Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 6db559f5 authored by Kevin F. Haggerty's avatar Kevin F. Haggerty
Browse files

Merge tag 'android-security-15.0.0_r7' into staging/lineage-22.1_android-security-15.0.0_r7 

Android security 15.0.0 release 7

* tag 'android-security-15.0.0_r7':
  Remove incorrect call to Window.addFlags with a system flag
  Check the permission of the callingUid instead of the calling package
  Set component name only for ConfirmDeviceCredentialActivity.
  [Safer intents] App Time Spent Preference
  Don't let profiles open the UserSettings overflow [DO NOT MERGE]
  Block the content scheme intent in AccountTypePreferenceLoader
  [CDM][NLS] Check if the NLS service has an intent-filter
  Checks cross user permission before handling intent
  startActivityForResult with new Intent
  RESTRICT AUTOMERGE Stops hiding a11y services with the same package+label as an activity.
  RESTRICT AUTOMERGE FRP bypass defense in App battery usage page

Conflicts:
	src/com/android/settings/accessibility/AccessibilitySettings.java
	src/com/android/settings/applications/AppInfoBase.java
	src/com/android/settings/password/ConfirmDeviceCredentialActivity.java
	src/com/android/settings/users/UserSettings.java
	tests/robotests/src/com/android/settings/applications/AppInfoWithHeaderTest.java
	tests/robotests/src/com/android/settings/notification/NotificationAccessConfirmationActivityTest.java

Change-Id: I3050b7fb67bce9f4fc275bc284ef226f57af22cd
parents b6fe390d 2f92c177

src/com/android/settings/applications/AppInfoBase.java

+13 −12
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; 


import android.Manifest;

import android.app.Activity;

import android.app.ActivityManager;

import android.app.Dialog;

import android.app.admin.DevicePolicyManager;

import android.app.settings.SettingsEnums;
@@ -34,6 +35,7 @@ import android.content.pm.PackageManager.NameNotFoundException; 
import android.hardware.usb.IUsbManager;

import android.os.Bundle;

import android.os.IBinder;

import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.UserHandle;

import android.os.UserManager;
@@ -176,20 +178,19 @@ public abstract class AppInfoBase extends SettingsPreferenceFragment 
        if (!(activity instanceof SettingsActivity)) {

            return false;

        }

        final String callingPackageName =

                ((SettingsActivity) activity).getInitialCallingPackage();



        if (TextUtils.isEmpty(callingPackageName)) {

            Log.w(TAG, "Not able to get calling package name for permission check");

            return false;

        }

        if (mPm.checkPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)

                != PackageManager.PERMISSION_GRANTED) {

            Log.w(TAG, "Package " + callingPackageName + " does not have required permission "

        try {

            int callerUid = ActivityManager.getService().getLaunchedFromUid(

                    activity.getActivityToken());

            if (ActivityManager.checkUidPermission(Manifest.permission.INTERACT_ACROSS_USERS_FULL,

                    callerUid) != PackageManager.PERMISSION_GRANTED) {

                Log.w(TAG, "Uid " + callerUid + " does not have required permission "

                        + Manifest.permission.INTERACT_ACROSS_USERS_FULL);

                return false;

            }

            return true;

        } catch (RemoteException e) {

            return false;

        }

    }



    protected void setIntentAndFinish(boolean appChanged) {

src/com/android/settings/notification/NotificationAccessConfirmationActivity.java

+0 −15
Original line number Diff line number Diff line
@@ -41,7 +41,6 @@ import android.os.UserManager; 
import android.service.notification.NotificationListenerService;

import android.text.TextUtils;

import android.util.Slog;

import android.view.WindowManager;

import android.view.accessibility.AccessibilityEvent;

import android.widget.Toast;
@@ -161,20 +160,6 @@ public class NotificationAccessConfirmationActivity extends Activity 
        getWindow().setCloseOnTouchOutside(false); 

    }



    @Override

    public void onResume() {

        super.onResume();

        getWindow().addFlags(

                WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);

    }



    @Override

    public void onPause() {

        getWindow().clearFlags(

                WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);

        super.onPause();

    }



    private void onAllow() {

        mNm.setNotificationListenerAccessGranted(mComponentName, true);

tests/robotests/src/com/android/settings/notification/NotificationAccessConfirmationActivityTest.java

+15 −0
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 


package com.android.settings.notification;



import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;



import static com.android.internal.notification.NotificationAccessConfirmationActivityContract.EXTRA_COMPONENT_NAME;



import static com.google.common.truth.Truth.assertThat;
@@ -42,6 +44,19 @@ import org.robolectric.RuntimeEnvironment; 
@RunWith(RobolectricTestRunner.class)

public class NotificationAccessConfirmationActivityTest {



    @Test

    public void onCreate_setsWindowFlags() {

        ComponentName cn = new ComponentName("com.example", "com.example.SomeService");

        installPackage(cn.getPackageName(), "Example");



        NotificationAccessConfirmationActivity activity = startActivityWithIntent(cn);



        assertThat(activity.getWindow().getAttributes().privateFlags

                & SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS).isNotEqualTo(0);

        assertThat(activity.getWindow().getAttributes().flags

                & SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS).isEqualTo(0);

    }



    @Test

    public void start_withMissingIntentFilter_finishes() {

        ComponentName cn = new ComponentName("com.example", "com.example.SomeService");