Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3584b563 authored by Guojing Yuan's avatar Guojing Yuan
Browse files

Fix setNotificationPolicyAccessGranted caller checks 

Instead of enforcing SYSTEM_UID or SHELL_UID, the caller can just be also holding MANAGE_NOTIFICATIONS

Fix: 441819778
Flag: EXEMPT bugfix
Test: Unit tests
Change-Id: I6ec3eb79f9a9ae2bab8a6cf5c6f87cb1e0277aa7
parent 047c1899

services/core/java/com/android/server/notification/NotificationManagerService.java

+10 −1
Original line number Diff line number Diff line
@@ -6992,7 +6992,16 @@ public class NotificationManagerService extends SystemService { 
        @Override

        public void setNotificationPolicyAccessGrantedForUser(

                String pkg, int userId, boolean granted) {

            checkCallerIsSystemOrShell();

            if (UserHandle.getCallingUserId() != userId) {

                getContext().enforceCallingOrSelfPermission(

                        android.Manifest.permission.INTERACT_ACROSS_USERS,

                        "setNotificationPolicyAccessGrantedForUser for user " + userId);

            }

            if (!isCallerSystemOrSystemUiOrShell()) {

                getContext().enforceCallingPermission(

                        android.Manifest.permission.MANAGE_NOTIFICATIONS,

                        "setNotificationPolicyAccessGrantedForUser");

            }

            final long identity = Binder.clearCallingIdentity();

            try {

                if (mAllowedManagedServicePackages.test(