From d995fb377953e4e36a5489f0e49f02e8fa97ee4e Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Thu, 14 Oct 2021 09:12:44 -0700 Subject: [PATCH 01/21] Revert "Revert "[pm] remove old stage dirs on low storage"" This reverts commit b45ebca772a77bf3fd269d0dcfc1a7af7c73861d. Reason for revert: adding the fix for system to abandon sessions BUG: 67862680 Test: manual Change-Id: I5b762a29d12f62b516a59a85530386236259308b Merged-In: I91170ba399b3a596320b3bd9c8188912e5c4f1be (cherry picked from commit c98f06c286eb0d41f57e0a00b9f59044b9f12706) (cherry picked from commit 8408d434030650c7ab26197030375765b24eeedd) Merged-In:I5b762a29d12f62b516a59a85530386236259308b --- .../server/pm/PackageInstallerService.java | 50 +++++++++++++++++-- .../server/pm/PackageInstallerSession.java | 8 +-- .../server/pm/PackageManagerService.java | 4 ++ 3 files changed, 51 insertions(+), 11 deletions(-) diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java index 22c1126b6f959..beb4631e2e7da 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java @@ -134,6 +134,9 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements /** Upper bound on number of historical sessions for a UID */ private static final long MAX_HISTORICAL_SESSIONS = 1048576; + /** Destroy sessions older than this on storage free request */ + private static final long MAX_SESSION_AGE_ON_LOW_STORAGE_MILLIS = 8 * DateUtils.HOUR_IN_MILLIS; + /** * Allow verification-skipping if it's a development app installed through ADB with * disable verification flag specified. @@ -295,9 +298,7 @@ && getSession(session.getParentSessionId()) == null) { @GuardedBy("mSessions") private void reconcileStagesLocked(String volumeUuid) { - final File stagingDir = getTmpSessionDir(volumeUuid); - final ArraySet unclaimedStages = newArraySet( - stagingDir.listFiles(sStageFilter)); + final ArraySet unclaimedStages = getStagingDirsOnVolume(volumeUuid); // We also need to clean up orphaned staging directory for staged sessions final File stagedSessionStagingDir = Environment.getDataStagingDirectory(volumeUuid); @@ -308,9 +309,22 @@ private void reconcileStagesLocked(String volumeUuid) { final PackageInstallerSession session = mSessions.valueAt(i); unclaimedStages.remove(session.stageDir); } + removeStagingDirs(unclaimedStages); + } + private ArraySet getStagingDirsOnVolume(String volumeUuid) { + final File stagingDir = getTmpSessionDir(volumeUuid); + final ArraySet stagingDirs = newArraySet(stagingDir.listFiles(sStageFilter)); + + // We also need to clean up orphaned staging directory for staged sessions + final File stagedSessionStagingDir = Environment.getDataStagingDirectory(volumeUuid); + stagingDirs.addAll(newArraySet(stagedSessionStagingDir.listFiles())); + return stagingDirs; + } + + private void removeStagingDirs(ArraySet stagingDirsToRemove) { // Clean up orphaned staging directories - for (File stage : unclaimedStages) { + for (File stage : stagingDirsToRemove) { Slog.w(TAG, "Deleting orphan stage " + stage); synchronized (mPm.mInstallLock) { mPm.removeCodePathLI(stage); @@ -318,6 +332,34 @@ private void reconcileStagesLocked(String volumeUuid) { } } + /** + * Called to free up some storage space from obsolete installation files + */ + public void freeStageDirs(String volumeUuid) { + final ArraySet unclaimedStagingDirsOnVolume = getStagingDirsOnVolume(volumeUuid); + final long currentTimeMillis = System.currentTimeMillis(); + synchronized (mSessions) { + for (int i = 0; i < mSessions.size(); i++) { + final PackageInstallerSession session = mSessions.valueAt(i); + if (!unclaimedStagingDirsOnVolume.contains(session.stageDir)) { + // Only handles sessions stored on the target volume + continue; + } + final long age = currentTimeMillis - session.createdMillis; + if (age >= MAX_SESSION_AGE_ON_LOW_STORAGE_MILLIS) { + // Aggressively close old sessions because we are running low on storage + // Their staging dirs will be removed too + session.abandon(); + } else { + // Session is new enough, so it deserves to be kept even on low storage + unclaimedStagingDirsOnVolume.remove(session.stageDir); + } + } + } + removeStagingDirs(unclaimedStagingDirsOnVolume); + } + + public void onPrivateVolumeMounted(String volumeUuid) { synchronized (mSessions) { reconcileStagesLocked(volumeUuid); diff --git a/services/core/java/com/android/server/pm/PackageInstallerSession.java b/services/core/java/com/android/server/pm/PackageInstallerSession.java index d690ae9e70f10..a253b509abb9e 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerSession.java +++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java @@ -2638,14 +2638,8 @@ public void abandon() { List childSessions = getChildSessionsNotLocked(); synchronized (mLock) { - if (params.isStaged && mDestroyed) { - // If a user abandons staged session in an unsafe state, then system will try to - // abandon the destroyed staged session when it is safe on behalf of the user. - assertCallerIsOwnerOrRootOrSystemLocked(); - } else { - assertCallerIsOwnerOrRootLocked(); - } + assertCallerIsOwnerOrRootOrSystemLocked(); if (isStagedAndInTerminalState()) { // We keep the session in the database if it's in a finalized state. It will be // removed by PackageInstallerService when the last update time is old enough. diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 72786e77f42d4..6bd669b08dd70 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -5212,6 +5212,10 @@ public void freeStorage(String volumeUuid, long bytes, int storageFlags) throws InstantAppRegistry.DEFAULT_UNINSTALLED_INSTANT_APP_MIN_CACHE_PERIOD))) { return; } + + // 12. Clear temp install session files + mInstallerService.freeStageDirs(volumeUuid); + } else { try { mInstaller.freeCache(volumeUuid, bytes, 0, 0); From 0e4fd102612d68132ff6b9c50871db3410fbe4d5 Mon Sep 17 00:00:00 2001 From: Sonal Singh Date: Mon, 10 Jan 2022 08:44:50 +0000 Subject: [PATCH 02/21] base: PixelPropsUtils: Update redfin fp to SQ1A.220105.002 Change-Id: I9bf68908bc9a06452b02e461c012a999626a2475 --- core/java/com/android/internal/util/nad/PixelPropsUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/java/com/android/internal/util/nad/PixelPropsUtils.java b/core/java/com/android/internal/util/nad/PixelPropsUtils.java index 0c0ac4d6cf923..3708aa2637d36 100644 --- a/core/java/com/android/internal/util/nad/PixelPropsUtils.java +++ b/core/java/com/android/internal/util/nad/PixelPropsUtils.java @@ -66,7 +66,7 @@ public class PixelPropsUtils { propsToChange.put("DEVICE", "redfin"); propsToChange.put("PRODUCT", "redfin"); propsToChange.put("MODEL", "Pixel 5"); - propsToChange.put("FINGERPRINT", "google/redfin/redfin:12/SQ1A.211205.008/7888514:user/release-keys"); + propsToChange.put("FINGERPRINT", "google/redfin/redfin:12/SQ1A.220105.002/7961164:user/release-keys"); propsToChangePixelXL = new HashMap<>(); propsToChangePixelXL.put("BRAND", "google"); propsToChangePixelXL.put("MANUFACTURER", "Google"); From bf0b586c537a0656171d02411f09c006fbfcf83b Mon Sep 17 00:00:00 2001 From: Aseem Kumar Date: Mon, 17 May 2021 09:25:03 +0000 Subject: [PATCH 03/21] Prevent apps from spamming addAccountExplicitly. See comment here for the discussion on solution https://b.corp.google.com/issues/169762606#comment14 Change-Id: If212df3a3b7be1de0fb26b8e88b2fcbb8077c253 Bug: 169762606 (cherry picked from commit 11053c17b397db67b20e96ce769508766cef7db9) Change-Id: I3ff7d8f4df086cb4c153e7ec873b85a093810722 Merged-In: If212df3a3b7be1de0fb26b8e88b2fcbb8077c253 (cherry picked from commit c65b81ba2728bfc3d296b8b3fbe0acacd67d1bd6) Merged-In:I3ff7d8f4df086cb4c153e7ec873b85a093810722 --- core/java/android/accounts/Account.java | 7 +++++++ .../com/android/server/accounts/AccountManagerService.java | 5 +++++ 2 files changed, 12 insertions(+) diff --git a/core/java/android/accounts/Account.java b/core/java/android/accounts/Account.java index 9a18880a353ba..965b6e0a02cd4 100644 --- a/core/java/android/accounts/Account.java +++ b/core/java/android/accounts/Account.java @@ -30,6 +30,7 @@ import com.android.internal.annotations.GuardedBy; +import java.util.Objects; import java.util.Set; /** @@ -85,6 +86,12 @@ public Account(String name, String type, String accessId) { if (TextUtils.isEmpty(type)) { throw new IllegalArgumentException("the type must not be empty: " + type); } + if (name.length() > 200) { + throw new IllegalArgumentException("account name is longer than 200 characters"); + } + if (type.length() > 200) { + throw new IllegalArgumentException("account type is longer than 200 characters"); + } this.name = name; this.type = type; this.accessId = accessId; diff --git a/services/core/java/com/android/server/accounts/AccountManagerService.java b/services/core/java/com/android/server/accounts/AccountManagerService.java index 9c25412f0c839..4df1bb5a156fb 100644 --- a/services/core/java/com/android/server/accounts/AccountManagerService.java +++ b/services/core/java/com/android/server/accounts/AccountManagerService.java @@ -1821,6 +1821,11 @@ private boolean addAccountInternal(UserAccounts accounts, Account account, Strin + ", skipping since the account already exists"); return false; } + if (accounts.accountsDb.findAllDeAccounts().size() > 100) { + Log.w(TAG, "insertAccountIntoDatabase: " + account.toSafeString() + + ", skipping since more than 50 accounts on device exist"); + return false; + } long accountId = accounts.accountsDb.insertCeAccount(account, password); if (accountId < 0) { Log.w(TAG, "insertAccountIntoDatabase: " + account.toSafeString() From 9e3cc1031a67348757f0576e0f1a16f89b6d4721 Mon Sep 17 00:00:00 2001 From: Jeff DeCew Date: Thu, 21 Oct 2021 19:48:19 +0000 Subject: [PATCH 04/21] Allow forcing status bar state changes and do so when the screen turns off. This adds a force flag, which we will use when turning the screen off to make sure that all UI components are reset to the SHADE state regardless. Bug: 189575031 Test: make a call; lock screen; pull down shade Merged-In: I79baeb71ac5d1ed45602ac55cdca996b3bed0ac3 Change-Id: I79baeb71ac5d1ed45602ac55cdca996b3bed0ac3 (cherry picked from commit 9be6207510c2e39e2899a9ce7a93fb09f83134c6) Merged-In:I79baeb71ac5d1ed45602ac55cdca996b3bed0ac3 --- .../statusbar/StatusBarStateControllerImpl.java | 4 ++-- .../statusbar/SysuiStatusBarStateController.java | 14 +++++++++++++- .../systemui/statusbar/phone/StatusBar.java | 13 +++++++++---- .../systemui/statusbar/phone/StatusBarTest.java | 6 ++++-- 4 files changed, 28 insertions(+), 9 deletions(-) diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/StatusBarStateControllerImpl.java b/packages/SystemUI/src/com/android/systemui/statusbar/StatusBarStateControllerImpl.java index 2bef355d59f31..e0e603f7514d7 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/StatusBarStateControllerImpl.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/StatusBarStateControllerImpl.java @@ -134,11 +134,11 @@ public int getState() { } @Override - public boolean setState(int state) { + public boolean setState(int state, boolean force) { if (state > MAX_STATE || state < MIN_STATE) { throw new IllegalArgumentException("Invalid state " + state); } - if (state == mState) { + if (!force && state == mState) { return false; } diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/SysuiStatusBarStateController.java b/packages/SystemUI/src/com/android/systemui/statusbar/SysuiStatusBarStateController.java index 07b35502478f5..fc40077810ff1 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/SysuiStatusBarStateController.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/SysuiStatusBarStateController.java @@ -58,7 +58,19 @@ public interface SysuiStatusBarStateController extends StatusBarStateController * @param state see {@link StatusBarState} for valid options * @return {@code true} if the state changed, else {@code false} */ - boolean setState(int state); + default boolean setState(int state) { + return setState(state, false /* force */); + } + + /** + * Update the status bar state + * @param state see {@link StatusBarState} for valid options + * @param force whether to set the state even if it's the same as the current state. This will + * dispatch the state to all StatusBarStateListeners, ensuring that all listening + * components are reset to this state. + * @return {@code true} if the state was changed or set forcefully + */ + boolean setState(int state, boolean force); /** * Update the dozing state from {@link StatusBar}'s perspective diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java b/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java index da2f381d2e741..191335a13b60e 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java @@ -4010,6 +4010,10 @@ public boolean isFullScreenUserSwitcherState() { } boolean updateIsKeyguard() { + return updateIsKeyguard(false /* force */); + } + + boolean updateIsKeyguard(boolean force) { boolean wakeAndUnlocking = mBiometricUnlockController.getMode() == BiometricUnlockController.MODE_WAKE_AND_UNLOCK; @@ -4032,7 +4036,7 @@ boolean updateIsKeyguard() { showKeyguardImpl(); } } else { - return hideKeyguardImpl(); + return hideKeyguardImpl(force); } return false; } @@ -4163,11 +4167,11 @@ private void runLaunchTransitionEndRunnable() { /** * @return true if we would like to stay in the shade, false if it should go away entirely */ - public boolean hideKeyguardImpl() { + public boolean hideKeyguardImpl(boolean force) { mIsKeyguard = false; Trace.beginSection("StatusBar#hideKeyguard"); boolean staying = mStatusBarStateController.leaveOpenOnKeyguardHide(); - if (!(mStatusBarStateController.setState(StatusBarState.SHADE))) { + if (!