diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2018-04-17 12:16:20 -0600 |
|---|---|---|
| committer | Jeff Sharkey <jsharkey@android.com> | 2018-04-18 10:00:19 -0600 |
| commit | 6a97cc3b83c1ee109524ff8e5cb53a244ecedb1b (patch) | |
| tree | 777e72dcf242ca1a69e2a1a7292674fdebb73acc /tools/aapt2/java/JavaClassGenerator_test.cpp | |
| parent | 167032ab002714d26a14735bbcdc072c5fa693b7 (diff) | |
Grant notification Uri permissions as sending app.
For security reasons, the system UID can't make URI permission as
itself; it always needs to do so on behalf of a specific app. To
handle this, we grant notification Uri permissions as the UID that
sent a given notification.
To give meaningful debug messages to developers, check to see if the
caller has permissions to grant Uri access when they're enqueuing
a notification. If they're targeting P, throw any security issues
back at the caller; if older SDK, log and ignore that Uri.
Since multiple notifications can grant access to the same content,
we need unique UriPermissionOwner per active notification. For
example, consider these two notifications:
1. sound=content://sound, image=content://image1
2. sound=content://sound, image=content://image2
When #1 is cancelled, we still need to keep the content://sound
grant active until #2 is also cancelled. Using unique owners
means that ActivityManagerService tracks reference counting on
our behalf.
Optimizations to avoid allocations in hot code paths.
Test: atest frameworks/base/services/tests/uiservicestests/src/com/android/server/notification
Bug: 9069730
Change-Id: I69601793538adcbf06c4986a2fb1ea2dd9d876eb
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')
0 files changed, 0 insertions, 0 deletions