Explicit Abort (d39812a9) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/wm/BackgroundActivityStartController.java

+21 −19

Original line number	Original line	Diff line number	Diff line
	@@ -545,18 +545,15 @@ public class BackgroundActivityStartController {
	BalVerdict resultForCaller = checkBackgroundActivityStartAllowedByCaller(state);		BalVerdict resultForCaller = checkBackgroundActivityStartAllowedByCaller(state);

	if (!state.hasRealCaller()) {		if (!state.hasRealCaller()) {
			BalVerdict resultForRealCaller = null; // nothing to compute
	if (resultForCaller.allows()) {		if (resultForCaller.allows()) {
	if (DEBUG_ACTIVITY_STARTS) {		if (DEBUG_ACTIVITY_STARTS) {
	Slog.d(TAG, "Background activity start allowed. "		Slog.d(TAG, "Background activity start allowed. "
	+ state.dump(resultForCaller));		+ state.dump(resultForCaller, resultForRealCaller));
	}		}
	return statsLog(resultForCaller, state);		return statsLog(resultForCaller, state);
	}		}
	// anything that has fallen through would currently be aborted		return abortLaunch(state, resultForCaller, resultForRealCaller);
	Slog.w(TAG, "Background activity launch blocked! "
	+ state.dump(resultForCaller));
	showBalBlockedToast("BAL blocked", state);
	return statsLog(BalVerdict.BLOCK, state);
	}		}

	// The realCaller result is only calculated for PendingIntents (indicated by a valid		// The realCaller result is only calculated for PendingIntents (indicated by a valid
	@@ -588,11 +585,13 @@ public class BackgroundActivityStartController {
	}		}
	return statsLog(resultForRealCaller, state);		return statsLog(resultForRealCaller, state);
	}		}
	if (resultForCaller.allows() && resultForRealCaller.allows()		boolean callerCanAllow = resultForCaller.allows()
	&& checkedOptions.getPendingIntentCreatorBackgroundActivityStartMode()		&& checkedOptions.getPendingIntentCreatorBackgroundActivityStartMode()
	== ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED		== ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED;
			boolean realCallerCanAllow = resultForRealCaller.allows()
	&& checkedOptions.getPendingIntentBackgroundActivityStartMode()		&& checkedOptions.getPendingIntentBackgroundActivityStartMode()
	== ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED) {		== ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED;
			if (callerCanAllow && realCallerCanAllow) {
	// Both caller and real caller allow with system defined behavior		// Both caller and real caller allow with system defined behavior
	if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {		if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {
	Slog.wtf(TAG,		Slog.wtf(TAG,
	@@ -608,10 +607,9 @@ public class BackgroundActivityStartController {
	"Without Android 15 BAL hardening this activity start would be allowed"		"Without Android 15 BAL hardening this activity start would be allowed"
	+ " (missing opt in by PI creator or sender)! "		+ " (missing opt in by PI creator or sender)! "
	+ state.dump(resultForCaller, resultForRealCaller));		+ state.dump(resultForCaller, resultForRealCaller));
	// fall through to abort		return abortLaunch(state, resultForCaller, resultForRealCaller);
	} else if (resultForCaller.allows()		}
	&& checkedOptions.getPendingIntentCreatorBackgroundActivityStartMode()		if (callerCanAllow) {
	== ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED) {
	// Allowed before V by creator		// Allowed before V by creator
	if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {		if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {
	Slog.wtf(TAG,		Slog.wtf(TAG,
	@@ -626,10 +624,9 @@ public class BackgroundActivityStartController {
	"Without Android 15 BAL hardening this activity start would be allowed"		"Without Android 15 BAL hardening this activity start would be allowed"
	+ " (missing opt in by PI creator)! "		+ " (missing opt in by PI creator)! "
	+ state.dump(resultForCaller, resultForRealCaller));		+ state.dump(resultForCaller, resultForRealCaller));
	// fall through to abort		return abortLaunch(state, resultForCaller, resultForRealCaller);
	} else if (resultForRealCaller.allows()		}
	&& checkedOptions.getPendingIntentBackgroundActivityStartMode()		if (realCallerCanAllow) {
	== ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED) {
	// Allowed before U by sender		// Allowed before U by sender
	if (state.mBalAllowedByPiSender.allowsBackgroundActivityStarts()) {		if (state.mBalAllowedByPiSender.allowsBackgroundActivityStarts()) {
	Slog.wtf(TAG,		Slog.wtf(TAG,
	@@ -643,9 +640,14 @@ public class BackgroundActivityStartController {
	Slog.wtf(TAG, "Without Android 14 BAL hardening this activity start would be allowed"		Slog.wtf(TAG, "Without Android 14 BAL hardening this activity start would be allowed"
	+ " (missing opt in by PI sender)! "		+ " (missing opt in by PI sender)! "
	+ state.dump(resultForCaller, resultForRealCaller));		+ state.dump(resultForCaller, resultForRealCaller));
	// fall through to abort		return abortLaunch(state, resultForCaller, resultForRealCaller);
	}		}
	// anything that has fallen through would currently be aborted		// neither the caller not the realCaller can allow or have explicitly opted out
			return abortLaunch(state, resultForCaller, resultForRealCaller);
			}

			private BalVerdict abortLaunch(BalState state, BalVerdict resultForCaller,
			BalVerdict resultForRealCaller) {
	Slog.w(TAG, "Background activity launch blocked! "		Slog.w(TAG, "Background activity launch blocked! "
	+ state.dump(resultForCaller, resultForRealCaller));		+ state.dump(resultForCaller, resultForRealCaller));
	showBalBlockedToast("BAL blocked", state);		showBalBlockedToast("BAL blocked", state);