diff options
| -rw-r--r-- | api/current.txt | 1 | ||||
| -rw-r--r-- | api/system-current.txt | 1 | ||||
| -rw-r--r-- | core/java/android/app/Activity.java | 22 | ||||
| -rw-r--r-- | core/java/android/content/pm/ActivityInfo.java | 44 | ||||
| -rw-r--r-- | core/java/android/content/pm/PackageParser.java | 3 | ||||
| -rw-r--r-- | core/res/res/values/attrs_manifest.xml | 52 | ||||
| -rw-r--r-- | core/res/res/values/public.xml | 1 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 124 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityStack.java | 13 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityStackSupervisor.java | 189 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/TaskRecord.java | 77 | ||||
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 3 |
12 files changed, 390 insertions, 140 deletions
diff --git a/api/current.txt b/api/current.txt index 7575a07..cf3f489 100644 --- a/api/current.txt +++ b/api/current.txt @@ -815,6 +815,7 @@ package android { field public static final int listSeparatorTextViewStyle = 16843272; // 0x1010208 field public static final int listViewStyle = 16842868; // 0x1010074 field public static final int listViewWhiteStyle = 16842869; // 0x1010075 + field public static final int lockTaskMode = 16844013; // 0x10104ed field public static final int logo = 16843454; // 0x10102be field public static final int longClickable = 16842982; // 0x10100e6 field public static final int loopViews = 16843527; // 0x1010307 diff --git a/api/system-current.txt b/api/system-current.txt index fb44b61..15c00f4 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -888,6 +888,7 @@ package android { field public static final int listSeparatorTextViewStyle = 16843272; // 0x1010208 field public static final int listViewStyle = 16842868; // 0x1010074 field public static final int listViewWhiteStyle = 16842869; // 0x1010075 + field public static final int lockTaskMode = 16844013; // 0x10104ed field public static final int logo = 16843454; // 0x10102be field public static final int longClickable = 16842982; // 0x10100e6 field public static final int loopViews = 16843527; // 0x1010307 diff --git a/core/java/android/app/Activity.java b/core/java/android/app/Activity.java index 6cf6481..4ccde1c 100644 --- a/core/java/android/app/Activity.java +++ b/core/java/android/app/Activity.java @@ -6434,18 +6434,22 @@ public class Activity extends ContextThemeWrapper * Request to put this Activity in a mode where the user is locked to the * current task. * - * This will prevent the user from launching other apps, going to settings, - * or reaching the home screen. + * This will prevent the user from launching other apps, going to settings, or reaching the + * home screen. This does not include those apps whose {@link android.R.attr#lockTaskMode} + * values permit launching while locked. * - * If {@link DevicePolicyManager#isLockTaskPermitted(String)} returns true - * for this component then the app will go directly into Lock Task mode. The user - * will not be able to exit this mode until {@link Activity#stopLockTask()} is called. + * If {@link DevicePolicyManager#isLockTaskPermitted(String)} returns true or + * lockTaskMode=lockTaskModeAlways for this component then the app will go directly into + * Lock Task mode. The user will not be able to exit this mode until + * {@link Activity#stopLockTask()} is called. * * If {@link DevicePolicyManager#isLockTaskPermitted(String)} returns false * then the system will prompt the user with a dialog requesting permission to enter * this mode. When entered through this method the user can exit at any time through * an action described by the request dialog. Calling stopLockTask will also exit the * mode. + * + * @see android.R.attr#lockTaskMode */ public void startLockTask() { try { @@ -6462,6 +6466,14 @@ public class Activity extends ContextThemeWrapper * startLockTask previously. * * This will allow the user to exit this app and move onto other activities. + * <p>Note: This method should only be called when the activity is user-facing. That is, + * between onResume() and onPause(). + * <p>Note: If there are other tasks below this one that are also locked then calling this + * method will immediately finish this task and resume the previous locked one, remaining in + * lockTask mode. + * + * @see android.R.attr#lockTaskMode + * @see ActivityManager#getLockTaskModeState() */ public void stopLockTask() { try { diff --git a/core/java/android/content/pm/ActivityInfo.java b/core/java/android/content/pm/ActivityInfo.java index 4723c0d..8d82aa2 100644 --- a/core/java/android/content/pm/ActivityInfo.java +++ b/core/java/android/content/pm/ActivityInfo.java @@ -609,7 +609,7 @@ public class ActivityInfo extends ComponentInfo * attribute. */ public int configChanges; - + /** * The desired soft input mode for this activity's main window. * Set from the {@link android.R.attr#windowSoftInputMode} attribute @@ -648,6 +648,37 @@ public class ActivityInfo extends ComponentInfo */ public boolean resizeable; + /** @hide */ + public static final int LOCK_TASK_LAUNCH_MODE_DEFAULT = 0; + /** @hide */ + public static final int LOCK_TASK_LAUNCH_MODE_NEVER = 1; + /** @hide */ + public static final int LOCK_TASK_LAUNCH_MODE_ALWAYS = 2; + /** @hide */ + public static final int LOCK_TASK_LAUNCH_MODE_IF_WHITELISTED = 3; + + /** @hide */ + public static final String lockTaskLaunchModeToString(int