(mStatusBarStateController.setState(StatusBarState.SHADE, force))) { //TODO: StatusBarStateController should probably know about hiding the keyguard and // notify listeners. @@ -4620,7 +4624,8 @@ public void onFinishedGoingToSleep() { // is correct. mHandler.post(() -> onCameraLaunchGestureDetected(mLastCameraLaunchSource)); } - updateIsKeyguard(); + // When finished going to sleep, force the status bar state to avoid stale state. + updateIsKeyguard(true /* force */); } @Override diff --git a/packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/StatusBarTest.java b/packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/StatusBarTest.java index 5a08c9ca017b8..d528f209cd1ca 100644 --- a/packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/StatusBarTest.java +++ b/packages/SystemUI/tests/src/com/android/systemui/statusbar/phone/StatusBarTest.java @@ -809,12 +809,14 @@ public void testShowKeyguardImplementation_setsState() { // By default, showKeyguardImpl sets state to KEYGUARD. mStatusBar.showKeyguardImpl(); - verify(mStatusBarStateController).setState(eq(StatusBarState.KEYGUARD)); + verify(mStatusBarStateController).setState( + eq(StatusBarState.KEYGUARD), eq(false) /* force */); // If useFullscreenUserSwitcher is true, state is set to FULLSCREEN_USER_SWITCHER. when(mUserSwitcherController.useFullscreenUserSwitcher()).thenReturn(true); mStatusBar.showKeyguardImpl(); - verify(mStatusBarStateController).setState(eq(StatusBarState.FULLSCREEN_USER_SWITCHER)); + verify(mStatusBarStateController).setState( + eq(StatusBarState.FULLSCREEN_USER_SWITCHER), eq(false) /* force */); } @Test From a5019f98fa33e4c192c19f3b43bcad6f1c7339dd Mon Sep 17 00:00:00 2001 From: Varun Shah Date: Mon, 8 Nov 2021 17:27:32 -0800 Subject: [PATCH 05/21] Update deletion conditions for a package's UsageStats. If a profile owner is defined for a specific user, do not delete usage stats for a package on package deletion. Bug: 197399948 Test: atest UsageStatsTest [all] Change-Id: I94a8e3dfca8ef4c7616f77944d61726e06043b85 Merged-In: I94a8e3dfca8ef4c7616f77944d61726e06043b85 (cherry picked from commit d95ce6779da8410c5835385cb5785fb5b3a51d83) Merged-In:I94a8e3dfca8ef4c7616f77944d61726e06043b85 --- .../admin/DevicePolicyManagerInternal.java | 8 ++++++ .../DevicePolicyManagerService.java | 7 +++++ .../server/usage/UsageStatsService.java | 26 +++++++++++++++---- .../server/usage/UserUsageStatsService.java | 10 ++++--- 4 files changed, 42 insertions(+), 9 deletions(-) diff --git a/core/java/android/app/admin/DevicePolicyManagerInternal.java b/core/java/android/app/admin/DevicePolicyManagerInternal.java index d24694faff930..60cb563cca3df 100644 --- a/core/java/android/app/admin/DevicePolicyManagerInternal.java +++ b/core/java/android/app/admin/DevicePolicyManagerInternal.java @@ -16,6 +16,7 @@ package android.app.admin; +import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.content.ComponentName; @@ -76,6 +77,13 @@ public interface OnCrossProfileWidgetProvidersChangeListener { public abstract void addOnCrossProfileWidgetProvidersChangeListener( OnCrossProfileWidgetProvidersChangeListener listener); + /** + * @param userHandle the handle of the user whose profile owner is being fetched. + * @return the configured supervision app if it exists and is the device owner or policy owner. + */ + public abstract @Nullable ComponentName getProfileOwnerOrDeviceOwnerSupervisionComponent( + @NonNull UserHandle userHandle); + /** * Checks if an app with given uid is an active device admin of its user and has the policy * specified. diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index ad23be33dbd55..64d6d77ad525e 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -12509,6 +12509,13 @@ public void addOnCrossProfileWidgetProvidersChangeListener( } } + @Override + public @Nullable ComponentName getProfileOwnerOrDeviceOwnerSupervisionComponent( + @NonNull UserHandle userHandle) { + return DevicePolicyManagerService.this.getProfileOwnerOrDeviceOwnerSupervisionComponent( + userHandle); + } + @Override public boolean isActiveAdminWithPolicy(int uid, int reqPolicy) { synchronized (getLockObject()) { diff --git a/services/usage/java/com/android/server/usage/UsageStatsService.java b/services/usage/java/com/android/server/usage/UsageStatsService.java index a5b676012ea97..a54f263c32ae3 100644 --- a/services/usage/java/com/android/server/usage/UsageStatsService.java +++ b/services/usage/java/com/android/server/usage/UsageStatsService.java @@ -339,6 +339,7 @@ private void onUserUnlocked(int userId) { if (userId == UserHandle.USER_SYSTEM) { UsageStatsIdleService.scheduleUpdateMappingsJob(getContext()); } + final boolean deleteObsoleteData = shouldDeleteObsoleteData(UserHandle.of(userId)); synchronized (mLock) { // Create a user unlocked event to report final Event unlockEvent = new Event(USER_UNLOCKED, SystemClock.elapsedRealtime()); @@ -356,7 +357,7 @@ private void onUserUnlocked(int userId) { boolean needToFlush = !pendingEvents.isEmpty(); initializeUserUsageStatsServiceLocked(userId, System.currentTimeMillis(), - installedPackages); + installedPackages, deleteObsoleteData); mUserUnlockedStates.put(userId, true); final UserUsageStatsService userService = getUserUsageStatsServiceLocked(userId); if (userService == null) { @@ -551,13 +552,13 @@ private UserUsageStatsService getUserUsageStatsServiceLocked(int userId) { * when the user is initially unlocked. */ private void initializeUserUsageStatsServiceLocked(int userId, long currentTimeMillis, - HashMap installedPackages) { + HashMap installedPackages, boolean deleteObsoleteData) { final File usageStatsDir = new File(Environment.getDataSystemCeDirectory(userId), "usagestats"); final UserUsageStatsService service = new UserUsageStatsService(getContext(), userId, usageStatsDir, this); try { - service.init(currentTimeMillis, installedPackages); + service.init(currentTimeMillis, installedPackages, deleteObsoleteData); mUserState.put(userId, service); } catch (Exception e) { if (mUserManager.isUserUnlocked(userId)) { @@ -1029,6 +1030,10 @@ private boolean pruneUninstalledPackagesData(int userId) { * Called by the Binder stub. */ private boolean updatePackageMappingsData() { + // don't update the mappings if a profile user is defined + if (!shouldDeleteObsoleteData(UserHandle.SYSTEM)) { + return true; // return true so job scheduler doesn't reschedule the job + } // fetch the installed packages outside the lock so it doesn't block package manager. final HashMap installedPkgs = getInstalledPackages(UserHandle.USER_SYSTEM); synchronized (mLock) { @@ -1154,6 +1159,13 @@ UsageEvents queryEventsForPackage(int userId, long beginTime, long endTime, } } + private boolean shouldDeleteObsoleteData(UserHandle userHandle) { + final DevicePolicyManagerInternal dpmInternal = getDpmInternal(); + // If a profile owner is not defined for the given user, obsolete data should be deleted + return dpmInternal == null + || dpmInternal.getProfileOwnerOrDeviceOwnerSupervisionComponent(userHandle) == null; + } + private String buildFullToken(String packageName, String token) { final StringBuilder sb = new StringBuilder(packageName.length() + token.length() + 1); sb.append(packageName); @@ -2324,8 +2336,12 @@ public boolean updatePackageMappingsData() { private class MyPackageMonitor extends PackageMonitor { @Override public void onPackageRemoved(String packageName, int uid) { - mHandler.obtainMessage(MSG_PACKAGE_REMOVED, getChangingUserId(), 0, packageName) - .sendToTarget(); + final int changingUserId = getChangingUserId(); + // Only remove the package's data if a profile owner is not defined for the user + if (shouldDeleteObsoleteData(UserHandle.of(changingUserId))) { + mHandler.obtainMessage(MSG_PACKAGE_REMOVED, changingUserId, 0, packageName) + .sendToTarget(); + } super.onPackageRemoved(packageName, uid); } } diff --git a/services/usage/java/com/android/server/usage/UserUsageStatsService.java b/services/usage/java/com/android/server/usage/UserUsageStatsService.java index 26de11af6f4e9..0a5adc8e61d44 100644 --- a/services/usage/java/com/android/server/usage/UserUsageStatsService.java +++ b/services/usage/java/com/android/server/usage/UserUsageStatsService.java @@ -115,8 +115,9 @@ interface StatsUpdatedListener { mSystemTimeSnapshot = System.currentTimeMillis(); } - void init(final long currentTimeMillis, HashMap installedPackages) { - readPackageMappingsLocked(installedPackages); + void init(final long currentTimeMillis, HashMap installedPackages, + boolean deleteObsoleteData) { + readPackageMappingsLocked(installedPackages, deleteObsoleteData); mDatabase.init(currentTimeMillis); if (mDatabase.wasUpgradePerformed()) { mDatabase.prunePackagesDataOnUpgrade(installedPackages); @@ -180,12 +181,13 @@ int onPackageRemoved(String packageName, long timeRemoved) { return mDatabase.onPackageRemoved(packageName, timeRemoved); } - private void readPackageMappingsLocked(HashMap installedPackages) { + private void readPackageMappingsLocked(HashMap installedPackages, + boolean deleteObsoleteData) { mDatabase.readMappingsLocked(); // Package mappings for the system user are updated after 24 hours via a job scheduled by // UsageStatsIdleService to ensure restored data is not lost on first boot. Additionally, // this makes user service initialization a little quicker on subsequent boots. - if (mUserId != UserHandle.USER_SYSTEM) { + if (mUserId != UserHandle.USER_SYSTEM && deleteObsoleteData) { updatePackageMappingsLocked(installedPackages); } } From 3931799c0e9f801bddcea729efc52f5ffcd5bb6a Mon Sep 17 00:00:00 2001 From: Dave Mankoff Date: Mon, 15 Nov 2021 19:21:44 +0000 Subject: [PATCH 06/21] RESTRICT AUTOMERGE Remove line of code that was mistakently left in. This line was removed in O, S, & P, but somehow survived in the Q and R branches. Bug: 193444889 Merged-In: I56589865427b10e2eab68e1ed2e7c290572a9edc Change-Id: I56589865427b10e2eab68e1ed2e7c290572a9edc (cherry picked from commit 1b13bc873c7682847cdfa904f754ebc327eb180b) Merged-In:I56589865427b10e2eab68e1ed2e7c290572a9edc --- .../com/android/systemui/shared/plugins/PluginManagerImpl.java | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/SystemUI/shared/src/com/android/systemui/shared/plugins/PluginManagerImpl.java b/packages/SystemUI/shared/src/com/android/systemui/shared/plugins/PluginManagerImpl.java index 4e70cfc1a18a6..66dcfdd9b47a2 100644 --- a/packages/SystemUI/shared/src/com/android/systemui/shared/plugins/PluginManagerImpl.java +++ b/packages/SystemUI/shared/src/com/android/systemui/shared/plugins/PluginManagerImpl.java @@ -201,7 +201,6 @@ private void startListening() { filter.addAction(DISABLE_PLUGIN); filter.addDataScheme("package"); mContext.registerReceiver(this, filter, PluginInstanceManager.PLUGIN_PERMISSION, null); - mContext.registerReceiver(this, filter); filter = new IntentFilter(Intent.ACTION_USER_UNLOCKED); mContext.registerReceiver(this, filter); } From ea3d355a4b6c94643ebb5fe805c131520588fe8e Mon Sep 17 00:00:00 2001 From: Matt Pietal Date: Mon, 4 Oct 2021 15:33:14 -0400 Subject: [PATCH 07/21] [DO NOT MERGE] Controls - Do not recreate intent Recreating the control's intent in SystemUI can be exploited to launch Intent's with SystemUI's privileges, rather than what is limited to the application. Use the fillInIntent parameter to supply additional parameters to the application. Bug: 193445603 Test: Follow directions in bug to retest Change-Id: Ib2b0342af85679c0514fb4d88530376b58e6e12a Merged-In: (cherry picked from commit 0e120a5d4f8998e343f3c8106081037017613082) (cherry picked from commit d7b16dd2a56035b2feec9f39d6d461fd551317eb) Merged-In:Ib2b0342af85679c0514fb4d88530376b58e6e12a --- .../ui/ControlActionCoordinatorImpl.kt | 13 ++-- .../systemui/controls/ui/DetailDialog.kt | 32 +++++--- .../systemui/controls/ui/DetailDialogTest.kt | 74 +++++++++++++++++++ 3 files changed, 102 insertions(+), 17 deletions(-) create mode 100644 packages/SystemUI/tests/src/com/android/systemui/controls/ui/DetailDialogTest.kt diff --git a/packages/SystemUI/src/com/android/systemui/controls/ui/ControlActionCoordinatorImpl.kt b/packages/SystemUI/src/com/android/systemui/controls/ui/ControlActionCoordinatorImpl.kt index e15380b42a78f..f6b420ba57f3c 100644 --- a/packages/SystemUI/src/com/android/systemui/controls/ui/ControlActionCoordinatorImpl.kt +++ b/packages/SystemUI/src/com/android/systemui/controls/ui/ControlActionCoordinatorImpl.kt @@ -17,6 +17,7 @@ package com.android.systemui.controls.ui import android.app.Dialog +import android.app.PendingIntent import android.content.Context import android.content.Intent import android.content.pm.PackageManager @@ -74,7 +75,7 @@ class ControlActionCoordinatorImpl @Inject constructor( bouncerOrRun(Action(cvh.cws.ci.controlId, { cvh.layout.performHapticFeedback(HapticFeedbackConstants.CONTEXT_CLICK) if (cvh.usePanel()) { - showDialog(cvh, control.getAppIntent().getIntent()) + showDetail(cvh, control.getAppIntent()) } else { cvh.action(CommandAction(templateId)) } @@ -100,7 +101,7 @@ class ControlActionCoordinatorImpl @Inject constructor( // Long press snould only be called when there is valid control state, otherwise ignore cvh.cws.control?.let { cvh.layout.performHapticFeedback(HapticFeedbackConstants.LONG_PRESS) - showDialog(cvh, it.getAppIntent().getIntent()) + showDetail(cvh, it.getAppIntent()) } }, false /* blockable */)) } @@ -155,17 +156,17 @@ class ControlActionCoordinatorImpl @Inject constructor( bgExecutor.execute { vibrator.vibrate(effect) } } - private fun showDialog(cvh: ControlViewHolder, intent: Intent) { + private fun showDetail(cvh: ControlViewHolder, pendingIntent: PendingIntent) { bgExecutor.execute { - val activities: List = cvh.context.packageManager.queryIntentActivities( - intent, + val activities: List = context.packageManager.queryIntentActivities( + pendingIntent.getIntent(), PackageManager.MATCH_DEFAULT_ONLY ) uiExecutor.execute { // make sure the intent is valid before attempting to open the dialog if (activities.isNotEmpty()) { - dialog = DetailDialog(cvh, intent).also { + dialog = DetailDialog(cvh, pendingIntent).also { it.setOnDismissListener { _ -> dialog = null } it.show() } diff --git a/packages/SystemUI/src/com/android/systemui/controls/ui/DetailDialog.kt b/packages/SystemUI/src/com/android/systemui/controls/ui/DetailDialog.kt index 9ec14523a8093..a7f7eb7ffb440 100644 --- a/packages/SystemUI/src/com/android/systemui/controls/ui/DetailDialog.kt +++ b/packages/SystemUI/src/com/android/systemui/controls/ui/DetailDialog.kt @@ -16,8 +16,11 @@ package com.android.systemui.controls.ui +import android.app.ActivityOptions import android.app.ActivityView +import android.app.PendingIntent import android.app.Dialog +import android.content.ComponentName import android.content.Intent import android.provider.Settings