summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/android/app/ActivityManagerInternal.java9
-rw-r--r--services/core/java/com/android/server/am/ActiveServices.java9
-rw-r--r--services/core/java/com/android/server/am/ActivityManagerService.java16
-rw-r--r--services/core/java/com/android/server/am/OomAdjuster.java22
-rw-r--r--services/core/java/com/android/server/appop/AppOpsService.java40
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java3
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/Owners.java10
-rw-r--r--services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java2
8 files changed, 84 insertions, 27 deletions
diff --git a/core/java/android/app/ActivityManagerInternal.java b/core/java/android/app/ActivityManagerInternal.java
index f926075714a8..9f51edbb1ded 100644
--- a/core/java/android/app/ActivityManagerInternal.java
+++ b/core/java/android/app/ActivityManagerInternal.java
@@ -394,4 +394,13 @@ public abstract class ActivityManagerInternal {
*/
// TODO: remove this toast after feature development is done
public abstract void showWhileInUseDebugToast(int uid, int op, int mode);
+
+
+ /** Is this a device owner app? */
+ public abstract boolean isDeviceOwner(int uid);
+
+ /**
+ * Called by DevicePolicyManagerService to set the uid of the device owner.
+ */
+ public abstract void setDeviceOwnerUid(int uid);
}
diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java
index d77bee35a89b..714aae1b70ca 100644
--- a/services/core/java/com/android/server/am/ActiveServices.java
+++ b/services/core/java/com/android/server/am/ActiveServices.java
@@ -4898,6 +4898,12 @@ public final class ActiveServices {
return true;
}
+ // Is the calling UID a device owner app?
+ final boolean isDeviceOwner = mAm.mInternal.isDeviceOwner(callingUid);
+ if (isDeviceOwner) {
+ return true;
+ }
+
r.mInfoDenyWhileInUsePermissionInFgs =
"Background FGS start while-in-use permission restriction [callingPackage: "
+ callingPackage
@@ -4933,7 +4939,8 @@ public final class ActiveServices {
+ r.mRecentCallingPackage
+ "; intent:" + r.intent.getIntent()
+ "] affected while-in-use permission:"
- + AppOpsManager.opToPublicName(op);
+ + AppOpsManager.opToPublicName(op)
+ + "; targetSdkVersion:" + r.appInfo.targetSdkVersion;
Slog.wtf(TAG, msg);
}
}
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 38405e1ccc03..73d6fff37ac1 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -636,6 +636,8 @@ public class ActivityManagerService extends IActivityManager.Stub
*/
String mDeviceOwnerName;
+ private int mDeviceOwnerUid = Process.INVALID_UID;
+
final UserController mUserController;
@VisibleForTesting
public final PendingIntentController mPendingIntentController;
@@ -19491,6 +19493,20 @@ public class ActivityManagerService extends IActivityManager.Stub
uid, op, mode);
}
}
+
+ @Override
+ public void setDeviceOwnerUid(int uid) {
+ synchronized (ActivityManagerService.this) {
+ mDeviceOwnerUid = uid;
+ }
+ }
+
+ @Override
+ public boolean isDeviceOwner(int uid) {
+ synchronized (ActivityManagerService.this) {
+ return uid >= 0 && mDeviceOwnerUid == uid;
+ }
+ }
}
long inputDispatchingTimedOut(int pid, final boolean aboveSystem, String reason) {
diff --git a/services/core/java/com/android/server/am/OomAdjuster.java b/services/core/java/com/android/server/am/OomAdjuster.java
index d4a05025499f..1412112651c4 100644
--- a/services/core/java/com/android/server/am/OomAdjuster.java
+++ b/services/core/java/com/android/server/am/OomAdjuster.java
@@ -151,10 +151,14 @@ public final class OomAdjuster {
@EnabledAfter(targetSdkVersion=android.os.Build.VERSION_CODES.Q)
static final long CAMERA_MICROPHONE_CAPABILITY_CHANGE_ID = 136219221L;
- //TODO: remove this when development is done.
- private static final int TEMP_PROCESS_CAPABILITY_FOREGROUND_LOCATION = 1 << 31;
- private static final int TEMP_PROCESS_CAPABILITY_FOREGROUND_CAMERA = 1 << 30;
- private static final int TEMP_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE = 1 << 29;
+ // TODO: remove this when development is done.
+ // These are debug flags used between OomAdjuster and AppOpsService to detect and report absence
+ // of the real flags.
+ public static final int DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE_Q = 1 << 27;
+ public static final int DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA_Q = 1 << 28;
+ public static final int DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE = 1 << 29;
+ public static final int DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA = 1 << 30;
+ public static final int DEBUG_PROCESS_CAPABILITY_FOREGROUND_LOCATION = 1 << 31;
/**
* For some direct access we need to power manager.
