• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javaandroidc++linuxc#objective-ccocoa誰得qtpythonrubywindowsphpgamebathyscapheguic翻訳omegatframework計画中(planning stage)twitterdombtronvb.nettestarduinodirectxpreviewerゲームエンジン

frameworks/base


Commit MetaInfo

Revision536d1914937a470f08e7db37a08e66119a9f250b (tree)
Time2021-03-02 23:56:56
AuthorChih-Wei Huang <cwhuang@linu...>
CommiterChih-Wei Huang

Log Message

Android 8.1.0 Release 81 (6780335)
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCX3uqXQAKCRDorT+BmrEO
eNiHAJ4myLYE2g1Wwa/6R588nl9O9+y1qwCfRgSyozj7+Me4w2smOfXJ53CPIM8=
=XVdO
-----END PGP SIGNATURE-----

Merge tag 'android-8.1.0_r81' into oreo-x86

Android 8.1.0 Release 81 (6780335)

Change Summary

Incremental Difference

--- a/core/java/android/app/IActivityManager.aidl
+++ b/core/java/android/app/IActivityManager.aidl
@@ -266,7 +266,8 @@ interface IActivityManager {
266266 boolean isImmersive(in IBinder token);
267267 void setImmersive(in IBinder token, boolean immersive);
268268 boolean isTopActivityImmersive();
269- void crashApplication(int uid, int initialPid, in String packageName, int userId, in String message);
269+ void crashApplication(int uid, int initialPid, in String packageName, int userId,
270+ in String message, boolean force);
270271 String getProviderMimeType(in Uri uri, int userId);
271272 IBinder newUriPermissionOwner(in String name);
272273 void grantUriPermissionFromOwner(in IBinder owner, int fromUid, in String targetPkg,
--- a/core/java/android/app/Presentation.java
+++ b/core/java/android/app/Presentation.java
@@ -19,24 +19,25 @@ package android.app;
1919 import static android.content.Context.DISPLAY_SERVICE;
2020 import static android.content.Context.WINDOW_SERVICE;
2121 import static android.view.WindowManager.LayoutParams.TYPE_PRESENTATION;
22+import static android.view.WindowManager.LayoutParams.TYPE_PRIVATE_PRESENTATION;
2223
2324 import android.content.Context;
2425 import android.content.res.Resources;
2526 import android.hardware.display.DisplayManager;
2627 import android.hardware.display.DisplayManager.DisplayListener;
2728 import android.os.Binder;
29+import android.os.Handler;
2830 import android.os.IBinder;
31+import android.os.Message;
32+import android.util.DisplayMetrics;
33+import android.util.Log;
34+import android.util.TypedValue;
2935 import android.view.ContextThemeWrapper;
3036 import android.view.Display;
3137 import android.view.Gravity;
3238 import android.view.Window;
3339 import android.view.WindowManager;
3440 import android.view.WindowManagerImpl;
35-import android.os.Handler;
36-import android.os.Message;
37-import android.util.DisplayMetrics;
38-import android.util.Log;
39-import android.util.TypedValue;
4041
4142 /**
4243 * Base class for presentations.
@@ -115,7 +116,9 @@ import android.util.TypedValue;
115116 * The display manager keeps track of all displays in the system. However, not all
116117 * displays are appropriate for showing presentations. For example, if an activity
117118 * attempted to show a presentation on the main display it might obscure its own content
118- * (it's like opening a dialog on top of your activity).
119+ * (it's like opening a dialog on top of your activity). Creating a presentation on the main
120+ * display will result in {@link android.view.WindowManager.InvalidDisplayException} being thrown
121+ * when invoking {@link #show()}.
119122 * </p><p>
120123 * Here's how to identify suitable displays for showing presentations using
121124 * {@link DisplayManager#getDisplays(String)} and the
@@ -188,12 +191,16 @@ public class Presentation extends Dialog {
188191 mDisplay = display;
189192 mDisplayManager = (DisplayManager)getContext().getSystemService(DISPLAY_SERVICE);
190193
194+ final int windowType =
195+ (display.getFlags() & Display.FLAG_PRIVATE) != 0 ? TYPE_PRIVATE_PRESENTATION
196+ : TYPE_PRESENTATION;
197+
191198 final Window w = getWindow();
192199 final WindowManager.LayoutParams attr = w.getAttributes();
193200 attr.token = mToken;
194201 w.setAttributes(attr);
195202 w.setGravity(Gravity.FILL);
196- w.setType(TYPE_PRESENTATION);
203+ w.setType(windowType);
197204 setCanceledOnTouchOutside(false);
198205 }
199206
@@ -242,7 +249,7 @@ public class Presentation extends Dialog {
242249 /**
243250 * Inherited from {@link Dialog#show}. Will throw
244251 * {@link android.view.WindowManager.InvalidDisplayException} if the specified secondary
245- * {@link Display} can't be found.
252+ * {@link Display} can't be found or if it does not have {@link Display#FLAG_PRESENTATION} set.
246253 */
247254 @Override
248255 public void show() {
--- a/core/java/android/content/pm/PackageInstaller.java
+++ b/core/java/android/content/pm/PackageInstaller.java
@@ -1571,6 +1571,7 @@ public class PackageInstaller {
15711571
15721572 /**
15731573 * Get the value set in {@link SessionParams#setOriginatingUri(Uri)}.
1574+ * Note: This value will only be non-null for the owner of the session.
15741575 */
15751576 public @Nullable Uri getOriginatingUri() {
15761577 return originatingUri;
@@ -1585,6 +1586,7 @@ public class PackageInstaller {
15851586
15861587 /**
15871588 * Get the value set in {@link SessionParams#setReferrerUri(Uri)}
1589+ * Note: This value will only be non-null for the owner of the session.
