Push the device owner packageName from DPMS to ATMS
instead of calling DPM.isDeviceOwnerApp()
Due to lock ordering AM/ATM cannot call DPM directly.
Bug: 123950811
Test: atest WmTests:ActivityStarterTests
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: manual with TestDPC (set DO, reboot device, etc.)
Change-Id: I14c6f48fe07243fe324ea41e9403c37aaceea304
diff --git a/services/core/java/com/android/server/wm/ActivityStarter.java b/services/core/java/com/android/server/wm/ActivityStarter.java
index 678a896..c33a2c1 100644
--- a/services/core/java/com/android/server/wm/ActivityStarter.java
+++ b/services/core/java/com/android/server/wm/ActivityStarter.java
@@ -989,8 +989,8 @@
if (mSupervisor.mRecentTasks.isCallerRecents(callingUid)) {
return false;
}
- // don't abort if the callingPackage is a device owner
- if (mService.getDevicePolicyManager().isDeviceOwnerApp(callingPackage)) {
+ // don't abort if the callingPackage is the device owner
+ if (mService.isDeviceOwner(callingPackage)) {
return false;
}
// anything that has fallen through would currently be aborted
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java b/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java
index 1a5e6a1..5a20959 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java
@@ -492,4 +492,9 @@
/** Returns true if uid has a visible window or its process is in a top state. */
public abstract boolean isUidForeground(int uid);
+
+ /**
+ * Called by DevicePolicyManagerService to set the package name of the device owner.
+ */
+ public abstract void setDeviceOwnerPackageName(String deviceOwnerPkg);
}
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index 875fc4e..a0c71d4 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -151,7 +151,6 @@
import android.app.WaitResult;
import android.app.WindowConfiguration;
import android.app.admin.DevicePolicyCache;
-import android.app.admin.DevicePolicyManager;
import android.app.assist.AssistContent;
import android.app.assist.AssistStructure;
import android.app.usage.UsageStatsManagerInternal;
@@ -363,7 +362,6 @@
WindowManagerService mWindowManager;
private UserManagerService mUserManager;
private AppOpsService mAppOpsService;
- private DevicePolicyManager mDpm;
/** All active uids in the system. */
private final SparseArray<Integer> mActiveUids = new SparseArray<>();
private final SparseArray<String> mPendingTempWhitelist = new SparseArray<>();
@@ -623,6 +621,8 @@
private FontScaleSettingObserver mFontScaleSettingObserver;
+ private String mDeviceOwnerPackageName;
+
private final class FontScaleSettingObserver extends ContentObserver {
private final Uri mFontScaleUri = Settings.System.getUriFor(FONT_SCALE);
private final Uri mHideErrorDialogsUri = Settings.Global.getUriFor(HIDE_ERROR_DIALOGS);
@@ -838,13 +838,6 @@
return mAppOpsService;
}
- DevicePolicyManager getDevicePolicyManager() {
- if (mDpm == null) {
- mDpm = mContext.getSystemService(DevicePolicyManager.class);
- }
- return mDpm;
- }
-
boolean hasUserRestriction(String restriction, int userId) {
return getUserManager().hasUserRestriction(restriction, userId);
}
@@ -5691,6 +5684,17 @@
|| mWindowManager.mRoot.isAnyNonToastWindowVisibleForUid(uid);
}
+ boolean isDeviceOwner(String packageName) {
+ if (packageName == null) {
+ return false;
+ }
+ return packageName.equals(mDeviceOwnerPackageName);
+ }
+
+ void setDeviceOwnerPackageName(String deviceOwnerPkg) {
+ mDeviceOwnerPackageName = deviceOwnerPkg;
+ }
+
/**
* @return whitelist tag for a uid from mPendingTempWhitelist, null if not currently on
* the whitelist
@@ -7108,5 +7112,12 @@
return ActivityTaskManagerService.this.isUidForeground(uid);
}
}
+
+ @Override
+ public void setDeviceOwnerPackageName(String deviceOwnerPkg) {
+ synchronized (mGlobalLock) {
+ ActivityTaskManagerService.this.setDeviceOwnerPackageName(deviceOwnerPkg);
+ }
+ }
}
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index e30acf7..093ac89 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -247,6 +247,7 @@
import com.android.server.pm.UserRestrictionsUtils;
