diff options
| author | 2024-04-30 17:20:29 +0000 | |
|---|---|---|
| committer | 2024-05-06 19:30:37 +0000 | |
| commit | 95b71ad87dc24cd7d3ad91172aa2a9e16c19fb82 (patch) | |
| tree | f63054e158dcefd3d82f9b103fc837fe1e82d052 | |
| parent | 2b60d838b93f8b0728cd052fc818914d2e96b6bc (diff) | |
RESTRICT AUTOMERGE Backport preventing BAL bypass via bound service
Apply similar fix for WallpaperService to TextToSpeech Service,
Job Service, Print Service, Sync Service and MediaRoute2Provider Service
Bug: 232798473, 232798676, 336490997
Test: Manual test. BackgroundActivityLaunchTest
Change-Id: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80
6 files changed, 13 insertions, 7 deletions
diff --git a/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java b/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java index f7fe9cab60ae..4e572fd048f8 100644 --- a/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java +++ b/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java @@ -310,11 +310,13 @@ public final class JobServiceContext implements ServiceConnection { bindFlags = Context.BIND_AUTO_CREATE | Context.BIND_NOT_FOREGROUND | Context.BIND_ALMOST_PERCEPTIBLE | Context.BIND_BYPASS_POWER_NETWORK_RESTRICTIONS - | Context.BIND_NOT_APP_COMPONENT_USAGE; + | Context.BIND_NOT_APP_COMPONENT_USAGE + | Context.BIND_DENY_ACTIVITY_STARTS_PRE_34; } else { bindFlags = Context.BIND_AUTO_CREATE | Context.BIND_NOT_FOREGROUND | Context.BIND_NOT_PERCEPTIBLE - | Context.BIND_NOT_APP_COMPONENT_USAGE; + | Context.BIND_NOT_APP_COMPONENT_USAGE + | Context.BIND_DENY_ACTIVITY_STARTS_PRE_34; } binding = mContext.bindServiceAsUser(intent, this, bindFlags, UserHandle.of(job.getUserId())); diff --git a/core/java/android/speech/tts/TextToSpeech.java b/core/java/android/speech/tts/TextToSpeech.java index 7e8622a0e694..679a222f51a2 100644 --- a/core/java/android/speech/tts/TextToSpeech.java +++ b/core/java/android/speech/tts/TextToSpeech.java @@ -2379,7 +2379,8 @@ public class TextToSpeech { boolean connect(String engine) { Intent intent = new Intent(Engine.INTENT_ACTION_TTS_SERVICE); intent.setPackage(engine); - return mContext.bindService(intent, this, Context.BIND_AUTO_CREATE); + return mContext.bindService(intent, this, + Context.BIND_AUTO_CREATE | Context.BIND_DENY_ACTIVITY_STARTS_PRE_34); } @Override diff --git a/services/core/java/com/android/server/content/SyncManager.java b/services/core/java/com/android/server/content/SyncManager.java index 73afa60e8510..035c8ecb4536 100644 --- a/services/core/java/com/android/server/content/SyncManager.java +++ b/services/core/java/com/android/server/content/SyncManager.java @@ -223,7 +223,8 @@ public class SyncManager { /** Flags used when connecting to a sync adapter service */ private static final int SYNC_ADAPTER_CONNECTION_FLAGS = Context.BIND_AUTO_CREATE - | Context.BIND_NOT_FOREGROUND | Context.BIND_ALLOW_OOM_MANAGEMENT; + | Context.BIND_NOT_FOREGROUND | Context.BIND_ALLOW_OOM_MANAGEMENT + | Context.BIND_DENY_ACTIVITY_STARTS_PRE_34; /** Singleton instance. */ @GuardedBy("SyncManager.class") diff --git a/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java b/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java index c6f89750e87c..cca12e7209e4 100644 --- a/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java +++ b/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java @@ -238,7 +238,8 @@ final class MediaRoute2ProviderServiceProxy extends MediaRoute2Provider service.setComponent(mComponentName); try { mBound = mContext.bindServiceAsUser(service, this, - Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE, + Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE + | Context.BIND_DENY_ACTIVITY_STARTS_PRE_34, new UserHandle(mUserId)); if (!mBound && DEBUG) { Slog.d(TAG, this + ": Bind failed"); diff --git a/services/print/java/com/android/server/print/RemotePrintService.java b/services/print/java/com/android/server/print/RemotePrintService.java index 502cd2c60f4a..ea756c2d222b 100644 --- a/services/print/java/com/android/server/print/RemotePrintService.java +++ b/services/print/java/com/android/server/print/RemotePrintService.java @@ -572,7 +572,8 @@ final class RemotePrintService implements DeathRecipient { boolean wasBound = mContext.bindServiceAsUser(mIntent, mServiceConnection, Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE - | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT, + | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT + | Context.BIND_DENY_ACTIVITY_STARTS_PRE_34, new UserHandle(mUserId)); if (!wasBound) { diff --git a/services/texttospeech/java/com/android/server/texttospeech/TextToSpeechManagerPerUserService.java b/services/texttospeech/java/com/android/server/texttospeech/TextToSpeechManagerPerUserService.java index 55cbc7261e64..99286f429158 100644 --- a/services/texttospeech/java/com/android/server/texttospeech/TextToSpeechManagerPerUserService.java +++ b/services/texttospeech/java/com/android/server/texttospeech/TextToSpeechManagerPerUserService.java @@ -95,7 +95,7 @@ final class TextToSpeechManagerPerUserService extends ITextToSpeechSessionCallback callback) { super(context, new Intent(TextToSpeech.Engine.INTENT_ACTION_TTS_SERVICE).setPackage(engine), - Context.BIND_AUTO_CREATE, + Context.BIND_AUTO_CREATE | Context.BIND_DENY_ACTIVITY_STARTS_PRE_34, userId, ITextToSpeechService.Stub::asInterface); mEngine = engine; |