Block activity starts from background when realCallingUid is
a persistent system process and the start wasn't explicitly
whitelisted by the sender
Also, adds mechanism to temporary whitelist processes when
broadcast-based PendingIntent was whitelisted, so that
activities can be opened for the duration of the broadcast
being processed.
For now, all this is only wired for notifications.
Note: those whitelists are separate - only UI elements like
notifications will leverage both in order to support trampolines.
Other system-based PendingIntent senders should only use the
activity-based whitelist when they want an activity to be opened
from background.
Bug: 110956953
Test: atest WmTests:ActivityStarterTests
Test: manual with Play notifications that are known
for doing trampolines
Change-Id: Ibab91cdbe7afc0aed29d430dd41327272020925b
diff --git a/services/core/java/com/android/server/wm/ActivityStackSupervisor.java b/services/core/java/com/android/server/wm/ActivityStackSupervisor.java
index f58b83d..d5286b9 100644
--- a/services/core/java/com/android/server/wm/ActivityStackSupervisor.java
+++ b/services/core/java/com/android/server/wm/ActivityStackSupervisor.java
@@ -2657,7 +2657,8 @@
return mService.getActivityStartController().startActivityInPackage(
task.mCallingUid, callingPid, callingUid, callingPackage, intent, null, null,
null, 0, 0, options, userId, task, "startActivityFromRecents",
- false /* validateIncomingUser */, null /* originatingPendingIntent */);
+ false /* validateIncomingUser */, null /* originatingPendingIntent */,
+ false /* allowBackgroundActivityStart */);
} finally {
if (windowingMode == WINDOWING_MODE_SPLIT_SCREEN_PRIMARY && task != null) {
// If we are launching the task in the docked stack, put it into resizing mode so
diff --git a/services/core/java/com/android/server/wm/ActivityStartController.java b/services/core/java/com/android/server/wm/ActivityStartController.java
index b4d5d9f..0859683 100644
--- a/services/core/java/com/android/server/wm/ActivityStartController.java
+++ b/services/core/java/com/android/server/wm/ActivityStartController.java
@@ -258,7 +258,7 @@
String callingPackage, Intent intent, String resolvedType, IBinder resultTo,
String resultWho, int requestCode, int startFlags, SafeActivityOptions options,
int userId, TaskRecord inTask, String reason, boolean validateIncomingUser,
- PendingIntentRecord originatingPendingIntent) {
+ PendingIntentRecord originatingPendingIntent, boolean allowBackgroundActivityStart) {
userId = checkTargetUser(userId, validateIncomingUser, realCallingPid, realCallingUid,
reason);
@@ -278,6 +278,7 @@
.setMayWait(userId)
.setInTask(inTask)
.setOriginatingPendingIntent(originatingPendingIntent)
+ .setAllowBackgroundActivityStart(allowBackgroundActivityStart)
.execute();
}
@@ -294,7 +295,8 @@
*/
final int startActivitiesInPackage(int uid, String callingPackage, Intent[] intents,
String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
- boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent) {
+ boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
+ boolean allowBackgroundActivityStart) {
final String reason = "startActivityInPackage";
@@ -303,12 +305,13 @@
// TODO: Switch to user app stacks here.
return startActivities(null, uid, callingPackage, intents, resolvedTypes, resultTo, options,
- userId, reason, originatingPendingIntent);
+ userId, reason, originatingPendingIntent, allowBackgroundActivityStart);
}
int startActivities(IApplicationThread caller, int callingUid, String callingPackage,
Intent[] intents, String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options,
- int userId, String reason, PendingIntentRecord originatingPendingIntent) {
+ int userId, String reason, PendingIntentRecord originatingPendingIntent,
+ boolean allowBackgroundActivityStart) {
if (intents == null) {
throw new NullPointerException("intents is null");
}
@@ -387,6 +390,7 @@
// top one as otherwise an activity below might consume it.