import com.android.server.storage.DeviceStorageMonitorInternal;
import com.android.server.uri.UriGrantsManagerInternal;
+import com.android.server.wm.ActivityTaskManagerInternal;
import com.google.android.collect.Sets;
@@ -1870,7 +1871,7 @@
Owners newOwners() {
return new Owners(getUserManager(), getUserManagerInternal(),
- getPackageManagerInternal());
+ getPackageManagerInternal(), getActivityTaskManagerInternal());
}
UserManager getUserManager() {
@@ -1885,6 +1886,10 @@
return LocalServices.getService(PackageManagerInternal.class);
}
+ ActivityTaskManagerInternal getActivityTaskManagerInternal() {
+ return LocalServices.getService(ActivityTaskManagerInternal.class);
+ }
+
UsageStatsManagerInternal getUsageStatsManagerInternal() {
return LocalServices.getService(UsageStatsManagerInternal.class);
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
index ee1c1df3..27cd70c 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
@@ -41,6 +41,7 @@
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.FastXmlSerializer;
import com.android.server.LocalServices;
+import com.android.server.wm.ActivityTaskManagerInternal;
import libcore.io.IoUtils;
@@ -104,6 +105,7 @@
private final UserManager mUserManager;
private final UserManagerInternal mUserManagerInternal;
private final PackageManagerInternal mPackageManagerInternal;
+ private final ActivityTaskManagerInternal mActivityTaskManagerInternal;
private boolean mSystemReady;
@@ -129,18 +131,22 @@
public Owners(UserManager userManager,
UserManagerInternal userManagerInternal,
- PackageManagerInternal packageManagerInternal) {
- this(userManager, userManagerInternal, packageManagerInternal, new Injector());
+ PackageManagerInternal packageManagerInternal,
+ ActivityTaskManagerInternal activityTaskManagerInternal) {
+ this(userManager, userManagerInternal, packageManagerInternal,
+ activityTaskManagerInternal, new Injector());
}
@VisibleForTesting
Owners(UserManager userManager,
UserManagerInternal userManagerInternal,
PackageManagerInternal packageManagerInternal,
+ ActivityTaskManagerInternal activityTaskManagerInternal,
Injector injector) {
mUserManager = userManager;
mUserManagerInternal = userManagerInternal;
mPackageManagerInternal = packageManagerInternal;
+ mActivityTaskManagerInternal = activityTaskManagerInternal;
mInjector = injector;
}
@@ -187,6 +193,7 @@
getDeviceOwnerUserId()));
}
pushToPackageManagerLocked();
+ pushToActivityTaskManagerLocked();
pushToAppOpsLocked();
}
}
@@ -201,6 +208,11 @@
po);
}
+ private void pushToActivityTaskManagerLocked() {
+ mActivityTaskManagerInternal.setDeviceOwnerPackageName(mDeviceOwner != null
+ ? mDeviceOwner.packageName : null);
+ }
+
String getDeviceOwnerPackageName() {
synchronized (mLock) {
return mDeviceOwner != null ? mDeviceOwner.packageName : null;
@@ -275,6 +287,7 @@
mUserManagerInternal.setDeviceManaged(true);
pushToPackageManagerLocked();
+ pushToActivityTaskManagerLocked();
pushToAppOpsLocked();
}
}
@@ -286,6 +299,7 @@
mUserManagerInternal.setDeviceManaged(false);
pushToPackageManagerLocked();
+ pushToActivityTaskManagerLocked();
pushToAppOpsLocked();
}
}
@@ -333,6 +347,7 @@
mDeviceOwner.remoteBugreportHash, /* canAccessDeviceIds =*/
mDeviceOwner.canAccessDeviceIds);
pushToPackageManagerLocked();
+ pushToActivityTaskManagerLocked();
pushToAppOpsLocked();
}
}
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
index a847b6a..2ce4c54 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
@@ -65,7 +65,8 @@
public OwnersTestable(MockSystemServices services) {
super(services.userManager, services.userManagerInternal,
- services.packageManagerInternal, new MockInjector(services));
+ services.packageManagerInternal, services.activityTaskManagerInternal,
+ new MockInjector(services));
}
static class MockInjector extends Injector {
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/MockSystemServices.java b/services/tests/servicestests/src/com/android/server/devicepolicy/MockSystemServices.java
index 4724f1c..8f0aeea 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/MockSystemServices.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/MockSystemServices.java
