Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f19d69f2 authored by Jeff Chang's avatar Jeff Chang
Browse files

Allow activity to be reparent while allowTaskReparenting is applied 

Any malicious application could hijack tasks by
android:allowTaskReparenting. This vulnerability can perform UI
spoofing or spying on user’s activities.

This CL only allows activities to be reparent while
android:allowTaskReparenting is applied and the affinity of activity
is same with the target task.

Bug: 240663194
Test: atest IntentTests

Change-Id: I73abb9ec05af95bc14f887ae825a9ada9600f771
parent d0208d92

services/core/java/com/android/server/wm/ResetTargetTaskHelper.java

+2 −1
Original line number Diff line number Diff line
@@ -141,15 +141,16 @@ class ResetTargetTaskHelper implements Consumer<Task>, Predicate<ActivityRecord> 
            return false;



        } else {

            mResultActivities.add(r);

            if (r.resultTo != null) {

                // If this activity is sending a reply to a previous activity, we can't do

                // anything with it now until we reach the start of the reply chain.

                // NOTE: that we are assuming the result is always to the previous activity,

                // which is almost always the case but we really shouldn't count on.

                mResultActivities.add(r);

                return false;

            } else if (mTargetTaskFound && allowTaskReparenting && mTargetTask.affinity != null

                    && mTargetTask.affinity.equals(r.taskAffinity)) {

                mResultActivities.add(r);

                // This activity has an affinity for our task. Either remove it if we are

                // clearing or move it over to our task. Note that we currently punt on the case

                // where we are resetting a task that is not at the top but who has activities