diff options
4 files changed, 181 insertions, 159 deletions
diff --git a/services/core/java/com/android/server/wm/ActivityStarter.java b/services/core/java/com/android/server/wm/ActivityStarter.java index 7cccf6b578ff..34bf8edc148f 100644 --- a/services/core/java/com/android/server/wm/ActivityStarter.java +++ b/services/core/java/com/android/server/wm/ActivityStarter.java @@ -1097,23 +1097,22 @@ class ActivityStarter { "shouldAbortBackgroundActivityStart"); BackgroundActivityStartController balController = mSupervisor.getBackgroundActivityLaunchController(); - balCode = + BackgroundActivityStartController.BalVerdict balVerdict = balController.checkBackgroundActivityStart( - callingUid, - callingPid, - callingPackage, - realCallingUid, - realCallingPid, - callerApp, - request.originatingPendingIntent, - request.backgroundStartPrivileges, - intent, - checkedOptions); - if (balCode != BAL_ALLOW_DEFAULT) { - request.logMessage.append(" (").append( - BackgroundActivityStartController.balCodeToString(balCode)) - .append(")"); - } + callingUid, + callingPid, + callingPackage, + realCallingUid, + realCallingPid, + callerApp, + request.originatingPendingIntent, + request.backgroundStartPrivileges, + intent, + checkedOptions); + balCode = balVerdict.getCode(); + request.logMessage.append(" (").append( + BackgroundActivityStartController.balCodeToString(balCode)) + .append(")"); } finally { Trace.traceEnd(Trace.TRACE_TAG_WINDOW_MANAGER); } diff --git a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java index 1e4b258ff5c5..9b7b8de633c4 100644 --- a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java +++ b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java @@ -204,7 +204,7 @@ public class BackgroundActivityStartController { return checkBackgroundActivityStart(callingUid, callingPid, callingPackage, realCallingUid, realCallingPid, callerApp, originatingPendingIntent, - backgroundStartPrivileges, intent, checkedOptions) == BAL_BLOCK; + backgroundStartPrivileges, intent, checkedOptions).blocks(); } private class BalState { @@ -291,8 +291,8 @@ public class BackgroundActivityStartController { return name + "[debugOnly]"; } - private String dump(@BalCode int mResultIfPiCreatorAllowsBal, - @BalCode int mResultIfPiSenderAllowsBal) { + private String dump(BalVerdict resultIfPiCreatorAllowsBal, + BalVerdict resultIfPiSenderAllowsBal) { return " [callingPackage: " + getDebugPackageName(mCallingPackage, mCallingUid) + "; callingUid: " + mCallingUid + "; appSwitchState: " + mAppSwitchState @@ -321,19 +321,64 @@ public class BackgroundActivityStartController { + (mCallerApp != null && mCallerApp.hasActivityInVisibleTask()) + "; realInVisibleTask: " + (mRealCallerApp != null && mRealCallerApp.hasActivityInVisibleTask()) - + "; resultIfPiSenderAllowsBal: " + balCodeToString(mResultIfPiSenderAllowsBal) - + "; resultIfPiCreatorAllowsBal: " - + balCodeToString(mResultIfPiCreatorAllowsBal) + + "; resultIfPiSenderAllowsBal: " + resultIfPiSenderAllowsBal + + "; resultIfPiCreatorAllowsBal: " + resultIfPiCreatorAllowsBal + "]"; } } + static class BalVerdict { + + static final BalVerdict BLOCK = new BalVerdict(BAL_BLOCK, false, "Blocked"); + private final @BalCode int mCode; + private final boolean mBackground; + private final String mMessage; + private String mProcessInfo; + + BalVerdict(@BalCode int balCode, boolean background, String message) { + this.mBackground = background; + this.mCode = balCode; + this.mMessage = message; + } + + public BalVerdict withProcessInfo(String msg, WindowProcessController process) { + mProcessInfo = msg + " (uid=" + process.mUid + ",pid=" + process.getPid() + ")"; + return this; + } + + boolean blocks() { + return mCode == BAL_BLOCK; + } + + boolean allows() { + return !blocks(); + } + + public String toString() { + StringBuilder builder = new StringBuilder(); + if (mBackground) { + builder.append("Background "); + } + builder.append("Activity start allowed: " + mMessage + "."); + builder.append("BAL Code: "); + builder.append(balCodeToString(mCode)); + if (mProcessInfo != null) { + builder.append(" "); + builder.append(mProcessInfo); + } + return builder.toString(); + } + + public @BalCode int getCode() { + return mCode; + } + } + /** * @return A code denoting which BAL rule allows an activity to be started, * or {@link #BAL_BLOCK} if the launch should be blocked */ - @BalCode - int checkBackgroundActivityStart( + BalVerdict checkBackgroundActivityStart( int callingUid, int callingPid, final String callingPackage, @@ -362,36 +407,49 @@ public class BackgroundActivityStartController { // realCallingSdkSandboxUidToAppUid should probably just be used instead (or in addition // to realCallingUid when calculating resultForRealCaller below. if (mService.hasActiveVisibleWindow(realCallingSdkSandboxUidToAppUid)) { - return logStartAllowedAndReturnCode(BAL_ALLOW_SDK_SANDBOX, - /*background*/ false, state, + BalVerdict balVerdict = new BalVerdict(BAL_ALLOW_SDK_SANDBOX, /*background*/ false, "uid in SDK sandbox has visible (non-toast) window"); + return statsLog(balVerdict, state); } } - @BalCode int resultForCaller = checkBackgroundActivityStartAllowedByCaller(state); - @BalCode int resultForRealCaller = callingUid == realCallingUid + BalVerdict resultForCaller = checkBackgroundActivityStartAllowedByCaller(state); + BalVerdict resultForRealCaller = callingUid == realCallingUid ? resultForCaller // no need to calculate again : checkBackgroundActivityStartAllowedBySender(state, checkedOptions); - if (resultForCaller != BAL_BLOCK + if (resultForCaller.allows() && checkedOptions.getPendingIntentCreatorBackgroundActivityStartMode() == ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_ALLOWED) { if (DEBUG_ACTIVITY_STARTS) { Slog.d(TAG, "Activity start explicitly allowed by PI creator. " + state.dump(resultForCaller, resultForRealCaller)); } - return resultForCaller; + return statsLog(resultForCaller, state); } - if (resultForRealCaller != BAL_BLOCK + if (resultForRealCaller.allows() && checkedOptions.getPendingIntentBackgroundActivityStartMode() == ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_ALLOWED) { if (DEBUG_ACTIVITY_STARTS) { - Slog.i(TAG, "Activity start explicitly allowed by PI sender. " + Slog.d(TAG, "Activity start explicitly allowed by PI sender. " + state.dump(resultForCaller, resultForRealCaller)); } - return resultForRealCaller; + return statsLog(resultForRealCaller, state); + } + if (resultForCaller.allows() && resultForRealCaller.allows() + && checkedOptions.getPendingIntentCreatorBackgroundActivityStartMode() + == ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED + && checkedOptions.getPendingIntentBackgroundActivityStartMode() + == ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED) { + // Both caller and real caller allow with system defined behavior + Slog.wtf(TAG, + "With Android 15 BAL hardening this activity start would be blocked" + + " (missing opt in by PI creator)! " + + state.dump(resultForCaller, resultForRealCaller)); + // return the realCaller result for backwards