Improves framework logging for user management.

1. Makes sure ActivityServices passed the callingPackage for logging. That way when someone with lack of permissions calls bindServiceAsUser, we will know at least which package is calling it. 2. Adds more logging to UserManagerService for user removal and creation Fixes: 110999053 Test: Flash device, use adb to remove users and verify logging. Made sure that bindServiceAsUser permission denial prints the name of the package. Change-Id: Ieab750fdb6aee04f3880625374a9ab3633e76bc4
author: jovanak <jovanak@google.com> 2018-12-03 17:23:20 -0800
committer: jovanak <jovanak@google.com> 2018-12-03 17:29:56 -0800
commit: a6763a31fefd874d31d64156bafcc4d0278baa3d (patch)
tree: a0eeb3678b255be2e260a9a6ac9dbab20810056f
parent: 7b2cd90375db11608a810167b49e34d28f8bdce3 (diff)
2 files changed, 23 insertions, 6 deletions
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java
index a19e9287aa6c..f111c3e9bb25 100644
--- a/services/core/java/com/android/server/am/ActiveServices.java
+++ b/services/core/java/com/android/server/am/ActiveServices.java
@@ -1945,7 +1945,8 @@ public final class ActiveServices {
                 + " type=" + resolvedType + " callingUid=" + callingUid);
 
         userId = mAm.mUserController.handleIncomingUser(callingPid, callingUid, userId, false,
-                ActivityManagerInternal.ALLOW_NON_FULL_IN_PROFILE, "service", null);
+                ActivityManagerInternal.ALLOW_NON_FULL_IN_PROFILE, "service",
+                callingPackage);
 
         ServiceMap smap = getServiceMapLocked(userId);
         final ComponentName comp;
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index c18ca25d8c1f..28f8feec5a5a 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -100,6 +100,8 @@ import com.android.server.am.UserState;
 import com.android.server.storage.DeviceStorageMonitorInternal;
 import com.android.server.wm.ActivityTaskManagerInternal;
 
+import libcore.io.IoUtils;
+
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmlpull.v1.XmlSerializer;
@@ -121,8 +123,6 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Objects;
 
-import libcore.io.IoUtils;
-
 /**
  * Service for {@link UserManager}.
  *
@@ -2638,10 +2638,12 @@ public class UserManagerService extends IUserManager.Stub {
                 if (!isGuest && !isManagedProfile && !isDemo && isUserLimitReached()) {
                     // If we're not adding a guest/demo user or a managed profile and the limit has
                     // been reached, cannot add a user.
+                    Log.e(LOG_TAG, "Cannot add user. Maximum user limit is reached.");
                     return null;
                 }
                 // If we're adding a guest and there already exists one, bail.
                 if (isGuest && findCurrentGuestUser() != null) {
+                    Log.e(LOG_TAG, "Cannot add guest user. Guest user already exists.");
                     return null;
                 }
                 // In legacy mode, restricted profile's parent can only be the owner user
@@ -2884,13 +2886,26 @@ public class UserManagerService extends IUserManager.Stub {
             final UserData userData;
             int currentUser = ActivityManager.getCurrentUser();
             if (currentUser == userHandle) {
-                Log.w(LOG_TAG, "Current user cannot be removed");
+                Log.w(LOG_TAG, "Current user cannot be removed.");
                 return false;
             }
             synchronized (mPackagesLock) {
                 synchronized (mUsersLock) {
                     userData = mUsers.get(userHandle);
-                    if (userHandle == 0 || userData == null || mRemovingUserIds.get(userHandle)) {
+                    if (userHandle == UserHandle.USER_SYSTEM) {
+                        Log.e(LOG_TAG, "System user cannot be removed.");
+                        return false;
+                    }
+
+                    if (userData == null) {
+                        Log.e(LOG_TAG, String.format(
+                                "Cannot remove user %d, invalid user id provided.", userHandle));
+                        return false;
+                    }
+
+                    if (mRemovingUserIds.get(userHandle)) {
+                        Log.e(LOG_TAG, String.format(
+                                "User %d is already scheduled for removal.", userHandle));
                         return false;
                     }
 
@@ -2909,7 +2924,7 @@ public class UserManagerService extends IUserManager.Stub {
             try {
                 mAppOpsService.removeUser(userHandle);
             } catch (RemoteException e) {
-                Log.w(LOG_TAG, "Unable to notify AppOpsService of removing user", e);
+                Log.w(LOG_TAG, "Unable to notify AppOpsService of removing user.", e);
             }
 
             if (userData.info.profileGroupId != UserInfo.NO_PROFILE_GROUP_ID
@@ -2933,6 +2948,7 @@ public class UserManagerService extends IUserManager.Stub {
                             }
                         });
             } catch (RemoteException e) {
+                Log.w(LOG_TAG, "Failed to stop user during removal.", e);
                 return false;
             }
             return res == ActivityManager.USER_OP_SUCCESS;
author	jovanak <jovanak@google.com>	2018-12-03 17:23:20 -0800
committer	jovanak <jovanak@google.com>	2018-12-03 17:29:56 -0800
commit	a6763a31fefd874d31d64156bafcc4d0278baa3d (patch)
tree	a0eeb3678b255be2e260a9a6ac9dbab20810056f
parent	7b2cd90375db11608a810167b49e34d28f8bdce3 (diff)