From 5f12deecd46e79212deba584a1afea97d401dd52 Mon Sep 17 00:00:00 2001 From: Nan Wu Date: Fri, 25 Aug 2023 15:02:28 +0000 Subject: RESTRICT AUTOMERGE Log to detect usage of whitelistToken when sending non-PI target Log ActivityManagerService.sendIntentSender if the target is not a PendingIntent and a non-null whitelistToken is sent to the client. This is simply to detect if there are real cases this would happen before we decide simply remove whitelistToken in that case. Do not pass whitelistToken when sending non-PI target In ActivityManagerService.sendIntentSender, if the target is not a PendingIntent, do not send whitelistToken to the client. Bug: 279428283 Test: Manual test Change-Id: I017486354a1ab2f14d0472c355583d53c27c4810 --- .../android/server/am/ActivityManagerService.java | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 26c34aa1b103..1e8d339d3759 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -162,7 +162,6 @@ import android.app.AppOpsManagerInternal.CheckOpsDelegate; import android.app.ApplicationErrorReport; import android.app.ApplicationExitInfo; import android.app.ApplicationThreadConstants; -import android.app.AppOpsManager; import android.app.BroadcastOptions; import android.app.ContentProviderHolder; import android.app.IActivityController; @@ -5780,12 +5779,12 @@ public class ActivityManagerService extends IActivityManager.Stub } @Override - public int sendIntentSender(IIntentSender target, IBinder whitelistToken, int code, + public int sendIntentSender(IIntentSender target, IBinder allowlistToken, int code, Intent intent, String resolvedType, IIntentReceiver finishedReceiver, String requiredPermission, Bundle options) { if (target instanceof PendingIntentRecord) { return ((PendingIntentRecord)target).sendWithResult(code, intent, resolvedType, - whitelistToken, finishedReceiver, requiredPermission, options); + allowlistToken, finishedReceiver, requiredPermission, options); } else { if (intent == null) { // Weird case: someone has given us their own custom IIntentSender, and now @@ -5797,7 +5796,20 @@ public class ActivityManagerService extends IActivityManager.Stub intent = new Intent(Intent.ACTION_MAIN); } try { - target.send(code, intent, resolvedType, whitelistToken, null, + if (allowlistToken != null) { + final int callingUid = Binder.getCallingUid(); + final String packageName; + final long token = Binder.clearCallingIdentity(); + try { + packageName = AppGlobals.getPackageManager().getNameForUid(callingUid); + } finally { + Binder.restoreCallingIdentity(token); + } + Slog.wtf(TAG, "Send a non-null allowlistToken to a non-PI target." + + " Calling package: " + packageName + "; intent: " + intent + + "; options: " + options); + } + target.send(code, intent, resolvedType, null, null, requiredPermission, options); } catch (RemoteException e) { } -- cgit v1.2.3-59-g8ed1b