• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.permissioncontroller.permission.service;
18 
19 import static android.Manifest.permission.ACCESS_FINE_LOCATION;
20 import static android.Manifest.permission_group.LOCATION;
21 import static android.app.AppOpsManager.OPSTR_FINE_LOCATION;
22 import static android.app.NotificationManager.IMPORTANCE_LOW;
23 import static android.app.PendingIntent.FLAG_ONE_SHOT;
24 import static android.app.PendingIntent.FLAG_UPDATE_CURRENT;
25 import static android.app.PendingIntent.getBroadcast;
26 import static android.app.job.JobScheduler.RESULT_SUCCESS;
27 import static android.content.Context.MODE_PRIVATE;
28 import static android.content.Intent.ACTION_MANAGE_APP_PERMISSION;
29 import static android.content.Intent.EXTRA_PACKAGE_NAME;
30 import static android.content.Intent.EXTRA_PERMISSION_GROUP_NAME;
31 import static android.content.Intent.EXTRA_UID;
32 import static android.content.Intent.EXTRA_USER;
33 import static android.content.Intent.FLAG_ACTIVITY_MULTIPLE_TASK;
34 import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK;
35 import static android.content.Intent.FLAG_RECEIVER_FOREGROUND;
36 import static android.content.pm.PackageManager.GET_PERMISSIONS;
37 import static android.graphics.Bitmap.Config.ARGB_8888;
38 import static android.graphics.Bitmap.createBitmap;
39 import static android.os.UserHandle.getUserHandleForUid;
40 import static android.os.UserHandle.myUserId;
41 import static android.provider.Settings.Secure.LOCATION_ACCESS_CHECK_DELAY_MILLIS;
42 import static android.provider.Settings.Secure.LOCATION_ACCESS_CHECK_INTERVAL_MILLIS;
43 
44 import static com.android.permissioncontroller.Constants.EXTRA_SESSION_ID;
45 import static com.android.permissioncontroller.Constants.INVALID_SESSION_ID;
46 import static com.android.permissioncontroller.Constants.KEY_LAST_LOCATION_ACCESS_NOTIFICATION_SHOWN;
47 import static com.android.permissioncontroller.Constants.KEY_LOCATION_ACCESS_CHECK_ENABLED_TIME;
48 import static com.android.permissioncontroller.Constants.LOCATION_ACCESS_CHECK_ALREADY_NOTIFIED_FILE;
49 import static com.android.permissioncontroller.Constants.LOCATION_ACCESS_CHECK_JOB_ID;
50 import static com.android.permissioncontroller.Constants.LOCATION_ACCESS_CHECK_NOTIFICATION_ID;
51 import static com.android.permissioncontroller.Constants.PERIODIC_LOCATION_ACCESS_CHECK_JOB_ID;
52 import static com.android.permissioncontroller.Constants.PERMISSION_REMINDER_CHANNEL_ID;
53 import static com.android.permissioncontroller.Constants.PREFERENCES_FILE;
54 import static com.android.permissioncontroller.PermissionControllerStatsLog.LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION;
55 import static com.android.permissioncontroller.PermissionControllerStatsLog.LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION__RESULT__NOTIFICATION_CLICKED;
56 import static com.android.permissioncontroller.PermissionControllerStatsLog.LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION__RESULT__NOTIFICATION_DECLINED;
57 import static com.android.permissioncontroller.PermissionControllerStatsLog.LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION__RESULT__NOTIFICATION_PRESENTED;
58 import static com.android.permissioncontroller.permission.utils.Utils.OS_PKG;
59 import static com.android.permissioncontroller.permission.utils.Utils.getParcelableExtraSafe;
60 import static com.android.permissioncontroller.permission.utils.Utils.getParentUserContext;
61 import static com.android.permissioncontroller.permission.utils.Utils.getStringExtraSafe;
62 import static com.android.permissioncontroller.permission.utils.Utils.getSystemServiceSafe;
63 
64 import static java.lang.System.currentTimeMillis;
65 import static java.util.concurrent.TimeUnit.DAYS;
66 
67 import android.app.AppOpsManager;
68 import android.app.AppOpsManager.OpEntry;
69 import android.app.AppOpsManager.PackageOps;
70 import android.app.Notification;
71 import android.app.NotificationChannel;
72 import android.app.NotificationManager;
73 import android.app.job.JobInfo;
74 import android.app.job.JobParameters;
75 import android.app.job.JobScheduler;
76 import android.app.job.JobService;
77 import android.content.BroadcastReceiver;
78 import android.content.ComponentName;
79 import android.content.ContentResolver;
80 import android.content.Context;
81 import android.content.Intent;
82 import android.content.SharedPreferences;
83 import android.content.pm.PackageInfo;
84 import android.content.pm.PackageManager;
85 import android.graphics.Bitmap;
86 import android.graphics.Canvas;
87 import android.graphics.drawable.Drawable;
88 import android.location.LocationManager;
89 import android.net.Uri;
90 import android.os.AsyncTask;
91 import android.os.Bundle;
92 import android.os.UserHandle;
93 import android.os.UserManager;
94 import android.provider.Settings;
95 import android.service.notification.StatusBarNotification;
96 import android.util.ArraySet;
97 import android.util.Log;
98 
99 import androidx.annotation.NonNull;
100 import androidx.annotation.Nullable;
101 import androidx.annotation.WorkerThread;
102 import androidx.core.util.Preconditions;
103 
104 import com.android.permissioncontroller.PermissionControllerStatsLog;
105 import com.android.permissioncontroller.R;
106 import com.android.permissioncontroller.permission.model.AppPermissionGroup;
107 import com.android.permissioncontroller.permission.utils.Utils;
108 
109 import java.io.BufferedReader;
110 import java.io.BufferedWriter;
111 import java.io.FileNotFoundException;
112 import java.io.IOException;
113 import java.io.InputStreamReader;
114 import java.io.OutputStreamWriter;
115 import java.util.ArrayList;
116 import java.util.List;
117 import java.util.Objects;
118 import java.util.Random;
119 import java.util.function.BooleanSupplier;
120 
121 /**
122  * Show notification that double-guesses the user if she/he really wants to grant fine background
123  * location access to an app.
