[automerge] [DO NOT MERGE] Enforce INTERACT_ACROSS_USERS_FULL permission for NotificationAccessDetails 2p: 9a7bd79ca3

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/apps/Settings/+/21298578 Bug: 259385017 Change-Id: I6c0a1f1167ad07d11c1eb85f93e8d7bd1ce6ba2b
2023-02-06 14:14:21 +00:00
parent 9d643d3042 9a7bd79ca3
commit dbd4423d03
1 changed files with 31 additions and 2 deletions
--- a/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
+++ b/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
@@ -16,8 +16,11 @@

 package com.android.settings.applications.specialaccess.notificationaccess;

+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+
 import static com.android.settings.applications.AppInfoBase.ARG_PACKAGE_NAME;

+import android.Manifest;
 import android.app.Activity;
 import android.app.NotificationManager;
 import android.app.settings.SettingsEnums;
@@ -39,6 +42,7 @@ import android.os.UserManager;
 import android.provider.Settings;
 import android.service.notification.NotificationListenerFilter;
 import android.service.notification.NotificationListenerService;
+import android.text.TextUtils;
 import android.util.Log;
 import android.util.Slog;

@@ -53,6 +57,7 @@ import com.android.settings.bluetooth.Utils;
 import com.android.settings.core.SubSettingLauncher;
 import com.android.settings.dashboard.DashboardFragment;
 import com.android.settings.notification.NotificationBackend;
+import com.android.settings.password.PasswordUtils;
 import com.android.settingslib.RestrictedLockUtils;
 import com.android.settingslib.RestrictedLockUtilsInternal;

@@ -208,8 +213,12 @@ public class NotificationAccessDetails extends DashboardFragment {
            }
        }
        if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
-            mUserId = ((UserHandle) intent.getParcelableExtra(
-                    Intent.EXTRA_USER_HANDLE)).getIdentifier();
+            if (hasInteractAcrossUsersPermission()) {
+                mUserId = ((UserHandle) intent.getParcelableExtra(
+                        Intent.EXTRA_USER_HANDLE)).getIdentifier();
+            } else {
+                finish();
+            }
        } else {
            mUserId = UserHandle.myUserId();
        }
@@ -224,6 +233,26 @@ public class NotificationAccessDetails extends DashboardFragment {
        }
    }

+    private boolean hasInteractAcrossUsersPermission() {
+        final String callingPackageName = PasswordUtils.getCallingAppPackageName(
+                getActivity().getActivityToken());
+
+        if (TextUtils.isEmpty(callingPackageName)) {
+            Log.w(TAG, "Not able to get calling package name for permission check");
+            return false;
+        }
+
+        if (getContext().getPackageManager().checkPermission(
+                Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
+                != PERMISSION_GRANTED) {
+            Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
+                    + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+            return false;
+        }
+
+        return true;
+    }
+
    // Dialogs only have access to the parent fragment, not the controller, so pass the information
    // along to keep business logic out of this file
    public void disable(final ComponentName cn) {