Merge tag 'android-security-11.0.0_r65' of...

     * {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to

     * {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted.

     *

     * Control over the following permissions are restricted for managed profile owners:

     * <ul>

     *  <li>Manifest.permission.READ_SMS</li>

     * </ul>

     * <p>

     * A managed profile owner may not grant these permissions (i.e. call this method with any of

     * the permissions listed above and {@code grantState} of

     * {@code #PERMISSION_GRANT_STATE_GRANTED}), but may deny them.

     *

     * @param admin Which profile or device owner this request is associated with.

     * @param packageName The application to grant or revoke a permission to.

     * @param permission The permission to grant or revoke.

        mNames = in.createStringArray();

        int numChains = in.readInt();

        if (numChains > 0) {

        if (numChains >= 0) {

            mChains = new ArrayList<>(numChains);

            in.readParcelableList(mChains, WorkChain.class.getClassLoader());

        } else {

                resolvedType = key.requestResolvedType;

            }

            // Apply any launch flags from the ActivityOptions. This is used only by SystemUI

            // to ensure that we can launch the pending intent with a consistent launch mode even

            // if the provided PendingIntent is immutable (ie. to force an activity to launch into

            // a new task, or to launch multiple instances if supported by the app)

            // Apply any launch flags from the ActivityOptions. This is to ensure that the caller

            // can specify a consistent launch mode even if the PendingIntent is immutable

            final ActivityOptions opts = ActivityOptions.fromBundle(options);

            if (opts != null) {

                // TODO(b/254490217): Move this check into SafeActivityOptions

                if (controller.mAtmInternal.isCallerRecents(Binder.getCallingUid())) {

                finalIntent.addFlags(opts.getPendingIntentLaunchFlags());

            }

            }

            // Extract options before clearing calling identity

            mergedOptions = key.options;

            return (haystack & needle) != 0;

        }

        public boolean isInLockDownMode() {

            return mIsInLockDownMode;

        // Return whether the user is in lockdown mode.

        // If the flag is not set, we assume the user is not in lockdown.

        public boolean isInLockDownMode(int userId) {

            return mUserInLockDownMode.get(userId, false);

        }

        @Override

        public synchronized void onStrongAuthRequiredChanged(int userId) {

            boolean userInLockDownModeNext = containsFlag(getStrongAuthForUser(userId),

                    STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN);

            mUserInLockDownMode.put(userId, userInLockDownModeNext);

            boolean isInLockDownModeNext = mUserInLockDownMode.indexOfValue(true) != -1;

            if (mIsInLockDownMode == isInLockDownModeNext) {

            // Nothing happens if the lockdown mode of userId keeps the same.

            if (userInLockDownModeNext == isInLockDownMode(userId)) {

                return;

            }

            if (isInLockDownModeNext) {

                cancelNotificationsWhenEnterLockDownMode();

            // When the lockdown mode is changed, we perform the following steps.

            // If the userInLockDownModeNext is true, all the function calls to

            // notifyPostedLocked and notifyRemovedLocked will not be executed.

            // The cancelNotificationsWhenEnterLockDownMode calls notifyRemovedLocked

            // and postNotificationsWhenExitLockDownMode calls notifyPostedLocked.

            // So we shall call cancelNotificationsWhenEnterLockDownMode before

            // we set mUserInLockDownMode as true.

            // On the other hand, if the userInLockDownModeNext is false, we shall call

            // postNotificationsWhenExitLockDownMode after we put false into mUserInLockDownMode

            if (userInLockDownModeNext) {

                cancelNotificationsWhenEnterLockDownMode(userId);

            }

            // When the mIsInLockDownMode is true, both notifyPostedLocked and

            // notifyRemovedLocked will be dismissed. So we shall call

            // cancelNotificationsWhenEnterLockDownMode before we set mIsInLockDownMode

            // as true and call postNotificationsWhenExitLockDownMode after we set

            // mIsInLockDownMode as false.

            mIsInLockDownMode = isInLockDownModeNext;

            mUserInLockDownMode.put(userId, userInLockDownModeNext);

            if (!isInLockDownModeNext) {

                postNotificationsWhenExitLockDownMode();

            if (!userInLockDownModeNext) {

                postNotificationsWhenExitLockDownMode(userId);

            }

        }

    }

    private LockPatternUtils mLockPatternUtils;

    private StrongAuthTracker mStrongAuthTracker;

    public NotificationManagerService(Context context) {

                ServiceManager.getService(Context.PLATFORM_COMPAT_SERVICE));

        mUiHandler = new Handler(UiThread.get().getLooper());

        mLockPatternUtils = new LockPatternUtils(getContext());

        mStrongAuthTracker = new StrongAuthTracker(getContext());

        String[] extractorNames;

        try {

                bubbsExtractor.setShortcutHelper(mShortcutHelper);

            }

            registerNotificationPreferencesPullers();

            mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker);

            new LockPatternUtils(getContext()).registerStrongAuthTracker(mStrongAuthTracker);

        } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) {

            // This observer will force an update when observe is called, causing us to

            // bind to listener services.

