Loading core/java/android/window/flags/windowing_sdk.aconfig +10 −0 Original line number Diff line number Diff line Loading @@ -178,6 +178,16 @@ flag { } } flag { namespace: "windowing_sdk" name: "activity_embedding_abort_cross_uid_launch_in_finishing_task_fragment" description: "Aborts cross-uid activity launch from a finishing TaskFragment to avoid race conditions" bug: "427881773" metadata { purpose: PURPOSE_BUGFIX } } flag { namespace: "windowing_sdk" name: "dispose_task_fragment_synchronously" Loading services/core/java/com/android/server/wm/ActivityStarter.java +3 −0 Original line number Diff line number Diff line Loading @@ -1245,6 +1245,9 @@ class ActivityStarter { callingPid, resolvedType, aInfo.applicationInfo); abort |= !mService.getPermissionPolicyInternal().checkStartActivity(intent, callingUid, callingPackage); abort |= sourceRecord != null && sourceRecord.getTaskFragment() != null && sourceRecord.getTaskFragment().shouldAbortActivityLaunchOnFinishingTf( sourceRecord); if (intentCreatorUid != Request.DEFAULT_INTENT_CREATOR_UID) { try { Loading services/core/java/com/android/server/wm/TaskFragment.java +27 −0 Original line number Diff line number Diff line Loading @@ -1293,6 +1293,33 @@ class TaskFragment extends WindowContainer<WindowContainer> { : (isFocusable() && getWindowConfiguration().canReceiveKeys()); } /** * Returns whether the activity launch by the source activity in this TaskFragment should be * aborted. Currently only activity launches from a cross-uid embedded source within a finishing * TaskFragment are aborted. * * @param source an activity in this TaskFragment that launches another activity. */ boolean shouldAbortActivityLaunchOnFinishingTf(@NonNull ActivityRecord source) { if (!Flags.activityEmbeddingAbortCrossUidLaunchInFinishingTaskFragment()) { return false; } // If the source activity is a cross-uid embedded activity, the newly launched activity is // always expected to be in the same TaskFragment. If this TaskFragment is being removed, we // should not allow a new activity to be launched by the source, because it may be placed // into a wrong TaskFragment due to current limitations in cross-uid activity launch // tracking. // TODO(b/293800510) Improve cross-uid activity launch tracking. boolean abort = isEmbedded() && isRemovalRequested() && mTaskFragmentOrganizerUid != INVALID_UID && source.getUid() != mTaskFragmentOrganizerUid; if (abort) { Slog.w(TAG, "Activity launch aborted for cross-uid launch from " + source + " in a finishing TaskFragment"); } return abort; } /** * Returns the visibility state of this TaskFragment. * Loading Loading
core/java/android/window/flags/windowing_sdk.aconfig +10 −0 Original line number Diff line number Diff line Loading @@ -178,6 +178,16 @@ flag { } } flag { namespace: "windowing_sdk" name: "activity_embedding_abort_cross_uid_launch_in_finishing_task_fragment" description: "Aborts cross-uid activity launch from a finishing TaskFragment to avoid race conditions" bug: "427881773" metadata { purpose: PURPOSE_BUGFIX } } flag { namespace: "windowing_sdk" name: "dispose_task_fragment_synchronously" Loading
services/core/java/com/android/server/wm/ActivityStarter.java +3 −0 Original line number Diff line number Diff line Loading @@ -1245,6 +1245,9 @@ class ActivityStarter { callingPid, resolvedType, aInfo.applicationInfo); abort |= !mService.getPermissionPolicyInternal().checkStartActivity(intent, callingUid, callingPackage); abort |= sourceRecord != null && sourceRecord.getTaskFragment() != null && sourceRecord.getTaskFragment().shouldAbortActivityLaunchOnFinishingTf( sourceRecord); if (intentCreatorUid != Request.DEFAULT_INTENT_CREATOR_UID) { try { Loading
services/core/java/com/android/server/wm/TaskFragment.java +27 −0 Original line number Diff line number Diff line Loading @@ -1293,6 +1293,33 @@ class TaskFragment extends WindowContainer<WindowContainer> { : (isFocusable() && getWindowConfiguration().canReceiveKeys()); } /** * Returns whether the activity launch by the source activity in this TaskFragment should be * aborted. Currently only activity launches from a cross-uid embedded source within a finishing * TaskFragment are aborted. * * @param source an activity in this TaskFragment that launches another activity. */ boolean shouldAbortActivityLaunchOnFinishingTf(@NonNull ActivityRecord source) { if (!Flags.activityEmbeddingAbortCrossUidLaunchInFinishingTaskFragment()) { return false; } // If the source activity is a cross-uid embedded activity, the newly launched activity is // always expected to be in the same TaskFragment. If this TaskFragment is being removed, we // should not allow a new activity to be launched by the source, because it may be placed // into a wrong TaskFragment due to current limitations in cross-uid activity launch // tracking. // TODO(b/293800510) Improve cross-uid activity launch tracking. boolean abort = isEmbedded() && isRemovalRequested() && mTaskFragmentOrganizerUid != INVALID_UID && source.getUid() != mTaskFragmentOrganizerUid; if (abort) { Slog.w(TAG, "Activity launch aborted for cross-uid launch from " + source + " in a finishing TaskFragment"); } return abort; } /** * Returns the visibility state of this TaskFragment. * Loading