15881590 */
15891591 public @Nullable Uri getReferrerUri() {
15901592 return referrerUri;
--- a/location/java/com/android/internal/location/GpsNetInitiatedHandler.java
+++ b/location/java/com/android/internal/location/GpsNetInitiatedHandler.java
@@ -21,7 +21,6 @@ import java.util.concurrent.TimeUnit;
2121
2222 import android.app.Notification;
2323 import android.app.NotificationManager;
24-import android.app.PendingIntent;
2524 import android.content.BroadcastReceiver;
2625 import android.content.Context;
2726 import android.content.Intent;
@@ -402,13 +401,9 @@ public class GpsNetInitiatedHandler {
402401 mNiNotificationBuilder.setDefaults(0);
403402 }
404403
405- // if not to popup dialog immediately, pending intent will open the dialog
406- Intent intent = !mPopupImmediately ? getDlgIntent(notif) : new Intent();
407- PendingIntent pi = PendingIntent.getBroadcast(mContext, 0, intent, 0);
408404 mNiNotificationBuilder.setTicker(getNotifTicker(notif, mContext))
409405 .setContentTitle(title)
410- .setContentText(message)
411- .setContentIntent(pi);
406+ .setContentText(message);
412407
413408 notificationManager.notifyAsUser(null, notif.notificationId, mNiNotificationBuilder.build(),
414409 UserHandle.ALL);
--- a/packages/SystemUI/src/com/android/systemui/ImageWallpaper.java
+++ b/packages/SystemUI/src/com/android/systemui/ImageWallpaper.java
@@ -606,7 +606,16 @@ public class ImageWallpaper extends WallpaperService {
606606
607607 final FloatBuffer triangleVertices = createMesh(left, top, right, bottom);
608608
609- final int texture = loadTexture(mBackground);
609+ int texture = 0;
610+ try {
611+ texture = loadTexture(mBackground);
612+ } catch (IllegalArgumentException e) {
613+ mEgl.eglMakeCurrent(mEglDisplay, EGL_NO_SURFACE, EGL_NO_SURFACE, EGL_NO_CONTEXT);
614+ mEgl.eglDestroySurface(mEglDisplay, mEglSurface);
615+ mEgl.eglDestroyContext(mEglDisplay, mEglContext);
616+ mEgl.eglTerminate(mEglDisplay);
617+ return false;
618+ }
610619 final int program = buildProgram(sSimpleVS, sSimpleFS);
611620
612621 final int attribPosition = glGetAttribLocation(program, "position");
--- a/packages/SystemUI/src/com/android/systemui/statusbar/phone/PhoneStatusBarPolicy.java
+++ b/packages/SystemUI/src/com/android/systemui/statusbar/phone/PhoneStatusBarPolicy.java
@@ -568,7 +568,8 @@ public class PhoneStatusBarPolicy implements Callback, Callbacks,
568568 String message = mContext.getString(R.string.instant_apps_message);
569569 PendingIntent appInfoAction = PendingIntent.getActivity(mContext, 0,
570570 new Intent(Settings.ACTION_APPLICATION_DETAILS_SETTINGS)
571- .setData(Uri.fromParts("package", pkg, null)), 0);
571+ .setData(Uri.fromParts("package", pkg, null)),
572+ PendingIntent.FLAG_IMMUTABLE);
572573 Action action = new Notification.Action.Builder(null, mContext.getString(R.string.app_info),
573574 appInfoAction).build();
574575
@@ -582,7 +583,7 @@ public class PhoneStatusBarPolicy implements Callback, Callbacks,
582583 .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
583584
584585 PendingIntent pendingIntent = PendingIntent.getActivity(mContext,
585- 0 /* requestCode */, browserIntent, 0 /* flags */);
586+ 0 /* requestCode */, browserIntent, PendingIntent.FLAG_IMMUTABLE);
586587 ComponentName aiaComponent = null;
587588 try {
588589 aiaComponent = AppGlobals.getPackageManager().getInstantAppInstallerComponent();
@@ -598,7 +599,8 @@ public class PhoneStatusBarPolicy implements Callback, Callbacks,
598599 .putExtra(Intent.EXTRA_VERSION_CODE, appInfo.versionCode)
599600 .putExtra(Intent.EXTRA_EPHEMERAL_FAILURE, pendingIntent);
600601
601- PendingIntent webPendingIntent = PendingIntent.getActivity(mContext, 0, goToWebIntent, 0);
602+ PendingIntent webPendingIntent = PendingIntent.getActivity(
603+ mContext, 0, goToWebIntent, PendingIntent.FLAG_IMMUTABLE);
602604 Action webAction = new Notification.Action.Builder(null, mContext.getString(R.string.go_to_web),
603605 webPendingIntent).build();
604606 builder.addAction(webAction);
--- a/packages/SystemUI/src/com/android/systemui/util/leak/LeakReporter.java
+++ b/packages/SystemUI/src/com/android/systemui/util/leak/LeakReporter.java
@@ -93,9 +93,13 @@ public class LeakReporter {
9393 .setContentText(String.format(
9494 "SystemUI has detected %d leaked objects. Tap to send", garbageCount))
9595 .setSmallIcon(com.android.internal.R.drawable.stat_sys_adb)
96- .setContentIntent(PendingIntent.getActivityAsUser(mContext, 0,
96+ .setContentIntent(PendingIntent.getActivityAsUser(
97+ mContext,
98+ 0,
9799 getIntent(hprofFile, dumpFile),
98- PendingIntent.FLAG_UPDATE_CURRENT, null, UserHandle.CURRENT));
100+ PendingIntent.FLAG_UPDATE_CURRENT | PendingIntent.FLAG_IMMUTABLE,
101+ null,
102+ UserHandle.CURRENT));
99103 notiMan.notify(TAG, 0, builder.build());
100104 } catch (IOException e) {
101105 Log.e(TAG, "Couldn't dump heap for leak", e);
--- a/services/core/java/com/android/server/am/ActiveServices.java
+++ b/services/core/java/com/android/server/am/ActiveServices.java
@@ -653,6 +653,15 @@ public final class ActiveServices {
