Loading core/java/android/app/admin/DevicePolicyManager.java +9 −0 Original line number Original line Diff line number Diff line Loading @@ -9661,6 +9661,15 @@ public class DevicePolicyManager { * {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to * {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to * {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted. * {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted. * * * Control over the following permissions are restricted for managed profile owners: * <ul> * <li>Manifest.permission.READ_SMS</li> * </ul> * <p> * A managed profile owner may not grant these permissions (i.e. call this method with any of * the permissions listed above and {@code grantState} of * {@code #PERMISSION_GRANT_STATE_GRANTED}), but may deny them. * * @param admin Which profile or device owner this request is associated with. * @param admin Which profile or device owner this request is associated with. * @param packageName The application to grant or revoke a permission to. * @param packageName The application to grant or revoke a permission to. * @param permission The permission to grant or revoke. * @param permission The permission to grant or revoke. Loading core/java/android/os/WorkSource.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -129,7 +129,7 @@ public class WorkSource implements Parcelable { mNames = in.createStringArray(); mNames = in.createStringArray(); int numChains = in.readInt(); int numChains = in.readInt(); if (numChains > 0) { if (numChains >= 0) { mChains = new ArrayList<>(numChains); mChains = new ArrayList<>(numChains); in.readParcelableList(mChains, WorkChain.class.getClassLoader()); in.readParcelableList(mChains, WorkChain.class.getClassLoader()); } else { } else { Loading services/core/java/com/android/server/am/PendingIntentRecord.java +3 −8 Original line number Original line Diff line number Diff line Loading @@ -326,17 +326,12 @@ public final class PendingIntentRecord extends IIntentSender.Stub { resolvedType = key.requestResolvedType; resolvedType = key.requestResolvedType; } } // Apply any launch flags from the ActivityOptions. This is used only by SystemUI // Apply any launch flags from the ActivityOptions. This is to ensure that the caller // to ensure that we can launch the pending intent with a consistent launch mode even // can specify a consistent launch mode even if the PendingIntent is immutable // if the provided PendingIntent is immutable (ie. to force an activity to launch into // a new task, or to launch multiple instances if supported by the app) final ActivityOptions opts = ActivityOptions.fromBundle(options); final ActivityOptions opts = ActivityOptions.fromBundle(options); if (opts != null) { if (opts != null) { // TODO(b/254490217): Move this check into SafeActivityOptions if (controller.mAtmInternal.isCallerRecents(Binder.getCallingUid())) { finalIntent.addFlags(opts.getPendingIntentLaunchFlags()); finalIntent.addFlags(opts.getPendingIntentLaunchFlags()); } } } // Extract options before clearing calling identity // Extract options before clearing calling identity mergedOptions = key.options; mergedOptions = key.options; Loading services/core/java/com/android/server/notification/NotificationManagerService.java +47 −32 Original line number Original line Diff line number Diff line Loading @@ -1744,39 +1744,43 @@ public class NotificationManagerService extends SystemService { return (haystack & needle) != 0; return (haystack & needle) != 0; } } public boolean isInLockDownMode() { // Return whether the user is in lockdown mode. return mIsInLockDownMode; // If the flag is not set, we assume the user is not in lockdown. public boolean isInLockDownMode(int userId) { return mUserInLockDownMode.get(userId, false); } } @Override @Override public synchronized void onStrongAuthRequiredChanged(int userId) { public synchronized void onStrongAuthRequiredChanged(int userId) { boolean userInLockDownModeNext = containsFlag(getStrongAuthForUser(userId), boolean userInLockDownModeNext = containsFlag(getStrongAuthForUser(userId), STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); mUserInLockDownMode.put(userId, userInLockDownModeNext); boolean isInLockDownModeNext = mUserInLockDownMode.indexOfValue(true) != -1; if (mIsInLockDownMode == isInLockDownModeNext) { // Nothing