8 files changed, 45 insertions, 50 deletions

diff --git a/api/system-current.txt b/api/system-current.txt
index 2880446..e068a40 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -110,6 +110,7 @@ package android {
     field public static final java.lang.String INTERNET = "android.permission.INTERNET";
     field public static final java.lang.String INVOKE_CARRIER_SETUP = "android.permission.INVOKE_CARRIER_SETUP";
     field public static final java.lang.String KILL_BACKGROUND_PROCESSES = "android.permission.KILL_BACKGROUND_PROCESSES";
+    field public static final java.lang.String KILL_UID = "android.permission.KILL_UID";
     field public static final java.lang.String LOCATION_HARDWARE = "android.permission.LOCATION_HARDWARE";
     field public static final java.lang.String LOOP_RADIO = "android.permission.LOOP_RADIO";
     field public static final java.lang.String MANAGE_ACCOUNTS = "android.permission.MANAGE_ACCOUNTS";
@@ -3670,6 +3671,7 @@ package android.app {
     method public static boolean isRunningInTestHarness();
     method public static boolean isUserAMonkey();
     method public void killBackgroundProcesses(java.lang.String);
+    method public void killUid(int, java.lang.String);
     method public void moveTaskToFront(int, int);
     method public void moveTaskToFront(int, int, android.os.Bundle);
     method public deprecated void restartPackage(java.lang.String);
diff --git a/core/java/android/app/ActivityManager.java b/core/java/android/app/ActivityManager.java
index 576a046..9bbb4be 100644
--- a/core/java/android/app/ActivityManager.java
+++ b/core/java/android/app/ActivityManager.java
@@ -16,8 +16,10 @@
 
 package android.app;
 
+import android.Manifest;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
+import android.annotation.RequiresPermission;
 import android.annotation.SystemApi;
 import android.graphics.Canvas;
 import android.graphics.Matrix;
@@ -26,6 +28,7 @@ import android.os.BatteryStats;
 import android.os.IBinder;
 import android.os.ParcelFileDescriptor;
 
+import android.util.Log;
 import com.android.internal.app.ProcessStats;
 import com.android.internal.os.TransferPipe;
 import com.android.internal.util.FastPrintWriter;
@@ -2396,7 +2399,24 @@ public class ActivityManager {
         } catch (RemoteException e) {
         }
     }
-    
+
+    /**
+     * Kills the specified UID.
+     * @param uid The UID to kill.
+     * @param reason The reason for the kill.
+     *
+     * @hide
+     */
+    @SystemApi
+    @RequiresPermission(Manifest.permission.KILL_UID)
+    public void killUid(int uid, String reason) {
+        try {
+            ActivityManagerNative.getDefault().killUid(uid, reason);
+        } catch (RemoteException e) {
+            Log.e(TAG, "Couldn't kill uid:" + uid, e);
+        }
+    }
+
     /**
      * Have the system perform a force stop of everything associated with
      * the given application package.  All processes that share its uid
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index 6bbbf9e..5aa399b 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -941,7 +941,8 @@ public class AppOpsManager {
      * @hide
      */
     public static int permissionToOpCode(String permission) {
-        return sPermToOp.get(permission);
+        Integer boxedOpCode = sPermToOp.get(permission);
+        return boxedOpCode != null ? boxedOpCode : OP_NONE;
     }
 
     /**
diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl
index 0b24594..94b0223 100644
--- a/core/java/android/content/pm/IPackageManager.aidl
+++ b/core/java/android/content/pm/IPackageManager.aidl
@@ -96,9 +96,9 @@ interface IPackageManager {
 
     void removePermission(String name);
 
-    boolean grantPermission(String packageName, String permissionName, int userId);
+    void grantPermission(String packageName, String permissionName, int userId);
 
-    boolean revokePermission(String packageName, String permissionName, int userId);
+    void revokePermission(String packageName, String permissionName, int userId);
 
     boolean isProtectedBroadcast(String actionName);
 
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 942e6a6..a162b4a 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2433,6 +2433,12 @@
     <permission android:name="android.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT"
                 android:protectionLevel="signature" />
 
+    <!-- @SystemApi Allows applications to kill UIDs.
+        <p>Not for use by third-party applications.
+         @hide -->
+    <permission android:name="android.permission.KILL_UID"
+                android:protectionLevel="signature" />
+
     <!-- The system process is explicitly the only one allowed to launch the
          confirmation UI for full backup/restore -->
     <uses-permission android:name="android.permission.CONFIRM_FULL_BACKUP"/>
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index eea6234..42b27af 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -10754,9 +10754,7 @@ public final class ActivityManagerService extends ActivityManagerNative
 
     @Override
     public void killUid(int uid, String reason) {
-        if (Binder.getCallingUid() != Process.SYSTEM_UID) {
-            throw new SecurityException("killUid only available to the system");
-        }
+        enforceCallingPermission(Manifest.permission.KILL_UID, "killUid");
         synchronized (this) {
             killPackageProcessesLocked(null, UserHandle.getAppId(uid), UserHandle.getUserId(uid),
                     ProcessList.FOREGROUND_APP_ADJ-1, false, true, true, false,
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 423c732..f30a5674 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -277,8 +277,6 @@ public class PackageManagerService extends IPackageManager.Stub {
     private static final boolean DEBUG_DEXOPT = false;
     private static final boolean DEBUG_ABI_SELECTION = false;
 
