Don't autogrant permissions on managed profiles

These services run on the parent profile and act on
both. Also cean up approval lists on user removal.

Test: manual, runtest systemui-notification
Bug: 64073967
Change-Id: If3d2b36d57e98358bcaf80e7a8885ee7d25c2a4b

diff --git a/services/core/java/com/android/server/notification/ManagedServices.java b/services/core/java/com/android/server/notification/ManagedServices.java
index d5d0250..34f1bfa 100644 (file)
--- a/services/core/java/com/android/server/notification/ManagedServices.java
+++ b/services/core/java/com/android/server/notification/ManagedServices.java
@@ -455,6 +455,11 @@ abstract public class ManagedServices {
         }
     }
 
+    public void onUserRemoved(int user) {
+        mApproved.remove(user);
+        rebindServices(true);
+    }
+
     public void onUserSwitched(int user) {
         if (DEBUG) Slog.d(TAG, "onUserSwitched u=" + user);
         if (Arrays.equals(mLastSeenProfileIds, mUserProfiles.getCurrentProfileIds())) {

diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index f60d923..3be998d 100644 (file)
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -985,12 +985,17 @@ public class NotificationManagerService extends SystemService {
                 final int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, USER_NULL);
                 if (userId != USER_NULL) {
                     mUserProfiles.updateCache(context);
-                    readDefaultApprovedServices(userId);
+                    if (!mUserProfiles.isManagedProfile(userId)) {
+                        readDefaultApprovedServices(userId);
+                    }
                 }
             } else if (action.equals(Intent.ACTION_USER_REMOVED)) {
                 final int user = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, USER_NULL);
                 mZenModeHelper.onUserRemoved(user);
                 mRankingHelper.onUserRemoved(user);
+                mListeners.onUserRemoved(user);
+                mConditionProviders.onUserRemoved(user);
+                mAssistants.onUserRemoved(user);
                 savePolicyFile();
             } else if (action.equals(Intent.ACTION_USER_UNLOCKED)) {
                 final int user = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, USER_NULL);

diff --git a/services/tests/notification/src/com/android/server/notification/ManagedServicesTest.java b/services/tests/notification/src/com/android/server/notification/ManagedServicesTest.java
index 8242149..613f01c 100644 (file)
--- a/services/tests/notification/src/com/android/server/notification/ManagedServicesTest.java
+++ b/services/tests/notification/src/com/android/server/notification/ManagedServicesTest.java
@@ -91,6 +91,7 @@ public class ManagedServicesTest extends NotificationTestCase {
     private ArrayMap<Integer, String> mExpectedSecondaryPackages;
     private ArrayMap<Integer, String> mExpectedSecondaryComponentNames;
 
+    // type : user : list of approved
     private ArrayMap<Integer, ArrayMap<Integer, String>> mExpectedPrimary = new ArrayMap<>();
     private ArrayMap<Integer, ArrayMap<Integer, String>> mExpectedSecondary = new ArrayMap<>();
 
@@ -578,6 +579,32 @@ public class ManagedServicesTest extends NotificationTestCase {
         assertEquals(0, service.getAllowedComponents(10).size());
     }
 
+    @Test
+    public void testOnUserRemoved() throws Exception {
+        for (int approvalLevel : new int[] {APPROVAL_BY_COMPONENT, APPROVAL_BY_PACKAGE}) {
+            ManagedServices service = new TestManagedServices(getContext(), mLock, mUserProfiles,
+                    mIpm, approvalLevel);
+            loadXml(service);
+
+            ArrayMap<Integer, String> verifyMap = mExpectedPrimary.get(service.mApprovalLevel);
+            String user0 = verifyMap.remove(0);
+            verifyMap = mExpectedSecondary.get(service.mApprovalLevel);
+            user0 = user0 + ":" + verifyMap.remove(0);
+
+            service.onUserRemoved(0);
+
+            for (String verifyValue : user0.split(":")) {
+                if (!TextUtils.isEmpty(verifyValue)) {
+                    assertFalse("service type " + service.mApprovalLevel + ":" + verifyValue
+                            + " is still allowed",
+                            service.isPackageOrComponentAllowed(verifyValue, 0));
+                }
+            }
+
+            verifyExpectedApprovedEntries(service);
+        }
+    }
+
     private void loadXml(ManagedServices service) throws Exception {
         final StringBuffer xml = new StringBuffer();
         xml.append("<" + service.getConfig().xmlTag + ">\n");
@@ -657,7 +684,8 @@ public class ManagedServicesTest extends NotificationTestCase {
             for (String packageOrComponent : verifyMap.get(userId).split(":")) {
                 if (!TextUtils.isEmpty(packageOrComponent)) {
                     if (service.mApprovalLevel == APPROVAL_BY_PACKAGE) {
-                        assertTrue(packageOrComponent, service.isComponentEnabledForPackage(packageOrComponent));
+                        assertTrue(packageOrComponent,
+                                service.isComponentEnabledForPackage(packageOrComponent));
                         for (int i = 1; i <= 3; i ++) {
                             ComponentName componentName = ComponentName.unflattenFromString(
                                     packageOrComponent +"/C" + i);