Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9024979a authored by Hui Yu's avatar Hui Yu
Browse files

Remove implicit process capability for certain foreground service state. 

Make the while-in-use camera/microphone access more restrictive.

Bug: 237766679
Test: atest cts/tests/app/src/android/app/cts/ActivityManagerProcessStateTest.java#testFgsDefaultCapabilityNone
Change-Id: I586fafbfb9689f03030aeb0807d25f4d044644bf
parent cb8ec0cf

services/core/java/com/android/server/am/OomAdjuster.java

+4 −11
Original line number Diff line number Diff line
@@ -17,7 +17,6 @@ 
package com.android.server.am;



import static android.app.ActivityManager.PROCESS_CAPABILITY_ALL;

import static android.app.ActivityManager.PROCESS_CAPABILITY_ALL_IMPLICIT;

import static android.app.ActivityManager.PROCESS_CAPABILITY_FOREGROUND_CAMERA;

import static android.app.ActivityManager.PROCESS_CAPABILITY_FOREGROUND_LOCATION;

import static android.app.ActivityManager.PROCESS_CAPABILITY_FOREGROUND_MICROPHONE;
@@ -2565,16 +2564,10 @@ public class OomAdjuster { 
            case PROCESS_STATE_BOUND_TOP:

                return PROCESS_CAPABILITY_NETWORK;

            case PROCESS_STATE_FOREGROUND_SERVICE:

                if (psr.hasForegroundServices()) {

                    // Capability from FGS are conditional depending on foreground service type in

                    // manifest file and the mAllowWhileInUsePermissionInFgs flag.

                // Capability from foreground service is conditional depending on

                // foregroundServiceType in the manifest file and the

                // mAllowWhileInUsePermissionInFgs flag.

                return PROCESS_CAPABILITY_NETWORK;

                } else {

                    // process has no FGS, the PROCESS_STATE_FOREGROUND_SERVICE is from client.

                    // the implicit capability could be removed in the future, client should use

                    // BIND_INCLUDE_CAPABILITY flag.

                    return PROCESS_CAPABILITY_ALL_IMPLICIT | PROCESS_CAPABILITY_NETWORK;

                }

            case PROCESS_STATE_BOUND_FOREGROUND_SERVICE:

                return PROCESS_CAPABILITY_NETWORK;

            default: