diff options
11 files changed, 60 insertions, 37 deletions
diff --git a/api/system-current.txt b/api/system-current.txt index ba6e348d375d..a1b182697345 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -119,6 +119,7 @@ package android { field public static final String MODIFY_PARENTAL_CONTROLS = "android.permission.MODIFY_PARENTAL_CONTROLS"; field public static final String MODIFY_QUIET_MODE = "android.permission.MODIFY_QUIET_MODE"; field public static final String MOVE_PACKAGE = "android.permission.MOVE_PACKAGE"; + field public static final String NETWORK_CARRIER_PROVISIONING = "android.permission.NETWORK_CARRIER_PROVISIONING"; field public static final String NETWORK_MANAGED_PROVISIONING = "android.permission.NETWORK_MANAGED_PROVISIONING"; field public static final String NETWORK_SCAN = "android.permission.NETWORK_SCAN"; field public static final String NETWORK_SETUP_WIZARD = "android.permission.NETWORK_SETUP_WIZARD"; diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index ddae34c64358..8a522656a13a 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -54,7 +54,6 @@ import android.net.NetworkUtils; import android.net.PrivateDnsConnectivityChecker; import android.net.ProxyInfo; import android.net.Uri; -import android.os.Binder; import android.os.Build; import android.os.Bundle; import android.os.ParcelFileDescriptor; @@ -6410,27 +6409,20 @@ public class DevicePolicyManager { * Returns whether the specified package can read the device identifiers. * * @param packageName The package name of the app to check for device identifier access. + * @param pid The process id of the package to be checked. + * @param uid The uid of the package to be checked. * @return whether the package can read the device identifiers. * * @hide */ - public boolean checkDeviceIdentifierAccess(String packageName) { - return checkDeviceIdentifierAccessAsUser(packageName, myUserId()); - } - - /** - * @hide - */ - @RequiresPermission(value = android.Manifest.permission.MANAGE_USERS, conditional = true) - public boolean checkDeviceIdentifierAccessAsUser(String packageName, int userId) { - throwIfParentInstance("checkDeviceIdentifierAccessAsUser"); + public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { + throwIfParentInstance("checkDeviceIdentifierAccess"); if (packageName == null) { return false; } if (mService != null) { try { - return mService.checkDeviceIdentifierAccess(packageName, userId, - Binder.getCallingPid(), Binder.getCallingUid()); + return mService.checkDeviceIdentifierAccess(packageName, pid, uid); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 3c389e4aa38c..2b9641999019 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -156,7 +156,7 @@ interface IDevicePolicyManager { void clearProfileOwner(in ComponentName who); boolean hasUserSetupCompleted(); - boolean checkDeviceIdentifierAccess(in String packageName, int userHandle, int pid, int uid); + boolean checkDeviceIdentifierAccess(in String packageName, int pid, int uid); void setDeviceOwnerLockScreenInfo(in ComponentName who, CharSequence deviceOwnerInfo); CharSequence getDeviceOwnerLockScreenInfo(); diff --git a/core/java/android/view/ViewRootImpl.java b/core/java/android/view/ViewRootImpl.java index f61c4b465b8d..f3b7ad5e557c 100644 --- a/core/java/android/view/ViewRootImpl.java +++ b/core/java/android/view/ViewRootImpl.java @@ -1981,7 +1981,6 @@ public final class ViewRootImpl implements ViewParent, mIsInTraversal = true; mWillDrawSoon = true; boolean windowSizeMayChange = false; - boolean newSurface = false; boolean surfaceChanged = false; WindowManager.LayoutParams lp = mWindowAttributes; @@ -2382,13 +2381,7 @@ public final class ViewRootImpl implements ViewParent, if (!hadSurface) { if (mSurface.isValid()) { // If we are creating a new surface, then we need to - // completely redraw it. Also, when we get to the - // point of drawing it we will hold off and schedule - // a new traversal instead. This is so we can tell the - // window manager about all of the windows being displayed - // before actually drawing them, so it can display then - // all at once. - newSurface = true; + // completely redraw it. mFullRedrawNeeded = true; mPreviousTransparentRegion.setEmpty(); @@ -2773,7 +2766,7 @@ public final class ViewRootImpl implements ViewParent, boolean cancelDraw = mAttachInfo.mTreeObserver.dispatchOnPreDraw() || !isViewVisible; - if (!cancelDraw && !newSurface) { + if (!cancelDraw) { if (mPendingTransitions != null && mPendingTransitions.size() > 0) { for (int i = 0; i < mPendingTransitions.size(); ++i) { mPendingTransitions.get(i).startChangingAnimations(); diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index ab86c42ac12f..653ced5ea5ce 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -1606,6 +1606,14 @@ <permission android:name="android.permission.NETWORK_MANAGED_PROVISIONING" android:protectionLevel="signature" /> + <!-- Allows Carrier Provisioning to call methods in Networking services + <p>Not for use by any other third-party or privileged applications. + @SystemApi + @hide This should only be used by CarrierProvisioning. + --> + <permission android:name="android.permission.NETWORK_CARRIER_PROVISIONING" + android:protectionLevel="signature|privileged" /> + <!-- #SystemApi @hide Allows applications to access information about LoWPAN interfaces. <p>Not for use by third-party applications. --> <permission android:name="android.permission.ACCESS_LOWPAN_STATE" diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 4320bf41f467..3a1f30dd3b09 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -3305,13 +3305,13 @@ <xliff:g id="proc" example="Android System">%1$s</xliff:g> process has exceeded its memory limit of <xliff:g id="size" example="350MB">%2$s</xliff:g>. A heap dump is available for you to share. Be careful: this heap dump can contain any sensitive personal information - that the process has access to.</string> + that the process has access to, which may include things you\u2019ve typed.</string> <!-- Text of dialog prompting the user to share a heap dump that they initiated [CHAR LIMIT=NONE] --> <string name="dump_heap_ready_text">A heap dump of <xliff:g id="proc" example="com.android.example">%1$s</xliff:g>\u2019s process is available for you to share. Be careful: this heap dump may contain any sensitive personal information - that the process has access to.</string> + that the process has access to, which may include things you\u2019ve typed.</string> <!-- Displayed in the title of the chooser for things to do with text that is to be sent to another application. For example, I can send diff --git a/services/core/java/com/android/server/audio/AudioDeviceInventory.java b/services/core/java/com/android/server/audio/AudioDeviceInventory.java index 5ec8cfa37e4d..5f624ba9be9d 100644 --- a/services/core/java/com/android/server/audio/AudioDeviceInventory.java +++ b/services/core/java/com/android/server/audio/AudioDeviceInventory.java @@ -896,7 +896,7 @@ public final class AudioDeviceInventory { final long ident = Binder.clearCallingIdentity(); try { - ActivityManager.broadcastStickyIntent(intent, UserHandle.USER_ALL); + ActivityManager.broadcastStickyIntent(intent, UserHandle.USER_CURRENT); } finally { Binder.restoreCallingIdentity(ident); } diff --git a/services/core/java/com/android/server/wm/ActivityStarter.java b/services/core/java/com/android/server/wm/ActivityStarter.java index 20586dbe5ece..7c12c1ebc2be 100644 --- a/services/core/java/com/android/server/wm/ActivityStarter.java +++ b/services/core/java/com/android/server/wm/ActivityStarter.java @@ -608,6 +608,7 @@ class ActivityStarter { boolean ignoreTargetSecurity, boolean componentSpecified, ActivityRecord[] outActivity, TaskRecord inTask, boolean allowPendingRemoteAnimationRegistryLookup, PendingIntentRecord originatingPendingIntent, boolean allowBackgroundActivityStart) { + mSupervisor.getActivityMetricsLogger().notifyActivityLaunching(intent); int err = ActivityManager.START_SUCCESS; // Pull the optional Ephemeral Installer-only bundle out of the options early. final Bundle verificationBundle @@ -928,8 +929,10 @@ class ActivityStarter { mService.onStartActivitySetDidAppSwitch(); mController.doPendingActivityLaunches(false); - return startActivity(r, sourceRecord, voiceSession, voiceInteractor, startFlags, + final int res = startActivity(r, sourceRecord, voiceSession, voiceInteractor, startFlags, true /* doResume */, checkedOptions, inTask, outActivity); + mSupervisor.getActivityMetricsLogger().notifyActivityLaunched(res, outActivity[0]); + return