diff options
| -rw-r--r-- | core/java/android/app/Notification.java | 13 | ||||
| -rwxr-xr-x | services/core/java/com/android/server/notification/NotificationManagerService.java | 8 |
2 files changed, 20 insertions, 1 deletions
diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java index 47ababf71e50..432d99d80b89 100644 --- a/core/java/android/app/Notification.java +++ b/core/java/android/app/Notification.java @@ -3314,6 +3314,19 @@ public class Notification implements Parcelable } /** + * Sets the token used for background operations for the pending intents associated with this + * notification. + * + * This token is automatically set during deserialization for you, you usually won't need to + * call this unless you want to change the existing token, if any. + * + * @hide + */ + public void setAllowlistToken(@Nullable IBinder token) { + mAllowlistToken = token; + } + + /** * @hide */ public static void addFieldsFromContext(Context context, Notification notification) { diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java index f0e693976faa..0dd9b292b386 100755 --- a/services/core/java/com/android/server/notification/NotificationManagerService.java +++ b/services/core/java/com/android/server/notification/NotificationManagerService.java @@ -4221,6 +4221,7 @@ public class NotificationManagerService extends SystemService { } } + /** Notifications returned here will have allowlistToken stripped from them. */ private StatusBarNotification sanitizeSbn(String pkg, int userId, StatusBarNotification sbn) { if (sbn.getUserId() == userId) { @@ -4228,11 +4229,16 @@ public class NotificationManagerService extends SystemService { // We could pass back a cloneLight() but clients might get confused and // try to send this thing back to notify() again, which would not work // very well. + Notification notification = sbn.getNotification().clone(); + // Remove background token before returning notification to untrusted app, this + // ensures the app isn't able to perform background operations that are + // associated with notification interactions. + notification.setAllowlistToken(null); return new StatusBarNotification( sbn.getPackageName(), sbn.getOpPkg(), sbn.getId(), sbn.getTag(), sbn.getUid(), sbn.getInitialPid(), - sbn.getNotification().clone(), + notification, sbn.getUser(), sbn.getOverrideGroupKey(), sbn.getPostTime()); } } |