Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1c7c319b authored by Jason Monk's avatar Jason Monk
Browse files

User restriction for disallowing window creation 

Block any types of windows that could by used by apps to create
views on top of a locked app.  This can be used by device admins
in conjunction with lock task mode.

Added a way for system (and priv apps) to bypass user restrictions
for specified op codes.

Bug: 15279535
Change-Id: I2381530ef6226a5bb32a99bb4030baafb39bf564
parent fa10423f

api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -21704,6 +21704,7 @@ package android.os { 
    field public static final java.lang.String DISALLOW_CONFIG_TETHERING = "no_config_tethering";

    field public static final java.lang.String DISALLOW_CONFIG_VPN = "no_config_vpn";

    field public static final java.lang.String DISALLOW_CONFIG_WIFI = "no_config_wifi";

    field public static final java.lang.String DISALLOW_CREATE_WINDOWS = "no_create_windows";

    field public static final java.lang.String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features";

    field public static final java.lang.String DISALLOW_FACTORY_RESET = "no_factory_reset";

    field public static final java.lang.String DISALLOW_INSTALL_APPS = "no_install_apps";

core/java/android/app/AppOpsManager.java

+78 −3
Original line number Diff line number Diff line
@@ -191,7 +191,9 @@ public class AppOpsManager { 
    /** @hide */

    public static final int OP_MUTE_MICROPHONE = 44;

    /** @hide */

    public static final int _NUM_OP = 45;

    public static final int OP_TOAST_WINDOW = 45;

    /** @hide */

    public static final int _NUM_OP = 46;



    /** Access to coarse location information. */

    public static final String OPSTR_COARSE_LOCATION =
@@ -259,7 +261,8 @@ public class AppOpsManager { 
            OP_COARSE_LOCATION,

            OP_COARSE_LOCATION,

            OP_GET_USAGE_STATS,

            OP_MUTE_MICROPHONE

            OP_MUTE_MICROPHONE,

            OP_TOAST_WINDOW,

    };



    /**
@@ -312,6 +315,7 @@ public class AppOpsManager { 
            OPSTR_MONITOR_HIGH_POWER_LOCATION,

            null,

            null,

            null,

    };



    /**
@@ -364,6 +368,7 @@ public class AppOpsManager { 
            "MONITOR_HIGH_POWER_LOCATION",

            "GET_USAGE_STATS",

            "OP_MUTE_MICROPHONE",

            "TOAST_WINDOW",

    };



    /**
@@ -416,6 +421,7 @@ public class AppOpsManager { 
            null, // no permission for high power location monitoring

            android.Manifest.permission.PACKAGE_USAGE_STATS,

            null, // no permission for muting/unmuting microphone

            null, // no permission for displaying toasts

    };



    /**
@@ -448,7 +454,7 @@ public class AppOpsManager { 
            null, //READ_ICC_SMS

            null, //WRITE_ICC_SMS

            null, //WRITE_SETTINGS

            null, //SYSTEM_ALERT_WINDOW

            UserManager.DISALLOW_CREATE_WINDOWS, //SYSTEM_ALERT_WINDOW

            null, //ACCESS_NOTIFICATIONS

            null, //CAMERA

            null, //RECORD_AUDIO
@@ -469,6 +475,60 @@ public class AppOpsManager { 
            null, //MONITOR_HIGH_POWER_LOCATION

            null, //GET_USAGE_STATS

            UserManager.DISALLOW_UNMUTE_MICROPHONE, // MUTE_MICROPHONE

            UserManager.DISALLOW_CREATE_WINDOWS, // TOAST_WINDOW

    };



    /**

     * This specifies whether each option should allow the system

     * (and system ui) to bypass the user restriction when active.

