diff options
| author | 2024-05-30 01:13:32 +0000 | |
|---|---|---|
| committer | 2024-05-30 01:35:05 +0000 | |
| commit | 2da376c35b7e5a76af58820615f3bc845cfd227e (patch) | |
| tree | fa55f10fca2d68a909a6457371c711cc602dc21f | |
| parent | 68e865fa91e053dc794b4845215ed7ba446a9f91 (diff) | |
Always require opt-in for root/system
If a process with lower target SDK shares UID with the system the compat
change turns off the feature and potentially compromises the security of
the whole system.
There are no occurences in droidfood that would be affected (see
http://shortn/_bxSR7UaDa3).
Test: atest BackgroundActivityLaunchTests
Bug: 296479164
Flag: EXEMPT bugfix
Change-Id: I0ec16247ef80244afa5e351b9faef4b56dec61b5
| -rw-r--r-- | services/core/java/com/android/server/am/PendingIntentRecord.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/am/PendingIntentRecord.java b/services/core/java/com/android/server/am/PendingIntentRecord.java index 8d7a1c9f8228..8eef71e603b2 100644 --- a/services/core/java/com/android/server/am/PendingIntentRecord.java +++ b/services/core/java/com/android/server/am/PendingIntentRecord.java @@ -22,6 +22,8 @@ import static android.app.ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_ALLOWED import static android.app.ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_COMPAT; import static android.app.ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_DENIED; import static android.app.ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED; +import static android.os.Process.ROOT_UID; +import static android.os.Process.SYSTEM_UID; import static com.android.server.am.ActivityManagerDebugConfig.TAG_AM; import static com.android.server.am.ActivityManagerDebugConfig.TAG_WITH_CLASS_NAME; @@ -422,6 +424,10 @@ public final class PendingIntentRecord extends IIntentSender.Stub { }) public static BackgroundStartPrivileges getDefaultBackgroundStartPrivileges( int callingUid, @Nullable String callingPackage) { + if (callingUid == ROOT_UID || callingUid == SYSTEM_UID) { + // root and system must always opt in explicitly + return BackgroundStartPrivileges.ALLOW_FGS; + } boolean isChangeEnabledForApp = callingPackage != null ? CompatChanges.isChangeEnabled( DEFAULT_RESCIND_BAL_PRIVILEGES_FROM_PENDING_INTENT_SENDER, callingPackage, UserHandle.getUserHandleForUid(callingUid)) : CompatChanges.isChangeEnabled( |