frameworks/base
| 修訂 | d37eb96212c6fe4819c66bd0a1e0a2f9f7501602 (tree) |
|---|---|
| 時間 | 2020-03-13 05:34:26 |
| 作者 | Riddle Hsu <riddlehsu@goog...> |
| Commiter | Anis Assi |
RESTRICT AUTOMERGE Use consistent calling uid and package in navigateUpTo
Originally, if the caller of navigateUpTo is alive, even the calling
uid is set to the caller who launched the existing destination activity,
the uid from caller process has higher priority to replace the given
calling uid. So this change doesn't modify the existing behavior if
the caller process is valid. Besides, the case of delivering new intent
uses the source record as calling identity too, so the case of starting
new activity should be consistent.
Also forbid attaching null application thread to avoid unexpected state
in process record.
Bug: 144285917
Test: bit FrameworksServicesTests:com.android.server.am.ActivityStackTests
Change-Id: I60732f430256d37cb926d08d093581f051c4afed
(cherry picked from commit 0d7e27af30e39fbb6dcafedc854daa639074e5cc)
services/core/java/com/android/server/am/ActivityManagerService.java (diff) services/core/java/com/android/server/am/ActivityStack.java (diff) services/tests/servicestests/src/com/android/server/am/ActivityStackTests.java (diff)| @@ -6917,7 +6917,7 @@ public class ActivityManagerService extends IActivityManager.Stub | ||
| 6917 | 6917 | } |
| 6918 | 6918 | } |
| 6919 | 6919 | |
| 6920 | - private final boolean attachApplicationLocked(IApplicationThread thread, | |
| 6920 | + private boolean attachApplicationLocked(@NonNull IApplicationThread thread, | |
| 6921 | 6921 | int pid) { |
| 6922 | 6922 | |
| 6923 | 6923 | // Find the application record that is being attached... either via |
| @@ -7222,6 +7222,9 @@ public class ActivityManagerService extends IActivityManager.Stub | ||
| 7222 | 7222 | |
| 7223 | 7223 | @Override |
| 7224 | 7224 | public final void attachApplication(IApplicationThread thread) { |
| 7225 | + if (thread == null) { | |
| 7226 | + throw new SecurityException("Invalid application interface"); | |
| 7227 | + } | |
| 7225 | 7228 | synchronized (this) { |
| 7226 | 7229 | int callingPid = Binder.getCallingPid(); |
| 7227 | 7230 | final long origId = Binder.clearCallingIdentity(); |
| @@ -3961,6 +3961,11 @@ class ActivityStack<T extends StackWindowController> extends ConfigurationContai | ||
| 3961 | 3961 | |
| 3962 | 3962 | final boolean navigateUpToLocked(ActivityRecord srec, Intent destIntent, int resultCode, |
| 3963 | 3963 | Intent resultData) { |
| 3964 | + if (srec.app == null || srec.app.thread == null) { | |
| 3965 | + // Nothing to do if the caller is not attached, because this method should be called | |
| 3966 | + // from an alive activity. | |
| 3967 | + return false; | |
| 3968 | + } | |
| 3964 | 3969 | final TaskRecord task = srec.getTask(); |
| 3965 | 3970 | final ArrayList<ActivityRecord> activities = task.mActivities; |
| 3966 | 3971 | final int start = activities.indexOf(srec); |
| @@ -4012,22 +4017,22 @@ class ActivityStack<T extends StackWindowController> extends ConfigurationContai | ||
| 4012 | 4017 | } |
| 4013 | 4018 | |
| 4014 | 4019 | if (parent != null && foundParentInTask) { |
| 4020 | + final int callingUid = srec.info.applicationInfo.uid; | |
| 4015 | 4021 | final int parentLaunchMode = parent.info.launchMode; |
| 4016 | 4022 | final int destIntentFlags = destIntent.getFlags(); |
| 4017 | 4023 | if (parentLaunchMode == ActivityInfo.LAUNCH_SINGLE_INSTANCE || |
| 4018 | 4024 | parentLaunchMode == ActivityInfo.LAUNCH_SINGLE_TASK || |
| 4019 | 4025 | parentLaunchMode == ActivityInfo.LAUNCH_SINGLE_TOP || |
| 4020 | 4026 | (destIntentFlags & Intent.FLAG_ACTIVITY_CLEAR_TOP) != 0) { |
| 4021 | - parent.deliverNewIntentLocked(srec.info.applicationInfo.uid, destIntent, | |
| 4022 | - srec.packageName); | |
| 4027 | + parent.deliverNewIntentLocked(callingUid, destIntent, srec.packageName); | |
| 4023 | 4028 | } else { |
| 4024 | 4029 | try { |
| 4025 | 4030 | ActivityInfo aInfo = AppGlobals.getPackageManager().getActivityInfo( |
| 4026 | 4031 | destIntent.getComponent(), 0, srec.userId); |
| 4027 | 4032 | int res = mService.mActivityStarter.startActivityLocked(srec.app.thread, |
| 4028 | 4033 | destIntent, null /*ephemeralIntent*/, null, aInfo, null /*rInfo*/, null, |
| 4029 | - null, parent.appToken, null, 0, -1, parent.launchedFromUid, | |
| 4030 | - parent.launchedFromPackage, -1, parent.launchedFromUid, 0, null, | |
| 4034 | + null, parent.appToken, null, 0, -1, callingUid, | |
| 4035 | + srec.packageName, -1, callingUid, 0, null, | |
| 4031 | 4036 | false, true, null, null, "navigateUpTo"); |
| 4032 | 4037 | foundParentInTask = res == ActivityManager.START_SUCCESS; |
| 4033 | 4038 | } catch (RemoteException e) { |
| @@ -122,4 +122,17 @@ public class ActivityStackTests extends ActivityTestsBase { | ||
| 122 | 122 | assertEquals(task.getTopActivity(true /* includeOverlays */), taskOverlay); |
| 123 | 123 | assertNotNull(result.r); |
| 124 | 124 | } |
| 125 | + | |
| 126 | + @Test | |
| 127 | + public void testNavigateUpTo() { | |
| 128 | + final ActivityManagerService service = createActivityManagerService(); | |
| 129 | + final TaskRecord task = createTask(service, testActivityComponent, TEST_STACK_ID); | |
| 130 | + final ActivityRecord activityRecord = createActivity(service, testActivityComponent, task); | |
| 131 | + activityRecord.app = new ProcessRecord(null, activityRecord.appInfo, | |
| 132 | + activityRecord.processName, activityRecord.getUid()); | |
| 133 | + final ActivityStack testStack = service.mStackSupervisor.getStack(TEST_STACK_ID); | |
| 134 | + // No-op if the source activity record doesn't have attached process (app.thread == null). | |
| 135 | + assertFalse(testStack.navigateUpToLocked(activityRecord, activityRecord.intent, | |
| 136 | + 0 /* resultCode */, null /* resultData */)); | |
| 137 | + } | |
| 125 | 138 | } |
Fork