Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c59a5e7e authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

StrictMode to catch implicit Direct Boot matching. 

When an app starts becoming Direct Boot aware, it can be difficult
to track down all the places they're implicitly relying on
PackageManager filtering behavior.

For example, if the current Launcher isn't Direct Boot aware, we
hide it until the user is unlocked, which could confuse other Direct
Boot aware apps into thinking it had been uninstalled, which could
cause data loss.

This change helps apps track down places where they're implicitly
relying on the automatic filtering; they should instead carefully
choose a combination of MATCH_DIRECT_BOOT flags to decide on the
explicit matching behavior they want.

To implement this, we partially migrate the updateFlags() methods
out into ApplicationPackageManager, since the checking needs to
happen on the client side to correctly report StrictMode
violations.  We don't currently mutate the flags, but we retain
the naming to keep that door open in the future.

Test: manual
Bug: 110413274
Change-Id: Iff6feba19da81ea1b4eeb3af821c3bdfbd9bf17c
parent cb5064e5

api/current.txt

+6 −0
Original line number Diff line number Diff line
@@ -10137,6 +10137,7 @@ package android.content { 
    field public static final int FLAG_ACTIVITY_SINGLE_TOP = 536870912; // 0x20000000

    field public static final int FLAG_ACTIVITY_TASK_ON_HOME = 16384; // 0x4000

    field public static final int FLAG_DEBUG_LOG_RESOLUTION = 8; // 0x8

    field public static final int FLAG_DIRECT_BOOT_AUTO = 256; // 0x100

    field public static final int FLAG_EXCLUDE_STOPPED_PACKAGES = 16; // 0x10

    field public static final int FLAG_FROM_BACKGROUND = 4; // 0x4

    field public static final int FLAG_GRANT_PERSISTABLE_URI_PERMISSION = 64; // 0x40
@@ -11388,6 +11389,7 @@ package android.content.pm { 
    field public static final int INSTALL_REASON_USER = 4; // 0x4

    field public static final int MATCH_ALL = 131072; // 0x20000

    field public static final int MATCH_DEFAULT_ONLY = 65536; // 0x10000

    field public static final int MATCH_DIRECT_BOOT_AUTO = 268435456; // 0x10000000

    field public static final int MATCH_DIRECT_BOOT_AWARE = 524288; // 0x80000

    field public static final int MATCH_DIRECT_BOOT_UNAWARE = 262144; // 0x40000

    field public static final int MATCH_DISABLED_COMPONENTS = 512; // 0x200
@@ -33207,6 +33209,7 @@ package android.os { 
    method public android.os.StrictMode.VmPolicy.Builder detectCleartextNetwork();

    method public android.os.StrictMode.VmPolicy.Builder detectContentUriWithoutPermission();

    method public android.os.StrictMode.VmPolicy.Builder detectFileUriExposure();

    method public android.os.StrictMode.VmPolicy.Builder detectImplicitDirectBoot();

    method public android.os.StrictMode.VmPolicy.Builder detectLeakedClosableObjects();

    method public android.os.StrictMode.VmPolicy.Builder detectLeakedRegistrationObjects();

    method public android.os.StrictMode.VmPolicy.Builder detectLeakedSqlLiteObjects();
@@ -33620,6 +33623,9 @@ package android.os.strictmode { 
  public final class FileUriExposedViolation extends android.os.strictmode.Violation {

  }













  public final class ImplicitDirectBootViolation extends android.os.strictmode.Violation {













  }



























  public class InstanceCountViolation extends android.os.strictmode.Violation {















    method public long getNumberOfInstances();















  }

























api/test-current.txt



+1
−0




























Original line number
Diff line number
Diff line








@@ -695,6 +695,7 @@ package android.os {













    field public static final int DETECT_VM_CONTENT_URI_WITHOUT_PERMISSION = 32768; // 0x8000















    field public static final int DETECT_VM_CURSOR_LEAKS = 256; // 0x100















    field public static final int DETECT_VM_FILE_URI_EXPOSURE = 8192; // 0x2000













    field public static final int DETECT_VM_IMPLICIT_DIRECT_BOOT = 536870912; // 0x20000000















    field public static final int DETECT_VM_INSTANCE_LEAKS = 2048; // 0x800















    field public static final int DETECT_VM_NON_SDK_API_USAGE = 1073741824; // 0x40000000















    field public static final int DETECT_VM_REGISTRATION_LEAKS = 4096; // 0x1000

































core/java/android/app/ApplicationPackageManager.java



+178
−87


























File changed.
Preview size limit exceeded, changes collapsed.
























core/java/android/content/Intent.java



+16
−12




























Original line number
Diff line number
Diff line








@@ -5372,19 +5372,23 @@ public class Intent implements Parcelable, Cloneable {













    public static final int FLAG_GRANT_PREFIX_URI_PERMISSION = 0x00000080;































    /**













     * Internal flag used to indicate that a system component has done their













     * homework and verified that they correctly handle packages and components













     * that come and go over time. In particular:













     * <ul>













     * <li>Apps installed on external storage, which will appear to be













     * uninstalled while the the device is ejected.













