Loading services/core/java/com/android/server/pm/permission/PermissionManagerService.java +22 −15 Original line number Diff line number Diff line Loading @@ -2293,10 +2293,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } final int callingUid = Binder.getCallingUid(); final int userId = UserHandle.getUserId(newPackage.getUid()); for (int userId: mUserManagerInt.getUserIds()) { int numRequestedPermissions = newPackage.getRequestedPermissions().size(); for (int i = 0; i < numRequestedPermissions; i++) { PermissionInfo permInfo = getPermissionInfo(newPackage.getRequestedPermissions().get(i), PermissionInfo permInfo = getPermissionInfo( newPackage.getRequestedPermissions().get(i), newPackage.getPackageName(), 0); if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) { continue; Loading @@ -2308,8 +2309,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { + downgradedSdk + " or newly requested legacy full storage " + newlyRequestsLegacy); try { revokeRuntimePermissionInternal(permInfo.name, newPackage.getPackageName(), false, callingUid, userId, null, permissionCallback); } catch (IllegalStateException | SecurityException e) { Log.e(TAG, "unable to revoke " + permInfo.name + " for " + newPackage.getPackageName() + " user " + userId, e); } } } } Loading services/core/java/com/android/server/rollback/RollbackManagerServiceImpl.java +4 −2 Original line number Diff line number Diff line Loading @@ -554,8 +554,10 @@ class RollbackManagerServiceImpl extends IRollbackManager.Stub { PackageInstaller.SessionInfo session = mContext.getPackageManager() .getPackageInstaller().getSessionInfo(rollback.getStagedSessionId()); if (session == null || session.isStagedSessionFailed()) { if (rollback.isEnabling()) { iter.remove(); rollback.delete(mAppDataRollbackHelper); } continue; } Loading services/core/java/com/android/server/wm/RootWindowContainer.java +8 −32 Original line number Diff line number Diff line Loading @@ -3372,7 +3372,7 @@ class RootWindowContainer extends WindowContainer<DisplayContent> } /** * Find all visible task stacks containing {@param userId} and intercept them with an activity * Find all task stacks containing {@param userId} and intercept them with an activity * to block out the contents and possibly start a credential-confirming intent. * * @param userId user handle for the locked managed profile. Loading @@ -3380,40 +3380,16 @@ class RootWindowContainer extends WindowContainer<DisplayContent> void lockAllProfileTasks(@UserIdInt int userId) { mService.deferWindowLayout(); try { final PooledConsumer c = PooledLambda.obtainConsumer( RootWindowContainer::taskTopActivityIsUser, this, PooledLambda.__(Task.class), userId); forAllLeafTasks(c, true /* traverseTopToBottom */); c.recycle(); } finally { mService.continueWindowLayout(); } } /** * Detects whether we should show a lock screen in front of this task for a locked user. * <p> * We'll do this if either of the following holds: * <ul> * <li>The top activity explicitly belongs to {@param userId}.</li> * <li>The top activity returns a result to an activity belonging to {@param userId}.</li> * </ul> * * @return {@code true} if the top activity looks like it belongs to {@param userId}. */ private void taskTopActivityIsUser(Task task, @UserIdInt int userId) { // To handle the case that work app is in the task but just is not the top one. final ActivityRecord activityRecord = task.getTopNonFinishingActivity(); final ActivityRecord resultTo = (activityRecord != null ? activityRecord.resultTo : null); // Check the task for a top activity belonging to userId, or returning a // result to an activity belonging to userId. Example case: a document // picker for personal files, opened by a work app, should still get locked. if ((activityRecord != null && activityRecord.mUserId == userId) || (resultTo != null && resultTo.mUserId == userId)) { forAllLeafTasks(task -> { if (task.getActivity(activity -> !activity.finishing && activity.mUserId == userId) != null) { mService.getTaskChangeNotificationController().notifyTaskProfileLocked( task.mTaskId, userId); } }, true /* traverseTopToBottom */); } finally { mService.continueWindowLayout(); } } void cancelInitializingActivities() { Loading services/tests/wmtests/src/com/android/server/wm/RootWindowContainerTests.java +33 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ import static android.view.WindowManager.LayoutParams.TYPE_NOTIFICATION_SHADE; import static android.view.WindowManager.LayoutParams.TYPE_STATUS_BAR; import static android.view.WindowManager.LayoutParams.TYPE_TOAST; import static com.android.dx.mockito.inline.extended.ExtendedMockito.spyOn; import static com.android.server.wm.ActivityStack.ActivityState.FINISHING; import static com.android.server.wm.ActivityStack.ActivityState.PAUSED; import static com.android.server.wm.ActivityStack.ActivityState.PAUSING; Loading @@ -36,10 +37,13 @@ import static com.google.common.truth.Truth.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.verify; import android.app.WindowConfiguration; import android.content.ComponentName; import android.content.pm.ActivityInfo; import android.os.UserHandle; import android.platform.test.annotations.Presubmit; import androidx.test.filters.SmallTest; Loading Loading @@ -169,5 +173,34 @@ public class RootWindowContainerTests extends WindowTestsBase { activity.setState(FINISHING, "test FINISHING"); assertThat(mWm.mRoot.allPausedActivitiesComplete()).isTrue(); } @Test public void testLockAllProfileTasks() { // Make an activity visible with the user id set to 0 DisplayContent displayContent = mWm.mRoot.getDisplayContent(DEFAULT_DISPLAY); TaskDisplayArea taskDisplayArea = displayContent.getTaskDisplayAreaAt(0); final ActivityStack stack = createTaskStackOnDisplay(WINDOWING_MODE_FULLSCREEN, ACTIVITY_TYPE_STANDARD, displayContent); final ActivityRecord activity = new ActivityTestsBase.ActivityBuilder(stack.mAtmService) .setStack(stack) .setUid(0) .setCreateTask(true) .build(); // Create another activity on top and the user id is 1 Task task = activity.getTask(); final ActivityRecord topActivity = new ActivityTestsBase.ActivityBuilder(mWm.mAtmService) .setStack(stack) .setUid(UserHandle.PER_USER_RANGE + 1) .setTask(task) .build(); // Make sure the listeners will be notified for putting the task to locked state TaskChangeNotificationController controller = mWm.mAtmService.getTaskChangeNotificationController(); spyOn(controller); mWm.mRoot.lockAllProfileTasks(0); verify(controller).notifyTaskProfileLocked(eq(task.mTaskId), eq(0)); } } tests/RollbackTest/RollbackTest/src/com/android/tests/rollback/StagedRollbackTest.java +27 −0 Original line number Diff line number Diff line Loading @@ -481,6 +481,33 @@ public class StagedRollbackTest { assertThat(sm.isCheckpointSupported()).isTrue(); } @Test public void testExpireSession_Phase1_Install() throws Exception { assertThat(InstallUtils.getInstalledVersion(TestApp.A)).isEqualTo(-1); Install.single(TestApp.A1).commit(); assertThat(InstallUtils.getInstalledVersion(TestApp.A)).isEqualTo(1); Install.single(TestApp.A2).setEnableRollback().setStaged().commit(); } @Test public void testExpireSession_Phase2_VerifyInstall() throws Exception { assertThat(InstallUtils.getInstalledVersion(TestApp.A)).isEqualTo(2); RollbackManager rm = RollbackUtils.getRollbackManager(); RollbackInfo rollback = getUniqueRollbackInfoForPackage( rm.getAvailableRollbacks(), TestApp.A); assertThat(rollback).isNotNull(); assertThat(rollback).packagesContainsExactly(Rollback.from(TestApp.A2).to(TestApp.A1)); assertThat(rollback.isStaged()).isTrue(); } @Test public void testExpireSession_Phase3_VerifyRollback() throws Exception { RollbackManager rm = RollbackUtils.getRollbackManager(); RollbackInfo rollback = getUniqueRollbackInfoForPackage( rm.getAvailableRollbacks(), TestApp.A); assertThat(rollback).isNotNull(); } @Test public void hasMainlineModule() throws Exception { String pkgName = getModuleMetadataPackageName(); Loading Loading
services/core/java/com/android/server/pm/permission/PermissionManagerService.java +22 −15 Original line number Diff line number Diff line Loading @@ -2293,10 +2293,11 @@ public class PermissionManagerService extends IPermissionManager.Stub { } final int callingUid = Binder.getCallingUid(); final int userId = UserHandle.getUserId(newPackage.getUid()); for (int userId: mUserManagerInt.getUserIds()) { int numRequestedPermissions = newPackage.getRequestedPermissions().size(); for (int i = 0; i < numRequestedPermissions; i++) { PermissionInfo permInfo = getPermissionInfo(newPackage.getRequestedPermissions().get(i), PermissionInfo permInfo = getPermissionInfo( newPackage.getRequestedPermissions().get(i), newPackage.getPackageName(), 0); if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) { continue; Loading @@ -2308,8 +2309,14 @@ public class PermissionManagerService extends IPermissionManager.Stub { + downgradedSdk + " or newly requested legacy full storage " + newlyRequestsLegacy); try { revokeRuntimePermissionInternal(permInfo.name, newPackage.getPackageName(), false, callingUid, userId, null, permissionCallback); } catch (IllegalStateException | SecurityException e) { Log.e(TAG, "unable to revoke " + permInfo.name + " for " + newPackage.getPackageName() + " user " + userId, e); } } } } Loading
services/core/java/com/android/server/rollback/RollbackManagerServiceImpl.java +4 −2 Original line number Diff line number Diff line Loading @@ -554,8 +554,10 @@ class RollbackManagerServiceImpl extends IRollbackManager.Stub { PackageInstaller.SessionInfo session = mContext.getPackageManager() .getPackageInstaller().getSessionInfo(rollback.getStagedSessionId()); if (session == null || session.isStagedSessionFailed()) { if (rollback.isEnabling()) { iter.remove(); rollback.delete(mAppDataRollbackHelper); } continue; } Loading
services/core/java/com/android/server/wm/RootWindowContainer.java +8 −32 Original line number Diff line number Diff line Loading @@ -3372,7 +3372,7 @@ class RootWindowContainer extends WindowContainer<DisplayContent> } /** * Find all visible task stacks containing {@param userId} and intercept them with an activity * Find all task stacks containing {@param userId} and intercept them with an activity * to block out the contents and possibly start a credential-confirming intent. * * @param userId user handle for the locked managed profile. Loading @@ -3380,40 +3380,16 @@ class RootWindowContainer extends WindowContainer<DisplayContent> void lockAllProfileTasks(@UserIdInt int userId) { mService.deferWindowLayout(); try { final PooledConsumer c = PooledLambda.obtainConsumer( RootWindowContainer::taskTopActivityIsUser, this, PooledLambda.__(Task.class), userId); forAllLeafTasks(c, true /* traverseTopToBottom */); c.recycle(); } finally { mService.continueWindowLayout(); } } /** * Detects whether we should show a lock screen in front of this task for a locked user. * <p> * We'll do this if either of the following holds: * <ul> * <li>The top activity explicitly belongs to {@param userId}.</li> * <li>The top activity returns a result to an activity belonging to {@param userId}.</li> * </ul> * * @return {@code true} if the top activity looks like it belongs to {@param userId}. */ private void taskTopActivityIsUser(Task task, @UserIdInt int userId) { // To handle the case that work app is in the task but just is not the top one. final ActivityRecord activityRecord = task.getTopNonFinishingActivity(); final ActivityRecord resultTo = (activityRecord != null ? activityRecord.resultTo : null); // Check the task for a top activity belonging to userId, or returning a // result to an activity belonging to userId. Example case: a document // picker for personal files, opened by a work app, should still get locked. if ((activityRecord != null && activityRecord.mUserId == userId) || (resultTo != null && resultTo.mUserId == userId)) { forAllLeafTasks(task -> { if (task.getActivity(activity -> !activity.finishing && activity.mUserId == userId) != null) { mService.getTaskChangeNotificationController().notifyTaskProfileLocked( task.mTaskId, userId); } }, true /* traverseTopToBottom */); } finally { mService.continueWindowLayout(); } } void cancelInitializingActivities() { Loading
