Conditional opting of system into BAL enforcement (4dfbe8c8) · Commits · e / os / android_frameworks_base

core/java/android/security/responsible_apis_flags.aconfig

+7 −0

Original line number	Diff line number	Diff line
		@@ -45,3 +45,10 @@ flag {
		description: "Do not allow intents without an action to match any intent filters"
		bug: "293560872"
		}

		flag {
		name: "asm_opt_system_into_enforcement"
		namespace: "responsible_apis"
		description: "Opt the system into enforcement of BAL"
		bug: "339403750"
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -41,7 +41,7 @@ class ActivitySecurityModelFeatureFlags {
		static final String DOC_LINK = "go/android-asm";

		/** Used to determine which version of the ASM logic was used in logs while we iterate */
		static final int ASM_VERSION = 10;
		static final int ASM_VERSION = 11;

		private static final String NAMESPACE = NAMESPACE_WINDOW_MANAGER;
		private static final String KEY_ASM_PREFIX = "ActivitySecurity__";

+10 −3

Original line number	Diff line number	Diff line
		@@ -29,6 +29,7 @@ import static android.os.Process.INVALID_PID;
		import static android.os.Process.INVALID_UID;
		import static android.os.Process.SYSTEM_UID;
		import static android.provider.DeviceConfig.NAMESPACE_WINDOW_MANAGER;
		import static android.security.Flags.asmOptSystemIntoEnforcement;

		import static com.android.server.wm.ActivityStarter.ASM_RESTRICTIONS;
		import static com.android.server.wm.ActivityTaskManagerDebugConfig.DEBUG_ACTIVITY_STARTS;
		@@ -1459,14 +1460,19 @@ public class BackgroundActivityStartController {
		return bas.matchesSource();
		}

		if (!CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, ar.getUid())) {
		if (ar.isUid(SYSTEM_UID)) {
		if (asmOptSystemIntoEnforcement()) {
		return bas.optedIn(ar);
		} else {
		return bas;
		}
		}

		if (ar.isUid(SYSTEM_UID)) {
		return bas.optedIn(ar);
		if (!CompatChanges.isChangeEnabled(ASM_RESTRICTIONS, ar.getUid())) {
		return bas;
		}


		String packageName = ar.packageName;
		if (packageName == null) {
		Slog.wtf(TAG, "Package name: " + ar + " not found.");
		@@ -1563,6 +1569,7 @@ public class BackgroundActivityStartController {
		joiner.add(prefix + "Allowed By Grace Period: " + allowedByGracePeriod);
		joiner.add(prefix + "LastResumedActivity: "
		+ recordToString.apply(mService.mLastResumedActivity));
		joiner.add(prefix + "System opted into enforcement: " + asmOptSystemIntoEnforcement());

		if (mTopFinishedActivity != null) {
		joiner.add(prefix + "TopFinishedActivity: " + mTopFinishedActivity.mDebugInfo);