Add hidden flag for allowing system app to use BAL permission to launch... (e5a896d5) · Commits · e / os / android_frameworks_base

core/java/android/app/ComponentOptions.java

+30 −0

Original line number	Diff line number	Diff line
		@@ -38,7 +38,15 @@ public class ComponentOptions {
		public static final String KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED =
		"android.pendingIntent.backgroundActivityAllowed";

		/**
		* PendingIntent caller allows activity to be started if caller has BAL permission.
		* @hide
		*/
		public static final String KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED_BY_PERMISSION =
		"android.pendingIntent.backgroundActivityAllowedByPermission";

		private boolean mPendingIntentBalAllowed = PENDING_INTENT_BAL_ALLOWED_DEFAULT;
		private boolean mPendingIntentBalAllowedByPermission = false;

		ComponentOptions() {
		}
		@@ -50,6 +58,9 @@ public class ComponentOptions {
		setPendingIntentBackgroundActivityLaunchAllowed(
		opts.getBoolean(KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED,
		PENDING_INTENT_BAL_ALLOWED_DEFAULT));
		setPendingIntentBackgroundActivityLaunchAllowedByPermission(
		opts.getBoolean(KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED_BY_PERMISSION,
		false));
		}

		/**
		@@ -68,9 +79,28 @@ public class ComponentOptions {
		return mPendingIntentBalAllowed;
		}

		/**
		* Set PendingIntent activity can be launched from background if caller has BAL permission.
		* @hide
		*/
		public void setPendingIntentBackgroundActivityLaunchAllowedByPermission(boolean allowed) {
		mPendingIntentBalAllowedByPermission = allowed;
		}

		/**
		* Get PendingIntent activity is allowed to be started in the background if the caller
		* has BAL permission.
		* @hide
		*/
		public boolean isPendingIntentBackgroundActivityLaunchAllowedByPermission() {
		return mPendingIntentBalAllowedByPermission;
		}

		public Bundle toBundle() {
		Bundle b = new Bundle();
		b.putBoolean(KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED, mPendingIntentBalAllowed);
		b.putBoolean(KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED_BY_PERMISSION,
		mPendingIntentBalAllowedByPermission);
		return b;
		}
		}

services/core/java/com/android/server/am/PendingIntentRecord.java

+11 −0

Original line number	Diff line number	Diff line
		@@ -310,6 +310,17 @@ public final class PendingIntentRecord extends IIntentSender.Stub {
		requiredPermission, null, null, 0, 0, 0, options);
		}

		/**
		* Return true if the activity options allows PendingIntent to use caller's BAL permission.
		*/
		public static boolean isPendingIntentBalAllowedByPermission(
		@Nullable ActivityOptions activityOptions) {
		if (activityOptions == null) {
		return false;
		}
		return activityOptions.isPendingIntentBackgroundActivityLaunchAllowedByPermission();
		}

		public static boolean isPendingIntentBalAllowedByCaller(
		@Nullable ActivityOptions activityOptions) {
		if (activityOptions == null) {

services/core/java/com/android/server/wm/ActivityStarter.java

+3 −4

Original line number	Diff line number	Diff line
		@@ -1365,10 +1365,9 @@ class ActivityStarter {
		PendingIntentRecord.isPendingIntentBalAllowedByCaller(checkedOptions);

		if (balAllowedByPiSender && realCallingUid != callingUid) {
		// If the caller is a legacy app, we won't check if the caller has BAL permission.
		final boolean isPiBalOptionEnabled = CompatChanges.isChangeEnabled(
		ENABLE_PENDING_INTENT_BAL_OPTION, realCallingUid);
		if (isPiBalOptionEnabled && ActivityManager.checkComponentPermission(
		final boolean useCallerPermission =
		PendingIntentRecord.isPendingIntentBalAllowedByPermission(checkedOptions);
		if (useCallerPermission && ActivityManager.checkComponentPermission(
		android.Manifest.permission.START_ACTIVITIES_FROM_BACKGROUND,
		realCallingUid, -1, true)
		== PackageManager.PERMISSION_GRANTED) {