diff options
| author | Dianne Hackborn <hackbod@google.com> | 2012-02-09 16:12:18 -0800 |
|---|---|---|
| committer | Dianne Hackborn <hackbod@google.com> | 2012-02-09 18:06:01 -0800 |
| commit | a573f6a1d9b12393fbdfd2c0850499973849854b (patch) | |
| tree | b44ae056ae7688ef8698c42bb401d55760b9ccf5 | |
| parent | 7ff3144aa6a4c5e6f0f64933ce174b424cfbfd6e (diff) | |
| download | frameworks_base-a573f6a1d9b12393fbdfd2c0850499973849854b.zip frameworks_base-a573f6a1d9b12393fbdfd2c0850499973849854b.tar.gz frameworks_base-a573f6a1d9b12393fbdfd2c0850499973849854b.tar.bz2 | |
Some hardening of isolated processes by restricting access to services.
Services now must explicitly opt in to being accessed by isolated
processes. Currently only the activity manager and surface flinger
allow this. Activity manager is needed so that we can actually
bring up the process; SurfaceFlinger is needed to be able to get the
display information for creating the Configuration. The SurfaceFlinger
should be safe because the app doesn't have access to the window
manager so can't actually get a surface to do anything with.
The activity manager now protects most of its entry points against
isolated processes.
Change-Id: I0dad8cb2c873575c4c7659c3c2a7eda8e98f46b0
| -rw-r--r-- | cmds/servicemanager/service_manager.c | 23 | ||||
| -rw-r--r-- | cmds/surfaceflinger/main_surfaceflinger.cpp | 2 | ||||
| -rw-r--r-- | core/java/android/os/IServiceManager.java | 3 | ||||
| -rw-r--r-- | core/java/android/os/ServiceManager.java | 19 | ||||
| -rw-r--r-- | core/java/android/os/ServiceManagerNative.java | 6 | ||||
| -rw-r--r-- | core/java/android/os/UserId.java | 5 | ||||
| -rw-r--r-- | core/res/AndroidManifest.xml | 7 | ||||
| -rwxr-xr-x | core/res/res/values/strings.xml | 7 | ||||
| -rw-r--r-- | include/binder/BinderService.h | 8 | ||||
| -rw-r--r-- | include/binder/IServiceManager.h | 3 | ||||
| -rw-r--r-- | libs/binder/IServiceManager.cpp | 4 | ||||
| -rw-r--r-- | services/java/com/android/server/am/ActivityManagerService.java | 65 |
12 files changed, 133 insertions, 19 deletions
diff --git a/cmds/servicemanager/service_manager.c b/cmds/servicemanager/service_manager.c index 4ed2489..cfc2d16 100644 --- a/cmds/servicemanager/service_manager.c +++ b/cmds/servicemanager/service_manager.c @@ -90,6 +90,7 @@ struct svcinfo struct svcinfo *next; void *ptr; struct binder_death death; + int allow_isolated; unsigned len; uint16_t name[0]; }; @@ -125,13 +126,21 @@ uint16_t svcmgr_id[] = { }; -void *do_find_service(struct binder_state *bs, uint16_t *s, unsigned len) +void *do_find_service(struct binder_state *bs, uint16_t *s, unsigned len, unsigned uid) { struct svcinfo *si; si = find_svc(s, len); // ALOGI("check_service('%s') ptr = %p\n", str8(s), si ? si->ptr : 0); if (si && si->ptr) { + if (!si->allow_isolated) { + // If this service doesn't allow access from isolated processes, + // then check the uid to see if it is isolated. + unsigned appid = uid % AID_USER; + if (appid >= AID_ISOLATED_START && appid <= AID_ISOLATED_END) { + return 0; + } + } return si->ptr; } else { return 0; @@ -140,10 +149,11 @@ void *do_find_service(struct binder_state *bs, uint16_t *s, unsigned len) int do_add_service(struct binder_state *bs, uint16_t *s, unsigned len, - void *ptr, unsigned uid) + void *ptr, unsigned uid, int allow_isolated) { struct svcinfo *si; -// ALOGI("add_service('%s',%p) uid=%d\n", str8(s), ptr, uid); + //ALOGI("add_service('%s',%p,%s) uid=%d\n", str8(s), ptr, + // allow_isolated ? "allow_isolated" : "!allow_isolated", uid); if (!ptr || (len == 0) || (len > 127)) return -1; @@ -175,6 +185,7 @@ int do_add_service(struct binder_state *bs, si->name[len] = '\0'; si->death.func = svcinfo_death; si->death.ptr = si; + si->allow_isolated = allow_isolated; si->next = svclist; svclist = si; } @@ -194,6 +205,7 @@ int svcmgr_handler(struct binder_state *bs, unsigned len; void *ptr; uint32_t strict_policy; + int allow_isolated; // ALOGI("target=%p code=%d pid=%d uid=%d\n", // txn->target, txn->code, txn->sender_pid, txn->sender_euid); @@ -217,7 +229,7 @@ int svcmgr_handler(struct binder_state *bs, case SVC_MGR_GET_SERVICE: case SVC_MGR_CHECK_SERVICE: s = bio_get_string16(msg, &len); - ptr = do_find_service(bs, s, len); + ptr = do_find_service(bs, s, len, txn->sender_euid); if (!ptr) break; bio_put_ref(reply, ptr); @@ -226,7 +238,8 @@ int svcmgr_handler(struct binder_state *bs, case SVC_MGR_ADD_SERVICE: s = bio_get_string16(msg, &len); ptr = bio_get_ref(msg); - if (do_add_service(bs, s, len, ptr, txn->sender_euid)) + allow_isolated = bio_get_uint32(msg) ? 1 : 0; + if (do_add_service(bs, s, len, ptr, txn->sender_euid, allow_isolated)) return -1; break; diff --git a/cmds/surfaceflinger/main_surfaceflinger.cpp b/cmds/surfaceflinger/main_surfaceflinger.cpp index 78b1007..6dbcf5c 100644 --- a/cmds/surfaceflinger/main_surfaceflinger.cpp +++ b/cmds/surfaceflinger/main_surfaceflinger.cpp @@ -20,6 +20,6 @@ using namespace android; int main(int argc, char** argv) { - SurfaceFlinger::publishAndJoinThreadPool(); + SurfaceFlinger::publishAndJoinThreadPool(true); return 0; } diff --git a/core/java/android/os/IServiceManager.java b/core/java/android/os/IServiceManager.java index 9a5ff47..7b11c28 100644 --- a/core/java/android/os/IServiceManager.java +++ b/core/java/android/os/IServiceManager.java @@ -45,7 +45,8 @@ public interface IServiceManager extends IInterface * Place a new @a service called @a name into the service * manager. */ - public void addService(String name, IBinder service) throws RemoteException; + public void addService(String name, IBinder service, boolean allowIsolated) + throws RemoteException; /** * Return a list of all currently running services. diff --git a/core/java/android/os/ServiceManager.java b/core/java/android/os/ServiceManager.java index 1af24f4..13b8b66 100644 --- a/core/java/android/os/ServiceManager.java +++ b/core/java/android/os/ServiceManager.java @@ -69,7 +69,24 @@ public final class ServiceManager { */ public static void addService(String name, IBinder service) { try { - getIServiceManager().addService(name, service); + getIServiceManager().addService(name, service, false); + } catch (RemoteException e) { + Log.e(TAG, "error in addService", e); + } + } + + /** + * Place a new @a service called @a name into the service + * manager. + * + * @param name the name of the new service + * @param service the service object + * @param allowIsolated set to true to allow isolated sandboxed processes + * to access this service + */ + public static void addService(String name, IBinder service, boolean allowIsolated) { + try { + getIServiceManager().addService(name, service, allowIsolated); } catch (RemoteException e) { Log.e(TAG, "error in addService", e); } diff --git a/core/java/android/os/ServiceManagerNative.java b/core/java/android/os/ServiceManagerNative.java index 2aab0e6..43b5128 100644 --- a/core/java/android/os/ServiceManagerNative.java +++ b/core/java/android/os/ServiceManagerNative.java @@ -71,7 +71,8 @@ public abstract class ServiceManagerNative extends Binder implements IServiceMan data.enforceInterface(IServiceManager.descriptor); String name = data.readString(); IBinder service = data.readStrongBinder(); - addService(name, service); + boolean allowIsolated = data.readInt() != 0; + addService(name, service, allowIsolated); return true; } @@ -136,13 +137,14 @@ class ServiceManagerProxy implements IServiceManager { return binder; } - public void addService(String name, IBinder service) + public void addService(String name, IBinder service, boolean allowIsolated) throws RemoteException { Parcel data = Parcel.obtain(); Parcel reply = Parcel.obtain(); data.writeInterfaceToken(IServiceManager.descriptor); data.writeString(name); data.writeStrongBinder(service); + data.writeInt(allowIsolated ? 