     * <li>Apps with encryption unaware components, which will appear to not













     * exist while the device is locked.













     * </ul>













     *













     * @hide













     * Flag used to automatically match intents based on their Direct Boot













     * awareness and the current user state.













     * <p>













     * Since the default behavior is to automatically apply the current user













     * state, this is effectively a sentinel value that doesn't change the













     * output of any queries based on its presence or absence.













     * <p>













     * Instead, this value can be useful in conjunction with













     * {@link android.os.StrictMode.VmPolicy.Builder#detectImplicitDirectBoot()}













     * to detect when a caller is relying on implicit automatic matching,













     * instead of confirming the explicit behavior they want.















     */













    public static final int FLAG_DEBUG_TRIAGED_MISSING = 0x00000100;













    public static final int FLAG_DIRECT_BOOT_AUTO = 0x00000100;



























    /** {@hide} */













    @Deprecated













    public static final int FLAG_DEBUG_TRIAGED_MISSING = FLAG_DIRECT_BOOT_AUTO;































    /**















     * Internal flag used to indicate ephemeral applications should not be

































core/java/android/content/pm/PackageManager.java



+22
−13




























Original line number
Diff line number
Diff line








@@ -177,6 +177,7 @@ public abstract class PackageManager {













            MATCH_DEFAULT_ONLY,















            MATCH_DISABLED_COMPONENTS,















            MATCH_DISABLED_UNTIL_USED_COMPONENTS,













            MATCH_DIRECT_BOOT_AUTO,















            MATCH_DIRECT_BOOT_AWARE,















            MATCH_DIRECT_BOOT_UNAWARE,















            MATCH_SYSTEM_ONLY,









@@ -200,6 +201,7 @@ public abstract class PackageManager {













            MATCH_DISABLED_COMPONENTS,















            MATCH_DISABLED_UNTIL_USED_COMPONENTS,















            MATCH_DEFAULT_ONLY,













            MATCH_DIRECT_BOOT_AUTO,















            MATCH_DIRECT_BOOT_AWARE,















            MATCH_DIRECT_BOOT_UNAWARE,















            MATCH_SYSTEM_ONLY,










@@ -504,22 +506,29 @@ public abstract class PackageManager {













    public static final int GET_SIGNING_CERTIFICATES = 0x08000000;































    /**













     * Internal flag used to indicate that a system component has done their













     * homework and verified that they correctly handle packages and components













     * that come and go over time. In particular:













     * Querying flag: automatically match components based on their Direct Boot













     * awareness and the current user state.













     * <p>













     * Since the default behavior is to automatically apply the current user













     * state, this is effectively a sentinel value that doesn't change the













     * output of any queries based on its presence or absence.













     * <p>













     * Instead, this value can be useful in conjunction with













     * {@link android.os.StrictMode.VmPolicy.Builder#detectImplicitDirectBoot()}













     * to detect when a caller is relying on implicit automatic matching,













     * instead of confirming the explicit behavior they want, using a













     * combination of these flags:















     * <ul>













     * <li>Apps installed on external storage, which will appear to be













     * uninstalled while the the device is ejected.













     * <li>Apps with encryption unaware components, which will appear to not













     * exist while the device is locked.













     * <li>{@link #MATCH_DIRECT_BOOT_AWARE}













     * <li>{@link #MATCH_DIRECT_BOOT_UNAWARE}













     * <li>{@link #MATCH_DIRECT_BOOT_AUTO}















     * </ul>













     *













     * @see #MATCH_UNINSTALLED_PACKAGES













     * @see #MATCH_DIRECT_BOOT_AWARE













     * @see #MATCH_DIRECT_BOOT_UNAWARE













     * @hide















     */













    public static final int MATCH_DEBUG_TRIAGED_MISSING = 0x10000000;













    public static final int MATCH_DIRECT_BOOT_AUTO = 0x10000000;



























    /** @hide */













    @Deprecated













    public static final int MATCH_DEBUG_TRIAGED_MISSING = MATCH_DIRECT_BOOT_AUTO;































    /**















     * Flag for {@link #addCrossProfileIntentFilter}: if this flag is set: when