Merge "BOOT_COMPLETED broadcasts are temp allowlisted to start FGS."

author: Hui Yu <huiyu@google.com> 2021-01-20 17:16:00 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2021-01-20 17:16:00 +0000
commit: 6f5d17de8e4caaa072d311d3b67681df034561a6 (patch)
tree: eee3507fbd35ccb894bd3889aa1a3e0ec85d980d
parent: d6f7ca2dbe7f497966a793a412a6aea362bd08e4 (diff)
parent: 40f1d903799ffe5a977ce3218f923dbefe89ccc4 (diff)
6 files changed, 72 insertions, 5 deletions
diff --git a/core/java/android/app/ActivityManagerInternal.java b/core/java/android/app/ActivityManagerInternal.java
index 986051cccd51..9b5a1dda3e63 100644
--- a/core/java/android/app/ActivityManagerInternal.java
+++ b/core/java/android/app/ActivityManagerInternal.java
@@ -532,4 +532,9 @@ public abstract class ActivityManagerInternal {
      */
     @Nullable
     public abstract Intent getIntentForIntentSender(IIntentSender sender);
+
+    /**
+     * @return mBootTimeTempAllowlistDuration of ActivityManagerConstants.
+     */
+    public abstract long getBootTimeTempAllowListDuration();
 }
diff --git a/services/core/java/com/android/server/am/ActivityManagerConstants.java b/services/core/java/com/android/server/am/ActivityManagerConstants.java
index 94643f10dd63..ba8f1906b0e1 100644
--- a/services/core/java/com/android/server/am/ActivityManagerConstants.java
+++ b/services/core/java/com/android/server/am/ActivityManagerConstants.java
@@ -94,6 +94,7 @@ final class ActivityManagerConstants extends ContentObserver {
     static final String KEY_PROCESS_CRASH_COUNT_RESET_INTERVAL =
             "process_crash_count_reset_interval";
     static final String KEY_PROCESS_CRASH_COUNT_LIMIT = "process_crash_count_limit";
+    static final String KEY_BOOT_TIME_TEMP_ALLOWLIST_DURATION = "boot_time_temp_allowlist_duration";
 
     private static final int DEFAULT_MAX_CACHED_PROCESSES = 32;
     private static final long DEFAULT_BACKGROUND_SETTLE_TIME = 60*1000;
@@ -131,6 +132,7 @@ final class ActivityManagerConstants extends ContentObserver {
     private static final int DEFAULT_MAX_PHANTOM_PROCESSES = 32;
     private static final int DEFAULT_PROCESS_CRASH_COUNT_RESET_INTERVAL = 12 * 60 * 60 * 1000;
     private static final int DEFAULT_PROCESS_CRASH_COUNT_LIMIT = 12;
+    private static final int DEFAULT_BOOT_TIME_TEMP_ALLOWLIST_DURATION = 10 * 1000;
 
 
     // Flag stored in the DeviceConfig API.
@@ -379,6 +381,13 @@ final class ActivityManagerConstants extends ContentObserver {
     // the foreground state.
     volatile long mFgsNotificationDeferralInterval = 10_000;
 
+    /*
+     * At boot time, broadcast receiver ACTION_BOOT_COMPLETED, ACTION_LOCKED_BOOT_COMPLETED and
+     * ACTION_PRE_BOOT_COMPLETED are temp allowlisted to start FGS for a duration of time in
+     * milliseconds.
+     */
+    volatile long mBootTimeTempAllowlistDuration = DEFAULT_BOOT_TIME_TEMP_ALLOWLIST_DURATION;
+
     private final ActivityManagerService mService;
     private ContentResolver mResolver;
     private final KeyValueListParser mParser = new KeyValueListParser(',');
@@ -563,6 +572,9 @@ final class ActivityManagerConstants extends ContentObserver {
                             case KEY_MAX_PHANTOM_PROCESSES:
                                 updateMaxPhantomProcesses();
                                 break;
+                            case KEY_BOOT_TIME_TEMP_ALLOWLIST_DURATION:
+                                updateBootTimeTempAllowListDuration();
+                                break;
                             default:
                                 break;
                         }
@@ -832,6 +844,13 @@ final class ActivityManagerConstants extends ContentObserver {
                 DEFAULT_FORCE_BACKGROUND_CHECK_ON_RESTRICTED_APPS);
     }
 
