summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Achim Thesmann <achim@google.com> 2024-01-04 01:45:47 +0000
committer Android (Google) Code Review <android-gerrit@google.com> 2024-01-04 01:45:47 +0000
commit62acf9ae3a06460c41a2856922ce1076ed11d52f (patch)
treedd5fa64fc6881ea4895e449375a838814a1ea6e2
parentd3d4469478fcfb2446c150408a457ecdb6902bf1 (diff)
parentbfd07e0f01595a5d4669eb5653f48cce3de952d5 (diff)
Merge "Move base verdicts to BalState class" into main
Diffstat
-rw-r--r--services/core/java/com/android/server/wm/BackgroundActivityStartController.java153
1 files changed, 80 insertions, 73 deletions
diff --git a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
index 0b1e6dbb7d38..055aa5bc9153 100644
--- a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
+++ b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
@@ -61,6 +61,7 @@ import android.widget.Toast;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.util.FrameworkStatsLog;
+import com.android.internal.util.Preconditions;
import com.android.server.UiThread;
import com.android.server.am.PendingIntentRecord;
import com.android.window.flags.Flags;
@@ -220,6 +221,8 @@ public class BackgroundActivityStartController {
private final WindowProcessController mRealCallerApp;
private final boolean mIsCallForResult;
private final ActivityOptions mCheckedOptions;
+ private BalVerdict mResultForCaller;
+ private BalVerdict mResultForRealCaller;
private BalState(int callingUid, int callingPid, final String callingPackage,
int realCallingUid, int realCallingPid,
@@ -371,8 +374,19 @@ public class BackgroundActivityStartController {
return mCallingUid == mRealCallingUid;
}
- private String dump(BalVerdict resultIfPiCreatorAllowsBal,
- BalVerdict resultIfPiSenderAllowsBal) {
+ public void setResultForCaller(BalVerdict resultForCaller) {
+ Preconditions.checkState(mResultForCaller == null,
+ "mResultForCaller can only be set once");
+ this.mResultForCaller = resultForCaller;
+ }
+
+ public void setResultForRealCaller(BalVerdict resultForRealCaller) {
+ Preconditions.checkState(mResultForRealCaller == null,
+ "mResultForRealCaller can only be set once");
+ this.mResultForRealCaller = resultForRealCaller;
+ }
+
+ private String dump() {
StringBuilder sb = new StringBuilder(2048);
sb.append("[callingPackage: ")
.append(getDebugPackageName(mCallingPackage, mCallingUid));
@@ -394,7 +408,7 @@ public class BackgroundActivityStartController {
sb.append("; balAllowedByPiCreator: ").append(mBalAllowedByPiCreator);
sb.append("; balAllowedByPiCreatorWithHardening: ")
.append(mBalAllowedByPiCreatorWithHardening);
- sb.append("; resultIfPiCreatorAllowsBal: ").append(resultIfPiCreatorAllowsBal);
+ sb.append("; resultIfPiCreatorAllowsBal: ").append(mResultForCaller);
sb.append("; hasRealCaller: ").append(hasRealCaller());
sb.append("; isCallForResult: ").append(mIsCallForResult);
sb.append("; isPendingIntent: ").append(isPendingIntent());
@@ -418,7 +432,7 @@ public class BackgroundActivityStartController {
.append(mRealCallerApp.hasActivityInVisibleTask());
}
sb.append("; balAllowedByPiSender: ").append(mBalAllowedByPiSender);
- sb.append("; resultIfPiSenderAllowsBal: ").append(resultIfPiSenderAllowsBal);
+ sb.append("; resultIfPiSenderAllowsBal: ").append(mResultForRealCaller);
}
sb.append("]");
return sb.toString();
@@ -561,23 +575,25 @@ public class BackgroundActivityStartController {
// realCallingSdkSandboxUidToAppUid should probably just be used instead (or in addition
// to realCallingUid when calculating resultForRealCaller below.
if (mService.hasActiveVisibleWindow(realCallingSdkSandboxUidToAppUid)) {
- BalVerdict balVerdict = new BalVerdict(BAL_ALLOW_SDK_SANDBOX, /*background*/ false,
- "uid in SDK sandbox has visible (non-toast) window");
- return allowBasedOnRealCaller(state, balVerdict, balVerdict);
+ state.setResultForRealCaller(new BalVerdict(BAL_ALLOW_SDK_SANDBOX,
+ /*background*/ false,
+ "uid in SDK sandbox has visible (non-toast) window"));
+ return allowBasedOnRealCaller(state);
}
}
BalVerdict resultForCaller = checkBackgroundActivityStartAllowedByCaller(state);
+ state.setResultForCaller(resultForCaller);
if (!state.hasRealCaller()) {
if (resultForCaller.allows()) {
if (DEBUG_ACTIVITY_STARTS) {
Slog.d(TAG, "Background activity start allowed. "
- + state.dump(resultForCaller, resultForCaller));
+ + state.dump());
}
- return allowBasedOnCaller(state, resultForCaller, resultForCaller);
+ return allowBasedOnCaller(state);
}
- return abortLaunch(state, resultForCaller, resultForCaller);
+ return abortLaunch(state);
}
// The realCaller result is only calculated for PendingIntents (indicated by a valid
@@ -591,6 +607,8 @@ public class BackgroundActivityStartController {
? resultForCaller
: checkBackgroundActivityStartAllowedBySender(state, checkedOptions)
.setBasedOnRealCaller();
+ state.setResultForRealCaller(resultForRealCaller);
+
if (state.isPendingIntent()) {
resultForCaller.setOnlyCreatorAllows(
resultForCaller.allows() && resultForRealCaller.blocks());
@@ -602,18 +620,18 @@ public class BackgroundActivityStartController {
== ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_ALLOWED) {
if (DEBUG_ACTIVITY_STARTS) {
Slog.d(TAG, "Activity start explicitly allowed by caller. "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
}
- return allowBasedOnCaller(state, resultForCaller, resultForRealCaller);
+ return allowBasedOnCaller(state);
}
if (resultForRealCaller.allows()
&& checkedOptions.getPendingIntentBackgroundActivityStartMode()
== ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_ALLOWED) {
if (DEBUG_ACTIVITY_STARTS) {
Slog.d(TAG, "Activity start explicitly allowed by real caller. "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
}
- return allowBasedOnRealCaller(state, resultForCaller, resultForRealCaller);
+ return allowBasedOnRealCaller(state);
}
// Handle PendingIntent cases with default behavior next
boolean callerCanAllow = resultForCaller.allows()
@@ -628,26 +646,26 @@ public class BackgroundActivityStartController {
// Will be allowed even with BAL hardening.
if (DEBUG_ACTIVITY_STARTS) {
Slog.d(TAG, "Activity start allowed by caller. "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
}
// return the realCaller result for backwards compatibility
- return allowBasedOnRealCaller(state, resultForCaller, resultForRealCaller);
+ return allowBasedOnRealCaller(state);
}
if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {
Slog.wtf(TAG,
"With Android 15 BAL hardening this activity start may be blocked"
+ " if the PI creator upgrades target_sdk to 35+"
+ " AND the PI sender upgrades target_sdk to 34+! "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
showBalRiskToast();
// return the realCaller result for backwards compatibility
- return allowBasedOnRealCaller(state, resultForCaller, resultForRealCaller);
+ return allowBasedOnRealCaller(state);
}
Slog.wtf(TAG,
"Without Android 15 BAL hardening this activity start would be allowed"
+ " (missing opt in by PI creator or sender)! "
- + state.dump(resultForCaller, resultForRealCaller));
- return abortLaunch(state, resultForCaller, resultForRealCaller);
+ + state.dump());
+ return abortLaunch(state);
}
if (callerCanAllow) {
// Allowed before V by creator
@@ -655,24 +673,24 @@ public class BackgroundActivityStartController {
// Will be allowed even with BAL hardening.
if (DEBUG_ACTIVITY_STARTS) {
Slog.d(TAG, "Activity start allowed by caller. "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
}
- return allowBasedOnCaller(state, resultForCaller, resultForRealCaller);
+ return allowBasedOnCaller(state);
}
if (state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts()) {
Slog.wtf(TAG,
"With Android 15 BAL hardening this activity start may be blocked"
+ " if the PI creator upgrades target_sdk to 35+! "
+ " (missing opt in by PI creator)! "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
showBalRiskToast();
- return allowBasedOnCaller(state, resultForCaller, resultForRealCaller);
+ return allowBasedOnCaller(state);
}
Slog.wtf(TAG,
"Without Android 15 BAL hardening this activity start would be allowed"
+ " (missing opt in by PI creator)! "
- + state.dump(resultForCaller, resultForRealCaller));
- return abortLaunch(state, resultForCaller, resultForRealCaller);
+ + state.dump());
+ return abortLaunch(state);
}
if (realCallerCanAllow) {
// Allowed before U by sender
@@ -681,43 +699,40 @@ public class BackgroundActivityStartController {
"With Android 14 BAL hardening this activity start will be blocked"
+ " if the PI sender upgrades target_sdk to 34+! "
+ " (missing opt in by PI sender)! "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
showBalRiskToast();
