From 89e46e2e31eee53248bcf91dbb9a87a5ddd8de19 Mon Sep 17 00:00:00 2001
From: Evan Rosky <erosky@google.com>
Date: Wed, 3 Aug 2022 18:08:32 +0000
Subject: Revert "Strip transition information from activityoptions once it is
 read."

This reverts commit 0b3ad39abf059b3e6e3088ab9d3ac6c43c29a2d5.

Reason for revert: Broke NexusLauncherTests:MemoryTests

Change-Id: Ibc8e9f516054f017e9db2e5608cf6806531ab554
(cherry picked from commit d1b32da8453c931099038e9f5c48793c9dcfa722)
Merged-In: Ibc8e9f516054f017e9db2e5608cf6806531ab554
---
 core/java/android/app/ActivityOptions.java                   | 5 -----
 services/core/java/com/android/server/wm/ActivityRecord.java | 3 ---
 2 files changed, 8 deletions(-)

diff --git a/core/java/android/app/ActivityOptions.java b/core/java/android/app/ActivityOptions.java
index 4e426720ab03..d6441a2b629b 100644
--- a/core/java/android/app/ActivityOptions.java
+++ b/core/java/android/app/ActivityOptions.java
@@ -1441,11 +1441,6 @@ public class ActivityOptions extends ComponentOptions {
         return mRemoteTransition;
     }
 
-    /** @hide */
-    public void setRemoteTransition(@Nullable RemoteTransition remoteTransition) {
-        mRemoteTransition = remoteTransition;
-    }
-
     /** @hide */
     public static ActivityOptions fromBundle(Bundle bOptions) {
         return bOptions != null ? new ActivityOptions(bOptions) : null;
diff --git a/services/core/java/com/android/server/wm/ActivityRecord.java b/services/core/java/com/android/server/wm/ActivityRecord.java
index 6e7e31ad05c5..4f222a4f8b83 100644
--- a/services/core/java/com/android/server/wm/ActivityRecord.java
+++ b/services/core/java/com/android/server/wm/ActivityRecord.java
@@ -4666,9 +4666,6 @@ final class ActivityRecord extends WindowToken implements WindowManagerService.A
             mPendingRemoteAnimation = options.getRemoteAnimationAdapter();
         }
         mPendingRemoteTransition = options.getRemoteTransition();
-        // Since options gets sent to client apps, remove transition information from it.
-        options.setRemoteTransition(null);
-        options.setRemoteAnimationAdapter(null);
     }
 
     void applyOptionsAnimation() {
-- 
cgit v1.2.3


From d971fd460021865208b7714042516597cd63c4a4 Mon Sep 17 00:00:00 2001
From: Evan Rosky <erosky@google.com>
Date: Wed, 3 Aug 2022 11:48:33 -0700
Subject: Strip transition information from activityoptions when sent to app

The implementation of shared-element transitions takes the
ActivityOptions from the calling activity and sends them to
another activity. This means that any sensitive information
passed into ActivityManager via ActivityOptions can make its
way to an unrelated app. Recently a RemoteTransition object
was added which includes some sensitive information.

This CL strips the sensitive information from the activity
options before sending it to anonther app.

Bug: 237290578
Test: atest ActivityManagerTest#testActivityManager_stripTransitionFromActivityOptions
Change-Id: Ifa08fc195698f02bf70ca386178c67f6ba4a14ea
(cherry picked from commit 0d03e6f1fc66fefb5409ac93ff49fa922f81664c)
Merged-In: Ifa08fc195698f02bf70ca386178c67f6ba4a14ea
---
 core/java/android/app/ActivityOptions.java                   | 5 +++++
 services/core/java/com/android/server/wm/ActivityRecord.java | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/core/java/android/app/ActivityOptions.java b/core/java/android/app/ActivityOptions.java
index d6441a2b629b..4e426720ab03 100644
--- a/core/java/android/app/ActivityOptions.java
+++ b/core/java/android/app/ActivityOptions.java
@@ -1441,6 +1441,11 @@ public class ActivityOptions extends ComponentOptions {
         return mRemoteTransition;
     }
 
+    /** @hide */
+    public void setRemoteTransition(@Nullable RemoteTransition remoteTransition) {
+        mRemoteTransition = remoteTransition;
+    }
+
     /** @hide */
     public static ActivityOptions fromBundle(Bundle bOptions) {
         return bOptions != null ? new ActivityOptions(bOptions) : null;
diff --git a/services/core/java/com/android/server/wm/ActivityRecord.java b/services/core/java/com/android/server/wm/ActivityRecord.java
index 4f222a4f8b83..026e5d286630 100644
--- a/services/core/java/com/android/server/wm/ActivityRecord.java
+++ b/services/core/java/com/android/server/wm/ActivityRecord.java
@@ -4884,8 +4884,12 @@ final class ActivityRecord extends WindowToken implements WindowManagerService.A
     ActivityOptions takeOptions() {
         if (DEBUG_TRANSITION) Slog.i(TAG, "Taking options for " + this + " callers="
                 + Debug.getCallers(6));
+        if (mPendingOptions == null) return null;
         final ActivityOptions opts = mPendingOptions;
         mPendingOptions = null;
+        // Strip sensitive information from options before sending it to app.
+        opts.setRemoteTransition(null);
+        opts.setRemoteAnimationAdapter(null);
         return opts;
     }
 
-- 
cgit v1.2.3