Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 514074fa authored by Dianne Hackborn's avatar Dianne Hackborn
Browse files

App ops: cleanup, handle root and shell, perms. 

Rework how the shell user is defined so that it is
associated with an actual apk, instead of being a free
roaming uid with special permissions assigned to it.
This allows us to correctly account for its operations
in app ops.

Implement a special case for the root user in app ops --
it is always allowed, always with the package name "root".

Add various code to take care of cleaning up package state
from app ops -- when packages are uninstalled, and during
boot if any packages currently being stored no longer exist.

Also fix a bug in the activity manager to correctly grant
permissions in all cases when onNewIntent() is being called.

Change-Id: Iae9f6d793ee48b93518c984ad957e46ae4582581
parent de1fadfb

data/etc/platform.xml

+0 −65
Original line number Diff line number Diff line
@@ -122,71 +122,6 @@ 
         others should have a fairly open environment in which to

         interact with the system. -->



    <!-- Standard permissions granted to the shell. -->

    <assign-permission name="android.permission.WRITE_EXTERNAL_STORAGE" uid="shell" />

    <assign-permission name="android.permission.SEND_SMS" uid="shell" />

    <assign-permission name="android.permission.CALL_PHONE" uid="shell" />

    <assign-permission name="android.permission.READ_CONTACTS" uid="shell" />

    <assign-permission name="android.permission.WRITE_CONTACTS" uid="shell" />

    <assign-permission name="android.permission.READ_CALENDAR" uid="shell" />

    <assign-permission name="android.permission.WRITE_CALENDAR" uid="shell" />

    <assign-permission name="android.permission.READ_USER_DICTIONARY" uid="shell" />

    <assign-permission name="android.permission.WRITE_USER_DICTIONARY" uid="shell" />

    <assign-permission name="android.permission.ACCESS_FINE_LOCATION" uid="shell" />

    <assign-permission name="android.permission.ACCESS_COARSE_LOCATION" uid="shell" />

    <assign-permission name="android.permission.ACCESS_LOCATION_EXTRA_COMMANDS" uid="shell" />

    <assign-permission name="android.permission.ACCESS_NETWORK_STATE" uid="shell" />

    <assign-permission name="android.permission.ACCESS_WIFI_STATE" uid="shell" />

    <assign-permission name="android.permission.BLUETOOTH" uid="shell" />

    <assign-permission name="android.permission.EXPAND_STATUS_BAR" uid="shell" />

    <!-- System tool permissions granted to the shell. -->

    <assign-permission name="android.permission.GET_TASKS" uid="shell" />

    <assign-permission name="android.permission.CHANGE_CONFIGURATION" uid="shell" />

    <assign-permission name="android.permission.REORDER_TASKS" uid="shell" />

    <assign-permission name="android.permission.SET_ANIMATION_SCALE" uid="shell" />

    <assign-permission name="android.permission.SET_PREFERRED_APPLICATIONS" uid="shell" />

    <assign-permission name="android.permission.WRITE_SETTINGS" uid="shell" />

    <assign-permission name="android.permission.WRITE_SECURE_SETTINGS" uid="shell" />

    <assign-permission name="android.permission.BROADCAST_STICKY" uid="shell" />

    <!-- Development tool permissions granted to the shell. -->

    <assign-permission name="android.permission.SET_DEBUG_APP" uid="shell" />

    <assign-permission name="android.permission.SET_PROCESS_LIMIT" uid="shell" />

    <assign-permission name="android.permission.SET_ALWAYS_FINISH" uid="shell" />

    <assign-permission name="android.permission.DUMP" uid="shell" />

    <assign-permission name="android.permission.SIGNAL_PERSISTENT_PROCESSES" uid="shell" />

    <assign-permission name="android.permission.KILL_BACKGROUND_PROCESSES" uid="shell" />

    <!-- Internal permissions granted to the shell. -->

    <assign-permission name="android.permission.FORCE_BACK" uid="shell" />

    <assign-permission name="android.permission.BATTERY_STATS" uid="shell" />

    <assign-permission name="android.permission.INTERNAL_SYSTEM_WINDOW" uid="shell" />

    <assign-permission name="android.permission.INJECT_EVENTS" uid="shell" />

    <assign-permission name="android.permission.RETRIEVE_WINDOW_CONTENT" uid="shell" />

