Loading core/java/android/app/ActivityManagerInternal.java +11 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ import android.os.Bundle; import android.os.IBinder; import android.os.TransactionTooLargeException; import android.os.WorkSource; import android.util.ArraySet; import java.util.ArrayList; import java.util.List; Loading Loading @@ -447,6 +448,16 @@ public abstract class ActivityManagerInternal { */ public abstract void setDeviceOwnerUid(int uid); /** Is this a profile owner app? */ public abstract boolean isProfileOwner(int uid); /** * Called by DevicePolicyManagerService to set the uid of the profile owner. * @param profileOwnerUids The profile owner UIDs. The ownership of the array is * passed to callee. */ public abstract void setProfileOwnerUid(ArraySet<Integer> profileOwnerUids); /** * Set all associated companion app that belongs to a userId. * @param userId Loading services/core/java/com/android/server/am/ActiveServices.java +13 −1 Original line number Diff line number Diff line Loading @@ -171,6 +171,7 @@ public final class ActiveServices { public static final int FGS_FEATURE_ALLOWED_BY_EXEMPTED_PACKAGES = 20; public static final int FGS_FEATURE_ALLOWED_BY_ACTIVITY_STARTER = 21; public static final int FGS_FEATURE_ALLOWED_BY_COMPANION_APP = 22; public static final int FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER = 23; @IntDef(flag = true, prefix = { "FGS_FEATURE_" }, value = { FGS_FEATURE_DENIED, Loading @@ -194,7 +195,8 @@ public final class ActiveServices { FGS_FEATURE_ALLOWED_BY_PROCESS_RECORD, FGS_FEATURE_ALLOWED_BY_EXEMPTED_PACKAGES, FGS_FEATURE_ALLOWED_BY_ACTIVITY_STARTER, FGS_FEATURE_ALLOWED_BY_COMPANION_APP FGS_FEATURE_ALLOWED_BY_COMPANION_APP, FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER }) @Retention(RetentionPolicy.SOURCE) public @interface FgsFeatureRetCode {} Loading Loading @@ -5373,6 +5375,14 @@ public final class ActiveServices { } } if (ret == FGS_FEATURE_DENIED) { // Is the calling UID a profile owner app? final boolean isProfileOwner = mAm.mInternal.isProfileOwner(callingUid); if (isProfileOwner) { ret = FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER; } } // NOTE this should always be the last check. if (ret == FGS_FEATURE_DENIED) { if (isPackageExemptedFromFgsRestriction(r.appInfo.packageName, r.appInfo.uid) Loading Loading @@ -5474,6 +5484,8 @@ public final class ActiveServices { return "ALLOWED_BY_ACTIVITY_STARTER"; case FGS_FEATURE_ALLOWED_BY_COMPANION_APP: return "ALLOWED_BY_COMPANION_APP"; case FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER: return "ALLOWED_BY_PROFILE_OWNER"; default: return ""; } Loading services/core/java/com/android/server/am/ActivityManagerService.java +23 −1 Original line number Diff line number Diff line Loading @@ -572,9 +572,16 @@ public class ActivityManagerService extends IActivityManager.Stub private int mDeviceOwnerUid = Process.INVALID_UID; // A map userId and all its companion app uids /** * Map userId to its companion app uids. */ private final Map<Integer, Set<Integer>> mCompanionAppUidsMap = new ArrayMap<>(); /** * The profile owner UIDs. */ private ArraySet<Integer> mProfileOwnerUids = null; final UserController mUserController; @VisibleForTesting public final PendingIntentController mPendingIntentController; Loading Loading @@ -16728,6 +16735,21 @@ public class ActivityManagerService extends IActivityManager.Stub } } @Override public void setProfileOwnerUid(ArraySet<Integer> profileOwnerUids) { synchronized (ActivityManagerService.this) { mProfileOwnerUids = profileOwnerUids; } } @Override public boolean isProfileOwner(int uid) { synchronized (ActivityManagerService.this) { return mProfileOwnerUids != null && mProfileOwnerUids.indexOf(uid) >= 0; } } @Override public void setCompanionAppUids(int userId, Set<Integer> companionAppUids) { synchronized (ActivityManagerService.this) { services/core/java/com/android/server/am/ProcessRecord.java +7 −0 Original line number Diff line number Diff line Loading @@ -2077,6 +2077,13 @@ class ProcessRecord implements WindowProcessListener { } } if (!mAllowStartFgs) { // Is the calling UID a profile owner app? if (mService.mInternal != null) { mAllowStartFgs = mService.mInternal.isProfileOwner(info.uid); } } if (!mAllowStartFgs) { // uid is on DeviceIdleController's user/system allowlist // or AMS's FgsStartTempAllowList. Loading services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +38 −9 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ import android.os.Process; import android.os.UserHandle; import android.os.UserManager; import android.util.ArrayMap; import android.util.ArraySet; import android.util.AtomicFile; import android.util.IndentingPrintWriter; import android.util.Log; Loading Loading @@ -203,6 +204,7 @@ class Owners { } pushToPackageManagerLocked(); pushToActivityTaskManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -218,12 +220,34 @@ class Owners { } private void pushToActivityTaskManagerLocked() { final int uid = mDeviceOwner != null ? mPackageManagerInternal.getPackageUid( mDeviceOwner.packageName, PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId) : Process.INVALID_UID; mActivityTaskManagerInternal.setDeviceOwnerUid(uid); mActivityManagerInternal.setDeviceOwnerUid(uid); mActivityTaskManagerInternal.setDeviceOwnerUid(getDeviceOwnerUidLocked()); } private void pushToActivityManagerLocked() { mActivityManagerInternal.setDeviceOwnerUid(getDeviceOwnerUidLocked()); final ArraySet<Integer> profileOwners = new ArraySet<>(); for (int poi = mProfileOwners.size() - 1; poi >= 0; poi--) { final int userId = mProfileOwners.keyAt(poi); final int profileOwnerUid = mPackageManagerInternal.getPackageUid( mProfileOwners.valueAt(poi).packageName, PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, userId); if (profileOwnerUid >= 0) { profileOwners.add(profileOwnerUid); } } mActivityManagerInternal.setProfileOwnerUid(profileOwners); } int getDeviceOwnerUidLocked() { if (mDeviceOwner != null) { return mPackageManagerInternal.getPackageUid(mDeviceOwner.packageName, PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId); } else { return Process.INVALID_UID; } } String getDeviceOwnerPackageName() { Loading Loading @@ -301,6 +325,7 @@ class Owners { mUserManagerInternal.setDeviceManaged(true); pushToPackageManagerLocked(); pushToActivityTaskManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -313,6 +338,7 @@ class Owners { mUserManagerInternal.setDeviceManaged(false); pushToPackageManagerLocked(); pushToActivityTaskManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -325,6 +351,7 @@ class Owners { /* remoteBugreportHash =*/ null, /* isOrganizationOwnedDevice =*/ false)); mUserManagerInternal.setUserManaged(userId, true); pushToPackageManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -334,6 +361,7 @@ class Owners { mProfileOwners.remove(userId); mUserManagerInternal.setUserManaged(userId, false); pushToPackageManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -347,6 +375,7 @@ class Owners { ownerInfo.isOrganizationOwnedDevice); mProfileOwners.put(userId, newOwnerInfo); pushToPackageManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -361,6 +390,7 @@ class Owners { mDeviceOwner.isOrganizationOwnedDevice); pushToPackageManagerLocked(); pushToActivityTaskManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading Loading @@ -665,9 +695,7 @@ class Owners { try { final SparseIntArray owners = new SparseIntArray(); if (mDeviceOwner != null) { final int uid = mPackageManagerInternal.getPackageUid(mDeviceOwner.packageName, PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId); final int uid = getDeviceOwnerUidLocked(); if (uid >= 0) { owners.put(mDeviceOwnerUserId, uid); } Loading Loading @@ -695,6 +723,7 @@ class Owners { public void systemReady() { synchronized (mLock) { mSystemReady = true; pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading Loading
