Add websettings API for file origin policy.
Bug: 6212665
Add the API and change the default behavior for Jelly Bean+.
Change-Id: I9a83f510675023c36e2e72c4a69ad082d8124a23
diff --git a/api/current.txt b/api/current.txt
index 233938b5..980423d 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -25470,10 +25470,12 @@
method public void setMimeType(java.lang.String);
}
- public class WebSettings {
+ public abstract class WebSettings {
method public boolean enableSmoothTransition();
method public boolean getAllowContentAccess();
method public boolean getAllowFileAccess();
+ method public abstract boolean getAllowFileAccessFromFileURLs();
+ method public abstract boolean getAllowUniversalAccessFromFileURLs();
method public synchronized boolean getBlockNetworkImage();
method public synchronized boolean getBlockNetworkLoads();
method public boolean getBuiltInZoomControls();
@@ -25515,6 +25517,8 @@
method public synchronized java.lang.String getUserAgentString();
method public void setAllowContentAccess(boolean);
method public void setAllowFileAccess(boolean);
+ method public abstract void setAllowFileAccessFromFileURLs(boolean);
+ method public abstract void setAllowUniversalAccessFromFileURLs(boolean);
method public synchronized void setAppCacheEnabled(boolean);
method public synchronized void setAppCacheMaxSize(long);
method public synchronized void setAppCachePath(java.lang.String);
diff --git a/core/java/android/webkit/WebSettings.java b/core/java/android/webkit/WebSettings.java
index cddd7ab..7ce29aaf 100644
--- a/core/java/android/webkit/WebSettings.java
+++ b/core/java/android/webkit/WebSettings.java
@@ -17,6 +17,7 @@
package android.webkit;
import android.os.Message;
+import android.os.Build;
/**
* Manages settings state for a WebView. When a WebView is first created, it
@@ -29,7 +30,7 @@
// This is (effectively) an abstract base class; concrete WebViewProviders must
// create a class derived from this, and return an instance of it in the
// WebViewProvider.getWebSettingsProvider() method implementation.
-public class WebSettings {
+public abstract class WebSettings {
// TODO: Remove MustOverrideException and make all methods throwing it abstract instead;
// needs API file update.
private static class MustOverrideException extends RuntimeException {
@@ -750,6 +751,29 @@
}
/**
+ * Configure scripting (such as XmlHttpRequest) access from file scheme URLs
+ * to any origin. Note, calling this method with a true argument value also
+ * implies calling setAllowFileAccessFromFileURLs with a true. The default
+ * value is false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
+ * and higher and true otherwise.
+ *
+ . * @param flag True if the WebView should allow scripting access from file
+ * scheme URLs to any origin
+ */
+ public abstract void setAllowUniversalAccessFromFileURLs(boolean flag);
+
+ /**
+ * Configure scripting (such as XmlHttpRequest) access from file scheme URLs
+ * to file origin. The default value is false for API level
+ * {@link android.os.Build.VERSION_CODES#JELLY_BEAN} and higher and true
+ * otherwise.
+ *
+ * @param flag True if the WebView should allow scripting access from file
+ * scheme URLs to file origin
+ */
+ public abstract void setAllowFileAccessFromFileURLs(boolean flag);
+
+ /**
* Tell the WebView to enable plugins.
* @param flag True if the WebView should load plugins.
* @deprecated This method has been deprecated in favor of
@@ -891,6 +915,26 @@
}
/**
+ * Return true if scripting access {see @setAllowUniversalAccessFromFileURLs} from
+ * file URLs to any origin is enabled. The default value is false for API level
+ * {@link android.os.Build.VERSION_CODES#JELLY_BEAN} and higher and true otherwise.
+ *
+ * @return True if the WebView allows scripting access from file scheme requests
+ * to any origin
+ */
+ public abstract boolean getAllowUniversalAccessFromFileURLs();
+
+ /**
+ * Return true if scripting access {see @setAllowFileAccessFromFileURLs} from file
+ * URLs to file origin is enabled. The default value is false for API level
+ * {@link android.os.Build.VERSION_CODES#JELLY_BEAN} and higher, and true otherwise.
+ *
+ * @return True if the WebView allows scripting access from file scheme requests
+ * to file origin
+ */
+ public abstract boolean getAllowFileAccessFromFileURLs();
+
+ /**
* Return true if plugins are enabled.
* @return True if plugins are enabled.
* @deprecated This method has been replaced by {@link #getPluginState}
diff --git a/core/java/android/webkit/WebSettingsClassic.java b/core/java/android/webkit/WebSettingsClassic.java
index 94b46fc..cf3d7e2 100644
--- a/core/java/android/webkit/WebSettingsClassic.java
+++ b/core/java/android/webkit/WebSettingsClassic.java
@@ -72,6 +72,8 @@
private boolean mBlockNetworkImage = false;
private boolean mBlockNetworkLoads;
private boolean mJavaScriptEnabled = false;
+ private boolean mAllowUniversalAccessFromFileURLs = false;
+ private boolean mAllowFileAccessFromFileURLs = false;
private boolean mHardwareAccelSkia = false;
private boolean mShowVisualIndicator = false;
private PluginState mPluginState = PluginState.OFF;
@@ -286,6 +288,13 @@
mBlockNetworkLoads = mContext.checkPermission(
"android.permission.INTERNET", android.os.Process.myPid(),
android.os.Process.myUid()) != PackageManager.PERMISSION_GRANTED;
+
+ // SDK specific settings. See issue 6212665
+ if (mContext.getApplicationInfo().targetSdkVersion <
+ Build.VERSION_CODES.JELLY_BEAN) {
+ mAllowUniversalAccessFromFileURLs = true;
+ mAllowFileAccessFromFileURLs = true;
+ }
}
private static final String ACCEPT_LANG_FOR_US_LOCALE = "en-US";
@@ -1101,6 +1110,28 @@
}
/**
+ * @see android.webkit.WebSettings#setAllowUniversalAccessFromFileURLs
+ */
+ @Override
+ public synchronized void setAllowUniversalAccessFromFileURLs(boolean flag) {
+ if (mAllowUniversalAccessFromFileURLs != flag) {
+ mAllowUniversalAccessFromFileURLs = flag;
+ postSync();
+ }
+ }
+
+ /**
+ * @see android.webkit.WebSettings#setAllowFileAccessFromFileURLs
+ */
+ @Override
+ public synchronized void setAllowFileAccessFromFileURLs(boolean flag) {
+ if (mAllowFileAccessFromFileURLs != flag) {
+ mAllowFileAccessFromFileURLs = flag;
+ postSync();
+ }
+ }
+
+ /**
* Tell the WebView to use Skia's hardware accelerated rendering path
* @param flag True if the WebView should use Skia's hw-accel path
*/
@@ -1324,6 +1355,22 @@
}
/**
+ * @see android.webkit.WebSettings#getAllowUniversalFileAccessFromFileURLs
+ */
+ @Override
+ public synchronized boolean getAllowUniversalAccessFromFileURLs() {
+ return mAllowUniversalAccessFromFileURLs;
+ }
+
+ /**
+ * @see android.webkit.WebSettings#getAllowFileAccessFromFileURLs
+ */
+ @Override
+ public synchronized boolean getAllowFileAccessFromFileURLs() {
+ return mAllowFileAccessFromFileURLs;
+ }
+
+ /**
* @see android.webkit.WebSettings#getPluginsEnabled()
*/
@Override