Add ADB command to disable the redaction of OTP notifications

Bug: 382172273 Test: manual Flag: EXEMPT see comments Change-Id: I7ed3f8936706c3074e9cf9f766561cc768ff385a
author: Nate Myren <ntmyren@google.com> 2025-03-06 16:01:27 -0800
committer: Nate Myren <ntmyren@google.com> 2025-03-07 10:08:49 -0800
commit: 23af34ebab0c24fc269d1245cad29da26296be14 (patch)
tree: 5179d5b6220def38b5970931607a9b2ba23e51c6
parent: d60188b2121606b787db33889084c6e3973734fe (diff)
4 files changed, 33 insertions, 4 deletions
diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java
index da4709b4b8b1..fbea15ea94b2 100644
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -19790,6 +19790,14 @@ public final class Settings {
         public static final String REPAIR_MODE_ACTIVE = "repair_mode_active";
 
         /**
+         * Whether the notification manager service should redact notifications that contain otps
+         * from untrusted listeners. Defaults to 1/true.
+         * @hide
+         */
+        public static final String REDACT_OTP_NOTIFICATIONS_FROM_UNTRUSTED_LISTENERS =
+                "redact_otp_notifications_from_untrusted_listeners";
+
+        /**
          * Settings migrated from Wear OS settings provider.
          * @hide
          */
diff --git a/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java b/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
index 70c042cb8eba..ef6da726ab96 100644
--- a/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
+++ b/packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java
@@ -567,6 +567,7 @@ public class SettingsBackupTest {
                     Settings.Global.REVIEW_PERMISSIONS_NOTIFICATION_STATE,
                     Settings.Global.HEARING_DEVICE_LOCAL_AMBIENT_VOLUME, // cache per hearing device
                     Settings.Global.HEARING_DEVICE_LOCAL_NOTIFICATION, // cache per hearing device
+                    Settings.Global.REDACT_OTP_NOTIFICATIONS_FROM_UNTRUSTED_LISTENERS,
                     Settings.Global.Wearable.COMBINED_LOCATION_ENABLE,
                     Settings.Global.Wearable.HAS_PAY_TOKENS,
                     Settings.Global.Wearable.GMS_CHECKIN_TIMEOUT_MIN,
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 7a544cf1c26c..8948bd196789 100644
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -764,6 +764,8 @@ public class NotificationManagerService extends SystemService {
     private long mLastOverRateLogTime;
     private float mMaxPackageEnqueueRate = DEFAULT_MAX_NOTIFICATION_ENQUEUE_RATE;
 
+    private boolean mRedactOtpNotifications = true;
+
     private NotificationHistoryManager mHistoryManager;
     protected SnoozeHelper mSnoozeHelper;
     private TimeToLiveHelper mTtlHelper;
@@ -2410,6 +2412,8 @@ public class NotificationManagerService extends SystemService {
                 = Secure.getUriFor(Secure.LOCK_SCREEN_SHOW_NOTIFICATIONS);
         private final Uri SHOW_NOTIFICATION_SNOOZE
                 = Secure.getUriFor(Secure.SHOW_NOTIFICATION_SNOOZE);
+        private final Uri REDACT_OTP_NOTIFICATIONS = Settings.Global.getUriFor(
+                Settings.Global.REDACT_OTP_NOTIFICATIONS_FROM_UNTRUSTED_LISTENERS);
 