happens if the lockdown mode of userId keeps the same. if (userInLockDownModeNext == isInLockDownMode(userId)) { return; return; } } if (isInLockDownModeNext) { // When the lockdown mode is changed, we perform the following steps. cancelNotificationsWhenEnterLockDownMode(); // If the userInLockDownModeNext is true, all the function calls to // notifyPostedLocked and notifyRemovedLocked will not be executed. // The cancelNotificationsWhenEnterLockDownMode calls notifyRemovedLocked // and postNotificationsWhenExitLockDownMode calls notifyPostedLocked. // So we shall call cancelNotificationsWhenEnterLockDownMode before // we set mUserInLockDownMode as true. // On the other hand, if the userInLockDownModeNext is false, we shall call // postNotificationsWhenExitLockDownMode after we put false into mUserInLockDownMode if (userInLockDownModeNext) { cancelNotificationsWhenEnterLockDownMode(userId); } } // When the mIsInLockDownMode is true, both notifyPostedLocked and mUserInLockDownMode.put(userId, userInLockDownModeNext); // notifyRemovedLocked will be dismissed. So we shall call // cancelNotificationsWhenEnterLockDownMode before we set mIsInLockDownMode // as true and call postNotificationsWhenExitLockDownMode after we set // mIsInLockDownMode as false. mIsInLockDownMode = isInLockDownModeNext; if (!isInLockDownModeNext) { if (!userInLockDownModeNext) { postNotificationsWhenExitLockDownMode(); postNotificationsWhenExitLockDownMode(userId); } } } } } } private LockPatternUtils mLockPatternUtils; private StrongAuthTracker mStrongAuthTracker; private StrongAuthTracker mStrongAuthTracker; public NotificationManagerService(Context context) { public NotificationManagerService(Context context) { Loading Loading @@ -1996,7 +2000,6 @@ public class NotificationManagerService extends SystemService { ServiceManager.getService(Context.PLATFORM_COMPAT_SERVICE)); ServiceManager.getService(Context.PLATFORM_COMPAT_SERVICE)); mUiHandler = new Handler(UiThread.get().getLooper()); mUiHandler = new Handler(UiThread.get().getLooper()); mLockPatternUtils = new LockPatternUtils(getContext()); mStrongAuthTracker = new StrongAuthTracker(getContext()); mStrongAuthTracker = new StrongAuthTracker(getContext()); String[] extractorNames; String[] extractorNames; try { try { Loading Loading @@ -2445,7 +2448,7 @@ public class NotificationManagerService extends SystemService { bubbsExtractor.setShortcutHelper(mShortcutHelper); bubbsExtractor.setShortcutHelper(mShortcutHelper); } } registerNotificationPreferencesPullers(); registerNotificationPreferencesPullers(); mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker); new LockPatternUtils(getContext()).registerStrongAuthTracker(mStrongAuthTracker); } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) { } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) { // This observer will force an update when observe is called, causing us to // This observer will force an update when observe is called, causing us to // bind to listener services. // bind to listener services. Loading Loading @@ -8706,11 +8709,14 @@ public class NotificationManagerService extends SystemService { } } } } private void cancelNotificationsWhenEnterLockDownMode() { private void cancelNotificationsWhenEnterLockDownMode(int userId) { synchronized (mNotificationLock) { synchronized (mNotificationLock) { int numNotifications = mNotificationList.size(); int numNotifications = mNotificationList.size(); for (int i = 0; i < numNotifications; i++) { for (int i = 0; i < numNotifications; i++) { NotificationRecord rec = mNotificationList.get(i); NotificationRecord rec = mNotificationList.get(i); if (rec.getUser().getIdentifier() != userId) { continue; } mListeners.notifyRemovedLocked(rec, REASON_CANCEL_ALL, mListeners.notifyRemovedLocked(rec, REASON_CANCEL_ALL, rec.getStats()); rec.getStats()); } } Loading @@ -8718,14 +8724,23 @@ public class NotificationManagerService extends SystemService { } } } } private void postNotificationsWhenExitLockDownMode() { private void postNotificationsWhenExitLockDownMode(int userId) { synchronized (mNotificationLock) { synchronized (mNotificationLock) { int numNotifications = mNotificationList.size(); int numNotifications = mNotificationList.size(); // Set the delay to spread out the burst of notifications. long delay = 0; for (int i = 0; i < numNotifications; i++) { for (int i = 0; i < numNotifications; i++) { NotificationRecord rec = mNotificationList.get(i); NotificationRecord rec = mNotificationList.get(i); if (rec.getUser().getIdentifier() != userId) { continue; } mHandler.postDelayed(() -> { synchronized (mNotificationLock) { mListeners.notifyPostedLocked(rec, rec); mListeners.notifyPostedLocked(rec, rec); } } }, delay); delay += 20; } } } } } Loading Loading @@ -8934,12 +8949,15 @@ public class NotificationManagerService extends SystemService { * notifications visible to the given listener. * notifications visible to the given listener. */ */ @GuardedBy("mNotificationLock") @GuardedBy("mNotificationLock") private NotificationRankingUpdate makeRankingUpdateLocked(ManagedServiceInfo info) { NotificationRankingUpdate makeRankingUpdateLocked(ManagedServiceInfo info) { final int N = mNotificationList.size(); final int N = mNotificationList.size(); final ArrayList<NotificationListenerService.Ranking> rankings = new ArrayList<>(); final ArrayList<NotificationListenerService.Ranking> rankings = new ArrayList<>(); for (int i = 0; i < N; i++) { for (int i = 0; i < N; i++) { NotificationRecord record = mNotificationList.get(i); NotificationRecord record = mNotificationList.get(i); if (isInLockDownMode(record.getUser().getIdentifier())) { continue; } if (!isVisibleToListener(record.getSbn(), info)) { if (!isVisibleToListener(record.getSbn(), info)) { continue; continue; } } Loading Loading @@ -8978,8 +8996,8 @@ public class NotificationManagerService extends SystemService { rankings.toArray(new NotificationListenerService.Ranking[0])); rankings.toArray(new NotificationListenerService.Ranking[0])); } } boolean isInLockDownMode() { boolean isInLockDownMode(int userId) { return mStrongAuthTracker.isInLockDownMode(); return mStrongAuthTracker.isInLockDownMode(userId); } } boolean hasCompanionDevice(ManagedServiceInfo info) { boolean hasCompanionDevice(ManagedServiceInfo info) { Loading Loading @@ -9014,7 +9032,8 @@ public class NotificationManagerService extends SystemService { ServiceManager.getService(Context.COMPANION_DEVICE_SERVICE)); ServiceManager.getService(Context.COMPANION_DEVICE_SERVICE)); } } private boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) { @VisibleForTesting boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) { if (!listener.enabledAndUserMatches(sbn.getUserId())) { if (!listener.enabledAndUserMatches(sbn.getUserId())) { return false; return false; } } Loading Loading @@ -9700,7 +9719,7 @@ public class NotificationManagerService extends SystemService { @GuardedBy("mNotificationLock") @GuardedBy("mNotificationLock") void notifyPostedLocked(NotificationRecord r, NotificationRecord old, void notifyPostedLocked(NotificationRecord r, NotificationRecord old, boolean notifyAllListeners) { boolean notifyAllListeners) { if (isInLockDownMode()) { if (isInLockDownMode(r.getUser().getIdentifier())) { return; return; } } Loading Loading @@ -9800,7 +9819,7 @@ public class NotificationManagerService extends SystemService { @GuardedBy("mNotificationLock") @GuardedBy("mNotificationLock") public void notifyRemovedLocked(NotificationRecord r, int reason, public void notifyRemovedLocked(NotificationRecord r, int reason, NotificationStats notificationStats) { NotificationStats notificationStats) { if (isInLockDownMode()) { if (isInLockDownMode(r.getUser().getIdentifier())) { return; return; } } Loading Loading @@ -9849,10 +9868,6 @@ public class NotificationManagerService extends SystemService { */ */ @GuardedBy("mNotificationLock") @GuardedBy("mNotificationLock") public void notifyRankingUpdateLocked(List<NotificationRecord> changedHiddenNotifications) { public void notifyRankingUpdateLocked(List<NotificationRecord> changedHiddenNotifications) { if (isInLockDownMode()) { return; } boolean isHiddenRankingUpdate = changedHiddenNotifications != null boolean isHiddenRankingUpdate = changedHiddenNotifications != null && changedHiddenNotifications.size() > 0; && changedHiddenNotifications.size() > 0; Loading services/core/java/com/android/server/pm/permission/PermissionManagerService.java +9 −2 Original line number Original line Diff line number Diff line Loading @@ -2347,7 +2347,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { final PackageSetting ps = (PackageSetting) final PackageSetting