124  *
125  * <p>A notification is scheduled after the background permission access is granted via
126  * {@link #checkLocationAccessSoon()} or periodically.
127  *
128  * <p>We rate limit the number of notification we show and only ever show one notification at a
129  * time. Further we only shown notifications if the app has actually accessed the fine location
130  * in the background.
131  *
132  * <p>As there are many cases why a notification should not been shown, we always schedule a
133  * {@link #addLocationNotificationIfNeeded check} which then might add a notification.
134  */
135 public class LocationAccessCheck {
136     private static final String LOG_TAG = LocationAccessCheck.class.getSimpleName();
137     private static final boolean DEBUG = false;
138 
139     /** Lock required for all methods called {@code ...Locked} */
140     private static final Object sLock = new Object();
141 
142     private final Random mRandom = new Random();
143 
144     private final @NonNull Context mContext;
145     private final @NonNull JobScheduler mJobScheduler;
146     private final @NonNull ContentResolver mContentResolver;
147     private final @NonNull AppOpsManager mAppOpsManager;
148     private final @NonNull PackageManager mPackageManager;
149     private final @NonNull UserManager mUserManager;
150     private final @NonNull SharedPreferences mSharedPrefs;
151 
152     /** If the current long running operation should be canceled */
153     private final @Nullable BooleanSupplier mShouldCancel;
154 
155     /**
156      * Get time in between two periodic checks.
157      *
158      * <p>Default: 1 day
159      *
160      * @return The time in between check in milliseconds
161      */
getPeriodicCheckIntervalMillis()162     private long getPeriodicCheckIntervalMillis() {
163         return Settings.Secure.getLong(mContentResolver,
164                 LOCATION_ACCESS_CHECK_INTERVAL_MILLIS, DAYS.toMillis(1));
165     }
166 
167     /**
168      * Flexibility of the periodic check.
169      *
170      * <p>10% of {@link #getPeriodicCheckIntervalMillis()}
171      *
172      * @return The flexibility of the periodic check in milliseconds
173      */
getFlexForPeriodicCheckMillis()174     private long getFlexForPeriodicCheckMillis() {
175         return getPeriodicCheckIntervalMillis() / 10;
176     }
177 
178     /**
179      * Get the delay in between granting a permission and the follow up check.
180      *
181      * <p>Default: 1 day
182      *
183      * @return The delay in milliseconds
184      */
getDelayMillis()185     private long getDelayMillis() {
186         return Settings.Secure.getLong(mContentResolver,
187                 LOCATION_ACCESS_CHECK_DELAY_MILLIS, DAYS.toMillis(1));
188     }
189 
190     /**
191      * Minimum time in between showing two notifications.
192      *
193      * <p>This is just small enough so that the periodic check can always show a notification.
194      *
195      * @return The minimum time in milliseconds
196      */
getInBetweenNotificationsMillis()197     private long getInBetweenNotificationsMillis() {
198         return getPeriodicCheckIntervalMillis() - (long) (getFlexForPeriodicCheckMillis() * 2.1);
199     }
200 
201     /**
202      * Load the list of {@link UserPackage packages} we already shown a notification for.
203      *
204      * @return The list of packages we already shown a notification for.
205      */
loadAlreadyNotifiedPackagesLocked()206     private @NonNull ArraySet<UserPackage> loadAlreadyNotifiedPackagesLocked() {
207         try (BufferedReader reader = new BufferedReader(new InputStreamReader(
208                 mContext.openFileInput(LOCATION_ACCESS_CHECK_ALREADY_NOTIFIED_FILE)))) {
209             ArraySet<UserPackage> packages = new ArraySet<>();
210 
211             /*
212              * The format of the file is <package> <serial of user>, e.g.
213              *
214              * com.one.package 5630633845
215              * com.two.package 5630633853
216              * com.three.package 5630633853
217              */
218             while (true) {
219                 String line = reader.readLine();
220                 if (line == null) {
221                     break;
222                 }
223 
224                 String[] lineComponents = line.split(" ");
225                 String pkg = lineComponents[0];
226                 UserHandle user = mUserManager.getUserForSerialNumber(
227                         Long.valueOf(lineComponents[1]));
228 
229                 if (user != null) {
230                     packages.add(new UserPackage(mContext, pkg, user));
231                 } else {
232                     Log.i(LOG_TAG, "Not restoring state \"" + line + "\" as user is unknown");
233                 }
234             }
235 
236             return packages;
237         } catch (FileNotFoundException ignored) {
238             return new ArraySet<>();
239         } catch (Exception e) {
240             Log.w(LOG_TAG, "Could not read " + LOCATION_ACCESS_CHECK_ALREADY_NOTIFIED_FILE, e);
241             return new ArraySet<>();
242         }
243     }
244 
245     /**
246      * Safe the list of {@link UserPackage packages} we have already shown a notification for.
247      *
248      * @param packages The list of packages we already shown a notification for.
