Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2a0d6fee authored by Hani Kazmi's avatar Hani Kazmi
Browse files

ASM Opt-In flag clean up. 

This change cleans up some of the changes introduced in change-id
I4668de42dc41a78778166aa053b723a36b49f32b.

1. Address a few places where ASM checks could still be performed even
   if the top activity has not opted in.
2. Remove the grace period exception for activities which have opted-in.
   As we swap to an off-by-default model, we can trial being more
   restrictive here, and loosen policies based on feedback.
3. Makes more strict a handful of other checks - if we end up in an
   unexpected situation, we block.
4. Opt in system components
5. Allow most BAL exemptions to also apply to clearing a task

Bug: 322913638
Test: atest ActivitySecurityModelTest
      ActivitySecurityModelEmbeddingTest BackgroundActivityLaunchTest
Change-Id: Ibf44a114dd792397c441d04bfc9de9e458347e62
parent 833cf624

core/java/android/app/Activity.java

+3 −3
Original line number Diff line number Diff line
@@ -9591,9 +9591,9 @@ public class Activity extends ContextThemeWrapper 
     * Specifies whether the activities below this one in the task can also start other activities

     * or finish the task.

     * <p>

     * Starting from Target SDK Level {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, apps

     * are blocked from starting new activities or finishing their task unless the top activity of

     * such task belong to the same UID for security reasons.

     * Starting from Target SDK Level {@link android.os.Build.VERSION_CODES#VANILLA_ICE_CREAM}, apps

     * may be blocked from starting new activities or finishing their task unless the top activity

     * of such task belong to the same UID for security reasons.

     * <p>

     * Setting this flag to {@code true} will allow the launching app to ignore the restriction if

     * this activity is on top. Apps matching the UID of this activity are always exempt.

services/core/java/com/android/server/wm/ActivityClientController.java

+2 −1
Original line number Diff line number Diff line
@@ -506,7 +506,8 @@ class ActivityClientController extends IActivityClientController.Stub { 
                    // keep backwards compatibility we remove the task from recents when finishing

                    // task with root activity.

                    mTaskSupervisor.removeTask(tr, false /*killProcess*/,

                            finishWithRootActivity, "finish-activity", r.getUid(), r.info.name);

                            finishWithRootActivity, "finish-activity", r.getUid(), r.getPid(),

                            r.info.name);

                    res = true;

                    // Explicitly dismissing the activity so reset its relaunch flag.

                    r.mRelaunchReason = RELAUNCH_REASON_NONE;

services/core/java/com/android/server/wm/ActivitySecurityModelFeatureFlags.java

+1 −1
Original line number Diff line number Diff line
@@ -41,7 +41,7 @@ class ActivitySecurityModelFeatureFlags { 
    static final String DOC_LINK = "go/android-asm";



    /** Used to determine which version of the ASM logic was used in logs while we iterate */

    static final int ASM_VERSION = 9;

    static final int ASM_VERSION = 10;



    private static final String NAMESPACE = NAMESPACE_WINDOW_MANAGER;

    private static final String KEY_ASM_PREFIX = "ActivitySecurity__";

services/core/java/com/android/server/wm/ActivityStarter.java

+1 −1
Original line number Diff line number Diff line
@@ -2067,7 +2067,7 @@ class ActivityStarter { 


        if (!mSupervisor.getBackgroundActivityLaunchController().checkActivityAllowedToStart(

                mSourceRecord, r, newTask, avoidMoveToFront(), targetTask, mLaunchFlags, mBalCode,

                mCallingUid, mRealCallingUid)) {

                mCallingUid, mRealCallingUid, mPreferredTaskDisplayArea)) {

            return START_ABORTED;

        }

services/core/java/com/android/server/wm/ActivityTaskSupervisor.java

+8 −7
Original line number Diff line number Diff line
@@ -42,6 +42,7 @@ import static android.content.pm.PackageManager.NOTIFY_PACKAGE_USE_ACTIVITY; 
import static android.content.pm.PackageManager.PERMISSION_DENIED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import static android.os.PowerManager.PARTIAL_WAKE_LOCK;

import static android.os.Process.INVALID_PID;

import static android.os.Process.INVALID_UID;

import static android.os.Process.SYSTEM_UID;

import static android.os.Trace.TRACE_TAG_WINDOW_MANAGER;
@@ -1648,11 +1649,11 @@ public class ActivityTaskSupervisor implements RecentTasks.Callbacks { 
     * @return Returns true if the given task was found and removed.

     */

    boolean removeTaskById(int taskId, boolean killProcess, boolean removeFromRecents,

            String reason, int callingUid) {

            String reason, int callingUid, int callingPid) {

        final Task task =

                mRootWindowContainer.anyTaskForId(taskId, MATCH_ATTACHED_TASK_OR_RECENT_TASKS);

        if (task != null) {

            removeTask(task, killProcess, removeFromRecents, reason, callingUid, null);

            removeTask(task, killProcess, removeFromRecents, reason, callingUid, callingPid, null);

            return true;

        }

        Slog.w(TAG, "Request to remove task ignored for non-existent task " + taskId);
@@ -1660,11 +1661,11 @@ public class ActivityTaskSupervisor implements RecentTasks.Callbacks { 
    }



    void removeTask(Task task, boolean killProcess, boolean removeFromRecents, String reason) {

        removeTask(task, killProcess, removeFromRecents, reason, SYSTEM_UID, null);

        removeTask(task, killProcess, removeFromRecents, reason, SYSTEM_UID, INVALID_PID, null);

    }



    void removeTask(Task task, boolean killProcess, boolean removeFromRecents, String reason,

            int callingUid, String callerActivityClassName) {

            int callingUid, int callingPid, String callerActivityClassName) {

        if (task.mInRemoveTask) {

            // Prevent recursion.

            return;
@@ -1701,8 +1702,8 @@ public class ActivityTaskSupervisor implements RecentTasks.Callbacks { 
            if (task.isPersistable) {

                mService.notifyTaskPersisterLocked(null, true);

            }

            mBalController

                    .checkActivityAllowedToClearTask(task, callingUid, callerActivityClassName);

            mBalController.checkActivityAllowedToClearTask(

                            task, callingUid, callingPid, callerActivityClassName);

        } finally {

            task.mInRemoveTask = false;

        }
@@ -1870,7 +1871,7 @@ public class ActivityTaskSupervisor implements RecentTasks.Callbacks { 
            // Task was trimmed from the recent tasks list -- remove the active task record as well

            // since the user won't really be able to go back to it

            removeTaskById(task.mTaskId, killProcess, false /* removeFromRecents */,

                    "recent-task-trimmed", SYSTEM_UID);

                    "recent-task-trimmed", SYSTEM_UID, INVALID_PID);

        }

        task.removedFromRecents();

    }