Do not apply WearableSensingService SeInfo if it has association (723c6cbe) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ActiveServices.java

+18 −8

Original line number	Diff line number	Diff line
		@@ -4723,12 +4723,21 @@ public final class ActiveServices {
		// TODO(b/265746493): Special case for HotwordDetectionService,
		// VisualQueryDetectionService, WearableSensingService and OnDeviceSandboxedInferenceService
		// Need a cleaner way to append this seInfo.
		private String generateAdditionalSeInfoFromService(Intent service) {
		if (service != null && service.getAction() != null
		&& (service.getAction().equals(HotwordDetectionService.SERVICE_INTERFACE)
		\|\| service.getAction().equals(VisualQueryDetectionService.SERVICE_INTERFACE)
		\|\| service.getAction().equals(WearableSensingService.SERVICE_INTERFACE)
		\|\| service.getAction().equals(OnDeviceSandboxedInferenceService.SERVICE_INTERFACE))) {
		private String generateAdditionalSeInfoFromService(Intent service, String packageName) {
		if (service == null \|\| service.getAction() == null) {
		return "";
		}
		final String action = service.getAction();
		if (action.equals(HotwordDetectionService.SERVICE_INTERFACE)
		\|\| action.equals(VisualQueryDetectionService.SERVICE_INTERFACE)
		\|\| action.equals(OnDeviceSandboxedInferenceService.SERVICE_INTERFACE)) {
		return ":isolatedComputeApp";
		}

		// WearableSensingService needs additional SeInfo unless it is restricted at the package
		// level via allow-association restrictions.
		if (action.equals(WearableSensingService.SERVICE_INTERFACE)
		&& !mAm.hasRestrictedAssociations(packageName)) {
		return ":isolatedComputeApp";
		}
		return "";
		@@ -4870,7 +4879,7 @@ public final class ActiveServices {
		r.mRecentCallingPackage = callingPackage;
		r.mRecentCallingUid = callingUid;
		}
		r.appInfo.seInfo += generateAdditionalSeInfoFromService(service);
		r.appInfo.seInfo += generateAdditionalSeInfoFromService(service, r.packageName);
		return new ServiceLookupResult(r, resolution.getAlias());
		}

		@@ -5125,7 +5134,8 @@ public final class ActiveServices {
		return null;
		}
		}
		r.appInfo.seInfo += generateAdditionalSeInfoFromService(service);

		r.appInfo.seInfo += generateAdditionalSeInfoFromService(service, r.packageName);
		return new ServiceLookupResult(r, resolution.getAlias());
		}
		return null;

services/core/java/com/android/server/am/ActivityManagerService.java

+23 −0

Original line number	Diff line number	Diff line
		@@ -2655,6 +2655,29 @@ public class ActivityManagerService extends IActivityManager.Stub
		return true;
		}

		/**
		* Returns true if the package has a restricted set of associations.
		*/
		boolean hasRestrictedAssociations(String pkg) {
		ensureAllowedAssociations();
		// Check for associations on the target package
		PackageAssociationInfo pai = mAllowedAssociations.get(pkg);
		if (pai == null) {
		// if there is no package association info then the package is allowed association
		// with any package
		return false;
		}
		final ArraySet<String> allowedAssociations = pai.getAllowedPackageAssociations();
		if (allowedAssociations == null \|\| allowedAssociations.size() == 0) {
		// if there is are no allowed associations then the package is allowed association
		// with any package
		return false;
		}
		// one or more allowed associations was found, therefore the package is restricted.
		return true;
		}


		/** Sets up allowed associations for system prebuilt packages from system config (if needed). */
		private void ensureAllowedAssociations() {
		if (mAllowedAssociations == null) {