Allow shell to revoke notification permission without kill
Add the revokePostNotificationPermissionWithoutKillForTest API, which
will allow the shell to revoke the POST_NOTIFICATIONS permission without
killing this app. Gate this permission behind the
REVOKE_POST_NOTIFICATIONS_WITHOUT_KILL permission, which is
signature|privileged, accessible only to the shell.
Ignore-AOSP-First: Contains information about unreleased features
Test: manual
Bug: 194833441
Change-Id: I3177d1aeb338591c1d736aa6b4f073b6db6227e7
diff --git a/core/api/test-current.txt b/core/api/test-current.txt
index 6586ae0..44efd26 100644
--- a/core/api/test-current.txt
+++ b/core/api/test-current.txt
@@ -36,6 +36,7 @@
field public static final String RECORD_BACKGROUND_AUDIO = "android.permission.RECORD_BACKGROUND_AUDIO";
field public static final String REMOVE_TASKS = "android.permission.REMOVE_TASKS";
field public static final String RESET_APP_ERRORS = "android.permission.RESET_APP_ERRORS";
+ field public static final String REVOKE_POST_NOTIFICATIONS_WITHOUT_KILL = "android.permission.REVOKE_POST_NOTIFICATIONS_WITHOUT_KILL";
field public static final String SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS = "android.permission.SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS";
field public static final String START_TASKS_FROM_RECENTS = "android.permission.START_TASKS_FROM_RECENTS";
field public static final String SUSPEND_APPS = "android.permission.SUSPEND_APPS";
@@ -2036,6 +2037,7 @@
method @NonNull @RequiresPermission(android.Manifest.permission.GET_APP_OPS_STATS) public java.util.List<android.permission.PermGroupUsage> getIndicatorAppOpUsageData();
method @NonNull @RequiresPermission(android.Manifest.permission.GET_APP_OPS_STATS) public java.util.List<android.permission.PermGroupUsage> getIndicatorAppOpUsageData(boolean);
method @NonNull public android.content.AttributionSource registerAttributionSource(@NonNull android.content.AttributionSource);
+ method public void revokePostNotificationPermissionWithoutKillForTest(@NonNull String, int);
}
}
diff --git a/core/java/android/permission/IPermissionManager.aidl b/core/java/android/permission/IPermissionManager.aidl
index 4a94c32..90b5e51 100644
--- a/core/java/android/permission/IPermissionManager.aidl
+++ b/core/java/android/permission/IPermissionManager.aidl
@@ -67,6 +67,8 @@
void revokeRuntimePermission(String packageName, String permissionName, int userId,
String reason);
+ void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId);
+
boolean shouldShowRequestPermissionRationale(String packageName, String permissionName,
int userId);
diff --git a/core/java/android/permission/PermissionManager.java b/core/java/android/permission/PermissionManager.java
index 3ea50e9..4f22876 100644
--- a/core/java/android/permission/PermissionManager.java
+++ b/core/java/android/permission/PermissionManager.java
@@ -1362,6 +1362,26 @@
return false;
}
+ /**
+ * Revoke the POST_NOTIFICATIONS permission, without killing the app. This method must ONLY BE
+ * USED in CTS or local tests.
+ *
+ * @param packageName The package to be revoked
+ * @param userId The user for which to revoke
+ *
+ * @hide
+ */
+ @TestApi
+ public void revokePostNotificationPermissionWithoutKillForTest(@NonNull String packageName,
+ int userId) {
+ try {
+ mPermissionManager.revokePostNotificationPermissionWithoutKillForTest(packageName,
+ userId);
+ } catch (RemoteException e) {
+ e.rethrowFromSystemServer();
+ }
+ }
+
/* @hide */
private static int checkPermissionUncached(@Nullable String permission, int pid, int uid) {
final IActivityManager am = ActivityManager.getService();
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index dfcfd5f..f692e12 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -4438,6 +4438,12 @@
<permission android:name="android.permission.REVOKE_RUNTIME_PERMISSIONS"
android:protectionLevel="signature|installer|verifier" />
+ <!-- @TestApi Allows an application to revoke the POST_NOTIFICATIONS permission from an app
+ without killing the app. Only granted to the shell.
+ @hide -->
+ <permission android:name="android.permission.REVOKE_POST_NOTIFICATIONS_WITHOUT_KILL"
+ android:protectionLevel="signature" />
+
<!-- @SystemApi Allows the system to read runtime permission state.
@hide -->
<permission android:name="android.permission.GET_RUNTIME_PERMISSIONS"
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 1d4a73c..134fcb9 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -613,6 +613,9 @@
<!-- Permission required for CTS test - CtsSafetyCenterTestCases -->
<uses-permission android:name="android.permission.READ_SAFETY_CENTER_STATUS" />
+ <!-- Permission required for CTS test - Notification test suite -->
+ <uses-permission android:name="android.permission.REVOKE_POST_NOTIFICATIONS_WITHOUT_KILL" />
+
<application android:label="@string/app_label"
android:theme="@android:style/Theme.DeviceDefault.DayNight"
android:defaultToDeviceProtectedStorage="true"
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index a3b6b82..f435b1f 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -549,6 +549,12 @@
}
@Override
+ public void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId) {
+ mPermissionManagerServiceImpl.revokePostNotificationPermissionWithoutKillForTest(
+ packageName, userId);
+ }
+
+ @Override
public boolean shouldShowRequestPermissionRationale(String packageName, String permissionName,
int userId) {
return mPermissionManagerServiceImpl.shouldShowRequestPermissionRationale(packageName,
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
index 1b08d77..7e59acc 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java
@@ -170,6 +170,10 @@
private static final String TAG = "PackageManager";
private static final String LOG_TAG = PermissionManagerServiceImpl.class.getSimpleName();
+ private static final String SKIP_KILL_APP_REASON_NOTIFICATION_TEST = "skip permission revoke "
+ + "app kill for notification test";
+
+
private static final long BACKUP_TIMEOUT_MILLIS = SECONDS.toMillis(60);
// For automotive products, CarService enforces allow-listing of the privileged permissions
@@ -326,11 +330,15 @@
mPackageManagerInt.writeSettings(true);
}
@Override
- public void onPermissionRevoked(int uid, int userId, String reason) {
+ public void onPermissionRevoked(int uid, int userId, String reason, boolean overrideKill) {
mOnPermissionChangeListeners.onPermissionsChanged(uid);
// Critical; after this call the application should never have the permission
mPackageManagerInt.writeSettings(false);
+ if (overrideKill) {
+ return;
+ }
+
final int appId = UserHandle.getAppId(uid);
if (reason == null) {
mHandler.post(() -> killUid(appId, userId, KILL_APP_REASON_PERMISSIONS_REVOKED));
@@ -1445,9 +1453,29 @@
reason, mDefaultPermissionCallback);
}
+ @Override
+ public void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId) {
+ final int callingUid = Binder.getCallingUid();
+ final boolean overridePolicy =
+ checkUidPermission(callingUid, ADJUST_RUNTIME_PERMISSIONS_POLICY)
+ == PackageManager.PERMISSION_GRANTED;
+ mContext.enforceCallingPermission(
+ android.Manifest.permission.REVOKE_POST_NOTIFICATIONS_WITHOUT_KILL, "");
+ revokeRuntimePermissionInternal(packageName, Manifest.permission.POST_NOTIFICATIONS,
+ overridePolicy, true, callingUid, userId,
+ SKIP_KILL_APP_REASON_NOTIFICATION_TEST, mDefaultPermissionCallback);
+ }
+
private void revokeRuntimePermissionInternal(String packageName, String permName,
- boolean overridePolicy, int callingUid, final int userId, String reason,
- PermissionCallback callback) {
+ boolean overridePolicy, int callingUid, final int userId,
+ String reason, PermissionCallback callback) {
+ revokeRuntimePermissionInternal(packageName, permName, overridePolicy, false, callingUid,
+ userId, reason, callback);
+ }
+
+ private void revokeRuntimePermissionInternal(String packageName, String permName,
+ boolean overridePolicy, boolean overrideKill, int callingUid, final int userId,
+ String reason, PermissionCallback callback) {
if (PermissionManager.DEBUG_TRACE_PERMISSION_UPDATES
&& PermissionManager.shouldTraceGrant(packageName, permName, userId)) {
Log.i(TAG, "System is revoking " + packageName + " "
@@ -1559,7 +1587,7 @@
if (callback != null) {
if (isRuntimePermission) {
callback.onPermissionRevoked(UserHandle.getUid(userId, pkg.getUid()), userId,
- reason);
+ reason, overrideKill);
} else {
mDefaultPermissionCallback.onInstallPermissionRevoked();
}
@@ -5232,7 +5260,11 @@
public void onPermissionChanged() {}
public void onPermissionGranted(int uid, @UserIdInt int userId) {}
public void onInstallPermissionGranted() {}
- public void onPermissionRevoked(int uid, @UserIdInt int userId, String reason) {}
+ public void onPermissionRevoked(int uid, @UserIdInt int userId, String reason) {
+ onPermissionRevoked(uid, userId, reason, false);
+ }
+ public void onPermissionRevoked(int uid, @UserIdInt int userId, String reason,
+ boolean overrideKill) {}
public void onInstallPermissionRevoked() {}
public void onPermissionUpdated(@UserIdInt int[] updatedUserIds, boolean sync) {}
public void onPermissionUpdatedNotifyListener(@UserIdInt int[] updatedUserIds, boolean sync,
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java
index d2018f2..3771f03 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInterface.java
@@ -318,6 +318,15 @@
String reason);
/**
+ * Revoke the POST_NOTIFICATIONS permission, without killing the app. This method must ONLY BE
+ * USED in CTS or local tests.
+ *
+ * @param packageName The package to be revoked
+ * @param userId The user for which to revoke
+ */
+ void revokePostNotificationPermissionWithoutKillForTest(String packageName, int userId);
+
+ /**
* Get whether you should show UI with rationale for requesting a permission. You should do this
* only if you do not have the permission and the context in which the permission is requested
* does not clearly communicate to the user what would be the benefit from grating this