import android.view.View @@ -37,9 +40,8 @@ import com.android.systemui.R */ class DetailDialog( val cvh: ControlViewHolder, - val intent: Intent + val pendingIntent: PendingIntent ) : Dialog(cvh.context, R.style.Theme_SystemUI_Dialog_Control_DetailPanel) { - companion object { private const val PANEL_TOP_OFFSET = "systemui.controls_panel_top_offset" /* @@ -49,18 +51,19 @@ class DetailDialog( private const val EXTRA_USE_PANEL = "controls.DISPLAY_IN_PANEL" } + private val fillInIntent = Intent().apply { + putExtra(EXTRA_USE_PANEL, true) + + // Apply flags to make behaviour match documentLaunchMode=always. + addFlags(Intent.FLAG_ACTIVITY_NEW_DOCUMENT) + addFlags(Intent.FLAG_ACTIVITY_MULTIPLE_TASK) + } + var activityView = ActivityView(context, null, 0, false) val stateCallback: ActivityView.StateCallback = object : ActivityView.StateCallback() { override fun onActivityViewReady(view: ActivityView) { - val launchIntent = Intent(intent) - launchIntent.putExtra(EXTRA_USE_PANEL, true) - - // Apply flags to make behaviour match documentLaunchMode=always. - launchIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_DOCUMENT) - launchIntent.addFlags(Intent.FLAG_ACTIVITY_MULTIPLE_TASK) - - view.startActivity(launchIntent) + view.startActivity(pendingIntent, fillInIntent, ActivityOptions.makeBasic()) } override fun onActivityViewDestroyed(view: ActivityView) {} @@ -68,6 +71,12 @@ class DetailDialog( override fun onTaskRemovalStarted(taskId: Int) { dismiss() } + + override fun onTaskCreated(taskId: Int, name: ComponentName?) { + requireViewById(R.id.controls_activity_view).apply { + setAlpha(1f) + } + } } init { @@ -76,6 +85,7 @@ class DetailDialog( requireViewById(R.id.controls_activity_view).apply { addView(activityView) + setAlpha(0f) } requireViewById(R.id.control_detail_close).apply { @@ -86,7 +96,7 @@ class DetailDialog( setOnClickListener { v: View -> dismiss() context.sendBroadcast(Intent(Intent.ACTION_CLOSE_SYSTEM_DIALOGS)) - v.context.startActivity(intent) + pendingIntent.send() } } diff --git a/packages/SystemUI/tests/src/com/android/systemui/controls/ui/DetailDialogTest.kt b/packages/SystemUI/tests/src/com/android/systemui/controls/ui/DetailDialogTest.kt new file mode 100644 index 0000000000000..0ad03d2b41b3b --- /dev/null +++ b/packages/SystemUI/tests/src/com/android/systemui/controls/ui/DetailDialogTest.kt @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.systemui.controls.ui + +import android.app.ActivityView +import android.app.PendingIntent +import android.testing.AndroidTestingRunner +import android.testing.TestableLooper +import androidx.test.filters.SmallTest +import com.android.systemui.SysuiTestCase +import com.android.systemui.util.mockito.capture +import org.junit.Before +import org.junit.Test +import org.junit.runner.RunWith +import org.mockito.ArgumentCaptor +import org.mockito.ArgumentMatchers.eq +import org.mockito.Captor +import org.mockito.Mock +import org.mockito.Mockito.any +import org.mockito.Mockito.verify +import org.mockito.MockitoAnnotations + +@SmallTest +@RunWith(AndroidTestingRunner::class) +@TestableLooper.RunWithLooper +class DetailDialogTest : SysuiTestCase() { + + @Mock + private lateinit var activityView: ActivityView + @Mock + private lateinit var controlViewHolder: ControlViewHolder + @Mock + private lateinit var pendingIntent: PendingIntent + @Captor + private lateinit var viewCaptor: ArgumentCaptor + + @Before + fun setUp() { + MockitoAnnotations.initMocks(this) + } + + @Test + fun testPendingIntentIsUnModified() { + // GIVEN the dialog is created with a PendingIntent + val dialog = createDialog(pendingIntent) + + // WHEN the ActivityView is initialized + dialog.stateCallback.onActivityViewReady(capture(viewCaptor)) + + // THEN the PendingIntent used to call startActivity is unmodified by systemui + verify(viewCaptor.value).startActivity(eq(pendingIntent), any(), any()) + } + + private fun createDialog(pendingIntent: PendingIntent): DetailDialog { + return DetailDialog( + controlViewHolder, + pendingIntent + ) + } +} From a3b2c1042e23a36405c42f20e7c0dd671c2ee870 Mon Sep 17 00:00:00 2001 From: Hai Zhang Date: Wed, 30 Dec 2020 18:30:25 -0800 Subject: [PATCH 08/21] DO NOT MERGE Re-implement reading/writing Throwables from/to Parcel, without Parcel private APIs. Bug:197228210 Test: atest CtsSecurityTestCases:android.security.cts.AndroidFutureTest (cherry picked from I577da5a3bc4ed537123b7eceaa5addf8f7bb0d92 and Icc5ce702f0cd84e9136dee3c65f63619df697358) Change-Id: I1d488c475f2f7af835a67496535cecdd6987c0cf (cherry picked from commit 562f1bd91f2845788ab907d687de6800ee49c6f8) Merged-In:I1d488c475f2f7af835a67496535cecdd6987c0cf --- .../android/internal/infra/AndroidFuture.java | 116 ++++++++++++------ .../internal/infra/ServiceConnector.java | 28 ++--- 2 files changed, 86 insertions(+), 58 deletions(-) diff --git a/core/java/com/android/internal/infra/AndroidFuture.java b/core/java/com/android/internal/infra/AndroidFuture.java index 9f15d8991fa74..84391c1699415 100644 --- a/core/java/com/android/internal/infra/AndroidFuture.java +++ b/core/java/com/android/internal/infra/AndroidFuture.java @@ -16,23 +16,21 @@ package com.android.internal.infra; -import static com.android.internal.util.ConcurrentUtils.DIRECT_EXECUTOR; - import android.annotation.CallSuper; import android.annotation.NonNull; import android.annotation.Nullable; import android.os.Handler; -import android.os.Message; +import android.os.Looper; import android.os.Parcel; import android.os.Parcelable; import android.os.RemoteException; -import android.util.ExceptionUtils; +import android.util.EventLog; import android.util.Log; import com.android.internal.annotations.GuardedBy; import com.android.internal.util.Preconditions; -import com.android.internal.util.function.pooled.PooledLambda; +import java.lang.reflect.Constructor; import java.util.concurrent.CancellationException; import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionStage; @@ -75,14 +73,16 @@ public class AndroidFuture extends CompletableFuture implements Parcelable private static final boolean DEBUG = false; private static final String LOG_TAG = AndroidFuture.class.getSimpleName(); + private static final Executor DIRECT_EXECUTOR = Runnable::run; private static final StackTraceElement[] EMPTY_STACK_TRACE = new StackTraceElement[0]; + private static @Nullable Handler sMainHandler; private final @NonNull Object mLock = new Object(); @GuardedBy("mLock") private @Nullable BiConsumer mListener; @GuardedBy("mLock") private @Nullable Executor mListenerExecutor = DIRECT_EXECUTOR; - private @NonNull Handler mTimeoutHandler = Handler.getMain(); + private @NonNull Handler mTimeoutHandler = getMainHandler(); private final @Nullable IAndroidFuture mRemoteOrigin; public AndroidFuture() { @@ -96,7 +96,7 @@ public AndroidFuture() { // Done if (in.readBoolean()) { // Failed - completeExceptionally(unparcelException(in)); + completeExceptionally(readThrowable(in)); } else { // Success complete((T) in.readValue(null)); @@ -108,6 +108,15 @@ public AndroidFuture() { } } + @NonNull + private static Handler getMainHandler() { + // This isn't thread-safe but we are okay with it. + if (sMainHandler == null) { + sMainHandler = new Handler(Looper.getMainLooper()); + } + return sMainHandler; + } + /** * Create a completed future with the given value. * @@ -236,9 +245,7 @@ private void callListenerAsync(BiConsumer listener if (mListenerExecutor == DIRECT_EXECUTOR) { callListener(listener, res, err); } else { - mListenerExecutor.execute(PooledLambda - .obtainRunnable(AndroidFuture::callListener, listener, res, err) - .recycleOnUse()); + mListenerExecutor.execute(() -> callListener(listener, res, err)); } } @@ -260,7 +267,8 @@ static void callListener( } else { // listener exception-case threw // give up on listener but preserve the original exception when throwing up - throw ExceptionUtils.appendCause(t, err); + t.addSuppressed(err); + throw t; } } } catch (Throwable t2) { @@ -272,9 +280,7 @@ static void callListener( /** @inheritDoc */ //@Override //TODO uncomment once java 9 APIs are exposed to frameworks public AndroidFuture orTimeout(long timeout, @NonNull TimeUnit unit) { - Message msg = PooledLambda.obtainMessage(AndroidFuture::triggerTimeout, this); - msg.obj = this; - mTimeoutHandler.sendMessageDelayed(msg, unit.toMillis(timeout)); + mTimeoutHandler.postDelayed(this::triggerTimeout, this, unit.toMillis(timeout)); return this; } @@ -507,7 +513,7 @@ public void writeToParcel(Parcel dest, int flags) { result = get(); } catch (Throwable t) { dest.writeBoolean(true); - parcelException(dest, unwrapExecutionException(t)); + writeThrowable(dest, unwrapExecutionException(t)); return; } dest.writeBoolean(false); @@ -545,45 +551,75 @@ Throwable unwrapExecutionException(Throwable t) { * Alternative to {@link Parcel#writeException} that stores the stack trace, in a * way consistent with the binder IPC exception propagation behavior. */ - private static void parcelException(Parcel p, @Nullable Throwable t) { - p.writeBoolean(t == null); - if (t == null) { + private static void writeThrowable(@NonNull Parcel parcel, @Nullable Throwable throwable) { + boolean hasThrowable = throwable != null; + parcel.writeBoolean(hasThrowable); + if (!hasThrowable) { + return; + } + + boolean isFrameworkParcelable = throwable instanceof Parcelable + && throwable.getClass().getClassLoader() == Parcelable.class.getClassLoader(); + parcel.writeBoolean(isFrameworkParcelable); + if (isFrameworkParcelable) { + parcel.writeParcelable((Parcelable) throwable, + Parcelable.PARCELABLE_WRITE_RETURN_VALUE); return; } - p.writeInt(Parcel.getExceptionCode(t)); - p.writeString(t.getClass().getName()); - p.writeString(t.getMessage()); - p.writeStackTrace(t); - parcelException(p, t.getCause()); + parcel.writeString(throwable.getClass().getName()); + parcel.writeString(throwable.getMessage()); + StackTraceElement[] stackTrace = throwable.getStackTrace(); + StringBuilder stackTraceBuilder = new StringBuilder(); + int truncatedStackTraceLength = Math.min(stackTrace != null ? stackTrace.length : 0, 5); + for (int i = 0; i < truncatedStackTraceLength; i++) { + if (i > 0) { + stackTraceBuilder.append('\n'); + } + stackTraceBuilder.append("\tat ").append(stackTrace[i]); + } + parcel.writeString(stackTraceBuilder.toString()); + writeThrowable(parcel, throwable.getCause()); } /** - * @see #parcelException + * @see #writeThrowable */ - private static @Nullable Throwable unparcelException(Parcel p) { - if (p.readBoolean()) { + private static @Nullable Throwable readThrowable(@NonNull Parcel parcel) { + final boolean hasThrowable = parcel.readBoolean(); + if (!hasThrowable) { return null; } - int exCode = p.readInt(); - String cls = p.readString(); - String msg = p.readString(); - String stackTrace = p.readInt() > 0 ? p.readString() : "\t"; - msg += "\n" + stackTrace; - - Exception ex = p.createExceptionOrNull(exCode, msg); - if (ex == null) { - ex = new RuntimeException(cls + ": " + msg); + boolean isFrameworkParcelable = parcel.readBoolean(); + if (isFrameworkParcelable) { + return parcel.readParcelable(Parcelable.class.getClassLoader()); } - ex.setStackTrace(EMPTY_STACK_TRACE); - Throwable cause = unparcelException(p); + String className = parcel.readString(); + String message = parcel.readString(); + String stackTrace = parcel.readString(); + String messageWithStackTrace = message + '\n' + stackTrace; + Throwable throwable; + try { + Class clazz = Class.forName(className, true, Parcelable.class.getClassLoader()); + if (Throwable.class.isAssignableFrom(clazz)) { + Constructor constructor = clazz.getConstructor(String.class); + throwable = (Throwable) constructor.newInstance(messageWithStackTrace); + } else { + android.util.EventLog.writeEvent(0x534e4554, "186530450", -1, ""); + throwable = new RuntimeException(className + ": " + messageWithStackTrace); + } + } catch (Throwable t) { + throwable = new RuntimeException(className + ": " + messageWithStackTrace); + throwable.addSuppressed(t); + } + throwable.setStackTrace(EMPTY_STACK_TRACE); + Throwable cause = readThrowable(parcel); if (cause != null) { - ex.initCause(ex); + throwable.initCause(cause); } - - return ex; + return throwable; } @Override diff --git a/core/java/com/android/internal/infra/ServiceConnector.java b/core/java/com/android/internal/infra/ServiceConnector.java index 167d128a76f80..89869389cb597 100644 --- a/core/java/com/android/internal/infra/ServiceConnector.java +++ b/core/java/com/android/internal/infra/ServiceConnector.java @@ -26,14 +26,11 @@ import android.os.Handler; import android.os.IBinder; import android.os.IInterface; +import android.os.Looper; import android.os.RemoteException; import android.os.UserHandle; -import android.text.TextUtils; -import android.util.DebugUtils; import android.util.Log; -import com.android.internal.util.function.pooled.PooledLambda; - import java.io.PrintWriter; import java.util.ArrayDeque; import java.util.ArrayList; @@ -47,7 +44,6 @@ import java.util.function.BiConsumer; import java.util.function.Function; - /** * Takes care of managing a {@link ServiceConnection} and auto-disconnecting from the service upon * a certain timeout. @@ -220,6 +216,7 @@ class Impl extends ArrayDeque> private final @NonNull Queue> mQueue = this; private final @NonNull List> mUnfinishedJobs = new ArrayList<>(); + private final @NonNull Handler mMainHandler = new Handler(Looper.getMainLooper()); private final @NonNull ServiceConnection mServiceConnection = this; private final @NonNull Runnable mTimeoutDisconnect = this; @@ -250,9 +247,8 @@ class Impl extends ArrayDeque> * {@link IInterface}. * Typically this is {@code IMyInterface.Stub::asInterface} */ - public Impl(@NonNull Context context, @NonNull Intent intent, - @Context.BindServiceFlags int bindingFlags, @UserIdInt int userId, - @Nullable Function binderAsInterface) { + public Impl(@NonNull Context context, @NonNull Intent intent, int bindingFlags, + @UserIdInt int userId, @Nullable Function binderAsInterface) { mContext = context; mIntent = intent; mBindingFlags = bindingFlags; @@ -264,7 +260,7 @@ public Impl(@NonNull Context context, @NonNull Intent intent, * {@link