ps = (PackageSetting) mPackageManagerInt.getPackageSetting(newPackage.getPackageName()); mPackageManagerInt.getPackageSetting(newPackage.getPackageName()); if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, ps, saw, if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, ps, saw, ps.getPermissionsState())) { ps.getPermissionsState(), true)) { return; return; } } for (int userId : mUserManagerInt.getUserIds()) { for (int userId : mUserManagerInt.getUserIds()) { Loading Loading @@ -3596,6 +3596,13 @@ public class PermissionManagerService extends IPermissionManager.Stub { private boolean grantSignaturePermission(String perm, AndroidPackage pkg, private boolean grantSignaturePermission(String perm, AndroidPackage pkg, PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions) { PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions) { return grantSignaturePermission(perm, pkg, pkgSetting, bp, origPermissions, false); } private boolean grantSignaturePermission(String perm, AndroidPackage pkg, PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions, boolean isApi23Upgrade) { boolean oemPermission = bp.isOEM(); boolean oemPermission = bp.isOEM(); boolean vendorPrivilegedPermission = bp.isVendorPrivileged(); boolean vendorPrivilegedPermission = bp.isVendorPrivileged(); boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged(); boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged(); Loading Loading @@ -3770,7 +3777,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { // Any pre-installed system app is allowed to get this permission. // Any pre-installed system app is allowed to get this permission. allowed = true; allowed = true; } } if (!allowed && bp.isDevelopment()) { if (!allowed && bp.isDevelopment() && !(bp.isPre23() && isApi23Upgrade)) { // For development permissions, a development permission // For development permissions, a development permission // is granted only if it was already granted. // is granted only if it was already granted. allowed = origPermissions.hasInstallPermission(perm); allowed = origPermissions.hasInstallPermission(perm); Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +9 −0 Original line number Original line Diff line number Diff line Loading @@ -9661,6 +9661,15 @@ public class DevicePolicyManager { * {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to * {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to * {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted. * {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted. * * * Control over the following permissions are restricted for managed profile owners: * <ul> * <li>Manifest.permission.READ_SMS</li> * </ul> * <p> * A managed profile owner may not grant these permissions (i.e. call this method with any of * the permissions listed above and {@code grantState} of * {@code #PERMISSION_GRANT_STATE_GRANTED}), but may deny them. * * @param admin Which profile or device owner this request is associated with. * @param admin Which profile or device owner this request is associated with. * @param packageName The application to grant or revoke a permission to. * @param packageName The application to grant or revoke a permission to. * @param permission The permission to grant or revoke. * @param permission The permission to grant or revoke. Loading
core/java/android/os/WorkSource.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -129,7 +129,7 @@ public class WorkSource implements Parcelable { mNames = in.createStringArray(); mNames = in.createStringArray(); int numChains = in.readInt(); int numChains = in.readInt(); if (numChains > 0) { if (numChains >= 0) { mChains = new ArrayList<>(numChains); mChains = new ArrayList<>(numChains); in.readParcelableList(mChains, WorkChain.class.getClassLoader()); in.readParcelableList(mChains, WorkChain.class.getClassLoader()); } else { } else { Loading
