Better named encryption flags, start triaging.
Create distinct flags for encryption aware, unaware, and both, and
name them like the other MATCH_ flags.
Start adding logic to help triage all system internal callers to
verify that they've done their homework and thought about how to
handle apps while locked. Call sites in the system should either
ask for explicit matching behavior, or explicitly use the DEFAULT
match flag to indicate that they've been triaged to use the
default state-based matching.
Bug: 26250295
Change-Id: I86214e5c4f71a6dc72f06930800388713aecd107
diff --git a/api/current.txt b/api/current.txt
index 19c1f8e..878e7ce 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -9567,7 +9567,6 @@
field public static final int GET_CONFIGURATIONS = 16384; // 0x4000
field public static final int GET_DISABLED_COMPONENTS = 512; // 0x200
field public static final int GET_DISABLED_UNTIL_USED_COMPONENTS = 32768; // 0x8000
- field public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 262144; // 0x40000
field public static final int GET_GIDS = 256; // 0x100
field public static final int GET_INSTRUMENTATION = 16; // 0x10
field public static final int GET_INTENT_FILTERS = 32; // 0x20
@@ -9583,6 +9582,9 @@
field public static final int GET_URI_PERMISSION_PATTERNS = 2048; // 0x800
field public static final int MATCH_ALL = 131072; // 0x20000
field public static final int MATCH_DEFAULT_ONLY = 65536; // 0x10000
+ field public static final int MATCH_ENCRYPTION_AWARE_AND_UNAWARE = 786432; // 0xc0000
+ field public static final int MATCH_ENCRYPTION_AWARE_ONLY = 524288; // 0x80000
+ field public static final int MATCH_ENCRYPTION_UNAWARE_ONLY = 262144; // 0x40000
field public static final long MAXIMUM_VERIFICATION_TIMEOUT = 3600000L; // 0x36ee80L
field public static final int PERMISSION_DENIED = -1; // 0xffffffff
field public static final int PERMISSION_GRANTED = 0; // 0x0
diff --git a/api/system-current.txt b/api/system-current.txt
index 93d3e24..8fd6774 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -9883,7 +9883,6 @@
field public static final int GET_CONFIGURATIONS = 16384; // 0x4000
field public static final int GET_DISABLED_COMPONENTS = 512; // 0x200
field public static final int GET_DISABLED_UNTIL_USED_COMPONENTS = 32768; // 0x8000
- field public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 262144; // 0x40000
field public static final int GET_GIDS = 256; // 0x100
field public static final int GET_INSTRUMENTATION = 16; // 0x10
field public static final int GET_INTENT_FILTERS = 32; // 0x20
@@ -9936,6 +9935,9 @@
field public static final int MASK_PERMISSION_FLAGS = 255; // 0xff
field public static final int MATCH_ALL = 131072; // 0x20000
field public static final int MATCH_DEFAULT_ONLY = 65536; // 0x10000
+ field public static final int MATCH_ENCRYPTION_AWARE_AND_UNAWARE = 786432; // 0xc0000
+ field public static final int MATCH_ENCRYPTION_AWARE_ONLY = 524288; // 0x80000
+ field public static final int MATCH_ENCRYPTION_UNAWARE_ONLY = 262144; // 0x40000
field public static final long MAXIMUM_VERIFICATION_TIMEOUT = 3600000L; // 0x36ee80L
field public static final int PERMISSION_DENIED = -1; // 0xffffffff
field public static final int PERMISSION_GRANTED = 0; // 0x0
diff --git a/api/test-current.txt b/api/test-current.txt
index 2c9788b..104a894 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -9567,7 +9567,6 @@
field public static final int GET_CONFIGURATIONS = 16384; // 0x4000
field public static final int GET_DISABLED_COMPONENTS = 512; // 0x200
field public static final int GET_DISABLED_UNTIL_USED_COMPONENTS = 32768; // 0x8000