compatibility + return statsLog(resultForRealCaller, state); } - if (resultForCaller != BAL_BLOCK + if (resultForCaller.allows() && checkedOptions.getPendingIntentCreatorBackgroundActivityStartMode() == ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED) { // Allowed before V by creator @@ -399,9 +457,9 @@ public class BackgroundActivityStartController { "With Android 15 BAL hardening this activity start would be blocked" + " (missing opt in by PI creator)! " + state.dump(resultForCaller, resultForRealCaller)); - return resultForCaller; + return statsLog(resultForCaller, state); } - if (resultForRealCaller != BAL_BLOCK + if (resultForRealCaller.allows() && checkedOptions.getPendingIntentBackgroundActivityStartMode() == ActivityOptions.MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED) { // Allowed before U by sender @@ -410,7 +468,7 @@ public class BackgroundActivityStartController { "With Android 14 BAL hardening this activity start would be blocked" + " (missing opt in by PI sender)! " + state.dump(resultForCaller, resultForRealCaller)); - return resultForRealCaller; + return statsLog(resultForRealCaller, state); } Slog.wtf(TAG, "Without Android 14 BAL hardening this activity start would be allowed" + " (missing opt in by PI sender)! " @@ -436,15 +494,14 @@ public class BackgroundActivityStartController { state.mRealCallingUidHasAnyVisibleWindow, (originatingPendingIntent != null)); } - return BAL_BLOCK; + return statsLog(BalVerdict.BLOCK, state); } /** * @return A code denoting which BAL rule allows an activity to be started, * or {@link #BAL_BLOCK} if the launch should be blocked */ - @BalCode - int checkBackgroundActivityStartAllowedByCaller(BalState state) { + BalVerdict checkBackgroundActivityStartAllowedByCaller(BalState state) { int callingUid = state.mCallingUid; int callingPid = state.mCallingPid; final String callingPackage = state.mCallingPackage; @@ -455,15 +512,15 @@ public class BackgroundActivityStartController { if (callingUid == Process.ROOT_UID || callingAppId == Process.SYSTEM_UID || callingAppId == Process.NFC_UID) { - return logStartAllowedAndReturnCode( + return new BalVerdict( BAL_ALLOW_ALLOWLISTED_UID, /*background*/ false, - state, "Important callingUid"); + "Important callingUid"); } // Always allow home application to start activities. if (isHomeApp(callingUid, callingPackage)) { - return logStartAllowedAndReturnCode(BAL_ALLOW_ALLOWLISTED_COMPONENT, - /*background*/ false, state, + return new BalVerdict(BAL_ALLOW_ALLOWLISTED_COMPONENT, + /*background*/ false, "Home app"); } @@ -471,8 +528,8 @@ public class BackgroundActivityStartController { final WindowState imeWindow = mService.mRootWindowContainer.getCurrentInputMethodWindow(); if (imeWindow != null && callingAppId == imeWindow.mOwnerUid) { - return logStartAllowedAndReturnCode(BAL_ALLOW_ALLOWLISTED_COMPONENT, - /*background*/ false, state, + return new BalVerdict(BAL_ALLOW_ALLOWLISTED_COMPONENT, + /*background*/ false, "Active ime"); } @@ -495,8 +552,8 @@ public class BackgroundActivityStartController { && callingUidHasAnyVisibleWindow) || isCallingUidPersistentSystemProcess; if (allowCallingUidStartActivity) { - return logStartAllowedAndReturnCode(BAL_ALLOW_VISIBLE_WINDOW, - /*background*/ false, state, + return new BalVerdict(BAL_ALLOW_VISIBLE_WINDOW, + /*background*/ false, "callingUidHasAnyVisibleWindow = " + callingUid + ", isCallingUidPersistentSystemProcess = " @@ -506,30 +563,30 @@ public class BackgroundActivityStartController { // don't abort if the callingUid has START_ACTIVITIES_FROM_BACKGROUND permission if (ActivityTaskManagerService.checkPermission(START_ACTIVITIES_FROM_BACKGROUND, callingPid, callingUid) == PERMISSION_GRANTED) { - return logStartAllowedAndReturnCode(BAL_ALLOW_PERMISSION, - /*background*/ true, state, + return new BalVerdict(BAL_ALLOW_PERMISSION, + /*background*/ true, "START_ACTIVITIES_FROM_BACKGROUND permission granted"); } // don't abort if the caller has the same uid as the recents component if (mSupervisor.mRecentTasks.isCallerRecents(callingUid)) { - return logStartAllowedAndReturnCode(BAL_ALLOW_ALLOWLISTED_COMPONENT, - /*background*/ true, state, "Recents Component"); + return new BalVerdict(BAL_ALLOW_ALLOWLISTED_COMPONENT, + /*background*/ true, "Recents Component"); } // don't abort if the callingUid is the device owner if (mService.isDeviceOwner(callingUid)) { - return logStartAllowedAndReturnCode(BAL_ALLOW_ALLOWLISTED_COMPONENT, - /*background*/ true, state, "Device Owner"); + return new BalVerdict(BAL_ALLOW_ALLOWLISTED_COMPONENT, + /*background*/ true, "Device Owner"); } // don't abort if the callingUid is a affiliated profile owner if (mService.isAffiliatedProfileOwner(callingUid)) { - return logStartAllowedAndReturnCode(BAL_ALLOW_ALLOWLISTED_COMPONENT, - /*background*/ true, state, "Affiliated Profile Owner"); + return new BalVerdict(BAL_ALLOW_ALLOWLISTED_COMPONENT, + /*background*/ true, "Affiliated Profile Owner"); } // don't abort if the callingUid has companion device final int callingUserId = UserHandle.getUserId(callingUid); if (mService.isAssociatedCompanionApp(callingUserId, callingUid)) { - return logStartAllowedAndReturnCode(BAL_ALLOW_ALLOWLISTED_COMPONENT, - /*background*/ true, state, "Companion App"); + return new BalVerdict(BAL_ALLOW_ALLOWLISTED_COMPONENT, + /*background*/ true, "Companion App"); } // don't abort if the callingUid has SYSTEM_ALERT_WINDOW permission if (mService.hasSystemAlertWindowPermission(callingUid, callingPid, callingPackage)) { @@ -538,16 +595,15 @@ public class BackgroundActivityStartController { "Background activity start for " + callingPackage + " allowed because SYSTEM_ALERT_WINDOW permission is granted."); - return logStartAllowedAndReturnCode(BAL_ALLOW_SAW_PERMISSION, - /*background*/ true, state, "SYSTEM_ALERT_WINDOW permission is granted"); + return new BalVerdict(BAL_ALLOW_SAW_PERMISSION, + /*background*/ true, "SYSTEM_ALERT_WINDOW permission is granted"); } // don't abort if the callingUid and callingPackage have the // OP_SYSTEM_EXEMPT_FROM_ACTIVITY_BG_START_RESTRICTION appop if (isSystemExemptFlagEnabled() && mService.getAppOpsManager().checkOpNoThrow( AppOpsManager.OP_SYSTEM_EXEMPT_FROM_ACTIVITY_BG_START_RESTRICTION, callingUid, callingPackage) == AppOpsManager.MODE_ALLOWED) { - return logStartAllowedAndReturnCode(BAL_ALLOW_PERMISSION, - /*background*/ true, state, + return new BalVerdict(BAL_ALLOW_PERMISSION, /*background*/ true, "OP_SYSTEM_EXEMPT_FROM_ACTIVITY_BG_START_RESTRICTION appop is granted"); } @@ -555,48 +611,48 @@ public class BackgroundActivityStartController { // That's the case for PendingIntent-based starts, since the creator's process might not be // up and alive. // Don't abort if the callerApp or other processes of that uid are allowed in any way. - @BalCode int callerAppAllowsBal = checkProcessAllowsBal(callerApp, state); - if (callerAppAllowsBal != BAL_BLOCK) { + BalVerdict callerAppAllowsBal = checkProcessAllowsBal(callerApp, state); + if (callerAppAllowsBal.allows()) { return callerAppAllowsBal; } // If we are here, it means all exemptions based on the creator failed - return BAL_BLOCK; + return BalVerdict.BLOCK; } /** * @return A code denoting which BAL rule allows an activity to be started, * or {@link #BAL_BLOCK} if the launch should be blocked */ - @BalCode - int checkBackgroundActivityStartAllowedBySender( + BalVerdict checkBackgroundActivityStartAllowedBySender( BalState state, ActivityOptions checkedOptions) { int realCallingUid = state.mRealCallingUid; + BackgroundStartPrivileges backgroundStartPrivileges = state.mBackgroundStartPrivileges; if (PendingIntentRecord.isPendingIntentBalAllowedByPermission(checkedOptions) && ActivityManager.checkComponentPermission( android.Manifest.permission.START_ACTIVITIES_FROM_BACKGROUND, realCallingUid, -1, true) == PackageManager.PERMISSION_GRANTED) { - return logStartAllowedAndReturnCode(BAL_ALLOW_PENDING_INTENT, - /*background*/ false, state, + return new BalVerdict(BAL_ALLOW_PENDING_INTENT, + /*background*/ false, "realCallingUid has BAL permission. realCallingUid: " + realCallingUid); } // don't abort if the realCallingUid has a visible window // TODO(b/171459802): We should check appSwitchAllowed also if (state.mRealCallingUidHasAnyVisibleWindow) { - return logStartAllowedAndReturnCode(BAL_ALLOW_PENDING_INTENT, - /*background*/ false, state, + return new BalVerdict(BAL_ALLOW_PENDING_INTENT, + /*background*/ false, "realCallingUid has visible (non-toast) window. realCallingUid: " + realCallingUid); } // if the realCallingUid is a persistent system process, abort if the IntentSender // wasn't allowed to start an activity if (state.mIsRealCallingUidPersistentSystemProcess - && state.mBackgroundStartPrivileges.allowsBackgroundActivityStarts()) { - return logStartAllowedAndReturnCode(BAL_ALLOW_PENDING_INTENT, - /*background*/ false, state, + && backgroundStartPrivileges.allowsBackgroundActivityStarts()) { + return new BalVerdict(BAL_ALLOW_PENDING_INTENT, + /*background*/ false, "realCallingUid is persistent system process AND intent " + "sender allowed (allowBackgroundActivityStart = true). " + "realCallingUid: " + realCallingUid); @@ -604,21 +660,21 @@ public class BackgroundActivityStartController { // don't abort if the realCallingUid is an associated companion app if (mService.isAssociatedCompanionApp( UserHandle.getUserId(realCallingUid), realCallingUid)) { - return logStartAllowedAndReturnCode(BAL_ALLOW_PENDING_INTENT, - /*background*/ false, state, + return new BalVerdict(BAL_ALLOW_PENDING_INTENT, + /*background*/ false, "realCallingUid is a companion app. " + "realCallingUid: " + realCallingUid); } // don't abort if the callerApp or other processes of that uid are allowed in any way - @BalCode int realCallerAppAllowsBal = + BalVerdict realCallerAppAllowsBal = checkProcessAllowsBal(state.mRealCallerApp, state); - if (realCallerAppAllowsBal != BAL_BLOCK) { + if (realCallerAppAllowsBal.allows()) { return realCallerAppAllowsBal; } // If we are here, it means all exemptions based on PI sender failed - return BAL_BLOCK; + return BalVerdict.BLOCK; } /** @@ -628,18 +684,16 @@ public class BackgroundActivityStartController { * String, int, boolean, boolean, boolean, long, long, long)} for details on the * exceptions. */ - private @BalCode int checkProcessAllowsBal(WindowProcessController app, BalState state) { + private BalVerdict checkProcessAllowsBal(WindowProcessController app, + BalState state) { if (app == null) { - return BAL_BLOCK; + return BalVerdict.BLOCK; } // first check the original calling process - final @BalCode int balAllowedForCaller = app + final BalVerdict balAllowedForCaller = app .areBackgroundActivityStartsAllowed(state.mAppSwitchState); - if (balAllowedForCaller != BAL_BLOCK) { - return logStartAllowedAndReturnCode(balAllowedForCaller, - /*background*/ true, state, - "callerApp process (pid = " + app.getPid() - + ", uid = " + app.mUid + ") is allowed"); + if (balAllowedForCaller.allows()) { + return balAllowedForCaller.withProcessInfo("callerApp process", app); } else { // only if that one wasn't allowed, check the other ones final ArraySet<WindowProcessController> uidProcesses = @@ -647,18 +701,17 @@ public class BackgroundActivityStartController { if (uidProcesses != null) { for (int i = uidProcesses.size() - 1; i >= 0; i--) { final WindowProcessController proc = uidProcesses.valueAt(i); - int balAllowedForUid = proc.areBackgroundActivityStartsAllowed( - state.mAppSwitchState); - if (proc != app && balAllowedForUid != BAL_BLOCK) { - return logStartAllowedAndReturnCode(balAllowedForUid, - /*background*/ true, state, - "process" + proc.getPid() + " from uid " + app.mUid - + " is allowed"); + if (proc != app) { + BalVerdict balAllowedForUid = proc.areBackgroundActivityStartsAllowed( + state.mAppSwitchState); + if (balAllowedForUid.allows()) { + return balAllowedForCaller.withProcessInfo("process", proc); + } } } } } - return BAL_BLOCK; + return BalVerdict.BLOCK; } /** @@ -1156,36 +1209,6 @@ public class BackgroundActivityStartController { return joiner.toString(); } - static @BalCode int logStartAllowedAndReturnCode(@BalCode int code, - boolean background, int callingUid, int realCallingUid, Intent intent, int pid, - String msg) { - return logStartAllowedAndReturnCode(code, background, callingUid, realCallingUid, - intent, DEBUG_ACTIVITY_STARTS ? ("[Process(" + pid + ")]" + msg) : ""); - } - - private static @BalCode int logStartAllowedAndReturnCode(@BalCode int code, - boolean background, BalState state, String msg) { - return logStartAllowedAndReturnCode(code, background, state.mCallingUid, - state.mRealCallingUid, state.mIntent, msg); - } - - private static @BalCode int logStartAllowedAndReturnCode(@BalCode int code, - boolean background, int callingUid, int realCallingUid, Intent intent, String msg) { - statsLogBalAllowed(code, callingUid, realCallingUid, intent); - if (DEBUG_ACTIVITY_STARTS) { - StringBuilder builder = new StringBuilder(); - if (background) { - builder.append("Background "); - } - builder.append("Activity start allowed: " + msg + ". callingUid: " - + callingUid + ". "); - builder.append("BAL Code: "); - builder.append(balCodeToString(code)); - Slog.i(TAG, builder.toString()); - } - return code; - } - private static boolean isSystemExemptFlagEnabled() { return DeviceConfig.getBoolean( NAMESPACE_WINDOW_MANAGER, @@ -1193,8 +1216,12 @@ public class BackgroundActivityStartController { /* defaultValue= */ true); } - private static void statsLogBalAllowed( - @BalCode int code, int callingUid, int realCallingUid, Intent intent) { + private static BalVerdict statsLog(BalVerdict finalVerdict, BalState state) { + @BalCode int code = finalVerdict.getCode(); + int callingUid = state.mCallingUid; + int realCallingUid = state.mRealCallingUid; + Intent intent = state.mIntent; + if (code == BAL_ALLOW_PENDING_INTENT && (callingUid == Process.SYSTEM_UID || realCallingUid == Process.SYSTEM_UID)) { String activityName = @@ -1214,6 +1241,7 @@ public class BackgroundActivityStartController { callingUid, realCallingUid); } + return finalVerdict; } /** diff --git a/services/core/java/com/android/server/wm/BackgroundLaunchProcessController.java b/services/core/java/com/android/server/wm/BackgroundLaunchProcessController.java index 527edc13931a..e849589f4661 100644 --- a/services/core/java/com/android/server/wm/BackgroundLaunchProcessController.java +++ b/services/core/java/com/android/server/wm/BackgroundLaunchProcessController.java @@ -27,7 +27,6 @@ import static com.android.server.wm.BackgroundActivityStartController.BAL_ALLOW_ import static com.android.server.wm.BackgroundActivityStartController.BAL_ALLOW_GRACE_PERIOD; import static com.android.server.wm.BackgroundActivityStartController.BAL_ALLOW_PERMISSION; import static com.android.server.wm.BackgroundActivityStartController.BAL_ALLOW_VISIBLE_WINDOW; -import static com.android.server.wm.BackgroundActivityStartController.BAL_BLOCK; import static java.util.Objects.requireNonNull; @@ -49,6 +48,7 @@ import android.util.IntArray; import android.util.Slog; import com.android.internal.annotations.GuardedBy; +import com.android.server.wm.BackgroundActivityStartController.BalVerdict; import java.io.PrintWriter; import java.util.ArrayList; @@ -96,37 +96,33 @@ class BackgroundLaunchProcessController { mBackgroundActivityStartCallback = callback; } - @BackgroundActivityStartController.BalCode - int areBackgroundActivityStartsAllowed(int pid, int uid, String packageName, + BalVerdict areBackgroundActivityStartsAllowed( + int pid, int uid, String packageName, int appSwitchState, boolean isCheckingForFgsStart, boolean hasActivityInVisibleTask, boolean hasBackgroundActivityStartPrivileges, long lastStopAppSwitchesTime, long lastActivityLaunchTime, long lastActivityFinishTime) { // Allow if the proc is instrumenting with background activity starts privs. if (hasBackgroundActivityStartPrivileges) { - return BackgroundActivityStartController.logStartAllowedAndReturnCode( - BAL_ALLOW_PERMISSION, /*background*/ true, uid, uid, /*intent*/ null, - pid, "Activity start allowed: process instrumenting with background " - + "activity starts privileges"); + return new BalVerdict(BAL_ALLOW_PERMISSION, /*background*/ true, + "Activity start allowed: process instrumenting with background " + + "activity starts privileges"); } // Allow if the flag was explicitly set. if (isBackgroundStartAllowedByToken(uid, packageName, isCheckingForFgsStart)) { - return BackgroundActivityStartController.logStartAllowedAndReturnCode( - BAL_ALLOW_PERMISSION, /*background*/ true, uid, uid, /*intent*/ null, - pid, "Activity start allowed: process allowed by token"); + return new BalVerdict(BAL_ALLOW_PERMISSION, /*background*/ true, + "Activity start allowed: process allowed by token"); } // Allow if the caller is bound by a UID that's currently foreground. if (isBoundByForegroundUid()) { - return BackgroundActivityStartController.logStartAllowedAndReturnCode( - BAL_ALLOW_VISIBLE_WINDOW, /*background*/ false, uid, uid, /*intent*/ null, - pid, "Activity start allowed: process bound by foreground uid"); + return new BalVerdict(BAL_ALLOW_VISIBLE_WINDOW, /*background*/ false, + "Activity start allowed: process bound by foreground uid"); } // Allow if the caller has an activity in any foreground task. if (hasActivityInVisibleTask && (appSwitchState == APP_SWITCH_ALLOW || appSwitchState == APP_SWITCH_FG_ONLY)) { - return BackgroundActivityStartController.logStartAllowedAndReturnCode( - BAL_ALLOW_FOREGROUND, /*background*/ false, uid, uid, /*intent*/ null, - pid, "Activity start allowed: process has activity in foreground task"); + return new BalVerdict(BAL_ALLOW_FOREGROUND, /*background*/ false, + "Activity start allowed: process has activity in foreground task"); } // If app switching is not allowed, we ignore all the start activity grace period @@ -141,9 +137,8 @@ class BackgroundLaunchProcessController { // let app to be able to start background activity even it's in grace period. if (lastActivityLaunchTime > lastStopAppSwitchesTime || lastActivityFinishTime > lastStopAppSwitchesTime) { - return BackgroundActivityStartController.logStartAllowedAndReturnCode( - BAL_ALLOW_GRACE_PERIOD, /*background*/ true, uid, uid, /*intent*/ null, - pid, "Activity start allowed: within " + return new BalVerdict(BAL_ALLOW_GRACE_PERIOD, /*background*/ true, + "Activity start allowed: within " + ACTIVITY_BG_START_GRACE_PERIOD_MS + "ms grace period"); } if (DEBUG_ACTIVITY_STARTS) { @@ -154,7 +149,7 @@ class BackgroundLaunchProcessController { } } - return BAL_BLOCK; + return BalVerdict.BLOCK; } /** diff --git a/services/core/java/com/android/server/wm/WindowProcessController.java b/services/core/java/com/android/server/wm/WindowProcessController.java index e769a2763fc5..a74a707d5ef9 100644 --- a/services/core/java/com/android/server/wm/WindowProcessController.java +++ b/services/core/java/com/android/server/wm/WindowProcessController.java @@ -42,7 +42,6 @@ import static com.android.server.wm.ActivityTaskManagerDebugConfig.TAG_ATM; import static com.android.server.wm.ActivityTaskManagerDebugConfig.TAG_WITH_CLASS_NAME; import static com.android.server.wm.ActivityTaskManagerService.INSTRUMENTATION_KEY_DISPATCHING_TIMEOUT_MILLIS; import static com.android.server.wm.ActivityTaskManagerService.RELAUNCH_REASON_NONE; -import static com.android.server.wm.BackgroundActivityStartController.BAL_BLOCK; import static com.android.server.wm.WindowManagerService.MY_PID; import static java.util.Objects.requireNonNull; @@ -631,22 +630,23 @@ public class WindowProcessController extends ConfigurationContainer<Configuratio */ @HotPath(caller = HotPath.START_SERVICE) public boolean areBackgroundFgsStartsAllowed() { - return areBackgroundActivityStartsAllowed(mAtm.getBalAppSwitchesState(), - true /* isCheckingForFgsStart */) != BAL_BLOCK; + return areBackgroundActivityStartsAllowed( + mAtm.getBalAppSwitchesState(), + true /* isCheckingForFgsStart */).allows(); } - @BackgroundActivityStartController.BalCode - int areBackgroundActivityStartsAllowed(int appSwitchState) { - return areBackgroundActivityStartsAllowed(appSwitchState, + BackgroundActivityStartController.BalVerdict areBackgroundActivityStartsAllowed( + int appSwitchState) { + return areBackgroundActivityStartsAllowed( + appSwitchState, false /* isCheckingForFgsStart */); } - @BackgroundActivityStartController.BalCode - private int areBackgroundActivityStartsAllowed(int appSwitchState, - boolean isCheckingForFgsStart) { - return mBgLaunchController.areBackgroundActivityStartsAllowed(mPid, mUid, mInfo.packageName, - appSwitchState, isCheckingForFgsStart, hasActivityInVisibleTask(), - mInstrumentingWithBackgroundActivityStartPrivileges, + private BackgroundActivityStartController.BalVerdict areBackgroundActivityStartsAllowed( + int appSwitchState, boolean isCheckingForFgsStart) { + return mBgLaunchController.areBackgroundActivityStartsAllowed(mPid, mUid, + mInfo.packageName, appSwitchState, isCheckingForFgsStart, + hasActivityInVisibleTask(), mInstrumentingWithBackgroundActivityStartPrivileges, mAtm.getLastStopAppSwitchesTime(), mLastActivityLaunchTime, mLastActivityFinishTime); } |