Use real caller UID to determine if BAL privileges may be granted
Instead of the calling UID (the process that wrapped the broadcast in a `PendingIntent`) use the real calling UID (the process that actually sent the `PendingIntent`) to determine if granting BAL (background activity launch) privileges. The reasoning is that the real caller is also the one used in `PendingIntentRecord` to determine if the process is visible and the goal from a security perspective is that a process cannot grant a BAL token to itself. Tests already exist in `BackgroundActivityLaunchTest` when the `balCheckBroadcastWhenDispatched` flag is enabled. Test: atest BackgroundActivityLaunchTest Flag: EXEMPT bugfix Bug: 421197489 Bug: 422788436 Change-Id: I659d2fade206ea8435558f6cb3c626a932e76679
Loading
Please register or sign in to comment