Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 40b2e821 authored by Jeff Chang's avatar Jeff Chang Committed by Android Build Coastguard Worker
Browse files

[RESTRICT AUTOMERGE]Only allow system and same app to apply relinquishTaskIdentity 

Any malicious application could hijack tasks by
android:relinquishTaskIdentity. This vulnerability can perform UI
spoofing or spy on user’s activities.

This CL limit the usage which only allow system and same app to apply
relinquishTaskIdentity. Based on the condition of updateIdentity from
Task#setIntent, update the intent with the parent's task together to
align with original code logic. Moreover, we shouldn't save launch
params for such tasks with null realActivity.

Bug: 185810717
Bug: 218243793
Test: atest IntentTests
      atest ActivityStarterTests
      atest TaskRecordTests
      atest testSplitscreenPortraitAppOrientationRequests
Change-Id: I42c671e66c39c82be1dcef1f374d56d4593f9f57
(cherry picked from commit 7221a25a)
Merged-In: I42c671e66c39c82be1dcef1f374d56d4593f9f57
parent 066e147f
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment