Android-x86
Fork
捐款

  • R/O
  • HTTP
  • SSH
  • HTTPS

frameworks-base: 提交

frameworks/base


Commit MetaInfo

修訂b1040ba906b22d6ca0ae1dc5f90d68bfba07a50f (tree)
時間2021-02-14 22:44:44
作者Chih-Wei Huang <cwhuang@linu...>
CommiterChih-Wei Huang

Log Message

Merge remote-tracking branch 'lineage/cm-14.1' into cm-14.1-x86

Change Summary

差異

--- a/core/java/android/app/ActivityManagerNative.java
+++ b/core/java/android/app/ActivityManagerNative.java
@@ -1959,7 +1959,8 @@ public abstract class ActivityManagerNative extends Binder implements IActivityM
19591959 int initialPid = data.readInt();
19601960 String packageName = data.readString();
19611961 String message = data.readString();
1962- crashApplication(uid, initialPid, packageName, message);
1962+ crashApplication(uid, initialPid, packageName, message,
1963+ false /*force*/);
19631964 reply.writeNoException();
19641965 return true;
19651966 }
@@ -5523,7 +5524,7 @@ class ActivityManagerProxy implements IActivityManager
55235524 }
55245525
55255526 public void crashApplication(int uid, int initialPid, String packageName,
5526- String message) throws RemoteException {
5527+ String message, boolean force) throws RemoteException {
55275528 Parcel data = Parcel.obtain();
55285529 Parcel reply = Parcel.obtain();
55295530 data.writeInterfaceToken(IActivityManager.descriptor);
--- a/core/java/android/app/IActivityManager.java
+++ b/core/java/android/app/IActivityManager.java
@@ -428,7 +428,7 @@ public interface IActivityManager extends IInterface {
428428 public boolean isTopOfTask(IBinder token) throws RemoteException;
429429
430430 public void crashApplication(int uid, int initialPid, String packageName,
431- String message) throws RemoteException;
431+ String message, boolean force) throws RemoteException;
432432
433433 public String getProviderMimeType(Uri uri, int userId) throws RemoteException;
434434
--- a/core/java/android/app/Notification.java
+++ b/core/java/android/app/Notification.java
@@ -154,7 +154,7 @@ public class Notification implements Parcelable
154154 * <p>
155155 * Avoids spamming the system with overly large strings such as full e-mails.
156156 */
157- private static final int MAX_CHARSEQUENCE_LENGTH = 5 * 1024;
157+ private static final int MAX_CHARSEQUENCE_LENGTH = 1024;
158158
159159 /**
160160 * Maximum entries of reply text that are accepted by Builder and friends.
@@ -4973,7 +4973,7 @@ public class Notification implements Parcelable
49734973 * consistent during re-posts of the notification.
49744974 */
49754975 public Message(CharSequence text, long timestamp, CharSequence sender){
4976- mText = text;
4976+ mText = safeCharSequence(text);
49774977 mTimestamp = timestamp;
49784978 mSender = sender;
49794979 }
@@ -5055,7 +5055,7 @@ public class Notification implements Parcelable
50555055 }
50565056 bundle.putLong(KEY_TIMESTAMP, mTimestamp);
50575057 if (mSender != null) {
5058- bundle.putCharSequence(KEY_SENDER, mSender);
5058+ bundle.putCharSequence(KEY_SENDER, safeCharSequence(mSender));
50595059 }
50605060 if (mDataMimeType != null) {
50615061 bundle.putString(KEY_DATA_MIME_TYPE, mDataMimeType);
--- a/core/java/android/os/LocaleList.java
+++ b/core/java/android/os/LocaleList.java
@@ -24,6 +24,7 @@ import android.icu.util.ULocale;
2424
2525 import com.android.internal.annotations.GuardedBy;
2626
27+import java.util.ArrayList;
2728 import java.util.Arrays;
2829 import java.util.Collection;
2930 import java.util.HashSet;
@@ -150,18 +151,18 @@ public final class LocaleList implements Parcelable {
150151 /**
151152 * Creates a new {@link LocaleList}.
152153 *
154+ * If two or more same locales are passed, the repeated locales will be dropped.
153155 * <p>For empty lists of {@link Locale} items it is better to use {@link #getEmptyLocaleList()},
154156 * which returns a pre-constructed empty list.</p>
155157 *
156158 * @throws NullPointerException if any of the input locales is <code>null</code>.
157- * @throws IllegalArgumentException if any of the input locales repeat.
158159 */
159160 public LocaleList(@NonNull Locale... list) {
160161 if (list.length == 0) {
161162 mList = sEmptyList;
162163 mStringRepresentation = "";
163164 } else {
164- final Locale[] localeList = new Locale[list.length];
165+ final ArrayList<Locale> localeList = new ArrayList<>();
165166 final HashSet<Locale> seenLocales = new HashSet<Locale>();
166167 final StringBuilder sb = new StringBuilder();
167168 for (int i = 0; i < list.length; i++) {
@@ -169,10 +170,10 @@ public final class LocaleList implements Parcelable {
169170 if (l == null) {
170171 throw new NullPointerException("list[" + i + "] is null");
171172 } else if (seenLocales.contains(l)) {
172- throw new IllegalArgumentException("list[" + i + "] is a repetition");
173+ // Dropping duplicated locale entries.
173174 } else {
174175 final Locale localeClone = (Locale) l.clone();
175- localeList[i] = localeClone;
176+ localeList.add(localeClone);
176177 sb.append(localeClone.toLanguageTag());
177178 if (i < list.length - 1) {
178179 sb.append(',');
@@ -180,7 +181,7 @@ public final class LocaleList implements Parcelable {
180181 seenLocales.add(localeClone);
181182 }
182183 }
183- mList = localeList;
184+ mList = localeList.toArray(new Locale[localeList.size()]);
184185 mStringRepresentation = sb.toString();
185186 }
186187 }
--- a/packages/SystemUI/src/com/android/systemui/ImageWallpaper.java
+++ b/packages/SystemUI/src/com/android/systemui/ImageWallpaper.java
@@ -581,7 +581,16 @@ public class ImageWallpaper extends WallpaperService {
581581
582582 final FloatBuffer triangleVertices = createMesh(left, top, right, bottom);
583583
584- final int texture = loadTexture(mBackground);
584+ int texture = 0;
585+ try {
586+ texture = loadTexture(mBackground);
587+ } catch (IllegalArgumentException e) {
588+ mEgl.eglMakeCurrent(mEglDisplay, EGL_NO_SURFACE, EGL_NO_SURFACE, EGL_NO_CONTEXT);
589+ mEgl.eglDestroySurface(mEglDisplay, mEglSurface);
590+ mEgl.eglDestroyContext(mEglDisplay, mEglContext);
591+ mEgl.eglTerminate(mEglDisplay);
592+ return false;
593+ }
585594 final int program = buildProgram(sSimpleVS, sSimpleFS);
586595
587596 final int attribPosition = glGetAttribLocation(program, "position");
--- a/services/core/java/com/android/server/am/ActiveServices.java
+++ b/services/core/java/com/android/server/am/ActiveServices.java
@@ -618,6 +618,15 @@ public final class ActiveServices {
618618 }
619619 }
620620
621+ void killMisbehavingService(ServiceRecord r,
622+ int appUid, int appPid, String localPackageName) {
623+ synchronized (mAm) {
624+ stopServiceLocked(r);
625+ mAm.crashApplication(appUid, appPid, localPackageName,
626+ "Bad notification for startForeground", true /*force*/);
627+ }
628+ }
629+
621630 IBinder peekServiceLocked(Intent service, String resolvedType, String callingPackage) {
622631 ServiceLookupResult r = retrieveServiceLocked(service, resolvedType, callingPackage,
623632 Binder.getCallingPid(), Binder.getCallingUid(),
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -4306,8 +4306,17 @@ public final class ActivityManagerService extends ActivityManagerNative
43064306 return procState;
43074307 }
43084308
4309+ private boolean isCallerShell() {
4310+ final int callingUid = Binder.getCallingUid();
4311+ return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
4312+ }
4313+
43094314 @Override
43104315 public boolean setProcessMemoryTrimLevel(String process, int userId, int level) {
4316+ if (!isCallerShell()) {
4317+ EventLog.writeEvent(0x534e4554, 160390416, Binder.getCallingUid(), "");
4318+ throw new SecurityException("Only shell can call it");
4319+ }
43114320 synchronized (this) {
43124321 final ProcessRecord app = findProcessLocked(process, userId, "setProcessMemoryTrimLevel");
43134322 if (app == null) {
@@ -5122,7 +5131,7 @@ public final class ActivityManagerService extends ActivityManagerNative
51225131
51235132 @Override
51245133 public void crashApplication(int uid, int initialPid, String packageName,
5125- String message) {
5134+ String message, boolean force) {
51265135 if (checkCallingPermission(android.Manifest.permission.FORCE_STOP_PACKAGES)
51275136 != PackageManager.PERMISSION_GRANTED) {
51285137 String msg = "Permission Denial: crashApplication() from pid="
@@ -5134,7 +5143,8 @@ public final class ActivityManagerService extends ActivityManagerNative
51345143 }
51355144
51365145 synchronized(this) {
5137- mAppErrors.scheduleAppCrashLocked(uid, initialPid, packageName, message);
5146+ mAppErrors.scheduleAppCrashLocked(uid, initialPid, packageName,
5147+ message, force);
51385148 }
51395149 }
51405150
@@ -6639,7 +6649,7 @@ public final class ActivityManagerService extends ActivityManagerNative
66396649 }
66406650 }
66416651
6642- private final boolean attachApplicationLocked(IApplicationThread thread,
6652+ private boolean attachApplicationLocked(@NonNull IApplicationThread thread,
66436653 int pid) {
66446654
66456655 // Find the application record that is being attached... either via
@@ -6887,6 +6897,9 @@ public final class ActivityManagerService extends ActivityManagerNative
68876897
68886898 @Override
68896899 public final void attachApplication(IApplicationThread thread) {
6900+ if (thread == null) {
6901+ throw new SecurityException("Invalid application interface");
6902+ }
68906903 synchronized (this) {
68916904 int callingPid = Binder.getCallingPid();
68926905 final long origId = Binder.clearCallingIdentity();
--- a/services/core/java/com/android/server/am/ActivityRecord.java
+++ b/services/core/java/com/android/server/am/ActivityRecord.java
@@ -1531,6 +1531,10 @@ final class ActivityRecord {
15311531 }
15321532 }
15331533
1534+ int getUid() {
1535+ return info.applicationInfo.uid;
1536+ }
1537+
15341538 @Override
15351539 public String toString() {
15361540 if (stringName != null) {
--- a/services/core/java/com/android/server/am/ActivityStack.java
+++ b/services/core/java/com/android/server/am/ActivityStack.java
@@ -3738,6 +3738,11 @@ final class ActivityStack {
37383738
37393739 final boolean navigateUpToLocked(ActivityRecord srec, Intent destIntent, int resultCode,
37403740 Intent resultData) {
3741+ if (srec.app == null || srec.app.thread == null) {
3742+ // Nothing to do if the caller is not attached, because this method should be called
3743+ // from an alive activity.
3744+ return false;
3745+ }
37413746 final TaskRecord task = srec.task;
37423747 final ArrayList<ActivityRecord> activities = task.mActivities;
37433748 final int start = activities.indexOf(srec);
--- a/services/core/java/com/android/server/am/ActivityStarter.java
+++ b/services/core/java/com/android/server/am/ActivityStarter.java
@@ -1026,6 +1026,8 @@ class ActivityStarter {
10261026 } else {
10271027 callingPid = callingUid = -1;
10281028 }
1029+ boolean forceNewTask = false;
1030+ final int filterCallingUid = callingUid >= 0 ? callingUid : realCallingUid;
10291031 final long origId = Binder.clearCallingIdentity();
10301032 try {
10311033 synchronized (mService) {
@@ -1045,6 +1047,9 @@ class ActivityStarter {
10451047
10461048 // Don't modify the client's object!
10471049 intent = new Intent(intent);
1050+ if (forceNewTask) {
1051+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
1052+ }
10481053
10491054 // Collect information about the target of the Intent.
10501055 ActivityInfo aInfo = mSupervisor.resolveActivity(intent, resolvedTypes[i], 0,
@@ -1070,7 +1075,17 @@ class ActivityStarter {
10701075 return res;
10711076 }
10721077
1073- resultTo = outActivity[0] != null ? outActivity[0].appToken : null;
1078+ final ActivityRecord started = outActivity[0];
1079+ if (started != null && started.getUid() == filterCallingUid) {
1080+ // Only the started activity which has the same uid as the source caller can
1081+ // be the caller of next activity.
1082+ resultTo = started.appToken;
1083+ forceNewTask = false;
1084+ } else {
1085+ // Different apps not adjacent to the caller are forced to be new task.
1086+ resultTo = null;
1087+ forceNewTask = true;
1088+ }
10741089 }
10751090 }
10761091 } finally {
--- a/services/core/java/com/android/server/am/AppErrors.java
+++ b/services/core/java/com/android/server/am/AppErrors.java
@@ -242,25 +242,29 @@ class AppErrors {
242242 }
243243
244244 void killAppAtUserRequestLocked(ProcessRecord app, Dialog fromDialog) {
245- app.crashing = false;
246- app.crashingReport = null;
247- app.notResponding = false;
248- app.notRespondingReport = null;
249245 if (app.anrDialog == fromDialog) {
250246 app.anrDialog = null;
251247 }
252248 if (app.waitDialog == fromDialog) {
253249 app.waitDialog = null;
254250 }
251+ killAppImmediateLocked(app, "user-terminated", "user request after error");
252+ }
253+
254+ private void killAppImmediateLocked(ProcessRecord app, String reason, String killReason) {
255+ app.crashing = false;
256+ app.crashingReport = null;
257+ app.notResponding = false;
258+ app.notRespondingReport = null;
255259 if (app.pid > 0 && app.pid != MY_PID) {
256- handleAppCrashLocked(app, "user-terminated" /*reason*/,
260+ handleAppCrashLocked(app, reason,
257261 null /*shortMsg*/, null /*longMsg*/, null /*stackTrace*/, null /*data*/);
258- app.kill("user request after error", true);
262+ app.kill(killReason, true);
259263 }
260264 }
261265
262266 void scheduleAppCrashLocked(int uid, int initialPid, String packageName,
263- String message) {
267+ String message, boolean force) {
264268 ProcessRecord proc = null;
265269
266270 // Figure out which process to kill. We don't trust that initialPid
@@ -291,6 +295,18 @@ class AppErrors {
291295 }
292296
293297 proc.scheduleCrash(message);
298+ if (force) {
299+ // If the app is responsive, the scheduled crash will happen as expected
300+ // and then the delayed summary kill will be a no-op.
301+ final ProcessRecord p = proc;
302+ mService.mHandler.postDelayed(
303+ () -> {
304+ synchronized (mService) {
305+ killAppImmediateLocked(p, "forced", "killed for invalid state");
306+ }
307+ },
308+ 5000L);
309+ }
294310 }
295311
296312 /**
--- a/services/core/java/com/android/server/am/ServiceRecord.java
+++ b/services/core/java/com/android/server/am/ServiceRecord.java
@@ -448,6 +448,7 @@ final class ServiceRecord extends Binder {
448448 final String localPackageName = packageName;
449449 final int localForegroundId = foregroundId;
450450 final Notification _foregroundNoti = foregroundNoti;
451+ final ServiceRecord record = this;
451452 ams.mHandler.post(new Runnable() {
452453 public void run() {
453454 NotificationManagerInternal nm = LocalServices.getService(
@@ -532,10 +533,8 @@ final class ServiceRecord extends Binder {
532533 Slog.w(TAG, "Error showing notification for service", e);
533534 // If it gave us a garbage notification, it doesn't
534535 // get to be foreground.
535- ams.setServiceForeground(name, ServiceRecord.this,
536- 0, null, 0);
537- ams.crashApplication(appUid, appPid, localPackageName,
538- "Bad notification for startForeground: " + e);
536+ ams.mServices.killMisbehavingService(record,
537+ appUid, appPid, localPackageName);
539538 }
540539 }
541540 });
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -639,7 +639,7 @@ public class NotificationManagerService extends SystemService {
639639 try {
640640 ActivityManagerNative.getDefault().crashApplication(uid, initialPid, pkg,
641641 "Bad notification posted from package " + pkg
642- + ": " + message);
642+ + ": " + message, true /*force*/);
643643 } catch (RemoteException e) {
644644 } finally {
645645 Binder.restoreCallingIdentity(ident);
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -107,6 +107,7 @@ import android.app.ActivityManager;
107107 import android.app.ActivityManagerNative;
108108 import android.app.AlarmManager;
109109 import android.app.AppOpsManager;
110+import android.app.BroadcastOptions;
110111 import android.app.IActivityManager;
111112 import android.app.ResourcesManager;
112113 import android.app.admin.IDevicePolicyManager;
@@ -862,6 +863,10 @@ public class PackageManagerService extends IPackageManager.Stub {
862863 verificationIntent.setComponent(mIntentFilterVerifierComponent);
863864 verificationIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
864865
866+ final long whitelistTimeout = getVerificationTimeout();
867+ final BroadcastOptions options = BroadcastOptions.makeBasic();
868+ options.setTemporaryAppWhitelistDuration(whitelistTimeout);
869+
865870 UserHandle user = new UserHandle(userId);
866871 mContext.sendBroadcastAsUser(verificationIntent, user);
867872 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG,
@@ -901,9 +906,6 @@ public class PackageManagerService extends IPackageManager.Stub {
901906 + verificationId + " packageName:" + packageName);
902907 return;
903908 }
904- if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG,
905- "Updating IntentFilterVerificationInfo for package " + packageName
906- +" verificationId:" + verificationId);
907909
908910 synchronized (mPackages) {
909911 if (verified) {
@@ -921,19 +923,51 @@ public class PackageManagerService extends IPackageManager.Stub {
921923 int updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED;
922924 boolean needUpdate = false;
923925
924- // We cannot override the STATUS_ALWAYS / STATUS_NEVER states if they have
925- // already been set by the User thru the Disambiguation dialog
926+ // In a success case, we promote from undefined or ASK to ALWAYS. This
927+ // supports a flow where the app fails validation but then ships an updated
928+ // APK that passes, and therefore deserves to be in ALWAYS.
929+ //
930+ // If validation failed, the undefined state winds up in the basic ASK behavior,
931+ // but apps that previously passed and became ALWAYS are *demoted* out of
932+ // that state, since they would not deserve the ALWAYS behavior in case of a
933+ // clean install.
926934 switch (userStatus) {
935+ case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS:
936+ if (!verified) {
937+ // Don't demote if sysconfig says 'always'
938+ SystemConfig systemConfig = SystemConfig.getInstance();
939+ ArraySet<String> packages = systemConfig.getLinkedApps();
940+ if (!packages.contains(packageName)) {
941+ // updatedStatus is already UNDEFINED
942+ needUpdate = true;
943+
944+ if (DEBUG_DOMAIN_VERIFICATION) {
945+ Slog.d(TAG, "Formerly validated but now failing; demoting");
946+ }
947+ } else {
948+ if (DEBUG_DOMAIN_VERIFICATION) {
949+ Slog.d(TAG, "Updating bundled package " + packageName
950+ + " failed autoVerify, but sysconfig supersedes");
951+ }
952+ // leave needUpdate == false here intentionally
953+ }
954+ }
955+ break;
956+
927957 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED:
958+ // Stay in 'undefined' on verification failure
928959 if (verified) {
929960 updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
930- } else {
931- updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK;
932961 }
933962 needUpdate = true;
963+ if (DEBUG_DOMAIN_VERIFICATION) {
964+ Slog.d(TAG, "Applying update; old=" + userStatus
965+ + " new=" + updatedStatus);
966+ }
934967 break;
935968
936969 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK:
970+ // Keep in 'ask' on failure
937971 if (verified) {
938972 updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
939973 needUpdate = true;
@@ -949,6 +983,8 @@ public class PackageManagerService extends IPackageManager.Stub {
949983 packageName, updatedStatus, userId);
950984 scheduleWritePackageRestrictionsLocked(userId);
951985 }
986+ } else {
987+ Slog.i(TAG, "autoVerify ignored when installing for all users");
952988 }
953989 }
954990 }
@@ -12593,20 +12629,26 @@ public class PackageManagerService extends IPackageManager.Stub {
1259312629
1259412630 // Verify: if target already has an installer package, it must
1259512631 // be signed with the same cert as the caller.
12596- if (targetPackageSetting.installerPackageName != null) {
12597- PackageSetting setting = mSettings.mPackages.get(
12598- targetPackageSetting.installerPackageName);
12599- // If the currently set package isn't valid, then it's always
12600- // okay to change it.
12601- if (setting != null) {
12602- if (compareSignatures(callerSignature,
12603- setting.signatures.mSignatures)
12604- != PackageManager.SIGNATURE_MATCH) {
12605- throw new SecurityException(
12606- "Caller does not have same cert as old installer package "
12607- + targetPackageSetting.installerPackageName);
12608- }
12632+ String targetInstallerPackageName =
12633+ targetPackageSetting.installerPackageName;
12634+ PackageSetting targetInstallerPkgSetting = targetInstallerPackageName == null ? null :
12635+ mSettings.mPackages.get(targetInstallerPackageName);
12636+
12637+ if (targetInstallerPkgSetting != null) {
12638+ if (compareSignatures(callerSignature,
12639+ targetInstallerPkgSetting.signatures.mSignatures)
12640+ != PackageManager.SIGNATURE_MATCH) {
12641+ throw new SecurityException(
12642+ "Caller does not have same cert as old installer package "
12643+ + targetInstallerPackageName);
1260912644 }
12645+ } else if (mContext.checkCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES)
12646+ != PackageManager.PERMISSION_GRANTED) {
12647+ // This is probably an attempt to exploit vulnerability b/150857253 of taking
12648+ // privileged installer permissions when the installer has been uninstalled or
12649+ // was never set.
