From e7c5ced2119f89b8e8b722b9010e685db8168b69 Mon Sep 17 00:00:00 2001 From: Charles He Date: Wed, 12 Apr 2017 16:22:35 +0100 Subject: [PATCH] Disallow direct-boot aware activities to bypass work lock Effectively reverting 89927b3cd96472c478a988d6c731cd09d412a043, which allowed direct-boot aware activities in the work profile to show before the profile was unlocked. This causes problems with key eviction introduced in O. Specifically, many system activities (e.g. ChooserActivity, activities in Settings, etc.) are marked direct-boot aware, and therefore can be started while the work profile is locked with key evicted. Currently they either bypass the keyguard when they should not, or simply crash due to profile still being locked. In the future, we need to create a new mechanism to allow activities such as video calls, alarm clocks, etc. to bypass the work keyguard. It probably involves checking for something like FLAG_SHOW_WHEN_LOCKED. Bug: 36961785 Bug: 35708183 Bug: 30296144 Test: manual, by following the steps in the bugs quoted Test: runtest -c com.android.server.am.ActivityManagerServiceTest frameworks-services Change-Id: I5ccaaf963f3dd96e4abb785a10aa258b15363178 --- core/java/android/app/IActivityManager.aidl | 11 ----------- .../systemui/statusbar/phone/StatusBar.java | 15 ++++----------- .../server/am/ActivityManagerService.java | 18 ------------------ .../server/am/ActivityStartInterceptor.java | 6 +----- 4 files changed, 5 insertions(+), 45 deletions(-) diff --git a/core/java/android/app/IActivityManager.aidl b/core/java/android/app/IActivityManager.aidl index 079bbcdd4951c..79c2f1e1d3826 100644 --- a/core/java/android/app/IActivityManager.aidl +++ b/core/java/android/app/IActivityManager.aidl @@ -576,17 +576,6 @@ interface IActivityManager { * @param hasTopUi Whether the calling process has "top-level" UI. */ void setHasTopUi(boolean hasTopUi); - /** - * Returns if the target of the PendingIntent can be fired directly, without triggering - * a work profile challenge. This can happen if the PendingIntent is to start direct-boot - * aware activities, and the target user is in RUNNING_LOCKED state, i.e. we should allow - * direct-boot aware activity to bypass work challenge when the user hasn't unlocked yet. - * @param intent the {@link PendingIntent} to be tested. - * @return {@code true} if the intent should not trigger a work challenge, {@code false} - * otherwise. - * @throws RemoteException - */ - boolean canBypassWorkChallenge(in PendingIntent intent); // Start of O transactions void requestActivityRelaunch(in IBinder token); diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java b/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java index 9304de52a6bee..d3cb6a4a87826 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBar.java @@ -6369,17 +6369,10 @@ public class StatusBar extends SystemUI implements DemoMode, .getIdentifier(); if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId) && mKeyguardManager.isDeviceLocked(userId)) { - boolean canBypass = false; - try { - canBypass = ActivityManager.getService() - .canBypassWorkChallenge(intent); - } catch (RemoteException e) { - } - // For direct-boot aware activities, they can be shown when - // the device is still locked without triggering the work - // challenge. - if ((!canBypass) && startWorkChallengeIfNecessary(userId, - intent.getIntentSender(), notificationKey)) { + // TODO(b/28935539): should allow certain activities to + // bypass work challenge + if (startWorkChallengeIfNecessary(userId, + intent.getIntentSender(), notificationKey)) { // Show work challenge, do not run PendingIntent and // remove notification return; diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 35654d76dee5b..82d5439bb3cd2 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -23760,24 +23760,6 @@ public class ActivityManagerService extends IActivityManager.Stub } } - @Override - public boolean canBypassWorkChallenge(PendingIntent intent) throws RemoteException { - final int userId = intent.getCreatorUserHandle().getIdentifier(); - if (!mUserController.isUserRunningLocked(userId, ActivityManager.FLAG_AND_LOCKED)) { - return false; - } - IIntentSender target = intent.getTarget(); - if (!(target instanceof PendingIntentRecord)) { - return false; - } - final PendingIntentRecord record = (PendingIntentRecord) target; - final ResolveInfo rInfo = mStackSupervisor.resolveIntent(record.key.requestIntent, - record.key.requestResolvedType, userId, PackageManager.MATCH_DIRECT_BOOT_AWARE); - // For direct boot aware activities, they can be shown without triggering a work challenge - // before the profile user is unlocked. - return rInfo != null && rInfo.activityInfo != null; - } - @Override public void dismissKeyguard(IBinder token, IKeyguardDismissCallback callback) throws RemoteException { diff --git a/services/core/java/com/android/server/am/ActivityStartInterceptor.java b/services/core/java/com/android/server/am/ActivityStartInterceptor.java index cafc4f0ecc96c..b91c7b1726f3f 100644 --- a/services/core/java/com/android/server/am/ActivityStartInterceptor.java +++ b/services/core/java/com/android/server/am/ActivityStartInterceptor.java @@ -210,11 +210,7 @@ class ActivityStartInterceptor { if (!mService.mUserController.shouldConfirmCredentials(userId)) { return null; } - // Allow direct boot aware activity to be displayed before the user is unlocked. - if (aInfo.directBootAware && mService.mUserController.isUserRunningLocked(userId, - ActivityManager.FLAG_AND_LOCKED)) { - return null; - } + // TODO(b/28935539): should allow certain activities to bypass work challenge final IIntentSender target = mService.getIntentSenderLocked( INTENT_SENDER_ACTIVITY, callingPackage, Binder.getCallingUid(), userId, null, null, 0, new Intent[]{ intent },