summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/core/java/com/android/server/wearable/WearableSensingManagerPerUserService.java30
1 files changed, 27 insertions, 3 deletions
diff --git a/services/core/java/com/android/server/wearable/WearableSensingManagerPerUserService.java b/services/core/java/com/android/server/wearable/WearableSensingManagerPerUserService.java
index 7006311abfc0..c6b401b3d7b8 100644
--- a/services/core/java/com/android/server/wearable/WearableSensingManagerPerUserService.java
+++ b/services/core/java/com/android/server/wearable/WearableSensingManagerPerUserService.java
@@ -513,9 +513,33 @@ final class WearableSensingManagerPerUserService extends
String filename,
AndroidFuture<ParcelFileDescriptor> futureFromWearableSensingService)
throws RemoteException {
- // TODO(b/331395522): Intercept the PFD received from the app process and verify it
- // is read-only
- callbackFromAppProcess.openFile(filename, futureFromWearableSensingService);
+ AndroidFuture<ParcelFileDescriptor> futureFromSystemServer =
+ new AndroidFuture<ParcelFileDescriptor>()
+ .whenComplete(
+ (pfdFromApp, throwable) -> {
+ if (throwable != null) {
+ Slog.e(
+ TAG,
+ "Error when reading file " + filename,
+ throwable);
+ futureFromWearableSensingService.complete(null);
+ return;
+ }
+ if (isReadOnly(pfdFromApp)) {
+ futureFromWearableSensingService.complete(
+ pfdFromApp);
+ } else {
+ Slog.w(
+ TAG,
+ "Received writable ParcelFileDescriptor"
+ + " from app process. To prevent"
+ + " arbitrary data egress, sending null"
+ + " to WearableSensingService"
+ + " instead.");
+ futureFromWearableSensingService.complete(null);
+ }
+ });
+ callbackFromAppProcess.openFile(filename, futureFromSystemServer);
}
};
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-27 11:33:35 +0000