Allow BG-FGS-launch for profile owner UID. (9578316c) · Commits · e / os / android_frameworks_base

core/java/android/app/ActivityManagerInternal.java

+11 −0

Original line number	Diff line number	Diff line
		@@ -32,6 +32,7 @@ import android.os.Bundle;
		import android.os.IBinder;
		import android.os.TransactionTooLargeException;
		import android.os.WorkSource;
		import android.util.ArraySet;

		import java.util.ArrayList;
		import java.util.List;
		@@ -447,6 +448,16 @@ public abstract class ActivityManagerInternal {
		*/
		public abstract void setDeviceOwnerUid(int uid);

		/** Is this a profile owner app? */
		public abstract boolean isProfileOwner(int uid);

		/**
		* Called by DevicePolicyManagerService to set the uid of the profile owner.
		* @param profileOwnerUids The profile owner UIDs. The ownership of the array is
		* passed to callee.
		*/
		public abstract void setProfileOwnerUid(ArraySet<Integer> profileOwnerUids);

		/**
		* Set all associated companion app that belongs to a userId.
		* @param userId

services/core/java/com/android/server/am/ActiveServices.java

+13 −1

Original line number	Diff line number	Diff line
		@@ -171,6 +171,7 @@ public final class ActiveServices {
		public static final int FGS_FEATURE_ALLOWED_BY_EXEMPTED_PACKAGES = 20;
		public static final int FGS_FEATURE_ALLOWED_BY_ACTIVITY_STARTER = 21;
		public static final int FGS_FEATURE_ALLOWED_BY_COMPANION_APP = 22;
		public static final int FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER = 23;

		@IntDef(flag = true, prefix = { "FGS_FEATURE_" }, value = {
		FGS_FEATURE_DENIED,
		@@ -194,7 +195,8 @@ public final class ActiveServices {
		FGS_FEATURE_ALLOWED_BY_PROCESS_RECORD,
		FGS_FEATURE_ALLOWED_BY_EXEMPTED_PACKAGES,
		FGS_FEATURE_ALLOWED_BY_ACTIVITY_STARTER,
		FGS_FEATURE_ALLOWED_BY_COMPANION_APP
		FGS_FEATURE_ALLOWED_BY_COMPANION_APP,
		FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER
		})
		@Retention(RetentionPolicy.SOURCE)
		public @interface FgsFeatureRetCode {}
		@@ -5373,6 +5375,14 @@ public final class ActiveServices {
		}
		}

		if (ret == FGS_FEATURE_DENIED) {
		// Is the calling UID a profile owner app?
		final boolean isProfileOwner = mAm.mInternal.isProfileOwner(callingUid);
		if (isProfileOwner) {
		ret = FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER;
		}
		}

		// NOTE this should always be the last check.
		if (ret == FGS_FEATURE_DENIED) {
		if (isPackageExemptedFromFgsRestriction(r.appInfo.packageName, r.appInfo.uid)
		@@ -5474,6 +5484,8 @@ public final class ActiveServices {
		return "ALLOWED_BY_ACTIVITY_STARTER";
		case FGS_FEATURE_ALLOWED_BY_COMPANION_APP:
		return "ALLOWED_BY_COMPANION_APP";
		case FGS_FEATURE_ALLOWED_BY_PROFILE_OWNER:
		return "ALLOWED_BY_PROFILE_OWNER";
		default:
		return "";
		}

services/core/java/com/android/server/am/ActivityManagerService.java

+23 −1

Original line number	Diff line number	Diff line
		@@ -572,9 +572,16 @@ public class ActivityManagerService extends IActivityManager.Stub

		private int mDeviceOwnerUid = Process.INVALID_UID;

		// A map userId and all its companion app uids
		/**
		* Map userId to its companion app uids.
		*/
		private final Map<Integer, Set<Integer>> mCompanionAppUidsMap = new ArrayMap<>();

		/**
		* The profile owner UIDs.
		*/
		private ArraySet<Integer> mProfileOwnerUids = null;

		final UserController mUserController;
		@VisibleForTesting
		public final PendingIntentController mPendingIntentController;
		@@ -16728,6 +16735,21 @@ public class ActivityManagerService extends IActivityManager.Stub
		}
		}


		@Override
		public void setProfileOwnerUid(ArraySet<Integer> profileOwnerUids) {
		synchronized (ActivityManagerService.this) {
		mProfileOwnerUids = profileOwnerUids;
		}
		}

		@Override
		public boolean isProfileOwner(int uid) {
		synchronized (ActivityManagerService.this) {
		return mProfileOwnerUids != null && mProfileOwnerUids.indexOf(uid) >= 0;
		}
		}

		@Override
		public void setCompanionAppUids(int userId, Set<Integer> companionAppUids) {
		synchronized (ActivityManagerService.this) {

services/core/java/com/android/server/am/ProcessRecord.java

+7 −0

Original line number	Diff line number	Diff line
		@@ -2077,6 +2077,13 @@ class ProcessRecord implements WindowProcessListener {
		}
		}

		if (!mAllowStartFgs) {
		// Is the calling UID a profile owner app?
		if (mService.mInternal != null) {
		mAllowStartFgs = mService.mInternal.isProfileOwner(info.uid);
		}
		}

		if (!mAllowStartFgs) {
		// uid is on DeviceIdleController's user/system allowlist
		// or AMS's FgsStartTempAllowList.

