Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2a9e3f8e authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Better named encryption flags, start triaging. 

Create distinct flags for encryption aware, unaware, and both, and
name them like the other MATCH_ flags.

Start adding logic to help triage all system internal callers to
verify that they've done their homework and thought about how to
handle apps while locked.  Call sites in the system should either
ask for explicit matching behavior, or explicitly use the DEFAULT
match flag to indicate that they've been triaged to use the
default state-based matching.

Bug: 26250295
Change-Id: I86214e5c4f71a6dc72f06930800388713aecd107
parent 5b0e5207

api/current.txt

+3 −1
Original line number Diff line number Diff line
@@ -9567,7 +9567,6 @@ package android.content.pm { 
    field public static final int GET_CONFIGURATIONS = 16384; // 0x4000

    field public static final int GET_DISABLED_COMPONENTS = 512; // 0x200

    field public static final int GET_DISABLED_UNTIL_USED_COMPONENTS = 32768; // 0x8000

    field public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 262144; // 0x40000

    field public static final int GET_GIDS = 256; // 0x100

    field public static final int GET_INSTRUMENTATION = 16; // 0x10

    field public static final int GET_INTENT_FILTERS = 32; // 0x20
@@ -9583,6 +9582,9 @@ package android.content.pm { 
    field public static final int GET_URI_PERMISSION_PATTERNS = 2048; // 0x800

    field public static final int MATCH_ALL = 131072; // 0x20000

    field public static final int MATCH_DEFAULT_ONLY = 65536; // 0x10000

    field public static final int MATCH_ENCRYPTION_AWARE_AND_UNAWARE = 786432; // 0xc0000

    field public static final int MATCH_ENCRYPTION_AWARE_ONLY = 524288; // 0x80000

    field public static final int MATCH_ENCRYPTION_UNAWARE_ONLY = 262144; // 0x40000

    field public static final long MAXIMUM_VERIFICATION_TIMEOUT = 3600000L; // 0x36ee80L

    field public static final int PERMISSION_DENIED = -1; // 0xffffffff

    field public static final int PERMISSION_GRANTED = 0; // 0x0

api/system-current.txt

+3 −1
Original line number Diff line number Diff line
@@ -9883,7 +9883,6 @@ package android.content.pm { 
    field public static final int GET_CONFIGURATIONS = 16384; // 0x4000

    field public static final int GET_DISABLED_COMPONENTS = 512; // 0x200

    field public static final int GET_DISABLED_UNTIL_USED_COMPONENTS = 32768; // 0x8000

    field public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 262144; // 0x40000

    field public static final int GET_GIDS = 256; // 0x100

    field public static final int GET_INSTRUMENTATION = 16; // 0x10

    field public static final int GET_INTENT_FILTERS = 32; // 0x20
@@ -9936,6 +9935,9 @@ package android.content.pm { 
    field public static final int MASK_PERMISSION_FLAGS = 255; // 0xff

    field public static final int MATCH_ALL = 131072; // 0x20000

    field public static final int MATCH_DEFAULT_ONLY = 65536; // 0x10000

    field public static final int MATCH_ENCRYPTION_AWARE_AND_UNAWARE = 786432; // 0xc0000

    field public static final int MATCH_ENCRYPTION_AWARE_ONLY = 524288; // 0x80000

    field public static final int MATCH_ENCRYPTION_UNAWARE_ONLY = 262144; // 0x40000

    field public static final long MAXIMUM_VERIFICATION_TIMEOUT = 3600000L; // 0x36ee80L

    field public static final int PERMISSION_DENIED = -1; // 0xffffffff

    field public static final int PERMISSION_GRANTED = 0; // 0x0

api/test-current.txt

+3 −1
Original line number Diff line number Diff line
@@ -9567,7 +9567,6 @@ package android.content.pm { 
    field public static final int GET_CONFIGURATIONS = 16384; // 0x4000

    field public static final int GET_DISABLED_COMPONENTS = 512; // 0x200

    field public static final int GET_DISABLED_UNTIL_USED_COMPONENTS = 32768; // 0x8000

