Add DeviceConfig flag for enforcing receiver restrictions (9f5f1a26) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ActivityManagerService.java

+53 −1

Original line number	Diff line number	Diff line
		@@ -1530,6 +1530,8 @@ public class ActivityManagerService extends IActivityManager.Stub
		// Encapsulates the global setting "hidden_api_blacklist_exemptions"
		final HiddenApiSettings mHiddenApiBlacklist;

		final SdkSandboxSettings mSdkSandboxSettings;

		private final PlatformCompat mPlatformCompat;

		PackageManagerInternal mPackageManagerInt;
		@@ -2235,6 +2237,53 @@ public class ActivityManagerService extends IActivityManager.Stub
		}
		}

		/**
		* Handles settings related to the enforcement of SDK sandbox restrictions.
		*/
		static class SdkSandboxSettings implements DeviceConfig.OnPropertiesChangedListener {

		private final Context mContext;
		private final Object mLock = new Object();

		@GuardedBy("mLock")
		private boolean mEnforceBroadcastReceiverRestrictions;

		/**
		* Property to enforce broadcast receiver restrictions for SDK sandbox processes. If the
		* value of this property is {@code true}, the restrictions will be enforced.
		*/
		public static final String ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS =
		"enforce_broadcast_receiver_restrictions";

		SdkSandboxSettings(Context context) {
		mContext = context;
		}

		void registerObserver() {
		synchronized (mLock) {
		mEnforceBroadcastReceiverRestrictions = DeviceConfig.getBoolean(
		DeviceConfig.NAMESPACE_SDK_SANDBOX,
		ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS, false);
		DeviceConfig.addOnPropertiesChangedListener(DeviceConfig.NAMESPACE_SDK_SANDBOX,
		mContext.getMainExecutor(), this);
		}
		}

		@Override
		public void onPropertiesChanged(DeviceConfig.Properties properties) {
		synchronized (mLock) {
		mEnforceBroadcastReceiverRestrictions = properties.getBoolean(
		ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS, false);
		}
		}

		boolean isBroadcastReceiverRestrictionsEnforced() {
		synchronized (mLock) {
		return mEnforceBroadcastReceiverRestrictions;
		}
		}
		}

		AppOpsManager getAppOpsManager() {
		if (mAppOpsManager == null) {
		mAppOpsManager = mContext.getSystemService(AppOpsManager.class);
		@@ -2287,6 +2336,7 @@ public class ActivityManagerService extends IActivityManager.Stub
		mProcStartHandlerThread = null;
		mProcStartHandler = null;
		mHiddenApiBlacklist = null;
		mSdkSandboxSettings = null;
		mFactoryTest = FACTORY_TEST_OFF;
		mUgmInternal = LocalServices.getService(UriGrantsManagerInternal.class);
		mInternal = new LocalService();
		@@ -2406,6 +2456,7 @@ public class ActivityManagerService extends IActivityManager.Stub
		mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class);

		mHiddenApiBlacklist = new HiddenApiSettings(mHandler, mContext);
		mSdkSandboxSettings = new SdkSandboxSettings(mContext);

		Watchdog.getInstance().addMonitor(this);
		Watchdog.getInstance().addThread(mHandler);
		@@ -7911,6 +7962,7 @@ public class ActivityManagerService extends IActivityManager.Stub
		final boolean alwaysFinishActivities =
		Settings.Global.getInt(resolver, ALWAYS_FINISH_ACTIVITIES, 0) != 0;
		mHiddenApiBlacklist.registerObserver();
		mSdkSandboxSettings.registerObserver();
		mPlatformCompat.registerContentObserver();

		mAppProfiler.retrieveSettings();
		@@ -12940,7 +12992,7 @@ public class ActivityManagerService extends IActivityManager.Stub
		// Allow Sandbox process to register only unexported receivers.
		if ((flags & Context.RECEIVER_NOT_EXPORTED) != 0) {
		enforceNotIsolatedCaller("registerReceiver");
		} else {
		} else if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()) {
		enforceNotIsolatedOrSdkSandboxCaller("registerReceiver");
		}
		ArrayList<Intent> stickyIntents = null;