249      */
safeAlreadyNotifiedPackagesLocked(@onNull ArraySet<UserPackage> packages)250     private void safeAlreadyNotifiedPackagesLocked(@NonNull ArraySet<UserPackage> packages) {
251         try (BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(
252                 mContext.openFileOutput(LOCATION_ACCESS_CHECK_ALREADY_NOTIFIED_FILE,
253                         MODE_PRIVATE)))) {
254             /*
255              * The format of the file is <package> <serial of user>, e.g.
256              *
257              * com.one.package 5630633845
258              * com.two.package 5630633853
259              * com.three.package 5630633853
260              */
261             int numPkgs = packages.size();
262             for (int i = 0; i < numPkgs; i++) {
263                 UserPackage userPkg = packages.valueAt(i);
264 
265                 writer.append(userPkg.pkg);
266                 writer.append(' ');
267                 writer.append(
268                         Long.valueOf(mUserManager.getSerialNumberForUser(userPkg.user)).toString());
269                 writer.newLine();
270             }
271         } catch (IOException e) {
272             Log.e(LOG_TAG, "Could not write " + LOCATION_ACCESS_CHECK_ALREADY_NOTIFIED_FILE, e);
273         }
274     }
275 
276     /**
277      * Remember that we showed a notification for a {@link UserPackage}
278      *
279      * @param pkg The package we notified for
280      * @param user The user we notified for
281      */
markAsNotified(@onNull String pkg, @NonNull UserHandle user)282     private void markAsNotified(@NonNull String pkg, @NonNull UserHandle user) {
283         synchronized (sLock) {
284             ArraySet<UserPackage> alreadyNotifiedPackages = loadAlreadyNotifiedPackagesLocked();
285             alreadyNotifiedPackages.add(new UserPackage(mContext, pkg, user));
286             safeAlreadyNotifiedPackagesLocked(alreadyNotifiedPackages);
287         }
288     }
289 
290     /**
291      * Create the channel the location access notifications should be posted to.
292      *
293      * @param user The user to create the channel for
294      */
createPermissionReminderChannel(@onNull UserHandle user)295     private void createPermissionReminderChannel(@NonNull UserHandle user) {
296         NotificationManager notificationManager = getSystemServiceSafe(mContext,
297                 NotificationManager.class, user);
298 
299         NotificationChannel permissionReminderChannel = new NotificationChannel(
300                 PERMISSION_REMINDER_CHANNEL_ID, mContext.getString(R.string.permission_reminders),
301                 IMPORTANCE_LOW);
302         notificationManager.createNotificationChannel(permissionReminderChannel);
303     }
304 
305     /**
306      * If {@link #mShouldCancel} throw an {@link InterruptedException}.
307      */
throwInterruptedExceptionIfTaskIsCanceled()308     private void throwInterruptedExceptionIfTaskIsCanceled() throws InterruptedException {
309         if (mShouldCancel != null && mShouldCancel.getAsBoolean()) {
310             throw new InterruptedException();
311         }
312     }
313 
314     /**
315      * Create a new {@link LocationAccessCheck} object.
316      *
317      * @param context Used to resolve managers
318      * @param shouldCancel If supplied, can be used to interrupt long running operations
319      */
LocationAccessCheck(@onNull Context context, @Nullable BooleanSupplier shouldCancel)320     public LocationAccessCheck(@NonNull Context context, @Nullable BooleanSupplier shouldCancel) {
321         mContext = getParentUserContext(context);
322 
323         mJobScheduler = getSystemServiceSafe(mContext, JobScheduler.class);
324         mAppOpsManager = getSystemServiceSafe(mContext, AppOpsManager.class);
325         mPackageManager = mContext.getPackageManager();
326         mUserManager = getSystemServiceSafe(mContext, UserManager.class);
327         mSharedPrefs = mContext.getSharedPreferences(PREFERENCES_FILE, MODE_PRIVATE);
328         mContentResolver = mContext.getContentResolver();
329 
330         mShouldCancel = shouldCancel;
331     }
332 
333     /**
334      * Check if a location access notification should be shown and then add it.
335      *
336      * <p>Always run async inside a
337      * {@link LocationAccessCheckJobService.AddLocationNotificationIfNeededTask}.
