Merge "BG-FGS-start while-in-use permission restriction improvement." into rvc-dev am: e51f884f

        }

        ComponentName cmp = startServiceInnerLocked(smap, service, r, callerFg, addToStarting);

        if (!r.mAllowWhileInUsePermissionInFgs) {

            r.mAllowWhileInUsePermissionInFgs =

                    shouldAllowWhileInUsePermissionInFgsLocked(callingPackage, callingPid,

                            callingUid, service, r, allowBackgroundActivityStarts);

        }

        setFgsRestrictionLocked(callingPackage, callingPid, callingUid, r,

                allowBackgroundActivityStarts);

        return cmp;

    }

                        +  String.format("0x%08X", manifestType)

                        + " in service element of manifest file");

                }

                // If the foreground service is not started from TOP process, do not allow it to

                // have while-in-use location/camera/microphone access.

                if (!r.mAllowWhileInUsePermissionInFgs) {

                    Slog.w(TAG,

                            "Foreground service started from background can not have "

                                    + "location/camera/microphone access: service "

                                    + r.shortInstanceName);

                }

            }

            boolean alreadyStartedOp = false;

            boolean stopProcStatsOp = false;

                    ignoreForeground = true;

                }

                if (!ignoreForeground) {

                    if (r.mStartForegroundCount == 0) {

                        /*

                        If the service was started with startService(), not

                        startForegroundService(), and if startForeground() isn't called within

                        mFgsStartForegroundTimeoutMs, then we check the state of the app

                        (who owns the service, which is the app that called startForeground())

                        again. If the app is in the foreground, or in any other cases where

                        FGS-starts are allowed, then we still allow the FGS to be started.

                        Otherwise, startForeground() would fail.

                        If the service was started with startForegroundService(), then the service

                        must call startForeground() within a timeout anyway, so we don't need this

                        check.

                        */

                        if (!r.fgRequired) {

                            final long delayMs = SystemClock.elapsedRealtime() - r.createRealTime;

                            if (delayMs > mAm.mConstants.mFgsStartForegroundTimeoutMs) {

                                resetFgsRestrictionLocked(r);

                                setFgsRestrictionLocked(r.serviceInfo.packageName, r.app.pid,

                                        r.appInfo.uid, r, false);

                                EventLog.writeEvent(0x534e4554, "183147114",

                                        r.appInfo.uid,

                                        "call setFgsRestrictionLocked again due to "

                                                + "startForegroundTimeout");

                            }

                        }

                    } else if (r.mStartForegroundCount >= 1) {

                        // The second or later time startForeground() is called after service is

                        // started. Check for app state again.

                        final long delayMs = SystemClock.elapsedRealtime() -

                                r.mLastSetFgsRestrictionTime;

                        if (delayMs > mAm.mConstants.mFgsStartForegroundTimeoutMs) {

                            resetFgsRestrictionLocked(r);

                            setFgsRestrictionLocked(r.serviceInfo.packageName, r.app.pid,

                                    r.appInfo.uid, r, false);

                            EventLog.writeEvent(0x534e4554, "183147114", r.appInfo.uid,

                                    "call setFgsRestrictionLocked for "

                                            + (r.mStartForegroundCount + 1) + "th startForeground");

                        }

                    }

                    // If the foreground service is not started from TOP process, do not allow it to

                    // have while-in-use location/camera/microphone access.

                    if (!r.mAllowWhileInUsePermissionInFgs) {

                        Slog.w(TAG,

                                "Foreground service started from background can not have "

                                        + "location/camera/microphone access: service "

                                        + r.shortInstanceName);

                    }

                }

                // Apps under strict background restrictions simply don't get to have foreground

                // services, so now that we've enforced the startForegroundService() contract

                // we only do the machinery of making the service foreground when the app

                            active.mNumActive++;

                        }

                        r.isForeground = true;

                        r.mStartForegroundCount++;

                        if (!stopProcStatsOp) {

                            ServiceState stracker = r.getTracker();

                            if (stracker != null) {

                    decActiveForegroundAppLocked(smap, r);

                }

                r.isForeground = false;

                resetFgsRestrictionLocked(r);

                ServiceState stracker = r.getTracker();

                if (stracker != null) {

                    stracker.setForeground(false, mAm.mProcessStats.getMemFactorLocked(),

                }

            }

            if (!s.mAllowWhileInUsePermissionInFgs) {

                s.mAllowWhileInUsePermissionInFgs =

                        shouldAllowWhileInUsePermissionInFgsLocked(callingPackage,

                                callingPid, callingUid,

                                service, s, false);

            }

            setFgsRestrictionLocked(callingPackage, callingPid, callingUid, s, false);

            if (s.app != null) {

                if ((flags&Context.BIND_TREAT_LIKE_ACTIVITY) != 0) {

        r.isForeground = false;

        r.foregroundId = 0;

        r.foregroundNoti = null;

        r.mAllowWhileInUsePermissionInFgs = false;

        resetFgsRestrictionLocked(r);

        // Clear start entries.

        r.clearDeliveredStartsLocked();

     * @return true if allow, false otherwise.

     */

    private boolean shouldAllowWhileInUsePermissionInFgsLocked(String callingPackage,

            int callingPid, int callingUid, Intent intent, ServiceRecord r,

            int callingPid, int callingUid, ServiceRecord r,

            boolean allowBackgroundActivityStarts) {

        // Is the background FGS start restriction turned on?

        if (!mAm.mConstants.mFlagBackgroundFgsStartRestrictionEnabled) {

        }

        return false;

    }

    boolean canAllowWhileInUsePermissionInFgsLocked(int callingPid, int callingUid,

            String callingPackage) {

        return shouldAllowWhileInUsePermissionInFgsLocked(

                callingPackage, callingPid, callingUid, null, false);

    }

    /**

     * In R, mAllowWhileInUsePermissionInFgs is to allow while-in-use permissions in foreground

     *  service or not. while-in-use permissions in FGS started from background might be restricted.

     * @param callingPackage caller app's package name.

     * @param callingUid caller app's uid.

     * @param r the service to start.

     * @return true if allow, false otherwise.

     */

    private void setFgsRestrictionLocked(String callingPackage,

            int callingPid, int callingUid, ServiceRecord r,

            boolean allowBackgroundActivityStarts) {

        r.mLastSetFgsRestrictionTime = SystemClock.elapsedRealtime();

        if (!r.mAllowWhileInUsePermissionInFgs) {

            r.mAllowWhileInUsePermissionInFgs = shouldAllowWhileInUsePermissionInFgsLocked(

                    callingPackage, callingPid, callingUid, r, allowBackgroundActivityStarts);

        }

    }

    private void resetFgsRestrictionLocked(ServiceRecord r) {

        r.mAllowWhileInUsePermissionInFgs = false;

    }

}

    static final String KEY_PROCESS_START_ASYNC = "process_start_async";

    static final String KEY_MEMORY_INFO_THROTTLE_TIME = "memory_info_throttle_time";

    static final String KEY_TOP_TO_FGS_GRACE_DURATION = "top_to_fgs_grace_duration";

    static final String KEY_FGS_START_FOREGROUND_TIMEOUT = "fgs_start_foreground_timeout";

    static final String KEY_PENDINGINTENT_WARNING_THRESHOLD = "pendingintent_warning_threshold";

    private static final int DEFAULT_MAX_CACHED_PROCESSES = 32;

    private static final boolean DEFAULT_PROCESS_START_ASYNC = true;

    private static final long DEFAULT_MEMORY_INFO_THROTTLE_TIME = 5*60*1000;

    private static final long DEFAULT_TOP_TO_FGS_GRACE_DURATION = 15 * 1000;

    private static final int DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS = 10 * 1000;

    private static final int DEFAULT_PENDINGINTENT_WARNING_THRESHOLD = 2000;

    // Flag stored in the DeviceConfig API.

    // this long.

    public long TOP_TO_FGS_GRACE_DURATION = DEFAULT_TOP_TO_FGS_GRACE_DURATION;

    /**

     * When service started from background, before the timeout it can be promoted to FGS by calling

     * Service.startForeground().

     */

    volatile long mFgsStartForegroundTimeoutMs = DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS;

    // Indicates whether the activity starts logging is enabled.

    // Controlled by Settings.Global.ACTIVITY_STARTS_LOGGING_ENABLED

    volatile boolean mFlagActivityStartsLoggingEnabled;

                            case KEY_MIN_ASSOC_LOG_DURATION:

                                updateMinAssocLogDuration();

                                break;

                            case KEY_FGS_START_FOREGROUND_TIMEOUT:

                                updateFgsStartForegroundTimeout();

                                break;

                            default:

                                break;

                        }

                /* defaultValue */ DEFAULT_MIN_ASSOC_LOG_DURATION);

    }

    private void updateFgsStartForegroundTimeout() {

        mFgsStartForegroundTimeoutMs = DeviceConfig.getLong(

                DeviceConfig.NAMESPACE_ACTIVITY_MANAGER,

                KEY_FGS_START_FOREGROUND_TIMEOUT,

                DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS);

    }

    void dump(PrintWriter pw) {

        pw.println("ACTIVITY MANAGER SETTINGS (dumpsys activity settings) "

                + Settings.Global.ACTIVITY_MANAGER_CONSTANTS + ":");

        pw.println(Arrays.toString(IMPERCEPTIBLE_KILL_EXEMPT_PACKAGES.toArray()));

        pw.print("  "); pw.print(KEY_MIN_ASSOC_LOG_DURATION); pw.print("=");

        pw.println(MIN_ASSOC_LOG_DURATION);

        pw.print("  "); pw.print(KEY_FGS_START_FOREGROUND_TIMEOUT); pw.print("=");

        pw.println(mFgsStartForegroundTimeoutMs);

        pw.println();

        if (mOverrideMaxCachedProcesses >= 0) {

    // allow while-in-use permissions in foreground service or not.

    // while-in-use permissions in FGS started from background might be restricted.

    boolean mAllowWhileInUsePermissionInFgs;

    // The number of times Service.startForeground() is called;

    int mStartForegroundCount;

    // Last time mAllowWhileInUsePermissionInFgs is set.

    long mLastSetFgsRestrictionTime;

    // the most recent package that start/bind this service.

    String mRecentCallingPackage;

        }

        pw.print(prefix); pw.print("allowWhileInUsePermissionInFgs=");

                pw.println(mAllowWhileInUsePermissionInFgs);

        pw.print(prefix); pw.print("startForegroundCount=");

        pw.println(mStartForegroundCount);

        pw.print(prefix); pw.print("recentCallingPackage=");

                pw.println(mRecentCallingPackage);

        if (delayed) {