add patch level expiry warning popup & notification

Implemented inside of SystemUI as a periodic JobService with a popup
and notification. Set `DEBUG_ALWAYS_EXPIRED` to true to test it.

Pair with corresponding packages/apps/Settings commit

Test: atest KeyguardViewMediatorTest (choose A for all)

Author: inthewaves

core/java/android/ext/settings/ExtSettings.java

@@ -93,6 +93,12 @@ public class ExtSettings {
     public static final BoolSetting SHOW_SYSTEM_PROCESS_CRASH_NOTIFICATIONS = new BoolSetting(
             Setting.Scope.GLOBAL, Settings.Global.SHOW_SYSTEM_PROCESS_CRASH_NOTIFICATIONS, false);
 
+    public static final BoolSetting USER_DISABLE_PATCH_LEVEL_EXPIRY_WARNING = new BoolSetting(
+            Setting.Scope.GLOBAL, Settings.Global.PATCH_LEVEL_WARNING_DISABLED, false);
+
+    public static final BoolSysProperty DEVICE_DISABLED_PATCH_LEVEL_EXPIRY_WARNING = new BoolSysProperty(
+            "ro.disable_patch_level_expiry_warning", false);
+
     private ExtSettings() {}
 
     public static Function<Context, Boolean> defaultBool(@BoolRes int res) {

core/java/android/provider/Settings.java

@@ -18160,6 +18160,13 @@ public static final class Global extends NameValueTable {
          */
         public static final String ONE_HANDED_KEYGUARD_SIDE = "one_handed_keyguard_side";
 
+        /**
+         * Whether patch level expiry popup & notification warning is disabled.
+         *
+         * @hide
+         */
+        public static final String PATCH_LEVEL_WARNING_DISABLED = "grapheneos_patch_level_warning_disabled";
+
         /**
          * Global settings that shouldn't be persisted.
          *

packages/SystemUI/AndroidManifest.xml

@@ -1151,5 +1151,9 @@
             android:showForAllUsers="true"
             android:theme="@style/ShortcutHelperTheme"
             android:excludeFromRecents="true" />
+
+        <service android:name=".patchlevelwarning.PeriodicPatchLevelExpiryCheck"
+            android:exported="false"
+            android:permission="android.permission.BIND_JOB_SERVICE"/>
     </application>
 </manifest>

packages/SystemUI/res/values/strings.xml

@@ -3866,4 +3866,29 @@ Action + ESC for this.</string>
     <string name="qs_edit_mode_category_unknown">
         Unknown
     </string>
+
+    <string name="patch_level_expiry_warning_notification_title">Patch level warning</string>
+    <string name="patch_level_expiry_warning_notification_tap_to_learn_more">Tap to learn more about keeping your device up-to-date and safe.</string>
+    <string name="patch_level_expiry_warning_dialog_title_updater_enabled">Check for new updates?</string>
+    <string name="patch_level_expiry_warning_dialog_title_updater_disabled">Enable automatic updates?</string>
+    <string name="patch_level_expiry_warning_dialog_title_updater_missing">System updater missing</string>
+    <string name="patch_level_expiry_warning_dialog_message_months_since_patch_level">{months, plural,
+        =1 {Your device\'s Android security patch level is {device_patch_level}, which is over # month old. Security updates are released every month.}
+        other {Your device\'s Android security patch level is {device_patch_level}, which is over # months old. Security updates are released every month.}
+    }</string>
+    <string name="patch_level_expiry_warning_dialog_message_debug__s">DEBUG_ALWAYS_EXPIRED is on; actual patch level is %1$s</string>
+    <string name="patch_level_expiry_warning_dialog_message_updater_enabled">Your device might not be checking for updates recently due to your settings. To stay secure, it\'s strongly recommended to manually check for updates and adjust your settings if needed to allow for automatic update checks.</string>
+    <string name="patch_level_expiry_warning_dialog_message_updater_disabled">Automatic system updates are currently disabled, leaving your device vulnerable. It\'s strongly recommended to enable automatic updates to stay secure.</string>
+    <string name="patch_level_expiry_warning_dialog_message_updater_missing">The system updater is missing from your device, so automatic updates are not possible.</string>
+    <string name="patch_level_expiry_warning_dialog_message_updater_missing_recommend_contacting_community_github">This is not normal, so it\'s strongly recommended to reach out to GrapheneOS community platforms and GitHub issue trackers for assistance. You can learn more about these platforms at <xliff:g id="contact_url_text" example="grapheneos.org/contact">%1$s</xliff:g></string>
+    <string name="patch_level_expiry_warning_dialog_message_not_system_user">Automatic system updates can only be managed by the main user.</string>
+    <string name="patch_level_expiry_warning_dialog_message_learn_more">Learn more about updates (including alternative update methods) and current releases at <xliff:g id="learn_more_url_text" example="grapheneos.org/usage">%1$s</xliff:g></string>
+    <string name="patch_level_expiry_warning_dialog_updater_unavailable_error_toast">System updater currently unavailable</string>
+    <string name="patch_level_expiry_warning_dialog_webpage_unavailable_error_toast">Unable to open webpage</string>
+    <string name="patch_level_expiry_warning_dialog_unable_to_parse_patch_level__s">The Android security patch level of your device (%1$s) could not be parsed by the system.</string>
+    <string name="patch_level_expiry_warning_dialog_expected_patch_level_format__s">The expected date format for the security patch level is: %1$s.</string>
+    <string name="patch_level_expiry_warning_dialog_unable_to_parse_patch_level_contact_community_github">Please use the community platforms and GitHub issue trackers for assistance. You can learn more about these platforms at <xliff:g id="contact_url_text" example="grapheneos.org/contact">%1$s</xliff:g></string>
+    <string name="patch_level_expiry_warning_dialog_updater_open_button">Check for updates</string>
+    <string name="patch_level_expiry_warning_dialog_updater_enable_button">Enable automatic updates</string>
+    <string name="patch_level_expiry_warning_dialog_tap_on_notification_to_reopen_dialog">Tap on the notification to reopen the popup.</string>
 </resources>

packages/SystemUI/src/com/android/systemui/BootReceiver.java

@@ -9,6 +9,8 @@
 import android.os.ServiceManager;
 import android.util.Log;
 
+import com.android.systemui.patchlevelwarning.PeriodicPatchLevelExpiryCheck;
+
 import vendor.google.google_battery.IGoogleBattery;
 
 public class BootReceiver extends BroadcastReceiver {
@@ -23,6 +25,8 @@ public void onReceive(Context context, Intent intent) {
         if (BatteryChargeLimit.isChargeLimitEnabled(context)) {
             setChargingPolicy(IGoogleBattery.BatteryChargingPolicy.LONGLIFE);
         }
+
+        PeriodicPatchLevelExpiryCheck.schedule(context, true);
     }
 
     private static void setChargingPolicy(int policy) {

packages/SystemUI/src/com/android/systemui/SystemUIApplication.java

@@ -74,6 +74,10 @@ public class SystemUIApplication extends Application implements
     private CoreStartable[] mServices;
     private boolean mServicesStarted;
     private SystemUIAppComponentFactoryBase.ContextAvailableCallback mContextAvailableCallback;
+
+    public SysUIComponent getSysUIComponent() {
+        return mSysUIComponent;
+    }
     private SysUIComponent mSysUIComponent;
     private SystemUIInitializer mInitializer;
     private ProcessWrapper mProcessWrapper;

packages/SystemUI/src/com/android/systemui/dagger/SysUIComponent.java

@@ -25,6 +25,7 @@
 import com.android.systemui.dagger.qualifiers.PerUser;
 import com.android.systemui.dump.DumpManager;
 import com.android.systemui.keyguard.KeyguardSliceProvider;
+import com.android.systemui.patchlevelwarning.PeriodicPatchLevelExpiryCheck;
 import com.android.systemui.people.PeopleProvider;
 import com.android.systemui.startable.Dependencies;
 import com.android.systemui.statusbar.NotificationInsetsModule;
@@ -182,4 +183,6 @@ interface Builder {
      * Member injection into the supplied argument.
      */
     void inject(PeopleProvider peopleProvider);
+
+    void inject(PeriodicPatchLevelExpiryCheck periodicPatchLevelExpiryCheck);
 }

