Merge cherrypicks of [14554379, 14554380, 14554562, 14554565, 14554567, 14554524, 14554569, 14554525, 14554572, 14554574, 14554575, 14554577, 14554622, 14554628, 14554630, 14554631, 14554503, 14554632, 14554536, 14554633] into security-aosp-qt-releaseandroid-security-10.0.0_r56

Change-Id: I719edd3e51e12a3c70b1934c57fe02306a21a7f8
author: android-build-team Robot <android-build-team-robot@google.com> 2021-05-14 21:57:53 +0000
committer: android-build-team Robot <android-build-team-robot@google.com> 2021-05-14 21:57:53 +0000
commit: 420c6910e5cc76b8b29c02dbc1d4a313f3e22b88 (patch)
tree: 8a7f04ddae4002232aab04820012f72fe3b4ef74
parent: d5c8c2b9745dcbe222e86d8d2850b5eb4b1fc1b7 (diff)
parent: 85bb751aceea6efe1520885d005c670f93c1ce3c (diff)
download: base-420c6910e5cc76b8b29c02dbc1d4a313f3e22b88.tar.gz
5 files changed, 77 insertions, 42 deletions
diff --git a/services/core/java/com/android/server/notification/NotificationManagerService.java b/services/core/java/com/android/server/notification/NotificationManagerService.java
index 0bb89b776070..515686bbed4d 100644
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -5691,6 +5691,7 @@ public class NotificationManagerService extends SystemService {
             final PendingIntent pi = PendingIntent.getBroadcast(getContext(),
                     REQUEST_CODE_TIMEOUT,
                     new Intent(ACTION_NOTIFICATION_TIMEOUT)
+                            .setPackage(PackageManagerService.PLATFORM_PACKAGE_NAME)
                             .setData(new Uri.Builder().scheme(SCHEME_TIMEOUT)
                                     .appendPath(record.getKey()).build())
                             .addFlags(Intent.FLAG_RECEIVER_FOREGROUND)
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
index 79c86c167cf9..128b7f775117 100644
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
@@ -618,23 +618,30 @@ public class PermissionManagerService {
         }
 
         final int callingUid = Binder.getCallingUid();
-        final int userId = UserHandle.getUserId(newPackage.applicationInfo.uid);
-        int numRequestedPermissions = newPackage.requestedPermissions.size();
-        for (int i = 0; i < numRequestedPermissions; i++) {
-            PermissionInfo permInfo = getPermissionInfo(newPackage.requestedPermissions.get(i),
-                    newPackage.packageName, 0, callingUid);
-            if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {
-                continue;
-            }
 
-            EventLog.writeEvent(0x534e4554, "171430330", newPackage.applicationInfo.uid,
-                    "Revoking permission " + permInfo.name + " from package "
-                            + newPackage.packageName + " as either the sdk downgraded "
-                            + downgradedSdk + " or newly requested legacy full storage "
-                            + newlyRequestsLegacy);
+        for (int userId: mUserManagerInt.getUserIds()) {
+            int numRequestedPermissions = newPackage.requestedPermissions.size();
+            for (int i = 0; i < numRequestedPermissions; i++) {
+                PermissionInfo permInfo = getPermissionInfo(newPackage.requestedPermissions.get(i),
+                        newPackage.packageName, 0, callingUid);
+                if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {
+                    continue;
+                }
+
+                EventLog.writeEvent(0x534e4554, "171430330", newPackage.applicationInfo.uid,
+                        "Revoking permission " + permInfo.name + " from package "
+                                + newPackage.packageName + " as either the sdk downgraded "
+                                + downgradedSdk + " or newly requested legacy full storage "
+                                + newlyRequestsLegacy);
 
-            revokeRuntimePermission(permInfo.name, newPackage.packageName,
-                    false, userId, permissionCallback);
+                try {
+                    revokeRuntimePermission(permInfo.name, newPackage.packageName,
+                            false, userId, permissionCallback);
+                } catch (IllegalStateException | SecurityException e) {
+                    Log.e(TAG, "unable to revoke " + permInfo.name + " for "
+                            + newPackage.packageName + " user " + userId, e);
+                }
+            }
         }
 
