Create Westworld metric for unsafe intent matching (7846043d) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ActivityManagerService.java

+19 −14

Original line number	Diff line number	Diff line
		@@ -12667,7 +12667,7 @@ public class ActivityManagerService extends IActivityManager.Stub
		* @param platformCompat the instance of platform compat
		*/
		private static void filterNonExportedComponents(Intent intent, int callingUid,
		List query, PlatformCompat platformCompat, String callerPackage) {
		List query, PlatformCompat platformCompat, String callerPackage, String resolvedType) {
		if (query == null
		\|\| intent.getPackage() != null
		\|\| intent.getComponent() != null
		@@ -12694,19 +12694,24 @@ public class ActivityManagerService extends IActivityManager.Stub
		} else {
		continue;
		}
		if (!platformCompat.isChangeEnabledByUid(
		IMPLICIT_INTENTS_ONLY_MATCH_EXPORTED_COMPONENTS, callingUid)) {
		Slog.w(TAG, "Non-exported component not filtered out "
		+ "(will be filtered out once the app targets U+)- intent: "
		+ intent.getAction() + ", component: "
		+ componentInfo + ", sender: "
		+ callerPackage);
		boolean hasToBeExportedToMatch = platformCompat.isChangeEnabledByUid(
		ActivityManagerService.IMPLICIT_INTENTS_ONLY_MATCH_EXPORTED_COMPONENTS,
		callingUid);
		String[] categories = intent.getCategories() == null ? new String[0]
		: intent.getCategories().toArray(String[]::new);
		FrameworkStatsLog.write(FrameworkStatsLog.UNSAFE_INTENT_EVENT_REPORTED,
		FrameworkStatsLog.UNSAFE_INTENT_EVENT_REPORTED__EVENT_TYPE__INTERNAL_NON_EXPORTED_COMPONENT_MATCH,
		callingUid,
		componentInfo,
		callerPackage,
		intent.getAction(),
		categories,
		resolvedType,
		intent.getScheme(),
		hasToBeExportedToMatch);
		if (!hasToBeExportedToMatch) {
		return;
		}
		Slog.w(TAG, "Non-exported component filtered out - intent: "
		+ intent.getAction() + ", component: "
		+ componentInfo + ", sender: "
		+ callerPackage);
		query.remove(i);
		}
		}
		@@ -14620,7 +14625,7 @@ public class ActivityManagerService extends IActivityManager.Stub
		}

		filterNonExportedComponents(intent, callingUid, registeredReceivers,
		mPlatformCompat, callerPackage);
		mPlatformCompat, callerPackage, resolvedType);
		int NR = registeredReceivers != null ? registeredReceivers.size() : 0;
		if (!ordered && NR > 0 && !mEnableModernQueue) {
		// If we are not serializing this broadcast, then send the
		@@ -14726,7 +14731,7 @@ public class ActivityManagerService extends IActivityManager.Stub
		\|\| resultTo != null) {
		BroadcastQueue queue = broadcastQueueForIntent(intent);
		filterNonExportedComponents(intent, callingUid, receivers,
		mPlatformCompat, callerPackage);
		mPlatformCompat, callerPackage, resolvedType);
		BroadcastRecord r = new BroadcastRecord(queue, intent, callerApp, callerPackage,
		callerFeatureId, callingPid, callingUid, callerInstantApp, resolvedType,
		requiredPermissions, excludedPermissions, excludedPackages, appOp, brOptions,

services/core/java/com/android/server/pm/ResolveIntentHelper.java

+19 −14

Original line number	Diff line number	Diff line
		@@ -52,6 +52,7 @@ import android.util.Slog;

		import com.android.internal.app.ResolverActivity;
		import com.android.internal.util.ArrayUtils;
		import com.android.internal.util.FrameworkStatsLog;
		import com.android.server.am.ActivityManagerService;
		import com.android.server.compat.PlatformCompat;
		import com.android.server.pm.pkg.AndroidPackage;
		@@ -102,7 +103,8 @@ final class ResolveIntentHelper {
		}

		private static void filterNonExportedComponents(Intent intent, int filterCallingUid,
		List<ResolveInfo> query, PlatformCompat platformCompat, Computer computer) {
		List<ResolveInfo> query, PlatformCompat platformCompat, String resolvedType,
		Computer computer) {
		if (query == null
		\|\| intent.getPackage() != null
		\|\| intent.getComponent() != null
		@@ -113,21 +115,24 @@ final class ResolveIntentHelper {
		String callerPackage = caller == null ? "Not specified" : caller.getPackageName();
		for (int i = query.size() - 1; i >= 0; i--) {
		if (!query.get(i).getComponentInfo().exported) {
		if (!platformCompat.isChangeEnabledByUid(
		boolean hasToBeExportedToMatch = platformCompat.isChangeEnabledByUid(
		ActivityManagerService.IMPLICIT_INTENTS_ONLY_MATCH_EXPORTED_COMPONENTS,
		filterCallingUid)) {
		Slog.w(TAG, "Non-exported component not filtered out "
		+ "(will be filtered out once the app targets U+)- intent: "
		+ intent.getAction() + ", component: "
		+ query.get(i).getComponentInfo()
		.getComponentName().flattenToShortString()
		+ ", starter: " + callerPackage);
		filterCallingUid);
		String[] categories = intent.getCategories() == null ? new String[0]
		: intent.getCategories().toArray(String[]::new);
		FrameworkStatsLog.write(FrameworkStatsLog.UNSAFE_INTENT_EVENT_REPORTED,
		FrameworkStatsLog.UNSAFE_INTENT_EVENT_REPORTED__EVENT_TYPE__INTERNAL_NON_EXPORTED_COMPONENT_MATCH,
		filterCallingUid,
		query.get(i).getComponentInfo().getComponentName().flattenToShortString(),
		callerPackage,
		intent.getAction(),
		categories,
		resolvedType,
		intent.getScheme(),
		hasToBeExportedToMatch);
		if (!hasToBeExportedToMatch) {
		return;
		}
		Slog.w(TAG, "Non-exported component filtered out - intent: "
		+ intent.getAction() + ", component: "
		+ query.get(i).getComponentInfo().getComponentName().flattenToShortString()
		+ ", starter: " + callerPackage);
		query.remove(i);
		}
		}
		@@ -173,7 +178,7 @@ final class ResolveIntentHelper {
		resolveForStart, true /allowDynamicSplits/);
		if (exportedComponentsOnly) {
		filterNonExportedComponents(intent, filterCallingUid, query,
		mPlatformCompat, computer);
		mPlatformCompat, resolvedType, computer);
		}
		Trace.traceEnd(TRACE_TAG_PACKAGE_MANAGER);