From f4811159f371c1ad159f9fd9f2b27d8dba55175f Mon Sep 17 00:00:00 2001
From: Julia Reynolds <juliacr@google.com>
Date: Tue, 28 Jun 2016 15:16:21 -0400
Subject: [PATCH] Check caller's uid before allowing notification policy
 access.

Bug: 29421441
Change-Id: I7460268595e932d54660b02007bcd68b95fe8aec
---
 .../server/notification/NotificationManagerService.java      | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 4351798b1fc1e..b922d26095a88 100644
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -1642,6 +1642,7 @@ public class NotificationManagerService extends SystemService {
         }
 
         private void enforcePolicyAccess(String pkg, String method) {
+            checkCallerIsSameApp(pkg);
             if (!checkPolicyAccess(pkg)) {
                 Slog.w(TAG, "Notification policy access denied calling " + method);
                 throw new SecurityException("Notification policy access denied");
@@ -3130,6 +3131,10 @@ public class NotificationManagerService extends SystemService {
         if (isCallerSystem()) {
             return;
         }
+        checkCallerIsSameApp(pkg);
+    }
+
+    private static void checkCallerIsSameApp(String pkg) {
         final int uid = Binder.getCallingUid();
         try {
             ApplicationInfo ai = AppGlobals.getPackageManager().getApplicationInfo(