Allow adopting a subset of shell permissions (5e86959d) · Commits · e / os / android_frameworks_base

api/current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -6180,6 +6180,7 @@ package android.app {

		public final class UiAutomation {
		method public void adoptShellPermissionIdentity();
		method public void adoptShellPermissionIdentity(java.lang.String...);
		method public void clearWindowAnimationFrameStats();
		method public boolean clearWindowContentFrameStats(int);
		method public void dropShellPermissionIdentity();

core/java/android/app/IActivityManager.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -486,7 +486,7 @@ interface IActivityManager {
		* instrumentation at a time. An active instrumentation is one running and
		* started from the shell.
		*/
		void startDelegateShellPermissionIdentity(int uid);
		void startDelegateShellPermissionIdentity(int uid, in String[] permissions);

		/**
		* Method for the shell UID to stop deletating its permission identity to an

core/java/android/app/IUiAutomationConnection.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -47,7 +47,7 @@ interface IUiAutomationConnection {
		in ParcelFileDescriptor source);
		void grantRuntimePermission(String packageName, String permission, int userId);
		void revokeRuntimePermission(String packageName, String permission, int userId);
		void adoptShellPermissionIdentity(int uid);
		void adoptShellPermissionIdentity(int uid, in String[] permissions);
		void dropShellPermissionIdentity();
		// Called from the system process.
		oneway void shutdown();

core/java/android/app/UiAutomation.java

+37 −6

Original line number	Diff line number	Diff line
		@@ -354,12 +354,17 @@ public final class UiAutomation {
		}

		/**
		* Adopt the permission identity of the shell UID. This allows you to call APIs protected
		* permissions which normal apps cannot hold but are granted to the shell UID. If you
		* already adopted the shell permission identity this method would be a no-op.
		* Note that your permission state becomes that of the shell UID and it is not a
		* combination of your and the shell UID permissions.
		* Adopt the permission identity of the shell UID for all permissions. This allows
		* you to call APIs protected permissions which normal apps cannot hold but are
		* granted to the shell UID. If you already adopted all shell permissions by calling
		* this method or {@link #adoptShellPermissionIdentity(String...)} a subsequent call
		* would be a no-op. Note that your permission state becomes that of the shell UID
		* and it is not a combination of your and the shell UID permissions.
		* <p>
		* <strong>Note:<strong/> Calling this method adopts all shell permissions and overrides
		* any subset of adopted permissions via {@link #adoptShellPermissionIdentity(String...)}.
		*
		* @see #adoptShellPermissionIdentity(String...)
		* @see #dropShellPermissionIdentity()
		*/
		public void adoptShellPermissionIdentity() {
		@@ -368,7 +373,33 @@ public final class UiAutomation {
		}
		try {
		// Calling out without a lock held.
		mUiAutomationConnection.adoptShellPermissionIdentity(Process.myUid());
		mUiAutomationConnection.adoptShellPermissionIdentity(Process.myUid(), null);
		} catch (RemoteException re) {
		Log.e(LOG_TAG, "Error executing adopting shell permission identity!", re);
		}
		}

		/**
		* Adopt the permission identity of the shell UID only for the provided permissions.
		* This allows you to call APIs protected permissions which normal apps cannot hold
		* but are granted to the shell UID. If you already adopted the specified shell
		* permissions by calling this method or {@link #adoptShellPermissionIdentity()} a
		* subsequent call would be a no-op. Note that your permission state becomes that of the
		* shell UID and it is not a combination of your and the shell UID permissions.
		* <p>
		* <strong>Note:<strong/> Calling this method adopts only the specified shell permissions
		* and overrides all adopted permissions via {@link #adoptShellPermissionIdentity()}.
		*
		* @see #adoptShellPermissionIdentity()
		* @see #dropShellPermissionIdentity()
		*/
		public void adoptShellPermissionIdentity(String... permissions) {
		synchronized (mLock) {
		throwIfNotConnectedLocked();
		}
		try {
		// Calling out without a lock held.
		mUiAutomationConnection.adoptShellPermissionIdentity(Process.myUid(), permissions);
		} catch (RemoteException re) {
		Log.e(LOG_TAG, "Error executing adopting shell permission identity!", re);
		}

core/java/android/app/UiAutomationConnection.java

+4 −3

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ package android.app;

		import android.accessibilityservice.AccessibilityServiceInfo;
		import android.accessibilityservice.IAccessibilityServiceClient;
		import android.annotation.UnsupportedAppUsage;
		import android.annotation.Nullable;
		import android.content.Context;
		import android.content.pm.IPackageManager;
		import android.graphics.Bitmap;
		@@ -279,7 +279,8 @@ public final class UiAutomationConnection extends IUiAutomationConnection.Stub {
		}

		@Override
		public void adoptShellPermissionIdentity(int uid) throws RemoteException {
		public void adoptShellPermissionIdentity(int uid, @Nullable String[] permissions)
		throws RemoteException {
		synchronized (mLock) {
		throwIfCalledByNotTrustedUidLocked();
		throwIfShutdownLocked();
		@@ -287,7 +288,7 @@ public final class UiAutomationConnection extends IUiAutomationConnection.Stub {
		}
		final long identity = Binder.clearCallingIdentity();
		try {
		mActivityManager.startDelegateShellPermissionIdentity(uid);
		mActivityManager.startDelegateShellPermissionIdentity(uid, permissions);
		} finally {
		Binder.restoreCallingIdentity(identity);
		}