653653 }
654654 }
655655
656+ void killMisbehavingService(ServiceRecord r,
657+ int appUid, int appPid, String localPackageName) {
658+ synchronized (mAm) {
659+ stopServiceLocked(r);
660+ mAm.crashApplication(appUid, appPid, localPackageName, -1,
661+ "Bad notification for startForeground", true /*force*/);
662+ }
663+ }
664+
656665 IBinder peekServiceLocked(Intent service, String resolvedType, String callingPackage) {
657666 ServiceLookupResult r = retrieveServiceLocked(service, resolvedType, callingPackage,
658667 Binder.getCallingPid(), Binder.getCallingUid(),
@@ -3391,7 +3400,8 @@ public final class ActiveServices {
33913400
33923401 void serviceForegroundCrash(ProcessRecord app) {
33933402 mAm.crashApplication(app.uid, app.pid, app.info.packageName, app.userId,
3394- "Context.startForegroundService() did not then call Service.startForeground()");
3403+ "Context.startForegroundService() did not then call Service.startForeground()",
3404+ false /*force*/);
33953405 }
33963406
33973407 void scheduleServiceTimeoutLocked(ProcessRecord proc) {
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -4260,9 +4260,18 @@ public class ActivityManagerService extends IActivityManager.Stub
42604260 return procState;
42614261 }
42624262
4263+ private boolean isCallerShell() {
4264+ final int callingUid = Binder.getCallingUid();
4265+ return callingUid == SHELL_UID || callingUid == ROOT_UID;
4266+ }
4267+
42634268 @Override
42644269 public boolean setProcessMemoryTrimLevel(String process, int userId, int level)
42654270 throws RemoteException {
4271+ if (!isCallerShell()) {
4272+ EventLog.writeEvent(0x534e4554, 160390416, Binder.getCallingUid(), "");
4273+ throw new SecurityException("Only shell can call it");
4274+ }
42664275 synchronized (this) {
42674276 final ProcessRecord app = findProcessLocked(process, userId, "setProcessMemoryTrimLevel");
42684277 if (app == null) {
@@ -5141,7 +5150,7 @@ public class ActivityManagerService extends IActivityManager.Stub
51415150
51425151 @Override
51435152 public void crashApplication(int uid, int initialPid, String packageName, int userId,
5144- String message) {
5153+ String message, boolean force) {
51455154 if (checkCallingPermission(android.Manifest.permission.FORCE_STOP_PACKAGES)
51465155 != PackageManager.PERMISSION_GRANTED) {
51475156 String msg = "Permission Denial: crashApplication() from pid="
@@ -5153,7 +5162,8 @@ public class ActivityManagerService extends IActivityManager.Stub
51535162 }
51545163
51555164 synchronized(this) {
5156- mAppErrors.scheduleAppCrashLocked(uid, initialPid, packageName, userId, message);
5165+ mAppErrors.scheduleAppCrashLocked(uid, initialPid, packageName, userId,
5166+ message, force);
51575167 }
51585168 }
51595169
--- a/services/core/java/com/android/server/am/ActivityManagerShellCommand.java
+++ b/services/core/java/com/android/server/am/ActivityManagerShellCommand.java
@@ -921,7 +921,7 @@ final class ActivityManagerShellCommand extends ShellCommand {
921921 } catch (NumberFormatException e) {
922922 packageName = arg;
923923 }
924- mInterface.crashApplication(-1, pid, packageName, userId, "shell-induced crash");
924+ mInterface.crashApplication(-1, pid, packageName, userId, "shell-induced crash", false);
925925 return 0;
926926 }
927927
--- a/services/core/java/com/android/server/am/AppErrors.java
+++ b/services/core/java/com/android/server/am/AppErrors.java
@@ -243,20 +243,24 @@ class AppErrors {
243243 }
244244
245245 void killAppAtUserRequestLocked(ProcessRecord app, Dialog fromDialog) {
246- app.crashing = false;
247- app.crashingReport = null;
248- app.notResponding = false;
249- app.notRespondingReport = null;
250246 if (app.anrDialog == fromDialog) {
251247 app.anrDialog = null;
252248 }
253249 if (app.waitDialog == fromDialog) {
254250 app.waitDialog = null;
255251 }
252+ killAppImmediateLocked(app, "user-terminated", "user request after error");
253+ }
254+
255+ private void killAppImmediateLocked(ProcessRecord app, String reason, String killReason) {
256+ app.crashing = false;
257+ app.crashingReport = null;
258+ app.notResponding = false;
259+ app.notRespondingReport = null;
256260 if (app.pid > 0 && app.pid != MY_PID) {
257- handleAppCrashLocked(app, "user-terminated" /*reason*/,
261+ handleAppCrashLocked(app, reason,
258262 null /*shortMsg*/, null /*longMsg*/, null /*stackTrace*/, null /*data*/);
259- app.kill("user request after error", true);
263+ app.kill(killReason, true);
260264 }
261265 }
262266
@@ -270,7 +274,7 @@ class AppErrors {
270274 * @param message
271275 */
272276 void scheduleAppCrashLocked(int uid, int initialPid, String packageName, int userId,
273- String message) {
277+ String message, boolean force) {
274278 ProcessRecord proc = null;
275279
276280 // Figure out which process to kill. We don't trust that initialPid
@@ -303,6 +307,18 @@ class AppErrors {
303307 }
304308
305309 proc.scheduleCrash(message);
310+ if (force) {
311+ // If the app is responsive, the scheduled crash will happen as expected
312+ // and then the delayed summary kill will be a no-op.
