Separate BAL code from source
The current BAL code mixes the reason why BAL is allowed with the source
(caller/real caller) that allows BAL. This CL separates it for internal
purposes (i.e. logging), but keeps returning the original code. Also
until extra fields are added in the metrics it keeps logging the
original codes.
Test: atest BackgroundActivityLaunchTest
Bug: 306059525
Change-Id: I04884ec426b7a4b5ed7d13ef01e5f233a8c0f8f3
diff --git a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
index f8b22c9..07dac54 100644
--- a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
+++ b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
@@ -443,6 +443,8 @@
// indicates BAL would be blocked because only creator of the PI has the privilege to allow
// BAL, the sender does not have the privilege to allow BAL.
private boolean mOnlyCreatorAllows;
+ /** indicates that this verdict is based on the real calling UID and not the calling UID */
+ private boolean mBasedOnRealCaller;
BalVerdict(@BalCode int balCode, boolean background, String message) {
this.mBackground = background;
@@ -472,6 +474,15 @@
return mOnlyCreatorAllows;
}
+ private BalVerdict setBasedOnRealCaller() {
+ mBasedOnRealCaller = true;
+ return this;
+ }
+
+ private boolean isBasedOnRealCaller() {
+ return mBasedOnRealCaller;
+ }
+
public String toString() {
StringBuilder builder = new StringBuilder();
builder.append(balCodeToString(mCode));
@@ -495,7 +506,15 @@
return builder.toString();
}
+ public @BalCode int getRawCode() {
+ return mCode;
+ }
+
public @BalCode int getCode() {
+ if (mBasedOnRealCaller && mCode != BAL_BLOCK) {
+ // for compatibility always return BAL_ALLOW_PENDING_INTENT if based on real caller
+ return BAL_ALLOW_PENDING_INTENT;
+ }
return mCode;
}
}
@@ -580,7 +599,8 @@
// PendingIntents is null).
BalVerdict resultForRealCaller = state.callerIsRealCaller() && resultForCaller.allows()
? resultForCaller
- : checkBackgroundActivityStartAllowedBySender(state, checkedOptions);
+ : checkBackgroundActivityStartAllowedBySender(state, checkedOptions)
+ .setBasedOnRealCaller();
if (state.isPendingIntent()) {
resultForCaller.setOnlyCreatorAllows(
resultForCaller.allows() && resultForRealCaller.blocks());
@@ -828,7 +848,7 @@
&& ActivityManager.checkComponentPermission(
android.Manifest.permission.START_ACTIVITIES_FROM_BACKGROUND,
state.mRealCallingUid, NO_PROCESS_UID, true) == PackageManager.PERMISSION_GRANTED) {
- return new BalVerdict(BAL_ALLOW_PENDING_INTENT,
+ return new BalVerdict(BAL_ALLOW_PERMISSION,
/*background*/ false,
"realCallingUid has BAL permission.");
}
@@ -839,18 +859,18 @@
|| state.mAppSwitchState == APP_SWITCH_FG_ONLY;
if (Flags.balImproveRealCallerVisibilityCheck()) {
if (appSwitchAllowedOrFg && state.mRealCallingUidHasAnyVisibleWindow) {
- return new BalVerdict(BAL_ALLOW_PENDING_INTENT,
+ return new BalVerdict(BAL_ALLOW_VISIBLE_WINDOW,
/*background*/ false, "realCallingUid has visible window");
}
if (mService.mActiveUids.hasNonAppVisibleWindow(state.mRealCallingUid)) {
- return new BalVerdict(BAL_ALLOW_PENDING_INTENT,
+ return new BalVerdict(BAL_ALLOW_VISIBLE_WINDOW,
/*background*/ false, "realCallingUid has non-app visible window");
}
} else {
// don't abort if the realCallingUid has a visible window
// TODO(b/171459802): We should check appSwitchAllowed also
if (state.mRealCallingUidHasAnyVisibleWindow) {
- return new BalVerdict(BAL_ALLOW_PENDING_INTENT,
+ return new BalVerdict(BAL_ALLOW_VISIBLE_WINDOW,
/*background*/ false,
"realCallingUid has visible (non-toast) window.");
}
@@ -860,7 +880,7 @@
// wasn't allowed to start an activity
if (state.mForcedBalByPiSender.allowsBackgroundActivityStarts()
&& state.mIsRealCallingUidPersistentSystemProcess) {
- return new BalVerdict(BAL_ALLOW_PENDING_INTENT,
+ return new BalVerdict(BAL_ALLOW_ALLOWLISTED_UID,
/*background*/ false,
"realCallingUid is persistent system process AND intent "
+ "sender forced to allow.");
@@ -868,7 +888,7 @@
// don't abort if the realCallingUid is an associated companion app
if (mService.isAssociatedCompanionApp(
UserHandle.getUserId(state.mRealCallingUid), state.mRealCallingUid)) {
- return new BalVerdict(BAL_ALLOW_PENDING_INTENT,
+ return new BalVerdict(BAL_ALLOW_ALLOWLISTED_COMPONENT,
/*background*/ false,
"realCallingUid is a companion app.");
}
@@ -1469,7 +1489,7 @@
intent != null ? intent.getComponent().flattenToShortString() : "";
FrameworkStatsLog.write(FrameworkStatsLog.BAL_ALLOWED,
activityName,
- code,
+ BAL_ALLOW_PENDING_INTENT,
callingUid,
realCallingUid);
}