- field public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 262144; // 0x40000
field public static final int GET_GIDS = 256; // 0x100
field public static final int GET_INSTRUMENTATION = 16; // 0x10
field public static final int GET_INTENT_FILTERS = 32; // 0x20
@@ -9583,6 +9582,9 @@
field public static final int GET_URI_PERMISSION_PATTERNS = 2048; // 0x800
field public static final int MATCH_ALL = 131072; // 0x20000
field public static final int MATCH_DEFAULT_ONLY = 65536; // 0x10000
+ field public static final int MATCH_ENCRYPTION_AWARE_AND_UNAWARE = 786432; // 0xc0000
+ field public static final int MATCH_ENCRYPTION_AWARE_ONLY = 524288; // 0x80000
+ field public static final int MATCH_ENCRYPTION_UNAWARE_ONLY = 262144; // 0x40000
field public static final long MAXIMUM_VERIFICATION_TIMEOUT = 3600000L; // 0x36ee80L
field public static final int PERMISSION_DENIED = -1; // 0xffffffff
field public static final int PERMISSION_GRANTED = 0; // 0x0
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index 9973faf..0f3ca10 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -4168,6 +4168,14 @@
public static final int FLAG_GRANT_PREFIX_URI_PERMISSION = 0x00000080;
/**
+ * Internal flag used to indicate that a system component has done their
+ * homework and verified their encryption-aware behavior.
+ *
+ * @hide
+ */
+ public static final int FLAG_DEBUG_ENCRYPTION_TRIAGED = 0x00000100;
+
+ /**
* If set, the new activity is not kept in the history stack. As soon as
* the user navigates away from it, the activity is finished. This may also
* be set with the {@link android.R.styleable#AndroidManifestActivity_noHistory
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index 3235bcf..1882f8d 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -47,10 +47,8 @@
import android.os.RemoteException;
import android.os.UserHandle;
import android.os.storage.VolumeInfo;
-import android.provider.Settings;
import android.util.AndroidException;
-import android.util.Log;
import com.android.internal.util.ArrayUtils;
import java.io.File;
@@ -236,21 +234,33 @@
public static final int MATCH_ALL = 0x00020000;
/**
- * {@link PackageInfo} flag: include components which aren't encryption
- * aware in the returned info, regardless of the current user state.
+ * {@link PackageInfo} flag: include only components which are encryption
+ * unaware in the returned info, regardless of the current user state.
*/
- public static final int GET_ENCRYPTION_UNAWARE_COMPONENTS = 0x00040000;
+ public static final int MATCH_ENCRYPTION_UNAWARE_ONLY = 0x00040000;
/**
- * {@link PackageInfo} flag: return components that are marked as
- * {@link ComponentInfo#encryptionAware}, unless
- * {@link #GET_ENCRYPTION_UNAWARE_COMPONENTS} is also specified.
- * <p>
- * This flag is for internal use only.
+ * {@link PackageInfo} flag: include only components which are encryption
+ * aware in the returned info, regardless of the current user state.
+ */
+ public static final int MATCH_ENCRYPTION_AWARE_ONLY = 0x00080000;
+
+ /**
+ * {@link PackageInfo} flag: include both encryption aware and unaware
+ * components in the returned info, regardless of the current user state.
+ */
+ public static final int MATCH_ENCRYPTION_AWARE_AND_UNAWARE = MATCH_ENCRYPTION_AWARE_ONLY
+ | MATCH_ENCRYPTION_UNAWARE_ONLY;
+
+ /**
+ * {@link PackageInfo} flag: use the default encryption matching behavior
+ * based on user state. Internal flag used to indicate that a system
+ * component has done their homework and verified their encryption-aware
+ * behavior.
