In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
android.googlesource.com/platform/frameworks/base/+/0a163302b0288cdc4d9ca5e04398386ef8e1ec6b
android.googlesource.com/platform/frameworks/base/+/45a53e6cb8d3276126cfe0e717ad7ed486d39b24
android.googlesource.com/platform/packages/apps/Settings/+/36f182159ffae1f14a1733a3bb1334cdd9d44742
android.googlesource.com/platform/packages/services/Car/+/d2d8933e006efc251fda52e6807807d107f2ca12
source.android.com/security/bulletin/2020-08-01