Exempt device owner uid from FGS BG restriction.

Bug: 136219221
Test: atest cts/tests/app/src/android/app/cts/ActivityManagerFgsBgStartTest.java
Change-Id: Ic7c592d711e89fcea0ebd7ccc5e33512a0bf03dc

6 files changed, 42 insertions, 4 deletions

diff --git a/core/java/android/app/ActivityManagerInternal.java b/core/java/android/app/ActivityManagerInternal.java
index f926075714a8..9f51edbb1ded 100644
--- a/core/java/android/app/ActivityManagerInternal.java
+++ b/core/java/android/app/ActivityManagerInternal.java
@@ -394,4 +394,13 @@ public abstract class ActivityManagerInternal {
      */
     // TODO: remove this toast after feature development is done
     public abstract void showWhileInUseDebugToast(int uid, int op, int mode);
+
+
+    /** Is this a device owner app? */
+    public abstract boolean isDeviceOwner(int uid);
+
+    /**
+     * Called by DevicePolicyManagerService to set the uid of the device owner.
+     */
+    public abstract void setDeviceOwnerUid(int uid);
 }
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java
index d77bee35a89b..b3b14484f2ef 100644
--- a/services/core/java/com/android/server/am/ActiveServices.java
+++ b/services/core/java/com/android/server/am/ActiveServices.java
@@ -4898,6 +4898,12 @@ public final class ActiveServices {
             return true;
         }
 
+        // Is the calling UID a device owner app?
+        final boolean isDeviceOwner = mAm.mInternal.isDeviceOwner(callingUid);
+        if (isDeviceOwner) {
+            return true;
+        }
+
         r.mInfoDenyWhileInUsePermissionInFgs =
                 "Background FGS start while-in-use permission restriction [callingPackage: "
                 + callingPackage
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 8b2976d0e878..318dd5a2bb3d 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -638,6 +638,8 @@ public class ActivityManagerService extends IActivityManager.Stub
      */
     String mDeviceOwnerName;
 
+    private int mDeviceOwnerUid = Process.INVALID_UID;
+
     final UserController mUserController;
     @VisibleForTesting
     public final PendingIntentController mPendingIntentController;
@@ -19500,6 +19502,20 @@ public class ActivityManagerService extends IActivityManager.Stub
                         uid, op, mode);
             }
         }
+
+        @Override
+        public void setDeviceOwnerUid(int uid) {
+            synchronized (ActivityManagerService.this) {
+                mDeviceOwnerUid = uid;
+            }
+        }
+
+        @Override
+        public boolean isDeviceOwner(int uid) {
+            synchronized (ActivityManagerService.this) {
+                return uid >= 0 && mDeviceOwnerUid == uid;
+            }
+        }
     }
 
     long inputDispatchingTimedOut(int pid, final boolean aboveSystem, String reason) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index e304bca4553c..7819a0a6f335 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2079,7 +2079,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
         Owners newOwners() {
             return new Owners(getUserManager(), getUserManagerInternal(),
-                    getPackageManagerInternal(), getActivityTaskManagerInternal());
+                    getPackageManagerInternal(), getActivityTaskManagerInternal(),
+                    getActivityManagerInternal());
         }
 
         UserManager getUserManager() {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
index f70fe909b459..3cdd482ffa37 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
@@ -17,6 +17,7 @@
 package com.android.server.devicepolicy;
 
 import android.annotation.Nullable;
+import android.app.ActivityManagerInternal;
 import android.app.AppOpsManagerInternal;
 import android.app.admin.SystemUpdateInfo;
 import android.app.admin.SystemUpdatePolicy;
@@ -112,6 +113,7 @@ class Owners {
     private final UserManagerInternal mUserManagerInternal;
     private final PackageManagerInternal mPackageManagerInternal;
     private final ActivityTaskManagerInternal mActivityTaskManagerInternal;
+    private final ActivityManagerInternal mActivityManagerInternal;
 
     private boolean mSystemReady;
 
@@ -138,9 +140,10 @@ class Owners {
     public Owners(UserManager userManager,
             UserManagerInternal userManagerInternal,
             PackageManagerInternal packageManagerInternal,
-            ActivityTaskManagerInternal activityTaskManagerInternal) {
+            ActivityTaskManagerInternal activityTaskManagerInternal,
+            ActivityManagerInternal activitykManagerInternal) {
         this(userManager, userManagerInternal, packageManagerInternal,
-                activityTaskManagerInternal, new Injector());
+                activityTaskManagerInternal, activitykManagerInternal, new Injector());
     }
 
     @VisibleForTesting
@@ -148,11 +151,13 @@ class Owners {
             UserManagerInternal userManagerInternal,
             PackageManagerInternal packageManagerInternal,
             ActivityTaskManagerInternal activityTaskManagerInternal,
+            ActivityManagerInternal activityManagerInternal,
             Injector injector) {
         mUserManager = userManager;
         mUserManagerInternal = userManagerInternal;
         mPackageManagerInternal = packageManagerInternal;
         mActivityTaskManagerInternal = activityTaskManagerInternal;
+        mActivityManagerInternal = activityManagerInternal;
         mInjector = injector;
     }
 
@@ -220,6 +225,7 @@ class Owners {
                 PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId)
                 : Process.INVALID_UID;
         mActivityTaskManagerInternal.setDeviceOwnerUid(uid);
+        mActivityManagerInternal.setDeviceOwnerUid(uid);
     }
 
     String getDeviceOwnerPackageName() {
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
index c1bcf1fb75a6..3e5c21c67bb3 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
@@ -68,7 +68,7 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi
         public OwnersTestable(MockSystemServices services) {
             super(services.userManager, services.userManagerInternal,
                     services.packageManagerInternal, services.activityTaskManagerInternal,
-                    new MockInjector(services));
+                    services.activityManagerInternal, new MockInjector(services));
         }
 
         static class MockInjector extends Injector {