diff options
| -rw-r--r-- | core/api/test-current.txt | 2 | ||||
| -rw-r--r-- | core/java/android/app/StatusBarManager.java | 8 | ||||
| -rw-r--r-- | services/core/java/com/android/server/statusbar/StatusBarManagerService.java | 23 |
3 files changed, 29 insertions, 4 deletions
diff --git a/core/api/test-current.txt b/core/api/test-current.txt index ef4dfdf59e9b..1c72d02204c6 100644 --- a/core/api/test-current.txt +++ b/core/api/test-current.txt @@ -282,7 +282,7 @@ package android.app { } public class StatusBarManager { - method public void collapsePanels(); + method @RequiresPermission(android.Manifest.permission.STATUS_BAR) public void collapsePanels(); method public void expandNotificationsPanel(); method @RequiresPermission(android.Manifest.permission.STATUS_BAR) public void setExpansionDisabledForSimNetworkLock(boolean); } diff --git a/core/java/android/app/StatusBarManager.java b/core/java/android/app/StatusBarManager.java index b8fae6755bfd..4e3d85ca1b78 100644 --- a/core/java/android/app/StatusBarManager.java +++ b/core/java/android/app/StatusBarManager.java @@ -283,9 +283,15 @@ public class StatusBarManager { /** * Collapse the notifications and settings panels. * + * Starting in Android {@link Build.VERSION_CODES.S}, apps targeting SDK level {@link + * Build.VERSION_CODES.S} or higher will need {@link android.Manifest.permission.STATUS_BAR} + * permission to call this API. + * * @hide */ - @UnsupportedAppUsage + @RequiresPermission(android.Manifest.permission.STATUS_BAR) + @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, publicAlternatives = "Send {@link " + + "android.content.Intent#ACTION_CLOSE_SYSTEM_DIALOGS} instead.") @TestApi public void collapsePanels() { try { diff --git a/services/core/java/com/android/server/statusbar/StatusBarManagerService.java b/services/core/java/com/android/server/statusbar/StatusBarManagerService.java index fb47ebbcaa07..bd2d382c8010 100644 --- a/services/core/java/com/android/server/statusbar/StatusBarManagerService.java +++ b/services/core/java/com/android/server/statusbar/StatusBarManagerService.java @@ -24,15 +24,18 @@ import android.app.ActivityThread; import android.app.ITransientNotificationCallback; import android.app.Notification; import android.app.StatusBarManager; +import android.app.compat.CompatChanges; +import android.compat.annotation.ChangeId; +import android.compat.annotation.EnabledSince; import android.content.ComponentName; import android.content.Context; -import android.hardware.biometrics.BiometricAuthenticator; import android.hardware.biometrics.IBiometricSysuiReceiver; import android.hardware.biometrics.PromptInfo; import android.hardware.display.DisplayManager; import android.hardware.display.DisplayManager.DisplayListener; import android.net.Uri; import android.os.Binder; +import android.os.Build; import android.os.Bundle; import android.os.Handler; import android.os.IBinder; @@ -84,6 +87,18 @@ public class StatusBarManagerService extends IStatusBarService.Stub implements D private static final String TAG = "StatusBarManagerService"; private static final boolean SPEW = false; + /** + * Apps targeting {@code Build.VERSION_CODES.S} or higher need {@link + * android.Manifest.permission#STATUS_BAR} permission to collapse the status bar panels due to + * security reasons. + * + * This was being exploited by malware to prevent the user from accessing critical + * notifications. + */ + @ChangeId + @EnabledSince(targetSdkVersion = Build.VERSION_CODES.S) + private static final long LOCK_DOWN_COLLAPSE_STATUS_BAR = 173031413L; + private final Context mContext; private Handler mHandler = new Handler(); @@ -605,7 +620,11 @@ public class StatusBarManagerService extends IStatusBarService.Stub implements D @Override public void collapsePanels() { - enforceExpandStatusBar(); + if (CompatChanges.isChangeEnabled(LOCK_DOWN_COLLAPSE_STATUS_BAR, Binder.getCallingUid())) { + enforceStatusBar(); + } else { + enforceExpandStatusBar(); + } if (mBar != null) { try { |