Change behaviour of screen capture disabled
Background
* Historically, when the screen capture disabled
policy was set on the personal profile, screen
capture was disabled for the whole device
(per-device).
* This should be changed to only be disabled in
the personal profile (per-profile).
Changes
* Renamed DevicePolicyCache methods to setScreenCaptureAllowed
and isScreenCaptureAllowed
* Added parameter ownerCanAddInternalSystemWindow to
isScreenCaptureAllowed
Bug: 148453838
Bug: 157035400
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: If1bd68f0ec3e88497c5d3b4382977b526b2364ba
diff --git a/services/core/java/com/android/server/wm/ActivityRecord.java b/services/core/java/com/android/server/wm/ActivityRecord.java
index 5668454..c5d2905 100644
--- a/services/core/java/com/android/server/wm/ActivityRecord.java
+++ b/services/core/java/com/android/server/wm/ActivityRecord.java
@@ -4341,9 +4341,8 @@
* screenshot.
*/
boolean shouldUseAppThemeSnapshot() {
- return mDisablePreviewScreenshots || forAllWindows(w -> {
- return mWmService.isSecureLocked(w);
- }, true /* topToBottom */);
+ return mDisablePreviewScreenshots || forAllWindows(WindowState::isSecureLocked,
+ true /* topToBottom */);
}
/**
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index 6dd1ea9..b695f5a 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -3824,7 +3824,7 @@
}
userId = activity.mUserId;
}
- return !DevicePolicyCache.getInstance().getScreenCaptureDisabled(userId);
+ return DevicePolicyCache.getInstance().isScreenCaptureAllowed(userId, false);
}
@Override
diff --git a/services/core/java/com/android/server/wm/DisplayContent.java b/services/core/java/com/android/server/wm/DisplayContent.java
index d558839..0b56c8e 100644
--- a/services/core/java/com/android/server/wm/DisplayContent.java
+++ b/services/core/java/com/android/server/wm/DisplayContent.java
@@ -3781,7 +3781,7 @@
}
boolean hasSecureWindowOnScreen() {
- final WindowState win = getWindow(w -> w.isOnScreen() && mWmService.isSecureLocked(w));
+ final WindowState win = getWindow(w -> w.isOnScreen() && w.isSecureLocked());
return win != null;
}
diff --git a/services/core/java/com/android/server/wm/RootWindowContainer.java b/services/core/java/com/android/server/wm/RootWindowContainer.java
index 583663c..45a36e5 100644
--- a/services/core/java/com/android/server/wm/RootWindowContainer.java
+++ b/services/core/java/com/android/server/wm/RootWindowContainer.java
@@ -662,10 +662,10 @@
}
}
- void setSecureSurfaceState(int userId, boolean disabled) {
+ void setSecureSurfaceState(int userId) {
forAllWindows((w) -> {
if (w.mHasSurface && userId == w.mShowUserId) {
- w.mWinAnimator.setSecureLocked(disabled);
+ w.mWinAnimator.setSecureLocked(w.isSecureLocked());
}
}, true /* traverseTopToBottom */);
}
diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java
index 10d0757..3d2373a 100644
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -139,7 +139,6 @@
import android.app.IActivityTaskManager;
import android.app.IAssistDataReceiver;
import android.app.WindowConfiguration;
-import android.app.admin.DevicePolicyCache;
import android.content.BroadcastReceiver;
import android.content.ContentResolver;
import android.content.Context;
@@ -1881,16 +1880,6 @@
}
}
- boolean isSecureLocked(WindowState w) {
- if ((w.mAttrs.flags&WindowManager.LayoutParams.FLAG_SECURE) != 0) {
- return true;
- }
- if (DevicePolicyCache.getInstance().getScreenCaptureDisabled(w.mShowUserId)) {
- return true;
- }
- return false;
- }
-
/**
* Set whether screen capture is disabled for all windows of a specific user from
* the device policy cache.
