summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBryan Ferris <bferris@google.com>2019-06-05 01:02:55 (GMT)
committerJP Sugarbroad <jpsugar@google.com>2019-08-07 21:37:00 (GMT)
commit06aed1054fbf7b3a434d93e153e6663e4fc3985c (patch)
treeae8d009f6923c15aeaa7e86c867aa054f4d51ac4
parentea894cfc5a074ca4fdf6c5c50ff7ed89041ac3d8 (diff)
downloadframeworks_base-06aed1054fbf7b3a434d93e153e6663e4fc3985c.zip
frameworks_base-06aed1054fbf7b3a434d93e153e6663e4fc3985c.tar.gz
frameworks_base-06aed1054fbf7b3a434d93e153e6663e4fc3985c.tar.bz2
[RESTRICT AUTOMERGE] Pass correct realCallingUid to startActivity() if provided by PendingIntentRecord#sendInner()
Previously we'd ignore realCallingPid and realCallingUid that PendingIntentRecord#sendInner() provided to startActivityInPackage(). Now we correctly pass it on, preserving past behaviour if none provided. Test: manual; we added logging statements to check the value of realCallingUid in startActivitiesMayWait when launching the calendar app from the calendar widget and verified that it was the calendar uid rather than the system uid. Bug: 123013720 Change-Id: If0c0b67880c2e7a8774f31fbb1ba5f50544d2972 (cherry picked from commit b255e64a5d282f860bd58ae8f85158b5badce7ba)
-rw-r--r--services/core/java/com/android/server/am/ActivityManagerService.java6
-rw-r--r--services/core/java/com/android/server/am/ActivityStartController.java26
-rw-r--r--services/core/java/com/android/server/am/ActivityStarter.java32
-rw-r--r--services/core/java/com/android/server/am/PendingIntentRecord.java4
4 files changed, 43 insertions, 25 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 9d7101d..75e2aa4 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -5598,9 +5598,9 @@ public class ActivityManagerService extends IActivityManager.Stub
userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),
userId, false, ALLOW_FULL_ONLY, reason, null);
// TODO: Switch to user app stacks here.
- int ret = mActivityStartController.startActivities(caller, -1, callingPackage,
- intents, resolvedTypes, resultTo, SafeActivityOptions.fromBundle(bOptions), userId,
- reason);
+ int ret = mActivityStartController.startActivities(caller, -1, 0,
+ UserHandle.USER_NULL, callingPackage, intents, resolvedTypes, resultTo,
+ SafeActivityOptions.fromBundle(bOptions), userId, reason);
return ret;
}
diff --git a/services/core/java/com/android/server/am/ActivityStartController.java b/services/core/java/com/android/server/am/ActivityStartController.java
index a7c3200..be45542 100644
--- a/services/core/java/com/android/server/am/ActivityStartController.java
+++ b/services/core/java/com/android/server/am/ActivityStartController.java
@@ -282,20 +282,27 @@ public class ActivityStartController {
final int startActivitiesInPackage(int uid, String callingPackage, Intent[] intents,
String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
boolean validateIncomingUser) {
+ return startActivitiesInPackage(uid, 0, UserHandle.USER_NULL,
+ callingPackage, intents, resolvedTypes, resultTo, options, userId,
+ validateIncomingUser);
+ }
+ final int startActivitiesInPackage(int uid, int realCallingPid, int realCallingUid,
+ String callingPackage, Intent[] intents, String[] resolvedTypes, IBinder resultTo,
+ SafeActivityOptions options, int userId, boolean validateIncomingUser) {
final String reason = "startActivityInPackage";
userId = checkTargetUser(userId, validateIncomingUser, Binder.getCallingPid(),
Binder.getCallingUid(), reason);
// TODO: Switch to user app stacks here.
- return startActivities(null, uid, callingPackage, intents, resolvedTypes, resultTo, options,
- userId, reason);
+ return startActivities(null, uid, realCallingPid, realCallingUid, callingPackage, intents,
+ resolvedTypes, resultTo, options, userId, reason);
}
- int startActivities(IApplicationThread caller, int callingUid, String callingPackage,
- Intent[] intents, String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options,
- int userId, String reason) {
+ int startActivities(IApplicationThread caller, int callingUid, int incomingRealCallingPid,
+ int incomingRealCallingUid, String callingPackage, Intent[] intents, String[] resolvedTypes,
+ IBinder resultTo, SafeActivityOptions options, int userId, String reason) {
if (intents == null) {
throw new NullPointerException("intents is null");
}
@@ -306,9 +313,12 @@ public class ActivityStartController {
throw new IllegalArgumentException("intents are length different than resolvedTypes");
}
- final int realCallingPid = Binder.getCallingPid();
- final int realCallingUid = Binder.getCallingUid();
-
+ final int realCallingPid = incomingRealCallingPid != 0
+ ? incomingRealCallingPid
+ : Binder.getCallingPid();
+ final int realCallingUid = incomingRealCallingUid != UserHandle.USER_NULL
+ ? incomingRealCallingUid
+ : Binder.getCallingUid();
int callingPid;
if (callingUid >= 0) {
callingPid = -1;
diff --git a/services/core/java/com/android/server/am/ActivityStarter.java b/services/core/java/com/android/server/am/ActivityStarter.java
index 73e3d33..5382f58 100644
--- a/services/core/java/com/android/server/am/ActivityStarter.java
+++ b/services/core/java/com/android/server/am/ActivityStarter.java
@@ -281,6 +281,8 @@ class ActivityStarter {
* execution.
