From 9cc47942f25f825c72f3c8ce9aef9f9f8d065ecf Mon Sep 17 00:00:00 2001
From: Greyson Parrelli <greyson@signal.org>
Date: Tue, 14 Apr 2026 21:06:01 +0000
Subject: [PATCH] Add process check to VoiceNotePlaybackService MediaSession
 access.

---
 .../components/voice/VoiceNotePlaybackService.java          | 6 ++++++
 .../securesms/components/voice/VoiceNotePlayerCallback.kt   | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/app/src/main/java/org/thoughtcrime/securesms/components/voice/VoiceNotePlaybackService.java b/app/src/main/java/org/thoughtcrime/securesms/components/voice/VoiceNotePlaybackService.java
index 1a1c0b3516..4bab03ff71 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/components/voice/VoiceNotePlaybackService.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/components/voice/VoiceNotePlaybackService.java
@@ -7,7 +7,9 @@ import android.content.pm.PackageManager;
 import android.content.pm.ResolveInfo;
 import android.media.AudioManager;
 import android.net.Uri;
+import android.os.Build;
 import android.os.Bundle;
+import android.os.Process;
 
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
@@ -114,6 +116,10 @@ public class VoiceNotePlaybackService extends MediaSessionService {
   @Nullable
   @Override
   public MediaSession onGetSession(@NonNull MediaSession.ControllerInfo controllerInfo) {
+    if (Build.VERSION.SDK_INT >= 28 && controllerInfo.getUid() != Process.myUid()) {
+      Log.w(TAG, "Denying session to external caller: " + controllerInfo.getPackageName());
+      return null;
+    }
     return mediaSession;
   }
 
diff --git a/app/src/main/java/org/thoughtcrime/securesms/components/voice/VoiceNotePlayerCallback.kt b/app/src/main/java/org/thoughtcrime/securesms/components/voice/VoiceNotePlayerCallback.kt
index 77cc51592a..c5522571e1 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/components/voice/VoiceNotePlayerCallback.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/components/voice/VoiceNotePlayerCallback.kt
@@ -8,7 +8,9 @@ package org.thoughtcrime.securesms.components.voice
 import android.content.Context
 import android.media.AudioManager
 import android.net.Uri
+import android.os.Build
 import android.os.Bundle
+import android.os.Process
 import android.widget.Toast
 import androidx.annotation.MainThread
 import androidx.annotation.OptIn
@@ -94,6 +96,10 @@ class VoiceNotePlayerCallback(val context: Context, val player: VoiceNotePlayer)
   private var latestUri = Uri.EMPTY
 
   override fun onConnect(session: MediaSession, controller: MediaSession.ControllerInfo): MediaSession.ConnectionResult {
+    if (Build.VERSION.SDK_INT >= 28 && controller.uid != Process.myUid()) {
+      Log.w(TAG, "Rejecting connection from external caller: ${controller.packageName}")
+      return MediaSession.ConnectionResult.reject()
+    }
     return MediaSession.ConnectionResult.accept(CUSTOM_COMMANDS, SUPPORTED_ACTIONS)
   }