@@ -1501,7 +1505,7 @@ public final class OomAdjuster {
//TODO: remove this block when development is done.
capabilityFromFGS |=
(fgsType & FOREGROUND_SERVICE_TYPE_LOCATION)
- != 0 ? TEMP_PROCESS_CAPABILITY_FOREGROUND_LOCATION : 0;
+ != 0 ? DEBUG_PROCESS_CAPABILITY_FOREGROUND_LOCATION : 0;
}
if (s.mAllowWhileInUsePermissionInFgs) {
boolean enabled = false;
@@ -1514,22 +1518,22 @@ public final class OomAdjuster {
capabilityFromFGS |=
(fgsType & FOREGROUND_SERVICE_TYPE_CAMERA)
!= 0 ? PROCESS_CAPABILITY_FOREGROUND_CAMERA
- : TEMP_PROCESS_CAPABILITY_FOREGROUND_CAMERA;
+ : DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA;
capabilityFromFGS |=
(fgsType & FOREGROUND_SERVICE_TYPE_MICROPHONE)
!= 0 ? PROCESS_CAPABILITY_FOREGROUND_MICROPHONE
- : TEMP_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE;
+ : DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE;
} else {
// Remove fgsType check and assign PROCESS_CAPABILITY_FOREGROUND_CAMERA
// and MICROPHONE when finish debugging.
capabilityFromFGS |=
(fgsType & FOREGROUND_SERVICE_TYPE_CAMERA)
!= 0 ? PROCESS_CAPABILITY_FOREGROUND_CAMERA
- : TEMP_PROCESS_CAPABILITY_FOREGROUND_CAMERA;
+ : DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA_Q;
capabilityFromFGS |=
(fgsType & FOREGROUND_SERVICE_TYPE_MICROPHONE)
!= 0 ? PROCESS_CAPABILITY_FOREGROUND_MICROPHONE
- : TEMP_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE;
+ : DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE_Q;
}
}
}
diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index 6613d5f8d57a..8e6ef75078b3 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -66,6 +66,11 @@ import static android.content.Intent.EXTRA_REPLACING;
import static android.content.pm.PermissionInfo.PROTECTION_DANGEROUS;
import static android.content.pm.PermissionInfo.PROTECTION_FLAG_APPOP;
+import static com.android.server.am.OomAdjuster.DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA;
+import static com.android.server.am.OomAdjuster.DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA_Q;
+import static com.android.server.am.OomAdjuster.DEBUG_PROCESS_CAPABILITY_FOREGROUND_LOCATION;
+import static com.android.server.am.OomAdjuster.DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE;
+import static com.android.server.am.OomAdjuster.DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE_Q;
import static com.android.server.appop.AppOpsService.ModeCallback.ALL_OPS;
import static java.lang.Long.max;
@@ -248,9 +253,6 @@ public class AppOpsService extends IAppOpsService.Stub {
private static final int RARELY_USED_PACKAGES_INITIALIZATION_DELAY_MILLIS = 300000;
//TODO: remove this when development is done.
- private static final int TEMP_PROCESS_CAPABILITY_FOREGROUND_LOCATION = 1 << 31;
- private static final int TEMP_PROCESS_CAPABILITY_FOREGROUND_CAMERA = 1 << 30;
- private static final int TEMP_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE = 1 << 29;
private static final int DEBUG_FGS_ALLOW_WHILE_IN_USE = 0;
private static final int DEBUG_FGS_ENFORCE_TYPE = 1;
@@ -552,7 +554,7 @@ public class AppOpsService extends IAppOpsService.Stub {
if ((capability & PROCESS_CAPABILITY_FOREGROUND_LOCATION) != 0) {
return MODE_ALLOWED;
} else if ((capability
- & TEMP_PROCESS_CAPABILITY_FOREGROUND_LOCATION) != 0) {
+ & DEBUG_PROCESS_CAPABILITY_FOREGROUND_LOCATION) != 0) {
// The FGS has the location capability, but due to FGS BG start
// restriction it lost the capability, use temp location capability
// to mark this case.
@@ -564,11 +566,14 @@ public class AppOpsService extends IAppOpsService.Stub {
case OP_CAMERA:
if ((capability & PROCESS_CAPABILITY_FOREGROUND_CAMERA) != 0) {
return MODE_ALLOWED;
- } else if ((capability & TEMP_PROCESS_CAPABILITY_FOREGROUND_CAMERA)
+ } else if ((capability & DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA_Q)
!= 0) {
- // CHANGE TO MODE_IGNORED when enforce this feature.
maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ENFORCE_TYPE);
return MODE_ALLOWED;
+ } else if ((capability & DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA)
+ != 0) {
+ maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ENFORCE_TYPE);
+ return MODE_IGNORED;
} else {
maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ALLOW_WHILE_IN_USE);
return MODE_IGNORED;
@@ -576,11 +581,14 @@ public class AppOpsService extends IAppOpsService.Stub {
case OP_RECORD_AUDIO:
if ((capability & PROCESS_CAPABILITY_FOREGROUND_MICROPHONE) != 0) {
return MODE_ALLOWED;
- } else if ((capability & TEMP_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE)
- != 0) {
- // CHANGE TO MODE_IGNORED when enforce this feature.
