Merge "Fix a security issue in app widget service." into qt-dev am: 5a292b8bf4 am: f90c770087 am: af809557f8 am: 1dd381ac4a am: ef489b0fec am: e6d0a468f9 am: c6cd57ed1b am: aa157b377d

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/20026360 Change-Id: Iff829a445586cf3ee5d9e887d7e804dd96232cb9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Pinyao Ting <pinyaoting@google.com> 2022-09-24 00:05:55 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-09-24 00:05:55 +0000
commit: 61bd8d14627307a6a7d5be4e3cfaa724645e34d9 (patch)
tree: 32bab529905fd57a5670ded66b9729d7121d498c
parent: dec0c59a67b1b743f3ec8bf17b064a849f0cf03e (diff)
parent: aa157b377d6be726805eec4d0e331b143d30d2ca (diff)
2 files changed, 7 insertions, 4 deletions
diff --git a/core/java/android/appwidget/AppWidgetManager.java b/core/java/android/appwidget/AppWidgetManager.java
index 18c638112480..a432b8dec2cb 100644
--- a/core/java/android/appwidget/AppWidgetManager.java
+++ b/core/java/android/appwidget/AppWidgetManager.java
@@ -1130,7 +1130,9 @@ public class AppWidgetManager {
      * @param intent        The intent of the service which will be providing the data to the
      *                      RemoteViewsAdapter.
      * @param connection    The callback interface to be notified when a connection is made or lost.
-     * @param flags         Flags used for binding to the service
+     * @param flags         Flags used for binding to the service. Currently only
+     *                     {@link Context#BIND_AUTO_CREATE} and
+     *                     {@link Context#BIND_FOREGROUND_SERVICE_WHILE_AWAKE} are supported.
      *
      * @see Context#getServiceDispatcher(ServiceConnection, Handler, int)
      * @hide
diff --git a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
index 8fe57e18ea37..7ad4e0ad59de 100644
--- a/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
+++ b/services/appwidget/java/com/android/server/appwidget/AppWidgetServiceImpl.java
@@ -1218,11 +1218,12 @@ class AppWidgetServiceImpl extends IAppWidgetService.Stub implements WidgetBacku
             try {
                 // Ask ActivityManager to bind it. Notice that we are binding the service with the
                 // caller app instead of DevicePolicyManagerService.
-                if(ActivityManager.getService().bindService(
+                if (ActivityManager.getService().bindService(
                         caller, activtiyToken, intent,
                         intent.resolveTypeIfNeeded(mContext.getContentResolver()),
-                        connection, flags, mContext.getOpPackageName(),
-                        widget.provider.getUserId()) != 0) {
+                        connection, flags & (Context.BIND_AUTO_CREATE
+                                | Context.BIND_FOREGROUND_SERVICE_WHILE_AWAKE),
+                        mContext.getOpPackageName(), widget.provider.getUserId()) != 0) {
 
                     // Add it to the mapping of RemoteViewsService to appWidgetIds so that we
                     // can determine when we can call back to the RemoteViewsService later to
author	Pinyao Ting <pinyaoting@google.com>	2022-09-24 00:05:55 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-09-24 00:05:55 +0000
commit	61bd8d14627307a6a7d5be4e3cfaa724645e34d9 (patch)
tree	32bab529905fd57a5670ded66b9729d7121d498c
parent	dec0c59a67b1b743f3ec8bf17b064a849f0cf03e (diff)
parent	aa157b377d6be726805eec4d0e331b143d30d2ca (diff)