Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 14bb16ce authored by Pavel Grafov's avatar Pavel Grafov
Browse files

Block sensors, scanning, and location in quiet mode 

Work apps are paused and shouldn't be able to track
the user.

Bug: 258623881
Test: btest android.devicepolicy.cts.QuietModeTest
Change-Id: I6887bb1b91087b64a5df9a71a7bbe4f48a9d14f4
parent c2cce799

services/core/java/com/android/server/pm/UserManagerService.java

+39 −9
Original line number Diff line number Diff line
@@ -35,6 +35,7 @@ import android.annotation.UserIdInt; 
import android.app.ActivityManager;

import android.app.ActivityManagerInternal;

import android.app.ActivityManagerNative;

import android.app.AppOpsManager;

import android.app.BroadcastOptions;

import android.app.IActivityManager;

import android.app.IStopUserCallback;
@@ -281,6 +282,19 @@ public class UserManagerService extends IUserManager.Stub { 
    private static final String TRON_USER_CREATED = "users_user_created";

    private static final String TRON_DEMO_CREATED = "users_demo_created";



    // App ops that should be restricted in quiet mode

    private static final int[] QUIET_MODE_RESTRICTED_APP_OPS = {

            AppOpsManager.OP_COARSE_LOCATION,

            AppOpsManager.OP_FINE_LOCATION,

            AppOpsManager.OP_GPS,

            AppOpsManager.OP_BODY_SENSORS,

            AppOpsManager.OP_ACTIVITY_RECOGNITION,

            AppOpsManager.OP_BLUETOOTH_SCAN,

            AppOpsManager.OP_NEARBY_WIFI_DEVICES,

            AppOpsManager.OP_RECORD_AUDIO,

            AppOpsManager.OP_CAMERA,

    };



    private final Context mContext;

    private final PackageManagerService mPm;
@@ -305,7 +319,8 @@ public class UserManagerService extends IUserManager.Stub { 
    @GuardedBy("mPackagesLock")

    private final File mUserListFile;



    private static final IBinder mUserRestriconToken = new Binder();

    private final IBinder mUserRestrictionToken = new Binder();

    private final IBinder mQuietModeToken = new Binder();



    /** Installs system packages based on user-type. */

    private final UserSystemPackageInstaller mSystemPackageInstaller;
@@ -682,6 +697,7 @@ public class UserManagerService extends IUserManager.Stub { 


        @Override

        public void onUserStarting(@NonNull TargetUser targetUser) {

            boolean isProfileInQuietMode = false;

            synchronized (mUms.mUsersLock) {

                final UserData user = mUms.getUserDataLU(targetUser.getUserIdentifier());

                if (user != null) {
@@ -689,9 +705,14 @@ public class UserManagerService extends IUserManager.Stub { 
                    if (targetUser.getUserIdentifier() == UserHandle.USER_SYSTEM

                            && targetUser.isFull()) {

                        mUms.setLastEnteredForegroundTimeToNow(user);

                    } else if (user.info.isManagedProfile() && user.info.isQuietModeEnabled()) {

                        isProfileInQuietMode = true;

                    }

                }

            }

            if (isProfileInQuietMode) {

                mUms.setAppOpsRestrictedForQuietMode(targetUser.getUserIdentifier(), true);

            }

        }



        @Override
@@ -1366,6 +1387,7 @@ public class UserManagerService extends IUserManager.Stub { 
            // New behavior: when quiet mode is enabled, profile user is running, but apps are

            // suspended.

            getPackageManagerInternal().setPackagesSuspendedForQuietMode(userId, enableQuietMode);

            setAppOpsRestrictedForQuietMode(userId, enableQuietMode);



            if (enableQuietMode

                    && !mLockPatternUtils.isManagedProfileWithUnifiedChallenge(userId)) {
@@ -1405,6 +1427,17 @@ public class UserManagerService extends IUserManager.Stub { 
                enableQuietMode);

    }



    private void setAppOpsRestrictedForQuietMode(@UserIdInt int userId, boolean restrict) {

        for (int opCode : QUIET_MODE_RESTRICTED_APP_OPS) {

            try {

                mAppOpsService.setUserRestriction(

                        opCode, restrict, mQuietModeToken, userId, /* excludedPackageTags= */ null);

            } catch (RemoteException e) {

                Slog.w(LOG_TAG, "Unable to limit app ops", e);

            }

        }

    }



    private void logQuietModeEnabled(@UserIdInt int userId, boolean enableQuietMode,

            @Nullable String callingPackage) {

        Slogf.i(LOG_TAG,
@@ -2888,15 +2921,12 @@ public class UserManagerService extends IUserManager.Stub { 
        }



        if (mAppOpsService != null) { // We skip it until system-ready.

            mHandler.post(new Runnable() {

                @Override

                public void run() {

            mHandler.post(() -> {

                try {

                        mAppOpsService.setUserRestrictions(effective, mUserRestriconToken, userId);

                    mAppOpsService.setUserRestrictions(effective, mUserRestrictionToken, userId);

                } catch (RemoteException e) {

                    Slog.w(LOG_TAG, "Unable to notify AppOpsService of UserRestrictions");

                }

                }

            });

        }