*
* @hide
*/
- public static final int MATCH_ENCRYPTION_AWARE_ONLY = 0x00080000;
+ public static final int MATCH_ENCRYPTION_DEFAULT = 0x00100000;
/**
* Flag for {@link addCrossProfileIntentFilter}: if this flag is set:
diff --git a/core/java/android/content/pm/RegisteredServicesCache.java b/core/java/android/content/pm/RegisteredServicesCache.java
index a413f36..bb28bde 100644
--- a/core/java/android/content/pm/RegisteredServicesCache.java
+++ b/core/java/android/content/pm/RegisteredServicesCache.java
@@ -365,7 +365,7 @@
protected List<ResolveInfo> queryIntentServices(int userId) {
final PackageManager pm = mContext.getPackageManager();
return pm.queryIntentServicesAsUser(new Intent(mInterfaceName),
- PackageManager.GET_META_DATA | PackageManager.GET_ENCRYPTION_UNAWARE_COMPONENTS,
+ PackageManager.GET_META_DATA | PackageManager.MATCH_ENCRYPTION_AWARE_AND_UNAWARE,
userId);
}
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index 487c273..ad829d0 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -807,8 +807,8 @@
// System user does not have media provider, so skip.
if (user.isSystemOnly()) continue;
- final ProviderInfo provider =
- mPms.resolveContentProvider(MediaStore.AUTHORITY, 0, user.id);
+ final ProviderInfo provider = mPms.resolveContentProvider(MediaStore.AUTHORITY,
+ PackageManager.MATCH_ENCRYPTION_AWARE_AND_UNAWARE, user.id);
if (provider != null) {
final IActivityManager am = ActivityManagerNative.getDefault();
try {
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index de0a23a..552db7d 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -3590,6 +3590,7 @@
Intent getHomeIntent() {
Intent intent = new Intent(mTopAction, mTopData != null ? Uri.parse(mTopData) : null);
intent.setComponent(mTopComponent);
+ intent.addFlags(Intent.FLAG_DEBUG_ENCRYPTION_TRIAGED);
if (mFactoryTest != FactoryTest.FACTORY_TEST_LOW_LEVEL) {
intent.addCategory(Intent.CATEGORY_HOME);
}
@@ -9786,9 +9787,10 @@
private final List<ProviderInfo> generateApplicationProvidersLocked(ProcessRecord app) {
List<ProviderInfo> providers = null;
try {
- ParceledListSlice<ProviderInfo> slice = AppGlobals.getPackageManager().
- queryContentProviders(app.processName, app.uid,
- STOCK_PM_FLAGS | PackageManager.GET_URI_PERMISSION_PATTERNS);
+ ParceledListSlice<ProviderInfo> slice = AppGlobals.getPackageManager()
+ .queryContentProviders(app.processName, app.uid,
+ STOCK_PM_FLAGS | PackageManager.GET_URI_PERMISSION_PATTERNS
+ | PackageManager.MATCH_ENCRYPTION_DEFAULT);
providers = slice != null ? slice.getList() : null;
} catch (RemoteException ex) {
}
@@ -16995,6 +16997,9 @@
private List<ResolveInfo> collectReceiverComponents(Intent intent, String resolvedType,
int callingUid, int[] users) {
+ // TODO: come back and remove this assumption to triage all broadcasts
+ int pmFlags = STOCK_PM_FLAGS | PackageManager.MATCH_ENCRYPTION_DEFAULT;
+
List<ResolveInfo> receivers = null;
try {
HashSet<ComponentName> singleUserReceivers = null;
@@ -17007,7 +17012,7 @@
continue;
}
List<ResolveInfo> newReceivers = AppGlobals.getPackageManager()
- .queryIntentReceivers(intent, resolvedType, STOCK_PM_FLAGS, user);
+ .queryIntentReceivers(intent, resolvedType, pmFlags, user);
if (user != UserHandle.USER_SYSTEM && newReceivers != null) {
// If this is not the system user, we need to check for
// any receivers that should be filtered out.
