Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7da08c6b authored by Jeff Chang's avatar Jeff Chang
Browse files

[RESTRICT AUTOMERGE] Allow activity to be reparent while allowTaskReparenting is applied 

Any malicious application could hijack tasks by
android:allowTaskReparenting. This vulnerability can perform UI
spoofing or spying on user’s activities.

This CL only allows activities to be reparent while
android:allowTaskReparenting is applied and the affinity of activity
is same with the target task.

Bug: 240663194
Test: atest IntentTests
Change-Id: I73abb9ec05af95bc14f887ae825a9ada9600f771
parent f8f07e22

services/core/java/com/android/server/wm/ResetTargetTaskHelper.java

+2 −1
Original line number Diff line number Diff line
@@ -148,15 +148,16 @@ class ResetTargetTaskHelper { 
            return false;



        } else {

            mResultActivities.add(r);

            if (r.resultTo != null) {

                // If this activity is sending a reply to a previous activity, we can't do

                // anything with it now until we reach the start of the reply chain.

                // NOTE: that we are assuming the result is always to the previous activity,

                // which is almost always the case but we really shouldn't count on.

                mResultActivities.add(r);

                return false;

            } else if (mTargetTaskFound && allowTaskReparenting && mTargetTask.affinity != null

                    && mTargetTask.affinity.equals(r.taskAffinity)) {

                mResultActivities.add(r);

                // This activity has an affinity for our task. Either remove it if we are

                // clearing or move it over to our task. Note that we currently punt on the case

                // where we are resetting a task that is not at the top but who has activities