Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a539441 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Start using new reserved disk GID. 

We recently created a new GID that can be granted to critical system
processes, so that the system is usable enough for the user to free
up disk space used by abusive apps.

Define a permission for the GID so we can grant it to system apps,
and add the GID to core apps needed for system stability.  (The list
was mostly derived from filling a disk and seeing what caused the
device to fall over.)

Test: builds, boots
Bug: 62024591
Change-Id: Icdf471ed3bed4eeb8c01f1d39f0b40c1ea098396
parent 61823f3a

api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -173,6 +173,7 @@ package android { 
    field public static final java.lang.String UPDATE_LOCK = "android.permission.UPDATE_LOCK";

    field public static final java.lang.String UPDATE_TIME_ZONE_RULES = "android.permission.UPDATE_TIME_ZONE_RULES";

    field public static final java.lang.String USER_ACTIVITY = "android.permission.USER_ACTIVITY";

    field public static final java.lang.String USE_RESERVED_DISK = "android.permission.USE_RESERVED_DISK";

    field public static final java.lang.String WRITE_APN_SETTINGS = "android.permission.WRITE_APN_SETTINGS";

    field public static final java.lang.String WRITE_DREAM_STATE = "android.permission.WRITE_DREAM_STATE";

    field public static final java.lang.String WRITE_GSERVICES = "android.permission.WRITE_GSERVICES";

core/java/com/android/internal/os/ZygoteInit.java

+1 −1
Original line number Diff line number Diff line
@@ -650,7 +650,7 @@ public class ZygoteInit { 
        String args[] = {

            "--setuid=1000",

            "--setgid=1000",

            "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023,1032,3001,3002,3003,3006,3007,3009,3010",

            "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1023,1032,1065,3001,3002,3003,3006,3007,3009,3010",

            "--capabilities=" + capabilities + "," + capabilities,

            "--nice-name=system_server",

            "--runtime-args",

core/res/AndroidManifest.xml

+9 −0
Original line number Diff line number Diff line
@@ -1797,6 +1797,15 @@ 
    <permission android:name="android.permission.ALLOCATE_AGGRESSIVE"

        android:protectionLevel="signature|privileged" />



    <!-- @SystemApi @hide

         Allows an application to use reserved disk space.

         <p>Not for use by third-party applications.  Should only be requested by

         apps that provide core system functionality, to ensure system stability

         when disk is otherwise completely full.

    -->

    <permission android:name="android.permission.USE_RESERVED_DISK"

        android:protectionLevel="signature|privileged" />



    <!-- ================================== -->

    <!-- Permissions for screenlock         -->

    <!-- ================================== -->

data/etc/platform.xml

+4 −0
Original line number Diff line number Diff line
@@ -112,6 +112,10 @@ 
        <group gid="media" />

    </permission>



    <permission name="android.permission.USE_RESERVED_DISK">

        <group gid="reserved_disk" />

    </permission>



    <!-- These are permissions that were mapped to gids but we need

         to keep them here until an upgrade from L to the current

         version is to be supported. These permissions are built-in

data/etc/privapp-permissions-platform.xml

+9 −0
Original line number Diff line number Diff line
@@ -136,6 +136,7 @@ applications that come with the platform 
        <permission name="android.permission.MANAGE_USERS"/>

        <permission name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS"/>

        <permission name="android.permission.UPDATE_APP_OPS_STATS"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

    </privapp-permissions>



    <privapp-permissions package="com.android.phone">
@@ -181,6 +182,7 @@ applications that come with the platform 
    <privapp-permissions package="com.android.providers.calendar">

        <permission name="android.permission.GET_ACCOUNTS_PRIVILEGED"/>

        <permission name="android.permission.UPDATE_APP_OPS_STATS"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

    </privapp-permissions>



    <privapp-permissions package="com.android.providers.contacts">
@@ -189,6 +191,7 @@ applications that come with the platform 
        <permission name="android.permission.INTERACT_ACROSS_USERS"/>

        <permission name="android.permission.MANAGE_USERS"/>

        <permission name="android.permission.UPDATE_APP_OPS_STATS"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

    </privapp-permissions>



    <privapp-permissions package="com.android.providers.downloads">
@@ -203,12 +206,14 @@ applications that come with the platform 
        <permission name="android.permission.ACCESS_MTP"/>

        <permission name="android.permission.INTERACT_ACROSS_USERS"/>

        <permission name="android.permission.MANAGE_USERS"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

        <permission name="android.permission.WRITE_MEDIA_STORAGE"/>

    </privapp-permissions>



    <privapp-permissions package="com.android.providers.telephony">

        <permission name="android.permission.INTERACT_ACROSS_USERS"/>

        <permission name="android.permission.MODIFY_PHONE_STATE"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

    </privapp-permissions>



    <privapp-permissions package="com.android.provision">
@@ -253,6 +258,7 @@ applications that come with the platform 
        <permission name="android.permission.SET_TIME"/>

        <permission name="android.permission.STATUS_BAR"/>

        <permission name="android.permission.TETHER_PRIVILEGED"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

        <permission name="android.permission.USER_ACTIVITY"/>

        <permission name="android.permission.WRITE_APN_SETTINGS"/>

        <permission name="android.permission.WRITE_MEDIA_STORAGE"/>
@@ -316,6 +322,7 @@ applications that come with the platform 
        <permission name="android.permission.STOP_APP_SWITCHES"/>

        <permission name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME"/>

        <permission name="android.permission.UPDATE_APP_OPS_STATS"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

        <permission name="android.permission.WRITE_MEDIA_STORAGE"/>

        <permission name="android.permission.WRITE_SECURE_SETTINGS"/>

    </privapp-permissions>
@@ -329,6 +336,7 @@ applications that come with the platform 
        <permission name="android.permission.INTERACT_ACROSS_USERS"/>

        <permission name="android.permission.MANAGE_USERS"/>

        <permission name="android.permission.PACKAGE_USAGE_STATS"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

        <permission name="android.permission.WRITE_SECURE_SETTINGS"/>

    </privapp-permissions>
@@ -365,6 +373,7 @@ applications that come with the platform 
        <permission name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME"/>

        <permission name="android.permission.TETHER_PRIVILEGED"/>

        <permission name="android.permission.UPDATE_APP_OPS_STATS"/>

        <permission name="android.permission.USE_RESERVED_DISK"/>

        <permission name="android.permission.WRITE_DREAM_STATE"/>

        <permission name="android.permission.WRITE_MEDIA_STORAGE"/>

        <permission name="android.permission.WRITE_SECURE_SETTINGS"/>