     }
diff --git a/services/core/java/com/android/server/wm/RootActivityContainer.java b/services/core/java/com/android/server/wm/RootActivityContainer.java
index 3ec461d065ff..e785d8f45964 100644
--- a/services/core/java/com/android/server/wm/RootActivityContainer.java
+++ b/services/core/java/com/android/server/wm/RootActivityContainer.java
@@ -2111,13 +2111,14 @@ class RootActivityContainer extends ConfigurationContainer
                     final List<TaskRecord> tasks = stack.getAllTasks();
                     for (int taskNdx = tasks.size() - 1; taskNdx >= 0; taskNdx--) {
                         final TaskRecord task = tasks.get(taskNdx);
-
-                        // Check the task for a top activity belonging to userId, or returning a
-                        // result to an activity belonging to userId. Example case: a document
-                        // picker for personal files, opened by a work app, should still get locked.
-                        if (taskTopActivityIsUser(task, userId)) {
-                            mService.getTaskChangeNotificationController().notifyTaskProfileLocked(
-                                    task.taskId, userId);
+                        for (int activityNdx = task.mActivities.size() - 1; activityNdx >= 0;
+                                activityNdx--) {
+                            final ActivityRecord activity = task.mActivities.get(activityNdx);
+                            if (!activity.finishing && activity.mUserId == userId) {
+                                mService.getTaskChangeNotificationController()
+                                        .notifyTaskProfileLocked(task.taskId, userId);
+                                break;
+                            }
                         }
                     }
                 }
@@ -2127,26 +2128,6 @@ class RootActivityContainer extends ConfigurationContainer
         }
     }
 
-    /**
-     * Detects whether we should show a lock screen in front of this task for a locked user.
-     * <p>
-     * We'll do this if either of the following holds:
-     * <ul>
-     *   <li>The top activity explicitly belongs to {@param userId}.</li>
-     *   <li>The top activity returns a result to an activity belonging to {@param userId}.</li>
-     * </ul>
-     *
-     * @return {@code true} if the top activity looks like it belongs to {@param userId}.
-     */
-    private boolean taskTopActivityIsUser(TaskRecord task, @UserIdInt int userId) {
-        // To handle the case that work app is in the task but just is not the top one.
-        final ActivityRecord activityRecord = task.getTopActivity();
-        final ActivityRecord resultTo = (activityRecord != null ? activityRecord.resultTo : null);
-
-        return (activityRecord != null && activityRecord.mUserId == userId)
-                || (resultTo != null && resultTo.mUserId == userId);
-    }
-
     void cancelInitializingActivities() {
         for (int displayNdx = mActivityDisplays.size() - 1; displayNdx >= 0; --displayNdx) {
             final ActivityDisplay display = mActivityDisplays.get(displayNdx);
diff --git a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
index 9750cfc804fa..ab853abf756c 100644
--- a/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
+++ b/services/tests/uiservicestests/src/com/android/server/notification/NotificationManagerServiceTest.java
@@ -74,6 +74,7 @@ import static org.mockito.Mockito.when;
 
 import android.app.ActivityManager;
 import android.app.ActivityManagerInternal;
+import android.app.AlarmManager;
 import android.app.AppOpsManager;
 import android.app.AutomaticZenRule;
 import android.app.IActivityManager;
@@ -146,6 +147,7 @@ import com.android.server.lights.Light;
 import com.android.server.lights.LightsManager;
 import com.android.server.notification.NotificationManagerService.NotificationAssistants;
 import com.android.server.notification.NotificationManagerService.NotificationListeners;
+import com.android.server.pm.PackageManagerService;
 import com.android.server.uri.UriGrantsManagerInternal;
 import com.android.server.wm.WindowManagerInternal;
 
@@ -242,6 +244,9 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
     @Mock
     UserManager mUm;
 
+    @Mock
+    AlarmManager mAlarmManager;
+
     // Use a Testable subclass so we can simulate calls from the system without failing.
     private static class TestableNotificationManagerService extends NotificationManagerService {
         int countSystemChecks = 0;
@@ -337,6 +342,7 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
         LocalServices.addService(WindowManagerInternal.class, mWindowManagerInternal);
         LocalServices.removeServiceForTest(ActivityManagerInternal.class);
         LocalServices.addService(ActivityManagerInternal.class, mAmi);
+        mContext.addMockSystemService(Context.ALARM_SERVICE, mAlarmManager);
 
         doNothing().when(mContext).sendBroadcastAsUser(any(), any(), any());
 
