Loading services/core/java/com/android/server/am/ActivityManagerService.java +2 −1 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ import static android.Manifest.permission.CHANGE_CONFIGURATION; import static android.Manifest.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.READ_FRAME_BUFFER; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; Loading Loading @@ -10228,7 +10229,7 @@ public class ActivityManagerService extends IActivityManager.Stub @Override public void moveStackToDisplay(int stackId, int displayId) { enforceCallingPermission(MANAGE_ACTIVITY_STACKS, "moveStackToDisplay()"); enforceCallingPermission(INTERNAL_SYSTEM_WINDOW, "moveStackToDisplay()"); synchronized (this) { final long ident = Binder.clearCallingIdentity(); services/core/java/com/android/server/am/ActivityStackSupervisor.java +5 −7 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.am; import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.START_ANY_ACTIVITY; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; Loading Loading @@ -1656,8 +1657,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D // owner. final int launchDisplayId = options.getLaunchDisplayId(); if (launchDisplayId != INVALID_DISPLAY && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId, aInfo)) { && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId)) { final String msg = "Permission Denial: starting " + intent.toString() + " from " + callerApp + " (pid=" + callingPid + ", uid=" + callingUid + ") with launchDisplayId=" Loading @@ -1671,8 +1671,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } /** Check if caller is allowed to launch activities on specified display. */ boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId, ActivityInfo aInfo) { boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId) { if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check: displayId=" + launchDisplayId + " callingPid=" + callingPid + " callingUid=" + callingUid); Loading @@ -1683,7 +1682,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } // Check if the caller can manage activity stacks. final int startAnyPerm = mService.checkPermission(MANAGE_ACTIVITY_STACKS, callingPid, final int startAnyPerm = mService.checkPermission(INTERNAL_SYSTEM_WINDOW, callingPid, callingUid); if (startAnyPerm == PERMISSION_GRANTED) { if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" Loading @@ -1692,8 +1691,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } if (activityDisplay.mDisplay.getType() == TYPE_VIRTUAL && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID && (aInfo.flags & ActivityInfo.FLAG_ALLOW_EMBEDDED) == 0) { && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID) { // Limit launching on virtual displays, because their contents can be read from Surface // by apps that created them. if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" Loading Loading
services/core/java/com/android/server/am/ActivityManagerService.java +2 −1 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ import static android.Manifest.permission.CHANGE_CONFIGURATION; import static android.Manifest.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.READ_FRAME_BUFFER; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; Loading Loading @@ -10228,7 +10229,7 @@ public class ActivityManagerService extends IActivityManager.Stub @Override public void moveStackToDisplay(int stackId, int displayId) { enforceCallingPermission(MANAGE_ACTIVITY_STACKS, "moveStackToDisplay()"); enforceCallingPermission(INTERNAL_SYSTEM_WINDOW, "moveStackToDisplay()"); synchronized (this) { final long ident = Binder.clearCallingIdentity();
services/core/java/com/android/server/am/ActivityStackSupervisor.java +5 −7 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.am; import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.START_ANY_ACTIVITY; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; Loading Loading @@ -1656,8 +1657,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D // owner. final int launchDisplayId = options.getLaunchDisplayId(); if (launchDisplayId != INVALID_DISPLAY && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId, aInfo)) { && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId)) { final String msg = "Permission Denial: starting " + intent.toString() + " from " + callerApp + " (pid=" + callingPid + ", uid=" + callingUid + ") with launchDisplayId=" Loading @@ -1671,8 +1671,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } /** Check if caller is allowed to launch activities on specified display. */ boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId, ActivityInfo aInfo) { boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId) { if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check: displayId=" + launchDisplayId + " callingPid=" + callingPid + " callingUid=" + callingUid); Loading @@ -1683,7 +1682,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } // Check if the caller can manage activity stacks. final int startAnyPerm = mService.checkPermission(MANAGE_ACTIVITY_STACKS, callingPid, final int startAnyPerm = mService.checkPermission(INTERNAL_SYSTEM_WINDOW, callingPid, callingUid); if (startAnyPerm == PERMISSION_GRANTED) { if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" Loading @@ -1692,8 +1691,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } if (activityDisplay.mDisplay.getType() == TYPE_VIRTUAL && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID && (aInfo.flags & ActivityInfo.FLAG_ALLOW_EMBEDDED) == 0) { && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID) { // Limit launching on virtual displays, because their contents can be read from Surface // by apps that created them. if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" Loading
