[automerge] [DO NOT MERGE] Backport BAL restrictions from T to S, this blocks...

import android.annotation.UserIdInt;

import android.annotation.UserIdInt;

import android.app.Activity;

import android.app.Activity;

import android.app.ActivityManagerInternal;

import android.app.ActivityManagerInternal;

import android.app.ActivityOptions;

import android.app.AlarmManager;

import android.app.AlarmManager;

import android.app.AppOpsManager;

import android.app.AppOpsManager;

import android.app.BroadcastOptions;

import android.app.BroadcastOptions;

    private final SparseBooleanArray mPendingSendNextAlarmClockChangedForUser =

    private final SparseBooleanArray mPendingSendNextAlarmClockChangedForUser =

            new SparseBooleanArray();

            new SparseBooleanArray();

    private boolean mNextAlarmClockMayChange;

    private boolean mNextAlarmClockMayChange;

    ActivityOptions mActivityOptsRestrictBal = ActivityOptions.makeBasic();

    BroadcastOptions mBroadcastOptsRestrictBal = BroadcastOptions.makeBasic();

    @GuardedBy("mLock")

    @GuardedBy("mLock")

    private final Runnable mAlarmClockUpdater = () -> mNextAlarmClockMayChange = true;

    private final Runnable mAlarmClockUpdater = () -> mNextAlarmClockMayChange = true;

    @Override

    @Override

    public void onStart() {

    public void onStart() {

        mInjector.init();

        mInjector.init();

        mOptsWithFgs.setPendingIntentBackgroundActivityLaunchAllowed(false);

        mOptsWithoutFgs.setPendingIntentBackgroundActivityLaunchAllowed(false);

        mOptsTimeBroadcast.setPendingIntentBackgroundActivityLaunchAllowed(false);

        mActivityOptsRestrictBal.setPendingIntentBackgroundActivityLaunchAllowed(false);

        mBroadcastOptsRestrictBal.setPendingIntentBackgroundActivityLaunchAllowed(false);

        mMetricsHelper = new MetricsHelper(getContext(), mLock);

        mMetricsHelper = new MetricsHelper(getContext(), mLock);

        mListenerDeathRecipient = new IBinder.DeathRecipient() {

        mListenerDeathRecipient = new IBinder.DeathRecipient() {

        return alarm.creatorUid;

        return alarm.creatorUid;

    }

    }

    private Bundle getAlarmOperationBundle(Alarm alarm) {

        if (alarm.mIdleOptions != null) {

            return alarm.mIdleOptions;

        } else if (alarm.operation.isActivity()) {

            return mActivityOptsRestrictBal.toBundle();

        }

        return mBroadcastOptsRestrictBal.toBundle();

    }

    @VisibleForTesting

    @VisibleForTesting

    class AlarmHandler extends Handler {

    class AlarmHandler extends Handler {

                    for (int i = 0; i < triggerList.size(); i++) {

                    for (int i = 0; i < triggerList.size(); i++) {

                        Alarm alarm = triggerList.get(i);

                        Alarm alarm = triggerList.get(i);

                        try {

                        try {

                            alarm.operation.send();

                            // Disallow AlarmManager to start random background activity.

                            final Bundle bundle = getAlarmOperationBundle(alarm);

                            alarm.operation.send(/* context */ null, /* code */0, /* intent */

                                    null, /* onFinished */null, /* handler */

                                    null, /* requiredPermission */ null, bundle);

                        } catch (PendingIntent.CanceledException e) {

                        } catch (PendingIntent.CanceledException e) {

                            if (alarm.repeatInterval > 0) {

                            if (alarm.repeatInterval > 0) {

                                // This IntentSender is no longer valid, but this

                                // This IntentSender is no longer valid, but this

                    mSendCount++;

                    mSendCount++;

                    try {

                    try {

                        final Bundle bundle = getAlarmOperationBundle(alarm);

                        alarm.operation.send(getContext(), 0,

                        alarm.operation.send(getContext(), 0,

                                mBackgroundIntent.putExtra(Intent.EXTRA_ALARM_COUNT, alarm.count),

                                mBackgroundIntent.putExtra(Intent.EXTRA_ALARM_COUNT, alarm.count),

                                mDeliveryTracker, mHandler, null, alarm.mIdleOptions);

                                mDeliveryTracker, mHandler, null, bundle);

                    } catch (PendingIntent.CanceledException e) {

                    } catch (PendingIntent.CanceledException e) {

                        if (alarm.repeatInterval > 0) {

                        if (alarm.repeatInterval > 0) {

                            // This IntentSender is no longer valid, but this

                            // This IntentSender is no longer valid, but this

 * {@link android.content.Context#startActivity(android.content.Intent, android.os.Bundle)

 * {@link android.content.Context#startActivity(android.content.Intent, android.os.Bundle)

 * Context.startActivity(Intent, Bundle)} and related methods.