+    private void updateBootTimeTempAllowListDuration() {
+        mBootTimeTempAllowlistDuration = DeviceConfig.getLong(
+                DeviceConfig.NAMESPACE_ACTIVITY_MANAGER,
+                KEY_BOOT_TIME_TEMP_ALLOWLIST_DURATION,
+                DEFAULT_BOOT_TIME_TEMP_ALLOWLIST_DURATION);
+    }
+
     private void updateImperceptibleKillExemptions() {
         IMPERCEPTIBLE_KILL_EXEMPT_PACKAGES.clear();
         IMPERCEPTIBLE_KILL_EXEMPT_PACKAGES.addAll(mDefaultImperceptibleKillExemptPackages);
@@ -1030,6 +1049,8 @@ final class ActivityManagerConstants extends ContentObserver {
         pw.println(BINDER_HEAVY_HITTER_AUTO_SAMPLER_THRESHOLD);
         pw.print("  "); pw.print(KEY_MAX_PHANTOM_PROCESSES); pw.print("=");
         pw.println(MAX_PHANTOM_PROCESSES);
+        pw.print("  "); pw.print(KEY_BOOT_TIME_TEMP_ALLOWLIST_DURATION); pw.print("=");
+        pw.println(mBootTimeTempAllowlistDuration);
 
         pw.println();
         if (mOverrideMaxCachedProcesses >= 0) {
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index b07c892ff226..aada21dfcc1e 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -16802,6 +16802,13 @@ public class ActivityManagerService extends IActivityManager.Stub
         public Intent getIntentForIntentSender(IIntentSender sender) {
             return ActivityManagerService.this.getIntentForIntentSender(sender);
         }
+
+        @Override
+        public long getBootTimeTempAllowListDuration() {
+            // Do not lock ActivityManagerService.this here, this API is called by
+            // PackageManagerService.
+            return mConstants.mBootTimeTempAllowlistDuration;
+        }
     }
 
     long inputDispatchingTimedOut(int pid, final boolean aboveSystem, String reason) {
diff --git a/services/core/java/com/android/server/am/PreBootBroadcaster.java b/services/core/java/com/android/server/am/PreBootBroadcaster.java
index be63dd41735b..f20b3a18dc6d 100644
--- a/services/core/java/com/android/server/am/PreBootBroadcaster.java
+++ b/services/core/java/com/android/server/am/PreBootBroadcaster.java
@@ -18,7 +18,9 @@ package com.android.server.am;
 
 import static android.content.pm.PackageManager.MATCH_SYSTEM_ONLY;
 
+import android.app.ActivityManagerInternal;
 import android.app.AppOpsManager;
+import android.app.BroadcastOptions;
 import android.app.Notification;
 import android.app.NotificationManager;
 import android.app.PendingIntent;
@@ -39,6 +41,7 @@ import com.android.internal.R;
 import com.android.internal.messages.nano.SystemMessageProto.SystemMessage;
 import com.android.internal.notification.SystemNotificationChannels;
 import com.android.internal.util.ProgressReporter;
+import com.android.server.LocalServices;
 import com.android.server.UiThread;
 
 import java.util.List;
@@ -107,9 +110,16 @@ public abstract class PreBootBroadcaster extends IIntentReceiver.Stub {
         EventLogTags.writeAmPreBoot(mUserId, componentName.getPackageName());
 
