diff options
| author | 2022-08-08 13:58:32 -0700 | |
|---|---|---|
| committer | 2022-08-12 09:40:10 -0700 | |
| commit | 9024979aafab94ec22b4db89ff117a7abc26fd7b (patch) | |
| tree | 3d1b9e1afd91c97ac09c269e2410d7da2d187341 | |
| parent | cb8ec0cf4d2bfcc4f21d68a43c900f214e34ec5b (diff) | |
Remove implicit process capability for certain foreground service state.
Make the while-in-use camera/microphone access more restrictive.
Bug: 237766679
Test: atest cts/tests/app/src/android/app/cts/ActivityManagerProcessStateTest.java#testFgsDefaultCapabilityNone
Change-Id: I586fafbfb9689f03030aeb0807d25f4d044644bf
| -rw-r--r-- | services/core/java/com/android/server/am/OomAdjuster.java | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/services/core/java/com/android/server/am/OomAdjuster.java b/services/core/java/com/android/server/am/OomAdjuster.java index 8759f23065f0..36be6ff19df4 100644 --- a/services/core/java/com/android/server/am/OomAdjuster.java +++ b/services/core/java/com/android/server/am/OomAdjuster.java @@ -17,7 +17,6 @@ package com.android.server.am; import static android.app.ActivityManager.PROCESS_CAPABILITY_ALL; -import static android.app.ActivityManager.PROCESS_CAPABILITY_ALL_IMPLICIT; import static android.app.ActivityManager.PROCESS_CAPABILITY_FOREGROUND_CAMERA; import static android.app.ActivityManager.PROCESS_CAPABILITY_FOREGROUND_LOCATION; import static android.app.ActivityManager.PROCESS_CAPABILITY_FOREGROUND_MICROPHONE; @@ -2565,16 +2564,10 @@ public class OomAdjuster { case PROCESS_STATE_BOUND_TOP: return PROCESS_CAPABILITY_NETWORK; case PROCESS_STATE_FOREGROUND_SERVICE: - if (psr.hasForegroundServices()) { - // Capability from FGS are conditional depending on foreground service type in - // manifest file and the mAllowWhileInUsePermissionInFgs flag. - return PROCESS_CAPABILITY_NETWORK; - } else { - // process has no FGS, the PROCESS_STATE_FOREGROUND_SERVICE is from client. - // the implicit capability could be removed in the future, client should use - // BIND_INCLUDE_CAPABILITY flag. - return PROCESS_CAPABILITY_ALL_IMPLICIT | PROCESS_CAPABILITY_NETWORK; - } + // Capability from foreground service is conditional depending on + // foregroundServiceType in the manifest file and the + // mAllowWhileInUsePermissionInFgs flag. + return PROCESS_CAPABILITY_NETWORK; case PROCESS_STATE_BOUND_FOREGROUND_SERVICE: return PROCESS_CAPABILITY_NETWORK; default: |