313+ final ProcessRecord p = proc;
314+ mService.mHandler.postDelayed(
315+ () -> {
316+ synchronized (mService) {
317+ killAppImmediateLocked(p, "forced", "killed for invalid state");
318+ }
319+ },
320+ 5000L);
321+ }
306322 }
307323
308324 /**
--- a/services/core/java/com/android/server/am/ServiceRecord.java
+++ b/services/core/java/com/android/server/am/ServiceRecord.java
@@ -453,6 +453,7 @@ final class ServiceRecord extends Binder {
453453 final String localPackageName = packageName;
454454 final int localForegroundId = foregroundId;
455455 final Notification _foregroundNoti = foregroundNoti;
456+ final ServiceRecord record = this;
456457 ams.mHandler.post(new Runnable() {
457458 public void run() {
458459 NotificationManagerInternal nm = LocalServices.getService(
@@ -551,10 +552,8 @@ final class ServiceRecord extends Binder {
551552 Slog.w(TAG, "Error showing notification for service", e);
552553 // If it gave us a garbage notification, it doesn't
553554 // get to be foreground.
554- ams.setServiceForeground(name, ServiceRecord.this,
555- 0, null, 0);
556- ams.crashApplication(appUid, appPid, localPackageName, -1,
557- "Bad notification for startForeground: " + e);
555+ ams.mServices.killMisbehavingService(record,
556+ appUid, appPid, localPackageName);
558557 }
559558 }
560559 });
--- a/services/core/java/com/android/server/notification/NotificationManagerService.java
+++ b/services/core/java/com/android/server/notification/NotificationManagerService.java
@@ -714,18 +714,23 @@ public class NotificationManagerService extends SystemService {
714714 @Override
715715 public void onNotificationError(int callingUid, int callingPid, String pkg, String tag, int id,
716716 int uid, int initialPid, String message, int userId) {
717- Slog.d(TAG, "onNotification error pkg=" + pkg + " tag=" + tag + " id=" + id
718- + "; will crashApplication(uid=" + uid + ", pid=" + initialPid + ")");
717+ final boolean fgService;
718+ synchronized (mNotificationLock) {
719+ NotificationRecord r = findNotificationLocked(pkg, tag, id, userId);
720+ fgService = r != null
721+ && (r.getNotification().flags&Notification.FLAG_FOREGROUND_SERVICE) != 0;
722+ }
719723 cancelNotification(callingUid, callingPid, pkg, tag, id, 0, 0, false, userId,
720724 REASON_ERROR, null);
721- long ident = Binder.clearCallingIdentity();
722- try {
723- ActivityManager.getService().crashApplication(uid, initialPid, pkg, -1,
724- "Bad notification posted from package " + pkg
725- + ": " + message);
726- } catch (RemoteException e) {
725+ if (fgService) {
726+ // Still crash for foreground services, preventing the not-crash behaviour abused
727+ // by apps to give us a garbage notification and silently start a fg service.
728+ Binder.withCleanCallingIdentity(
729+ () -> mAm.crashApplication(uid, initialPid, pkg, -1,
730+ "Bad notification(tag=" + tag + ", id=" + id + ") posted from package "
731+ + pkg + ", crashing app(uid=" + uid + ", pid=" + initialPid + "): "
732+ + message, true /* force */));
727733 }
728- Binder.restoreCallingIdentity(ident);
729734 }
730735
731736 @Override
--- a/services/core/java/com/android/server/pm/PackageInstallerService.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerService.java
@@ -683,20 +683,24 @@ public class PackageInstallerService extends IPackageInstaller.Stub {
683683 public SessionInfo getSessionInfo(int sessionId) {
684684 synchronized (mSessions) {
685685 final PackageInstallerSession session = mSessions.get(sessionId);
686- return session != null ? session.generateInfo() : null;
686+
687+ return session != null
688+ ? session.generateInfoForCaller(true /*withIcon*/, Binder.getCallingUid())
689+ : null;
687690 }
688691 }
689692
690693 @Override
691694 public ParceledListSlice<SessionInfo> getAllSessions(int userId) {
692- mPm.enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false, "getAllSessions");
695+ final int callingUid = Binder.getCallingUid();
696+ mPm.enforceCrossUserPermission(callingUid, userId, true, false, "getAllSessions");
693697
694698 final List<SessionInfo> result = new ArrayList<>();
695699 synchronized (mSessions) {
696700 for (int i = 0; i < mSessions.size(); i++) {
697701 final PackageInstallerSession session = mSessions.valueAt(i);
698702 if (session.userId == userId) {
699- result.add(session.generateInfo(false));
703+ result.add(session.generateInfoForCaller(false, callingUid));
700704 }
701705 }
702706 }
@@ -713,7 +717,8 @@ public class PackageInstallerService extends IPackageInstaller.Stub {
713717 for (int i = 0; i < mSessions.size(); i++) {
714718 final PackageInstallerSession session = mSessions.valueAt(i);
715719
716- SessionInfo info = session.generateInfo(false);
720+ SessionInfo info =
721+ session.generateInfoForCaller(false /*withIcon*/, Process.SYSTEM_UID);
717722 if (Objects.equals(info.getInstallerPackageName(), installerPackageName)
718723 && session.userId == userId) {
719724 result.add(info);
--- a/services/core/java/com/android/server/pm/PackageInstallerSession.java
+++ b/services/core/java/com/android/server/pm/PackageInstallerSession.java
@@ -386,11 +386,41 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
386386 }
387387 }
388388
389- public SessionInfo generateInfo() {
390- return generateInfo(true);
389+ /**
390+ * Returns {@code true} if the {@link SessionInfo} object should be produced with potentially
391+ * sensitive data scrubbed from its fields.