12650+ EventLog.writeEvent(0x534e4554, "150857253", Binder.getCallingUid(), "");
12651+ return;
1261012652 }
1261112653
1261212654 // Okay!
@@ -15566,14 +15608,17 @@ public class PackageManagerService extends IPackageManager.Stub {
1556615608 final String packageName = pkg.packageName;
1556715609
1556815610 boolean handlesWebUris = false;
15569- final boolean alreadyVerified;
15611+ ArraySet<String> domains = new ArraySet<>();
15612+ final boolean previouslyVerified;
15613+ boolean hostSetExpanded = false;
15614+ boolean needToRunVerify = false;
1557015615 synchronized (mPackages) {
1557115616 // If this is a new install and we see that we've already run verification for this
1557215617 // package, we have nothing to do: it means the state was restored from backup.
15573- final IntentFilterVerificationInfo ivi =
15618+ IntentFilterVerificationInfo ivi =
1557415619 mSettings.getIntentFilterVerificationLPr(packageName);
15575- alreadyVerified = (ivi != null);
15576- if (!replacing && alreadyVerified) {
15620+ previouslyVerified = (ivi != null);
15621+ if (!replacing && previouslyVerified) {
1557715622 if (DEBUG_DOMAIN_VERIFICATION) {
1557815623 Slog.i(TAG, "Package " + packageName + " already verified: status="
1557915624 + ivi.getStatusString());
@@ -15581,73 +15626,108 @@ public class PackageManagerService extends IPackageManager.Stub {
1558115626 return;
1558215627 }
1558315628
15629+ if (DEBUG_DOMAIN_VERIFICATION) {
15630+ Slog.i(TAG, " Previous verified hosts: "
15631+ + (ivi == null ? "[none]" : ivi.getDomainsString()));
15632+ }
15633+
1558415634 // If any filters need to be verified, then all need to be. In addition, we need to
1558515635 // know whether an updating app has any web navigation intent filters, to re-
1558615636 // examine handling policy even if not re-verifying.
15587- boolean needToVerify = false;
15637+ final boolean needsVerification = needsNetworkVerificationLPr(packageName);
1558815638 for (PackageParser.Activity a : pkg.activities) {
1558915639 for (ActivityIntentInfo filter : a.intents) {
1559015640 if (filter.handlesWebUris(true)) {
1559115641 handlesWebUris = true;
1559215642 }
15593- if (filter.needsVerification() && needsNetworkVerificationLPr(filter)) {
15643+ if (needsVerification && filter.needsVerification()) {
1559415644 if (DEBUG_DOMAIN_VERIFICATION) {
15595- Slog.d(TAG, "Intent filter needs verification, so processing all filters");
15645+ Slog.d(TAG, "autoVerify requested, processing all filters");
1559615646 }
15597- needToVerify = true;
15647+ needToRunVerify = true;
1559815648 // It's safe to break out here because filter.needsVerification()
15599- // can only be true if filter.handlesWebUris(true) returns true, so
15649+ // can only be true if filter.handlesWebUris(true) returned true, so
1560015650 // we've already noted that.
1560115651 break;
1560215652 }
1560315653 }
1560415654 }
1560515655
15606- // Note whether this app publishes any web navigation handling support at all,
15607- // and whether there are any web-nav filters that fit the profile for running
15608- // a verification pass now.
15609- if (needToVerify) {
15656+ // Compare the new set of recognized hosts if the app is either requesting
15657+ // autoVerify or has previously used autoVerify but no longer does.
