Merge "Introduce Intent#prepareToEnterSystemServer()" into main

author: John Wu <topjohnwu@google.com> 2024-06-18 06:55:55 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2024-06-18 06:55:55 +0000
commit: 8dfcf9d72cf10183ed21f72b6d74e074cfc16be0 (patch)
tree: d3877ed9b718bab87da82cf3f6cbbeddcef39ce6
parent: 8d8c48bd06b16ddefb9e5f3c75da9299e413217e (diff)
parent: 332e32b8b4a5aa09c6321eaee6d6cf2a6368b42a (diff)
5 files changed, 44 insertions, 47 deletions
diff --git a/core/java/android/content/Intent.java b/core/java/android/content/Intent.java
index dfa2973816bd..a6edab1420ba 100644
--- a/core/java/android/content/Intent.java
+++ b/core/java/android/content/Intent.java
@@ -7630,6 +7630,13 @@ public class Intent implements Parcelable, Cloneable {
             | FLAG_GRANT_PREFIX_URI_PERMISSION;
 
     /**
+     * Flags that are not normally set by application code, but set for you by the system.
+     */
+    private static final int SYSTEM_ONLY_FLAGS = FLAG_ACTIVITY_LAUNCHED_FROM_HISTORY
+            | FLAG_ACTIVITY_BROUGHT_TO_FRONT
+            | FLAG_RECEIVER_FROM_SHELL;
+
+    /**
      * Local flag indicating this instance was created by copy constructor.
      */
     private static final int LOCAL_FLAG_FROM_COPY = 1 << 0;
@@ -7682,6 +7689,11 @@ public class Intent implements Parcelable, Cloneable {
     @TestApi
     public static final int EXTENDED_FLAG_FILTER_MISMATCH = 1 << 0;
 
+    /**
+     * Extended flags that are not normally set by application code, but set for you by the system.
+     */
+    private static final int SYSTEM_ONLY_EXTENDED_FLAGS = EXTENDED_FLAG_FILTER_MISMATCH;
+
     // ---------------------------------------------------------------------
     // ---------------------------------------------------------------------
     // toUri() and parseUri() options.
@@ -12625,6 +12637,28 @@ public class Intent implements Parcelable, Cloneable {
         }
     }
 
+    /**
+     * Prepare this {@link Intent} to enter system_server.
+     *
+     * @hide
+     */
+    public void prepareToEnterSystemServer() {
+        // Refuse possible leaked file descriptors
+        if (hasFileDescriptors()) {
+            throw new IllegalArgumentException("File descriptors passed in Intent");
+        }
+        // These flags are set only by the system, and should be stripped out as soon as the intent
+        // is received by system_server from the caller so it can be properly updated later.
+        removeFlags(SYSTEM_ONLY_FLAGS);
+        removeExtendedFlags(SYSTEM_ONLY_EXTENDED_FLAGS);
+        if (mOriginalIntent != null) {
+            mOriginalIntent.prepareToEnterSystemServer();
+        }
+        if (mSelector != null) {
+            mSelector.prepareToEnterSystemServer();
+        }
+    }
+
     /** @hide */
     public boolean hasWebURI() {
         if (getData() == null) {
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index affe2980532b..022df9a8dc81 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -5550,9 +5550,7 @@ public class ActivityManagerService extends IActivityManager.Stub
             for (int i=0; i<intents.length; i++) {
                 Intent intent = intents[i];
                 if (intent != null) {
-                    if (intent.hasFileDescriptors()) {
-                        throw new IllegalArgumentException("File descriptors passed in Intent");
-                    }
+                    intent.prepareToEnterSystemServer();
                     if (type == ActivityManager.INTENT_SENDER_BROADCAST &&
                             (intent.getFlags()&Intent.FLAG_RECEIVER_BOOT_UPGRADE) != 0) {
                         throw new IllegalArgumentException(
@@ -5585,7 +5583,6 @@ public class ActivityManagerService extends IActivityManager.Stub
                         }
                     }
                     intents[i] = new Intent(intent);
-                    intents[i].removeExtendedFlags(Intent.EXTENDED_FLAG_FILTER_MISMATCH);
                 }
             }
             if (resolvedTypes != null && resolvedTypes.length != intents.length) {
@@ -13961,12 +13958,7 @@ public class ActivityManagerService extends IActivityManager.Stub
         enforceNotIsolatedCaller("startService");
         enforceAllowedToStartOrBindServiceIfSdkSandbox(service);
         if (service != null) {
-            // Refuse possible leaked file descriptors
-            if (service.hasFileDescriptors()) {
-                throw new IllegalArgumentException("File descriptors passed in Intent");
-            }
-            // Remove existing mismatch flag so it can be properly updated later
-            service.removeExtendedFlags(Intent.EXTENDED_FLAG_FILTER_MISMATCH);
+            service.prepareToEnterSystemServer();
         }
 
         if (callingPackage == null) {
@@ -14203,12 +14195,7 @@ public class ActivityManagerService extends IActivityManager.Stub
         enforceAllowedToStartOrBindServiceIfSdkSandbox(service);
 
         if (service != null) {
-            // Refuse possible leaked file descriptors
-            if (service.hasFileDescriptors()) {
-                throw new IllegalArgumentException("File descriptors passed in Intent");
-            }
-            // Remove existing mismatch flag so it can be properly updated later
-            service.removeExtendedFlags(Intent.EXTENDED_FLAG_FILTER_MISMATCH);
+            service.prepareToEnterSystemServer();
         }
 
