Merge "Add DeviceConfig flag for enforcing receiver restrictions" into tm-dev...

    // Encapsulates the global setting "hidden_api_blacklist_exemptions"

    final HiddenApiSettings mHiddenApiBlacklist;

    final SdkSandboxSettings mSdkSandboxSettings;

    private final PlatformCompat mPlatformCompat;

    PackageManagerInternal mPackageManagerInt;

        }

    }

    /**

     * Handles settings related to the enforcement of SDK sandbox restrictions.

     */

    static class SdkSandboxSettings implements DeviceConfig.OnPropertiesChangedListener {

        private final Context mContext;

        private final Object mLock = new Object();

        @GuardedBy("mLock")

        private boolean mEnforceBroadcastReceiverRestrictions;

        /**

         * Property to enforce broadcast receiver restrictions for SDK sandbox processes. If the

         * value of this property is {@code true}, the restrictions will be enforced.

         */

        public static final String ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS =

                "enforce_broadcast_receiver_restrictions";

        SdkSandboxSettings(Context context) {

            mContext = context;

        }

        void registerObserver() {

            synchronized (mLock) {

                mEnforceBroadcastReceiverRestrictions = DeviceConfig.getBoolean(

                        DeviceConfig.NAMESPACE_SDK_SANDBOX,

                        ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS, false);

                DeviceConfig.addOnPropertiesChangedListener(DeviceConfig.NAMESPACE_SDK_SANDBOX,

                        mContext.getMainExecutor(), this);

            }

        }

        @Override

        public void onPropertiesChanged(DeviceConfig.Properties properties) {

            synchronized (mLock) {

                mEnforceBroadcastReceiverRestrictions = properties.getBoolean(

                        ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS, false);

            }

        }

        boolean isBroadcastReceiverRestrictionsEnforced() {

            synchronized (mLock) {

                return mEnforceBroadcastReceiverRestrictions;

            }

        }

    }

    AppOpsManager getAppOpsManager() {

        if (mAppOpsManager == null) {

            mAppOpsManager = mContext.getSystemService(AppOpsManager.class);

        mProcStartHandlerThread = null;

        mProcStartHandler = null;

        mHiddenApiBlacklist = null;

        mSdkSandboxSettings = null;

        mFactoryTest = FACTORY_TEST_OFF;

        mUgmInternal = LocalServices.getService(UriGrantsManagerInternal.class);

        mInternal = new LocalService();

        mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class);

        mHiddenApiBlacklist = new HiddenApiSettings(mHandler, mContext);

        mSdkSandboxSettings = new SdkSandboxSettings(mContext);

        Watchdog.getInstance().addMonitor(this);

        Watchdog.getInstance().addThread(mHandler);

        final boolean alwaysFinishActivities =

                Settings.Global.getInt(resolver, ALWAYS_FINISH_ACTIVITIES, 0) != 0;

        mHiddenApiBlacklist.registerObserver();

        mSdkSandboxSettings.registerObserver();

        mPlatformCompat.registerContentObserver();

        mAppProfiler.retrieveSettings();

        // Allow Sandbox process to register only unexported receivers.

        if ((flags & Context.RECEIVER_NOT_EXPORTED) != 0) {

            enforceNotIsolatedCaller("registerReceiver");

        } else {

        } else if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()) {

            enforceNotIsolatedOrSdkSandboxCaller("registerReceiver");

        }

        ArrayList<Intent> stickyIntents = null;