Always require opt-in for root/system
If a process with lower target SDK shares UID with the system the compat
change turns off the feature and potentially compromises the security of
the whole system.
There are no occurences in droidfood that would be affected (see
go/bal-graph).
Test: atest BackgroundActivityLaunchTests
Bug: 296479164
Flag: EXEMPT bugfix
Change-Id: If33d799c20173f9909b606ebb60745adad46fc41
diff --git a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
index 207707e..ac2c886 100644
--- a/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
+++ b/services/core/java/com/android/server/wm/BackgroundActivityStartController.java
@@ -28,6 +28,7 @@
import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE;
import static android.os.Process.INVALID_PID;
import static android.os.Process.INVALID_UID;
+import static android.os.Process.ROOT_UID;
import static android.os.Process.SYSTEM_UID;
import static android.provider.DeviceConfig.NAMESPACE_WINDOW_MANAGER;
@@ -385,6 +386,10 @@
return BackgroundStartPrivileges.NONE;
case MODE_BACKGROUND_ACTIVITY_START_SYSTEM_DEFINED:
// no explicit choice by the app - let us decide what to do
+ if (callingUid == ROOT_UID || callingUid == SYSTEM_UID) {
+ // root and system must always opt in explicitly
+ return BackgroundStartPrivileges.NONE;
+ }
if (callingPackage != null) {
// determine based on the calling/creating package
boolean changeEnabled = CompatChanges.isChangeEnabled(
