Merge "App ops: cleanup, handle root and shell, perms." (1d3079cb) · Commits · e / os / android_frameworks_base

data/etc/platform.xml

+0 −65

Original line number	Diff line number	Diff line
		@@ -122,71 +122,6 @@
		others should have a fairly open environment in which to
		interact with the system. -->

		<!-- Standard permissions granted to the shell. -->
		<assign-permission name="android.permission.WRITE_EXTERNAL_STORAGE" uid="shell" />
		<assign-permission name="android.permission.SEND_SMS" uid="shell" />
		<assign-permission name="android.permission.CALL_PHONE" uid="shell" />
		<assign-permission name="android.permission.READ_CONTACTS" uid="shell" />
		<assign-permission name="android.permission.WRITE_CONTACTS" uid="shell" />
		<assign-permission name="android.permission.READ_CALENDAR" uid="shell" />
		<assign-permission name="android.permission.WRITE_CALENDAR" uid="shell" />
		<assign-permission name="android.permission.READ_USER_DICTIONARY" uid="shell" />
		<assign-permission name="android.permission.WRITE_USER_DICTIONARY" uid="shell" />
		<assign-permission name="android.permission.ACCESS_FINE_LOCATION" uid="shell" />
		<assign-permission name="android.permission.ACCESS_COARSE_LOCATION" uid="shell" />
		<assign-permission name="android.permission.ACCESS_LOCATION_EXTRA_COMMANDS" uid="shell" />
		<assign-permission name="android.permission.ACCESS_NETWORK_STATE" uid="shell" />
		<assign-permission name="android.permission.ACCESS_WIFI_STATE" uid="shell" />
		<assign-permission name="android.permission.BLUETOOTH" uid="shell" />
		<assign-permission name="android.permission.EXPAND_STATUS_BAR" uid="shell" />
		<!-- System tool permissions granted to the shell. -->
		<assign-permission name="android.permission.GET_TASKS" uid="shell" />
		<assign-permission name="android.permission.CHANGE_CONFIGURATION" uid="shell" />
		<assign-permission name="android.permission.REORDER_TASKS" uid="shell" />
		<assign-permission name="android.permission.SET_ANIMATION_SCALE" uid="shell" />
		<assign-permission name="android.permission.SET_PREFERRED_APPLICATIONS" uid="shell" />
		<assign-permission name="android.permission.WRITE_SETTINGS" uid="shell" />
		<assign-permission name="android.permission.WRITE_SECURE_SETTINGS" uid="shell" />
		<assign-permission name="android.permission.BROADCAST_STICKY" uid="shell" />
		<!-- Development tool permissions granted to the shell. -->
		<assign-permission name="android.permission.SET_DEBUG_APP" uid="shell" />
		<assign-permission name="android.permission.SET_PROCESS_LIMIT" uid="shell" />
		<assign-permission name="android.permission.SET_ALWAYS_FINISH" uid="shell" />
		<assign-permission name="android.permission.DUMP" uid="shell" />
		<assign-permission name="android.permission.SIGNAL_PERSISTENT_PROCESSES" uid="shell" />
		<assign-permission name="android.permission.KILL_BACKGROUND_PROCESSES" uid="shell" />
		<!-- Internal permissions granted to the shell. -->
		<assign-permission name="android.permission.FORCE_BACK" uid="shell" />
		<assign-permission name="android.permission.BATTERY_STATS" uid="shell" />
		<assign-permission name="android.permission.INTERNAL_SYSTEM_WINDOW" uid="shell" />
		<assign-permission name="android.permission.INJECT_EVENTS" uid="shell" />
		<assign-permission name="android.permission.RETRIEVE_WINDOW_CONTENT" uid="shell" />
		<assign-permission name="android.permission.SET_ACTIVITY_WATCHER" uid="shell" />
		<assign-permission name="android.permission.READ_INPUT_STATE" uid="shell" />
		<assign-permission name="android.permission.SET_ORIENTATION" uid="shell" />
		<assign-permission name="android.permission.INSTALL_PACKAGES" uid="shell" />
		<assign-permission name="android.permission.CLEAR_APP_USER_DATA" uid="shell" />
		<assign-permission name="android.permission.DELETE_CACHE_FILES" uid="shell" />
		<assign-permission name="android.permission.DELETE_PACKAGES" uid="shell" />
		<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="shell" />
		<assign-permission name="android.permission.READ_FRAME_BUFFER" uid="shell" />
		<assign-permission name="android.permission.DEVICE_POWER" uid="shell" />
		<assign-permission name="android.permission.INSTALL_LOCATION_PROVIDER" uid="shell" />
		<assign-permission name="android.permission.BACKUP" uid="shell" />
		<assign-permission name="android.permission.FORCE_STOP_PACKAGES" uid="shell" />
		<assign-permission name="android.permission.STOP_APP_SWITCHES" uid="shell" />
		<assign-permission name="android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY" uid="shell" />
		<assign-permission name="android.permission.GRANT_REVOKE_PERMISSIONS" uid="shell" />
		<assign-permission name="android.permission.SET_KEYBOARD_LAYOUT" uid="shell" />
		<assign-permission name="android.permission.GET_DETAILED_TASKS" uid="shell" />
		<assign-permission name="android.permission.SET_SCREEN_COMPATIBILITY" uid="shell" />
		<assign-permission name="android.permission.READ_EXTERNAL_STORAGE" uid="shell" />
		<assign-permission name="android.permission.WRITE_EXTERNAL_STORAGE" uid="shell" />
		<assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="shell" />
		<assign-permission name="android.permission.INTERACT_ACROSS_USERS_FULL" uid="shell" />
		<assign-permission name="android.permission.MANAGE_USERS" uid="shell" />
		<assign-permission name="android.permission.BLUETOOTH_STACK" uid="shell" />

