Cap the number of notifications that a given package can post.

Right now the number is 50, just to prevent apps that have gone completely bonkers.  I think the limit should be lower.

Change-Id: Ib2c4abf669c8b0250e5421b6d5aeb81aeb2f82ce

services/java/com/android/server/NotificationManagerService.java

@@ -70,6 +70,8 @@ class NotificationManagerService extends INotificationManager.Stub
     private static final String TAG = "NotificationService";
     private static final boolean DBG = false;
 
+    private static final int MAX_PACKAGE_NOTIFICATIONS = 50;
+
     // message codes
     private static final int MESSAGE_TIMEOUT = 2;
 
@@ -657,6 +659,26 @@ class NotificationManagerService extends INotificationManager.Stub
     {
         checkIncomingCall(pkg);
 
+        // Limit the number of notifications that any given package except the android
+        // package can enqueue.  Prevents DOS attacks and deals with leaks.
+        if (!"android".equals(pkg)) {
+            synchronized (mNotificationList) {
+                int count = 0;
+                final int N = mNotificationList.size();
+                for (int i=0; i<N; i++) {
+                    final NotificationRecord r = mNotificationList.get(i);
+                    if (r.pkg.equals(pkg)) {
+                        count++;
+                        if (count >= MAX_PACKAGE_NOTIFICATIONS) {
+                            Slog.e(TAG, "Package has already posted " + count
+                                    + " notifications.  Not showing more.  package=" + pkg);
+                            return;
+                        }
+                    }
+                }
+            }
+        }
+
         // This conditional is a dirty hack to limit the logging done on
         //     behalf of the download manager without affecting other apps.
         if (!pkg.equals("com.android.providers.downloads")