services/tests/wmtests/src/com/android/server/wm/RootWindowContainerTests.java +33 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ import static android.view.WindowManager.LayoutParams.TYPE_NOTIFICATION_SHADE; import static android.view.WindowManager.LayoutParams.TYPE_STATUS_BAR; import static android.view.WindowManager.LayoutParams.TYPE_TOAST; import static com.android.dx.mockito.inline.extended.ExtendedMockito.spyOn; import static com.android.server.wm.ActivityStack.ActivityState.FINISHING; import static com.android.server.wm.ActivityStack.ActivityState.PAUSED; import static com.android.server.wm.ActivityStack.ActivityState.PAUSING; Loading @@ -36,10 +37,13 @@ import static com.google.common.truth.Truth.assertThat; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.verify; import android.app.WindowConfiguration; import android.content.ComponentName; import android.content.pm.ActivityInfo; import android.os.UserHandle; import android.platform.test.annotations.Presubmit; import androidx.test.filters.SmallTest; Loading Loading @@ -169,5 +173,34 @@ public class RootWindowContainerTests extends WindowTestsBase { activity.setState(FINISHING, "test FINISHING"); assertThat(mWm.mRoot.allPausedActivitiesComplete()).isTrue(); } @Test public void testLockAllProfileTasks() { // Make an activity visible with the user id set to 0 DisplayContent displayContent = mWm.mRoot.getDisplayContent(DEFAULT_DISPLAY); TaskDisplayArea taskDisplayArea = displayContent.getTaskDisplayAreaAt(0); final ActivityStack stack = createTaskStackOnDisplay(WINDOWING_MODE_FULLSCREEN, ACTIVITY_TYPE_STANDARD, displayContent); final ActivityRecord activity = new ActivityTestsBase.ActivityBuilder(stack.mAtmService) .setStack(stack) .setUid(0) .setCreateTask(true) .build(); // Create another activity on top and the user id is 1 Task task = activity.getTask(); final ActivityRecord topActivity = new ActivityTestsBase.ActivityBuilder(mWm.mAtmService) .setStack(stack) .setUid(UserHandle.PER_USER_RANGE + 1) .setTask(task) .build(); // Make sure the listeners will be notified for putting the task to locked state TaskChangeNotificationController controller = mWm.mAtmService.getTaskChangeNotificationController(); spyOn(controller); mWm.mRoot.lockAllProfileTasks(0); verify(controller).notifyTaskProfileLocked(eq(task.mTaskId), eq(0)); } }
tests/RollbackTest/RollbackTest/src/com/android/tests/rollback/StagedRollbackTest.java +27 −0 Original line number Diff line number Diff line Loading @@ -481,6 +481,33 @@ public class StagedRollbackTest { assertThat(sm.isCheckpointSupported()).isTrue(); } @Test public void testExpireSession_Phase1_Install() throws Exception { assertThat(InstallUtils.getInstalledVersion(TestApp.A)).isEqualTo(-1); Install.single(TestApp.A1).commit(); assertThat(InstallUtils.getInstalledVersion(TestApp.A)).isEqualTo(1); Install.single(TestApp.A2).setEnableRollback().setStaged().commit(); } @Test public void testExpireSession_Phase2_VerifyInstall() throws Exception { assertThat(InstallUtils.getInstalledVersion(TestApp.A)).isEqualTo(2); RollbackManager rm = RollbackUtils.getRollbackManager(); RollbackInfo rollback = getUniqueRollbackInfoForPackage( rm.getAvailableRollbacks(), TestApp.A); assertThat(rollback).isNotNull(); assertThat(rollback).packagesContainsExactly(Rollback.from(TestApp.A2).to(TestApp.A1)); assertThat(rollback.isStaged()).isTrue(); } @Test public void testExpireSession_Phase3_VerifyRollback() throws Exception { RollbackManager rm = RollbackUtils.getRollbackManager(); RollbackInfo rollback = getUniqueRollbackInfoForPackage( rm.getAvailableRollbacks(), TestApp.A); assertThat(rollback).isNotNull(); } @Test public void hasMainlineModule() throws Exception { String pkgName = getModuleMetadataPackageName(); Loading
