Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 71893109 authored by Achim Thesmann's avatar Achim Thesmann
Browse files

Always require opt-in for root/system 

If a process with lower target SDK shares UID with the system the compat
change turns off the feature and potentially compromises the security of
the whole system.
There are no occurences in droidfood that would be affected (see
go/bal-graph).

Test: atest BackgroundActivityLaunchTests
Bug: 296479164
Flag: EXEMPT bugfix
Change-Id: If33d799c20173f9909b606ebb60745adad46fc41
parent 9d3a6121

services/core/java/com/android/server/wm/BackgroundActivityStartController.java

+5 −0
Original line number Original line Diff line number Diff line
@@ -28,6 +28,7 @@ import static android.content.pm.PackageManager.PERMISSION_GRANTED; 
import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE;

import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE;

import static android.os.Process.INVALID_PID;

import static android.os.Process.INVALID_PID;

import static android.os.Process.INVALID_UID;

import static android.os.Process.INVALID_UID;

import static android.os.Process.ROOT_UID;

import static android.os.Process.SYSTEM_UID;

import static android.os.Process.SYSTEM_UID;

import static android.provider.DeviceConfig.NAMESPACE_WINDOW_MANAGER;

import static android.provider.DeviceConfig.NAMESPACE_WINDOW_MANAGER;
@@ -385,6 +386,10 @@ public class BackgroundActivityStartController { 
                    return BackgroundStartPrivileges.NONE;

                    return BackgroundStartPrivileges.NONE;

                case MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED:

                case MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED:

                    // no explicit choice by the app - let us decide what to do

                    // no explicit choice by the app - let us decide what to do

                    if (callingUid == ROOT_UID || callingUid == SYSTEM_UID) {

                        // root and system must always opt in explicitly

                        return BackgroundStartPrivileges.NONE;

                    }

                    if (callingPackage != null) {

                    if (callingPackage != null) {

                        // determine based on the calling/creating package

                        // determine based on the calling/creating package

                        boolean changeEnabled = CompatChanges.isChangeEnabled(

                        boolean changeEnabled = CompatChanges.isChangeEnabled(