15658+ if (needToRunVerify || previouslyVerified) {
1561015659 final int verificationId = mIntentFilterVerificationToken++;
1561115660 for (PackageParser.Activity a : pkg.activities) {
1561215661 for (ActivityIntentInfo filter : a.intents) {
15613- if (filter.handlesWebUris(true) && needsNetworkVerificationLPr(filter)) {
15662+ // Run verification against hosts mentioned in any web-nav intent filter,
15663+ // even if the filter matches non-web schemes as well
15664+ if (filter.handlesWebUris(false /*onlyWebSchemes*/)) {
1561415665 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG,
1561515666 "Verification needed for IntentFilter:" + filter.toString());
1561615667 mIntentFilterVerifier.addOneIntentFilterVerification(
1561715668 verifierUid, userId, verificationId, filter, packageName);
15669+ domains.addAll(filter.getHostsList());
1561815670 count++;
1561915671 }
1562015672 }
1562115673 }
1562215674 }
15675+
15676+ if (DEBUG_DOMAIN_VERIFICATION) {
15677+ Slog.i(TAG, " Update published hosts: " + domains.toString());
15678+ }
15679+
15680+ // If we've previously verified this same host set (or a subset), we can trust that
15681+ // a current ALWAYS policy is still applicable. If this is the case, we're done.
15682+ // (If we aren't in ALWAYS, we want to reverify to allow for apps that had failing
15683+ // hosts in their intent filters, then pushed a new apk that removed them and now
15684+ // passes.)
15685+ //
15686+ // Cases:
15687+ // + still autoVerify (needToRunVerify):
15688+ // - preserve current state if all of: unexpanded, in always
15689+ // - otherwise rerun as usual (fall through)
15690+ // + no longer autoVerify (alreadyVerified && !needToRunVerify)
15691+ // - wipe verification history always
15692+ // - preserve current state if all of: unexpanded, in always
15693+ hostSetExpanded = !previouslyVerified
15694+ || (ivi != null && !ivi.getDomains().containsAll(domains));
15695+ final int currentPolicy =
15696+ mSettings.getIntentFilterVerificationStatusLPr(packageName, userId);
15697+ final boolean keepCurState = !hostSetExpanded
15698+ && currentPolicy == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
15699+
15700+ if (needToRunVerify && keepCurState) {
15701+ if (DEBUG_DOMAIN_VERIFICATION) {
15702+ Slog.i(TAG, "Host set not expanding + ALWAYS -> no need to reverify");
15703+ }
15704+ ArrayList<String> domainsList = new ArrayList<String>();
15705+ domainsList.addAll(domains);
15706+ ivi.setDomains(domainsList);
15707+ scheduleWriteSettingsLocked();
15708+ return;
15709+ } else if (previouslyVerified && !needToRunVerify) {
15710+ // Prior autoVerify state but not requesting it now. Clear autoVerify history,
15711+ // and preserve the always policy iff the host set is not expanding.
15712+ clearIntentFilterVerificationsLPw(packageName, userId, !keepCurState);
15713+ return;
15714+ }
1562315715 }
1562415716
15625- if (count > 0) {
15626- // count > 0 means that we're running a full verification pass
15717+ if (needToRunVerify && count > 0) {
15718+ // app requested autoVerify and has at least one matching intent filter
1562715719 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Starting " + count
1562815720 + " IntentFilter verification" + (count > 1 ? "s" : "")
1562915721 + " for userId:" + userId);
1563015722 mIntentFilterVerifier.startVerifications(userId);
15631- } else if (alreadyVerified && handlesWebUris) {
15632- // App used autoVerify in the past, no longer does, but still handles web
15633- // navigation starts.
