Merge "Revert "Block intents with action set as null"" into udc-dev am: 5470d777 am: 7d76fe86

    @Override

    public ActivityInfo getActivityInfo(ComponentName className, ComponentInfoFlags flags)

            throws NameNotFoundException {

        return getActivityInfoAsUser(className, flags, getUserId());

    }

    @Override

    public ActivityInfo getActivityInfoAsUser(ComponentName className,

            ComponentInfoFlags flags, @UserIdInt int userId) throws NameNotFoundException {

        final int userId = getUserId();

        try {

            ActivityInfo ai = mPM.getActivityInfo(className,

                    updateFlagsForComponent(flags.getValue(), userId, null), userId);

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.SystemApi;

import android.app.compat.CompatChanges;

import android.compat.annotation.ChangeId;

import android.compat.annotation.EnabledAfter;

import android.compat.annotation.UnsupportedAppUsage;

import android.net.Uri;

import android.os.Build;

    private static final String[] EMPTY_STRING_ARRAY = new String[0];

    private static final boolean[] EMPTY_BOOLEAN_ARRAY = new boolean[0];

    /**

     * An intent with action set as null used to always pass the action test during intent

     * filter matching. This causes a lot of confusion and unexpected intent matches.

     * Null action intents should be blocked when either the intent sender or receiver

     * application targets U or higher.

     *

     * mBlockNullAction indicates whether the intent filter owner (intent receiver) is

     * targeting U+. This value will be properly set by package manager when IntentFilters are

     * passed to an application, so that when an application is trying to perform intent filter

     * matching locally, the correct matching algorithm will be chosen.

     *

     * When an IntentFilter is sent to system server (e.g. for registering runtime receivers),

     * the value set in mBlockNullAction will be ignored and overwritten with the correct

     * value evaluated based on the Binder calling identity. This makes sure that the

     * security enforcement cannot be bypassed by crafting a malicious IntentFilter.

     *

     * @hide

     */

    @ChangeId

    @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.TIRAMISU)

    public static final long BLOCK_NULL_ACTION_INTENTS = 264497795;

    /**

     * The filter {@link #setPriority} value at which system high-priority

     * receivers are placed; that is, receivers that should execute before

        String type = resolve ? intent.resolveType(resolver) : intent.getType();

        return match(intent.getAction(), type, intent.getScheme(),

                     intent.getData(), intent.getCategories(), logTag,

                     CompatChanges.isChangeEnabled(BLOCK_NULL_ACTION_INTENTS),

                     false /* supportWildcards */, null /* ignoreActions */,

                     intent.getExtras());

    }

            Uri data, Set<String> categories, String logTag, boolean supportWildcards,

            @Nullable Collection<String> ignoreActions) {

        return match(action, type, scheme, data, categories, logTag, supportWildcards,

                CompatChanges.isChangeEnabled(BLOCK_NULL_ACTION_INTENTS),

                ignoreActions, null /* extras */);

    }

     */

    public final int match(String action, String type, String scheme,

            Uri data, Set<String> categories, String logTag, boolean supportWildcards,

            boolean blockNullAction, @Nullable Collection<String> ignoreActions,

            @Nullable Bundle extras) {

        if ((action == null && blockNullAction)

                || !matchAction(action, supportWildcards, ignoreActions)) {

            @Nullable Collection<String> ignoreActions, @Nullable Bundle extras) {

        if (action != null && !matchAction(action, supportWildcards, ignoreActions)) {

            if (false) Log.v(

                logTag, "No matching action " + action + " for " + this);

            return NO_MATCH_ACTION;

                "getActivityInfo not implemented in subclass");

    }

    /**

     * @hide

     */

    @NonNull

    public ActivityInfo getActivityInfoAsUser(@NonNull ComponentName component,

            @NonNull ComponentInfoFlags flags, @UserIdInt int userId)

            throws NameNotFoundException {

        throw new UnsupportedOperationException(

                "getActivityInfoAsUser not implemented in subclass");

    }

    /**

     * Retrieve all of the information we know about a particular receiver

     * class.

package com.android.server;

import static android.content.IntentFilter.BLOCK_NULL_ACTION_INTENTS;

import static com.android.internal.util.FrameworkStatsLog.UNSAFE_INTENT_EVENT_REPORTED__EVENT_TYPE__NULL_ACTION_MATCH;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.UserIdInt;

import android.content.Intent;

import android.content.IntentFilter;

import android.net.Uri;

import android.os.Binder;

import android.os.UserHandle;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.FastImmutableArraySet;

import android.util.proto.ProtoOutputStream;

import com.android.internal.util.FastPrintWriter;

import com.android.server.am.ActivityManagerUtils;

import com.android.server.pm.Computer;

import com.android.server.pm.snapshot.PackageDataSnapshot;

     * Returns whether an intent matches the IntentFilter with a pre-resolved type.