- return allowBasedOnRealCaller(state, resultForCaller, resultForRealCaller);
+ return allowBasedOnRealCaller(state);
}
Slog.wtf(TAG, "Without Android 14 BAL hardening this activity start would be allowed"
+ " (missing opt in by PI sender)! "
- + state.dump(resultForCaller, resultForRealCaller));
- return abortLaunch(state, resultForCaller, resultForRealCaller);
+ + state.dump());
+ return abortLaunch(state);
}
// neither the caller not the realCaller can allow or have explicitly opted out
- return abortLaunch(state, resultForCaller, resultForRealCaller);
+ return abortLaunch(state);
}
- private BalVerdict allowBasedOnCaller(BalState state, BalVerdict resultForCaller,
- BalVerdict resultForRealCaller) {
+ private BalVerdict allowBasedOnCaller(BalState state) {
if (DEBUG_ACTIVITY_STARTS) {
Slog.d(TAG, "Background activity launch allowed based on caller. "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
}
- return statsLog(resultForCaller, resultForCaller, resultForRealCaller, state);
+ return statsLog(state.mResultForCaller, state);
}
- private BalVerdict allowBasedOnRealCaller(BalState state, BalVerdict resultForCaller,
- BalVerdict resultForRealCaller) {
+ private BalVerdict allowBasedOnRealCaller(BalState state) {
if (DEBUG_ACTIVITY_STARTS) {
Slog.d(TAG, "Background activity launch allowed based on real caller. "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
}
- return statsLog(resultForRealCaller, resultForCaller, resultForRealCaller, state);
+ return statsLog(state.mResultForRealCaller, state);
}
- private BalVerdict abortLaunch(BalState state, BalVerdict resultForCaller,
- BalVerdict resultForRealCaller) {
+ private BalVerdict abortLaunch(BalState state) {
Slog.w(TAG, "Background activity launch blocked! "
- + state.dump(resultForCaller, resultForRealCaller));
+ + state.dump());
showBalBlockedToast();
- return statsLog(BalVerdict.BLOCK, resultForCaller, resultForRealCaller, state);
+ return statsLog(BalVerdict.BLOCK, state);
}
/**
@@ -1464,8 +1479,7 @@ public class BackgroundActivityStartController {
/* defaultValue= */ true);
}
- private BalVerdict statsLog(BalVerdict finalVerdict,
- BalVerdict callerVerdict, BalVerdict realCallerVerdict, BalState state) {
+ private BalVerdict statsLog(BalVerdict finalVerdict, BalState state) {
if (finalVerdict.blocks() && mService.isActivityStartsLoggingEnabled()) {
// log aborted activity start to TRON
mSupervisor
@@ -1492,43 +1506,36 @@ public class BackgroundActivityStartController {
&& (callingUid == Process.SYSTEM_UID || realCallingUid == Process.SYSTEM_UID)) {
String activityName = intent != null
? requireNonNull(intent.getComponent()).flattenToShortString() : "";
- FrameworkStatsLog.write(FrameworkStatsLog.BAL_ALLOWED,
- activityName,
- BAL_ALLOW_PENDING_INTENT,
- callingUid,
- realCallingUid,
- callerVerdict.getRawCode(),
- state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts(),
- state.mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode()
- != ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED,
- realCallerVerdict.getRawCode(),
- state.mBalAllowedByPiSender.allowsBackgroundActivityStarts(),
- state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode()
- != ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED
- );
+ writeBalAllowedLog(activityName, BAL_ALLOW_PENDING_INTENT,
+ state);
}
if (code == BAL_ALLOW_PERMISSION || code == BAL_ALLOW_FOREGROUND
|| code == BAL_ALLOW_SAW_PERMISSION) {
// We don't need to know which activity in this case.
- FrameworkStatsLog.write(FrameworkStatsLog.BAL_ALLOWED,
- /*activityName*/ "",
- code,
- callingUid,
- realCallingUid,
- callerVerdict.getRawCode(),
- state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts(),
- state.mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode()
- != ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED,
- realCallerVerdict.getRawCode(),
- state.mBalAllowedByPiSender.allowsBackgroundActivityStarts(),
- state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode()
- != ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED
- );
+ writeBalAllowedLog("", code, state);
}
return finalVerdict;
}
+ private static void writeBalAllowedLog(String activityName, int code, BalState state) {
+ FrameworkStatsLog.write(FrameworkStatsLog.BAL_ALLOWED,
+ activityName,
+ code,
+ state.mCallingUid,
+ state.mRealCallingUid,
+ state.mResultForCaller == null ? BAL_BLOCK : state.mResultForCaller.getRawCode(),
+ state.mBalAllowedByPiCreator.allowsBackgroundActivityStarts(),
+ state.mCheckedOptions.getPendingIntentCreatorBackgroundActivityStartMode()
+ != ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED,
+ state.mResultForRealCaller == null ? BAL_BLOCK
+ : state.mResultForRealCaller.getRawCode(),
+ state.mBalAllowedByPiSender.allowsBackgroundActivityStarts(),
+ state.mCheckedOptions.getPendingIntentBackgroundActivityStartMode()
+ != ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED
+ );
+ }
+
/**
* Called whenever an activity finishes. Stores the record, so it can be used by ASM grace
* period checks.
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-07 23:39:52 +0000