Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / a9da85fde4675ed0b03557e448b1cc67f1d391fe^! / . / services / core / java / com / android / server / am / ActiveServices.java
commita9da85fde4675ed0b03557e448b1cc67f1d391fe[log] [tgz]
authorDianne Hackborn <hackbod@google.com>Fri Jan 19 17:44:46 2018 -0800
committerDianne Hackborn <hackbod@google.com>Wed Feb 07 14:02:02 2018 -0800
treec901ec0f1a35514c8eab7d8f089cf813a4ef1d89
parent0589371900a47b70dd5851c9792ffdbdd781c96c [diff] [blame]
Fix issue #72116995: Add permission guarding Service#startForeground

Now requires permission if targeting P.

Note that this is a separate permission from the existing one
that is required for instant apps to use foreground services.  The
reason for this is that their semantics are different (the instant
apps permission is associated with an app op for control over what
the app is allowed, while the regular app permission is just a
normal permission that is always granted and only there for
auditing of apps), and there are probably going to be cases where
a developer will want to use a foreground service in the full
version of their app but not as an instant app.

Bug: 72116995
Test: atest CtsAppTestCases
Change-Id: I95afb7185742b82c525e775ca20bb36015510b43

diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java
index 14404f5..230f69d 100644
--- a/services/core/java/com/android/server/am/ActiveServices.java
+++ b/services/core/java/com/android/server/am/ActiveServices.java

@@ -1043,20 +1043,14 @@
                         throw new SecurityException("Instant app " + r.appInfo.packageName
                                 + " does not have permission to create foreground services");
                     default:
-                        try {
-                            if (AppGlobals.getPackageManager().checkPermission(
-                                    android.Manifest.permission.INSTANT_APP_FOREGROUND_SERVICE,
-                                    r.appInfo.packageName, UserHandle.getUserId(r.appInfo.uid))
-                                            != PackageManager.PERMISSION_GRANTED) {
-                                throw new SecurityException("Instant app " + r.appInfo.packageName
-                                        + " does not have permission to create foreground"
-                                        + "services");
-                            }
-                        } catch (RemoteException e) {
-                            throw new SecurityException("Failed to check instant app permission." ,
-                                    e);
-                        }
+                        mAm.enforcePermission(
+                                android.Manifest.permission.INSTANT_APP_FOREGROUND_SERVICE,
+                                r.app.pid, r.appInfo.uid, "startForeground");
                 }
+            } else if (r.appInfo.targetSdkVersion >= Build.VERSION_CODES.P) {
+                mAm.enforcePermission(
+                        android.Manifest.permission.FOREGROUND_SERVICE,
+                        r.app.pid, r.appInfo.uid, "startForeground");
             }
             if (r.fgRequired) {
                 if (DEBUG_SERVICE || DEBUG_BACKGROUND_CHECK) {