diff options
| author | Martijn Coenen <maco@google.com> | 2021-04-26 08:33:37 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2021-04-26 08:33:37 +0000 |
| commit | 28acefc8ee1d91f5de80c41636b29ac476596a3b (patch) | |
| tree | 1878cda60dde7eb099b50bdb65704a0b40ec74eb | |
| parent | 5b6127dffbdab075fbabf150aa2497244aedf7e7 (diff) | |
| parent | 7ced33fef8972c8d34358e3a08e5ecd667647f40 (diff) | |
Merge "Only allow the system to bind to the hotword detection service." into sc-dev
| -rw-r--r-- | services/core/java/com/android/server/am/ActiveServices.java | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java index c7994c36d7d8..37f71ca88b2b 100644 --- a/services/core/java/com/android/server/am/ActiveServices.java +++ b/services/core/java/com/android/server/am/ActiveServices.java @@ -70,6 +70,7 @@ import static com.android.server.am.ActivityManagerDebugConfig.POSTFIX_SERVICE_E import static com.android.server.am.ActivityManagerDebugConfig.TAG_AM; import static com.android.server.am.ActivityManagerDebugConfig.TAG_WITH_CLASS_NAME; +import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UptimeMillisLong; @@ -3078,6 +3079,18 @@ public final class ActiveServices { + ", uid=" + callingUid + " requires " + r.permission); return new ServiceLookupResult(null, r.permission); + } else if (Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission) + && callingUid != Process.SYSTEM_UID) { + // Hotword detection must run in its own sandbox, and we don't even trust + // its enclosing application to bind to it - only the system. + // TODO(b/185746653) remove this special case and generalize + Slog.w(TAG, "Permission Denial: Accessing service " + r.shortInstanceName + + " from pid=" + callingPid + + ", uid=" + callingUid + + " requiring permission " + r.permission + + " can only be bound to from the system."); + return new ServiceLookupResult(null, "can only be bound to " + + "by the system."); } else if (r.permission != null && callingPackage != null) { final int opCode = AppOpsManager.permissionToOpCode(r.permission); if (opCode != AppOpsManager.OP_NONE && mAm.getAppOpsManager().checkOpNoThrow( |