392+ *
393+ * @param callingUid the uid of the caller; the recipient of the {@link SessionInfo} that may
394+ * need to be scrubbed
395+ */
396+ private boolean shouldScrubData(int callingUid) {
397+ return !(callingUid < Process.FIRST_APPLICATION_UID || getInstallerUid() == callingUid);
398+ }
399+
400+ /**
401+ * Generates a {@link SessionInfo} object for the provided uid. This may result in some fields
402+ * that may contain sensitive info being filtered.
403+ *
404+ * @param includeIcon true if the icon should be included in the object
405+ * @param callingUid the uid of the caller; the recipient of the {@link SessionInfo} that may
406+ * need to be scrubbed
407+ * @see #shouldScrubData(int)
408+ */
409+ public SessionInfo generateInfoForCaller(boolean includeIcon, int callingUid) {
410+ return generateInfoInternal(includeIcon, shouldScrubData(callingUid));
391411 }
392412
393- public SessionInfo generateInfo(boolean includeIcon) {
413+ /**
414+ * Generates a {@link SessionInfo} object to ensure proper hiding of sensitive fields.
415+ *
416+ * @param includeIcon true if the icon should be included in the object
417+ * @see #generateInfoForCaller(boolean, int)
418+ */
419+ public SessionInfo generateInfoScrubbed(boolean includeIcon) {
420+ return generateInfoInternal(includeIcon, true /*scrubData*/);
421+ }
422+
423+ private SessionInfo generateInfoInternal(boolean includeIcon, boolean scrubData) {
394424 final SessionInfo info = new SessionInfo();
395425 synchronized (mLock) {
396426 info.sessionId = sessionId;
@@ -411,9 +441,13 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
411441 info.appLabel = params.appLabel;
412442
413443 info.installLocation = params.installLocation;
414- info.originatingUri = params.originatingUri;
444+ if (!scrubData) {
445+ info.originatingUri = params.originatingUri;
446+ }
415447 info.originatingUid = params.originatingUid;
416- info.referrerUri = params.referrerUri;
448+ if (!scrubData) {
449+ info.referrerUri = params.referrerUri;
450+ }
417451 info.grantedRuntimePermissions = params.grantedRuntimePermissions;
418452 info.installFlags = params.installFlags;
419453 }
@@ -1490,7 +1524,7 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub {
14901524 // Send broadcast to default launcher only if it's a new install
14911525 final boolean isNewInstall = extras == null || !extras.getBoolean(Intent.EXTRA_REPLACING);
14921526 if (success && isNewInstall) {
1493- mPm.sendSessionCommitBroadcast(generateInfo(), userId);
1527+ mPm.sendSessionCommitBroadcast(generateInfoScrubbed(true /*icon*/), userId);
14941528 }
14951529
14961530 mCallback.onSessionFinished(this, success);
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -114,6 +114,7 @@ import android.annotation.NonNull;
114114 import android.annotation.Nullable;
115115 import android.app.ActivityManager;
116116 import android.app.AppOpsManager;
117+import android.app.BroadcastOptions;
117118 import android.app.IActivityManager;
118119 import android.app.ResourcesManager;
119120 import android.app.admin.IDevicePolicyManager;
@@ -1103,9 +1104,13 @@ public class PackageManagerService extends IPackageManager.Stub
11031104 verificationIntent.setComponent(mIntentFilterVerifierComponent);
11041105 verificationIntent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
11051106
1107+ final long whitelistTimeout = getVerificationTimeout();
1108+ final BroadcastOptions options = BroadcastOptions.makeBasic();
1109+ options.setTemporaryAppWhitelistDuration(whitelistTimeout);
1110+
11061111 DeviceIdleController.LocalService idleController = getDeviceIdleController();
11071112 idleController.addPowerSaveTempWhitelistApp(Process.myUid(),
1108- mIntentFilterVerifierComponent.getPackageName(), getVerificationTimeout(),
1113+ mIntentFilterVerifierComponent.getPackageName(), whitelistTimeout,
11091114 UserHandle.USER_SYSTEM, true, "intent filter verifier");
11101115
11111116 mContext.sendBroadcastAsUser(verificationIntent, UserHandle.SYSTEM);
@@ -1146,9 +1151,6 @@ public class PackageManagerService extends IPackageManager.Stub
11461151 + verificationId + " packageName:" + packageName);
11471152 return;
11481153 }
1149- if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG,
1150- "Updating IntentFilterVerificationInfo for package " + packageName
1151- +" verificationId:" + verificationId);
11521154
11531155 synchronized (mPackages) {
11541156 if (verified) {
@@ -1166,36 +1168,70 @@ public class PackageManagerService extends IPackageManager.Stub
11661168 int updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED;
11671169 boolean needUpdate = false;
11681170
1169- // We cannot override the STATUS_ALWAYS / STATUS_NEVER states if they have
1170- // already been set by the User thru the Disambiguation dialog
1171- switch (userStatus) {
1172- case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED:
1173- if (verified) {
1174- updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
1175- } else {
1176- updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK;
1177- }
1178- needUpdate = true;
1179- break;
1180-
1181- case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK:
1182- if (verified) {
1183- updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
1184- needUpdate = true;
1185- }
1186- break;
1187-
1188- default:
1189- // Nothing to do
1190- }
1171+ // In a success case, we promote from undefined or ASK to ALWAYS. This
1172+ // supports a flow where the app fails validation but then ships an updated
1173+ // APK that passes, and therefore deserves to be in ALWAYS.
1174+ //
1175+ // If validation failed, the undefined state winds up in the basic ASK behavior,
1176+ // but apps that previously passed and became ALWAYS are *demoted* out of
1177+ // that state, since they would not deserve the ALWAYS behavior in case of a
1178+ // clean install.
