Loading core/java/android/app/Notification.java +19 −34 Original line number Diff line number Diff line Loading @@ -2706,16 +2706,11 @@ public class Notification implements Parcelable if (mAllowlistToken == null) { mAllowlistToken = processAllowlistToken; } if (Flags.secureAllowlistToken()) { // Propagate this token to all pending intents that are unmarshalled from the parcel, // or keep the one we're already propagating, if that's the case. if (!parcel.hasClassCookie(PendingIntent.class)) { parcel.setClassCookie(PendingIntent.class, mAllowlistToken); } } else { // Propagate this token to all pending intents that are unmarshalled from the parcel. parcel.setClassCookie(PendingIntent.class, mAllowlistToken); } when = parcel.readLong(); creationTime = parcel.readLong(); Loading Loading @@ -3333,7 +3328,6 @@ public class Notification implements Parcelable PendingIntent.addOnMarshaledListener(addedListener); } try { if (Flags.secureAllowlistToken()) { boolean mustClearCookie = false; if (!parcel.hasClassCookie(Notification.class)) { // This is the "root" notification, and not an "inner" notification (including Loading @@ -3351,11 +3345,6 @@ public class Notification implements Parcelable parcel.removeClassCookie(Notification.class, mAllowlistToken); } } } else { // IMPORTANT: Add marshaling code in writeToParcelImpl as we // want to intercept all pending events written to the parcel. writeToParcelImpl(parcel, flags); } synchronized (this) { // Must be written last! Loading @@ -3371,13 +3360,9 @@ public class Notification implements Parcelable private void writeToParcelImpl(Parcel parcel, int flags) { parcel.writeInt(1); if (Flags.secureAllowlistToken()) { // Always use the same token as the root notification (might be null). IBinder rootNotificationToken = (IBinder) parcel.getClassCookie(Notification.class); parcel.writeStrongBinder(rootNotificationToken); } else { parcel.writeStrongBinder(mAllowlistToken); } parcel.writeLong(when); parcel.writeLong(creationTime); Loading services/core/java/com/android/server/notification/NotificationManagerService.java +11 −15 Original line number Diff line number Diff line Loading @@ -7600,7 +7600,6 @@ public class NotificationManagerService extends SystemService { + " trying to post for invalid pkg " + pkg + " in user " + incomingUserId); } if (android.app.Flags.secureAllowlistToken()) { IBinder allowlistToken = notification.getAllowlistToken(); if (allowlistToken != null && allowlistToken != ALLOWLIST_TOKEN) { throw new SecurityException( Loading @@ -7609,7 +7608,6 @@ public class NotificationManagerService extends SystemService { // allowlistToken is populated by unparceling, so it can be null if the notification was // posted from inside system_server. Ensure it's the expected value. notification.overrideAllowlistToken(ALLOWLIST_TOKEN); } checkRestrictedCategories(notification); Loading Loading @@ -8774,12 +8772,10 @@ public class NotificationManagerService extends SystemService { */ private boolean enqueueNotification() { synchronized (mNotificationLock) { if (android.app.Flags.secureAllowlistToken()) { // allowlistToken is populated by unparceling, so it will be absent if the // EnqueueNotificationRunnable is created directly by NMS (as we do for group // summaries) instead of via notify(). Fix that. r.getNotification().overrideAllowlistToken(ALLOWLIST_TOKEN); } final long snoozeAt = mSnoozeHelper.getSnoozeTimeForUnpostedNotification( Loading services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java +0 −6 Original line number Diff line number Diff line Loading @@ -14995,7 +14995,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_acceptsCorrectToken() throws RemoteException { Notification sent = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading @@ -15014,7 +15013,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_acceptsNullToken_andPopulatesIt() throws RemoteException { Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading @@ -15031,7 +15029,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_directlyThroughRunnable_populatesAllowlistToken() { Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading @@ -15054,7 +15051,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_rejectsOtherToken() throws RemoteException { Notification sent = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading @@ -15072,7 +15068,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_customParcelingWithFakeInnerToken_hasCorrectTokenInIntents() throws RemoteException { Notification sentFromApp = new Notification.Builder(mContext, TEST_CHANNEL_ID) Loading Loading @@ -15278,7 +15273,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { @Test @SuppressWarnings("unchecked") @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void getActiveNotifications_doesNotLeakAllowlistToken() throws RemoteException { Notification sentFromApp = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading
core/java/android/app/Notification.java +19 −34 Original line number Diff line number Diff line Loading @@ -2706,16 +2706,11 @@ public class Notification implements Parcelable if (mAllowlistToken == null) { mAllowlistToken = processAllowlistToken; } if (Flags.secureAllowlistToken()) { // Propagate this token to all pending intents that are unmarshalled from the parcel, // or keep the one we're already propagating, if that's the case. if (!parcel.hasClassCookie(PendingIntent.class)) { parcel.setClassCookie(PendingIntent.class, mAllowlistToken); } } else { // Propagate this token to all pending intents that are unmarshalled from the parcel. parcel.setClassCookie(PendingIntent.class, mAllowlistToken); } when = parcel.readLong(); creationTime = parcel.readLong(); Loading Loading @@ -3333,7 +3328,6 @@ public class Notification implements Parcelable PendingIntent.addOnMarshaledListener(addedListener); } try { if (Flags.secureAllowlistToken()) { boolean mustClearCookie = false; if (!parcel.hasClassCookie(Notification.class)) { // This is the "root" notification, and not an "inner" notification (including Loading @@ -3351,11 +3345,6 @@ public class Notification implements Parcelable parcel.removeClassCookie(Notification.class, mAllowlistToken); } } } else { // IMPORTANT: Add marshaling code in writeToParcelImpl as we // want to intercept all pending events written to the parcel. writeToParcelImpl(parcel, flags); } synchronized (this) { // Must be written last! Loading @@ -3371,13 +3360,9 @@ public class Notification implements Parcelable private void writeToParcelImpl(Parcel parcel, int flags) { parcel.writeInt(1); if (Flags.secureAllowlistToken()) { // Always use the same token as the root notification (might be null). IBinder rootNotificationToken = (IBinder) parcel.getClassCookie(Notification.class); parcel.writeStrongBinder(rootNotificationToken); } else { parcel.writeStrongBinder(mAllowlistToken); } parcel.writeLong(when); parcel.writeLong(creationTime); Loading
services/core/java/com/android/server/notification/NotificationManagerService.java +11 −15 Original line number Diff line number Diff line Loading @@ -7600,7 +7600,6 @@ public class NotificationManagerService extends SystemService { + " trying to post for invalid pkg " + pkg + " in user " + incomingUserId); } if (android.app.Flags.secureAllowlistToken()) { IBinder allowlistToken = notification.getAllowlistToken(); if (allowlistToken != null && allowlistToken != ALLOWLIST_TOKEN) { throw new SecurityException( Loading @@ -7609,7 +7608,6 @@ public class NotificationManagerService extends SystemService { // allowlistToken is populated by unparceling, so it can be null if the notification was // posted from inside system_server. Ensure it's the expected value. notification.overrideAllowlistToken(ALLOWLIST_TOKEN); } checkRestrictedCategories(notification); Loading Loading @@ -8774,12 +8772,10 @@ public class NotificationManagerService extends SystemService { */ private boolean enqueueNotification() { synchronized (mNotificationLock) { if (android.app.Flags.secureAllowlistToken()) { // allowlistToken is populated by unparceling, so it will be absent if the // EnqueueNotificationRunnable is created directly by NMS (as we do for group // summaries) instead of via notify(). Fix that. r.getNotification().overrideAllowlistToken(ALLOWLIST_TOKEN); } final long snoozeAt = mSnoozeHelper.getSnoozeTimeForUnpostedNotification( Loading
services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java +0 −6 Original line number Diff line number Diff line Loading @@ -14995,7 +14995,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_acceptsCorrectToken() throws RemoteException { Notification sent = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading @@ -15014,7 +15013,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_acceptsNullToken_andPopulatesIt() throws RemoteException { Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading @@ -15031,7 +15029,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_directlyThroughRunnable_populatesAllowlistToken() { Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading @@ -15054,7 +15051,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_rejectsOtherToken() throws RemoteException { Notification sent = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content")) Loading @@ -15072,7 +15068,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { } @Test @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void enqueueNotification_customParcelingWithFakeInnerToken_hasCorrectTokenInIntents() throws RemoteException { Notification sentFromApp = new Notification.Builder(mContext, TEST_CHANNEL_ID) Loading Loading @@ -15278,7 +15273,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { @Test @SuppressWarnings("unchecked") @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN) public void getActiveNotifications_doesNotLeakAllowlistToken() throws RemoteException { Notification sentFromApp = new Notification.Builder(mContext, TEST_CHANNEL_ID) .setContentIntent(createPendingIntent("content"))
