Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3875ec6a authored by Dianne Hackborn's avatar Dianne Hackborn
Browse files

Start restricting service calls with implicit intents. 

The bindService() and startService() calls have always had
undefined behavior when used with an implicit Intent and there
are multiple matching services.  Because of this, it is not
safe for applications to use such Intents when interacting with
services, yet the platform would merrily go about doing... something.

In KLP I want to cause this case to be invalid, resulting in
an exception thrown back to the app.  Unfortunately there are
lots of (scary) things relying on this behavior, so we can't
immediately turn it into an exception, even one qualified by the
caller's target SDK version.

In this change, we start loggin a WTF when such a call happens,
and clean up some stuff in Bluetooth that was doing this behavior.

Change-Id: I62e25d07890588d2362104e20b054aebb6c0e007
parent 8d2575d2

framework/java/android/bluetooth/BluetoothA2dp.java

+12 −5
Original line number Diff line number Diff line
@@ -128,9 +128,7 @@ public final class BluetoothA2dp implements BluetoothProfile { 
                            try {

                                if (mService == null) {

                                    if (VDBG) Log.d(TAG,"Binding service...");

                                    if (!mContext.bindService(new Intent(IBluetoothA2dp.class.getName()), mConnection, 0)) {

                                        Log.e(TAG, "Could not bind to Bluetooth A2DP Service");

                                    }

                                    doBind();

                                }

                            } catch (Exception re) {

                                Log.e(TAG,"",re);
@@ -157,9 +155,18 @@ public final class BluetoothA2dp implements BluetoothProfile { 
            }

        }



        if (!context.bindService(new Intent(IBluetoothA2dp.class.getName()), mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth A2DP Service");

        doBind();

    }



    boolean doBind() {

        Intent intent = new Intent(IBluetoothA2dp.class.getName());

        ComponentName comp = intent.resolveSystemService(mContext.getPackageManager(), 0);

        intent.setComponent(comp);

        if (comp == null || !mContext.bindService(intent, mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth A2DP Service with " + intent);

            return false;

        }

        return true;

    }



    /*package*/ void close() {

framework/java/android/bluetooth/BluetoothHeadset.java

+12 −5
Original line number Diff line number Diff line
@@ -241,9 +241,7 @@ public final class BluetoothHeadset implements BluetoothProfile { 
                            try {

                                if (mService == null) {

                                    if (VDBG) Log.d(TAG,"Binding service...");

                                    if (!mContext.bindService(new Intent(IBluetoothHeadset.class.getName()), mConnection, 0)) {

                                        Log.e(TAG, "Could not bind to Bluetooth Headset Service");

                                    }

                                    doBind();

                                }

                            } catch (Exception re) {

                                Log.e(TAG,"",re);
@@ -270,9 +268,18 @@ public final class BluetoothHeadset implements BluetoothProfile { 
            }

        }



        if (!context.bindService(new Intent(IBluetoothHeadset.class.getName()), mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth Headset Service");

        doBind();

    }



    boolean doBind() {

        Intent intent = new Intent(IBluetoothHeadset.class.getName());

        ComponentName comp = intent.resolveSystemService(mContext.getPackageManager(), 0);

        intent.setComponent(comp);

        if (comp == null || !mContext.bindService(intent, mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth Headset Service with " + intent);

            return false;

        }

        return true;

    }



    /**

framework/java/android/bluetooth/BluetoothHealth.java

+12 −5
Original line number Diff line number Diff line
@@ -117,9 +117,7 @@ public final class BluetoothHealth implements BluetoothProfile { 
                            try {

                                if (mService == null) {

                                    if (VDBG) Log.d(TAG,"Binding service...");

                                    if (!mContext.bindService(new Intent(IBluetoothHealth.class.getName()), mConnection, 0)) {

                                        Log.e(TAG, "Could not bind to Bluetooth Health Service");

                                    }

                                    doBind();

                                }

                            } catch (Exception re) {

                                Log.e(TAG,"",re);
@@ -483,9 +481,18 @@ public final class BluetoothHealth implements BluetoothProfile { 
            }

        }



        if (!context.bindService(new Intent(IBluetoothHealth.class.getName()), mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth Health Service");

        doBind();

    }



    boolean doBind() {

        Intent intent = new Intent(IBluetoothHealth.class.getName());

        ComponentName comp = intent.resolveSystemService(mContext.getPackageManager(), 0);

        intent.setComponent(comp);

        if (comp == null || !mContext.bindService(intent, mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth Health Service with " + intent);

            return false;

        }

        return true;

    }



    /*package*/ void close() {

framework/java/android/bluetooth/BluetoothInputDevice.java

+12 −6
Original line number Diff line number Diff line
@@ -206,9 +206,7 @@ public final class BluetoothInputDevice implements BluetoothProfile { 
                            try {

                                if (mService == null) {

                                    if (VDBG) Log.d(TAG,"Binding service...");

                                    if (!mContext.bindService(new Intent(IBluetoothInputDevice.class.getName()), mConnection, 0)) {

                                        Log.e(TAG, "Could not bind to Bluetooth HID Service");

                                    }

                                    doBind();

                                }

                            } catch (Exception re) {

                                Log.e(TAG,"",re);
@@ -237,10 +235,18 @@ public final class BluetoothInputDevice implements BluetoothProfile { 
            }

        }



        if (!context.bindService(new Intent(IBluetoothInputDevice.class.getName()),

                                 mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth HID Service");

        doBind();

    }



    boolean doBind() {

        Intent intent = new Intent(IBluetoothInputDevice.class.getName());

        ComponentName comp = intent.resolveSystemService(mContext.getPackageManager(), 0);

        intent.setComponent(comp);

        if (comp == null || !mContext.bindService(intent, mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth HID Service with " + intent);

            return false;

        }

        return true;

    }



    /*package*/ void close() {

framework/java/android/bluetooth/BluetoothPan.java

+15 −10
Original line number Diff line number Diff line
@@ -137,12 +137,20 @@ public final class BluetoothPan implements BluetoothProfile { 
        } catch (RemoteException re) {

            Log.w(TAG,"Unable to register BluetoothStateChangeCallback",re);

        }

        Log.d(TAG, "BluetoothPan() call bindService");

        if (!context.bindService(new Intent(IBluetoothPan.class.getName()),

                                 mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth HID Service");

        if (VDBG) Log.d(TAG, "BluetoothPan() call bindService");

        doBind();

        if (VDBG) Log.d(TAG, "BluetoothPan(), bindService called");

    }

        Log.d(TAG, "BluetoothPan(), bindService called");



    boolean doBind() {

        Intent intent = new Intent(IBluetoothPan.class.getName());

        ComponentName comp = intent.resolveSystemService(mContext.getPackageManager(), 0);

        intent.setComponent(comp);

        if (comp == null || !mContext.bindService(intent, mConnection, 0)) {

            Log.e(TAG, "Could not bind to Bluetooth Pan Service with " + intent);

            return false;

        }

        return true;

    }



    /*package*/ void close() {
@@ -170,11 +178,8 @@ public final class BluetoothPan implements BluetoothProfile { 
            //Handle enable request to bind again.

            if (on) {

                Log.d(TAG, "onBluetoothStateChange(on) call bindService");

                if (!mContext.bindService(new Intent(IBluetoothPan.class.getName()),

                                     mConnection, 0)) {

                    Log.e(TAG, "Could not bind to Bluetooth HID Service");

                }

                Log.d(TAG, "BluetoothPan(), bindService called");

                doBind();

                if (VDBG) Log.d(TAG, "BluetoothPan(), bindService called");

            } else {

                if (VDBG) Log.d(TAG,"Unbinding service...");

                synchronized (mConnection) {