diff options
author | Hui Yu <huiyu@google.com> | 2022-02-09 18:25:59 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2022-02-09 18:25:59 +0000 |
commit | 937036e0bde3021430166f8e791fc781d455675b (patch) | |
tree | 6af74f5c6e9fca6ac3fc1109f782209a7bdf2383 | |
parent | 053326ecdab86508a7c667d0ac04405bd3c2dcf8 (diff) | |
parent | 3021dae9b2e8d74a4620f2d6a050a194b753bc19 (diff) | |
download | base-937036e0bde3021430166f8e791fc781d455675b.tar.gz |
Merge "Revert "Merge "BG-FGS-start while-in-use permission restriction ..."" into rvc-qpr-dev
3 files changed, 22 insertions, 106 deletions
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java index aa38fd1e6fc4..c7391f27bd43 100644 --- a/services/core/java/com/android/server/am/ActiveServices.java +++ b/services/core/java/com/android/server/am/ActiveServices.java @@ -734,8 +734,11 @@ public final class ActiveServices { } ComponentName cmp = startServiceInnerLocked(smap, service, r, callerFg, addToStarting); - setFgsRestrictionLocked(callingPackage, callingPid, callingUid, r, - allowBackgroundActivityStarts); + if (!r.mAllowWhileInUsePermissionInFgs) { + r.mAllowWhileInUsePermissionInFgs = + shouldAllowWhileInUsePermissionInFgsLocked(callingPackage, callingPid, + callingUid, service, r, allowBackgroundActivityStarts); + } return cmp; } @@ -1408,6 +1411,14 @@ public final class ActiveServices { + String.format("0x%08X", manifestType) + " in service element of manifest file"); } + // If the foreground service is not started from TOP process, do not allow it to + // have while-in-use location/camera/microphone access. + if (!r.mAllowWhileInUsePermissionInFgs) { + Slog.w(TAG, + "Foreground service started from background can not have " + + "location/camera/microphone access: service " + + r.shortInstanceName); + } } boolean alreadyStartedOp = false; boolean stopProcStatsOp = false; @@ -1455,56 +1466,6 @@ public final class ActiveServices { ignoreForeground = true; } - if (!ignoreForeground) { - if (r.mStartForegroundCount == 0) { - /* - If the service was started with startService(), not - startForegroundService(), and if startForeground() isn't called within - mFgsStartForegroundTimeoutMs, then we check the state of the app - (who owns the service, which is the app that called startForeground()) - again. If the app is in the foreground, or in any other cases where - FGS-starts are allowed, then we still allow the FGS to be started. - Otherwise, startForeground() would fail. - - If the service was started with startForegroundService(), then the service - must call startForeground() within a timeout anyway, so we don't need this - check. - */ - if (!r.fgRequired) { - final long delayMs = SystemClock.elapsedRealtime() - r.createRealTime; - if (delayMs > mAm.mConstants.mFgsStartForegroundTimeoutMs) { - resetFgsRestrictionLocked(r); - setFgsRestrictionLocked(r.serviceInfo.packageName, r.app.pid, - r.appInfo.uid, r, false); - EventLog.writeEvent(0x534e4554, "183147114", - r.appInfo.uid, - "call setFgsRestrictionLocked again due to " - + "startForegroundTimeout"); - } - } - } else if (r.mStartForegroundCount >= 1) { - // The second or later time startForeground() is called after service is - // started. Check for app state again. - final long delayMs = SystemClock.elapsedRealtime() - - r.mLastSetFgsRestrictionTime; - if (delayMs > mAm.mConstants.mFgsStartForegroundTimeoutMs) { - setFgsRestrictionLocked(r.serviceInfo.packageName, r.app.pid, - r.appInfo.uid, r, false); - EventLog.writeEvent(0x534e4554, "183147114", r.appInfo.uid, - "call setFgsRestrictionLocked for " - + (r.mStartForegroundCount + 1) + "th startForeground"); - } - } - // If the foreground service is not started from TOP process, do not allow it to - // have while-in-use location/camera/microphone access. - if (!r.mAllowWhileInUsePermissionInFgs) { - Slog.w(TAG, - "Foreground service started from background