Merge "Add permission check for RemoteTransition in ActivityOptions" into udc-dev am: a02a2d0dee
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/23768708
Change-Id: Ia3d17bcf9cb8d43d91203b9e1cd3c6a04d8259d3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/services/core/java/com/android/server/wm/SafeActivityOptions.java b/services/core/java/com/android/server/wm/SafeActivityOptions.java
index 5860776..c914fa1 100644
--- a/services/core/java/com/android/server/wm/SafeActivityOptions.java
+++ b/services/core/java/com/android/server/wm/SafeActivityOptions.java
@@ -48,6 +48,7 @@
import android.os.UserHandle;
import android.util.Slog;
import android.view.RemoteAnimationAdapter;
+import android.window.RemoteTransition;
import android.window.WindowContainerToken;
import com.android.internal.annotations.VisibleForTesting;
@@ -385,6 +386,18 @@
throw new SecurityException(msg);
}
+ // Check permission for remote transitions
+ final RemoteTransition transition = options.getRemoteTransition();
+ if (transition != null && supervisor.mService.checkPermission(
+ CONTROL_REMOTE_APP_TRANSITION_ANIMATIONS, callingPid, callingUid)
+ != PERMISSION_GRANTED) {
+ final String msg = "Permission Denial: starting " + getIntentString(intent)
+ + " from " + callerApp + " (pid=" + callingPid
+ + ", uid=" + callingUid + ") with remoteTransition";
+ Slog.w(TAG, msg);
+ throw new SecurityException(msg);
+ }
+
// If launched from bubble is specified, then ensure that the caller is system or sysui.
if (options.getLaunchedFromBubble() && !isSystemOrSystemUI(callingPid, callingUid)) {
final String msg = "Permission Denial: starting " + getIntentString(intent)