Merge "Add checks to allow SDK sandbox uids to broadcast certain intents" into tm-dev

                intent.addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);

            }

            if (Process.isSdkSandboxUid(realCallingUid)) {

                SdkSandboxManagerLocal sdkSandboxManagerLocal = LocalManagerRegistry.getManager(

                        SdkSandboxManagerLocal.class);

                if (sdkSandboxManagerLocal == null) {

                    throw new IllegalStateException("SdkSandboxManagerLocal not found when sending"

                            + " a broadcast from an SDK sandbox uid.");

                }

                sdkSandboxManagerLocal.enforceAllowedToSendBroadcast(intent);

            }

            switch (action) {

                case Intent.ACTION_MEDIA_SCANNER_SCAN_FILE:

                    UserManagerInternal umInternal = LocalServices.getService(

                : (realCallingAppId == Process.SYSTEM_UID)

                        || realCallingUidProcState <= ActivityManager.PROCESS_STATE_PERSISTENT_UI;

        // In the case of an SDK sandbox calling uid, check if the corresponding app uid has a

        // visible window.

        if (Process.isSdkSandboxUid(realCallingUid)) {

            int realCallingSdkSandboxUidToAppUid = Process.getAppUidForSdkSandboxUid(

                    UserHandle.getAppId(realCallingUid));

            if (mService.hasActiveVisibleWindow(realCallingSdkSandboxUidToAppUid)) {

                if (DEBUG_ACTIVITY_STARTS) {

                    Slog.d(TAG, "Activity start allowed: uid in SDK sandbox ("

                            + realCallingUid + ") has visible (non-toast) window.");

                }

                return false;

            }

        }

        // Legacy behavior allows to use caller foreground state to bypass BAL restriction.

        final boolean balAllowedByPiSender =

                PendingIntentRecord.isPendingIntentBalAllowedByCaller(checkedOptions);

import com.android.internal.util.FastPrintWriter;

import com.android.internal.util.FrameworkStatsLog;

import com.android.internal.util.function.pooled.PooledLambda;

import com.android.server.LocalManagerRegistry;

import com.android.server.LocalServices;

import com.android.server.SystemService;

import com.android.server.SystemServiceManager;

import com.android.server.firewall.IntentFirewall;

import com.android.server.pm.UserManagerService;

import com.android.server.policy.PermissionPolicyInternal;

import com.android.server.sdksandbox.SdkSandboxManagerLocal;

import com.android.server.statusbar.StatusBarManagerInternal;

import com.android.server.uri.NeededUriGrants;

import com.android.server.uri.UriGrantsManagerInternal;

            ProfilerInfo profilerInfo, Bundle bOptions, int userId, boolean validateIncomingUser) {

        assertPackageMatchesCallingUid(callingPackage);

        enforceNotIsolatedCaller("startActivityAsUser");

        if (Process.isSdkSandboxUid(Binder.getCallingUid())) {

            SdkSandboxManagerLocal sdkSandboxManagerLocal = LocalManagerRegistry.getManager(

                    SdkSandboxManagerLocal.class);

            if (sdkSandboxManagerLocal == null) {

                throw new IllegalStateException("SdkSandboxManagerLocal not found when starting"

                        + " an activity from an SDK sandbox uid.");

            }

            sdkSandboxManagerLocal.enforceAllowedToStartActivity(intent);

        }

        userId = getActivityStartController().checkTargetUser(userId, validateIncomingUser,

                Binder.getCallingPid(), Binder.getCallingUid(), "startActivityAsUser");

        "hamcrest-library",

        "platform-compat-test-rules",

        "CtsSurfaceValidatorLib",

        "service-sdksandbox.impl",

    ],

    libs: [