DO NOT MERGE: ActivityManager#killBackgroundProcesses can kill caller's own app only (4e82c33b) · Commits · e / os / android_frameworks_base

core/java/android/app/ActivityManager.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -3933,6 +3933,9 @@ public class ActivityManager {
		* processes to reclaim memory; the system will take care of restarting
		* these processes in the future as needed.
		*
		* <p class="note">Third party applications can only use this API to kill their own processes.
		* </p>
		*
		* @param packageName The name of the package whose processes are to
		* be killed.
		*/

core/res/AndroidManifest.xml

+5 −1

Original line number	Diff line number	Diff line
		@@ -3152,6 +3152,10 @@

		<!-- Allows an application to call
		{@link android.app.ActivityManager#killBackgroundProcesses}.

		<p class="note">Third party applications can only use this API to kill their own
		processes.</p>

		<p>Protection level: normal
		-->
		<permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"

services/core/java/com/android/server/am/ActivityManagerService.java

+30 −2

Original line number	Diff line number	Diff line
		@@ -3825,8 +3825,20 @@ public class ActivityManagerService extends IActivityManager.Stub
		Slog.w(TAG, msg);
		throw new SecurityException(msg);
		}
		final int callingUid = Binder.getCallingUid();
		final int callingPid = Binder.getCallingPid();
		final int callingAppId = UserHandle.getAppId(callingUid);

		userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),
		ProcessRecord proc;
		synchronized (mPidsSelfLocked) {
		proc = mPidsSelfLocked.get(callingPid);
		}
		final boolean hasKillAllPermission = PERMISSION_GRANTED == checkPermission(
		android.Manifest.permission.FORCE_STOP_PACKAGES, callingPid, callingUid)
		\|\| UserHandle.isCore(callingUid)
		\|\| (proc != null && proc.info.isSystemApp());

		userId = mUserController.handleIncomingUser(callingPid, callingUid,
		userId, true, ALLOW_FULL_ONLY, "killBackgroundProcesses", null);
		final int[] userIds = mUserController.expandUserId(userId);

		@@ -3841,7 +3853,7 @@ public class ActivityManagerService extends IActivityManager.Stub
		targetUserId));
		} catch (RemoteException e) {
		}
		if (appId == -1) {
		if (appId == -1 \|\| (!hasKillAllPermission && appId != callingAppId)) {
		Slog.w(TAG, "Invalid packageName: " + packageName);
		return;
		}
		@@ -3869,6 +3881,22 @@ public class ActivityManagerService extends IActivityManager.Stub
		throw new SecurityException(msg);
		}

		final int callingUid = Binder.getCallingUid();
		final int callingPid = Binder.getCallingPid();

		ProcessRecord proc;
		synchronized (mPidsSelfLocked) {
		proc = mPidsSelfLocked.get(callingPid);
		}
		if (callingUid >= FIRST_APPLICATION_UID
		&& (proc == null \|\| !proc.info.isSystemApp())) {
		final String msg = "Permission Denial: killAllBackgroundProcesses() from pid="
		+ callingPid + ", uid=" + callingUid + " is not allowed";
		Slog.w(TAG, msg);
		// Silently return to avoid existing apps from crashing.
		return;
		}

		final long callingId = Binder.clearCallingIdentity();
		try {
		synchronized (this) {