Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e59390f1 authored by Nate Myren's avatar Nate Myren Committed by Android (Google) Code Review
Browse files

Merge "Add OP_RECEIVE_SENSITIVE_NOTIFICATIONS" into main

parents 1550c904 a7e28789

core/api/test-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -282,6 +282,7 @@ package android.app { 
    field public static final String OPSTR_ACTIVITY_RECOGNITION = "android:activity_recognition";

    field public static final String OPSTR_ACTIVITY_RECOGNITION_SOURCE = "android:activity_recognition_source";

    field public static final String OPSTR_MANAGE_ONGOING_CALLS = "android:manage_ongoing_calls";

    field @FlaggedApi("android.service.notification.redact_sensitive_notifications_from_untrusted_listeners") public static final String OPSTR_RECEIVE_SENSITIVE_NOTIFICATIONS = "android:receive_sensitive_notifications";

    field public static final String OPSTR_RECORD_AUDIO_HOTWORD = "android:record_audio_hotword";

    field public static final String OPSTR_RESERVED_FOR_TESTING = "android:reserved_for_testing";

    field public static final String OPSTR_USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER = "android:use_icc_auth_with_device_identifier";

core/java/android/app/AppOpsManager.java

+28 −1
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ package android.app; 
import static android.location.flags.Flags.FLAG_LOCATION_BYPASS;

import static android.media.audio.Flags.roForegroundAudioControl;

import static android.permission.flags.Flags.FLAG_OP_ENABLE_MOBILE_DATA_BY_USER;

import static android.service.notification.Flags.FLAG_REDACT_SENSITIVE_NOTIFICATIONS_FROM_UNTRUSTED_LISTENERS;

import static android.view.contentprotection.flags.Flags.FLAG_CREATE_ACCESSIBILITY_OVERLAY_APP_OP_ENABLED;

import static android.view.contentprotection.flags.Flags.FLAG_RAPID_CLEAR_NOTIFICATIONS_BY_LISTENER_APP_OP_ENABLED;
@@ -1597,9 +1598,19 @@ public class AppOpsManager { 
     */

    public static final int OP_EMERGENCY_LOCATION = AppProtoEnums.APP_OP_EMERGENCY_LOCATION;



    /**

     * Allows apps with a NotificationListenerService to receive notifications with sensitive

     * information

     * <p>Apps with a NotificationListenerService without this permission will not be able

     * to view certain types of sensitive information contained in notifications

     * @hide

     */

    public static final int OP_RECEIVE_SENSITIVE_NOTIFICATIONS =

            AppProtoEnums.APP_OP_RECEIVE_SENSITIVE_NOTIFICATIONS;



    /** @hide */

    @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)

    public static final int _NUM_OP = 148;

    public static final int _NUM_OP = 149;



    /**

     * All app ops represented as strings.
@@ -1751,6 +1762,7 @@ public class AppOpsManager { 
            OPSTR_ARCHIVE_ICON_OVERLAY,

            OPSTR_UNARCHIVAL_CONFIRMATION,

            OPSTR_EMERGENCY_LOCATION,

            OPSTR_RECEIVE_SENSITIVE_NOTIFICATIONS,

    })

    public @interface AppOpString {}
@@ -2476,6 +2488,18 @@ public class AppOpsManager { 
    @FlaggedApi(FLAG_LOCATION_BYPASS)

    public static final String OPSTR_EMERGENCY_LOCATION = "android:emergency_location";



    /**

     * Allows apps with a NotificationListenerService to receive notifications with sensitive

     * information

     * <p>Apps with a NotificationListenerService without this permission will not be able

     * to view certain types of sensitive information contained in notifications

     * @hide

     */

    @TestApi

    @FlaggedApi(FLAG_REDACT_SENSITIVE_NOTIFICATIONS_FROM_UNTRUSTED_LISTENERS)

    public static final String OPSTR_RECEIVE_SENSITIVE_NOTIFICATIONS =

            "android:receive_sensitive_notifications";



    /** {@link #sAppOpsToNote} not initialized yet for this op */

    private static final byte SHOULD_COLLECT_NOTE_OP_NOT_INITIALIZED = 0;

    /** Should not collect noting of this app-op in {@link #sAppOpsToNote} */
@@ -3055,6 +3079,9 @@ public class AppOpsManager { 
                // even though this has a permission associated, this op is only used for tracking,

                // and the client is responsible for checking the LOCATION_BYPASS permission.

                .setPermission(Manifest.permission.LOCATION_BYPASS).build(),

        new AppOpInfo.Builder(OP_RECEIVE_SENSITIVE_NOTIFICATIONS,

                OPSTR_RECEIVE_SENSITIVE_NOTIFICATIONS, "RECEIVE_SENSITIVE_NOTIFICATIONS")

                .setDefaultMode(MODE_IGNORED).build(),

    };



    // The number of longs needed to form a full bitmask of app ops

services/core/java/com/android/server/notification/NotificationManagerService.java

+5 −1
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ import static android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_FOREG 
import static android.app.ActivityManagerInternal.ServiceNotificationPolicy.NOT_FOREGROUND_SERVICE;

import static android.app.AppOpsManager.MODE_ALLOWED;

import static android.app.AppOpsManager.MODE_DEFAULT;

import static android.app.AppOpsManager.OP_RECEIVE_SENSITIVE_NOTIFICATIONS;

import static android.app.Flags.FLAG_LIFETIME_EXTENSION_REFACTOR;

import static android.app.Flags.lifetimeExtensionRefactor;

import static android.app.Flags.sortSectionByTime;
@@ -11942,7 +11943,10 @@ public class NotificationManagerService extends SystemService { 
            long token = Binder.clearCallingIdentity();

            try {

                if (mPackageManager.checkUidPermission(RECEIVE_SENSITIVE_NOTIFICATIONS, uid)

                        == PERMISSION_GRANTED || mPackageManagerInternal.isPlatformSigned(pkg)) {

                        == PERMISSION_GRANTED || mPackageManagerInternal.isPlatformSigned(pkg)

                        || mAppOps

                        .noteOpNoThrow(OP_RECEIVE_SENSITIVE_NOTIFICATIONS, uid, pkg, null, null)

                        == MODE_ALLOWED) {

                    return true;

                }