.setAllowPendingRemoteAnimationRegistryLookup(top /* allowLookup*/)
.setOriginatingPendingIntent(originatingPendingIntent)
+ .setAllowBackgroundActivityStart(allowBackgroundActivityStart)
.execute();
if (res < 0) {
diff --git a/services/core/java/com/android/server/wm/ActivityStarter.java b/services/core/java/com/android/server/wm/ActivityStarter.java
index 36701ea..b100ecd 100644
--- a/services/core/java/com/android/server/wm/ActivityStarter.java
+++ b/services/core/java/com/android/server/wm/ActivityStarter.java
@@ -323,6 +323,7 @@
WaitResult waitResult;
int filterCallingUid;
PendingIntentRecord originatingPendingIntent;
+ boolean allowBackgroundActivityStart;
/**
* If set to {@code true}, allows this activity start to look into
@@ -380,6 +381,7 @@
allowPendingRemoteAnimationRegistryLookup = true;
filterCallingUid = UserHandle.USER_NULL;
originatingPendingIntent = null;
+ allowBackgroundActivityStart = false;
}
/**
@@ -419,6 +421,7 @@
= request.allowPendingRemoteAnimationRegistryLookup;
filterCallingUid = request.filterCallingUid;
originatingPendingIntent = request.originatingPendingIntent;
+ allowBackgroundActivityStart = request.allowBackgroundActivityStart;
}
}
@@ -504,7 +507,7 @@
mRequest.activityOptions, mRequest.ignoreTargetSecurity, mRequest.userId,
mRequest.inTask, mRequest.reason,
mRequest.allowPendingRemoteAnimationRegistryLookup,
- mRequest.originatingPendingIntent);
+ mRequest.originatingPendingIntent, mRequest.allowBackgroundActivityStart);
} else {
return startActivity(mRequest.caller, mRequest.intent, mRequest.ephemeralIntent,
mRequest.resolvedType, mRequest.activityInfo, mRequest.resolveInfo,
@@ -515,7 +518,7 @@
mRequest.ignoreTargetSecurity, mRequest.componentSpecified,
mRequest.outActivity, mRequest.inTask, mRequest.reason,
mRequest.allowPendingRemoteAnimationRegistryLookup,
- mRequest.originatingPendingIntent);
+ mRequest.originatingPendingIntent, mRequest.allowBackgroundActivityStart);
}
} finally {
onExecutionComplete();
@@ -548,7 +551,7 @@
SafeActivityOptions options, boolean ignoreTargetSecurity, boolean componentSpecified,
ActivityRecord[] outActivity, TaskRecord inTask, String reason,
boolean allowPendingRemoteAnimationRegistryLookup,
- PendingIntentRecord originatingPendingIntent) {
+ PendingIntentRecord originatingPendingIntent, boolean allowBackgroundActivityStart) {
if (TextUtils.isEmpty(reason)) {
throw new IllegalArgumentException("Need to specify a reason.");
@@ -561,7 +564,8 @@
aInfo, rInfo, voiceSession, voiceInteractor, resultTo, resultWho, requestCode,
callingPid, callingUid, callingPackage, realCallingPid, realCallingUid, startFlags,
options, ignoreTargetSecurity, componentSpecified, mLastStartActivityRecord,
- inTask, allowPendingRemoteAnimationRegistryLookup, originatingPendingIntent);
+ inTask, allowPendingRemoteAnimationRegistryLookup, originatingPendingIntent,
+ allowBackgroundActivityStart);
if (outActivity != null) {
// mLastStartActivityRecord[0] is set in the call to startActivity above.
@@ -592,7 +596,7 @@
SafeActivityOptions options,
boolean ignoreTargetSecurity, boolean componentSpecified, ActivityRecord[] outActivity,
TaskRecord inTask, boolean allowPendingRemoteAnimationRegistryLookup,
- PendingIntentRecord originatingPendingIntent) {
+ PendingIntentRecord originatingPendingIntent, boolean allowBackgroundActivityStart) {
int err = ActivityManager.START_SUCCESS;
// Pull the optional Ephemeral Installer-only bundle out of the options early.
final Bundle verificationBundle
@@ -742,7 +746,7 @@
// on START_ABORTED
if (!abort) {
abort |= shouldAbortBackgroundActivityStart(callingUid, callingPackage, realCallingUid,
- callerApp);
+ callerApp, originatingPendingIntent, allowBackgroundActivityStart);
}
// Merge the two options bundles, while realCallerOptions takes precedence.