338      */
339     @WorkerThread
addLocationNotificationIfNeeded(@onNull JobParameters params, @NonNull LocationAccessCheckJobService service)340     private void addLocationNotificationIfNeeded(@NonNull JobParameters params,
341             @NonNull LocationAccessCheckJobService service) {
342         if (!checkLocationAccessCheckEnabledAndUpdateEnabledTime()) {
343             service.jobFinished(params, false);
344             return;
345         }
346 
347         synchronized (sLock) {
348             try {
349                 if (currentTimeMillis() - mSharedPrefs.getLong(
350                         KEY_LAST_LOCATION_ACCESS_NOTIFICATION_SHOWN, 0)
351                         < getInBetweenNotificationsMillis()) {
352                     service.jobFinished(params, false);
353                     return;
354                 }
355 
356                 if (getCurrentlyShownNotificationLocked() != null) {
357                     service.jobFinished(params, false);
358                     return;
359                 }
360 
361                 addLocationNotificationIfNeeded(mAppOpsManager.getPackagesForOps(
362                         new String[]{OPSTR_FINE_LOCATION}));
363                 service.jobFinished(params, false);
364             } catch (Exception e) {
365                 Log.e(LOG_TAG, "Could not check for location access", e);
366                 service.jobFinished(params, true);
367             } finally {
368                 synchronized (sLock) {
369                     service.mAddLocationNotificationIfNeededTask = null;
370                 }
371             }
372         }
373     }
374 
addLocationNotificationIfNeeded(@onNull List<PackageOps> ops)375     private void addLocationNotificationIfNeeded(@NonNull List<PackageOps> ops)
376             throws InterruptedException {
377         synchronized (sLock) {
378             List<UserPackage> packages = getLocationUsersWithNoNotificationYetLocked(ops);
379 
380             // Get a random package and resolve package info
381             PackageInfo pkgInfo = null;
382             while (pkgInfo == null) {
383                 throwInterruptedExceptionIfTaskIsCanceled();
384 
385                 if (packages.isEmpty()) {
386                     return;
387                 }
388 
389                 UserPackage packageToNotifyFor = null;
390 
391                 // Prefer to show notification for location controller extra package
392                 int numPkgs = packages.size();
393                 for (int i = 0; i < numPkgs; i++) {
394                     UserPackage pkg = packages.get(i);
395 
396                     LocationManager locationManager = getSystemServiceSafe(mContext,
397                             LocationManager.class, pkg.user);
398                     if (locationManager.isExtraLocationControllerPackageEnabled() && pkg.pkg.equals(
399                             locationManager.getExtraLocationControllerPackage())) {
400                         packageToNotifyFor = pkg;
401                         break;
402                     }
403                 }
404 
405                 if (packageToNotifyFor == null) {
406                     packageToNotifyFor = packages.get(mRandom.nextInt(packages.size()));
407                 }
408 
409                 try {
410                     pkgInfo = packageToNotifyFor.getPackageInfo();
411                 } catch (PackageManager.NameNotFoundException e) {
412                     packages.remove(packageToNotifyFor);
413                 }
414             }
415 
416             createPermissionReminderChannel(getUserHandleForUid(pkgInfo.applicationInfo.uid));
417             createNotificationForLocationUser(pkgInfo);
418         }
419     }
420 
421     /**
422      * Get the {@link UserPackage packages} which accessed the location but we have not yet shown
423      * a notification for.
424      *
425      * <p>This also ignores all packages that are excepted from the notification.
426      *
427      * @return The packages we need to show a notification for
428      *
429      * @throws InterruptedException If {@link #mShouldCancel}
430      */
getLocationUsersWithNoNotificationYetLocked( @onNull List<PackageOps> allOps)431     private @NonNull List<UserPackage> getLocationUsersWithNoNotificationYetLocked(
432             @NonNull List<PackageOps> allOps) throws InterruptedException {
433         List<UserPackage> pkgsWithLocationAccess = new ArrayList<>();
434         List<UserHandle> profiles = mUserManager.getUserProfiles();
435 
436         LocationManager lm = mContext.getSystemService(LocationManager.class);
437 
438         int numPkgs = allOps.size();
439         for (int pkgNum = 0; pkgNum < numPkgs; pkgNum++) {
440             PackageOps packageOps = allOps.get(pkgNum);
441 
442             String pkg = packageOps.getPackageName();
443             if (pkg.equals(OS_PKG) || lm.isProviderPackage(pkg)) {
444                 continue;
445             }
446 
447             UserHandle user = getUserHandleForUid(packageOps.getUid());
448             // Do not handle apps that belong to a different profile user group
449             if (!profiles.contains(user)) {
450                 continue;
451             }
452 
453             UserPackage userPkg = new UserPackage(mContext, pkg, user);
454 
455             AppPermissionGroup bgLocationGroup = userPkg.getBackgroundLocationGroup();
456             // Do not show notification that do not request the background permission anymore
457             if (bgLocationGroup == null) {
458                 continue;
459             }
460 
461             // Do not show notification that do not currently have the background permission
462             // granted
463             if (!bgLocationGroup.areRuntimePermissionsGranted()) {
464                 continue;
465             }
466 
467             // Do not show notification for permissions that are not user sensitive
468             if (!bgLocationGroup.isUserSensitive()) {
469                 continue;
470             }
471 
472             // Never show notification for pregranted permissions as warning the user via the
473             // notification and then warning the user again when revoking the permission is
474             // confusing
475             if (userPkg.getLocationGroup().hasGrantedByDefaultPermission()
476                     && bgLocationGroup.hasGrantedByDefaultPermission()) {
477                 continue;
478             }
479 
480             int numOps = packageOps.getOps().size();
481             for (int opNum = 0; opNum < numOps; opNum++) {
482                 OpEntry entry = packageOps.getOps().get(opNum);
483 
484                 // To protect against OEM apps that accidentally blame app ops on other packages
485                 // since they can hold the privileged UPDATE_APP_OPS_STATS permission for location
486                 // access in the background we trust only the OS and the location providers. Note
487                 // that this mitigation only handles usage of AppOpsManager#noteProxyOp and not
488                 // direct usage of AppOpsManager#noteOp, i.e. handles bad blaming and not bad
489                 // attribution.
490                 String proxyPackageName = entry.getProxyPackageName();
491                 if (proxyPackageName != null && !proxyPackageName.equals(OS_PKG)
492                         && !lm.isProviderPackage(proxyPackageName)) {
493                     continue;
494                 }
495 
496                 // We show only bg accesses since the location access check feature was enabled
497                 // to handle cases where the feature is remotely toggled since we don't want to
498                 // notify for accesses before the feature was turned on.
499                 long featureEnabledTime = getLocationAccessCheckEnabledTime();
500                 if (featureEnabledTime >= 0 && entry.getLastAccessBackgroundTime(
501                         AppOpsManager.OP_FLAGS_ALL_TRUSTED) > featureEnabledTime) {
502                     pkgsWithLocationAccess.add(userPkg);
503                     break;
504                 }
505             }
506         }
507 
508         ArraySet<UserPackage> alreadyNotifiedPkgs = loadAlreadyNotifiedPackagesLocked();
509         throwInterruptedExceptionIfTaskIsCanceled();
510 
511         resetAlreadyNotifiedPackagesWithoutPermissionLocked(alreadyNotifiedPkgs);
512 
513         pkgsWithLocationAccess.removeAll(alreadyNotifiedPkgs);
514         return pkgsWithLocationAccess;
515     }
516 
517     /**
518      * Checks whether the location access check feature is enabled and updates the
519      * time when the feature was first enabled. If the feature is enabled and no
520      * enabled time persisted we persist the current time as the enabled time. If
521      * the feature is disabled and an enabled time is persisted we delete the
522      * persisted time.
523      *
524      * @return Whether the location access feature is enabled.
525      */
checkLocationAccessCheckEnabledAndUpdateEnabledTime()526     private boolean checkLocationAccessCheckEnabledAndUpdateEnabledTime() {
527         final long enabledTime = getLocationAccessCheckEnabledTime();
528         if (Utils.isLocationAccessCheckEnabled()) {
529             if (enabledTime <= 0) {
530                 mSharedPrefs.edit().putLong(KEY_LOCATION_ACCESS_CHECK_ENABLED_TIME,
531                         currentTimeMillis()).commit();
532             }
533             return true;
534         } else {
535             if (enabledTime > 0) {
536                 mSharedPrefs.edit().remove(KEY_LOCATION_ACCESS_CHECK_ENABLED_TIME)
537                         .commit();
538             }
539             return false;
540         }
541     }
542 
543     /**
544      * @return The time the location access check was enabled, or 0 if not enabled.
545      */
getLocationAccessCheckEnabledTime()546     private long getLocationAccessCheckEnabledTime() {
547         return mSharedPrefs.getLong(KEY_LOCATION_ACCESS_CHECK_ENABLED_TIME, 0);
548     }
549 
550     /**
551      * Create a notification reminding the user that a package used the location. From this
552      * notification the user can directly go to the screen that allows to change the permission.
553      *
554      * @param pkg The {@link PackageInfo} for the package to to be changed
555      */
createNotificationForLocationUser(@onNull PackageInfo pkg)556     private void createNotificationForLocationUser(@NonNull PackageInfo pkg) {
557         CharSequence pkgLabel = mPackageManager.getApplicationLabel(pkg.applicationInfo);
558         Drawable pkgIcon = mPackageManager.getApplicationIcon(pkg.applicationInfo);
559         Bitmap pkgIconBmp = createBitmap(pkgIcon.getIntrinsicWidth(), pkgIcon.getIntrinsicHeight(),
560                 ARGB_8888);
561         Canvas canvas = new Canvas(pkgIconBmp);
562         pkgIcon.setBounds(0, 0, pkgIcon.getIntrinsicWidth(), pkgIcon.getIntrinsicHeight());
563         pkgIcon.draw(canvas);
564 
565         String pkgName = pkg.packageName;
566         UserHandle user = getUserHandleForUid(pkg.applicationInfo.uid);
567 
568         NotificationManager notificationManager = getSystemServiceSafe(mContext,
569                 NotificationManager.class, user);
570 
571         long sessionId = INVALID_SESSION_ID;
572         while (sessionId == INVALID_SESSION_ID) {
573             sessionId = new Random().nextLong();
574         }
575 
576         Intent deleteIntent = new Intent(mContext, NotificationDeleteHandler.class);
577         deleteIntent.putExtra(EXTRA_PACKAGE_NAME, pkgName);
578         deleteIntent.putExtra(EXTRA_SESSION_ID, sessionId);
579         deleteIntent.putExtra(EXTRA_UID, pkg.applicationInfo.uid);
580         deleteIntent.putExtra(EXTRA_USER, user);
581         deleteIntent.setFlags(FLAG_RECEIVER_FOREGROUND);
582 
583         Intent clickIntent = new Intent(mContext, NotificationClickHandler.class);
584         clickIntent.putExtra(EXTRA_PACKAGE_NAME, pkgName);
585         clickIntent.putExtra(EXTRA_SESSION_ID, sessionId);
586         clickIntent.putExtra(EXTRA_UID, pkg.applicationInfo.uid);
587         clickIntent.putExtra(EXTRA_USER, user);
588         clickIntent.setFlags(FLAG_RECEIVER_FOREGROUND);
589 
590         CharSequence appName = Utils.getSettingsLabelForNotifications(mPackageManager);
591 
592         Notification.Builder b = (new Notification.Builder(mContext,
593                 PERMISSION_REMINDER_CHANNEL_ID))
594                 .setContentTitle(mContext.getString(
595                         R.string.background_location_access_reminder_notification_title, pkgLabel))
596                 .setContentText(mContext.getString(
597                         R.string.background_location_access_reminder_notification_content))
598                 .setStyle(new Notification.BigTextStyle().bigText(mContext.getString(
599                         R.string.background_location_access_reminder_notification_content)))
600                 .setSmallIcon(R.drawable.ic_pin_drop)
601                 .setLargeIcon(pkgIconBmp)
602                 .setColor(mContext.getColor(android.R.color.system_notification_accent_color))
603                 .setAutoCancel(true)
604                 .setDeleteIntent(getBroadcast(mContext, 0, deleteIntent,
605                         FLAG_ONE_SHOT | FLAG_UPDATE_CURRENT))
606                 .setContentIntent(getBroadcast(mContext, 0, clickIntent,
607                         FLAG_ONE_SHOT | FLAG_UPDATE_CURRENT));
608 
609         if (appName != null) {
610             Bundle extras = new Bundle();
611             extras.putString(Notification.EXTRA_SUBSTITUTE_APP_NAME, appName.toString());
612             b.addExtras(extras);
613         }
614 
615         notificationManager.notify(pkgName, LOCATION_ACCESS_CHECK_NOTIFICATION_ID, b.build());
616 
617         if (DEBUG) Log.i(LOG_TAG, "Notified " + pkgName);
618 
619         PermissionControllerStatsLog.write(LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION, sessionId,
620                 pkg.applicationInfo.uid, pkgName,
621                 LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION__RESULT__NOTIFICATION_PRESENTED);
622         Log.v(LOG_TAG, "Location access check notification shown with sessionId=" + sessionId + ""
623                 + " uid=" + pkg.applicationInfo.uid + " pkgName=" + pkgName);
624 
625         mSharedPrefs.edit().putLong(KEY_LAST_LOCATION_ACCESS_NOTIFICATION_SHOWN,
626                 currentTimeMillis()).apply();
627     }
628 
629     /**
630      * Get currently shown notification. We only ever show one notification per profile group.
