Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eb70ba65 authored by Nan Wu's avatar Nan Wu Committed by Hani Kazmi
Browse files

Add application level asm attribute 

We are moving the Activity Security Model to an opt-in approach for V.
To facilitate this change, we introduce an application level
allowCrossUidActivitySwitchFromBelow manifest attribute, mirroring the
activity level flag we introduced earlier.

              Flag Type | Default |
	    |  -------  | ------- |
Application | Manifest  | true    |
Activity    | Runtime   | false   |

ASM will be applied if:

1. The top app in the stack has opt-ed in by setting the application
   level flag to false
2. The activity has not opt-ed out by setting the activity level flag
   to true.
3. Both the top app, and the app performing the launch, target at least
   V.

As part of this change we also clean up the feature flags as we were
previously using primarily mendel flags.

1. The trunk stable flag is now the primary control for the feature. If
   the trunk stable flag is off, feature enforcement is fully disaabled.
2. However logging and toasts can still be enabled for the droidfood
   population via a mendel flag.
3. If the trunk stable flag is enabled, it can be further configured to
   ignore target sdk levels for teamfood via mendel.

Bug: 322913638
Test: atest ActivitySecurityModelTest
      ActivitySecurityModelEmbeddingTest BackgroundActivityLaunchTest

Change-Id: I4668de42dc41a78778166aa053b723a36b49f32b
parent f9259906

core/api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -454,6 +454,7 @@ package android { 
    field public static final int allowBackup = 16843392; // 0x1010280

    field public static final int allowClearUserData = 16842757; // 0x1010005

    field public static final int allowClickWhenDisabled = 16844312; // 0x1010618

    field @FlaggedApi("android.security.asm_restrictions_enabled") public static final int allowCrossUidActivitySwitchFromBelow;

    field public static final int allowEmbedded = 16843765; // 0x10103f5

    field public static final int allowGameAngleDriver = 16844376; // 0x1010658

    field public static final int allowGameDownscaling = 16844377; // 0x1010659

core/java/android/content/pm/ApplicationInfo.java

+18 −0
Original line number Diff line number Diff line
@@ -1564,6 +1564,14 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
    @Nullable

    private Boolean requestRawExternalStorageAccess;



    /**

     * If {@code false}, this app does not allow its activities to be replaced by another app.

     * Is set from application manifest application tag's allowCrossUidActivitySwitchFromBelow

     * attribute.

     * @hide

     */

    public boolean allowCrossUidActivitySwitchFromBelow = true;



    /**

     * Represents the default policy. The actual policy used will depend on other properties of

     * the application, e.g. the target SDK version.
@@ -1760,6 +1768,9 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
                        + Integer.toHexString(localeConfigRes));

            }

            pw.println(prefix + "enableOnBackInvokedCallback=" + isOnBackInvokedCallbackEnabled());

            pw.println(prefix + "allowCrossUidActivitySwitchFromBelow="

                    + allowCrossUidActivitySwitchFromBelow);



        }

        pw.println(prefix + "createTimestamp=" + createTimestamp);

        if (mKnownActivityEmbeddingCerts != null) {
@@ -1877,6 +1888,8 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
                proto.write(ApplicationInfoProto.Detail.NATIVE_HEAP_ZERO_INIT,

                        nativeHeapZeroInitialized);

            }

            proto.write(ApplicationInfoProto.Detail.ALLOW_CROSS_UID_ACTIVITY_SWITCH_FROM_BELOW,

                    allowCrossUidActivitySwitchFromBelow);

            proto.end(detailToken);

        }

        if (!ArrayUtils.isEmpty(mKnownActivityEmbeddingCerts)) {
@@ -2002,6 +2015,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
        nativeHeapZeroInitialized = orig.nativeHeapZeroInitialized;

        requestRawExternalStorageAccess = orig.requestRawExternalStorageAccess;

        localeConfigRes = orig.localeConfigRes;

        allowCrossUidActivitySwitchFromBelow = orig.allowCrossUidActivitySwitchFromBelow;

        createTimestamp = SystemClock.uptimeMillis();

    }
@@ -2106,6 +2120,8 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
            }

        }

        dest.writeInt(localeConfigRes);

        dest.writeInt(allowCrossUidActivitySwitchFromBelow ? 1 : 0);



        sForStringSet.parcel(mKnownActivityEmbeddingCerts, dest, flags);

    }
@@ -2204,6 +2220,8 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
            }

        }

        localeConfigRes = source.readInt();

        allowCrossUidActivitySwitchFromBelow = source.readInt() != 0;



        mKnownActivityEmbeddingCerts = sForStringSet.unparcel(source);

        if (mKnownActivityEmbeddingCerts.isEmpty()) {

            mKnownActivityEmbeddingCerts = null;

core/java/com/android/internal/pm/parsing/pkg/PackageImpl.java

+15 −0
Original line number Diff line number Diff line
@@ -408,6 +408,7 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal, 
    // Derived fields

    private long mLongVersionCode;

    private int mLocaleConfigRes;

    private boolean mAllowCrossUidActivitySwitchFromBelow;



    private List<AndroidPackageSplit> mSplits;
@@ -1541,6 +1542,11 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal, 
        return zygotePreloadName;

    }



    @Override

    public boolean isAllowCrossUidActivitySwitchFromBelow() {

        return mAllowCrossUidActivitySwitchFromBelow;

    }



    @Override

    public boolean hasPreserveLegacyExternalStorage() {

        return getBoolean(Booleans.PRESERVE_LEGACY_EXTERNAL_STORAGE);
@@ -2198,6 +2204,12 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal, 
        return this;

    }



    @Override

    public ParsingPackage setAllowCrossUidActivitySwitchFromBelow(boolean value) {

        mAllowCrossUidActivitySwitchFromBelow = value;

        return this;

    }



    @Override

    public PackageImpl setResourceOverlay(boolean value) {

        return setBoolean(Booleans.OVERLAY, value);
@@ -2656,6 +2668,7 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal, 
        if (!mKnownActivityEmbeddingCerts.isEmpty()) {

            appInfo.setKnownActivityEmbeddingCerts(mKnownActivityEmbeddingCerts);

        }

        appInfo.allowCrossUidActivitySwitchFromBelow = mAllowCrossUidActivitySwitchFromBelow;



        return appInfo;

    }
@@ -3250,6 +3263,7 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal, 
        dest.writeInt(this.uid);

        dest.writeLong(this.mBooleans);

        dest.writeLong(this.mBooleans2);

        dest.writeBoolean(this.mAllowCrossUidActivitySwitchFromBelow);

    }



    public PackageImpl(Parcel in) {
@@ -3411,6 +3425,7 @@ public class PackageImpl implements ParsedPackage, AndroidPackageInternal, 
        this.uid = in.readInt();

        this.mBooleans = in.readLong();

        this.mBooleans2 = in.readLong();

        this.mAllowCrossUidActivitySwitchFromBelow = in.readBoolean();



        assignDerivedFields();

        assignDerivedFields2();

core/java/com/android/internal/pm/pkg/parsing/ParsingPackage.java

+5 −0
Original line number Diff line number Diff line
@@ -374,6 +374,9 @@ public interface ParsingPackage { 


    ParsingPackage setZygotePreloadName(String zygotePreloadName);



    ParsingPackage setAllowCrossUidActivitySwitchFromBelow(

            boolean allowCrossUidActivitySwitchFromBelow);



    ParsingPackage sortActivities();



    ParsingPackage sortReceivers();
@@ -518,6 +521,8 @@ public interface ParsingPackage { 
    @Nullable

    String getZygotePreloadName();



    boolean isAllowCrossUidActivitySwitchFromBelow();



    boolean isBackupAllowed();



    boolean isTaskReparentingAllowed();

core/java/com/android/internal/pm/pkg/parsing/ParsingPackageUtils.java

+4 −2
Original line number Diff line number Diff line
@@ -2374,7 +2374,9 @@ public class ParsingPackageUtils { 
                .setRestrictedAccountType(string(R.styleable.AndroidManifestApplication_restrictedAccountType, sa))

                .setZygotePreloadName(string(R.styleable.AndroidManifestApplication_zygotePreloadName, sa))

                // Non-Config String

                .setPermission(nonConfigString(0, R.styleable.AndroidManifestApplication_permission, sa));

                .setPermission(nonConfigString(0, R.styleable.AndroidManifestApplication_permission, sa))

                .setAllowCrossUidActivitySwitchFromBelow(bool(true, R.styleable.AndroidManifestApplication_allowCrossUidActivitySwitchFromBelow, sa));



       // CHECKSTYLE:on

        //@formatter:on

    }