Tavi 40f1367bdc
17.1: September 2024 ASB work
Signed-off-by: Tavi <tavi@divested.dev>
2024-09-15 13:08:03 -04:00

62 lines
3.5 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Nan Wu <wnan@google.com>
Date: Tue, 30 Apr 2024 17:20:29 +0000
Subject: [PATCH] RESTRICT AUTOMERGE Backport preventing BAL bypass via bound
service
Apply similar fix for WallpaperService to TextToSpeech Service,
Job Service, Print Service, Sync Service and MediaRoute2Provider Service
Bug: 232798473, 232798676, 336490997
Test: Manual test. BackgroundActivityLaunchTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8fdf4a345e140eba9b4e736d24ab95c67c55a247)
Merged-In: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80
Change-Id: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80
---
services/core/java/com/android/server/content/SyncManager.java | 3 ++-
.../core/java/com/android/server/job/JobServiceContext.java | 2 +-
.../java/com/android/server/print/RemotePrintService.java | 3 ++-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/services/core/java/com/android/server/content/SyncManager.java b/services/core/java/com/android/server/content/SyncManager.java
index fa8c48bdc7f7..586a9304e3e2 100644
--- a/services/core/java/com/android/server/content/SyncManager.java
+++ b/services/core/java/com/android/server/content/SyncManager.java
@@ -217,7 +217,8 @@ public class SyncManager {
/** Flags used when connecting to a sync adapter service */
private static final int SYNC_ADAPTER_CONNECTION_FLAGS = Context.BIND_AUTO_CREATE
- | Context.BIND_NOT_FOREGROUND | Context.BIND_ALLOW_OOM_MANAGEMENT;
+ | Context.BIND_NOT_FOREGROUND | Context.BIND_ALLOW_OOM_MANAGEMENT
+ | Context.BIND_DENY_ACTIVITY_STARTS;
/** Singleton instance. */
@GuardedBy("SyncManager.class")
diff --git a/services/core/java/com/android/server/job/JobServiceContext.java b/services/core/java/com/android/server/job/JobServiceContext.java
index 5ca628f6daa2..dd598ced4cb2 100644
--- a/services/core/java/com/android/server/job/JobServiceContext.java
+++ b/services/core/java/com/android/server/job/JobServiceContext.java
@@ -251,7 +251,7 @@ public final class JobServiceContext implements ServiceConnection {
try {
binding = mContext.bindServiceAsUser(intent, this,
Context.BIND_AUTO_CREATE | Context.BIND_NOT_FOREGROUND
- | Context.BIND_NOT_PERCEPTIBLE,
+ | Context.BIND_NOT_PERCEPTIBLE | Context.BIND_DENY_ACTIVITY_STARTS,
UserHandle.of(job.getUserId()));
} catch (SecurityException e) {
// Some permission policy, for example INTERACT_ACROSS_USERS and
diff --git a/services/print/java/com/android/server/print/RemotePrintService.java b/services/print/java/com/android/server/print/RemotePrintService.java
index 502cd2c60f4a..702ddbb9f912 100644
--- a/services/print/java/com/android/server/print/RemotePrintService.java
+++ b/services/print/java/com/android/server/print/RemotePrintService.java
@@ -572,7 +572,8 @@ final class RemotePrintService implements DeathRecipient {
boolean wasBound = mContext.bindServiceAsUser(mIntent, mServiceConnection,
Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE
- | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT,
+ | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT
+ | Context.BIND_DENY_ACTIVITY_STARTS,
new UserHandle(mUserId));
if (!wasBound) {