From 6b68f1060ccb2b58bd24f85d05813c09667556b8 Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Fri, 27 Jan 2017 13:39:00 -0800
Subject: [PATCH] Limit Instant App notifications

Instants apps are not allowed to create toasts or notifications, however
they are allowed to update notifications that were created by the
system for them (i.e. a notification for a foreground service).

Test: Manually verified that .notify() fails with a security exception
Test: Manually verified startForeground shows a notification and that it
can be updated.

Change-Id: I054cccc2aa817263d15abd34851b0e06f16fb829
---
 .../notification/NotificationManagerService.java   | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index b543b7308eb2..ea515a9c4be5 100644
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -1434,6 +1434,11 @@ public class NotificationManagerService extends SystemService {
                 return ;
             }
 
+            if (isCallerInstantApp(pkg)) {
+                throw new SecurityException("Instant app " + pkg
+                        + " is not allowed to create toasts");
+            }
+
             final boolean isSystemToast = isCallerSystem() || ("android".equals(pkg));
             final boolean isPackageSuspended =
                     isPackageSuspendedForUser(pkg, Binder.getCallingUid());
@@ -3052,6 +3057,13 @@ public class NotificationManagerService extends SystemService {
                         }
                         return false;
                     }
+                } else if (isCallerInstantApp(pkg)) {
+                    // Ephemeral apps have some special contraints for notifications.
+                    // They are not allowed to create new notifications however they are allowed to
+                    // update notifications created by the system (e.g. a foreground service
+                    // notification).
+                    throw new SecurityException("Instant app " + pkg
+                            + " cannot create notifications");
                 }
 
                 int count = 0;
@@ -4326,6 +4338,27 @@ public class NotificationManagerService extends SystemService {
         checkCallerIsSameApp(pkg);
     }
 
+    private boolean isCallerInstantApp(String pkg) {
+        // System is always allowed to act for ephemeral apps.
+        if (isCallerSystem()) {
+            return false;
+        }
+
+        mAppOps.checkPackage(Binder.getCallingUid(), pkg);
+
+        try {
+            ApplicationInfo ai = mPackageManager.getApplicationInfo(pkg, 0,
+                    UserHandle.getCallingUserId());
+            if (ai == null) {
+                throw new SecurityException("Unknown package " + pkg);
+            }
+            return ai.isInstantApp();
+        } catch (RemoteException re) {
+            throw new SecurityException("Unknown package " + pkg, re);
+        }
+
+    }
+
     private void checkCallerIsSameApp(String pkg) {
         final int uid = Binder.getCallingUid();
         try {
-- 
2.11.0