*/
private static class Request {
+ static final int DEFAULT_REAL_CALLING_PID = 0;
+ static final int DEFAULT_REAL_CALLING_UID = UserHandle.USER_NULL;
private static final int DEFAULT_CALLING_UID = -1;
private static final int DEFAULT_CALLING_PID = 0;
@@ -295,11 +297,11 @@ class ActivityStarter {
IBinder resultTo;
String resultWho;
int requestCode;
- int callingPid = DEFAULT_CALLING_UID;
- int callingUid = DEFAULT_CALLING_PID;
+ int callingPid = DEFAULT_CALLING_PID;
+ int callingUid = DEFAULT_CALLING_UID;
String callingPackage;
- int realCallingPid;
- int realCallingUid;
+ int realCallingPid = Request.DEFAULT_REAL_CALLING_PID;
+ int realCallingUid = Request.DEFAULT_REAL_CALLING_UID;
int startFlags;
SafeActivityOptions activityOptions;
boolean ignoreTargetSecurity;
@@ -352,8 +354,8 @@ class ActivityStarter {
callingPid = DEFAULT_CALLING_PID;
callingUid = DEFAULT_CALLING_UID;
callingPackage = null;
- realCallingPid = 0;
- realCallingUid = 0;
+ realCallingPid = Request.DEFAULT_REAL_CALLING_PID;
+ realCallingUid = Request.DEFAULT_REAL_CALLING_UID;
startFlags = 0;
activityOptions = null;
ignoreTargetSecurity = false;
@@ -368,7 +370,7 @@ class ActivityStarter {
mayWait = false;
avoidMoveToFront = false;
allowPendingRemoteAnimationRegistryLookup = true;
- filterCallingUid = UserHandle.USER_NULL;
+ filterCallingUid = DEFAULT_REAL_CALLING_UID;
}
/**
@@ -484,7 +486,8 @@ class ActivityStarter {
// for transactional diffs and preprocessing.
if (mRequest.mayWait) {
return startActivityMayWait(mRequest.caller, mRequest.callingUid,
- mRequest.callingPackage, mRequest.intent, mRequest.resolvedType,
+ mRequest.callingPackage, mRequest.realCallingPid, mRequest.realCallingUid,
+ mRequest.intent, mRequest.resolvedType,
mRequest.voiceSession, mRequest.voiceInteractor, mRequest.resultTo,
mRequest.resultWho, mRequest.requestCode, mRequest.startFlags,
mRequest.profilerInfo, mRequest.waitResult, mRequest.globalConfig,
@@ -943,7 +946,8 @@ class ActivityStarter {
}
private int startActivityMayWait(IApplicationThread caller, int callingUid,
- String callingPackage, Intent intent, String resolvedType,
+ String callingPackage, int requestRealCallingPid, int requestRealCallingUid,
+ Intent intent, String resolvedType,
IVoiceInteractionSession voiceSession, IVoiceInteractor voiceInteractor,
IBinder resultTo, String resultWho, int requestCode, int startFlags,
ProfilerInfo profilerInfo, WaitResult outResult,
@@ -957,8 +961,12 @@ class ActivityStarter {
mSupervisor.getActivityMetricsLogger().notifyActivityLaunching();
boolean componentSpecified = intent.getComponent() != null;
- final int realCallingPid = Binder.getCallingPid();
- final int realCallingUid = Binder.getCallingUid();
+ final int realCallingPid = requestRealCallingPid != Request.DEFAULT_REAL_CALLING_PID
+ ? requestRealCallingPid
+ : Binder.getCallingPid();
+ final int realCallingUid = requestRealCallingUid != Request.DEFAULT_REAL_CALLING_UID
+ ? requestRealCallingUid
+ : Binder.getCallingUid();
int callingPid;
if (callingUid >= 0) {
@@ -1185,7 +1193,7 @@ class ActivityStarter {
*/
static int computeResolveFilterUid(int customCallingUid, int actualCallingUid,
int filterCallingUid) {
- return filterCallingUid != UserHandle.USER_NULL
+ return filterCallingUid != Request.DEFAULT_REAL_CALLING_UID
? filterCallingUid
: (customCallingUid >= 0 ? customCallingUid : actualCallingUid);
}
diff --git a/services/core/java/com/android/server/am/PendingIntentRecord.java b/services/core/java/com/android/server/am/PendingIntentRecord.java
index e0aa2a2..f09709d 100644
--- a/services/core/java/com/android/server/am/PendingIntentRecord.java
+++ b/services/core/java/com/android/server/am/PendingIntentRecord.java
@@ -344,8 +344,8 @@ final class PendingIntentRecord extends IIntentSender.Stub {
allResolvedTypes[allResolvedTypes.length-1] = resolvedType;
res = owner.getActivityStartController().startActivitiesInPackage(
- uid, key.packageName, allIntents, allResolvedTypes,
- resultTo, mergedOptions, userId,
+ uid, callingPid, callingUid, key.packageName, allIntents,
+ allResolvedTypes, resultTo, mergedOptions, userId,
false /* validateIncomingUser */);
} else {
res = owner.getActivityStartController().startActivityInPackage(uid,