Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b9a91a63 authored by Hui Yu's avatar Hui Yu
Browse files

FGS BG start restriction enforcement mode. 

Change the "FGS background start while-in-use permission restriction"
feature from permissive mode to enforcement mode, which means, the
restriction is turned on.

It denies while-in-use location, camera, record_audio permissions in
foreground service started from background ("Always" permissions are
not denied).

Bug: 136219221
Test: atest android.app.cts.ActivityManagerProcessStateTest

Change-Id: If6bf8309f5af8210ee536fdd484d7e17d0dc12c5
parent b1fa029b

services/core/java/com/android/server/am/OomAdjuster.java

+1 −2
Original line number Diff line number Diff line
@@ -1994,12 +1994,11 @@ public final class OomAdjuster { 
        if (app.hasForegroundServices()) {

            capability |= capabilityFromFGS;

        } else if (!ActivityManager.isProcStateBackground(procState)) {

            // procState higher than PROCESS_STATE_TRANSIENT_BACKGROUND implicitly has

            // procState higher than PROCESS_STATE_BOUND_FOREGROUND_SERVICE implicitly has

            // camera/microphone capability

            if (procState == PROCESS_STATE_FOREGROUND_SERVICE && procStateFromFGSClient) {

                // if the FGS state is passed down from client, do not grant implicit capabilities.

            } else {

                //TODO: remove this line when enforcing the feature.

                capability |= PROCESS_CAPABILITY_ALL_IMPLICIT;

            }

        }

services/core/java/com/android/server/appop/AppOpsService.java

+5 −10
Original line number Diff line number Diff line
@@ -536,9 +536,8 @@ public class AppOpsService extends IAppOpsService.Stub { 
                                // The FGS has the location capability, but due to FGS BG start

                                // restriction it lost the capability, use temp location capability

                                // to mark this case.

                                // TODO change to MODE_IGNORED when enforcing the feature.

                                maybeShowWhileInUseDebugToast(op, mode);

                                return AppOpsManager.MODE_ALLOWED;

                                return AppOpsManager.MODE_IGNORED;

                            } else {

                                return AppOpsManager.MODE_IGNORED;

                            }
@@ -546,17 +545,15 @@ public class AppOpsService extends IAppOpsService.Stub { 
                            if ((capability & PROCESS_CAPABILITY_FOREGROUND_CAMERA) != 0) {

                                return AppOpsManager.MODE_ALLOWED;

                            } else {

                                //TODO change to MODE_IGNORED when enforcing the feature.

                                maybeShowWhileInUseDebugToast(op, mode);

                                return AppOpsManager.MODE_ALLOWED;

                                return AppOpsManager.MODE_IGNORED;

                            }

                        case OP_RECORD_AUDIO:

                            if ((capability & PROCESS_CAPABILITY_FOREGROUND_MICROPHONE) != 0) {

                                return AppOpsManager.MODE_ALLOWED;

                            } else {

                                //TODO change to MODE_IGNORED when enforcing the feature.

                                maybeShowWhileInUseDebugToast(op, mode);

                                return AppOpsManager.MODE_ALLOWED;

                                return AppOpsManager.MODE_IGNORED;

                            }

                        default:

                            return AppOpsManager.MODE_ALLOWED;
@@ -571,17 +568,15 @@ public class AppOpsService extends IAppOpsService.Stub { 
                        if ((capability & PROCESS_CAPABILITY_FOREGROUND_CAMERA) != 0) {

                            return AppOpsManager.MODE_ALLOWED;

                        } else {

                            //TODO change to MODE_IGNORED when enforcing the feature.

                            maybeShowWhileInUseDebugToast(op, mode);

                            return AppOpsManager.MODE_ALLOWED;

                            return AppOpsManager.MODE_IGNORED;

                        }

                    case OP_RECORD_AUDIO:

                        if ((capability & PROCESS_CAPABILITY_FOREGROUND_MICROPHONE) != 0) {

                            return AppOpsManager.MODE_ALLOWED;

                        } else {

                            //TODO change to MODE_IGNORED when enforcing the feature.

                            maybeShowWhileInUseDebugToast(op, mode);

                            return AppOpsManager.MODE_ALLOWED;

                            return AppOpsManager.MODE_IGNORED;

                        }

                    default:

                        return MODE_ALLOWED;