Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 16e64b58 authored by Achim Thesmann's avatar Achim Thesmann
Browse files

Fix abort logic 

When the caller and real caller both are allowed to do BAL, but bothe
neither opt-in not opt-out, it is not sufficient to just check the
caller's BAL status. The caller can target a higher SDK and be opted
outby default and the real caller can target a lower SDK and be opted-in
by default. This is a constallation that was not checked and caused an
BAL block verdict.
The new logic now handles ALL opt-in cases first and separatley logs the
case where an opt-in might be missing.

Test: atest BackgroundActivityLaunchTests
Bug: 322241058
Change-Id: I9d9c8d48b4b9c8b275f067eba5cbc0a21cd7fc5e
parent c96387d3

services/core/java/com/android/server/wm/BackgroundActivityStartController.java

+7 −38
Original line number Diff line number Diff line
@@ -717,31 +717,6 @@ public class BackgroundActivityStartController { 
        boolean callerCanAllow = resultForCaller.allows() && !state.callerExplicitOptOut();

        boolean realCallerCanAllow = resultForRealCaller.allows()

                && !state.realCallerExplicitOptOut();

        if (callerCanAllow && realCallerCanAllow) {

            // Both caller and real caller allow with system defined behavior

            if (state.mBalAllowedByPiCreatorWithHardening.allowsBackgroundActivityStarts()) {

                // Will be allowed even with BAL hardening.

                if (DEBUG_ACTIVITY_STARTS) {

                    Slog.d(TAG, "Activity start allowed by caller. "

                            + state.dump());

                }

                return allowBasedOnCaller(state);

            }

            if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {

                Slog.wtf(TAG,

                        "With Android 15 BAL hardening this activity start may be blocked"

                                + " if the PI creator upgrades target_sdk to 35+"

                                + " AND the PI sender upgrades target_sdk to 34+! "

                                + state.dump());

                showBalRiskToast();

                return allowBasedOnCaller(state);

            }

            Slog.wtf(TAG,

                    "Without Android 15 BAL hardening this activity start would be allowed"

                            + " (missing opt in by PI creator or sender)! "

                            + state.dump());

            return abortLaunch(state);

        }

        if (callerCanAllow) {

            // Allowed before V by creator

            if (state.mBalAllowedByPiCreatorWithHardening.allowsBackgroundActivityStarts()) {
@@ -753,35 +728,29 @@ public class BackgroundActivityStartController { 
                return allowBasedOnCaller(state);

            }

            if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {

                Slog.wtf(TAG,

                        "With Android 15 BAL hardening this activity start may be blocked"

                Slog.wtf(TAG, "With Android 15 BAL hardening this activity start may be blocked"

                                + " if the PI creator upgrades target_sdk to 35+! "

                                + " (missing opt in by PI creator)! "

                                + state.dump());

                showBalRiskToast();

                return allowBasedOnCaller(state);

            }

            Slog.wtf(TAG,

                    "Without Android 15 BAL hardening this activity start would be allowed"

                            + " (missing opt in by PI creator)! "

                            + state.dump());

            return abortLaunch(state);

        }

        if (realCallerCanAllow) {

            // Allowed before U by sender

            if (state.mBalAllowedByPiSender.allowsBackgroundActivityStarts()) {

                Slog.wtf(TAG,

                        "With Android 14 BAL hardening this activity start will be blocked"

                Slog.wtf(TAG, "With Android 14 BAL hardening this activity start will be blocked"

                                + " if the PI sender upgrades target_sdk to 34+! "

                                + " (missing opt in by PI sender)! "

                                + state.dump());

                showBalRiskToast();

                return allowBasedOnRealCaller(state);

            }

            Slog.wtf(TAG, "Without Android 14 BAL hardening this activity start would be allowed"

                    + " (missing opt in by PI sender)! "

        }

        // caller or real caller could start the activity, but would need to explicitly opt in

        if (callerCanAllow || realCallerCanAllow) {

            Slog.wtf(TAG, "Without BAL hardening this activity start would be allowed "

                            + state.dump());

            return abortLaunch(state);

        }

        // neither the caller not the realCaller can allow or have explicitly opted out

        return abortLaunch(state);