Use allowBalExemptionForSystemProcess (b6d1c7df) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/PendingIntentRecord.java

+4 −2

Original line number	Diff line number	Diff line
		@@ -629,7 +629,8 @@ public final class PendingIntentRecord extends IIntentSender.Stub {
		allIntents, allResolvedTypes, resultTo, mergedOptions, userId,
		false /* validateIncomingUser */,
		this /* originatingPendingIntent */,
		getBackgroundStartPrivilegesForActivitySender(allowlistToken));
		getBackgroundStartPrivilegesForActivitySender(allowlistToken)
		.allowsBackgroundActivityStarts());
		} else {
		res = controller.mAtmInternal.startActivityInPackage(uid, callingPid,
		callingUid, key.packageName, key.featureId, finalIntent,
		@@ -637,7 +638,8 @@ public final class PendingIntentRecord extends IIntentSender.Stub {
		mergedOptions, userId, null, "PendingIntentRecord",
		false /* validateIncomingUser */,
		this /* originatingPendingIntent */,
		getBackgroundStartPrivilegesForActivitySender(allowlistToken));
		getBackgroundStartPrivilegesForActivitySender(allowlistToken)
		.allowsBackgroundActivityStarts());
		}
		} catch (RuntimeException e) {
		Slog.w(TAG, "Unable to send startActivity intent", e);

services/core/java/com/android/server/wm/ActivityStartController.java

+14 −15

Original line number	Diff line number	Diff line
		@@ -34,7 +34,6 @@ import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.app.ActivityManager;
		import android.app.ActivityOptions;
		import android.app.BackgroundStartPrivileges;
		import android.app.IApplicationThread;
		import android.content.ComponentName;
		import android.content.ContentResolver;
		@@ -280,8 +279,8 @@ public class ActivityStartController {
		* @param validateIncomingUser Set true to skip checking {@code userId} with the calling UID.
		* @param originatingPendingIntent PendingIntentRecord that originated this activity start or
		* null if not originated by PendingIntent
		* @param forcedBalByPiSender If set to allow, the
		* PendingIntent's sender will try to force allow background activity starts.
		* @param allowBalExemptionForSystemProcess If set to {@code true}, the
		* PendingIntent's sender will allow additional exemptions.
		* This is only possible if the sender of the PendingIntent is a system process.
		*/
		final int startActivityInPackage(int uid, int realCallingPid, int realCallingUid,
		@@ -289,7 +288,7 @@ public class ActivityStartController {
		String resolvedType, IBinder resultTo, String resultWho, int requestCode,
		int startFlags, SafeActivityOptions options, int userId, Task inTask, String reason,
		boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
		BackgroundStartPrivileges forcedBalByPiSender) {
		boolean allowBalExemptionForSystemProcess) {

		userId = checkTargetUser(userId, validateIncomingUser, realCallingPid, realCallingUid,
		reason);
		@@ -310,7 +309,7 @@ public class ActivityStartController {
		.setUserId(userId)
		.setInTask(inTask)
		.setOriginatingPendingIntent(originatingPendingIntent)
		.setBackgroundStartPrivileges(forcedBalByPiSender)
		.setAllowBalExemptionForSystemProcess(allowBalExemptionForSystemProcess)
		.execute();
		}

		@@ -325,18 +324,18 @@ public class ActivityStartController {
		* @param validateIncomingUser Set true to skip checking {@code userId} with the calling UID.
		* @param originatingPendingIntent PendingIntentRecord that originated this activity start or
		* null if not originated by PendingIntent
		* @param forcedBalByPiSender If set to allow, the
		* PendingIntent's sender will try to force allow background activity starts.
		* @param allowBalExemptionForSystemProcess If set to {@code true}, the
		* PendingIntent's sender will allow additional exemptions.
		* This is only possible if the sender of the PendingIntent is a system process.
		*/
		final int startActivitiesInPackage(int uid, String callingPackage,
		@Nullable String callingFeatureId, Intent[] intents, String[] resolvedTypes,
		IBinder resultTo, SafeActivityOptions options, int userId, boolean validateIncomingUser,
		PendingIntentRecord originatingPendingIntent,
		BackgroundStartPrivileges forcedBalByPiSender) {
		boolean allowBalExemptionForSystemProcess) {
		return startActivitiesInPackage(uid, 0 /* realCallingPid /, -1 / realCallingUid */,
		callingPackage, callingFeatureId, intents, resolvedTypes, resultTo, options, userId,
		validateIncomingUser, originatingPendingIntent, forcedBalByPiSender);
		validateIncomingUser, originatingPendingIntent, allowBalExemptionForSystemProcess);
		}

		/**
		@@ -351,15 +350,15 @@ public class ActivityStartController {
		* @param validateIncomingUser Set true to skip checking {@code userId} with the calling UID.
		* @param originatingPendingIntent PendingIntentRecord that originated this activity start or
		* null if not originated by PendingIntent
		* @param forcedBalByPiSender If set to allow, the
		* PendingIntent's sender will try to force allow background activity starts.
		* @param allowBalExemptionForSystemProcess If set to {@code true}, the
		* PendingIntent's sender will allow additional exemptions.
		* This is only possible if the sender of the PendingIntent is a system process.
		*/
		final int startActivitiesInPackage(int uid, int realCallingPid, int realCallingUid,
		String callingPackage, @Nullable String callingFeatureId, Intent[] intents,
		String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
		boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
		BackgroundStartPrivileges forcedBalByPiSender) {
		boolean allowBalExemptionForSystemProcess) {

		final String reason = "startActivityInPackage";

		@@ -369,14 +368,14 @@ public class ActivityStartController {
		// TODO: Switch to user app stacks here.
		return startActivities(null, uid, realCallingPid, realCallingUid, callingPackage,
		callingFeatureId, intents, resolvedTypes, resultTo, options, userId, reason,
		originatingPendingIntent, forcedBalByPiSender);
		originatingPendingIntent, allowBalExemptionForSystemProcess);
		}

		int startActivities(IApplicationThread caller, int callingUid, int incomingRealCallingPid,
		int incomingRealCallingUid, String callingPackage, @Nullable String callingFeatureId,
		Intent[] intents, String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options,
		int userId, String reason, PendingIntentRecord originatingPendingIntent,
		BackgroundStartPrivileges forcedBalByPiSender) {
		boolean allowBalExemptionForSystemProcess) {
		if (intents == null) {
		throw new NullPointerException("intents is null");
		}
		@@ -518,7 +517,7 @@ public class ActivityStartController {
		// top one as otherwise an activity below might consume it.
		.setAllowPendingRemoteAnimationRegistryLookup(top /* allowLookup*/)
		.setOriginatingPendingIntent(originatingPendingIntent)
		.setBackgroundStartPrivileges(forcedBalByPiSender);
		.setAllowBalExemptionForSystemProcess(allowBalExemptionForSystemProcess);
		}
		// Log if the activities to be started have different uids.
		if (startingUidPkgs.size() > 1) {

services/core/java/com/android/server/wm/ActivityStarter.java

+7 −7

Original line number	Diff line number	Diff line
		@@ -95,7 +95,6 @@ import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.app.ActivityManager;
		import android.app.ActivityOptions;
		import android.app.BackgroundStartPrivileges;
		import android.app.IApplicationThread;
		import android.app.PendingIntent;
		import android.app.ProfilerInfo;
		@@ -430,7 +429,7 @@ class ActivityStarter {
		WaitResult waitResult;
		int filterCallingUid;
		PendingIntentRecord originatingPendingIntent;
		BackgroundStartPrivileges forcedBalByPiSender;
		boolean allowBalExemptionForSystemProcess;
		boolean freezeScreen;

		final StringBuilder logMessage = new StringBuilder();
		@@ -496,7 +495,7 @@ class ActivityStarter {
		allowPendingRemoteAnimationRegistryLookup = true;
		filterCallingUid = UserHandle.USER_NULL;
		originatingPendingIntent = null;
		forcedBalByPiSender = BackgroundStartPrivileges.NONE;
		allowBalExemptionForSystemProcess = false;
		freezeScreen = false;
		errorCallbackToken = null;
		}
		@@ -540,7 +539,7 @@ class ActivityStarter {
		= request.allowPendingRemoteAnimationRegistryLookup;
		filterCallingUid = request.filterCallingUid;
		originatingPendingIntent = request.originatingPendingIntent;
		forcedBalByPiSender = request.forcedBalByPiSender;
		allowBalExemptionForSystemProcess = request.allowBalExemptionForSystemProcess;
		freezeScreen = request.freezeScreen;
		errorCallbackToken = request.errorCallbackToken;
		}
		@@ -1298,7 +1297,7 @@ class ActivityStarter {
		realCallingPid,
		callerApp,
		request.originatingPendingIntent,
		request.forcedBalByPiSender,
		request.allowBalExemptionForSystemProcess,
		resultRecord,
		intent,
		checkedOptions);
		@@ -3523,8 +3522,9 @@ class ActivityStarter {
		return this;
		}

		ActivityStarter setBackgroundStartPrivileges(BackgroundStartPrivileges forcedBalByPiSender) {
		mRequest.forcedBalByPiSender = forcedBalByPiSender;
		ActivityStarter setAllowBalExemptionForSystemProcess(
		boolean allowBalExemptionForSystemProcess) {
		mRequest.allowBalExemptionForSystemProcess = allowBalExemptionForSystemProcess;
		return this;
		}

services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java

+6 −7

Original line number	Diff line number	Diff line
		@@ -21,7 +21,6 @@ import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.app.ActivityManager;
		import android.app.AppProtoEnums;
		import android.app.BackgroundStartPrivileges;
		import android.app.IActivityManager;
		import android.app.IAppTask;
		import android.app.IApplicationThread;
		@@ -179,15 +178,15 @@ public abstract class ActivityTaskManagerInternal {
		* @param validateIncomingUser Set true to skip checking {@code userId} with the calling UID.
		* @param originatingPendingIntent PendingIntentRecord that originated this activity start or
		* null if not originated by PendingIntent
		* @param forcedBalByPiSender If set to allow, the
		* PendingIntent's sender will try to force allow background activity starts.
		* @param allowBalExemptionForSystemProcess If set to {@code true}, the
		* PendingIntent's sender will allow additional exemptions.
		* This is only possible if the sender of the PendingIntent is a system process.
		*/
		public abstract int startActivitiesInPackage(int uid, int realCallingPid, int realCallingUid,
		String callingPackage, @Nullable String callingFeatureId, Intent[] intents,
		String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
		boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
		BackgroundStartPrivileges forcedBalByPiSender);
		boolean allowBalExemptionForSystemProcess);

		/**
		* Start intent as a package.
		@@ -202,8 +201,8 @@ public abstract class ActivityTaskManagerInternal {
		* @param validateIncomingUser Set true to skip checking {@code userId} with the calling UID.
		* @param originatingPendingIntent PendingIntentRecord that originated this activity start or
		* null if not originated by PendingIntent
		* @param forcedBalByPiSender If set to allow, the
		* PendingIntent's sender will try to force allow background activity starts.
		* @param allowBalExemptionForSystemProcess If set to {@code true}, the
		* PendingIntent's sender will allow additional exemptions.
		* This is only possible if the sender of the PendingIntent is a system process.
		*/
		public abstract int startActivityInPackage(int uid, int realCallingPid, int realCallingUid,
		@@ -211,7 +210,7 @@ public abstract class ActivityTaskManagerInternal {
		String resolvedType, IBinder resultTo, String resultWho, int requestCode,
		int startFlags, SafeActivityOptions options, int userId, Task inTask, String reason,
		boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
		BackgroundStartPrivileges forcedBalByPiSender);
		boolean allowBalExemptionForSystemProcess);

		/**
		* Callback to be called on certain activity start scenarios.

services/core/java/com/android/server/wm/ActivityTaskManagerService.java

+12 −13

Original line number	Diff line number	Diff line
		@@ -145,7 +145,6 @@ import android.app.AlertDialog;
		import android.app.AnrController;
		import android.app.AppGlobals;
		import android.app.AppOpsManager;
		import android.app.BackgroundStartPrivileges;
		import android.app.Dialog;
		import android.app.IActivityClientController;
		import android.app.IActivityController;
		@@ -1251,7 +1250,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		return getActivityStartController().startActivities(caller, -1, 0, -1, callingPackage,
		callingFeatureId, intents, resolvedTypes, resultTo,
		SafeActivityOptions.fromBundle(bOptions), userId, reason,
		null /* originatingPendingIntent */, BackgroundStartPrivileges.NONE);
		null /* originatingPendingIntent */, false);
		}

