Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1127f891 authored by Nate Myren's avatar Nate Myren
Browse files

Check for REVIEW_REQUIRED when determining Notification Access 

Fixes: 216812098
Test: PermissionHelperTest
Change-Id: I91d3dcca3c8aa352353ecfcd493da9ab2ab6edf8
parent 1ce97f91

services/core/java/com/android/server/notification/PermissionHelper.java

+3 −2
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ package com.android.server.notification; 
import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;

import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET;

import static android.content.pm.PackageManager.GET_PERMISSIONS;

import static android.permission.PermissionManager.PERMISSION_GRANTED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;



import android.Manifest;

import android.annotation.NonNull;
@@ -77,7 +77,8 @@ public final class PermissionHelper { 
        assertFlag();

        final long callingId = Binder.clearCallingIdentity();

        try {

            return mPmi.checkUidPermission(uid, NOTIFICATION_PERMISSION) == PERMISSION_GRANTED;

            return mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(uid)

                    == PERMISSION_GRANTED;

        } finally {

            Binder.restoreCallingIdentity(callingId);

        }

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+16 −0
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
package com.android.server.pm.permission;



import static android.Manifest.permission.CAPTURE_AUDIO_HOTWORD;

import static android.Manifest.permission.POST_NOTIFICATIONS;

import static android.Manifest.permission.RECORD_AUDIO;

import static android.Manifest.permission.UPDATE_APP_OPS_STATS;

import static android.app.AppOpsManager.ATTRIBUTION_CHAIN_ID_NONE;
@@ -607,6 +608,21 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
            return PermissionManagerService.this.checkUidPermission(uid, permissionName);

        }



        @Override

        public int checkPostNotificationsPermissionGrantedOrLegacyAccess(int uid) {

            int granted = PermissionManagerService.this.checkUidPermission(uid,

                    POST_NOTIFICATIONS);

            AndroidPackage pkg = mPackageManagerInt.getPackage(uid);

            if (granted != PermissionManager.PERMISSION_GRANTED) {

                int flags = PermissionManagerService.this.getPermissionFlags(pkg.getPackageName(),

                        POST_NOTIFICATIONS, UserHandle.getUserId(uid));

                if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) {

                    return PermissionManager.PERMISSION_GRANTED;

                }

            }

            return granted;

        }



        @Override

        public void startShellPermissionIdentityDelegation(int uid, @NonNull String packageName,

                @Nullable List<String> permissionNames) {

services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java

+11 −0
Original line number Diff line number Diff line
@@ -62,6 +62,17 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter 
    //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)

    int checkUidPermission(int uid, @NonNull String permissionName);



    /**

     * Check whether a particular UID has been granted the POST_NOTIFICATIONS permission, or if

     * access should be granted based on legacy access (currently symbolized by the REVIEW_REQUIRED

     * permission flag

     *

     * @param uid the UID

     * @return {@code PERMISSION_GRANTED} if the permission is granted, or legacy access is granted,

     *         {@code PERMISSION_DENIED} otherwise

     */

    int checkPostNotificationsPermissionGrantedOrLegacyAccess(int uid);



    /**

     * Adds a listener for runtime permission state (permissions or flags) changes.

     *

services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java

+5 −5
Original line number Diff line number Diff line
@@ -20,8 +20,8 @@ import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; 
import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;

import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET;

import static android.content.pm.PackageManager.GET_PERMISSIONS;

import static android.permission.PermissionManager.PERMISSION_GRANTED;

import static android.permission.PermissionManager.PERMISSION_SOFT_DENIED;

import static android.content.pm.PackageManager.PERMISSION_DENIED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;



import static com.google.common.truth.Truth.assertThat;
@@ -130,13 +130,13 @@ public class PermissionHelperTest extends UiServiceTestCase { 


    @Test

    public void testHasPermission() throws Exception {

        when(mPmi.checkUidPermission(anyInt(), eq(Manifest.permission.POST_NOTIFICATIONS)))

        when(mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(anyInt()))

                .thenReturn(PERMISSION_GRANTED);



        assertThat(mPermissionHelper.hasPermission(1)).isTrue();



        when(mPmi.checkUidPermission(anyInt(), eq(Manifest.permission.POST_NOTIFICATIONS)))

                .thenReturn(PERMISSION_SOFT_DENIED);

        when(mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(anyInt()))

                .thenReturn(PERMISSION_DENIED);



        assertThat(mPermissionHelper.hasPermission(1)).isFalse();

    }