Make sure user enable the restricted settings for side-loaded app.

Test: cts Bug: 319099313 Change-Id: I46984a70ffd3202c51cc525031cfeb9e172b6d60
author: Evan Chen <evanxinchen@google.com> 2024-01-23 21:00:59 +0000
committer: Evan Chen <evanxinchen@google.com> 2024-02-15 20:15:35 +0000
commit: 15906905ee8bee62bb30240af21c4bd83b0ee54d (patch)
tree: 88f7cdc6084be9a6eae9dd7ec7ec63cd26e746de
parent: 061bf53433a0326161b3f593c3a0d9f2239098be (diff)
3 files changed, 29 insertions, 2 deletions
diff --git a/core/java/android/companion/CompanionDeviceManager.java b/core/java/android/companion/CompanionDeviceManager.java
index d74399274a60..91baa4ea1eeb 100644
--- a/core/java/android/companion/CompanionDeviceManager.java
+++ b/core/java/android/companion/CompanionDeviceManager.java
@@ -707,7 +707,9 @@ public final class CompanionDeviceManager {
      * Only components from the same {@link ComponentName#getPackageName package} as the calling app
      * are allowed.
      *
-     * Your app must have an association with a device before calling this API
+     * Your app must have an association with a device before calling this API.
+     *
+     * Side-loaded apps must allow restricted settings before requesting notification access.
      *
      * <p>Calling this API requires a uses-feature
      * {@link PackageManager#FEATURE_COMPANION_DEVICE_SETUP} declaration in the manifest</p>
@@ -721,6 +723,9 @@ public final class CompanionDeviceManager {
             IntentSender intentSender = mService
                     .requestNotificationAccess(component, mContext.getUserId())
                     .getIntentSender();
+            if (intentSender == null) {
+                return;
+            }
             mContext.startIntentSender(intentSender, null, 0, 0, 0,
                     ActivityOptions.makeBasic().setPendingIntentBackgroundActivityStartMode(
                             ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_ALLOWED).toBundle());
diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
index 5019428c5323..8b718b0f348c 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
@@ -41,6 +41,7 @@ import static com.android.internal.util.Preconditions.checkState;
 import static com.android.internal.util.function.pooled.PooledLambda.obtainMessage;
 import static com.android.server.companion.AssociationStore.CHANGE_TYPE_UPDATED_ADDRESS_UNCHANGED;
 import static com.android.server.companion.MetricUtils.logRemoveAssociation;
+import static com.android.server.companion.PackageUtils.isRestrictedSettingsAllowed;
 import static com.android.server.companion.PackageUtils.enforceUsesCompanionDeviceFeature;
 import static com.android.server.companion.PackageUtils.getPackageInfo;
 import static com.android.server.companion.PermissionsUtils.checkCallerCanManageCompanionDevice;
@@ -871,13 +872,22 @@ public class CompanionDeviceManagerService extends SystemService {
         @Override
         public PendingIntent requestNotificationAccess(ComponentName component, int userId)
                 throws RemoteException {
-            String callingPackage = component.getPackageName();
+            int callingUid = getCallingUid();
+            final String callingPackage = component.getPackageName();
+
             checkCanCallNotificationApi(callingPackage, userId);
+
             if (component.flattenToString().length() > MAX_CN_LENGTH) {
                 throw new IllegalArgumentException("Component name is too long.");
             }
+
             final long identity = Binder.clearCallingIdentity();
             try {
+                if (!isRestrictedSettingsAllowed(getContext(), callingPackage, callingUid)) {
+                    Slog.e(TAG, "Side loaded app must enable restricted "
+                            + "setting before request the notification access");
+                    return null;
+                }
                 return PendingIntent.getActivityAsUser(getContext(),
                         0 /* request code */,
                         NotificationAccessConfirmationActivityContract.launcherIntent(
diff --git a/services/companion/java/com/android/server/companion/PackageUtils.java b/services/companion/java/com/android/server/companion/PackageUtils.java
index 6c77018de27b..3aae1ec99f55 100644
--- a/services/companion/java/com/android/server/companion/PackageUtils.java
+++ b/services/companion/java/com/android/server/companion/PackageUtils.java
@@ -28,6 +28,7 @@ import android.Manifest;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.UserIdInt;
+import android.app.AppOpsManager;
 import android.companion.CompanionDeviceService;
 import android.content.ComponentName;
 import android.content.Context;
@@ -222,4 +223,15 @@ public final class PackageUtils {
 
         return requestingPackageSignatureAllowlisted;
     }
+
+    /**
+     * Check if restricted settings is enabled for a side-loaded app.
+     */
+    public static boolean isRestrictedSettingsAllowed(
+            Context context, String packageName, int uid) {
+        final int mode = context.getSystemService(AppOpsManager.class).noteOpNoThrow(
+                AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS, uid,
+                packageName, /* attributionTag= */ null, /* message= */ null);
+        return mode == AppOpsManager.MODE_ALLOWED;
+    }
 }
author	Evan Chen <evanxinchen@google.com>	2024-01-23 21:00:59 +0000
committer	Evan Chen <evanxinchen@google.com>	2024-02-15 20:15:35 +0000
commit	15906905ee8bee62bb30240af21c4bd83b0ee54d (patch)
tree	88f7cdc6084be9a6eae9dd7ec7ec63cd26e746de
parent	061bf53433a0326161b3f593c3a0d9f2239098be (diff)