631      *
632      * @return The notification or {@code null} if no notification is currently shown
633      */
getCurrentlyShownNotificationLocked()634     private @Nullable StatusBarNotification getCurrentlyShownNotificationLocked() {
635         List<UserHandle> profiles = mUserManager.getUserProfiles();
636 
637         int numProfiles = profiles.size();
638         for (int profileNum = 0; profileNum < numProfiles; profileNum++) {
639             NotificationManager notificationManager = getSystemServiceSafe(mContext,
640                     NotificationManager.class, profiles.get(profileNum));
641 
642             StatusBarNotification[] notifications = notificationManager.getActiveNotifications();
643 
644             int numNotifications = notifications.length;
645             for (int notificationNum = 0; notificationNum < numNotifications; notificationNum++) {
646                 StatusBarNotification notification = notifications[notificationNum];
647 
648                 if (notification.getId() == LOCATION_ACCESS_CHECK_NOTIFICATION_ID) {
649                     return notification;
650                 }
651             }
652         }
653 
654         return null;
655     }
656 
657     /**
658      * Go through the list of packages we already shown a notification for and remove those that do
659      * not request fine background location access.
660      *
661      * @param alreadyNotifiedPkgs The packages we already shown a notification for. This paramter is
662      *                            modified inside of this method.
663      *
664      * @throws InterruptedException If {@link #mShouldCancel}
665      */
resetAlreadyNotifiedPackagesWithoutPermissionLocked( @onNull ArraySet<UserPackage> alreadyNotifiedPkgs)666     private void resetAlreadyNotifiedPackagesWithoutPermissionLocked(
667             @NonNull ArraySet<UserPackage> alreadyNotifiedPkgs) throws InterruptedException {
668         ArrayList<UserPackage> packagesToRemove = new ArrayList<>();
669 
670         for (UserPackage userPkg : alreadyNotifiedPkgs) {
671             throwInterruptedExceptionIfTaskIsCanceled();
672 
673             AppPermissionGroup bgLocationGroup = userPkg.getBackgroundLocationGroup();
674             if (bgLocationGroup == null || !bgLocationGroup.areRuntimePermissionsGranted()) {
675                 packagesToRemove.add(userPkg);
676             }
677         }
678 
679         if (!packagesToRemove.isEmpty()) {
680             alreadyNotifiedPkgs.removeAll(packagesToRemove);
681             safeAlreadyNotifiedPackagesLocked(alreadyNotifiedPkgs);
682             throwInterruptedExceptionIfTaskIsCanceled();
683         }
684     }
685 
686     /**
687      * Remove all persisted state for a package.
688      *
689      * @param pkg name of package
690      * @param user user the package belongs to
691      */
forgetAboutPackage(@onNull String pkg, @NonNull UserHandle user)692     private void forgetAboutPackage(@NonNull String pkg, @NonNull UserHandle user) {
693         synchronized (sLock) {
694             StatusBarNotification notification = getCurrentlyShownNotificationLocked();
695             if (notification != null && notification.getUser().equals(user)
696                     && notification.getTag().equals(pkg)) {
697                 getSystemServiceSafe(mContext, NotificationManager.class, user).cancel(
698                         pkg, LOCATION_ACCESS_CHECK_NOTIFICATION_ID);
699             }
700 
701             ArraySet<UserPackage> packages = loadAlreadyNotifiedPackagesLocked();
702             packages.remove(new UserPackage(mContext, pkg, user));
703             safeAlreadyNotifiedPackagesLocked(packages);
704         }
705     }
706 
707     /**
708      * After a small delay schedule a check if we should show a notification.
709      *
710      * <p>This is called when location access is granted to an app. In this case it is likely that
711      * the app will access the location soon. If this happens the notification will appear only a
712      * little after the user granted the location.
713      */
checkLocationAccessSoon()714     public void checkLocationAccessSoon() {
715         JobInfo.Builder b = (new JobInfo.Builder(LOCATION_ACCESS_CHECK_JOB_ID,
716                 new ComponentName(mContext, LocationAccessCheckJobService.class)))
717                 .setMinimumLatency(getDelayMillis());
718 
719         int scheduleResult = mJobScheduler.schedule(b.build());
720         if (scheduleResult != RESULT_SUCCESS) {
721             Log.e(LOG_TAG, "Could not schedule location access check " + scheduleResult);
722         }
723     }
724 
725     /**
726      * Check if the current user is the profile parent.
727      *
728      * @return {@code true} if the current user is the profile parent.
729      */
isRunningInParentProfile()730     private boolean isRunningInParentProfile() {
731         UserHandle user = UserHandle.of(myUserId());
732         UserHandle parent = mUserManager.getProfileParent(user);
733 
734         return parent == null || user.equals(parent);
735     }
736 
737     /**
738      * On boot set up a periodic job that starts checks.
