Require that the caller has INTERACT_ACROSS_USERS in order to retrieve home tasks of other users. This prevents users from observing home tasks of other users on the device. bug: 140274903 Test: cts-tradefed run cts-dev -m CtsPermissionTestCases -t android.permission.cts.NoActivityRelatedPermissionTest#testGetTask cts-tradefed run cts-dev -m CtsWindowManagerDeviceTestCases cts-tradefed run cts-dev -m CtsAppTestCases Change-Id: Ia5fdb1ba1ab7d9ec27d1afbb3a359b454c7075c0 Merged-In: Ia5fdb1ba1ab7d9ec27d1afbb3a359b454c7075c0

commit: f307365579dd67bc33657b3962d7739bfe1dc048 [log] [tgz]
author: Nicholas Sauer <nicksauer@google.com> Fri Aug 30 08:24:55 2019 -0700
committer: Nicholas Sauer <nicksauer@google.com> Thu Sep 05 17:37:33 2019 +0000
tree: a073e92a4fbcddf504551bcfb36fdd64830e217a
parent: ffa02fadce5aef91419bdde0b084b76689f0d9fe [diff] [blame]
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index 747837b..59ae9ac 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java

@@ -19,6 +19,8 @@
 import static android.Manifest.permission.BIND_VOICE_INTERACTION;
 import static android.Manifest.permission.CHANGE_CONFIGURATION;
 import static android.Manifest.permission.CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS;
+import static android.Manifest.permission.INTERACT_ACROSS_USERS;
+import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;
 import static android.Manifest.permission.INTERNAL_SYSTEM_WINDOW;
 import static android.Manifest.permission.MANAGE_ACTIVITY_STACKS;
 import static android.Manifest.permission.READ_FRAME_BUFFER;
@@ -2522,15 +2524,16 @@
             @WindowConfiguration.ActivityType int ignoreActivityType,
             @WindowConfiguration.WindowingMode int ignoreWindowingMode) {
         final int callingUid = Binder.getCallingUid();
+        final int callingPid = Binder.getCallingPid();
+        final boolean crossUser = isCrossUserAllowed(callingPid, callingUid);
         ArrayList<ActivityManager.RunningTaskInfo> list = new ArrayList<>();
 
         synchronized (mGlobalLock) {
             if (DEBUG_ALL) Slog.v(TAG, "getTasks: max=" + maxNum);
 
-            final boolean allowed = isGetTasksAllowed("getTasks", Binder.getCallingPid(),
-                    callingUid);
+            final boolean allowed = isGetTasksAllowed("getTasks", callingPid, callingUid);
             mRootActivityContainer.getRunningTasks(maxNum, list, ignoreActivityType,
-                    ignoreWindowingMode, callingUid, allowed);
+                    ignoreWindowingMode, callingUid, allowed, crossUser);
         }
 
         return list;
@@ -3587,6 +3590,11 @@
         return allowed;
     }
 
+    boolean isCrossUserAllowed(int pid, int uid) {
+        return checkPermission(INTERACT_ACROSS_USERS, pid, uid) == PERMISSION_GRANTED
+                || checkPermission(INTERACT_ACROSS_USERS_FULL, pid, uid) == PERMISSION_GRANTED;
+    }
+
     private PendingAssistExtras enqueueAssistContext(int requestType, Intent intent, String hint,
             IAssistDataReceiver receiver, Bundle receiverExtras, IBinder activityToken,
             boolean focused, boolean newSessionId, int userHandle, Bundle args, long timeout,
commit	f307365579dd67bc33657b3962d7739bfe1dc048	[log] [tgz]
author	Nicholas Sauer <nicksauer@google.com>	Fri Aug 30 08:24:55 2019 -0700
committer	Nicholas Sauer <nicksauer@google.com>	Thu Sep 05 17:37:33 2019 +0000
tree	a073e92a4fbcddf504551bcfb36fdd64830e217a
parent	ffa02fadce5aef91419bdde0b084b76689f0d9fe [diff] [blame]