    <assign-permission name="android.permission.SET_ACTIVITY_WATCHER" uid="shell" />

    <assign-permission name="android.permission.READ_INPUT_STATE" uid="shell" />

    <assign-permission name="android.permission.SET_ORIENTATION" uid="shell" />

    <assign-permission name="android.permission.INSTALL_PACKAGES" uid="shell" />

    <assign-permission name="android.permission.CLEAR_APP_USER_DATA" uid="shell" />

    <assign-permission name="android.permission.DELETE_CACHE_FILES" uid="shell" />

    <assign-permission name="android.permission.DELETE_PACKAGES" uid="shell" />

    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="shell" />

    <assign-permission name="android.permission.READ_FRAME_BUFFER" uid="shell" />

    <assign-permission name="android.permission.DEVICE_POWER" uid="shell" />

    <assign-permission name="android.permission.INSTALL_LOCATION_PROVIDER" uid="shell" />

    <assign-permission name="android.permission.BACKUP" uid="shell" />

    <assign-permission name="android.permission.FORCE_STOP_PACKAGES" uid="shell" />

    <assign-permission name="android.permission.STOP_APP_SWITCHES" uid="shell" />

    <assign-permission name="android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY" uid="shell" />

    <assign-permission name="android.permission.GRANT_REVOKE_PERMISSIONS" uid="shell" />

    <assign-permission name="android.permission.SET_KEYBOARD_LAYOUT" uid="shell" />

    <assign-permission name="android.permission.GET_DETAILED_TASKS" uid="shell" />

    <assign-permission name="android.permission.SET_SCREEN_COMPATIBILITY" uid="shell" />

    <assign-permission name="android.permission.READ_EXTERNAL_STORAGE" uid="shell" />

    <assign-permission name="android.permission.WRITE_EXTERNAL_STORAGE" uid="shell" />

    <assign-permission name="android.permission.INTERACT_ACROSS_USERS" uid="shell" />

    <assign-permission name="android.permission.INTERACT_ACROSS_USERS_FULL" uid="shell" />

    <assign-permission name="android.permission.MANAGE_USERS" uid="shell" />

    <assign-permission name="android.permission.BLUETOOTH_STACK" uid="shell" />

    

    <assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />

    <assign-permission name="android.permission.ACCESS_DRM" uid="media" />

    <assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="media" />

packages/Shell/Android.mk

0 → 100644
+11 −0
Original line number Diff line number Diff line 
LOCAL_PATH:= $(call my-dir)

include $(CLEAR_VARS)



LOCAL_MODULE_TAGS := optional



LOCAL_SRC_FILES := $(call all-subdir-java-files)



LOCAL_PACKAGE_NAME := Shell

LOCAL_CERTIFICATE := platform



include $(BUILD_PACKAGE)

packages/Shell/AndroidManifest.xml

0 → 100644
+74 −0
Original line number Diff line number Diff line 
<manifest xmlns:android="http://schemas.android.com/apk/res/android"

        package="com.android.shell"

        coreApp="true"

        android:sharedUserId="android.uid.shell"

        >



    <!-- Standard permissions granted to the shell. -->

    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

    <uses-permission android:name="android.permission.SEND_SMS" />

    <uses-permission android:name="android.permission.CALL_PHONE" />

    <uses-permission android:name="android.permission.READ_CONTACTS" />

    <uses-permission android:name="android.permission.WRITE_CONTACTS" />

    <uses-permission android:name="android.permission.READ_CALENDAR" />

    <uses-permission android:name="android.permission.WRITE_CALENDAR" />

    <uses-permission android:name="android.permission.READ_USER_DICTIONARY" />

    <uses-permission android:name="android.permission.WRITE_USER_DICTIONARY" />

    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />

    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />

    <uses-permission android:name="android.permission.ACCESS_LOCATION_EXTRA_COMMANDS" />

