Merge "Check for REVIEW_REQUIRED when determining Notification Access"

import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;

import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;

import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET;

import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET;

import static android.content.pm.PackageManager.GET_PERMISSIONS;

import static android.content.pm.PackageManager.GET_PERMISSIONS;

import static android.permission.PermissionManager.PERMISSION_GRANTED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import android.Manifest;

import android.Manifest;

import android.annotation.NonNull;

import android.annotation.NonNull;

        assertFlag();

        assertFlag();

        final long callingId = Binder.clearCallingIdentity();

        final long callingId = Binder.clearCallingIdentity();

        try {

        try {

            return mPmi.checkUidPermission(uid, NOTIFICATION_PERMISSION) == PERMISSION_GRANTED;

            return mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(uid)

                    == PERMISSION_GRANTED;

        } finally {

        } finally {

            Binder.restoreCallingIdentity(callingId);

            Binder.restoreCallingIdentity(callingId);

        }

        }

package com.android.server.pm.permission;

package com.android.server.pm.permission;

import static android.Manifest.permission.CAPTURE_AUDIO_HOTWORD;

import static android.Manifest.permission.CAPTURE_AUDIO_HOTWORD;

import static android.Manifest.permission.POST_NOTIFICATIONS;

import static android.Manifest.permission.RECORD_AUDIO;

import static android.Manifest.permission.RECORD_AUDIO;

import static android.Manifest.permission.UPDATE_APP_OPS_STATS;

import static android.Manifest.permission.UPDATE_APP_OPS_STATS;

import static android.app.AppOpsManager.ATTRIBUTION_CHAIN_ID_NONE;

import static android.app.AppOpsManager.ATTRIBUTION_CHAIN_ID_NONE;

            return PermissionManagerService.this.checkUidPermission(uid, permissionName);

            return PermissionManagerService.this.checkUidPermission(uid, permissionName);

        }

        }

        @Override

        public int checkPostNotificationsPermissionGrantedOrLegacyAccess(int uid) {

            int granted = PermissionManagerService.this.checkUidPermission(uid,

                    POST_NOTIFICATIONS);

            AndroidPackage pkg = mPackageManagerInt.getPackage(uid);

            if (granted != PermissionManager.PERMISSION_GRANTED) {

                int flags = PermissionManagerService.this.getPermissionFlags(pkg.getPackageName(),

                        POST_NOTIFICATIONS, UserHandle.getUserId(uid));

                if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) {

                    return PermissionManager.PERMISSION_GRANTED;

                }

            }

            return granted;

        }

        @Override

        @Override

        public void startShellPermissionIdentityDelegation(int uid, @NonNull String packageName,

        public void startShellPermissionIdentityDelegation(int uid, @NonNull String packageName,

                @Nullable List<String> permissionNames) {

                @Nullable List<String> permissionNames) {

    //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)

    //@SystemApi(client = SystemApi.Client.SYSTEM_SERVER)

    int checkUidPermission(int uid, @NonNull String permissionName);

    int checkUidPermission(int uid, @NonNull String permissionName);

    /**

     * Check whether a particular UID has been granted the POST_NOTIFICATIONS permission, or if

     * access should be granted based on legacy access (currently symbolized by the REVIEW_REQUIRED

     * permission flag

     *

     * @param uid the UID

     * @return {@code PERMISSION_GRANTED} if the permission is granted, or legacy access is granted,

     *         {@code PERMISSION_DENIED} otherwise

     */

    int checkPostNotificationsPermissionGrantedOrLegacyAccess(int uid);

    /**

    /**

     * Adds a listener for runtime permission state (permissions or flags) changes.

     * Adds a listener for runtime permission state (permissions or flags) changes.

     *

     *

import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;

import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;

import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET;

import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET;

import static android.content.pm.PackageManager.GET_PERMISSIONS;

import static android.content.pm.PackageManager.GET_PERMISSIONS;

import static android.permission.PermissionManager.PERMISSION_GRANTED;

import static android.content.pm.PackageManager.PERMISSION_DENIED;

import static android.permission.PermissionManager.PERMISSION_SOFT_DENIED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import static com.google.common.truth.Truth.assertThat;

import static com.google.common.truth.Truth.assertThat;

    @Test

    @Test

    public void testHasPermission() throws Exception {

    public void testHasPermission() throws Exception {

        when(mPmi.checkUidPermission(anyInt(), eq(Manifest.permission.POST_NOTIFICATIONS)))

        when(mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(anyInt()))

                .thenReturn(PERMISSION_GRANTED);

                .thenReturn(PERMISSION_GRANTED);

        assertThat(mPermissionHelper.hasPermission(1)).isTrue();

        assertThat(mPermissionHelper.hasPermission(1)).isTrue();

        when(mPmi.checkUidPermission(anyInt(), eq(Manifest.permission.POST_NOTIFICATIONS)))

        when(mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(anyInt()))

                .thenReturn(PERMISSION_SOFT_DENIED);

                .thenReturn(PERMISSION_DENIED);

        assertThat(mPermissionHelper.hasPermission(1)).isFalse();

        assertThat(mPermissionHelper.hasPermission(1)).isFalse();

    }

    }