packages/SystemUI/src/com/android/systemui/keyguard/KeyguardViewMediator.java

@@ -66,6 +66,7 @@
 import android.content.IntentFilter;
 import android.content.pm.PackageManager.NameNotFoundException;
 import android.content.pm.UserInfo;
+import android.database.ContentObserver;
 import android.graphics.Matrix;
 import android.hardware.biometrics.BiometricSourceType;
 import android.media.AudioAttributes;
@@ -138,6 +139,7 @@
 import com.android.systemui.broadcast.BroadcastDispatcher;
 import com.android.systemui.classifier.FalsingCollector;
 import com.android.systemui.communal.ui.viewmodel.CommunalTransitionViewModel;
+import com.android.systemui.dagger.qualifiers.Background;
 import com.android.systemui.dagger.qualifiers.Main;
 import com.android.systemui.dagger.qualifiers.UiBackground;
 import com.android.systemui.deviceentry.shared.DeviceEntryUdfpsRefactor;
@@ -151,6 +153,8 @@
 import com.android.systemui.keyguard.shared.model.TransitionStep;
 import com.android.systemui.log.SessionTracker;
 import com.android.systemui.navigationbar.NavigationModeController;
+import com.android.systemui.patchlevelwarning.PatchLevelWarningDialogDelegate;
+import com.android.systemui.patchlevelwarning.PeriodicPatchLevelExpiryCheck;
 import com.android.systemui.plugins.statusbar.StatusBarStateController;
 import com.android.systemui.process.ProcessWrapper;
 import com.android.systemui.res.R;
@@ -174,6 +178,7 @@
 import com.android.systemui.user.domain.interactor.SelectedUserInteractor;
 import com.android.systemui.util.DeviceConfigProxy;
 import com.android.systemui.util.kotlin.JavaAdapter;
+import com.android.systemui.util.settings.GlobalSettings;
 import com.android.systemui.util.settings.SecureSettings;
 import com.android.systemui.util.settings.SystemSettings;
 import com.android.systemui.util.time.SystemClock;
@@ -1434,6 +1439,21 @@ public void onPrimaryBouncerShowingChanged() {
     private final Lazy<WindowManagerLockscreenVisibilityManager> mWmLockscreenVisibilityManager;
 
     private WindowManagerOcclusionManager mWmOcclusionManager;
+
+    private final Lazy<PatchLevelWarningDialogDelegate> mPatchLevelWarningDialogDelegate;
+
+    private final Handler mBgHandler;
+
+    private final GlobalSettings mGlobalSettings;
+
+    private final BroadcastReceiver mPatchExpiryNotificiationTapReceiver = new BroadcastReceiver() {
+        @Override
+        public void onReceive(Context context, Intent intent) {
+            if (PeriodicPatchLevelExpiryCheck.OPEN_DIALOG_ACTION.equals(intent.getAction())) {
+                maybeShowPatchLevelExpiredDialog();
+            }
+        }
+    };
     /**
 
      * Injected constructor. See {@link KeyguardModule}.
@@ -1476,6 +1496,7 @@ public KeyguardViewMediator(
             FeatureFlags featureFlags,
             SecureSettings secureSettings,
             SystemSettings systemSettings,
+            GlobalSettings globalSettings,
             SystemClock systemClock,
             ProcessWrapper processWrapper,
             @Main CoroutineDispatcher mainDispatcher,
@@ -1485,7 +1506,9 @@ public KeyguardViewMediator(
             Lazy<WindowManagerLockscreenVisibilityManager> wmLockscreenVisibilityManager,
             SelectedUserInteractor selectedUserInteractor,
             KeyguardInteractor keyguardInteractor,
-            WindowManagerOcclusionManager wmOcclusionManager) {
+            WindowManagerOcclusionManager wmOcclusionManager,
+            Lazy<PatchLevelWarningDialogDelegate> patchLevelWarningDialogDelegate,
+            @Background Handler bgHandler) {
         mContext = context;
         mUserTracker = userTracker;
         mFalsingCollector = falsingCollector;
@@ -1563,6 +1586,10 @@ public KeyguardViewMediator(
         mShowKeyguardWakeLock.setReferenceCounted(false);
 
