Merge "Cleanup flag for notification sound Uri permission check" into main

import android.app.Notification;

import android.app.NotificationChannel;

import android.app.Person;

import android.content.ContentProvider;

import android.content.ContentResolver;

import android.content.Context;

import android.content.Intent;

import android.content.pm.PackageManager;

import android.content.pm.PackageManagerInternal;

import android.content.pm.ShortcutInfo;

import android.media.AudioSystem;

import android.metrics.LogMaker;

import android.net.Uri;

import android.os.Binder;

import android.os.Build;

import android.os.Bundle;

import android.os.IBinder;

            final Notification notification = getNotification();

            notification.visitUris((uri) -> {

                if (com.android.server.notification.Flags.notificationVerifyChannelSoundUri()) {

                visitGrantableUri(uri, false, false);

                } else {

                    oldVisitGrantableUri(uri, false, false);

                }

            });

            if (notification.getChannelId() != null) {

                NotificationChannel channel = getChannel();

                if (channel != null) {

                    if (com.android.server.notification.Flags.notificationVerifyChannelSoundUri()) {

                    visitGrantableUri(channel.getSound(), (channel.getUserLockedFields()

                            & NotificationChannel.USER_LOCKED_SOUND) != 0, true);

                    } else {

                        oldVisitGrantableUri(channel.getSound(), (channel.getUserLockedFields()

                                & NotificationChannel.USER_LOCKED_SOUND) != 0, true);

                    }

                }

            }

        } finally {

        }

    }

    /**

     * Note the presence of a {@link Uri} that should have permission granted to

     * whoever will be rendering it.

     * <p>

     * If the enqueuing app has the ability to grant access, it will be added to

     * {@link #mGrantableUris}. Otherwise, this will either log or throw

     * {@link SecurityException} depending on target SDK of enqueuing app.

     */

    private void oldVisitGrantableUri(Uri uri, boolean userOverriddenUri, boolean isSound) {

        if (uri == null || !ContentResolver.SCHEME_CONTENT.equals(uri.getScheme())) return;

        if (mGrantableUris != null && mGrantableUris.contains(uri)) {

            return; // already verified this URI

        }

        final int sourceUid = getSbn().getUid();

        final long ident = Binder.clearCallingIdentity();

        try {

            // This will throw a SecurityException if the caller can't grant.

            mUgmInternal.checkGrantUriPermission(sourceUid, null,

                    ContentProvider.getUriWithoutUserId(uri),

                    Intent.FLAG_GRANT_READ_URI_PERMISSION,

                    ContentProvider.getUserIdFromUri(uri, UserHandle.getUserId(sourceUid)));

            if (mGrantableUris == null) {

                mGrantableUris = new ArraySet<>();

            }

            mGrantableUris.add(uri);

        } catch (SecurityException e) {

            if (!userOverriddenUri) {

                if (isSound) {

                    mSound = Settings.System.DEFAULT_NOTIFICATION_URI;

                    Log.w(TAG, "Replacing " + uri + " from " + sourceUid + ": " + e.getMessage());

                } else {

                    if (mTargetSdkVersion >= Build.VERSION_CODES.P) {

                        throw e;

                    } else {

                        Log.w(TAG,

                                "Ignoring " + uri + " from " + sourceUid + ": " + e.getMessage());

                    }

                }

            }

        } finally {

            Binder.restoreCallingIdentity(ident);

        }

    }

    /**

     * Note the presence of a {@link Uri} that should have permission granted to

     * whoever will be rendering it.

                // Verify that the app has permission to read the sound Uri

                // Only check for new channels, as regular apps can only set sound

                // before creating. See: {@link NotificationChannel#setSound}

                if (Flags.notificationVerifyChannelSoundUri()) {

                PermissionHelper.grantUriPermission(mUgmInternal, channel.getSound(), uid);

                }

                channel.setImportanceLockedByCriticalDeviceFunction(

                        r.defaultAppLockedImportance || r.fixedImportance);

  bug: "358524009"

}

flag {

  name: "notification_verify_channel_sound_uri"

  namespace: "systemui"

  description: "Verify Uri permission for sound when creating a notification channel"

  bug: "337775777"

  metadata {

    purpose: PURPOSE_BUGFIX

  }

}

flag {

  name: "notification_vibration_in_sound_uri_for_channel"

  namespace: "systemui"

import static com.android.internal.util.FrameworkStatsLog.PACKAGE_NOTIFICATION_PREFERENCES__FSI_STATE__DENIED;

import static com.android.internal.util.FrameworkStatsLog.PACKAGE_NOTIFICATION_PREFERENCES__FSI_STATE__GRANTED;

import static com.android.internal.util.FrameworkStatsLog.PACKAGE_NOTIFICATION_PREFERENCES__FSI_STATE__NOT_REQUESTED;

import static com.android.server.notification.Flags.FLAG_NOTIFICATION_VERIFY_CHANNEL_SOUND_URI;

import static com.android.server.notification.Flags.FLAG_PERSIST_INCOMPLETE_RESTORE_DATA;

import static com.android.server.notification.NotificationChannelLogger.NotificationChannelEvent.NOTIFICATION_CHANNEL_UPDATED_BY_USER;

import static com.android.server.notification.PreferencesHelper.DEFAULT_BUBBLE_PREFERENCE;

    }

    @Test

    @EnableFlags(FLAG_NOTIFICATION_VERIFY_CHANNEL_SOUND_URI)

    public void testCreateChannel_noSoundUriPermission_contentSchemeVerified() {

        final Uri sound = Uri.parse(SCHEME_CONTENT + "://media/test/sound/uri");

    }

    @Test

    @EnableFlags(FLAG_NOTIFICATION_VERIFY_CHANNEL_SOUND_URI)

    public void testCreateChannel_noSoundUriPermission_fileSchemaIgnored() {

        final Uri sound = Uri.parse(SCHEME_FILE + "://path/sound");

    }

    @Test

    @EnableFlags(FLAG_NOTIFICATION_VERIFY_CHANNEL_SOUND_URI)

    public void testCreateChannel_noSoundUriPermission_resourceSchemaIgnored() {

        final Uri sound = Uri.parse(SCHEME_ANDROID_RESOURCE + "://resId/sound");