From 13ce4693d303c8c17494ddef9ac12fc0f901d040 Mon Sep 17 00:00:00 2001 From: Phil Weaver Date: Tue, 19 Apr 2016 17:01:52 -0700 Subject: [PATCH] Clear calling identity when binding a11y services When a UiAutomation is destroyed, accessibility services may get enabled as a side effect. That was causing these services to be enabled in a binder thread, which threw a SecurityException. Bug: 28268310 Bug: 28163652 Change-Id: Ie25ab05569b5b21b5f30e7d7eed24ef73b7ba159 --- .../AccessibilityManagerService.java | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java index d900b378c2c89..4e5bb210b7536 100644 --- a/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java +++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java @@ -2298,11 +2298,16 @@ public class AccessibilityManagerService extends IAccessibilityManager.Stub { public boolean bindLocked() { UserState userState = getUserStateLocked(mUserId); if (!mIsAutomation) { - if (mService == null && mContext.bindServiceAsUser( - mIntent, this, - Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE_WHILE_AWAKE, - new UserHandle(mUserId))) { - userState.mBindingServices.add(mComponentName); + final long identity = Binder.clearCallingIdentity(); + try { + if (mService == null && mContext.bindServiceAsUser( + mIntent, this, + Context.BIND_AUTO_CREATE | Context.BIND_FOREGROUND_SERVICE_WHILE_AWAKE, + new UserHandle(mUserId))) { + userState.mBindingServices.add(mComponentName); + } + } finally { + Binder.restoreCallingIdentity(identity); } } else { userState.mBindingServices.add(mComponentName);