		@Override
		@@ -1560,7 +1559,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		// To start the dream from background, we need to start it from a persistent
		// system process. Here we set the real calling uid to the system server uid
		.setRealCallingUid(Binder.getCallingUid())
		.setBackgroundStartPrivileges(BackgroundStartPrivileges.ALLOW_BAL)
		.setAllowBalExemptionForSystemProcess(true)
		.execute();

		final ActivityRecord started = outActivity[0];
		@@ -1711,7 +1710,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		.setFilterCallingUid(isResolver ? 0 /* system */ : targetUid)
		// The target may well be in the background, which would normally prevent it
		// from starting an activity. Here we definitely want the start to succeed.
		.setBackgroundStartPrivileges(BackgroundStartPrivileges.ALLOW_BAL)
		.setAllowBalExemptionForSystemProcess(true)
		.execute();
		} catch (SecurityException e) {
		// XXX need to figure out how to propagate to original app.
		@@ -1757,7 +1756,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		.setProfilerInfo(profilerInfo)
		.setActivityOptions(createSafeActivityOptionsWithBalAllowed(bOptions))
		.setUserId(userId)
		.setBackgroundStartPrivileges(BackgroundStartPrivileges.ALLOW_BAL)
		.setAllowBalExemptionForSystemProcess(true)
		.execute();
		}

		@@ -1784,7 +1783,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		.setResolvedType(resolvedType)
		.setActivityOptions(createSafeActivityOptionsWithBalAllowed(bOptions))
		.setUserId(userId)
		.setBackgroundStartPrivileges(BackgroundStartPrivileges.ALLOW_BAL)
		.setAllowBalExemptionForSystemProcess(true)
		.execute();
		} finally {
		Binder.restoreCallingIdentity(origId);
		@@ -2256,7 +2255,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		-1,
		callerApp,
		null,
		BackgroundStartPrivileges.NONE,
		false,
		null,
		null,
		null);
		@@ -6066,7 +6065,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		intents, resolvedTypes, null /* resultTo */,
		SafeActivityOptions.fromBundle(bOptions), userId,
		false /* validateIncomingUser /, null / originatingPendingIntent */,
		BackgroundStartPrivileges.NONE);
		false);
		}

		@Override
		@@ -6074,12 +6073,12 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		String callingPackage, @Nullable String callingFeatureId, Intent[] intents,
		String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
		boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
		BackgroundStartPrivileges forcedBalByPiSender) {
		boolean allowBalExemptionForSystemProcess) {
		assertPackageMatchesCallingUid(callingPackage);
		return getActivityStartController().startActivitiesInPackage(uid, realCallingPid,
		realCallingUid, callingPackage, callingFeatureId, intents, resolvedTypes,
		resultTo, options, userId, validateIncomingUser, originatingPendingIntent,
		forcedBalByPiSender);
		allowBalExemptionForSystemProcess);
		}

		@Override
		@@ -6088,13 +6087,13 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		String resolvedType, IBinder resultTo, String resultWho, int requestCode,
		int startFlags, SafeActivityOptions options, int userId, Task inTask, String reason,
		boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
		BackgroundStartPrivileges forcedBalByPiSender) {
		boolean allowBalExemptionForSystemProcess) {
		assertPackageMatchesCallingUid(callingPackage);
		return getActivityStartController().startActivityInPackage(uid, realCallingPid,
		realCallingUid, callingPackage, callingFeatureId, intent, resolvedType,
		resultTo, resultWho, requestCode, startFlags, options, userId, inTask,
		reason, validateIncomingUser, originatingPendingIntent,
		forcedBalByPiSender);
		allowBalExemptionForSystemProcess);
		}

		@Override
		@@ -6125,7 +6124,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
		.setActivityOptions(createSafeActivityOptionsWithBalAllowed(options))
		.setRealCallingUid(Binder.getCallingUid())
		.setUserId(userId)
		.setBackgroundStartPrivileges(BackgroundStartPrivileges.ALLOW_BAL)
		.setAllowBalExemptionForSystemProcess(true)
		.setFreezeScreen(true)
		.execute();
		}