Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a305401 authored by Charles Chen's avatar Charles Chen
Browse files

Only allow the system to bind to the visual query detection service. 

The visual query detection service is an isolated service which we
want to isolate from the rest of the system as much as possible. We
don't want to allow anybody but the system to bind it, not even its
enclosing application.

Bug: 185746653
Test: local
Change-Id: Ia0d99921c0e69081b19c93b2bb2befcdda138081
parent a086f03b

services/core/java/com/android/server/am/ActiveServices.java

+4 −3
Original line number Diff line number Diff line
@@ -4504,10 +4504,11 @@ public final class ActiveServices { 
                        + ", uid=" + callingUid

                        + " requires " + r.permission);

                return new ServiceLookupResult(r.permission);

            } else if (Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission)

            } else if ((Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission)

                    || Manifest.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE.equals(r.permission))

                    && callingUid != Process.SYSTEM_UID) {

                // Hotword detection must run in its own sandbox, and we don't even trust

                // its enclosing application to bind to it - only the system.

                // Hotword detection and visual query detection must run in its own sandbox, and we

                // don't even trust its enclosing application to bind to it - only the system.

                // TODO(b/185746653) remove this special case and generalize

                Slog.w(TAG, "Permission Denial: Accessing service " + r.shortInstanceName

                        + " from pid=" + callingPid