		<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
		<assign-permission name="android.permission.ACCESS_DRM" uid="media" />
		<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />

packages/Shell/Android.mk

0 → 100644

+11 −0

Original line number	Diff line number	Diff line
		LOCAL_PATH:= $(call my-dir)
		include $(CLEAR_VARS)

		LOCAL_MODULE_TAGS := optional

		LOCAL_SRC_FILES := $(call all-subdir-java-files)

		LOCAL_PACKAGE_NAME := Shell
		LOCAL_CERTIFICATE := platform

		include $(BUILD_PACKAGE)

packages/Shell/AndroidManifest.xml

0 → 100644

+74 −0

Original line number	Diff line number	Diff line
		<manifest xmlns:android="http://schemas.android.com/apk/res/android"
		package="com.android.shell"
		coreApp="true"
		android:sharedUserId="android.uid.shell"
		>

		<!-- Standard permissions granted to the shell. -->
		<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
		<uses-permission android:name="android.permission.SEND_SMS" />
		<uses-permission android:name="android.permission.CALL_PHONE" />
		<uses-permission android:name="android.permission.READ_CONTACTS" />
		<uses-permission android:name="android.permission.WRITE_CONTACTS" />
		<uses-permission android:name="android.permission.READ_CALENDAR" />
		<uses-permission android:name="android.permission.WRITE_CALENDAR" />
		<uses-permission android:name="android.permission.READ_USER_DICTIONARY" />
		<uses-permission android:name="android.permission.WRITE_USER_DICTIONARY" />
		<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
		<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
		<uses-permission android:name="android.permission.ACCESS_LOCATION_EXTRA_COMMANDS" />
		<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
		<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
		<uses-permission android:name="android.permission.BLUETOOTH" />
		<uses-permission android:name="android.permission.EXPAND_STATUS_BAR" />
		<!-- System tool permissions granted to the shell. -->
		<uses-permission android:name="android.permission.GET_TASKS" />
		<uses-permission android:name="android.permission.CHANGE_CONFIGURATION" />
		<uses-permission android:name="android.permission.REORDER_TASKS" />
		<uses-permission android:name="android.permission.SET_ANIMATION_SCALE" />
		<uses-permission android:name="android.permission.SET_PREFERRED_APPLICATIONS" />
		<uses-permission android:name="android.permission.WRITE_SETTINGS" />
		<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
		<uses-permission android:name="android.permission.BROADCAST_STICKY" />
		<!-- Development tool permissions granted to the shell. -->
		<uses-permission android:name="android.permission.SET_DEBUG_APP" />
		<uses-permission android:name="android.permission.SET_PROCESS_LIMIT" />
		<uses-permission android:name="android.permission.SET_ALWAYS_FINISH" />
		<uses-permission android:name="android.permission.DUMP" />
		<uses-permission android:name="android.permission.SIGNAL_PERSISTENT_PROCESSES" />
		<uses-permission android:name="android.permission.KILL_BACKGROUND_PROCESSES" />
		<!-- Internal permissions granted to the shell. -->
		<uses-permission android:name="android.permission.FORCE_BACK" />
		<uses-permission android:name="android.permission.BATTERY_STATS" />
