Skip user consent for subsequent reports

      purpose: PURPOSE_BUGFIX

    }

}

flag {

  name: "onboarding_consentless_bugreports"

  namespace: "enterprise"

  description: "Allow subsequent bugreports to skip user consent within a time frame"

  bug: "340439309"

  metadata {

    purpose: PURPOSE_BUGFIX

  }

}

                    params.getMode(),

                    params.getFlags(),

                    dsListener,

                    isScreenshotRequested);

                    isScreenshotRequested,

                    /* skipUserConsent = */ false);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        } catch (FileNotFoundException e) {

                    bugreportFd.getFileDescriptor(),

                    bugreportFile,

                    /* keepBugreportOnRetrieval = */ false,

                    /* skipUserConsent = */ false,

                    dsListener);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

            mBugreportFd = ParcelFileDescriptor.dup(invocation.getArgument(2));

            return null;

        }).when(mMockIDumpstate).startBugreport(anyInt(), any(), any(), any(), anyInt(), anyInt(),

                any(), anyBoolean());

                any(), anyBoolean(), anyBoolean());

        setWarningState(mContext, STATE_HIDE);

        getInstrumentation().waitForIdleSync();

        verify(mMockIDumpstate, times(1)).startBugreport(anyInt(), any(), any(), any(),

                anyInt(), anyInt(), any(), anyBoolean());

                anyInt(), anyInt(), any(), anyBoolean(), anyBoolean());

        sendBugreportFinished();

    }

        ArgumentCaptor<IDumpstateListener> listenerCap = ArgumentCaptor.forClass(

                IDumpstateListener.class);

        verify(mMockIDumpstate, timeout(TIMEOUT)).startBugreport(anyInt(), any(), any(), any(),

                anyInt(), anyInt(), listenerCap.capture(), anyBoolean());

                anyInt(), anyInt(), listenerCap.capture(), anyBoolean(), anyBoolean());

        mIDumpstateListener = listenerCap.getValue();

        assertNotNull("Dumpstate listener should not be null", mIDumpstateListener);

        mIDumpstateListener.onProgress(0);

package com.android.server.os;

import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled;

import static android.app.admin.flags.Flags.onboardingConsentlessBugreports;

import android.Manifest;

import android.annotation.NonNull;

import android.os.Binder;

import android.os.BugreportManager.BugreportCallback;

import android.os.BugreportParams;

import android.os.Build;

import android.os.Environment;

import android.os.IDumpstate;

import android.os.IDumpstateListener;

import java.io.IOException;

import java.io.InputStream;

import java.io.PrintWriter;

import java.util.HashMap;

import java.util.HashSet;

import java.util.List;

import java.util.Map;

import java.util.Objects;

import java.util.OptionalInt;

import java.util.Set;

import java.util.concurrent.TimeUnit;

/**

 * Implementation of the service that provides a privileged API to capture and consume bugreports.

    private static final String BUGREPORT_SERVICE = "bugreportd";

    private static final long DEFAULT_BUGREPORT_SERVICE_TIMEOUT_MILLIS = 30 * 1000;

    private static final long DEFAULT_BUGREPORT_CONSENTLESS_GRACE_PERIOD_MILLIS =

            TimeUnit.MINUTES.toMillis(2);

    private final Object mLock = new Object();

    private final Injector mInjector;

    private final Context mContext;

        private ArrayMap<Pair<Integer, String>, ArraySet<String>> mBugreportFiles =

                new ArrayMap<>();

        // Map of <CallerPackage, Pair<TimestampOfLastConsent, skipConsentForFullReport>>

        @GuardedBy("mLock")

        private Map<String, Pair<Long, Boolean>> mConsentGranted = new HashMap<>();

        @VisibleForTesting(visibility = VisibleForTesting.Visibility.PRIVATE)

        @GuardedBy("mLock")

        final Set<String> mBugreportFilesToPersist = new HashSet<>();

            }

        }

        /**

         * Logs an entry with a timestamp of a consent being granted by the user to the calling

         * {@code packageName}.

         */

        void logConsentGrantedForCaller(

                String packageName, boolean consentGranted, boolean isDeferredReport) {

            if (!onboardingConsentlessBugreports() || !Build.IS_DEBUGGABLE) {

                return;

            }

            synchronized (mLock) {

                // Adds an entry with the timestamp of the consent being granted by the user, and

                // whether the consent can be skipped for a full bugreport, because a single

                // consent can be used for multiple deferred reports but only one full report.

                if (consentGranted) {

                    mConsentGranted.put(packageName, new Pair<>(

                            System.currentTimeMillis(),

                            isDeferredReport));

                } else if (!isDeferredReport) {

                    if (!mConsentGranted.containsKey(packageName)) {

                        Slog.e(TAG, "Previous consent from package: " + packageName + " should"

                                + "have been logged.");

                        return;

                    }

                    mConsentGranted.put(packageName, new Pair<>(

                            mConsentGranted.get(packageName).first,

                            /* second = */ false

                    ));

                }

            }

        }

        /**

         * Returns {@code true} if user consent be skippeb because a previous consens has been

         * granted to the caller within the allowed time period.

         */

        boolean canSkipConsentScreen(String packageName, boolean isFullReport) {

            if (!onboardingConsentlessBugreports() || !Build.IS_DEBUGGABLE) {

                return false;

            }

            synchronized (mLock) {

                if (!mConsentGranted.containsKey(packageName)) {

                    return false;

                }

                long currentTime = System.currentTimeMillis();

                long consentGrantedTime = mConsentGranted.get(packageName).first;

                if (consentGrantedTime + DEFAULT_BUGREPORT_CONSENTLESS_GRACE_PERIOD_MILLIS

                        < currentTime) {

                    mConsentGranted.remove(packageName);

                    return false;

                }

                boolean skipConsentForFullReport = mConsentGranted.get(packageName).second;

                if (isFullReport && !skipConsentForFullReport) {

                    return false;

                }

                return true;

            }

        }

        private void addBugreportMapping(Pair<Integer, String> caller, String bugreportFile) {

            synchronized (mLock) {

                if (!mBugreportFiles.containsKey(caller)) {

    public void startBugreport(int callingUidUnused, String callingPackage,

            FileDescriptor bugreportFd, FileDescriptor screenshotFd,

            int bugreportMode, int bugreportFlags, IDumpstateListener listener,

            boolean isScreenshotRequested) {

            boolean isScreenshotRequested, boolean skipUserConsentUnused) {

        Objects.requireNonNull(callingPackage);

        Objects.requireNonNull(bugreportFd);

        Objects.requireNonNull(listener);

    @RequiresPermission(value = Manifest.permission.DUMP, conditional = true)

    public void retrieveBugreport(int callingUidUnused, String callingPackage, int userId,

            FileDescriptor bugreportFd, String bugreportFile,

            boolean keepBugreportOnRetrievalUnused, IDumpstateListener listener) {

            boolean keepBugreportOnRetrievalUnused, boolean skipUserConsentUnused,

            IDumpstateListener listener) {

        int callingUid = Binder.getCallingUid();

        enforcePermission(callingPackage, callingUid, false);

                return;

            }

            boolean skipUserConsent = mBugreportFileManager.canSkipConsentScreen(

                    callingPackage, /* isFullReport = */ false);

            // Wrap the listener so we can intercept binder events directly.

            DumpstateListener myListener = new DumpstateListener(listener, ds,

                    new Pair<>(callingUid, callingPackage), /* reportFinishedFile= */ true);

                    new Pair<>(callingUid, callingPackage), /* reportFinishedFile= */ true,

                    !skipUserConsent, /* isDeferredReport = */ true);

            boolean keepBugreportOnRetrieval = false;

            if (onboardingBugreportV2Enabled()) {

            setCurrentDumpstateListenerLocked(myListener);

            try {

                ds.retrieveBugreport(callingUid, callingPackage, userId, bugreportFd,

                        bugreportFile, keepBugreportOnRetrieval, myListener);

                        bugreportFile, keepBugreportOnRetrieval, skipUserConsent, myListener);

            } catch (RemoteException e) {

                Slog.e(TAG, "RemoteException in retrieveBugreport", e);

            }

            }

        }

        boolean reportFinishedFile =

        boolean isDeferredConsentReport =

                (bugreportFlags & BugreportParams.BUGREPORT_FLAG_DEFER_CONSENT) != 0;

        boolean keepBugreportOnRetrieval =

            reportError(listener, IDumpstateListener.BUGREPORT_ERROR_RUNTIME_ERROR);

            return;

        }

        boolean skipUserConsent = mBugreportFileManager.canSkipConsentScreen(

                callingPackage, !isDeferredConsentReport);

        DumpstateListener myListener = new DumpstateListener(listener, ds,

                new Pair<>(callingUid, callingPackage), reportFinishedFile,

                keepBugreportOnRetrieval);

                new Pair<>(callingUid, callingPackage),

                /* reportFinishedFile = */ isDeferredConsentReport, keepBugreportOnRetrieval,

                !isDeferredConsentReport && !skipUserConsent,

                isDeferredConsentReport);

        setCurrentDumpstateListenerLocked(myListener);

        try {

            ds.startBugreport(callingUid, callingPackage, bugreportFd, screenshotFd, bugreportMode,

                    bugreportFlags, myListener, isScreenshotRequested);

                    bugreportFlags, myListener, isScreenshotRequested, skipUserConsent);

        } catch (RemoteException e) {

            // dumpstate service is already started now. We need to kill it to manage the

            // lifecycle correctly. If we don't subsequent callers will get

        private boolean mDone;

        private boolean mKeepBugreportOnRetrieval;

        private boolean mConsentGranted;

        private boolean mIsDeferredReport;

        DumpstateListener(IDumpstateListener listener, IDumpstate ds,

                Pair<Integer, String> caller, boolean reportFinishedFile) {

            this(listener, ds, caller, reportFinishedFile, /* keepBugreportOnRetrieval= */ false);

                Pair<Integer, String> caller, boolean reportFinishedFile,

                boolean consentGranted, boolean isDeferredReport) {

            this(listener, ds, caller, reportFinishedFile, /* keepBugreportOnRetrieval= */ false,

                    consentGranted, isDeferredReport);

        }

        DumpstateListener(IDumpstateListener listener, IDumpstate ds,

                Pair<Integer, String> caller, boolean reportFinishedFile,

                boolean keepBugreportOnRetrieval) {

                boolean keepBugreportOnRetrieval, boolean consentGranted,

                boolean isDeferredReport) {

            if (DEBUG) {

                Slogf.d(TAG, "Starting DumpstateListener(id=%d) for caller %s", mId, caller);

            }

            mCaller = caller;

            mReportFinishedFile = reportFinishedFile;

            mKeepBugreportOnRetrieval = keepBugreportOnRetrieval;

            mConsentGranted = consentGranted;

            mIsDeferredReport = isDeferredReport;

            try {

                mDs.asBinder().linkToDeath(this, 0);

            } catch (RemoteException e) {

            } else if (DEBUG) {

                Slog.d(TAG, "Not reporting finished file");

            }

            mBugreportFileManager.logConsentGrantedForCaller(

                    mCaller.second, mConsentGranted, mIsDeferredReport);

            mListener.onFinished(bugreportFile);

        }

                new FileDescriptor(), /* screenshotFd= */ null,

                BugreportParams.BUGREPORT_MODE_FULL,

                /* flags= */ 0, new Listener(new CountDownLatch(1)),

                /* isScreenshotRequested= */ false);

                /* isScreenshotRequested= */ false,

                /* skipUserConsentUnused = */ false);

        assertThat(mInjector.isBugreportStarted()).isTrue();

    }

                new FileDescriptor(), /* screenshotFd= */ null,

                BugreportParams.BUGREPORT_MODE_FULL,

                /* flags= */ 0, new Listener(new CountDownLatch(1)),

                /* isScreenshotRequested= */ false);

                /* isScreenshotRequested= */ false,

                /* skipUserConsentUnused = */ false);

        assertThat(mInjector.isBugreportStarted()).isTrue();

    }

                        new FileDescriptor(), /* screenshotFd= */ null,

                        BugreportParams.BUGREPORT_MODE_FULL,

                        /* flags= */ 0, new Listener(new CountDownLatch(1)),

                        /* isScreenshotRequested= */ false));

                        /* isScreenshotRequested= */ false,

                        /* skipUserConsentUnused = */ false));

        assertThat(thrown.getMessage()).contains("not an admin user");

    }

                        new FileDescriptor(), /* screenshotFd= */ null,

                        BugreportParams.BUGREPORT_MODE_REMOTE,

                        /* flags= */ 0, new Listener(new CountDownLatch(1)),

                        /* isScreenshotRequested= */ false));

                        /* isScreenshotRequested= */ false,

                        /* skipUserConsentUnused = */ false));

        assertThat(thrown.getMessage()).contains("not affiliated to the device owner");

    }

        Listener listener = new Listener(latch);

        mService.retrieveBugreport(Binder.getCallingUid(), mContext.getPackageName(),

                mContext.getUserId(), new FileDescriptor(), mBugreportFile,

                /* keepOnRetrieval= */ false, listener);

                /* keepOnRetrieval= */ false, /* skipUserConsent = */ false, listener);

        assertThat(latch.await(5, TimeUnit.SECONDS)).isTrue();

        assertThat(listener.getErrorCode()).isEqualTo(

                BugreportCallback.BUGREPORT_ERROR_NO_BUGREPORT_TO_RETRIEVE);