Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 155a6867 authored by Achim Thesmann's avatar Achim Thesmann
Browse files

Clear the BAL allowlist duration 

Clearing BAL privileges of a PendingIntent only cleared the tokens,
but kept the duration based entries. `clearAllowBgActivityStarts` is exclusively used by SystemUI (in NotificationManagerService) and fixing this is part of fixing a security vulnerability (therefore and because this is a low risk change it is not flag guarded).

BYPASS_INCLUSIVE_LANGUAGE_REASON=Using an existing API

Bug: 322159724
Flag: EXEMPT bugfix
Test: atest PendingIntentControllerTest
Change-Id: I88e4df8fe4989fbc26aaa0e672626f3a1042678e
parent 8aef21b7

services/core/java/com/android/server/am/PendingIntentRecord.java

+11 −1
Original line number Diff line number Diff line
@@ -305,6 +305,10 @@ public final class PendingIntentRecord extends IIntentSender.Stub { 
        this.stringName = null;

    }



    @VisibleForTesting TempAllowListDuration getAllowlistDurationLocked(IBinder allowlistToken) {

        return mAllowlistDuration.get(allowlistToken);

    }



    void setAllowBgActivityStarts(IBinder token, int flags) {

        if (token == null) return;

        if ((flags & FLAG_ACTIVITY_SENDER) != 0) {
@@ -323,6 +327,12 @@ public final class PendingIntentRecord extends IIntentSender.Stub { 
        mAllowBgActivityStartsForActivitySender.remove(token);

        mAllowBgActivityStartsForBroadcastSender.remove(token);

        mAllowBgActivityStartsForServiceSender.remove(token);

        if (mAllowlistDuration != null) {

            mAllowlistDuration.remove(token);

            if (mAllowlistDuration.isEmpty()) {

                mAllowlistDuration = null;

            }

        }

    }



    public void registerCancelListenerLocked(IResultReceiver receiver) {
@@ -703,7 +713,7 @@ public final class PendingIntentRecord extends IIntentSender.Stub { 
        return res;

    }



    private BackgroundStartPrivileges getBackgroundStartPrivilegesForActivitySender(

    @VisibleForTesting BackgroundStartPrivileges getBackgroundStartPrivilegesForActivitySender(

            IBinder allowlistToken) {

        return mAllowBgActivityStartsForActivitySender.contains(allowlistToken)

                ? BackgroundStartPrivileges.allowBackgroundActivityStarts(allowlistToken)

services/tests/mockingservicestests/src/com/android/server/am/PendingIntentControllerTest.java

+34 −0
Original line number Diff line number Diff line
@@ -16,6 +16,8 @@ 


package com.android.server.am;



import static android.os.PowerWhitelistManager.REASON_NOTIFICATION_SERVICE;

import static android.os.PowerWhitelistManager.TEMPORARY_ALLOWLIST_TYPE_FOREGROUND_SERVICE_ALLOWED;

import static android.os.Process.INVALID_UID;



import static com.android.dx.mockito.inline.extended.ExtendedMockito.doReturn;
@@ -27,9 +29,11 @@ import static com.android.server.am.PendingIntentRecord.CANCEL_REASON_OWNER_CANC 
import static com.android.server.am.PendingIntentRecord.CANCEL_REASON_OWNER_FORCE_STOPPED;

import static com.android.server.am.PendingIntentRecord.CANCEL_REASON_SUPERSEDED;

import static com.android.server.am.PendingIntentRecord.CANCEL_REASON_USER_STOPPED;

import static com.android.server.am.PendingIntentRecord.FLAG_ACTIVITY_SENDER;

import static com.android.server.am.PendingIntentRecord.cancelReasonToString;



import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertNull;

import static org.mockito.ArgumentMatchers.anyInt;

import static org.mockito.ArgumentMatchers.anyLong;

import static org.mockito.ArgumentMatchers.eq;
@@ -39,9 +43,11 @@ import static org.mockito.Mockito.when; 
import android.app.ActivityManager;

import android.app.ActivityManagerInternal;

import android.app.AppGlobals;

import android.app.BackgroundStartPrivileges;

import android.app.PendingIntent;

import android.content.Intent;

import android.content.pm.IPackageManager;

import android.os.Binder;

import android.os.Looper;

import android.os.UserHandle;
@@ -179,6 +185,34 @@ public class PendingIntentControllerTest { 
        }

    }



    @Test

    public void testClearAllowBgActivityStartsClearsToken() {

        final PendingIntentRecord pir = createPendingIntentRecord(0);

        Binder token = new Binder();

        pir.setAllowBgActivityStarts(token, FLAG_ACTIVITY_SENDER);

        assertEquals(BackgroundStartPrivileges.allowBackgroundActivityStarts(token),

                pir.getBackgroundStartPrivilegesForActivitySender(token));

        pir.clearAllowBgActivityStarts(token);

        assertEquals(BackgroundStartPrivileges.NONE,

                pir.getBackgroundStartPrivilegesForActivitySender(token));

    }



    @Test

    public void testClearAllowBgActivityStartsClearsDuration() {

        final PendingIntentRecord pir = createPendingIntentRecord(0);

        Binder token = new Binder();

        pir.setAllowlistDurationLocked(token, 1000,

                TEMPORARY_ALLOWLIST_TYPE_FOREGROUND_SERVICE_ALLOWED, REASON_NOTIFICATION_SERVICE,

                "NotificationManagerService");

        PendingIntentRecord.TempAllowListDuration allowlistDurationLocked =

                pir.getAllowlistDurationLocked(token);

        assertEquals(1000, allowlistDurationLocked.duration);

        pir.clearAllowBgActivityStarts(token);

        PendingIntentRecord.TempAllowListDuration allowlistDurationLockedAfterClear =

                pir.getAllowlistDurationLocked(token);

        assertNull(allowlistDurationLockedAfterClear);

    }



    private void assertCancelReason(int expectedReason, int actualReason) {

        final String errMsg = "Expected: " + cancelReasonToString(expectedReason)

                + "; Actual: " + cancelReasonToString(actualReason);