From 273eb0918adbc7cd410a583b0d25c518b9b1e35e Mon Sep 17 00:00:00 2001
From: Varun Shah <varunshah@google.com>
Date: Fri, 26 Oct 2018 17:03:23 -0700
Subject: [PATCH] RESTRICT AUTOMERGE: Added an app id security check in
 isAppForeground.

ActivityManagerService#isAppForeground now checks if the caller has the
permission to view if an app is in the foreground.

Bug: 115384617
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.ActivityManagerTest#testIsAppInForegroundNormal
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.ActivityManagerTest#testIsAppInForegroundMalicious
Change-Id: I9602c89b2d40036e525c38960a08326dc74c6682
---
 .../com/android/server/am/ActivityManagerService.java     | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index d1496513a3b51..08983b40d4751 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -8781,6 +8781,14 @@ public class ActivityManagerService extends IActivityManager.Stub
 
     @Override
     public boolean isAppForeground(int uid) {
+        int callerUid = Binder.getCallingUid();
+        if (UserHandle.isCore(callerUid) || callerUid == uid) {
+            return isAppForegroundInternal(uid);
+        }
+        return false;
+    }
+
+    private boolean isAppForegroundInternal(int uid) {
         synchronized (this) {
             UidRecord uidRec = mActiveUids.get(uid);
             if (uidRec == null || uidRec.idle) {