1 : 0); mRemote.transact(ADD_SERVICE_TRANSACTION, data, reply, 0); reply.recycle(); data.recycle(); diff --git a/core/java/android/os/UserId.java b/core/java/android/os/UserId.java index 4124d51..286b674 100644 --- a/core/java/android/os/UserId.java +++ b/core/java/android/os/UserId.java @@ -56,6 +56,11 @@ public final class UserId { return getAppId(uid1) == getAppId(uid2); } + public static final boolean isIsolated(int uid) { + uid = getAppId(uid); + return uid >= Process.FIRST_ISOLATED_UID && uid <= Process.LAST_ISOLATED_UID; + } + /** * Returns the user id for a given uid. * @hide diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 97658a1..1199cf7 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -717,6 +717,13 @@ android:label="@string/permlab_removeTasks" android:description="@string/permdesc_removeTasks" /> + <!-- @hide Change the screen compatibility mode of applications --> + <permission android:name="android.permission.SET_SCREEN_COMPATIBILITY" + android:permissionGroup="android.permission-group.SYSTEM_TOOLS" + android:protectionLevel="signature" + android:label="@string/permlab_setScreenCompatibility" + android:description="@string/permdesc_setScreenCompatibility" /> + <!-- Allows an application to modify the current configuration, such as locale. --> <permission android:name="android.permission.CHANGE_CONFIGURATION" diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index dc45c40..701782c 100755 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -532,6 +532,13 @@ tasks and kill their apps. Malicious apps may disrupt the behavior of other apps.</string> + <!-- Title of an application permission, allowing control of app screen compatibility mode --> + <string name="permlab_setScreenCompatibility">set screen compatibility</string> + <!-- Description of an application permission, allowing control of app screen compatibility mode --> + <string name="permdesc_setScreenCompatibility">Allows the app to control the + screen compatibility mode of other applications. Malicious applications may + break the behavior of other applications.</string> + <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permlab_setDebugApp">enable app debugging</string> <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> diff --git a/include/binder/BinderService.h b/include/binder/BinderService.h index 2316fef..ca594d3 100644 --- a/include/binder/BinderService.h +++ b/include/binder/BinderService.h @@ -34,15 +34,15 @@ template<typename SERVICE> class BinderService { public: - static status_t publish() { + static status_t publish(bool allowIsolated = false) { sp<IServiceManager> sm(defaultServiceManager()); - return sm->addService(String16(SERVICE::getServiceName()), new SERVICE()); + return sm->addService(String16(SERVICE::getServiceName()), new SERVICE(), allowIsolated); } - static void publishAndJoinThreadPool() { + static void publishAndJoinThreadPool(bool allowIsolated = false) { sp<ProcessState> proc(ProcessState::self()); sp<IServiceManager> sm(defaultServiceManager()); - sm->addService(String16(SERVICE::getServiceName()), new SERVICE()); + sm->addService(String16(SERVICE::getServiceName()), new SERVICE(), allowIsolated); ProcessState::self()->startThreadPool(); IPCThreadState::self()->joinThreadPool(); } diff --git a/include/binder/IServiceManager.h b/include/binder/IServiceManager.h index 24e9e99..2c297d6 100644 --- a/include/binder/IServiceManager.h +++ b/include/binder/IServiceManager.h @@ -47,7 +47,8 @@ public: * Register a service. */ virtual status_t addService( const String16& name, - const sp<IBinder>& service) = 0; + const sp<IBinder>& service, + bool allowIsolated = false) = 0; /** * Return list of all existing services. diff --git a/libs/binder/IServiceManager.cpp b/libs/binder/IServiceManager.cpp index 33b305d..1750640 100644 --- a/libs/binder/IServiceManager.cpp +++ b/libs/binder/IServiceManager.cpp @@ -151,12 +151,14 @@ public: return reply.readStrongBinder(); } - virtual status_t addService(const String16& name, const sp<IBinder>& service) + virtual status_t addService(const String16& name, const sp<IBinder>& service, + bool allowIsolated) { Parcel data, reply; data.writeInterfaceToken(IServiceManager::getInterfaceDescriptor()); data.writeString16(name); data.writeStrongBinder(service); + data.writeInt32(allowIsolated ? 1 : 0); status_t err = remote()->transact(ADD_SERVICE_TRANSACTION, data, &reply); return err == NO_ERROR ? reply.readExceptionCode() : err; } diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java index 10a0efe..a110dd6 100644 --- a/services/java/com/android/server/am/ActivityManagerService.java +++ b/services/java/com/android/server/am/ActivityManagerService.java @@ -2093,7 +2093,7 @@ public final class ActivityManagerService extends ActivityManagerNative try { ActivityManagerService m = mSelf; - ServiceManager.addService("activity", m); + ServiceManager.addService("activity", m, true); ServiceManager.addService("meminfo", new MemBinder(m)); ServiceManager.addService("gfxinfo", new GraphicsBinder(m)); ServiceManager.addService("dbinfo", new DbBinder(m)); @@ -2964,37 +2964,52 @@ public final class ActivityManagerService extends ActivityManagerNative return mCompatModePackages.compatibilityInfoForPackageLocked(ai); } + void enforceNotIsolatedCaller(String caller) { + if (UserId.isIsolated(Binder.getCallingUid())) { + throw new SecurityException("Isolated process not allowed to call " + caller); + } + } + public int getFrontActivityScreenCompatMode() { + enforceNotIsolatedCaller("getFrontActivityScreenCompatMode"); synchronized (this) { return mCompatModePackages.getFrontActivityScreenCompatModeLocked(); } } public void setFrontActivityScreenCompatMode(int mode) { + enforceCallingPermission(android.Manifest.permission.SET_SCREEN_COMPATIBILITY, + "setFrontActivityScreenCompatMode"); synchronized (this) { mCompatModePackages.setFrontActivityScreenCompatModeLocked(mode); } } public int getPackageScreenCompatMode(String packageName) { + enforceNotIsolatedCaller("getPackageScreenCompatMode"); synchronized (this) { return mCompatModePackages.getPackageScreenCompatModeLocked(packageName); } } public void setPackageScreenCompatMode(String packageName, int mode) { + enforceCallingPermission(android.Manifest.permission.SET_SCREEN_COMPATIBILITY, + "setPackageScreenCompatMode"); synchronized (this) { mCompatModePackages.setPackageScreenCompatModeLocked(packageName, mode); } } public boolean getPackageAskScreenCompat(String packageName) { + enforceNotIsolatedCaller("getPackageAskScreenCompat"); synchronized (this) { return mCompatModePackages.getPackageAskCompatModeLocked(packageName); } } public void setPackageAskScreenCompat(String packageName, boolean ask) { + enforceCallingPermission(android.Manifest.permission.SET_SCREEN_COMPATIBILITY, + "setPackageAskScreenCompat"); synchronized (this) { mCompatModePackages.setPackageAskCompatModeLocked(packageName, ask); } @@ -3069,6 +3084,7 @@ public final class ActivityManagerService extends ActivityManagerNative int grantedMode, IBinder resultTo, String resultWho, int requestCode, boolean onlyIfNeeded, boolean debug, String