From 7a29413429971a6ca17ea01c2939c978fa2f4ff4 Mon Sep 17 00:00:00 2001
From: Bernardo Rufino <brufino@google.com>
Date: Thu, 29 Aug 2019 19:12:28 +0100
Subject: [PATCH] Don't consider tasks with INITIALIZING top activity as
 visible
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

To fix b/130645908, tasks with top activities in INITIALIZING state were
considered visible. This allowed apps to circumvent background activity
launch restriction by starting 2 activities when in a background stack.
The first activity will remain in INITIALIZING state (since it's in the
bg), so the second launch is permitted since top activity is
INITIALIZING.

Removing '|| topActivity.isState(INITIALIZING)' removes the
vulnerability and curiously still allow the legitimate use case of the
bug linked above to work, i.e. the test in ag/7088262 still passes. This
is because of 2 reasons:
1) Grace period introduced in ag/7638265.
2) Allow bg activity starts to put activity on top of bg task (instead of
   fg’ing it) in ag/7190176.

I verified (2) by removing the grace period check, reverting the linked
CL and verifying that the test failed.

This essentially reverts ag/7090415.

Test: atest BackgroundActivityLaunchTest \
          RootWindowContainerTests \
          WmTests:ActivityStarterTests \
          CtsWindowManagerDeviceTestCases:ActivityStarterTests
Bug: 138583650
Bug: 130645908
Change-Id: Iee4ba841c6c83888b55c5cb55fffc949048d2030
---
 .../com/android/server/wm/WindowProcessController.java | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/services/core/java/com/android/server/wm/WindowProcessController.java b/services/core/java/com/android/server/wm/WindowProcessController.java
index bc5e32823547a..a8f5d00219ba1 100644
--- a/services/core/java/com/android/server/wm/WindowProcessController.java
+++ b/services/core/java/com/android/server/wm/WindowProcessController.java
@@ -23,7 +23,6 @@ import static android.view.Display.INVALID_DISPLAY;
 import static com.android.server.am.ActivityManagerService.MY_PID;
 import static com.android.server.wm.ActivityStack.ActivityState.DESTROYED;
 import static com.android.server.wm.ActivityStack.ActivityState.DESTROYING;
-import static com.android.server.wm.ActivityStack.ActivityState.INITIALIZING;
 import static com.android.server.wm.ActivityStack.ActivityState.PAUSED;
 import static com.android.server.wm.ActivityStack.ActivityState.PAUSING;
 import static com.android.server.wm.ActivityStack.ActivityState.RESUMED;
@@ -546,14 +545,7 @@ public class WindowProcessController extends ConfigurationContainer<Configuratio
                 continue;
             }
             ActivityRecord topActivity = task.getTopActivity();
-            if (topActivity == null) {
-                continue;
-            }
-            // If an activity has just been started it will not yet be visible, but
-            // is expected to be soon. We treat this as if it were already visible.
-            // This ensures a subsequent activity can be started even before this one
-            // becomes visible.
-            if (topActivity.visible || topActivity.isState(INITIALIZING)) {
+            if (topActivity != null && topActivity.visible) {
                 return true;
             }
         }