     */

    public static boolean intentMatchesFilter(

            IntentFilter filter, Intent intent, String resolvedType, boolean blockNullAction) {

            IntentFilter filter, Intent intent, String resolvedType) {

        final boolean debug = localLOGV

                || ((intent.getFlags() & Intent.FLAG_DEBUG_LOG_RESOLUTION) != 0);

        }

        final int match = filter.match(intent.getAction(), resolvedType, intent.getScheme(),

                intent.getData(), intent.getCategories(), TAG, /* supportWildcards */ false,

                blockNullAction, null, null);

                intent.getData(), intent.getCategories(), TAG);

        if (match >= 0) {

            if (debug) {

        return Collections.unmodifiableSet(mFilters);

    }

    private boolean blockNullAction(Computer computer, Intent intent,

            String resolvedType, int callingUid, boolean debug) {

        if (intent.getAction() == null) {

            final boolean blockNullAction = UserHandle.isCore(callingUid)

                    || computer.isChangeEnabled(BLOCK_NULL_ACTION_INTENTS, callingUid);

            ActivityManagerUtils.logUnsafeIntentEvent(

                    UNSAFE_INTENT_EVENT_REPORTED__EVENT_TYPE__NULL_ACTION_MATCH,

                    callingUid, intent, resolvedType, blockNullAction);

            if (blockNullAction) {

                if (debug) Slog.v(TAG, "Skip matching filters: action is null");

                return true;

            }

        }

        return false;

    }

    public List<R> queryIntentFromList(@NonNull Computer computer, Intent intent,

            String resolvedType, boolean defaultOnly, ArrayList<F[]> listCut,

            int callingUid, @UserIdInt int userId, long customFlags) {

            String resolvedType, boolean defaultOnly, ArrayList<F[]> listCut, int userId,

            long customFlags) {

        ArrayList<R> resultList = new ArrayList<R>();

        final boolean debug = localLOGV ||

                ((intent.getFlags() & Intent.FLAG_DEBUG_LOG_RESOLUTION) != 0);

        if (blockNullAction(computer, intent, resolvedType, callingUid, debug)) return resultList;

        FastImmutableArraySet<String> categories = getFastIntentCategories(intent);

        final String scheme = intent.getScheme();

        int N = listCut.size();

            buildResolveList(computer, intent, categories, debug, defaultOnly, resolvedType, scheme,

                    listCut.get(i), resultList, userId, customFlags);

        }

        filterResults(computer, intent, resultList);

        filterResults(resultList);

        sortResults(resultList);

        return resultList;

    }

    public final List<R> queryIntent(@NonNull PackageDataSnapshot snapshot, Intent intent,

            String resolvedType, boolean defaultOnly, @UserIdInt int userId) {

        return queryIntent(snapshot, intent, resolvedType, defaultOnly,

                Binder.getCallingUid(), userId, 0);

    }

    public List<R> queryIntent(@NonNull PackageDataSnapshot snapshot, Intent intent,

            String resolvedType, boolean defaultOnly, int callingUid, @UserIdInt int userId) {

        return queryIntent(snapshot, intent, resolvedType, defaultOnly, callingUid, userId, 0);

            String resolvedType, boolean defaultOnly, @UserIdInt int userId) {

        return queryIntent(snapshot, intent, resolvedType, defaultOnly, userId, 0);

    }

    protected final List<R> queryIntent(@NonNull PackageDataSnapshot snapshot, Intent intent,

            String resolvedType, boolean defaultOnly, int callingUid, @UserIdInt int userId,

            long customFlags) {

        final Computer computer = (Computer) snapshot;

            String resolvedType, boolean defaultOnly, @UserIdInt int userId, long customFlags) {

        String scheme = intent.getScheme();

        ArrayList<R> finalList = new ArrayList<R>();

            TAG, "Resolving type=" + resolvedType + " scheme=" + scheme

            + " defaultOnly=" + defaultOnly + " userId=" + userId + " of " + intent);

        if (blockNullAction(computer, intent, resolvedType, callingUid, debug)) return finalList;

        F[] firstTypeCut = null;

        F[] secondTypeCut = null;

        F[] thirdTypeCut = null;

        }

        FastImmutableArraySet<String> categories = getFastIntentCategories(intent);

        Computer computer = (Computer) snapshot;

        if (firstTypeCut != null) {

            buildResolveList(computer, intent, categories, debug, defaultOnly, resolvedType,

                    scheme, firstTypeCut, finalList, userId, customFlags);

            buildResolveList(computer, intent, categories, debug, defaultOnly, resolvedType,

                    scheme, schemeCut, finalList, userId, customFlags);

        }

        filterResults(computer, intent, finalList);

        filterResults(finalList);

        sortResults(finalList);

        if (debug) {

    /**

     * Apply filtering to the results. This happens before the results are sorted.

     */

    protected void filterResults(@NonNull Computer computer, @NonNull Intent intent,

            List<R> results) {

    protected void filterResults(List<R> results) {

    }

    protected void dumpFilter(PrintWriter out, String prefix, F filter) {

                continue;

            }

            match = intentFilter.match(action, resolvedType, scheme, data, categories, TAG,

                    false /*supportWildcards*/,

                    false /*blockNullAction: already handled*/,

                    null /*ignoreActions*/,

                    null /*extras*/);

            match = intentFilter.match(action, resolvedType, scheme, data, categories, TAG);

            if (match >= 0) {

                if (debug) Slog.v(TAG, "  Filter matched!  match=0x" +

                        Integer.toHexString(match) + " hasDefault="

            return null;

        }

        @Override

        protected void filterResults(@NonNull Computer computer,

                @NonNull Intent intent, List<BroadcastFilter> results) {

            if (intent.getAction() != null) return;

            // When the resolved component is targeting U+, block null action intents

            for (int i = results.size() - 1; i >= 0; --i) {

                if (computer.isChangeEnabled(

                        IntentFilter.BLOCK_NULL_ACTION_INTENTS, results.get(i).owningUid)) {

                    results.remove(i);

                }

            }

        }

        @Override

        protected IntentFilter getIntentFilter(@NonNull BroadcastFilter input) {

            return input;

                        (intent.getFlags() & Intent.FLAG_RECEIVER_VISIBLE_TO_INSTANT_APPS) == 0) {

                    continue;

                }

                final boolean blockNullAction = mPlatformCompat.isChangeEnabledInternal(

                        IntentFilter.BLOCK_NULL_ACTION_INTENTS, callerApp.info);

                // If intent has scheme "content", it will need to access

                // provider that needs to lock mProviderMap in ActivityThread

                // and also it may need to wait application response, so we

                // cannot lock ActivityManagerService here.

                if (filter.match(intent.getAction(), intent.resolveType(resolver),

                        intent.getScheme(), intent.getData(), intent.getCategories(), TAG,

                        false /* supportWildcards */,

                        blockNullAction,

                        null /* ignoreActions */,

                        intent.getExtras()) >= 0) {

                if (filter.match(resolver, intent, true, TAG) >= 0) {

                    if (allSticky == null) {

                        allSticky = new ArrayList<Intent>();

                    }

                    }

                    List<BroadcastFilter> registeredReceiversForUser =

                            mReceiverResolver.queryIntent(snapshot, intent,

                                    resolvedType, false /*defaultOnly*/, callingUid, users[i]);

                                    resolvedType, false /*defaultOnly*/, users[i]);

                    if (registeredReceivers == null) {

                        registeredReceivers = registeredReceiversForUser;

                    } else if (registeredReceiversForUser != null) {

                }

            } else {

                registeredReceivers = mReceiverResolver.queryIntent(snapshot, intent,

                        resolvedType, false /*defaultOnly*/, callingUid, userId);

                        resolvedType, false /*defaultOnly*/, userId);

            }

        }

        BroadcastQueue.traceEnd(cookie);