Merge "Inline SECURE_ALLOWLIST_TOKEN" into main
diff --git a/core/java/android/app/Notification.java b/core/java/android/app/Notification.java
index e99ba84..7a36fbb 100644
--- a/core/java/android/app/Notification.java
+++ b/core/java/android/app/Notification.java
@@ -2706,14 +2706,9 @@
if (mAllowlistToken == null) {
mAllowlistToken = processAllowlistToken;
}
- if (Flags.secureAllowlistToken()) {
- // Propagate this token to all pending intents that are unmarshalled from the parcel,
- // or keep the one we're already propagating, if that's the case.
- if (!parcel.hasClassCookie(PendingIntent.class)) {
- parcel.setClassCookie(PendingIntent.class, mAllowlistToken);
- }
- } else {
- // Propagate this token to all pending intents that are unmarshalled from the parcel.
+ // Propagate this token to all pending intents that are unmarshalled from the parcel,
+ // or keep the one we're already propagating, if that's the case.
+ if (!parcel.hasClassCookie(PendingIntent.class)) {
parcel.setClassCookie(PendingIntent.class, mAllowlistToken);
}
@@ -3333,28 +3328,22 @@
PendingIntent.addOnMarshaledListener(addedListener);
}
try {
- if (Flags.secureAllowlistToken()) {
- boolean mustClearCookie = false;
- if (!parcel.hasClassCookie(Notification.class)) {
- // This is the "root" notification, and not an "inner" notification (including
- // publicVersion or anything else that might be embedded in extras). So we want
- // to use its token for every inner notification (might be null).
- parcel.setClassCookie(Notification.class, mAllowlistToken);
- mustClearCookie = true;
- }
- try {
- // IMPORTANT: Add marshaling code in writeToParcelImpl as we
- // want to intercept all pending events written to the parcel.
- writeToParcelImpl(parcel, flags);
- } finally {
- if (mustClearCookie) {
- parcel.removeClassCookie(Notification.class, mAllowlistToken);
- }
- }
- } else {
+ boolean mustClearCookie = false;
+ if (!parcel.hasClassCookie(Notification.class)) {
+ // This is the "root" notification, and not an "inner" notification (including
+ // publicVersion or anything else that might be embedded in extras). So we want
+ // to use its token for every inner notification (might be null).
+ parcel.setClassCookie(Notification.class, mAllowlistToken);
+ mustClearCookie = true;
+ }
+ try {
// IMPORTANT: Add marshaling code in writeToParcelImpl as we
// want to intercept all pending events written to the parcel.
writeToParcelImpl(parcel, flags);
+ } finally {
+ if (mustClearCookie) {
+ parcel.removeClassCookie(Notification.class, mAllowlistToken);
+ }
}
synchronized (this) {
@@ -3371,13 +3360,9 @@
private void writeToParcelImpl(Parcel parcel, int flags) {
parcel.writeInt(1);
- if (Flags.secureAllowlistToken()) {
- // Always use the same token as the root notification (might be null).
- IBinder rootNotificationToken = (IBinder) parcel.getClassCookie(Notification.class);
- parcel.writeStrongBinder(rootNotificationToken);
- } else {
- parcel.writeStrongBinder(mAllowlistToken);
- }
+ // Always use the same token as the root notification (might be null).
+ IBinder rootNotificationToken = (IBinder) parcel.getClassCookie(Notification.class);
+ parcel.writeStrongBinder(rootNotificationToken);
parcel.writeLong(when);
parcel.writeLong(creationTime);
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index dbe778e..54e9189 100644
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -7600,16 +7600,14 @@
+ " trying to post for invalid pkg " + pkg + " in user " + incomingUserId);
}
- if (android.app.Flags.secureAllowlistToken()) {
- IBinder allowlistToken = notification.getAllowlistToken();
- if (allowlistToken != null && allowlistToken != ALLOWLIST_TOKEN) {
- throw new SecurityException(
- "Unexpected allowlist token received from " + callingUid);
- }
- // allowlistToken is populated by unparceling, so it can be null if the notification was
- // posted from inside system_server. Ensure it's the expected value.
- notification.overrideAllowlistToken(ALLOWLIST_TOKEN);
+ IBinder allowlistToken = notification.getAllowlistToken();
+ if (allowlistToken != null && allowlistToken != ALLOWLIST_TOKEN) {
+ throw new SecurityException(
+ "Unexpected allowlist token received from " + callingUid);
}
+ // allowlistToken is populated by unparceling, so it can be null if the notification was
+ // posted from inside system_server. Ensure it's the expected value.
+ notification.overrideAllowlistToken(ALLOWLIST_TOKEN);
checkRestrictedCategories(notification);
@@ -8774,12 +8772,10 @@
*/
private boolean enqueueNotification() {
synchronized (mNotificationLock) {
- if (android.app.Flags.secureAllowlistToken()) {
- // allowlistToken is populated by unparceling, so it will be absent if the
- // EnqueueNotificationRunnable is created directly by NMS (as we do for group
- // summaries) instead of via notify(). Fix that.
- r.getNotification().overrideAllowlistToken(ALLOWLIST_TOKEN);
- }
+ // allowlistToken is populated by unparceling, so it will be absent if the
+ // EnqueueNotificationRunnable is created directly by NMS (as we do for group
+ // summaries) instead of via notify(). Fix that.
+ r.getNotification().overrideAllowlistToken(ALLOWLIST_TOKEN);
final long snoozeAt =
mSnoozeHelper.getSnoozeTimeForUnpostedNotification(
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
index 0a52238..6a1140c 100644
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
@@ -14995,7 +14995,6 @@
}
@Test
- @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
public void enqueueNotification_acceptsCorrectToken() throws RemoteException {
Notification sent = new Notification.Builder(mContext, TEST_CHANNEL_ID)
.setContentIntent(createPendingIntent("content"))
@@ -15014,7 +15013,6 @@
}
@Test
- @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
public void enqueueNotification_acceptsNullToken_andPopulatesIt() throws RemoteException {
Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID)
.setContentIntent(createPendingIntent("content"))
@@ -15031,7 +15029,6 @@
}
@Test
- @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
public void enqueueNotification_directlyThroughRunnable_populatesAllowlistToken() {
Notification receivedWithoutParceling = new Notification.Builder(mContext, TEST_CHANNEL_ID)
.setContentIntent(createPendingIntent("content"))
@@ -15054,7 +15051,6 @@
}
@Test
- @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
public void enqueueNotification_rejectsOtherToken() throws RemoteException {
Notification sent = new Notification.Builder(mContext, TEST_CHANNEL_ID)
.setContentIntent(createPendingIntent("content"))
@@ -15072,7 +15068,6 @@
}
@Test
- @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
public void enqueueNotification_customParcelingWithFakeInnerToken_hasCorrectTokenInIntents()
throws RemoteException {
Notification sentFromApp = new Notification.Builder(mContext, TEST_CHANNEL_ID)
@@ -15278,7 +15273,6 @@
@Test
@SuppressWarnings("unchecked")
- @EnableFlags(android.app.Flags.FLAG_SECURE_ALLOWLIST_TOKEN)
public void getActiveNotifications_doesNotLeakAllowlistToken() throws RemoteException {
Notification sentFromApp = new Notification.Builder(mContext, TEST_CHANNEL_ID)
.setContentIntent(createPendingIntent("content"))