-    static final boolean RUNTIME_PERMISSIONS_ENABLED = true;
-
     private static final int RADIO_UID = Process.PHONE_UID;
     private static final int LOG_UID = Process.LOG_UID;
     private static final int NFC_UID = Process.NFC_UID;
@@ -2131,13 +2129,6 @@ public class PackageManagerService extends IPackageManager.Stub {
                     + "; regranting permissions for internal storage");
             mSettings.mInternalSdkPlatform = mSdkVersion;
 
-            // For now runtime permissions are toggled via a system property.
-            if (!RUNTIME_PERMISSIONS_ENABLED) {
-                // Remove the runtime permissions state if the feature
-                // was disabled by flipping the system property.
-                mSettings.deleteRuntimePermissionsFiles();
-            }
-
             updatePermissionsLPw(null, null, UPDATE_PERMISSIONS_ALL
                     | (regrantPermissions
                             ? (UPDATE_PERMISSIONS_REPLACE_PKG|UPDATE_PERMISSIONS_REPLACE_ALL)
@@ -3149,13 +3140,9 @@ public class PackageManagerService extends IPackageManager.Stub {
     }
 
     @Override
-    public boolean grantPermission(String packageName, String name, int userId) {
-        if (!RUNTIME_PERMISSIONS_ENABLED) {
-            return false;
-        }
-
+    public void grantPermission(String packageName, String name, int userId) {
         if (!sUserManager.exists(userId)) {
-            return false;
+            return;
         }
 
         mContext.enforceCallingOrSelfPermission(
@@ -3191,12 +3178,13 @@ public class PackageManagerService extends IPackageManager.Stub {
             final int result = permissionsState.grantRuntimePermission(bp, userId);
             switch (result) {
                 case PermissionsState.PERMISSION_OPERATION_FAILURE: {
-                    return false;
+                    return;
                 }
 
                 case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
                     gidsChanged = true;
-                } break;
+                }
+                break;
             }
 
             // Not critical if that is lost - app has to request again.
@@ -3206,18 +3194,12 @@ public class PackageManagerService extends IPackageManager.Stub {
         if (gidsChanged) {
             killSettingPackagesForUser(sb, userId, KILL_APP_REASON_GIDS_CHANGED);
         }
-
-        return true;
     }
 
     @Override
-    public boolean revokePermission(String packageName, String name, int userId) {
-        if (!RUNTIME_PERMISSIONS_ENABLED) {
-            return false;
-        }
-
+    public void revokePermission(String packageName, String name, int userId) {
         if (!sUserManager.exists(userId)) {
-            return false;
+            return;
         }
 
         mContext.enforceCallingOrSelfPermission(
@@ -3251,7 +3233,7 @@ public class PackageManagerService extends IPackageManager.Stub {
 
             if (permissionsState.revokeRuntimePermission(bp, userId) ==
                     PermissionsState.PERMISSION_OPERATION_FAILURE) {
-                return false;
+                return;
             }
 
             // Critical, after this call all should never have the permission.
@@ -3259,8 +3241,6 @@ public class PackageManagerService extends IPackageManager.Stub {
         }
 
         killSettingPackagesForUser(sb, userId, KILL_APP_REASON_PERMISSIONS_REVOKED);
-
-        return true;
     }
 
     @Override
@@ -7604,9 +7584,7 @@ public class PackageManagerService extends IPackageManager.Stub {
                 } break;
 
                 case PermissionInfo.PROTECTION_DANGEROUS: {
-                    if (!RUNTIME_PERMISSIONS_ENABLED
-                            || pkg.applicationInfo.targetSdkVersion
-                                    <= Build.VERSION_CODES.LOLLIPOP_MR1) {
+                    if (pkg.applicationInfo.targetSdkVersion <= Build.VERSION_CODES.LOLLIPOP_MR1) {
                         // For legacy apps dangerous permissions are install time ones.
                         grant = GRANT_INSTALL;
                     } else if (ps.isSystem()) {
@@ -7745,10 +7723,8 @@ public class PackageManagerService extends IPackageManager.Stub {
         ps.setPermissionsUpdatedForUserIds(currentUserIds);
 
         // Persist the runtime permissions state for users with changes.
-        if (RUNTIME_PERMISSIONS_ENABLED) {
-            for (int userId : changedRuntimePermissionUserIds) {
-                mSettings.writeRuntimePermissionsForUserLPr(userId, true);
-            }
+        for (int userId : changedRuntimePermissionUserIds) {
+            mSettings.writeRuntimePermissionsForUserLPr(userId, true);
         }
     }
 
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index d3bfdeb..d476bfde 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -4165,19 +4165,11 @@ final class Settings {
         }
 
         public void writePermissionsForUserSyncLPr(int userId) {
-            if (!PackageManagerService.RUNTIME_PERMISSIONS_ENABLED) {
-                return;
-            }
-
             mHandler.removeMessages(userId);
             writePermissionsSync(userId);
         }
 
         public void writePermissionsForUserAsyncLPr(int userId) {
-            if (!PackageManagerService.RUNTIME_PERMISSIONS_ENABLED) {
-                return;
-            }
-
             final long currentTimeMillis = SystemClock.uptimeMillis();
 
             if (mWriteScheduled.get(userId)) {