Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ad02e59a authored by Varun Shah's avatar Varun Shah Committed by Atanas Kirilov
Browse files

RESTRICT AUTOMERGE: Added an app id security check in isAppForeground. 

ActivityManagerService#isAppForeground now checks if the caller has the
permission to view if an app is in the foreground.

Bug: 115384617
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.ActivityManagerTest#testIsAppInForegroundNormal
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.ActivityManagerTest#testIsAppInForegroundMalicious
Change-Id: I9602c89b2d40036e525c38960a08326dc74c6682
parent 77c1f608

core/java/android/os/UserHandle.java

+13 −0
Original line number Diff line number Diff line
@@ -131,6 +131,19 @@ public final class UserHandle implements Parcelable { 
        }

    }



    /**

     * Whether a UID belongs to a system core component or not.

     * @hide

     */

    public static boolean isCore(int uid) {

        if (uid >= 0) {

            final int appId = getAppId(uid);

            return appId < Process.FIRST_APPLICATION_UID;

        } else {

            return false;

        }

    }



    /**

     * Returns the user for a given uid.

     * @param uid A uid for an application running in a particular user.

services/core/java/com/android/server/am/ActivityManagerService.java

+8 −0
Original line number Diff line number Diff line
@@ -7846,6 +7846,14 @@ public class ActivityManagerService extends IActivityManager.Stub 














    @Override















    public boolean isAppForeground(int uid) throws RemoteException {













        int callerUid = Binder.getCallingUid();













        if (UserHandle.isCore(callerUid) || callerUid == uid) {













            return isAppForegroundInternal(uid);













        }













        return false;













    }

























    private boolean isAppForegroundInternal(int uid) {















        synchronized (this) {















            UidRecord uidRec = mActiveUids.get(uid);















            if (uidRec == null || uidRec.idle) {