Exempt AccessibilityTools from restriction, add new strings

AccessibilityTool AccessibilityServices should be exempt from the
in-call fraud restrictions. This CL also adds strings for accessibility
service blocking

Fixes: 391416431
Test: manual
Relnote: 25Q2 release work
Flag: android.permission.flags.enhanced_confirmation_in_call_apis_enabled
LOW_COVERAGE_REASON=b/391416431
Change-Id: I908ff29a5fe3e6ed370a431cebe319e2a6c57e92

3 files changed, 72 insertions, 6 deletions

diff --git a/PermissionController/res/values/strings.xml b/PermissionController/res/values/strings.xml
index 82c7889c6..3ce7c621f 100644
--- a/PermissionController/res/values/strings.xml
+++ b/PermissionController/res/values/strings.xml
@@ -2019,10 +2019,19 @@ Allow <xliff:g id="app_name" example="Gmail">%4$s</xliff:g> to upload a bug repo
     <!--Title for dialog displayed to tell user that settings are blocked due to the phone state (such as being in a call with an unknown number) [CHAR LIMIT=50] -->
     <string name="enhanced_confirmation_phone_state_dialog_title">Action not available while on a phone call</string>
     <!--Content for dialog displayed to tell user that settings are blocked due to the phone state (such as being in a call with an unknown number) [CHAR LIMIT=NONE] -->
-    <string name="enhanced_confirmation_phone_state_dialog_desc">Allowing apps to install other apps is not allowed during a phone call.\n\n
+    <string name="enhanced_confirmation_phone_state_dialog_desc"><xliff:g id="setting_description" example="allowing apps to install other apps">%1$s</xliff:g>\n\n
     Scammers often request this type of action during phone call conversations, so it\u2019s blocked to protect you. If you are being guided to take this action
     by someone you don\u2019t know, it might be a scam.</string>
 
+    <!--Content explaining that the "install other apps" setting is blocked due to the phone state in a dialog displayed to the user [CHAR LIMIT=NONE] -->
+    <string name="enhanced_confirmation_phone_state_dialog_install_desc_prefix">Allowing apps to install other apps is not allowed during a phone call.</string>
+
+    <!--Content explaining that the "enable accessibility service" setting is blocked due to the phone state in a dialog displayed to the user [CHAR LIMIT=NONE] -->
+    <string name="enhanced_confirmation_phone_state_dialog_a11y_desc_prefix">Giving an app access to accessibility is not allowed during a phone call.</string>
+
+    <!--Content explaining that a generic setting is blocked due to the phone state in a dialog displayed to the user [CHAR LIMIT=NONE] -->
+    <string name="enhanced_confirmation_phone_state_dialog_generic_desc_prefix">Enabling this setting is not allowed during a phone call.</string>
+
     <!--Title for dialog displayed to tell user that permissions are blocked by setting restrictions [CHAR LIMIT=50] -->
     <string name="enhanced_confirmation_dialog_title_permission">App was denied access to <xliff:g id="permission_name" example="contacts">%1$s</xliff:g></string>
     <!--Content for dialog displayed to tell user that settings are blocked by setting restrictions [CHAR LIMIT=NONE] -->
diff --git a/PermissionController/src/com/android/permissioncontroller/ecm/EnhancedConfirmationDialogActivity.kt b/PermissionController/src/com/android/permissioncontroller/ecm/EnhancedConfirmationDialogActivity.kt
index 952274d4a..d3c7e3a0b 100644
--- a/PermissionController/src/com/android/permissioncontroller/ecm/EnhancedConfirmationDialogActivity.kt
+++ b/PermissionController/src/com/android/permissioncontroller/ecm/EnhancedConfirmationDialogActivity.kt
@@ -18,6 +18,7 @@ package com.android.permissioncontroller.ecm
 
 import android.annotation.SuppressLint
 import android.app.AlertDialog
+import android.app.AppOpsManager
 import android.app.Dialog
 import android.app.ecm.EnhancedConfirmationManager
 import android.content.Context
@@ -152,7 +153,8 @@ class EnhancedConfirmationDialogActivity : FragmentActivity() {
                 var message: CharSequence?
                 if (settingType == SettingType.BLOCKED_DUE_TO_PHONE_STATE) {
                     title = settingType.titleRes?.let { context.getString(it) }
-                    message = settingType.messageRes?.let { context.getString(it) }
+                    val messagePrefix = getPhoneStateMessagePrefix(context, settingIdentifier)
+                    message = settingType.messageRes?.let { context.getString(it, messagePrefix) }
                 } else {
                     val url =
                         context.getString(R.string.help_url_action_disabled_by_restricted_settings)
@@ -162,6 +164,22 @@ class EnhancedConfirmationDialogActivity : FragmentActivity() {
                 }
                 return Setting(title, message)
             }
+
+            private fun getPhoneStateMessagePrefix(
+                context: Context,
+                settingsIdentifier: String,
+            ): String {
+                return context.getString(
+                    when (settingsIdentifier) {
+                        AppOpsManager.OPSTR_BIND_ACCESSIBILITY_SERVICE ->
+                            R.string.enhanced_confirmation_phone_state_dialog_a11y_desc_prefix
+                        AppOpsManager.OPSTR_REQUEST_INSTALL_PACKAGES ->
+                            R.string.enhanced_confirmation_phone_state_dialog_install_desc_prefix
+                        else ->
+                            R.string.enhanced_confirmation_phone_state_dialog_generic_desc_prefix
+                    }
+                )
+            }
         }
     }
 