@@ -890,7 +894,8 @@
}
private boolean shouldAbortBackgroundActivityStart(int callingUid, final String callingPackage,
- int realCallingUid, WindowProcessController callerApp) {
+ int realCallingUid, WindowProcessController callerApp,
+ PendingIntentRecord originatingPendingIntent, boolean allowBackgroundActivityStart) {
if (mService.isBackgroundActivityStartsEnabled()) {
return false;
}
@@ -902,12 +907,25 @@
if (callerApp != null && callerApp.hasForegroundActivities()) {
return false;
}
- // don't abort if the callingUid is in the foreground
- if (isUidForeground(callingUid)) {
+ // don't abort if the callingUid is in the foreground or is a persistent system process
+ if (isUidForeground(callingUid) || isUidPersistentSystemProcess(callingUid)) {
return false;
}
- // don't abort if the realCallingUid is in the foreground and callingUid isn't
- if ((realCallingUid != callingUid) && isUidForeground(realCallingUid)) {
+ // take realCallingUid into consideration
+ if (realCallingUid != callingUid) {
+ // don't abort if the realCallingUid is in the foreground and callingUid isn't
+ if (isUidForeground(realCallingUid)) {
+ return false;
+ }
+ // if the realCallingUid is a persistent system process, abort if the IntentSender
+ // wasn't whitelisted to start an activity
+ if (isUidPersistentSystemProcess(realCallingUid) && (originatingPendingIntent != null)
+ && allowBackgroundActivityStart) {
+ return false;
+ }
+ }
+ // don't abort if the caller is currently temporarily whitelisted
+ if (callerApp != null && callerApp.areBackgroundActivityStartsAllowed()) {
return false;
}
// don't abort if the caller has the same uid as the recents component
@@ -924,12 +942,17 @@
return true;
}
- /** Returns true if uid has a visible window or its process is in top or persistent state. */
+ /** Returns true if uid has a visible window or its process is in a top state. */
private boolean isUidForeground(int uid) {
- return (mService.getUidStateLocked(uid) <= ActivityManager.PROCESS_STATE_TOP)
+ return (mService.getUidStateLocked(uid) == ActivityManager.PROCESS_STATE_TOP)
|| mService.mWindowManager.isAnyWindowVisibleForUid(uid);
}
+ /** Returns true if uid is in a persistent state. */
+ private boolean isUidPersistentSystemProcess(int uid) {
+ return (mService.getUidStateLocked(uid) <= ActivityManager.PROCESS_STATE_PERSISTENT_UI);
+ }
+
private void maybeLogActivityStart(int callingUid, String callingPackage, int realCallingUid,
Intent intent, WindowProcessController callerApp, ActivityRecord r,
PendingIntentRecord originatingPendingIntent, boolean abortedStart) {
@@ -1049,7 +1072,7 @@
Configuration globalConfig, SafeActivityOptions options, boolean ignoreTargetSecurity,
int userId, TaskRecord inTask, String reason,
boolean allowPendingRemoteAnimationRegistryLookup,
- PendingIntentRecord originatingPendingIntent) {
+ PendingIntentRecord originatingPendingIntent, boolean allowBackgroundActivityStart) {
// Refuse possible leaked file descriptors
if (intent != null && intent.hasFileDescriptors()) {
throw new IllegalArgumentException("File descriptors passed in Intent");
@@ -1195,7 +1218,8 @@
voiceSession, voiceInteractor, resultTo, resultWho, requestCode, callingPid,
callingUid, callingPackage, realCallingPid, realCallingUid, startFlags, options,
ignoreTargetSecurity, componentSpecified, outRecord, inTask, reason,
- allowPendingRemoteAnimationRegistryLookup, originatingPendingIntent);
+ allowPendingRemoteAnimationRegistryLookup, originatingPendingIntent,
+ allowBackgroundActivityStart);
Binder.restoreCallingIdentity(origId);
@@ -2731,6 +2755,11 @@
return this;
}
+ ActivityStarter setAllowBackgroundActivityStart(boolean allowBackgroundActivityStart) {
+ mRequest.allowBackgroundActivityStart = allowBackgroundActivityStart;
+ return this;
+ }
+
void dump(PrintWriter pw, String prefix) {
prefix = prefix + " ";
pw.print(prefix);
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java b/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java
index 0fc890a..0f286ce 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerInternal.java
@@ -197,16 +197,19 @@
* @param validateIncomingUser Set true to skip checking {@code userId} with the calling UID.
