Due to a race condition with activity task stack broadcasts, it's
currently possible for fingerprint authentication to succeed for a
non-top activity. This means, for example, that a malicious overlay
could be drawn in order to mislead the user about what they are
authenticating for.
This commit addresses the issue by adding a check to the fingerprint
authentication client interface that ensures the authenticating
activity is on top at the time of authentication. Otherwise, the
pending authentication will fail, as if an incorrect biometric
been presented.
Test: Follow steps from b/159249069:
1. Install com.pro100svitlo.fingerprintauthdemo from the Play store.
2. Install the PoC attack app from b/159249069.
3. Start the PoC attack app and press the "Launch PoC attack" button.
4. Use fingerprint to authenticate while the overlay is showing.
Before: Authentication succeeds, and a new activity is launched.
After: Authentication fails, and no new activity is launched.
Bug: 159249069
Change-Id: I0707c3f55eaf2a69c6625a3ceb3b5626b3676b26
Merged-In: If5cdf8ffaf3aa7d8a1ac81272e3bfb2cc7cdddf1
Merged-In: Iee6af379515385777984da55048c1efd9339ed88
Merged-In: I9b242a9fee0acbfb430875061e2d809c00fe4b97
Merged-In: I1241a12eafa0bdbac59a8ddd4cf6a0637d467b19
Merged-In: Ie5a0f8c3e9b92d348a78678a6ed192d440c45ffc
Merged-In: I289d67e5c7055ed60f7a96725c523d07cd047b23
Do not set referrerUri on SessionInfo for non-owners
This change leaves the referrerUri field null when the caller leading to
its production is not the owner of the session.
Bug: 142125338
Test: Manual via test app in related bug
Change-Id: I84679ea0636aa2097e25e23813c48134c9cc1d75
Bug: 160390416
Test: verified command still works from shell
Change-Id: I23bb06e00f1623e4f27c02d7eb2c0d273b40771b
(cherry picked from commit 0354261197)
Merged-In: I23bb06e00f1623e4f27c02d7eb2c0d273b40771b
Bug: 160390416
Test: verified command still works from shell
Change-Id: I23bb06e00f1623e4f27c02d7eb2c0d273b40771b
(cherry picked from commit 0354261197)
Merged-In: I23bb06e00f1623e4f27c02d7eb2c0d273b40771b
Re-run app link verification at update time only when the set of hosts
has expanded. Intentionally revoke verify history when an app stops
using autoVerify, as a one-time measure to place it back into the
non-autoverify model for tracking the user's launch preferences. If the
app starts using autoVerify again later, it behaves identically to an
app that has never done so before.
Bug: 151475497
Bug: 146204120
Test: described on master CL
Merged-In: I200d85085ce79842a3ed39377d1f75ec381c8991
Merged-In: Ibaf087946966ad82d60c7b255e3ee75990716b63
Change-Id: Ibaf087946966ad82d60c7b255e3ee75990716b63
Re-run app link verification at update time only when the set of hosts
has expanded. Intentionally revoke verify history when an app stops
using autoVerify, as a one-time measure to place it back into the
non-autoverify model for tracking the user's launch preferences. If the
app starts using autoVerify again later, it behaves identically to an
app that has never done so before.
Bug: 151475497
Bug: 146204120
Test: described on master CL
Merged-In: I200d85085ce79842a3ed39377d1f75ec381c8991
Change-Id: Ibaf087946966ad82d60c7b255e3ee75990716b63
Without this check, any package can set the installer package of
another package whose installer has been removed or was never set.
This provides access to other privileged actions and is undesired.
Bug: 150857253
Test: manual verify with proof of concept in linked bug
Test: atest android.appsecurity.cts.PackageSetInstallerTest
Change-Id: I2159c357911ff39ffd819054b42f96ae86bc98bc
Without this check, any package can set the installer package of
another package whose installer has been removed or was never set.
This provides access to other privileged actions and is undesired.
Bug: 150857253
Test: manual verify with proof of concept in linked bug
Test: atest android.appsecurity.cts.PackageSetInstallerTest
Change-Id: I2159c357911ff39ffd819054b42f96ae86bc98bc
This change is the union of
I2aaab1903dee54190338f7b6e49888aa51437108 and I58834636e092f992e403342e36b475dc60e8f20ai
Original CL descriptions:
*** I2aaab1903dee54190338f7b6e49888aa51437108
Block TYPE_PRESENTATION windows on default display
... and any other display that isn't considered a public presentation
display, as per Display.isPublicPresentation()
*** I58834636e092f992e403342e36b475dc60e8f20a
Use TYPE_PRIVATE_PRESENTATION for private presentations
Detect if the Presenation is targeting a private virtual display, and if they
are use the windowType TYPE_PRIVATE_PRESENTATION.
