Inline SECURE_ALLOWLIST_TOKEN (b8a1a5d4) · Commits · e / os / android_frameworks_base

core/java/android/app/Notification.java

+19 −34

Original line number	Diff line number	Diff line
		@@ -2678,16 +2678,11 @@ public class Notification implements Parcelable
		if (mAllowlistToken == null) {
		mAllowlistToken = processAllowlistToken;
		}
		if (Flags.secureAllowlistToken()) {
		// Propagate this token to all pending intents that are unmarshalled from the parcel,
		// or keep the one we're already propagating, if that's the case.
		if (!parcel.hasClassCookie(PendingIntent.class)) {
		parcel.setClassCookie(PendingIntent.class, mAllowlistToken);
		}
		} else {
		// Propagate this token to all pending intents that are unmarshalled from the parcel.
		parcel.setClassCookie(PendingIntent.class, mAllowlistToken);
		}

		when = parcel.readLong();
		creationTime = parcel.readLong();
		@@ -3301,7 +3296,6 @@ public class Notification implements Parcelable
		PendingIntent.addOnMarshaledListener(addedListener);
		}
		try {
		if (Flags.secureAllowlistToken()) {
		boolean mustClearCookie = false;
		if (!parcel.hasClassCookie(Notification.class)) {
		// This is the "root" notification, and not an "inner" notification (including
		@@ -3319,11 +3313,6 @@ public class Notification implements Parcelable
		parcel.removeClassCookie(Notification.class, mAllowlistToken);
		}
		}
		} else {
		// IMPORTANT: Add marshaling code in writeToParcelImpl as we
		// want to intercept all pending events written to the parcel.
		writeToParcelImpl(parcel, flags);
		}

		synchronized (this) {
		// Must be written last!
		@@ -3339,13 +3328,9 @@ public class Notification implements Parcelable
		private void writeToParcelImpl(Parcel parcel, int flags) {
		parcel.writeInt(1);

		if (Flags.secureAllowlistToken()) {
		// Always use the same token as the root notification (might be null).
		IBinder rootNotificationToken = (IBinder) parcel.getClassCookie(Notification.class);
		parcel.writeStrongBinder(rootNotificationToken);
		} else {
		parcel.writeStrongBinder(mAllowlistToken);
		}

		parcel.writeLong(when);
		parcel.writeLong(creationTime);

services/core/java/com/android/server/notification/NotificationManagerService.java

+11 −15

Original line number	Diff line number	Diff line
		@@ -7374,7 +7374,6 @@ public class NotificationManagerService extends SystemService {
		+ " trying to post for invalid pkg " + pkg + " in user " + incomingUserId);
		}

		if (android.app.Flags.secureAllowlistToken()) {
		IBinder allowlistToken = notification.getAllowlistToken();
		if (allowlistToken != null && allowlistToken != ALLOWLIST_TOKEN) {
		throw new SecurityException(
		@@ -7383,7 +7382,6 @@ public class NotificationManagerService extends SystemService {
		// allowlistToken is populated by unparceling, so it can be null if the notification was
		// posted from inside system_server. Ensure it's the expected value.
		notification.overrideAllowlistToken(ALLOWLIST_TOKEN);
		}

		checkRestrictedCategories(notification);

		@@ -8523,12 +8521,10 @@ public class NotificationManagerService extends SystemService {
		*/
		private boolean enqueueNotification() {
		synchronized (mNotificationLock) {
		if (android.app.Flags.secureAllowlistToken()) {
		// allowlistToken is populated by unparceling, so it will be absent if the
		// EnqueueNotificationRunnable is created directly by NMS (as we do for group
		// summaries) instead of via notify(). Fix that.
		r.getNotification().overrideAllowlistToken(ALLOWLIST_TOKEN);
		}

		final long snoozeAt =
		mSnoozeHelper.getSnoozeTimeForUnpostedNotification(

services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java

+0 −6

Original line number	Diff line number	Diff line
		@@ -14295,7 +14295,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
		}

		@Test
		@EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
		public void enqueueNotification_acceptsCorrectToken() throws RemoteException {
		Notification sent = new Notification.Builder(mContext, TEST_CHANNEL_ID)
		.setContentIntent(createPendingIntent("content"))
		@@ -14314,7 +14313,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
		}

		@Test
		@EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
		public void enqueueNotification_acceptsNullToken_andPopulatesIt() throws RemoteException {
		Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID)
		.setContentIntent(createPendingIntent("content"))
		@@ -14331,7 +14329,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
		}

		@Test
		@EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
		public void enqueueNotification_directlyThroughRunnable_populatesAllowlistToken() {
		Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID)
		.setContentIntent(createPendingIntent("content"))
		@@ -14354,7 +14351,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
		}

		@Test
		@EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
		public void enqueueNotification_rejectsOtherToken() throws RemoteException {
		Notification sent = new Notification.Builder(mContext, TEST_CHANNEL_ID)
		.setContentIntent(createPendingIntent("content"))
		@@ -14372,7 +14368,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
		}

		@Test
		@EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
		public void enqueueNotification_customParcelingWithFakeInnerToken_hasCorrectTokenInIntents()
		throws RemoteException {
		Notification sentFromApp = new Notification.Builder(mContext, TEST_CHANNEL_ID)
		@@ -14578,7 +14573,6 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {

		@Test
		@SuppressWarnings("unchecked")
		@EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
		public void getActiveNotifications_doesNotLeakAllowlistToken() throws RemoteException {
		Notification sentFromApp = new Notification.Builder(mContext, TEST_CHANNEL_ID)
		.setContentIntent(createPendingIntent("content"))