can not have " - + "location/camera/microphone access: service " - + r.shortInstanceName); - } - } - // Apps under strict background restrictions simply don't get to have foreground // services, so now that we've enforced the startForegroundService() contract // we only do the machinery of making the service foreground when the app @@ -1540,7 +1501,6 @@ public final class ActiveServices { active.mNumActive++; } r.isForeground = true; - r.mStartForegroundCount++; if (!stopProcStatsOp) { ServiceState stracker = r.getTracker(); if (stracker != null) { @@ -1599,7 +1559,6 @@ public final class ActiveServices { decActiveForegroundAppLocked(smap, r); } r.isForeground = false; - resetFgsRestrictionLocked(r); ServiceState stracker = r.getTracker(); if (stracker != null) { stracker.setForeground(false, mAm.mProcessStats.getMemFactorLocked(), @@ -2159,7 +2118,12 @@ public final class ActiveServices { } } - setFgsRestrictionLocked(callingPackage, callingPid, callingUid, s, false); + if (!s.mAllowWhileInUsePermissionInFgs) { + s.mAllowWhileInUsePermissionInFgs = + shouldAllowWhileInUsePermissionInFgsLocked(callingPackage, + callingPid, callingUid, + service, s, false); + } if (s.app != null) { if ((flags&Context.BIND_TREAT_LIKE_ACTIVITY) != 0) { @@ -3455,7 +3419,7 @@ public final class ActiveServices { r.isForeground = false; r.foregroundId = 0; r.foregroundNoti = null; - resetFgsRestrictionLocked(r); + r.mAllowWhileInUsePermissionInFgs = false; // Clear start entries. r.clearDeliveredStartsLocked(); @@ -4936,7 +4900,7 @@ public final class ActiveServices { * @return true if allow, false otherwise. */ private boolean shouldAllowWhileInUsePermissionInFgsLocked(String callingPackage, - int callingPid, int callingUid, ServiceRecord r, + int callingPid, int callingUid, Intent intent, ServiceRecord r, boolean allowBackgroundActivityStarts) { // Is the background FGS start restriction turned on? if (!mAm.mConstants.mFlagBackgroundFgsStartRestrictionEnabled) { @@ -5022,29 +4986,7 @@ public final class ActiveServices { boolean canAllowWhileInUsePermissionInFgsLocked(int callingPid, int callingUid, String callingPackage) { return shouldAllowWhileInUsePermissionInFgsLocked( - callingPackage, callingPid, callingUid, null, false); + callingPackage, callingPid, callingUid, null, null, false); } - /** - * In R, mAllowWhileInUsePermissionInFgs is to allow while-in-use permissions in foreground - * service or not. while-in-use permissions in FGS started from background might be restricted. - * @param callingPackage caller app's package name. - * @param callingUid caller app's uid. - * @param r the service to start. - * @return true if allow, false otherwise. - */ - private void setFgsRestrictionLocked(String callingPackage, - int callingPid, int callingUid, ServiceRecord r, - boolean allowBackgroundActivityStarts) { - r.mLastSetFgsRestrictionTime = SystemClock.elapsedRealtime(); - if (!r.mAllowWhileInUsePermissionInFgs) { - r.mAllowWhileInUsePermissionInFgs = shouldAllowWhileInUsePermissionInFgsLocked( - callingPackage, callingPid, callingUid, r, allowBackgroundActivityStarts); - } - } - - private void resetFgsRestrictionLocked(ServiceRecord r) { - r.mAllowWhileInUsePermissionInFgs = false; - r.mLastSetFgsRestrictionTime = 0; - } } diff --git a/services/core/java/com/android/server/am/ActivityManagerConstants.java b/services/core/java/com/android/server/am/ActivityManagerConstants.java index 00d8208ea118..7be843f17863 100644 --- a/services/core/java/com/android/server/am/ActivityManagerConstants.java +++ b/services/core/java/com/android/server/am/ActivityManagerConstants.java @@ -88,7 +88,6 @@ final class ActivityManagerConstants extends ContentObserver { static final String KEY_PROCESS_START_ASYNC = "process_start_async"; static final String KEY_MEMORY_INFO_THROTTLE_TIME = "memory_info_throttle_time"; static final String