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index 2ac0ba6..1997e40 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -2187,7 +2187,8 @@
// update rules for all installed applications
final List<UserInfo> users = mUserManager.getUsers();
final List<ApplicationInfo> apps = pm.getInstalledApplications(
- PackageManager.GET_UNINSTALLED_PACKAGES | PackageManager.GET_DISABLED_COMPONENTS);
+ PackageManager.GET_UNINSTALLED_PACKAGES | PackageManager.GET_DISABLED_COMPONENTS
+ | PackageManager.MATCH_ENCRYPTION_AWARE_AND_UNAWARE);
for (UserInfo user : users) {
for (ApplicationInfo app : apps) {
diff --git a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
index 073b4f03..f604bb7 100644
--- a/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java
@@ -57,7 +57,7 @@
private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
private static final boolean DEBUG = false;
- private static final int DEFAULT_FLAGS = PackageManager.GET_ENCRYPTION_UNAWARE_COMPONENTS;
+ private static final int DEFAULT_FLAGS = PackageManager.MATCH_ENCRYPTION_AWARE_AND_UNAWARE;
private static final String AUDIO_MIME_TYPE = "audio/mpeg";
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index dfb01eb..4b77923 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -54,10 +54,10 @@
import static android.content.pm.PackageManager.INSTALL_INTERNAL;
import static android.content.pm.PackageManager.INSTALL_PARSE_FAILED_INCONSISTENT_CERTIFICATES;
import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
+import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK;
import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK;
import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER;
import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED;
-import static android.content.pm.PackageManager.INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK;
import static android.content.pm.PackageManager.MATCH_ALL;
import static android.content.pm.PackageManager.MOVE_FAILED_DOESNT_EXIST;
import static android.content.pm.PackageManager.MOVE_FAILED_INTERNAL_ERROR;
@@ -71,6 +71,7 @@
import static android.os.Trace.TRACE_TAG_PACKAGE_MANAGER;
import static android.system.OsConstants.O_CREAT;
import static android.system.OsConstants.O_RDWR;
+
import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_MANAGED_PROFILE;
import static com.android.internal.app.IntentForwarderActivity.FORWARD_INTENT_TO_PARENT;
import static com.android.internal.content.NativeLibraryHelper.LIB64_DIR_NAME;
@@ -105,8 +106,9 @@
import android.content.pm.ActivityInfo;
import android.content.pm.ApplicationInfo;
import android.content.pm.AppsQueryHelper;
-import android.content.pm.EphemeralResolveInfo;
import android.content.pm.EphemeralApplicationInfo;
+import android.content.pm.EphemeralResolveInfo;
+import android.content.pm.EphemeralResolveInfo.EphemeralResolveIntentInfo;
import android.content.pm.FeatureInfo;
import android.content.pm.IOnPermissionsChangeListener;
import android.content.pm.IPackageDataObserver;
@@ -145,15 +147,14 @@
import android.content.pm.VerificationParams;
import android.content.pm.VerifierDeviceIdentity;
import android.content.pm.VerifierInfo;
-import android.content.pm.EphemeralResolveInfo.EphemeralResolveIntentInfo;
import android.content.res.Resources;
import android.graphics.Bitmap;
import android.hardware.display.DisplayManager;
import android.net.Uri;
-import android.os.Debug;
import android.os.Binder;
import android.os.Build;
import android.os.Bundle;
+import android.os.Debug;
import android.os.Environment;
import android.os.Environment.UserEnvironment;
import android.os.FileUtils;
@@ -204,15 +205,9 @@
import android.util.Xml;
import android.view.Display;
-import com.android.internal.annotations.GuardedBy;
-import dalvik.system.DexFile;
-import dalvik.system.VMRuntime;
-
-import libcore.io.IoUtils;
-import libcore.util.EmptyArray;
-
import com.android.internal.R;
import com.android.internal.annotations.GuardedBy;
+import com.android.internal.annotations.GuardedBy;
import com.android.internal.app.IMediaContainerService;
import com.android.internal.app.ResolverActivity;
import com.android.internal.content.NativeLibraryHelper;
@@ -237,6 +232,12 @@
import com.android.server.pm.Settings.VersionInfo;
import com.android.server.storage.DeviceStorageMonitorInternal;
+import dalvik.system.DexFile;
+import dalvik.system.VMRuntime;
+
+import libcore.io.IoUtils;
+import libcore.util.EmptyArray;
+
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;
import org.xmlpull.v1.XmlSerializer;
@@ -307,6 +308,7 @@
private static final boolean DEBUG_DEXOPT = false;
private static final boolean DEBUG_ABI_SELECTION = false;
private static final boolean DEBUG_EPHEMERAL = false;
+ private static final boolean DEBUG_ENCRYPTION_AWARE = false;
static final boolean CLEAR_RUNTIME_PERMISSIONS_ON_UPGRADE = false;
@@ -3183,9 +3185,35 @@
* Augment the given flags depending on current user running state. This is
* purposefully done before acquiring {@link #mPackages} lock.