    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />

    <uses-permission android:name="android.permission.BLUETOOTH" />

    <uses-permission android:name="android.permission.EXPAND_STATUS_BAR" />

    <!-- System tool permissions granted to the shell. -->

    <uses-permission android:name="android.permission.GET_TASKS" />

    <uses-permission android:name="android.permission.CHANGE_CONFIGURATION" />

    <uses-permission android:name="android.permission.REORDER_TASKS" />

    <uses-permission android:name="android.permission.SET_ANIMATION_SCALE" />

    <uses-permission android:name="android.permission.SET_PREFERRED_APPLICATIONS" />

    <uses-permission android:name="android.permission.WRITE_SETTINGS" />

    <uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />

    <uses-permission android:name="android.permission.BROADCAST_STICKY" />

    <!-- Development tool permissions granted to the shell. -->

    <uses-permission android:name="android.permission.SET_DEBUG_APP" />

    <uses-permission android:name="android.permission.SET_PROCESS_LIMIT" />

    <uses-permission android:name="android.permission.SET_ALWAYS_FINISH" />

    <uses-permission android:name="android.permission.DUMP" />

    <uses-permission android:name="android.permission.SIGNAL_PERSISTENT_PROCESSES" />

    <uses-permission android:name="android.permission.KILL_BACKGROUND_PROCESSES" />

    <!-- Internal permissions granted to the shell. -->

    <uses-permission android:name="android.permission.FORCE_BACK" />

    <uses-permission android:name="android.permission.BATTERY_STATS" />

    <uses-permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW" />

    <uses-permission android:name="android.permission.INJECT_EVENTS" />

    <uses-permission android:name="android.permission.RETRIEVE_WINDOW_CONTENT" />

    <uses-permission android:name="android.permission.SET_ACTIVITY_WATCHER" />

    <uses-permission android:name="android.permission.READ_INPUT_STATE" />

    <uses-permission android:name="android.permission.SET_ORIENTATION" />

    <uses-permission android:name="android.permission.INSTALL_PACKAGES" />

    <uses-permission android:name="android.permission.CLEAR_APP_USER_DATA" />

    <uses-permission android:name="android.permission.DELETE_CACHE_FILES" />

    <uses-permission android:name="android.permission.DELETE_PACKAGES" />

    <uses-permission android:name="android.permission.ACCESS_SURFACE_FLINGER" />

    <uses-permission android:name="android.permission.READ_FRAME_BUFFER" />

    <uses-permission android:name="android.permission.DEVICE_POWER" />

    <uses-permission android:name="android.permission.INSTALL_LOCATION_PROVIDER" />

    <uses-permission android:name="android.permission.BACKUP" />

    <uses-permission android:name="android.permission.FORCE_STOP_PACKAGES" />

    <uses-permission android:name="android.permission.STOP_APP_SWITCHES" />

    <uses-permission android:name="android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY" />

    <uses-permission android:name="android.permission.GRANT_REVOKE_PERMISSIONS" />

    <uses-permission android:name="android.permission.SET_KEYBOARD_LAYOUT" />

    <uses-permission android:name="android.permission.GET_DETAILED_TASKS" />

    <uses-permission android:name="android.permission.SET_SCREEN_COMPATIBILITY" />

    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />

    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />

    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />

    <uses-permission android:name="android.permission.MANAGE_USERS" />

    <uses-permission android:name="android.permission.BLUETOOTH_STACK" />

    

    <application android:hasCode="false" android:label="@string/app_label">

    </application>

</manifest>

packages/Shell/res/values/strings.xml

0 → 100644
+19 −0
Original line number Diff line number Diff line 
<?xml version="1.0" encoding="utf-8"?>

<!-- Copyright (C) 2013 The Android Open Source Project



     Licensed under the Apache License, Version 2.0 (the "License");

     you may not use this file except in compliance with the License.

     You may obtain a copy of the License at

  

          http://www.apache.org/licenses/LICENSE-2.0

  

     Unless required by applicable law or agreed to in writing, software

     distributed under the License is distributed on an "AS IS" BASIS,

     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

     See the License for the specific language governing permissions and

     limitations under the License.

