Loading services/core/java/com/android/server/wm/BackgroundActivityStartController.java +20 −2 Original line number Diff line number Diff line Loading @@ -558,7 +558,7 @@ public class BackgroundActivityStartController { .append(mBalAllowedByPiCreatorWithHardening); sb.append("; resultIfPiCreatorAllowsBal: ").append(mResultForCaller); sb.append("; callerStartMode: ").append(balStartModeToString( mCheckedOptions.getPendingIntentBackgroundActivityStartMode())); mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode())); sb.append("; hasRealCaller: ").append(hasRealCaller()); sb.append("; isCallForResult: ").append(mIsCallForResult); sb.append("; isPendingIntent: ").append(isPendingIntent()); Loading @@ -585,7 +585,7 @@ public class BackgroundActivityStartController { sb.append("; balAllowedByPiSender: ").append(mBalAllowedByPiSender); sb.append("; resultIfPiSenderAllowsBal: ").append(mResultForRealCaller); sb.append("; realCallerStartMode: ").append(balStartModeToString( mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode())); mCheckedOptions.getPendingIntentBackgroundActivityStartMode())); } // features sb.append("; balImproveRealCallerVisibilityCheck: ") Loading Loading @@ -1044,6 +1044,24 @@ public class BackgroundActivityStartController { "realCallingUid has BAL permission."); } // don't abort if the realCallingUid has SYSTEM_ALERT_WINDOW permission Slog.i(TAG, "hasSystemAlertWindowPermission(" + state.mRealCallingUid + ", " + state.mRealCallingPid + ", " + state.mRealCallingPackage + ") " + balStartModeToString( state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode())); if (state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode() == MODE_BACKGROUND_ACTIVITY_START_ALLOW_ALWAYS && mService.hasSystemAlertWindowPermission(state.mRealCallingUid, state.mRealCallingPid, state.mRealCallingPackage)) { Slog.w( TAG, "Background activity start for " + state.mRealCallingPackage + " allowed because SYSTEM_ALERT_WINDOW permission is granted."); return new BalVerdict(BAL_ALLOW_SAW_PERMISSION, /*background*/ true, "SYSTEM_ALERT_WINDOW permission is granted"); } // if the realCallingUid is a persistent system process, abort if the IntentSender // wasn't allowed to start an activity if (state.mForcedBalByPiSender.allowsBackgroundActivityStarts() Loading services/tests/wmtests/src/com/android/server/wm/BackgroundActivityStartControllerExemptionTests.java +35 −0 Original line number Diff line number Diff line Loading @@ -682,6 +682,41 @@ public class BackgroundActivityStartControllerExemptionTests { BAL_ALLOW_SAW_PERMISSION); } @Test @RequiresFlagsEnabled(Flags.FLAG_BAL_ADDITIONAL_START_MODES) public void testRealCaller_sawPermission() { int callingUid = REGULAR_UID_1; int callingPid = REGULAR_PID_1; final String callingPackage = REGULAR_PACKAGE_1; int realCallingUid = REGULAR_UID_2; int realCallingPid = REGULAR_PID_2; // setup state when(mService.hasSystemAlertWindowPermission(eq(realCallingUid), eq(realCallingPid), any())).thenReturn(true); // prepare call PendingIntentRecord originatingPendingIntent = mPendingIntentRecord; BackgroundStartPrivileges forcedBalByPiSender = BackgroundStartPrivileges.NONE; Intent intent = TEST_INTENT; ActivityOptions checkedOptions = mCheckedOptions.setPendingIntentBackgroundActivityStartMode( MODE_BACKGROUND_ACTIVITY_START_ALLOW_ALWAYS); BackgroundActivityStartController.BalState balState = mController.new BalState(callingUid, callingPid, callingPackage, realCallingUid, realCallingPid, null, originatingPendingIntent, forcedBalByPiSender, mResultRecord, intent, checkedOptions); // call BalVerdict callerVerdict = mController.checkBackgroundActivityStartAllowedByRealCaller( balState); balState.setResultForCaller(callerVerdict); // assertions assertWithMessage(balState.toString()).that(callerVerdict.getCode()).isEqualTo( BAL_ALLOW_SAW_PERMISSION); } @Test public void testCaller_isRecents() { int callingUid = REGULAR_UID_1; Loading Loading
services/core/java/com/android/server/wm/BackgroundActivityStartController.java +20 −2 Original line number Diff line number Diff line Loading @@ -558,7 +558,7 @@ public class BackgroundActivityStartController { .append(mBalAllowedByPiCreatorWithHardening); sb.append("; resultIfPiCreatorAllowsBal: ").append(mResultForCaller); sb.append("; callerStartMode: ").append(balStartModeToString( mCheckedOptions.getPendingIntentBackgroundActivityStartMode())); mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode())); sb.append("; hasRealCaller: ").append(hasRealCaller()); sb.append("; isCallForResult: ").append(mIsCallForResult); sb.append("; isPendingIntent: ").append(isPendingIntent()); Loading @@ -585,7 +585,7 @@ public class BackgroundActivityStartController { sb.append("; balAllowedByPiSender: ").append(mBalAllowedByPiSender); sb.append("; resultIfPiSenderAllowsBal: ").append(mResultForRealCaller); sb.append("; realCallerStartMode: ").append(balStartModeToString( mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode())); mCheckedOptions.getPendingIntentBackgroundActivityStartMode())); } // features sb.append("; balImproveRealCallerVisibilityCheck: ") Loading Loading @@ -1044,6 +1044,24 @@ public class BackgroundActivityStartController { "realCallingUid has BAL permission."); } // don't abort if the realCallingUid has SYSTEM_ALERT_WINDOW permission Slog.i(TAG, "hasSystemAlertWindowPermission(" + state.mRealCallingUid + ", " + state.mRealCallingPid + ", " + state.mRealCallingPackage + ") " + balStartModeToString( state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode())); if (state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode() == MODE_BACKGROUND_ACTIVITY_START_ALLOW_ALWAYS && mService.hasSystemAlertWindowPermission(state.mRealCallingUid, state.mRealCallingPid, state.mRealCallingPackage)) { Slog.w( TAG, "Background activity start for " + state.mRealCallingPackage + " allowed because SYSTEM_ALERT_WINDOW permission is granted."); return new BalVerdict(BAL_ALLOW_SAW_PERMISSION, /*background*/ true, "SYSTEM_ALERT_WINDOW permission is granted"); } // if the realCallingUid is a persistent system process, abort if the IntentSender // wasn't allowed to start an activity if (state.mForcedBalByPiSender.allowsBackgroundActivityStarts() Loading
services/tests/wmtests/src/com/android/server/wm/BackgroundActivityStartControllerExemptionTests.java +35 −0 Original line number Diff line number Diff line Loading @@ -682,6 +682,41 @@ public class BackgroundActivityStartControllerExemptionTests { BAL_ALLOW_SAW_PERMISSION); } @Test @RequiresFlagsEnabled(Flags.FLAG_BAL_ADDITIONAL_START_MODES) public void testRealCaller_sawPermission() { int callingUid = REGULAR_UID_1; int callingPid = REGULAR_PID_1; final String callingPackage = REGULAR_PACKAGE_1; int realCallingUid = REGULAR_UID_2; int realCallingPid = REGULAR_PID_2; // setup state when(mService.hasSystemAlertWindowPermission(eq(realCallingUid), eq(realCallingPid), any())).thenReturn(true); // prepare call PendingIntentRecord originatingPendingIntent = mPendingIntentRecord; BackgroundStartPrivileges forcedBalByPiSender = BackgroundStartPrivileges.NONE; Intent intent = TEST_INTENT; ActivityOptions checkedOptions = mCheckedOptions.setPendingIntentBackgroundActivityStartMode( MODE_BACKGROUND_ACTIVITY_START_ALLOW_ALWAYS); BackgroundActivityStartController.BalState balState = mController.new BalState(callingUid, callingPid, callingPackage, realCallingUid, realCallingPid, null, originatingPendingIntent, forcedBalByPiSender, mResultRecord, intent, checkedOptions); // call BalVerdict callerVerdict = mController.checkBackgroundActivityStartAllowedByRealCaller( balState); balState.setResultForCaller(callerVerdict); // assertions assertWithMessage(balState.toString()).that(callerVerdict.getCode()).isEqualTo( BAL_ALLOW_SAW_PERMISSION); } @Test public void testCaller_isRecents() { int callingUid = REGULAR_UID_1; Loading
