4 files changed, 43 insertions, 25 deletions

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 9d7101da90fe..75e2aa43d1ac 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -5598,9 +5598,9 @@ public class ActivityManagerService extends IActivityManager.Stub
         userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),
                 userId, false, ALLOW_FULL_ONLY, reason, null);
         // TODO: Switch to user app stacks here.
-        int ret = mActivityStartController.startActivities(caller, -1, callingPackage,
-                intents, resolvedTypes, resultTo, SafeActivityOptions.fromBundle(bOptions), userId,
-                reason);
+        int ret = mActivityStartController.startActivities(caller, -1, 0,
+                UserHandle.USER_NULL, callingPackage, intents, resolvedTypes, resultTo,
+                SafeActivityOptions.fromBundle(bOptions), userId, reason);
         return ret;
     }
 
diff --git a/services/core/java/com/android/server/am/ActivityStartController.java b/services/core/java/com/android/server/am/ActivityStartController.java
index a7c32009a4c4..be45542d7226 100644
--- a/services/core/java/com/android/server/am/ActivityStartController.java
+++ b/services/core/java/com/android/server/am/ActivityStartController.java
@@ -282,20 +282,27 @@ public class ActivityStartController {
     final int startActivitiesInPackage(int uid, String callingPackage, Intent[] intents,
             String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options, int userId,
             boolean validateIncomingUser) {
+        return startActivitiesInPackage(uid, 0, UserHandle.USER_NULL,
+             callingPackage, intents, resolvedTypes, resultTo, options, userId,
+             validateIncomingUser);
+    }
 
+    final int startActivitiesInPackage(int uid, int realCallingPid, int realCallingUid,
+            String callingPackage, Intent[] intents, String[] resolvedTypes, IBinder resultTo,
+            SafeActivityOptions options, int userId, boolean validateIncomingUser) {
         final String reason = "startActivityInPackage";
 
         userId = checkTargetUser(userId, validateIncomingUser, Binder.getCallingPid(),
                 Binder.getCallingUid(), reason);
 
         // TODO: Switch to user app stacks here.
-        return startActivities(null, uid, callingPackage, intents, resolvedTypes, resultTo, options,
-                userId, reason);
+        return startActivities(null, uid, realCallingPid, realCallingUid, callingPackage, intents,
+                resolvedTypes, resultTo, options, userId, reason);
     }
 
-    int startActivities(IApplicationThread caller, int callingUid, String callingPackage,
-            Intent[] intents, String[] resolvedTypes, IBinder resultTo, SafeActivityOptions options,
-            int userId, String reason) {
+    int startActivities(IApplicationThread caller, int callingUid, int incomingRealCallingPid,
+            int incomingRealCallingUid, String callingPackage, Intent[] intents, String[] resolvedTypes,
+            IBinder resultTo, SafeActivityOptions options, int userId, String reason) {
         if (intents == null) {
             throw new NullPointerException("intents is null");
         }
@@ -306,9 +313,12 @@ public class ActivityStartController {
             throw new IllegalArgumentException("intents are length different than resolvedTypes");
         }
 
-        final int realCallingPid = Binder.getCallingPid();
-        final int realCallingUid = Binder.getCallingUid();
-
+        final int realCallingPid = incomingRealCallingPid != 0
+                                   ? incomingRealCallingPid
+                                   : Binder.getCallingPid();
+        final int realCallingUid = incomingRealCallingUid != UserHandle.USER_NULL
+                                   ? incomingRealCallingUid
+                                   : Binder.getCallingUid();
         int callingPid;
         if (callingUid >= 0) {
             callingPid = -1;
diff --git a/services/core/java/com/android/server/am/ActivityStarter.java b/services/core/java/com/android/server/am/ActivityStarter.java
index 73e3d33073fc..5382f5837cac 100644
--- a/services/core/java/com/android/server/am/ActivityStarter.java
+++ b/services/core/java/com/android/server/am/ActivityStarter.java
@@ -281,6 +281,8 @@ class ActivityStarter {
      * execution.
      */
     private static class Request {
+        static final int DEFAULT_REAL_CALLING_PID = 0;
+        static final int DEFAULT_REAL_CALLING_UID = UserHandle.USER_NULL;
         private static final int DEFAULT_CALLING_UID = -1;
         private static final int DEFAULT_CALLING_PID = 0;
 