         mWmOcclusionManager = wmOcclusionManager;
+
+        mBgHandler = bgHandler;
+        mPatchLevelWarningDialogDelegate = patchLevelWarningDialogDelegate;
+        mGlobalSettings = globalSettings;
     }
 
     public void userActivity() {
@@ -1654,6 +1681,33 @@ private void setupLocked() {
         mJavaAdapter.alwaysCollectFlow(
                 mWallpaperRepository.getWallpaperSupportsAmbientMode(),
                 this::setWallpaperSupportsAmbientMode);
+
+        // note: observers are conflated
+        final ContentObserver observer = new ContentObserver(mBgHandler) {
+            @Override
+            public void onChange(boolean selfChange) {
+                if (PeriodicPatchLevelExpiryCheck.isPatchLevelWarningEnabled(mContext)) {
+                    PeriodicPatchLevelExpiryCheck.schedule(mContext, false);
+                } else {
+                    mPatchLevelWarningDialogDelegate.get().markDontShowOnKeyguard();
+                    PeriodicPatchLevelExpiryCheck.cancel(mContext);
+                }
+            }
+        };
+        final var expiryCheckEnabledUri =
+                Settings.Global.getUriFor(Settings.Global.PATCH_LEVEL_WARNING_DISABLED);
+        mGlobalSettings.registerContentObserverAsync(expiryCheckEnabledUri, observer);
+
+        final IntentFilter patchExpiryDialogOpenFilter = new IntentFilter();
+        patchExpiryDialogOpenFilter.addAction(PeriodicPatchLevelExpiryCheck.OPEN_DIALOG_ACTION);
+        patchExpiryDialogOpenFilter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY);
+        mContext.registerReceiver(mPatchExpiryNotificiationTapReceiver, patchExpiryDialogOpenFilter,
+                SYSTEMUI_PERMISSION, null /* scheduler */,
+                Context.RECEIVER_NOT_EXPORTED);
+    }
+
+    public void showPatchLevelExpiryWarningOnNextUnlock() {
+        mPatchLevelWarningDialogDelegate.get().markShowOnKeyguard();
     }
 
     @Override
@@ -2776,13 +2830,36 @@ private void sendUserPresentBroadcast() {
                                 USER_PRESENT_INTENT_OPTIONS);
                     }
                     mLockPatternUtils.userPresent(currentUserId);
+
+                    // Show expiry warning popup
+                    // This *could* be done as a separate app, but an implicit broadcast receiver
+                    // in a manifest wouldn't receive this broadcast.
+                    if (mPatchLevelWarningDialogDelegate.get().shouldShowOnThisKeyguardUnlock()) {
+                        maybeShowPatchLevelExpiredDialog();
+                    }
                 });
             } else {
                 mBootSendUserPresent = true;
             }
         }
     }
 
