Revert "Parse DeviceConfig content provider canary set allowlist"
This reverts commit 7d4ba4d8a082d309764876630588fc2ea45d6ba6.
Reason for revert: checking if this breaks builds
abtd run: https://android-build.googleplex.com/builds/abtd/run/L92700000961651924
Bug: 289176634
Change-Id: I2ba774c1b83ac67e48b9976dad553cf2416bd71a
diff --git a/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxManagerService.java b/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxManagerService.java
index 6f1a365..be45f88 100644
--- a/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxManagerService.java
+++ b/sdksandbox/service/java/com/android/server/sdksandbox/SdkSandboxManagerService.java
@@ -216,6 +216,8 @@
private static final String PROPERTY_DISABLE_SDK_SANDBOX = "disable_sdk_sandbox";
private static final String PROPERTY_CUSTOMIZED_SDK_CONTEXT_ENABLED =
"sdksandbox_customized_sdk_context_enabled";
+ private static final String PROPERTY_CONTENTPROVIDER_ALLOWLIST =
+ "contentprovider_allowlist_per_targetSdkVersion";
private static final String PROPERTY_SERVICES_ALLOWLIST =
"services_allowlist_per_targetSdkVersion";
@@ -240,13 +242,6 @@
private static final boolean DEFAULT_VALUE_ENFORCE_CONTENT_PROVIDER_RESTRICTIONS = false;
- private static final String PROPERTY_CONTENTPROVIDER_ALLOWLIST =
- "contentprovider_allowlist_per_targetSdkVersion";
-
- // Property indicating the ContentProvider canary allowlist.
- private static final String PROPERTY_NEXT_CONTENTPROVIDER_ALLOWLIST =
- "next_contentprovider_allowlist";
-
private static final String WEBVIEW_DEVELOPER_MODE_CONTENT_PROVIDER =
"DeveloperModeContentProvider";
@@ -1751,10 +1746,6 @@
PROPERTY_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS,
DEFAULT_VALUE_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS);
- @GuardedBy("mLock")
- private AllowedContentProviders mNextContentProviderAllowlist =
- getNextContentProviderDeviceConfigAllowlist();
-
SdkSandboxSettingsListener(Context context) {
mContext = context;
}
@@ -1831,12 +1822,6 @@
}
}
- AllowedContentProviders getNextContentProviderAllowlist() {
- synchronized (mLock) {
- return mNextContentProviderAllowlist;
- }
- }
-
@Override
public void onPropertiesChanged(@NonNull DeviceConfig.Properties properties) {
synchronized (mLock) {
@@ -1887,10 +1872,6 @@
PROPERTY_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS,
DEFAULT_VALUE_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS);
break;
- case PROPERTY_NEXT_CONTENTPROVIDER_ALLOWLIST:
- mNextContentProviderAllowlist =
- getNextContentProviderDeviceConfigAllowlist();
- break;
default:
}
}
@@ -1960,25 +1941,6 @@
}
return new ArrayMap<>();
}
-
- private static AllowedContentProviders getNextContentProviderDeviceConfigAllowlist() {
- final byte[] decode = getDecodedPropertyValue(PROPERTY_NEXT_CONTENTPROVIDER_ALLOWLIST);
-
- // Content providers are restricted by default. If the property is not set, or it is an
- // empty string, there are no content providers to allowlist.
- if (Objects.isNull(decode)) {
- return null;
- }
-
- AllowedContentProviders allowedContentProvidersProto = null;
- try {
- allowedContentProvidersProto = AllowedContentProviders.parseFrom(decode);
- } catch (Exception e) {
- Log.e(TAG, "Could not parse content provider canary allowlist " + e);
- }
-
- return allowedContentProvidersProto;
- }
}
static class SdkSandboxDisabledCallback extends ISdkSandboxDisabledCallback.Stub {
@@ -2458,16 +2420,6 @@
}
synchronized (mLock) {
- if (mSdkSandboxSettingsListener.applySdkSandboxRestrictionsNext()) {
- if (mSdkSandboxSettingsListener.getNextContentProviderAllowlist() != null) {
- contentProviderAuthoritiesAllowlist.addAll(
- mSdkSandboxSettingsListener
- .getNextContentProviderAllowlist()
- .getAuthoritiesList());
- }
- return contentProviderAuthoritiesAllowlist;
- }
-
Map<Integer, AllowedContentProviders> contentProviderAllowlistPerTargetSdkVersion =
mSdkSandboxSettingsListener.getContentProviderAllowlistPerTargetSdkVersion();
// TODO: Filter out the allowlist based on targetSdkVersion.