739      */
740     public static class SetupPeriodicBackgroundLocationAccessCheck extends BroadcastReceiver {
741         @Override
onReceive(Context context, Intent intent)742         public void onReceive(Context context, Intent intent) {
743             LocationAccessCheck locationAccessCheck = new LocationAccessCheck(context, null);
744             JobScheduler jobScheduler = getSystemServiceSafe(context, JobScheduler.class);
745 
746             if (!locationAccessCheck.isRunningInParentProfile()) {
747                 // Profile parent handles child profiles too.
748                 return;
749             }
750 
751             if (jobScheduler.getPendingJob(PERIODIC_LOCATION_ACCESS_CHECK_JOB_ID) == null) {
752                 JobInfo.Builder b = (new JobInfo.Builder(PERIODIC_LOCATION_ACCESS_CHECK_JOB_ID,
753                         new ComponentName(context, LocationAccessCheckJobService.class)))
754                         .setPeriodic(locationAccessCheck.getPeriodicCheckIntervalMillis(),
755                                 locationAccessCheck.getFlexForPeriodicCheckMillis());
756 
757                 int scheduleResult = jobScheduler.schedule(b.build());
758                 if (scheduleResult != RESULT_SUCCESS) {
759                     Log.e(LOG_TAG, "Could not schedule periodic location access check "
760                             + scheduleResult);
761                 }
762             }
763         }
764     }
765 
766     /**
767      * Checks if a new notification should be shown.
768      */
769     public static class LocationAccessCheckJobService extends JobService {
770         private LocationAccessCheck mLocationAccessCheck;
771 
772         /** If we currently check if we should show a notification, the task executing the check */
773         // @GuardedBy("sLock")
774         private @Nullable AddLocationNotificationIfNeededTask mAddLocationNotificationIfNeededTask;
775 
776         @Override
onCreate()777         public void onCreate() {
778             super.onCreate();
779             mLocationAccessCheck = new LocationAccessCheck(this, () -> {
780                 synchronized (sLock) {
781                     AddLocationNotificationIfNeededTask task = mAddLocationNotificationIfNeededTask;
782 
783                     return task != null && task.isCancelled();
784                 }
785             });
786         }
787 
788         /**
789          * Starts an asynchronous check if a location access notification should be shown.
790          *
791          * @param params Not used other than for interacting with job scheduling
792          *
793          * @return {@code false} iff another check if already running
794          */
795         @Override
onStartJob(JobParameters params)796         public boolean onStartJob(JobParameters params) {
797             synchronized (LocationAccessCheck.sLock) {
798                 if (mAddLocationNotificationIfNeededTask != null) {
799                     return false;
800                 }
801 
802                 mAddLocationNotificationIfNeededTask =
803                         new AddLocationNotificationIfNeededTask();
804 
805                 mAddLocationNotificationIfNeededTask.execute(params, this);
806             }
807 
808             return true;
809         }
810 
811         /**
812          * Abort the check if still running.
813          *
814          * @param params ignored
815          *
816          * @return false
817          */
818         @Override
onStopJob(JobParameters params)819         public boolean onStopJob(JobParameters params) {
820             AddLocationNotificationIfNeededTask task;
821             synchronized (sLock) {
822                 if (mAddLocationNotificationIfNeededTask == null) {
823                     return false;
824                 } else {
825                     task = mAddLocationNotificationIfNeededTask;
826                 }
827             }
828 
829             task.cancel(false);
830 
831             try {
832                 // Wait for task to finish
833                 task.get();
834             } catch (Exception e) {
835                 Log.e(LOG_TAG, "While waiting for " + task + " to finish", e);
836             }
837 
838             return false;
839         }
840 
841         /**
842          * A {@link AsyncTask task} that runs the check in the background.
843          */
844         private class AddLocationNotificationIfNeededTask extends
845                 AsyncTask<Object, Void, Void> {
846             @Override
doInBackground(Object... in)847             protected final Void doInBackground(Object... in) {
848                 JobParameters params = (JobParameters) in[0];
849                 LocationAccessCheckJobService service = (LocationAccessCheckJobService) in[1];
850                 mLocationAccessCheck.addLocationNotificationIfNeeded(params, service);
851                 return null;
852             }
853         }
854     }
855 
856     /**
857      * Handle the case where the notification is swiped away without further interaction.
858      */
859     public static class NotificationDeleteHandler extends BroadcastReceiver {
860         @Override
onReceive(Context context, Intent intent)861         public void onReceive(Context context, Intent intent) {
862             String pkg = getStringExtraSafe(intent, EXTRA_PACKAGE_NAME);
863             UserHandle user = getParcelableExtraSafe(intent, EXTRA_USER);
864             long sessionId = intent.getLongExtra(EXTRA_SESSION_ID, INVALID_SESSION_ID);
865             int uid = intent.getIntExtra(EXTRA_UID, 0);
866 
867             PermissionControllerStatsLog.write(LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION, sessionId,
868                     uid, pkg,
869                     LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION__RESULT__NOTIFICATION_DECLINED);
870             Log.v(LOG_TAG,
871                     "Location access check notification declined with sessionId=" + sessionId + ""
872                             + " uid=" + uid + " pkgName=" + pkg);
873 
874             new LocationAccessCheck(context, null).markAsNotified(pkg, user);
875         }
876     }
877 
878     /**
879      * Show the location permission switch when the notification is clicked.
