1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.wm; 18 19 import static android.provider.DeviceConfig.NAMESPACE_WINDOW_MANAGER; 20 21 import static com.android.server.wm.ActivityStarter.ASM_RESTRICTIONS; 22 23 import android.annotation.NonNull; 24 import android.app.compat.CompatChanges; 25 import android.provider.DeviceConfig; 26 27 import com.android.internal.annotations.GuardedBy; 28 29 import java.util.concurrent.Executor; 30 31 /** 32 * Contains utility methods to query whether or not go/activity-security should be enabled 33 * asm_start_rules_enabled - Enable rule enforcement in ActivityStarter.java 34 * asm_start_rules_toasts_enabled - Show toasts when rules would block from ActivityStarter.java 35 * asm_start_rules_exception_list - Comma separated list of packages to exclude from the above 36 * 2 rules. 37 * TODO(b/258792202) Cleanup once ASM is ready to launch 38 */ 39 class ActivitySecurityModelFeatureFlags { 40 // TODO(b/230590090): Replace with public documentation once ready 41 static final String DOC_LINK = "go/android-asm"; 42 43 /** Used to determine which version of the ASM logic was used in logs while we iterate */ 44 static final int ASM_VERSION = 11; 45 46 private static final String NAMESPACE = NAMESPACE_WINDOW_MANAGER; 47 private static final String KEY_ASM_PREFIX = "ActivitySecurity__"; 48 private static final String KEY_ASM_RESTRICTIONS_ENABLED = KEY_ASM_PREFIX 49 + "asm_restrictions_enabled"; 50 private static final String KEY_ASM_TOASTS_ENABLED = KEY_ASM_PREFIX + "asm_toasts_enabled"; 51 52 private static final int VALUE_DISABLE = 0; 53 private static final int VALUE_ENABLE_FOR_V = 1; 54 private static final int VALUE_ENABLE_FOR_ALL = 2; 55 56 private static final int DEFAULT_VALUE = VALUE_DISABLE; 57 58 private static int sAsmToastsEnabled; 59 private static int sAsmRestrictionsEnabled; 60 61 @GuardedBy("ActivityTaskManagerService.mGlobalLock") initialize(@onNull Executor executor)62 static void initialize(@NonNull Executor executor) { 63 updateFromDeviceConfig(); 64 DeviceConfig.addOnPropertiesChangedListener(NAMESPACE, executor, 65 properties -> updateFromDeviceConfig()); 66 } 67 68 @GuardedBy("ActivityTaskManagerService.mGlobalLock") shouldShowToast(int uid)69 static boolean shouldShowToast(int uid) { 70 return sAsmToastsEnabled == VALUE_ENABLE_FOR_ALL 71 || (sAsmToastsEnabled == VALUE_ENABLE_FOR_V 72 && CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, uid)); 73 } 74 75 @GuardedBy("ActivityTaskManagerService.mGlobalLock") shouldRestrictActivitySwitch(int uid)76 static boolean shouldRestrictActivitySwitch(int uid) { 77 if (android.security.Flags.asmRestrictionsEnabled()) { 78 return CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, uid) 79 || asmRestrictionsEnabledForAll(); 80 } 81 82 return false; 83 } 84 85 @GuardedBy("ActivityTaskManagerService.mGlobalLock") asmRestrictionsEnabledForAll()86 static boolean asmRestrictionsEnabledForAll() { 87 return sAsmRestrictionsEnabled == VALUE_ENABLE_FOR_ALL; 88 } 89 updateFromDeviceConfig()90 private static void updateFromDeviceConfig() { 91 sAsmToastsEnabled = DeviceConfig.getInt(NAMESPACE, KEY_ASM_TOASTS_ENABLED, 92 DEFAULT_VALUE); 93 sAsmRestrictionsEnabled = DeviceConfig.getInt(NAMESPACE, KEY_ASM_RESTRICTIONS_ENABLED, 94 DEFAULT_VALUE); 95 } 96 } 97