Merge "Show warning toast for secure window" into tm-qpr-dev am: 073eeabf9f am: 2909de687d

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/19561238 Change-Id: I1c7d02f60cefba06bbb09c4dce2f74b0a2716672 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Iris Yang <irisykyang@google.com> 2022-08-22 02:18:49 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-08-22 02:18:49 +0000
commit: e45832b8b398e34a27e3637f3242e92f3b4dc448 (patch)
tree: 862e887212399216f08bf24cb36e39dcbf259a3a
parent: 782f5aeb2bd98b2ea5ebddd49d89bca17c107912 (diff)
parent: 2909de687d7b13dbf309dc55132d95665ebd8f03 (diff)
6 files changed, 47 insertions, 5 deletions
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index d3d049382fd0..b7da6ae31ce3 100644
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -6321,6 +6321,8 @@ ul.</string>
     <string name="vdm_camera_access_denied" product="default">Can’t access the phone’s camera from your <xliff:g id="device" example="Chromebook">%1$s</xliff:g></string>
     <!-- Error message indicating the camera cannot be accessed when running on a virtual device. [CHAR LIMIT=NONE] -->
     <string name="vdm_camera_access_denied" product="tablet">Can’t access the tablet’s camera from your <xliff:g id="device" example="Chromebook">%1$s</xliff:g></string>
+    <!-- Error message indicating the user cannot access secure content when running on a virtual device. [CHAR LIMIT=NONE] -->
+    <string name="vdm_secure_window">This can’t be accessed while streaming. Try on your phone instead.</string>
 
     <!-- Title for preference of the system default locale. [CHAR LIMIT=50]-->
     <string name="system_locale_title">System default</string>
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index 01c8e968194b..0654fff661bd 100644
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -4803,6 +4803,7 @@
 
   <!-- For VirtualDeviceManager -->
   <java-symbol type="string" name="vdm_camera_access_denied" />
+  <java-symbol type="string" name="vdm_secure_window" />
 
   <java-symbol type="color" name="camera_privacy_light_day"/>
   <java-symbol type="color" name="camera_privacy_light_night"/>
diff --git a/services/companion/java/com/android/server/companion/virtual/GenericWindowPolicyController.java b/services/companion/java/com/android/server/companion/virtual/GenericWindowPolicyController.java
index 43e2b881927c..593a63c2f0c9 100644
--- a/services/companion/java/com/android/server/companion/virtual/GenericWindowPolicyController.java
+++ b/services/companion/java/com/android/server/companion/virtual/GenericWindowPolicyController.java
@@ -77,6 +77,14 @@ public class GenericWindowPolicyController extends DisplayWindowPolicyController
             new ComponentName("android", BlockedAppStreamingActivity.class.getName());
 
     /**
+     * For communicating when a secure window shows on the virtual display.
+     */
+    public interface SecureWindowCallback {
+        /** Called when a secure window shows on the virtual display. */
+        void onSecureWindowShown(int displayId, int uid);
+    }
+
+    /**
      * If required, allow the secure activity to display on remote device since
      * {@link android.os.Build.VERSION_CODES#TIRAMISU}.
      */
@@ -108,6 +116,7 @@ public class GenericWindowPolicyController extends DisplayWindowPolicyController
             new ArraySet<>();
     @Nullable
     private final @AssociationRequest.DeviceProfile String mDeviceProfile;
+    @Nullable private final SecureWindowCallback mSecureWindowCallback;
 
     /**
      * Creates a window policy controller that is generic to the different use cases of virtual
@@ -131,6 +140,8 @@ public class GenericWindowPolicyController extends DisplayWindowPolicyController
      * @param activityListener Activity listener to listen for activity changes.
      * @param activityBlockedCallback Callback that is called when an activity is blocked from
      *   launching.
+     * @param secureWindowCallback Callback that is called when a secure window shows on the
+     *   virtual display.
      * @param deviceProfile The {@link AssociationRequest.DeviceProfile} of this virtual device.
      */
     public GenericWindowPolicyController(int windowFlags, int systemWindowFlags,
@@ -142,6 +153,7 @@ public class GenericWindowPolicyController extends DisplayWindowPolicyController
             @ActivityPolicy int defaultActivityPolicy,
             @NonNull ActivityListener activityListener,
             @NonNull ActivityBlockedCallback activityBlockedCallback,
+            @NonNull SecureWindowCallback secureWindowCallback,
             @AssociationRequest.DeviceProfile String deviceProfile) {
         super();
         mAllowedUsers = allowedUsers;
@@ -154,6 +166,7 @@ public class GenericWindowPolicyController extends DisplayWindowPolicyController
         setInterestedWindowFlags(windowFlags, systemWindowFlags);
         mActivityListener = activityListener;
         mDeviceProfile = deviceProfile;
+        mSecureWindowCallback = secureWindowCallback;
     }
 