		<uses-permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW" />
		<uses-permission android:name="android.permission.INJECT_EVENTS" />
		<uses-permission android:name="android.permission.RETRIEVE_WINDOW_CONTENT" />
		<uses-permission android:name="android.permission.SET_ACTIVITY_WATCHER" />
		<uses-permission android:name="android.permission.READ_INPUT_STATE" />
		<uses-permission android:name="android.permission.SET_ORIENTATION" />
		<uses-permission android:name="android.permission.INSTALL_PACKAGES" />
		<uses-permission android:name="android.permission.CLEAR_APP_USER_DATA" />
		<uses-permission android:name="android.permission.DELETE_CACHE_FILES" />
		<uses-permission android:name="android.permission.DELETE_PACKAGES" />
		<uses-permission android:name="android.permission.ACCESS_SURFACE_FLINGER" />
		<uses-permission android:name="android.permission.READ_FRAME_BUFFER" />
		<uses-permission android:name="android.permission.DEVICE_POWER" />
		<uses-permission android:name="android.permission.INSTALL_LOCATION_PROVIDER" />
		<uses-permission android:name="android.permission.BACKUP" />
		<uses-permission android:name="android.permission.FORCE_STOP_PACKAGES" />
		<uses-permission android:name="android.permission.STOP_APP_SWITCHES" />
		<uses-permission android:name="android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY" />
		<uses-permission android:name="android.permission.GRANT_REVOKE_PERMISSIONS" />
		<uses-permission android:name="android.permission.SET_KEYBOARD_LAYOUT" />
		<uses-permission android:name="android.permission.GET_DETAILED_TASKS" />
		<uses-permission android:name="android.permission.SET_SCREEN_COMPATIBILITY" />
		<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
		<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
		<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />
		<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />
		<uses-permission android:name="android.permission.MANAGE_USERS" />
		<uses-permission android:name="android.permission.BLUETOOTH_STACK" />

		<application android:hasCode="false" android:label="@string/app_label">
		</application>
		</manifest>

packages/Shell/res/values/strings.xml

0 → 100644

+19 −0

Original line number	Diff line number	Diff line
		<?xml version="1.0" encoding="utf-8"?>
		<!-- Copyright (C) 2013 The Android Open Source Project

		Licensed under the Apache License, Version 2.0 (the "License");
		you may not use this file except in compliance with the License.
		You may obtain a copy of the License at

		http://www.apache.org/licenses/LICENSE-2.0

		Unless required by applicable law or agreed to in writing, software
		distributed under the License is distributed on an "AS IS" BASIS,
		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		See the License for the specific language governing permissions and
		limitations under the License.
		-->

		<resources>
		<string name="app_label">Shell</string>
		</resources>

services/java/com/android/server/AppOpsService.java

+99 −15

Original line number	Diff line number	Diff line
		@@ -149,6 +149,61 @@ public class AppOpsService extends IAppOpsService.Stub {
		ServiceManager.addService(Context.APP_OPS_SERVICE, asBinder());
		}

