Commit 9d704623 authored Oct 04, 2024 by Sandeep Bandaru Committed by Android Build Coastguard Worker Oct 11, 2024

Extend service permission list only accessible from SystemUid.

As noted in b/185746653 - for isolated_compute_app, we do not want even the holding app for the isolated-process to be able to bind to it. This was implemented specifically for HOTWORD usecase previously and missed for few other usecases.

Similar to hotword service, we are extending the same permission check
to wearablesensingservice and ondeviceintelligence service which also
run as isolated_compute_app and require this enforcement in framework.

Bug: 369871251
Flag: EXEMPT bugfix
Test: added CTS in topic
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:31ce2795a8fa161920ac4e153fb62a37cb20cf2c)
Merged-In: I6bbe1a48de15243ace803e08c2ab7550c3612eb1
Change-Id: I6bbe1a48de15243ace803e08c2ab7550c3612eb1

parent e5b08196

services/core/java/com/android/server/am/ActiveServices.java

+4 −1

Original line number	Diff line number	Diff line
		@@ -5077,7 +5077,10 @@ public final class ActiveServices {
		+ " requires " + r.permission);
		return new ServiceLookupResult(r.permission);
		} else if ((Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission)
		\|\| Manifest.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE.equals(r.permission))
		\|\| Manifest.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE.equals(r.permission)
		\|\| Manifest.permission.BIND_WEARABLE_SENSING_SERVICE.equals(r.permission)
		\|\| Manifest.permission.BIND_ON_DEVICE_SANDBOXED_INFERENCE_SERVICE.equals(
		r.permission))
		&& callingUid != Process.SYSTEM_UID) {
		// Hotword detection and visual query detection must run in its own sandbox, and we
		// don't even trust its enclosing application to bind to it - only the system.