Merge "[DO NOT MERGE] Backport BAL restrictions from S to R, this blocks apps...

 * {@link android.content.Context#startActivity(android.content.Intent, android.os.Bundle)

 * Context.startActivity(Intent, Bundle)} and related methods.

 */

public class ActivityOptions {

public class ActivityOptions extends ComponentOptions {

    private static final String TAG = "ActivityOptions";

    /**

    }

    private ActivityOptions() {

        super();

    }

    /** @hide */

    public ActivityOptions(Bundle opts) {

        // If the remote side sent us bad parcelables, they won't get the

        // results they want, which is their loss.

        opts.setDefusable(true);

        super(opts);

        mPackageName = opts.getString(KEY_PACKAGE_NAME);

        try {

     * object; you must not modify it, but can supply it to the startActivity

     * methods that take an options Bundle.

     */

    @Override

    public Bundle toBundle() {

        Bundle b = new Bundle();

        Bundle b = super.toBundle();

        if (mPackageName != null) {

            b.putString(KEY_PACKAGE_NAME, mPackageName);

        }

 * {@hide}

 */

@SystemApi

public class BroadcastOptions {

public class BroadcastOptions extends ComponentOptions {

    private long mTemporaryAppWhitelistDuration;

    private int mMinManifestReceiverApiLevel = 0;

    private int mMaxManifestReceiverApiLevel = Build.VERSION_CODES.CUR_DEVELOPMENT;

    }

    private BroadcastOptions() {

        super();

    }

    /** @hide */

    public BroadcastOptions(Bundle opts) {

        super(opts);

        mTemporaryAppWhitelistDuration = opts.getLong(KEY_TEMPORARY_APP_WHITELIST_DURATION);

        mMinManifestReceiverApiLevel = opts.getInt(KEY_MIN_MANIFEST_RECEIVER_API_LEVEL, 0);

        mMaxManifestReceiverApiLevel = opts.getInt(KEY_MAX_MANIFEST_RECEIVER_API_LEVEL,

        return mAllowBackgroundActivityStarts;

    }

    /**

     * Set PendingIntent activity is allowed to be started in the background if the caller

     * can start background activities.

     * @hide

     */

    public void setPendingIntentBackgroundActivityLaunchAllowed(boolean allowed) {

        super.setPendingIntentBackgroundActivityLaunchAllowed(allowed);

    }

    /**

     * Get PendingIntent activity is allowed to be started in the background if the caller

     * can start background activities.

     * @hide

     */

    public boolean isPendingIntentBackgroundActivityLaunchAllowed() {

        return super.isPendingIntentBackgroundActivityLaunchAllowed();

    }

    /**

     * Returns the created options as a Bundle, which can be passed to

     * {@link android.content.Context#sendBroadcast(android.content.Intent)

     * object; you must not modify it, but can supply it to the sendBroadcast

     * methods that take an options Bundle.

     */

    @Override

    public Bundle toBundle() {

        Bundle b = new Bundle();

        Bundle b = super.toBundle();

        if (mTemporaryAppWhitelistDuration > 0) {

            b.putLong(KEY_TEMPORARY_APP_WHITELIST_DURATION, mTemporaryAppWhitelistDuration);

        }

/*

 * Copyright (C) 2022 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.app;

import android.os.Bundle;

/**

 * @hide

 */

public class ComponentOptions {

    /**

     * Default value for KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED.

     * @hide

     **/

    public static final boolean PENDING_INTENT_BAL_ALLOWED_DEFAULT = true;

    /**

     * PendingIntent caller allows activity start even if PendingIntent creator is in background.

     * This only works if the PendingIntent caller is allowed to start background activities,

     * for example if it's in the foreground, or has BAL permission.

     * @hide

     */

    public static final String KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED =

            "android.pendingIntent.backgroundActivityAllowed";

    private boolean mPendingIntentBalAllowed = PENDING_INTENT_BAL_ALLOWED_DEFAULT;

    ComponentOptions() {

    }

    ComponentOptions(Bundle opts) {

        // If the remote side sent us bad parcelables, they won't get the

        // results they want, which is their loss.

        opts.setDefusable(true);

        setPendingIntentBackgroundActivityLaunchAllowed(

                opts.getBoolean(KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED,

                        PENDING_INTENT_BAL_ALLOWED_DEFAULT));

    }

    /**

     * Set PendingIntent activity is allowed to be started in the background if the caller

     * can start background activities.

     *

     * @hide

     */

    public void setPendingIntentBackgroundActivityLaunchAllowed(boolean allowed) {

        mPendingIntentBalAllowed = allowed;

    }

    /**

     * Get PendingIntent activity is allowed to be started in the background if the caller

     * can start background activities.

