Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3a95edc0 authored by Andrii Kulian's avatar Andrii Kulian
Browse files

Further restrict activity launch on virtual displays 

Only callers with INTERNAL_SYSTEM_WINDOW permission can launch
an activity to a virtual display.

Bug: 63094482
Test: android.server.cts.ActivityManagerDisplayTests
Change-Id: I3f618fcbf3c07e5085e2b43b0f038f240df0c9d3
parent 1cba31c3

services/core/java/com/android/server/am/ActivityManagerService.java

+2 −1
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ import static android.Manifest.permission.CHANGE_CONFIGURATION; 
import static android.Manifest.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST;

import static android.Manifest.permission.INTERACT_ACROSS_USERS;

import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;

import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW;

import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS;

import static android.Manifest.permission.READ_FRAME_BUFFER;

import static android.Manifest.permission.START_TASKS_FROM_RECENTS;
@@ -10228,7 +10229,7 @@ public class ActivityManagerService extends IActivityManager.Stub 














    @Override















    public void moveStackToDisplay(int stackId, int displayId) {













        enforceCallingPermission(MANAGE_ACTIVITY_STACKS, "moveStackToDisplay()");













        enforceCallingPermission(INTERNAL_SYSTEM_WINDOW, "moveStackToDisplay()");





























        synchronized (this) {















            final long ident = Binder.clearCallingIdentity();

























services/core/java/com/android/server/am/ActivityStackSupervisor.java



+5
−7




























Original line number
Diff line number
Diff line








@@ -16,6 +16,7 @@





























package com.android.server.am;





























import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW;















import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS;















import static android.Manifest.permission.START_ANY_ACTIVITY;















import static android.Manifest.permission.START_TASKS_FROM_RECENTS;










@@ -1656,8 +1657,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D













            // owner.















            final int launchDisplayId = options.getLaunchDisplayId();















            if (launchDisplayId != INVALID_DISPLAY













                    && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId,













                    aInfo)) {













                    && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId)) {















                final String msg = "Permission Denial: starting " + intent.toString()















                        + " from " + callerApp + " (pid=" + callingPid















                        + ", uid=" + callingUid + ") with launchDisplayId="









@@ -1671,8 +1671,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D













    }































    /** Check if caller is allowed to launch activities on specified display. */













    boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId,













            ActivityInfo aInfo) {













    boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId) {















        if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check: displayId=" + launchDisplayId















                + " callingPid=" + callingPid + " callingUid=" + callingUid);

























@@ -1683,7 +1682,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D













        }































        // Check if the caller can manage activity stacks.













        final int startAnyPerm = mService.checkPermission(MANAGE_ACTIVITY_STACKS, callingPid,













        final int startAnyPerm = mService.checkPermission(INTERNAL_SYSTEM_WINDOW, callingPid,















                callingUid);















        if (startAnyPerm == PERMISSION_GRANTED) {















            if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:"









@@ -1692,8 +1691,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D













        }































        if (activityDisplay.mDisplay.getType() == TYPE_VIRTUAL













                && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID













                && (aInfo.flags & ActivityInfo.FLAG_ALLOW_EMBEDDED) == 0) {













                && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID) {















            // Limit launching on virtual displays, because their contents can be read from Surface















            // by apps that created them.















            if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:"