From 8558ec7dbe7733a36b621b24309e7a9dd9deec8c Mon Sep 17 00:00:00 2001
From: Bryce Lee <brycelee@google.com>
Date: Thu, 17 Aug 2017 15:37:26 -0700
Subject: Don't resume activity if user is locked and encryption is unsupported

Previously we were not checking if to see if this condition was met
when determining the top running activity. As a result we could get
in a loop where we force stop the process since the app doesn't
support encryption yet try to start it again due to the
ActivityRecord being on top.

This changelist addresses the issue by checking this condition when
determining whether it is okay to show.

Change-Id: I868f97ce8b3ea4220019b8570407e33f27ea88bc
Fixes: 64259425
Test: go/wm-smoke
---
 core/java/android/content/pm/ApplicationInfo.java                 | 5 +++++
 services/core/java/com/android/server/am/ActivityRecord.java      | 8 ++++++++
 .../core/java/com/android/server/pm/PackageManagerService.java    | 3 +--
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index 72075a515e02..2aa3d09dd479 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -1508,6 +1508,11 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable {
         return (privateFlags & ApplicationInfo.PRIVATE_FLAG_PARTIALLY_DIRECT_BOOT_AWARE) != 0;
     }
 
+    /** @hide */
+    public boolean isEncryptionAware() {
+        return isDirectBootAware() || isPartiallyDirectBootAware();
+    }
+
     /**
      * @hide
      */
diff --git a/services/core/java/com/android/server/am/ActivityRecord.java b/services/core/java/com/android/server/am/ActivityRecord.java
index 6b1f7585dde6..06f1a50375ac 100644
--- a/services/core/java/com/android/server/am/ActivityRecord.java
+++ b/services/core/java/com/android/server/am/ActivityRecord.java
@@ -146,6 +146,7 @@ import android.os.RemoteException;
 import android.os.SystemClock;
 import android.os.Trace;
 import android.os.UserHandle;
+import android.os.storage.StorageManager;
 import android.service.voice.IVoiceInteractionSession;
 import android.util.EventLog;
 import android.util.Log;
@@ -2013,6 +2014,13 @@ final class ActivityRecord extends ConfigurationContainer implements AppWindowCo
 
     /** Checks whether the activity should be shown for current user. */
     public boolean okToShowLocked() {
+        // We cannot show activities when the device is locked and the application is not
+        // encryption aware.
+        if (!StorageManager.isUserKeyUnlocked(userId)
+                && !info.applicationInfo.isEncryptionAware()) {
+            return false;
+        }
+
         return (info.flags & FLAG_SHOW_FOR_ALL_USERS) != 0
                 || (mStackSupervisor.isCurrentProfileLocked(userId)
                 && service.mUserController.isUserRunningLocked(userId, 0 /* flags */));
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 43e0affb590a..4ff4885db42e 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3884,8 +3884,7 @@ public class PackageManagerService extends IPackageManager.Stub
                 throw new SecurityException("Package " + packageName + " is currently frozen!");
             }
 
-            if (!userKeyUnlocked && !(ps.pkg.applicationInfo.isDirectBootAware()
-                    || ps.pkg.applicationInfo.isPartiallyDirectBootAware())) {
+            if (!userKeyUnlocked && !ps.pkg.applicationInfo.isEncryptionAware()) {
                 throw new SecurityException("Package " + packageName + " is not encryption aware!");
             }
         }
-- 
cgit v1.2.3-59-g8ed1b