diff --git a/sdksandbox/tests/hostsidetests/ContentProviderRestrictionsHostTest/app/src/com/android/tests/sdksandbox/ContentProviderRestrictionsTestApp.java b/sdksandbox/tests/hostsidetests/ContentProviderRestrictionsHostTest/app/src/com/android/tests/sdksandbox/ContentProviderRestrictionsTestApp.java
index d53405e..7c0101f 100644
--- a/sdksandbox/tests/hostsidetests/ContentProviderRestrictionsHostTest/app/src/com/android/tests/sdksandbox/ContentProviderRestrictionsTestApp.java
+++ b/sdksandbox/tests/hostsidetests/ContentProviderRestrictionsHostTest/app/src/com/android/tests/sdksandbox/ContentProviderRestrictionsTestApp.java
@@ -55,16 +55,6 @@
private static final String PROPERTY_CONTENTPROVIDER_ALLOWLIST =
"contentprovider_allowlist_per_targetSdkVersion";
- // Keep the value consistent with
- // SdkSandboxManagerService.PROPERTY_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS.
- private static final String PROPERTY_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS =
- "apply_sdk_sandbox_next_restrictions";
-
- // Keep the value consistent with
- // SdkSandboxManagerService.PROPERTY_NEXT_CONTENTPROVIDER_ALLOWLIST.
- private static final String PROPERTY_NEXT_CONTENTPROVIDER_ALLOWLIST =
- "next_contentprovider_allowlist";
-
private static final String SDK_PACKAGE =
"com.android.tests.sdkprovider.restrictions.contentproviders";
@@ -75,8 +65,6 @@
private String mInitialContentProviderRestrictionValue;
private String mInitialContentProviderAllowlistValue;
- private String mInitialApplyNextContentProviderAllowlistValue;
- private String mInitialNextContentProviderAllowlistValue;
@Before
public void setup() {
@@ -94,13 +82,6 @@
mInitialContentProviderAllowlistValue =
DeviceConfig.getProperty(
DeviceConfig.NAMESPACE_ADSERVICES, PROPERTY_CONTENTPROVIDER_ALLOWLIST);
- mInitialApplyNextContentProviderAllowlistValue =
- DeviceConfig.getProperty(
- DeviceConfig.NAMESPACE_ADSERVICES,
- PROPERTY_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS);
- mInitialNextContentProviderAllowlistValue =
- DeviceConfig.getProperty(
- DeviceConfig.NAMESPACE_ADSERVICES, PROPERTY_NEXT_CONTENTPROVIDER_ALLOWLIST);
// Greedily unload SDK to reduce flakiness
mSdkSandboxManager.unloadSdk(SDK_PACKAGE);
@@ -120,18 +101,6 @@
mInitialContentProviderAllowlistValue,
/*makeDefault=*/ false);
- DeviceConfig.setProperty(
- DeviceConfig.NAMESPACE_ADSERVICES,
- PROPERTY_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS,
- mInitialApplyNextContentProviderAllowlistValue,
- /*makeDefault=*/ false);
-
- DeviceConfig.setProperty(
- DeviceConfig.NAMESPACE_ADSERVICES,
- PROPERTY_NEXT_CONTENTPROVIDER_ALLOWLIST,
- mInitialNextContentProviderAllowlistValue,
- /*makeDefault=*/ false);
-
InstrumentationRegistry.getInstrumentation()
.getUiAutomation()
.dropShellPermissionIdentity();
@@ -231,62 +200,6 @@
"com.android.blockednumber"));
}
- @Test
- public void testGetContentProvider_DeviceConfigNextAllowlistApplied() throws Exception {
- mRule.getScenario();
-
- DeviceConfig.setProperty(
- DeviceConfig.NAMESPACE_ADSERVICES,
- ENFORCE_CONTENT_PROVIDER_RESTRICTIONS,
- "true",
- /*makeDefault=*/ false);
-
- DeviceConfig.setProperty(
- DeviceConfig.NAMESPACE_ADSERVICES,
- PROPERTY_APPLY_SDK_SANDBOX_NEXT_RESTRICTIONS,
- "true",
- /*makeDefault=*/ false);
-
- // Base64 encoded proto AllowedContentProviders containing the string
- // 'com.android.textclassifier.icons'
- final String encodedNextAllowlist = "CiBjb20uYW5kcm9pZC50ZXh0Y2xhc3NpZmllci5pY29ucw==";
- // Set the canary set.
