If we're concerned about performance, this could also be a bitmask instead

No, the Flags are find and make this clear.

Sample hook for violations could look like this:

public static void onDemoViolation(@NonNull Fragment fragment) {
    Policy policy = getNearestPolicy(fragment);
    if (policy.flags.contains(Flag.DETECT_DEMO)) {
        onPolicyViolation(policy, new DemoViolation());
    }
}

This would be called from wherever the violation is triggered.

StrictMode also requires an Executor here on which the listener is called. Could possibly also make sense here 🤔

If we can skip it here we should. Ideally this is as simple as possible.

I think there's some interesting implications around this, particularly when we want all listeners to be triggered prior to processing the penaltyDeath that might inform the structure we want to provide here, even if we don't expose this directly.

For example, do we really want a direct executor to be the default? I could imagine that using the FragmentHostCallback's Handler (which, for FragmentActivity is the main thread) would be another valid default that would align with most/all of the actual cases we have in mind.

Do you think this work is feasible to do (without a massive rewrite) as a follow up CL? If so, I am okay with just making it more explicit in the Javadoc here with what thread this is being called on (right now, it seems like 'the thread that triggered the policy violation').

One other case I'd like for us to keep in mind is what coroutine friendly API could we build. I don't expect that as part of this initial CL (it is big enough as is), but I'd hate to close that avenue off entirely.

Moving it to the Handler of the FragmentHostCallback sounds like a good idea to me. The only thing that might cause problems is the guarantee that the penaltyDeath handling will happen after all listeners, so we might need to move this onto the Handler as well.

Anyways, should be doable without a big rewrite. For now I added a comment and I'll work on a follow-up PR for this once it is landed.

Yeah, I expect that we should do a check similar to what ensureExecReady() does to either 1) synchronously trigger listeners / penalty death if we're already on the right looper or 2) post to the Handler with two messages: one for dispatching to listeners, the second to trigger the penalty death.

SGTM to do this in a follow up CL, preferably attached to the same underlying issue.

Killing the process might be extreme here, I think we should throw the Violation instead.

I got this from StrictMode, that's how it reacts to penaltyDeath violations: https://cs.android.com/android/platform/superproject/ /master:frameworks/base/core/java/android/os/StrictMode.java;l=2308-2312?q=strictmode

My guess as to why it isn't an exception would be to bypass any Thread.UncaughtExceptionHandler that might be registered. But I'd also be fine with just throwing here.

Process.killProcess means that any crash analytics won't pick up these exceptions, which I think is a big downside. Let's just throw.

No, the Flags are find and make this clear.

Let's do Policy.NONE instead here

Did this for the sake of consistency to StrictMode (see here), but also fine with changing it if you prefer.

If we can skip it here we should. Ideally this is as simple as possible.

'to a certain FragmentManager', not to a certain thread.

Use StrictFragment() rather than just Fragment() here and elsewhere as that gives us some extra debugging information for tests.

Let's use the same wording as setFragmentFactory():

The {@link Fragment#getChildFragmentManager() child FragmentManager} of all Fragments
in this FragmentManager will also use this policy if one is not explicitly set.

I think there's some interesting implications around this, particularly when we want all listeners to be triggered prior to processing the penaltyDeath that might inform the structure we want to provide here, even if we don't expose this directly.

For example, do we really want a direct executor to be the default? I could imagine that using the FragmentHostCallback's Handler (which, for FragmentActivity is the main thread) would be another valid default that would align with most/all of the actual cases we have in mind.

Do you think this work is feasible to do (without a massive rewrite) as a follow up CL? If so, I am okay with just making it more explicit in the Javadoc here with what thread this is being called on (right now, it seems like 'the thread that triggered the policy violation').

One other case I'd like for us to keep in mind is what coroutine friendly API could we build. I don't expect that as part of this initial CL (it is big enough as is), but I'd hate to close that avenue off entirely.

I'm not particularly enthusiastic about this static call from anywhere as I think it precludes the host Handler / Executor discussion above.

Depends on what we should run on the Handler/Executor I think. We could either

1. just trigger the listeners or
2. do the whole processing (logging, checking policy, listeners, ...)

on the Executor. In either case, I think we can easily switch get the right Handler, since we get the violating Fragment as parameter. Another option I can think of would be to make FragmentStrictMode a singleton and keep a reference to it in each Fragment, but I'm not sure if that's actually better.

I'd be okay if the follow up CL we talked about had another version of this that took in the Handler did the synchronous / posted dispatch I mentioned in my other comment. That would give the right behavior without necessarily precluding this static method style.

FragmentStrictMode is already the tag, you can remove it from the string itself (and the trailing : ) - just "Policy Violation". I think it would be very helpful to print out the causing Fragment with the log message though so that developers can tie this log message back to a particular fragment.

Process.killProcess means that any crash analytics won't pick up these exceptions, which I think is a big downside. Let's just throw.

Yeah, I expect that we should do a check similar to what ensureExecReady() does to either 1) synchronously trigger listeners / penalty death if we're already on the right looper or 2) post to the Handler with two messages: one for dispatching to listeners, the second to trigger the penalty death.

SGTM to do this in a follow up CL, preferably attached to the same underlying issue.

I'd be okay if the follow up CL we talked about had another version of this that took in the Handler did the synchronous / posted dispatch I mentioned in my other comment. That would give the right behavior without necessarily precluding this static method style.

What Lint actually wanted you to do was:

FragmentStrictMode.setDefaultPolicy(
    FragmentStrictMode.Policy.Builder()
        .penaltyDeath()
        .build()
)

Sure, I just thought this would be more readable. You want me to change it?

We actually have a codestyles.xml that enforces the style ian mentioned just to have some consistency, does that not automatically configure for you when starting studio via ./gradlew studio?

I used ./gradlew studio, but could be that I just didn't auto-format before committing.