Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 65f452b5 authored by Achim Thesmann's avatar Achim Thesmann
Browse files

Consider SAW permission for real caller 

This commit addresses an issue where the BAL (background activity launch) logic was not properly considering the SAW (System Alert Window) permission for the real caller.

Added logic to check for the SAW permission when determining the exemption in the path for the real caller (analog to the caller).
Added a test to verify the fix.

For more context, see the Android documentation on background starts: https://developer.android.com/guide/components/activities/background-starts

Test: atest BackgroundActivityStartControllerExemptionTests
Flag: com.android.window.flags.bal_additional_start_modes
Bug: 327738445
Change-Id: I0594d47d15d9bc9aaf7b7da9242000c61686403b
parent e6b787e9

services/core/java/com/android/server/wm/BackgroundActivityStartController.java

+20 −2
Original line number Diff line number Diff line
@@ -558,7 +558,7 @@ public class BackgroundActivityStartController { 
                    .append(mBalAllowedByPiCreatorWithHardening);

            sb.append("; resultIfPiCreatorAllowsBal: ").append(mResultForCaller);

            sb.append("; callerStartMode: ").append(balStartModeToString(

                    mCheckedOptions.getPendingIntentBackgroundActivityStartMode()));

                    mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode()));

            sb.append("; hasRealCaller: ").append(hasRealCaller());

            sb.append("; isCallForResult: ").append(mIsCallForResult);

            sb.append("; isPendingIntent: ").append(isPendingIntent());
@@ -585,7 +585,7 @@ public class BackgroundActivityStartController { 
                sb.append("; balAllowedByPiSender: ").append(mBalAllowedByPiSender);

                sb.append("; resultIfPiSenderAllowsBal: ").append(mResultForRealCaller);

                sb.append("; realCallerStartMode: ").append(balStartModeToString(

                        mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode()));

                        mCheckedOptions.getPendingIntentBackgroundActivityStartMode()));

            }

            // features

            sb.append("; balImproveRealCallerVisibilityCheck: ")
@@ -1044,6 +1044,24 @@ public class BackgroundActivityStartController { 
                    "realCallingUid has BAL permission.");

        }



        // don't abort if the realCallingUid has SYSTEM_ALERT_WINDOW permission

        Slog.i(TAG, "hasSystemAlertWindowPermission(" + state.mRealCallingUid + ", "

                + state.mRealCallingPid + ", " + state.mRealCallingPackage + ") "

                + balStartModeToString(

                state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode()));

        if (state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode()

                == MODE_BACKGROUND_ACTIVITY_START_ALLOW_ALWAYS

                && mService.hasSystemAlertWindowPermission(state.mRealCallingUid,

                state.mRealCallingPid, state.mRealCallingPackage)) {

            Slog.w(

                    TAG,

                    "Background activity start for "

                            + state.mRealCallingPackage

                            + " allowed because SYSTEM_ALERT_WINDOW permission is granted.");

            return new BalVerdict(BAL_ALLOW_SAW_PERMISSION,

                    /*background*/ true, "SYSTEM_ALERT_WINDOW permission is granted");

        }



        // if the realCallingUid is a persistent system process, abort if the IntentSender

        // wasn't allowed to start an activity

        if (state.mForcedBalByPiSender.allowsBackgroundActivityStarts()

services/tests/wmtests/src/com/android/server/wm/BackgroundActivityStartControllerExemptionTests.java

+35 −0
Original line number Diff line number Diff line
@@ -682,6 +682,41 @@ public class BackgroundActivityStartControllerExemptionTests { 
                BAL_ALLOW_SAW_PERMISSION);

    }



    @Test

    @RequiresFlagsEnabled(Flags.FLAG_BAL_ADDITIONAL_START_MODES)

    public void testRealCaller_sawPermission() {

        int callingUid = REGULAR_UID_1;

        int callingPid = REGULAR_PID_1;

        final String callingPackage = REGULAR_PACKAGE_1;

        int realCallingUid = REGULAR_UID_2;

        int realCallingPid = REGULAR_PID_2;



        // setup state

        when(mService.hasSystemAlertWindowPermission(eq(realCallingUid), eq(realCallingPid),

                any())).thenReturn(true);



        // prepare call

        PendingIntentRecord originatingPendingIntent = mPendingIntentRecord;

        BackgroundStartPrivileges forcedBalByPiSender = BackgroundStartPrivileges.NONE;

        Intent intent = TEST_INTENT;

        ActivityOptions checkedOptions =

                mCheckedOptions.setPendingIntentBackgroundActivityStartMode(

                        MODE_BACKGROUND_ACTIVITY_START_ALLOW_ALWAYS);

        BackgroundActivityStartController.BalState balState = mController.new BalState(callingUid,

                callingPid, callingPackage, realCallingUid, realCallingPid, null,

                originatingPendingIntent, forcedBalByPiSender, mResultRecord, intent,

                checkedOptions);



        // call

        BalVerdict callerVerdict = mController.checkBackgroundActivityStartAllowedByRealCaller(

                balState);

        balState.setResultForCaller(callerVerdict);



        // assertions

        assertWithMessage(balState.toString()).that(callerVerdict.getCode()).isEqualTo(

                BAL_ALLOW_SAW_PERMISSION);

    }



    @Test

    public void testCaller_isRecents() {

        int callingUid = REGULAR_UID_1;