@@ -64,6 +64,7 @@
import com.android.internal.util.test.FakeSettingsProvider;
import com.android.internal.widget.LockPatternUtils;
import com.android.server.net.NetworkPolicyManagerInternal;
+import com.android.server.wm.ActivityTaskManagerInternal;
import java.io.File;
import java.io.IOException;
@@ -94,6 +95,7 @@
public final IActivityManager iactivityManager;
public final IActivityTaskManager iactivityTaskManager;
public ActivityManagerInternal activityManagerInternal;
+ public ActivityTaskManagerInternal activityTaskManagerInternal;
public final IPackageManager ipackageManager;
public final IBackupManager ibackupManager;
public final IAudioService iaudioService;
@@ -133,6 +135,7 @@
iactivityManager = mock(IActivityManager.class);
iactivityTaskManager = mock(IActivityTaskManager.class);
activityManagerInternal = mock(ActivityManagerInternal.class);
+ activityTaskManagerInternal = mock(ActivityTaskManagerInternal.class);
ipackageManager = mock(IPackageManager.class);
ibackupManager = mock(IBackupManager.class);
iaudioService = mock(IAudioService.class);
diff --git a/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java b/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java
index 60f1ae26..392b010 100644
--- a/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java
+++ b/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java
@@ -61,7 +61,6 @@
import android.app.ActivityOptions;
import android.app.IApplicationThread;
-import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Intent;
import android.content.pm.ActivityInfo;
@@ -643,7 +642,7 @@
UNIMPORTANT_UID2, false, PROCESS_STATE_TOP + 1,
false, false, false, true, false);
runAndVerifyBackgroundActivityStartsSubtest(
- "disallowed_callingPackageIsDeviceOwner_notAborted", false,
+ "disallowed_callingPackageNameIsDeviceOwner_notAborted", false,
UNIMPORTANT_UID, false, PROCESS_STATE_TOP + 1,
UNIMPORTANT_UID2, false, PROCESS_STATE_TOP + 1,
false, false, false, false, true);
@@ -655,7 +654,7 @@
boolean hasForegroundActivities, boolean callerIsRecents,
boolean callerIsTempWhitelisted,
boolean callerIsInstrumentingWithBackgroundActivityStartPrivileges,
- boolean isCallingPackageDeviceOwner) {
+ boolean isCallingPackageNameDeviceOwner) {
// window visibility
doReturn(callingUidHasVisibleWindow).when(mService.mWindowManager.mRoot)
.isAnyNonToastWindowVisibleForUid(callingUid);
@@ -681,9 +680,8 @@
// caller is instrumenting with background activity starts privileges
callerApp.setInstrumenting(callerIsInstrumentingWithBackgroundActivityStartPrivileges,
callerIsInstrumentingWithBackgroundActivityStartPrivileges);
- // caller is device owner
- DevicePolicyManager dpmMock = mService.getDevicePolicyManager();
- doReturn(isCallingPackageDeviceOwner).when(dpmMock).isDeviceOwnerApp(any());
+ // calling package name is whitelisted
+ doReturn(isCallingPackageNameDeviceOwner).when(mService).isDeviceOwner(any());
final ActivityOptions options = spy(ActivityOptions.makeBasic());
ActivityStarter starter = prepareStarter(FLAG_ACTIVITY_NEW_TASK)
diff --git a/services/tests/wmtests/src/com/android/server/wm/ActivityTestsBase.java b/services/tests/wmtests/src/com/android/server/wm/ActivityTestsBase.java
index e27dd94..3b399ff 100644
--- a/services/tests/wmtests/src/com/android/server/wm/ActivityTestsBase.java
+++ b/services/tests/wmtests/src/com/android/server/wm/ActivityTestsBase.java
@@ -42,7 +42,6 @@
import android.app.ActivityManagerInternal;
import android.app.ActivityOptions;
import android.app.IApplicationThread;
-import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
@@ -425,7 +424,6 @@
spyOn(getLifecycleManager());
spyOn(getLockTaskController());
doReturn(mock(IPackageManager.class)).when(this).getPackageManager();
- doReturn(mock(DevicePolicyManager.class)).when(this).getDevicePolicyManager();
// allow background activity starts by default
doReturn(true).when(this).isBackgroundActivityStartsEnabled();
doNothing().when(this).updateCpuStats();