1179+ switch (userStatus) {
1180+ case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS:
1181+ if (!verified) {
1182+ // Don't demote if sysconfig says 'always'
1183+ SystemConfig systemConfig = SystemConfig.getInstance();
1184+ ArraySet<String> packages = systemConfig.getLinkedApps();
1185+ if (!packages.contains(packageName)) {
1186+ // updatedStatus is already UNDEFINED
1187+ needUpdate = true;
1188+
1189+ if (DEBUG_DOMAIN_VERIFICATION) {
1190+ Slog.d(TAG, "Formerly validated but now failing; demoting");
1191+ }
1192+ } else {
1193+ if (DEBUG_DOMAIN_VERIFICATION) {
1194+ Slog.d(TAG, "Updating bundled package " + packageName
1195+ + " failed autoVerify, but sysconfig supersedes");
1196+ }
1197+ // leave needUpdate == false here intentionally
1198+ }
1199+ }
1200+ break;
1201+
1202+ case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED:
1203+ // Stay in 'undefined' on verification failure
1204+ if (verified) {
1205+ updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
1206+ }
1207+ needUpdate = true;
1208+ if (DEBUG_DOMAIN_VERIFICATION) {
1209+ Slog.d(TAG, "Applying update; old=" + userStatus
1210+ + " new=" + updatedStatus);
1211+ }
1212+ break;
1213+
1214+ case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK:
1215+ // Keep in 'ask' on failure
1216+ if (verified) {
1217+ updatedStatus = INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
1218+ needUpdate = true;
1219+ }
1220+ break;
1221+
1222+ default:
1223+ // Nothing to do
1224+ }
11911225
11921226 if (needUpdate) {
11931227 mSettings.updateIntentFilterVerificationStatusLPw(
11941228 packageName, updatedStatus, userId);
11951229 scheduleWritePackageRestrictionsLocked(userId);
11961230 }
1231+ } else {
1232+ Slog.i(TAG, "autoVerify ignored when installing for all users");
11971233 }
1198- }
1234+ }
11991235 }
12001236
12011237 @Override
@@ -15877,20 +15913,26 @@ public class PackageManagerService extends IPackageManager.Stub
1587715913
1587815914 // Verify: if target already has an installer package, it must
1587915915 // be signed with the same cert as the caller.
15880- if (targetPackageSetting.installerPackageName != null) {
15881- PackageSetting setting = mSettings.mPackages.get(
15882- targetPackageSetting.installerPackageName);
15883- // If the currently set package isn't valid, then it's always
15884- // okay to change it.
15885- if (setting != null) {
15886- if (compareSignatures(callerSignature,
15887- setting.signatures.mSignatures)
15888- != PackageManager.SIGNATURE_MATCH) {
15889- throw new SecurityException(
15890- "Caller does not have same cert as old installer package "
15891- + targetPackageSetting.installerPackageName);
15892- }
15916+ String targetInstallerPackageName =
15917+ targetPackageSetting.installerPackageName;
15918+ PackageSetting targetInstallerPkgSetting = targetInstallerPackageName == null ? null :
15919+ mSettings.mPackages.get(targetInstallerPackageName);
15920+
15921+ if (targetInstallerPkgSetting != null) {
15922+ if (compareSignatures(callerSignature,
15923+ targetInstallerPkgSetting.signatures.mSignatures)
15924+ != PackageManager.SIGNATURE_MATCH) {
15925+ throw new SecurityException(
15926+ "Caller does not have same cert as old installer package "
15927+ + targetInstallerPackageName);
1589315928 }
15929+ } else if (mContext.checkCallingOrSelfPermission(Manifest.permission.INSTALL_PACKAGES)
15930+ != PackageManager.PERMISSION_GRANTED) {
15931+ // This is probably an attempt to exploit vulnerability b/150857253 of taking
15932+ // privileged installer permissions when the installer has been uninstalled or
15933+ // was never set.
15934+ EventLog.writeEvent(0x534e4554, "150857253", callingUid, "");
15935+ return;
1589415936 }
1589515937
1589615938 // Okay!
@@ -19028,16 +19070,18 @@ public class PackageManagerService extends IPackageManager.Stub
1902819070
1902919071 int count = 0;
1903019072 final String packageName = pkg.packageName;
19031-
1903219073 boolean handlesWebUris = false;
19033- final boolean alreadyVerified;
19074+ ArraySet<String> domains = new ArraySet<>();
19075+ final boolean previouslyVerified;
19076+ boolean hostSetExpanded = false;
19077+ boolean needToRunVerify = false;
1903419078 synchronized (mPackages) {
1903519079 // If this is a new install and we see that we've already run verification for this
1903619080 // package, we have nothing to do: it means the state was restored from backup.
19037- final IntentFilterVerificationInfo ivi =
19081+ IntentFilterVerificationInfo ivi =
1903819082 mSettings.getIntentFilterVerificationLPr(packageName);
19039- alreadyVerified = (ivi != null);
19040- if (!replacing && alreadyVerified) {
19083+ previouslyVerified = (ivi != null);
19084+ if (!replacing && previouslyVerified) {
1904119085 if (DEBUG_DOMAIN_VERIFICATION) {
1904219086 Slog.i(TAG, "Package " + packageName + " already verified: status="
1904319087 + ivi.getStatusString());
@@ -19045,75 +19089,106 @@ public class PackageManagerService extends IPackageManager.Stub
1904519089 return;
1904619090 }
1904719091
19092+ if (DEBUG_DOMAIN_VERIFICATION) {
19093+ Slog.i(TAG, " Previous verified hosts: "
19094+ + (ivi == null ? "[none]" : ivi.getDomainsString()));
19095+ }
19096+
1904819097 // If any filters need to be verified, then all need to be. In addition, we need to
1904919098 // know whether an updating app has any web navigation intent filters, to re-
1905019099 // examine handling policy even if not re-verifying.
