diff options
8 files changed, 58 insertions, 32 deletions
diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java index 6f8233d5de9b..c9031b711657 100644 --- a/core/java/android/app/ApplicationPackageManager.java +++ b/core/java/android/app/ApplicationPackageManager.java @@ -763,26 +763,27 @@ public class ApplicationPackageManager extends PackageManager { @Override public void revokeRuntimePermission(String packageName, String permName, UserHandle user) { + revokeRuntimePermission(packageName, permName, user, null); + } + + @Override + public void revokeRuntimePermission(String packageName, String permName, UserHandle user, + String reason) { if (DEBUG_TRACE_PERMISSION_UPDATES && shouldTraceGrant(packageName, permName, user.getIdentifier())) { Log.i(TAG, "App " + mContext.getPackageName() + " is revoking " + packageName + " " - + permName + " for user " + user.getIdentifier(), new RuntimeException()); + + permName + " for user " + user.getIdentifier() + " with reason " + reason, + new RuntimeException()); } try { mPermissionManager - .revokeRuntimePermission(packageName, permName, user.getIdentifier()); + .revokeRuntimePermission(packageName, permName, user.getIdentifier(), reason); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } @Override - public void revokeRuntimePermission(String packageName, String permName, UserHandle user, - String reason) { - // TODO evanseverson: impl - } - - @Override public int getPermissionFlags(String permName, String packageName, UserHandle user) { try { return mPermissionManager diff --git a/core/java/android/app/IActivityManager.aidl b/core/java/android/app/IActivityManager.aidl index e84c5e574713..945957738f8e 100644 --- a/core/java/android/app/IActivityManager.aidl +++ b/core/java/android/app/IActivityManager.aidl @@ -677,4 +677,10 @@ interface IActivityManager { * Return whether the app freezer is supported (true) or not (false) by this system. */ boolean isAppFreezerSupported(); + + + /** + * Kills uid with the reason of permission change. + */ + void killUidForPermissionChange(int appId, int userId, String reason); } diff --git a/core/java/android/app/UiAutomationConnection.java b/core/java/android/app/UiAutomationConnection.java index 82e988109db8..ce51dba76780 100644 --- a/core/java/android/app/UiAutomationConnection.java +++ b/core/java/android/app/UiAutomationConnection.java @@ -294,7 +294,7 @@ public final class UiAutomationConnection extends IUiAutomationConnection.Stub { } final long identity = Binder.clearCallingIdentity(); try { - mPermissionManager.revokeRuntimePermission(packageName, permission, userId); + mPermissionManager.revokeRuntimePermission(packageName, permission, userId, null); } finally { Binder.restoreCallingIdentity(identity); } diff --git a/core/java/android/permission/IPermissionManager.aidl b/core/java/android/permission/IPermissionManager.aidl index 235b0830b9aa..e23102113e9f 100644 --- a/core/java/android/permission/IPermissionManager.aidl +++ b/core/java/android/permission/IPermissionManager.aidl @@ -71,7 +71,7 @@ interface IPermissionManager { void grantRuntimePermission(String packageName, String permName, int userId); - void revokeRuntimePermission(String packageName, String permName, int userId); + void revokeRuntimePermission(String packageName, String permName, int userId, String reason); void resetRuntimePermissions(); diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index be859069950e..a5d99e019f98 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -82,8 +82,6 @@ import static android.os.Process.removeAllProcessGroups; import static android.os.Process.sendSignal; import static android.os.Process.setThreadPriority; import static android.os.Process.setThreadScheduler; -import static android.permission.PermissionManager.KILL_APP_REASON_GIDS_CHANGED; -import static android.permission.PermissionManager.KILL_APP_REASON_PERMISSIONS_REVOKED; import static android.provider.Settings.Global.ALWAYS_FINISH_ACTIVITIES; import static android.provider.Settings.Global.DEBUG_APP; import static android.provider.Settings.Global.NETWORK_ACCESS_TIMEOUT_MS; @@ -9202,16 +9200,31 @@ public class ActivityManagerService extends IActivityManager.Stub synchronized (this) { final long identity = Binder.clearCallingIdentity(); try { - boolean permissionChange = KILL_APP_REASON_PERMISSIONS_REVOKED.equals(reason) - || KILL_APP_REASON_GIDS_CHANGED.equals(reason); mProcessList.killPackageProcessesLocked(null /* packageName */, appId, userId, ProcessList.PERSISTENT_PROC_ADJ, false /* callerWillRestart */, true /* callerWillRestart */, true /* doit */, true /* evenPersistent */, false /* setRemoved */, - permissionChange ? ApplicationExitInfo.REASON_PERMISSION_CHANGE - : ApplicationExitInfo.REASON_OTHER, - permissionChange ? ApplicationExitInfo.SUBREASON_UNKNOWN - : ApplicationExitInfo.SUBREASON_KILL_UID, + ApplicationExitInfo.REASON_OTHER, + ApplicationExitInfo.SUBREASON_KILL_UID, + reason != null ? reason : "kill uid"); + } finally { + Binder.restoreCallingIdentity(identity); + } + } + } + + @Override + public void killUidForPermissionChange(int appId, int userId, String reason) { + enforceCallingPermission(Manifest.permission.KILL_UID, "killUid"); + synchronized (this) { + final long identity = Binder.clearCallingIdentity(); + try { + mProcessList.killPackageProcessesLocked(null /* packageName */, appId, userId, + ProcessList.PERSISTENT_PROC_ADJ, false /* callerWillRestart */, + true /* callerWillRestart */, true /* doit */, true /* evenPersistent */, + false /* setRemoved */, + ApplicationExitInfo.REASON_PERMISSION_CHANGE, + ApplicationExitInfo.SUBREASON_UNKNOWN, reason != null ? reason : "kill uid"); } finally { Binder.restoreCallingIdentity(identity); diff --git a/services/core/java/com/android/server/pm/PackageManagerShellCommand.java b/services/core/java/com/android/server/pm/PackageManagerShellCommand.java index 0dc4d131640c..1a7490e8b327 100644 --- a/services/core/java/com/android/server/pm/PackageManagerShellCommand.java +++ b/services/core/java/com/android/server/pm/PackageManagerShellCommand.java @@ -2281,7 +2281,7 @@ class PackageManagerShellCommand extends ShellCommand { if (grant) { mPermissionManager.grantRuntimePermission(pkg, perm, translatedUserId); } else { - mPermissionManager.revokeRuntimePermission(pkg, perm, translatedUserId); + mPermissionManager.revokeRuntimePermission(pkg, perm, translatedUserId, null); } return 0; } diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java index 1b11e2d0860d..e8f53b7fc209 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java @@ -327,13 +327,17 @@ public class PermissionManagerService extends IPermissionManager.Stub { mPackageManagerInt.writeSettings(true); } @Override - public void onPermissionRevoked(int uid, int userId) { + public void onPermissionRevoked(int uid, int userId, String reason) { mOnPermissionChangeListeners.onPermissionsChanged(uid); // Critical; after this call the application should never have the permission mPackageManagerInt.writeSettings(false); final int appId = UserHandle.getAppId(uid); - mHandler.post(() -> killUid(appId, userId, KILL_APP_REASON_PERMISSIONS_REVOKED)); + if (reason == null) { + mHandler.post(() -> killUid(appId, userId, KILL_APP_REASON_PERMISSIONS_REVOKED)); + } else { + mHandler.post(() -> killUid(appId, userId, reason)); + } } @Override public void onInstallPermissionRevoked() { @@ -470,7 +474,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { IActivityManager am = ActivityManager.getService(); if (am != null) { try { - am.killUid(appId, userId, reason); + am.killUidForPermissionChange(appId, userId, reason); } catch (RemoteException e) { /* ignore - same process */ } @@ -1526,19 +1530,21 @@ public class PermissionManagerService extends IPermissionManager.Stub { } @Override - public void revokeRuntimePermission(String packageName, String permName, int userId) { + public void revokeRuntimePermission(String packageName, String permName, int userId, + String reason) { final int callingUid = Binder.getCallingUid(); final boolean overridePolicy = checkUidPermission(ADJUST_RUNTIME_PERMISSIONS_POLICY, callingUid) == PackageManager.PERMISSION_GRANTED; revokeRuntimePermissionInternal(permName, packageName, overridePolicy, callingUid, userId, - mDefaultPermissionCallback); + reason, mDefaultPermissionCallback); } // TODO swap permission name and package name private void revokeRuntimePermissionInternal(String permName, String packageName, - boolean overridePolicy, int callingUid, final int userId, PermissionCallback callback) { + boolean overridePolicy, int callingUid, final int userId, String reason, + PermissionCallback callback) { if (ApplicationPackageManager.DEBUG_TRACE_PERMISSION_UPDATES && ApplicationPackageManager.shouldTraceGrant(packageName, permName, userId)) { Log.i(TAG, "System is revoking " + packageName + " " @@ -1629,7 +1635,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { if (callback != null) { callback.onPermissionRevoked(UserHandle.getUid(userId, - UserHandle.getAppId(pkg.getUid())), userId); + UserHandle.getAppId(pkg.getUid())), userId, reason); } if (bp.isRuntime()) { @@ -1703,7 +1709,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { mDefaultPermissionCallback.onInstallPermissionGranted(); } - public void onPermissionRevoked(int uid, int userId) { + public void onPermissionRevoked(int uid, int userId, String reason) { revokedPermissions.add(IntPair.of(uid, userId)); syncUpdatedUsers.add(userId); @@ -1816,7 +1822,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { } else if ((flags & FLAG_PERMISSION_REVIEW_REQUIRED) == 0) { // Otherwise, reset the permission. revokeRuntimePermissionInternal(permName, packageName, false, Process.SYSTEM_UID, - userId, delayingPermCallback); + userId, null, delayingPermCallback); } } @@ -2297,7 +2303,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { try { revokeRuntimePermissionInternal(permissionName, packageName, - false, callingUid, userId, permissionCallback); + false, callingUid, userId, null, permissionCallback); } catch (IllegalArgumentException e) { Slog.e(TAG, "Could not revoke " + permissionName + " from " + packageName, e); @@ -3869,7 +3875,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { final PermissionsState newPermissionsState = PackageManagerServiceUtils.getPermissionsState(mPackageManagerInt, pkg); if (!newPermissionsState.hasPermission(permission, userId)) { - callback.onPermissionRevoked(pkg.getUid(), userId); + callback.onPermissionRevoked(pkg.getUid(), userId, null); break; } } @@ -4228,7 +4234,7 @@ public class PermissionManagerService extends IPermissionManager.Stub { overridePolicy, Process.SYSTEM_UID, userId, - callback); + null, callback); } catch (IllegalArgumentException e) { Slog.e(TAG, "Failed to revoke " diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java index 4412162a5cc8..2e83b23f57d8 100644 --- a/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java +++ b/services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java @@ -156,7 +156,7 @@ public abstract class PermissionManagerServiceInternal extends PermissionManager } public void onInstallPermissionGranted() { } - public void onPermissionRevoked(int uid, @UserIdInt int userId) { + public void onPermissionRevoked(int uid, @UserIdInt int userId, String reason) { } public void onInstallPermissionRevoked() { } |