From 7da08c6bd31584744e91eb6b3914166344ecae33 Mon Sep 17 00:00:00 2001
From: Jeff Chang <chengjeff@google.com>
Date: Wed, 14 Sep 2022 16:10:04 +0800
Subject: [RESTRICT AUTOMERGE] Allow activity to be reparent while
 allowTaskReparenting is applied
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Any malicious application could hijack tasks by
android:allowTaskReparenting. This vulnerability can perform UI
spoofing or spying on user’s activities.

This CL only allows activities to be reparent while
android:allowTaskReparenting is applied and the affinity of activity
is same with the target task.

Bug: 240663194
Test: atest IntentTests
Change-Id: I73abb9ec05af95bc14f887ae825a9ada9600f771
---
 services/core/java/com/android/server/wm/ResetTargetTaskHelper.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'services')

diff --git a/services/core/java/com/android/server/wm/ResetTargetTaskHelper.java b/services/core/java/com/android/server/wm/ResetTargetTaskHelper.java
index 32de699eaae9..bf206a3a6bff 100644
--- a/services/core/java/com/android/server/wm/ResetTargetTaskHelper.java
+++ b/services/core/java/com/android/server/wm/ResetTargetTaskHelper.java
@@ -148,15 +148,16 @@ class ResetTargetTaskHelper {
             return false;
 
         } else {
-            mResultActivities.add(r);
             if (r.resultTo != null) {
                 // If this activity is sending a reply to a previous activity, we can't do
                 // anything with it now until we reach the start of the reply chain.
                 // NOTE: that we are assuming the result is always to the previous activity,
                 // which is almost always the case but we really shouldn't count on.
+                mResultActivities.add(r);
                 return false;
             } else if (mTargetTaskFound && allowTaskReparenting && mTargetTask.affinity != null
                     && mTargetTask.affinity.equals(r.taskAffinity)) {
+                mResultActivities.add(r);
                 // This activity has an affinity for our task. Either remove it if we are
                 // clearing or move it over to our task. Note that we currently punt on the case
                 // where we are resetting a task that is not at the top but who has activities
-- 
cgit v1.2.3-59-g8ed1b