diff options
| author | 2024-03-21 01:23:27 +0000 | |
|---|---|---|
| committer | 2024-03-21 01:23:27 +0000 | |
| commit | 261ad46b06c5fa6c51456a7105f61c2660831ca2 (patch) | |
| tree | f574fe44a402d8911ce9780f15011350feb8cbef | |
| parent | ca9930025adc972ae40edaaa8b76f3f66e53eea1 (diff) | |
| parent | b831831ccffa7b09129a6ac70cb3d4a0e453c2d6 (diff) | |
Merge "Protect sensitive content in multi/split window use case" into main
| -rw-r--r-- | services/core/java/com/android/server/SensitiveContentProtectionManagerService.java | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/SensitiveContentProtectionManagerService.java b/services/core/java/com/android/server/SensitiveContentProtectionManagerService.java index cc4094092572..589d8b373802 100644 --- a/services/core/java/com/android/server/SensitiveContentProtectionManagerService.java +++ b/services/core/java/com/android/server/SensitiveContentProtectionManagerService.java @@ -69,6 +69,8 @@ public final class SensitiveContentProtectionManagerService extends SystemServic final Object mSensitiveContentProtectionLock = new Object(); + private final ArraySet<PackageInfo> mPackagesShowingSensitiveContent = new ArraySet<>(); + @GuardedBy("mSensitiveContentProtectionLock") private boolean mProjectionActive = false; @@ -205,6 +207,10 @@ public final class SensitiveContentProtectionManagerService extends SystemServic if (sensitiveNotificationAppProtection()) { updateAppsThatShouldBlockScreenCapture(); } + + if (sensitiveContentAppProtection() && mPackagesShowingSensitiveContent.size() > 0) { + mWindowManager.addBlockScreenCaptureForApps(mPackagesShowingSensitiveContent); + } } } @@ -354,17 +360,27 @@ public final class SensitiveContentProtectionManagerService extends SystemServic void setSensitiveContentProtection(IBinder windowToken, String packageName, int uid, boolean isShowingSensitiveContent) { synchronized (mSensitiveContentProtectionLock) { + // The window token distinguish this package from packages added for notifications. + PackageInfo packageInfo = new PackageInfo(packageName, uid, windowToken); + // track these packages to protect when screen share starts. + if (isShowingSensitiveContent) { + mPackagesShowingSensitiveContent.add(packageInfo); + if (mPackagesShowingSensitiveContent.size() > 100) { + Log.w(TAG, "Unexpectedly large number of sensitive windows, count: " + + mPackagesShowingSensitiveContent.size()); + } + } else { + mPackagesShowingSensitiveContent.remove(packageInfo); + } if (!mProjectionActive) { return; } if (DEBUG) { - Log.d(TAG, "setSensitiveContentProtection - windowToken=" + windowToken - + ", package=" + packageName + ", uid=" + uid - + ", isShowingSensitiveContent=" + isShowingSensitiveContent); + Log.d(TAG, "setSensitiveContentProtection - current package=" + packageInfo + + ", isShowingSensitiveContent=" + isShowingSensitiveContent + + ", sensitive packages=" + mPackagesShowingSensitiveContent); } - // The window token distinguish this package from packages added for notifications. - PackageInfo packageInfo = new PackageInfo(packageName, uid, windowToken); ArraySet<PackageInfo> packageInfos = new ArraySet<>(); packageInfos.add(packageInfo); if (isShowingSensitiveContent) { @@ -392,6 +408,12 @@ public final class SensitiveContentProtectionManagerService extends SystemServic verifyCallingPackage(callingUid, packageName); final long identity = Binder.clearCallingIdentity(); try { + if (isShowingSensitiveContent + && mWindowManager.getWindowName(windowToken) == null) { + Log.e(TAG, "window token is not know to WMS, can't apply protection," + + " token: " + windowToken + ", package: " + packageName); + return; + } SensitiveContentProtectionManagerService.this.setSensitiveContentProtection( windowToken, packageName, callingUid, isShowingSensitiveContent); } finally { |