		public void systemReady() {
		synchronized (this) {
		boolean changed = false;
		for (int i=0; i<mUidOps.size(); i++) {
		HashMap<String, Ops> pkgs = mUidOps.valueAt(i);
		Iterator<Ops> it = pkgs.values().iterator();
		while (it.hasNext()) {
		Ops ops = it.next();
		int curUid;
		try {
		curUid = mContext.getPackageManager().getPackageUid(ops.packageName,
		UserHandle.getUserId(ops.uid));
		} catch (NameNotFoundException e) {
		curUid = -1;
		}
		if (curUid != ops.uid) {
		Slog.i(TAG, "Pruning old package " + ops.packageName
		+ "/" + ops.uid + ": new uid=" + curUid);
		it.remove();
		changed = true;
		}
		}
		if (pkgs.size() <= 0) {
		mUidOps.removeAt(i);
		}
		}
		if (changed) {
		scheduleWriteLocked();
		}
		}
		}

		public void packageRemoved(int uid, String packageName) {
		synchronized (this) {
		HashMap<String, Ops> pkgs = mUidOps.get(uid);
		if (pkgs != null) {
		if (pkgs.remove(packageName) != null) {
		if (pkgs.size() <= 0) {
		mUidOps.remove(uid);
		}
		scheduleWriteLocked();
		}
		}
		}
		}

		public void uidRemoved(int uid) {
		synchronized (this) {
		if (mUidOps.indexOfKey(uid) >= 0) {
		mUidOps.remove(uid);
		scheduleWriteLocked();
		}
		}
		}

		public void shutdown() {
		Slog.w(TAG, "Writing app ops before shutdown...");
		boolean doWrite = false;
		@@ -258,6 +313,25 @@ public class AppOpsService extends IAppOpsService.Stub {
		}
		repCbs.addAll(cbs);
		}
		if (mode == AppOpsManager.MODE_ALLOWED) {
		// If going into the default mode, prune this op
		// if there is nothing else interesting in it.
		if (op.time == 0 && op.rejectTime == 0) {
		Ops ops = getOpsLocked(uid, packageName, false);
		if (ops != null) {
		ops.remove(op.op);
		if (ops.size() <= 0) {
		HashMap<String, Ops> pkgOps = mUidOps.get(uid);
		if (pkgOps != null) {
		pkgOps.remove(ops.packageName);
		if (pkgOps.size() <= 0) {
		mUidOps.remove(uid);
		}
		}
		}
		}
		}
		}
		scheduleWriteNowLocked();
		}
		}
		@@ -368,6 +442,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		if (DEBUG) Log.d(TAG, "noteOperation: allowing code " + code + " uid " + uid
		+ " package " + packageName);
		op.time = System.currentTimeMillis();
		op.rejectTime = 0;
		return AppOpsManager.MODE_ALLOWED;
		}
		}
		@@ -396,6 +471,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		+ " package " + packageName);
		if (op.nesting == 0) {
		op.time = System.currentTimeMillis();
		op.rejectTime = 0;
		op.duration = -1;
		}
		op.nesting++;
		@@ -415,6 +491,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		if (op.nesting <= 1) {
		if (op.nesting == 1) {
		op.duration = (int)(System.currentTimeMillis() - op.time);
		op.time += op.duration;
		} else {
		Slog.w(TAG, "Finishing op nesting under-run: uid " + uid + " pkg " + packageName
		+ " code " + code + " time=" + op.time + " duration=" + op.duration
		@@ -454,6 +531,11 @@ public class AppOpsService extends IAppOpsService.Stub {
		pkgOps = new HashMap<String, Ops>();
		mUidOps.put(uid, pkgOps);
		}
		if (uid == 0) {
		packageName = "root";
		} else if (uid == Process.SHELL_UID) {
		packageName = "com.android.shell";
		}
		Ops ops = pkgOps.get(packageName);
		if (ops == null) {
		if (!edit) {
		@@ -461,6 +543,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		}
		// This is the first time we have seen this package name under this uid,
		// so let's make sure it is valid.
		if (uid != 0) {
		final long ident = Binder.clearCallingIdentity();
		try {
		int pkgUid = -1;
		@@ -479,6 +562,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		} finally {
		Binder.restoreCallingIdentity(ident);
		}
		}
		ops = new Ops(packageName, uid);
		pkgOps.put(packageName, ops);
		}