core/java/android/app/ActivityManagerInternal.java +11 −0 Original line number Diff line number Diff line Loading @@ -32,6 +32,7 @@ import android.os.Bundle; import android.os.IBinder; import android.os.TransactionTooLargeException; import android.os.WorkSource; import android.util.ArraySet; import java.util.ArrayList; import java.util.List; Loading Loading @@ -447,6 +448,16 @@ public abstract class ActivityManagerInternal { */ public abstract void setDeviceOwnerUid(int uid); /** Is this a profile owner app? */ public abstract boolean isProfileOwner(int uid); /** * Called by DevicePolicyManagerService to set the uid of the profile owner. * @param profileOwnerUids The profile owner UIDs. The ownership of the array is * passed to callee. */ public abstract void setProfileOwnerUid(ArraySet<Integer> profileOwnerUids); /** * Set all associated companion app that belongs to a userId. * @param userId Loading
services/core/java/com/android/server/am/ActiveServices.java +13 −1 Original line number Diff line number Diff line Loading @@ -171,6 +171,7 @@ public final class ActiveServices { public static final int FGS_FEATURE_ALLOWED_BY_EXEMPTED_PACKAGES = 20; public static final int FGS_FEATURE_ALLOWED_BY_ACTIVITY_STARTER = 21; public static final int FGS_FEATURE_ALLOWED_BY_COMPANION_APP = 22; public static final int FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER = 23; @IntDef(flag = true, prefix = { "FGS_FEATURE_" }, value = { FGS_FEATURE_DENIED, Loading @@ -194,7 +195,8 @@ public final class ActiveServices { FGS_FEATURE_ALLOWED_BY_PROCESS_RECORD, FGS_FEATURE_ALLOWED_BY_EXEMPTED_PACKAGES, FGS_FEATURE_ALLOWED_BY_ACTIVITY_STARTER, FGS_FEATURE_ALLOWED_BY_COMPANION_APP FGS_FEATURE_ALLOWED_BY_COMPANION_APP, FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER }) @Retention(RetentionPolicy.SOURCE) public @interface FgsFeatureRetCode {} Loading Loading @@ -5373,6 +5375,14 @@ public final class ActiveServices { } } if (ret == FGS_FEATURE_DENIED) { // Is the calling UID a profile owner app? final boolean isProfileOwner = mAm.mInternal.isProfileOwner(callingUid); if (isProfileOwner) { ret = FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER; } } // NOTE this should always be the last check. if (ret == FGS_FEATURE_DENIED) { if (isPackageExemptedFromFgsRestriction(r.appInfo.packageName, r.appInfo.uid) Loading Loading @@ -5474,6 +5484,8 @@ public final class ActiveServices { return "ALLOWED_BY_ACTIVITY_STARTER"; case FGS_FEATURE_ALLOWED_BY_COMPANION_APP: return "ALLOWED_BY_COMPANION_APP"; case FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER: return "ALLOWED_BY_PROFILE_OWNER"; default: return ""; } Loading
services/core/java/com/android/server/am/ActivityManagerService.java +23 −1 Original line number Diff line number Diff line Loading @@ -572,9 +572,16 @@ public class ActivityManagerService extends IActivityManager.Stub private int mDeviceOwnerUid = Process.INVALID_UID; // A map userId and all its companion app uids /** * Map userId to its companion app uids. */ private final Map<Integer, Set<Integer>> mCompanionAppUidsMap = new ArrayMap<>(); /** * The profile owner UIDs. */ private ArraySet<Integer> mProfileOwnerUids = null; final UserController mUserController; @VisibleForTesting public final PendingIntentController mPendingIntentController; Loading Loading @@ -16728,6 +16735,21 @@ public class ActivityManagerService extends IActivityManager.Stub } } @Override public void setProfileOwnerUid(ArraySet<Integer> profileOwnerUids) { synchronized (ActivityManagerService.this) { mProfileOwnerUids = profileOwnerUids; } } @Override public boolean isProfileOwner(int uid) { synchronized (ActivityManagerService.this) { return mProfileOwnerUids != null && mProfileOwnerUids.indexOf(uid) >= 0; } } @Override public void setCompanionAppUids(int userId, Set<Integer> companionAppUids) { synchronized (ActivityManagerService.this) {
