[DO NOT MERGE] Enforce INTERACT_ACROSS_USERS_FULL permission for NotificationAccessDetails
When using EXTRA_USER_HANDLE, check for INTERACT_ACROSS_USERS_FULL permission on calling package.
Bug: 259385017
Test:
1. Build a test app that creates and starts an intent to NOTIFICATION_LISTENER_DETAIL_SETTINGS while setting the intent extra "android.intent.extra.user_handle" to UserHandle(secondaryUserId).
2. Create and switch to a secondary user
Settings > System > Multiple users > Allow multiple users > Add user > Switch to New user
3. Open Settings > Notifications > Device & app notifications and choose an app from the list (uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE). Enable Device & app notifications for selected app and disable all attributed permissions.
4. Switch back to the Owner user.
5. Get the userId of the secondary user: adb shell pm list users.
6. Open the test app and enter the userId for the secondary user and the component name that uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE.
8. In the settings window that open, enable all 4 sub-options.
9. Switch to the secondary user and note that the all sub-options for the app are disabled.
Change-Id: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
(cherry picked from commit 99b8b4cd60)
This commit is contained in:
Valentin Iftime
committed by
Iavor-Valentin Iftime
Iavor-Valentin Iftime
parent
521278a00d
commit
250edeead7
@@ -16,14 +16,14 @@
|
|||||||
|
|
||||||
package com.android.settings.applications.specialaccess.notificationaccess;
|
package com.android.settings.applications.specialaccess.notificationaccess;
|
||||||
|
|
||||||
|
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
|
||||||
|
|
||||||
import static com.android.settings.applications.AppInfoBase.ARG_PACKAGE_NAME;
|
import static com.android.settings.applications.AppInfoBase.ARG_PACKAGE_NAME;
|
||||||
|
|
||||||
import android.app.Activity;
|
import android.Manifest;
|
||||||
import android.app.NotificationManager;
|
import android.app.NotificationManager;
|
||||||
import android.app.settings.SettingsEnums;
|
import android.app.settings.SettingsEnums;
|
||||||
import android.companion.ICompanionDeviceManager;
|
import android.companion.ICompanionDeviceManager;
|
||||||
import android.compat.annotation.ChangeId;
|
|
||||||
import android.compat.annotation.EnabledAfter;
|
|
||||||
import android.content.ComponentName;
|
import android.content.ComponentName;
|
||||||
import android.content.Context;
|
import android.content.Context;
|
||||||
import android.content.Intent;
|
import android.content.Intent;
|
||||||
@@ -37,8 +37,8 @@ import android.os.ServiceManager;
|
|||||||
import android.os.UserHandle;
|
import android.os.UserHandle;
|
||||||
import android.os.UserManager;
|
import android.os.UserManager;
|
||||||
import android.provider.Settings;
|
import android.provider.Settings;
|
||||||
import android.service.notification.NotificationListenerFilter;
|
|
||||||
import android.service.notification.NotificationListenerService;
|
import android.service.notification.NotificationListenerService;
|
||||||
|
import android.text.TextUtils;
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
import android.util.Slog;
|
import android.util.Slog;
|
||||||
|
|
||||||
@@ -48,7 +48,6 @@ import androidx.preference.PreferenceScreen;
|
|||||||
import com.android.settings.R;
|
import com.android.settings.R;
|
||||||
import com.android.settings.SettingsActivity;
|
import com.android.settings.SettingsActivity;
|
||||||
import com.android.settings.applications.AppInfoBase;
|
import com.android.settings.applications.AppInfoBase;
|
||||||
import com.android.settings.applications.manageapplications.ManageApplications;
|
|
||||||
import com.android.settings.bluetooth.Utils;
|
import com.android.settings.bluetooth.Utils;
|
||||||
import com.android.settings.core.SubSettingLauncher;
|
import com.android.settings.core.SubSettingLauncher;
|
||||||
import com.android.settings.dashboard.DashboardFragment;
|
import com.android.settings.dashboard.DashboardFragment;
|
||||||
@@ -208,8 +207,12 @@ public class NotificationAccessDetails extends DashboardFragment {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
|
if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
|
||||||
mUserId = ((UserHandle) intent.getParcelableExtra(
|
if (hasInteractAcrossUsersPermission()) {
|
||||||
Intent.EXTRA_USER_HANDLE)).getIdentifier();
|
mUserId = ((UserHandle) intent.getParcelableExtra(
|
||||||
|
Intent.EXTRA_USER_HANDLE)).getIdentifier();
|
||||||
|
} else {
|
||||||
|
finish();
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
mUserId = UserHandle.myUserId();
|
mUserId = UserHandle.myUserId();
|
||||||
}
|
}
|
||||||
@@ -224,6 +227,26 @@ public class NotificationAccessDetails extends DashboardFragment {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean hasInteractAcrossUsersPermission() {
|
||||||
|
final String callingPackageName =
|
||||||
|
((SettingsActivity) getActivity()).getInitialCallingPackage();
|
||||||
|
|
||||||
|
if (TextUtils.isEmpty(callingPackageName)) {
|
||||||
|
Log.w(TAG, "Not able to get calling package name for permission check");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (getContext().getPackageManager().checkPermission(
|
||||||
|
Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
|
||||||
|
!= PERMISSION_GRANTED) {
|
||||||
|
Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
|
||||||
|
+ Manifest.permission.INTERACT_ACROSS_USERS_FULL);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
// Dialogs only have access to the parent fragment, not the controller, so pass the information
|
// Dialogs only have access to the parent fragment, not the controller, so pass the information
|
||||||
// along to keep business logic out of this file
|
// along to keep business logic out of this file
|
||||||
public void disable(final ComponentName cn) {
|
public void disable(final ComponentName cn) {
|
||||||
|
|||||||
Reference in New Issue
Block a user