***
Bug: 141745510
Test: cts-tradefed run cts -m CtsDisplayTestCases -t android.display.cts.VirtualDisplayTest
Test: Manually verfied that presentations are blocked on main display
Change-Id: I67c79c84ec2adfcdaf3b0f7bc7f0f41d30618e85
This change is the union of
I2aaab1903dee54190338f7b6e49888aa51437108 and I58834636e092f992e403342e36b475dc60e8f20ai
Original CL descriptions:
*** I2aaab1903dee54190338f7b6e49888aa51437108
Block TYPE_PRESENTATION windows on default display
... and any other display that isn't considered a public presentation
display, as per Display.isPublicPresentation()
*** I58834636e092f992e403342e36b475dc60e8f20a
Use TYPE_PRIVATE_PRESENTATION for private presentations
Detect if the Presenation is targeting a private virtual display, and if they
are use the windowType TYPE_PRIVATE_PRESENTATION.
***
Bug: 141745510
Test: cts-tradefed run cts -m CtsDisplayTestCases -t android.display.cts.VirtualDisplayTest
Test: Manually verfied that presentations are blocked on main display
Change-Id: I9f1c4b140ab4bc6183151aafc5501e8648fbc3fa
This reverts commit 0bb93d4b1c.
Reason for revert: Breaks apps using Presentation in combination with private virtual displays
Bug: 141745510
Change-Id: I6673946137d6b12fa725e6df1c936068dedc3787
This reverts commit 7d4adf4d46.
Reason for revert: Breaks apps using Presentation in combination with private virtual displays
Bug: 141745510
Change-Id: I15ded4f1a7cf152e331c853c128c91db173f3cd7
As WindowState#startAnimation for restricting window animation duration
(currently is 10 secs),
For security reason, we also need to restrict app transition animation
duration as 3 secs to prevent malicious app may set a long duration or
infinity repeat counts through ActivityOption#makeCustomAnimation or
Activity#overridePendingTransition with custom animation set.
Bug: 145728687
Test: manual as issue provided test app
Change-Id: I39051d6e4d2b681ce2becbafe14aab3f3d8ebf6b
Even if an <intent-filter> matches non-web schemes in addition to http
or https, make sure to include its cited hosts in the autoVerify
evaluation.
Bug: 150038428
Test: atest OsHostTests#testIntentFilterHostValidation
Change-Id: If9ef0fc53d96e6581c56d86f89fe63bc9a5fb89a
Merged-In: If9ef0fc53d96e6581c56d86f89fe63bc9a5fb89a
(cherry picked from commit 1fba0f897f)
Even if an <intent-filter> matches non-web schemes in addition to http
or https, make sure to include its cited hosts in the autoVerify
evaluation.
Bug: 150038428
Test: atest OsHostTests#testIntentFilterHostValidation
Change-Id: If9ef0fc53d96e6581c56d86f89fe63bc9a5fb89a
Merged-In: If9ef0fc53d96e6581c56d86f89fe63bc9a5fb89a
(cherry picked from commit 1fba0f897f)
This reverts commit 6cf5f92825.
Reason for revert: Inadvertently broke link handling stickiness even for well behaved apps
Bug: 146204120
Test: install app that handles web urls; set to 'always' in Settings;
install same apk again. Verify that app is still in 'always' state via
'adb shell dumpsys package d'
Merged-In: I2b108064794b961904811c5d9f54c37dd2c7f482
Merged-In: If9046cb420961b8ef0333e9f1115eb69fb92242e
Change-Id: I03a121c0c1284c965bb87ee426eb0376681cf7d8
Originally, if the caller of navigateUpTo is alive, even the calling
uid is set to the caller who launched the existing destination activity,
the uid from caller process has higher priority to replace the given
calling uid. So this change doesn't modify the existing behavior if
the caller process is valid. Besides, the case of delivering new intent
uses the source record as calling identity too, so the case of starting
new activity should be consistent.
Also forbid attaching null application thread to avoid unexpected state
in process record.
Bug: 144285917
Test: bit FrameworksServicesTests:ActivityStackTests
Test: bit CtsSecurityTestCases:ActivityManagerTest# \
testActivityManager_attachNullApplication
Merged-In: I60732f430256d37cb926d08d093581f051c4afed
Change-Id: I60732f430256d37cb926d08d093581f051c4afed