diff --git a/service/java/com/android/ecm/EnhancedConfirmationService.java b/service/java/com/android/ecm/EnhancedConfirmationService.java
index 46b5eedbc..fc0ed20d0 100644
--- a/service/java/com/android/ecm/EnhancedConfirmationService.java
+++ b/service/java/com/android/ecm/EnhancedConfirmationService.java
@@ -20,6 +20,7 @@ import static android.app.ecm.EnhancedConfirmationManager.REASON_PACKAGE_RESTRIC
 import static android.app.ecm.EnhancedConfirmationManager.REASON_PHONE_STATE;
 
 import android.Manifest;
+import android.accessibilityservice.AccessibilityServiceInfo;
 import android.annotation.FlaggedApi;
 import android.annotation.IntDef;
 import android.annotation.NonNull;
@@ -54,10 +55,12 @@ import android.telephony.TelephonyManager;
 import android.util.ArrayMap;
 import android.util.ArraySet;
 import android.util.Log;
+import android.view.accessibility.AccessibilityManager;
 
 import androidx.annotation.Keep;
 import androidx.annotation.RequiresApi;
 
+import com.android.internal.annotations.GuardedBy;
 import com.android.internal.util.Preconditions;
 import com.android.permission.util.UserUtils;
 import com.android.server.LocalManagerRegistry;
@@ -110,6 +113,10 @@ public class EnhancedConfirmationService extends SystemService {
     private ContentResolver mContentResolver;
     private TelephonyManager mTelephonyManager;
 
+    @GuardedBy("mUserAccessibilityManagers")
+    private final Map<Integer, AccessibilityManager> mUserAccessibilityManagers =
+            new ArrayMap<>();
+
     @Override
     public void onStart() {
         Context context = getContext();
@@ -314,7 +321,8 @@ public class EnhancedConfirmationService extends SystemService {
                 if (isSettingEcmGuardedForPackage(settingIdentifier, packageName, userId)) {
                     return REASON_PACKAGE_RESTRICTED;
                 }
-                String globalProtectionReason = getGlobalProtectionReason(settingIdentifier);
+                String globalProtectionReason =
+                        getGlobalProtectionReason(settingIdentifier, packageName, userId);
                 if (globalProtectionReason != null) {
                     return globalProtectionReason;
                 }
@@ -538,15 +546,46 @@ public class EnhancedConfirmationService extends SystemService {
             return false;
         }
 
-        private String getGlobalProtectionReason(@NonNull String settingIdentifier) {
+        private String getGlobalProtectionReason(@NonNull String settingIdentifier,
+                @NonNull String packageName, @UserIdInt int userId) {
             if (UNTRUSTED_CALL_RESTRICTED_SETTINGS.contains(settingIdentifier)
                     && isUntrustedCallOngoing()) {
-                return REASON_PHONE_STATE;
+                if (!AppOpsManager.OPSTR_BIND_ACCESSIBILITY_SERVICE.equals(settingIdentifier)) {
+                    return REASON_PHONE_STATE;
+                }
+                if (!isAccessibilityTool(packageName, userId)) {
+                    return REASON_PHONE_STATE;
+                }
+                return null;
             }
-
             return null;
         }
 
+        private boolean isAccessibilityTool(@NonNull String packageName, @UserIdInt int userId) {
+            AccessibilityManager am;
+            synchronized (mUserAccessibilityManagers) {
+                if (!mUserAccessibilityManagers.containsKey(userId)) {
+                    Context userContext =
+                            getContext().createContextAsUser(UserHandle.of(userId), 0);
+                    mUserAccessibilityManagers.put(userId, userContext.getSystemService(
+                            AccessibilityManager.class));
+                }
+                am = mUserAccessibilityManagers.get(userId);
+            }
+            List<AccessibilityServiceInfo> infos = am.getInstalledAccessibilityServiceList();
+            for (int i = 0; i < infos.size(); i++) {
+                AccessibilityServiceInfo info = infos.get(i);
+                String servicePackageName = null;
+                if (info.getResolveInfo() != null && info.getResolveInfo().serviceInfo != null) {
+                    servicePackageName = info.getResolveInfo().serviceInfo.packageName;
+                }
+                if (packageName.equals(servicePackageName)) {
+                    return info.isAccessibilityTool();
+                }
+            }
+            return false;
+        }
+
         @Nullable
         private ApplicationInfo getApplicationInfoAsUser(@Nullable String packageName,
                 @UserIdInt int userId) {