profileFile, ParcelFileDescriptor profileFd, boolean autoStopProfiler) { + enforceNotIsolatedCaller("startActivity"); int userId = 0; if (intent.getCategories() != null && intent.getCategories().contains(Intent.CATEGORY_HOME)) { // Requesting home, set the identity to the current user @@ -3093,6 +3109,7 @@ public final class ActivityManagerService extends ActivityManagerNative int grantedMode, IBinder resultTo, String resultWho, int requestCode, boolean onlyIfNeeded, boolean debug, String profileFile, ParcelFileDescriptor profileFd, boolean autoStopProfiler) { + enforceNotIsolatedCaller("startActivityAndWait"); WaitResult res = new WaitResult(); int userId = Binder.getOrigCallingUser(); mMainStack.startActivityMayWait(caller, -1, intent, resolvedType, @@ -3107,6 +3124,7 @@ public final class ActivityManagerService extends ActivityManagerNative int grantedMode, IBinder resultTo, String resultWho, int requestCode, boolean onlyIfNeeded, boolean debug, Configuration config) { + enforceNotIsolatedCaller("startActivityWithConfig"); int ret = mMainStack.startActivityMayWait(caller, -1, intent, resolvedType, grantedUriPermissions, grantedMode, resultTo, resultWho, requestCode, onlyIfNeeded, @@ -3118,6 +3136,7 @@ public final class ActivityManagerService extends ActivityManagerNative IntentSender intent, Intent fillInIntent, String resolvedType, IBinder resultTo, String resultWho, int requestCode, int flagsMask, int flagsValues) { + enforceNotIsolatedCaller("startActivityIntentSender"); // Refuse possible leaked file descriptors if (fillInIntent != null && fillInIntent.hasFileDescriptors()) { throw new IllegalArgumentException("File descriptors passed in Intent"); @@ -3259,6 +3278,7 @@ public final class ActivityManagerService extends ActivityManagerNative public final int startActivities(IApplicationThread caller, Intent[] intents, String[] resolvedTypes, IBinder resultTo) { + enforceNotIsolatedCaller("startActivities"); int ret = mMainStack.startActivities(caller, -1, intents, resolvedTypes, resultTo, Binder.getOrigCallingUser()); return ret; @@ -4020,6 +4040,7 @@ public final class ActivityManagerService extends ActivityManagerNative public boolean clearApplicationUserData(final String packageName, final IPackageDataObserver observer, final int userId) { + enforceNotIsolatedCaller("clearApplicationUserData"); int uid = Binder.getCallingUid(); int pid = Binder.getCallingPid(); long callingId = Binder.clearCallingIdentity(); @@ -4208,6 +4229,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public void closeSystemDialogs(String reason) { + enforceNotIsolatedCaller("closeSystemDialogs"); Intent intent = new Intent(Intent.ACTION_CLOSE_SYSTEM_DIALOGS); intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); if (reason != null) { @@ -4248,6 +4270,7 @@ public final class ActivityManagerService extends ActivityManagerNative public Debug.MemoryInfo[] getProcessMemoryInfo(int[] pids) throws RemoteException { + enforceNotIsolatedCaller("getProcessMemoryInfo"); Debug.MemoryInfo[] infos = new Debug.MemoryInfo[pids.length]; for (int i=pids.length-1; i>=0; i--) { infos[i] = new Debug.MemoryInfo(); @@ -4257,6 +4280,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public long[] getProcessPss(int[] pids) throws RemoteException { + enforceNotIsolatedCaller("getProcessPss"); long[] pss = new long[pids.length]; for (int i=pids.length-1; i>=0; i--) { pss[i] = Debug.getPss(pids[i]); @@ -4825,10 +4849,12 @@ public final class ActivityManagerService extends ActivityManagerNative } public void showBootMessage(final CharSequence msg, final boolean always) { + enforceNotIsolatedCaller("showBootMessage"); mWindowManager.showBootMessage(msg, always); } public void