Merge "Enforce sysui-held permissions when getting main launch intent" into udc-dev
diff --git a/core/java/android/content/pm/LauncherApps.java b/core/java/android/content/pm/LauncherApps.java
index 27270d9..d6592d5 100644
--- a/core/java/android/content/pm/LauncherApps.java
+++ b/core/java/android/content/pm/LauncherApps.java
@@ -765,10 +765,6 @@
@Nullable
public PendingIntent getMainActivityLaunchIntent(@NonNull ComponentName component,
@Nullable Bundle startActivityOptions, @NonNull UserHandle user) {
- if (mContext.checkSelfPermission(android.Manifest.permission.START_TASKS_FROM_RECENTS)
- != PackageManager.PERMISSION_GRANTED) {
- Log.w(TAG, "Only allowed for recents.");
- }
logErrorForInvalidProfileAccess(user);
if (DEBUG) {
Log.i(TAG, "GetMainActivityLaunchIntent " + component + " " + user);
diff --git a/services/core/java/com/android/server/pm/LauncherAppsService.java b/services/core/java/com/android/server/pm/LauncherAppsService.java
index 9b1a80be..0bd6dff 100644
--- a/services/core/java/com/android/server/pm/LauncherAppsService.java
+++ b/services/core/java/com/android/server/pm/LauncherAppsService.java
@@ -1330,7 +1330,11 @@
@Override
public PendingIntent getActivityLaunchIntent(String callingPackage, ComponentName component,
UserHandle user) {
- ensureShortcutPermission(callingPackage);
+ if (mContext.checkPermission(android.Manifest.permission.START_TASKS_FROM_RECENTS,
+ injectBinderCallingPid(), injectBinderCallingUid())
+ != PackageManager.PERMISSION_GRANTED) {
+ throw new SecurityException("Permission START_TASKS_FROM_RECENTS required");
+ }
if (!canAccessProfile(user.getIdentifier(), "Cannot start activity")) {
throw new ActivityNotFoundException("Activity could not be found");
}