     */

    private static boolean[] sOpAllowSystemRestrictionBypass = new boolean[] {

            false, //COARSE_LOCATION

            false, //FINE_LOCATION

            false, //GPS

            false, //VIBRATE

            false, //READ_CONTACTS

            false, //WRITE_CONTACTS

            false, //READ_CALL_LOG

            false, //WRITE_CALL_LOG

            false, //READ_CALENDAR

            false, //WRITE_CALENDAR

            false, //WIFI_SCAN

            false, //POST_NOTIFICATION

            false, //NEIGHBORING_CELLS

            false, //CALL_PHONE

            false, //READ_SMS

            false, //WRITE_SMS

            false, //RECEIVE_SMS

            false, //RECEIVE_EMERGECY_SMS

            false, //RECEIVE_MMS

            false, //RECEIVE_WAP_PUSH

            false, //SEND_SMS

            false, //READ_ICC_SMS

            false, //WRITE_ICC_SMS

            false, //WRITE_SETTINGS

            true, //SYSTEM_ALERT_WINDOW

            false, //ACCESS_NOTIFICATIONS

            false, //CAMERA

            false, //RECORD_AUDIO

            false, //PLAY_AUDIO

            false, //READ_CLIPBOARD

            false, //WRITE_CLIPBOARD

            false, //TAKE_MEDIA_BUTTONS

            false, //TAKE_AUDIO_FOCUS

            false, //AUDIO_MASTER_VOLUME

            false, //AUDIO_VOICE_VOLUME

            false, //AUDIO_RING_VOLUME

            false, //AUDIO_MEDIA_VOLUME

            false, //AUDIO_ALARM_VOLUME

            false, //AUDIO_NOTIFICATION_VOLUME

            false, //AUDIO_BLUETOOTH_VOLUME

            false, //WAKE_LOCK

            false, //MONITOR_LOCATION

            false, //MONITOR_HIGH_POWER_LOCATION

            false, //GET_USAGE_STATS

            false, // MUTE_MICROPHONE

            true, // TOAST_WINDOW

    };



    /**
@@ -520,6 +580,7 @@ public class AppOpsManager { 
            AppOpsManager.MODE_ALLOWED,

            AppOpsManager.MODE_IGNORED, // OP_GET_USAGE_STATS

            AppOpsManager.MODE_ALLOWED,

            AppOpsManager.MODE_ALLOWED,

    };



    /**
@@ -575,6 +636,7 @@ public class AppOpsManager { 
            false,

            false,

            false,

            false,

    };



    private static HashMap<String, Integer> sOpStrToOp = new HashMap<String, Integer>();
@@ -608,6 +670,10 @@ public class AppOpsManager { 
            throw new IllegalStateException("sOpRestrictions length " + sOpRestrictions.length

                    + " should be " + _NUM_OP);

        }

        if (sOpAllowSystemRestrictionBypass.length != _NUM_OP) {

            throw new IllegalStateException("sOpAllowSYstemRestrictionsBypass length "

                    + sOpRestrictions.length + " should be " + _NUM_OP);

        }

        for (int i=0; i<_NUM_OP; i++) {

            if (sOpToString[i] != null) {

                sOpStrToOp.put(sOpToString[i], i);
@@ -648,6 +714,15 @@ public class AppOpsManager { 
        return sOpRestrictions[op];

    }



    /**

     * Retrieve whether the op allows the system (and system ui) to

     * bypass the user restriction.

     * @hide

     */

    public static boolean opAllowSystemBypassRestriction(int op) {

        return sOpAllowSystemRestrictionBypass[op];

    }



    /**

     * Retrieve the default mode for the operation.

     * @hide

core/java/android/app/admin/DevicePolicyManager.java

+2 −0
Original line number Diff line number Diff line
@@ -2586,6 +2586,8 @@ public class DevicePolicyManager { 
     * @param packages The list of packages allowed to enter lock task mode

     *

     * @see Activity#startLockTask()

     * @see DeviceAdminReceiver#onLockTaskModeChanged(Context, Intent, boolean, String)

     * @see UserManager#DISALLOW_CREATE_WINDOWS

     */

    public void setLockTaskPackages(String[] packages) throws SecurityException {

        if (mService != null) {

core/java/android/os/UserManager.java

+19 −0
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ import android.graphics.drawable.BitmapDrawable; 
import android.graphics.drawable.Drawable;

import android.provider.Settings;

import android.util.Log;

import android.view.WindowManager.LayoutParams;



import com.android.internal.R;
@@ -278,6 +279,24 @@ public class UserManager { 
     */

    public static final String DISALLOW_TELEPHONY = "no_telephony";



    /**

     * Key for user restrictions. Specifies that windows besides app windows should not be

     * created. This will block the creation of the following types of windows.

     * <li>{@link LayoutParams#TYPE_TOAST}</li>

     * <li>{@link LayoutParams#TYPE_PHONE}</li>

     * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li>

     * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li>

     * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li>

     * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li>

     *

     * <p>The default value is <code>false</code>.

     * <p/>

     * Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see #getUserRestrictions()

     */

    public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows";



    /** @hide */

    public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;

    /** @hide */

policy/src/com/android/internal/policy/impl/PhoneWindowManager.java

+1 −0
Original line number Diff line number Diff line
@@ -1365,6 +1365,7 @@ public class PhoneWindowManager implements WindowManagerPolicy { 
                // XXX right now the app process has complete control over

                // this...  should introduce a token to let the system

                // monitor/control what they are doing.

                outAppOp[0] = AppOpsManager.OP_TOAST_WINDOW;

                break;

            case TYPE_DREAM:

            case TYPE_INPUT_METHOD: