Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 433a58d6 authored by Hai Zhang's avatar Hai Zhang
Browse files

Simulate installer denying USE_FULL_SCREEN_INTENT unless allowlisted. 

Pre-installed (i.e. system) apps are automatically considered
allowlisted.

Note that the change can't be made in PackageInstaller because we need
to know the package name but that's unavailable before the install.

Bug: 277104139
Test: manual
Change-Id: I6c48483cf1681313203269025fbab51f54b8cbf0
parent cc96b1e8

core/res/res/values/config.xml

+3 −0
Original line number Original line Diff line number Diff line
@@ -1373,6 +1373,9 @@ 
    <!-- Number of notifications to keep in the notification service historical archive -->

    <!-- Number of notifications to keep in the notification service historical archive -->

    <integer name="config_notificationServiceArchiveSize">100</integer>

    <integer name="config_notificationServiceArchiveSize">100</integer>





    <!-- List of packages that will be able to use full screen intent in notifications by default -->

    <string-array name="config_useFullScreenIntentPackages" translatable="false" />



    <!-- Allow the menu hard key to be disabled in LockScreen on some devices -->

    <!-- Allow the menu hard key to be disabled in LockScreen on some devices -->

    <bool name="config_disableMenuKeyInLockScreen">false</bool>

    <bool name="config_disableMenuKeyInLockScreen">false</bool>

core/res/res/values/symbols.xml

+1 −0
Original line number Original line Diff line number Diff line
@@ -2017,6 +2017,7 @@ 
  <java-symbol type="integer" name="config_notificationsBatteryMediumARGB" />

  <java-symbol type="integer" name="config_notificationsBatteryMediumARGB" />

  <java-symbol type="integer" name="config_notificationsBatteryNearlyFullLevel" />

  <java-symbol type="integer" name="config_notificationsBatteryNearlyFullLevel" />

  <java-symbol type="integer" name="config_notificationServiceArchiveSize" />

  <java-symbol type="integer" name="config_notificationServiceArchiveSize" />

  <java-symbol type="array" name="config_useFullScreenIntentPackages" />

  <java-symbol type="integer" name="config_previousVibrationsDumpLimit" />

  <java-symbol type="integer" name="config_previousVibrationsDumpLimit" />

  <java-symbol type="integer" name="config_defaultVibrationAmplitude" />

  <java-symbol type="integer" name="config_defaultVibrationAmplitude" />

  <java-symbol type="dimen" name="config_hapticChannelMaxVibrationAmplitude" />

  <java-symbol type="dimen" name="config_hapticChannelMaxVibrationAmplitude" />

services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java

+21 −0
Original line number Original line Diff line number Diff line
@@ -23,6 +23,7 @@ import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; 
import static android.app.AppOpsManager.MODE_ALLOWED;

import static android.app.AppOpsManager.MODE_ALLOWED;

import static android.app.AppOpsManager.MODE_ERRORED;

import static android.app.AppOpsManager.MODE_ERRORED;

import static android.content.pm.PackageInstaller.SessionParams.PERMISSION_STATE_DEFAULT;

import static android.content.pm.PackageInstaller.SessionParams.PERMISSION_STATE_DEFAULT;

import static android.content.pm.PackageInstaller.SessionParams.PERMISSION_STATE_DENIED;

import static android.content.pm.PackageInstaller.SessionParams.PERMISSION_STATE_GRANTED;

import static android.content.pm.PackageInstaller.SessionParams.PERMISSION_STATE_GRANTED;

import static android.content.pm.PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT;

import static android.content.pm.PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT;

import static android.content.pm.PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION;

import static android.content.pm.PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION;
@@ -3655,6 +3656,26 @@ public class PermissionManagerServiceImpl implements PermissionManagerServiceInt 




        for (String permission : pkg.getRequestedPermissions()) {

        for (String permission : pkg.getRequestedPermissions()) {

            Integer permissionState = permissionStates.get(permission);

            Integer permissionState = permissionStates.get(permission);



            if (Objects.equals(permission, Manifest.permission.USE_FULL_SCREEN_INTENT)

                    && permissionState == null) {

                final PackageStateInternal ps;

                final long token = Binder.clearCallingIdentity();

                try {

                    ps = mPackageManagerInt.getPackageStateInternal(pkg.getPackageName());

                } finally {

                    Binder.restoreCallingIdentity(token);

                }

                final String[] useFullScreenIntentPackageNames =

                        mContext.getResources().getStringArray(

                                com.android.internal.R.array.config_useFullScreenIntentPackages);

                final boolean canUseFullScreenIntent = (ps != null && ps.isSystem())

                        || ArrayUtils.contains(useFullScreenIntentPackageNames,

                                pkg.getPackageName());

                permissionState = canUseFullScreenIntent ? PERMISSION_STATE_GRANTED

                        : PERMISSION_STATE_DENIED;

            }



            if (permissionState == null || permissionState == PERMISSION_STATE_DEFAULT) {

            if (permissionState == null || permissionState == PERMISSION_STATE_DEFAULT) {

                continue;

                continue;

            }

            }