- DeviceConfig.setProperty(
- DeviceConfig.NAMESPACE_ADSERVICES,
- PROPERTY_NEXT_CONTENTPROVIDER_ALLOWLIST,
- encodedNextAllowlist,
- false);
-
- // Base64 encoded proto ContentProviderAllowlists containing mappings to the string
- // 'com.android.textclassifier.icons' and 'user_dictionary'.
- final String encodedAllowlist =
- "CjcIIhIzCiBjb20uYW5kcm9pZC50ZXh0Y2xhc3NpZmllci5pY29ucwoPdXNlcl9kaWN0aW9uYXJ5";
- // Also set the non-canary allowlist to verify that this allowlist is not applied when the
- // canary flag is set.
- DeviceConfig.setProperty(
- DeviceConfig.NAMESPACE_ADSERVICES,
- PROPERTY_CONTENTPROVIDER_ALLOWLIST,
- encodedAllowlist,
- false);
-
- final FakeLoadSdkCallback callback = new FakeLoadSdkCallback();
- mSdkSandboxManager.loadSdk(SDK_PACKAGE, new Bundle(), Runnable::run, callback);
- callback.assertLoadSdkIsSuccessful();
- final SandboxedSdk sandboxedSdk = callback.getSandboxedSdk();
-
- final IBinder binder = sandboxedSdk.getInterface();
- final IContentProvidersSdkApi contentProvidersSdkApi =
- IContentProvidersSdkApi.Stub.asInterface(binder);
-
- contentProvidersSdkApi.getContentProviderByAuthority("com.android.textclassifier.icons");
- assertThrows(SecurityException.class, () -> contentProvidersSdkApi.getContentProvider());
- assertThrows(
- SecurityException.class,
- () ->
- contentProvidersSdkApi.getContentProviderByAuthority(
- "com.android.blockednumber"));
- }
-
@Test(expected = Test.None.class /* no exception expected */)
public void testGetWebViewContentProvider_restrictionsApplied() throws Exception {
mRule.getScenario();
diff --git a/sdksandbox/tests/hostsidetests/ContentProviderRestrictionsHostTest/src/com/android/tests/sdksandbox/host/ContentProviderRestrictionsHostTest.java b/sdksandbox/tests/hostsidetests/ContentProviderRestrictionsHostTest/src/com/android/tests/sdksandbox/host/ContentProviderRestrictionsHostTest.java
index 3868db1..e26da35 100644
--- a/sdksandbox/tests/hostsidetests/ContentProviderRestrictionsHostTest/src/com/android/tests/sdksandbox/host/ContentProviderRestrictionsHostTest.java
+++ b/sdksandbox/tests/hostsidetests/ContentProviderRestrictionsHostTest/src/com/android/tests/sdksandbox/host/ContentProviderRestrictionsHostTest.java
@@ -65,7 +65,6 @@
@Test
public void testGetContentProvider_DeviceConfigAllowlistApplied() throws Exception {
runPhase("testGetContentProvider_DeviceConfigAllowlistApplied");
- runPhase("testGetContentProvider_DeviceConfigNextAllowlistApplied");
}
@Test