 * Context.startActivity(Intent, Bundle)} and related methods.

 */

 */

public class ActivityOptions {

public class ActivityOptions extends ComponentOptions {

    private static final String TAG = "ActivityOptions";

    private static final String TAG = "ActivityOptions";

    /**

    /**

    }

    }

    private ActivityOptions() {

    private ActivityOptions() {

        super();

    }

    }

    /** @hide */

    /** @hide */

    public ActivityOptions(Bundle opts) {

    public ActivityOptions(Bundle opts) {

        // If the remote side sent us bad parcelables, they won't get the

        super(opts);

        // results they want, which is their loss.

        opts.setDefusable(true);

        mPackageName = opts.getString(KEY_PACKAGE_NAME);

        mPackageName = opts.getString(KEY_PACKAGE_NAME);

        try {

        try {

     * object; you must not modify it, but can supply it to the startActivity

     * object; you must not modify it, but can supply it to the startActivity

     * methods that take an options Bundle.

     * methods that take an options Bundle.

     */

     */

    @Override

    public Bundle toBundle() {

    public Bundle toBundle() {

        Bundle b = new Bundle();

        Bundle b = super.toBundle();

        if (mPackageName != null) {

        if (mPackageName != null) {

            b.putString(KEY_PACKAGE_NAME, mPackageName);

            b.putString(KEY_PACKAGE_NAME, mPackageName);

        }

        }

 * {@hide}

 * {@hide}

 */

 */

@SystemApi

@SystemApi

public class BroadcastOptions {

public class BroadcastOptions extends ComponentOptions {

    private long mTemporaryAppAllowlistDuration;

    private long mTemporaryAppAllowlistDuration;

    private @TempAllowListType int mTemporaryAppAllowlistType;

    private @TempAllowListType int mTemporaryAppAllowlistType;

    private @ReasonCode int mTemporaryAppAllowlistReasonCode;

    private @ReasonCode int mTemporaryAppAllowlistReasonCode;

    }

    }

    private BroadcastOptions() {

    private BroadcastOptions() {

        super();

        resetTemporaryAppAllowlist();

        resetTemporaryAppAllowlist();

    }

    }

    /** @hide */

    /** @hide */

    @TestApi

    @TestApi

    public BroadcastOptions(@NonNull Bundle opts) {

    public BroadcastOptions(@NonNull Bundle opts) {

        super(opts);

        // Match the logic in toBundle().

        // Match the logic in toBundle().

        if (opts.containsKey(KEY_TEMPORARY_APP_ALLOWLIST_DURATION)) {

        if (opts.containsKey(KEY_TEMPORARY_APP_ALLOWLIST_DURATION)) {

            mTemporaryAppAllowlistDuration = opts.getLong(KEY_TEMPORARY_APP_ALLOWLIST_DURATION);

            mTemporaryAppAllowlistDuration = opts.getLong(KEY_TEMPORARY_APP_ALLOWLIST_DURATION);

        mTemporaryAppAllowlistReason = null;

        mTemporaryAppAllowlistReason = null;

    }

    }

    /**

     * Set PendingIntent activity is allowed to be started in the background if the caller

     * can start background activities.

     * @hide

     */

    public void setPendingIntentBackgroundActivityLaunchAllowed(boolean allowed) {

        super.setPendingIntentBackgroundActivityLaunchAllowed(allowed);

    }

    /**

     * Get PendingIntent activity is allowed to be started in the background if the caller

     * can start background activities.

     * @hide

     */

    public boolean isPendingIntentBackgroundActivityLaunchAllowed() {

        return super.isPendingIntentBackgroundActivityLaunchAllowed();

    }

    /**

    /**

     * Return {@link #setTemporaryAppAllowlist}.

     * Return {@link #setTemporaryAppAllowlist}.

     * @hide

     * @hide

     * object; you must not modify it, but can supply it to the sendBroadcast

     * object; you must not modify it, but can supply it to the sendBroadcast

     * methods that take an options Bundle.

     * methods that take an options Bundle.

