Loading core/java/android/content/Context.java +9 −0 Original line number Diff line number Diff line Loading @@ -336,6 +336,15 @@ public abstract class Context { */ public static final int BIND_ADJUST_BELOW_PERCEPTIBLE = 0x0100; /** * @hide Flag for {@link #bindService}: the service being bound to represents a * protected system component, so must have association restrictions applied to it. * That is, a system config must have one or more allow-association tags limiting * which packages it can interact with. If it does not have any such association * restrictions, a default empty set will be created. */ public static final int BIND_RESTRICT_ASSOCIATIONS = 0x00200000; /** * @hide Flag for {@link #bindService}: allows binding to a service provided * by an instant app. Note that the caller may not have access to the instant Loading services/core/java/com/android/server/am/ActiveServices.java +4 −0 Original line number Diff line number Diff line Loading @@ -1654,6 +1654,10 @@ public final class ActiveServices { } } if ((flags & Context.BIND_RESTRICT_ASSOCIATIONS) != 0) { mAm.requireAllowedAssociationsLocked(s.appInfo.packageName); } mAm.startAssociationLocked(callerApp.uid, callerApp.processName, callerApp.getCurProcState(), s.appInfo.uid, s.appInfo.longVersionCode, s.instanceName, s.processName); Loading services/core/java/com/android/server/am/ActivityManagerService.java +16 −1 Original line number Diff line number Diff line Loading @@ -2430,6 +2430,20 @@ public class ActivityManagerService extends IActivityManager.Stub return mBackgroundLaunchBroadcasts; } /** * Ensures that the given package name has an explicit set of allowed associations. * If it does not, give it an empty set. */ void requireAllowedAssociationsLocked(String packageName) { if (mAllowedAssociations == null) { mAllowedAssociations = new ArrayMap<>( SystemConfig.getInstance().getAllowedAssociations()); } if (mAllowedAssociations.get(packageName) == null) { mAllowedAssociations.put(packageName, new ArraySet<>()); } } /** * Returns true if the package {@code pkg1} running under user handle {@code uid1} is * allowed association with the package {@code pkg2} running under user handle {@code uid2}. Loading @@ -2438,7 +2452,8 @@ public class ActivityManagerService extends IActivityManager.Stub */ boolean validateAssociationAllowedLocked(String pkg1, int uid1, String pkg2, int uid2) { if (mAllowedAssociations == null) { mAllowedAssociations = SystemConfig.getInstance().getAllowedAssociations(); mAllowedAssociations = new ArrayMap<>( SystemConfig.getInstance().getAllowedAssociations()); } // Interactions with the system uid are always allowed, since that is the core system // that everyone needs to be able to interact with. Also allow reflexive associations Loading services/core/java/com/android/server/textclassifier/TextClassificationManagerService.java +2 −1 Original line number Diff line number Diff line Loading @@ -510,7 +510,8 @@ public final class TextClassificationManagerService extends ITextClassifierServi Slog.d(LOG_TAG, "Binding to " + serviceIntent.getComponent()); willBind = mContext.bindServiceAsUser( serviceIntent, mConnection, Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE, Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE | Context.BIND_RESTRICT_ASSOCIATIONS, UserHandle.of(mUserId)); mBinding = willBind; } finally { Loading Loading
core/java/android/content/Context.java +9 −0 Original line number Diff line number Diff line Loading @@ -336,6 +336,15 @@ public abstract class Context { */ public static final int BIND_ADJUST_BELOW_PERCEPTIBLE = 0x0100; /** * @hide Flag for {@link #bindService}: the service being bound to represents a * protected system component, so must have association restrictions applied to it. * That is, a system config must have one or more allow-association tags limiting * which packages it can interact with. If it does not have any such association * restrictions, a default empty set will be created. */ public static final int BIND_RESTRICT_ASSOCIATIONS = 0x00200000; /** * @hide Flag for {@link #bindService}: allows binding to a service provided * by an instant app. Note that the caller may not have access to the instant Loading
services/core/java/com/android/server/am/ActiveServices.java +4 −0 Original line number Diff line number Diff line Loading @@ -1654,6 +1654,10 @@ public final class ActiveServices { } } if ((flags & Context.BIND_RESTRICT_ASSOCIATIONS) != 0) { mAm.requireAllowedAssociationsLocked(s.appInfo.packageName); } mAm.startAssociationLocked(callerApp.uid, callerApp.processName, callerApp.getCurProcState(), s.appInfo.uid, s.appInfo.longVersionCode, s.instanceName, s.processName); Loading
services/core/java/com/android/server/am/ActivityManagerService.java +16 −1 Original line number Diff line number Diff line Loading @@ -2430,6 +2430,20 @@ public class ActivityManagerService extends IActivityManager.Stub return mBackgroundLaunchBroadcasts; } /** * Ensures that the given package name has an explicit set of allowed associations. * If it does not, give it an empty set. */ void requireAllowedAssociationsLocked(String packageName) { if (mAllowedAssociations == null) { mAllowedAssociations = new ArrayMap<>( SystemConfig.getInstance().getAllowedAssociations()); } if (mAllowedAssociations.get(packageName) == null) { mAllowedAssociations.put(packageName, new ArraySet<>()); } } /** * Returns true if the package {@code pkg1} running under user handle {@code uid1} is * allowed association with the package {@code pkg2} running under user handle {@code uid2}. Loading @@ -2438,7 +2452,8 @@ public class ActivityManagerService extends IActivityManager.Stub */ boolean validateAssociationAllowedLocked(String pkg1, int uid1, String pkg2, int uid2) { if (mAllowedAssociations == null) { mAllowedAssociations = SystemConfig.getInstance().getAllowedAssociations(); mAllowedAssociations = new ArrayMap<>( SystemConfig.getInstance().getAllowedAssociations()); } // Interactions with the system uid are always allowed, since that is the core system // that everyone needs to be able to interact with. Also allow reflexive associations Loading
services/core/java/com/android/server/textclassifier/TextClassificationManagerService.java +2 −1 Original line number Diff line number Diff line Loading @@ -510,7 +510,8 @@ public final class TextClassificationManagerService extends ITextClassifierServi Slog.d(LOG_TAG, "Binding to " + serviceIntent.getComponent()); willBind = mContext.bindServiceAsUser( serviceIntent, mConnection, Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE, Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE | Context.BIND_RESTRICT_ASSOCIATIONS, UserHandle.of(mUserId)); mBinding = willBind; } finally { Loading
