Effectively reverting
89927b3cd96472c478a988d6c731cd09d412a043, which
allowed direct-boot aware activities in the work profile to show before
the profile was unlocked. This causes problems with key eviction
introduced in O. Specifically, many system activities (e.g.
ChooserActivity, activities in Settings, etc.) are marked direct-boot
aware, and therefore can be started while the work profile is locked
with key evicted. Currently they either bypass the keyguard when they
should not, or simply crash due to profile still being locked.
In the future, we need to create a new mechanism to allow activities
such as video calls, alarm clocks, etc. to bypass the work keyguard. It
probably involves checking for something like FLAG_SHOW_WHEN_LOCKED.
Bug:
36961785
Bug:
35708183
Bug:
30296144
Test: manual, by following the steps in the bugs quoted
Test: runtest -c com.android.server.am.ActivityManagerServiceTest frameworks-services
Change-Id: I5ccaaf963f3dd96e4abb785a10aa258b15363178
* @param hasTopUi Whether the calling process has "top-level" UI.
*/
void setHasTopUi(boolean hasTopUi);
- /**
- * Returns if the target of the PendingIntent can be fired directly, without triggering
- * a work profile challenge. This can happen if the PendingIntent is to start direct-boot
- * aware activities, and the target user is in RUNNING_LOCKED state, i.e. we should allow
- * direct-boot aware activity to bypass work challenge when the user hasn't unlocked yet.
- * @param intent the {@link PendingIntent} to be tested.
- * @return {@code true} if the intent should not trigger a work challenge, {@code false}
- * otherwise.
- * @throws RemoteException
- */
- boolean canBypassWorkChallenge(in PendingIntent intent);
// Start of O transactions
void requestActivityRelaunch(in IBinder token);
.getIdentifier();
if (mLockPatternUtils.isSeparateProfileChallengeEnabled(userId)
&& mKeyguardManager.isDeviceLocked(userId)) {
- boolean canBypass = false;
- try {
- canBypass = ActivityManager.getService()
- .canBypassWorkChallenge(intent);
- } catch (RemoteException e) {
- }
- // For direct-boot aware activities, they can be shown when
- // the device is still locked without triggering the work
- // challenge.
- if ((!canBypass) && startWorkChallengeIfNecessary(userId,
- intent.getIntentSender(), notificationKey)) {
+ // TODO(b/28935539): should allow certain activities to
+ // bypass work challenge
+ if (startWorkChallengeIfNecessary(userId,
+ intent.getIntentSender(), notificationKey)) {
// Show work challenge, do not run PendingIntent and
// remove notification
return;
}
@Override
- public boolean canBypassWorkChallenge(PendingIntent intent) throws RemoteException {
- final int userId = intent.getCreatorUserHandle().getIdentifier();
- if (!mUserController.isUserRunningLocked(userId, ActivityManager.FLAG_AND_LOCKED)) {
- return false;
- }
- IIntentSender target = intent.getTarget();
- if (!(target instanceof PendingIntentRecord)) {
- return false;
- }
- final PendingIntentRecord record = (PendingIntentRecord) target;
- final ResolveInfo rInfo = mStackSupervisor.resolveIntent(record.key.requestIntent,
- record.key.requestResolvedType, userId, PackageManager.MATCH_DIRECT_BOOT_AWARE);
- // For direct boot aware activities, they can be shown without triggering a work challenge
- // before the profile user is unlocked.
- return rInfo != null && rInfo.activityInfo != null;
- }
-
- @Override
public void dismissKeyguard(IBinder token, IKeyguardDismissCallback callback)
throws RemoteException {
final long callingId = Binder.clearCallingIdentity();
if (!mService.mUserController.shouldConfirmCredentials(userId)) {
return null;
}
- // Allow direct boot aware activity to be displayed before the user is unlocked.
- if (aInfo.directBootAware && mService.mUserController.isUserRunningLocked(userId,
- ActivityManager.FLAG_AND_LOCKED)) {
- return null;
- }
+ // TODO(b/28935539): should allow certain activities to bypass work challenge
final IIntentSender target = mService.getIntentSenderLocked(
INTENT_SENDER_ACTIVITY, callingPackage,
Binder.getCallingUid(), userId, null, null, 0, new Intent[]{ intent },