Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3640aee2 authored by Christopher Tate's avatar Christopher Tate
Browse files

Prevent user stop of protected apps 

Paralleling the policy for "force stop," disallow the "task manager"
class of user-invoked application shutdown when the target app is
protected.  Covers both the UI-driven and shell-command-driven paths.

Fixes: 228111137
Test: atest com.android.cts.devicepolicy.DeviceOwnerTest
Change-Id: Idd8b7ef1876f813e97b9f6af85264acb6555335f
parent 368b3a7c

services/core/java/com/android/server/am/ActivityManagerService.java

+8 −0
Original line number Diff line number Diff line
@@ -4358,6 +4358,14 @@ public class ActivityManagerService extends IActivityManager.Stub 
                    + " but does not exist in that user");

            return;

        }













        // Policy: certain classes of app are not subject to user-invoked stop













        if (getPackageManagerInternal().isPackageStateProtected(packageName, userId)) {













            Slog.w(TAG, "Asked to stop " + packageName + "/u" + userId













                    + " but it is protected");













            return;













        }



























        Slog.i(TAG, "Stopping app for user: " + packageName + "/" + userId);





























        // A specific subset of the work done in forceStopPackageLocked(), because we are

































services/core/java/com/android/server/am/ActivityManagerShellCommand.java



+3
−0




























Original line number
Diff line number
Diff line








@@ -3561,6 +3561,9 @@ final class ActivityManagerShellCommand extends ShellCommand {













            pw.println("     Enable/disable rate limit on FGS notification deferral policy.");















            pw.println("  force-stop [--user <USER_ID> | all | current] <PACKAGE>");















            pw.println("      Completely stop the given application package.");













            pw.println("  stop-app [--user <USER_ID> | all | current] <PACKAGE>");













            pw.println("      Stop an app and all of its services.  Unlike `force-stop` this does");













            pw.println("      not cancel the app's scheduled alarms and jobs.");















            pw.println("  crash [--user <USER_ID>] <PACKAGE|PID>");















            pw.println("      Induce a VM crash in the specified package or process");















            pw.println("  kill [--user <USER_ID> | all | current] <PACKAGE>");