Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f974f10c authored by Automerger Merge Worker's avatar Automerger Merge Worker Committed by Android (Google) Code Review
Browse files

Merge "Merge "Only allow the system to bind to the visual query detection... 

Merge "Merge "Only allow the system to bind to the visual query detection service." into udc-dev am: c8114221 am: b823d500"
parents 1a647319 e4c96034

services/core/java/com/android/server/am/ActiveServices.java

+4 −3
Original line number Diff line number Diff line
@@ -4504,10 +4504,11 @@ public final class ActiveServices { 
                        + ", uid=" + callingUid

                        + " requires " + r.permission);

                return new ServiceLookupResult(r.permission);

            } else if (Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission)

            } else if ((Manifest.permission.BIND_HOTWORD_DETECTION_SERVICE.equals(r.permission)

                    || Manifest.permission.BIND_VISUAL_QUERY_DETECTION_SERVICE.equals(r.permission))

                    && callingUid != Process.SYSTEM_UID) {

                // Hotword detection must run in its own sandbox, and we don't even trust

                // its enclosing application to bind to it - only the system.

                // Hotword detection and visual query detection must run in its own sandbox, and we

                // don't even trust its enclosing application to bind to it - only the system.

                // TODO(b/185746653) remove this special case and generalize

                Slog.w(TAG, "Permission Denial: Accessing service " + r.shortInstanceName

                        + " from pid=" + callingPid