Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3a89e626 authored by Robert Horvath's avatar Robert Horvath
Browse files

Extract privacy item monitoring interface, add AppOpsPrivacyItemMonitor 

This is to allow privacy items that aren't driven by AppOps to be added.

Changes include:
- PrivacyConfig now holds the DeviceConfig listener.
- Thread safety: currentUserId was previously accessed on multiple
  threads. All access to state of AppOpPrivacyItemMonitor is guarded by
  a lock.
- Mic/camera PrivacyItems are now filtered out and not delivered to
  PrivacyItemController callbacks. Previously, changes to the location
  app op were ignored if locationAvailable was false - but changes to
  the mic/camera app op were still processed even if micCameraAvailable
  was false (and locationAvailable was true, as otherwise the AppOps
  callback was unregistered).
  PhoneStatusBarPolicy would log a mic/camera status bar icon is visible
  regardless of micCameraAvailable if locationAvailable was true - this
  will no longer be the case.

Bug: 184629645
Test: atest CameraMicIndicatorsPermissionTest RecognitionServiceMicIndicatorTest
Test: atest AppOpsPrivacyItemMonitorTest PrivacyItemControllerTest PrivacyConfigFlagsTest
Test: m SystemUI CarSystemUI ArcSystemUI
Test: Manual, observe mic/camera privacy indicators
Change-Id: I3d78e35e1205e5ed8cc00eda71eed02f71fa35b4
Merged-In: I3d78e35e1205e5ed8cc00eda71eed02f71fa35b4
parent 9568bd96

packages/SystemUI/src/com/android/systemui/dagger/SystemUIModule.java

+2 −0
Original line number Diff line number Diff line
@@ -46,6 +46,7 @@ import com.android.systemui.lowlightclock.LowLightClockController; 
import com.android.systemui.model.SysUiState;

import com.android.systemui.navigationbar.NavigationBarComponent;

import com.android.systemui.plugins.BcSmartspaceDataPlugin;

import com.android.systemui.privacy.PrivacyModule;

import com.android.systemui.recents.Recents;

import com.android.systemui.screenshot.dagger.ScreenshotModule;

import com.android.systemui.settings.dagger.SettingsModule;
@@ -122,6 +123,7 @@ import dagger.Provides; 
            LogModule.class,

            PeopleHubModule.class,

            PluginModule.class,

            PrivacyModule.class,

            QsFrameTranslateModule.class,

            ScreenshotModule.class,

            SensorModule.class,

packages/SystemUI/src/com/android/systemui/privacy/AppOpsPrivacyItemMonitor.kt

0 → 100644
+249 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2022 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package com.android.systemui.privacy



import android.app.AppOpsManager

import android.content.Context

import android.content.pm.UserInfo

import android.os.UserHandle

import com.android.internal.annotations.GuardedBy

import com.android.internal.annotations.VisibleForTesting

import com.android.systemui.appops.AppOpItem

import com.android.systemui.appops.AppOpsController

import com.android.systemui.dagger.SysUISingleton

import com.android.systemui.dagger.qualifiers.Background

import com.android.systemui.privacy.logging.PrivacyLogger

import com.android.systemui.settings.UserTracker

import com.android.systemui.util.asIndenting

import com.android.systemui.util.concurrency.DelayableExecutor

import com.android.systemui.util.withIncreasedIndent

import java.io.PrintWriter

import javax.inject.Inject



/**

 * Monitors privacy items backed by app ops:

 * - Mic & Camera

 * - Location

 *

 * If [PrivacyConfig.micCameraAvailable] / [PrivacyConfig.locationAvailable] are disabled,

 * the corresponding PrivacyItems will not be reported.

