DO NOT MERGE: ActivityManager#killBackgroundProcesses can kill caller's own app only am: fa94ce5c77 (71620c51) · Commits · e / os / android_frameworks_base

core/java/android/app/ActivityManager.java

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -3934,6 +3934,9 @@ public class ActivityManager {
	* processes to reclaim memory; the system will take care of restarting		* processes to reclaim memory; the system will take care of restarting
	* these processes in the future as needed.		* these processes in the future as needed.
	*		*
			* <p class="note">Third party applications can only use this API to kill their own processes.
			* </p>
			*
	* @param packageName The name of the package whose processes are to		* @param packageName The name of the package whose processes are to
	* be killed.		* be killed.
	*/		*/

core/res/AndroidManifest.xml

+5 −1

Original line number	Original line	Diff line number	Diff line
	@@ -3152,6 +3152,10 @@

	<!-- Allows an application to call		<!-- Allows an application to call
	{@link android.app.ActivityManager#killBackgroundProcesses}.		{@link android.app.ActivityManager#killBackgroundProcesses}.

			<p class="note">Third party applications can only use this API to kill their own
			processes.</p>

	<p>Protection level: normal		<p>Protection level: normal
	-->		-->
	<permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"		<permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"

services/core/java/com/android/server/am/ActivityManagerService.java

+30 −2

Original line number	Original line	Diff line number	Diff line
	@@ -3836,8 +3836,20 @@ public class ActivityManagerService extends IActivityManager.Stub
	Slog.w(TAG, msg);		Slog.w(TAG, msg);
	throw new SecurityException(msg);		throw new SecurityException(msg);
	}		}
			final int callingUid = Binder.getCallingUid();
			final int callingPid = Binder.getCallingPid();
			final int callingAppId = UserHandle.getAppId(callingUid);

	userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(),		ProcessRecord proc;
			synchronized (mPidsSelfLocked) {
			proc = mPidsSelfLocked.get(callingPid);
			}
			final boolean hasKillAllPermission = PERMISSION_GRANTED == checkPermission(
			android.Manifest.permission.FORCE_STOP_PACKAGES, callingPid, callingUid)
			\|\| UserHandle.isCore(callingUid)
			\|\| (proc != null && proc.info.isSystemApp());

			userId = mUserController.handleIncomingUser(callingPid, callingUid,
	userId, true, ALLOW_FULL_ONLY, "killBackgroundProcesses", null);		userId, true, ALLOW_FULL_ONLY, "killBackgroundProcesses", null);
	final int[] userIds = mUserController.expandUserId(userId);		final int[] userIds = mUserController.expandUserId(userId);

	@@ -3852,7 +3864,7 @@ public class ActivityManagerService extends IActivityManager.Stub
	targetUserId));		targetUserId));
	} catch (RemoteException e) {		} catch (RemoteException e) {
	}		}
	if (appId == -1) {		if (appId == -1 \|\| (!hasKillAllPermission && appId != callingAppId)) {
	Slog.w(TAG, "Invalid packageName: " + packageName);		Slog.w(TAG, "Invalid packageName: " + packageName);
	return;		return;
	}		}
	@@ -3880,6 +3892,22 @@ public class ActivityManagerService extends IActivityManager.Stub
	throw new SecurityException(msg);		throw new SecurityException(msg);
	}		}

			final int callingUid = Binder.getCallingUid();
			final int callingPid = Binder.getCallingPid();

			ProcessRecord proc;
			synchronized (mPidsSelfLocked) {
			proc = mPidsSelfLocked.get(callingPid);
			}
			if (callingUid >= FIRST_APPLICATION_UID
			&& (proc == null \|\| !proc.info.isSystemApp())) {
			final String msg = "Permission Denial: killAllBackgroundProcesses() from pid="
			+ callingPid + ", uid=" + callingUid + " is not allowed";
			Slog.w(TAG, msg);
			// Silently return to avoid existing apps from crashing.
			return;
			}

	final long callingId = Binder.clearCallingIdentity();		final long callingId = Binder.clearCallingIdentity();
	try {		try {
	synchronized (this) {		synchronized (this) {