Merge "Update the new SYSTEM_ALERT_WINDOW check for FGS." into main

1 files changed, 19 insertions, 28 deletions

diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java
index 95b4659abdee..0a2aaeba57b4 100644
--- a/services/core/java/com/android/server/am/ActiveServices.java
+++ b/services/core/java/com/android/server/am/ActiveServices.java
@@ -8157,7 +8157,7 @@ public final class ActiveServices {
                 BackgroundStartPrivileges.NONE);
         @ReasonCode int allowStartFgs = shouldAllowFgsStartForegroundNoBindingCheckLocked(
                 allowWhileInUse, callingPid, callingUid, callingPackage, null /* targetService */,
-                BackgroundStartPrivileges.NONE, null);
+                BackgroundStartPrivileges.NONE);
 
         if (allowStartFgs == REASON_DENIED) {
             if (canBindingClientStartFgsLocked(callingUid) != null) {
@@ -8413,8 +8413,7 @@ public final class ActiveServices {
                                                 allowWhileInUse2,
                                                 clientPid, clientUid, clientPackageName,
                                                 null /* targetService */,
-                                                BackgroundStartPrivileges.NONE,
-                                                pr);
+                                                BackgroundStartPrivileges.NONE);
                                 if (allowStartFgs != REASON_DENIED) {
                                     return new Pair<>(allowStartFgs, clientPackageName);
                                 } else {
@@ -8451,7 +8450,7 @@ public final class ActiveServices {
         ActivityManagerService.FgsTempAllowListItem tempAllowListReason =
                 r.mInfoTempFgsAllowListReason = mAm.isAllowlistedForFgsStartLOSP(callingUid);
         int ret = shouldAllowFgsStartForegroundNoBindingCheckLocked(allowWhileInUse, callingPid,
-                callingUid, callingPackage, r, backgroundStartPrivileges, null);
+                callingUid, callingPackage, r, backgroundStartPrivileges);
 
         // If an app (App 1) is bound by another app (App 2) that could start an FGS, then App 1
         // is also allowed to start an FGS. We check all the binding
@@ -8507,8 +8506,7 @@ public final class ActiveServices {
     private @ReasonCode int shouldAllowFgsStartForegroundNoBindingCheckLocked(
             @ReasonCode int allowWhileInUse, int callingPid, int callingUid, String callingPackage,
             @Nullable ServiceRecord targetService,
-            BackgroundStartPrivileges backgroundStartPrivileges,
-            @Nullable ProcessRecord targetRecord) {
+            BackgroundStartPrivileges backgroundStartPrivileges) {
         int ret = allowWhileInUse;
 
         if (ret == REASON_DENIED) {
@@ -8565,31 +8563,24 @@ public final class ActiveServices {
             }
         }
 
-        // The flag being enabled isn't enough to deny background start: we need to also check
-        // if there is a system alert UI present.
         if (ret == REASON_DENIED) {
-            // Flag check: are we disabling SAW FGS background starts?
-            final boolean shouldDisableSaw = Flags.fgsDisableSaw()
-                    && CompatChanges.isChangeEnabled(FGS_SAW_RESTRICTIONS, callingUid);
-            if (shouldDisableSaw) {
-                if (targetRecord == null) {
-                    synchronized (mAm.mPidsSelfLocked) {
-                        targetRecord = mAm.mPidsSelfLocked.get(callingPid);
-                    }
-                }
-                if (targetRecord != null) {
-                    if (targetRecord.mState.hasOverlayUi()) {
-                        if (mAm.mAtmInternal.hasSystemAlertWindowPermission(callingUid, callingPid,
-                                callingPackage)) {
-                            ret = REASON_SYSTEM_ALERT_WINDOW_PERMISSION;
+            if (mAm.mAtmInternal.hasSystemAlertWindowPermission(
+                                    callingUid, callingPid, callingPackage)) {
+                // Starting from Android V, it is not enough to only have the SYSTEM_ALERT_WINDOW
+                // permission granted - apps must also be showing an overlay window.
+                if (Flags.fgsDisableSaw()
+                        && CompatChanges.isChangeEnabled(FGS_SAW_RESTRICTIONS, callingUid)) {
+                    final UidRecord uidRecord = mAm.mProcessList.getUidRecordLOSP(callingUid);
+                    if (uidRecord != null) {
+                        for (int i = uidRecord.getNumOfProcs() - 1; i >= 0; i--) {
+                            final ProcessRecord pr = uidRecord.getProcessRecordByIndex(i);
+                            if (pr != null && pr.mState.hasOverlayUi()) {
+                                ret = REASON_SYSTEM_ALERT_WINDOW_PERMISSION;
+                                break;
+                            }
                         }
                     }
-                } else {
-                    Slog.e(TAG, "Could not find process record for SAW check");
-                }
-            } else {
-                if (mAm.mAtmInternal.hasSystemAlertWindowPermission(callingUid, callingPid,
-                        callingPackage)) {
+                } else { // pre-V logic
                     ret = REASON_SYSTEM_ALERT_WINDOW_PERMISSION;
                 }
             }