PixelPropsUtils: Skip play Integrity props in isolated processes

* Isolated processes (e.g. com.android.vending:com.google.android.finsky.verifier.apkanalysis.service.ApkContentsScanService) cannot access content providers. Calling Settings.Secure.getString(...) during their application init triggers: * Log: 09-06 22:51:42.792 16766 16766 E AndroidRuntime: FATAL EXCEPTION: main 09-06 22:51:42.792 16766 16766 E AndroidRuntime: Process: com.android.vending:com.google.android.finsky.verifier.apkanalysis.service.ApkContentsScanService, PID: 16766 09-06 22:51:42.792 16766 16766 E AndroidRuntime: java.lang.RuntimeException: Unable to instantiate application com.google.android.finsky.application.classic.ClassicApplication package com.android.vending: java.lang.SecurityException: Isolated process not allowed to call getContentProvider 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.app.LoadedApk.makeApplicationInner(LoadedApk.java:1486) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.app.LoadedApk.makeApplicationInner(LoadedApk.java:1411) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.app.ActivityThread.handleBindApplication(ActivityThread.java:7827) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.app.ActivityThread.-$$Nest$mhandleBindApplication(Unknown Source:0) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2549) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.os.Handler.dispatchMessage(Handler.java:110) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.os.Looper.loopOnce(Looper.java:248) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.os.Looper.loop(Looper.java:338) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at android.app.ActivityThread.main(ActivityThread.java:9137) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at java.lang.reflect.Method.invoke(Native Method) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:593) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:940) 09-06 22:51:42.792 16766 16766 E AndroidRuntime: Caused by: java.lang.SecurityException: Isolated process not allowed to call getContentProvider * Add Process.isIsolated() guard in setPlayIntegrityProps(Context) and return early. Also gate the call site in setProps(...) to avoid invoking setPlayIntegrityProps(...) from isolated processes, and log the skip. Change-Id: Iecf42b7ceb2f186128d0f1defbc45bcc4224e56a [neobuddy89: Adapted for PixelPropsUtils] Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
2025-09-08 17:56:26 +02:00
parent cf4d7c9aef
commit 6a09cad6c8
1 changed files with 9 additions and 0 deletions
--- a/core/java/com/android/internal/util/evolution/PixelPropsUtils.java
+++ b/core/java/com/android/internal/util/evolution/PixelPropsUtils.java
@@ -397,6 +397,10 @@ public final class PixelPropsUtils {
        if (sIsExcluded) {
            return;
        }
+        if (android.os.Process.isIsolated()) {
+            if (DEBUG) Log.d(TAG, "Skipping setProps in isolated process");
+            return;
+        }
        if (sIsGms) {
            if (shouldTryToCertifyDevice()) {
                if (!isPixelGmsEnabled) {
@@ -762,6 +766,11 @@ public final class PixelPropsUtils {
    }

    public static void onEngineGetCertificateChain() {
+        if (android.os.Process.isIsolated()) {
+            if (DEBUG) Log.d(TAG, "Skipping onEngineGetCertificateChain in isolated process");
+            return;
+        }
+
        Context context = ActivityThread.currentApplication() != null
                ? ActivityThread.currentApplication().getApplicationContext()
                : null;