Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9d8d152a authored by Linus Tufvesson's avatar Linus Tufvesson
Browse files

Don't allow activites on virtual displays 

.. unless the caller has ACTIVITY_EMBEDDING permission or is already
present on the display. This prevents non privileged apps from elevating
their FG state by creating a private VD and putting an activity there.
Which would keep their stack considered FG even after their activity on
the main display is no longer visible.

Test: atest CtsWindowManagerDeviceTestCases:MultiDisplaySecurityTests
Bug: 146768652
Change-Id: I1f9662c2bd14b34e00fbc8ebb926538f0329c37a
parent 26e2c929

services/core/java/com/android/server/wm/ActivityStackSupervisor.java

+1 −2
Original line number Diff line number Diff line
@@ -1092,8 +1092,7 @@ public class ActivityStackSupervisor implements RecentTasks.Callbacks { 
        final boolean uidPresentOnDisplay = displayContent.isUidPresent(callingUid);



        final int displayOwnerUid = displayContent.mDisplay.getOwnerUid();

        if (displayContent.mDisplay.getType() == TYPE_VIRTUAL && displayOwnerUid != SYSTEM_UID

                && displayOwnerUid != aInfo.applicationInfo.uid) {

        if (displayContent.mDisplay.getType() == TYPE_VIRTUAL && displayOwnerUid != SYSTEM_UID) {

            // Limit launching on virtual displays, because their contents can be read from Surface

            // by apps that created them.

            if ((aInfo.flags & ActivityInfo.FLAG_ALLOW_EMBEDDED) == 0) {

services/tests/wmtests/Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ android_test { 
        "testables",

        "ub-uiautomator",

        "hamcrest-library",

        "compatibility-device-util-axt",

    ],



    libs: [

services/tests/wmtests/AndroidManifest.xml

+1 −1
Original line number Diff line number Diff line
@@ -55,7 +55,7 @@ 
        <activity android:name="com.android.server.wm.TaskStackChangedListenerTest$ActivityInActivityView"

                  android:resizeableActivity="true" />

        <activity android:name="com.android.server.wm.ScreenDecorWindowTests$TestActivity"

                  android:showWhenLocked="true" />

                  android:showWhenLocked="true" android:allowEmbedded="true"/>

    </application>



    <instrumentation

services/tests/wmtests/src/com/android/server/wm/ScreenDecorWindowTests.java

+6 −1
Original line number Diff line number Diff line
@@ -64,6 +64,8 @@ import android.widget.TextView; 


import androidx.test.filters.SmallTest;



import com.android.compatibility.common.util.SystemUtil;



import org.junit.After;

import org.junit.Before;

import org.junit.Test;
@@ -343,7 +345,10 @@ public class ScreenDecorWindowTests { 
        intent.addFlags(FLAG_ACTIVITY_NEW_TASK);

        final ActivityOptions options = ActivityOptions.makeBasic();

        options.setLaunchDisplayId(displayId);

        final Activity activity = mInstrumentation.startActivitySync(intent, options.toBundle());



        final Activity activity = SystemUtil.runWithShellPermissionIdentity(

                () -> mInstrumentation.startActivitySync(intent, options.toBundle()),

                "android.permission.ACTIVITY_EMBEDDING");

        waitForIdle();



        assertEquals(displayId, activity.getDisplayId());