commit 0ea6dad65eb77f9347a59704b1f8a019cfc9e01f
author Selim Gurun <sgurun@google.com> Thu Mar 29 18:19:01 2012 -0700
committer Selim Gurun <sgurun@google.com> Thu Apr 19 16:38:18 2012 -0700
tree 42f80084648ffd22b98fb610d72b19e7d649c928
parent 3d275af3c3996f80816142628c380f79a9606c51

Add websettings API for file origin policy.

Bug: 6212665

Add the API and change the default behavior for Jelly Bean+.

Change-Id: I9a83f510675023c36e2e72c4a69ad082d8124a23

api/current.txt

diff --git a/api/current.txt b/api/current.txt
index 233938b5..980423d 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -25470,10 +25470,12 @@
     method public void setMimeType(java.lang.String);
   }
 
-  public class WebSettings {
+  public abstract class WebSettings {
     method public boolean enableSmoothTransition();
     method public boolean getAllowContentAccess();
     method public boolean getAllowFileAccess();
+    method public abstract boolean getAllowFileAccessFromFileURLs();
+    method public abstract boolean getAllowUniversalAccessFromFileURLs();
     method public synchronized boolean getBlockNetworkImage();
     method public synchronized boolean getBlockNetworkLoads();
     method public boolean getBuiltInZoomControls();
@@ -25515,6 +25517,8 @@
     method public synchronized java.lang.String getUserAgentString();
     method public void setAllowContentAccess(boolean);
     method public void setAllowFileAccess(boolean);
+    method public abstract void setAllowFileAccessFromFileURLs(boolean);
+    method public abstract void setAllowUniversalAccessFromFileURLs(boolean);
     method public synchronized void setAppCacheEnabled(boolean);
     method public synchronized void setAppCacheMaxSize(long);
     method public synchronized void setAppCachePath(java.lang.String);

core/java/android/webkit/WebSettings.java

diff --git a/core/java/android/webkit/WebSettings.java b/core/java/android/webkit/WebSettings.java
index cddd7ab..7ce29aaf 100644
--- a/core/java/android/webkit/WebSettings.java
+++ b/core/java/android/webkit/WebSettings.java
@@ -17,6 +17,7 @@
 package android.webkit;
 
 import android.os.Message;
+import android.os.Build;
 
 /**
  * Manages settings state for a WebView. When a WebView is first created, it
@@ -29,7 +30,7 @@
 // This is (effectively) an abstract base class; concrete WebViewProviders must
 // create a class derived from this, and return an instance of it in the
 // WebViewProvider.getWebSettingsProvider() method implementation.
-public class WebSettings {
+public abstract class WebSettings {
     // TODO: Remove MustOverrideException and make all methods throwing it abstract instead;
     // needs API file update.
     private static class MustOverrideException extends RuntimeException {
@@ -750,6 +751,29 @@
     }
 
     /**
+     * Configure scripting (such as XmlHttpRequest) access from file scheme URLs
+     * to any origin. Note, calling this method with a true argument value also
+     * implies calling setAllowFileAccessFromFileURLs with a true. The default
+     * value is false for API level {@link android.os.Build.VERSION_CODES#JELLY_BEAN}
+     * and higher and true otherwise.
+     *
+   . * @param flag True if the WebView should allow scripting access from file
+     *                  scheme URLs to any origin
+     */
+    public abstract void setAllowUniversalAccessFromFileURLs(boolean flag);
+
+    /**
+     * Configure scripting (such as XmlHttpRequest) access from file scheme URLs
+     * to file origin. The default value is false for API level
+     * {@link android.os.Build.VERSION_CODES#JELLY_BEAN} and higher and true
+     * otherwise.
+     *
+     * @param flag True if the WebView should allow scripting access from file
+     *                  scheme URLs to file origin
+     */
+    public abstract void setAllowFileAccessFromFileURLs(boolean flag);
+
+    /**
      * Tell the WebView to enable plugins.
      * @param flag True if the WebView should load plugins.
      * @deprecated This method has been deprecated in favor of
@@ -891,6 +915,26 @@
     }
 
     /**
+     * Return true if scripting access {see @setAllowUniversalAccessFromFileURLs} from
+     * file URLs to any origin is enabled. The default value is false for API level
+     * {@link android.os.Build.VERSION_CODES#JELLY_BEAN} and higher and true otherwise.
+     *
+     * @return True if the WebView allows scripting access from file scheme requests
+     *              to any origin
+     */
+    public abstract boolean getAllowUniversalAccessFromFileURLs();
+
+    /**
+     * Return true if scripting access {see @setAllowFileAccessFromFileURLs} from file
+     * URLs to file origin is enabled. The default value is false for API level
+     * {@link android.os.Build.VERSION_CODES#JELLY_BEAN} and higher, and true otherwise.
+     *
+     * @return True if the WebView allows scripting access from file scheme requests
+     *              to file origin
+     */
+    public abstract boolean getAllowFileAccessFromFileURLs();
+
+    /**
      * Return true if plugins are enabled.
      * @return True if plugins are enabled.
      * @deprecated This method has been replaced by {@link #getPluginState}

core/java/android/webkit/WebSettingsClassic.java

diff --git a/core/java/android/webkit/WebSettingsClassic.java b/core/java/android/webkit/WebSettingsClassic.java
index 94b46fc..cf3d7e2 100644
--- a/core/java/android/webkit/WebSettingsClassic.java
+++ b/core/java/android/webkit/WebSettingsClassic.java
@@ -72,6 +72,8 @@
     private boolean         mBlockNetworkImage = false;
     private boolean         mBlockNetworkLoads;
     private boolean         mJavaScriptEnabled = false;
+    private boolean         mAllowUniversalAccessFromFileURLs = false;
+    private boolean         mAllowFileAccessFromFileURLs = false;
     private boolean         mHardwareAccelSkia = false;
     private boolean         mShowVisualIndicator = false;
     private PluginState     mPluginState = PluginState.OFF;
@@ -286,6 +288,13 @@
         mBlockNetworkLoads = mContext.checkPermission(
                 "android.permission.INTERNET", android.os.Process.myPid(),
                 android.os.Process.myUid()) != PackageManager.PERMISSION_GRANTED;
+
+        // SDK specific settings. See issue 6212665
+        if (mContext.getApplicationInfo().targetSdkVersion <
+                Build.VERSION_CODES.JELLY_BEAN) {
+            mAllowUniversalAccessFromFileURLs = true;
+            mAllowFileAccessFromFileURLs = true;
+        }
     }
 
     private static final String ACCEPT_LANG_FOR_US_LOCALE = "en-US";
@@ -1101,6 +1110,28 @@
     }
 
     /**
+     * @see android.webkit.WebSettings#setAllowUniversalAccessFromFileURLs
+     */
+    @Override
+    public synchronized void setAllowUniversalAccessFromFileURLs(boolean flag) {
+        if (mAllowUniversalAccessFromFileURLs != flag) {
+            mAllowUniversalAccessFromFileURLs = flag;
+            postSync();
+        }
+    }
+
+    /**
+     * @see android.webkit.WebSettings#setAllowFileAccessFromFileURLs
+     */
+    @Override
+    public synchronized void setAllowFileAccessFromFileURLs(boolean flag) {
+        if (mAllowFileAccessFromFileURLs != flag) {
+            mAllowFileAccessFromFileURLs = flag;
+            postSync();
+        }
+    }
+
+    /**
      * Tell the WebView to use Skia's hardware accelerated rendering path
      * @param flag True if the WebView should use Skia's hw-accel path
      */
@@ -1324,6 +1355,22 @@
     }
 
     /**
+     * @see android.webkit.WebSettings#getAllowUniversalFileAccessFromFileURLs
+     */
+    @Override
+    public synchronized boolean getAllowUniversalAccessFromFileURLs() {
+        return mAllowUniversalAccessFromFileURLs;
+    }
+
+    /**
+     * @see android.webkit.WebSettings#getAllowFileAccessFromFileURLs
+     */
+    @Override
+    public synchronized boolean getAllowFileAccessFromFileURLs() {
+        return mAllowFileAccessFromFileURLs;
+    }
+
+    /**
      * @see android.webkit.WebSettings#getPluginsEnabled()
      */
     @Override