@@ -548,6 +554,26 @@ public class NotificationManagerServiceTest extends UiServiceTestCase {
     }
 
     @Test
+    public void testLimitTimeOutBroadcast() {
+        NotificationChannel channel = new NotificationChannel("id", "name",
+                NotificationManager.IMPORTANCE_HIGH);
+        Notification.Builder nb = new Notification.Builder(mContext, channel.getId())
+                .setContentTitle("foo")
+                .setSmallIcon(android.R.drawable.sym_def_app_icon)
+                .setTimeoutAfter(1);
+
+        StatusBarNotification sbn = new StatusBarNotification(PKG, PKG, 8, "tag", mUid, 0,
+                nb.build(), UserHandle.getUserHandleForUid(mUid), null, 0);
+        NotificationRecord r = new NotificationRecord(mContext, sbn, channel);
+
+        mService.scheduleTimeoutLocked(r);
+        ArgumentCaptor<PendingIntent> captor = ArgumentCaptor.forClass(PendingIntent.class);
+        verify(mAlarmManager).setExactAndAllowWhileIdle(anyInt(), anyLong(), captor.capture());
+        assertEquals(PackageManagerService.PLATFORM_PACKAGE_NAME,
+                captor.getValue().getIntent().getPackage());
+    }
+
+    @Test
     public void testCreateNotificationChannels_SingleChannel() throws Exception {
         final NotificationChannel channel =
                 new NotificationChannel("id", "name", IMPORTANCE_DEFAULT);
diff --git a/services/tests/wmtests/src/com/android/server/wm/RootActivityContainerTests.java b/services/tests/wmtests/src/com/android/server/wm/RootActivityContainerTests.java
index 8d2c3dd80538..4e018c8624a2 100644
--- a/services/tests/wmtests/src/com/android/server/wm/RootActivityContainerTests.java
+++ b/services/tests/wmtests/src/com/android/server/wm/RootActivityContainerTests.java
@@ -59,6 +59,7 @@ import android.content.pm.ApplicationInfo;
 import android.content.pm.ResolveInfo;
 import android.content.res.Resources;
 import android.graphics.Rect;
+import android.os.UserHandle;
 import android.platform.test.annotations.Presubmit;
 import android.util.Pair;
 
@@ -816,6 +817,25 @@ public class RootActivityContainerTests extends ActivityTestsBase {
         assertEquals(infoFake1.activityInfo.name, resolvedInfo.first.name);
     }
 
+    @Test
+    public void testLockAllProfileTasks() {
+        // Make an activity visible with the user id set to 1
+        final TaskRecord task = new TaskBuilder(mSupervisor).setStack(mFullscreenStack).build();
+        final ActivityRecord activity = new ActivityBuilder(mService).setTask(task)
+                .setUid(UserHandle.PER_USER_RANGE + 1).build();
+
+        // Create another activity on top and the user id is 2
+        final ActivityRecord topActivity = new ActivityBuilder(mService)
+                .setTask(task).setUid(UserHandle.PER_USER_RANGE + 2).build();
+
+        // Make sure the listeners will be notified for putting the task to locked state
+        TaskChangeNotificationController controller =
+                mService.getTaskChangeNotificationController();
+        spyOn(controller);
+        mService.mRootActivityContainer.lockAllProfileTasks(1);
+        verify(controller).notifyTaskProfileLocked(eq(task.taskId), eq(1));
+    }
+
     /**
      * Mock {@link RootActivityContainerTests#resolveHomeActivity} for returning consistent activity
      * info for test cases (the original implementation will resolve from the real package manager).
author	android-build-team Robot <android-build-team-robot@google.com>	2021-05-14 21:57:53 +0000
committer	android-build-team Robot <android-build-team-robot@google.com>	2021-05-14 21:57:53 +0000
commit	420c6910e5cc76b8b29c02dbc1d4a313f3e22b88 (patch)
tree	8a7f04ddae4002232aab04820012f72fe3b4ef74
parent	d5c8c2b9745dcbe222e86d8d2850b5eb4b1fc1b7 (diff)
parent	85bb751aceea6efe1520885d005c670f93c1ce3c (diff)
download	base-420c6910e5cc76b8b29c02dbc1d4a313f3e22b88.tar.gz