services/core/java/com/android/server/am/ProcessRecord.java +7 −0 Original line number Diff line number Diff line Loading @@ -2077,6 +2077,13 @@ class ProcessRecord implements WindowProcessListener { } } if (!mAllowStartFgs) { // Is the calling UID a profile owner app? if (mService.mInternal != null) { mAllowStartFgs = mService.mInternal.isProfileOwner(info.uid); } } if (!mAllowStartFgs) { // uid is on DeviceIdleController's user/system allowlist // or AMS's FgsStartTempAllowList. Loading
services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +38 −9 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ import android.os.Process; import android.os.UserHandle; import android.os.UserManager; import android.util.ArrayMap; import android.util.ArraySet; import android.util.AtomicFile; import android.util.IndentingPrintWriter; import android.util.Log; Loading Loading @@ -203,6 +204,7 @@ class Owners { } pushToPackageManagerLocked(); pushToActivityTaskManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -218,12 +220,34 @@ class Owners { } private void pushToActivityTaskManagerLocked() { final int uid = mDeviceOwner != null ? mPackageManagerInternal.getPackageUid( mDeviceOwner.packageName, PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId) : Process.INVALID_UID; mActivityTaskManagerInternal.setDeviceOwnerUid(uid); mActivityManagerInternal.setDeviceOwnerUid(uid); mActivityTaskManagerInternal.setDeviceOwnerUid(getDeviceOwnerUidLocked()); } private void pushToActivityManagerLocked() { mActivityManagerInternal.setDeviceOwnerUid(getDeviceOwnerUidLocked()); final ArraySet<Integer> profileOwners = new ArraySet<>(); for (int poi = mProfileOwners.size() - 1; poi >= 0; poi--) { final int userId = mProfileOwners.keyAt(poi); final int profileOwnerUid = mPackageManagerInternal.getPackageUid( mProfileOwners.valueAt(poi).packageName, PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, userId); if (profileOwnerUid >= 0) { profileOwners.add(profileOwnerUid); } } mActivityManagerInternal.setProfileOwnerUid(profileOwners); } int getDeviceOwnerUidLocked() { if (mDeviceOwner != null) { return mPackageManagerInternal.getPackageUid(mDeviceOwner.packageName, PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId); } else { return Process.INVALID_UID; } } String getDeviceOwnerPackageName() { Loading Loading @@ -301,6 +325,7 @@ class Owners { mUserManagerInternal.setDeviceManaged(true); pushToPackageManagerLocked(); pushToActivityTaskManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -313,6 +338,7 @@ class Owners { mUserManagerInternal.setDeviceManaged(false); pushToPackageManagerLocked(); pushToActivityTaskManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -325,6 +351,7 @@ class Owners { /* remoteBugreportHash =*/ null, /* isOrganizationOwnedDevice =*/ false)); mUserManagerInternal.setUserManaged(userId, true); pushToPackageManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -334,6 +361,7 @@ class Owners { mProfileOwners.remove(userId); mUserManagerInternal.setUserManaged(userId, false); pushToPackageManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -347,6 +375,7 @@ class Owners { ownerInfo.isOrganizationOwnedDevice); mProfileOwners.put(userId, newOwnerInfo); pushToPackageManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading @@ -361,6 +390,7 @@ class Owners { mDeviceOwner.isOrganizationOwnedDevice); pushToPackageManagerLocked(); pushToActivityTaskManagerLocked(); pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading Loading @@ -665,9 +695,7 @@ class Owners { try { final SparseIntArray owners = new SparseIntArray(); if (mDeviceOwner != null) { final int uid = mPackageManagerInternal.getPackageUid(mDeviceOwner.packageName, PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId); final int uid = getDeviceOwnerUidLocked(); if (uid >= 0) { owners.put(mDeviceOwnerUserId, uid); } Loading Loading @@ -695,6 +723,7 @@ class Owners { public void systemReady() { synchronized (mLock) { mSystemReady = true; pushToActivityManagerLocked(); pushToAppOpsLocked(); } } Loading