15634- if (DEBUG_DOMAIN_VERIFICATION) {
15635- Slog.d(TAG, "App changed web filters but no longer verifying - resetting policy");
15636- }
15637- synchronized (mPackages) {
15638- clearIntentFilterVerificationsLPw(packageName, userId);
15639- }
1564015723 } else {
1564115724 if (DEBUG_DOMAIN_VERIFICATION) {
15642- Slog.d(TAG, "No web filters or no prior verify policy for " + packageName);
15725+ Slog.d(TAG, "No web filters or no new host policy for " + packageName);
1564315726 }
1564415727 }
1564515728 }
1564615729
15647- private boolean needsNetworkVerificationLPr(ActivityIntentInfo filter) {
15648- final ComponentName cn = filter.activity.getComponentName();
15649- final String packageName = cn.getPackageName();
15650-
15730+ private boolean needsNetworkVerificationLPr(String packageName) {
1565115731 IntentFilterVerificationInfo ivi = mSettings.getIntentFilterVerificationLPr(
1565215732 packageName);
1565315733 if (ivi == null) {
@@ -15656,6 +15736,7 @@ public class PackageManagerService extends IPackageManager.Stub {
1565615736 int status = ivi.getStatus();
1565715737 switch (status) {
1565815738 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED:
15739+ case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS:
1565915740 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK:
1566015741 return true;
1566115742
@@ -16161,7 +16242,7 @@ public class PackageManagerService extends IPackageManager.Stub {
1616116242 synchronized (mPackages) {
1616216243 if (deletedPs != null) {
1616316244 if ((flags&PackageManager.DELETE_KEEP_DATA) == 0) {
16164- clearIntentFilterVerificationsLPw(deletedPs.name, UserHandle.USER_ALL);
16245+ clearIntentFilterVerificationsLPw(deletedPs.name, UserHandle.USER_ALL, true);
1616516246 clearDefaultBrowserIfNeeded(packageName);
1616616247 if (outInfo != null) {
1616716248 mSettings.mKeySetManagerService.removeAppKeySetDataLPw(packageName);
@@ -17396,12 +17477,13 @@ public class PackageManagerService extends IPackageManager.Stub {
1739617477 final int packageCount = mPackages.size();
1739717478 for (int i = 0; i < packageCount; i++) {
1739817479 PackageParser.Package pkg = mPackages.valueAt(i);
17399- clearIntentFilterVerificationsLPw(pkg.packageName, userId);
17480+ clearIntentFilterVerificationsLPw(pkg.packageName, userId, true);
1740017481 }
1740117482 }
1740217483
1740317484 /** This method takes a specific user id as well as UserHandle.USER_ALL. */
17404- void clearIntentFilterVerificationsLPw(String packageName, int userId) {
17485+ void clearIntentFilterVerificationsLPw(String packageName, int userId,
17486+ boolean alsoResetStatus) {
1740517487 if (userId == UserHandle.USER_ALL) {
1740617488 if (mSettings.removeIntentFilterVerificationLPw(packageName,
1740717489 sUserManager.getUserIds())) {
@@ -17410,7 +17492,8 @@ public class PackageManagerService extends IPackageManager.Stub {
1741017492 }
1741117493 }
1741217494 } else {
17413- if (mSettings.removeIntentFilterVerificationLPw(packageName, userId)) {
17495+ if (mSettings.removeIntentFilterVerificationLPw(packageName, userId,
17496+ alsoResetStatus)) {
1741417497 scheduleWritePackageRestrictionsLocked(userId);
1741517498 }
1741617499 }
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -1322,7 +1322,8 @@ final class Settings {
13221322 return result;
13231323 }
13241324
1325- boolean removeIntentFilterVerificationLPw(String packageName, int userId) {
1325+ boolean removeIntentFilterVerificationLPw(String packageName, int userId,
1326+ boolean alsoResetStatus) {
13261327 PackageSetting ps = mPackages.get(packageName);
13271328 if (ps == null) {
13281329 if (DEBUG_DOMAIN_VERIFICATION) {
@@ -1330,7 +1331,9 @@ final class Settings {
13301331 }
13311332 return false;
13321333 }
1333- ps.clearDomainVerificationStatusForUser(userId);
1334+ if (alsoResetStatus) {
1335+ ps.clearDomainVerificationStatusForUser(userId);
1336+ }
13341337 ps.setIntentFilterVerificationInfo(null);
13351338 return true;
13361339 }
@@ -1338,7 +1341,7 @@ final class Settings {
13381341 boolean removeIntentFilterVerificationLPw(String packageName, int[] userIds) {
13391342 boolean result = false;
13401343 for (int userId : userIds) {
1341- result |= removeIntentFilterVerificationLPw(packageName, userId);
1344+ result |= removeIntentFilterVerificationLPw(packageName, userId, true);
13421345 }
13431346 return result;
13441347 }
--- a/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java
+++ b/services/core/java/com/android/server/wallpaper/WallpaperManagerService.java
@@ -1747,7 +1747,7 @@ public class WallpaperManagerService extends IWallpaperManager.Stub {
17471747 mContext, 0,
17481748 Intent.createChooser(new Intent(Intent.ACTION_SET_WALLPAPER),
17491749 mContext.getText(com.android.internal.R.string.chooser_wallpaper)),
1750- 0, null, new UserHandle(serviceUserId)));
1750+ PendingIntent.FLAG_IMMUTABLE, null, new UserHandle(serviceUserId)));
17511751 if (!mContext.bindServiceAsUser(intent, newConn,
17521752 Context.BIND_AUTO_CREATE | Context.BIND_SHOWING_UI
17531753 | Context.BIND_FOREGROUND_SERVICE_WHILE_AWAKE,
Show on old repository browser