KEY_TOP_TO_FGS_GRACE_DURATION = "top_to_fgs_grace_duration"; - static final String KEY_FGS_START_FOREGROUND_TIMEOUT = "fgs_start_foreground_timeout"; static final String KEY_PENDINGINTENT_WARNING_THRESHOLD = "pendingintent_warning_threshold"; private static final int DEFAULT_MAX_CACHED_PROCESSES = 32; @@ -122,7 +121,6 @@ final class ActivityManagerConstants extends ContentObserver { private static final boolean DEFAULT_PROCESS_START_ASYNC = true; private static final long DEFAULT_MEMORY_INFO_THROTTLE_TIME = 5*60*1000; private static final long DEFAULT_TOP_TO_FGS_GRACE_DURATION = 15 * 1000; - private static final int DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS = 10 * 1000; private static final int DEFAULT_PENDINGINTENT_WARNING_THRESHOLD = 2000; // Flag stored in the DeviceConfig API. @@ -275,12 +273,6 @@ final class ActivityManagerConstants extends ContentObserver { // this long. public long TOP_TO_FGS_GRACE_DURATION = DEFAULT_TOP_TO_FGS_GRACE_DURATION; - /** - * When service started from background, before the timeout it can be promoted to FGS by calling - * Service.startForeground(). - */ - volatile long mFgsStartForegroundTimeoutMs = DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS; - // Indicates whether the activity starts logging is enabled. // Controlled by Settings.Global.ACTIVITY_STARTS_LOGGING_ENABLED volatile boolean mFlagActivityStartsLoggingEnabled; @@ -429,9 +421,6 @@ final class ActivityManagerConstants extends ContentObserver { case KEY_MIN_ASSOC_LOG_DURATION: updateMinAssocLogDuration(); break; - case KEY_FGS_START_FOREGROUND_TIMEOUT: - updateFgsStartForegroundTimeout(); - break; default: break; } @@ -708,13 +697,6 @@ final class ActivityManagerConstants extends ContentObserver { /* defaultValue */ DEFAULT_MIN_ASSOC_LOG_DURATION); } - private void updateFgsStartForegroundTimeout() { - mFgsStartForegroundTimeoutMs = DeviceConfig.getLong( - DeviceConfig.NAMESPACE_ACTIVITY_MANAGER, - KEY_FGS_START_FOREGROUND_TIMEOUT, - DEFAULT_FGS_START_FOREGROUND_TIMEOUT_MS); - } - void dump(PrintWriter pw) { pw.println("ACTIVITY MANAGER SETTINGS (dumpsys activity settings) " + Settings.Global.ACTIVITY_MANAGER_CONSTANTS + ":"); @@ -787,8 +769,6 @@ final class ActivityManagerConstants extends ContentObserver { pw.println(Arrays.toString(IMPERCEPTIBLE_KILL_EXEMPT_PACKAGES.toArray())); pw.print(" "); pw.print(KEY_MIN_ASSOC_LOG_DURATION); pw.print("="); pw.println(MIN_ASSOC_LOG_DURATION); - pw.print(" "); pw.print(KEY_FGS_START_FOREGROUND_TIMEOUT); pw.print("="); - pw.println(mFgsStartForegroundTimeoutMs); pw.println(); if (mOverrideMaxCachedProcesses >= 0) { diff --git a/services/core/java/com/android/server/am/ServiceRecord.java b/services/core/java/com/android/server/am/ServiceRecord.java index 0e628289a09f..1b65dbac2294 100644 --- a/services/core/java/com/android/server/am/ServiceRecord.java +++ b/services/core/java/com/android/server/am/ServiceRecord.java @@ -142,10 +142,6 @@ final class ServiceRecord extends Binder implements ComponentName.WithComponentN // allow while-in-use permissions in foreground service or not. // while-in-use permissions in FGS started from background might be restricted. boolean mAllowWhileInUsePermissionInFgs; - // The number of times Service.startForeground() is called; - int mStartForegroundCount; - // Last time mAllowWhileInUsePermissionInFgs is set. - long mLastSetFgsRestrictionTime; // the most recent package that start/bind this service. String mRecentCallingPackage; @@ -410,8 +406,6 @@ final class ServiceRecord extends Binder implements ComponentName.WithComponentN } pw.print(prefix); pw.print("allowWhileInUsePermissionInFgs="); pw.println(mAllowWhileInUsePermissionInFgs); - pw.print(prefix); pw.print("startForegroundCount="); - pw.println(mStartForegroundCount); pw.print(prefix); pw.print("recentCallingPackage="); pw.println(mRecentCallingPackage); if (delayed) { |