From decd887f012f0c39bba855c8878eb5d8255595c4 Mon Sep 17 00:00:00 2001
From: Felipe Leme <felipeal@google.com>
Date: Wed, 26 Apr 2017 17:42:38 -0700
Subject: [PATCH] Autofill binding permission fixes.

- Removed deprecated BIND_AUTO_FILL
- Renamed BIND_AUTOFILL to BIND_AUTOFILL_SERVICE
- Kept BIND_AUTOFILL as @hide
- Fixed the permission code

The permission check was actually ignored; it was probably broken when we
introduced support to settings.

Fixes: 37723410
Bug: 37563972
Test: manual verification with existing client
Test: CtsAutoFillServiceTestCases pass

Change-Id: If3abdcb0ae850f0a327bfdbb9ca6c44a24823047
---
 api/current.txt                                     |  3 +--
 api/system-current.txt                              |  3 +--
 api/test-current.txt                                |  3 +--
 .../android/service/autofill/AutofillService.java   |  2 +-
 .../service/autofill/AutofillServiceInfo.java       | 13 +++++++++----
 core/res/AndroidManifest.xml                        |  8 +++-----
 .../server/autofill/AutofillManagerServiceImpl.java |  4 ++--
 7 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/api/current.txt b/api/current.txt
index 22e595b5993fc..1d88351cf6698 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -20,8 +20,7 @@ package android {
     field public static final java.lang.String BATTERY_STATS = "android.permission.BATTERY_STATS";
     field public static final java.lang.String BIND_ACCESSIBILITY_SERVICE = "android.permission.BIND_ACCESSIBILITY_SERVICE";
     field public static final java.lang.String BIND_APPWIDGET = "android.permission.BIND_APPWIDGET";
-    field public static final java.lang.String BIND_AUTOFILL = "android.permission.BIND_AUTOFILL";
-    field public static final java.lang.String BIND_AUTO_FILL = "android.permission.BIND_AUTO_FILL";
+    field public static final java.lang.String BIND_AUTOFILL_SERVICE = "android.permission.BIND_AUTOFILL_SERVICE";
     field public static final deprecated java.lang.String BIND_CARRIER_MESSAGING_SERVICE = "android.permission.BIND_CARRIER_MESSAGING_SERVICE";
     field public static final java.lang.String BIND_CARRIER_SERVICES = "android.permission.BIND_CARRIER_SERVICES";
     field public static final java.lang.String BIND_CHOOSER_TARGET_SERVICE = "android.permission.BIND_CHOOSER_TARGET_SERVICE";
diff --git a/api/system-current.txt b/api/system-current.txt
index 0e303f7447c14..88e21161f81b5 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -30,8 +30,7 @@ package android {
     field public static final java.lang.String BATTERY_STATS = "android.permission.BATTERY_STATS";
     field public static final java.lang.String BIND_ACCESSIBILITY_SERVICE = "android.permission.BIND_ACCESSIBILITY_SERVICE";
     field public static final java.lang.String BIND_APPWIDGET = "android.permission.BIND_APPWIDGET";
-    field public static final java.lang.String BIND_AUTOFILL = "android.permission.BIND_AUTOFILL";
-    field public static final java.lang.String BIND_AUTO_FILL = "android.permission.BIND_AUTO_FILL";
+    field public static final java.lang.String BIND_AUTOFILL_SERVICE = "android.permission.BIND_AUTOFILL_SERVICE";
     field public static final deprecated java.lang.String BIND_CARRIER_MESSAGING_SERVICE = "android.permission.BIND_CARRIER_MESSAGING_SERVICE";
     field public static final java.lang.String BIND_CARRIER_SERVICES = "android.permission.BIND_CARRIER_SERVICES";
     field public static final java.lang.String BIND_CHOOSER_TARGET_SERVICE = "android.permission.BIND_CHOOSER_TARGET_SERVICE";
diff --git a/api/test-current.txt b/api/test-current.txt
index 9a744cb54b88a..ed5432ce8b668 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -20,8 +20,7 @@ package android {
     field public static final java.lang.String BATTERY_STATS = "android.permission.BATTERY_STATS";
     field public static final java.lang.String BIND_ACCESSIBILITY_SERVICE = "android.permission.BIND_ACCESSIBILITY_SERVICE";
     field public static final java.lang.String BIND_APPWIDGET = "android.permission.BIND_APPWIDGET";
-    field public static final java.lang.String BIND_AUTOFILL = "android.permission.BIND_AUTOFILL";
-    field public static final java.lang.String BIND_AUTO_FILL = "android.permission.BIND_AUTO_FILL";
+    field public static final java.lang.String BIND_AUTOFILL_SERVICE = "android.permission.BIND_AUTOFILL_SERVICE";
     field public static final deprecated java.lang.String BIND_CARRIER_MESSAGING_SERVICE = "android.permission.BIND_CARRIER_MESSAGING_SERVICE";
     field public static final java.lang.String BIND_CARRIER_SERVICES = "android.permission.BIND_CARRIER_SERVICES";
     field public static final java.lang.String BIND_CHOOSER_TARGET_SERVICE = "android.permission.BIND_CHOOSER_TARGET_SERVICE";
diff --git a/core/java/android/service/autofill/AutofillService.java b/core/java/android/service/autofill/AutofillService.java
index 32b078f67e95b..416455d596be3 100644
--- a/core/java/android/service/autofill/AutofillService.java
+++ b/core/java/android/service/autofill/AutofillService.java
@@ -48,7 +48,7 @@ public abstract class AutofillService extends Service {
     /**
      * The {@link Intent} that must be declared as handled by the service.
      * To be supported, the service must also require the
-     * {@link android.Manifest.permission#BIND_AUTOFILL} permission so
+     * {@link android.Manifest.permission#BIND_AUTOFILL_SERVICE} permission so
      * that other applications can not abuse it.
      */
     @SdkConstant(SdkConstant.SdkConstantType.SERVICE_ACTION)
diff --git a/core/java/android/service/autofill/AutofillServiceInfo.java b/core/java/android/service/autofill/AutofillServiceInfo.java
index 0f4824e47fa92..e64eb0d629922 100644
--- a/core/java/android/service/autofill/AutofillServiceInfo.java
+++ b/core/java/android/service/autofill/AutofillServiceInfo.java
@@ -83,14 +83,19 @@ public final class AutofillServiceInfo {
     }
 