Handler} on which {@link Job}s will be called */ protected Handler getJobHandler() { - return Handler.getMain(); + return mMainHandler; } /** @@ -391,8 +387,7 @@ private void enqueue(@NonNull CompletionAwareJob task) { private boolean enqueue(@NonNull Job job) { cancelTimeout(); - return getJobHandler().sendMessage(PooledLambda.obtainMessage( - ServiceConnector.Impl::enqueueJobThread, this, job)); + return getJobHandler().post(() -> enqueueJobThread(job)); } void enqueueJobThread(@NonNull Job job) { @@ -422,7 +417,7 @@ private void cancelTimeout() { if (DEBUG) { logTrace(); } - Handler.getMain().removeCallbacks(mTimeoutDisconnect); + mMainHandler.removeCallbacks(mTimeoutDisconnect); } void completeExceptionally(@NonNull Job job, @NonNull Throwable ex) { @@ -486,7 +481,7 @@ private void scheduleUnbindTimeout() { } long timeout = getAutoDisconnectTimeoutMs(); if (timeout > 0) { - Handler.getMain().postDelayed(mTimeoutDisconnect, timeout); + mMainHandler.postDelayed(mTimeoutDisconnect, timeout); } else if (DEBUG) { Log.i(LOG_TAG, "Not scheduling unbind for permanently bound " + this); } @@ -502,7 +497,7 @@ public void unbind() { logTrace(); } mUnbinding = true; - getJobHandler().sendMessage(PooledLambda.obtainMessage(Impl::unbindJobThread, this)); + getJobHandler().post(this::unbindJobThread); } void unbindJobThread() { @@ -659,10 +654,7 @@ private String stateToString() { } private void logTrace() { - Log.i(LOG_TAG, - TextUtils.join(" -> ", - DebugUtils.callersWithin(ServiceConnector.class, /* offset= */ 1)) - + "(" + this + ")"); + Log.i(LOG_TAG, "See stacktrace", new Throwable()); } /** From f4e588463dfef94dea571c196c001919641b2a23 Mon Sep 17 00:00:00 2001 From: Tomasz Wasilczyk Date: Tue, 26 Jan 2021 08:46:31 -0800 Subject: [PATCH 09/21] Don't crash if default supervision profile owner is not set Bug: 175430552 Bug: 197399948 Test: build, flash, watch logcat Change-Id: If441946fa278c04ae88122f6243f5a7dedd96ebc Merged-In: If441946fa278c04ae88122f6243f5a7dedd96ebc (cherry picked from commit bd27c365915f824824d865668c63a2119c4700fb) (cherry picked from commit bcb5ee6f43ea24fb74649f164ca3c3032a7be3b5) (cherry picked from commit b5fa0a6c5e96c420c1f6d808be603c4579f9a1ba) Merged-In:If441946fa278c04ae88122f6243f5a7dedd96ebc --- .../server/devicepolicy/DevicePolicyManagerService.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 64d6d77ad525e..61640aa567461 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -9424,6 +9424,9 @@ && isProfileOwnerOfOrganizationOwnedDevice(userInfo.id)) { final ComponentName doComponent = mOwners.getDeviceOwnerComponent(); final ComponentName poComponent = mOwners.getProfileOwnerComponent(userHandle.getIdentifier()); + if (supervisorComponent == null) { + return null; + } if (supervisorComponent.equals(doComponent) || supervisorComponent.equals( poComponent)) { return supervisorComponent; From ea4bfb8276684c6fba1c2b3fd14822252a955038 Mon Sep 17 00:00:00 2001 From: Jackal Guo Date: Fri, 24 Dec 2021 11:47:47 +0800 Subject: [PATCH 10/21] [RESTRICT AUTOMERGE] Fix the inconsistency of protection level The value may be inconsistent between BasePermission.perm.protection- Level and BasePermission.getProtectionLevel() within the same object. Update the perm to fix the inconsistency. Bug: 209607944 Test: manually using the PoC on the buganizer to ensure the symptom no longer exists. Change-Id: I19d6135f98bee9392d85e56478c42e06cfea8ba5 (cherry picked from commit b5efdf729385cc54f225496d3ba20f1cb5b68250) Merged-In:I19d6135f98bee9392d85e56478c42e06cfea8ba5 --- .../java/com/android/server/pm/permission/BasePermission.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/core/java/com/android/server/pm/permission/BasePermission.java b/services/core/java/com/android/server/pm/permission/BasePermission.java index 0ba7e41f676d5..1dc933b0fd203 100644 --- a/services/core/java/com/android/server/pm/permission/BasePermission.java +++ b/services/core/java/com/android/server/pm/permission/BasePermission.java @@ -409,6 +409,8 @@ static BasePermission createOrUpdate(PackageManagerInternal packageManagerIntern } if (bp.perm != null && Objects.equals(bp.perm.getPackageName(), p.getPackageName()) && Objects.equals(bp.perm.getName(), p.getName())) { + bp.perm.setFlags(bp.perm.getFlags() & ~PermissionInfo.FLAG_INSTALLED); + bp.perm = p.setFlags(p.getFlags() | PermissionInfo.FLAG_INSTALLED); bp.protectionLevel = p.getProtectionLevel(); } if (bp.isRuntime() && (ownerChanged || wasNonRuntime)) { From 4465b0da725e594d07fae8c34e13e18ce738cc05 Mon Sep 17 00:00:00 2001 From: Julia Reynolds Date: Fri, 7 Jan 2022 16:28:52 -0500 Subject: [PATCH 11/21] Check group channels for FGSes Before allowing the group to be deleted, by updating the current check to the method that populates the channel list Test: NotificationManagerServiceTest Bug: 209965481 Change-Id: I9db781c300e96e9c80bd5d21585b8be9b4db08c8 Merged-In: I9db781c300e96e9c80bd5d21585b8be9b4db08c8 (cherry picked from commit 6456b622fd39115001478b6fad2f45f50b65f30a) Merged-In:I9db781c300e96e9c80bd5d21585b8be9b4db08c8 --- .../NotificationManagerService.java | 5 +- .../NotificationManagerServiceTest.java | 63 +++++++++++++++++-- 2 files changed, 62 insertions(+), 6 deletions(-) mode change 100755 => 100644 services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java index c30c06318ecb2..806c0118bc8d1 100755 --- a/services/core/java/com/android/server/notification/NotificationManagerService.java +++ b/services/core/java/com/android/server/notification/NotificationManagerService.java @@ -2504,7 +2504,7 @@ private void maybeNotifyChannelOwner(String pkg, int uid, NotificationChannel pr } } - private void createNotificationChannelGroup(String pkg, int uid, NotificationChannelGroup group, + void createNotificationChannelGroup(String pkg, int uid, NotificationChannelGroup group, boolean fromApp, boolean fromListener) { Objects.requireNonNull(group); Objects.requireNonNull(pkg); @@ -3537,7 +3537,8 @@ public void deleteNotificationChannelGroup(String pkg, String groupId) { final int callingUid = Binder.getCallingUid(); NotificationChannelGroup groupToDelete = - mPreferencesHelper.getNotificationChannelGroup(groupId, pkg, callingUid); + mPreferencesHelper.getNotificationChannelGroupWithChannels( + pkg, callingUid, groupId, false); if (groupToDelete != null) { // Preflight for allowability final int userId = UserHandle.getUserId(callingUid); diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java old mode 100755 new mode 100644 index 1a4cce466c668..c0ecbbadb695e --- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java +++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java @@ -179,6 +179,8 @@ import com.android.server.wm.ActivityTaskManagerInternal; import com.android.server.wm.WindowManagerInternal; +import com.google.common.collect.ImmutableList; + import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -202,6 +204,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import java.util.concurrent.CountDownLatch; import java.util.function.Consumer; @@ -245,6 +248,8 @@ public class NotificationManagerServiceTest extends UiServiceTestCase { @Mock Resources mResources; @Mock + ActivityManagerInternal mAmi; + @Mock RankingHandler mRankingHandler; @Mock protected PackageManagerInternal mPackageManagerInternal; @@ -418,7 +423,6 @@ public void setUp() throws Exception { DeviceIdleInternal deviceIdleInternal = mock(DeviceIdleInternal.class); when(deviceIdleInternal.getNotificationWhitelistDuration()).thenReturn(3000L); - ActivityManagerInternal activityManagerInternal = mock(ActivityManagerInternal.class); LocalServices.removeServiceForTest(UriGrantsManagerInternal.class); LocalServices.addService(UriGrantsManagerInternal.class, mUgmInternal); @@ -429,7 +433,7 @@ public void setUp() throws Exception { LocalServices.removeServiceForTest(DeviceIdleInternal.class); LocalServices.addService(DeviceIdleInternal.class, deviceIdleInternal); LocalServices.removeServiceForTest(ActivityManagerInternal.class); - LocalServices.addService(ActivityManagerInternal.class, activityManagerInternal); + LocalServices.addService(ActivityManagerInternal.class, mAmi); mContext.addMockSystemService(Context.ALARM_SERVICE, mAlarmManager); @@ -506,7 +510,7 @@ null, new ComponentName(PKG, "test_class"), mock(DevicePolicyManagerInternal.class), mUgm, mUgmInternal, mAppOpsManager, mUm, mHistoryManager, mStatsManager, mock(TelephonyManager.class), - mock(ActivityManagerInternal.class)); + mAmi); mService.onBootPhase(SystemService.PHASE_SYSTEM_SERVICES_READY); mService.setAudioManager(mAudioManager); @@ -2473,7 +2477,8 @@ public void testDeleteChannelGroupNotifyListener() throws Exception { .thenReturn(associations); NotificationChannelGroup ncg = new NotificationChannelGroup("a", "b/c"); mService.setPreferencesHelper(mPreferencesHelper); - when(mPreferencesHelper.getNotificationChannelGroup(eq(ncg.getId()), eq(PKG), anyInt())) + when(mPreferencesHelper.getNotificationChannelGroupWithChannels( + eq(PKG), anyInt(), eq(ncg.getId()), anyBoolean())) .thenReturn(ncg); reset(mListeners); mBinderService.deleteNotificationChannelGroup(PKG, ncg.getId()); @@ -2482,6 +2487,56 @@ public void testDeleteChannelGroupNotifyListener() throws Exception { eq(NotificationListenerService.NOTIFICATION_CHANNEL_OR_GROUP_DELETED)); } + @Test + public void testDeleteChannelGroupChecksForFgses() throws Exception { + List associations = new ArrayList<>(); + associations.add("a"); + when(mCompanionMgr.getAssociations(PKG, UserHandle.getUserId(mUid))) + .thenReturn(associations); + CountDownLatch latch = new CountDownLatch(2); + mService.createNotificationChannelGroup( + PKG, mUid, new NotificationChannelGroup("group", "group"), true, false); + new Thread(() -> { + NotificationChannel notificationChannel = new NotificationChannel("id", "id", + NotificationManager.IMPORTANCE_HIGH); + notificationChannel.setGroup("group"); + ParceledListSlice pls = + new ParceledListSlice(ImmutableList.of(notificationChannel)); + try { + mBinderService.createNotificationChannelsForPackage(PKG, mUid, pls); + } catch (RemoteException e) { + throw new RuntimeException(e); + } + latch.countDown(); + }).start(); + new Thread(() -> { + try { + synchronized (this) { + wait(5000); + } + mService.createNotificationChannelGroup(PKG, mUid, + new NotificationChannelGroup("new", "new group"), true, false); + NotificationChannel notificationChannel = + new NotificationChannel("id", "id", NotificationManager.IMPORTANCE_HIGH); + notificationChannel.setGroup("new"); + ParceledListSlice pls = + new ParceledListSlice(ImmutableList.of(notificationChannel)); + try { + mBinderService.createNotificationChannelsForPackage(PKG, mUid, pls); + mBinderService.deleteNotificationChannelGroup(PKG, "group"); + } catch (RemoteException e) { + throw new RuntimeException(e); + } + } catch (Exception e) { + e.printStackTrace(); + } + latch.countDown(); + }).start(); + + latch.await(); + verify(mAmi).hasForegroundServiceNotification(anyString(), anyInt(), anyString()); + } + @Test public void testUpdateNotificationChannelFromPrivilegedListener_success() throws Exception { mService.setPreferencesHelper(mPreferencesHelper); From dc7e2048508e4e468d2827825e136b9542084a3f Mon Sep 17 00:00:00 2001 From: Fabian Kozynski Date: Tue, 11 Jan 2022 11:58:59 -0500 Subject: [PATCH 12/21] Handle onNullBinding According to the docs, an onNullBinding requires the service to be manually unbound. Test: test apk that return null on onBind Test: atest ControlsProviderLifecycleManager Fixes: 212286849 Change-Id: I71a59b875bbf9eb411e6e92ddc5a04a7353a46c4 (cherry picked from commit d0e683b8f65ba43e596911324bbff2e4f9909303) Merged-In:I71a59b875bbf9eb411e6e92ddc5a04a7353a46c4 --- .../ControlsProviderLifecycleManager.kt | 6 +++ .../ControlsProviderLifecycleManagerTest.kt | 50 +++++++++++++++---- 2 files changed, 47 insertions(+), 9 deletions(-) diff --git a/packages/SystemUI/src/com/android/systemui/controls/controller/ControlsProviderLifecycleManager.kt b/packages/SystemUI/src/com/android/systemui/controls/controller/ControlsProviderLifecycleManager.kt index 977e46ac3b446..d2ded71487dcd 100644 --- a/packages/SystemUI/src/com/android/systemui/controls/controller/ControlsProviderLifecycleManager.kt +++ b/packages/SystemUI/src/com/android/systemui/controls/controller/ControlsProviderLifecycleManager.kt @@ -131,6 +131,12 @@ class ControlsProviderLifecycleManager( wrapper = null bindService(false) } + + override fun onNullBinding(name: ComponentName?) { + if (DEBUG) Log.d(TAG, "onNullBinding $name") + wrapper = null + context.unbindService(this) + } } private fun handlePendingServiceMethods() { diff --git a/packages/SystemUI/tests/src/com/android/systemui/controls/controller/ControlsProviderLifecycleManagerTest.kt b/packages/SystemUI/tests/src/com/android/systemui/controls/controller/ControlsProviderLifecycleManagerTest.kt index 2d3757c29ebf0..12096bc06748d 100644 --- a/packages/SystemUI/tests/src/com/android/systemui/controls/controller/ControlsProviderLifecycleManagerTest.kt +++ b/packages/SystemUI/tests/src/com/android/systemui/controls/controller/ControlsProviderLifecycleManagerTest.kt @@ -17,6 +17,9 @@ package com.android.systemui.controls.controller import android.content.ComponentName +import android.content.Context +import android.content.Intent +import android.content.ServiceConnection import android.os.UserHandle import android.service.controls.IControlsActionCallback import android.service.controls.IControlsProvider @@ -43,6 +46,8 @@ import org.mockito.ArgumentMatchers.eq import org.mockito.Captor import org.mockito.Mock import org.mockito.Mockito.