[RESTRICT AUTOMERGE]Only allow system and same app to apply relinquishTaskIdentity
Any malicious application could hijack tasks by
android:relinquishTaskIdentity. This vulnerability can perform UI
spoofing or spy on user’s activities.
This CL limit the usage which only allow system and same app to apply
relinquishTaskIdentity. Based on the condition of updateIdentity from
Task#setIntent, update the intent with the parent's task together to
align with original code logic. Moreover, we shouldn't save launch
params for such tasks with null realActivity.
Bug: 185810717
Bug: 218243793
Test: atest IntentTests
atest ActivityStarterTests
atest TaskRecordTests
atest testSplitscreenPortraitAppOrientationRequests
Change-Id: I42c671e66c39c82be1dcef1f374d56d4593f9f57
3 files changed