Merge tag 'android-security-10.0.0_r56' into staging/lineage-17.1_merge_android-security-10.0.0_r56

            final PendingIntent pi = PendingIntent.getBroadcast(getContext(),

                    REQUEST_CODE_TIMEOUT,

                    new Intent(ACTION_NOTIFICATION_TIMEOUT)

                            .setPackage(PackageManagerService.PLATFORM_PACKAGE_NAME)

                            .setData(new Uri.Builder().scheme(SCHEME_TIMEOUT)

                                    .appendPath(record.getKey()).build())

                            .addFlags(Intent.FLAG_RECEIVER_FOREGROUND)

        }

        final int callingUid = Binder.getCallingUid();

        final int userId = UserHandle.getUserId(newPackage.applicationInfo.uid);

        for (int userId: mUserManagerInt.getUserIds()) {

            int numRequestedPermissions = newPackage.requestedPermissions.size();

            for (int i = 0; i < numRequestedPermissions; i++) {

                PermissionInfo permInfo = getPermissionInfo(newPackage.requestedPermissions.get(i),

                                + downgradedSdk + " or newly requested legacy full storage "

                                + newlyRequestsLegacy);

                try {

                    revokeRuntimePermission(permInfo.name, newPackage.packageName,

                            false, userId, permissionCallback);

                } catch (IllegalStateException | SecurityException e) {

                    Log.e(TAG, "unable to revoke " + permInfo.name + " for "

                            + newPackage.packageName + " user " + userId, e);

                }

            }

        }

    }

                    final List<TaskRecord> tasks = stack.getAllTasks();

                    for (int taskNdx = tasks.size() - 1; taskNdx >= 0; taskNdx--) {

                        final TaskRecord task = tasks.get(taskNdx);

                        // Check the task for a top activity belonging to userId, or returning a

                        // result to an activity belonging to userId. Example case: a document

                        // picker for personal files, opened by a work app, should still get locked.

                        if (taskTopActivityIsUser(task, userId)) {

                            mService.getTaskChangeNotificationController().notifyTaskProfileLocked(

                                    task.taskId, userId);

                        for (int activityNdx = task.mActivities.size() - 1; activityNdx >= 0;

                                activityNdx--) {

                            final ActivityRecord activity = task.mActivities.get(activityNdx);

                            if (!activity.finishing && activity.mUserId == userId) {

                                mService.getTaskChangeNotificationController()

                                        .notifyTaskProfileLocked(task.taskId, userId);

                                break;

                            }

                        }

                    }

                }

        }

    }

    /**

     * Detects whether we should show a lock screen in front of this task for a locked user.

     * <p>

     * We'll do this if either of the following holds:

     * <ul>

     *   <li>The top activity explicitly belongs to {@param userId}.</li>

     *   <li>The top activity returns a result to an activity belonging to {@param userId}.</li>

     * </ul>

     *

     * @return {@code true} if the top activity looks like it belongs to {@param userId}.

     */

    private boolean taskTopActivityIsUser(TaskRecord task, @UserIdInt int userId) {

        // To handle the case that work app is in the task but just is not the top one.

        final ActivityRecord activityRecord = task.getTopActivity();

        final ActivityRecord resultTo = (activityRecord != null ? activityRecord.resultTo : null);

        return (activityRecord != null && activityRecord.mUserId == userId)

                || (resultTo != null && resultTo.mUserId == userId);

    }

    void cancelInitializingActivities() {

        for (int displayNdx = mActivityDisplays.size() - 1; displayNdx >= 0; --displayNdx) {

            final ActivityDisplay display = mActivityDisplays.get(displayNdx);

import android.app.ActivityManager;

import android.app.ActivityManagerInternal;

import android.app.AlarmManager;

import android.app.AppOpsManager;

import android.app.AutomaticZenRule;

import android.app.IActivityManager;

import com.android.server.lights.LightsManager;

import com.android.server.notification.NotificationManagerService.NotificationAssistants;

import com.android.server.notification.NotificationManagerService.NotificationListeners;

import com.android.server.pm.PackageManagerService;

import com.android.server.uri.UriGrantsManagerInternal;

import com.android.server.wm.WindowManagerInternal;

    @Mock

    UserManager mUm;

    @Mock

    AlarmManager mAlarmManager;

    // Use a Testable subclass so we can simulate calls from the system without failing.

    private static class TestableNotificationManagerService extends NotificationManagerService {

        int countSystemChecks = 0;

        LocalServices.addService(WindowManagerInternal.class, mWindowManagerInternal);

        LocalServices.removeServiceForTest(ActivityManagerInternal.class);

        LocalServices.addService(ActivityManagerInternal.class, mAmi);

        mContext.addMockSystemService(Context.ALARM_SERVICE, mAlarmManager);

        doNothing().when(mContext).sendBroadcastAsUser(any(), any(), any());

        return nrSummary;

    }

    @Test

    public void testLimitTimeOutBroadcast() {

        NotificationChannel channel = new NotificationChannel("id", "name",

                NotificationManager.IMPORTANCE_HIGH);

        Notification.Builder nb = new Notification.Builder(mContext, channel.getId())

                .setContentTitle("foo")

                .setSmallIcon(android.R.drawable.sym_def_app_icon)

                .setTimeoutAfter(1);

        StatusBarNotification sbn = new StatusBarNotification(PKG, PKG, 8, "tag", mUid, 0,

                nb.build(), UserHandle.getUserHandleForUid(mUid), null, 0);

        NotificationRecord r = new NotificationRecord(mContext, sbn, channel);

        mService.scheduleTimeoutLocked(r);

        ArgumentCaptor<PendingIntent> captor = ArgumentCaptor.forClass(PendingIntent.class);

        verify(mAlarmManager).setExactAndAllowWhileIdle(anyInt(), anyLong(), captor.capture());

        assertEquals(PackageManagerService.PLATFORM_PACKAGE_NAME,

                captor.getValue().getIntent().getPackage());

    }

    @Test

    public void testCreateNotificationChannels_SingleChannel() throws Exception {

        final NotificationChannel channel =

import android.content.pm.ResolveInfo;

import android.content.res.Resources;

import android.graphics.Rect;

import android.os.UserHandle;

import android.platform.test.annotations.Presubmit;

import android.util.Pair;

import android.view.DisplayInfo;

        assertEquals(infoFake1.activityInfo.name, resolvedInfo.first.name);

    }

    @Test

    public void testLockAllProfileTasks() {

        // Make an activity visible with the user id set to 1

        final TaskRecord task = new TaskBuilder(mSupervisor).setStack(mFullscreenStack).build();

        final ActivityRecord activity = new ActivityBuilder(mService).setTask(task)

                .setUid(UserHandle.PER_USER_RANGE + 1).build();

        // Create another activity on top and the user id is 2

        final ActivityRecord topActivity = new ActivityBuilder(mService)

                .setTask(task).setUid(UserHandle.PER_USER_RANGE + 2).build();

        // Make sure the listeners will be notified for putting the task to locked state

        TaskChangeNotificationController controller =

                mService.getTaskChangeNotificationController();

        spyOn(controller);

        mService.mRootActivityContainer.lockAllProfileTasks(1);

        verify(controller).notifyTaskProfileLocked(eq(task.taskId), eq(1));

    }

    /**

     * Test that {@link RootActivityContainer#getLaunchStack} with the real caller id will get the

     * expected stack when requesting the activity launch on the secondary display.