Merge "Only allow the system to bind to the visual query detection service."... (e4c96034) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ActiveServices.java

+4 −3

Original line number	Original line	Diff line number	Diff line
	@@ -4504,10 +4504,11 @@ public final class ActiveServices {
	+ ", uid=" + callingUid		+ ", uid=" + callingUid
	+ " requires " + r.permission);		+ " requires " + r.permission);
	return new ServiceLookupResult(r.permission);		return new ServiceLookupResult(r.permission);
	} else if (Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission)		} else if ((Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission)
			\|\| Manifest.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE.equals(r.permission))
	&& callingUid != Process.SYSTEM_UID) {		&& callingUid != Process.SYSTEM_UID) {
	// Hotword detection must run in its own sandbox, and we don't even trust		// Hotword detection and visual query detection must run in its own sandbox, and we
	// its enclosing application to bind to it - only the system.		// don't even trust its enclosing application to bind to it - only the system.
	// TODO(b/185746653) remove this special case and generalize		// TODO(b/185746653) remove this special case and generalize
	Slog.w(TAG, "Permission Denial: Accessing service " + r.shortInstanceName		Slog.w(TAG, "Permission Denial: Accessing service " + r.shortInstanceName
	+ " from pid=" + callingPid		+ " from pid=" + callingPid