lockTaskLaunchMode) { + switch (lockTaskLaunchMode) { + case LOCK_TASK_LAUNCH_MODE_DEFAULT: + return "LOCK_TASK_LAUNCH_MODE_DEFAULT"; + case LOCK_TASK_LAUNCH_MODE_NEVER: + return "LOCK_TASK_LAUNCH_MODE_NEVER"; + case LOCK_TASK_LAUNCH_MODE_ALWAYS: + return "LOCK_TASK_LAUNCH_MODE_ALWAYS"; + case LOCK_TASK_LAUNCH_MODE_IF_WHITELISTED: + return "LOCK_TASK_LAUNCH_MODE_IF_WHITELISTED"; + default: + return "unknown=" + lockTaskLaunchMode; + } + } + /** + * Value indicating if the activity is to be locked at startup. Takes on the values from + * {@link android.R.attr#lockTaskMode}. + * @hide + */ + public int lockTaskLaunchMode; + public ActivityInfo() { } @@ -665,13 +696,15 @@ public class ActivityInfo extends ComponentInfo uiOptions = orig.uiOptions; parentActivityName = orig.parentActivityName; maxRecents = orig.maxRecents; + resizeable = orig.resizeable; + lockTaskLaunchMode = orig.lockTaskLaunchMode; } - + /** * Return the theme resource identifier to use for this activity. If * the activity defines a theme, that is used; else, the application * theme is used. - * + * * @return The theme associated with this activity. */ public final int getThemeResource() { @@ -709,7 +742,8 @@ public class ActivityInfo extends ComponentInfo if (uiOptions != 0) { pw.println(prefix + " uiOptions=0x" + Integer.toHexString(uiOptions)); } - pw.println(prefix + "resizeable=" + resizeable); + pw.println(prefix + "resizeable=" + resizeable + " lockTaskLaunchMode=" + + lockTaskLaunchModeToString(lockTaskLaunchMode)); super.dumpBack(pw, prefix); } @@ -739,6 +773,7 @@ public class ActivityInfo extends ComponentInfo dest.writeInt(persistableMode); dest.writeInt(maxRecents); dest.writeInt(resizeable ? 1 : 0); + dest.writeInt(lockTaskLaunchMode); } public static final Parcelable.Creator<ActivityInfo> CREATOR @@ -767,5 +802,6 @@ public class ActivityInfo extends ComponentInfo persistableMode = source.readInt(); maxRecents = source.readInt(); resizeable = (source.readInt() == 1); + lockTaskLaunchMode = source.readInt(); } } diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java index 7464cab..40f4e8f 100644 --- a/core/java/android/content/pm/PackageParser.java +++ b/core/java/android/content/pm/PackageParser.java @@ -3159,6 +3159,9 @@ public class PackageParser { R.styleable.AndroidManifestActivity_screenOrientation, ActivityInfo.SCREEN_ORIENTATION_UNSPECIFIED); } + + a.info.lockTaskLaunchMode = + sa.getInt(R.styleable.AndroidManifestActivity_lockTaskMode, 0); } else { a.info.launchMode = ActivityInfo.LAUNCH_MULTIPLE; a.info.configChanges = 0; diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml index 5ffe57e..31c221b 100644 --- a/core/res/res/values/attrs_manifest.xml +++ b/core/res/res/values/attrs_manifest.xml @@ -1038,6 +1038,47 @@ activity. --> <attr name="resizeableActivity" format="boolean" /> + <!-- This value indicates how tasks rooted at this activity will behave in lockTask mode. + While in lockTask mode the system will not launch non-permitted tasks until + lockTask mode is disabled. + <p>While in lockTask mode with multiple permitted tasks running, each launched task is + permitted to finish, transitioning to the previous locked task, until there is only one + task remaining. At that point the last task running is not permitted to finish. --> + <attr name="lockTaskMode"> + <!-- This is the default value. Tasks will not launch into lockTask mode but can be + placed there by calling {@link android.app.Activity#startLockTask}. If a task with + this mode has been whitelisted using {@link + android.app.admin.DevicePolicyManager#setLockTaskPackages} then calling startLockTask + will enter lockTask mode immediately, otherwise the user will be presented with a + dialog to approve entering lockTask mode. + <p>If the system is already in lockTask mode when a new task rooted at this activity + is launched that task will or will not start depending on whether the package of this + activity has been whitelisted. + <p>Tasks rooted at this activity can only exit lockTask mode using stopLockTask(). --> + <enum name="lockTaskModeDefault" value="0"/> + <!-- Tasks will not launch into lockTask mode and cannot be placed there using + {@link android.app.Activity#startLockTask} or be pinned from the Overview screen. + If the system is already in lockTask mode when a new task rooted at this activity is + launched that task will not be started. + <p>Note: This mode is only available to system and privileged applications. + Non-privileged apps with this value will be treated as lockTaskModeDefault. + --> + <enum name="lockTaskModeNever" value="1"/> + <!-- Tasks rooted at this activity will always launch into lockTask mode. If the system is + already in lockTask mode when this task is launched then the new task will be launched + on top of the current task. Tasks launched in this mode are capable of exiting + lockTask mode using finish(), whereas tasks entering lockTask mode using + startLockTask() must use stopLockTask() to exit. + <p>Note: This mode is only available to system and privileged applications. + Non-privileged apps with this value will be treated as lockTaskModeDefault. + --> + <enum name="lockTaskModeAlways" value="2"/> + <!-- If the DevicePolicyManager (DPM) authorizes this package ({@link + android.app.admin.DevicePolicyManager#setLockTaskPackages}) then this mode is + identical to lockTaskModeAlways. If the DPM does not authorize this package then this + mode is identical to lockTaskModeDefault. --> + <enum name="lockTaskModeIfWhitelisted" value="3"/> + </attr> <!-- When set installer will extract native libraries. If set to false libraries in the apk must be stored and page-aligned. --> <attr name="extractNativeLibs" format="boolean"/> @@ -1684,7 +1725,7 @@ {@link android.app.Activity} class that is available as part of the package's application components, implementing a part of the application's user interface. - + <p>Zero or more {@link #AndroidManifestIntentFilter intent-filter} tags can be included inside of an activity, to specify the Intents that it can handle. If none are specified, the activity can @@ -1746,12 +1787,13 @@ <attr name="relinquishTaskIdentity" /> <attr name="resumeWhilePausing" /> <attr name="resizeableActivity" /> + <attr name="lockTaskMode" /> </declare-styleable> - + <!-- The <code>activity-alias</code> tag declares a new name for an existing {@link #AndroidManifestActivity activity} tag. - + <p>Zero or more {@link #AndroidManifestIntentFilter intent-filter} tags can be included inside of an activity-alias, to specify the Intents that it can handle. If none are specified, the activity can @@ -1769,7 +1811,7 @@ must be in the same manifest as the alias, and have been defined in that manifest before the alias here. This must use a Java-style naming convention to ensure the name is unique, for example - "com.mycompany.MyName". --> + "com.mycompany.MyName". --> <attr name="targetActivity" format="string" /> <attr name="label" /> <attr name="description" /> @@ -1785,7 +1827,7 @@ <attr name="exported" /> <attr name="parentActivityName" /> </declare-styleable> - + <!-- The <code>meta-data</code> tag is used to attach additional arbitrary data to an application component. The data can later be retrieved programmatically from the diff --git a/core/res/res/values/public.xml b/core/res/res/values/public.xml index c2f2c6d..f9d43bd 100644 --- a/core/res/res/values/public.xml +++ b/core/res/res/values/public.xml @@ -2653,6 +2653,7 @@ <public type="attr" name="colorBackgroundFloating" /> <public type="attr" name="extractNativeLibs" /> <public type="attr" name="usesCleartextTraffic" /> + <public type="attr" name="lockTaskMode" /> <!--IntentFilter auto verification --> <public type="attr" name="autoVerify" /> diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index b606353..f25808b 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -26,10 +26,14 @@ import static com.android.internal.util.XmlUtils.readLongAttribute; import static com.android.internal.util.XmlUtils.writeBooleanAttribute; import static com.android.internal.util.XmlUtils.writeIntAttribute; import static com.android.internal.util.XmlUtils.writeLongAttribute; -import static com.android.server.am.ActivityStackSupervisor.HOME_STACK_ID; +import static com.android.server.Watchdog.NATIVE_STACKS_OF_INTEREST; import static com.android.server.am.ActivityManagerDebugConfig.*; +import static com.android.server.am.ActivityStackSupervisor.HOME_STACK_ID; import static com.android.server.am.TaskRecord.INVALID_TASK_ID; -import static com.android.server.Watchdog.NATIVE_STACKS_OF_INTEREST; +import static com.android.server.am.TaskRecord.LOCK_TASK_AUTH_DONT_LOCK; +import static com.android.server.am.TaskRecord.LOCK_TASK_AUTH_LAUNCHABLE; +import static com.android.server.am.TaskRecord.LOCK_TASK_AUTH_PINNABLE; +import static com.android.server.am.TaskRecord.LOCK_TASK_AUTH_WHITELISTED; import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT; import static org.xmlpull.v1.XmlPullParser.START_TAG; @@ -3982,13 +3986,13 @@ public final class ActivityManagerService extends ActivityManagerNative if (rootR == null) { Slog.w(TAG, "Finishing task with all activities already finished"); } - // Do not allow task to finish in Lock Task mode. - if (tr == mStackSupervisor.mLockTaskModeTask) { - if (rootR == r) { - Slog.i(TAG, "Not finishing task in lock task mode"); - mStackSupervisor.showLockTaskToast(); - return false; - } + // Do not allow task to finish if last task in lockTask mode. Launchable apps can + // finish themselves. + if (tr.mLockTaskAuth != LOCK_TASK_AUTH_LAUNCHABLE && rootR == r && + mStackSupervisor.isLastLockedTask(tr)) { + Slog.i(TAG, "Not finishing task in lock task mode"); + mStackSupervisor.showLockTaskToast(); + return false; } if (mController != null) { // Find the first activity that is not finishing. @@ -4142,20 +4146,18 @@ public final class ActivityManagerService extends ActivityManagerNative final long origId = Binder.clearCallingIdentity(); try { ActivityRecord r = ActivityRecord.isInStackLocked(token); - - ActivityRecord rootR = r.task.getRootActivity(); - // Do not allow task to finish in Lock Task mode. - if (r.task == mStackSupervisor.mLockTaskModeTask) { - if (rootR == r) { - mStackSupervisor.showLockTaskToast(); - return false; - } + if (r == null) { + return false; } - boolean res = false; - if (r != null) { - res = r.task.stack.finishActivityAffinityLocked(r); + + // Do not allow the last non-launchable task to finish in Lock Task mode. + final TaskRecord task = r.task; + if (task.mLockTaskAuth != LOCK_TASK_AUTH_LAUNCHABLE && + mStackSupervisor.isLastLockedTask(task) && task.getRootActivity() == r) { + mStackSupervisor.showLockTaskToast(); + return false; } - return res; + return task.stack.finishActivityAffinityLocked(r); } finally { Binder.restoreCallingIdentity(origId); } @@ -8336,9 +8338,9 @@ public final class ActivityManagerService extends ActivityManagerNative final long origId = Binder.clearCallingIdentity(); try { int taskId = ActivityRecord.getTaskForActivityLocked(token, !nonRoot); - if (taskId >= 0) { - if ((mStackSupervisor.mLockTaskModeTask != null) - && (mStackSupervisor.mLockTaskModeTask.taskId == taskId)) { + final TaskRecord task = mRecentTasks.taskForIdLocked(taskId); + if (task != null) { + if (mStackSupervisor.isLockedTask(task)) { mStackSupervisor.showLockTaskToast(); return false; } @@ -8520,47 +8522,45 @@ public final class ActivityManagerService extends ActivityManagerNative @Override public void updateLockTaskPackages(int userId, String[] packages) { - if (Binder.getCallingUid() != Process.SYSTEM_UID) { + final int callingUid = Binder.getCallingUid(); + if (callingUid != 0 && callingUid != Process.SYSTEM_UID) { throw new SecurityException("updateLockTaskPackage called from non-system process"); } synchronized (this) { mLockTaskPackages.put(userId, packages); + mStackSupervisor.onLockTaskPackagesUpdatedLocked(); } } - private boolean isLockTaskAuthorizedLocked(String pkg) { - String[] packages = mLockTaskPackages.get(mCurrentUserId); - if (packages == null) { - return false; - } - for (int i = packages.length - 1; i >= 0; --i) { - if (pkg.equals(packages[i])) { - return true; - } - } - return false; - } void startLockTaskModeLocked(TaskRecord task) { - final String pkg = task.intent.getComponent().getPackageName(); + if (task.mLockTaskAuth == LOCK_TASK_AUTH_DONT_LOCK) { + return; + } + // isSystemInitiated is used to distinguish between locked and pinned mode, as pinned mode // is initiated by system after the pinning request was shown and locked mode is initiated // by an authorized app directly - boolean isSystemInitiated = Binder.getCallingUid() == Process.SYSTEM_UID; + final int callingUid = Binder.getCallingUid(); + boolean isSystemInitiated = callingUid == Process.SYSTEM_UID; long ident = Binder.clearCallingIdentity(); try { - if (!isSystemInitiated && !isLockTaskAuthorizedLocked(pkg)) { - StatusBarManagerInternal statusBarManager = - LocalServices.getService(StatusBarManagerInternal.class); - if (statusBarManager != null) { - statusBarManager.showScreenPinningRequest(); + final ActivityStack stack = mStackSupervisor.getFocusedStack(); + if (!isSystemInitiated) { + task.mLockTaskUid = callingUid; + if (task.mLockTaskAuth == LOCK_TASK_AUTH_PINNABLE) { + // startLockTask() called by app and task mode is lockTaskModeDefault. + StatusBarManagerInternal statusBarManager = + LocalServices.getService(StatusBarManagerInternal.class); + if (statusBarManager != null) { + statusBarManager.showScreenPinningRequest(); + } + return; } - return; - } - final ActivityStack stack = mStackSupervisor.getFocusedStack(); - if (!isSystemInitiated && (stack == null || task != stack.topTask())) { - throw new IllegalArgumentException("Invalid task, not in foreground"); + if (stack == null || task != stack.topTask()) { + throw new IllegalArgumentException("Invalid task, not in foreground"); + } } mStackSupervisor.setLockTaskModeLocked(task, isSystemInitiated ? ActivityManager.LOCK_TASK_MODE_PINNED : @@ -8614,23 +8614,15 @@ public final class ActivityManagerService extends ActivityManagerNative @Override public void stopLockTaskMode() { - // Verify that the user matches the package of the intent for the TaskRecord - // we are locked to or systtem. This will ensure the same caller for startLockTaskMode - // and stopLockTaskMode. - final int callingUid = Binder.getCallingUid(); - if (callingUid != Process.SYSTEM_UID) { - try { - String pkg = - mStackSupervisor.mLockTaskModeTask.intent.getComponent().getPackageName(); - int uid = mContext.getPackageManager().getPackageUid(pkg, - Binder.getCallingUserHandle().getIdentifier()); - if (uid != callingUid) { - throw new SecurityException("Invalid uid, expected " + uid); - } - } catch (NameNotFoundException e) { - Log.d(TAG, "stopLockTaskMode " + e); - return; - } + final TaskRecord lockTask = mStackSupervisor.getLockedTaskLocked(); + if (lockTask == null) { + // Our work here is done. + return; + } + // Ensure the same caller for startLockTaskMode and stopLockTaskMode. + if (getLockTaskModeState() == ActivityManager.LOCK_TASK_MODE_LOCKED && + Binder.getCallingUid() != lockTask.mLockTaskUid) { + throw new SecurityException("Invalid uid, expected " + lockTask.mLockTaskUid); } long ident = Binder.clearCallingIdentity(); try { diff --git a/services/core/java/com/android/server/am/ActivityStack.java b/services/core/java/com/android/server/am/ActivityStack.java index 2362d28..6210d60 100644 --- a/services/core/java/com/android/server/am/ActivityStack.java +++ b/services/core/java/com/android/server/am/ActivityStack.java @@ -2875,7 +2875,7 @@ final class ActivityStack { } if (endTask) { - mStackSupervisor.endLockTaskModeIfTaskEnding(task); + mStackSupervisor.removeLockedTaskLocked(task); } } else if (r.state != ActivityState.PAUSING) { // If the activity is PAUSING, we will complete the finish once @@ -3674,8 +3674,7 @@ final class ActivityStack { } Slog.i(TAG, "moveTaskToBack: " + tr); - - mStackSupervisor.endLockTaskModeIfTaskEnding(tr); + mStackSupervisor.removeLockedTaskLocked(tr); // If we have a watcher, preflight the move before committing to it. First check // for *other* available