Revert "Add ActivityOption to remove keyguard when an activity i..."

Revert submission 17982448-ActivityOption_DismissKeyguard Reason for revert: Exploitable, b/286371465 Bug: 286371465 Reverted changes: /q/submissionid:17982448-ActivityOption_DismissKeyguard Change-Id: I3f76d12ef199e3bffbc47b750367742e8a137977
author: Robin Lee <rgl@google.com> 2023-06-08 12:47:23 +0000
committer: Robin Lee <rgl@google.com> 2023-11-01 15:42:27 +0000
commit: 4ce5b80f3276cac1abf197ee51d89e3fa7287ee6 (patch)
tree: abb8ef6ce4cce0af0bf914022c9fe7065d051b44
parent: d5873fc5ebe267d765d64b7f5a8d980540de0742 (diff)
8 files changed, 31 insertions, 29 deletions
diff --git a/core/java/android/app/ActivityOptions.java b/core/java/android/app/ActivityOptions.java
index f2c00517ad16..26f1c4b146a5 100644
--- a/core/java/android/app/ActivityOptions.java
+++ b/core/java/android/app/ActivityOptions.java
@@ -16,7 +16,6 @@
 
 package android.app;
 
-import static android.Manifest.permission.CONTROL_KEYGUARD;
 import static android.Manifest.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS;
 import static android.Manifest.permission.START_TASKS_FROM_RECENTS;
 import static android.app.WindowConfiguration.ACTIVITY_TYPE_UNDEFINED;
@@ -413,8 +412,9 @@ public class ActivityOptions extends ComponentOptions {
     private static final String KEY_LAUNCH_INTO_PIP_PARAMS =
             "android.activity.launchIntoPipParams";
 
-    /** See {@link #setDismissKeyguard()}. */
-    private static final String KEY_DISMISS_KEYGUARD = "android.activity.dismissKeyguard";
+    /** See {@link #setDismissKeyguardIfInsecure()}. */
+    private static final String KEY_DISMISS_KEYGUARD_IF_INSECURE =
+            "android.activity.dismissKeyguardIfInsecure";
 
     private static final String KEY_PENDING_INTENT_CREATOR_BACKGROUND_ACTIVITY_START_MODE =
             "android.activity.pendingIntentCreatorBackgroundActivityStartMode";
@@ -519,7 +519,7 @@ public class ActivityOptions extends ComponentOptions {
     private boolean mLaunchedFromBubble;
     private boolean mTransientLaunch;
     private PictureInPictureParams mLaunchIntoPipParams;
-    private boolean mDismissKeyguard;
+    private boolean mDismissKeyguardIfInsecure;
     @BackgroundActivityStartMode
     private int mPendingIntentCreatorBackgroundActivityStartMode =
             MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED;
@@ -1333,7 +1333,7 @@ public class ActivityOptions extends ComponentOptions {
         mLaunchIntoPipParams = opts.getParcelable(KEY_LAUNCH_INTO_PIP_PARAMS, android.app.PictureInPictureParams.class);
         mIsEligibleForLegacyPermissionPrompt =
                 opts.getBoolean(KEY_LEGACY_PERMISSION_PROMPT_ELIGIBLE);
-        mDismissKeyguard = opts.getBoolean(KEY_DISMISS_KEYGUARD);
+        mDismissKeyguardIfInsecure = opts.getBoolean(KEY_DISMISS_KEYGUARD_IF_INSECURE);
         mPendingIntentCreatorBackgroundActivityStartMode = opts.getInt(
                 KEY_PENDING_INTENT_CREATOR_BACKGROUND_ACTIVITY_START_MODE,
                 MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED);
@@ -2036,24 +2036,24 @@ public class ActivityOptions extends ComponentOptions {
     }
 
     /**
-     * Sets whether the keyguard should go away when this activity launches.
+     * Sets whether the insecure keyguard should go away when this activity launches. In case the
+     * keyguard is secure, this option will be ignored.
      *
      * @see Activity#setShowWhenLocked(boolean)
      * @see android.R.attr#showWhenLocked
      * @hide
      */
-    @RequiresPermission(CONTROL_KEYGUARD)
-    public void setDismissKeyguard() {
-        mDismissKeyguard = true;
+    public void setDismissKeyguardIfInsecure() {
+        mDismissKeyguardIfInsecure = true;
     }
 
     /**
-     * @see #setDismissKeyguard()
+     * @see #setDismissKeyguardIfInsecure()
      * @return whether the insecure keyguard should go away when the activity launches.
      * @hide
      */
-    public boolean getDismissKeyguard() {
-        return mDismissKeyguard;
+    public boolean getDismissKeyguardIfInsecure() {
+        return mDismissKeyguardIfInsecure;
     }
 
