Loading services/core/java/com/android/server/am/ActivityManagerService.java +2 −1 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,7 @@ import static android.Manifest.permission.CHANGE_CONFIGURATION; import static android.Manifest.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST; import static android.Manifest.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.READ_FRAME_BUFFER; import static android.Manifest.permission.READ_FRAME_BUFFER; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; Loading Loading @@ -10297,7 +10298,7 @@ public class ActivityManagerService extends IActivityManager.Stub @Override @Override public void moveStackToDisplay(int stackId, int displayId) { public void moveStackToDisplay(int stackId, int displayId) { enforceCallingPermission(MANAGE_ACTIVITY_STACKS, "moveStackToDisplay()"); enforceCallingPermission(INTERNAL_SYSTEM_WINDOW, "moveStackToDisplay()"); synchronized (this) { synchronized (this) { final long ident = Binder.clearCallingIdentity(); final long ident = Binder.clearCallingIdentity(); services/core/java/com/android/server/am/ActivityStackSupervisor.java +5 −7 Original line number Original line Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.am; package com.android.server.am; import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.START_ANY_ACTIVITY; import static android.Manifest.permission.START_ANY_ACTIVITY; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; Loading Loading @@ -1672,8 +1673,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D // owner. // owner. final int launchDisplayId = options.getLaunchDisplayId(); final int launchDisplayId = options.getLaunchDisplayId(); if (launchDisplayId != INVALID_DISPLAY if (launchDisplayId != INVALID_DISPLAY && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId, && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId)) { aInfo)) { final String msg = "Permission Denial: starting " + intent.toString() final String msg = "Permission Denial: starting " + intent.toString() + " from " + callerApp + " (pid=" + callingPid + " from " + callerApp + " (pid=" + callingPid + ", uid=" + callingUid + ") with launchDisplayId=" + ", uid=" + callingUid + ") with launchDisplayId=" Loading @@ -1687,8 +1687,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } } /** Check if caller is allowed to launch activities on specified display. */ /** Check if caller is allowed to launch activities on specified display. */ boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId, boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId) { ActivityInfo aInfo) { if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check: displayId=" + launchDisplayId if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check: displayId=" + launchDisplayId + " callingPid=" + callingPid + " callingUid=" + callingUid); + " callingPid=" + callingPid + " callingUid=" + callingUid); Loading @@ -1699,7 +1698,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } } // Check if the caller can manage activity stacks. // Check if the caller can manage activity stacks. final int startAnyPerm = mService.checkPermission(MANAGE_ACTIVITY_STACKS, callingPid, final int startAnyPerm = mService.checkPermission(INTERNAL_SYSTEM_WINDOW, callingPid, callingUid); callingUid); if (startAnyPerm == PERMISSION_GRANTED) { if (startAnyPerm == PERMISSION_GRANTED) { if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" Loading @@ -1708,8 +1707,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } } if (activityDisplay.mDisplay.getType() == TYPE_VIRTUAL if (activityDisplay.mDisplay.getType() == TYPE_VIRTUAL && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID) { && (aInfo.flags & ActivityInfo.FLAG_ALLOW_EMBEDDED) == 0) { // Limit launching on virtual displays, because their contents can be read from Surface // Limit launching on virtual displays, because their contents can be read from Surface // by apps that created them. // by apps that created them. if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" Loading Loading
services/core/java/com/android/server/am/ActivityManagerService.java +2 −1 Original line number Original line Diff line number Diff line Loading @@ -20,6 +20,7 @@ import static android.Manifest.permission.CHANGE_CONFIGURATION; import static android.Manifest.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST; import static android.Manifest.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.READ_FRAME_BUFFER; import static android.Manifest.permission.READ_FRAME_BUFFER; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; Loading Loading @@ -10297,7 +10298,7 @@ public class ActivityManagerService extends IActivityManager.Stub @Override @Override public void moveStackToDisplay(int stackId, int displayId) { public void moveStackToDisplay(int stackId, int displayId) { enforceCallingPermission(MANAGE_ACTIVITY_STACKS, "moveStackToDisplay()"); enforceCallingPermission(INTERNAL_SYSTEM_WINDOW, "moveStackToDisplay()"); synchronized (this) { synchronized (this) { final long ident = Binder.clearCallingIdentity(); final long ident = Binder.clearCallingIdentity();
services/core/java/com/android/server/am/ActivityStackSupervisor.java +5 −7 Original line number Original line Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.server.am; package com.android.server.am; import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS; import static android.Manifest.permission.START_ANY_ACTIVITY; import static android.Manifest.permission.START_ANY_ACTIVITY; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; import static android.Manifest.permission.START_TASKS_FROM_RECENTS; Loading Loading @@ -1672,8 +1673,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D // owner. // owner. final int launchDisplayId = options.getLaunchDisplayId(); final int launchDisplayId = options.getLaunchDisplayId(); if (launchDisplayId != INVALID_DISPLAY if (launchDisplayId != INVALID_DISPLAY && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId, && !isCallerAllowedToLaunchOnDisplay(callingPid, callingUid, launchDisplayId)) { aInfo)) { final String msg = "Permission Denial: starting " + intent.toString() final String msg = "Permission Denial: starting " + intent.toString() + " from " + callerApp + " (pid=" + callingPid + " from " + callerApp + " (pid=" + callingPid + ", uid=" + callingUid + ") with launchDisplayId=" + ", uid=" + callingUid + ") with launchDisplayId=" Loading @@ -1687,8 +1687,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } } /** Check if caller is allowed to launch activities on specified display. */ /** Check if caller is allowed to launch activities on specified display. */ boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId, boolean isCallerAllowedToLaunchOnDisplay(int callingPid, int callingUid, int launchDisplayId) { ActivityInfo aInfo) { if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check: displayId=" + launchDisplayId if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check: displayId=" + launchDisplayId + " callingPid=" + callingPid + " callingUid=" + callingUid); + " callingPid=" + callingPid + " callingUid=" + callingUid); Loading @@ -1699,7 +1698,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } } // Check if the caller can manage activity stacks. // Check if the caller can manage activity stacks. final int startAnyPerm = mService.checkPermission(MANAGE_ACTIVITY_STACKS, callingPid, final int startAnyPerm = mService.checkPermission(INTERNAL_SYSTEM_WINDOW, callingPid, callingUid); callingUid); if (startAnyPerm == PERMISSION_GRANTED) { if (startAnyPerm == PERMISSION_GRANTED) { if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" Loading @@ -1708,8 +1707,7 @@ public class ActivityStackSupervisor extends ConfigurationContainer implements D } } if (activityDisplay.mDisplay.getType() == TYPE_VIRTUAL if (activityDisplay.mDisplay.getType() == TYPE_VIRTUAL && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID && activityDisplay.mDisplay.getOwnerUid() != SYSTEM_UID) { && (aInfo.flags & ActivityInfo.FLAG_ALLOW_EMBEDDED) == 0) { // Limit launching on virtual displays, because their contents can be read from Surface // Limit launching on virtual displays, because their contents can be read from Surface // by apps that created them. // by apps that created them. if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" if (DEBUG_TASKS) Slog.d(TAG, "Launch on display check:" Loading