tasks, but if none are available, then try again allowing the @@ -4240,7 +4239,7 @@ final class ActivityStack { */ void removeTask(TaskRecord task, String reason, boolean notMoving) { if (notMoving) { - mStackSupervisor.endLockTaskModeIfTaskEnding(task); + mStackSupervisor.removeLockedTaskLocked(task); mWindowManager.removeTask(task.taskId); } @@ -4345,4 +4344,10 @@ final class ActivityStack { mFullscreen = Configuration.EMPTY.equals(mOverrideConfig); return !mOverrideConfig.equals(oldConfig); } + + void onLockTaskPackagesUpdatedLocked() { + for (int taskNdx = mTaskHistory.size() - 1; taskNdx >= 0; --taskNdx) { + mTaskHistory.get(taskNdx).setLockTaskAuth(); + } + } } diff --git a/services/core/java/com/android/server/am/ActivityStackSupervisor.java b/services/core/java/com/android/server/am/ActivityStackSupervisor.java index c2f6bfd..6908483 100644 --- a/services/core/java/com/android/server/am/ActivityStackSupervisor.java +++ b/services/core/java/com/android/server/am/ActivityStackSupervisor.java @@ -17,10 +17,14 @@ package com.android.server.am; import static android.Manifest.permission.START_ANY_ACTIVITY; +import static android.app.ActivityManager.LOCK_TASK_MODE_LOCKED; +import static android.app.ActivityManager.LOCK_TASK_MODE_NONE; +import static android.app.ActivityManager.LOCK_TASK_MODE_PINNED; import static android.content.Intent.FLAG_ACTIVITY_CLEAR_TASK; import static android.content.Intent.FLAG_ACTIVITY_CLEAR_TOP; import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK; import static android.content.Intent.FLAG_ACTIVITY_TASK_ON_HOME; +import static android.content.pm.ActivityInfo.LOCK_TASK_LAUNCH_MODE_IF_WHITELISTED; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static com.android.server.am.ActivityManagerDebugConfig.*; import static com.android.server.am.ActivityManagerService.FIRST_SUPERVISOR_STACK_MSG; @@ -28,6 +32,10 @@ import static com.android.server.am.ActivityRecord.HOME_ACTIVITY_TYPE; import static com.android.server.am.ActivityRecord.RECENTS_ACTIVITY_TYPE; import static com.android.server.am.ActivityRecord.APPLICATION_ACTIVITY_TYPE; import static com.android.server.am.ActivityStack.ActivityState.*; +import static com.android.server.am.TaskRecord.LOCK_TASK_AUTH_DONT_LOCK; +import static com.android.server.am.TaskRecord.LOCK_TASK_AUTH_LAUNCHABLE; +import static com.android.server.am.TaskRecord.LOCK_TASK_AUTH_PINNABLE; +import static com.android.server.am.TaskRecord.LOCK_TASK_AUTH_WHITELISTED; import android.app.Activity; import android.app.ActivityManager; @@ -261,17 +269,17 @@ public final class ActivityStackSupervisor implements DisplayListener { // TODO: Add listener for removal of references. /** Mapping from (ActivityStack/TaskStack).mStackId to their current state */ - private SparseArray<ActivityContainer> mActivityContainers = new SparseArray<ActivityContainer>(); + private SparseArray<ActivityContainer> mActivityContainers = new SparseArray<>(); /** Mapping from displayId to display current state */ - private final SparseArray<ActivityDisplay> mActivityDisplays = - new SparseArray<ActivityDisplay>(); + private final SparseArray<ActivityDisplay> mActivityDisplays = new SparseArray<>(); InputManagerInternal mInputManagerInternal; - /** If non-null then the task specified remains in front and no other tasks may be started - * until the task exits or #stopLockTaskMode() is called. */ - TaskRecord mLockTaskModeTask; + /** The chain of tasks in lockTask mode. The current frontmost task is at the top, and tasks + * may be finished until there is only one entry left. If this is empty the system is not + * in lockTask mode. */ + ArrayList<TaskRecord> mLockTaskModeTasks = new ArrayList<>(); /** Store the current lock task mode. Possible values: * {@link ActivityManager#LOCK_TASK_MODE_NONE}, {@link ActivityManager#LOCK_TASK_MODE_LOCKED}, * {@link ActivityManager#LOCK_TASK_MODE_PINNED} @@ -282,8 +290,7 @@ public final class ActivityStackSupervisor implements DisplayListener { */ private LockTaskNotify mLockTaskNotify; - final ArrayList<PendingActivityLaunch> mPendingActivityLaunches - = new ArrayList<PendingActivityLaunch>(); + final ArrayList<PendingActivityLaunch> mPendingActivityLaunches = new ArrayList<>(); /** Used to keep resumeTopActivityLocked() from being entered recursively */ boolean inResumeTopActivity; @@ -796,7 +803,7 @@ public final class ActivityStackSupervisor implements DisplayListener { ArrayList<ActivityStack> stacks = mActivityDisplays.valueAt(displayNdx).mStacks; for (int stackNdx = stacks.size() - 1; stackNdx >= 0; --stackNdx) { final ActivityStack stack = stacks.get(stackNdx); - ArrayList<RunningTaskInfo> stackTaskList = new ArrayList<RunningTaskInfo>(); + ArrayList<RunningTaskInfo> stackTaskList = new ArrayList<>(); runningTaskLists.add(stackTaskList); stack.getTasksLocked(stackTaskList, callingUid, allowed); } @@ -894,8 +901,8 @@ public final class ActivityStackSupervisor implements DisplayListener { intent = new Intent(intent); // Collect information about the target of the Intent. - ActivityInfo aInfo = resolveActivity(intent, resolvedType, startFlags, - profilerInfo, userId); + ActivityInfo aInfo = + resolveActivity(intent, resolvedType, startFlags, profilerInfo, userId); ActivityContainer container = (ActivityContainer)iContainer; synchronized (mService) { @@ -1170,7 +1177,12 @@ public final class ActivityStackSupervisor implements DisplayListener { mService.updateLruProcessLocked(app, true, null); mService.updateOomAdjLocked(); - final ActivityStack stack = r.task.stack; + final TaskRecord task = r.task; + if (task.mLockTaskAuth == LOCK_TASK_AUTH_LAUNCHABLE) { + setLockTaskModeLocked(task, LOCK_TASK_MODE_LOCKED, "lockTaskLaunchMode attribute"); + } + + final ActivityStack stack = task.stack; try { if (app.thread == null) { throw new RemoteException(); @@ -1187,11 +1199,11 @@ public final class ActivityStackSupervisor implements DisplayListener { if (andResume) { EventLog.writeEvent(EventLogTags.AM_RESTART_ACTIVITY, r.userId, System.identityHashCode(r), - r.task.taskId, r.shortComponentName); + task.taskId, r.shortComponentName); } if (r.isHomeActivity() && r.isNotResolverActivity()) { // Home process is the root process of the task. - mService.mHomeProcess = r.task.mActivities.get(0).app; + mService.mHomeProcess = task.mActivities.get(0).app; } mService.ensurePackageDexOpt(r.intent.getComponent().getPackageName()); r.sleeping = false; @@ -1233,7 +1245,7 @@ public final class ActivityStackSupervisor implements DisplayListener { app.thread.scheduleLaunchActivity(new Intent(r.intent), r.appToken, System.identityHashCode(r), r.info, new Configuration(mService.mConfiguration), new Configuration(stack.mOverrideConfig), r.compat, r.launchedFromPackage, - r.task.voiceInteractor, app.repProcState, r.icicle, r.persistentState, results, + task.voiceInteractor, app.repProcState, r.icicle, r.persistentState, results, newIntents, !andResume, mService.isNextTransitionForward(), profilerInfo); if ((app.info.privateFlags&ApplicationInfo.PRIVATE_FLAG_CANT_SAVE_STATE) != 0) { @@ -1946,7 +1958,7 @@ public final class ActivityStackSupervisor implements DisplayListener { if ((launchFlags&Intent.FLAG_ACTIVITY_RESET_TASK_IF_NEEDED) != 0) { intentActivity = targetStack.resetTaskIfNeededLocked(intentActivity, r); } - if ((startFlags&ActivityManager.START_FLAG_ONLY_IF_NEEDED) != 0) { + if ((startFlags & ActivityManager.START_FLAG_ONLY_IF_NEEDED) != 0) { // We don't need to start a new activity, and // the client said not to do anything if that // is the case, so this is it! And for paranoia, make @@ -1964,8 +1976,7 @@ public final class ActivityStackSupervisor implements DisplayListener { } return ActivityManager.START_RETURN_INTENT_TO_CALLER; } - if ((launchFlags & - (FLAG_ACTIVITY_NEW_TASK | FLAG_ACTIVITY_CLEAR_TASK)) + if ((launchFlags & (FLAG_ACTIVITY_NEW_TASK | FLAG_ACTIVITY_CLEAR_TASK)) == (FLAG_ACTIVITY_NEW_TASK | FLAG_ACTIVITY_CLEAR_TASK)) { // The caller has requested to completely replace any // existing task with its new activity. Well that should @@ -2128,10 +2139,6 @@ public final class ActivityStackSupervisor implements DisplayListener { // Should this be considered a new task? if (r.resultTo == null && inTask == null && !addingToTask && (launchFlags & Intent.FLAG_ACTIVITY_NEW_TASK) != 0) { - if (isLockTaskModeViolation(reuseTask)) { - Slog.e(TAG, "Attempted Lock Task Mode violation r=" + r); - return ActivityManager.START_RETURN_LOCK_TASK_MODE_VIOLATION; - } newTask = true; targetStack = computeStackFocus(r, newTask); targetStack.moveToFront("startingNewTask"); @@ -2147,6 +2154,10 @@ public final class ActivityStackSupervisor implements DisplayListener { } else { r.setTask(reuseTask, taskToAffiliate); } + if (isLockTaskModeViolation(r.task)) { + Slog.e(TAG, "Attempted Lock Task Mode violation r=" + r); + return ActivityManager.START_RETURN_LOCK_TASK_MODE_VIOLATION; + } if (!movedHome) { if ((launchFlags & (FLAG_ACTIVITY_NEW_TASK | FLAG_ACTIVITY_TASK_ON_HOME)) @@ -3292,6 +3303,7 @@ public final class ActivityStackSupervisor implements DisplayListener { pw.print(prefix); pw.println("mCurTaskId=" + mCurTaskId); pw.print(prefix); pw.println("mUserStackInFront=" + mUserStackInFront); pw.print(prefix); pw.println("mActivityContainers=" + mActivityContainers); + pw.print(prefix); pw.println("mLockTaskModeTasks" + mLockTaskModeTasks); } ArrayList<ActivityRecord> getDumpActivitiesLocked(String name) { @@ -3592,6 +3604,32 @@ public final class ActivityStackSupervisor implements DisplayListener { return list; } + TaskRecord getLockedTaskLocked() { + final int top = mLockTaskModeTasks.size() - 1; + if (top >= 0) { + return mLockTaskModeTasks.get(top); + } + return null; + } + + boolean isLockedTask(TaskRecord task) { + return mLockTaskModeTasks.contains(task); + } + + boolean isLastLockedTask(TaskRecord task) { + return mLockTaskModeTasks.size() == 1 && mLockTaskModeTasks.contains(task); + } + + void removeLockedTaskLocked(final TaskRecord task) { + if (mLockTaskModeTasks.remove(task) && mLockTaskModeTasks.isEmpty()) { + // Last one. + final Message lockTaskMsg = Message.obtain(); + lockTaskMsg.arg1 = task.userId; + lockTaskMsg.what = LOCK_TASK_END_MSG; + mHandler.sendMessage(lockTaskMsg); + } + } + void showLockTaskToast() { mLockTaskNotify.showToast(mLockTaskModeState); } @@ -3599,42 +3637,93 @@ public final class ActivityStackSupervisor implements DisplayListener { void setLockTaskModeLocked(TaskRecord task, int lockTaskModeState, String reason) { if (task == null) { // Take out of lock task mode if necessary - if (mLockTaskModeTask != null) { - final Message lockTaskMsg = Message.obtain(); - lockTaskMsg.arg1 = mLockTaskModeTask.userId; - lockTaskMsg.what = LOCK_TASK_END_MSG; - mLockTaskModeTask = null; - mHandler.sendMessage(lockTaskMsg); + final TaskRecord