*/
- private int augmentFlagsForUser(int flags, int userId) {
- if (!isUserKeyUnlocked(userId)) {
- flags |= PackageManager.MATCH_ENCRYPTION_AWARE_ONLY;
+ private int augmentFlagsForUser(int flags, int userId, Object cookie) {
+ if (cookie instanceof Intent) {
+ // If intent claims to be triaged, then we're fine with default
+ // matching behavior below
+ final Intent intent = (Intent) cookie;
+ if ((intent.getFlags() & Intent.FLAG_DEBUG_ENCRYPTION_TRIAGED) != 0) {
+ flags |= PackageManager.MATCH_ENCRYPTION_DEFAULT;
+ }
+ }
+
+ if ((flags & (PackageManager.MATCH_ENCRYPTION_UNAWARE_ONLY
+ | PackageManager.MATCH_ENCRYPTION_AWARE_ONLY)) != 0) {
+ // Caller expressed an opinion about what components they want to
+ // see, so fall through and give them what they want
+ } else {
+ // Caller expressed no opinion, so match based on user state
+ if (isUserKeyUnlocked(userId)) {
+ flags |= PackageManager.MATCH_ENCRYPTION_AWARE_AND_UNAWARE;
+ } else {
+ flags |= PackageManager.MATCH_ENCRYPTION_AWARE_ONLY;
+
+ // If we have a system caller that hasn't done their homework to
+ // decide they want this default behavior, yell at them
+ if (DEBUG_ENCRYPTION_AWARE && (Binder.getCallingUid() == Process.SYSTEM_UID)
+ && ((flags & PackageManager.MATCH_ENCRYPTION_DEFAULT) == 0)) {
+ Log.v(TAG, "Caller hasn't been triaged for FBE; they asked about " + cookie,
+ new Throwable());
+ }
+ }
}
return flags;
}
@@ -3193,7 +3221,7 @@
@Override
public ActivityInfo getActivityInfo(ComponentName component, int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, component);
enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get activity info");
synchronized (mPackages) {
PackageParser.Activity a = mActivities.mActivities.get(component);
@@ -3238,7 +3266,7 @@
@Override
public ActivityInfo getReceiverInfo(ComponentName component, int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, component);
enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get receiver info");
synchronized (mPackages) {
PackageParser.Activity a = mReceivers.mActivities.get(component);
@@ -3257,7 +3285,7 @@
@Override
public ServiceInfo getServiceInfo(ComponentName component, int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, component);
enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get service info");
synchronized (mPackages) {
PackageParser.Service s = mServices.mServices.get(component);
@@ -3276,7 +3304,7 @@
@Override
public ProviderInfo getProviderInfo(ComponentName component, int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, component);
enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "get provider info");
synchronized (mPackages) {
PackageParser.Provider p = mProviders.mProviders.get(component);
@@ -4401,7 +4429,7 @@
public ResolveInfo resolveIntent(Intent intent, String resolvedType,
int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, intent);
enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "resolve intent");
List<ResolveInfo> query = queryIntentActivities(intent, resolvedType, flags, userId);
final ResolveInfo bestChoice =
@@ -4659,7 +4687,7 @@
List<ResolveInfo> query, int priority, boolean always,
boolean removeMatches, boolean debug, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, intent);
// writer
synchronized (mPackages) {
if (intent.getSelector() != null) {
@@ -4858,7 +4886,7 @@
public List<ResolveInfo> queryIntentActivities(Intent intent,
String resolvedType, int flags, int userId) {
