Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 952cb89f authored by Guliz Seray Tuncay's avatar Guliz Seray Tuncay
Browse files

Fix getRunningTasks info leak 

Using the getRunningTasks() API, apps can currently tell if there is an
app in the foreground. This information can be utilized by attackers to
launch phishing attacks (b/155337219). This issue can be prevented by
not allowing the getRunningTasks() API to report the nexus launcher in
its output.

Bug: 155337219
Test: manual atest (WmTests:RunningTasksTest)
Change-Id: Ib6c87815eb949f1481485ad8ba7b9b1dc6bc6323
parent f1a408f2

services/core/java/com/android/server/wm/RunningTasks.java

+2 −3
Original line number Diff line number Diff line
@@ -99,9 +99,8 @@ class RunningTasks { 
                // the task's profile

                return;

            }

            if (!mAllowed && !task.isActivityTypeHome()) {

                // Skip if the caller isn't allowed to fetch this task, except for the home

                // task which we always return.

            if (!mAllowed) {

                // Skip if the caller isn't allowed to fetch this task

                return;

            }

        }