     /**
-     * Gets the meta-data as a TypedArray, or null if not provided, or throws if invalid.
+     * Gets the meta-data as a {@link TypedArray}, or {@code null} if not provided,
+     * or throws if invalid.
      */
     @Nullable
     private static TypedArray getMetaDataArray(PackageManager pm, ServiceInfo si) {
         // Check for permissions.
-        if (!Manifest.permission.BIND_AUTOFILL.equals(si.permission)) {
-            Log.e(TAG, "Service does not require permission " + Manifest.permission.BIND_AUTOFILL);
-            return null;
+        // TODO(b/37563972): remove support to BIND_AUTOFILL once clients use BIND_AUTOFILL_SERVICE
+        if (!Manifest.permission.BIND_AUTOFILL_SERVICE.equals(si.permission)
+                && !Manifest.permission.BIND_AUTOFILL.equals(si.permission)) {
+            Log.w(TAG, "AutofillService from '" + si.packageName + "' does not require permission "
+                    + Manifest.permission.BIND_AUTOFILL_SERVICE);
+            throw new SecurityException("Service does not require permission "
+                    + Manifest.permission.BIND_AUTOFILL_SERVICE);
         }
 
         // Get the AutoFill metadata, if declared.
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 313130221ff61..eacb02fa83648 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2485,13 +2485,11 @@
          to ensure that only the system can bind to it.
          <p>Protection level: signature
     -->
-    <permission android:name="android.permission.BIND_AUTOFILL"
+    <permission android:name="android.permission.BIND_AUTOFILL_SERVICE"
         android:protectionLevel="signature" />
 
-    <!--  TODO(b/35956626): temporary until clients change to BIND_AUTOFILL
-         <p>Protection level: signature
-    -->
-    <permission android:name="android.permission.BIND_AUTO_FILL"
+    <!-- @hide TODO(b/37563972): remove once clients use BIND_AUTOFILL_SERVICE -->
+    <permission android:name="android.permission.BIND_AUTOFILL"
         android:protectionLevel="signature" />
 
     <!-- Must be required by hotword enrollment application,
diff --git a/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java b/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
index 238cdd5efd5f6..9ac60c6dcc293 100644
--- a/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
+++ b/services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java
@@ -191,8 +191,8 @@ final class AutofillManagerServiceImpl {
                 }
                 sendStateToClients();
             }
-        } catch (PackageManager.NameNotFoundException e) {
-            Slog.e(TAG, "Bad autofill service name " + componentName + ": " + e);
+        } catch (Exception e) {
+            Slog.e(TAG, "Bad AutofillService '" + componentName + "': " + e);
         }
     }