     /**
@@ -2367,8 +2367,8 @@ public class ActivityOptions extends ComponentOptions {
             b.putBoolean(KEY_LEGACY_PERMISSION_PROMPT_ELIGIBLE,
                     mIsEligibleForLegacyPermissionPrompt);
         }
-        if (mDismissKeyguard) {
-            b.putBoolean(KEY_DISMISS_KEYGUARD, mDismissKeyguard);
+        if (mDismissKeyguardIfInsecure) {
+            b.putBoolean(KEY_DISMISS_KEYGUARD_IF_INSECURE, mDismissKeyguardIfInsecure);
         }
         if (mPendingIntentCreatorBackgroundActivityStartMode
                 != MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED) {
diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/phone/ActivityStarterImpl.kt b/packages/SystemUI/src/com/android/systemui/statusbar/phone/ActivityStarterImpl.kt
index 2d125462b16e..e1fba2eda1c4 100644
--- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/ActivityStarterImpl.kt
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/ActivityStarterImpl.kt
@@ -494,7 +494,7 @@ constructor(
                     // this runnable is called right after the keyguard is solved, so we tell
                     // WM that we should dismiss it to avoid flickers when opening an activity
                     // that can also be shown over the keyguard.
-                    options.setDismissKeyguard()
+                    options.setDismissKeyguardIfInsecure()
                     options.setDisallowEnterPictureInPictureWhileLaunching(
                         disallowEnterPictureInPictureWhileLaunching
                     )
diff --git a/services/core/java/com/android/server/am/ActivityManagerShellCommand.java b/services/core/java/com/android/server/am/ActivityManagerShellCommand.java
index 69bf612f3e54..4b27e9904199 100644
--- a/services/core/java/com/android/server/am/ActivityManagerShellCommand.java
+++ b/services/core/java/com/android/server/am/ActivityManagerShellCommand.java
@@ -205,7 +205,7 @@ final class ActivityManagerShellCommand extends ShellCommand {
     private boolean mAsync;
     private BroadcastOptions mBroadcastOptions;
     private boolean mShowSplashScreen;
-    private boolean mDismissKeyguard;
+    private boolean mDismissKeyguardIfInsecure;
 
     final boolean mDumping;
 
@@ -552,8 +552,8 @@ final class ActivityManagerShellCommand extends ShellCommand {
                     mAsync = true;
                 } else if (opt.equals("--splashscreen-show-icon")) {
                     mShowSplashScreen = true;
-                } else if (opt.equals("--dismiss-keyguard")) {
-                    mDismissKeyguard = true;
+                } else if (opt.equals("--dismiss-keyguard-if-insecure")) {
+                    mDismissKeyguardIfInsecure = true;
                 } else {
                     return false;
                 }
@@ -714,11 +714,11 @@ final class ActivityManagerShellCommand extends ShellCommand {
                 }
                 options.setSplashScreenStyle(SplashScreen.SPLASH_SCREEN_STYLE_ICON);
             }
-            if (mDismissKeyguard) {
+            if (mDismissKeyguardIfInsecure) {
                 if (options == null) {
                     options = ActivityOptions.makeBasic();
                 }
-                options.setDismissKeyguard();
+                options.setDismissKeyguardIfInsecure();
             }
             if (mWaitOption) {
                 result = mInternal.startActivityAndWait(null, SHELL_PACKAGE_NAME, null, intent,
diff --git a/services/core/java/com/android/server/wm/ActivityRecord.java b/services/core/java/com/android/server/wm/ActivityRecord.java
index bdab4d483872..754c97fea01d 100644
--- a/services/core/java/com/android/server/wm/ActivityRecord.java
+++ b/services/core/java/com/android/server/wm/ActivityRecord.java
@@ -913,7 +913,7 @@ final class ActivityRecord extends WindowToken implements WindowManagerService.A
 
     boolean mEnteringAnimation;
     boolean mOverrideTaskTransition;
-    boolean mDismissKeyguard;
+    boolean mDismissKeyguardIfInsecure;
     boolean mShareIdentity;
 
     /** True if the activity has reported stopped; False if the activity becomes visible. */
@@ -2098,7 +2098,7 @@ final class ActivityRecord extends WindowToken implements WindowManagerService.A
             }
 
             mOverrideTaskTransition = options.getOverrideTaskTransition();
-            mDismissKeyguard = options.getDismissKeyguard();
+            mDismissKeyguardIfInsecure = options.getDismissKeyguardIfInsecure();
             mShareIdentity = options.isShareIdentityEnabled();
         }
 
diff --git a/services/core/java/com/android/server/wm/KeyguardController.java b/services/core/java/com/android/server/wm/KeyguardController.java
index fa2c94a1ecf2..ccaa3b07aaaa 100644
--- a/services/core/java/com/android/server/wm/KeyguardController.java
+++ b/services/core/java/com/android/server/wm/KeyguardController.java
@@ -665,12 +665,14 @@ class KeyguardController {
                     mTopTurnScreenOnActivity = top;
                 }
 
