Skip to content
Commit f365d3a8 authored by Charles Chen's avatar Charles Chen
Browse files

Limit Activity taskAffinity to application uid 

Currently, activities with same affinity will be in the same task even
if they don't have the same uid. As a result, malicious apps may set
the same task affinity with attacked app, and hijack intents to get
permissions.
This patch limits activity task affinity to application uid. Activities
must have the same task affinity and uid to be in the same task.

fixes: 139128211
fixes: 144435022
Bug: 35954083
Test: test attacker with steps in attached video from b/139128211#comment9
Test: atest ActivityTaskAffinityTests
Change-Id: I4f1ab7e132f850a7ff8d207f927d862644513bde
parent b3913509
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment