Merge "Only allow the system to bind to the hotword detection service." into sc-dev am: 28acefc8ee (02287177) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ActiveServices.java

+13 −0

Original line number	Diff line number	Diff line
		@@ -70,6 +70,7 @@ import static com.android.server.am.ActivityManagerDebugConfig.POSTFIX_SERVICE_E
		import static com.android.server.am.ActivityManagerDebugConfig.TAG_AM;
		import static com.android.server.am.ActivityManagerDebugConfig.TAG_WITH_CLASS_NAME;

		import android.Manifest;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.UptimeMillisLong;
		@@ -3078,6 +3079,18 @@ public final class ActiveServices {
		+ ", uid=" + callingUid
		+ " requires " + r.permission);
		return new ServiceLookupResult(null, r.permission);
		} else if (Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission)
		&& callingUid != Process.SYSTEM_UID) {
		// Hotword detection must run in its own sandbox, and we don't even trust
		// its enclosing application to bind to it - only the system.
		// TODO(b/185746653) remove this special case and generalize
		Slog.w(TAG, "Permission Denial: Accessing service " + r.shortInstanceName
		+ " from pid=" + callingPid
		+ ", uid=" + callingUid
		+ " requiring permission " + r.permission
		+ " can only be bound to from the system.");
		return new ServiceLookupResult(null, "can only be bound to "
		+ "by the system.");
		} else if (r.permission != null && callingPackage != null) {
		final int opCode = AppOpsManager.permissionToOpCode(r.permission);
		if (opCode != AppOpsManager.OP_NONE && mAm.getAppOpsManager().checkOpNoThrow(