-->



<resources>

    <string name="app_label">Shell</string>

</resources>

services/java/com/android/server/AppOpsService.java

+99 −15
Original line number Diff line number Diff line
@@ -149,6 +149,61 @@ public class AppOpsService extends IAppOpsService.Stub { 
        ServiceManager.addService(Context.APP_OPS_SERVICE, asBinder());

    }



    public void systemReady() {

        synchronized (this) {

            boolean changed = false;

            for (int i=0; i<mUidOps.size(); i++) {

                HashMap<String, Ops> pkgs = mUidOps.valueAt(i);

                Iterator<Ops> it = pkgs.values().iterator();

                while (it.hasNext()) {

                    Ops ops = it.next();

                    int curUid;

                    try {

                        curUid = mContext.getPackageManager().getPackageUid(ops.packageName,

                                UserHandle.getUserId(ops.uid));

                    } catch (NameNotFoundException e) {

                        curUid = -1;

                    }

                    if (curUid != ops.uid) {

                        Slog.i(TAG, "Pruning old package " + ops.packageName

                                + "/" + ops.uid + ": new uid=" + curUid);

                        it.remove();

                        changed = true;

                    }

                }

                if (pkgs.size() <= 0) {

                    mUidOps.removeAt(i);

                }

            }

            if (changed) {

                scheduleWriteLocked();

            }

        }

    }



    public void packageRemoved(int uid, String packageName) {

        synchronized (this) {

            HashMap<String, Ops> pkgs = mUidOps.get(uid);

            if (pkgs != null) {

                if (pkgs.remove(packageName) != null) {

                    if (pkgs.size() <= 0) {

                        mUidOps.remove(uid);

                    }

                    scheduleWriteLocked();

                }

            }

        }

    }



    public void uidRemoved(int uid) {

        synchronized (this) {

            if (mUidOps.indexOfKey(uid) >= 0) {

                mUidOps.remove(uid);

                scheduleWriteLocked();

            }

        }

    }



    public void shutdown() {

        Slog.w(TAG, "Writing app ops before shutdown...");

        boolean doWrite = false;
@@ -258,6 +313,25 @@ public class AppOpsService extends IAppOpsService.Stub { 
                        }

                        repCbs.addAll(cbs);

                    }

                    if (mode == AppOpsManager.MODE_ALLOWED) {

                        // If going into the default mode, prune this op

                        // if there is nothing else interesting in it.

                        if (op.time == 0 && op.rejectTime == 0) {

                            Ops ops = getOpsLocked(uid, packageName, false);

                            if (ops != null) {

                                ops.remove(op.op);

                                if (ops.size() <= 0) {

                                    HashMap<String, Ops> pkgOps = mUidOps.get(uid);

                                    if (pkgOps != null) {

                                        pkgOps.remove(ops.packageName);

                                        if (pkgOps.size() <= 0) {

                                            mUidOps.remove(uid);

                                        }

                                    }

                                }

                            }

                        }

                    }

                    scheduleWriteNowLocked();

                }

            }
@@ -368,6 +442,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
            if (DEBUG) Log.d(TAG, "noteOperation: allowing code " + code + " uid " + uid

                    + " package " + packageName);

            op.time = System.currentTimeMillis();

            op.rejectTime = 0;

            return AppOpsManager.MODE_ALLOWED;

        }

    }
@@ -396,6 +471,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
                    + " package " + packageName);

            if (op.nesting == 0) {

                op.time = System.currentTimeMillis();

                op.rejectTime = 0;

                op.duration = -1;

            }

            op.nesting++;
@@ -415,6 +491,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
            if (op.nesting <= 1) {

                if (op.nesting == 1) {

                    op.duration = (int)(System.currentTimeMillis() - op.time);

                    op.time += op.duration;

                } else {

                    Slog.w(TAG, "Finishing op nesting under-run: uid " + uid + " pkg " + packageName

                        + " code " + code + " time=" + op.time + " duration=" + op.duration
@@ -454,6 +531,11 @@ public class AppOpsService extends IAppOpsService.Stub { 
            pkgOps = new HashMap<String, Ops>();

            mUidOps.put(uid, pkgOps);

        }

        if (uid == 0) {

            packageName = "root";

        } else if (uid == Process.SHELL_UID) {

            packageName = "com.android.shell";

        }

        Ops ops = pkgOps.get(packageName);

        if (ops == null) {

            if (!edit) {
@@ -461,6 +543,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
            }

            // This is the first time we have seen this package name under this uid,

            // so let's make sure it is valid.

            if (uid != 0) {

                final long ident = Binder.clearCallingIdentity();

                try {

                    int pkgUid = -1;
@@ -479,6 +562,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
                } finally {

                    Binder.restoreCallingIdentity(ident);

                }

            }

            ops = new Ops(packageName, uid);

            pkgOps.put(packageName, ops);

        }