880      */
881     public static class NotificationClickHandler extends BroadcastReceiver {
882         @Override
onReceive(Context context, Intent intent)883         public void onReceive(Context context, Intent intent) {
884             String pkg = getStringExtraSafe(intent, EXTRA_PACKAGE_NAME);
885             UserHandle user = getParcelableExtraSafe(intent, EXTRA_USER);
886             int uid = intent.getIntExtra(EXTRA_UID, 0);
887             long sessionId = intent.getLongExtra(EXTRA_SESSION_ID, INVALID_SESSION_ID);
888 
889             new LocationAccessCheck(context, null).markAsNotified(pkg, user);
890 
891             PermissionControllerStatsLog.write(LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION, sessionId,
892                     uid, pkg,
893                     LOCATION_ACCESS_CHECK_NOTIFICATION_ACTION__RESULT__NOTIFICATION_CLICKED);
894             Log.v(LOG_TAG,
895                     "Location access check notification clicked with sessionId=" + sessionId + ""
896                             + " uid=" + uid + " pkgName=" + pkg);
897 
898             Intent manageAppPermission = new Intent(ACTION_MANAGE_APP_PERMISSION);
899             manageAppPermission.addFlags(FLAG_ACTIVITY_NEW_TASK | FLAG_ACTIVITY_MULTIPLE_TASK);
900             manageAppPermission.putExtra(EXTRA_PERMISSION_GROUP_NAME, LOCATION);
901             manageAppPermission.putExtra(EXTRA_PACKAGE_NAME, pkg);
902             manageAppPermission.putExtra(EXTRA_USER, user);
903             manageAppPermission.putExtra(EXTRA_SESSION_ID, sessionId);
904 
905 
906             context.startActivity(manageAppPermission);
907         }
908     }
909 
910     /**
911      * If a package gets removed or the data of the package gets cleared, forget that we showed a
912      * notification for it.
913      */
914     public static class PackageResetHandler extends BroadcastReceiver {
915         @Override
onReceive(Context context, Intent intent)916         public void onReceive(Context context, Intent intent) {
917             String action = intent.getAction();
918             if (!(Objects.equals(action, Intent.ACTION_PACKAGE_DATA_CLEARED)
919                     || Objects.equals(action, Intent.ACTION_PACKAGE_FULLY_REMOVED))) {
920                 return;
921             }
922 
923             Uri data = Preconditions.checkNotNull(intent.getData());
924             UserHandle user = getUserHandleForUid(intent.getIntExtra(EXTRA_UID, 0));
925 
926             if (DEBUG) Log.i(LOG_TAG, "Reset " + data.getSchemeSpecificPart());
927 
928             new LocationAccessCheck(context, null).forgetAboutPackage(
929                     data.getSchemeSpecificPart(), user);
930         }
931     }
932 
933     /**
934      * A immutable class containing a package name and a {@link UserHandle}.
935      */
936     private static final class UserPackage {
937         private final @NonNull Context mContext;
938 
939         public final @NonNull String pkg;
940         public final @NonNull UserHandle user;
941 
942         /**
943          * Create a new {@link UserPackage}
944          *
945          * @param context A context to be used by methods of this object
946          * @param pkg The name of the package
947          * @param user The user the package belongs to
948          */
UserPackage(@onNull Context context, @NonNull String pkg, @NonNull UserHandle user)949         UserPackage(@NonNull Context context, @NonNull String pkg, @NonNull UserHandle user) {
950             try {
951                 mContext = context.createPackageContextAsUser(context.getPackageName(), 0, user);
952             } catch (PackageManager.NameNotFoundException e) {
953                 throw new IllegalStateException(e);
954             }
955 
956             this.pkg = pkg;
957             this.user = user;
958         }
959 
960         /**
961          * Get {@link PackageInfo} for this user package.
962          *
963          * @return The package info
964          *
965          * @throws PackageManager.NameNotFoundException if package/user does not exist
966          */
getPackageInfo()967         @NonNull PackageInfo getPackageInfo() throws PackageManager.NameNotFoundException {
968             return mContext.getPackageManager().getPackageInfo(pkg, GET_PERMISSIONS);
969         }
970 
971         /**
972          * Get the {@link AppPermissionGroup} for
973          * {@link android.Manifest.permission#ACCESS_FINE_LOCATION} and this user package.
974          *
975          * @return The app permission group or {@code null} if the app does not request location
976          */
getLocationGroup()977         @Nullable AppPermissionGroup getLocationGroup() {
978             try {
979                 return AppPermissionGroup.create(mContext, getPackageInfo(), ACCESS_FINE_LOCATION,
980                     false);
981             } catch (PackageManager.NameNotFoundException e) {
982                 return null;
983             }
984         }
985 
986         /**
987          * Get the {@link AppPermissionGroup} for the background location of
988          * {@link android.Manifest.permission#ACCESS_FINE_LOCATION} and this user package.
989          *
990          * @return The app permission group or {@code null} if the app does not request background
991          *         location
992          */
getBackgroundLocationGroup()993         @Nullable AppPermissionGroup getBackgroundLocationGroup() {
994             AppPermissionGroup locationGroup = getLocationGroup();
995             if (locationGroup == null) {
996                 return null;
997             }
998 
999             return locationGroup.getBackgroundPermissions();
1000         }
1001 
1002         @Override
equals(Object o)1003         public boolean equals(Object o) {
1004             if (!(o instanceof UserPackage)) {
1005                 return false;
1006             }
1007 
1008             UserPackage userPackage = (UserPackage) o;
1009             return pkg.equals(userPackage.pkg) && user.equals(userPackage.user);
1010         }
1011 
1012         @Override
hashCode()1013         public int hashCode() {
1014             return Objects.hash(pkg, user);
1015         }
1016     }
1017 }
1018