Check PI sender instead of PI creator for BAL permission transfer (8d0f5bca) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/wm/ActivityStarter.java

+11 −14

Original line number	Diff line number	Diff line
		@@ -1328,17 +1328,15 @@ class ActivityStarter {
		: (realCallingAppId == Process.SYSTEM_UID)
		\|\| realCallingUidProcState <= ActivityManager.PROCESS_STATE_PERSISTENT_UI;

		// If caller a legacy app, we won't check if caller has BAL permission.
		final boolean isPiBalOptionEnabled = CompatChanges.isChangeEnabled(
		ENABLE_PENDING_INTENT_BAL_OPTION, callingUid);

		// Legacy behavior allows to use caller foreground state to bypass BAL restriction.
		final boolean balAllowedByPiSender =
		PendingIntentRecord.isPendingIntentBalAllowedByCaller(checkedOptions);

		if (balAllowedByPiSender && realCallingUid != callingUid) {
		if (isPiBalOptionEnabled) {
		if (ActivityManager.checkComponentPermission(
		// If the caller is a legacy app, we won't check if the caller has BAL permission.
		final boolean isPiBalOptionEnabled = CompatChanges.isChangeEnabled(
		ENABLE_PENDING_INTENT_BAL_OPTION, realCallingUid);
		if (isPiBalOptionEnabled && ActivityManager.checkComponentPermission(
		android.Manifest.permission.START_ACTIVITIES_FROM_BACKGROUND,
		realCallingUid, -1, true)
		== PackageManager.PERMISSION_GRANTED) {
		@@ -1348,7 +1346,6 @@ class ActivityStarter {
		}
		return false;
		}
		}

		// don't abort if the realCallingUid has a visible window
		// TODO(b/171459802): We should check appSwitchAllowed also