Loading core/java/android/security/responsible_apis_flags.aconfig +8 −1 Original line number Diff line number Diff line Loading @@ -12,10 +12,17 @@ flag { name: "asm_restrictions_enabled" is_exported: true namespace: "responsible_apis" description: "Enables ASM restrictions for activity starts and finishes" description: "Enables APIs for ASM" bug: "230590090" } flag { name: "asm_restrictions_v2" namespace: "responsible_apis" description: "Enables ASM restrictions for activity starts and finishes" bug: "416033243" } flag { name: "asm_toasts_enabled" namespace: "responsible_apis" Loading services/core/java/com/android/server/wm/ActivitySecurityModelFeatureFlags.javadeleted 100644 → 0 +0 −96 Original line number Diff line number Diff line /* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.wm; import static android.provider.DeviceConfig.NAMESPACE_WINDOW_MANAGER; import static com.android.server.wm.ActivityStarter.ASM_RESTRICTIONS; import android.annotation.NonNull; import android.app.compat.CompatChanges; import android.provider.DeviceConfig; import com.android.internal.annotations.GuardedBy; import java.util.concurrent.Executor; /** * Contains utility methods to query whether or not go/activity-security should be enabled * asm_start_rules_enabled - Enable rule enforcement in ActivityStarter.java * asm_start_rules_toasts_enabled - Show toasts when rules would block from ActivityStarter.java * asm_start_rules_exception_list - Comma separated list of packages to exclude from the above * 2 rules. * TODO(b/258792202) Cleanup once ASM is ready to launch */ class ActivitySecurityModelFeatureFlags { // TODO(b/230590090): Replace with public documentation once ready static final String DOC_LINK = "go/android-asm"; /** Used to determine which version of the ASM logic was used in logs while we iterate */ static final int ASM_VERSION = 11; private static final String NAMESPACE = NAMESPACE_WINDOW_MANAGER; private static final String KEY_ASM_PREFIX = "ActivitySecurity__"; private static final String KEY_ASM_RESTRICTIONS_ENABLED = KEY_ASM_PREFIX + "asm_restrictions_enabled"; private static final String KEY_ASM_TOASTS_ENABLED = KEY_ASM_PREFIX + "asm_toasts_enabled"; private static final int VALUE_DISABLE = 0; private static final int VALUE_ENABLE_FOR_V = 1; private static final int VALUE_ENABLE_FOR_ALL = 2; private static final int DEFAULT_VALUE = VALUE_DISABLE; private static int sAsmToastsEnabled; private static int sAsmRestrictionsEnabled; @GuardedBy("ActivityTaskManagerService.mGlobalLock") static void initialize(@NonNull Executor executor) { updateFromDeviceConfig(); DeviceConfig.addOnPropertiesChangedListener(NAMESPACE, executor, properties -> updateFromDeviceConfig()); } @GuardedBy("ActivityTaskManagerService.mGlobalLock") static boolean shouldShowToast(int uid) { return sAsmToastsEnabled == VALUE_ENABLE_FOR_ALL || (sAsmToastsEnabled == VALUE_ENABLE_FOR_V && CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, uid)); } @GuardedBy("ActivityTaskManagerService.mGlobalLock") static boolean shouldRestrictActivitySwitch(int uid) { if (android.security.Flags.asmRestrictionsEnabled()) { return CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, uid) || asmRestrictionsEnabledForAll(); } return false; } @GuardedBy("ActivityTaskManagerService.mGlobalLock") static boolean asmRestrictionsEnabledForAll() { return sAsmRestrictionsEnabled == VALUE_ENABLE_FOR_ALL; } private static void updateFromDeviceConfig() { sAsmToastsEnabled = DeviceConfig.getInt(NAMESPACE, KEY_ASM_TOASTS_ENABLED, DEFAULT_VALUE); sAsmRestrictionsEnabled = DeviceConfig.getInt(NAMESPACE, KEY_ASM_RESTRICTIONS_ENABLED, DEFAULT_VALUE); } } services/core/java/com/android/server/wm/ActivityTaskManagerService.java +0 −2 Original line number Diff line number Diff line Loading @@ -890,8 +890,6 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { mTaskSupervisor.onSystemReady(); mActivityClientController.onSystemReady(); mAppWarnings.onSystemReady(); // TODO(b/258792202) Cleanup once ASM is ready to launch ActivitySecurityModelFeatureFlags.initialize(mContext.getMainExecutor()); mGrammaticalManagerInternal = LocalServices.getService( GrammaticalInflectionManagerInternal.class); } Loading services/core/java/com/android/server/wm/BackgroundActivityStartController.java +28 −18 Original line number Diff line number Diff line Loading @@ -114,6 +114,10 @@ public class BackgroundActivityStartController { private static final long ASM_GRACEPERIOD_TIMEOUT_MS = TIMEOUT_MS; private static final int ASM_GRACEPERIOD_MAX_REPEATS = 5; private static final String DOC_LINK = "go/android-asm"; /** Used to determine which version of the ASM logic was used in logs while we iterate */ private static final int ASM_VERSION = 12; private static final int NO_PROCESS_UID = -1; private static final BalCheckConfiguration BAL_CHECK_FOREGROUND = new BalCheckConfiguration( Loading Loading @@ -1419,7 +1423,7 @@ public class BackgroundActivityStartController { : FrameworkStatsLog.ACTIVITY_ACTION_BLOCKED__ACTION__ACTIVITY_START_DIFFERENT_TASK); boolean enforceBlock = bas.mTopActivityOptedIn && ActivitySecurityModelFeatureFlags.shouldRestrictActivitySwitch(callingUid); && shouldRestrictActivitySwitch(callingUid); boolean allowedByGracePeriod = allowedByAsmGracePeriod(callingUid, sourceRecord, targetTask, balVerdict, taskToFront, avoidMoveTaskToFront); Loading Loading @@ -1452,7 +1456,7 @@ public class BackgroundActivityStartController { /* action */ action, /* version */ ActivitySecurityModelFeatureFlags.ASM_VERSION, ASM_VERSION, /* multi_window - we have our source not in the target task, but both are visible */ targetTask != null && sourceRecord != null && !targetTask.equals(sourceRecord.getTask()) && targetTask.isVisible(), Loading @@ -1463,8 +1467,8 @@ public class BackgroundActivityStartController { ); String launchedFromPackageName = targetRecord.launchedFromPackage; if (ActivitySecurityModelFeatureFlags.shouldShowToast(callingUid)) { String toastText = ActivitySecurityModelFeatureFlags.DOC_LINK if (shouldShowToast(callingUid)) { String toastText = DOC_LINK + (enforceBlock ? " blocked " : " would block ") + getApplicationLabel(getService().mContext.getPackageManager(), launchedFromPackageName); Loading Loading @@ -1521,8 +1525,7 @@ public class BackgroundActivityStartController { // Find the first activity which matches a safe UID and is not finishing. Clear everything // above it int[] finishCount = new int[1]; boolean shouldBlockActivityStart = ActivitySecurityModelFeatureFlags .shouldRestrictActivitySwitch(callingUid); boolean shouldBlockActivityStart = shouldRestrictActivitySwitch(callingUid); BlockActivityStart bas = checkCrossUidActivitySwitchFromBelow( targetTaskTop, callingUid, new BlockActivityStart()); if (shouldBlockActivityStart && bas.mTopActivityOptedIn) { Loading @@ -1539,12 +1542,12 @@ public class BackgroundActivityStartController { } } if (ActivitySecurityModelFeatureFlags.shouldShowToast(callingUid) if (shouldShowToast(callingUid) && (!shouldBlockActivityStart || finishCount[0] > 0)) { showToast((shouldBlockActivityStart ? "Top activities cleared by " : "Top activities would be cleared by ") + ActivitySecurityModelFeatureFlags.DOC_LINK); + DOC_LINK); Slog.i(TAG, getDebugInfoForActivitySecurity("Clear Top", sourceRecord, targetRecord, targetTask, targetTaskTop, realCallingUid, balVerdict, shouldBlockActivityStart, Loading Loading @@ -1614,7 +1617,7 @@ public class BackgroundActivityStartController { /* action */ FrameworkStatsLog.ACTIVITY_ACTION_BLOCKED__ACTION__FINISH_TASK, /* version */ ActivitySecurityModelFeatureFlags.ASM_VERSION, ASM_VERSION, /* multi_window */ false, /* bal_code */ Loading @@ -1623,8 +1626,8 @@ public class BackgroundActivityStartController { null ); boolean restrictActivitySwitch = ActivitySecurityModelFeatureFlags .shouldRestrictActivitySwitch(callingUid) && bas.mTopActivityOptedIn; boolean restrictActivitySwitch = shouldRestrictActivitySwitch(callingUid) && bas.mTopActivityOptedIn; PackageManager pm = getService().mContext.getPackageManager(); String callingPackage = pm.getNameForUid(callingUid); Loading @@ -1636,8 +1639,8 @@ public class BackgroundActivityStartController { callingLabel = getApplicationLabel(pm, callingPackage); } if (ActivitySecurityModelFeatureFlags.shouldShowToast(callingUid)) { showToast((ActivitySecurityModelFeatureFlags.DOC_LINK if (shouldShowToast(callingUid)) { showToast((DOC_LINK + (restrictActivitySwitch ? " returned home due to " : " would return home due to ") + callingLabel)); Loading Loading @@ -1823,12 +1826,10 @@ public class BackgroundActivityStartController { joiner.add(prefix + "------ Activity Security " + action + " Debug Logging Start ------"); joiner.add(prefix + "Block Enabled: " + enforceBlock); if (!enforceBlock) { joiner.add(prefix + "Feature Flag Enabled: " + android.security .Flags.asmRestrictionsEnabled()); joiner.add(prefix + "Mendel Override: " + ActivitySecurityModelFeatureFlags .asmRestrictionsEnabledForAll()); joiner.add(prefix + "Restrictions Enabled: " + android.security .Flags.asmRestrictionsV2()); } joiner.add(prefix + "ASM Version: " + ActivitySecurityModelFeatureFlags.ASM_VERSION); joiner.add(prefix + "ASM Version: " + ASM_VERSION); joiner.add(prefix + "System Time: " + SystemClock.uptimeMillis()); joiner.add(prefix + "Activity Opted In: " + recordToString.apply(activityOptedIn)); Loading Loading @@ -2198,4 +2199,13 @@ public class BackgroundActivityStartController { }, ASM_GRACEPERIOD_TIMEOUT_MS); } } static boolean shouldShowToast(int uid) { return android.security.Flags.asmToastsEnabled(); } static boolean shouldRestrictActivitySwitch(int uid) { return android.security.Flags.asmRestrictionsV2() && CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, uid); } } Loading
core/java/android/security/responsible_apis_flags.aconfig +8 −1 Original line number Diff line number Diff line Loading @@ -12,10 +12,17 @@ flag { name: "asm_restrictions_enabled" is_exported: true namespace: "responsible_apis" description: "Enables ASM restrictions for activity starts and finishes" description: "Enables APIs for ASM" bug: "230590090" } flag { name: "asm_restrictions_v2" namespace: "responsible_apis" description: "Enables ASM restrictions for activity starts and finishes" bug: "416033243" } flag { name: "asm_toasts_enabled" namespace: "responsible_apis" Loading
services/core/java/com/android/server/wm/ActivitySecurityModelFeatureFlags.javadeleted 100644 → 0 +0 −96 Original line number Diff line number Diff line /* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server.wm; import static android.provider.DeviceConfig.NAMESPACE_WINDOW_MANAGER; import static com.android.server.wm.ActivityStarter.ASM_RESTRICTIONS; import android.annotation.NonNull; import android.app.compat.CompatChanges; import android.provider.DeviceConfig; import com.android.internal.annotations.GuardedBy; import java.util.concurrent.Executor; /** * Contains utility methods to query whether or not go/activity-security should be enabled * asm_start_rules_enabled - Enable rule enforcement in ActivityStarter.java * asm_start_rules_toasts_enabled - Show toasts when rules would block from ActivityStarter.java * asm_start_rules_exception_list - Comma separated list of packages to exclude from the above * 2 rules. * TODO(b/258792202) Cleanup once ASM is ready to launch */ class ActivitySecurityModelFeatureFlags { // TODO(b/230590090): Replace with public documentation once ready static final String DOC_LINK = "go/android-asm"; /** Used to determine which version of the ASM logic was used in logs while we iterate */ static final int ASM_VERSION = 11; private static final String NAMESPACE = NAMESPACE_WINDOW_MANAGER; private static final