From 250edeead7625827110b6b944934fa470f7c0b47 Mon Sep 17 00:00:00 2001
From: Valentin Iftime <valiiftime@google.com>
Date: Mon, 23 Jan 2023 15:00:42 +0100
Subject: [PATCH] [DO NOT MERGE] Enforce INTERACT_ACROSS_USERS_FULL permission
 for NotificationAccessDetails

 When using EXTRA_USER_HANDLE, check for INTERACT_ACROSS_USERS_FULL permission on calling package.

Bug: 259385017
Test:
 1. Build a test app that creates and starts an intent to NOTIFICATION_LISTENER_DETAIL_SETTINGS while setting the intent extra  "android.intent.extra.user_handle" to UserHandle(secondaryUserId).
 2. Create and switch to a secondary user
Settings > System > Multiple users > Allow multiple users > Add user > Switch to New user
 3. Open Settings > Notifications > Device & app notifications and choose an app from the list (uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE). Enable Device & app notifications for selected app and disable all attributed permissions.
 4. Switch back to the Owner user.
 5. Get the userId of the secondary user: adb shell pm list users.
 6. Open the test app and enter the userId for the secondary user and the component name that uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE.
 8. In the settings window that open, enable all 4 sub-options.
 9. Switch to the secondary user and note that the all sub-options for the app are disabled.

Change-Id: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
(cherry picked from commit 99b8b4cd602affa6a8151c37f6a666ea0b7e0631)
---
 .../NotificationAccessDetails.java            | 37 +++++++++++++++----
 1 file changed, 30 insertions(+), 7 deletions(-)

diff --git a/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java b/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
index da25f17c138..f0fd85af345 100644
--- a/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
+++ b/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
@@ -16,14 +16,14 @@
 
 package com.android.settings.applications.specialaccess.notificationaccess;
 
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+
 import static com.android.settings.applications.AppInfoBase.ARG_PACKAGE_NAME;
 
-import android.app.Activity;
+import android.Manifest;
 import android.app.NotificationManager;
 import android.app.settings.SettingsEnums;
 import android.companion.ICompanionDeviceManager;
-import android.compat.annotation.ChangeId;
-import android.compat.annotation.EnabledAfter;
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
@@ -37,8 +37,8 @@ import android.os.ServiceManager;
 import android.os.UserHandle;
 import android.os.UserManager;
 import android.provider.Settings;
-import android.service.notification.NotificationListenerFilter;
 import android.service.notification.NotificationListenerService;
+import android.text.TextUtils;
 import android.util.Log;
 import android.util.Slog;
 
@@ -48,7 +48,6 @@ import androidx.preference.PreferenceScreen;
 import com.android.settings.R;
 import com.android.settings.SettingsActivity;
 import com.android.settings.applications.AppInfoBase;
-import com.android.settings.applications.manageapplications.ManageApplications;
 import com.android.settings.bluetooth.Utils;
 import com.android.settings.core.SubSettingLauncher;
 import com.android.settings.dashboard.DashboardFragment;
@@ -208,8 +207,12 @@ public class NotificationAccessDetails extends DashboardFragment {
             }
         }
         if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
-            mUserId = ((UserHandle) intent.getParcelableExtra(
-                    Intent.EXTRA_USER_HANDLE)).getIdentifier();
+            if (hasInteractAcrossUsersPermission()) {
+                mUserId = ((UserHandle) intent.getParcelableExtra(
+                        Intent.EXTRA_USER_HANDLE)).getIdentifier();
+            } else {
+                finish();
+            }
         } else {
             mUserId = UserHandle.myUserId();
         }
@@ -224,6 +227,26 @@ public class NotificationAccessDetails extends DashboardFragment {
         }
     }
 
+    private boolean hasInteractAcrossUsersPermission() {
+        final String callingPackageName =
+                ((SettingsActivity) getActivity()).getInitialCallingPackage();
+
+        if (TextUtils.isEmpty(callingPackageName)) {
+            Log.w(TAG, "Not able to get calling package name for permission check");
+            return false;
+        }
+
+        if (getContext().getPackageManager().checkPermission(
+                Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
+                != PERMISSION_GRANTED) {
+            Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
+                    + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+            return false;
+        }
+
+        return true;
+    }
+
     // Dialogs only have access to the parent fragment, not the controller, so pass the information
     // along to keep business logic out of this file
     public void disable(final ComponentName cn) {