Merge "Use hook in AdServices to check if process can register to broadcastReceivers"

    // Encapsulates the global setting "hidden_api_blacklist_exemptions"

    final HiddenApiSettings mHiddenApiBlacklist;

    final SdkSandboxSettings mSdkSandboxSettings;

    private final PlatformCompat mPlatformCompat;

    PackageManagerInternal mPackageManagerInt;

        }

    }

    /**

     * Handles settings related to the enforcement of SDK sandbox restrictions.

     */

    static class SdkSandboxSettings implements DeviceConfig.OnPropertiesChangedListener {

        private final Context mContext;

        private final Object mLock = new Object();

        @GuardedBy("mLock")

        private boolean mEnforceBroadcastReceiverRestrictions;

        /**

         * Property to enforce broadcast receiver restrictions for SDK sandbox processes. If the

         * value of this property is {@code true}, the restrictions will be enforced.

         */

        public static final String ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS =

                "enforce_broadcast_receiver_restrictions";

        SdkSandboxSettings(Context context) {

            mContext = context;

        }

        void registerObserver() {

            synchronized (mLock) {

                mEnforceBroadcastReceiverRestrictions = DeviceConfig.getBoolean(

                        DeviceConfig.NAMESPACE_SDK_SANDBOX,

                        ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS, false);

                DeviceConfig.addOnPropertiesChangedListener(DeviceConfig.NAMESPACE_SDK_SANDBOX,

                        mContext.getMainExecutor(), this);

            }

        }

        @Override

        public void onPropertiesChanged(DeviceConfig.Properties properties) {

            synchronized (mLock) {

                mEnforceBroadcastReceiverRestrictions = properties.getBoolean(

                        ENFORCE_BROADCAST_RECEIVER_RESTRICTIONS, false);

            }

        }

        boolean isBroadcastReceiverRestrictionsEnforced() {

            synchronized (mLock) {

                return mEnforceBroadcastReceiverRestrictions;

            }

        }

    }

    AppOpsManager getAppOpsManager() {

        if (mAppOpsManager == null) {

            mAppOpsManager = mContext.getSystemService(AppOpsManager.class);

        mProcStartHandlerThread = null;

        mProcStartHandler = null;

        mHiddenApiBlacklist = null;

        mSdkSandboxSettings = null;

        mFactoryTest = FACTORY_TEST_OFF;

        mUgmInternal = LocalServices.getService(UriGrantsManagerInternal.class);

        mInternal = new LocalService();

        mAtmInternal = LocalServices.getService(ActivityTaskManagerInternal.class);

        mHiddenApiBlacklist = new HiddenApiSettings(mHandler, mContext);

        mSdkSandboxSettings = new SdkSandboxSettings(mContext);

        Watchdog.getInstance().addMonitor(this);

        Watchdog.getInstance().addThread(mHandler);

        final boolean alwaysFinishActivities =

                Settings.Global.getInt(resolver, ALWAYS_FINISH_ACTIVITIES, 0) != 0;

        mHiddenApiBlacklist.registerObserver();

        mSdkSandboxSettings.registerObserver();

        mPlatformCompat.registerContentObserver();

        mAppProfiler.retrieveSettings();

            String callerFeatureId, String receiverId, IIntentReceiver receiver,

            IntentFilter filter, String permission, int userId, int flags) {

        enforceNotIsolatedCaller("registerReceiver");

        // Allow Sandbox process to register only unexported receivers.

        boolean unexported = (flags & Context.RECEIVER_NOT_EXPORTED) != 0;

        if (mSdkSandboxSettings.isBroadcastReceiverRestrictionsEnforced()

                && Process.isSdkSandboxUid(Binder.getCallingUid())

                && !unexported) {

            throw new SecurityException("SDK sandbox process not allowed to call "

                + "registerReceiver");

        }

        ArrayList<Intent> stickyIntents = null;

        ProcessRecord callerApp = null;

        final boolean visibleToInstantApps

                }

            }

            if (Process.isSdkSandboxUid(Binder.getCallingUid())) {

                SdkSandboxManagerLocal sdkSandboxManagerLocal =

                        LocalManagerRegistry.getManager(SdkSandboxManagerLocal.class);

                if (sdkSandboxManagerLocal == null) {

                    throw new IllegalStateException("SdkSandboxManagerLocal not found when checking"

                            + " whether SDK sandbox uid can register to broadcast receivers.");

                }

                if (!sdkSandboxManagerLocal.canRegisterBroadcastReceiver(

                        /*IntentFilter=*/ filter, flags, onlyProtectedBroadcasts)) {

                    throw new SecurityException("SDK sandbox not allowed to register receiver"

                            + " with the given IntentFilter");

                }

            }

            // If the change is enabled, but neither exported or not exported is set, we need to log

            // an error so the consumer can know to explicitly set the value for their flag.

            // If the caller is registering for a sticky broadcast with a null receiver, we won't