String KEY_ASM_PREFIX = "ActivitySecurity__"; private static final String KEY_ASM_RESTRICTIONS_ENABLED = KEY_ASM_PREFIX + "asm_restrictions_enabled"; private static final String KEY_ASM_TOASTS_ENABLED = KEY_ASM_PREFIX + "asm_toasts_enabled"; private static final int VALUE_DISABLE = 0; private static final int VALUE_ENABLE_FOR_V = 1; private static final int VALUE_ENABLE_FOR_ALL = 2; private static final int DEFAULT_VALUE = VALUE_DISABLE; private static int sAsmToastsEnabled; private static int sAsmRestrictionsEnabled; @GuardedBy("ActivityTaskManagerService.mGlobalLock") static void initialize(@NonNull Executor executor) { updateFromDeviceConfig(); DeviceConfig.addOnPropertiesChangedListener(NAMESPACE, executor, properties -> updateFromDeviceConfig()); } @GuardedBy("ActivityTaskManagerService.mGlobalLock") static boolean shouldShowToast(int uid) { return sAsmToastsEnabled == VALUE_ENABLE_FOR_ALL || (sAsmToastsEnabled == VALUE_ENABLE_FOR_V && CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, uid)); } @GuardedBy("ActivityTaskManagerService.mGlobalLock") static boolean shouldRestrictActivitySwitch(int uid) { if (android.security.Flags.asmRestrictionsEnabled()) { return CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, uid) || asmRestrictionsEnabledForAll(); } return false; } @GuardedBy("ActivityTaskManagerService.mGlobalLock") static boolean asmRestrictionsEnabledForAll() { return sAsmRestrictionsEnabled == VALUE_ENABLE_FOR_ALL; } private static void updateFromDeviceConfig() { sAsmToastsEnabled = DeviceConfig.getInt(NAMESPACE, KEY_ASM_TOASTS_ENABLED, DEFAULT_VALUE); sAsmRestrictionsEnabled = DeviceConfig.getInt(NAMESPACE, KEY_ASM_RESTRICTIONS_ENABLED, DEFAULT_VALUE); } }
services/core/java/com/android/server/wm/ActivityTaskManagerService.java +0 −2 Original line number Diff line number Diff line Loading @@ -890,8 +890,6 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { mTaskSupervisor.onSystemReady(); mActivityClientController.onSystemReady(); mAppWarnings.onSystemReady(); // TODO(b/258792202) Cleanup once ASM is ready to launch ActivitySecurityModelFeatureFlags.initialize(mContext.getMainExecutor()); mGrammaticalManagerInternal = LocalServices.getService( GrammaticalInflectionManagerInternal.class); } Loading
services/core/java/com/android/server/wm/BackgroundActivityStartController.java +28 −18 Original line number Diff line number Diff line Loading @@ -114,6 +114,10 @@ public class BackgroundActivityStartController { private static final long ASM_GRACEPERIOD_TIMEOUT_MS = TIMEOUT_MS; private static final int ASM_GRACEPERIOD_MAX_REPEATS = 5; private static final String DOC_LINK = "go/android-asm"; /** Used to determine which version of the ASM logic was used in logs while we iterate */ private static final int ASM_VERSION = 12; private static final int NO_PROCESS_UID = -1; private static final BalCheckConfiguration BAL_CHECK_FOREGROUND = new BalCheckConfiguration( Loading Loading @@ -1419,7 +1423,7 @@ public class BackgroundActivityStartController { : FrameworkStatsLog.ACTIVITY_ACTION_BLOCKED__ACTION__ACTIVITY_START_DIFFERENT_TASK); boolean enforceBlock = bas.mTopActivityOptedIn && ActivitySecurityModelFeatureFlags.shouldRestrictActivitySwitch(callingUid); && shouldRestrictActivitySwitch(callingUid); boolean allowedByGracePeriod = allowedByAsmGracePeriod(callingUid, sourceRecord, targetTask, balVerdict, taskToFront, avoidMoveTaskToFront); Loading Loading @@ -1452,7 +1456,7 @@ public class BackgroundActivityStartController { /* action */ action, /* version */ ActivitySecurityModelFeatureFlags.ASM_VERSION, ASM_VERSION, /* multi_window - we have our source not in the target task, but both are visible */ targetTask != null && sourceRecord != null && !targetTask.equals(sourceRecord.getTask()) && targetTask.isVisible(), Loading @@ -1463,8 +1467,8 @@ public class BackgroundActivityStartController { ); String launchedFromPackageName = targetRecord.launchedFromPackage; if (ActivitySecurityModelFeatureFlags.shouldShowToast(callingUid)) { String toastText = ActivitySecurityModelFeatureFlags.DOC_LINK if (shouldShowToast(callingUid)) { String toastText = DOC_LINK + (enforceBlock ? " blocked " : " would block ") + getApplicationLabel(getService().mContext.getPackageManager(), launchedFromPackageName); Loading Loading @@ -1521,8 +1525,7 @@ public class BackgroundActivityStartController { // Find the first activity which matches a safe UID and is not finishing. Clear everything // above it int[] finishCount = new int[1]; boolean shouldBlockActivityStart = ActivitySecurityModelFeatureFlags .shouldRestrictActivitySwitch(callingUid); boolean shouldBlockActivityStart = shouldRestrictActivitySwitch(callingUid); BlockActivityStart bas = checkCrossUidActivitySwitchFromBelow( targetTaskTop, callingUid, new BlockActivityStart()); if (shouldBlockActivityStart && bas.mTopActivityOptedIn) { Loading @@ -1539,12 +1542,12 @@ public class BackgroundActivityStartController { } } if (ActivitySecurityModelFeatureFlags.shouldShowToast(callingUid) if (shouldShowToast(callingUid) && (!shouldBlockActivityStart || finishCount[0] > 0)) { showToast((shouldBlockActivityStart ? "Top activities cleared by " : "Top activities would be cleared by ") + ActivitySecurityModelFeatureFlags.DOC_LINK); + DOC_LINK); Slog.i(TAG, getDebugInfoForActivitySecurity("Clear Top", sourceRecord, targetRecord, targetTask, targetTaskTop, realCallingUid, balVerdict, shouldBlockActivityStart, Loading Loading @@ -1614,7 +1617,7 @@ public class BackgroundActivityStartController { /* action */ FrameworkStatsLog.ACTIVITY_ACTION_BLOCKED__ACTION__FINISH_TASK, /* version */ ActivitySecurityModelFeatureFlags.ASM_VERSION, ASM_VERSION, /* multi_window */ false, /* bal_code */ Loading @@ -1623,8 +1626,8 @@ public class BackgroundActivityStartController { null ); boolean restrictActivitySwitch = ActivitySecurityModelFeatureFlags .shouldRestrictActivitySwitch(callingUid) && bas.mTopActivityOptedIn; boolean restrictActivitySwitch = shouldRestrictActivitySwitch(callingUid) && bas.mTopActivityOptedIn; PackageManager pm = getService().mContext.getPackageManager(); String callingPackage = pm.getNameForUid(callingUid); Loading @@ -1636,8 +1639,8 @@ public class BackgroundActivityStartController { callingLabel = getApplicationLabel(pm, callingPackage); } if (ActivitySecurityModelFeatureFlags.shouldShowToast(callingUid)) { showToast((ActivitySecurityModelFeatureFlags.DOC_LINK if (shouldShowToast(callingUid)) { showToast((DOC_LINK + (restrictActivitySwitch ? " returned home due to " : " would return home due to ") + callingLabel)); Loading Loading @@ -1823,12 +1826,10 @@ public class BackgroundActivityStartController { joiner.add(prefix + "------ Activity Security " + action + " Debug Logging Start ------"); joiner.add(prefix + "Block Enabled: " + enforceBlock); if (!enforceBlock) { joiner.add(prefix + "Feature Flag Enabled: " + android.security .Flags.asmRestrictionsEnabled()); joiner.add(prefix + "Mendel Override: " + ActivitySecurityModelFeatureFlags .asmRestrictionsEnabledForAll()); joiner.add(prefix + "Restrictions Enabled: " + android.security .Flags.asmRestrictionsV2()); } joiner.add(prefix + "ASM Version: " + ActivitySecurityModelFeatureFlags.ASM_VERSION); joiner.add(prefix + "ASM Version: " + ASM_VERSION); joiner.add(prefix + "System Time: " + SystemClock.uptimeMillis()); joiner.add(prefix + "Activity Opted In: " + recordToString.apply(activityOptedIn)); Loading Loading @@ -2198,4 +2199,13 @@ public class BackgroundActivityStartController { }, ASM_GRACEPERIOD_TIMEOUT_MS); } } static boolean shouldShowToast(int uid) { return android.security.Flags.asmToastsEnabled(); } static boolean shouldRestrictActivitySwitch(int uid) { return android.security.Flags.asmRestrictionsV2() && CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, uid); } }