         mIntent.setComponent(componentName);
+        final long duration = LocalServices.getService(ActivityManagerInternal.class)
+                .getBootTimeTempAllowListDuration();
+        final BroadcastOptions bOptions = BroadcastOptions.makeBasic();
+        bOptions.setTemporaryAppWhitelistDuration(
+                BroadcastOptions.TEMPORARY_WHITELIST_TYPE_FOREGROUND_SERVICE_ALLOWED,
+                duration);
         synchronized (mService) {
             mService.broadcastIntentLocked(null, null, null, mIntent, null, this, 0, null, null,
-                    null, AppOpsManager.OP_NONE, null, true, false, ActivityManagerService.MY_PID,
+                    null, AppOpsManager.OP_NONE, bOptions.toBundle(), true,
+                    false, ActivityManagerService.MY_PID,
                     Process.SYSTEM_UID, Binder.getCallingUid(), Binder.getCallingPid(), mUserId);
         }
     }
diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index d73de7c309f0..6d90eaafcf77 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -45,8 +45,10 @@ import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.UserIdInt;
 import android.app.ActivityManager;
+import android.app.ActivityManagerInternal;
 import android.app.AppGlobals;
 import android.app.AppOpsManager;
+import android.app.BroadcastOptions;
 import android.app.Dialog;
 import android.app.IStopUserCallback;
 import android.app.IUserSwitchObserver;
@@ -518,7 +520,9 @@ class UserController implements Handler.Callback {
                         | Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND);
                 mInjector.broadcastIntent(intent, null, resultTo, 0, null, null,
                         new String[]{android.Manifest.permission.RECEIVE_BOOT_COMPLETED},
-                        AppOpsManager.OP_NONE, null, true, false, MY_PID, SYSTEM_UID,
+                        AppOpsManager.OP_NONE,
+                        getTemporaryAppWhitelistBroadcastOptions().toBundle(), true,
+                        false, MY_PID, SYSTEM_UID,
                         Binder.getCallingUid(), Binder.getCallingPid(), userId);
             }
         }
@@ -764,7 +768,9 @@ class UserController implements Handler.Callback {
                         }
                     }, 0, null, null,
                     new String[]{android.Manifest.permission.RECEIVE_BOOT_COMPLETED},
-                    AppOpsManager.OP_NONE, null, true, false, MY_PID, SYSTEM_UID,
+                    AppOpsManager.OP_NONE,
+                    getTemporaryAppWhitelistBroadcastOptions().toBundle(), true,
+                    false, MY_PID, SYSTEM_UID,
                     callingUid, callingPid, userId);
         });
     }
@@ -2804,6 +2810,16 @@ class UserController implements Handler.Callback {
         }
     }
 
+    private BroadcastOptions getTemporaryAppWhitelistBroadcastOptions() {
+        final long duration = LocalServices.getService(ActivityManagerInternal.class)
+                .getBootTimeTempAllowListDuration();
+        final BroadcastOptions bOptions = BroadcastOptions.makeBasic();
+        bOptions.setTemporaryAppWhitelistDuration(
+                BroadcastOptions.TEMPORARY_WHITELIST_TYPE_FOREGROUND_SERVICE_ALLOWED,
+                duration);
+        return bOptions;
+    }
+
     /**
      * Helper class to store user journey and session id.
      *
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index c93127db7ca8..7952c255fd57 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -15071,6 +15071,12 @@ public class PackageManagerService extends IPackageManager.Stub
         }
         final IActivityManager am = ActivityManager.getService();
         try {
+            final long duration = LocalServices.getService(ActivityManagerInternal.class)
+                    .getBootTimeTempAllowListDuration();
+            final BroadcastOptions bOptions = BroadcastOptions.makeBasic();
+            bOptions.setTemporaryAppWhitelistDuration(
+                        BroadcastOptions.TEMPORARY_WHITELIST_TYPE_FOREGROUND_SERVICE_ALLOWED,
+                        duration);
             // Deliver LOCKED_BOOT_COMPLETED first
             Intent lockedBcIntent = new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED)
                     .setPackage(packageName);
@@ -15079,7 +15085,8 @@ public class PackageManagerService extends IPackageManager.Stub
             }
             final String[] requiredPermissions = {Manifest.permission.RECEIVE_BOOT_COMPLETED};
             am.broadcastIntentWithFeature(null, null, lockedBcIntent, null, null, 0, null, null,
-                    requiredPermissions, android.app.AppOpsManager.OP_NONE, null, false, false,
+                    requiredPermissions, android.app.AppOpsManager.OP_NONE, bOptions.toBundle(),
+                    false, false,
                     userId);
 
             // Deliver BOOT_COMPLETED only if user is unlocked
@@ -15089,7 +15096,8 @@ public class PackageManagerService extends IPackageManager.Stub
                     bcIntent.addFlags(Intent.FLAG_INCLUDE_STOPPED_PACKAGES);
                 }
                 am.broadcastIntentWithFeature(null, null, bcIntent, null, null, 0, null, null,
-                        requiredPermissions, android.app.AppOpsManager.OP_NONE, null, false, false,
+                        requiredPermissions, android.app.AppOpsManager.OP_NONE, bOptions.toBundle(),
+                        false, false,
                         userId);
             }
         } catch (RemoteException e) {
author	Hui Yu <huiyu@google.com>	2021-01-20 17:16:00 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2021-01-20 17:16:00 +0000
commit	6f5d17de8e4caaa072d311d3b67681df034561a6 (patch)
tree	eee3507fbd35ccb894bd3889aa1a3e0ec85d980d
parent	d6f7ca2dbe7f497966a793a412a6aea362bd08e4 (diff)
parent	40f1d903799ffe5a977ce3218f923dbefe89ccc4 (diff)