19051- boolean needToVerify = false;
19100+ final boolean needsVerification = needsNetworkVerificationLPr(packageName);
1905219101 for (PackageParser.Activity a : pkg.activities) {
1905319102 for (ActivityIntentInfo filter : a.intents) {
1905419103 if (filter.handlesWebUris(true)) {
1905519104 handlesWebUris = true;
1905619105 }
19057- if (filter.needsVerification() && needsNetworkVerificationLPr(filter)) {
19106+ if (needsVerification && filter.needsVerification()) {
1905819107 if (DEBUG_DOMAIN_VERIFICATION) {
19059- Slog.d(TAG, "Intent filter needs verification, so processing all filters");
19108+ Slog.d(TAG, "autoVerify requested, processing all filters");
1906019109 }
19061- needToVerify = true;
19110+ needToRunVerify = true;
1906219111 // It's safe to break out here because filter.needsVerification()
19063- // can only be true if filter.handlesWebUris(true) returns true, so
19112+ // can only be true if filter.handlesWebUris(true) returned true, so
1906419113 // we've already noted that.
1906519114 break;
1906619115 }
1906719116 }
1906819117 }
1906919118
19070- // Note whether this app publishes any web navigation handling support at all,
19071- // and whether there are any web-nav filters that fit the profile for running
19072- // a verification pass now.
19073- if (needToVerify) {
19119+ // Compare the new set of recognized hosts if the app is either requesting
19120+ // autoVerify or has previously used autoVerify but no longer does.
19121+ if (needToRunVerify || previouslyVerified) {
1907419122 final int verificationId = mIntentFilterVerificationToken++;
1907519123 for (PackageParser.Activity a : pkg.activities) {
1907619124 for (ActivityIntentInfo filter : a.intents) {
1907719125 // Run verification against hosts mentioned in any web-nav intent filter,
1907819126 // even if the filter matches non-web schemes as well
19079- if (filter.handlesWebUris(false) && needsNetworkVerificationLPr(filter)) {
19127+ if (filter.handlesWebUris(false /*onlyWebSchemes*/)) {
1908019128 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG,
1908119129 "Verification needed for IntentFilter:" + filter.toString());
1908219130 mIntentFilterVerifier.addOneIntentFilterVerification(
1908319131 verifierUid, userId, verificationId, filter, packageName);
19132+ domains.addAll(filter.getHostsList());
1908419133 count++;
1908519134 }
1908619135 }
1908719136 }
1908819137 }
19138+
19139+ if (DEBUG_DOMAIN_VERIFICATION) {
19140+ Slog.i(TAG, " Update published hosts: " + domains.toString());
19141+ }
19142+
19143+ // If we've previously verified this same host set (or a subset), we can trust that
19144+ // a current ALWAYS policy is still applicable. If this is the case, we're done.
19145+ // (If we aren't in ALWAYS, we want to reverify to allow for apps that had failing
19146+ // hosts in their intent filters, then pushed a new apk that removed them and now
19147+ // passes.)
19148+ //
19149+ // Cases:
19150+ // + still autoVerify (needToRunVerify):
19151+ // - preserve current state if all of: unexpanded, in always
19152+ // - otherwise rerun as usual (fall through)
19153+ // + no longer autoVerify (alreadyVerified && !needToRunVerify)
19154+ // - wipe verification history always
19155+ // - preserve current state if all of: unexpanded, in always
19156+ hostSetExpanded = !previouslyVerified
19157+ || (ivi != null && !ivi.getDomains().containsAll(domains));
19158+ final int currentPolicy =
19159+ mSettings.getIntentFilterVerificationStatusLPr(packageName, userId);
19160+ final boolean keepCurState = !hostSetExpanded
19161+ && currentPolicy == INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS;
19162+
19163+ if (needToRunVerify && keepCurState) {
19164+ if (DEBUG_DOMAIN_VERIFICATION) {
19165+ Slog.i(TAG, "Host set not expanding + ALWAYS -> no need to reverify");
19166+ }
19167+ ivi.setDomains(domains);
19168+ scheduleWriteSettingsLocked();
19169+ return;
19170+ } else if (previouslyVerified && !needToRunVerify) {
19171+ // Prior autoVerify state but not requesting it now. Clear autoVerify history,
19172+ // and preserve the always policy iff the host set is not expanding.
19173+ clearIntentFilterVerificationsLPw(packageName, userId, !keepCurState);
19174+ return;
19175+ }
1908919176 }
1909019177
19091- if (count > 0) {
19092- // count > 0 means that we're running a full verification pass
19178+ if (needToRunVerify && count > 0) {
19179+ // app requested autoVerify and has at least one matching intent filter
1909319180 if (DEBUG_DOMAIN_VERIFICATION) Slog.d(TAG, "Starting " + count
1909419181 + " IntentFilter verification" + (count > 1 ? "s" : "")
1909519182 + " for userId:" + userId);
1909619183 mIntentFilterVerifier.startVerifications(userId);
19097- } else if (alreadyVerified && handlesWebUris) {
19098- // App used autoVerify in the past, no longer does, but still handles web
19099- // navigation starts.
