[DO NO MERGE] Enforce INTERACT_ACROSS_USERS_FULL permission for NotificationAccessDetails
When using EXTRA_USER_HANDLE, check for INTERACT_ACROSS_USERS_FULL permission on calling package.
Bug: 259385017
Test: 1. Build a test app that creates and starts an intent to NOTIFICATION_LISTENER_DETAIL_SETTINGS while setting the intent extra android.intent.extra.user_handle to UserHandle(secondaryUserId).
2. Create and switch to a secondary user
Settings > System > Multiple users > Allow multiple users > Add user > Switch to New user
3. Open Settings > Notifications > Device & app notifications and choose an app from the list (uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE). Enable Device & app notifications for selected app and disable all attributed permissions.
4. Switch back to the Owner user.
5. Get the userId of the secondary user: adb shell pm list users.
6. Open the test app and enter the userId for the secondary user and the component name that uses android.permission.BIND_NOTIFICATION_LISTENER_SERVICE.
8. In the settings window that open, enable all 4 sub-options.
9. Switch to the secondary user and note that the all sub-options for the app are disabled.
Change-Id: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
Merged-In: I875b9f2fc32c252acdcf8374a14067836e0f1ac6
diff --git a/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java b/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
index 58a6d7f..6a4c22e 100644
--- a/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
+++ b/src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java
@@ -16,6 +16,9 @@
package com.android.settings.applications.specialaccess.notificationaccess;
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+
+import android.Manifest;
import android.app.Activity;
import android.app.NotificationManager;
import android.app.settings.SettingsEnums;
@@ -30,6 +33,7 @@
import android.os.UserManager;
import android.provider.Settings;
import android.service.notification.NotificationListenerService;
+import android.text.TextUtils;
import android.util.IconDrawableFactory;
import android.util.Log;
import android.util.Slog;
@@ -42,6 +46,7 @@
import com.android.settings.R;
import com.android.settings.applications.AppInfoBase;
import com.android.settings.overlay.FeatureFactory;
+import com.android.settings.password.PasswordUtils;
import com.android.settings.widget.EntityHeaderController;
import com.android.settingslib.applications.AppUtils;
@@ -139,6 +144,41 @@
return null;
}
+ @Override
+ protected String retrieveAppEntry() {
+ final Bundle args = getArguments();
+ final Intent intent = (args == null) ?
+ getIntent() : (Intent) args.getParcelable("intent");
+
+ if (intent != null && intent.hasExtra(Intent.EXTRA_USER_HANDLE)) {
+ if (!hasInteractAcrossUsersPermission()) {
+ finish();
+ }
+ }
+
+ return super.retrieveAppEntry();
+ }
+
+ private boolean hasInteractAcrossUsersPermission() {
+ final String callingPackageName = PasswordUtils.getCallingAppPackageName(
+ getActivity().getActivityToken());
+
+ if (TextUtils.isEmpty(callingPackageName)) {
+ Log.w(TAG, "Not able to get calling package name for permission check");
+ return false;
+ }
+
+ if (getContext().getPackageManager().checkPermission(
+ Manifest.permission.INTERACT_ACROSS_USERS_FULL, callingPackageName)
+ != PERMISSION_GRANTED) {
+ Log.w(TAG, "Package " + callingPackageName + " does not have required permission "
+ + Manifest.permission.INTERACT_ACROSS_USERS_FULL);
+ return false;
+ }
+
+ return true;
+ }
+
public void updatePreference(SwitchPreference preference) {
final CharSequence label = mPackageInfo.applicationInfo.loadLabel(mPm);
preference.setChecked(isServiceEnabled(mComponentName));