lockedTask = getLockedTaskLocked(); + if (lockedTask != null) { + removeLockedTaskLocked(lockedTask); + if (!mLockTaskModeTasks.isEmpty()) { + // There are locked tasks remaining, can only finish this task, not unlock it. + lockedTask.performClearTaskLocked(); + resumeTopActivitiesLocked(); + return; + } } return; } + + // Should have already been checked, but do it again. + if (task.mLockTaskAuth == LOCK_TASK_AUTH_DONT_LOCK) { + return; + } if (isLockTaskModeViolation(task)) { - Slog.e(TAG, "setLockTaskMode: Attempt to start a second Lock Task Mode task."); + Slog.e(TAG, "setLockTaskMode: Attempt to start an unauthorized lock task."); return; } - mLockTaskModeTask = task; + + if (mLockTaskModeTasks.isEmpty()) { + // First locktask. + final Message lockTaskMsg = Message.obtain(); + lockTaskMsg.obj = task.intent.getComponent().getPackageName(); + lockTaskMsg.arg1 = task.userId; + lockTaskMsg.what = LOCK_TASK_START_MSG; + lockTaskMsg.arg2 = lockTaskModeState; + mHandler.sendMessage(lockTaskMsg); + } + // Add it or move it to the top. + mLockTaskModeTasks.remove(task); + mLockTaskModeTasks.add(task); + + if (task.mLockTaskUid == -1) { + task.mLockTaskUid = task.mCallingUid; + } findTaskToMoveToFrontLocked(task, 0, null, reason); resumeTopActivitiesLocked(); - - final Message lockTaskMsg = Message.obtain(); - lockTaskMsg.obj = mLockTaskModeTask.intent.getComponent().getPackageName(); - lockTaskMsg.arg1 = mLockTaskModeTask.userId; - lockTaskMsg.what = LOCK_TASK_START_MSG; - lockTaskMsg.arg2 = lockTaskModeState; - mHandler.sendMessage(lockTaskMsg); } boolean isLockTaskModeViolation(TaskRecord task) { - return mLockTaskModeTask != null && mLockTaskModeTask != task; + if (getLockedTaskLocked() == task) { + return false; + } + final int lockTaskAuth = task.mLockTaskAuth; + switch (lockTaskAuth) { + case LOCK_TASK_AUTH_DONT_LOCK: + return !mLockTaskModeTasks.isEmpty(); + case LOCK_TASK_AUTH_LAUNCHABLE: + case LOCK_TASK_AUTH_WHITELISTED: + return false; + case LOCK_TASK_AUTH_PINNABLE: + // Pinnable tasks can't be launched on top of locktask tasks. + return !mLockTaskModeTasks.isEmpty(); + default: + Slog.w(TAG, "isLockTaskModeViolation: invalid lockTaskAuth value=" + lockTaskAuth); + return true; + } } - void endLockTaskModeIfTaskEnding(TaskRecord task) { - if (mLockTaskModeTask != null && mLockTaskModeTask == task) { - final Message lockTaskMsg = Message.obtain(); - lockTaskMsg.arg1 = mLockTaskModeTask.userId; - lockTaskMsg.what = LOCK_TASK_END_MSG; - mLockTaskModeTask = null; - mHandler.sendMessage(lockTaskMsg); + void onLockTaskPackagesUpdatedLocked() { + boolean didSomething = false; + for (int taskNdx = mLockTaskModeTasks.size() - 1; taskNdx >= 0; --taskNdx) { + final TaskRecord lockedTask = mLockTaskModeTasks.get(taskNdx); + if (lockedTask.mLockTaskMode != LOCK_TASK_LAUNCH_MODE_IF_WHITELISTED) { + continue; + } + final boolean wasLaunchable = lockedTask.mLockTaskAuth == LOCK_TASK_AUTH_LAUNCHABLE; + lockedTask.setLockTaskAuth(); + if (wasLaunchable && lockedTask.mLockTaskAuth != LOCK_TASK_AUTH_LAUNCHABLE) { + // Lost whitelisting authorization. End it now. + removeLockedTaskLocked(lockedTask); + lockedTask.performClearTaskLocked(); + didSomething = true; + } + } + for (int displayNdx = mActivityDisplays.size() - 1; displayNdx >= 0; --displayNdx) { + ArrayList<ActivityStack> stacks = mActivityDisplays.valueAt(displayNdx).mStacks; + for (int stackNdx = stacks.size() - 1; stackNdx >= 0; --stackNdx) { + final ActivityStack stack = stacks.get(stackNdx); + stack.onLockTaskPackagesUpdatedLocked(); + } + } + if (didSomething) { + resumeTopActivitiesLocked(); } } @@ -3734,11 +3823,10 @@ public final class ActivityStackSupervisor implements DisplayListener { mLockTaskModeState = msg.arg2; if (getStatusBarService() != null) { int flags = 0; - if (mLockTaskModeState == ActivityManager.LOCK_TASK_MODE_LOCKED) { + if (mLockTaskModeState == LOCK_TASK_MODE_LOCKED) { flags = StatusBarManager.DISABLE_MASK & (~StatusBarManager.DISABLE_BACK); - } else if (mLockTaskModeState == - ActivityManager.LOCK_TASK_MODE_PINNED) { + } else if (mLockTaskModeState == LOCK_TASK_MODE_PINNED) { flags = StatusBarManager.DISABLE_MASK & (~StatusBarManager.DISABLE_BACK) & (~StatusBarManager.DISABLE_HOME) @@ -3776,8 +3864,7 @@ public final class ActivityStackSupervisor implements DisplayListener { boolean shouldLockKeyguard = Settings.Secure.getInt( mService.mContext.getContentResolver(), Settings.Secure.LOCK_TO_APP_EXIT_LOCKED) != 0; - if (mLockTaskModeState == ActivityManager.LOCK_TASK_MODE_PINNED && - shouldLockKeyguard) { + if (mLockTaskModeState == LOCK_TASK_MODE_PINNED && shouldLockKeyguard) { mWindowManager.lockNow(null); mWindowManager.dismissKeyguard(); new LockPatternUtils(mService.mContext) @@ -3789,7 +3876,7 @@ public final class ActivityStackSupervisor implements DisplayListener { } catch (RemoteException ex) { throw new RuntimeException(ex); } finally { - mLockTaskModeState = ActivityManager.LOCK_TASK_MODE_NONE; + mLockTaskModeState = LOCK_TASK_MODE_NONE; } } break; case CONTAINER_CALLBACK_TASK_LIST_EMPTY: { diff --git a/services/core/java/com/android/server/am/TaskRecord.java b/services/core/java/com/android/server/am/TaskRecord.java index 82e6d47..790a78d 100644 --- a/services/core/java/com/android/server/am/TaskRecord.java +++ b/services/core/java/com/android/server/am/TaskRecord.java @@ -18,6 +18,10 @@ package com.android.server.am; import static android.content.Intent.FLAG_ACTIVITY_NEW_DOCUMENT; import static android.content.Intent.FLAG_ACTIVITY_RETAIN_IN_RECENTS; +import static android.content.pm.ActivityInfo.LOCK_TASK_LAUNCH_MODE_ALWAYS; +import static android.content.pm.ActivityInfo.LOCK_TASK_LAUNCH_MODE_DEFAULT; +import static android.content.pm.ActivityInfo.LOCK_TASK_LAUNCH_MODE_IF_WHITELISTED; +import static android.content.pm.ActivityInfo.LOCK_TASK_LAUNCH_MODE_NEVER; import static com.android.server.am.ActivityManagerDebugConfig.