res; } private boolean shouldAbortBackgroundActivityStart(int callingUid, int callingPid, diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java b/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java index 2bf6f357bec8..bd28be1faba1 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java @@ -75,8 +75,7 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { } @Override - public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, - int uid) { + public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { return false; } diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index aaa6d164a05e..b5c845a9d012 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -8398,13 +8398,40 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } @Override - public boolean checkDeviceIdentifierAccess(String packageName, int userHandle, int pid, - int uid) { + public boolean checkDeviceIdentifierAccess(String packageName, int pid, int uid) { // If the caller is not a system app then it should only be able to check its own device // identifier access. - int callingAppId = UserHandle.getAppId(mInjector.binderGetCallingUid()); - if (callingAppId >= Process.FIRST_APPLICATION_UID - && callingAppId != UserHandle.getAppId(uid)) { + int callingUid = mInjector.binderGetCallingUid(); + int callingPid = mInjector.binderGetCallingPid(); + if (UserHandle.getAppId(callingUid) >= Process.FIRST_APPLICATION_UID + && (callingUid != uid || callingPid != pid)) { + String message = String.format( + "Calling uid %d, pid %d cannot check device identifier access for package %s " + + "(uid=%d, pid=%d)", callingUid, callingPid, packageName, uid, pid); + Log.w(LOG_TAG, message); + throw new SecurityException(message); + } + // Verify that the specified packages matches the provided uid. + int userId = UserHandle.getUserId(uid); + try { + ApplicationInfo appInfo = mIPackageManager.getApplicationInfo(packageName, 0, userId); + // Since this call goes directly to PackageManagerService a NameNotFoundException is not + // thrown but null data can be returned; if the appInfo for the specified package cannot + // be found then return false to prevent crashing the app. + if (appInfo == null) { + Log.w(LOG_TAG, + String.format("appInfo could not be found for package %s", packageName)); + return false; + } else if (uid != appInfo.uid) { + String message = String.format("Package %s (uid=%d) does not match provided uid %d", + packageName, appInfo.uid, uid); + Log.w(LOG_TAG, message); + throw new SecurityException(message); + } + } catch (RemoteException e) { + // If an exception is caught obtaining the appInfo just return false to prevent crashing + // apps due to an internal error. + Log.e(LOG_TAG, "Exception caught obtaining appInfo for package " + packageName, e); return false; } // A device or profile owner must also have the READ_PHONE_STATE permission to access device @@ -8421,7 +8448,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return true; } // Allow access to the profile owner for the specified user, or delegate cert installer - ComponentName profileOwner = getProfileOwnerAsUser(userHandle); + ComponentName profileOwner = getProfileOwnerAsUser(userId); if (profileOwner != null && (profileOwner.getPackageName().equals(packageName) || isCallerDelegate(packageName, uid, DELEGATION_CERT_INSTALL))) { return true; diff --git a/telephony/java/com/android/internal/telephony/TelephonyPermissions.java b/telephony/java/com/android/internal/telephony/TelephonyPermissions.java index f5985b4ed1a7..c9b038c7c7d6 100644 --- a/telephony/java/com/android/internal/telephony/TelephonyPermissions.java +++ b/telephony/java/com/android/internal/telephony/TelephonyPermissions.java @@ -345,8 +345,8 @@ public final class TelephonyPermissions { // Allow access to a device / profile owner app. DevicePolicyManager devicePolicyManager = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); - if (devicePolicyManager != null && devicePolicyManager.checkDeviceIdentifierAccessAsUser( - callingPackage, Binder.getCallingUserHandle().getIdentifier())) { + if (devicePolicyManager != null && devicePolicyManager.checkDeviceIdentifierAccess( + callingPackage, pid, uid)) { return true; } return false; |