* @param originatingPendingIntent PendingIntentRecord that originated this activity start or
* null if not originated by PendingIntent
+ * @param allowBackgroundActivityStart Whether the background activity start should be allowed
+ * from originatingPendingIntent
*/
public abstract int startActivitiesInPackage(int uid, String callingPackage, Intent[] intents,
String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
- boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent);
+ boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
+ boolean allowBackgroundActivityStart);
public abstract int startActivityInPackage(int uid, int realCallingPid, int realCallingUid,
String callingPackage, Intent intent, String resolvedType, IBinder resultTo,
String resultWho, int requestCode, int startFlags, SafeActivityOptions options,
int userId, TaskRecord inTask, String reason, boolean validateIncomingUser,
- PendingIntentRecord originatingPendingIntent);
+ PendingIntentRecord originatingPendingIntent, boolean allowBackgroundActivityStart);
/**
* Start activity {@code intent} without calling user-id check.
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index c4be1ba537..a669ace 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -960,7 +960,7 @@
// TODO: Switch to user app stacks here.
return getActivityStartController().startActivities(caller, -1, callingPackage, intents,
resolvedTypes, resultTo, SafeActivityOptions.fromBundle(bOptions), userId, reason,
- null /* originatingPendingIntent */);
+ null /* originatingPendingIntent */, false /* allowBackgroundActivityStart */);
}
@Override
@@ -5787,18 +5787,20 @@
packageUid, packageName,
intents, resolvedTypes, null /* resultTo */,
SafeActivityOptions.fromBundle(bOptions), userId,
- false /* validateIncomingUser */, null /* originatingPendingIntent */);
+ false /* validateIncomingUser */, null /* originatingPendingIntent */,
+ false /* allowBackgroundActivityStart */);
}
}
@Override
public int startActivitiesInPackage(int uid, String callingPackage, Intent[] intents,
String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
- boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent) {
+ boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
+ boolean allowBackgroundActivityStart) {
synchronized (mGlobalLock) {
return getActivityStartController().startActivitiesInPackage(uid, callingPackage,
intents, resolvedTypes, resultTo, options, userId, validateIncomingUser,
- originatingPendingIntent);
+ originatingPendingIntent, allowBackgroundActivityStart);
}
}
@@ -5807,12 +5809,14 @@
String callingPackage, Intent intent, String resolvedType, IBinder resultTo,
String resultWho, int requestCode, int startFlags, SafeActivityOptions options,
int userId, TaskRecord inTask, String reason, boolean validateIncomingUser,
- PendingIntentRecord originatingPendingIntent) {
+ PendingIntentRecord originatingPendingIntent,
+ boolean allowBackgroundActivityStart) {
synchronized (mGlobalLock) {
return getActivityStartController().startActivityInPackage(uid, realCallingPid,
realCallingUid, callingPackage, intent, resolvedType, resultTo, resultWho,
requestCode, startFlags, options, userId, inTask, reason,
- validateIncomingUser, originatingPendingIntent);
+ validateIncomingUser, originatingPendingIntent,
+ allowBackgroundActivityStart);
}
}
diff --git a/services/core/java/com/android/server/wm/WindowProcessController.java b/services/core/java/com/android/server/wm/WindowProcessController.java
index f7f7528..c38a974 100644
--- a/services/core/java/com/android/server/wm/WindowProcessController.java
+++ b/services/core/java/com/android/server/wm/WindowProcessController.java
@@ -141,6 +141,9 @@
private volatile boolean mPerceptible;
// Set to true when process was launched with a wrapper attached
private volatile boolean mUsingWrapper;
+ // Set to true if this process is currently temporarily whitelisted to start activities even if
+ // it's not in the foreground
+ private volatile boolean mAllowBackgroundActivityStarts;
// Thread currently set for VR scheduling
int mVrThreadTid;
@@ -343,6 +346,14 @@
return mUsingWrapper;
}
+ public void setAllowBackgroundActivityStarts(boolean allowBackgroundActivityStarts) {
+ mAllowBackgroundActivityStarts = allowBackgroundActivityStarts;
+ }
+
+ public boolean areBackgroundActivityStartsAllowed() {
+ return mAllowBackgroundActivityStarts;
+ }
+
public void setInstrumenting(boolean instrumenting) {
mInstrumenting = instrumenting;
}