Immediately kill a shared user process on a permission revocation.

1. When a permission is revoked we kill the app immediately but do not do an immediate kill for shared uid processes. This fixes it. 2. Remove system APIs that are used only by the package installer. bug:22984670 Change-Id: I3d4ae52ea8679f894aa7c5972941263903479183
author: Svetoslav <svetoslavganov@google.com> 2015-08-06 15:03:55 -0700
committer: Svetoslav <svetoslavganov@google.com> 2015-08-06 18:47:41 -0700
commit: aa41add33b8d7d318387cc74c34e3d347d245211 (patch)
tree: 643633b00ab1b46e19076c3b58d20923fc787636 /services
parent: 8eaf18b0ab77184f16870428258650bd12bb2ea5 (diff)
download: frameworks_base-aa41add33b8d7d318387cc74c34e3d347d245211.zip
frameworks_base-aa41add33b8d7d318387cc74c34e3d347d245211.tar.gz
frameworks_base-aa41add33b8d7d318387cc74c34e3d347d245211.tar.bz2
3 files changed, 23 insertions, 45 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index b8d32c3..bc7ee6d 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -5521,7 +5521,7 @@ public final class ActivityManagerService extends ActivityManagerNative
                 // If no package is specified, we call all processes under the
                 // give user id.
                 if (packageName == null) {
-                    if (app.userId != userId) {
+                    if (userId != UserHandle.USER_ALL && app.userId != userId) {
                         continue;
                     }
                     if (appId >= 0 && UserHandle.getAppId(app.uid) != appId) {
@@ -11226,13 +11226,12 @@ public final class ActivityManagerService extends ActivityManagerNative
     }
 
     @Override
-    public void killUid(int uid, String reason) {
+    public void killUid(int appId, int userId, String reason) {
         enforceCallingPermission(Manifest.permission.KILL_UID, "killUid");
         synchronized (this) {
             final long identity = Binder.clearCallingIdentity();
             try {
-                killPackageProcessesLocked(null, UserHandle.getAppId(uid),
-                        UserHandle.getUserId(uid),
+                killPackageProcessesLocked(null, appId, userId,
                         ProcessList.PERSISTENT_PROC_ADJ, false, true, true, true,
                         reason != null ? reason : "kill uid");
             } finally {
diff --git a/services/core/java/com/android/server/audio/AudioService.java b/services/core/java/com/android/server/audio/AudioService.java
index a0ededf..7565e9d 100644
--- a/services/core/java/com/android/server/audio/AudioService.java
+++ b/services/core/java/com/android/server/audio/AudioService.java
@@ -5150,7 +5150,9 @@ public class AudioService extends IAudioService.Stub {
                 continue;
             }
             try {
-                ActivityManagerNative.getDefault().killUid(pkg.applicationInfo.uid,
+                final int uid = pkg.applicationInfo.uid;
+                ActivityManagerNative.getDefault().killUid(UserHandle.getAppId(uid),
+                        UserHandle.getUserId(uid),
                         "killBackgroundUserProcessesWithAudioRecordPermission");
             } catch (RemoteException e) {
                 Log.w(TAG, "Error calling killUid", e);
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 11e30b5..6e902e5 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3469,10 +3469,11 @@ public class PackageManagerService extends IPackageManager.Stub {
                 }
 
                 case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
+                    final int appId = UserHandle.getAppId(pkg.applicationInfo.uid);
                     mHandler.post(new Runnable() {
                         @Override
                         public void run() {
-                            killSettingPackagesForUser(sb, userId, KILL_APP_REASON_GIDS_CHANGED);
+                            killUid(appId, userId, KILL_APP_REASON_GIDS_CHANGED);
                         }
                     });
                 } break;
@@ -3516,7 +3517,7 @@ public class PackageManagerService extends IPackageManager.Stub {
         enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false,
                 "revokeRuntimePermission");
 
-        final SettingBase sb;
+        final int appId;
 
         synchronized (mPackages) {
             final PackageParser.Package pkg = mPackages.get(packageName);
@@ -3531,7 +3532,7 @@ public class PackageManagerService extends IPackageManager.Stub {
 
             enforceDeclaredAsUsedAndRuntimePermission(pkg, bp);
 
-            sb = (SettingBase) pkg.mExtras;
+            SettingBase sb = (SettingBase) pkg.mExtras;
             if (sb == null) {
                 throw new IllegalArgumentException("Unknown package: " + packageName);
             }
@@ -3553,9 +3554,11 @@ public class PackageManagerService extends IPackageManager.Stub {
 
             // Critical, after this call app should never have the permission.
             mSettings.writeRuntimePermissionsForUserLPr(userId, true);
+
+            appId = UserHandle.getAppId(pkg.applicationInfo.uid);
         }
 
-        killSettingPackagesForUser(sb, userId, KILL_APP_REASON_PERMISSIONS_REVOKED);
+        killUid(appId, userId, KILL_APP_REASON_PERMISSIONS_REVOKED);
     }
 
     @Override
@@ -3859,28 +3862,15 @@ public class PackageManagerService extends IPackageManager.Stub {
         }
     }
 
-    private void killSettingPackagesForUser(SettingBase sb, int userId, String reason) {
+    private void killUid(int appId, int userId, String reason) {
         final long identity = Binder.clearCallingIdentity();
         try {
-            if (sb instanceof SharedUserSetting) {
-                SharedUserSetting sus = (SharedUserSetting) sb;
-                final int packageCount = sus.packages.size();
-                for (int i = 0; i < packageCount; i++) {
-                    PackageSetting susPs = sus.packages.valueAt(i);
-                    if (userId == UserHandle.USER_ALL) {
-                        killApplication(susPs.pkg.packageName, susPs.appId, reason);
-                    } else {
-                        final int uid = UserHandle.getUid(userId, susPs.appId);
-                        killUid(uid, reason);
-                    }
-                }
-            } else if (sb instanceof PackageSetting) {
-                PackageSetting ps = (PackageSetting) sb;
-                if (userId == UserHandle.USER_ALL) {
-                    killApplication(ps.pkg.packageName, ps.appId, reason);
-                } else {
-                    final int uid = UserHandle.getUid(userId, ps.appId);
-                    killUid(uid, reason);
+            IActivityManager am = ActivityManagerNative.getDefault();
+            if (am != null) {
+                try {
+                    am.killUid(appId, userId, reason);
+                } catch (RemoteException e) {
+                    /* ignore - same process */
                 }
             }
         } finally {
@@ -3888,17 +3878,6 @@ public class PackageManagerService extends IPackageManager.Stub {
         }
     }
 
-    private static void killUid(int uid, String reason) {
-        IActivityManager am = ActivityManagerNative.getDefault();
-        if (am != null) {
-            try {
-                am.killUid(uid, reason);
-            } catch (RemoteException e) {
-                /* ignore - same process */
-            }
-        }
-    }
-
     /**
      * Compares two sets of signatures. Returns:
      * <br />
@@ -12821,7 +12800,7 @@ public class PackageManagerService extends IPackageManager.Stub {
                                     @Override
                                     public void run() {
                                         // This has to happen with no lock held.
-                                        killSettingPackagesForUser(deletedPs, userIdToKill,
+                                        killApplication(deletedPs.name, deletedPs.appId,
                                                 KILL_APP_REASON_GIDS_CHANGED);
                                     }
                                 });
@@ -13403,13 +13382,11 @@ public class PackageManagerService extends IPackageManager.Stub {
 
                     case PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
                         writeRuntimePermissions = true;
-                        // If gids changed for this user, kill all affected packages.
+                        final int appId = ps.appId;
                         mHandler.post(new Runnable() {
                             @Override
                             public void run() {
-                                // This has to happen with no lock held.
-                                killSettingPackagesForUser(ps, userId,
-                                        KILL_APP_REASON_GIDS_CHANGED);
+                                killUid(appId, userId, KILL_APP_REASON_GIDS_CHANGED);
                             }
                         });
                     } break;
author	Svetoslav <svetoslavganov@google.com>	2015-08-06 15:03:55 -0700
committer	Svetoslav <svetoslavganov@google.com>	2015-08-06 18:47:41 -0700
commit	aa41add33b8d7d318387cc74c34e3d347d245211 (patch)
tree	643633b00ab1b46e19076c3b58d20923fc787636 /services
parent	8eaf18b0ab77184f16870428258650bd12bb2ea5 (diff)
download	frameworks_base-aa41add33b8d7d318387cc74c34e3d347d245211.zip frameworks_base-aa41add33b8d7d318387cc74c34e3d347d245211.tar.gz frameworks_base-aa41add33b8d7d318387cc74c34e3d347d245211.tar.bz2