Add overlay for Instant Apps Settings whitelists
Some non-platform settings may need to be exposed to Instant Apps. To
enable that config_allowed{Global,System,Secure}InstantAppSettings has
been added to supplement the hardcoded platform whitelist in Settings.
Bug: 37765840
Test: Run instant app from b/37765840
Change-Id: Ie1e9c645068db1d3d961d2f597c6ee2dfa158843
diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
index 48429e8..4b304b2 100644
--- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
+++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
@@ -35,6 +35,7 @@
import android.content.pm.ResolveInfo;
import android.content.pm.ServiceInfo;
import android.content.pm.UserInfo;
+import android.content.res.Resources;
import android.database.Cursor;
import android.database.MatrixCursor;
import android.database.sqlite.SQLiteDatabase;
@@ -185,6 +186,26 @@
private static final Bundle NULL_SETTING_BUNDLE = Bundle.forPair(
Settings.NameValueTable.VALUE, null);
+ // Overlay specified settings whitelisted for Instant Apps
+ private static final Set<String> OVERLAY_ALLOWED_GLOBAL_INSTANT_APP_SETTINGS = new ArraySet<>();
+ private static final Set<String> OVERLAY_ALLOWED_SYSTEM_INSTANT_APP_SETTINGS = new ArraySet<>();
+ private static final Set<String> OVERLAY_ALLOWED_SECURE_INSTANT_APP_SETTINGS = new ArraySet<>();
+
+ static {
+ for (String name : Resources.getSystem().getStringArray(
+ com.android.internal.R.array.config_allowedGlobalInstantAppSettings)) {
+ OVERLAY_ALLOWED_GLOBAL_INSTANT_APP_SETTINGS.add(name);
+ }
+ for (String name : Resources.getSystem().getStringArray(
+ com.android.internal.R.array.config_allowedSystemInstantAppSettings)) {
+ OVERLAY_ALLOWED_SYSTEM_INSTANT_APP_SETTINGS.add(name);
+ }
+ for (String name : Resources.getSystem().getStringArray(
+ com.android.internal.R.array.config_allowedSecureInstantAppSettings)) {
+ OVERLAY_ALLOWED_SECURE_INSTANT_APP_SETTINGS.add(name);
+ }
+ }
+
// Changes to these global settings are synchronously persisted
private static final Set<String> CRITICAL_GLOBAL_SETTINGS = new ArraySet<>();
static {
@@ -1629,6 +1650,19 @@
}
}
+ private Set<String> getOverlayInstantAppAccessibleSettings(int settingsType) {
+ switch (settingsType) {
+ case SETTINGS_TYPE_GLOBAL:
+ return OVERLAY_ALLOWED_GLOBAL_INSTANT_APP_SETTINGS;
+ case SETTINGS_TYPE_SYSTEM:
+ return OVERLAY_ALLOWED_SYSTEM_INSTANT_APP_SETTINGS;
+ case SETTINGS_TYPE_SECURE:
+ return OVERLAY_ALLOWED_SECURE_INSTANT_APP_SETTINGS;
+ default:
+ throw new IllegalArgumentException("Invalid settings type: " + settingsType);
+ }
+ }
+
private List<String> getSettingsNamesLocked(int settingsType, int userId) {
boolean instantApp;
if (UserHandle.getAppId(Binder.getCallingUid()) < Process.FIRST_APPLICATION_UID) {
@@ -1652,7 +1686,8 @@
if (!ai.isInstantApp()) {
return;
}
- if (!getInstantAppAccessibleSettings(settingsType).contains(settingName)) {
+ if (!getInstantAppAccessibleSettings(settingsType).contains(settingName)
+ && !getOverlayInstantAppAccessibleSettings(settingsType).contains(settingName)) {
throw new SecurityException("Setting " + settingName + " is not accessible from"
+ " ephemeral package " + getCallingPackage());
}