 */

@SysUISingleton

class AppOpsPrivacyItemMonitor @Inject constructor(

    private val appOpsController: AppOpsController,

    private val userTracker: UserTracker,

    private val privacyConfig: PrivacyConfig,

    @Background private val bgExecutor: DelayableExecutor,

    private val logger: PrivacyLogger

) : PrivacyItemMonitor {



    @VisibleForTesting

    companion object {

        val OPS_MIC_CAMERA = intArrayOf(AppOpsManager.OP_CAMERA,

                AppOpsManager.OP_PHONE_CALL_CAMERA, AppOpsManager.OP_RECORD_AUDIO,

                AppOpsManager.OP_PHONE_CALL_MICROPHONE,

                AppOpsManager.OP_RECEIVE_AMBIENT_TRIGGER_AUDIO)

        val OPS_LOCATION = intArrayOf(

                AppOpsManager.OP_COARSE_LOCATION,

                AppOpsManager.OP_FINE_LOCATION)

        val OPS = OPS_MIC_CAMERA + OPS_LOCATION

        val USER_INDEPENDENT_OPS = intArrayOf(AppOpsManager.OP_PHONE_CALL_CAMERA,

                AppOpsManager.OP_PHONE_CALL_MICROPHONE)

    }



    private val lock = Any()



    @GuardedBy("lock")

    private var callback: PrivacyItemMonitor.Callback? = null

    @GuardedBy("lock")

    private var micCameraAvailable = privacyConfig.micCameraAvailable

    @GuardedBy("lock")

    private var locationAvailable = privacyConfig.locationAvailable

    @GuardedBy("lock")

    private var listening = false



    private val appOpsCallback = object : AppOpsController.Callback {

        override fun onActiveStateChanged(

            code: Int,

            uid: Int,

            packageName: String,

            active: Boolean

        ) {

            synchronized(lock) {

                // Check if we care about this code right now

                if (code in OPS_MIC_CAMERA && !micCameraAvailable) {

                    return

                }

                if (code in OPS_LOCATION && !locationAvailable) {

                    return

                }

                if (userTracker.userProfiles.any { it.id == UserHandle.getUserId(uid) } ||

                        code in USER_INDEPENDENT_OPS) {

                    logger.logUpdatedItemFromAppOps(code, uid, packageName, active)

                    dispatchOnPrivacyItemsChanged()

                }

            }

        }

    }



    @VisibleForTesting

    internal val userTrackerCallback = object : UserTracker.Callback {

        override fun onUserChanged(newUser: Int, userContext: Context) {

            onCurrentProfilesChanged()

        }



        override fun onProfilesChanged(profiles: List<UserInfo>) {

            onCurrentProfilesChanged()

        }

    }



    private val configCallback = object : PrivacyConfig.Callback {

        override fun onFlagLocationChanged(flag: Boolean) {

            onFlagChanged()

        }



        override fun onFlagMicCameraChanged(flag: Boolean) {

            onFlagChanged()

        }



        private fun onFlagChanged() {

            synchronized(lock) {

                micCameraAvailable = privacyConfig.micCameraAvailable

                locationAvailable = privacyConfig.locationAvailable

                setListeningStateLocked()

            }

            dispatchOnPrivacyItemsChanged()

        }

    }



    init {

        privacyConfig.addCallback(configCallback)

    }



    override fun startListening(callback: PrivacyItemMonitor.Callback) {

        synchronized(lock) {

            this.callback = callback

            setListeningStateLocked()

        }

    }



    override fun stopListening() {

        synchronized(lock) {

            this.callback = null

            setListeningStateLocked()

        }

    }



    /**

     * Updates listening status based on whether there are callbacks and the indicators are enabled.

     *

     * Always listen to all OPS so we don't have to figure out what we should be listening to. We

     * still have to filter anyway. Updates are filtered in the callback.

     *

     * This is only called from private (add/remove)Callback and from the config listener, all in

     * main thread.

