1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.am; 18 19 import static android.app.ActivityManager.INTENT_SENDER_ACTIVITY; 20 import static android.app.PendingIntent.FLAG_CANCEL_CURRENT; 21 import static android.app.PendingIntent.FLAG_IMMUTABLE; 22 import static android.app.PendingIntent.FLAG_ONE_SHOT; 23 import static android.content.Context.KEYGUARD_SERVICE; 24 import static android.content.Intent.EXTRA_INTENT; 25 import static android.content.Intent.EXTRA_PACKAGE_NAME; 26 import static android.content.Intent.EXTRA_TASK_ID; 27 import static android.content.Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS; 28 import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK; 29 import static android.content.Intent.FLAG_ACTIVITY_TASK_ON_HOME; 30 import static android.content.pm.ApplicationInfo.FLAG_SUSPENDED; 31 32 import android.app.ActivityManager; 33 import android.app.ActivityOptions; 34 import android.app.KeyguardManager; 35 import android.app.admin.DevicePolicyManagerInternal; 36 import android.content.IIntentSender; 37 import android.content.Intent; 38 import android.content.IntentSender; 39 import android.content.pm.ActivityInfo; 40 import android.content.pm.ResolveInfo; 41 import android.content.pm.UserInfo; 42 import android.os.Binder; 43 import android.os.UserHandle; 44 import android.os.UserManager; 45 46 import com.android.internal.app.UnlaunchableAppActivity; 47 import com.android.server.LocalServices; 48 49 /** 50 * A class that contains activity intercepting logic for {@link ActivityStarter#startActivityLocked} 51 * It's initialized 52 */ 53 class ActivityStartInterceptor { 54 55 private final ActivityManagerService mService; 56 private UserManager mUserManager; 57 private final ActivityStackSupervisor mSupervisor; 58 59 /* 60 * Per-intent states loaded from ActivityStarter than shouldn't be changed by any 61 * interception routines. 62 */ 63 private int mRealCallingPid; 64 private int mRealCallingUid; 65 private int mUserId; 66 private int mStartFlags; 67 private String mCallingPackage; 68 69 /* 70 * Per-intent states that were load from ActivityStarter and are subject to modifications 71 * by the interception routines. After calling {@link #intercept} the caller should assign 72 * these values back to {@link ActivityStarter#startActivityLocked}'s local variables. 73 */ 74 Intent mIntent; 75 int mCallingPid; 76 int mCallingUid; 77 ResolveInfo mRInfo; 78 ActivityInfo mAInfo; 79 String mResolvedType; 80 TaskRecord mInTask; 81 ActivityOptions mActivityOptions; 82 83 ActivityStartInterceptor(ActivityManagerService service, ActivityStackSupervisor supervisor) { 84 mService = service; 85 mSupervisor = supervisor; 86 } 87 88 void setStates(int userId, int realCallingPid, int realCallingUid, int startFlags, 89 String callingPackage) { 90 mRealCallingPid = realCallingPid; 91 mRealCallingUid = realCallingUid; 92 mUserId = userId; 93 mStartFlags = startFlags; 94 mCallingPackage = callingPackage; 95 } 96 97 void intercept(Intent intent, ResolveInfo rInfo, ActivityInfo aInfo, String resolvedType, 98 TaskRecord inTask, int callingPid, int callingUid, ActivityOptions activityOptions) { 99 mUserManager = UserManager.get(mService.mContext); 100 mIntent = intent; 101 mCallingPid = callingPid; 102 mCallingUid = callingUid; 103 mRInfo = rInfo; 104 mAInfo = aInfo; 105 mResolvedType = resolvedType; 106 mInTask = inTask; 107 mActivityOptions = activityOptions; 108 if (interceptSuspendPackageIfNeed()) { 109 // Skip the rest of interceptions as the package is suspended by device admin so 110 // no user action can undo this. 111 return; 112 } 113 if (interceptQuietProfileIfNeeded()) { 114 // If work profile is turned off, skip the work challenge since the profile can only 115 // be unlocked when profile's user is running. 