     /**
@@ -234,6 +247,12 @@ public class GenericWindowPolicyController extends DisplayWindowPolicyController
     @Override
     public boolean keepActivityOnWindowFlagsChanged(ActivityInfo activityInfo, int windowFlags,
             int systemWindowFlags) {
+        // The callback is fired only when windowFlags are changed. To let VirtualDevice owner
+        // aware that the virtual display has a secure window on top.
+        if ((windowFlags & FLAG_SECURE) != 0) {
+            mSecureWindowCallback.onSecureWindowShown(mDisplayId, activityInfo.applicationInfo.uid);
+        }
+
         if (!canContainActivity(activityInfo, windowFlags, systemWindowFlags)) {
             mActivityBlockedCallback.onActivityBlocked(mDisplayId, activityInfo);
             return false;
diff --git a/services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java b/services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java
index 5f337ab9bae3..cca3212703f0 100644
--- a/services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java
+++ b/services/companion/java/com/android/server/companion/virtual/VirtualDeviceImpl.java
@@ -52,6 +52,7 @@ import android.hardware.input.VirtualMouseScrollEvent;
 import android.hardware.input.VirtualTouchEvent;
 import android.os.Binder;
 import android.os.IBinder;
+import android.os.Looper;
 import android.os.PowerManager;
 import android.os.RemoteException;
 import android.os.ResultReceiver;
@@ -542,6 +543,7 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub
                             mParams.getDefaultActivityPolicy(),
                             createListenerAdapter(),
                             this::onActivityBlocked,
+                            this::onSecureWindowShown,
                             mAssociationInfo.getDeviceProfile());
             gwpc.registerRunningAppsChangedListener(/* listener= */ this);
             return gwpc;
@@ -591,6 +593,21 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub
                 mContext.getUser());
     }
 
+    private void onSecureWindowShown(int displayId, int uid) {
+        if (!mVirtualDisplayIds.contains(displayId)) {
+            return;
+        }
+
+        // If a virtual display isn't secure, the screen can't be captured. Show a warning toast
+        // if the secure window is shown on a non-secure virtual display.
+        DisplayManager displayManager = mContext.getSystemService(DisplayManager.class);
+        Display display = displayManager.getDisplay(displayId);
+        if ((display.getFlags() & FLAG_SECURE) == 0) {
+            showToastWhereUidIsRunning(uid, com.android.internal.R.string.vdm_secure_window,
+                    Toast.LENGTH_LONG, mContext.getMainLooper());
+        }
+    }
+
     private ArraySet<UserHandle> getAllowedUserHandles() {
         ArraySet<UserHandle> result = new ArraySet<>();
         DevicePolicyManager dpm = mContext.getSystemService(DevicePolicyManager.class);
@@ -650,14 +667,16 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub
     /**
      * Shows a toast on virtual displays owned by this device which have a given uid running.
      */
-    void showToastWhereUidIsRunning(int uid, @StringRes int resId, @Toast.Duration int duration) {
-        showToastWhereUidIsRunning(uid, mContext.getString(resId), duration);
+    void showToastWhereUidIsRunning(int uid, @StringRes int resId, @Toast.Duration int duration,
+            Looper looper) {
+        showToastWhereUidIsRunning(uid, mContext.getString(resId), duration, looper);
     }
 
     /**
      * Shows a toast on virtual displays owned by this device which have a given uid running.
      */
-    void showToastWhereUidIsRunning(int uid, String text, @Toast.Duration int duration) {
+    void showToastWhereUidIsRunning(int uid, String text, @Toast.Duration int duration,
+            Looper looper) {
         synchronized (mVirtualDeviceLock) {
             DisplayManager displayManager = mContext.getSystemService(DisplayManager.class);
             final int size = mWindowPolicyControllers.size();
@@ -666,7 +685,7 @@ final class VirtualDeviceImpl extends IVirtualDevice.Stub
                     int displayId = mWindowPolicyControllers.keyAt(i);
                     Display display = displayManager.getDisplay(displayId);
                     if (display != null && display.isValid()) {
-                        Toast.makeText(mContext.createDisplayContext(display), text,
+                        Toast.makeText(mContext.createDisplayContext(display), looper, text,
                                 duration).show();
                     }
                 }
diff --git a/services/companion/java/com/android/server/companion/virtual/VirtualDeviceManagerService.java b/services/companion/java/com/android/server/companion/virtual/VirtualDeviceManagerService.java
index b25518875cf0..cdddc1dea82b 100644
--- a/services/companion/java/com/android/server/companion/virtual/VirtualDeviceManagerService.java
+++ b/services/companion/java/com/android/server/companion/virtual/VirtualDeviceManagerService.java
@@ -203,7 +203,7 @@ public class VirtualDeviceManagerService extends SystemService {
                         getContext().getString(
                             com.android.internal.R.string.vdm_camera_access_denied,
                             deviceName),
-                        Toast.LENGTH_LONG);
+                        Toast.LENGTH_LONG, Looper.myLooper());
             }
         }
     }
diff --git a/services/tests/servicestests/src/com/android/server/companion/virtual/audio/VirtualAudioControllerTest.java b/services/tests/servicestests/src/com/android/server/companion/virtual/audio/VirtualAudioControllerTest.java
index e2c3a94fc187..4c939f077940 100644
--- a/services/tests/servicestests/src/com/android/server/companion/virtual/audio/VirtualAudioControllerTest.java
+++ b/services/tests/servicestests/src/com/android/server/companion/virtual/audio/VirtualAudioControllerTest.java
@@ -83,6 +83,7 @@ public class VirtualAudioControllerTest {
                 VirtualDeviceParams.ACTIVITY_POLICY_DEFAULT_ALLOWED,
                 /* activityListener= */ null,
                 /* activityBlockedCallback= */ null,
+                /* secureWindowCallback= */ null,
                 /* deviceProfile= */ DEVICE_PROFILE_APP_STREAMING);
     }
author	Iris Yang <irisykyang@google.com>	2022-08-22 02:18:49 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-08-22 02:18:49 +0000
commit	e45832b8b398e34a27e3637f3242e92f3b4dc448 (patch)
tree	862e887212399216f08bf24cb36e39dcbf259a3a
parent	782f5aeb2bd98b2ea5ebddd49d89bca17c107912 (diff)
parent	2909de687d7b13dbf309dc55132d95665ebd8f03 (diff)