     */

     */

    @Override

    public Bundle toBundle() {

    public Bundle toBundle() {

        Bundle b = new Bundle();

        Bundle b = super.toBundle();

        if (isTemporaryAppAllowlistSet()) {

        if (isTemporaryAppAllowlistSet()) {

            b.putLong(KEY_TEMPORARY_APP_ALLOWLIST_DURATION, mTemporaryAppAllowlistDuration);

            b.putLong(KEY_TEMPORARY_APP_ALLOWLIST_DURATION, mTemporaryAppAllowlistDuration);

            b.putInt(KEY_TEMPORARY_APP_ALLOWLIST_TYPE, mTemporaryAppAllowlistType);

            b.putInt(KEY_TEMPORARY_APP_ALLOWLIST_TYPE, mTemporaryAppAllowlistType);

/*

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.app;

import android.os.Bundle;

/**

 * @hide

 */

public class ComponentOptions {

    /**

     * Default value for KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED.

     * @hide

     **/

    public static final boolean PENDING_INTENT_BAL_ALLOWED_DEFAULT = true;

    /**

     * PendingIntent caller allows activity start even if PendingIntent creator is in background.

     * This only works if the PendingIntent caller is allowed to start background activities,

     * for example if it's in the foreground, or has BAL permission.

     * @hide

     */

    public static final String KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED =

            "android.pendingIntent.backgroundActivityAllowed";

    private boolean mPendingIntentBalAllowed = PENDING_INTENT_BAL_ALLOWED_DEFAULT;

    ComponentOptions() {

    }

    ComponentOptions(Bundle opts) {

        // If the remote side sent us bad parcelables, they won't get the

        // results they want, which is their loss.

        opts.setDefusable(true);

        setPendingIntentBackgroundActivityLaunchAllowed(

                opts.getBoolean(KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED,

                        PENDING_INTENT_BAL_ALLOWED_DEFAULT));

    }

    /**

     * Set PendingIntent activity is allowed to be started in the background if the caller

     * can start background activities.

     *

     * @hide

     */

    public void setPendingIntentBackgroundActivityLaunchAllowed(boolean allowed) {

        mPendingIntentBalAllowed = allowed;

    }

    /**

     * Get PendingIntent activity is allowed to be started in the background if the caller

     * can start background activities.

     *

     * @hide

     */

    public boolean isPendingIntentBackgroundActivityLaunchAllowed() {

        return mPendingIntentBalAllowed;

    }

    /**

     * @hide

     */

    public Bundle toBundle() {

        Bundle bundle = new Bundle();

        bundle.putBoolean(KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED, mPendingIntentBalAllowed);

        return bundle;

    }

}

                requiredPermission, null, null, 0, 0, 0, options);

                requiredPermission, null, null, 0, 0, 0, options);

    }

    }

    /**

     * Return true if the activity options allows PendingIntent to use caller's BAL permission.

     */

    public static boolean isPendingIntentBalAllowedByCaller(

            @Nullable ActivityOptions activityOptions) {

        if (activityOptions == null) {

            return ActivityOptions.PENDING_INTENT_BAL_ALLOWED_DEFAULT;

        }

        return isPendingIntentBalAllowedByCaller(activityOptions.toBundle());

    }

    private static boolean isPendingIntentBalAllowedByCaller(@Nullable Bundle options) {

        if (options == null) {

            return ActivityOptions.PENDING_INTENT_BAL_ALLOWED_DEFAULT;

        }

        return options.getBoolean(ActivityOptions.KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED,

                ActivityOptions.PENDING_INTENT_BAL_ALLOWED_DEFAULT);

    }

    public int sendInner(int code, Intent intent, String resolvedType, IBinder allowlistToken,

    public int sendInner(int code, Intent intent, String resolvedType, IBinder allowlistToken,

            IIntentReceiver finishedReceiver, String requiredPermission, IBinder resultTo,

            IIntentReceiver finishedReceiver, String requiredPermission, IBinder resultTo,

            String resultWho, int requestCode, int flagsMask, int flagsValues, Bundle options) {

            String resultWho, int requestCode, int flagsMask, int flagsValues, Bundle options) {

            // temporarily allow receivers and services to open activities from background if the

            // temporarily allow receivers and services to open activities from background if the

            // PendingIntent.send() caller was foreground at the time of sendInner() call

            // PendingIntent.send() caller was foreground at the time of sendInner() call

            final boolean allowTrampoline = uid != callingUid

            final boolean allowTrampoline = uid != callingUid

                    && controller.mAtmInternal.isUidForeground(callingUid);

                    && controller.mAtmInternal.isUidForeground(callingUid)

                    && isPendingIntentBalAllowedByCaller(options);

            // note: we on purpose don't pass in the information about the PendingIntent's creator,

            // note: we on purpose don't pass in the information about the PendingIntent's creator,

            // like pid or ProcessRecord, to the ActivityTaskManagerInternal calls below, because

            // like pid or ProcessRecord, to the ActivityTaskManagerInternal calls below, because