dismissKeyguardOnNextActivity() { + enforceNotIsolatedCaller("dismissKeyguardOnNextActivity"); synchronized (this) { mMainStack.dismissKeyguardOnNextActivityLocked(); } @@ -4991,6 +5017,7 @@ public final class ActivityManagerService extends ActivityManagerNative public IIntentSender getIntentSender(int type, String packageName, IBinder token, String resultWho, int requestCode, Intent[] intents, String[] resolvedTypes, int flags) { + enforceNotIsolatedCaller("getIntentSender"); // Refuse possible leaked file descriptors if (intents != null) { if (intents.length < 1) { @@ -5293,6 +5320,10 @@ public final class ActivityManagerService extends ActivityManagerNative if (uid == 0 || uid == Process.SYSTEM_UID || pid == MY_PID) { return PackageManager.PERMISSION_GRANTED; } + // Isolated processes don't get any permissions. + if (UserId.isIsolated(uid)) { + return PackageManager.PERMISSION_DENIED; + } // If there is a uid that owns whatever is being accessed, it has // blanket access to it regardless of the permissions it requires. if (owningUid >= 0 && UserId.isSameApp(uid, owningUid)) { @@ -5445,6 +5476,8 @@ public final class ActivityManagerService extends ActivityManagerNative } public int checkUriPermission(Uri uri, int pid, int uid, int modeFlags) { + enforceNotIsolatedCaller("checkUriPermission"); + // Another redirected-binder-call permissions check as in // {@link checkComponentPermission}. Identity tlsIdentity = sCallerIdentity.get(); @@ -5595,6 +5628,7 @@ public final class ActivityManagerService extends ActivityManagerNative public int checkGrantUriPermission(int callingUid, String targetPkg, Uri uri, int modeFlags) { + enforceNotIsolatedCaller("checkGrantUriPermission"); synchronized(this) { return checkGrantUriPermissionLocked(callingUid, targetPkg, uri, modeFlags); } @@ -5703,6 +5737,7 @@ public final class ActivityManagerService extends ActivityManagerNative public void grantUriPermission(IApplicationThread caller, String targetPkg, Uri uri, int modeFlags) { + enforceNotIsolatedCaller("grantUriPermission"); synchronized(this) { final ProcessRecord r = getRecordForAppLocked(caller); if (r == null) { @@ -5826,6 +5861,7 @@ public final class ActivityManagerService extends ActivityManagerNative public void revokeUriPermission(IApplicationThread caller, Uri uri, int modeFlags) { + enforceNotIsolatedCaller("revokeUriPermission"); synchronized(this) { final ProcessRecord r = getRecordForAppLocked(caller); if (r == null) { @@ -5870,6 +5906,7 @@ public final class ActivityManagerService extends ActivityManagerNative @Override public IBinder newUriPermissionOwner(String name) { + enforceNotIsolatedCaller("newUriPermissionOwner"); synchronized(this) { UriPermissionOwner owner = new UriPermissionOwner(this, name); return owner.getExternalTokenLocked(); @@ -6406,6 +6443,7 @@ public final class ActivityManagerService extends ActivityManagerNative * @return Returns true if the move completed, false if not. */ public boolean moveActivityTaskToBack(IBinder token, boolean nonRoot) { + enforceNotIsolatedCaller("moveActivityTaskToBack"); synchronized(this) { final long origId = Binder.clearCallingIdentity(); int taskId = getTaskForActivityLocked(token, !nonRoot); @@ -6460,6 +6498,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public void finishOtherInstances(IBinder token, ComponentName className) { + enforceNotIsolatedCaller("finishOtherInstances"); synchronized(this) { final long origId = Binder.clearCallingIdentity(); @@ -6938,6 +6977,7 @@ public final class ActivityManagerService extends ActivityManagerNative public final ContentProviderHolder getContentProvider( IApplicationThread caller, String name) { + enforceNotIsolatedCaller("getContentProvider"); if (caller == null) { String msg = "null