Merge "Fix background bypass via notifications" into qt-dev am: 22500563c1

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/14937196 Change-Id: I193bfe3aa08c2f397d037c2d5c71cfe854cd343d
2021-06-30 15:30:23 +00:00
parent 454c79f710 22500563c1
commit 57af3050d2
2 changed files with 20 additions and 1 deletions
--- a/core/java/android/app/Notification.java
+++ b/core/java/android/app/Notification.java
@@ -2950,6 +2950,19 @@ public class Notification implements Parcelable
        builder.build(); // callers expect this notification to be ready to use
    }

+    /**
+     * Sets the token used for background operations for the pending intents associated with this
+     * notification.
+     *
+     * This token is automatically set during deserialization for you, you usually won't need to
+     * call this unless you want to change the existing token, if any.
+     *
+     * @hide
+     */
+    public void setAllowlistToken(@Nullable IBinder token) {
+        mWhitelistToken = token;
+    }
+
    /**
     * @hide
     */
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -3107,6 +3107,7 @@ public class NotificationManagerService extends SystemService {
            }
        }

+        /** Notifications returned here will have allowlistToken stripped from them. */
        private StatusBarNotification sanitizeSbn(String pkg, int userId,
                StatusBarNotification sbn) {
            if (sbn.getUserId() == userId) {
@@ -3114,11 +3115,16 @@ public class NotificationManagerService extends SystemService {
                    // We could pass back a cloneLight() but clients might get confused and
                    // try to send this thing back to notify() again, which would not work
                    // very well.
+                    Notification notification = sbn.getNotification().clone();
+                    // Remove background token before returning notification to untrusted app, this
+                    // ensures the app isn't able to perform background operations that are
+                    // associated with notification interactions.
+                    notification.setAllowlistToken(null);
                    return new StatusBarNotification(
                            sbn.getPackageName(),
                            sbn.getOpPkg(),
                            sbn.getId(), sbn.getTag(), sbn.getUid(), sbn.getInitialPid(),
-                            sbn.getNotification().clone(),
+                            notification,
                            sbn.getUser(), sbn.getOverrideGroupKey(), sbn.getPostTime());
                }
            }