RESTRICT AUTOMERGE: Added an app id security check in isAppForeground.
ActivityManagerService#isAppForeground now checks if the caller has the
permission to view if an app is in the foreground.
Bug: 115384617
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.ActivityManagerTest#testIsAppInForegroundNormal
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.ActivityManagerTest#testIsAppInForegroundMalicious
Change-Id: I9602c89b2d40036e525c38960a08326dc74c6682
diff --git a/core/java/android/os/UserHandle.java b/core/java/android/os/UserHandle.java
index e8ebf63..f36cf1c 100644
--- a/core/java/android/os/UserHandle.java
+++ b/core/java/android/os/UserHandle.java
@@ -132,6 +132,19 @@
}
/**
+ * Whether a UID belongs to a system core component or not.
+ * @hide
+ */
+ public static boolean isCore(int uid) {
+ if (uid >= 0) {
+ final int appId = getAppId(uid);
+ return appId < Process.FIRST_APPLICATION_UID;
+ } else {
+ return false;
+ }
+ }
+
+ /**
* Returns the user for a given uid.
* @param uid A uid for an application running in a particular user.
* @return A {@link UserHandle} for that user.
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index c4a968e..a89015b 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -7846,6 +7846,14 @@
@Override
public boolean isAppForeground(int uid) throws RemoteException {
+ int callerUid = Binder.getCallingUid();
+ if (UserHandle.isCore(callerUid) || callerUid == uid) {
+ return isAppForegroundInternal(uid);
+ }
+ return false;
+ }
+
+ private boolean isAppForegroundInternal(int uid) {
synchronized (this) {
UidRecord uidRec = mActiveUids.get(uid);
if (uidRec == null || uidRec.idle) {