services/devicepolicy/java/com/android/server/devicepolicy/Owners.java

+38 −9

Original line number	Diff line number	Diff line
		@@ -31,6 +31,7 @@ import android.os.Process;
		import android.os.UserHandle;
		import android.os.UserManager;
		import android.util.ArrayMap;
		import android.util.ArraySet;
		import android.util.AtomicFile;
		import android.util.IndentingPrintWriter;
		import android.util.Log;
		@@ -203,6 +204,7 @@ class Owners {
		}
		pushToPackageManagerLocked();
		pushToActivityTaskManagerLocked();
		pushToActivityManagerLocked();
		pushToAppOpsLocked();
		}
		}
		@@ -218,12 +220,34 @@ class Owners {
		}

		private void pushToActivityTaskManagerLocked() {
		final int uid = mDeviceOwner != null ? mPackageManagerInternal.getPackageUid(
		mDeviceOwner.packageName,
		PackageManager.MATCH_ALL \| PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId)
		: Process.INVALID_UID;
		mActivityTaskManagerInternal.setDeviceOwnerUid(uid);
		mActivityManagerInternal.setDeviceOwnerUid(uid);
		mActivityTaskManagerInternal.setDeviceOwnerUid(getDeviceOwnerUidLocked());
		}

		private void pushToActivityManagerLocked() {
		mActivityManagerInternal.setDeviceOwnerUid(getDeviceOwnerUidLocked());

		final ArraySet<Integer> profileOwners = new ArraySet<>();
		for (int poi = mProfileOwners.size() - 1; poi >= 0; poi--) {
		final int userId = mProfileOwners.keyAt(poi);
		final int profileOwnerUid = mPackageManagerInternal.getPackageUid(
		mProfileOwners.valueAt(poi).packageName,
		PackageManager.MATCH_ALL \| PackageManager.MATCH_KNOWN_PACKAGES,
		userId);
		if (profileOwnerUid >= 0) {
		profileOwners.add(profileOwnerUid);
		}
		}
		mActivityManagerInternal.setProfileOwnerUid(profileOwners);
		}

		int getDeviceOwnerUidLocked() {
		if (mDeviceOwner != null) {
		return mPackageManagerInternal.getPackageUid(mDeviceOwner.packageName,
		PackageManager.MATCH_ALL \| PackageManager.MATCH_KNOWN_PACKAGES,
		mDeviceOwnerUserId);
		} else {
		return Process.INVALID_UID;
		}
		}

		String getDeviceOwnerPackageName() {
		@@ -301,6 +325,7 @@ class Owners {
		mUserManagerInternal.setDeviceManaged(true);
		pushToPackageManagerLocked();
		pushToActivityTaskManagerLocked();
		pushToActivityManagerLocked();
		pushToAppOpsLocked();
		}
		}
		@@ -313,6 +338,7 @@ class Owners {
		mUserManagerInternal.setDeviceManaged(false);
		pushToPackageManagerLocked();
		pushToActivityTaskManagerLocked();
		pushToActivityManagerLocked();
		pushToAppOpsLocked();
		}
		}
		@@ -325,6 +351,7 @@ class Owners {
		/* remoteBugreportHash =/ null, / isOrganizationOwnedDevice =*/ false));
		mUserManagerInternal.setUserManaged(userId, true);
		pushToPackageManagerLocked();
		pushToActivityManagerLocked();
		pushToAppOpsLocked();
		}
		}
		@@ -334,6 +361,7 @@ class Owners {
		mProfileOwners.remove(userId);
		mUserManagerInternal.setUserManaged(userId, false);
		pushToPackageManagerLocked();
		pushToActivityManagerLocked();
		pushToAppOpsLocked();
		}
		}
		@@ -347,6 +375,7 @@ class Owners {
		ownerInfo.isOrganizationOwnedDevice);
		mProfileOwners.put(userId, newOwnerInfo);
		pushToPackageManagerLocked();
		pushToActivityManagerLocked();
		pushToAppOpsLocked();
		}
		}
		@@ -361,6 +390,7 @@ class Owners {
		mDeviceOwner.isOrganizationOwnedDevice);
		pushToPackageManagerLocked();
		pushToActivityTaskManagerLocked();
		pushToActivityManagerLocked();
		pushToAppOpsLocked();
		}
		}
		@@ -665,9 +695,7 @@ class Owners {
		try {
		final SparseIntArray owners = new SparseIntArray();
		if (mDeviceOwner != null) {
		final int uid = mPackageManagerInternal.getPackageUid(mDeviceOwner.packageName,
		PackageManager.MATCH_ALL \| PackageManager.MATCH_KNOWN_PACKAGES,
		mDeviceOwnerUserId);
		final int uid = getDeviceOwnerUidLocked();
		if (uid >= 0) {
		owners.put(mDeviceOwnerUserId, uid);
		}
		@@ -695,6 +723,7 @@ class Owners {
		public void systemReady() {
		synchronized (mLock) {
		mSystemReady = true;
		pushToActivityManagerLocked();
		pushToAppOpsLocked();
		}
		}