Don't bind incorrect services.
It's possible for system apps to put the wrong types of managed
services in a managed services setting; guard against that better
to prevent log spam.
Test: cts verifier, while setting is in a bad state.
Change-Id: Id836df1a2dbb29426bcb304e379c1cc5bb3dc485
diff --git a/services/core/java/com/android/server/notification/ManagedServices.java b/services/core/java/com/android/server/notification/ManagedServices.java
index 14e2ba3..11cc52d 100644
--- a/services/core/java/com/android/server/notification/ManagedServices.java
+++ b/services/core/java/com/android/server/notification/ManagedServices.java
@@ -31,6 +31,7 @@
import android.content.IntentFilter;
import android.content.ServiceConnection;
import android.content.pm.ApplicationInfo;
+import android.content.pm.IPackageManager;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.content.pm.ResolveInfo;
@@ -43,6 +44,7 @@
import android.os.IBinder;
import android.os.IInterface;
import android.os.RemoteException;
+import android.os.ServiceManager;
import android.os.UserHandle;
import android.os.UserManager;
import android.provider.Settings;
@@ -82,6 +84,7 @@
protected final Object mMutex;
private final UserProfiles mUserProfiles;
private final SettingsObserver mSettingsObserver;
+ private final IPackageManager mPm;
private final Config mConfig;
private ArraySet<String> mRestored;
@@ -114,6 +117,7 @@
mContext = context;
mMutex = mutex;
mUserProfiles = userProfiles;
+ mPm = IPackageManager.Stub.asInterface(ServiceManager.getService("package"));
mConfig = getConfig();
mSettingsObserver = new SettingsObserver(handler);
@@ -575,8 +579,21 @@
for (int i = 0; i < nUserIds; ++i) {
final Set<ComponentName> add = toAdd.get(userIds[i]);
for (ComponentName component : add) {
- Slog.v(TAG, "enabling " + getCaption() + " for " + userIds[i] + ": " + component);
- registerService(component, userIds[i]);
+ try {
+ ServiceInfo info = mPm.getServiceInfo(component,
+ PackageManager.MATCH_DIRECT_BOOT_AWARE
+ | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userIds[i]);
+ if (!mConfig.bindPermission.equals(info.permission)) {
+ Slog.w(TAG, "Skipping " + getCaption() + " service " + component
+ + ": it does not require the permission " + mConfig.bindPermission);
+ continue;
+ }
+ Slog.v(TAG,
+ "enabling " + getCaption() + " for " + userIds[i] + ": " + component);
+ registerService(component, userIds[i]);
+ } catch (RemoteException e) {
+ e.rethrowFromSystemServer();
+ }
}
}