Block activity starts from background when realCallingUid is
a persistent system process and the start wasn't explicitly
whitelisted by the sender
Also, adds mechanism to temporary whitelist processes when
broadcast-based PendingIntent was whitelisted, so that
activities can be opened for the duration of the broadcast
being processed.
For now, all this is only wired for notifications.
Note: those whitelists are separate - only UI elements like
notifications will leverage both in order to support trampolines.
Other system-based PendingIntent senders should only use the
activity-based whitelist when they want an activity to be opened
from background.
Bug: 110956953
Test: atest WmTests:ActivityStarterTests
Test: manual with Play notifications that are known
for doing trampolines
Change-Id: Ibab91cdbe7afc0aed29d430dd41327272020925b
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index c4be1ba537..a669ace 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -960,7 +960,7 @@
// TODO: Switch to user app stacks here.
return getActivityStartController().startActivities(caller, -1, callingPackage, intents,
resolvedTypes, resultTo, SafeActivityOptions.fromBundle(bOptions), userId, reason,
- null /* originatingPendingIntent */);
+ null /* originatingPendingIntent */, false /* allowBackgroundActivityStart */);
}
@Override
@@ -5787,18 +5787,20 @@
packageUid, packageName,
intents, resolvedTypes, null /* resultTo */,
SafeActivityOptions.fromBundle(bOptions), userId,
- false /* validateIncomingUser */, null /* originatingPendingIntent */);
+ false /* validateIncomingUser */, null /* originatingPendingIntent */,
+ false /* allowBackgroundActivityStart */);
}
}
@Override
public int startActivitiesInPackage(int uid, String callingPackage, Intent[] intents,
String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
- boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent) {
+ boolean validateIncomingUser, PendingIntentRecord originatingPendingIntent,
+ boolean allowBackgroundActivityStart) {
synchronized (mGlobalLock) {
return getActivityStartController().startActivitiesInPackage(uid, callingPackage,
intents, resolvedTypes, resultTo, options, userId, validateIncomingUser,
- originatingPendingIntent);
+ originatingPendingIntent, allowBackgroundActivityStart);
}
}
@@ -5807,12 +5809,14 @@
String callingPackage, Intent intent, String resolvedType, IBinder resultTo,
String resultWho, int requestCode, int startFlags, SafeActivityOptions options,
int userId, TaskRecord inTask, String reason, boolean validateIncomingUser,
- PendingIntentRecord originatingPendingIntent) {
+ PendingIntentRecord originatingPendingIntent,
+ boolean allowBackgroundActivityStart) {
synchronized (mGlobalLock) {
return getActivityStartController().startActivityInPackage(uid, realCallingPid,
realCallingUid, callingPackage, intent, resolvedType, resultTo, resultWho,
requestCode, startFlags, options, userId, inTask, reason,
- validateIncomingUser, originatingPendingIntent);
+ validateIncomingUser, originatingPendingIntent,
+ allowBackgroundActivityStart);
}
}