diff options
| author | Adam He <adamhe@google.com> | 2019-10-15 12:52:28 -0700 |
|---|---|---|
| committer | Adam He <adamhe@google.com> | 2019-10-15 12:52:28 -0700 |
| commit | ffa36ff8fa81c94cadd93de341bc2ddfc93bc3b1 (patch) | |
| tree | 53a918ed2e88bc7e893b16e333ad6ec1a8124933 | |
| parent | 4252183449824d77f5c4035e8c12bf504619a5b1 (diff) | |
Prevent content capture sessions starting if a non-default service
requests it on an activity not in its own UID.
Fixes: 142284417
Test: manual verification
Change-Id: I9e217e0087e2e7741a2713c25ca26264eae618e7
| -rw-r--r-- | services/contentcapture/java/com/android/server/contentcapture/ContentCaptureManagerService.java | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/services/contentcapture/java/com/android/server/contentcapture/ContentCaptureManagerService.java b/services/contentcapture/java/com/android/server/contentcapture/ContentCaptureManagerService.java index c8dbb363bc36..27824afb8d46 100644 --- a/services/contentcapture/java/com/android/server/contentcapture/ContentCaptureManagerService.java +++ b/services/contentcapture/java/com/android/server/contentcapture/ContentCaptureManagerService.java @@ -18,11 +18,13 @@ package com.android.server.contentcapture; import static android.Manifest.permission.MANAGE_CONTENT_CAPTURE; import static android.content.Context.CONTENT_CAPTURE_MANAGER_SERVICE; +import static android.service.contentcapture.ContentCaptureService.setClientState; import static android.view.contentcapture.ContentCaptureHelper.toList; import static android.view.contentcapture.ContentCaptureManager.RESULT_CODE_FALSE; import static android.view.contentcapture.ContentCaptureManager.RESULT_CODE_OK; import static android.view.contentcapture.ContentCaptureManager.RESULT_CODE_SECURITY_EXCEPTION; import static android.view.contentcapture.ContentCaptureManager.RESULT_CODE_TRUE; +import static android.view.contentcapture.ContentCaptureSession.STATE_DISABLED; import static com.android.internal.util.SyncResultReceiver.bundleFor; @@ -520,6 +522,17 @@ public final class ContentCaptureManagerService extends return true; } + @GuardedBy("mLock") + private boolean isDefaultServiceLocked(int userId) { + final String defaultServiceName = mServiceNameResolver.getDefaultServiceName(userId); + if (defaultServiceName == null) { + return false; + } + + final String currentServiceName = mServiceNameResolver.getServiceName(userId); + return defaultServiceName.equals(currentServiceName); + } + @Override // from AbstractMasterSystemService protected void dumpLocked(String prefix, PrintWriter pw) { super.dumpLocked(prefix, pw); @@ -557,6 +570,10 @@ public final class ContentCaptureManagerService extends synchronized (mLock) { final ContentCapturePerUserService service = getServiceForUserLocked(userId); + if (!isDefaultServiceLocked(userId) && !isCalledByServiceLocked("startSession()")) { + setClientState(result, STATE_DISABLED, /* binder= */ null); + return; + } service.startSessionLocked(activityToken, activityPresentationInfo, sessionId, Binder.getCallingUid(), flags, result); } |