116 return; 117 } 118 interceptWorkProfileChallengeIfNeeded(); 119 } 120 121 private boolean interceptQuietProfileIfNeeded() { 122 // Do not intercept if the user has not turned off the profile 123 if (!mUserManager.isQuietModeEnabled(UserHandle.of(mUserId))) { 124 return false; 125 } 126 IIntentSender target = mService.getIntentSenderLocked( 127 INTENT_SENDER_ACTIVITY, mCallingPackage, mCallingUid, mUserId, null, null, 0, 128 new Intent[] {mIntent}, new String[] {mResolvedType}, 129 FLAG_CANCEL_CURRENT | FLAG_ONE_SHOT, null); 130 131 mIntent = UnlaunchableAppActivity.createInQuietModeDialogIntent(mUserId, 132 new IntentSender(target)); 133 mCallingPid = mRealCallingPid; 134 mCallingUid = mRealCallingUid; 135 mResolvedType = null; 136 137 final UserInfo parent = mUserManager.getProfileParent(mUserId); 138 mRInfo = mSupervisor.resolveIntent(mIntent, mResolvedType, parent.id); 139 mAInfo = mSupervisor.resolveActivity(mIntent, mRInfo, mStartFlags, null /*profilerInfo*/); 140 return true; 141 } 142 143 private boolean interceptSuspendPackageIfNeed() { 144 // Do not intercept if the admin did not suspend the package 145 if (mAInfo == null || mAInfo.applicationInfo == null || 146 (mAInfo.applicationInfo.flags & FLAG_SUSPENDED) == 0) { 147 return false; 148 } 149 DevicePolicyManagerInternal devicePolicyManager = LocalServices.getService( 150 DevicePolicyManagerInternal.class); 151 if (devicePolicyManager == null) { 152 return false; 153 } 154 mIntent = devicePolicyManager.createShowAdminSupportIntent(mUserId, true); 155 mCallingPid = mRealCallingPid; 156 mCallingUid = mRealCallingUid; 157 mResolvedType = null; 158 159 final UserInfo parent = mUserManager.getProfileParent(mUserId); 160 if (parent != null) { 161 mRInfo = mSupervisor.resolveIntent(mIntent, mResolvedType, parent.id); 162 } else { 163 mRInfo = mSupervisor.resolveIntent(mIntent, mResolvedType, mUserId); 164 } 165 mAInfo = mSupervisor.resolveActivity(mIntent, mRInfo, mStartFlags, null /*profilerInfo*/); 166 return true; 167 } 168 169 private boolean interceptWorkProfileChallengeIfNeeded() { 170 final Intent interceptingIntent = interceptWithConfirmCredentialsIfNeeded(mIntent, 171 mResolvedType, mAInfo, mCallingPackage, mUserId); 172 if (interceptingIntent == null) { 173 return false; 174 } 175 mIntent = interceptingIntent; 176 mCallingPid = mRealCallingPid; 177 mCallingUid = mRealCallingUid; 178 mResolvedType = null; 179 // If we are intercepting and there was a task, convert it into an extra for the 180 // ConfirmCredentials intent and unassign it, as otherwise the task will move to 181 // front even if ConfirmCredentials is cancelled. 182 if (mInTask != null) { 183 mIntent.putExtra(EXTRA_TASK_ID, mInTask.taskId); 184 mInTask = null; 185 } 186 if (mActivityOptions == null) { 187 mActivityOptions = ActivityOptions.makeBasic(); 188 } 189 190 ActivityRecord homeActivityRecord = mSupervisor.getHomeActivity(); 191 if (homeActivityRecord != null && homeActivityRecord.getTask() != null) { 192 // Showing credential confirmation activity in home task to avoid stopping multi-windowed 193 // mode after showing the full-screen credential confirmation activity. 194 mActivityOptions.setLaunchTaskId(homeActivityRecord.getTask().taskId); 195 } 196 197 final UserInfo parent = mUserManager.getProfileParent(mUserId); 198 mRInfo = mSupervisor.resolveIntent(mIntent, mResolvedType, parent.id); 199 mAInfo = mSupervisor.resolveActivity(mIntent, mRInfo, mStartFlags, null /*profilerInfo*/); 200 return true; 201 } 202 203 /** 204 * Creates an intent to intercept the current activity start with Confirm Credentials if needed. 205 * 206 * @return The intercepting intent if needed. 207 */ 208 private Intent interceptWithConfirmCredentialsIfNeeded(Intent intent, String resolvedType, 209 ActivityInfo aInfo, String callingPackage, int userId) { 210 if (!mService.mUserController.shouldConfirmCredentials(userId)) { 211 return null; 212 } 213 // TODO(b/28935539): should allow certain activities to bypass work challenge 214 final IIntentSender target = mService.getIntentSenderLocked( 215 INTENT_SENDER_ACTIVITY, callingPackage, 216 Binder.getCallingUid(), userId, null, null, 0, new Intent[]{ intent }, 217 new String[]{ resolvedType }, 218 FLAG_CANCEL_CURRENT | FLAG_ONE_SHOT | FLAG_IMMUTABLE, null); 219 final KeyguardManager km = (KeyguardManager) mService.mContext 220 .getSystemService(KEYGUARD_SERVICE); 221 final Intent newIntent = km.createConfirmDeviceCredentialIntent(null, null, userId); 222 if (newIntent == null) { 223 return null; 224 } 225 newIntent.setFlags(FLAG_ACTIVITY_NEW_TASK | FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS | 226 FLAG_ACTIVITY_TASK_ON_HOME); 227 newIntent.putExtra(EXTRA_PACKAGE_NAME, aInfo.packageName); 228 newIntent.putExtra(EXTRA_INTENT, new IntentSender(target)); 229 return newIntent; 230 } 231 232 } 233