Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / f5f93a3733d149dfbd2cd93d714b6883913088b2^1..f5f93a3733d149dfbd2cd93d714b6883913088b2 / .
commitf5f93a3733d149dfbd2cd93d714b6883913088b2[log] [tgz]
authorMichael Groover <mpgroover@google.com>Mon Nov 18 05:11:30 2024 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Mon Nov 18 05:11:30 2024 +0000
treeed7b22ecf0bc1980e02c94fdc82a89c661e7fb1c
parentd118d938e16a9ab3a88e6b9f81a556d593cb2f2f [diff]
parent29a9ab42f62210f402aee1dba666a12413f04165 [diff]
Merge "Allow AMS fgs notification rate limit with ALLOWLIST permission" into main
diff --git a/core/java/android/app/IActivityManager.aidl b/core/java/android/app/IActivityManager.aidl
index a8412fa..0668958 100644
--- a/core/java/android/app/IActivityManager.aidl
+++ b/core/java/android/app/IActivityManager.aidl

@@ -864,7 +864,8 @@
 
     /**
      * Suppress or reenable the rate limit on foreground service notification deferral.
-     * This is for use within CTS and is protected by android.permission.WRITE_DEVICE_CONFIG.
+     * This is for use within CTS and is protected by android.permission.WRITE_DEVICE_CONFIG
+     * and WRITE_ALLOWLISTED_DEVICE_CONFIG.
      *
      * @param enable false to suppress rate-limit policy; true to reenable it.
      */

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index d880bce..e166807 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java

@@ -19070,8 +19070,13 @@
      */
     @Override
     public boolean enableFgsNotificationRateLimit(boolean enable) {
-        enforceCallingPermission(permission.WRITE_DEVICE_CONFIG,
-                "enableFgsNotificationRateLimit");
+        if (android.security.Flags.protectDeviceConfigFlags()) {
+            enforceCallingHasAtLeastOnePermission("enableFgsNotificationRateLimit",
+                    permission.WRITE_DEVICE_CONFIG, permission.WRITE_ALLOWLISTED_DEVICE_CONFIG);
+        } else {
+            enforceCallingPermission(permission.WRITE_DEVICE_CONFIG,
+                    "enableFgsNotificationRateLimit");
+        }
         synchronized (this) {
             return mServices.enableFgsNotificationRateLimitLocked(enable);
         }