-                if (top.mDismissKeyguard && mKeyguardShowing) {
+                final boolean isKeyguardSecure = controller.mWindowManager.isKeyguardSecure(
+                        controller.mService.getCurrentUserId());
+                if (top.mDismissKeyguardIfInsecure && mKeyguardShowing && !isKeyguardSecure) {
                     mKeyguardGoingAway = true;
                 } else if (top.canShowWhenLocked()) {
                     mTopOccludesActivity = top;
                 }
-                top.mDismissKeyguard = false;
+                top.mDismissKeyguardIfInsecure = false;
 
                 // Only the top activity may control occluded, as we can't occlude the Keyguard
                 // if the top app doesn't want to occlude it.
diff --git a/services/core/java/com/android/server/wm/SafeActivityOptions.java b/services/core/java/com/android/server/wm/SafeActivityOptions.java
index 6418148ba104..4ced5d524798 100644
--- a/services/core/java/com/android/server/wm/SafeActivityOptions.java
+++ b/services/core/java/com/android/server/wm/SafeActivityOptions.java
@@ -343,14 +343,14 @@ public class SafeActivityOptions {
         }
 
         // Check if the caller is allowed to dismiss keyguard.
-        final boolean dismissKeyguard = options.getDismissKeyguard();
-        if (aInfo != null && dismissKeyguard) {
+        final boolean dismissKeyguardIfInsecure = options.getDismissKeyguardIfInsecure();
+        if (aInfo != null && dismissKeyguardIfInsecure) {
             final int controlKeyguardPerm = ActivityTaskManagerService.checkPermission(
                     CONTROL_KEYGUARD, callingPid, callingUid);
             if (controlKeyguardPerm != PERMISSION_GRANTED) {
                 final String msg = "Permission Denial: starting " + getIntentString(intent)
                         + " from " + callerApp + " (pid=" + callingPid
-                        + ", uid=" + callingUid + ") with dismissKeyguard=true";
+                        + ", uid=" + callingUid + ") with dismissKeyguardIfInsecure=true";
                 Slog.w(TAG, msg);
                 throw new SecurityException(msg);
             }
diff --git a/services/tests/wmtests/src/com/android/server/wm/ActivityOptionsTest.java b/services/tests/wmtests/src/com/android/server/wm/ActivityOptionsTest.java
index 93adddb2ac6d..6e5baee3dc67 100644
--- a/services/tests/wmtests/src/com/android/server/wm/ActivityOptionsTest.java
+++ b/services/tests/wmtests/src/com/android/server/wm/ActivityOptionsTest.java
@@ -275,7 +275,7 @@ public class ActivityOptionsTest {
                 case "android.activity.launchTypeBubble": // KEY_LAUNCHED_FROM_BUBBLE
                 case "android.activity.splashScreenStyle": // KEY_SPLASH_SCREEN_STYLE
                 case "android.activity.launchIntoPipParams": // KEY_LAUNCH_INTO_PIP_PARAMS
-                case "android.activity.dismissKeyguard": // KEY_DISMISS_KEYGUARD
+                case "android.activity.dismissKeyguardIfInsecure": // KEY_DISMISS_KEYGUARD_IF_INSECURE
                 case "android.activity.pendingIntentCreatorBackgroundActivityStartMode":
                     // KEY_PENDING_INTENT_CREATOR_BACKGROUND_ACTIVITY_START_MODE
                 case "android.activity.launchCookie": // KEY_LAUNCH_COOKIE
diff --git a/services/tests/wmtests/src/com/android/server/wm/SafeActivityOptionsTest.java b/services/tests/wmtests/src/com/android/server/wm/SafeActivityOptionsTest.java
index 9f43a1785266..55a7089f3344 100644
--- a/services/tests/wmtests/src/com/android/server/wm/SafeActivityOptionsTest.java
+++ b/services/tests/wmtests/src/com/android/server/wm/SafeActivityOptionsTest.java
@@ -145,7 +145,7 @@ public class SafeActivityOptionsTest {
             verifySecureExceptionThrown(activityOptions, taskSupervisor);
 
             activityOptions = ActivityOptions.makeBasic();
-            activityOptions.setDismissKeyguard();
+            activityOptions.setDismissKeyguardIfInsecure();
             verifySecureExceptionThrown(activityOptions, taskSupervisor);
 
             activityOptions = ActivityOptions.makeBasic();
author	Robin Lee <rgl@google.com>	2023-06-08 12:47:23 +0000
committer	Robin Lee <rgl@google.com>	2023-11-01 15:42:27 +0000
commit	4ce5b80f3276cac1abf197ee51d89e3fa7287ee6 (patch)
tree	abb8ef6ce4cce0af0bf914022c9fe7065d051b44
parent	d5873fc5ebe267d765d64b7f5a8d980540de0742 (diff)