Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 80402f78 authored by Louis Chang's avatar Louis Chang Committed by Automerger Merge Worker
Browse files

Merge "Only allow system or sysui to set launch activity type" into sc-dev am:... 

Merge "Only allow system or sysui to set launch activity type" into sc-dev am: 8f5d0a87 am: 3cc8dc30

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/14613436

Change-Id: Ib8db91586208d85fce507ae1d51d2ce0adbd831f
parents 88457a9e 3cc8dc30

services/core/java/com/android/server/wm/ActivityTaskManagerService.java

+14 −9
Original line number Original line Diff line number Diff line
@@ -1638,6 +1638,8 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { 
        mAmInternal.enforceCallingPermission(BIND_VOICE_INTERACTION, "startAssistantActivity()");

        mAmInternal.enforceCallingPermission(BIND_VOICE_INTERACTION, "startAssistantActivity()");

        userId = handleIncomingUser(callingPid, callingUid, userId, "startAssistantActivity");

        userId = handleIncomingUser(callingPid, callingUid, userId, "startAssistantActivity");





        final long origId = Binder.clearCallingIdentity();

        try {

            return getActivityStartController().obtainStarter(intent, "startAssistantActivity")

            return getActivityStartController().obtainStarter(intent, "startAssistantActivity")

                    .setCallingUid(callingUid)

                    .setCallingUid(callingUid)

                    .setCallingPackage(callingPackage)

                    .setCallingPackage(callingPackage)
@@ -1647,6 +1649,9 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { 
                    .setUserId(userId)

                    .setUserId(userId)

                    .setAllowBackgroundActivityStart(true)

                    .setAllowBackgroundActivityStart(true)

                    .execute();

                    .execute();

        } finally {

            Binder.restoreCallingIdentity(origId);

        }

    }

    }





    /**

    /**

services/core/java/com/android/server/wm/SafeActivityOptions.java

+57 −5
Original line number Original line Diff line number Diff line
@@ -20,6 +20,9 @@ import static android.Manifest.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIO 
import static android.Manifest.permission.START_TASKS_FROM_RECENTS;

import static android.Manifest.permission.START_TASKS_FROM_RECENTS;

import static android.Manifest.permission.STATUS_BAR_SERVICE;

import static android.Manifest.permission.STATUS_BAR_SERVICE;

import static android.app.ActivityTaskManager.INVALID_TASK_ID;

import static android.app.ActivityTaskManager.INVALID_TASK_ID;

import static android.app.WindowConfiguration.ACTIVITY_TYPE_ASSISTANT;

import static android.app.WindowConfiguration.ACTIVITY_TYPE_UNDEFINED;

import static android.app.WindowConfiguration.activityTypeToString;

import static android.content.pm.PackageManager.PERMISSION_DENIED;

import static android.content.pm.PackageManager.PERMISSION_DENIED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;

import static android.view.Display.INVALID_DISPLAY;

import static android.view.Display.INVALID_DISPLAY;
@@ -29,12 +32,15 @@ import static com.android.server.wm.ActivityTaskManagerDebugConfig.TAG_WITH_CLAS 




import android.annotation.Nullable;

import android.annotation.Nullable;

import android.app.ActivityOptions;

import android.app.ActivityOptions;

import android.app.AppGlobals;

import android.app.PendingIntent;

import android.app.PendingIntent;

import android.content.Intent;

import android.content.Intent;

import android.content.pm.ActivityInfo;

import android.content.pm.ActivityInfo;

import android.content.pm.PackageManager;

import android.os.Binder;

import android.os.Binder;

import android.os.Bundle;

import android.os.Bundle;

import android.os.Process;

import android.os.Process;

import android.os.RemoteException;

import android.os.UserHandle;

import android.os.UserHandle;

import android.util.Slog;

import android.util.Slog;

import android.view.RemoteAnimationAdapter;

import android.view.RemoteAnimationAdapter;
@@ -281,17 +287,63 @@ public class SafeActivityOptions { 
        }

        }





        // If launched from bubble is specified, then ensure that the caller is system or sysui.

        // If launched from bubble is specified, then ensure that the caller is system or sysui.

        if (options.getLaunchedFromBubble() && callingUid != Process.SYSTEM_UID) {

        if (options.getLaunchedFromBubble() && !isSystemOrSystemUI(callingPid, callingUid)) {

            final int statusBarPerm = ActivityTaskManagerService.checkPermission(

                    STATUS_BAR_SERVICE, callingPid, callingUid);

            if (statusBarPerm == PERMISSION_DENIED) {

            final String msg = "Permission Denial: starting " + getIntentString(intent)

            final String msg = "Permission Denial: starting " + getIntentString(intent)

                    + " from " + callerApp + " (pid=" + callingPid

                    + " from " + callerApp + " (pid=" + callingPid

                    + ", uid=" + callingUid + ") with launchedFromBubble=true";

                    + ", uid=" + callingUid + ") with launchedFromBubble=true";

            Slog.w(TAG, msg);

            Slog.w(TAG, msg);

            throw new SecurityException(msg);

            throw new SecurityException(msg);

        }

        }



        final int activityType = options.getLaunchActivityType();

        if (activityType != ACTIVITY_TYPE_UNDEFINED

                && !isSystemOrSystemUI(callingPid, callingUid)) {

            // Granted if it is assistant type and the calling uid is assistant.

            boolean activityTypeGranted = false;

            if (activityType == ACTIVITY_TYPE_ASSISTANT

                    && isAssistant(supervisor.mService, callingUid)) {

                activityTypeGranted = true;

            }



            if (!activityTypeGranted) {

                final String msg = "Permission Denial: starting " + getIntentString(intent)

                        + " from " + callerApp + " (pid=" + callingPid

                        + ", uid=" + callingUid + ") with launchActivityType="

                        + activityTypeToString(options.getLaunchActivityType());

                Slog.w(TAG, msg);

                throw new SecurityException(msg);

            }

        }

    }

    }



    private boolean isAssistant(ActivityTaskManagerService atmService, int callingUid) {

        if (atmService.mActiveVoiceInteractionServiceComponent == null) {

            return false;

        }



        final String assistantPackage =

                atmService.mActiveVoiceInteractionServiceComponent.getPackageName();

        try {

            final int uid = AppGlobals.getPackageManager().getPackageUid(assistantPackage,

                    PackageManager.MATCH_DIRECT_BOOT_AUTO,

                    UserHandle.getUserId(callingUid));

            if (uid == callingUid) {

                return true;

            }

        } catch (RemoteException e) {

            // Should not happen

        }

        return false;

    }



    private boolean isSystemOrSystemUI(int callingPid, int callingUid) {

        if (callingUid == Process.SYSTEM_UID) {

            return true;

        }



        final int statusBarPerm = ActivityTaskManagerService.checkPermission(

                STATUS_BAR_SERVICE, callingPid, callingUid);

        return statusBarPerm == PERMISSION_GRANTED;

    }

    }





    private String getIntentString(Intent intent) {

    private String getIntentString(Intent intent) {