IApplicationThread when getting content provider " + name; @@ -6958,6 +6998,7 @@ public final class ActivityManagerService extends ActivityManagerNative * @param cpr */ public void removeContentProvider(IApplicationThread caller, String name) { + enforceNotIsolatedCaller("removeContentProvider"); synchronized (this) { int userId = UserId.getUserId(Binder.getCallingUid()); ContentProviderRecord cpr = mProviderMap.getProviderByName(name, userId); @@ -7020,6 +7061,7 @@ public final class ActivityManagerService extends ActivityManagerNative return; } + enforceNotIsolatedCaller("publishContentProviders"); synchronized(this) { final ProcessRecord r = getRecordForAppLocked(caller); if (DEBUG_MU) @@ -7107,6 +7149,7 @@ public final class ActivityManagerService extends ActivityManagerNative * src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java */ public String getProviderMimeType(Uri uri) { + enforceNotIsolatedCaller("getProviderMimeType"); final String name = uri.getAuthority(); final long ident = Binder.clearCallingIdentity(); ContentProviderHolder holder = null; @@ -7224,6 +7267,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public ParcelFileDescriptor openContentUri(Uri uri) throws RemoteException { + enforceNotIsolatedCaller("openContentUri"); String name = uri.getAuthority(); ContentProviderHolder cph = getContentProviderExternal(name); ParcelFileDescriptor pfd = null; @@ -7477,6 +7521,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public void registerActivityWatcher(IActivityWatcher watcher) { + enforceNotIsolatedCaller("registerActivityWatcher"); synchronized (this) { mWatchers.register(watcher); } @@ -7489,6 +7534,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public void registerProcessObserver(IProcessObserver observer) { + enforceNotIsolatedCaller("registerProcessObserver"); mProcessObservers.register(observer); } @@ -7517,6 +7563,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public boolean isTopActivityImmersive() { + enforceNotIsolatedCaller("startActivity"); synchronized (this) { ActivityRecord r = mMainStack.topRunningActivityLocked(null); return (r != null) ? r.immersive : false; @@ -8701,6 +8748,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public List<ActivityManager.ProcessErrorStateInfo> getProcessesInErrorState() { + enforceNotIsolatedCaller("getProcessesInErrorState"); // assume our apps are happy - lazy create the list List<ActivityManager.ProcessErrorStateInfo> errList = null; @@ -8763,6 +8811,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public List<ActivityManager.RunningAppProcessInfo> getRunningAppProcesses() { + enforceNotIsolatedCaller("getRunningAppProcesses"); // Lazy instantiation of list List<ActivityManager.RunningAppProcessInfo> runList = null; synchronized (this) { @@ -8808,6 +8857,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public List<ApplicationInfo> getRunningExternalApplications() { + enforceNotIsolatedCaller("getRunningExternalApplications"); List<ActivityManager.RunningAppProcessInfo> runningApps = getRunningAppProcesses(); List<ApplicationInfo> retList = new ArrayList<ApplicationInfo>(); if (runningApps != null && runningApps.size() > 0) { @@ -11323,6 +11373,7 @@ public final class ActivityManagerService extends ActivityManagerNative public List<ActivityManager.RunningServiceInfo> getServices(int maxNum, int flags) { + enforceNotIsolatedCaller("getServices"); synchronized (this) { ArrayList<ActivityManager.RunningServiceInfo> res = new ArrayList<ActivityManager.RunningServiceInfo>(); @@ -11349,6 +11400,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public PendingIntent getRunningServiceControlPanel(ComponentName name) { + enforceNotIsolatedCaller("getRunningServiceControlPanel"); synchronized (this) { int userId = UserId.getUserId(Binder.getCallingUid()); ServiceRecord r = mServiceMap.getServiceByName(name, userId); @@ -12076,6 +12128,7 @@ public final class ActivityManagerService extends ActivityManagerNative public ComponentName startService(IApplicationThread caller, Intent service, String resolvedType) { + enforceNotIsolatedCaller("startService"); // Refuse possible leaked file descriptors if (service != null && service.hasFileDescriptors() == true) { throw new IllegalArgumentException("File descriptors passed in Intent"); @@ -12118,6 +12171,7 @@ public final class ActivityManagerService extends ActivityManagerNative public int stopService(IApplicationThread caller, Intent service, String resolvedType) { + enforceNotIsolatedCaller("stopService"); // Refuse possible leaked file descriptors if (service != null && service.hasFileDescriptors() == true) { throw new IllegalArgumentException("File descriptors passed in Intent"); @@ -12155,6 +12209,7 @@ public final class ActivityManagerService extends ActivityManagerNative } public IBinder peekService(Intent service, String resolvedType) { + enforceNotIsolatedCaller("peekService"); // Refuse possible leaked file descriptors if (service != null && service.hasFileDescriptors() == true) { throw new IllegalArgumentException("File descriptors passed in Intent"); @@ -12293,6 +12348,7 @@ public final class ActivityManagerService extends ActivityManagerNative public int bindService(IApplicationThread caller, IBinder token, Intent service, String resolvedType, IServiceConnection connection, int flags) { + enforceNotIsolatedCaller("bindService"); // Refuse possible leaked file descriptors if (service != null && service.hasFileDescriptors() == true) { throw new IllegalArgumentException("File descriptors passed in Intent"); @@ -12949,6 +13005,7 @@ public final class ActivityManagerService extends ActivityManagerNative public Intent registerReceiver(IApplicationThread caller, String callerPackage, IIntentReceiver receiver, IntentFilter filter, String permission) { + enforceNotIsolatedCaller("registerReceiver"); synchronized(this) { ProcessRecord callerApp = null; if (caller != null) { @@ -13458,6 +13515,7 @@ public final class ActivityManagerService extends ActivityManagerNative Intent intent, String resolvedType, IIntentReceiver resultTo, int resultCode, String resultData, Bundle map, String requiredPermission, boolean serialized, boolean sticky, int userId) { + enforceNotIsolatedCaller("broadcastIntent"); synchronized(this) { intent = verifyBroadcastLocked(intent); @@ -13704,6 +13762,7 @@ public final class ActivityManagerService extends ActivityManagerNative public boolean startInstrumentation(ComponentName className, String profileFile, int flags, Bundle arguments, IInstrumentationWatcher watcher) { + enforceNotIsolatedCaller("startInstrumentation"); // Refuse possible leaked file descriptors if (arguments != null && arguments.hasFileDescriptors()) { throw new IllegalArgumentException("File descriptors passed in Bundle"); @@ -13901,7 +13960,7 @@ public final class ActivityManagerService extends ActivityManagerNative * configuration. * @param persistent TODO */ - public boolean updateConfigurationLocked(Configuration values, + boolean updateConfigurationLocked(Configuration values, ActivityRecord starting, boolean persistent, boolean initLocale) { int changes = 0; @@ -15321,7 +15380,7 @@ public final class ActivityManagerService extends ActivityManagerNative synchronized (this) { } } - public void onCoreSettingsChange(Bundle settings) { + void onCoreSettingsChange(Bundle settings) { for (int i = mLruProcesses.size() - 1; i >= 0; i--) { ProcessRecord processRecord = mLruProcesses.get(i); try { |