services/core/java/com/android/server/am/PendingIntentRecord.java +3 −8 Original line number Original line Diff line number Diff line Loading @@ -326,17 +326,12 @@ public final class PendingIntentRecord extends IIntentSender.Stub { resolvedType = key.requestResolvedType; resolvedType = key.requestResolvedType; } } // Apply any launch flags from the ActivityOptions. This is used only by SystemUI // Apply any launch flags from the ActivityOptions. This is to ensure that the caller // to ensure that we can launch the pending intent with a consistent launch mode even // can specify a consistent launch mode even if the PendingIntent is immutable // if the provided PendingIntent is immutable (ie. to force an activity to launch into // a new task, or to launch multiple instances if supported by the app) final ActivityOptions opts = ActivityOptions.fromBundle(options); final ActivityOptions opts = ActivityOptions.fromBundle(options); if (opts != null) { if (opts != null) { // TODO(b/254490217): Move this check into SafeActivityOptions if (controller.mAtmInternal.isCallerRecents(Binder.getCallingUid())) { finalIntent.addFlags(opts.getPendingIntentLaunchFlags()); finalIntent.addFlags(opts.getPendingIntentLaunchFlags()); } } } // Extract options before clearing calling identity // Extract options before clearing calling identity mergedOptions = key.options; mergedOptions = key.options; Loading
services/core/java/com/android/server/notification/NotificationManagerService.java +47 −32 Original line number Original line Diff line number Diff line Loading @@ -1744,39 +1744,43 @@ public class NotificationManagerService extends SystemService { return (haystack & needle) != 0; return (haystack & needle) != 0; } } public boolean isInLockDownMode() { // Return whether the user is in lockdown mode. return mIsInLockDownMode; // If the flag is not set, we assume the user is not in lockdown. public boolean isInLockDownMode(int userId) { return mUserInLockDownMode.get(userId, false); } } @Override @Override public synchronized void onStrongAuthRequiredChanged(int userId) { public synchronized void onStrongAuthRequiredChanged(int userId) { boolean userInLockDownModeNext = containsFlag(getStrongAuthForUser(userId), boolean userInLockDownModeNext = containsFlag(getStrongAuthForUser(userId), STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN); mUserInLockDownMode.put(userId, userInLockDownModeNext); boolean isInLockDownModeNext = mUserInLockDownMode.indexOfValue(true) != -1; if (mIsInLockDownMode == isInLockDownModeNext) { // Nothing happens if the lockdown mode of userId keeps the same. if (userInLockDownModeNext == isInLockDownMode(userId)) { return; return; } } if (isInLockDownModeNext) { // When the lockdown mode is changed, we perform the following steps. cancelNotificationsWhenEnterLockDownMode(); // If the userInLockDownModeNext is true, all the function calls to // notifyPostedLocked and notifyRemovedLocked will not be executed. // The cancelNotificationsWhenEnterLockDownMode calls notifyRemovedLocked // and postNotificationsWhenExitLockDownMode calls notifyPostedLocked. // So we shall call cancelNotificationsWhenEnterLockDownMode before // we set mUserInLockDownMode as true. // On the other hand, if the userInLockDownModeNext is false, we shall call // postNotificationsWhenExitLockDownMode after we put false into mUserInLockDownMode if (userInLockDownModeNext) { cancelNotificationsWhenEnterLockDownMode(userId); } } // When the mIsInLockDownMode is true, both notifyPostedLocked and mUserInLockDownMode.put(userId, userInLockDownModeNext); // notifyRemovedLocked will be dismissed. So we shall call // cancelNotificationsWhenEnterLockDownMode before we set mIsInLockDownMode // as true and call postNotificationsWhenExitLockDownMode after we set // mIsInLockDownMode as false. mIsInLockDownMode = isInLockDownModeNext; if (!isInLockDownModeNext) { if (!userInLockDownModeNext) { postNotificationsWhenExitLockDownMode(); postNotificationsWhenExitLockDownMode(userId); } } } } } } private LockPatternUtils mLockPatternUtils; private StrongAuthTracker mStrongAuthTracker; private StrongAuthTracker mStrongAuthTracker; public NotificationManagerService(Context context) { public NotificationManagerService(Context context) { Loading Loading @@ -1996,7 +2000,6 @@ public class NotificationManagerService extends SystemService { ServiceManager.getService(Context.PLATFORM_COMPAT_SERVICE)); ServiceManager.getService(Context.PLATFORM_COMPAT_SERVICE)); mUiHandler = new Handler(UiThread.get().getLooper()); mUiHandler = new Handler(UiThread.get().getLooper()); mLockPatternUtils = new LockPatternUtils(getContext()); mStrongAuthTracker = new StrongAuthTracker(getContext()); mStrongAuthTracker = new StrongAuthTracker(getContext()); String[] extractorNames; String[] extractorNames; try { try { Loading Loading @@ -2445,7 +2448,7 @@ public class NotificationManagerService extends SystemService { bubbsExtractor.setShortcutHelper(mShortcutHelper); bubbsExtractor.setShortcutHelper(mShortcutHelper); } } registerNotificationPreferencesPullers(); registerNotificationPreferencesPullers(); mLockPatternUtils.registerStrongAuthTracker(mStrongAuthTracker); new LockPatternUtils(getContext()).registerStrongAuthTracker(mStrongAuthTracker); } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) { } else if (phase == SystemService.PHASE_THIRD_PARTY_APPS_CAN_START) { // This observer will force an update when observe is called, causing us to // This observer will force an update when observe is called, causing us to // bind to listener services. // bind to listener services. Loading Loading @@ -8706,11 +8709,14 @@ public class NotificationManagerService extends SystemService { } } } } private void cancelNotificationsWhenEnterLockDownMode() { private void cancelNotificationsWhenEnterLockDownMode(int userId) { synchronized (mNotificationLock) { synchronized (mNotificationLock) { int numNotifications = mNotificationList.size(); int numNotifications = mNotificationList.size(); for (int i = 0; i < numNotifications; i++) { for (int i = 0; i < numNotifications; i++) { NotificationRecord rec = mNotificationList.get(i); NotificationRecord rec = mNotificationList.get(i); if (rec.getUser().getIdentifier() != userId) { continue; } mListeners.notifyRemovedLocked(rec, REASON_CANCEL_ALL, mListeners.notifyRemovedLocked(rec, REASON_CANCEL_ALL, rec.getStats()); rec.getStats()); } } Loading @@ -8718,14 +8724,23 @@ public class NotificationManagerService extends SystemService { } } } } private void postNotificationsWhenExitLockDownMode() { private void postNotificationsWhenExitLockDownMode(int userId) { synchronized (mNotificationLock) { synchronized (mNotificationLock) { int numNotifications = mNotificationList.size(); int numNotifications = mNotificationList.size(); // Set the delay to spread out the burst of notifications. long delay = 0; for (int i = 0; i < numNotifications; i++) { for (int i = 0; i < numNotifications; i++) { NotificationRecord rec = mNotificationList.get(i); NotificationRecord rec = mNotificationList.get(i); if (rec.getUser().getIdentifier() != userId) { continue; } mHandler.postDelayed(() -> { synchronized (mNotificationLock) { mListeners.notifyPostedLocked(rec, rec); mListeners.notifyPostedLocked(rec, rec); } } }, delay); delay += 20; } } } } } Loading Loading @@ -8934,12 +8949,15 @@ public class NotificationManagerService extends SystemService { * notifications visible to the given listener. * notifications visible to the given listener. */ */ @GuardedBy("mNotificationLock") @GuardedBy("mNotificationLock") private NotificationRankingUpdate makeRankingUpdateLocked(ManagedServiceInfo info) { NotificationRankingUpdate makeRankingUpdateLocked(ManagedServiceInfo info) { final int N = mNotificationList.size(); final int N = mNotificationList.size(); final ArrayList<NotificationListenerService.Ranking> rankings = new ArrayList<>(); final ArrayList<NotificationListenerService.Ranking> rankings = new ArrayList<>(); for (int i = 0; i < N; i++) { for (int i = 0; i < N; i++) { NotificationRecord record = mNotificationList.get(i); NotificationRecord record = mNotificationList.get(i); if (isInLockDownMode(record.getUser().getIdentifier())) { continue; } if (!isVisibleToListener(record.getSbn(), info)) { if (!isVisibleToListener(record.getSbn(), info)) { continue; continue; } } Loading Loading @@ -8978,8 +8996,8 @@ public class NotificationManagerService extends SystemService { rankings.toArray(new NotificationListenerService.Ranking[0])); rankings.toArray(new NotificationListenerService.Ranking[0])); } } boolean isInLockDownMode() { boolean isInLockDownMode(int userId) { return mStrongAuthTracker.isInLockDownMode(); return mStrongAuthTracker.isInLockDownMode(userId); } } boolean hasCompanionDevice(ManagedServiceInfo info) { boolean hasCompanionDevice(ManagedServiceInfo info) { Loading Loading @@ -9014,7 +9032,8 @@ public class NotificationManagerService extends SystemService { ServiceManager.getService(Context.COMPANION_DEVICE_SERVICE)); ServiceManager.getService(Context.COMPANION_DEVICE_SERVICE)); } } private boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) { @VisibleForTesting boolean isVisibleToListener(StatusBarNotification sbn, ManagedServiceInfo listener) { if (!listener.enabledAndUserMatches(sbn.getUserId())) { if (!listener.enabledAndUserMatches(sbn.getUserId())) { return false; return false; } } Loading Loading @@ -9700,7 +9719,7 @@ public class NotificationManagerService extends SystemService { @GuardedBy("mNotificationLock") @GuardedBy("mNotificationLock") void notifyPostedLocked(NotificationRecord r, NotificationRecord old, void notifyPostedLocked(NotificationRecord r, NotificationRecord old, boolean notifyAllListeners) { boolean notifyAllListeners) { if (isInLockDownMode()) { if (isInLockDownMode(r.getUser().getIdentifier())) { return; return; } } Loading Loading @@ -9800,7 +9819,7 @@ public class NotificationManagerService extends SystemService { @GuardedBy("mNotificationLock") @GuardedBy("mNotificationLock") public void notifyRemovedLocked(NotificationRecord r, int reason, public void notifyRemovedLocked(NotificationRecord r, int reason, NotificationStats notificationStats) { NotificationStats notificationStats) { if (isInLockDownMode()) { if (isInLockDownMode(r.getUser().getIdentifier())) { return; return; } } Loading Loading @@ -9849,10 +9868,6 @@ public class NotificationManagerService extends SystemService { */ */ @GuardedBy("mNotificationLock") @GuardedBy("mNotificationLock") public void notifyRankingUpdateLocked(List<NotificationRecord> changedHiddenNotifications) { public void notifyRankingUpdateLocked(List<NotificationRecord> changedHiddenNotifications) { if (isInLockDownMode()) { return; } boolean isHiddenRankingUpdate = changedHiddenNotifications != null boolean isHiddenRankingUpdate = changedHiddenNotifications != null && changedHiddenNotifications.size() > 0; && changedHiddenNotifications.size() > 0; Loading
services/core/java/com/android/server/pm/permission/PermissionManagerService.java +9 −2 Original line number Original line Diff line number Diff line Loading @@ -2347,7 +2347,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { final PackageSetting ps = (PackageSetting) final PackageSetting ps = (PackageSetting) mPackageManagerInt.getPackageSetting(newPackage.getPackageName()); mPackageManagerInt.getPackageSetting(newPackage.getPackageName()); if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, ps, saw, if (grantSignaturePermission(Manifest.permission.SYSTEM_ALERT_WINDOW, newPackage, ps, saw, ps.getPermissionsState())) { ps.getPermissionsState(), true)) { return; return; } } for (int userId : mUserManagerInt.getUserIds()) { for (int userId : mUserManagerInt.getUserIds()) { Loading Loading @@ -3596,6 +3596,13 @@ public class PermissionManagerService extends IPermissionManager.Stub { private boolean grantSignaturePermission(String perm, AndroidPackage pkg, private boolean grantSignaturePermission(String perm, AndroidPackage pkg, PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions) { PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions) { return grantSignaturePermission(perm, pkg, pkgSetting, bp, origPermissions, false); } private boolean grantSignaturePermission(String perm, AndroidPackage pkg, PackageSetting pkgSetting, BasePermission bp, PermissionsState origPermissions, boolean isApi23Upgrade) { boolean oemPermission = bp.isOEM(); boolean oemPermission = bp.isOEM(); boolean vendorPrivilegedPermission = bp.isVendorPrivileged(); boolean vendorPrivilegedPermission = bp.isVendorPrivileged(); boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged(); boolean privilegedPermission = bp.isPrivileged() || bp.isVendorPrivileged(); Loading Loading @@ -3770,7 +3777,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { // Any pre-installed system app is allowed to get this permission. // Any pre-installed system app is allowed to get this permission. allowed = true; allowed = true; } } if (!allowed && bp.isDevelopment()) { if (!allowed && bp.isDevelopment() && !(bp.isPre23() && isApi23Upgrade)) { // For development permissions, a development permission // For development permissions, a development permission // is granted only if it was already granted. // is granted only if it was already granted. allowed = origPermissions.hasInstallPermission(perm); allowed = origPermissions.hasInstallPermission(perm); Loading