if (!sUserManager.exists(userId)) return Collections.emptyList();
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, intent);
enforceCrossUserPermission(Binder.getCallingUid(), userId, false, false, "query intent activities");
ComponentName comp = intent.getComponent();
if (comp == null) {
@@ -5342,7 +5370,7 @@
Intent[] specifics, String[] specificTypes, Intent intent,
String resolvedType, int flags, int userId) {
if (!sUserManager.exists(userId)) return Collections.emptyList();
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, intent);
enforceCrossUserPermission(Binder.getCallingUid(), userId, false,
false, "query intent activity options");
final String resultsAction = intent.getAction();
@@ -5515,7 +5543,7 @@
public List<ResolveInfo> queryIntentReceivers(Intent intent, String resolvedType, int flags,
int userId) {
if (!sUserManager.exists(userId)) return Collections.emptyList();
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, intent);
ComponentName comp = intent.getComponent();
if (comp == null) {
if (intent.getSelector() != null) {
@@ -5552,7 +5580,7 @@
@Override
public ResolveInfo resolveService(Intent intent, String resolvedType, int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, intent);
List<ResolveInfo> query = queryIntentServices(intent, resolvedType, flags, userId);
if (query != null) {
if (query.size() >= 1) {
@@ -5568,7 +5596,7 @@
public List<ResolveInfo> queryIntentServices(Intent intent, String resolvedType, int flags,
int userId) {
if (!sUserManager.exists(userId)) return Collections.emptyList();
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, intent);
ComponentName comp = intent.getComponent();
if (comp == null) {
if (intent.getSelector() != null) {
@@ -5606,7 +5634,7 @@
public List<ResolveInfo> queryIntentContentProviders(
Intent intent, String resolvedType, int flags, int userId) {
if (!sUserManager.exists(userId)) return Collections.emptyList();
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, intent);
ComponentName comp = intent.getComponent();
if (comp == null) {
if (intent.getSelector() != null) {
@@ -5723,7 +5751,7 @@
public ParceledListSlice<PackageInfo> getPackagesHoldingPermissions(
String[] permissions, int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, null);
final boolean listUninstalled = (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0;
// writer
@@ -5751,7 +5779,7 @@
@Override
public ParceledListSlice<ApplicationInfo> getInstalledApplications(int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, null);
final boolean listUninstalled = (flags & PackageManager.GET_UNINSTALLED_PACKAGES) != 0;
// writer
@@ -5894,7 +5922,7 @@
@Override
public ProviderInfo resolveContentProvider(String name, int flags, int userId) {
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, name);
// reader
synchronized (mPackages) {
final PackageParser.Provider provider = mProvidersByAuthority.get(name);
@@ -5946,7 +5974,7 @@
final int userId = processName != null ? UserHandle.getUserId(uid)
: UserHandle.getCallingUserId();
if (!sUserManager.exists(userId)) return null;
- flags = augmentFlagsForUser(flags, userId);
+ flags = augmentFlagsForUser(flags, userId, processName);
ArrayList<ProviderInfo> finalList = null;
// reader
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index da1e546..5612aba 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -3837,13 +3837,11 @@
}
private boolean isVisibleLPr(ComponentInfo componentInfo, int flags) {
