2024-08-17 08:35:02 -04:00
|
|
|
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
2024-08-16 19:39:52 -04:00
|
|
|
From: Nan Wu <wnan@google.com>
|
|
|
|
Date: Tue, 30 Apr 2024 17:20:29 +0000
|
|
|
|
Subject: [PATCH] RESTRICT AUTOMERGE Backport preventing BAL bypass via bound
|
|
|
|
service
|
|
|
|
|
|
|
|
Apply similar fix for WallpaperService to TextToSpeech Service,
|
|
|
|
Job Service, Print Service, Sync Service and MediaRoute2Provider Service
|
|
|
|
|
|
|
|
Bug: 232798473, 232798676, 336490997
|
|
|
|
Test: Manual test. BackgroundActivityLaunchTest
|
|
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8fdf4a345e140eba9b4e736d24ab95c67c55a247)
|
|
|
|
Merged-In: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80
|
|
|
|
Change-Id: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80
|
|
|
|
---
|
|
|
|
.../service/java/com/android/server/job/JobServiceContext.java | 2 +-
|
|
|
|
services/core/java/com/android/server/content/SyncManager.java | 3 ++-
|
|
|
|
.../android/server/media/MediaRoute2ProviderServiceProxy.java | 3 ++-
|
|
|
|
.../java/com/android/server/print/RemotePrintService.java | 3 ++-
|
|
|
|
4 files changed, 7 insertions(+), 4 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java b/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java
|
2024-08-17 08:35:02 -04:00
|
|
|
index 565ed959aeb4..51ffc7f9379c 100644
|
2024-08-16 19:39:52 -04:00
|
|
|
--- a/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java
|
|
|
|
+++ b/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java
|
2024-08-17 08:35:02 -04:00
|
|
|
@@ -252,7 +252,7 @@ public final class JobServiceContext implements ServiceConnection {
|
2024-08-16 19:39:52 -04:00
|
|
|
try {
|
|
|
|
binding = mContext.bindServiceAsUser(intent, this,
|
|
|
|
Context.BIND_AUTO_CREATE | Context.BIND_NOT_FOREGROUND
|
|
|
|
- | Context.BIND_NOT_PERCEPTIBLE,
|
|
|
|
+ | Context.BIND_NOT_PERCEPTIBLE | Context.BIND_DENY_ACTIVITY_STARTS,
|
|
|
|
UserHandle.of(job.getUserId()));
|
|
|
|
} catch (SecurityException e) {
|
|
|
|
// Some permission policy, for example INTERACT_ACROSS_USERS and
|
|
|
|
diff --git a/services/core/java/com/android/server/content/SyncManager.java b/services/core/java/com/android/server/content/SyncManager.java
|
2024-08-17 08:35:02 -04:00
|
|
|
index ec12a971e445..7ce610426237 100644
|
2024-08-16 19:39:52 -04:00
|
|
|
--- a/services/core/java/com/android/server/content/SyncManager.java
|
|
|
|
+++ b/services/core/java/com/android/server/content/SyncManager.java
|
|
|
|
@@ -221,7 +221,8 @@ public class SyncManager {
|
|
|
|
|
|
|
|
/** Flags used when connecting to a sync adapter service */
|
|
|
|
private static final int SYNC_ADAPTER_CONNECTION_FLAGS = Context.BIND_AUTO_CREATE
|
|
|
|
- | Context.BIND_NOT_FOREGROUND | Context.BIND_ALLOW_OOM_MANAGEMENT;
|
|
|
|
+ | Context.BIND_NOT_FOREGROUND | Context.BIND_ALLOW_OOM_MANAGEMENT
|
|
|
|
+ | Context.BIND_DENY_ACTIVITY_STARTS;
|
|
|
|
|
|
|
|
/** Singleton instance. */
|
|
|
|
@GuardedBy("SyncManager.class")
|
|
|
|
diff --git a/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java b/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java
|
2024-08-17 08:35:02 -04:00
|
|
|
index ab38dca2387d..66502179ba89 100644
|
2024-08-16 19:39:52 -04:00
|
|
|
--- a/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java
|
|
|
|
+++ b/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java
|
2024-08-17 08:35:02 -04:00
|
|
|
@@ -224,7 +224,8 @@ final class MediaRoute2ProviderServiceProxy extends MediaRoute2Provider
|
2024-08-16 19:39:52 -04:00
|
|
|
service.setComponent(mComponentName);
|
|
|
|
try {
|
|
|
|
mBound = mContext.bindServiceAsUser(service, this,
|
|
|
|
- Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE,
|
|
|
|
+ Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE
|
|
|
|
+ | Context.BIND_DENY_ACTIVITY_STARTS,
|
|
|
|
new UserHandle(mUserId));
|
|
|
|
if (!mBound && DEBUG) {
|
|
|
|
Slog.d(TAG, this + ": Bind failed");
|
|
|
|
diff --git a/services/print/java/com/android/server/print/RemotePrintService.java b/services/print/java/com/android/server/print/RemotePrintService.java
|
2024-08-17 08:35:02 -04:00
|
|
|
index 502cd2c60f4a..702ddbb9f912 100644
|
2024-08-16 19:39:52 -04:00
|
|
|
--- a/services/print/java/com/android/server/print/RemotePrintService.java
|
|
|
|
+++ b/services/print/java/com/android/server/print/RemotePrintService.java
|
2024-08-17 08:35:02 -04:00
|
|
|
@@ -572,7 +572,8 @@ final class RemotePrintService implements DeathRecipient {
|
2024-08-16 19:39:52 -04:00
|
|
|
|
|
|
|
boolean wasBound = mContext.bindServiceAsUser(mIntent, mServiceConnection,
|
|
|
|
Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE
|
|
|
|
- | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT,
|
|
|
|
+ | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT
|
|
|
|
+ | Context.BIND_DENY_ACTIVITY_STARTS,
|
|
|
|
new UserHandle(mUserId));
|
|
|
|
|
|
|
|
if (!wasBound) {
|