Disallow direct-boot aware activities to bypass work lock (e7c5ced2) · Commits · e / os / android_frameworks_base

core/java/android/app/IActivityManager.aidl

+0 −11

Original line number	Diff line number	Diff line
		@@ -576,17 +576,6 @@ interface IActivityManager {
		* @param hasTopUi Whether the calling process has "top-level" UI.
		*/
		void setHasTopUi(boolean hasTopUi);
		/**
		* Returns if the target of the PendingIntent can be fired directly, without triggering
		* a work profile challenge. This can happen if the PendingIntent is to start direct-boot
		* aware activities, and the target user is in RUNNING_LOCKED state, i.e. we should allow
		* direct-boot aware activity to bypass work challenge when the user hasn't unlocked yet.
		* @param intent the {@link PendingIntent} to be tested.
		* @return {@code true} if the intent should not trigger a work challenge, {@code false}
		* otherwise.
		* @throws RemoteException
		*/
		boolean canBypassWorkChallenge(in PendingIntent intent);

		// Start of O transactions
		void requestActivityRelaunch(in IBinder token);

+4 −11

Original line number	Diff line number	Diff line
		@@ -6369,16 +6369,9 @@ public class StatusBar extends SystemUI implements DemoMode,
		.getIdentifier();
		if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)
		&& mKeyguardManager.isDeviceLocked(userId)) {
		boolean canBypass = false;
		try {
		canBypass = ActivityManager.getService()
		.canBypassWorkChallenge(intent);
		} catch (RemoteException e) {
		}
		// For direct-boot aware activities, they can be shown when
		// the device is still locked without triggering the work
		// challenge.
		if ((!canBypass) && startWorkChallengeIfNecessary(userId,
		// TODO(b/28935539): should allow certain activities to
		// bypass work challenge
		if (startWorkChallengeIfNecessary(userId,
		intent.getIntentSender(), notificationKey)) {
		// Show work challenge, do not run PendingIntent and
		// remove notification

+0 −18

Original line number	Diff line number	Diff line
		@@ -23760,24 +23760,6 @@ public class ActivityManagerService extends IActivityManager.Stub
		}
		}

		@Override
		public boolean canBypassWorkChallenge(PendingIntent intent) throws RemoteException {
		final int userId = intent.getCreatorUserHandle().getIdentifier();
		if (!mUserController.isUserRunningLocked(userId, ActivityManager.FLAG_AND_LOCKED)) {
		return false;
		}
		IIntentSender target = intent.getTarget();
		if (!(target instanceof PendingIntentRecord)) {
		return false;
		}
		final PendingIntentRecord record = (PendingIntentRecord) target;
		final ResolveInfo rInfo = mStackSupervisor.resolveIntent(record.key.requestIntent,
		record.key.requestResolvedType, userId, PackageManager.MATCH_DIRECT_BOOT_AWARE);
		// For direct boot aware activities, they can be shown without triggering a work challenge
		// before the profile user is unlocked.
		return rInfo != null && rInfo.activityInfo != null;
		}

		@Override
		public void dismissKeyguard(IBinder token, IKeyguardDismissCallback callback)
		throws RemoteException {

+1 −5

Original line number	Diff line number	Diff line
		@@ -210,11 +210,7 @@ class ActivityStartInterceptor {
		if (!mService.mUserController.shouldConfirmCredentials(userId)) {
		return null;
		}
		// Allow direct boot aware activity to be displayed before the user is unlocked.
		if (aInfo.directBootAware && mService.mUserController.isUserRunningLocked(userId,
		ActivityManager.FLAG_AND_LOCKED)) {
		return null;
		}
		// TODO(b/28935539): should allow certain activities to bypass work challenge
		final IIntentSender target = mService.getIntentSenderLocked(
		INTENT_SENDER_ACTIVITY, callingPackage,
		Binder.getCallingUid(), userId, null, null, 0, new Intent[]{ intent },