AM: introduce ActivityOptions.setLockTaskMode().
This new API allows any activity to be launched into LockTask mode, as
if the package of the activity has declared "lockTaskMode =
if_whitelisted" in its manifest.
The lockTaskLaunchMode logic is also moved from TaskRecord to
ActivityRecord, in order to accommodate the new path from
ActivityOptions.
Bug: 66124180
Test: cts-tradefed run cts-dev --module DevicePolicyManager -t com.android.cts.devicepolicy.DeviceOwnerTest#testLockTask_deviceOwnerUser
Test: bit FrameworksServicesTests:com.android.server.am.LockTaskControllerTest
Test: manual, with TestDPC's kiosk mode
Change-Id: I786bf194ed20a212bbad1f3cdb9394cc77aa4d77
diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
index 5221afd..2ed7960 100644
--- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java
@@ -1611,6 +1611,16 @@
Slog.w(TAG, msg);
throw new SecurityException(msg);
}
+ // Check if someone tries to launch an unwhitelisted activity into LockTask mode.
+ final boolean lockTaskMode = options.getLockTaskMode();
+ if (lockTaskMode && !mService.mLockTaskController.isPackageWhitelisted(
+ UserHandle.getUserId(callingUid), aInfo.packageName)) {
+ final String msg = "Permission Denial: starting " + intent.toString()
+ + " from " + callerApp + " (pid=" + callingPid
+ + ", uid=" + callingUid + ") with lockTaskMode=true";
+ Slog.w(TAG, msg);
+ throw new SecurityException(msg);
+ }
}
return true;