        }

    }

    private void cancelNotificationsWhenEnterLockDownMode() {

    private void cancelNotificationsWhenEnterLockDownMode(int userId) {

        synchronized (mNotificationLock) {

            int numNotifications = mNotificationList.size();

            for (int i = 0; i < numNotifications; i++) {

                NotificationRecord rec = mNotificationList.get(i);

                if (rec.getUser().getIdentifier() != userId) {

                    continue;

                }

                mListeners.notifyRemovedLocked(rec, REASON_CANCEL_ALL,

                        rec.getStats());

            }

        }

    }

    private void postNotificationsWhenExitLockDownMode() {

    private void postNotificationsWhenExitLockDownMode(int userId) {

        synchronized (mNotificationLock) {

            int numNotifications = mNotificationList.size();

            // Set the delay to spread out the burst of notifications.

            long delay = 0;

            for (int i = 0; i < numNotifications; i++) {

                NotificationRecord rec = mNotificationList.get(i);

                if (rec.getUser().getIdentifier() != userId) {

                    continue;

                }

                mHandler.postDelayed(() -> {

                    synchronized (mNotificationLock) {

                        mListeners.notifyPostedLocked(rec, rec);

                    }

                }, delay);

                delay += 20;

            }

        }

    }

     * notifications visible to the given listener.

     */

    @GuardedBy("mNotificationLock")

    private NotificationRankingUpdate makeRankingUpdateLocked(ManagedServiceInfo info) {

    NotificationRankingUpdate makeRankingUpdateLocked(ManagedServiceInfo info) {

        final int N = mNotificationList.size();

        final ArrayList<NotificationListenerService.Ranking> rankings = new ArrayList<>();

        for (int i = 0; i < N; i++) {

            NotificationRecord record = mNotificationList.get(i);

            if (isInLockDownMode(record.getUser().getIdentifier())) {

                continue;

            }

            if (!isVisibleToListener(record.getSbn(), info)) {

                continue;

            }

                rankings.toArray(new NotificationListenerService.Ranking[0]));

    }

    boolean isInLockDownMode() {

        return mStrongAuthTracker.isInLockDownMode();

    boolean isInLockDownMode(int userId) {

        return mStrongAuthTracker.isInLockDownMode(userId);

    }

    boolean hasCompanionDevice(ManagedServiceInfo info) {

                ServiceManager.getService(Context.COMPANION_DEVICE_SERVICE));

    }

    private boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) {

    @VisibleForTesting

    boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) {

        if (!listener.enabledAndUserMatches(sbn.getUserId())) {

            return false;

        }

        @GuardedBy("mNotificationLock")

        void notifyPostedLocked(NotificationRecord r, NotificationRecord old,

                boolean notifyAllListeners) {

            if (isInLockDownMode()) {

            if (isInLockDownMode(r.getUser().getIdentifier())) {

                return;

            }

        @GuardedBy("mNotificationLock")

        public void notifyRemovedLocked(NotificationRecord r, int reason,

                NotificationStats notificationStats) {

            if (isInLockDownMode()) {

            if (isInLockDownMode(r.getUser().getIdentifier())) {

                return;

            }

         */

        @GuardedBy("mNotificationLock")

        public void notifyRankingUpdateLocked(List<NotificationRecord> changedHiddenNotifications) {

            if (isInLockDownMode()) {

                return;

            }

            boolean isHiddenRankingUpdate = changedHiddenNotifications != null

                    && changedHiddenNotifications.size() > 0;

        final PackageSetting ps = (PackageSetting)

                mPackageManagerInt.getPackageSetting(newPackage.getPackageName());

        if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, ps, saw,

                ps.getPermissionsState())) {

                ps.getPermissionsState(), true)) {

            return;

        }

        for (int userId : mUserManagerInt.getUserIds()) {

    private boolean grantSignaturePermission(String perm, AndroidPackage pkg,

            PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions) {

        return grantSignaturePermission(perm, pkg, pkgSetting, bp, origPermissions, false);

    }

    private boolean grantSignaturePermission(String perm, AndroidPackage pkg,

            PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions,

            boolean isApi23Upgrade) {

        boolean oemPermission = bp.isOEM();

        boolean vendorPrivilegedPermission = bp.isVendorPrivileged();

        boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged();

                // Any pre-installed system app is allowed to get this permission.

                allowed = true;

            }

            if (!allowed && bp.isDevelopment()) {

            if (!allowed && bp.isDevelopment() && !(bp.isPre23() && isApi23Upgrade)) {

                // For development permissions, a development permission

                // is granted only if it was already granted.

                allowed = origPermissions.hasInstallPermission(perm);