         SettingsObserver(Handler handler) {
             super(handler);
@@ -2435,6 +2439,8 @@ public class NotificationManagerService extends SystemService {
 
             resolver.registerContentObserver(SHOW_NOTIFICATION_SNOOZE,
                     false, this, USER_ALL);
+            resolver.registerContentObserver(REDACT_OTP_NOTIFICATIONS,
+                    false, this, USER_ALL);
 
             update(null);
         }
@@ -2481,6 +2487,10 @@ public class NotificationManagerService extends SystemService {
                     unsnoozeAll();
                 }
             }
+            if (REDACT_OTP_NOTIFICATIONS.equals(uri)) {
+                mRedactOtpNotifications = Settings.Global.getInt(resolver,
+                        Settings.Global.REDACT_OTP_NOTIFICATIONS_FROM_UNTRUSTED_LISTENERS, 1) != 0;
+            }
         }
 
         public void update(Uri uri, int userId) {
@@ -13453,13 +13463,13 @@ public class NotificationManagerService extends SystemService {
                 StatusBarNotification oldRedactedSbn = null;
                 boolean isNewSensitive = hasSensitiveContent(r);
                 boolean isOldSensitive = hasSensitiveContent(old);
+                boolean redactionEnabled = redactSensitiveNotificationsFromUntrustedListeners()
+                        && mRedactOtpNotifications;
 
                 for (final ManagedServiceInfo info : getServices()) {
                     boolean isTrusted = isUidTrusted(info.uid);
-                    boolean sendRedacted = redactSensitiveNotificationsFromUntrustedListeners()
-                            && isNewSensitive && !isTrusted;
-                    boolean sendOldRedacted = redactSensitiveNotificationsFromUntrustedListeners()
-                            && isOldSensitive && !isTrusted;
+                    boolean sendRedacted = redactionEnabled && isNewSensitive && !isTrusted;
+                    boolean sendOldRedacted = redactionEnabled && isOldSensitive && !isTrusted;
                     boolean sbnVisible = isVisibleToListener(sbn, r.getNotificationType(), info);
                     boolean oldSbnVisible = (oldSbn != null)
                             && isVisibleToListener(oldSbn, old.getNotificationType(), info);
diff --git a/services/core/java/com/android/server/notification/NotificationShellCmd.java b/services/core/java/com/android/server/notification/NotificationShellCmd.java
index bc987ed21251..ffc7c7b26ebd 100644
--- a/services/core/java/com/android/server/notification/NotificationShellCmd.java
+++ b/services/core/java/com/android/server/notification/NotificationShellCmd.java
@@ -45,6 +45,7 @@ import android.os.Process;
 import android.os.RemoteException;
 import android.os.ShellCommand;
 import android.os.UserHandle;
+import android.provider.Settings;
 import android.service.notification.NotificationListenerService;
 import android.service.notification.StatusBarNotification;
 import android.text.TextUtils;
@@ -81,6 +82,7 @@ public class NotificationShellCmd extends ShellCommand {
             + "  snooze --for <msec> <notification-key>\n"
             + "  unsnooze <notification-key>\n"
             + "  set_exempt_th_force_grouping [true|false]\n"
+            + "  redact_otp_from_untrusted_listeners [true|false]\n"
             ;
 
     private static final String NOTIFY_USAGE =
@@ -431,6 +433,14 @@ public class NotificationShellCmd extends ShellCommand {
                     mDirectService.setTestHarnessExempted(exemptTestHarnessFromForceGrouping);
                     break;
                 }
+                case "redact_otp_from_untrusted_listeners": {
+                    String arg = getNextArgRequired();
+                    final int allow = "true".equals(arg) || "1".equals(arg) ? 1 : 0;
+                    Settings.Global.putInt(mDirectService.getContext().getContentResolver(),
+                            Settings.Global.REDACT_OTP_NOTIFICATIONS_FROM_UNTRUSTED_LISTENERS,
+                            allow);
+                    break;
+                }
                 default:
                     return handleDefaultCommands(cmd);
             }
author	Nate Myren <ntmyren@google.com>	2025-03-06 16:01:27 -0800
committer	Nate Myren <ntmyren@google.com>	2025-03-07 10:08:49 -0800
commit	23af34ebab0c24fc269d1245cad29da26296be14 (patch)
tree	5179d5b6220def38b5970931607a9b2ba23e51c6
parent	d60188b2121606b787db33889084c6e3973734fe (diff)