Merge tag 'android-security-13.0.0_r14' into int/13/fp3
Android Security 13.0.0 Release 14 (11228180)
* tag 'android-security-13.0.0_r14':
Do not grant notification access for work apps.
Change-Id: I111012a0c8f6f1cfe9f1a3206cbdc69d3256e53b
diff --git a/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceAppStreamingRoleBehavior.java b/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceAppStreamingRoleBehavior.java
index ca4af23..8e33980 100644
--- a/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceAppStreamingRoleBehavior.java
+++ b/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceAppStreamingRoleBehavior.java
@@ -17,10 +17,13 @@
package com.android.permissioncontroller.role.model;
import android.content.Context;
+import android.os.Process;
+import android.os.UserHandle;
import androidx.annotation.NonNull;
import com.android.permissioncontroller.role.utils.NotificationUtils;
+import com.android.permissioncontroller.role.utils.UserUtils;
/**
* Class for behavior of the "App Streaming" Companion device profile role.
@@ -29,11 +32,17 @@
@Override
public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {
- NotificationUtils.grantNotificationAccessForPackage(context, packageName);
+ UserHandle user = Process.myUserHandle();
+ if (!UserUtils.isManagedProfile(user, context)) {
+ NotificationUtils.grantNotificationAccessForPackage(context, packageName);
+ }
}
@Override
public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {
- NotificationUtils.revokeNotificationAccessForPackage(context, packageName);
+ UserHandle user = Process.myUserHandle();
+ if (!UserUtils.isManagedProfile(user, context)) {
+ NotificationUtils.revokeNotificationAccessForPackage(context, packageName);
+ }
}
}
diff --git a/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceComputerRoleBehavior.java b/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceComputerRoleBehavior.java
index 1d9409f..0d184d9 100644
--- a/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceComputerRoleBehavior.java
+++ b/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceComputerRoleBehavior.java
@@ -17,10 +17,13 @@
package com.android.permissioncontroller.role.model;
import android.content.Context;
+import android.os.Process;
+import android.os.UserHandle;
import androidx.annotation.NonNull;
import com.android.permissioncontroller.role.utils.NotificationUtils;
+import com.android.permissioncontroller.role.utils.UserUtils;
/**
* Class for behavior of the "Computer" Companion device profile role.
@@ -29,11 +32,17 @@
@Override
public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {
- NotificationUtils.grantNotificationAccessForPackage(context, packageName);
+ UserHandle user = Process.myUserHandle();
+ if (!UserUtils.isManagedProfile(user, context)) {
+ NotificationUtils.grantNotificationAccessForPackage(context, packageName);
+ }
}
@Override
public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {
- NotificationUtils.revokeNotificationAccessForPackage(context, packageName);
+ UserHandle user = Process.myUserHandle();
+ if (!UserUtils.isManagedProfile(user, context)) {
+ NotificationUtils.revokeNotificationAccessForPackage(context, packageName);
+ }
}
}
diff --git a/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceWatchRoleBehavior.java b/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceWatchRoleBehavior.java
index 75675fb..c38c784 100644
--- a/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceWatchRoleBehavior.java
+++ b/PermissionController/src/com/android/permissioncontroller/role/model/CompanionDeviceWatchRoleBehavior.java
@@ -17,10 +17,13 @@
package com.android.permissioncontroller.role.model;
import android.content.Context;
+import android.os.Process;
+import android.os.UserHandle;
import androidx.annotation.NonNull;
import com.android.permissioncontroller.role.utils.NotificationUtils;
+import com.android.permissioncontroller.role.utils.UserUtils;
/**
* Class for behavior of the "watch" Companion device profile role.
@@ -29,11 +32,17 @@
@Override
public void grant(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {
- NotificationUtils.grantNotificationAccessForPackage(context, packageName);
+ UserHandle user = Process.myUserHandle();
+ if (!UserUtils.isManagedProfile(user, context)) {
+ NotificationUtils.grantNotificationAccessForPackage(context, packageName);
+ }
}
@Override
public void revoke(@NonNull Role role, @NonNull String packageName, @NonNull Context context) {
- NotificationUtils.revokeNotificationAccessForPackage(context, packageName);
+ UserHandle user = Process.myUserHandle();
+ if (!UserUtils.isManagedProfile(user, context)) {
+ NotificationUtils.revokeNotificationAccessForPackage(context, packageName);
+ }
}
}
diff --git a/PermissionController/src/com/android/permissioncontroller/role/utils/UserUtils.java b/PermissionController/src/com/android/permissioncontroller/role/utils/UserUtils.java
index cd7a6b8..68c1e61 100644
--- a/PermissionController/src/com/android/permissioncontroller/role/utils/UserUtils.java
+++ b/PermissionController/src/com/android/permissioncontroller/role/utils/UserUtils.java
@@ -39,16 +39,41 @@
/**
* Check whether a user is a profile.
*
- * @param user the user to check
+ * @param user the user to check
* @param context the {@code Context} to retrieve system services
- *
* @return whether the user is a profile
*/
public static boolean isProfile(@NonNull UserHandle user, @NonNull Context context) {
+ return isManagedProfile(user, context) || isCloneProfile(user, context);
+ }
+
+ /**
+ * Check whether a user is a managed profile.
+ *
+ * @param user the user to check
+ * @param context the {@code Context} to retrieve system services
+ * @return whether the user is a managed profile
+ */
+ public static boolean isManagedProfile(@NonNull UserHandle user, @NonNull Context context) {
Context userContext = getUserContext(context, user);
UserManager userUserManager = userContext.getSystemService(UserManager.class);
- return userUserManager.isManagedProfile(user.getIdentifier()) || (
- Build.VERSION.SDK_INT >= Build.VERSION_CODES.S && userUserManager.isCloneProfile());
+ return userUserManager.isManagedProfile(user.getIdentifier());
+ }
+
+ /**
+ * Check whether a user is a clone profile.
+ *
+ * @param user the user to check
+ * @param context the {@code Context} to retrieve system services
+ * @return whether the user is a clone profile
+ */
+ public static boolean isCloneProfile(@NonNull UserHandle user, @NonNull Context context) {
+ if (Build.VERSION.SDK_INT < Build.VERSION_CODES.S) {
+ return false;
+ }
+ Context userContext = getUserContext(context, user);
+ UserManager userUserManager = userContext.getSystemService(UserManager.class);
+ return userUserManager.isCloneProfile();
}
/**