diff options
author | Kevin F. Haggerty <haggertk@lineageos.org> | 2020-05-06 06:46:15 -0600 |
---|---|---|
committer | Kevin F. Haggerty <haggertk@lineageos.org> | 2020-05-06 06:46:15 -0600 |
commit | f66f095b679d29f7d24879863132ea34dccb6719 (patch) | |
tree | 523ed01895a822d9a3316cbfde259003faf52523 | |
parent | 6aed87b6b8ba76e8b4f11333c0669efa48357ea8 (diff) | |
parent | 5f03b08b397b022d2f04bfabfafd85eeb48f5996 (diff) | |
download | android_frameworks_base-lineage-15.1.tar.gz android_frameworks_base-lineage-15.1.tar.bz2 android_frameworks_base-lineage-15.1.zip |
Merge tag 'android-8.1.0_r76' of https://android.googlesource.com/platform/frameworks/base into staging/lineage-15.1_merge-android-8.1.0_r76lineage-15.1
Android 8.1.0 release 76
* tag 'android-8.1.0_r76' of https://android.googlesource.com/platform/frameworks/base:
Verify all possible hosts that match web nav
RESTRICT AUTOMERGE Prevent accessing companion records from arbitrary uids
Revert "DO NOT MERGE - Kill apps outright for API contract violations"
RESTRICT AUTOMERGE Create separated tasks for different apps from startActivities
RESTRICT AUTOMERGE Use consistent calling uid and package in navigateUpTo
DO NOT MERGE - Kill apps outright for API contract violations
Change-Id: Ifd6c66f2bfe7847ab073ea3eca1ba4c4947e3d58
7 files changed, 55 insertions, 7 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 9ebd541caaf..8f9df8332d6 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -2843,6 +2843,11 @@ <permission android:name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS" android:protectionLevel="signature|privileged" /> + <!-- Allows an application to manage the companion devices. + @hide --> + <permission android:name="android.permission.MANAGE_COMPANION_DEVICES" + android:protectionLevel="signature" /> + <!-- @SystemApi Allows an application to use SurfaceFlinger's low level features. <p>Not for use by third-party applications. @hide diff --git a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java index f2f01cfa19b..aaa4626d495 100644 --- a/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java +++ b/services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java @@ -624,6 +624,11 @@ public class CompanionDeviceManagerService extends SystemService implements Bind + "associate USER_ID PACKAGE MAC_ADDRESS\n" + "disassociate USER_ID PACKAGE MAC_ADDRESS"; + ShellCmd() { + getContext().enforceCallingOrSelfPermission( + android.Manifest.permission.MANAGE_COMPANION_DEVICES, "ShellCmd"); + } + @Override public int onCommand(String cmd) { switch (cmd) { diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index ca7953b94d7..6cbd8329af8 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -6987,7 +6987,7 @@ public class ActivityManagerService extends IActivityManager.Stub } } - private final boolean attachApplicationLocked(IApplicationThread thread, + private boolean attachApplicationLocked(@NonNull IApplicationThread thread, int pid) { // Find the application record that is being attached... either via @@ -7292,6 +7292,9 @@ public class ActivityManagerService extends IActivityManager.Stub @Override public final void attachApplication(IApplicationThread thread) { + if (thread == null) { + throw new SecurityException("Invalid application interface"); + } synchronized (this) { int callingPid = Binder.getCallingPid(); final long origId = Binder.clearCallingIdentity(); diff --git a/services/core/java/com/android/server/am/ActivityStack.java b/services/core/java/com/android/server/am/ActivityStack.java index 199860597f9..c1ea022f1c1 100644 --- a/services/core/java/com/android/server/am/ActivityStack.java +++ b/services/core/java/com/android/server/am/ActivityStack.java @@ -3961,6 +3961,11 @@ class ActivityStack<T extends StackWindowController> extends ConfigurationContai final boolean navigateUpToLocked(ActivityRecord srec, Intent destIntent, int resultCode, Intent resultData) { + if (srec.app == null || srec.app.thread == null) { + // Nothing to do if the caller is not attached, because this method should be called + // from an alive activity. + return false; + } final TaskRecord task = srec.getTask(); final ArrayList<ActivityRecord> activities = task.mActivities; final int start = activities.indexOf(srec); @@ -4012,22 +4017,22 @@ class ActivityStack<T extends StackWindowController> extends ConfigurationContai } if (parent != null && foundParentInTask) { + final int callingUid = srec.info.applicationInfo.uid; final int parentLaunchMode = parent.info.launchMode; final int destIntentFlags = destIntent.getFlags(); if (parentLaunchMode == ActivityInfo.LAUNCH_SINGLE_INSTANCE || parentLaunchMode == ActivityInfo.LAUNCH_SINGLE_TASK || parentLaunchMode == ActivityInfo.LAUNCH_SINGLE_TOP || (destIntentFlags & Intent.FLAG_ACTIVITY_CLEAR_TOP) != 0) { - parent.deliverNewIntentLocked(srec.info.applicationInfo.uid, destIntent, - srec.packageName); + parent.deliverNewIntentLocked(callingUid, destIntent, srec.packageName); } else { try { ActivityInfo aInfo = AppGlobals.getPackageManager().getActivityInfo( destIntent.getComponent(), 0, srec.userId); int res = mService.mActivityStarter.startActivityLocked(srec.app.thread, destIntent, null /*ephemeralIntent*/, null, aInfo, null /*rInfo*/, null, - null, parent.appToken, null, 0, -1, parent.launchedFromUid, - parent.launchedFromPackage, -1, parent.launchedFromUid, 0, null, + null, parent.appToken, null, 0, -1, callingUid, + srec.packageName, -1, callingUid, 0, null, false, true, null, null, "navigateUpTo"); foundParentInTask = res == ActivityManager.START_SUCCESS; } catch (RemoteException e) { diff --git a/services/core/java/com/android/server/am/ActivityStarter.java b/services/core/java/com/android/server/am/ActivityStarter.java index fa2e04f70a3..aec552d3e14 100644 --- a/services/core/java/com/android/server/am/ActivityStarter.java +++ b/services/core/java/com/android/server/am/ActivityStarter.java @@ -940,6 +940,8 @@ class ActivityStarter { } else { callingPid = callingUid = -1; } + boolean forceNewTask = false; + final int filterCallingUid = callingUid >= 0 ? callingUid : realCallingUid; final long origId = Binder.clearCallingIdentity(); try { synchronized (mService) { @@ -959,6 +961,9 @@ class ActivityStarter { // Don't modify the client's object! intent = new Intent(intent); + if (forceNewTask) { + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + } // Collect information about the target of the Intent. ActivityInfo aInfo = mSupervisor.resolveActivity(intent, resolvedTypes[i], 0, @@ -984,7 +989,17 @@ class ActivityStarter { return res; } - resultTo = outActivity[0] != null ? outActivity[0].appToken : null; + final ActivityRecord started = outActivity[0]; + if (started != null && started.getUid() == filterCallingUid) { + // Only the started activity which has the same uid as the source caller can + // be the caller of next activity. + resultTo = started.appToken; + forceNewTask = false; + } else { + // Different apps not adjacent to the caller are forced to be new task. + resultTo = null; + forceNewTask = true; + } } } } finally { diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 89fdf0817fe..0d78f9349e5 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -19151,7 +19151,9 @@ public class PackageManagerService extends IPackageManager.Stub final int verificationId = mIntentFilterVerificationToken++; for (PackageParser.Activity a : pkg.activities) { for (ActivityIntentInfo filter : a.intents) { - if (filter.handlesWebUris(true) && needsNetworkVerificationLPr(filter)) { + // Run verification against hosts mentioned in any web-nav intent filter, + // even if the filter matches non-web schemes as well + if (filter.handlesWebUris(false) && needsNetworkVerificationLPr(filter)) { if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Verification needed for IntentFilter:" + filter.toString()); mIntentFilterVerifier.addOneIntentFilterVerification( diff --git a/services/tests/servicestests/src/com/android/server/am/ActivityStackTests.java b/services/tests/servicestests/src/com/android/server/am/ActivityStackTests.java index 02fba082ca9..33174b2bf07 100644 --- a/services/tests/servicestests/src/com/android/server/am/ActivityStackTests.java +++ b/services/tests/servicestests/src/com/android/server/am/ActivityStackTests.java @@ -122,4 +122,17 @@ public class ActivityStackTests extends ActivityTestsBase { assertEquals(task.getTopActivity(true /* includeOverlays */), taskOverlay); assertNotNull(result.r); } + + @Test + public void testNavigateUpTo() { + final ActivityManagerService service = createActivityManagerService(); + final TaskRecord task = createTask(service, testActivityComponent, TEST_STACK_ID); + final ActivityRecord activityRecord = createActivity(service, testActivityComponent, task); + activityRecord.app = new ProcessRecord(null, activityRecord.appInfo, + activityRecord.processName, activityRecord.getUid()); + final ActivityStack testStack = service.mStackSupervisor.getStack(TEST_STACK_ID); + // No-op if the source activity record doesn't have attached process (app.thread == null). + assertFalse(testStack.navigateUpToLocked(activityRecord, activityRecord.intent, + 0 /* resultCode */, null /* resultData */)); + } } |