Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3e34050a authored by Alison Cichowlas's avatar Alison Cichowlas
Browse files

Re-patching in Sharesheet security model changes. 

Previously reverted due to b/72554856, fix for that in topic.

Original commit message:

Security model for moving sharesheet to systemui

ResolverActivity (still in frameworks) now requests a "permission token"
that it hands to a stubbed system ui activity ChooserActivity.

This permission token allows an app (SysUI) with the signed permission
"START_ACTIVITY_AS_CALLER" to call
ActivityManagerService#startActivityAsCaller. Permission tokens are a
one-time use, limited-time offer.

Test: runtest systemui && manual testing
Bug: 69850752
Change-Id: Ia50e21e2f8c6b6d0ed7207625e3b5aef214396bb
parent 1fa34b08

core/java/android/app/Activity.java

+3 −2
Original line number Diff line number Diff line
@@ -4838,6 +4838,7 @@ public class Activity extends ContextThemeWrapper 
     * their launch had come from the original activity.

     * @param intent The Intent to start.

     * @param options ActivityOptions or null.

     * @param permissionToken Token received from the system that permits this call to be made.

     * @param ignoreTargetSecurity If true, the activity manager will not check whether the

     * caller it is doing the start is, is actually allowed to start the target activity.

     * If you set this to true, you must set an explicit component in the Intent and do any
@@ -4846,7 +4847,7 @@ public class Activity extends ContextThemeWrapper 
     * @hide

     */

    public void startActivityAsCaller(Intent intent, @Nullable Bundle options,

            boolean ignoreTargetSecurity, int userId) {

            IBinder permissionToken, boolean ignoreTargetSecurity, int userId) {

        if (mParent != null) {

            throw new RuntimeException("Can't be called from a child");

        }
@@ -4854,7 +4855,7 @@ public class Activity extends ContextThemeWrapper 
        Instrumentation.ActivityResult ar =

                mInstrumentation.execStartActivityAsCaller(

                        this, mMainThread.getApplicationThread(), mToken, this,

                        intent, -1, options, ignoreTargetSecurity, userId);

                        intent, -1, options, permissionToken, ignoreTargetSecurity, userId);

        if (ar != null) {

            mMainThread.sendActivityResult(

                mToken, mEmbeddedID, -1, ar.getResultCode(),

core/java/android/app/ActivityTaskManager.java

+26 −0
Original line number Diff line number Diff line
@@ -110,6 +110,32 @@ public class ActivityTaskManager { 
    public static final int RESIZE_MODE_USER_FORCED =

            RESIZE_MODE_PRESERVE_WINDOW | RESIZE_MODE_FORCED;



    /**

     * Extra included on intents that are delegating the call to

     * ActivityManager#startActivityAsCaller to another app.  This token is necessary for that call

     * to succeed.  Type is IBinder.

     * @hide

     */

    public static final String EXTRA_PERMISSION_TOKEN = "android.app.extra.PERMISSION_TOKEN";



    /**

     * Extra included on intents that contain an EXTRA_INTENT, with options that the contained

     * intent may want to be started with.  Type is Bundle.

     * TODO: remove once the ChooserActivity moves to systemui

     * @hide

     */

    public static final String EXTRA_OPTIONS = "android.app.extra.OPTIONS";



    /**

     * Extra included on intents that contain an EXTRA_INTENT, use this boolean value for the

     * parameter of the same name when starting the contained intent.

     * TODO: remove once the ChooserActivity moves to systemui

     * @hide

     */

    public static final String EXTRA_IGNORE_TARGET_SECURITY =

            "android.app.extra.EXTRA_IGNORE_TARGET_SECURITY";





    private static int sMaxRecentTasks = -1;



    ActivityTaskManager(Context context, Handler handler) {

core/java/android/app/IActivityTaskManager.aidl

+15 −1
Original line number Diff line number Diff line
@@ -118,7 +118,7 @@ interface IActivityTaskManager { 
    int startActivityAsCaller(in IApplicationThread caller, in String callingPackage,

            in Intent intent, in String resolvedType, in IBinder resultTo, in String resultWho,

            int requestCode, int flags, in ProfilerInfo profilerInfo, in Bundle options,

            boolean ignoreTargetSecurity, int userId);

            IBinder permissionToken, boolean ignoreTargetSecurity, int userId);



    void unhandledBack();

    boolean finishActivity(in IBinder token, int code, in Intent data, int finishTask);
@@ -193,6 +193,20 @@ interface IActivityTaskManager { 
            in ActivityManager.TaskDescription description, in Bitmap thumbnail);

    Point getAppTaskThumbnailSize();

    boolean releaseActivityInstance(in IBinder token);

    /**

     * Only callable from the system. This token grants a temporary permission to call

     * #startActivityAsCallerWithToken. The token will time out after

     * START_AS_CALLER_TOKEN_TIMEOUT if it is not used.

     *

     * @param delegatorToken The Binder token referencing the system Activity that wants to delegate

     *        the #startActivityAsCaller to another app. The "caller" will be the caller of this

     *        activity's token, not the delegate's caller (which is probably the delegator itself).

     *

     * @return Returns a token that can be given to a "delegate" app that may call

     *         #startActivityAsCaller

     */

    IBinder requestStartActivityPermissionToken(in IBinder delegatorToken);



    void releaseSomeActivities(in IApplicationThread app);

    Bitmap getTaskDescriptionIcon(in String filename, int userId);

    void startInPlaceAnimationOnFrontMostApplication(in Bundle opts);

core/java/android/app/Instrumentation.java

+4 −3
Original line number Diff line number Diff line
@@ -1902,8 +1902,8 @@ public class Instrumentation { 
    @UnsupportedAppUsage

    public ActivityResult execStartActivityAsCaller(

            Context who, IBinder contextThread, IBinder token, Activity target,

            Intent intent, int requestCode, Bundle options, boolean ignoreTargetSecurity,

            int userId) {

            Intent intent, int requestCode, Bundle options, IBinder permissionToken,

            boolean ignoreTargetSecurity, int userId) {

        IApplicationThread whoThread = (IApplicationThread) contextThread;

        if (mActivityMonitors != null) {

            synchronized (mSync) {
@@ -1934,7 +1934,8 @@ public class Instrumentation { 
                .startActivityAsCaller(whoThread, who.getBasePackageName(), intent,

                        intent.resolveTypeIfNeeded(who.getContentResolver()),

                        token, target != null ? target.mEmbeddedID : null,

                        requestCode, 0, null, options, ignoreTargetSecurity, userId);

                        requestCode, 0, null, options, permissionToken,

                        ignoreTargetSecurity, userId);

            checkStartActivityResult(result, intent);

        } catch (RemoteException e) {

            throw new RuntimeException("Failure from system", e);

core/java/com/android/internal/app/ChooserActivity.java

+3 −13
Original line number Diff line number Diff line
@@ -16,13 +16,8 @@ 


package com.android.internal.app;



import android.animation.Animator;

import android.animation.AnimatorListenerAdapter;

import android.animation.ObjectAnimator;

import android.annotation.NonNull;

import android.app.Activity;

import android.app.ActivityManager;

import android.app.usage.UsageStatsManager;

import android.content.ComponentName;

import android.content.Context;

import android.content.Intent;
@@ -56,7 +51,6 @@ import android.service.chooser.ChooserTargetService; 
import android.service.chooser.IChooserTargetResult;

import android.service.chooser.IChooserTargetService;

import android.text.TextUtils;

import android.util.FloatProperty;

import android.util.Log;

import android.util.Slog;

import android.view.LayoutInflater;
@@ -66,8 +60,6 @@ import android.view.View.OnClickListener; 
import android.view.View.OnLongClickListener;

import android.view.ViewGroup;

import android.view.ViewGroup.LayoutParams;

import android.view.animation.AnimationUtils;

import android.view.animation.Interpolator;

import android.widget.AbsListView;

import android.widget.BaseAdapter;

import android.widget.LinearLayout;
@@ -76,10 +68,9 @@ import android.widget.Space; 


import com.android.internal.R;

import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.app.ResolverActivity;

import com.android.internal.app.ResolverActivity.TargetInfo;

import com.android.internal.logging.MetricsLogger;

import com.android.internal.logging.nano.MetricsProto.MetricsEvent;



import com.google.android.collect.Lists;



import java.io.File;
@@ -847,7 +838,7 @@ public class ChooserActivity extends ResolverActivity { 
        }



        @Override

        public boolean startAsCaller(Activity activity, Bundle options, int userId) {

        public boolean startAsCaller(ResolverActivity activity, Bundle options, int userId) {

            final Intent intent = getBaseIntentToSend();

            if (intent == null) {

                return false;
@@ -866,8 +857,7 @@ public class ChooserActivity extends ResolverActivity { 
            final boolean ignoreTargetSecurity = mSourceInfo != null

                    && mSourceInfo.getResolvedComponentName().getPackageName()

                    .equals(mChooserTarget.getComponentName().getPackageName());

            activity.startActivityAsCaller(intent, options, ignoreTargetSecurity, userId);

            return true;

            return activity.startAsCallerImpl(intent, options, ignoreTargetSecurity, userId);

        }



        @Override