From b2557230fcfdd3defd9e69650c9935d872032e1d Mon Sep 17 00:00:00 2001 From: Richard MacGregor Date: Tue, 16 Apr 2024 14:11:12 -0700 Subject: Add SensitiveNotificationAppProtectionApplied logs Bug: 331946904 Test: statsd_testdrive 832 Test: atest SensitiveContentProtectionManagerServiceNotificationTest Flag: android.permission.flags.sensitive_content_metrics_bugfix Change-Id: I1ae6f91f5de558b207beaa7fe2eb2b105e2f8024 --- .../SensitiveContentProtectionManagerService.java | 9 +++++- .../android/server/wm/WindowManagerInternal.java | 7 +++++ .../android/server/wm/WindowManagerService.java | 25 +++++++++++++++ ...ntProtectionManagerServiceNotificationTest.java | 36 ++++++++++++++++++---- 4 files changed, 70 insertions(+), 7 deletions(-) diff --git a/services/core/java/com/android/server/SensitiveContentProtectionManagerService.java b/services/core/java/com/android/server/SensitiveContentProtectionManagerService.java index 6c7546eca50b..64bca33569cc 100644 --- a/services/core/java/com/android/server/SensitiveContentProtectionManagerService.java +++ b/services/core/java/com/android/server/SensitiveContentProtectionManagerService.java @@ -17,6 +17,7 @@ package com.android.server; import static android.permission.flags.Flags.sensitiveContentImprovements; +import static android.permission.flags.Flags.sensitiveContentMetricsBugfix; import static android.permission.flags.Flags.sensitiveNotificationAppProtection; import static android.provider.Settings.Global.DISABLE_SCREEN_SHARE_PROTECTIONS_FOR_APPS_AND_NOTIFICATIONS; import static android.view.flags.Flags.sensitiveContentAppProtection; @@ -93,7 +94,7 @@ public final class SensitiveContentProtectionManagerService extends SystemServic private boolean mProjectionActive = false; private static class MediaProjectionSession { - private final int mUid; + private final int mUid; // UID of app that started projection session private final long mSessionId; private final boolean mIsExempted; private final ArraySet mAllSeenNotificationKeys = new ArraySet<>(); @@ -320,6 +321,12 @@ public final class SensitiveContentProtectionManagerService extends SystemServic } mProjectionActive = true; + + if (sensitiveContentMetricsBugfix()) { + mWindowManager.setBlockScreenCaptureForAppsSessionId( + mMediaProjectionSession.mSessionId); + } + if (sensitiveNotificationAppProtection()) { updateAppsThatShouldBlockScreenCapture(); } diff --git a/services/core/java/com/android/server/wm/WindowManagerInternal.java b/services/core/java/com/android/server/wm/WindowManagerInternal.java index 7e2ffd486c7e..7e767752a5e9 100644 --- a/services/core/java/com/android/server/wm/WindowManagerInternal.java +++ b/services/core/java/com/android/server/wm/WindowManagerInternal.java @@ -1042,6 +1042,13 @@ public abstract class WindowManagerInternal { public abstract void setOrientationRequestPolicy(boolean respected, int[] fromOrientations, int[] toOrientations); + /** + * Set current screen capture session id that will be used during sensitive content protections. + * + * @param sessionId Session id for this screen capture protection + */ + public abstract void setBlockScreenCaptureForAppsSessionId(long sessionId); + /** * Set whether screen capture should be disabled for all windows of a specific app windows based * on sensitive content protections. diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index 1496ae02427f..10ff0ebf42f7 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -44,6 +44,7 @@ import static android.os.Process.myPid; import static android.os.Process.myUid; import static android.os.Trace.TRACE_TAG_WINDOW_MANAGER; import static android.permission.flags.Flags.sensitiveContentImprovements; +import static android.permission.flags.Flags.sensitiveContentMetricsBugfix; import static android.provider.Settings.Global.DEVELOPMENT_ENABLE_FREEFORM_WINDOWS_SUPPORT; import static android.provider.Settings.Global.DEVELOPMENT_ENABLE_NON_RESIZABLE_MULTI_WINDOW; import static android.provider.Settings.Global.DEVELOPMENT_FORCE_DESKTOP_MODE_ON_EXTERNAL_DISPLAYS; @@ -113,6 +114,7 @@ import static com.android.internal.protolog.ProtoLogGroup.WM_DEBUG_STARTING_WIND import static com.android.internal.protolog.ProtoLogGroup.WM_DEBUG_WINDOW_MOVEMENT; import static com.android.internal.protolog.ProtoLogGroup.WM_ERROR; import static com.android.internal.protolog.ProtoLogGroup.WM_SHOW_TRANSACTIONS; +import static com.android.internal.util.FrameworkStatsLog.SENSITIVE_NOTIFICATION_APP_PROTECTION_APPLIED; import static com.android.internal.util.LatencyTracker.ACTION_ROTATE_SCREEN; import static com.android.server.LockGuard.INDEX_WINDOW; import static com.android.server.LockGuard.installLock; @@ -339,6 +341,7 @@ import com.android.internal.protolog.ProtoLogGroup; import com.android.internal.protolog.common.ProtoLog; import com.android.internal.util.DumpUtils; import com.android.internal.util.FastPrintWriter; +import com.android.internal.util.FrameworkStatsLog; import com.android.internal.util.LatencyTracker; import com.android.internal.view.WindowManagerPolicyThread; import com.android.server.AnimationThread; @@ -1107,6 +1110,9 @@ public class WindowManagerService extends IWindowManager.Stub SystemPerformanceHinter mSystemPerformanceHinter; + @GuardedBy("mGlobalLock") + private long mSensitiveContentProtectionSessionId = 0; + @GuardedBy("mGlobalLock") final SensitiveContentPackages mSensitiveContentPackages = new SensitiveContentPackages(); /** @@ -8735,6 +8741,16 @@ public class WindowManagerService extends IWindowManager.Stub return inputTarget == null ? null : inputTarget.getWindowToken(); } + @Override + public void setBlockScreenCaptureForAppsSessionId(long sessionId) { + synchronized (mGlobalLock) { + if (sensitiveContentMetricsBugfix() + && mSensitiveContentProtectionSessionId != sessionId) { + mSensitiveContentProtectionSessionId = sessionId; + } + } + } + @Override public void addBlockScreenCaptureForApps(ArraySet packageInfos) { synchronized (mGlobalLock) { @@ -10199,6 +10215,15 @@ public class WindowManagerService extends IWindowManager.Stub Toast.LENGTH_SHORT) .show(); }); + // If blocked due to notification protection (null window token) log protection applied + if (sensitiveContentMetricsBugfix() + && mSensitiveContentPackages + .shouldBlockScreenCaptureForApp(w.getOwningPackage(), uid, null)) { + FrameworkStatsLog.write( + SENSITIVE_NOTIFICATION_APP_PROTECTION_APPLIED, + mSensitiveContentProtectionSessionId, + uid); + } } } } diff --git a/services/tests/mockingservicestests/src/com/android/server/SensitiveContentProtectionManagerServiceNotificationTest.java b/services/tests/mockingservicestests/src/com/android/server/SensitiveContentProtectionManagerServiceNotificationTest.java index 124ae20aebe1..a20d935c50aa 100644 --- a/services/tests/mockingservicestests/src/com/android/server/SensitiveContentProtectionManagerServiceNotificationTest.java +++ b/services/tests/mockingservicestests/src/com/android/server/SensitiveContentProtectionManagerServiceNotificationTest.java @@ -16,15 +16,18 @@ package com.android.server; +import static android.permission.flags.Flags.FLAG_SENSITIVE_CONTENT_METRICS_BUGFIX; import static android.permission.flags.Flags.FLAG_SENSITIVE_NOTIFICATION_APP_PROTECTION; import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyLong; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.doCallRealMethod; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.never; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyZeroInteractions; @@ -34,6 +37,7 @@ import android.content.pm.PackageManagerInternal; import android.media.projection.MediaProjectionInfo; import android.media.projection.MediaProjectionManager; import android.os.Process; +import android.platform.test.annotations.RequiresFlagsDisabled; import android.platform.test.annotations.RequiresFlagsEnabled; import android.platform.test.flag.junit.CheckFlagsRule; import android.platform.test.flag.junit.DeviceFlagsValueProvider; @@ -308,6 +312,26 @@ public class SensitiveContentProtectionManagerServiceNotificationTest { verifyZeroInteractions(mWindowManager); } + @Test + @RequiresFlagsDisabled(FLAG_SENSITIVE_CONTENT_METRICS_BUGFIX) + public void mediaProjectionOnStart_flagDisabled_neverSetBlockScreenCaptureForAppsSessionId() { + setupSensitiveNotification(); + + mMediaProjectionCallbackCaptor.getValue().onStart(createMediaProjectionInfo()); + + verify(mWindowManager, never()).setBlockScreenCaptureForAppsSessionId(anyLong()); + } + + @Test + @RequiresFlagsEnabled(FLAG_SENSITIVE_CONTENT_METRICS_BUGFIX) + public void mediaProjectionOnStart_setBlockScreenCaptureForAppsSessionId() { + setupSensitiveNotification(); + + mMediaProjectionCallbackCaptor.getValue().onStart(createMediaProjectionInfo()); + + verify(mWindowManager).setBlockScreenCaptureForAppsSessionId(anyLong()); + } + @Test public void mediaProjectionOnStart_onProjectionStart_setWmBlockedPackages() { ArraySet expectedBlockedPackages = setupSensitiveNotification(); @@ -323,7 +347,7 @@ public class SensitiveContentProtectionManagerServiceNotificationTest { mMediaProjectionCallbackCaptor.getValue().onStart(createMediaProjectionInfo()); - verifyZeroInteractions(mWindowManager); + verify(mWindowManager, never()).addBlockScreenCaptureForApps(any()); } @Test @@ -332,7 +356,7 @@ public class SensitiveContentProtectionManagerServiceNotificationTest { mMediaProjectionCallbackCaptor.getValue().onStart(createMediaProjectionInfo()); - verifyZeroInteractions(mWindowManager); + verify(mWindowManager, never()).addBlockScreenCaptureForApps(any()); } @Test @@ -400,7 +424,7 @@ public class SensitiveContentProtectionManagerServiceNotificationTest { mMediaProjectionCallbackCaptor.getValue().onStart(createMediaProjectionInfo()); - verifyZeroInteractions(mWindowManager); + verify(mWindowManager, never()).addBlockScreenCaptureForApps(any()); } @Test @@ -411,7 +435,7 @@ public class SensitiveContentProtectionManagerServiceNotificationTest { mMediaProjectionCallbackCaptor.getValue().onStart(createMediaProjectionInfo()); - verifyZeroInteractions(mWindowManager); + verify(mWindowManager, never()).addBlockScreenCaptureForApps(any()); } @Test @@ -422,7 +446,7 @@ public class SensitiveContentProtectionManagerServiceNotificationTest { mMediaProjectionCallbackCaptor.getValue().onStart(createMediaProjectionInfo()); - verifyZeroInteractions(mWindowManager); + verify(mWindowManager, never()).addBlockScreenCaptureForApps(any()); } @Test @@ -435,7 +459,7 @@ public class SensitiveContentProtectionManagerServiceNotificationTest { mMediaProjectionCallbackCaptor.getValue().onStart(createMediaProjectionInfo()); - verifyZeroInteractions(mWindowManager); + verify(mWindowManager, never()).addBlockScreenCaptureForApps(any()); } @Test -- cgit v1.2.3-59-g8ed1b