`when` +import org.mockito.Mockito.anyInt +import org.mockito.Mockito.mock import org.mockito.Mockito.never import org.mockito.Mockito.verify import org.mockito.MockitoAnnotations @@ -57,8 +62,6 @@ class ControlsProviderLifecycleManagerTest : SysuiTestCase() { private lateinit var subscriberService: IControlsSubscriber.Stub @Mock private lateinit var service: IControlsProvider.Stub - @Mock - private lateinit var loadCallback: ControlsBindingController.LoadCallback @Captor private lateinit var wrapperCaptor: ArgumentCaptor @@ -75,7 +78,7 @@ class ControlsProviderLifecycleManagerTest : SysuiTestCase() { fun setUp() { MockitoAnnotations.initMocks(this) - mContext.addMockService(componentName, service) + context.addMockService(componentName, service) executor = FakeExecutor(FakeSystemClock()) `when`(service.asBinder()).thenCallRealMethod() `when`(service.queryLocalInterface(ArgumentMatchers.anyString())).thenReturn(service) @@ -98,7 +101,36 @@ class ControlsProviderLifecycleManagerTest : SysuiTestCase() { fun testBindService() { manager.bindService() executor.runAllReady() - assertTrue(mContext.isBound(componentName)) + assertTrue(context.isBound(componentName)) + } + + @Test + fun testNullBinding() { + val mockContext = mock(Context::class.java) + lateinit var serviceConnection: ServiceConnection + `when`(mockContext.bindServiceAsUser(any(), any(), anyInt(), any())).thenAnswer { + val component = (it.arguments[0] as Intent).component + if (component == componentName) { + serviceConnection = it.arguments[1] as ServiceConnection + serviceConnection.onNullBinding(component) + true + } else { + false + } + } + + val nullManager = ControlsProviderLifecycleManager( + mockContext, + executor, + actionCallbackService, + UserHandle.of(0), + componentName + ) + + nullManager.bindService() + executor.runAllReady() + + verify(mockContext).unbindService(serviceConnection) } @Test @@ -109,7 +141,7 @@ class ControlsProviderLifecycleManagerTest : SysuiTestCase() { manager.unbindService() executor.runAllReady() - assertFalse(mContext.isBound(componentName)) + assertFalse(context.isBound(componentName)) } @Test @@ -119,7 +151,7 @@ class ControlsProviderLifecycleManagerTest : SysuiTestCase() { verify(service).load(subscriberService) - assertTrue(mContext.isBound(componentName)) + assertTrue(context.isBound(componentName)) } @Test @@ -129,7 +161,7 @@ class ControlsProviderLifecycleManagerTest : SysuiTestCase() { manager.unbindService() executor.runAllReady() - assertFalse(mContext.isBound(componentName)) + assertFalse(context.isBound(componentName)) } @Test @@ -162,7 +194,7 @@ class ControlsProviderLifecycleManagerTest : SysuiTestCase() { manager.maybeBindAndSubscribe(list, subscriberService) executor.runAllReady() - assertTrue(mContext.isBound(componentName)) + assertTrue(context.isBound(componentName)) verify(service).subscribe(list, subscriberService) } @@ -173,7 +205,7 @@ class ControlsProviderLifecycleManagerTest : SysuiTestCase() { manager.maybeBindAndSendAction(controlId, action) executor.runAllReady() - assertTrue(mContext.isBound(componentName)) + assertTrue(context.isBound(componentName)) verify(service).action(eq(controlId), capture(wrapperCaptor), eq(actionCallbackService)) assertEquals(action, wrapperCaptor.getValue().getWrappedAction()) From fed84f2f065393afdcd016514e6ef2b539e41a22 Mon Sep 17 00:00:00 2001 From: Siarhei Vishniakou Date: Tue, 20 Jul 2021 16:17:58 -0700 Subject: [PATCH 13/21] Only allow trusted overlays to specify FLAG_SLIPPERY For all other requests, drop this flag. Test: atest FlagSlipperyTest Bug: 157929241 Change-Id: Ia30f1c38d5ddb351c90b748ea76448a76a9dde7b Merged-In: Ia30f1c38d5ddb351c90b748ea76448a76a9dde7b (cherry picked from commit 07e7aaff2957c103d1bcd51e6e9b1dbde29d87bd) Merged-In:Ia30f1c38d5ddb351c90b748ea76448a76a9dde7b --- .../com/android/server/wm/DisplayPolicy.java | 16 ++++++++++++++++ .../android/server/wm/WindowManagerService.java | 6 ++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/wm/DisplayPolicy.java b/services/core/java/com/android/server/wm/DisplayPolicy.java index 5a7cc9cc33ead..104834b7667d5 100644 --- a/services/core/java/com/android/server/wm/DisplayPolicy.java +++ b/services/core/java/com/android/server/wm/DisplayPolicy.java @@ -65,6 +65,7 @@ import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_IN_SCREEN; import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_NO_LIMITS; import static android.view.WindowManager.LayoutParams.FLAG_NOT_TOUCHABLE; +import static android.view.WindowManager.LayoutParams.FLAG_SLIPPERY; import static android.view.WindowManager.LayoutParams.FLAG_TRANSLUCENT_NAVIGATION; import static android.view.WindowManager.LayoutParams.FLAG_TRANSLUCENT_STATUS; import static android.view.WindowManager.LayoutParams.LAST_APPLICATION_WINDOW; @@ -873,6 +874,20 @@ private boolean hasStatusBarServicePermission(int pid, int uid) { == PackageManager.PERMISSION_GRANTED; } + /** + * Only trusted overlays are allowed to use FLAG_SLIPPERY. + */ + static int sanitizeFlagSlippery(int flags, int privateFlags, String name) { + if ((flags & FLAG_SLIPPERY) == 0) { + return flags; + } + if ((privateFlags & PRIVATE_FLAG_TRUSTED_OVERLAY) != 0) { + return flags; + } + Slog.w(TAG, "Removing FLAG_SLIPPERY for non-trusted overlay " + name); + return flags & ~FLAG_SLIPPERY; + } + /** * Sanitize the layout parameters coming from a client. Allows the policy * to do things like ensure that windows of a specific type can't take @@ -956,6 +971,7 @@ public void adjustWindowParamsLw(WindowState win, WindowManager.LayoutParams att } break; } + attrs.flags = sanitizeFlagSlippery(attrs.flags, attrs.privateFlags, win.getName()); // Check if alternate bars positions were updated. if (mStatusBarAlt == win) { diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index 6f6d77c935ce6..6788215ce30bc 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -56,6 +56,7 @@ import static android.view.WindowManager.LayoutParams.FLAG_SECURE; import static android.view.WindowManager.LayoutParams.FLAG_SHOW_WALLPAPER; import static android.view.WindowManager.LayoutParams.FLAG_SHOW_WHEN_LOCKED; +import static android.view.WindowManager.LayoutParams.FLAG_SLIPPERY; import static android.view.WindowManager.LayoutParams.INPUT_FEATURE_NO_INPUT_CHANNEL; import static android.view.WindowManager.LayoutParams.LAST_APPLICATION_WINDOW; import static android.view.WindowManager.LayoutParams.LAST_SUB_WINDOW; @@ -8087,8 +8088,9 @@ private void updateInputChannel(IBinder channelToken, int callingUid, int callin h.token = channelToken; h.name = name; - final int sanitizedFlags = flags & (LayoutParams.FLAG_NOT_TOUCHABLE - | LayoutParams.FLAG_SLIPPERY); + flags = DisplayPolicy.sanitizeFlagSlippery(flags, privateFlags, name); + + final int sanitizedFlags = flags & (LayoutParams.FLAG_NOT_TOUCHABLE | FLAG_SLIPPERY); h.layoutParamsFlags = WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL | sanitizedFlags; h.layoutParamsType = type; h.dispatchingTimeoutNanos = DEFAULT_INPUT_DISPATCHING_TIMEOUT_NANOS; From 9130e61561332039aa1e158bcc4d0013ca66fd84 Mon Sep 17 00:00:00 2001 From: Siarhei Vishniakou Date: Mon, 29 Nov 2021 09:07:25 -0800 Subject: [PATCH 14/21] Add ALLOW_SLIPPERY_TOUCHES permission This permission allows the app to use FLAG_SLIPPERY. This means, windows of the app that has this permission can let touches slip out when the finger moves out of the window bounds. Bug: 157929241 Bug: 206188649 Test: atest FlagSlipperyTest Change-Id: I9ccdfd298f32c36b9c4da68c2e9c355c97dc7593 Merged-In: I9ccdfd298f32c36b9c4da68c2e9c355c97dc7593 (cherry picked from commit cccf19150f5247e101417b2a4f3748813dd7058a) Merged-In:I9ccdfd298f32c36b9c4da68c2e9c355c97dc7593 --- core/res/AndroidManifest.xml | 4 ++++ packages/SystemUI/AndroidManifest.xml | 1 + .../com/android/server/wm/DisplayPolicy.java | 16 -------------- .../server/wm/WindowManagerService.java | 21 ++++++++++++++++++- 4 files changed, 25 insertions(+), 17 deletions(-) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 49793d3d08453..280cc1841620c 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -5074,6 +5074,10 @@ + + + diff --git a/services/core/java/com/android/server/wm/DisplayPolicy.java b/services/core/java/com/android/server/wm/DisplayPolicy.java index 104834b7667d5..5a7cc9cc33ead 100644 --- a/services/core/java/com/android/server/wm/DisplayPolicy.java +++ b/services/core/java/com/android/server/wm/DisplayPolicy.java @@ -65,7 +65,6 @@ import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_IN_SCREEN; import static android.view.WindowManager.LayoutParams.FLAG_LAYOUT_NO_LIMITS; import static android.view.WindowManager.LayoutParams.FLAG_NOT_TOUCHABLE; -import static android.view.WindowManager.LayoutParams.FLAG_SLIPPERY; import static android.view.WindowManager.LayoutParams.FLAG_TRANSLUCENT_NAVIGATION; import static android.view.WindowManager.LayoutParams.FLAG_TRANSLUCENT_STATUS; import static android.view.WindowManager.LayoutParams.LAST_APPLICATION_WINDOW; @@ -874,20 +873,6 @@ private boolean hasStatusBarServicePermission(int pid, int uid) { == PackageManager.PERMISSION_GRANTED; } - /** - * Only trusted overlays are allowed to use FLAG_SLIPPERY. - */ - static int sanitizeFlagSlippery(int flags, int privateFlags, String name) { - if ((flags & FLAG_SLIPPERY) == 0) { - return flags; - } - if ((privateFlags & PRIVATE_FLAG_TRUSTED_OVERLAY) != 0) { - return flags; - } - Slog.w(TAG, "Removing FLAG_SLIPPERY for non-trusted overlay " + name); - return flags & ~FLAG_SLIPPERY; - } - /** * Sanitize the layout parameters coming from a client. Allows the policy * to do things like ensure that windows of a specific type can't take @@ -971,7 +956,6 @@ public void adjustWindowParamsLw(WindowState win, WindowManager.LayoutParams att } break; } - attrs.flags = sanitizeFlagSlippery(attrs.flags, attrs.privateFlags, win.getName()); // Check if alternate bars positions were updated. if (mStatusBarAlt == win) { diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index 6788215ce30bc..a13a503374937 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -1571,6 +1571,7 @@ public int addWindow(Session session, IWindow client, int seq, final DisplayPolicy displayPolicy = displayContent.getDisplayPolicy(); displayPolicy.adjustWindowParamsLw(win, win.mAttrs, callingPid, callingUid); + attrs.flags = sanitizeFlagSlippery(attrs.flags, win.getName(), callingUid, callingPid); res = displayPolicy.validateAddingWindowLw(attrs, callingPid, callingUid); if (res != WindowManagerGlobal.ADD_OKAY) { @@ -2155,6 +2156,7 @@ public int relayoutWindow(Session session, IWindow client, int seq, LayoutParams if (attrs != null) { displayPolicy.adjustWindowParamsLw(win, attrs, pid, uid); win.mToken.adjustWindowParams(win, attrs); + attrs.flags = sanitizeFlagSlippery(attrs.flags, win.getName(), uid, pid); // if they don't have the permission, mask out the status bar bits if (seq == win.mSeq) { int systemUiVisibility = attrs.systemUiVisibility @@ -8051,6 +8053,23 @@ void handleTaskFocusChange(Task task) { } } + /** + * You need ALLOW_SLIPPERY_TOUCHES permission to be able to set FLAG_SLIPPERY. + */ + private int sanitizeFlagSlippery(int flags, String windowName, int callingUid, int callingPid) { + if ((flags & FLAG_SLIPPERY) == 0) { + return flags; + } + final int permissionResult = mContext.checkPermission( + android.Manifest.permission.ALLOW_SLIPPERY_TOUCHES, callingPid, callingUid); + if (permissionResult != PackageManager.PERMISSION_GRANTED) { + Slog.w(TAG, "Removing FLAG_SLIPPERY from '" + windowName + + "' because it doesn't have ALLOW_SLIPPERY_TOUCHES permission"); + return flags & ~FLAG_SLIPPERY; + } + return flags; + } + /** * Assigns an InputChannel to a SurfaceControl and configures it to receive * touch input according to it's on-screen geometry. @@ -8088,7 +8107,7 @@ private void updateInputChannel(IBinder channelToken, int callingUid, int callin h.token = channelToken; h.name = name; - flags = DisplayPolicy.sanitizeFlagSlippery(flags, privateFlags, name); + flags = sanitizeFlagSlippery(flags, name, callingUid, callingPid); final int sanitizedFlags = flags & (LayoutParams.FLAG_NOT_TOUCHABLE | FLAG_SLIPPERY); h.layoutParamsFlags = WindowManager.LayoutParams.FLAG_NOT_TOUCH_MODAL | sanitizedFlags; From 065077e45f9c8159c387ab006ea53421b072017f Mon Sep 17 00:00:00 2001 From: JW Wang Date: Mon, 3 Jan 2022 15:43:54 +0800 Subject: [PATCH 15/21] Don't abandon child sessions (1/n) It will throw if abandon() is called on a child session. Bug: 211944991 Bug: 67862680 Test: to be added Change-Id: Ib0ba9f3786dda2d3174f3ea8c65d1061a3fcb586 Merged-In: Ib0ba9f3786dda2d3174f3ea8c65d1061a3fcb586 (cherry picked from commit 8b67e7db79d15ab448ae8f00b40a4a350ab3d537) (cherry picked from commit c685f8b19adcec0dc49ffaa1e94d7caa4f9d05ba) Merged-In:Ib0ba9f3786dda2d3174f3ea8c65d1061a3fcb586 --- .../java/com/android/server/pm/PackageInstallerService.