Cap the number of notifications that a given package can post. (bd73d01a) · Commits · e / os / android_frameworks_base

services/java/com/android/server/NotificationManagerService.java

+22 −0

Original line number	Diff line number	Diff line
		@@ -70,6 +70,8 @@ class NotificationManagerService extends INotificationManager.Stub
		private static final String TAG = "NotificationService";
		private static final boolean DBG = false;

		private static final int MAX_PACKAGE_NOTIFICATIONS = 50;

		// message codes
		private static final int MESSAGE_TIMEOUT = 2;

		@@ -657,6 +659,26 @@ class NotificationManagerService extends INotificationManager.Stub
		{
		checkIncomingCall(pkg);

		// Limit the number of notifications that any given package except the android
		// package can enqueue. Prevents DOS attacks and deals with leaks.
		if (!"android".equals(pkg)) {
		synchronized (mNotificationList) {
		int count = 0;
		final int N = mNotificationList.size();
		for (int i=0; i<N; i++) {
		final NotificationRecord r = mNotificationList.get(i);
		if (r.pkg.equals(pkg)) {
		count++;
		if (count >= MAX_PACKAGE_NOTIFICATIONS) {
		Slog.e(TAG, "Package has already posted " + count
		+ " notifications. Not showing more. package=" + pkg);
		return;
		}
		}
		}
		}
		}

		// This conditional is a dirty hack to limit the logging done on
		// behalf of the download manager without affecting other apps.
		if (!pkg.equals("com.android.providers.downloads")