From d4b6613bce39b8eee070c5ca6f3911ebaa94d5d1 Mon Sep 17 00:00:00 2001
From: Evan Chen <evanxinchen@google.com>
Date: Tue, 17 Oct 2023 21:31:23 +0000
Subject: [PATCH] Do not allow setting notification access across users.

For mutil user case, make sure the calling userid
matching the passing userid

Test: test it on sample app
Bug: 298635078
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:0d030db893f35c589c807afcea119ce3ad904096)
Merged-In: I6c478ebcc1d981faf2d125a4b41909c3b6a30a2a
Change-Id: I6c478ebcc1d981faf2d125a4b41909c3b6a30a2a
---
 .../server/companion/CompanionDeviceManagerService.java   | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
index 98614b6b8eb1..0c6d053d4f3f 100644
--- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java
@@ -687,8 +687,7 @@ public class CompanionDeviceManagerService extends SystemService {
         public PendingIntent requestNotificationAccess(ComponentName component, int userId)
                 throws RemoteException {
             String callingPackage = component.getPackageName();
-            checkCanCallNotificationApi(callingPackage);
-            // TODO: check userId.
+            checkCanCallNotificationApi(callingPackage, userId);
             if (component.flattenToString().length() > MAX_CN_LENGTH) {
                 throw new IllegalArgumentException("Component name is too long.");
             }
@@ -714,7 +713,7 @@ public class CompanionDeviceManagerService extends SystemService {
         @Deprecated
         @Override
         public boolean hasNotificationAccess(ComponentName component) throws RemoteException {
-            checkCanCallNotificationApi(component.getPackageName());
+            checkCanCallNotificationApi(component.getPackageName(), getCallingUserId());
             NotificationManager nm = getContext().getSystemService(NotificationManager.class);
             return nm.isNotificationListenerAccessGranted(component);
         }
@@ -928,8 +927,7 @@ public class CompanionDeviceManagerService extends SystemService {
             createNewAssociation(userId, packageName, macAddressObj, null, null, false);
         }
 
-        private void checkCanCallNotificationApi(String callingPackage) {
-            final int userId = getCallingUserId();
+        private void checkCanCallNotificationApi(String callingPackage, int userId) {
             enforceCallerIsSystemOr(userId, callingPackage);
 
             if (getCallingUid() == SYSTEM_UID) return;
-- 
GitLab