Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 94deedfe authored by Achim Thesmann's avatar Achim Thesmann
Browse files

Log all blocked BAL attempts 

The current BAL wtf logs only report issues related to BAL hardening.
This reports all BAL blocks independent of the reason, which can be
derived from the logged state dump.

Test: atest BackgroundActivityLaunchTest
Bug: 323739101
Change-Id: I895cfbc56e0f5b2c770b2d71d6a0643e068a6f37
parent 59e8043a

services/core/java/com/android/server/wm/BackgroundActivityStartController.java

+6 −9
Original line number Diff line number Diff line
@@ -722,8 +722,7 @@ public class BackgroundActivityStartController { 
            if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {

                Slog.wtf(TAG, "With Android 15 BAL hardening this activity start may be blocked"

                        + " if the PI creator upgrades target_sdk to 35+! "

                                + " (missing opt in by PI creator)! "

                                + state.dump());

                        + " (missing opt in by PI creator)!" + state.dump());

                showBalRiskToast();

                return allowBasedOnCaller(state);

            }
@@ -733,16 +732,14 @@ public class BackgroundActivityStartController { 
            if (state.mBalAllowedByPiSender.allowsBackgroundActivityStarts()) {

                Slog.wtf(TAG, "With Android 14 BAL hardening this activity start will be blocked"

                        + " if the PI sender upgrades target_sdk to 34+! "

                                + " (missing opt in by PI sender)! "

                                + state.dump());

                        + " (missing opt in by PI sender)!" + state.dump());

                showBalRiskToast();

                return allowBasedOnRealCaller(state);

            }

        }

        // caller or real caller could start the activity, but would need to explicitly opt in

        if (callerCanAllow || realCallerCanAllow) {

            Slog.wtf(TAG, "Without BAL hardening this activity start would be allowed "

                            + state.dump());

            Slog.w(TAG, "Without BAL hardening this activity start would be allowed");

        }

        // neither the caller not the realCaller can allow or have explicitly opted out

        return abortLaunch(state);
@@ -765,7 +762,7 @@ public class BackgroundActivityStartController { 
    }



    private BalVerdict abortLaunch(BalState state) {

        Slog.w(TAG, "Background activity launch blocked! "

        Slog.wtf(TAG, "Background activity launch blocked! "

                + state.dump());

        showBalBlockedToast();

        return statsLog(BalVerdict.BLOCK, state);