From 198f7b559f9a13d5b9d26b41c6b95bc1e45fcb1e Mon Sep 17 00:00:00 2001 From: Chris Li Date: Wed, 9 Oct 2024 01:50:57 +0000 Subject: Pass SafeActivityOptions with actual caller for startActivityInTF We clearCallingUid before apply the WCT, but SafeActivityOptions will query the Binder Uid when construct. Update to pass in the actual caller. Flag: EXEMPT bug fix Bug: 369103643 Test: atest WmTests:WindowOrganizerTests# testStartActivityInTaskFragment_checkCallerPermission Merged-In: I873ae576de0bc4a7402c2f522b45853bce48a0c5 Change-Id: I873ae576de0bc4a7402c2f522b45853bce48a0c5 (cherry picked from commit 20c568e77eae5d469cd5e594b644d8645d830dbd) --- .../core/java/com/android/server/wm/ActivityStartController.java | 5 ++--- .../core/java/com/android/server/wm/WindowOrganizerController.java | 4 +++- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/services/core/java/com/android/server/wm/ActivityStartController.java b/services/core/java/com/android/server/wm/ActivityStartController.java index a6e50405e7d9..4de02f7f812f 100644 --- a/services/core/java/com/android/server/wm/ActivityStartController.java +++ b/services/core/java/com/android/server/wm/ActivityStartController.java @@ -43,7 +43,6 @@ import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; import android.os.Binder; -import android.os.Bundle; import android.os.IBinder; import android.os.Trace; import android.os.UserHandle; @@ -529,14 +528,14 @@ public class ActivityStartController { * Starts an activity in the TaskFragment. * @param taskFragment TaskFragment {@link TaskFragment} to start the activity in. * @param activityIntent intent to start the activity. - * @param activityOptions ActivityOptions to start the activity with. + * @param activityOptions SafeActivityOptions to start the activity with. * @param resultTo the caller activity * @param callingUid the caller uid * @param callingPid the caller pid * @return the start result. */ int startActivityInTaskFragment(@NonNull TaskFragment taskFragment, - @NonNull Intent activityIntent, @Nullable Bundle activityOptions, + @NonNull Intent activityIntent, @Nullable SafeActivityOptions activityOptions, @Nullable IBinder resultTo, int callingUid, int callingPid, @Nullable IBinder errorCallbackToken) { final ActivityRecord caller = diff --git a/services/core/java/com/android/server/wm/WindowOrganizerController.java b/services/core/java/com/android/server/wm/WindowOrganizerController.java index 027ab97693fd..7b59d6fbd820 100644 --- a/services/core/java/com/android/server/wm/WindowOrganizerController.java +++ b/services/core/java/com/android/server/wm/WindowOrganizerController.java @@ -1189,8 +1189,10 @@ class WindowOrganizerController extends IWindowOrganizerController.Stub final IBinder callerActivityToken = operation.getActivityToken(); final Intent activityIntent = operation.getActivityIntent(); final Bundle activityOptions = operation.getBundle(); + final SafeActivityOptions safeOptions = + SafeActivityOptions.fromBundle(activityOptions, caller.mPid, caller.mUid); final int result = mService.getActivityStartController() - .startActivityInTaskFragment(taskFragment, activityIntent, activityOptions, + .startActivityInTaskFragment(taskFragment, activityIntent, safeOptions, callerActivityToken, caller.mUid, caller.mPid, errorCallbackToken); if (!isStartResultSuccessful(result)) { -- cgit v1.2.3-59-g8ed1b