diff options
3 files changed, 36 insertions, 13 deletions
diff --git a/data/etc/privapp-permissions-platform.xml b/data/etc/privapp-permissions-platform.xml index 19332c73a9c1..8d4739dbc255 100644 --- a/data/etc/privapp-permissions-platform.xml +++ b/data/etc/privapp-permissions-platform.xml @@ -473,6 +473,7 @@ applications that come with the platform <permission name="android.permission.UPDATE_FONTS" /> <!-- Permission required for hotword detection service CTS tests --> <permission name="android.permission.MANAGE_HOTWORD_DETECTION" /> + <permission name="android.permission.BIND_HOTWORD_DETECTION_SERVICE" /> <permission name="android.permission.MANAGE_APP_HIBERNATION"/> <!-- Permission required for CTS test - ResourceObserverNativeTest --> <permission name="android.permission.REGISTER_MEDIA_RESOURCE_OBSERVER" /> diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml index 6e256c1dbf8b..d2947c648b0a 100644 --- a/packages/Shell/AndroidManifest.xml +++ b/packages/Shell/AndroidManifest.xml @@ -528,6 +528,7 @@ <!-- Permission required for hotword detection service CTS tests --> <uses-permission android:name="android.permission.MANAGE_HOTWORD_DETECTION" /> + <uses-permission android:name="android.permission.BIND_HOTWORD_DETECTION_SERVICE" /> <uses-permission android:name="android.permission.MANAGE_APP_HIBERNATION"/> diff --git a/services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerServiceImpl.java b/services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerServiceImpl.java index 9be1ac42d885..2206b0a61b9e 100644 --- a/services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerServiceImpl.java +++ b/services/voiceinteraction/java/com/android/server/voiceinteraction/VoiceInteractionManagerServiceImpl.java @@ -22,6 +22,7 @@ import static android.app.ActivityManager.START_VOICE_HIDDEN_SESSION; import static android.app.ActivityManager.START_VOICE_NOT_ACTIVE_SESSION; import static android.app.WindowConfiguration.ACTIVITY_TYPE_ASSISTANT; +import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.ActivityManager; @@ -36,7 +37,6 @@ import android.content.Context; import android.content.Intent; import android.content.IntentFilter; import android.content.ServiceConnection; -import android.content.pm.IPackageManager; import android.content.pm.PackageManager; import android.content.pm.ServiceInfo; import android.hardware.soundtrigger.IRecognitionStatusCallback; @@ -414,11 +414,31 @@ class VoiceInteractionManagerServiceImpl implements VoiceInteractionSessionConne Slog.w(TAG, "Hotword detection service name not found"); throw new IllegalStateException("Hotword detection service name not found"); } - if (!isIsolatedProcessLocked(mHotwordDetectionComponentName)) { + ServiceInfo hotwordDetectionServiceInfo = getServiceInfoLocked( + mHotwordDetectionComponentName, mUser); + if (hotwordDetectionServiceInfo == null) { + Slog.w(TAG, "Hotword detection service info not found"); + throw new IllegalStateException("Hotword detection service info not found"); + } + if (!isIsolatedProcessLocked(hotwordDetectionServiceInfo)) { Slog.w(TAG, "Hotword detection service not in isolated process"); throw new IllegalStateException("Hotword detection service not in isolated process"); } - // TODO : Need to check related permissions for hotword detection service + if (!Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals( + hotwordDetectionServiceInfo.permission)) { + Slog.w(TAG, "Hotword detection service does not require permission " + + Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE); + throw new SecurityException("Hotword detection service does not require permission " + + Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE); + } + if (mContext.getPackageManager().checkPermission( + Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE, + mInfo.getServiceInfo().packageName) == PackageManager.PERMISSION_GRANTED) { + Slog.w(TAG, "Voice interaction service should not hold permission " + + Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE); + throw new SecurityException("Voice interaction service should not hold permission " + + Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE); + } if (sharedMemory != null && !sharedMemory.setProtect(OsConstants.PROT_READ)) { Slog.w(TAG, "Can't set sharedMemory to be read-only"); @@ -522,23 +542,24 @@ class VoiceInteractionManagerServiceImpl implements VoiceInteractionSessionConne mHotwordDetectionConnection); } - boolean isIsolatedProcessLocked(ComponentName componentName) { - IPackageManager pm = AppGlobals.getPackageManager(); + private static ServiceInfo getServiceInfoLocked(@NonNull ComponentName componentName, + int userHandle) { try { - ServiceInfo serviceInfo = pm.getServiceInfo(componentName, + return AppGlobals.getPackageManager().getServiceInfo(componentName, PackageManager.GET_META_DATA | PackageManager.MATCH_DIRECT_BOOT_AWARE - | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, mUser); - if (serviceInfo != null) { - return (serviceInfo.flags & ServiceInfo.FLAG_ISOLATED_PROCESS) != 0 - && (serviceInfo.flags & ServiceInfo.FLAG_EXTERNAL_SERVICE) == 0; - } + | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userHandle); } catch (RemoteException e) { if (DEBUG) { - Slog.w(TAG, "isIsolatedProcess RemoteException : " + e); + Slog.w(TAG, "getServiceInfoLocked RemoteException : " + e); } } - return false; + return null; + } + + boolean isIsolatedProcessLocked(@NonNull ServiceInfo serviceInfo) { + return (serviceInfo.flags & ServiceInfo.FLAG_ISOLATED_PROCESS) != 0 + && (serviceInfo.flags & ServiceInfo.FLAG_EXTERNAL_SERVICE) == 0; } public void dumpLocked(FileDescriptor fd, PrintWriter pw, String[] args) { |