Loading services/core/java/com/android/server/am/PendingIntentRecord.java +11 −8 Original line number Diff line number Diff line Loading @@ -349,21 +349,22 @@ public final class PendingIntentRecord extends IIntentSender.Stub { * use caller's BAL permission. */ public static BackgroundStartPrivileges getBackgroundStartPrivilegesAllowedByCaller( @Nullable ActivityOptions activityOptions, int callingUid) { @Nullable ActivityOptions activityOptions, int callingUid, @Nullable String callingPackage) { if (activityOptions == null) { // since the ActivityOptions were not created by the app itself, determine the default // for the app return getDefaultBackgroundStartPrivileges(callingUid); return getDefaultBackgroundStartPrivileges(callingUid, callingPackage); } return getBackgroundStartPrivilegesAllowedByCaller(activityOptions.toBundle(), callingUid); callingUid, callingPackage); } private static BackgroundStartPrivileges getBackgroundStartPrivilegesAllowedByCaller( @Nullable Bundle options, int callingUid) { @Nullable Bundle options, int callingUid, @Nullable String callingPackage) { if (options == null || !options.containsKey( ActivityOptions.KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED)) { return getDefaultBackgroundStartPrivileges(callingUid); return getDefaultBackgroundStartPrivileges(callingUid, callingPackage); } return options.getBoolean(ActivityOptions.KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED) ? BackgroundStartPrivileges.ALLOW_BAL Loading @@ -382,7 +383,7 @@ public final class PendingIntentRecord extends IIntentSender.Stub { android.Manifest.permission.LOG_COMPAT_CHANGE }) public static BackgroundStartPrivileges getDefaultBackgroundStartPrivileges( int callingUid) { int callingUid, @Nullable String callingPackage) { if (UserHandle.getAppId(callingUid) == Process.SYSTEM_UID) { // We temporarily allow BAL for system processes, while we verify that all valid use // cases are opted in explicitly to grant their BAL permission. Loading @@ -391,7 +392,9 @@ public final class PendingIntentRecord extends IIntentSender.Stub { // as soon as that app is upgraded (or removed) BAL would be blocked. (b/283138430) return BackgroundStartPrivileges.ALLOW_BAL; } boolean isChangeEnabledForApp = CompatChanges.isChangeEnabled( boolean isChangeEnabledForApp = callingPackage != null ? CompatChanges.isChangeEnabled( DEFAULT_RESCIND_BAL_PRIVILEGES_FROM_PENDING_INTENT_SENDER, callingPackage, UserHandle.getUserHandleForUid(callingUid)) : CompatChanges.isChangeEnabled( DEFAULT_RESCIND_BAL_PRIVILEGES_FROM_PENDING_INTENT_SENDER, callingUid); if (isChangeEnabledForApp) { return BackgroundStartPrivileges.ALLOW_FGS; Loading Loading @@ -647,7 +650,7 @@ public final class PendingIntentRecord extends IIntentSender.Stub { // temporarily allow receivers and services to open activities from background if the // PendingIntent.send() caller was foreground at the time of sendInner() call if (uid != callingUid && controller.mAtmInternal.isUidForeground(callingUid)) { return getBackgroundStartPrivilegesAllowedByCaller(options, callingUid); return getBackgroundStartPrivilegesAllowedByCaller(options, callingUid, null); } return BackgroundStartPrivileges.NONE; } Loading services/core/java/com/android/server/wm/ActivityTaskManagerService.java +27 −0 Original line number Diff line number Diff line Loading @@ -5342,6 +5342,12 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { return null; } /** * Returns the {@link WindowProcessController} for the app process for the given uid and pid. * * If no such {@link WindowProcessController} is found, it does not belong to an app, or the * pid does not match the uid {@code null} is returned. */ WindowProcessController getProcessController(int pid, int uid) { final WindowProcessController proc = mProcessMap.getProcess(pid); if (proc == null) return null; Loading @@ -5351,6 +5357,27 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { return null; } /** * Returns the package name if (and only if) the package name can be uniquely determined. * Otherwise returns {@code null}. * * The provided pid must match the provided uid, otherwise this also returns null. */ @Nullable String getPackageNameIfUnique(int uid, int pid) { final WindowProcessController proc = mProcessMap.getProcess(pid); if (proc == null || proc.mUid != uid) { Slog.w(TAG, "callingPackage for (uid=" + uid + ", pid=" + pid + ") has no WPC"); return null; } List<String> realCallingPackages = proc.getPackageList(); if (realCallingPackages.size() != 1) { Slog.w(TAG, "callingPackage for (uid=" + uid + ", pid=" + pid + ") is ambiguous: " + realCallingPackages); return null; } return realCallingPackages.get(0); } /** A uid is considered to be foreground if it has a visible non-toast window. */ @HotPath(caller = HotPath.START_SERVICE) boolean hasActiveVisibleWindow(int uid) { Loading services/core/java/com/android/server/wm/BackgroundActivityStartController.java +10 −4 Original line number Diff line number Diff line Loading @@ -180,7 +180,8 @@ public class BackgroundActivityStartController { Intent intent, ActivityOptions checkedOptions) { return checkBackgroundActivityStart(callingUid, callingPid, callingPackage, realCallingUid, realCallingPid, callerApp, originatingPendingIntent, realCallingUid, realCallingPid, callerApp, originatingPendingIntent, backgroundStartPrivileges, intent, checkedOptions) == BAL_BLOCK; } Loading Loading @@ -288,11 +289,13 @@ public class BackgroundActivityStartController { } } String realCallingPackage = mService.getPackageNameIfUnique(realCallingUid, realCallingPid); // Legacy behavior allows to use caller foreground state to bypass BAL restriction. // The options here are the options passed by the sender and not those on the intent. final BackgroundStartPrivileges balAllowedByPiSender = PendingIntentRecord.getBackgroundStartPrivilegesAllowedByCaller( checkedOptions, realCallingUid); checkedOptions, realCallingUid, realCallingPackage); final boolean logVerdictChangeByPiDefaultChange = checkedOptions == null || checkedOptions.getPendingIntentBackgroundActivityStartMode() Loading Loading @@ -460,8 +463,11 @@ public class BackgroundActivityStartController { // If we are here, it means all exemptions not based on PI sender failed, so we'll block // unless resultIfPiSenderAllowsBal is an allow and the PI sender allows BAL String realCallingPackage = callingUid == realCallingUid ? callingPackage : mService.mContext.getPackageManager().getNameForUid(realCallingUid); if (realCallingPackage == null) { realCallingPackage = (callingUid == realCallingUid ? callingPackage : mService.mContext.getPackageManager().getNameForUid(realCallingUid)) + "[debugOnly]"; } String stateDumpLog = " [callingPackage: " + callingPackage + "; callingUid: " + callingUid Loading services/core/java/com/android/server/wm/WindowProcessController.java +6 −0 Original line number Diff line number Diff line Loading @@ -721,6 +721,12 @@ public class WindowProcessController extends ConfigurationContainer<Configuratio } } List<String> getPackageList() { synchronized (mPkgList) { return new ArrayList<>(mPkgList); } } void addActivityIfNeeded(ActivityRecord r) { // even if we already track this activity, note down that it has been launched setLastActivityLaunchTime(r); Loading services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java +1 −1 Original line number Diff line number Diff line Loading @@ -944,7 +944,7 @@ public class ActivityStarterTests extends WindowTestsBase { anyInt(), anyInt())); doReturn(BackgroundStartPrivileges.allowBackgroundActivityStarts(null)).when( () -> PendingIntentRecord.getBackgroundStartPrivilegesAllowedByCaller( anyObject(), anyInt())); anyObject(), anyInt(), anyObject())); runAndVerifyBackgroundActivityStartsSubtest( "allowed_notAborted", false, UNIMPORTANT_UID, false, PROCESS_STATE_BOUND_TOP, Loading Loading
services/core/java/com/android/server/am/PendingIntentRecord.java +11 −8 Original line number Diff line number Diff line Loading @@ -349,21 +349,22 @@ public final class PendingIntentRecord extends IIntentSender.Stub { * use caller's BAL permission. */ public static BackgroundStartPrivileges getBackgroundStartPrivilegesAllowedByCaller( @Nullable ActivityOptions activityOptions, int callingUid) { @Nullable ActivityOptions activityOptions, int callingUid, @Nullable String callingPackage) { if (activityOptions == null) { // since the ActivityOptions were not created by the app itself, determine the default // for the app return getDefaultBackgroundStartPrivileges(callingUid); return getDefaultBackgroundStartPrivileges(callingUid, callingPackage); } return getBackgroundStartPrivilegesAllowedByCaller(activityOptions.toBundle(), callingUid); callingUid, callingPackage); } private static BackgroundStartPrivileges getBackgroundStartPrivilegesAllowedByCaller( @Nullable Bundle options, int callingUid) { @Nullable Bundle options, int callingUid, @Nullable String callingPackage) { if (options == null || !options.containsKey( ActivityOptions.KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED)) { return getDefaultBackgroundStartPrivileges(callingUid); return getDefaultBackgroundStartPrivileges(callingUid, callingPackage); } return options.getBoolean(ActivityOptions.KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED) ? BackgroundStartPrivileges.ALLOW_BAL Loading @@ -382,7 +383,7 @@ public final class PendingIntentRecord extends IIntentSender.Stub { android.Manifest.permission.LOG_COMPAT_CHANGE }) public static BackgroundStartPrivileges getDefaultBackgroundStartPrivileges( int callingUid) { int callingUid, @Nullable String callingPackage) { if (UserHandle.getAppId(callingUid) == Process.SYSTEM_UID) { // We temporarily allow BAL for system processes, while we verify that all valid use // cases are opted in explicitly to grant their BAL permission. Loading @@ -391,7 +392,9 @@ public final class PendingIntentRecord extends IIntentSender.Stub { // as soon as that app is upgraded (or removed) BAL would be blocked. (b/283138430) return BackgroundStartPrivileges.ALLOW_BAL; } boolean isChangeEnabledForApp = CompatChanges.isChangeEnabled( boolean isChangeEnabledForApp = callingPackage != null ? CompatChanges.isChangeEnabled( DEFAULT_RESCIND_BAL_PRIVILEGES_FROM_PENDING_INTENT_SENDER, callingPackage, UserHandle.getUserHandleForUid(callingUid)) : CompatChanges.isChangeEnabled( DEFAULT_RESCIND_BAL_PRIVILEGES_FROM_PENDING_INTENT_SENDER, callingUid); if (isChangeEnabledForApp) { return BackgroundStartPrivileges.ALLOW_FGS; Loading Loading @@ -647,7 +650,7 @@ public final class PendingIntentRecord extends IIntentSender.Stub { // temporarily allow receivers and services to open activities from background if the // PendingIntent.send() caller was foreground at the time of sendInner() call if (uid != callingUid && controller.mAtmInternal.isUidForeground(callingUid)) { return getBackgroundStartPrivilegesAllowedByCaller(options, callingUid); return getBackgroundStartPrivilegesAllowedByCaller(options, callingUid, null); } return BackgroundStartPrivileges.NONE; } Loading
services/core/java/com/android/server/wm/ActivityTaskManagerService.java +27 −0 Original line number Diff line number Diff line Loading @@ -5342,6 +5342,12 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { return null; } /** * Returns the {@link WindowProcessController} for the app process for the given uid and pid. * * If no such {@link WindowProcessController} is found, it does not belong to an app, or the * pid does not match the uid {@code null} is returned. */ WindowProcessController getProcessController(int pid, int uid) { final WindowProcessController proc = mProcessMap.getProcess(pid); if (proc == null) return null; Loading @@ -5351,6 +5357,27 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { return null; } /** * Returns the package name if (and only if) the package name can be uniquely determined. * Otherwise returns {@code null}. * * The provided pid must match the provided uid, otherwise this also returns null. */ @Nullable String getPackageNameIfUnique(int uid, int pid) { final WindowProcessController proc = mProcessMap.getProcess(pid); if (proc == null || proc.mUid != uid) { Slog.w(TAG, "callingPackage for (uid=" + uid + ", pid=" + pid + ") has no WPC"); return null; } List<String> realCallingPackages = proc.getPackageList(); if (realCallingPackages.size() != 1) { Slog.w(TAG, "callingPackage for (uid=" + uid + ", pid=" + pid + ") is ambiguous: " + realCallingPackages); return null; } return realCallingPackages.get(0); } /** A uid is considered to be foreground if it has a visible non-toast window. */ @HotPath(caller = HotPath.START_SERVICE) boolean hasActiveVisibleWindow(int uid) { Loading
services/core/java/com/android/server/wm/BackgroundActivityStartController.java +10 −4 Original line number Diff line number Diff line Loading @@ -180,7 +180,8 @@ public class BackgroundActivityStartController { Intent intent, ActivityOptions checkedOptions) { return checkBackgroundActivityStart(callingUid, callingPid, callingPackage, realCallingUid, realCallingPid, callerApp, originatingPendingIntent, realCallingUid, realCallingPid, callerApp, originatingPendingIntent, backgroundStartPrivileges, intent, checkedOptions) == BAL_BLOCK; } Loading Loading @@ -288,11 +289,13 @@ public class BackgroundActivityStartController { } } String realCallingPackage = mService.getPackageNameIfUnique(realCallingUid, realCallingPid); // Legacy behavior allows to use caller foreground state to bypass BAL restriction. // The options here are the options passed by the sender and not those on the intent. final BackgroundStartPrivileges balAllowedByPiSender = PendingIntentRecord.getBackgroundStartPrivilegesAllowedByCaller( checkedOptions, realCallingUid); checkedOptions, realCallingUid, realCallingPackage); final boolean logVerdictChangeByPiDefaultChange = checkedOptions == null || checkedOptions.getPendingIntentBackgroundActivityStartMode() Loading Loading @@ -460,8 +463,11 @@ public class BackgroundActivityStartController { // If we are here, it means all exemptions not based on PI sender failed, so we'll block // unless resultIfPiSenderAllowsBal is an allow and the PI sender allows BAL String realCallingPackage = callingUid == realCallingUid ? callingPackage : mService.mContext.getPackageManager().getNameForUid(realCallingUid); if (realCallingPackage == null) { realCallingPackage = (callingUid == realCallingUid ? callingPackage : mService.mContext.getPackageManager().getNameForUid(realCallingUid)) + "[debugOnly]"; } String stateDumpLog = " [callingPackage: " + callingPackage + "; callingUid: " + callingUid Loading
services/core/java/com/android/server/wm/WindowProcessController.java +6 −0 Original line number Diff line number Diff line Loading @@ -721,6 +721,12 @@ public class WindowProcessController extends ConfigurationContainer<Configuratio } } List<String> getPackageList() { synchronized (mPkgList) { return new ArrayList<>(mPkgList); } } void addActivityIfNeeded(ActivityRecord r) { // even if we already track this activity, note down that it has been launched setLastActivityLaunchTime(r); Loading
services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java +1 −1 Original line number Diff line number Diff line Loading @@ -944,7 +944,7 @@ public class ActivityStarterTests extends WindowTestsBase { anyInt(), anyInt())); doReturn(BackgroundStartPrivileges.allowBackgroundActivityStarts(null)).when( () -> PendingIntentRecord.getBackgroundStartPrivilegesAllowedByCaller( anyObject(), anyInt())); anyObject(), anyInt(), anyObject())); runAndVerifyBackgroundActivityStartsSubtest( "allowed_notAborted", false, UNIMPORTANT_UID, false, PROCESS_STATE_BOUND_TOP, Loading
