Loading services/core/java/com/android/server/notification/NotificationManagerService.java +3 −1 Original line number Diff line number Diff line Loading @@ -7594,7 +7594,7 @@ public class NotificationManagerService extends SystemService { for (int i = 0; i < newUris.size(); i++) { final Uri uri = newUris.valueAt(i); if (oldUris == null || !oldUris.contains(uri)) { if (DBG) Slog.d(TAG, key + ": granting " + uri); Slog.d(TAG, key + ": granting " + uri); grantUriPermission(permissionOwner, uri, newRecord.getUid(), targetPkg, targetUserId); } Loading Loading @@ -7631,6 +7631,8 @@ public class NotificationManagerService extends SystemService { targetUserId); } catch (RemoteException ignored) { // Ignored because we're in same process } catch (SecurityException e) { Slog.e(TAG, "Cannot grant uri access; " + sourceUid + " does not own " + uri); } finally { Binder.restoreCallingIdentity(ident); } Loading services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java +28 −0 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ import static org.mockito.Mockito.anyInt; import static org.mockito.Mockito.clearInvocations; import static org.mockito.Mockito.doAnswer; import static org.mockito.Mockito.doNothing; import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.never; import static org.mockito.Mockito.reset; Loading Loading @@ -3643,6 +3644,33 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { anyInt(), anyInt()); } @Test public void updateUriPermissions_posterDoesNotOwnUri() throws Exception { NotificationChannel c = new NotificationChannel( TEST_CHANNEL_ID, TEST_CHANNEL_ID, IMPORTANCE_DEFAULT); c.setSound(null, Notification.AUDIO_ATTRIBUTES_DEFAULT); Message message1 = new Message("", 0, ""); message1.setData("", ContentUris.withAppendedId(MediaStore.Images.Media.EXTERNAL_CONTENT_URI, 1)); Notification.Builder nbA = new Notification.Builder(mContext, c.getId()) .setContentTitle("foo") .setSmallIcon(android.R.drawable.sym_def_app_icon) .setStyle(new Notification.MessagingStyle("") .addMessage(message1)); NotificationRecord recordA = new NotificationRecord(mContext, new StatusBarNotification( PKG, PKG, 0, "tag", mUid, 0, nbA.build(), new UserHandle(mUid), null, 0), c); doThrow(new SecurityException("no access")).when(mUgm) .grantUriPermissionFromOwner( any(), anyInt(), any(), any(), anyInt(), anyInt(), anyInt()); when(mUgmInternal.newUriPermissionOwner(any())).thenReturn(new Binder()); mService.updateUriPermissions(recordA, null, mContext.getPackageName(), USER_SYSTEM); // yay, no crash } @Test public void testVisitUris() throws Exception { final Uri audioContents = Uri.parse("content://com.example/audio"); Loading Loading
services/core/java/com/android/server/notification/NotificationManagerService.java +3 −1 Original line number Diff line number Diff line Loading @@ -7594,7 +7594,7 @@ public class NotificationManagerService extends SystemService { for (int i = 0; i < newUris.size(); i++) { final Uri uri = newUris.valueAt(i); if (oldUris == null || !oldUris.contains(uri)) { if (DBG) Slog.d(TAG, key + ": granting " + uri); Slog.d(TAG, key + ": granting " + uri); grantUriPermission(permissionOwner, uri, newRecord.getUid(), targetPkg, targetUserId); } Loading Loading @@ -7631,6 +7631,8 @@ public class NotificationManagerService extends SystemService { targetUserId); } catch (RemoteException ignored) { // Ignored because we're in same process } catch (SecurityException e) { Slog.e(TAG, "Cannot grant uri access; " + sourceUid + " does not own " + uri); } finally { Binder.restoreCallingIdentity(ident); } Loading
services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java +28 −0 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ import static org.mockito.Mockito.anyInt; import static org.mockito.Mockito.clearInvocations; import static org.mockito.Mockito.doAnswer; import static org.mockito.Mockito.doNothing; import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.never; import static org.mockito.Mockito.reset; Loading Loading @@ -3643,6 +3644,33 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { anyInt(), anyInt()); } @Test public void updateUriPermissions_posterDoesNotOwnUri() throws Exception { NotificationChannel c = new NotificationChannel( TEST_CHANNEL_ID, TEST_CHANNEL_ID, IMPORTANCE_DEFAULT); c.setSound(null, Notification.AUDIO_ATTRIBUTES_DEFAULT); Message message1 = new Message("", 0, ""); message1.setData("", ContentUris.withAppendedId(MediaStore.Images.Media.EXTERNAL_CONTENT_URI, 1)); Notification.Builder nbA = new Notification.Builder(mContext, c.getId()) .setContentTitle("foo") .setSmallIcon(android.R.drawable.sym_def_app_icon) .setStyle(new Notification.MessagingStyle("") .addMessage(message1)); NotificationRecord recordA = new NotificationRecord(mContext, new StatusBarNotification( PKG, PKG, 0, "tag", mUid, 0, nbA.build(), new UserHandle(mUid), null, 0), c); doThrow(new SecurityException("no access")).when(mUgm) .grantUriPermissionFromOwner( any(), anyInt(), any(), any(), anyInt(), anyInt(), anyInt()); when(mUgmInternal.newUriPermissionOwner(any())).thenReturn(new Binder()); mService.updateUriPermissions(recordA, null, mContext.getPackageName(), USER_SYSTEM); // yay, no crash } @Test public void testVisitUris() throws Exception { final Uri audioContents = Uri.parse("content://com.example/audio"); Loading
