Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 10baa393 authored by Iavor-Valentin Iftime's avatar Iavor-Valentin Iftime Committed by Automerger Merge Worker
Browse files

Merge "Verify URI permission for channel sound update from... 

Merge "Verify URI permission for channel sound update from NotificationListenerService" into tm-dev am: 77fdb470

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/26230695



Change-Id: I79c08df979d5f317a892ae2f5d0f5ac0febf9372
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 3365b56c 77fdb470

services/core/java/com/android/server/notification/NotificationManagerService.java

+22 −0
Original line number Diff line number Diff line
@@ -5625,6 +5625,10 @@ public class NotificationManagerService extends SystemService { 
            Objects.requireNonNull(user);















            verifyPrivilegedListener(token, user, false);

























            final NotificationChannel originalChannel = mPreferencesHelper.getNotificationChannel(













                    pkg, getUidForPackageAndUser(pkg, user), channel.getId(), true);













            verifyPrivilegedListenerUriPermission(Binder.getCallingUid(), channel, originalChannel);















            updateNotificationChannelInt(pkg, getUidForPackageAndUser(pkg, user), channel, true);















        }
























@@ -5716,6 +5720,24 @@ public class NotificationManagerService extends SystemService {













            }















        }



























        private void verifyPrivilegedListenerUriPermission(int sourceUid,













                @NonNull NotificationChannel updateChannel,













                @Nullable NotificationChannel originalChannel) {













            // Check that the NLS has the required permissions to access the channel













            final Uri soundUri = updateChannel.getSound();













            final Uri originalSoundUri =













                    (originalChannel != null) ? originalChannel.getSound() : null;













            if (soundUri != null && !Objects.equals(originalSoundUri, soundUri)) {













                Binder.withCleanCallingIdentity(() -> {













                    mUgmInternal.checkGrantUriPermission(sourceUid, null,













                            ContentProvider.getUriWithoutUserId(soundUri),













                            Intent.FLAG_GRANT_READ_URI_PERMISSION,













                            ContentProvider.getUserIdFromUri(soundUri,













                            UserHandle.getUserId(sourceUid)));













                });













            }













        }



























        private int getUidForPackageAndUser(String pkg, UserHandle user) throws RemoteException {















            int uid = INVALID_UID;















            final long identity = Binder.clearCallingIdentity();

































services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java



+63
−0




























Original line number
Diff line number
Diff line








@@ -3196,6 +3196,69 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {













                eq(NotificationListenerService.NOTIFICATION_CHANNEL_OR_GROUP_UPDATED));















    }





























    @Test













    public void testUpdateNotificationChannelFromPrivilegedListener_noSoundUriPermission()













            throws Exception {













        mService.setPreferencesHelper(mPreferencesHelper);













        when(mCompanionMgr.getAssociations(PKG, UserHandle.getUserId(mUid)))













                .thenReturn(singletonList(mock(AssociationInfo.class)));













        when(mPreferencesHelper.getNotificationChannel(eq(PKG), anyInt(),













                eq(mTestNotificationChannel.getId()), anyBoolean()))













                .thenReturn(mTestNotificationChannel);



























        final Uri soundUri = Uri.parse("content://media/test/sound/uri");













        final NotificationChannel updatedNotificationChannel = new NotificationChannel(













                TEST_CHANNEL_ID, TEST_CHANNEL_ID, IMPORTANCE_DEFAULT);













        updatedNotificationChannel.setSound(soundUri,













                updatedNotificationChannel.getAudioAttributes());



























        doThrow(new SecurityException("no access")).when(mUgmInternal)













                .checkGrantUriPermission(eq(Process.myUid()), any(), eq(soundUri),













                anyInt(), eq(Process.myUserHandle().getIdentifier()));



























        assertThrows(SecurityException.class,













                () -> mBinderService.updateNotificationChannelFromPrivilegedListener(null, PKG,













                Process.myUserHandle(), updatedNotificationChannel));



























        verify(mPreferencesHelper, never()).updateNotificationChannel(













                anyString(), anyInt(), any(), anyBoolean());



























        verify(mListeners, never()).notifyNotificationChannelChanged(eq(PKG),













                eq(Process.myUserHandle()), eq(mTestNotificationChannel),













                eq(NotificationListenerService.NOTIFICATION_CHANNEL_OR_GROUP_UPDATED));













    }



























    @Test













    public void testUpdateNotificationChannelFromPrivilegedListener_noSoundUriPermission_sameSound()













            throws Exception {













        mService.setPreferencesHelper(mPreferencesHelper);













        when(mCompanionMgr.getAssociations(PKG, UserHandle.getUserId(mUid)))













                .thenReturn(singletonList(mock(AssociationInfo.class)));













        when(mPreferencesHelper.getNotificationChannel(eq(PKG), anyInt(),













                eq(mTestNotificationChannel.getId()), anyBoolean()))













                .thenReturn(mTestNotificationChannel);



























        final Uri soundUri = Settings.System.DEFAULT_NOTIFICATION_URI;













        final NotificationChannel updatedNotificationChannel = new NotificationChannel(













                TEST_CHANNEL_ID, TEST_CHANNEL_ID, IMPORTANCE_DEFAULT);













        updatedNotificationChannel.setSound(soundUri,













                updatedNotificationChannel.getAudioAttributes());



























        doThrow(new SecurityException("no access")).when(mUgmInternal)













                .checkGrantUriPermission(eq(Process.myUid()), any(), eq(soundUri),













                    anyInt(), eq(Process.myUserHandle().getIdentifier()));



























        mBinderService.updateNotificationChannelFromPrivilegedListener(













                null, PKG, Process.myUserHandle(), updatedNotificationChannel);



























        verify(mPreferencesHelper, times(1)).updateNotificationChannel(













                anyString(), anyInt(), any(), anyBoolean());



























        verify(mListeners, never()).notifyNotificationChannelChanged(eq(PKG),













                eq(Process.myUserHandle()), eq(mTestNotificationChannel),













                eq(NotificationListenerService.NOTIFICATION_CHANNEL_OR_GROUP_UPDATED));













    }





























    @Test















    public void testGetNotificationChannelFromPrivilegedListener_cdm_success() throws Exception {















        mService.setPreferencesHelper(mPreferencesHelper);