITE_SYSTEM_PREFERENCES
 import android.os.Binder
 import android.os.OutcomeReceiver
 import android.service.settings.preferences.GetValueRequest
@@ -32,6 +34,7 @@ import com.android.settingslib.graph.PreferenceGetterApiHandler
 import com.android.settingslib.graph.PreferenceGetterFlags
 import com.android.settingslib.graph.PreferenceSetterApiHandler
 import com.android.settingslib.ipc.ApiPermissionChecker
 import com.android.settingslib.ipc.AppOpApiPermissionChecker
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.SupervisorJob
@@ -47,10 +50,15 @@ class PreferenceService : SettingsPreferenceService() {
    init {
        val metricsLogger = SettingsRemoteOpMetricsLogger()
        // PreferenceService specifies READ_SYSTEM_PREFERENCES permission in AndroidManifest.xml
        getApiHandler =
            PreferenceGetterApiHandler(1, ApiPermissionChecker.alwaysAllow(), metricsLogger)
        setApiHandler =
-            PreferenceSetterApiHandler(2, ApiPermissionChecker.alwaysAllow(), metricsLogger)
+            PreferenceSetterApiHandler(
                2,
                AppOpApiPermissionChecker(OP_WRITE_SYSTEM_PREFERENCES, WRITE_SYSTEM_PREFERENCES),
                metricsLogger,
            )
        graphApi =
            GetPreferenceGraphApiHandler(3, ApiPermissionChecker.alwaysAllow(), metricsLogger)
    }