Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f94e4d8e authored by Hui Yu's avatar Hui Yu
Browse files

Remove implicit process capability for certain foreground service state. 

Make the while-in-use camera/microphone access more restrictive. But
keep the implicit process capability for instrumented tests.

Bug: 237766679
Test: atest cts/tests/app/src/android/app/cts/ActivityManagerProcessStateTest.java#testFgsDefaultCapabilityNone
atest com.google.android.chre.pts.PtsChreTestRunner#messagePermissionTest
atest CtsAppSecurityHostTestCases:android.appsecurity.cts.EphemeralTest#testCameraPermission

Change-Id: Icae4146404bb2d5688df01d2d66e347383618fd7
parent 2e41fd78

services/core/java/com/android/server/am/OomAdjuster.java

+8 −10
Original line number Diff line number Diff line
@@ -2535,7 +2535,7 @@ public class OomAdjuster { 
            capability |= capabilityFromFGS;

        }



        capability |= getDefaultCapability(psr, procState);

        capability |= getDefaultCapability(app, procState);



        // Do final modification to adj.  Everything we do between here and applying

        // the final setAdj must be done in this function, because we will also use
@@ -2557,7 +2557,7 @@ public class OomAdjuster { 
                || state.getCurCapability() != prevCapability;

    }



    private int getDefaultCapability(ProcessServiceRecord psr, int procState) {

    private int getDefaultCapability(ProcessRecord app, int procState) {

        switch (procState) {

            case PROCESS_STATE_PERSISTENT:

            case PROCESS_STATE_PERSISTENT_UI:
@@ -2566,15 +2566,13 @@ public class OomAdjuster { 
            case PROCESS_STATE_BOUND_TOP:

                return PROCESS_CAPABILITY_NETWORK;

            case PROCESS_STATE_FOREGROUND_SERVICE:

                if (psr.hasForegroundServices()) {

                    // Capability from FGS are conditional depending on foreground service type in

                    // manifest file and the mAllowWhileInUsePermissionInFgs flag.

                    return PROCESS_CAPABILITY_NETWORK;

                } else {

                    // process has no FGS, the PROCESS_STATE_FOREGROUND_SERVICE is from client.

                    // the implicit capability could be removed in the future, client should use

                    // BIND_INCLUDE_CAPABILITY flag.

                if (app.getActiveInstrumentation() != null) {

                    return PROCESS_CAPABILITY_ALL_IMPLICIT | PROCESS_CAPABILITY_NETWORK ;

                } else {

                    // Capability from foreground service is conditional depending on

                    // foregroundServiceType in the manifest file and the

                    // mAllowWhileInUsePermissionInFgs flag.

                    return PROCESS_CAPABILITY_NETWORK;

                }

            case PROCESS_STATE_BOUND_FOREGROUND_SERVICE:

                return PROCESS_CAPABILITY_NETWORK;