@@ -1904,8 +1893,7 @@
synchronized (mGlobalLock) {
// Update secure surface for all windows belonging to this user.
- mRoot.setSecureSurfaceState(userId,
- DevicePolicyCache.getInstance().getScreenCaptureDisabled(userId));
+ mRoot.setSecureSurfaceState(userId);
}
}
@@ -2255,7 +2243,7 @@
&& (win.mAttrs.flags & FLAG_SHOW_WALLPAPER) != 0;
wallpaperMayMove |= (flagChanges & FLAG_SHOW_WALLPAPER) != 0;
if ((flagChanges & FLAG_SECURE) != 0 && winAnimator.mSurfaceController != null) {
- winAnimator.mSurfaceController.setSecure(isSecureLocked(win));
+ winAnimator.mSurfaceController.setSecure(win.isSecureLocked());
}
win.mRelayoutCalled = true;
diff --git a/services/core/java/com/android/server/wm/WindowState.java b/services/core/java/com/android/server/wm/WindowState.java
index 3532edf..6f439ae 100644
--- a/services/core/java/com/android/server/wm/WindowState.java
+++ b/services/core/java/com/android/server/wm/WindowState.java
@@ -176,6 +176,7 @@
import android.annotation.CallSuper;
import android.annotation.Nullable;
import android.app.AppOpsManager;
+import android.app.admin.DevicePolicyCache;
import android.content.Context;
import android.content.res.Configuration;
import android.graphics.Matrix;
@@ -1744,6 +1745,14 @@
&& mActivityRecord.getActivityType() == ACTIVITY_TYPE_DREAM;
}
+ boolean isSecureLocked() {
+ if ((mAttrs.flags & WindowManager.LayoutParams.FLAG_SECURE) != 0) {
+ return true;
+ }
+ return !DevicePolicyCache.getInstance().isScreenCaptureAllowed(mShowUserId,
+ mOwnerCanAddInternalSystemWindow);
+ }
+
/**
* Whether this window's drawn state might affect the drawn states of the app token.
*
diff --git a/services/core/java/com/android/server/wm/WindowStateAnimator.java b/services/core/java/com/android/server/wm/WindowStateAnimator.java
index 8115ac8..508d2d4 100644
--- a/services/core/java/com/android/server/wm/WindowStateAnimator.java
+++ b/services/core/java/com/android/server/wm/WindowStateAnimator.java
@@ -476,7 +476,7 @@
int flags = SurfaceControl.HIDDEN;
final WindowManager.LayoutParams attrs = w.mAttrs;
- if (mService.isSecureLocked(w)) {
+ if (w.isSecureLocked()) {
flags |= SurfaceControl.SECURE;
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java
index f3a6935..d616ed3 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java
@@ -51,15 +51,15 @@
}
@Override
- public boolean getScreenCaptureDisabled(int userHandle) {
+ public boolean isScreenCaptureAllowed(int userHandle, boolean ownerCanAddInternalSystemWindow) {
synchronized (mLock) {
- return mScreenCaptureDisabled.get(userHandle);
+ return !mScreenCaptureDisabled.get(userHandle) || ownerCanAddInternalSystemWindow;
}
}
- public void setScreenCaptureDisabled(int userHandle, boolean disabled) {
+ public void setScreenCaptureAllowed(int userHandle, boolean allowed) {
synchronized (mLock) {
- mScreenCaptureDisabled.put(userHandle, disabled);
+ mScreenCaptureDisabled.put(userHandle, !allowed);
}
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 401649a..c6b93d6 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -7990,7 +7990,7 @@
}
private void updateScreenCaptureDisabled(int userHandle, boolean disabled) {
- mPolicyCache.setScreenCaptureDisabled(userHandle, disabled);
+ mPolicyCache.setScreenCaptureAllowed(userHandle, !disabled);
mHandler.post(() -> {
try {
mInjector.getIWindowManager().refreshScreenCaptureDisabled(userHandle);