         if (callingPackage == null) {
@@ -16242,12 +16229,7 @@ public class ActivityManagerService extends IActivityManager.Stub
 
     final Intent verifyBroadcastLocked(Intent intent) {
         if (intent != null) {
-            // Refuse possible leaked file descriptors
-            if (intent.hasFileDescriptors()) {
-                throw new IllegalArgumentException("File descriptors passed in Intent");
-            }
-            // Remove existing mismatch flag so it can be properly updated later
-            intent.removeExtendedFlags(Intent.EXTENDED_FLAG_FILTER_MISMATCH);
+            intent.prepareToEnterSystemServer();
         }
 
         int flags = intent.getFlags();
diff --git a/services/core/java/com/android/server/wm/ActivityStartController.java b/services/core/java/com/android/server/wm/ActivityStartController.java
index 0e401ebc94b5..a0ef03095010 100644
--- a/services/core/java/com/android/server/wm/ActivityStartController.java
+++ b/services/core/java/com/android/server/wm/ActivityStartController.java
@@ -424,19 +424,13 @@ public class ActivityStartController {
                 Intent intent = intents[i];
                 NeededUriGrants intentGrants = null;
 
-                // Refuse possible leaked file descriptors.
-                if (intent.hasFileDescriptors()) {
-                    throw new IllegalArgumentException("File descriptors passed in Intent");
-                }
+                intent.prepareToEnterSystemServer();
 
                 // Get the flag earlier because the intent may be modified in resolveActivity below.
                 final boolean componentSpecified = intent.getComponent() != null;
                 // Don't modify the client's object!
                 intent = new Intent(intent);
 
-                // Remove existing mismatch flag so it can be properly updated later
-                intent.removeExtendedFlags(Intent.EXTENDED_FLAG_FILTER_MISMATCH);
-
                 // Collect information about the target of the Intent.
                 ActivityInfo aInfo = mSupervisor.resolveActivity(intent, resolvedTypes[i],
                         0 /* startFlags */, null /* profilerInfo */, userId, filterCallingUid,
diff --git a/services/core/java/com/android/server/wm/ActivityStarter.java b/services/core/java/com/android/server/wm/ActivityStarter.java
index e6d81324efa1..e9c08e0ac29d 100644
--- a/services/core/java/com/android/server/wm/ActivityStarter.java
+++ b/services/core/java/com/android/server/wm/ActivityStarter.java
@@ -718,13 +718,7 @@ class ActivityStarter {
             onExecutionStarted();
 
             if (mRequest.intent != null) {
-                // Refuse possible leaked file descriptors
-                if (mRequest.intent.hasFileDescriptors()) {
-                    throw new IllegalArgumentException("File descriptors passed in Intent");
-                }
-
-                // Remove existing mismatch flag so it can be properly updated later
-                mRequest.intent.removeExtendedFlags(Intent.EXTENDED_FLAG_FILTER_MISMATCH);
+                mRequest.intent.prepareToEnterSystemServer();
             }
 
             final LaunchingState launchingState;
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index cfd5300417b4..2109f5d5ab8f 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -1318,12 +1318,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
             String resultWho, int requestCode, int flagsMask, int flagsValues, Bundle bOptions) {
         enforceNotIsolatedCaller("startActivityIntentSender");
         if (fillInIntent != null) {
-            // Refuse possible leaked file descriptors
-            if (fillInIntent.hasFileDescriptors()) {
-                throw new IllegalArgumentException("File descriptors passed in Intent");
-            }
-            // Remove existing mismatch flag so it can be properly updated later
-            fillInIntent.removeExtendedFlags(Intent.EXTENDED_FLAG_FILTER_MISMATCH);
+            fillInIntent.prepareToEnterSystemServer();
         }
 
         if (!(target instanceof PendingIntentRecord)) {
@@ -1349,10 +1344,10 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
     @Override
     public boolean startNextMatchingActivity(IBinder callingActivity, Intent intent,
             Bundle bOptions) {
-        // Refuse possible leaked file descriptors
-        if (intent != null && intent.hasFileDescriptors()) {
-            throw new IllegalArgumentException("File descriptors passed in Intent");
+        if (intent != null) {
+            intent.prepareToEnterSystemServer();
         }
+
         SafeActivityOptions options = SafeActivityOptions.fromBundle(bOptions);
 
         synchronized (mGlobalLock) {
@@ -1367,8 +1362,6 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
                 return false;
             }
             intent = new Intent(intent);
-            // Remove existing mismatch flag so it can be properly updated later
-            intent.removeExtendedFlags(Intent.EXTENDED_FLAG_FILTER_MISMATCH);
             // The caller is not allowed to change the data.
             intent.setDataAndType(r.intent.getData(), r.intent.getType());
             // And we are resetting to find the next component...
author	John Wu <topjohnwu@google.com>	2024-06-18 06:55:55 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2024-06-18 06:55:55 +0000
commit	8dfcf9d72cf10183ed21f72b6d74e074cfc16be0 (patch)
tree	d3877ed9b718bab87da82cf3f6cbbeddcef39ce6
parent	8d8c48bd06b16ddefb9e5f3c75da9299e413217e (diff)
parent	332e32b8b4a5aa09c6321eaee6d6cf2a6368b42a (diff)