[RESTRICT AUTOMERGE] Pass correct realCallingUid to startActivity() if... (b255e64a) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ActivityManagerService.java

+4 −3

Original line number	Diff line number	Diff line
		@@ -5607,9 +5607,10 @@ public class ActivityManagerService extends IActivityManager.Stub
		userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),
		userId, false, ALLOW_FULL_ONLY, reason, null);
		// TODO: Switch to user app stacks here.
		int ret = mActivityStartController.startActivities(caller, -1, callingPackage,
		intents, resolvedTypes, resultTo, SafeActivityOptions.fromBundle(bOptions), userId,
		reason, null /* originatingPendingIntent */);
		int ret = mActivityStartController.startActivities(caller, -1, 0,
		UserHandle.USER_NULL, callingPackage, intents, resolvedTypes, resultTo,
		SafeActivityOptions.fromBundle(bOptions), userId, reason,
		null /* originatingPendingIntent */);
		return ret;
		}

services/core/java/com/android/server/am/ActivityStartController.java

+20 −8

Original line number	Diff line number	Diff line
		@@ -286,20 +286,29 @@ public class ActivityStartController {
		final int startActivitiesInPackage(int uid, String callingPackage, Intent[] intents,
		String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
		boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent) {
		return startActivitiesInPackage(uid, 0, UserHandle.USER_NULL,
		callingPackage, intents, resolvedTypes, resultTo, options, userId,
		validateIncomingUser, originatingPendingIntent);
		}

		final int startActivitiesInPackage(int uid, int realCallingPid, int realCallingUid,
		String callingPackage, Intent[] intents, String[] resolvedTypes, IBinder resultTo,
		SafeActivityOptions options, int userId, boolean validateIncomingUser,
		PendingIntentRecord originatingPendingIntent) {
		final String reason = "startActivityInPackage";

		userId = checkTargetUser(userId, validateIncomingUser, Binder.getCallingPid(),
		Binder.getCallingUid(), reason);

		// TODO: Switch to user app stacks here.
		return startActivities(null, uid, callingPackage, intents, resolvedTypes, resultTo, options,
		userId, reason, originatingPendingIntent);
		return startActivities(null, uid, realCallingPid, realCallingUid, callingPackage, intents,
		resolvedTypes, resultTo, options, userId, reason, originatingPendingIntent);
		}

		int startActivities(IApplicationThread caller, int callingUid, String callingPackage,
		Intent[] intents, String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options,
		int userId, String reason, PendingIntentRecord originatingPendingIntent) {
		int startActivities(IApplicationThread caller, int callingUid, int incomingRealCallingPid,
		int incomingRealCallingUid, String callingPackage, Intent[] intents, String[] resolvedTypes,
		IBinder resultTo, SafeActivityOptions options, int userId, String reason,
		PendingIntentRecord originatingPendingIntent) {
		if (intents == null) {
		throw new NullPointerException("intents is null");
		}
		@@ -310,9 +319,12 @@ public class ActivityStartController {
		throw new IllegalArgumentException("intents are length different than resolvedTypes");
		}

		final int realCallingPid = Binder.getCallingPid();
		final int realCallingUid = Binder.getCallingUid();

		final int realCallingPid = incomingRealCallingPid != 0
		? incomingRealCallingPid
		: Binder.getCallingPid();
		final int realCallingUid = incomingRealCallingUid != UserHandle.USER_NULL
		? incomingRealCallingUid
		: Binder.getCallingUid();
		int callingPid;
		if (callingUid >= 0) {
		callingPid = -1;

services/core/java/com/android/server/am/ActivityStarter.java

+20 −12

Original line number	Diff line number	Diff line
		@@ -282,6 +282,8 @@ class ActivityStarter {
		* execution.
		*/
		private static class Request {
		static final int DEFAULT_REAL_CALLING_PID = 0;
		static final int DEFAULT_REAL_CALLING_UID = UserHandle.USER_NULL;
		private static final int DEFAULT_CALLING_UID = -1;
		private static final int DEFAULT_CALLING_PID = 0;

		@@ -296,11 +298,11 @@ class ActivityStarter {
		IBinder resultTo;
		String resultWho;
		int requestCode;
		int callingPid = DEFAULT_CALLING_UID;
		int callingUid = DEFAULT_CALLING_PID;
		int callingPid = DEFAULT_CALLING_PID;
		int callingUid = DEFAULT_CALLING_UID;
		String callingPackage;
		int realCallingPid;
		int realCallingUid;
		int realCallingPid = Request.DEFAULT_REAL_CALLING_PID;
		int realCallingUid = Request.DEFAULT_REAL_CALLING_UID;
		int startFlags;
		SafeActivityOptions activityOptions;
		boolean ignoreTargetSecurity;
		@@ -354,8 +356,8 @@ class ActivityStarter {
		callingPid = DEFAULT_CALLING_PID;
		callingUid = DEFAULT_CALLING_UID;
		callingPackage = null;
		realCallingPid = 0;
		realCallingUid = 0;
		realCallingPid = Request.DEFAULT_REAL_CALLING_PID;
		realCallingUid = Request.DEFAULT_REAL_CALLING_UID;
		startFlags = 0;
		activityOptions = null;
		ignoreTargetSecurity = false;
		@@ -370,7 +372,7 @@ class ActivityStarter {
		mayWait = false;
		avoidMoveToFront = false;
		allowPendingRemoteAnimationRegistryLookup = true;
		filterCallingUid = UserHandle.USER_NULL;
		filterCallingUid = DEFAULT_REAL_CALLING_UID;
		originatingPendingIntent = null;
		}

		@@ -488,7 +490,8 @@ class ActivityStarter {
		// for transactional diffs and preprocessing.
		if (mRequest.mayWait) {
		return startActivityMayWait(mRequest.caller, mRequest.callingUid,
		mRequest.callingPackage, mRequest.intent, mRequest.resolvedType,
		mRequest.callingPackage, mRequest.realCallingPid, mRequest.realCallingUid,
		mRequest.intent, mRequest.resolvedType,
		mRequest.voiceSession, mRequest.voiceInteractor, mRequest.resultTo,
		mRequest.resultWho, mRequest.requestCode, mRequest.startFlags,
		mRequest.profilerInfo, mRequest.waitResult, mRequest.globalConfig,
		@@ -999,7 +1002,8 @@ class ActivityStarter {
		}

		private int startActivityMayWait(IApplicationThread caller, int callingUid,
		String callingPackage, Intent intent, String resolvedType,
		String callingPackage, int requestRealCallingPid, int requestRealCallingUid,
		Intent intent, String resolvedType,
		IVoiceInteractionSession voiceSession, IVoiceInteractor voiceInteractor,
		IBinder resultTo, String resultWho, int requestCode, int startFlags,
		ProfilerInfo profilerInfo, WaitResult outResult,
		@@ -1014,8 +1018,12 @@ class ActivityStarter {
		mSupervisor.getActivityMetricsLogger().notifyActivityLaunching();
		boolean componentSpecified = intent.getComponent() != null;

		final int realCallingPid = Binder.getCallingPid();
		final int realCallingUid = Binder.getCallingUid();
		final int realCallingPid = requestRealCallingPid != Request.DEFAULT_REAL_CALLING_PID
		? requestRealCallingPid
		: Binder.getCallingPid();
		final int realCallingUid = requestRealCallingUid != Request.DEFAULT_REAL_CALLING_UID
		? requestRealCallingUid
		: Binder.getCallingUid();

		int callingPid;
		if (callingUid >= 0) {
		@@ -1242,7 +1250,7 @@ class ActivityStarter {
		*/
		static int computeResolveFilterUid(int customCallingUid, int actualCallingUid,
		int filterCallingUid) {
		return filterCallingUid != UserHandle.USER_NULL
		return filterCallingUid != Request.DEFAULT_REAL_CALLING_UID
		? filterCallingUid
		: (customCallingUid >= 0 ? customCallingUid : actualCallingUid);
		}

services/core/java/com/android/server/am/PendingIntentRecord.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -344,8 +344,8 @@ final class PendingIntentRecord extends IIntentSender.Stub {
		allResolvedTypes[allResolvedTypes.length-1] = resolvedType;

		res = owner.getActivityStartController().startActivitiesInPackage(
		uid, key.packageName, allIntents, allResolvedTypes,
		resultTo, mergedOptions, userId,
		uid, callingPid, callingUid, key.packageName, allIntents,
		allResolvedTypes, resultTo, mergedOptions, userId,
		false /* validateIncomingUser */,
		this /* originatingPendingIntent */);
		} else {