RESTRICT AUTOMERGE Backport preventing BAL bypass via bound service
Apply similar fix for WallpaperService to TextToSpeech Service,
Job Service, Print Service, Sync Service and MediaRoute2Provider Service
Bug: 232798473, 232798676, 336490997
Test: Manual test. BackgroundActivityLaunchTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8fdf4a345e140eba9b4e736d24ab95c67c55a247)
Merged-In: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80
Change-Id: Ib113e45aa18296b4475b90d6dcec5dd5664f4c80
diff --git a/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java b/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java
index 90baa8e..8a7c365 100644
--- a/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java
+++ b/apex/jobscheduler/service/java/com/android/server/job/JobServiceContext.java
@@ -291,11 +291,13 @@
bindFlags = Context.BIND_AUTO_CREATE | Context.BIND_NOT_FOREGROUND
| Context.BIND_ALMOST_PERCEPTIBLE
| Context.BIND_BYPASS_POWER_NETWORK_RESTRICTIONS
- | Context.BIND_NOT_APP_COMPONENT_USAGE;
+ | Context.BIND_NOT_APP_COMPONENT_USAGE
+ | Context.BIND_DENY_ACTIVITY_STARTS;
} else {
bindFlags = Context.BIND_AUTO_CREATE | Context.BIND_NOT_FOREGROUND
| Context.BIND_NOT_PERCEPTIBLE
- | Context.BIND_NOT_APP_COMPONENT_USAGE;
+ | Context.BIND_NOT_APP_COMPONENT_USAGE
+ | Context.BIND_DENY_ACTIVITY_STARTS;
}
binding = mContext.bindServiceAsUser(intent, this, bindFlags,
UserHandle.of(job.getUserId()));
diff --git a/core/java/android/speech/tts/TextToSpeech.java b/core/java/android/speech/tts/TextToSpeech.java
index 7e8622a..2e162b6 100644
--- a/core/java/android/speech/tts/TextToSpeech.java
+++ b/core/java/android/speech/tts/TextToSpeech.java
@@ -2379,7 +2379,8 @@
boolean connect(String engine) {
Intent intent = new Intent(Engine.INTENT_ACTION_TTS_SERVICE);
intent.setPackage(engine);
- return mContext.bindService(intent, this, Context.BIND_AUTO_CREATE);
+ return mContext.bindService(intent, this,
+ Context.BIND_AUTO_CREATE | Context.BIND_DENY_ACTIVITY_STARTS);
}
@Override
diff --git a/services/core/java/com/android/server/content/SyncManager.java b/services/core/java/com/android/server/content/SyncManager.java
index 53c13c7..58652f1 100644
--- a/services/core/java/com/android/server/content/SyncManager.java
+++ b/services/core/java/com/android/server/content/SyncManager.java
@@ -221,7 +221,8 @@
/** Flags used when connecting to a sync adapter service */
private static final int SYNC_ADAPTER_CONNECTION_FLAGS = Context.BIND_AUTO_CREATE
- | Context.BIND_NOT_FOREGROUND | Context.BIND_ALLOW_OOM_MANAGEMENT;
+ | Context.BIND_NOT_FOREGROUND | Context.BIND_ALLOW_OOM_MANAGEMENT
+ | Context.BIND_DENY_ACTIVITY_STARTS;
/** Singleton instance. */
@GuardedBy("SyncManager.class")
diff --git a/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java b/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java
index 21f61ca..30d374e 100644
--- a/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java
+++ b/services/core/java/com/android/server/media/MediaRoute2ProviderServiceProxy.java
@@ -238,7 +238,8 @@
service.setComponent(mComponentName);
try {
mBound = mContext.bindServiceAsUser(service, this,
- Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE,
+ Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE
+ | Context.BIND_DENY_ACTIVITY_STARTS,
new UserHandle(mUserId));
if (!mBound && DEBUG) {
Slog.d(TAG, this + ": Bind failed");
diff --git a/services/print/java/com/android/server/print/RemotePrintService.java b/services/print/java/com/android/server/print/RemotePrintService.java
index 502cd2c..702ddbb 100644
--- a/services/print/java/com/android/server/print/RemotePrintService.java
+++ b/services/print/java/com/android/server/print/RemotePrintService.java
@@ -572,7 +572,8 @@
boolean wasBound = mContext.bindServiceAsUser(mIntent, mServiceConnection,
Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE
- | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT,
+ | Context.BIND_INCLUDE_CAPABILITIES | Context.BIND_ALLOW_INSTANT
+ | Context.BIND_DENY_ACTIVITY_STARTS,
new UserHandle(mUserId));
if (!wasBound) {
diff --git a/services/texttospeech/java/com/android/server/texttospeech/TextToSpeechManagerPerUserService.java b/services/texttospeech/java/com/android/server/texttospeech/TextToSpeechManagerPerUserService.java
index 55cbc72..c87d6be 100644
--- a/services/texttospeech/java/com/android/server/texttospeech/TextToSpeechManagerPerUserService.java
+++ b/services/texttospeech/java/com/android/server/texttospeech/TextToSpeechManagerPerUserService.java
@@ -95,7 +95,7 @@
ITextToSpeechSessionCallback callback) {
super(context,
new Intent(TextToSpeech.Engine.INTENT_ACTION_TTS_SERVICE).setPackage(engine),
- Context.BIND_AUTO_CREATE,
+ Context.BIND_AUTO_CREATE | Context.BIND_DENY_ACTIVITY_STARTS,
userId,
ITextToSpeechService.Stub::asInterface);
mEngine = engine;