Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 62f8a7f4 authored by Louis Chang's avatar Louis Chang Committed by Automerger Merge Worker
Browse files

Merge "Only allow system or sysui to set launch activity type" into sc-dev am:... 

Merge "Only allow system or sysui to set launch activity type" into sc-dev am: 8f5d0a87 am: 3cc8dc30 am: 80402f78

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/14613436

Change-Id: I4c6d6888dd5725c8e0665c036c1fa9b961352679
parents 91875470 80402f78

services/core/java/com/android/server/wm/ActivityTaskManagerService.java

+14 −9
Original line number Diff line number Diff line
@@ -1638,6 +1638,8 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { 
        mAmInternal.enforceCallingPermission(BIND_VOICE_INTERACTION, "startAssistantActivity()");

        userId = handleIncomingUser(callingPid, callingUid, userId, "startAssistantActivity");



        final long origId = Binder.clearCallingIdentity();

        try {

            return getActivityStartController().obtainStarter(intent, "startAssistantActivity")

                    .setCallingUid(callingUid)

                    .setCallingPackage(callingPackage)
@@ -1647,6 +1649,9 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { 
                    .setUserId(userId)

                    .setAllowBackgroundActivityStart(true)

                    .execute();

        } finally {

            Binder.restoreCallingIdentity(origId);

        }

    }



    /**

services/core/java/com/android/server/wm/SafeActivityOptions.java

+57 −5
Original line number Diff line number Diff line
@@ -20,6 +20,9 @@ import static android.Manifest.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIO 
import static android.Manifest.permission.START_TASKS_FROM_RECENTS;

import static android.Manifest.permission.STATUS_BAR_SERVICE;

import static android.app.ActivityTaskManager.INVALID_TASK_ID;

import static android.app.WindowConfiguration.ACTIVITY_TYPE_ASSISTANT;

import static android.app.WindowConfiguration.ACTIVITY_TYPE_UNDEFINED;

import static android.app.WindowConfiguration.activityTypeToString;

import static android.content.pm.PackageManager.PERMISSION_DENIED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import static android.view.Display.INVALID_DISPLAY;
@@ -29,12 +32,15 @@ import static com.android.server.wm.ActivityTaskManagerDebugConfig.TAG_WITH_CLAS 


import android.annotation.Nullable;

import android.app.ActivityOptions;

import android.app.AppGlobals;

import android.app.PendingIntent;

import android.content.Intent;

import android.content.pm.ActivityInfo;

import android.content.pm.PackageManager;

import android.os.Binder;

import android.os.Bundle;

import android.os.Process;

import android.os.RemoteException;

import android.os.UserHandle;

import android.util.Slog;

import android.view.RemoteAnimationAdapter;
@@ -281,17 +287,63 @@ public class SafeActivityOptions { 
        }



        // If launched from bubble is specified, then ensure that the caller is system or sysui.

        if (options.getLaunchedFromBubble() && callingUid != Process.SYSTEM_UID) {

            final int statusBarPerm = ActivityTaskManagerService.checkPermission(

                    STATUS_BAR_SERVICE, callingPid, callingUid);

            if (statusBarPerm == PERMISSION_DENIED) {

        if (options.getLaunchedFromBubble() && !isSystemOrSystemUI(callingPid, callingUid)) {

            final String msg = "Permission Denial: starting " + getIntentString(intent)

                    + " from " + callerApp + " (pid=" + callingPid

                    + ", uid=" + callingUid + ") with launchedFromBubble=true";

            Slog.w(TAG, msg);

            throw new SecurityException(msg);

        }



        final int activityType = options.getLaunchActivityType();

        if (activityType != ACTIVITY_TYPE_UNDEFINED

                && !isSystemOrSystemUI(callingPid, callingUid)) {

            // Granted if it is assistant type and the calling uid is assistant.

            boolean activityTypeGranted = false;

            if (activityType == ACTIVITY_TYPE_ASSISTANT

                    && isAssistant(supervisor.mService, callingUid)) {

                activityTypeGranted = true;

            }



            if (!activityTypeGranted) {

                final String msg = "Permission Denial: starting " + getIntentString(intent)

                        + " from " + callerApp + " (pid=" + callingPid

                        + ", uid=" + callingUid + ") with launchActivityType="

                        + activityTypeToString(options.getLaunchActivityType());

                Slog.w(TAG, msg);

                throw new SecurityException(msg);

            }

        }

    }



    private boolean isAssistant(ActivityTaskManagerService atmService, int callingUid) {

        if (atmService.mActiveVoiceInteractionServiceComponent == null) {

            return false;

        }



        final String assistantPackage =

                atmService.mActiveVoiceInteractionServiceComponent.getPackageName();

        try {

            final int uid = AppGlobals.getPackageManager().getPackageUid(assistantPackage,

                    PackageManager.MATCH_DIRECT_BOOT_AUTO,

                    UserHandle.getUserId(callingUid));

            if (uid == callingUid) {

                return true;

            }

        } catch (RemoteException e) {

            // Should not happen

        }

        return false;

    }



    private boolean isSystemOrSystemUI(int callingPid, int callingUid) {

        if (callingUid == Process.SYSTEM_UID) {

            return true;

        }



        final int statusBarPerm = ActivityTaskManagerService.checkPermission(

                STATUS_BAR_SERVICE, callingPid, callingUid);

        return statusBarPerm == PERMISSION_GRANTED;

    }



    private String getIntentString(Intent intent) {