Merge "Add metrics log for sensitive content app protection" into main

import com.android.internal.annotations.GuardedBy;

import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.util.FrameworkStatsLog;

import com.android.server.wm.SensitiveContentPackages.PackageInfo;

import com.android.server.wm.WindowManagerInternal;

import java.util.Objects;

import java.util.Random;

import java.util.Set;

/**

    @VisibleForTesting

    @Nullable

    NotificationListener mNotificationListener;

    @Nullable private MediaProjectionManager mProjectionManager;

    @Nullable private WindowManagerInternal mWindowManager;

    @Nullable

    private MediaProjectionManager mProjectionManager;

    @Nullable

    private MediaProjectionSession mMediaProjectionSession;

    private PackageManagerInternal mPackageManagerInternal;

    @Nullable

    private WindowManagerInternal mWindowManager;

    // screen recorder packages exempted from screen share protection.

    private ArraySet<String> mExemptedPackages = null;

    @GuardedBy("mSensitiveContentProtectionLock")

    private boolean mProjectionActive = false;

    private static class MediaProjectionSession {

        final int mUid;

        final long mSessionId;

        MediaProjectionSession(int uid, long sessionId) {

            mUid = uid;

            mSessionId = sessionId;

        }

    }

    private final MediaProjectionManager.Callback mProjectionCallback =

            new MediaProjectionManager.Callback() {

                @Override

                    Trace.traceBegin(Trace.TRACE_TAG_SYSTEM_SERVER,

                            "SensitiveContentProtectionManagerService.onProjectionStart");

                    try {

                        onProjectionStart(info.getPackageName());

                        onProjectionStart(info);

                    } finally {

                        Trace.traceEnd(Trace.TRACE_TAG_SYSTEM_SERVER);

                    }

        if (DEBUG) Log.d(TAG, "onBootPhase - PHASE_BOOT_COMPLETED");

        mPackageManagerInternal = LocalServices.getService(PackageManagerInternal.class);

        init(getContext().getSystemService(MediaProjectionManager.class),

                LocalServices.getService(WindowManagerInternal.class),

                getExemptedPackages());

        if (sensitiveContentAppProtection()) {

            publishBinderService(Context.SENSITIVE_CONTENT_PROTECTION_SERVICE,

                    new SensitiveContentProtectionManagerServiceBinder());

                    new SensitiveContentProtectionManagerServiceBinder(mPackageManagerInternal));

        }

    }

        return SystemConfig.getInstance().getBugreportWhitelistedPackages();

    }

    private void onProjectionStart(String packageName) {

    private void onProjectionStart(MediaProjectionInfo projectionInfo) {

        // exempt on device screen recorder as well.

        if ((mExemptedPackages != null && mExemptedPackages.contains(packageName))

                || canRecordSensitiveContent(packageName)) {

            Log.w(TAG, packageName + " is exempted from screen share protection.");

        if ((mExemptedPackages != null && mExemptedPackages.contains(

                projectionInfo.getPackageName()))

                || canRecordSensitiveContent(projectionInfo.getPackageName())) {

            Log.w(TAG, projectionInfo.getPackageName() + " is exempted.");

            return;

        }

        // TODO(b/324447419): move GlobalSettings lookup to background thread

        synchronized (mSensitiveContentProtectionLock) {

            mProjectionActive = true;

            int uid = mPackageManagerInternal.getPackageUid(projectionInfo.getPackageName(), 0,

                    projectionInfo.getUserHandle().getIdentifier());

            // TODO review sessionId, whether to use a sequence generator or random is good?

            mMediaProjectionSession = new MediaProjectionSession(uid, new Random().nextLong());

            if (sensitiveNotificationAppProtection()) {

                updateAppsThatShouldBlockScreenCapture();

            }

    private void onProjectionEnd() {

        synchronized (mSensitiveContentProtectionLock) {

            mProjectionActive = false;

            mMediaProjectionSession = null;

            // notify windowmanager to clear any sensitive notifications observed during projection

            // session

            packageInfos.add(packageInfo);

            if (isShowingSensitiveContent) {

                mWindowManager.addBlockScreenCaptureForApps(packageInfos);

                FrameworkStatsLog.write(

                        FrameworkStatsLog.SENSITIVE_CONTENT_APP_PROTECTION,

                        mMediaProjectionSession.mSessionId,

                        uid,

                        mMediaProjectionSession.mUid,

                        FrameworkStatsLog.SENSITIVE_CONTENT_APP_PROTECTION__STATE__BLOCKED

                );

            } else {

                mWindowManager.removeBlockScreenCaptureForApps(packageInfos);

                FrameworkStatsLog.write(

                        FrameworkStatsLog.SENSITIVE_CONTENT_APP_PROTECTION,

                        mMediaProjectionSession.mSessionId,

                        uid,

                        mMediaProjectionSession.mUid,

                        FrameworkStatsLog.SENSITIVE_CONTENT_APP_PROTECTION__STATE__UNBLOCKED

                );

            }

        }

    }

            extends ISensitiveContentProtectionManager.Stub {

        private final PackageManagerInternal mPackageManagerInternal;

        SensitiveContentProtectionManagerServiceBinder() {

            mPackageManagerInternal = LocalServices.getService(PackageManagerInternal.class);

        SensitiveContentProtectionManagerServiceBinder(

                PackageManagerInternal packageManagerInternal) {

            mPackageManagerInternal = packageManagerInternal;

        }

        public void setSensitiveContentProtection(IBinder windowToken, String packageName,