Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / 056e11e8386c92a54826e3e4be06aba38266c4a2^1..056e11e8386c92a54826e3e4be06aba38266c4a2 / .
commit056e11e8386c92a54826e3e4be06aba38266c4a2[log] [tgz]
authorNan Wu <wnan@google.com>Thu Jun 06 18:05:33 2024 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Thu Jun 06 18:05:33 2024 +0000
treeb434c88fa5cff31fc4de21871c62bbb293bced49
parent817358209952a94d39b456d54761adf4adc6a3d1 [diff]
parentd34ae40f870d4362a069940a035a4d58a536a231 [diff]
Merge "Allow an activity to start a new task via startNextMatchingActivity" into main
diff --git a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
index 3aa63af..0f5b6c5 100644
--- a/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/services/core/java/com/android/server/wm/ActivityTaskManagerService.java

@@ -1439,6 +1439,8 @@
                 resultTo.removeResultsLocked(r, resultWho, requestCode);
             }
 
+            final int origCallingUid = Binder.getCallingUid();
+            final int origCallingPid = Binder.getCallingPid();
             final long origId = Binder.clearCallingIdentity();
             // TODO(b/64750076): Check if calling pid should really be -1.
             try {
@@ -1446,13 +1448,14 @@
                     options = new SafeActivityOptions(ActivityOptions.makeBasic());
                 }
 
-                // Fixes b/230492947
+                // Fixes b/230492947 b/337726734
                 // Prevents background activity launch through #startNextMatchingActivity
-                // An activity going into the background could still go back to the foreground
-                // if the intent used matches both:
-                // - the activity in the background
-                // - a second activity.
-                options.getOptions(r).setAvoidMoveToFront();
+                // launchedFromUid of the calling activity represents the app that launches it.
+                // It may have BAL privileges (i.e. the Launcher App). Using its identity to
+                // launch to launch next matching activity causes BAL.
+                // Change the realCallingUid to the calling activity's uid.
+                // In ActivityStarter, when caller is set, the callingUid and callingPid are
+                // ignored. So now both callingUid and realCallingUid is set to the caller app.
                 final int res = getActivityStartController()
                         .obtainStarter(intent, "startNextMatchingActivity")
                         .setCaller(r.app.getThread())
@@ -1465,8 +1468,8 @@
                         .setCallingUid(r.launchedFromUid)
                         .setCallingPackage(r.launchedFromPackage)
                         .setCallingFeatureId(r.launchedFromFeatureId)
-                        .setRealCallingPid(-1)
-                        .setRealCallingUid(r.launchedFromUid)
+                        .setRealCallingPid(origCallingPid)
+                        .setRealCallingUid(origCallingUid)
                         .setActivityOptions(options)
                         .setUserId(userId)
                         .execute();