+    /**
+     * Maybe shows patch level expiry dialog with no checks on whether it has been shown on keyguard
+     * unlock already. Also used for opening the dialog in the notifications.
+     */
+    private void maybeShowPatchLevelExpiredDialog() {
+        mPatchLevelWarningDialogDelegate.get().beforeDialogShown();
+        // Although the periodic service will mark us to show the dialog on keyguard unlock,
+        // need to sanity check this against the actual expiry state and setting
+        if (PeriodicPatchLevelExpiryCheck.isPatchLevelExpiredOrUnparseable() &&
+                PeriodicPatchLevelExpiryCheck.isPatchLevelWarningEnabled(mContext)) {
+            // post to UI thread of keyguard because possibly still holding a lock here, and
+            // should finish rest of keyguard animations
+            mHandler.post(() -> mPatchLevelWarningDialogDelegate.get().createDialog().show());
+        }
+    }
+
     /**
      * @see #keyguardDone
      * @see #KEYGUARD_DONE_DRAWING

packages/SystemUI/src/com/android/systemui/keyguard/dagger/KeyguardModule.java

@@ -19,6 +19,7 @@
 import android.app.IActivityTaskManager;
 import android.app.trust.TrustManager;
 import android.content.Context;
+import android.os.Handler;
 import android.os.PowerManager;
 
 import com.android.internal.jank.InteractionJankMonitor;
@@ -43,6 +44,7 @@
 import com.android.systemui.classifier.FalsingModule;
 import com.android.systemui.communal.ui.viewmodel.CommunalTransitionViewModel;
 import com.android.systemui.dagger.SysUISingleton;
+import com.android.systemui.dagger.qualifiers.Background;
 import com.android.systemui.dagger.qualifiers.Main;
 import com.android.systemui.dagger.qualifiers.UiBackground;
 import com.android.systemui.dreams.DreamOverlayStateController;
@@ -66,6 +68,7 @@
 import com.android.systemui.keyguard.ui.viewmodel.KeyguardQuickAffordancesCombinedViewModelModule;
 import com.android.systemui.log.SessionTracker;
 import com.android.systemui.navigationbar.NavigationModeController;
+import com.android.systemui.patchlevelwarning.PatchLevelWarningDialogDelegate;
 import com.android.systemui.process.ProcessWrapper;
 import com.android.systemui.settings.UserTracker;
 import com.android.systemui.shade.ShadeController;
@@ -81,6 +84,7 @@
 import com.android.systemui.util.DeviceConfigProxy;
 import com.android.systemui.util.ThreadAssert;
 import com.android.systemui.util.kotlin.JavaAdapter;
+import com.android.systemui.util.settings.GlobalSettings;
 import com.android.systemui.util.settings.SecureSettings;
 import com.android.systemui.util.settings.SystemSettings;
 import com.android.systemui.util.time.SystemClock;
@@ -166,6 +170,7 @@ static KeyguardViewMediator newKeyguardViewMediator(
             FeatureFlags featureFlags,
             SecureSettings secureSettings,
             SystemSettings systemSettings,
+            GlobalSettings globalSettings,
             SystemClock systemClock,
             ProcessWrapper processWrapper,
             @Main CoroutineDispatcher mainDispatcher,
@@ -175,7 +180,9 @@ static KeyguardViewMediator newKeyguardViewMediator(
             Lazy<WindowManagerLockscreenVisibilityManager> wmLockscreenVisibilityManager,
             SelectedUserInteractor selectedUserInteractor,
             KeyguardInteractor keyguardInteractor,
-            WindowManagerOcclusionManager windowManagerOcclusionManager) {
+            WindowManagerOcclusionManager windowManagerOcclusionManager,
+            Lazy<PatchLevelWarningDialogDelegate> patchLevelWarningDialogDelegate,
+            @Background Handler bgHandler) {
         return new KeyguardViewMediator(
                 context,
                 uiEventLogger,
@@ -216,6 +223,7 @@ static KeyguardViewMediator newKeyguardViewMediator(
                 featureFlags,
                 secureSettings,
                 systemSettings,
+                globalSettings,
                 systemClock,
                 processWrapper,
                 mainDispatcher,
@@ -225,7 +233,9 @@ static KeyguardViewMediator newKeyguardViewMediator(
                 wmLockscreenVisibilityManager,
                 selectedUserInteractor,
                 keyguardInteractor,
-                windowManagerOcclusionManager);
+                windowManagerOcclusionManager,
+                patchLevelWarningDialogDelegate,
+                bgHandler);
     }
 
     /** */