+ } else if ((capability
+ & DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE_Q) != 0) {
maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ENFORCE_TYPE);
return MODE_ALLOWED;
+ } else if ((capability
+ & DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE) != 0) {
+ maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ENFORCE_TYPE);
+ return MODE_IGNORED;
} else {
maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ALLOW_WHILE_IN_USE);
return MODE_IGNORED;
@@ -597,10 +605,13 @@ public class AppOpsService extends IAppOpsService.Stub {
case OP_CAMERA:
if ((capability & PROCESS_CAPABILITY_FOREGROUND_CAMERA) != 0) {
return MODE_ALLOWED;
- } else if ((capability & TEMP_PROCESS_CAPABILITY_FOREGROUND_CAMERA) != 0) {
- // CHANGE TO MODE_IGNORED when enforce this feature.
+ } else if ((capability
+ & DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA_Q) != 0) {
maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ENFORCE_TYPE);
return MODE_ALLOWED;
+ } else if ((capability & DEBUG_PROCESS_CAPABILITY_FOREGROUND_CAMERA) != 0) {
+ maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ENFORCE_TYPE);
+ return MODE_IGNORED;
} else {
maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ALLOW_WHILE_IN_USE);
return MODE_IGNORED;
@@ -608,11 +619,14 @@ public class AppOpsService extends IAppOpsService.Stub {
case OP_RECORD_AUDIO:
if ((capability & PROCESS_CAPABILITY_FOREGROUND_MICROPHONE) != 0) {
return MODE_ALLOWED;
- } else if ((capability & TEMP_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE)
+ } else if ((capability & DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE_Q)
!= 0) {
- // CHANGE TO MODE_IGNORED when enforce this feature.
maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ENFORCE_TYPE);
return MODE_ALLOWED;
+ } else if ((capability & DEBUG_PROCESS_CAPABILITY_FOREGROUND_MICROPHONE)
+ != 0) {
+ maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ENFORCE_TYPE);
+ return MODE_IGNORED;
} else {
maybeShowWhileInUseDebugToast(op, DEBUG_FGS_ALLOW_WHILE_IN_USE);
return MODE_IGNORED;
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index b0eb14852251..1544ff127121 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2079,7 +2079,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Owners newOwners() {
return new Owners(getUserManager(), getUserManagerInternal(),
- getPackageManagerInternal(), getActivityTaskManagerInternal());
+ getPackageManagerInternal(), getActivityTaskManagerInternal(),
+ getActivityManagerInternal());
}
UserManager getUserManager() {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
index f70fe909b459..3cdd482ffa37 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java
@@ -17,6 +17,7 @@
package com.android.server.devicepolicy;
import android.annotation.Nullable;
+import android.app.ActivityManagerInternal;
import android.app.AppOpsManagerInternal;
import android.app.admin.SystemUpdateInfo;
import android.app.admin.SystemUpdatePolicy;
@@ -112,6 +113,7 @@ class Owners {
private final UserManagerInternal mUserManagerInternal;
private final PackageManagerInternal mPackageManagerInternal;
private final ActivityTaskManagerInternal mActivityTaskManagerInternal;
+ private final ActivityManagerInternal mActivityManagerInternal;
private boolean mSystemReady;
@@ -138,9 +140,10 @@ class Owners {
public Owners(UserManager userManager,
UserManagerInternal userManagerInternal,
PackageManagerInternal packageManagerInternal,
- ActivityTaskManagerInternal activityTaskManagerInternal) {
+ ActivityTaskManagerInternal activityTaskManagerInternal,
+ ActivityManagerInternal activitykManagerInternal) {
this(userManager, userManagerInternal, packageManagerInternal,
- activityTaskManagerInternal, new Injector());
+ activityTaskManagerInternal, activitykManagerInternal, new Injector());
}
@VisibleForTesting
@@ -148,11 +151,13 @@ class Owners {
UserManagerInternal userManagerInternal,
PackageManagerInternal packageManagerInternal,
ActivityTaskManagerInternal activityTaskManagerInternal,
+ ActivityManagerInternal activityManagerInternal,
Injector injector) {
mUserManager = userManager;
mUserManagerInternal = userManagerInternal;
mPackageManagerInternal = packageManagerInternal;
mActivityTaskManagerInternal = activityTaskManagerInternal;
+ mActivityManagerInternal = activityManagerInternal;
mInjector = injector;
}
@@ -220,6 +225,7 @@ class Owners {
PackageManager.MATCH_ALL | PackageManager.MATCH_KNOWN_PACKAGES, mDeviceOwnerUserId)
: Process.INVALID_UID;
mActivityTaskManagerInternal.setDeviceOwnerUid(uid);
+ mActivityManagerInternal.setDeviceOwnerUid(uid);
}
String getDeviceOwnerPackageName() {
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
index c1bcf1fb75a6..3e5c21c67bb3 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
@@ -68,7 +68,7 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi
public OwnersTestable(MockSystemServices services) {
super(services.userManager, services.userManagerInternal,
services.packageManagerInternal, services.activityTaskManagerInternal,
- new MockInjector(services));
+ services.activityManagerInternal, new MockInjector(services));
}
static class MockInjector extends Injector {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-06 17:41:39 +0000