diff options
4 files changed, 35 insertions, 7 deletions
diff --git a/services/core/java/com/android/server/notification/PermissionHelper.java b/services/core/java/com/android/server/notification/PermissionHelper.java index 0cbdbc18ad39..5d18069ea205 100644 --- a/services/core/java/com/android/server/notification/PermissionHelper.java +++ b/services/core/java/com/android/server/notification/PermissionHelper.java @@ -19,7 +19,7 @@ package com.android.server.notification; import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET; import static android.content.pm.PackageManager.GET_PERMISSIONS; -import static android.permission.PermissionManager.PERMISSION_GRANTED; +import static android.content.pm.PackageManager.PERMISSION_GRANTED; import android.Manifest; import android.annotation.NonNull; @@ -77,7 +77,8 @@ public final class PermissionHelper { assertFlag(); final long callingId = Binder.clearCallingIdentity(); try { - return mPmi.checkUidPermission(uid, NOTIFICATION_PERMISSION) == PERMISSION_GRANTED; + return mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(uid) + == PERMISSION_GRANTED; } finally { Binder.restoreCallingIdentity(callingId); } diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 317730a9f606..79c5ea2efefe 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -17,6 +17,7 @@ package com.android.server.pm.permission; import static android.Manifest.permission.CAPTURE_AUDIO_HOTWORD; +import static android.Manifest.permission.POST_NOTIFICATIONS; import static android.Manifest.permission.RECORD_AUDIO; import static android.Manifest.permission.UPDATE_APP_OPS_STATS; import static android.app.AppOpsManager.ATTRIBUTION_CHAIN_ID_NONE; @@ -608,6 +609,21 @@ public class PermissionManagerService extends IPermissionManager.Stub { } @Override + public int checkPostNotificationsPermissionGrantedOrLegacyAccess(int uid) { + int granted = PermissionManagerService.this.checkUidPermission(uid, + POST_NOTIFICATIONS); + AndroidPackage pkg = mPackageManagerInt.getPackage(uid); + if (granted != PermissionManager.PERMISSION_GRANTED) { + int flags = PermissionManagerService.this.getPermissionFlags(pkg.getPackageName(), + POST_NOTIFICATIONS, UserHandle.getUserId(uid)); + if ((flags & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0) { + return PermissionManager.PERMISSION_GRANTED; + } + } + return granted; + } + + @Override public void startShellPermissionIdentityDelegation(int uid, @NonNull String packageName, @Nullable List<String> permissionNames) { Objects.requireNonNull(packageName, "packageName"); diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java index d2c4ec4cc5a5..812d7a04dc13 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java @@ -63,6 +63,17 @@ public interface PermissionManagerServiceInternal extends PermissionManagerInter int checkUidPermission(int uid, @NonNull String permissionName); /** + * Check whether a particular UID has been granted the POST_NOTIFICATIONS permission, or if + * access should be granted based on legacy access (currently symbolized by the REVIEW_REQUIRED + * permission flag + * + * @param uid the UID + * @return {@code PERMISSION_GRANTED} if the permission is granted, or legacy access is granted, + * {@code PERMISSION_DENIED} otherwise + */ + int checkPostNotificationsPermissionGrantedOrLegacyAccess(int uid); + + /** * Adds a listener for runtime permission state (permissions or flags) changes. * * @param listener The listener. diff --git a/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java b/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java index fa294dd61ea3..3b6718207c83 100644 --- a/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java +++ b/services/tests/uiservicestests/src/com/android/server/notification/PermissionHelperTest.java @@ -20,8 +20,8 @@ import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; import static android.content.pm.PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SET; import static android.content.pm.PackageManager.GET_PERMISSIONS; -import static android.permission.PermissionManager.PERMISSION_GRANTED; -import static android.permission.PermissionManager.PERMISSION_SOFT_DENIED; +import static android.content.pm.PackageManager.PERMISSION_DENIED; +import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static com.google.common.truth.Truth.assertThat; @@ -130,13 +130,13 @@ public class PermissionHelperTest extends UiServiceTestCase { @Test public void testHasPermission() throws Exception { - when(mPmi.checkUidPermission(anyInt(), eq(Manifest.permission.POST_NOTIFICATIONS))) + when(mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(anyInt())) .thenReturn(PERMISSION_GRANTED); assertThat(mPermissionHelper.hasPermission(1)).isTrue(); - when(mPmi.checkUidPermission(anyInt(), eq(Manifest.permission.POST_NOTIFICATIONS))) - .thenReturn(PERMISSION_SOFT_DENIED); + when(mPmi.checkPostNotificationsPermissionGrantedOrLegacyAccess(anyInt())) + .thenReturn(PERMISSION_DENIED); assertThat(mPermissionHelper.hasPermission(1)).isFalse(); } |