     */

    @GuardedBy("lock")

    private fun setListeningStateLocked() {

        val shouldListen = callback != null && (micCameraAvailable || locationAvailable)

        if (listening == shouldListen) {

            return

        }



        listening = shouldListen

        if (shouldListen) {

            appOpsController.addCallback(OPS, appOpsCallback)

            userTracker.addCallback(userTrackerCallback, bgExecutor)

            onCurrentProfilesChanged()

        } else {

            appOpsController.removeCallback(OPS, appOpsCallback)

            userTracker.removeCallback(userTrackerCallback)

        }

    }



    override fun getActivePrivacyItems(): List<PrivacyItem> {

        val activeAppOps = appOpsController.getActiveAppOps(true)

        val currentUserProfiles = userTracker.userProfiles



        return synchronized(lock) {

            activeAppOps.filter {

                currentUserProfiles.any { user -> user.id == UserHandle.getUserId(it.uid) } ||

                        it.code in USER_INDEPENDENT_OPS

            }.mapNotNull { toPrivacyItemLocked(it) }

        }.distinct()

    }



    @GuardedBy("lock")

    private fun privacyItemForAppOpEnabledLocked(code: Int): Boolean {

        if (code in OPS_LOCATION) {

            return locationAvailable

        } else if (code in OPS_MIC_CAMERA) {

            return micCameraAvailable

        } else {

            return false

        }

    }



    @GuardedBy("lock")

    private fun toPrivacyItemLocked(appOpItem: AppOpItem): PrivacyItem? {

        if (!privacyItemForAppOpEnabledLocked(appOpItem.code)) {

            return null

        }

        val type: PrivacyType = when (appOpItem.code) {

            AppOpsManager.OP_PHONE_CALL_CAMERA,

            AppOpsManager.OP_CAMERA -> PrivacyType.TYPE_CAMERA

            AppOpsManager.OP_COARSE_LOCATION,

            AppOpsManager.OP_FINE_LOCATION -> PrivacyType.TYPE_LOCATION

            AppOpsManager.OP_PHONE_CALL_MICROPHONE,

            AppOpsManager.OP_RECEIVE_AMBIENT_TRIGGER_AUDIO,

            AppOpsManager.OP_RECORD_AUDIO -> PrivacyType.TYPE_MICROPHONE

            else -> return null

        }

        val app = PrivacyApplication(appOpItem.packageName, appOpItem.uid)

        return PrivacyItem(type, app, appOpItem.timeStartedElapsed, appOpItem.isDisabled)

    }



    private fun onCurrentProfilesChanged() {

        val currentUserIds = userTracker.userProfiles.map { it.id }

        logger.logCurrentProfilesChanged(currentUserIds)

        dispatchOnPrivacyItemsChanged()

    }



    private fun dispatchOnPrivacyItemsChanged() {

        val cb = synchronized(lock) { callback }

        if (cb != null) {

            bgExecutor.execute {

                cb.onPrivacyItemsChanged()

            }

        }

    }



    override fun dump(pw: PrintWriter, args: Array<out String>) {

        val ipw = pw.asIndenting()

        ipw.println("AppOpsPrivacyItemMonitor:")

        ipw.withIncreasedIndent {

            synchronized(lock) {

                ipw.println("Listening: $listening")

                ipw.println("micCameraAvailable: $micCameraAvailable")

                ipw.println("locationAvailable: $locationAvailable")

                ipw.println("Callback: $callback")

            }

            ipw.println("Current user ids: ${userTracker.userProfiles.map { it.id }}")

        }

        ipw.flush()

    }

}

packages/SystemUI/src/com/android/systemui/privacy/PrivacyConfig.kt

0 → 100644
+135 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2022 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package com.android.systemui.privacy



import android.provider.DeviceConfig

import com.android.internal.annotations.VisibleForTesting

import com.android.internal.config.sysui.SystemUiDeviceConfigFlags

import com.android.systemui.Dumpable

import com.android.systemui.dagger.SysUISingleton

import com.android.systemui.dagger.qualifiers.Main

import com.android.systemui.dump.DumpManager

import com.android.systemui.util.DeviceConfigProxy

import com.android.systemui.util.asIndenting

import com.android.systemui.util.concurrency.DelayableExecutor

import com.android.systemui.util.withIncreasedIndent

import java.io.PrintWriter

import java.lang.ref.WeakReference

import javax.inject.Inject



@SysUISingleton

class PrivacyConfig @Inject constructor(

    @Main private val uiExecutor: DelayableExecutor,

    private val deviceConfigProxy: DeviceConfigProxy,

    dumpManager: DumpManager

) : Dumpable {



    @VisibleForTesting

    internal companion object {

        const val TAG = "PrivacyConfig"

        private const val MIC_CAMERA = SystemUiDeviceConfigFlags.PROPERTY_MIC_CAMERA_ENABLED

        private const val LOCATION = SystemUiDeviceConfigFlags.PROPERTY_LOCATION_INDICATORS_ENABLED

        private const val DEFAULT_MIC_CAMERA = true

        private const val DEFAULT_LOCATION = false

    }



    private val callbacks = mutableListOf<WeakReference<Callback>>()



    var micCameraAvailable = isMicCameraEnabled()

        private set

    var locationAvailable = isLocationEnabled()

        private set



    private val devicePropertiesChangedListener =

            DeviceConfig.OnPropertiesChangedListener { properties ->

                if (DeviceConfig.NAMESPACE_PRIVACY == properties.namespace) {

                    // Running on the ui executor so can iterate on callbacks

                    if (properties.keyset.contains(MIC_CAMERA)) {

                        micCameraAvailable = properties.getBoolean(MIC_CAMERA, DEFAULT_MIC_CAMERA)

                        callbacks.forEach { it.get()?.onFlagMicCameraChanged(micCameraAvailable) }

                    }



                    if (properties.keyset.contains(LOCATION)) {

                        locationAvailable = properties.getBoolean(LOCATION, DEFAULT_LOCATION)

                        callbacks.forEach { it.get()?.onFlagLocationChanged(locationAvailable) }

                    }

                }

            }



    init {

        dumpManager.registerDumpable(TAG, this)

        deviceConfigProxy.addOnPropertiesChangedListener(

                DeviceConfig.NAMESPACE_PRIVACY,

                uiExecutor,

                devicePropertiesChangedListener)

    }



    private fun isMicCameraEnabled(): Boolean {

        return deviceConfigProxy.getBoolean(DeviceConfig.NAMESPACE_PRIVACY,

                MIC_CAMERA, DEFAULT_MIC_CAMERA)

    }



    private fun isLocationEnabled(): Boolean {

        return deviceConfigProxy.getBoolean(DeviceConfig.NAMESPACE_PRIVACY,

                LOCATION, DEFAULT_LOCATION)

    }



    fun addCallback(callback: Callback) {

        addCallback(WeakReference(callback))

    }



    fun removeCallback(callback: Callback) {

        removeCallback(WeakReference(callback))

    }



    private fun addCallback(callback: WeakReference<Callback>) {

        uiExecutor.execute {

            callbacks.add(callback)

        }

    }



    private fun removeCallback(callback: WeakReference<Callback>) {

        uiExecutor.execute {

            // Removes also if the callback is null

            callbacks.removeIf { it.get()?.equals(callback.get()) ?: true }

        }

    }



    override fun dump(pw: PrintWriter, args: Array<out String>) {

        val ipw = pw.asIndenting()

        ipw.println("PrivacyConfig state:")

        ipw.withIncreasedIndent {

            ipw.println("micCameraAvailable: $micCameraAvailable")

            ipw.println("locationAvailable: $locationAvailable")

            ipw.println("Callbacks:")

            ipw.withIncreasedIndent {

                callbacks.forEach { callback ->

                    callback.get()?.let { ipw.println(it) }

                }

            }

        }

        ipw.flush()

    }



    interface Callback {

        @JvmDefault

        fun onFlagMicCameraChanged(flag: Boolean) {}



        @JvmDefault

        fun onFlagLocationChanged(flag: Boolean) {}

    }

}
 
 No newline at end of file

packages/SystemUI/src/com/android/systemui/privacy/PrivacyItemController.kt

+54 −165

File changed.

Preview size limit exceeded, changes collapsed.

packages/SystemUI/src/com/android/systemui/privacy/PrivacyItemMonitor.kt

0 → 100644
+29 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2022 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package com.android.systemui.privacy



import com.android.systemui.Dumpable



interface PrivacyItemMonitor : Dumpable {

    fun startListening(callback: Callback)

    fun stopListening()

    fun getActivePrivacyItems(): List<PrivacyItem>



    interface Callback {

        fun onPrivacyItemsChanged()

    }

}