Merge "Allow an activity to start a new task via startNextMatchingActivity" into main

author: Nan Wu <wnan@google.com> 2024-06-06 18:05:33 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2024-06-06 18:05:33 +0000
commit: 056e11e8386c92a54826e3e4be06aba38266c4a2 (patch)
tree: b434c88fa5cff31fc4de21871c62bbb293bced49
parent: 817358209952a94d39b456d54761adf4adc6a3d1 (diff)
parent: d34ae40f870d4362a069940a035a4d58a536a231 (diff)
1 files changed, 11 insertions, 8 deletions
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index 3aa63af014c8..0f5b6c516909 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -1439,6 +1439,8 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
                 resultTo.removeResultsLocked(r, resultWho, requestCode);
             }
 
+            final int origCallingUid = Binder.getCallingUid();
+            final int origCallingPid = Binder.getCallingPid();
             final long origId = Binder.clearCallingIdentity();
             // TODO(b/64750076): Check if calling pid should really be -1.
             try {
@@ -1446,13 +1448,14 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
                     options = new SafeActivityOptions(ActivityOptions.makeBasic());
                 }
 
-                // Fixes b/230492947
+                // Fixes b/230492947 b/337726734
                 // Prevents background activity launch through #startNextMatchingActivity
-                // An activity going into the background could still go back to the foreground
-                // if the intent used matches both:
-                // - the activity in the background
-                // - a second activity.
-                options.getOptions(r).setAvoidMoveToFront();
+                // launchedFromUid of the calling activity represents the app that launches it.
+                // It may have BAL privileges (i.e. the Launcher App). Using its identity to
+                // launch to launch next matching activity causes BAL.
+                // Change the realCallingUid to the calling activity's uid.
+                // In ActivityStarter, when caller is set, the callingUid and callingPid are
+                // ignored. So now both callingUid and realCallingUid is set to the caller app.
                 final int res = getActivityStartController()
                         .obtainStarter(intent, "startNextMatchingActivity")
                         .setCaller(r.app.getThread())
@@ -1465,8 +1468,8 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
                         .setCallingUid(r.launchedFromUid)
                         .setCallingPackage(r.launchedFromPackage)
                         .setCallingFeatureId(r.launchedFromFeatureId)
-                        .setRealCallingPid(-1)
-                        .setRealCallingUid(r.launchedFromUid)
+                        .setRealCallingPid(origCallingPid)
+                        .setRealCallingUid(origCallingUid)
                         .setActivityOptions(options)
                         .setUserId(userId)
                         .execute();
author	Nan Wu <wnan@google.com>	2024-06-06 18:05:33 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2024-06-06 18:05:33 +0000
commit	056e11e8386c92a54826e3e4be06aba38266c4a2 (patch)
tree	b434c88fa5cff31fc4de21871c62bbb293bced49
parent	817358209952a94d39b456d54761adf4adc6a3d1 (diff)
parent	d34ae40f870d4362a069940a035a4d58a536a231 (diff)