[RESTRICT AUTOMERGE] Do not resume activity if behind a translucent task

The top-focusable activity resides in the RESUMED state while the app process is newly created and attached. The behavior may enable UI hijacking attacks against apps implementing authentication. This CL disallows the system to resume the activity for the case if it is not visible or is occluded by other translucent tasks. Bug: 211481342 Test: atest CtsWindowManagerDeviceTestCases:ActivityLifecycleTests Change-Id: I7903494cf928b5b5613700262b7c5fff10f3c5a0 (cherry picked from commit 0a4f661ec6a18a0ddc47b6d9280a10b8d16c9457) Merged-In: I7903494cf928b5b5613700262b7c5fff10f3c5a0
author: Jeff Chang <chengjeff@google.com> 2022-01-25 10:37:29 +0800
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2022-07-07 01:46:11 +0000
commit: 88e0bd640587c5a3c4abf51d3a317b5f3b605c08 (patch)
tree: f5445980be752d7e6b5450cfcbdf49acd5509baa
parent: 7daaa15d4ded20e44fd341551050bd27ae982b3a (diff)
download: base-88e0bd640587c5a3c4abf51d3a317b5f3b605c08.tar.gz
2 files changed, 3 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java b/services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java
index badb1f5a0a12..4708d0026931 100644
--- a/services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java
+++ b/services/core/java/com/android/server/wm/EnsureActivitiesVisibleHelper.java
@@ -97,7 +97,7 @@ class EnsureActivitiesVisibleHelper {
         // activities are actually behind other fullscreen activities, but still required
         // to be visible (such as performing Recents animation).
         final boolean resumeTopActivity = mTop != null && !mTop.mLaunchTaskBehind
-                && mTaskFragment.isTopActivityFocusable()
+                && mTaskFragment.canBeResumed(starting)
                 && (starting == null || !starting.isDescendantOf(mTaskFragment));
 
         ArrayList<TaskFragment> adjacentTaskFragments = null;
diff --git a/services/core/java/com/android/server/wm/RootWindowContainer.java b/services/core/java/com/android/server/wm/RootWindowContainer.java
index fbc8f73b53b0..628e124877e9 100644
--- a/services/core/java/com/android/server/wm/RootWindowContainer.java
+++ b/services/core/java/com/android/server/wm/RootWindowContainer.java
@@ -1979,7 +1979,8 @@ class RootWindowContainer extends WindowContainer<DisplayContent>
 
         try {
             if (mTaskSupervisor.realStartActivityLocked(r, app,
-                    top == r && r.isFocusable() /*andResume*/, true /*checkConfig*/)) {
+                    top == r && r.getTask().canBeResumed(r) /*andResume*/,
+                    true /*checkConfig*/)) {
                 mTmpBoolean = true;
             }
         } catch (RemoteException e) {
author	Jeff Chang <chengjeff@google.com>	2022-01-25 10:37:29 +0800
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2022-07-07 01:46:11 +0000
commit	88e0bd640587c5a3c4abf51d3a317b5f3b605c08 (patch)
tree	f5445980be752d7e6b5450cfcbdf49acd5509baa
parent	7daaa15d4ded20e44fd341551050bd27ae982b3a (diff)
download	base-88e0bd640587c5a3c4abf51d3a317b5f3b605c08.tar.gz