- if ((flags & PackageManager.GET_ENCRYPTION_UNAWARE_COMPONENTS) != 0) {
- return true;
- }
- if ((flags & PackageManager.MATCH_ENCRYPTION_AWARE_ONLY) != 0) {
- return componentInfo.encryptionAware;
- }
- return true;
+ final boolean matchUnaware = ((flags & PackageManager.MATCH_ENCRYPTION_UNAWARE_ONLY) != 0)
+ && !componentInfo.encryptionAware;
+ final boolean matchAware = ((flags & PackageManager.MATCH_ENCRYPTION_AWARE_ONLY) != 0)
+ && componentInfo.encryptionAware;
+ return matchUnaware || matchAware;
}
String getInstallerPackageNameLPr(String packageName) {
diff --git a/services/core/java/com/android/server/policy/ShortcutManager.java b/services/core/java/com/android/server/policy/ShortcutManager.java
index 76f56bc..9908624 100644
--- a/services/core/java/com/android/server/policy/ShortcutManager.java
+++ b/services/core/java/com/android/server/policy/ShortcutManager.java
@@ -128,13 +128,15 @@
ActivityInfo info = null;
ComponentName componentName = new ComponentName(packageName, className);
try {
- info = packageManager.getActivityInfo(componentName, 0);
+ info = packageManager.getActivityInfo(componentName,
+ PackageManager.MATCH_ENCRYPTION_AWARE_AND_UNAWARE);
} catch (PackageManager.NameNotFoundException e) {
String[] packages = packageManager.canonicalToCurrentPackageNames(
new String[] { packageName });
componentName = new ComponentName(packages[0], className);
try {
- info = packageManager.getActivityInfo(componentName, 0);
+ info = packageManager.getActivityInfo(componentName,
+ PackageManager.MATCH_ENCRYPTION_AWARE_AND_UNAWARE);
} catch (PackageManager.NameNotFoundException e1) {
Log.w(TAG, "Unable to add bookmark: " + packageName
+ "/" + className, e);
diff --git a/services/java/com/android/server/SystemServer.java b/services/java/com/android/server/SystemServer.java
index 3db8376..0bbd23e 100644
--- a/services/java/com/android/server/SystemServer.java
+++ b/services/java/com/android/server/SystemServer.java
@@ -1322,6 +1322,7 @@
Intent intent = new Intent();
intent.setComponent(new ComponentName("com.android.systemui",
"com.android.systemui.SystemUIService"));
+ intent.addFlags(Intent.FLAG_DEBUG_ENCRYPTION_TRIAGED);
//Slog.d(TAG, "Starting service: " + intent);
context.startServiceAsUser(intent, UserHandle.SYSTEM);
}
diff --git a/telecomm/java/android/telecom/DefaultDialerManager.java b/telecomm/java/android/telecom/DefaultDialerManager.java
index 5852b8e..27ee804 100644
--- a/telecomm/java/android/telecom/DefaultDialerManager.java
+++ b/telecomm/java/android/telecom/DefaultDialerManager.java
@@ -155,7 +155,8 @@
// Get the list of apps registered for the DIAL intent with empty scheme
Intent intent = new Intent(Intent.ACTION_DIAL);
- List<ResolveInfo> resolveInfoList = packageManager.queryIntentActivities(intent, 0);
+ List<ResolveInfo> resolveInfoList = packageManager.queryIntentActivities(intent,
+ PackageManager.MATCH_ENCRYPTION_DEFAULT);
List<String> packageNames = new ArrayList<>();
@@ -207,8 +208,8 @@
}
final List<String> result = new ArrayList<>();
- final List<ResolveInfo> resolveInfoList =
- context.getPackageManager().queryIntentActivities(intent, 0);
+ final List<ResolveInfo> resolveInfoList = context.getPackageManager()
+ .queryIntentActivities(intent, PackageManager.MATCH_ENCRYPTION_DEFAULT);
final int length = resolveInfoList.size();
for (int i = 0; i < length; i++) {
final ActivityInfo info = resolveInfoList.get(i).activityInfo;