     *

     * @hide

     */

    public boolean isPendingIntentBackgroundActivityLaunchAllowed() {

        return mPendingIntentBalAllowed;

    }

    /**

     * @hide

     */

    public Bundle toBundle() {

        Bundle bundle = new Bundle();

        bundle.putBoolean(KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED,

                mPendingIntentBalAllowed);

        return bundle;

    }

}

import android.annotation.UserIdInt;

import android.app.Activity;

import android.app.ActivityManager;

import android.app.ActivityOptions;

import android.app.AlarmManager;

import android.app.AppOpsManager;

import android.app.BroadcastOptions;

     * Broadcast options to use for FLAG_ALLOW_WHILE_IDLE.

     */

    Bundle mIdleOptions;

    ActivityOptions mActivityOptsRestrictBal = ActivityOptions.makeBasic();

    BroadcastOptions mBroadcastOptsRestrictBal = BroadcastOptions.makeBasic();

    private final SparseArray<AlarmManager.AlarmClockInfo> mNextAlarmClockForUser =

            new SparseArray<>();

                mLastAllowWhileIdleWhitelistDuration = ALLOW_WHILE_IDLE_WHITELIST_DURATION;

                BroadcastOptions opts = BroadcastOptions.makeBasic();

                opts.setTemporaryAppWhitelistDuration(ALLOW_WHILE_IDLE_WHITELIST_DURATION);

                opts.setPendingIntentBackgroundActivityLaunchAllowed(false);

                mIdleOptions = opts.toBundle();

            }

        }

    @Override

    public void onStart() {

        mInjector.init();

        mActivityOptsRestrictBal.setPendingIntentBackgroundActivityLaunchAllowed(false);

        mBroadcastOptsRestrictBal.setPendingIntentBackgroundActivityLaunchAllowed(false);

        mListenerDeathRecipient = new IBinder.DeathRecipient() {

            @Override

        return alarm.creatorUid;

    }

    private Bundle getAlarmOperationBundle(Alarm alarm) {

        if (alarm.operation.isActivity()) {

            return mActivityOptsRestrictBal.toBundle();

        }

        return mBroadcastOptsRestrictBal.toBundle();

    }

    @VisibleForTesting

    class AlarmHandler extends Handler {

        public static final int ALARM_EVENT = 1;

                    for (int i=0; i<triggerList.size(); i++) {

                        Alarm alarm = triggerList.get(i);

                        try {

                            alarm.operation.send();

                            // Disallow AlarmManager to start random background activity.

                            final Bundle bundle = getAlarmOperationBundle(alarm);

                            alarm.operation.send(/* context */ null, /* code */0, /* intent */

                                    null, /* onFinished */null, /* handler */

                                    null, /* requiredPermission */ null, bundle);

                        } catch (PendingIntent.CanceledException e) {

                            if (alarm.repeatInterval > 0) {

                                // This IntentSender is no longer valid, but this

                                mBackgroundIntent.putExtra(

                                        Intent.EXTRA_ALARM_COUNT, alarm.count),

                                mDeliveryTracker, mHandler, null,

                                allowWhileIdle ? mIdleOptions : null);

                                allowWhileIdle ? mIdleOptions : getAlarmOperationBundle(alarm));

                    } catch (PendingIntent.CanceledException e) {

                        if (alarm.repeatInterval > 0) {

                            // This IntentSender is no longer valid, but this

                requiredPermission, null, null, 0, 0, 0, options);

    }

    /**

     * Return true if the activity options allows PendingIntent to use caller's BAL permission.

     */

    public static boolean isPendingIntentBalAllowedByCaller(

            @Nullable ActivityOptions activityOptions) {

        if (activityOptions == null) {

            return ActivityOptions.PENDING_INTENT_BAL_ALLOWED_DEFAULT;

        }

        return isPendingIntentBalAllowedByCaller(activityOptions.toBundle());

    }

    private static boolean isPendingIntentBalAllowedByCaller(@Nullable Bundle options) {

        if (options == null) {

            return ActivityOptions.PENDING_INTENT_BAL_ALLOWED_DEFAULT;

        }

        return options.getBoolean(ActivityOptions.KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED,

                ActivityOptions.PENDING_INTENT_BAL_ALLOWED_DEFAULT);

    }

    public int sendInner(int code, Intent intent, String resolvedType, IBinder whitelistToken,

            IIntentReceiver finishedReceiver, String requiredPermission, IBinder resultTo,

            String resultWho, int requestCode, int flagsMask, int flagsValues, Bundle options) {

            // temporarily allow receivers and services to open activities from background if the

            // PendingIntent.send() caller was foreground at the time of sendInner() call

            final boolean allowTrampoline = uid != callingUid

                    && controller.mAtmInternal.isUidForeground(callingUid);

                    && controller.mAtmInternal.isUidForeground(callingUid)

                    && isPendingIntentBalAllowedByCaller(options);

            // note: we on purpose don't pass in the information about the PendingIntent's creator,

            // like pid or ProcessRecord, to the ActivityTaskManagerInternal calls below, because