Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 97978808 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Start cross profile intents as caller. 

The system should always be using new startActivityAsCaller() when
starting activities on behalf of someone else, to ensure that
security checks are enforced as the original caller.

Bug: 17983737
Change-Id: Ic40816a797cfdb13c0adb48b86ed4ed7d6aae8eb
parent dc876b56

core/java/android/app/Activity.java

+2 −2
Original line number Diff line number Diff line
@@ -3847,14 +3847,14 @@ public class Activity extends ContextThemeWrapper 
     * their launch had come from the original activity.

     * @hide

     */

    public void startActivityAsCaller(Intent intent, @Nullable Bundle options) {

    public void startActivityAsCaller(Intent intent, @Nullable Bundle options, int userId) {

        if (mParent != null) {

            throw new RuntimeException("Can't be called from a child");

        }

        Instrumentation.ActivityResult ar =

                mInstrumentation.execStartActivityAsCaller(

                        this, mMainThread.getApplicationThread(), mToken, this,

                        intent, -1, options);

                        intent, -1, options, userId);

        if (ar != null) {

            mMainThread.sendActivityResult(

                mToken, mEmbeddedID, -1, ar.getResultCode(),

core/java/android/app/ActivityManagerNative.java

+4 −2
Original line number Diff line number Diff line
@@ -184,8 +184,9 @@ public abstract class ActivityManagerNative extends Binder implements IActivityM 
                    ? ProfilerInfo.CREATOR.createFromParcel(data) : null;

            Bundle options = data.readInt() != 0

                    ? Bundle.CREATOR.createFromParcel(data) : null;

            int userId = data.readInt();

            int result = startActivityAsCaller(app, callingPackage, intent, resolvedType,

                    resultTo, resultWho, requestCode, startFlags, profilerInfo, options);

                    resultTo, resultWho, requestCode, startFlags, profilerInfo, options, userId);

            reply.writeNoException();

            reply.writeInt(result);

            return true;
@@ -2435,7 +2436,7 @@ class ActivityManagerProxy implements IActivityManager 
    }

    public int startActivityAsCaller(IApplicationThread caller, String callingPackage,

            Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode,

            int startFlags, ProfilerInfo profilerInfo, Bundle options) throws RemoteException {

            int startFlags, ProfilerInfo profilerInfo, Bundle options, int userId) throws RemoteException {

        Parcel data = Parcel.obtain();

        Parcel reply = Parcel.obtain();

        data.writeInterfaceToken(IActivityManager.descriptor);
@@ -2459,6 +2460,7 @@ class ActivityManagerProxy implements IActivityManager 
        } else {

            data.writeInt(0);

        }

        data.writeInt(userId);

        mRemote.transact(START_ACTIVITY_AS_CALLER_TRANSACTION, data, reply, 0);

        reply.readException();

        int result = reply.readInt();

core/java/android/app/IActivityManager.java

+1 −1
Original line number Diff line number Diff line
@@ -69,7 +69,7 @@ public interface IActivityManager extends IInterface { 
            ProfilerInfo profilerInfo, Bundle options, int userId) throws RemoteException;

    public int startActivityAsCaller(IApplicationThread caller, String callingPackage,

            Intent intent, String resolvedType, IBinder resultTo, String resultWho, int requestCode,

            int flags, ProfilerInfo profilerInfo, Bundle options) throws RemoteException;

            int flags, ProfilerInfo profilerInfo, Bundle options, int userId) throws RemoteException;

    public WaitResult startActivityAndWait(IApplicationThread caller, String callingPackage,

            Intent intent, String resolvedType, IBinder resultTo, String resultWho,

            int requestCode, int flags, ProfilerInfo profilerInfo, Bundle options,

core/java/android/app/Instrumentation.java

+2 −2
Original line number Diff line number Diff line
@@ -1671,7 +1671,7 @@ public class Instrumentation { 
     */

    public ActivityResult execStartActivityAsCaller(

            Context who, IBinder contextThread, IBinder token, Activity target,

            Intent intent, int requestCode, Bundle options) {

            Intent intent, int requestCode, Bundle options, int userId) {

        IApplicationThread whoThread = (IApplicationThread) contextThread;

        if (mActivityMonitors != null) {

            synchronized (mSync) {
@@ -1695,7 +1695,7 @@ public class Instrumentation { 
                .startActivityAsCaller(whoThread, who.getBasePackageName(), intent,

                        intent.resolveTypeIfNeeded(who.getContentResolver()),

                        token, target != null ? target.mEmbeddedID : null,

                        requestCode, 0, null, options);

                        requestCode, 0, null, options, userId);

            checkStartActivityResult(result, intent);

        } catch (RemoteException e) {

        }

core/java/android/app/admin/DevicePolicyManager.java

+10 −4
Original line number Diff line number Diff line
@@ -439,14 +439,20 @@ public class DevicePolicyManager { 
            = "android.app.action.SET_NEW_PASSWORD";



    /**

     * Flag used by {@link #addCrossProfileIntentFilter} to allow access of certain intents from a

     * managed profile to its parent.

     * Flag used by {@link #addCrossProfileIntentFilter} to allow access

     * <em>from</em> a managed profile <em>to</em> its parent. That is, any

     * matching activities in the parent profile are included in the

     * disambiguation list shown when an app in the managed profile calls

     * {@link Activity#startActivity(Intent)}.

     */

    public static final int FLAG_PARENT_CAN_ACCESS_MANAGED = 0x0001;



    /**

     * Flag used by {@link #addCrossProfileIntentFilter} to allow access of certain intents from the

     * parent to its managed profile.

     * Flag used by {@link #addCrossProfileIntentFilter} to allow access

     * <em>from</em> a parent <em>to</em> its managed profile. That is, any

     * matching activities in the managed profile are included in the

     * disambiguation list shown when an app in the parent profile calls

     * {@link Activity#startActivity(Intent)}.

     */

    public static final int FLAG_MANAGED_CAN_ACCESS_PARENT = 0x0002;