@@ -295,11 +297,11 @@ class ActivityStarter {
         IBinder resultTo;
         String resultWho;
         int requestCode;
-        int callingPid = DEFAULT_CALLING_UID;
-        int callingUid = DEFAULT_CALLING_PID;
+        int callingPid = DEFAULT_CALLING_PID;
+        int callingUid = DEFAULT_CALLING_UID;
         String callingPackage;
-        int realCallingPid;
-        int realCallingUid;
+        int realCallingPid = Request.DEFAULT_REAL_CALLING_PID;
+        int realCallingUid = Request.DEFAULT_REAL_CALLING_UID;
         int startFlags;
         SafeActivityOptions activityOptions;
         boolean ignoreTargetSecurity;
@@ -352,8 +354,8 @@ class ActivityStarter {
             callingPid = DEFAULT_CALLING_PID;
             callingUid = DEFAULT_CALLING_UID;
             callingPackage = null;
-            realCallingPid = 0;
-            realCallingUid = 0;
+            realCallingPid = Request.DEFAULT_REAL_CALLING_PID;
+            realCallingUid = Request.DEFAULT_REAL_CALLING_UID;
             startFlags = 0;
             activityOptions = null;
             ignoreTargetSecurity = false;
@@ -368,7 +370,7 @@ class ActivityStarter {
             mayWait = false;
             avoidMoveToFront = false;
             allowPendingRemoteAnimationRegistryLookup = true;
-            filterCallingUid = UserHandle.USER_NULL;
+            filterCallingUid = DEFAULT_REAL_CALLING_UID;
         }
 
         /**
@@ -484,7 +486,8 @@ class ActivityStarter {
             // for transactional diffs and preprocessing.
             if (mRequest.mayWait) {
                 return startActivityMayWait(mRequest.caller, mRequest.callingUid,
-                        mRequest.callingPackage, mRequest.intent, mRequest.resolvedType,
+                        mRequest.callingPackage, mRequest.realCallingPid, mRequest.realCallingUid,
+                        mRequest.intent, mRequest.resolvedType,
                         mRequest.voiceSession, mRequest.voiceInteractor, mRequest.resultTo,
                         mRequest.resultWho, mRequest.requestCode, mRequest.startFlags,
                         mRequest.profilerInfo, mRequest.waitResult, mRequest.globalConfig,
@@ -943,7 +946,8 @@ class ActivityStarter {
     }
 
     private int startActivityMayWait(IApplicationThread caller, int callingUid,
-            String callingPackage, Intent intent, String resolvedType,
+            String callingPackage, int requestRealCallingPid, int requestRealCallingUid,
+            Intent intent, String resolvedType,
             IVoiceInteractionSession voiceSession, IVoiceInteractor voiceInteractor,
             IBinder resultTo, String resultWho, int requestCode, int startFlags,
             ProfilerInfo profilerInfo, WaitResult outResult,
@@ -957,8 +961,12 @@ class ActivityStarter {
         mSupervisor.getActivityMetricsLogger().notifyActivityLaunching();
         boolean componentSpecified = intent.getComponent() != null;
 
-        final int realCallingPid = Binder.getCallingPid();
-        final int realCallingUid = Binder.getCallingUid();
+        final int realCallingPid = requestRealCallingPid != Request.DEFAULT_REAL_CALLING_PID
+                                   ? requestRealCallingPid
+                                   : Binder.getCallingPid();
+        final int realCallingUid = requestRealCallingUid != Request.DEFAULT_REAL_CALLING_UID
+                                   ? requestRealCallingUid
+                                   : Binder.getCallingUid();
 
         int callingPid;
         if (callingUid >= 0) {
@@ -1185,7 +1193,7 @@ class ActivityStarter {
      */
     static int computeResolveFilterUid(int customCallingUid, int actualCallingUid,
             int filterCallingUid) {
-        return filterCallingUid != UserHandle.USER_NULL
+        return filterCallingUid != Request.DEFAULT_REAL_CALLING_UID
                 ? filterCallingUid
                 : (customCallingUid >= 0 ? customCallingUid : actualCallingUid);
     }
diff --git a/services/core/java/com/android/server/am/PendingIntentRecord.java b/services/core/java/com/android/server/am/PendingIntentRecord.java
index e0aa2a261b3c..f09709d4a6ef 100644
--- a/services/core/java/com/android/server/am/PendingIntentRecord.java
+++ b/services/core/java/com/android/server/am/PendingIntentRecord.java
@@ -344,8 +344,8 @@ final class PendingIntentRecord extends IIntentSender.Stub {
                                 allResolvedTypes[allResolvedTypes.length-1] = resolvedType;
 
                                 res = owner.getActivityStartController().startActivitiesInPackage(
-                                        uid, key.packageName, allIntents, allResolvedTypes,
-                                        resultTo, mergedOptions, userId,
+                                        uid, callingPid, callingUid, key.packageName, allIntents,
+                                        allResolvedTypes, resultTo, mergedOptions, userId,
                                         false /* validateIncomingUser */);
                             } else {
                                 res = owner.getActivityStartController().startActivityInPackage(uid,