*; import static com.android.server.am.ActivityRecord.HOME_ACTIVITY_TYPE; import static com.android.server.am.ActivityRecord.APPLICATION_ACTIVITY_TYPE; @@ -121,6 +125,20 @@ final class TaskRecord { boolean mResizeable; // Activities in the task resizeable. Based on the resizable setting of // the root activity. + int mLockTaskMode; // Which tasklock mode to launch this task in. One of + // ActivityManager.LOCK_TASK_LAUNCH_MODE_* + /** Can't be put in lockTask mode. */ + final static int LOCK_TASK_AUTH_DONT_LOCK = 0; + /** Can enter lockTask with user approval if not already in lockTask. */ + final static int LOCK_TASK_AUTH_PINNABLE = 1; + /** Starts in LOCK_TASK_MODE_LOCKED automatically. Can start over existing lockTask task. */ + final static int LOCK_TASK_AUTH_LAUNCHABLE = 2; + /** Enters LOCK_TASK_MODE_LOCKED via startLockTask(), enters LOCK_TASK_MODE_PINNED from + * Overview. Can start over existing lockTask task. */ + final static int LOCK_TASK_AUTH_WHITELISTED = 3; + int mLockTaskAuth = LOCK_TASK_AUTH_PINNABLE; + + int mLockTaskUid = -1; // The uid of the application that called startLockTask(). // This represents the last resolved activity values for this task // NOTE: This value needs to be persisted with each task @@ -186,6 +204,8 @@ final class TaskRecord { voiceInteractor = _voiceInteractor; isAvailable = true; mActivities = new ArrayList<>(); + mCallingUid = info.applicationInfo.uid; + mCallingPackage = info.packageName; setIntent(_intent, info); } @@ -201,12 +221,12 @@ final class TaskRecord { voiceInteractor = null; isAvailable = true; mActivities = new ArrayList<>(); + mCallingUid = info.applicationInfo.uid; + mCallingPackage = info.packageName; setIntent(_intent, info); taskType = ActivityRecord.APPLICATION_ACTIVITY_TYPE; isPersistable = true; - mCallingUid = info.applicationInfo.uid; - mCallingPackage = info.packageName; // Clamp to [1, max]. maxRecents = Math.min(Math.max(info.maxRecents, 1), ActivityManager.getMaxAppRecentsLimitStatic()); @@ -215,8 +235,6 @@ final class TaskRecord { mTaskToReturnTo = HOME_ACTIVITY_TYPE; userId = UserHandle.getUserId(info.applicationInfo.uid); lastTaskDescription = _taskDescription; - mCallingUid = info.applicationInfo.uid; - mCallingPackage = info.packageName; } private TaskRecord(ActivityManagerService service, int _taskId, Intent _intent, @@ -278,9 +296,9 @@ final class TaskRecord { /** Sets the original intent, and the calling uid and package. */ void setIntent(ActivityRecord r) { - setIntent(r.intent, r.info); mCallingUid = r.launchedFromUid; mCallingPackage = r.launchedFromPackage; + setIntent(r.intent, r.info); } /** Sets the original intent, _without_ updating the calling uid or package. */ @@ -362,6 +380,8 @@ final class TaskRecord { autoRemoveRecents = false; } mResizeable = info.resizeable; + mLockTaskMode = info.lockTaskLaunchMode; + setLockTaskAuth(); } void setTaskToReturnTo(int taskToReturnTo) { @@ -716,6 +736,53 @@ final class TaskRecord { performClearTaskAtIndexLocked(0); } + private boolean isPrivileged() { + final ProcessRecord proc = mService.mProcessNames.get(mCallingPackage, mCallingUid); + if (proc != null) { + return (proc.info.privateFlags & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0; + } + return false; + } + + void setLockTaskAuth() { + switch (mLockTaskMode) { + case LOCK_TASK_LAUNCH_MODE_DEFAULT: + mLockTaskAuth = isLockTaskWhitelistedLocked() ? + LOCK_TASK_AUTH_WHITELISTED : LOCK_TASK_AUTH_PINNABLE; + break; + + case LOCK_TASK_LAUNCH_MODE_NEVER: + mLockTaskAuth = isPrivileged() ? + LOCK_TASK_AUTH_DONT_LOCK : LOCK_TASK_AUTH_PINNABLE; + break; + + case LOCK_TASK_LAUNCH_MODE_ALWAYS: + mLockTaskAuth = isPrivileged() ? + LOCK_TASK_AUTH_LAUNCHABLE: LOCK_TASK_AUTH_PINNABLE; + break; + + case LOCK_TASK_LAUNCH_MODE_IF_WHITELISTED: + mLockTaskAuth = isLockTaskWhitelistedLocked() ? + LOCK_TASK_AUTH_LAUNCHABLE : LOCK_TASK_AUTH_PINNABLE; + break; + } + } + + boolean isLockTaskWhitelistedLocked() { + if (mCallingPackage == null) { + return false; + } + String[] packages = mService.mLockTaskPackages.get(userId); + if (packages == null) { + return false; + } + for (int i = packages.length - 1; i >= 0; --i) { + if (mCallingPackage.equals(packages[i])) { + return true; + } + } + return false; + } boolean isHomeTask() { return taskType == HOME_ACTIVITY_TYPE; } diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 452b3eb..e22a2cc 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -1638,10 +1638,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private void updateLockTaskPackagesLocked(DevicePolicyData policy, int userId) { IActivityManager am = ActivityManagerNative.getDefault(); + long ident = Binder.clearCallingIdentity(); try { am.updateLockTaskPackages(userId, policy.mLockTaskPackages.toArray(new String[0])); } catch (RemoteException e) { // Not gonna happen. + } finally { + Binder.restoreCallingIdentity(ident); } } |