Merge "Fix isSystemUi to avoid System services" into main

author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> 2024-03-11 21:24:27 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2024-03-11 21:24:27 +0000
commit: 370ec60a11a07d9dfc4ff8df8694d506de6644c0 (patch)
tree: 33d61ce703668690a1ce3553906b4572a41ee989
parent: ed1a8280d7d979ffe72ac17a6dc999acfd349569 (diff)
parent: ef762be9a6158465e7d2841b7000262255a11c5d (diff)
1 files changed, 11 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index e7455dbad949..c38fbda4f5fd 100755
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -12054,10 +12054,17 @@ public class NotificationManagerService extends SystemService {
         @Override
         public void onServiceAdded(ManagedServiceInfo info) {
             if (lifetimeExtensionRefactor()) {
-                // We explicitly check the status bar permission for the uid in the info object.
-                // We can't use the calling uid here because it's probably always system server.
-                // Note that this will also be true for the shell.
-                info.isSystemUi = getContext().checkPermission(
+                // Generally, only System or System UI should have the permissions to call
+                // registerSystemService.
+                // isCallerSystemOrPhone tells us whether the caller is System. We negate this,
+                // to eliminate cases where the service was added by the system. This leaves
+                // services registered by system server.
+                // To identify system UI, we explicitly check the status bar permission for the
+                // uid in the info object.
+                // We can't use the calling uid here because it belongs to system server.
+                // Note that this will also return true for the shell, but we deem this
+                // acceptable, for the purposes of testing.
+                info.isSystemUi = !isCallerSystemOrPhone() && getContext().checkPermission(
                         android.Manifest.permission.STATUS_BAR_SERVICE, -1, info.uid)
                         == PERMISSION_GRANTED;
             }
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	2024-03-11 21:24:27 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2024-03-11 21:24:27 +0000
commit	370ec60a11a07d9dfc4ff8df8694d506de6644c0 (patch)
tree	33d61ce703668690a1ce3553906b4572a41ee989
parent	ed1a8280d7d979ffe72ac17a6dc999acfd349569 (diff)
parent	ef762be9a6158465e7d2841b7000262255a11c5d (diff)