Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 65dc6785 authored by Achim Thesmann's avatar Achim Thesmann
Browse files

Apply BAL hardening to system 

Revert the change to atomatically opt in system processes to allow BAL.

Bug: 288914341
Test: atest BackgroundActivityLaunchTest ActivityStarterTests
Change-Id: Idb7cdce5bb1215fcf3ead093dd4cbd036c500d30
parent 92c44a50

services/core/java/com/android/server/am/PendingIntentRecord.java

+0 −9
Original line number Diff line number Diff line
@@ -42,7 +42,6 @@ import android.os.Bundle; 
import android.os.IBinder;

import android.os.PowerWhitelistManager;

import android.os.PowerWhitelistManager.ReasonCode;

import android.os.Process;

import android.os.RemoteCallbackList;

import android.os.RemoteException;

import android.os.TransactionTooLargeException;
@@ -384,14 +383,6 @@ public final class PendingIntentRecord extends IIntentSender.Stub { 
            })

    public static BackgroundStartPrivileges getDefaultBackgroundStartPrivileges(

            int callingUid, @Nullable String callingPackage) {

        if (UserHandle.getAppId(callingUid) == Process.SYSTEM_UID) {

            // We temporarily allow BAL for system processes, while we verify that all valid use

            // cases are opted in explicitly to grant their BAL permission.

            // Background: In many cases devices are running additional apps that share UID with

            // the system. If one of these apps targets a lower SDK the change is not active, but

            // as soon as that app is upgraded (or removed) BAL would be blocked. (b/283138430)

            return BackgroundStartPrivileges.ALLOW_BAL;

        }

        boolean isChangeEnabledForApp = callingPackage != null ? CompatChanges.isChangeEnabled(

                DEFAULT_RESCIND_BAL_PRIVILEGES_FROM_PENDING_INTENT_SENDER, callingPackage,

                UserHandle.getUserHandleForUid(callingUid)) : CompatChanges.isChangeEnabled(