Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d5c8b51f authored by Android Build Coastguard Worker's avatar Android Build Coastguard Worker
Browse files

Merge cherrypicks of ['googleplex-android-review.googlesource.com/31116451',... 

Merge cherrypicks of ['googleplex-android-review.googlesource.com/31116451', 'googleplex-android-review.googlesource.com/30699509', 'googleplex-android-review.googlesource.com/31369309', 'googleplex-android-review.googlesource.com/31592330', 'googleplex-android-review.googlesource.com/32103416', 'googleplex-android-review.googlesource.com/31789942', 'googleplex-android-review.googlesource.com/32160026', 'googleplex-android-review.googlesource.com/31247038', 'googleplex-android-review.googlesource.com/32131154'] into security-aosp-tm-release.

Change-Id: Ib79505643391cc986c6cefd27f6d5366ecc7d8f3
parents 969bbd7b 03bb6b20

core/res/res/values/config.xml

+4 −0
Original line number Diff line number Diff line
@@ -5816,4 +5816,8 @@ 
    <string-array name="config_serviceStateLocationAllowedPackages">

        <item>"com.android.phone"</item>

    </string-array>



    <!-- List of protected packages that require biometric authentication for modification

         (Disable, force-stop or uninstalling updates). -->

    <string-array name="config_biometric_protected_package_names" translatable="false" />

</resources>

core/res/res/values/symbols.xml

+4 −0
Original line number Diff line number Diff line
@@ -4796,4 +4796,8 @@ 
  <java-symbol type="id" name="language_picker_header" />



  <java-symbol type="dimen" name="status_bar_height_default" />



  <!-- List of protected packages that require biometric authentication for modification -->

  <java-symbol type="array" name="config_biometric_protected_package_names" />



</resources>

packages/PackageInstaller/src/com/android/packageinstaller/InstallStart.java

+11 −9
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ import android.content.Intent; 
import android.content.pm.ApplicationInfo;

import android.content.pm.PackageInfo;

import android.content.pm.PackageInstaller;

import android.content.pm.PackageInstaller.SessionInfo;

import android.content.pm.PackageManager;

import android.content.pm.ProviderInfo;

import android.net.Uri;
@@ -65,14 +66,15 @@ public class InstallStart extends Activity { 
        // If the activity was started via a PackageInstaller session, we retrieve the calling

        // package from that session

        final int sessionId = (isSessionInstall

                ? intent.getIntExtra(PackageInstaller.EXTRA_SESSION_ID, -1)

                : -1);

        if (callingPackage == null && sessionId != -1) {

            PackageInstaller packageInstaller = getPackageManager().getPackageInstaller();

                ? intent.getIntExtra(PackageInstaller.EXTRA_SESSION_ID, SessionInfo.INVALID_ID)

                : SessionInfo.INVALID_ID);

        if (sessionId != SessionInfo.INVALID_ID) {

            PackageInstaller packageInstaller = mPackageManager.getPackageInstaller();

            PackageInstaller.SessionInfo sessionInfo = packageInstaller.getSessionInfo(sessionId);

            callingPackage = (sessionInfo != null) ? sessionInfo.getInstallerPackageName() : null;

            callingAttributionTag =

                    (sessionInfo != null) ? sessionInfo.getInstallerAttributionTag() : null;

            if (sessionInfo != null) {

                callingPackage = sessionInfo.getInstallerPackageName();

                callingAttributionTag = sessionInfo.getInstallerAttributionTag();

            }

        }



        final ApplicationInfo sourceInfo = getSourceInfo(callingPackage);
@@ -173,7 +175,7 @@ public class InstallStart extends Activity { 
    private ApplicationInfo getSourceInfo(@Nullable String callingPackage) {

        if (callingPackage != null) {

            try {

                return getPackageManager().getApplicationInfo(callingPackage, 0);

                return mPackageManager.getApplicationInfo(callingPackage, 0);

            } catch (PackageManager.NameNotFoundException ex) {

                // ignore

            }
@@ -220,7 +222,7 @@ public class InstallStart extends Activity { 
    }



    private boolean isSystemDownloadsProvider(int uid) {

        final ProviderInfo downloadProviderPackage = getPackageManager().resolveContentProvider(

        final ProviderInfo downloadProviderPackage = mPackageManager.resolveContentProvider(

                DOWNLOADS_AUTHORITY, 0);

        if (downloadProviderPackage == null) {

            // There seems to be no currently enabled downloads provider on the system.

services/core/java/com/android/server/am/ActivityManagerService.java

+2 −3
Original line number Diff line number Diff line
@@ -13161,9 +13161,8 @@ public class ActivityManagerService extends IActivityManager.Stub 
                            + " (pid=" + Binder.getCallingPid()

                            + ") when registering receiver " + receiver);

                }

                if (callerApp.info.uid != SYSTEM_UID

                        && !callerApp.getPkgList().containsKey(callerPackage)

                        && !"android".equals(callerPackage)) {

                if (!UserHandle.isCore(callerApp.info.uid)

                        && !callerApp.getPkgList().containsKey(callerPackage)) {

                    throw new SecurityException("Given caller package " + callerPackage

                            + " is not running in process " + callerApp);

                }

services/core/java/com/android/server/am/PendingIntentRecord.java

+19 −0
Original line number Diff line number Diff line
@@ -17,6 +17,8 @@ 
package com.android.server.am;



import static android.app.ActivityManager.START_SUCCESS;

import static android.os.PowerWhitelistManager.TEMPORARY_ALLOWLIST_TYPE_FOREGROUND_SERVICE_ALLOWED;

import static android.os.PowerWhitelistManager.TEMPORARY_ALLOWLIST_TYPE_FOREGROUND_SERVICE_NOT_ALLOWED;



import static com.android.server.am.ActivityManagerDebugConfig.TAG_AM;

import static com.android.server.am.ActivityManagerDebugConfig.TAG_WITH_CLASS_NAME;
@@ -43,6 +45,7 @@ import android.util.ArraySet; 
import android.util.Slog;

import android.util.TimeUtils;



import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.os.IResultReceiver;

import com.android.internal.util.function.pooled.PooledLambda;

import com.android.server.wm.SafeActivityOptions;
@@ -255,6 +258,10 @@ public final class PendingIntentRecord extends IIntentSender.Stub { 
        this.stringName = null;

    }



    @VisibleForTesting TempAllowListDuration getAllowlistDurationLocked(IBinder allowlistToken) {

        return mAllowlistDuration.get(allowlistToken);

    }



    void setAllowBgActivityStarts(IBinder token, int flags) {

        if (token == null) return;

        if ((flags & FLAG_ACTIVITY_SENDER) != 0) {
@@ -273,6 +280,13 @@ public final class PendingIntentRecord extends IIntentSender.Stub { 
        mAllowBgActivityStartsForActivitySender.remove(token);

        mAllowBgActivityStartsForBroadcastSender.remove(token);

        mAllowBgActivityStartsForServiceSender.remove(token);

        if (mAllowlistDuration != null) {

            TempAllowListDuration duration = mAllowlistDuration.get(token);

            if (duration != null

                    && duration.type == TEMPORARY_ALLOWLIST_TYPE_FOREGROUND_SERVICE_ALLOWED) {

                duration.type = TEMPORARY_ALLOWLIST_TYPE_FOREGROUND_SERVICE_NOT_ALLOWED;

            }

        }

    }



    public void registerCancelListenerLocked(IResultReceiver receiver) {
@@ -551,6 +565,11 @@ public final class PendingIntentRecord extends IIntentSender.Stub { 
        return res;

    }



    @VisibleForTesting boolean getBackgroundStartPrivilegesForActivitySender(

            IBinder allowlistToken) {

        return mAllowBgActivityStartsForActivitySender.contains(allowlistToken);

    }



    @Override

    protected void finalize() throws Throwable {

        try {