From 1ac1ad281fd4fc7c417b63f89bf75be5ec9518f2 Mon Sep 17 00:00:00 2001 From: Gavin Corkery Date: Thu, 29 Jun 2023 12:26:32 +0000 Subject: Make SDK sandbox BAL check multi-user aware The existing logic does not work for multi-user apps, as the BAL logic checks whether the user 0 app uid has an active visible window. Instead, use the multi-user uid for this check. Test: Manual Test: atest ActivityStarterTests Bug: 287476371 Change-Id: I2e2bffb4c38ad43d50f48fa71345d9b7bb605272 Merged-In: I2e2bffb4c38ad43d50f48fa71345d9b7bb605272 --- .../wm/BackgroundActivityStartController.java | 2 +- .../android/server/wm/ActivityStarterTests.java | 47 +++++++++++++++++++++- 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java index dc49e8cea18b..f57e4c6c5c05 100644 --- a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java +++ b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java @@ -279,7 +279,7 @@ public class BackgroundActivityStartController { // visible window. if (Process.isSdkSandboxUid(realCallingUid)) { int realCallingSdkSandboxUidToAppUid = - Process.getAppUidForSdkSandboxUid(UserHandle.getAppId(realCallingUid)); + Process.getAppUidForSdkSandboxUid(realCallingUid); if (mService.hasActiveVisibleWindow(realCallingSdkSandboxUidToAppUid)) { return logStartAllowedAndReturnCode(BAL_ALLOW_SDK_SANDBOX, diff --git a/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java b/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java index 2671e771aa59..ad0877732503 100644 --- a/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java +++ b/services/tests/wmtests/src/com/android/server/wm/ActivityStarterTests.java @@ -74,7 +74,6 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyBoolean; @@ -103,6 +102,7 @@ import android.os.Binder; import android.os.IBinder; import android.os.Process; import android.os.RemoteException; +import android.os.UserHandle; import android.platform.test.annotations.Presubmit; import android.provider.DeviceConfig; import android.service.voice.IVoiceInteractionSession; @@ -159,6 +159,9 @@ public class ActivityStarterTests extends WindowTestsBase { private static final String FAKE_CALLING_PACKAGE = "com.whatever.dude"; private static final int UNIMPORTANT_UID = 12345; private static final int UNIMPORTANT_UID2 = 12346; + private static final int SDK_SANDBOX_UID = Process.toSdkSandboxUid(UNIMPORTANT_UID); + private static final int SECONDARY_USER_SDK_SANDBOX_UID = + UserHandle.getUid(10, SDK_SANDBOX_UID); private static final int CURRENT_IME_UID = 12347; protected final DeviceConfigStateHelper mDeviceConfig = new DeviceConfigStateHelper( @@ -958,6 +961,48 @@ public class ActivityStarterTests extends WindowTestsBase { mockingSession.finishMocking(); } + + @Test + public void testBackgroundActivityStartsAllowed_sdkSandboxClientAppHasVisibleWindow() { + doReturn(false).when(mAtm).isBackgroundActivityStartsEnabled(); + // The SDK's associated client app has a visible window + doReturn(true).when(mAtm).hasActiveVisibleWindow( + Process.getAppUidForSdkSandboxUid(SDK_SANDBOX_UID)); + runAndVerifyBackgroundActivityStartsSubtest( + "allowed_sdkSandboxClientAppHasVisibleWindow", false, SDK_SANDBOX_UID, + false, PROCESS_STATE_TOP, SDK_SANDBOX_UID, false, + PROCESS_STATE_TOP, true, false, false, + false, false, false, false, false); + } + + @Test + public void testBackgroundActivityStartsDisallowed_sdkSandboxClientHasNoVisibleWindow() { + doReturn(false).when(mAtm).isBackgroundActivityStartsEnabled(); + // The SDK's associated client app does not have a visible window + doReturn(false).when(mAtm).hasActiveVisibleWindow( + Process.getAppUidForSdkSandboxUid(SDK_SANDBOX_UID)); + runAndVerifyBackgroundActivityStartsSubtest( + "disallowed_sdkSandboxClientHasNoVisibleWindow", true, SDK_SANDBOX_UID, + false, PROCESS_STATE_TOP, SDK_SANDBOX_UID, false, + PROCESS_STATE_TOP, true, false, false, + false, false, false, false, false); + + } + + @Test + public void testBackgroundActivityStartsAllowed_sdkSandboxMultiUserClientHasVisibleWindow() { + doReturn(false).when(mAtm).isBackgroundActivityStartsEnabled(); + // The SDK's associated client app has a visible window + doReturn(true).when(mAtm).hasActiveVisibleWindow( + Process.getAppUidForSdkSandboxUid(SECONDARY_USER_SDK_SANDBOX_UID)); + runAndVerifyBackgroundActivityStartsSubtest( + "allowed_sdkSandboxMultiUserClientHasVisibleWindow", false, + SECONDARY_USER_SDK_SANDBOX_UID, false, PROCESS_STATE_TOP, + SECONDARY_USER_SDK_SANDBOX_UID, false, PROCESS_STATE_TOP, + false, false, false, false, + false, false, false, false); + } + private void runAndVerifyBackgroundActivityStartsSubtest(String name, boolean shouldHaveAborted, int callingUid, boolean callingUidHasVisibleWindow, int callingUidProcState, int realCallingUid, boolean realCallingUidHasVisibleWindow, int realCallingUidProcState, -- cgit v1.2.3-59-g8ed1b