19100- if (DEBUG_DOMAIN_VERIFICATION) {
19101- Slog.d(TAG, "App changed web filters but no longer verifying - resetting policy");
19102- }
19103- synchronized (mPackages) {
19104- clearIntentFilterVerificationsLPw(packageName, userId);
19105- }
1910619184 } else {
1910719185 if (DEBUG_DOMAIN_VERIFICATION) {
19108- Slog.d(TAG, "No web filters or no prior verify policy for " + packageName);
19186+ Slog.d(TAG, "No web filters or no new host policy for " + packageName);
1910919187 }
1911019188 }
19111- }
19112-
19113- private boolean needsNetworkVerificationLPr(ActivityIntentInfo filter) {
19114- final ComponentName cn = filter.activity.getComponentName();
19115- final String packageName = cn.getPackageName();
19189+ }
1911619190
19191+ private boolean needsNetworkVerificationLPr(String packageName) {
1911719192 IntentFilterVerificationInfo ivi = mSettings.getIntentFilterVerificationLPr(
1911819193 packageName);
1911919194 if (ivi == null) {
@@ -19122,6 +19197,7 @@ public class PackageManagerService extends IPackageManager.Stub
1912219197 int status = ivi.getStatus();
1912319198 switch (status) {
1912419199 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED:
19200+ case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS:
1912519201 case INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK:
1912619202 return true;
1912719203
@@ -19831,7 +19907,7 @@ public class PackageManagerService extends IPackageManager.Stub
1983119907 boolean installedStateChanged = false;
1983219908 if (deletedPs != null) {
1983319909 if ((flags&PackageManager.DELETE_KEEP_DATA) == 0) {
19834- clearIntentFilterVerificationsLPw(deletedPs.name, UserHandle.USER_ALL);
19910+ clearIntentFilterVerificationsLPw(deletedPs.name, UserHandle.USER_ALL, true);
1983519911 clearDefaultBrowserIfNeeded(packageName);
1983619912 mSettings.mKeySetManagerService.removeAppKeySetDataLPw(packageName);
1983719913 removedAppId = mSettings.removePackageLPw(packageName);
@@ -21137,12 +21213,13 @@ public class PackageManagerService extends IPackageManager.Stub
2113721213 final int packageCount = mPackages.size();
2113821214 for (int i = 0; i < packageCount; i++) {
2113921215 PackageParser.Package pkg = mPackages.valueAt(i);
21140- clearIntentFilterVerificationsLPw(pkg.packageName, userId);
21216+ clearIntentFilterVerificationsLPw(pkg.packageName, userId, true);
2114121217 }
2114221218 }
2114321219
2114421220 /** This method takes a specific user id as well as UserHandle.USER_ALL. */
21145- void clearIntentFilterVerificationsLPw(String packageName, int userId) {
21221+ void clearIntentFilterVerificationsLPw(String packageName, int userId,
21222+ boolean alsoResetStatus) {
2114621223 if (userId == UserHandle.USER_ALL) {
2114721224 if (mSettings.removeIntentFilterVerificationLPw(packageName,
2114821225 sUserManager.getUserIds())) {
@@ -21151,7 +21228,8 @@ public class PackageManagerService extends IPackageManager.Stub
2115121228 }
2115221229 }
2115321230 } else {
21154- if (mSettings.removeIntentFilterVerificationLPw(packageName, userId)) {
21231+ if (mSettings.removeIntentFilterVerificationLPw(packageName, userId,
21232+ alsoResetStatus)) {
2115521233 scheduleWritePackageRestrictionsLocked(userId);
2115621234 }
2115721235 }
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -1371,7 +1371,8 @@ final class Settings {
13711371 return result;
13721372 }
13731373
1374- boolean removeIntentFilterVerificationLPw(String packageName, int userId) {
1374+ boolean removeIntentFilterVerificationLPw(String packageName, int userId,
1375+ boolean alsoResetStatus) {
13751376 PackageSetting ps = mPackages.get(packageName);
13761377 if (ps == null) {
13771378 if (DEBUG_DOMAIN_VERIFICATION) {
@@ -1379,7 +1380,9 @@ final class Settings {
13791380 }
13801381 return false;
13811382 }
1382- ps.clearDomainVerificationStatusForUser(userId);
1383+ if (alsoResetStatus) {
1384+ ps.clearDomainVerificationStatusForUser(userId);
1385+ }
13831386 ps.setIntentFilterVerificationInfo(null);
13841387 return true;
13851388 }
@@ -1387,7 +1390,7 @@ final class Settings {
13871390 boolean removeIntentFilterVerificationLPw(String packageName, int[] userIds) {
13881391 boolean result = false;
13891392 for (int userId : userIds) {
1390- result |= removeIntentFilterVerificationLPw(packageName, userId);
1393+ result |= removeIntentFilterVerificationLPw(packageName, userId, true);
13911394 }
13921395 return result;
13931396 }
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -58,6 +58,7 @@ import static android.view.WindowManager.LayoutParams.TYPE_DREAM;
5858 import static android.view.WindowManager.LayoutParams.TYPE_INPUT_METHOD;
5959 import static android.view.WindowManager.LayoutParams.TYPE_INPUT_METHOD_DIALOG;
6060 import static android.view.WindowManager.LayoutParams.TYPE_NAVIGATION_BAR;
61+import static android.view.WindowManager.LayoutParams.TYPE_PRESENTATION;
6162 import static android.view.WindowManager.LayoutParams.TYPE_PRIVATE_PRESENTATION;
6263 import static android.view.WindowManager.LayoutParams.TYPE_QS_DIALOG;
6364 import static android.view.WindowManager.LayoutParams.TYPE_STATUS_BAR;
@@ -1255,6 +1256,13 @@ public class WindowManagerService extends IWindowManager.Stub
12551256 return WindowManagerGlobal.ADD_PERMISSION_DENIED;
12561257 }
12571258
1259+ if (type == TYPE_PRESENTATION && !displayContent.getDisplay().isPublicPresentation()) {
1260+ Slog.w(TAG_WM,
1261+ "Attempted to add presentation window to a non-suitable display. "
1262+ + "Aborting.");
1263+ return WindowManagerGlobal.ADD_INVALID_DISPLAY;
1264+ }
1265+
12581266 AppWindowToken atoken = null;
12591267 final boolean hasParent = parentWindow != null;
12601268 // Use existing parent window token for child windows since they go in the same token