Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 35f00436 authored by Piotr Pawliczek's avatar Piotr Pawliczek
Browse files

Do not use BIND_INCLUDE_CAPABILITIES when bind PrintService 

The BIND_INCLUDE_CAPABILITIES binding flag is used when a print service
is bound by system_server. As a result, all permissions are passed down
to the service, which is a security vulnerability. This patch adds
a new flag do_not_include_capabilities that controls this behavior.

Bug: 291281543
Test: build and run on Akita
Flag: com.android.server.print.do_not_include_capabilities
Change-Id: I9b2484fc5caa1681bbd80ada9200a01317fc22e9
parent 58c73246

services/print/Android.bp

+13 −0
Original line number Diff line number Diff line
@@ -18,8 +18,21 @@ java_library_static { 
    name: "services.print",

    defaults: ["platform_service_defaults"],

    srcs: [":services.print-sources"],

    static_libs: ["print_flags_lib"],

    libs: ["services.core"],

    lint: {

        baseline_filename: "lint-baseline.xml",

    },

}



aconfig_declarations {

    name: "print_flags",

    package: "com.android.server.print",

    container: "system",

    srcs: ["**/flags.aconfig"],

}



java_aconfig_library {

    name: "print_flags_lib",

    aconfig_declarations: "print_flags",

}

services/print/java/com/android/server/print/RemotePrintService.java

+2 −1
Original line number Diff line number Diff line
@@ -572,7 +572,8 @@ final class RemotePrintService implements DeathRecipient { 


        boolean wasBound = mContext.bindServiceAsUser(mIntent, mServiceConnection,

                Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE

                        | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT,

                        | (Flags.doNotIncludeCapabilities() ? 0 : Context.BIND_INCLUDE_CAPABILITIES)

                        | Context.BIND_ALLOW_INSTANT,

                new UserHandle(mUserId));



        if (!wasBound) {

services/print/java/com/android/server/print/flags.aconfig

0 → 100644
+9 −0
Original line number Diff line number Diff line 
package: "com.android.server.print"

container: "system"



flag {

    name: "do_not_include_capabilities"

    namespace: "print"

    description: "Do not use the flag Context.BIND_INCLUDE_CAPABILITIES when binding to the service"

    bug: "291281543"

}