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/pm/PackageInstallerService.java b/services/core/java/com/android/server/pm/PackageInstallerService.java index beb4631e2e7da..013a86f96574f 100644 --- a/services/core/java/com/android/server/pm/PackageInstallerService.java +++ b/services/core/java/com/android/server/pm/PackageInstallerService.java @@ -349,7 +349,11 @@ public void freeStageDirs(String volumeUuid) { if (age >= MAX_SESSION_AGE_ON_LOW_STORAGE_MILLIS) { // Aggressively close old sessions because we are running low on storage // Their staging dirs will be removed too - session.abandon(); + PackageInstallerSession root = !session.hasParentSessionId() + ? session : mSessions.get(session.getParentSessionId()); + if (!root.isDestroyed()) { + root.abandon(); + } } else { // Session is new enough, so it deserves to be kept even on low storage unclaimedStagingDirsOnVolume.remove(session.stageDir); From 41021a8a6456d047413534c890401e90c04c22c3 Mon Sep 17 00:00:00 2001 From: InVictusXV Date: Fri, 11 Mar 2022 08:07:56 +0000 Subject: [PATCH 16/21] base: PixelPropsUtils: Update redfin fp to SP2A.220305.012 Signed-off-by: InVictusXV --- core/java/com/android/internal/util/nad/PixelPropsUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/java/com/android/internal/util/nad/PixelPropsUtils.java b/core/java/com/android/internal/util/nad/PixelPropsUtils.java index 3708aa2637d36..b484f583ce29c 100644 --- a/core/java/com/android/internal/util/nad/PixelPropsUtils.java +++ b/core/java/com/android/internal/util/nad/PixelPropsUtils.java @@ -66,7 +66,7 @@ public class PixelPropsUtils { propsToChange.put("DEVICE", "redfin"); propsToChange.put("PRODUCT", "redfin"); propsToChange.put("MODEL", "Pixel 5"); - propsToChange.put("FINGERPRINT", "google/redfin/redfin:12/SQ1A.220105.002/7961164:user/release-keys"); + propsToChange.put("FINGERPRINT", "google/redfin/redfin:12/SP2A.220305.012/8177914:user/release-keys"); propsToChangePixelXL = new HashMap<>(); propsToChangePixelXL.put("BRAND", "google"); propsToChangePixelXL.put("MANUFACTURER", "Google"); From 0a48d1b730e2393263a00d399f9dd0dfdc73cefe Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Tue, 5 Apr 2022 06:38:07 -0600 Subject: [PATCH 17/21] Revert "Revert "Revert "BG-FGS-start while-in-use permission restriction improve...""" Upstream change 5d30b7015879 ("BG-FGS-start while-in-use permission restriction improvement") properly fixes what we needed to work-around. This reverts commit b64352d7c66e93ddc2b448f556e265178309d730. Change-Id: I00b3ab4161dceddff015e4f5365cd777acfe2faa --- .../com/android/server/am/ActiveServices.java | 107 ++++-------------- .../server/am/ActivityManagerConstants.java | 20 ---- .../com/android/server/am/ServiceRecord.java | 6 - 3 files changed, 21 insertions(+), 112 deletions(-) diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java index 1cd7115f8edcd..e4dd8756fe62b 100644 --- a/services/core/java/com/android/server/am/ActiveServices.java +++ b/services/core/java/com/android/server/am/ActiveServices.java @@ -734,8 +734,11 @@ ComponentName startServiceLocked(IApplicationThread caller, Intent service, Stri } ComponentName cmp = startServiceInnerLocked(smap, service, r, callerFg, addToStarting); - setFgsRestrictionLocked(callingPackage, callingPid, callingUid, r, - allowBackgroundActivityStarts); + if (!r.mAllowWhileInUsePermissionInFgs) { + r.mAllowWhileInUsePermissionInFgs = + shouldAllowWhileInUsePermissionInFgsLocked(callingPackage, callingPid, + callingUid, service, r, allowBackgroundActivityStarts); + } return cmp; } @@ -1408,6 +1411,14 @@ private void setServiceForegroundInnerLocked(final ServiceRecord r, int id, + String.format("0x%08X", manifestType) + " in service element of manifest file"); } + // If the foreground service is not started from TOP process, do not allow it to + // have while-in-use location/camera/microphone access. + if (!r.mAllowWhileInUsePermissionInFgs) { + Slog.w(TAG, + "Foreground service started from background can not have " + + "location/camera/microphone access: service " + + r.shortInstanceName); + } } boolean alreadyStartedOp = false; boolean stopProcStatsOp = false; @@ -1455,57 +1466,6 @@ && appRestrictedAnyInBackground(r.appInfo.uid, r.packageName)) { ignoreForeground = true; } - if (!ignoreForeground) { - if (r.mStartForegroundCount == 0) { - /* - If the service was started with startService(), not - startForegroundService(), and if startForeground() isn't called within - mFgsStartForegroundTimeoutMs, then we check the state of the app - (who owns the service, which is the app that called startForeground()) - again. If the app is in the foreground, or in any other cases where - FGS-starts are allowed, then we still allow the FGS to be started. - Otherwise, startForeground() would fail. - - If the service was started with startForegroundService(), then the service - must call startForeground() within a timeout anyway, so we don't need this - check. - */ - if (!r.fgRequired) { - final long delayMs = SystemClock.elapsedRealtime() - r.createRealTime; - if (delayMs > mAm.mConstants.mFgsStartForegroundTimeoutMs) { - resetFgsRestrictionLocked(r); - setFgsRestrictionLocked(r.serviceInfo.packageName, r.app.pid, - r.appInfo.uid, r, false); - EventLog.writeEvent(0x534e4554, "183147114", - r.appInfo.uid, - "call setFgsRestrictionLocked again due to " - + "startForegroundTimeout"); - } - } - } else if (r.mStartForegroundCount >= 1) { - // The second or later time startForeground() is called after service is - // started. Check for app state again. - final long delayMs = SystemClock.elapsedRealtime() - - r.mLastSetFgsRestrictionTime; - if (delayMs > mAm.mConstants.mFgsStartForegroundTimeoutMs) { - resetFgsRestrictionLocked(r); - setFgsRestrictionLocked(r.serviceInfo.packageName, r.app.pid, - r.appInfo.uid, r, false); - EventLog.writeEvent(0x534e4554, "183147114", r.appInfo.uid, - "call setFgsRestrictionLocked for " - + (r.mStartForegroundCount + 1) + "th startForeground"); - } - } - // If the foreground service is not started from TOP process, do not allow it to - // have while-in-use location/camera/microphone access. - if (!r.mAllowWhileInUsePermissionInFgs) { - Slog.w(TAG, - "Foreground service started from background can not have " - + "location/camera/microphone access: service " - + r.shortInstanceName); - } - } - // Apps under strict background restrictions simply don't get to have foreground // services, so now that we've enforced the startForegroundService() contract // we only do the machinery of making the service foreground when the app @@ -1541,7 +1501,6 @@ must call startForeground() within a timeout anyway, so we don't need this active.mNumActive++; } r.isForeground = true; - r.mStartForegroundCount++; if (!stopProcStatsOp) { ServiceState stracker = r.getTracker(); if (stracker != null) { @@ -1600,7 +1559,6 @@ must call startForeground() within a timeout anyway, so we don't need this decActiveForegroundAppLocked(smap, r); } r.isForeground = false; - resetFgsRestrictionLocked(r); ServiceState stracker = r.getTracker(); if (stracker != null) { stracker.setForeground(false, mAm.mProcessStats.getMemFactorLocked(), @@ -2160,7 +2118,12 @@ public void run() { } } - setFgsRestrictionLocked(callingPackage, callingPid, callingUid, s, false); + if (!s.mAllowWhileInUsePermissionInFgs) { + s.mAllowWhileInUsePermissionInFgs = + shouldAllowWhileInUsePermissionInFgsLocked(callingPackage, + callingPid, callingUid, + service, s, false); + } if (s.app != null) { if ((flags&Context.BIND_TREAT_LIKE_ACTIVITY) != 0) { @@ -3456,7 +3419,7 @@ private final void bringDownServiceLocked(ServiceRecord r) { r.isForeground = false; r.foregroundId = 0; r.foregroundNoti = null; - resetFgsRestrictionLocked(r); + r.mAllowWhileInUsePermissionInFgs = false; // Clear start entries. r.clearDeliveredStartsLocked(); @@ -4937,7 +4900,7 @@ private void dumpService(String prefix, FileDescriptor fd, PrintWriter pw, * @return true if allow, false otherwise. */ private boolean shouldAllowWhileInUsePermissionInFgsLocked(String callingPackage, - int callingPid, int callingUid, ServiceRecord r, + int callingPid, int callingUid, Intent intent, ServiceRecord r, boolean allowBackgroundActivityStarts) { // Is the background FGS start restriction turned on? if (!mAm.mConstants.mFlagBackgroundFgsStartRestrictionEnabled) { @@ -5019,32 +4982,4 @@ private boolean shouldAllowWhileInUsePermissionInFgsLocked(String callingPackage } return false; } - - boolean canAllowWhileInUsePermissionInFgsLocked(int callingPid, int callingUid, - String callingPackage) { - return shouldAllowWhileInUsePermissionInFgsLocked( - callingPackage, callingPid, callingUid, null, false); - } - - /** - * In R, mAllowWhileInUsePermissionInFgs is to allow while-in-use permissions in foreground - * service or not. while-in-use permissions in FGS started from background might be restricted. - * @param callingPackage caller app's package name. - * @param callingUid caller app's uid. - * @param r the service to start. - * @return true if allow, false otherwise. - */ - private void setFgsRestrictionLocked(String callingPackage, - int callingPid, int callingUid, ServiceRecord r, - boolean allowBackgroundActivityStarts) { - r.mLastSetFgsRestrictionTime = SystemClock.elapsedRealtime(); - if (!r.mAllowWhileInUsePermissionInFgs) { - r.mAllowWhileInUsePermissionInFgs = shouldAllowWhileInUsePermissionInFgsLocked( - callingPackage, callingPid, callingUid, r, allowBackgroundActivityStarts); - } - } - - private void resetFgsRestrictionLocked(ServiceRecord r) { - r.mAllowWhileInUsePermissionInFgs = false; - } } diff --git a/services/core/java/com/android/server/am/ActivityManagerConstants.java b/services/core/java/com/android/server/am/ActivityManagerConstants.java index 44f3ace71ee9e..8c7a72adc7db0 100644 --- a/services/core/java/com/android/server/am/ActivityManagerConstants.java +++ b/services/core/java/com/android/server/am/ActivityManagerConstants.java @@ -88,7 +88,6 @@ final class ActivityManagerConstants extends ContentObserver { static final String KEY_PROCESS_START_ASYNC = "process_start_async"; static final String KEY_MEMORY_INFO_THROTTLE_TIME = "memory_info_throttle_time"; static final String KEY_TOP_TO_FGS_GRACE_DURATION = "top_to_fgs_grace_duration"; - static final String KEY_FGS_START_FOREGROUND_TIMEOUT = "fgs_start_foreground_timeout"; static final String KEY_PENDINGINTENT_WARNING_THRESHOLD = "pendingintent_warning_threshold"; private static final int DEFAULT_MAX_CACHED_PROCESSES = 32; @@ -122,7 +121,6 @@ final class ActivityManagerConstants extends ContentObserver { private static final boolean DEFAULT_PROCESS_START_ASYNC = true; private static final long DEFAULT_MEMORY_INFO_THROTTLE_TIME = 5*60*1000; private static final long DEFAULT_TOP_TO_FGS_GRACE_DURATION = 15 * 1000; - private static final int DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS = 10 * 1000; private static final int DEFAULT_PENDINGINTENT_WARNING_THRESHOLD = 2000; // Flag stored in the DeviceConfig API. @@ -275,12 +273,6 @@ final class ActivityManagerConstants extends ContentObserver { // this long. public long TOP_TO_FGS_GRACE_DURATION = DEFAULT_TOP_TO_FGS_GRACE_DURATION; - /** - * When service started from background, before the timeout it can be promoted to FGS by calling - * Service.startForeground(). - */ - volatile long mFgsStartForegroundTimeoutMs = DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS; - // Indicates whether the activity starts logging is enabled. // Controlled by Settings.Global.ACTIVITY_STARTS_LOGGING_ENABLED volatile boolean mFlagActivityStartsLoggingEnabled; @@ -429,9 +421,6 @@ public void onPropertiesChanged(Properties properties) { case KEY_MIN_ASSOC_LOG_DURATION: updateMinAssocLogDuration(); break; - case KEY_FGS_START_FOREGROUND_TIMEOUT: - updateFgsStartForegroundTimeout(); - break; default: break; } @@ -708,13 +697,6 @@ private void updateMinAssocLogDuration() { /* defaultValue */ DEFAULT_MIN_ASSOC_LOG_DURATION); } - private void updateFgsStartForegroundTimeout() { - mFgsStartForegroundTimeoutMs = DeviceConfig.getLong( - DeviceConfig.NAMESPACE_ACTIVITY_MANAGER, - KEY_FGS_START_FOREGROUND_TIMEOUT, - DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS); - } - void dump(PrintWriter pw) { pw.println("ACTIVITY MANAGER SETTINGS (dumpsys activity settings) " + Settings.Global.ACTIVITY_MANAGER_CONSTANTS + ":"); @@ -787,8 +769,6 @@ void dump(PrintWriter pw) { pw.println(Arrays.toString(IMPERCEPTIBLE_KILL_EXEMPT_PACKAGES.toArray())); pw.print(" "); pw.print(KEY_MIN_ASSOC_LOG_DURATION); pw.print("="); pw.println(MIN_ASSOC_LOG_DURATION); - pw.print(" "); pw.print(KEY_FGS_START_FOREGROUND_TIMEOUT); pw.print("="); - pw.println(mFgsStartForegroundTimeoutMs); pw.println(); if (mOverrideMaxCachedProcesses >= 0) { diff --git a/services/core/java/com/android/server/am/ServiceRecord.java b/services/core/java/com/android/server/am/ServiceRecord.java index 0e628289a09f2..1b65dbac2294f 100644 --- a/services/core/java/com/android/server/am/ServiceRecord.java +++ b/services/core/java/com/android/server/am/ServiceRecord.java @@ -142,10 +142,6 @@ final class ServiceRecord extends Binder implements ComponentName.WithComponentN // allow while-in-use permissions in foreground service or not. // while-in-use permissions in FGS started from background might be restricted. boolean mAllowWhileInUsePermissionInFgs; - // The number of times Service.startForeground() is called; - int mStartForegroundCount; - // Last time mAllowWhileInUsePermissionInFgs is set. - long mLastSetFgsRestrictionTime; // the most recent package that start/bind this service. String mRecentCallingPackage; @@ -410,8 +406,6 @@ void dump(PrintWriter pw, String prefix) { } pw.print(prefix); pw.print("allowWhileInUsePermissionInFgs="); pw.println(mAllowWhileInUsePermissionInFgs); - pw.print(prefix); pw.print("startForegroundCount="); - pw.println(mStartForegroundCount); pw.print(prefix); pw.print("recentCallingPackage="); pw.println(mRecentCallingPackage); if (delayed) { From d972ca633cdcba36bbce6bc35561ed97ebcd5a43 Mon Sep 17 00:00:00 2001 From: Julia Reynolds Date: Wed, 12 Jan 2022 15:08:29 -0500 Subject: [PATCH 18/21] Prevent apps from creating blocked channel groups setBlocked is a hidden API, so apps should not be calling the method, but fix up the data in case they do Test: PreferencesHelperTest; manual with ApiDemos FGS Bug: 209966086 Change-Id: Icc709a6b0d0a8c5f2d9243959992f1b6764354db Merged-In: I8a27853c7ed05d9dfd38a3142fbbe185946c3992 (cherry picked from commit c5b545329fad3da10a6640995f6110013ad8ff5a) Merged-In:Icc709a6b0d0a8c5f2d9243959992f1b6764354db --- .../server/notification/PreferencesHelper.java | 3 +++ .../notification/PreferencesHelperTest.java | 15 ++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/notification/PreferencesHelper.java b/services/core/java/com/android/server/notification/PreferencesHelper.java index 5f14e5146bd03..7a93edeaf664f 100644 --- a/services/core/java/com/android/server/notification/PreferencesHelper.java +++ b/services/core/java/com/android/server/notification/PreferencesHelper.java @@ -788,6 +788,9 @@ public void createNotificationChannelGroup(String pkg, int uid, NotificationChan if (r == null) { throw new IllegalArgumentException("Invalid package"); } + if (fromTargetApp) { + group.setBlocked(false); + } final NotificationChannelGroup oldGroup = r.groups.get(group.getId()); if (oldGroup != null) { group.setChannels(oldGroup.getChannels()); diff --git a/services/tests/uiservicestests/src/com/android/server/notification/PreferencesHelperTest.java b/services/tests/uiservicestests/src/com/android/server/notification/PreferencesHelperTest.java index 6aeb40dae20ba..06cfbea72a824 100644 --- a/services/tests/uiservicestests/src/com/android/server/notification/PreferencesHelperTest.java +++ b/services/tests/uiservicestests/src/com/android/server/notification/PreferencesHelperTest.java @@ -2132,6 +2132,19 @@ public void testIsGroupBlocked_blocked() throws Exception { assertTrue(mHelper.isGroupBlocked(PKG_N_MR1, UID_N_MR1, group.getId())); } + @Test + public void testIsGroupBlocked_appCannotCreateAsBlocked() throws Exception { + NotificationChannelGroup group = new NotificationChannelGroup("id", "name"); + group.setBlocked(true); + mHelper.createNotificationChannelGroup(PKG_N_MR1, UID_N_MR1, group, true); + assertFalse(mHelper.isGroupBlocked(PKG_N_MR1, UID_N_MR1, group.getId())); + + NotificationChannelGroup group3 = group.clone(); + group3.setBlocked(false); + mHelper.createNotificationChannelGroup(PKG_N_MR1, UID_N_MR1, group3, true); + assertFalse(mHelper.isGroupBlocked(PKG_N_MR1, UID_N_MR1, group.getId())); + } + @Test public void testIsGroup_appCannotResetBlock() throws Exception { NotificationChannelGroup group = new NotificationChannelGroup("id", "name"); @@ -3402,7 +3415,7 @@ public void testGetConversations_noConversations() { public void testGetConversations_noDisabledGroups() { NotificationChannelGroup group = new NotificationChannelGroup("a", "a"); group.setBlocked(true); - mHelper.createNotificationChannelGroup(PKG_O, UID_O, group, true); + mHelper.createNotificationChannelGroup(PKG_O, UID_O, group, false); NotificationChannel parent = new NotificationChannel("parent", "p", 1); mHelper.createNotificationChannel(PKG_O, UID_O, parent, true, false); From 13216163c216105adb04e9435526a9d1e44b2343 Mon Sep 17 00:00:00 2001 From: Joshua Duong Date: Wed, 22 Dec 2021 14:49:21 -0800 Subject: [PATCH 19/21] Restrict AdbManager broadcasts to apps with MANAGE_DEBUGGING permission. Bug: 205836329 Test: atest AdbDebuggingManagerTest Change-Id: If18a874c6d6232d9131f2cc3de3614ef67a58bbd (cherry picked from commit b139e9966102ba6fa1a4801214ea92e8afe376a6) (cherry picked from commit 398b752a440f7d60198f9267334445aba4f9d4eb) Merged-In:If18a874c6d6232d9131f2cc3de3614ef67a58bbd --- core/java/android/debug/AdbManager.java | 3 + .../server/adb/AdbDebuggingManager.java | 21 +++- .../com/android/server/adb/AdbService.java | 2 +- .../server/adb/AdbDebuggingManagerTest.java | 110 ++++++++++++++++++ 4 files changed, 129 insertions(+), 7 deletions(-) diff --git a/core/java/android/debug/AdbManager.java b/core/java/android/debug/AdbManager.java index 7714dd80f9100..243f801871850 100644 --- a/core/java/android/debug/AdbManager.java +++ b/core/java/android/debug/AdbManager.java @@ -38,6 +38,7 @@ public class AdbManager { * * @hide */ + @RequiresPermission(android.Manifest.permission.MANAGE_DEBUGGING) public static final String WIRELESS_DEBUG_STATE_CHANGED_ACTION = "com.android.server.adb.WIRELESS_DEBUG_STATUS"; @@ -46,6 +47,7 @@ public class AdbManager { * * @hide */ + @RequiresPermission(android.Manifest.permission.MANAGE_DEBUGGING) public static final String WIRELESS_DEBUG_PAIRED_DEVICES_ACTION = "com.android.server.adb.WIRELESS_DEBUG_PAIRED_DEVICES"; @@ -59,6 +61,7 @@ public class AdbManager { * * @hide */ + @RequiresPermission(android.Manifest.permission.MANAGE_DEBUGGING) public static final String WIRELESS_DEBUG_PAIRING_RESULT_ACTION = "com.android.server.adb.WIRELESS_DEBUG_PAIRING_RESULT"; diff --git a/services/core/java/com/android/server/adb/AdbDebuggingManager.java b/services/core/java/com/android/server/adb/AdbDebuggingManager.java index ed83a644cbfb2..95da946496e86 100644 --- a/services/core/java/com/android/server/adb/AdbDebuggingManager.java +++ b/services/core/java/com/android/server/adb/AdbDebuggingManager.java @@ -18,6 +18,7 @@ import static com.android.internal.util.dump.DumpUtils.writeStringIfNotNull; +import android.annotation.NonNull; import android.annotation.TestApi; import android.app.ActivityManager; import android.app.Notification; @@ -171,6 +172,12 @@ protected AdbDebuggingManager(Context context, String confirmComponent, File tes mAdbConnectionInfo = new AdbConnectionInfo(); } + static void sendBroadcastWithDebugPermission(@NonNull Context context, @NonNull Intent intent, + @NonNull UserHandle userHandle) { + context.sendBroadcastAsUser(intent, userHandle, + android.Manifest.permission.MANAGE_DEBUGGING); + } + class PairingThread extends Thread implements NsdManager.RegistrationListener { private NsdManager mNsdManager; private String mPublicKey; @@ -1279,7 +1286,7 @@ private void sendServerConnectionState(boolean connected, int port) { ? AdbManager.WIRELESS_STATUS_CONNECTED : AdbManager.WIRELESS_STATUS_DISCONNECTED); intent.putExtra(AdbManager.WIRELESS_DEBUG_PORT_EXTRA, port); - mContext.sendBroadcastAsUser(intent, UserHandle.ALL); + AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL); } private void onAdbdWifiServerConnected(int port) { @@ -1351,7 +1358,8 @@ private void onPairingResult(String publicKey) { if (publicKey == null) { Intent intent = new Intent(AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION); intent.putExtra(AdbManager.WIRELESS_STATUS_EXTRA, AdbManager.WIRELESS_STATUS_FAIL); - mContext.sendBroadcastAsUser(intent, UserHandle.ALL); + AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, + UserHandle.ALL); } else { Intent intent = new Intent(AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION); intent.putExtra(AdbManager.WIRELESS_STATUS_EXTRA, @@ -1364,7 +1372,8 @@ private void onPairingResult(String publicKey) { } PairDevice device = new PairDevice(fingerprints, hostname, false); intent.putExtra(AdbManager.WIRELESS_PAIR_DEVICE_EXTRA, device); - mContext.sendBroadcastAsUser(intent, UserHandle.ALL); + AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, + UserHandle.ALL); // Add the key into the keystore mAdbKeyStore.setLastConnectionTime(publicKey, System.currentTimeMillis()); @@ -1378,14 +1387,14 @@ private void sendPairingPortToUI(int port) { intent.putExtra(AdbManager.WIRELESS_STATUS_EXTRA, AdbManager.WIRELESS_STATUS_CONNECTED); intent.putExtra(AdbManager.WIRELESS_DEBUG_PORT_EXTRA, port); - mContext.sendBroadcastAsUser(intent, UserHandle.ALL); + AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL); } private void sendPairedDevicesToUI(Map devices) { Intent intent = new Intent(AdbManager.WIRELESS_DEBUG_PAIRED_DEVICES_ACTION); // Map is not serializable, so need to downcast intent.putExtra(AdbManager.WIRELESS_DEVICES_EXTRA, (HashMap) devices); - mContext.sendBroadcastAsUser(intent, UserHandle.ALL); + AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL); } private void updateUIPairCode(String code) { @@ -1395,7 +1404,7 @@ private void updateUIPairCode(String code) { intent.putExtra(AdbManager.WIRELESS_PAIRING_CODE_EXTRA, code); intent.putExtra(AdbManager.WIRELESS_STATUS_EXTRA, AdbManager.WIRELESS_STATUS_PAIRING_CODE); - mContext.sendBroadcastAsUser(intent, UserHandle.ALL); + AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL); } } diff --git a/services/core/java/com/android/server/adb/AdbService.java b/services/core/java/com/android/server/adb/AdbService.java index 29bb5428dd84b..5b16daa5e835e 100644 --- a/services/core/java/com/android/server/adb/AdbService.java +++ b/services/core/java/com/android/server/adb/AdbService.java @@ -431,7 +431,7 @@ private void broadcastPortInfo(int port) { ? AdbManager.WIRELESS_STATUS_CONNECTED : AdbManager.WIRELESS_STATUS_DISCONNECTED); intent.putExtra(AdbManager.WIRELESS_DEBUG_PORT_EXTRA, port); - mContext.sendBroadcastAsUser(intent, UserHandle.ALL); + AdbDebuggingManager.sendBroadcastWithDebugPermission(mContext, intent, UserHandle.ALL); Slog.i(TAG, "sent port broadcast port=" + port); } diff --git a/services/tests/servicestests/src/com/android/server/adb/AdbDebuggingManagerTest.java b/services/tests/servicestests/src/com/android/server/adb/AdbDebuggingManagerTest.java index cffff66b64f13..02cf971a80768 100644 --- a/services/tests/servicestests/src/com/android/server/adb/AdbDebuggingManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/adb/AdbDebuggingManagerTest.java @@ -23,7 +23,14 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import android.content.BroadcastReceiver; import android.content.Context; +import android.content.Intent; +import android.content.IntentFilter; +import android.content.pm.PackageManager; +import android.debug.AdbManager; +import android.debug.IAdbManager; +import android.os.ServiceManager; import android.provider.Settings; import android.util.Log; @@ -105,6 +112,7 @@ public void setUp() throws Exception { public void tearDown() throws Exception { mKeyStore.deleteKeyStore(); setAllowedConnectionTime(mOriginalAllowedConnectionTime); + dropShellPermissionIdentity(); } /** @@ -813,6 +821,108 @@ private boolean isValidMdnsServiceName(String name) { return hasAtLeastOneLetter; } + CountDownLatch mAdbActionLatch = new CountDownLatch(1); + private final BroadcastReceiver mReceiver = new BroadcastReceiver() { + @Override + public void onReceive(Context context, Intent intent) { + String action = intent.getAction(); + Log.i(TAG, "Received intent action=" + action); + if (AdbManager.WIRELESS_DEBUG_PAIRED_DEVICES_ACTION.equals(action)) { + assertEquals("Received broadcast without MANAGE_DEBUGGING permission.", + context.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING), + PackageManager.PERMISSION_GRANTED); + Log.i(TAG, "action=" + action + " paired_device=" + intent.getSerializableExtra( + AdbManager.WIRELESS_DEVICES_EXTRA).toString()); + mAdbActionLatch.countDown(); + } else if (AdbManager.WIRELESS_DEBUG_STATE_CHANGED_ACTION.equals(action)) { + assertEquals("Received broadcast without MANAGE_DEBUGGING permission.", + context.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING), + PackageManager.PERMISSION_GRANTED); + int status = intent.getIntExtra(AdbManager.WIRELESS_STATUS_EXTRA, + AdbManager.WIRELESS_STATUS_DISCONNECTED); + Log.i(TAG, "action=" + action + " status=" + status); + mAdbActionLatch.countDown(); + } else if (AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION.equals(action)) { + assertEquals("Received broadcast without MANAGE_DEBUGGING permission.", + context.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING), + PackageManager.PERMISSION_GRANTED); + Integer res = intent.getIntExtra( + AdbManager.WIRELESS_STATUS_EXTRA, + AdbManager.WIRELESS_STATUS_FAIL); + Log.i(TAG, "action=" + action + " result=" + res); + + if (res.equals(AdbManager.WIRELESS_STATUS_PAIRING_CODE)) { + String pairingCode = intent.getStringExtra( + AdbManager.WIRELESS_PAIRING_CODE_EXTRA); + Log.i(TAG, "pairingCode=" + pairingCode); + } else if (res.equals(AdbManager.WIRELESS_STATUS_CONNECTED)) { + int port = intent.getIntExtra(AdbManager.WIRELESS_DEBUG_PORT_EXTRA, 0); + Log.i(TAG, "port=" + port); + } + mAdbActionLatch.countDown(); + } + } + }; + + private void adoptShellPermissionIdentity() { + InstrumentationRegistry.getInstrumentation().getUiAutomation() + .adoptShellPermissionIdentity(android.Manifest.permission.MANAGE_DEBUGGING); + } + + private void dropShellPermissionIdentity() { + InstrumentationRegistry.getInstrumentation().getUiAutomation() + .dropShellPermissionIdentity(); + } + + @Test + public void testBroadcastReceiverWithPermissions() throws Exception { + adoptShellPermissionIdentity(); + final IAdbManager mAdbManager = IAdbManager.Stub.asInterface( + ServiceManager.getService(Context.ADB_SERVICE)); + IntentFilter intentFilter = + new IntentFilter(AdbManager.WIRELESS_DEBUG_PAIRED_DEVICES_ACTION); + intentFilter.addAction(AdbManager.WIRELESS_DEBUG_STATE_CHANGED_ACTION); + intentFilter.addAction(AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION); + assertEquals("Context does not have MANAGE_DEBUGGING permission.", + mContext.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING), + PackageManager.PERMISSION_GRANTED); + try { + mContext.registerReceiver(mReceiver, intentFilter); + mAdbManager.enablePairingByPairingCode(); + if (!mAdbActionLatch.await(TIMEOUT, TIMEOUT_TIME_UNIT)) { + fail("Receiver did not receive adb intent action within the timeout duration"); + } + } finally { + mContext.unregisterReceiver(mReceiver); + } + } + + @Test + public void testBroadcastReceiverWithoutPermissions() throws Exception { + adoptShellPermissionIdentity(); + final IAdbManager mAdbManager = IAdbManager.Stub.asInterface( + ServiceManager.getService(Context.ADB_SERVICE)); + IntentFilter intentFilter = + new IntentFilter(AdbManager.WIRELESS_DEBUG_PAIRED_DEVICES_ACTION); + intentFilter.addAction(AdbManager.WIRELESS_DEBUG_STATE_CHANGED_ACTION); + intentFilter.addAction(AdbManager.WIRELESS_DEBUG_PAIRING_RESULT_ACTION); + mAdbManager.enablePairingByPairingCode(); + + dropShellPermissionIdentity(); + assertEquals("Context has MANAGE_DEBUGGING permission.", + mContext.checkSelfPermission(android.Manifest.permission.MANAGE_DEBUGGING), + PackageManager.PERMISSION_DENIED); + try { + mContext.registerReceiver(mReceiver, intentFilter); + + if (mAdbActionLatch.await(TIMEOUT, TIMEOUT_TIME_UNIT)) { + fail("Broadcast receiver received adb action intent without debug permissions"); + } + } finally { + mContext.unregisterReceiver(mReceiver); + } + } + /** * Runs an adb test with the provided configuration. * From e39d90308208ed2ea6406dd5685e6bee5f775b3b Mon Sep 17 00:00:00 2001 From: Hui Yu Date: Mon, 7 Feb 2022 10:12:49 -0800 Subject: [PATCH 20/21] BG-FGS-start while-in-use permission restriction improvement. [This is a resbumit, previous fix ag/I0aca484e5a0dd051bbeac379d30b0fb4ecfa2da0 was reverted because the incorrect resetFgsRestrictionLocked() call] Foreground service started from background shall not have while-in-use access like location/camera/microphone. Previously we set mAllowWhileInUsePermissionInFgs only at service start by startService() or bindService() command. But after service start, the Service.startForeground() call may be some time later and at that time the caller may not be in the foreground any more. This CL will add further restriction on that. 1. If the first Service.startForeground() call is more than 10 seconds (can be configured by DeviceConfig key "fgs_start_foreground_timeout") after the Context.startService() call, check the service's app proc state and set mAllowWhileInUsePermissionInFgs again. 2. At Service.stopForeground() call, mAllowWhileInUsePermissionInFgs should be reset to false so FGS while-in-use permission is not allowed. 3. After Context.startForegroundService()(or Context.startService()) -> Service.startForeground() -> Service.stopForeground(), the second or more times Service.startForeground() is called, check the service's app proc state and set mAllowWhileInUsePermissionInFgs again. This CL is the backport of ag/Idc88f274c7a323d175d65bb47eca041772ae9bb7 from S branch. Bug: 183147114 Bug: 183204439 Test: atest cts/tests/app/src/android/app/cts/ActivityManagerFgsBgStartTest.java#testStartForegroundTimeout Test: atest cts/tests/app/src/android/app/cts/ActivityManagerFgsBgStartTest.java#testSecondStartForeground Change-Id: Ie8712b8efe85aa8a6769b811c85a29c4013e58b9 Merged-In: Idc88f274c7a323d175d65bb47eca041772ae9bb7 (cherry picked from commit d5abccff3c61b81aeb67d6fda10d9a27d3e326bd) Merged-In:Ie8712b8efe85aa8a6769b811c85a29c4013e58b9 --- .../com/android/server/am/ActiveServices.java | 107 ++++++++++++++---- .../server/am/ActivityManagerConstants.java | 20 ++++ .../com/android/server/am/ServiceRecord.java | 6 + 3 files changed, 112 insertions(+), 21 deletions(-) diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java index e4dd8756fe62b..aa38fd1e6fc45 100644 --- a/services/core/java/com/android/server/am/ActiveServices.java +++ b/services/core/java/com/android/server/am/ActiveServices.java @@ -734,11 +734,8 @@ ComponentName startServiceLocked(IApplicationThread caller, Intent service, Stri } ComponentName cmp = startServiceInnerLocked(smap, service, r, callerFg, addToStarting); - if (!r.mAllowWhileInUsePermissionInFgs) { - r.mAllowWhileInUsePermissionInFgs = - shouldAllowWhileInUsePermissionInFgsLocked(callingPackage, callingPid, - callingUid, service, r, allowBackgroundActivityStarts); - } + setFgsRestrictionLocked(callingPackage, callingPid, callingUid, r, + allowBackgroundActivityStarts); return cmp; } @@ -1411,14 +1408,6 @@ private void setServiceForegroundInnerLocked(final ServiceRecord r, int id, + String.format("0x%08X", manifestType) + " in service element of manifest file"); } - // If the foreground service is not started from TOP process, do not allow it to - // have while-in-use location/camera/microphone access. - if (!r.mAllowWhileInUsePermissionInFgs) { - Slog.w(TAG, - "Foreground service started from background can not have " - + "location/camera/microphone access: service " - + r.shortInstanceName); - } } boolean alreadyStartedOp = false; boolean stopProcStatsOp = false; @@ -1466,6 +1455,56 @@ && appRestrictedAnyInBackground(r.appInfo.uid, r.packageName)) { ignoreForeground = true; } + if (!ignoreForeground) { + if (r.mStartForegroundCount == 0) { + /* + If the service was started with startService(), not + startForegroundService(), and if startForeground() isn't called within + mFgsStartForegroundTimeoutMs, then we check the state of the app + (who owns the service, which is the app that called startForeground()) + again. If the app is in the foreground, or in any other cases where + FGS-starts are allowed, then we still allow the FGS to be started. + Otherwise, startForeground() would fail. + + If the service was started with startForegroundService(), then the service + must call startForeground() within a timeout anyway, so we don't need this + check. + */ + if (!r.fgRequired) { + final long delayMs = SystemClock.elapsedRealtime() - r.createRealTime; + if (delayMs > mAm.mConstants.mFgsStartForegroundTimeoutMs) { + resetFgsRestrictionLocked(r); + setFgsRestrictionLocked(r.serviceInfo.packageName, r.app.pid, + r.appInfo.uid, r, false); + EventLog.writeEvent(0x534e4554, "183147114", + r.appInfo.uid, + "call setFgsRestrictionLocked again due to " + + "startForegroundTimeout"); + } + } + } else if (r.mStartForegroundCount >= 1) { + // The second or later time startForeground() is called after service is + // started. Check for app state again. + final long delayMs = SystemClock.elapsedRealtime() - + r.mLastSetFgsRestrictionTime; + if (delayMs > mAm.mConstants.mFgsStartForegroundTimeoutMs) { + setFgsRestrictionLocked(r.serviceInfo.packageName, r.app.pid, + r.appInfo.uid, r, false); + EventLog.writeEvent(0x534e4554, "183147114", r.appInfo.uid, + "call setFgsRestrictionLocked for " + + (r.mStartForegroundCount + 1) + "th startForeground"); + } + } + // If the foreground service is not started from TOP process, do not allow it to + // have while-in-use location/camera/microphone access. + if (!r.mAllowWhileInUsePermissionInFgs) { + Slog.w(TAG, + "Foreground service started from background can not have " + + "location/camera/microphone access: service " + + r.shortInstanceName); + } + } + // Apps under strict background restrictions simply don't get to have foreground // services, so now that we've enforced the startForegroundService() contract // we only do the machinery of making the service foreground when the app @@ -1501,6 +1540,7 @@ && appRestrictedAnyInBackground(r.appInfo.uid, r.packageName)) { active.mNumActive++; } r.isForeground = true; + r.mStartForegroundCount++; if (!stopProcStatsOp) { ServiceState stracker = r.getTracker(); if (stracker != null) { @@ -1559,6 +1599,7 @@ && appRestrictedAnyInBackground(r.appInfo.uid, r.packageName)) { decActiveForegroundAppLocked(smap, r); } r.isForeground = false; + resetFgsRestrictionLocked(r); ServiceState stracker = r.getTracker(); if (stracker != null) { stracker.setForeground(false, mAm.mProcessStats.getMemFactorLocked(), @@ -2118,12 +2159,7 @@ public void run() { } } - if (!s.mAllowWhileInUsePermissionInFgs) { - s.mAllowWhileInUsePermissionInFgs = - shouldAllowWhileInUsePermissionInFgsLocked(callingPackage, - callingPid, callingUid, - service, s, false); - } + setFgsRestrictionLocked(callingPackage, callingPid, callingUid, s, false); if (s.app != null) { if ((flags&Context.BIND_TREAT_LIKE_ACTIVITY) != 0) { @@ -3419,7 +3455,7 @@ private final void bringDownServiceLocked(ServiceRecord r) { r.isForeground = false; r.foregroundId = 0; r.foregroundNoti = null; - r.mAllowWhileInUsePermissionInFgs = false; + resetFgsRestrictionLocked(r); // Clear start entries. r.clearDeliveredStartsLocked(); @@ -4900,7 +4936,7 @@ private void dumpService(String prefix, FileDescriptor fd, PrintWriter pw, * @return true if allow, false otherwise. */ private boolean shouldAllowWhileInUsePermissionInFgsLocked(String callingPackage, - int callingPid, int callingUid, Intent intent, ServiceRecord r, + int callingPid, int callingUid, ServiceRecord r, boolean allowBackgroundActivityStarts) { // Is the background FGS start restriction turned on? if (!mAm.mConstants.mFlagBackgroundFgsStartRestrictionEnabled) { @@ -4982,4 +5018,33 @@ private boolean shouldAllowWhileInUsePermissionInFgsLocked(String callingPackage } return false; } + + boolean canAllowWhileInUsePermissionInFgsLocked(int callingPid, int callingUid, + String callingPackage) { + return shouldAllowWhileInUsePermissionInFgsLocked( + callingPackage, callingPid, callingUid, null, false); + } + + /** + * In R, mAllowWhileInUsePermissionInFgs is to allow while-in-use permissions in foreground + * service or not. while-in-use permissions in FGS started from background might be restricted. + * @param callingPackage caller app's package name. + * @param callingUid caller app's uid. + * @param r the service to start. + * @return true if allow, false otherwise. + */ + private void setFgsRestrictionLocked(String callingPackage, + int callingPid, int callingUid, ServiceRecord r, + boolean allowBackgroundActivityStarts) { + r.mLastSetFgsRestrictionTime = SystemClock.elapsedRealtime(); + if (!r.mAllowWhileInUsePermissionInFgs) { + r.mAllowWhileInUsePermissionInFgs = shouldAllowWhileInUsePermissionInFgsLocked( + callingPackage, callingPid, callingUid, r, allowBackgroundActivityStarts); + } + } + + private void resetFgsRestrictionLocked(ServiceRecord r) { + r.mAllowWhileInUsePermissionInFgs = false; + r.mLastSetFgsRestrictionTime = 0; + } } diff --git a/services/core/java/com/android/server/am/ActivityManagerConstants.java b/services/core/java/com/android/server/am/ActivityManagerConstants.java index 8c7a72adc7db0..44f3ace71ee9e 100644 --- a/services/core/java/com/android/server/am/ActivityManagerConstants.java +++ b/services/core/java/com/android/server/am/ActivityManagerConstants.java @@ -88,6 +88,7 @@ final class ActivityManagerConstants extends ContentObserver { static final String KEY_PROCESS_START_ASYNC = "process_start_async"; static final String KEY_MEMORY_INFO_THROTTLE_TIME = "memory_info_throttle_time"; static final String KEY_TOP_TO_FGS_GRACE_DURATION = "top_to_fgs_grace_duration"; + static final String KEY_FGS_START_FOREGROUND_TIMEOUT = "fgs_start_foreground_timeout"; static final String KEY_PENDINGINTENT_WARNING_THRESHOLD = "pendingintent_warning_threshold"; private static final int DEFAULT_MAX_CACHED_PROCESSES = 32; @@ -121,6 +122,7 @@ final class ActivityManagerConstants extends ContentObserver { private static final boolean DEFAULT_PROCESS_START_ASYNC = true; private static final long DEFAULT_MEMORY_INFO_THROTTLE_TIME = 5*60*1000; private static final long DEFAULT_TOP_TO_FGS_GRACE_DURATION = 15 * 1000; + private static final int DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS = 10 * 1000; private static final int DEFAULT_PENDINGINTENT_WARNING_THRESHOLD = 2000; // Flag stored in the DeviceConfig API. @@ -273,6 +275,12 @@ final class ActivityManagerConstants extends ContentObserver { // this long. public long TOP_TO_FGS_GRACE_DURATION = DEFAULT_TOP_TO_FGS_GRACE_DURATION; + /** + * When service started from background, before the timeout it can be promoted to FGS by calling + * Service.startForeground(). + */ + volatile long mFgsStartForegroundTimeoutMs = DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS; + // Indicates whether the activity starts logging is enabled. // Controlled by Settings.Global.ACTIVITY_STARTS_LOGGING_ENABLED volatile boolean mFlagActivityStartsLoggingEnabled; @@ -421,6 +429,9 @@ public void onPropertiesChanged(Properties properties) { case KEY_MIN_ASSOC_LOG_DURATION: updateMinAssocLogDuration(); break; + case KEY_FGS_START_FOREGROUND_TIMEOUT: + updateFgsStartForegroundTimeout(); + break; default: break; } @@ -697,6 +708,13 @@ private void updateMinAssocLogDuration() { /* defaultValue */ DEFAULT_MIN_ASSOC_LOG_DURATION); } + private void updateFgsStartForegroundTimeout() { + mFgsStartForegroundTimeoutMs = DeviceConfig.getLong( + DeviceConfig.NAMESPACE_ACTIVITY_MANAGER, + KEY_FGS_START_FOREGROUND_TIMEOUT, + DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS); + } + void dump(PrintWriter pw) { pw.println("ACTIVITY MANAGER SETTINGS (dumpsys activity settings) " + Settings.Global.ACTIVITY_MANAGER_CONSTANTS + ":"); @@ -769,6 +787,8 @@ void dump(PrintWriter pw) { pw.println(Arrays.toString(IMPERCEPTIBLE_KILL_EXEMPT_PACKAGES.toArray())); pw.print(" "); pw.print(KEY_MIN_ASSOC_LOG_DURATION); pw.print("="); pw.println(MIN_ASSOC_LOG_DURATION); + pw.print(" "); pw.print(KEY_FGS_START_FOREGROUND_TIMEOUT); pw.print("="); + pw.println(mFgsStartForegroundTimeoutMs); pw.println(); if (mOverrideMaxCachedProcesses >= 0) { diff --git a/services/core/java/com/android/server/am/ServiceRecord.java b/services/core/java/com/android/server/am/ServiceRecord.java index 1b65dbac2294f..0e628289a09f2 100644 --- a/services/core/java/com/android/server/am/ServiceRecord.java +++ b/services/core/java/com/android/server/am/ServiceRecord.java @@ -142,6 +142,10 @@ final class ServiceRecord extends Binder implements ComponentName.WithComponentN // allow while-in-use permissions in foreground service or not. // while-in-use permissions in FGS started from background might be restricted. boolean mAllowWhileInUsePermissionInFgs; + // The number of times Service.startForeground() is called; + int mStartForegroundCount; + // Last time mAllowWhileInUsePermissionInFgs is set. + long mLastSetFgsRestrictionTime; // the most recent package that start/bind this service. String mRecentCallingPackage; @@ -406,6 +410,8 @@ void dump(PrintWriter pw, String prefix) { } pw.print(prefix); pw.print("allowWhileInUsePermissionInFgs="); pw.println(mAllowWhileInUsePermissionInFgs); + pw.print(prefix); pw.print("startForegroundCount="); + pw.println(mStartForegroundCount); pw.print(prefix); pw.print("recentCallingPackage="); pw.println(mRecentCallingPackage); if (delayed) { From 53b9ff269861286323a2f6c3f0a59815af5dcfa5 Mon Sep 17 00:00:00 2001 From: Jeff Chang Date: Tue, 18 Jan 2022 18:29:52 +0800 Subject: [PATCH 21/21] [RESTRICT AUTOMERGE] Add hide-non-system-overlay flag for HarmfulAppWarningActivity A malicious application could overlay the activity. The overlay is able to be tapped through, which can trick the user into starting a harmful activity. The CL added the flag SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS for the activity to prevent the tapjacking/overlay attack. Bug: 205595291 Test: atest CtsHarmfulAppWarningHostTestCases Change-Id: Ia1a1ae0dc451e04bf5c31e3cb8cf30a0d8e32991 (cherry picked from commit a04b3666b8619e09e08646c6d5c529d016cbfb47) (cherry picked from commit 2c87a8a7cec276a9e4cf88e0ae410fd43ffb0b38) Merged-In:Ia1a1ae0dc451e04bf5c31e3cb8cf30a0d8e32991 --- .../com/android/internal/app/HarmfulAppWarningActivity.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/core/java/com/android/internal/app/HarmfulAppWarningActivity.java b/core/java/com/android/internal/app/HarmfulAppWarningActivity.java index ce2d229d41b32..33209e1101234 100644 --- a/core/java/com/android/internal/app/HarmfulAppWarningActivity.java +++ b/core/java/com/android/internal/app/HarmfulAppWarningActivity.java @@ -16,6 +16,8 @@ package com.android.internal.app; +import static android.view.WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS; + import android.content.Context; import android.content.DialogInterface; import android.content.Intent; @@ -27,6 +29,7 @@ import android.util.Log; import android.view.View; import android.widget.TextView; + import com.android.internal.R; /** @@ -48,6 +51,7 @@ public class HarmfulAppWarningActivity extends AlertActivity implements protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + getWindow().addSystemFlags(SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS); final Intent intent = getIntent(); mPackageName = intent.getStringExtra(Intent.EXTRA_PACKAGE_NAME); mTarget = intent.getParcelableExtra(Intent.EXTRA_INTENT);