diff options
| author | 2023-05-12 14:47:46 +0000 | |
|---|---|---|
| committer | 2023-05-12 14:47:46 +0000 | |
| commit | 4cc3a86ba6514788c298d2a7552cb3918b46b0d8 (patch) | |
| tree | 637a2201f7b6e5ecaece8f61f9653c8c7879ae3b | |
| parent | 4fad677c16b7c5b7ab05f37830157c96bf728810 (diff) | |
| parent | 35252ce57883a4e1be629e1eab98b6755c4fc5c3 (diff) | |
Merge "Use calling package name for CompatChange." into udc-dev
5 files changed, 70 insertions, 16 deletions
diff --git a/services/core/java/com/android/server/am/PendingIntentRecord.java b/services/core/java/com/android/server/am/PendingIntentRecord.java index cb26c134f74a..04db6c02d071 100644 --- a/services/core/java/com/android/server/am/PendingIntentRecord.java +++ b/services/core/java/com/android/server/am/PendingIntentRecord.java @@ -348,21 +348,22 @@ public final class PendingIntentRecord extends IIntentSender.Stub { * use caller's BAL permission. */ public static BackgroundStartPrivileges getBackgroundStartPrivilegesAllowedByCaller( - @Nullable ActivityOptions activityOptions, int callingUid) { + @Nullable ActivityOptions activityOptions, int callingUid, + @Nullable String callingPackage) { if (activityOptions == null) { // since the ActivityOptions were not created by the app itself, determine the default // for the app - return getDefaultBackgroundStartPrivileges(callingUid); + return getDefaultBackgroundStartPrivileges(callingUid, callingPackage); } return getBackgroundStartPrivilegesAllowedByCaller(activityOptions.toBundle(), - callingUid); + callingUid, callingPackage); } private static BackgroundStartPrivileges getBackgroundStartPrivilegesAllowedByCaller( - @Nullable Bundle options, int callingUid) { + @Nullable Bundle options, int callingUid, @Nullable String callingPackage) { if (options == null || !options.containsKey( ActivityOptions.KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED)) { - return getDefaultBackgroundStartPrivileges(callingUid); + return getDefaultBackgroundStartPrivileges(callingUid, callingPackage); } return options.getBoolean(ActivityOptions.KEY_PENDING_INTENT_BACKGROUND_ACTIVITY_ALLOWED) ? BackgroundStartPrivileges.ALLOW_BAL @@ -381,8 +382,10 @@ public final class PendingIntentRecord extends IIntentSender.Stub { android.Manifest.permission.LOG_COMPAT_CHANGE }) public static BackgroundStartPrivileges getDefaultBackgroundStartPrivileges( - int callingUid) { - boolean isChangeEnabledForApp = CompatChanges.isChangeEnabled( + int callingUid, @Nullable String callingPackage) { + boolean isChangeEnabledForApp = callingPackage != null ? CompatChanges.isChangeEnabled( + DEFAULT_RESCIND_BAL_PRIVILEGES_FROM_PENDING_INTENT_SENDER, callingPackage, + UserHandle.getUserHandleForUid(callingUid)) : CompatChanges.isChangeEnabled( DEFAULT_RESCIND_BAL_PRIVILEGES_FROM_PENDING_INTENT_SENDER, callingUid); if (isChangeEnabledForApp) { return BackgroundStartPrivileges.ALLOW_FGS; @@ -638,7 +641,7 @@ public final class PendingIntentRecord extends IIntentSender.Stub { // temporarily allow receivers and services to open activities from background if the // PendingIntent.send() caller was foreground at the time of sendInner() call if (uid != callingUid && controller.mAtmInternal.isUidForeground(callingUid)) { - return getBackgroundStartPrivilegesAllowedByCaller(options, callingUid); + return getBackgroundStartPrivilegesAllowedByCaller(options, callingUid, null); } return BackgroundStartPrivileges.NONE; } diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java index cff65547c673..b8ae33032a6c 100644 --- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java +++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java @@ -5337,15 +5337,54 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { return null; } - WindowProcessController getProcessController(int pid, int uid) { + /** + * Returns the {@link WindowProcessController} for the app process for the given uid and pid. + * + * If no such {@link WindowProcessController} is found, it does not belong to an app, or the + * pid does not match the uid {@code null} is returned. + */ + @Nullable WindowProcessController getProcessController(int pid, int uid) { + return UserHandle.isApp(uid) ? getProcessControllerInternal(pid, uid) : null; + } + + /** + * Returns the {@link WindowProcessController} for the given uid and pid. + * + * If no such {@link WindowProcessController} is found or the pid does not match the uid + * {@code null} is returned. + */ + private @Nullable WindowProcessController getProcessControllerInternal(int pid, int uid) { final WindowProcessController proc = mProcessMap.getProcess(pid); - if (proc == null) return null; - if (UserHandle.isApp(uid) && proc.mUid == uid) { + if (proc == null) { + return null; + } + if (proc.mUid == uid) { return proc; } return null; } + /** + * Returns the package name if (and only if) the package name can be uniquely determined. + * Otherwise returns {@code null}. + * + * The provided pid must match the provided uid, otherwise this also returns null. + */ + @Nullable String getPackageNameIfUnique(int uid, int pid) { + WindowProcessController processController = getProcessControllerInternal(pid, uid); + if (processController == null) { + Slog.w(TAG, "callingPackage for (uid=" + uid + ", pid=" + pid + ") has no WPC"); + return null; + } + List<String> realCallingPackages = processController.getPackageList(); + if (realCallingPackages.size() == 1) { + return realCallingPackages.get(0); + } + Slog.w(TAG, "callingPackage for (uid=" + uid + ", pid=" + pid + ") is ambiguous: " + + realCallingPackages); + return null; + } + /** A uid is considered to be foreground if it has a visible non-toast window. */ @HotPath(caller = HotPath.START_SERVICE) boolean hasActiveVisibleWindow(int uid) { diff --git a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java index dc49e8cea18b..b216578262b4 100644 --- a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java +++ b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java @@ -180,7 +180,8 @@ public class BackgroundActivityStartController { Intent intent, ActivityOptions checkedOptions) { return checkBackgroundActivityStart(callingUid, callingPid, callingPackage, - realCallingUid, realCallingPid, callerApp, originatingPendingIntent, + realCallingUid, realCallingPid, + callerApp, originatingPendingIntent, backgroundStartPrivileges, intent, checkedOptions) == BAL_BLOCK; } @@ -288,11 +289,13 @@ public class BackgroundActivityStartController { } } + String realCallingPackage = mService.getPackageNameIfUnique(realCallingUid, realCallingPid); + // Legacy behavior allows to use caller foreground state to bypass BAL restriction. // The options here are the options passed by the sender and not those on the intent. final BackgroundStartPrivileges balAllowedByPiSender = PendingIntentRecord.getBackgroundStartPrivilegesAllowedByCaller( - checkedOptions, realCallingUid); + checkedOptions, realCallingUid, realCallingPackage); final boolean logVerdictChangeByPiDefaultChange = checkedOptions == null || checkedOptions.getPendingIntentBackgroundActivityStartMode() @@ -460,8 +463,11 @@ public class BackgroundActivityStartController { // If we are here, it means all exemptions not based on PI sender failed, so we'll block // unless resultIfPiSenderAllowsBal is an allow and the PI sender allows BAL - String realCallingPackage = callingUid == realCallingUid ? callingPackage : - mService.mContext.getPackageManager().getNameForUid(realCallingUid); + if (realCallingPackage == null) { + realCallingPackage = (callingUid == realCallingUid ? callingPackage : + mService.mContext.getPackageManager().getNameForUid(realCallingUid)) + + "[debugOnly]"; + } String stateDumpLog = " [callingPackage: " + callingPackage + "; callingUid: " + callingUid diff --git a/services/core/java/com/android/server/wm/WindowProcessController.java b/services/core/java/com/android/server/wm/WindowProcessController.java index dbd9e4b8ea68..3672820c13ad 100644 --- a/services/core/java/com/android/server/wm/WindowProcessController.java +++ b/services/core/java/com/android/server/wm/WindowProcessController.java @@ -721,6 +721,12 @@ public class WindowProcessController extends ConfigurationContainer<Configuratio } } + List<String> getPackageList() { + synchronized (mPkgList) { + return new ArrayList<>(mPkgList); + } + } + void addActivityIfNeeded(ActivityRecord r) { // even if we already track this activity, note down that it has been launched setLastActivityLaunchTime(r); diff --git a/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java b/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java index 2671e771aa59..2b589bf59682 100644 --- a/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java +++ b/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java @@ -944,7 +944,7 @@ public class ActivityStarterTests extends WindowTestsBase { anyInt(), anyInt())); doReturn(BackgroundStartPrivileges.allowBackgroundActivityStarts(null)).when( () -> PendingIntentRecord.getBackgroundStartPrivilegesAllowedByCaller( - anyObject(), anyInt())); + anyObject(), anyInt(), anyObject())); runAndVerifyBackgroundActivityStartsSubtest( "allowed_notAborted", false, UNIMPORTANT_UID, false, PROCESS_STATE_BOUND_TOP, |