Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cd6b6687 authored Apr 30, 2024 by Nan Wu Committed by Cherrypicker Worker Jul 20, 2024

RESTRICT AUTOMERGE Backport preventing BAL bypass via bound service

Apply similar fix for WallpaperService to TextToSpeech Service,
Job Service, Print Service, Sync Service and MediaRoute2Provider Service

Bug: 232798473, 232798676, 336490997
Test: Manual test. BackgroundActivityLaunchTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8fdf4a345e140eba9b4e736d24ab95c67c55a247)
Merged-In: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80
Change-Id: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80

parent 0f321a94

apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java

+4 −2

Original line number	Diff line number	Diff line
		@@ -291,11 +291,13 @@ public final class JobServiceContext implements ServiceConnection {
		bindFlags = Context.BIND_AUTO_CREATE \| Context.BIND_NOT_FOREGROUND
		\| Context.BIND_ALMOST_PERCEPTIBLE
		\| Context.BIND_BYPASS_POWER_NETWORK_RESTRICTIONS
		\| Context.BIND_NOT_APP_COMPONENT_USAGE;
		\| Context.BIND_NOT_APP_COMPONENT_USAGE
		\| Context.BIND_DENY_ACTIVITY_STARTS;
		} else {
		bindFlags = Context.BIND_AUTO_CREATE \| Context.BIND_NOT_FOREGROUND
		\| Context.BIND_NOT_PERCEPTIBLE
		\| Context.BIND_NOT_APP_COMPONENT_USAGE;
		\| Context.BIND_NOT_APP_COMPONENT_USAGE
		\| Context.BIND_DENY_ACTIVITY_STARTS;
		}
		binding = mContext.bindServiceAsUser(intent, this, bindFlags,
		UserHandle.of(job.getUserId()));

core/java/android/speech/tts/TextToSpeech.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -2379,7 +2379,8 @@ public class TextToSpeech {
		boolean connect(String engine) {
		Intent intent = new Intent(Engine.INTENT_ACTION_TTS_SERVICE);
		intent.setPackage(engine);
		return mContext.bindService(intent, this, Context.BIND_AUTO_CREATE);
		return mContext.bindService(intent, this,
		Context.BIND_AUTO_CREATE \| Context.BIND_DENY_ACTIVITY_STARTS);
		}

		@Override

services/core/java/com/android/server/content/SyncManager.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -221,7 +221,8 @@ public class SyncManager {

		/** Flags used when connecting to a sync adapter service */
		private static final int SYNC_ADAPTER_CONNECTION_FLAGS = Context.BIND_AUTO_CREATE
		\| Context.BIND_NOT_FOREGROUND \| Context.BIND_ALLOW_OOM_MANAGEMENT;
		\| Context.BIND_NOT_FOREGROUND \| Context.BIND_ALLOW_OOM_MANAGEMENT
		\| Context.BIND_DENY_ACTIVITY_STARTS;

		/** Singleton instance. */
		@GuardedBy("SyncManager.class")

services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -238,7 +238,8 @@ final class MediaRoute2ProviderServiceProxy extends MediaRoute2Provider
		service.setComponent(mComponentName);
		try {
		mBound = mContext.bindServiceAsUser(service, this,
		Context.BIND_AUTO_CREATE \| Context.BIND_FOREGROUND_SERVICE,
		Context.BIND_AUTO_CREATE \| Context.BIND_FOREGROUND_SERVICE
		\| Context.BIND_DENY_ACTIVITY_STARTS,
		new UserHandle(mUserId));
		if (!mBound && DEBUG) {
		Slog.d(TAG, this + ": Bind failed");

services/print/java/com/android/server/print/RemotePrintService.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -572,7 +572,8 @@ final class RemotePrintService implements DeathRecipient {

		boolean wasBound = mContext.bindServiceAsUser(mIntent, mServiceConnection,
		Context.BIND_AUTO_CREATE \| Context.BIND_FOREGROUND_SERVICE
		\| Context.BIND_INCLUDE_CAPABILITIES \| Context.BIND_ALLOW_INSTANT,
		\| Context.BIND_INCLUDE_CAPABILITIES \| Context.BIND_ALLOW_INSTANT
		\| Context.BIND_DENY_ACTIVITY_STARTS,
		new UserHandle(mUserId));

		if (!wasBound) {