diff options
| author | 2018-04-23 08:02:32 +0000 | |
|---|---|---|
| committer | 2018-04-23 08:02:32 +0000 | |
| commit | 87f521ffe91fb5e728eb358ddddb9b2159ea4be2 (patch) | |
| tree | edcc67eaadd89b64cfdf7c7f756745b0393f59bc | |
| parent | 2a915264a6e078c26cd9da900dd56e5991090004 (diff) | |
| parent | 5f1f29a97af26ef5e23724a13e52fdc41a212c43 (diff) | |
Merge "Enforce permission when disabling API checks." into pi-dev
| -rw-r--r-- | core/res/AndroidManifest.xml | 5 | ||||
| -rw-r--r-- | packages/Shell/AndroidManifest.xml | 1 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 10 |
3 files changed, 13 insertions, 3 deletions
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index c5ab2e6887b1..da494d49acd3 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -3943,6 +3943,11 @@ <permission android:name="android.permission.OPEN_APPLICATION_DETAILS_OPEN_BY_DEFAULT_PAGE" android:protectionLevel="signature" /> + <!-- Allows hidden API checks to be disabled when starting a process. + @hide <p>Not for use by third-party applications. --> + <permission android:name="android.permission.DISABLE_HIDDEN_API_CHECKS" + android:protectionLevel="signature" /> + <application android:process="system" android:persistent="true" android:hasCode="false" diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml index b49f1ac4c0cf..b4f331d89074 100644 --- a/packages/Shell/AndroidManifest.xml +++ b/packages/Shell/AndroidManifest.xml @@ -130,6 +130,7 @@ <uses-permission android:name="android.permission.CHANGE_WIFI_STATE" /> <uses-permission android:name="android.permission.SET_TIME" /> <uses-permission android:name="android.permission.SET_TIME_ZONE" /> + <uses-permission android:name="android.permission.DISABLE_HIDDEN_API_CHECKS" /> <!-- Permission needed to rename bugreport notifications (so they're not shown as Shell) --> <uses-permission android:name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME" /> <!-- Permission needed to hold a wakelock in dumpstate.cpp (drop_root_user()) --> diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 62a055d330c8..c9dbd45c5be4 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -22080,6 +22080,13 @@ public class ActivityManagerService extends IActivityManager.Stub activeInstr.mUiAutomationConnection = uiAutomationConnection; activeInstr.mResultClass = className; + boolean disableHiddenApiChecks = + (flags & INSTRUMENTATION_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0; + if (disableHiddenApiChecks) { + enforceCallingPermission(android.Manifest.permission.DISABLE_HIDDEN_API_CHECKS, + "disable hidden API checks"); + } + final long origId = Binder.clearCallingIdentity(); // Instrumentation can kill and relaunch even persistent processes forceStopPackageLocked(ii.targetPackage, -1, true, false, true, true, false, userId, @@ -22089,9 +22096,6 @@ public class ActivityManagerService extends IActivityManager.Stub mUsageStatsService.reportEvent(ii.targetPackage, userId, UsageEvents.Event.SYSTEM_INTERACTION); } - boolean disableHiddenApiChecks = - (flags & INSTRUMENTATION_FLAG_DISABLE_HIDDEN_API_CHECKS) != 0; - // TODO: Temporary whitelist of packages which need to be exempt from hidden API // checks. Remove this as soon as the testing infrastructure allows to set // the flag in AndroidTest.xml. |