    field public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 262144; // 0x40000

    field public static final int GET_GIDS = 256; // 0x100

    field public static final int GET_INSTRUMENTATION = 16; // 0x10

    field public static final int GET_INTENT_FILTERS = 32; // 0x20
@@ -9583,6 +9582,9 @@ package android.content.pm { 
    field public static final int GET_URI_PERMISSION_PATTERNS = 2048; // 0x800

    field public static final int MATCH_ALL = 131072; // 0x20000

    field public static final int MATCH_DEFAULT_ONLY = 65536; // 0x10000

    field public static final int MATCH_ENCRYPTION_AWARE_AND_UNAWARE = 786432; // 0xc0000

    field public static final int MATCH_ENCRYPTION_AWARE_ONLY = 524288; // 0x80000

    field public static final int MATCH_ENCRYPTION_UNAWARE_ONLY = 262144; // 0x40000

    field public static final long MAXIMUM_VERIFICATION_TIMEOUT = 3600000L; // 0x36ee80L

    field public static final int PERMISSION_DENIED = -1; // 0xffffffff

    field public static final int PERMISSION_GRANTED = 0; // 0x0

core/java/android/content/Intent.java

+8 −0
Original line number Diff line number Diff line
@@ -4167,6 +4167,14 @@ public class Intent implements Parcelable, Cloneable { 
     */

    public static final int FLAG_GRANT_PREFIX_URI_PERMISSION = 0x00000080;



    /**

     * Internal flag used to indicate that a system component has done their

     * homework and verified their encryption-aware behavior.

     *

     * @hide

     */

    public static final int FLAG_DEBUG_ENCRYPTION_TRIAGED = 0x00000100;



    /**

     * If set, the new activity is not kept in the history stack.  As soon as

     * the user navigates away from it, the activity is finished.  This may also

core/java/android/content/pm/PackageManager.java

+20 −10
Original line number Diff line number Diff line
@@ -47,10 +47,8 @@ import android.os.Handler; 
import android.os.RemoteException;

import android.os.UserHandle;

import android.os.storage.VolumeInfo;

import android.provider.Settings;

import android.util.AndroidException;



import android.util.Log;

import com.android.internal.util.ArrayUtils;



import java.io.File;
@@ -236,21 +234,33 @@ public abstract class PackageManager { 
    public static final int MATCH_ALL = 0x00020000;



    /**

     * {@link PackageInfo} flag: include components which aren't encryption

     * {@link PackageInfo} flag: include only components which are encryption

     * unaware in the returned info, regardless of the current user state.

     */

    public static final int MATCH_ENCRYPTION_UNAWARE_ONLY = 0x00040000;



    /**

     * {@link PackageInfo} flag: include only components which are encryption

     * aware in the returned info, regardless of the current user state.

     */

    public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 0x00040000;

    public static final int MATCH_ENCRYPTION_AWARE_ONLY = 0x00080000;



    /**

     * {@link PackageInfo} flag: return components that are marked as

     * {@link ComponentInfo#encryptionAware}, unless

     * {@link #GET_ENCRYPTION_UNAWARE_COMPONENTS} is also specified.

     * <p>

     * This flag is for internal use only.

     * {@link PackageInfo} flag: include both encryption aware and unaware

     * components in the returned info, regardless of the current user state.

     */

    public static final int MATCH_ENCRYPTION_AWARE_AND_UNAWARE = MATCH_ENCRYPTION_AWARE_ONLY

            | MATCH_ENCRYPTION_UNAWARE_ONLY;



    /**

     * {@link PackageInfo} flag: use the default encryption matching behavior

     * based on user state. Internal flag used to indicate that a system

     * component has done their homework and verified their encryption-aware

     * behavior.

     *

     * @hide

     */

    public static final int MATCH_ENCRYPTION_AWARE_ONLY = 0x00080000;

    public static final int MATCH_ENCRYPTION_DEFAULT = 0x00100000;



    /**

     * Flag for {@link addCrossProfileIntentFilter}: if this flag is set: