Require that the caller has INTERACT_ACROSS_USERS in order to retrieve
home tasks of other users.
This prevents users from observing home tasks of other users on the device.
bug: 140274903
Test: cts-tradefed run cts-dev -m CtsPermissionTestCases -t android.permission.cts.NoActivityRelatedPermissionTest#testGetTask
cts-tradefed run cts-dev -m CtsWindowManagerDeviceTestCases
cts-tradefed run cts-dev -m CtsAppTestCases
Change-Id: Ia5fdb1ba1ab7d9ec27d1afbb3a359b454c7075c0
diff --git a/services/core/java/com/android/server/wm/ActivityStack.java b/services/core/java/com/android/server/wm/ActivityStack.java
index 8bdedff..1df4ff4 100644
--- a/services/core/java/com/android/server/wm/ActivityStack.java
+++ b/services/core/java/com/android/server/wm/ActivityStack.java
@@ -4543,18 +4543,27 @@
* then skip running tasks that match those types.
*/
void getRunningTasks(List<TaskRecord> tasksOut, @ActivityType int ignoreActivityType,
- @WindowingMode int ignoreWindowingMode, int callingUid, boolean allowed) {
+ @WindowingMode int ignoreWindowingMode, int callingUid, boolean allowed,
+ boolean crossUser) {
boolean focusedStack = mRootActivityContainer.getTopDisplayFocusedStack() == this;
boolean topTask = true;
+ int userId = UserHandle.getUserId(callingUid);
for (int taskNdx = mTaskHistory.size() - 1; taskNdx >= 0; --taskNdx) {
final TaskRecord task = mTaskHistory.get(taskNdx);
if (task.getTopActivity() == null) {
// Skip if there are no activities in the task
continue;
}
- if (!allowed && !task.isActivityTypeHome() && task.effectiveUid != callingUid) {
- // Skip if the caller can't fetch this task
- continue;
+ if (task.effectiveUid != callingUid) {
+ if (task.userId != userId && !crossUser) {
+ // Skip if the caller does not have cross user permission
+ continue;
+ }
+ if (!allowed && !task.isActivityTypeHome()) {
+ // Skip if the caller isn't allowed to fetch this task, except for the home
+ // task which we always return.
+ continue;
+ }
}
if (ignoreActivityType != ACTIVITY_TYPE_UNDEFINED
&& task.getActivityType() == ignoreActivityType) {
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index 3c5947a..ecc860c 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -19,6 +19,8 @@
import static android.Manifest.permission.BIND_VOICE_INTERACTION;
import static android.Manifest.permission.CHANGE_CONFIGURATION;
import static android.Manifest.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS;
+import static android.Manifest.permission.INTERACT_ACROSS_USERS;
+import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;
import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW;
import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS;
import static android.Manifest.permission.READ_FRAME_BUFFER;
@@ -2508,15 +2510,16 @@
@WindowConfiguration.ActivityType int ignoreActivityType,
@WindowConfiguration.WindowingMode int ignoreWindowingMode) {
final int callingUid = Binder.getCallingUid();
+ final int callingPid = Binder.getCallingPid();
+ final boolean crossUser = isCrossUserAllowed(callingPid, callingUid);
ArrayList<ActivityManager.RunningTaskInfo> list = new ArrayList<>();
synchronized (mGlobalLock) {
if (DEBUG_ALL) Slog.v(TAG, "getTasks: max=" + maxNum);
- final boolean allowed = isGetTasksAllowed("getTasks", Binder.getCallingPid(),
- callingUid);
+ final boolean allowed = isGetTasksAllowed("getTasks", callingPid, callingUid);
mRootActivityContainer.getRunningTasks(maxNum, list, ignoreActivityType,
- ignoreWindowingMode, callingUid, allowed);
+ ignoreWindowingMode, callingUid, allowed, crossUser);
}
return list;
@@ -3545,6 +3548,11 @@
return allowed;
}
+ boolean isCrossUserAllowed(int pid, int uid) {
+ return checkPermission(INTERACT_ACROSS_USERS, pid, uid) == PERMISSION_GRANTED
+ || checkPermission(INTERACT_ACROSS_USERS_FULL, pid, uid) == PERMISSION_GRANTED;
+ }
+
private PendingAssistExtras enqueueAssistContext(int requestType, Intent intent, String hint,
IAssistDataReceiver receiver, Bundle receiverExtras, IBinder activityToken,
boolean focused, boolean newSessionId, int userHandle, Bundle args, long timeout,
diff --git a/services/core/java/com/android/server/wm/RootActivityContainer.java b/services/core/java/com/android/server/wm/RootActivityContainer.java
index 3401de6..c76f589 100644
--- a/services/core/java/com/android/server/wm/RootActivityContainer.java
+++ b/services/core/java/com/android/server/wm/RootActivityContainer.java
@@ -2260,9 +2260,9 @@
void getRunningTasks(int maxNum, List<ActivityManager.RunningTaskInfo> list,
@WindowConfiguration.ActivityType int ignoreActivityType,
@WindowConfiguration.WindowingMode int ignoreWindowingMode, int callingUid,
- boolean allowed) {
+ boolean allowed, boolean crossUser) {
mStackSupervisor.getRunningTasks().getTasks(maxNum, list, ignoreActivityType,
- ignoreWindowingMode, mActivityDisplays, callingUid, allowed);
+ ignoreWindowingMode, mActivityDisplays, callingUid, allowed, crossUser);
}
void sendPowerHintForLaunchStartIfNeeded(boolean forceSend, ActivityRecord targetActivity) {
diff --git a/services/core/java/com/android/server/wm/RunningTasks.java b/services/core/java/com/android/server/wm/RunningTasks.java
index 3bf437d..22a9c32 100644
--- a/services/core/java/com/android/server/wm/RunningTasks.java
+++ b/services/core/java/com/android/server/wm/RunningTasks.java
@@ -40,7 +40,7 @@
void getTasks(int maxNum, List<RunningTaskInfo> list, @ActivityType int ignoreActivityType,
@WindowingMode int ignoreWindowingMode, ArrayList<ActivityDisplay> activityDisplays,
- int callingUid, boolean allowed) {
+ int callingUid, boolean allowed, boolean crossUser) {
// Return early if there are no tasks to fetch
if (maxNum <= 0) {
return;
@@ -55,7 +55,7 @@
final ActivityStack stack = display.getChildAt(stackNdx);
mTmpStackTasks.clear();
stack.getRunningTasks(mTmpStackTasks, ignoreActivityType, ignoreWindowingMode,
- callingUid, allowed);
+ callingUid, allowed, crossUser);
mTmpSortedSet.addAll(mTmpStackTasks);
}
}
diff --git a/services/tests/wmtests/src/com/android/server/wm/RecentTasksTest.java b/services/tests/wmtests/src/com/android/server/wm/RecentTasksTest.java
index fb4e330..6b9cb7d 100644
--- a/services/tests/wmtests/src/com/android/server/wm/RecentTasksTest.java
+++ b/services/tests/wmtests/src/com/android/server/wm/RecentTasksTest.java
@@ -1289,10 +1289,10 @@
@Override
void getTasks(int maxNum, List<RunningTaskInfo> list, int ignoreActivityType,
int ignoreWindowingMode, ArrayList<ActivityDisplay> activityDisplays,
- int callingUid, boolean allowed) {
+ int callingUid, boolean allowed, boolean crossUser) {
mLastAllowed = allowed;
super.getTasks(maxNum, list, ignoreActivityType, ignoreWindowingMode, activityDisplays,
- callingUid, allowed);
+ callingUid, allowed, crossUser);
}
}
}
diff --git a/services/tests/wmtests/src/com/android/server/wm/RunningTasksTest.java b/services/tests/wmtests/src/com/android/server/wm/RunningTasksTest.java
index dc96480..cdd4c24 100644
--- a/services/tests/wmtests/src/com/android/server/wm/RunningTasksTest.java
+++ b/services/tests/wmtests/src/com/android/server/wm/RunningTasksTest.java
@@ -77,7 +77,7 @@
final int numFetchTasks = 5;
ArrayList<RunningTaskInfo> tasks = new ArrayList<>();
mRunningTasks.getTasks(5, tasks, ACTIVITY_TYPE_UNDEFINED, WINDOWING_MODE_UNDEFINED,
- displays, -1 /* callingUid */, true /* allowed */);
+ displays, -1 /* callingUid */, true /* allowed */, true /*crossUser */);
assertThat(tasks).hasSize(numFetchTasks);
for (int i = 0; i < numFetchTasks; i++) {
assertEquals(numTasks - i - 1, tasks.get(i).id);
@@ -87,7 +87,7 @@
// and does not crash
tasks.clear();
mRunningTasks.getTasks(100, tasks, ACTIVITY_TYPE_UNDEFINED, WINDOWING_MODE_UNDEFINED,
- displays, -1 /* callingUid */, true /* allowed */);
+ displays, -1 /* callingUid */, true /* allowed */, true /* crossUser */);
assertThat(tasks).hasSize(numTasks);
for (int i = 0; i < numTasks; i++) {
assertEquals(numTasks - i - 1, tasks.get(i).id);