From aa41add33b8d7d318387cc74c34e3d347d245211 Mon Sep 17 00:00:00 2001
From: Svetoslav <svetoslavganov@google.com>
Date: Thu, 6 Aug 2015 15:03:55 -0700
Subject: Immediately kill a shared user process on a permission revocation.
1. When a permission is revoked we kill the app immediately but do
not do an immediate kill for shared uid processes. This fixes it.
2. Remove system APIs that are used only by the package installer.
bug:22984670
Change-Id: I3d4ae52ea8679f894aa7c5972941263903479183
---
.../android/server/am/ActivityManagerService.java | 7 ++-
.../com/android/server/audio/AudioService.java | 4 +-
.../android/server/pm/PackageManagerService.java | 57 +++++++---------------
3 files changed, 23 insertions(+), 45 deletions(-)
(limited to 'services')
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index b8d32c3..bc7ee6d 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -5521,7 +5521,7 @@ public final class ActivityManagerService extends ActivityManagerNative
// If no package is specified, we call all processes under the
// give user id.
if (packageName == null) {
- if (app.userId != userId) {
+ if (userId != UserHandle.USER_ALL && app.userId != userId) {
continue;
}
if (appId >= 0 && UserHandle.getAppId(app.uid) != appId) {
@@ -11226,13 +11226,12 @@ public final class ActivityManagerService extends ActivityManagerNative
}
@Override
- public void killUid(int uid, String reason) {
+ public void killUid(int appId, int userId, String reason) {
enforceCallingPermission(Manifest.permission.KILL_UID, "killUid");
synchronized (this) {
final long identity = Binder.clearCallingIdentity();
try {
- killPackageProcessesLocked(null, UserHandle.getAppId(uid),
- UserHandle.getUserId(uid),
+ killPackageProcessesLocked(null, appId, userId,
ProcessList.PERSISTENT_PROC_ADJ, false, true, true, true,
reason != null ? reason : "kill uid");
} finally {
diff --git a/services/core/java/com/android/server/audio/AudioService.java b/services/core/java/com/android/server/audio/AudioService.java
index a0ededf..7565e9d 100644
--- a/services/core/java/com/android/server/audio/AudioService.java
+++ b/services/core/java/com/android/server/audio/AudioService.java
@@ -5150,7 +5150,9 @@ public class AudioService extends IAudioService.Stub {
continue;
}
try {
- ActivityManagerNative.getDefault().killUid(pkg.applicationInfo.uid,
+ final int uid = pkg.applicationInfo.uid;
+ ActivityManagerNative.getDefault().killUid(UserHandle.getAppId(uid),
+ UserHandle.getUserId(uid),
"killBackgroundUserProcessesWithAudioRecordPermission");
} catch (RemoteException e) {
Log.w(TAG, "Error calling killUid", e);
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 11e30b5..6e902e5 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3469,10 +3469,11 @@ public class PackageManagerService extends IPackageManager.Stub {
}
case PermissionsState.PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
+ final int appId = UserHandle.getAppId(pkg.applicationInfo.uid);
mHandler.post(new Runnable() {
@Override
public void run() {
- killSettingPackagesForUser(sb, userId, KILL_APP_REASON_GIDS_CHANGED);
+ killUid(appId, userId, KILL_APP_REASON_GIDS_CHANGED);
}
});
} break;
@@ -3516,7 +3517,7 @@ public class PackageManagerService extends IPackageManager.Stub {
enforceCrossUserPermission(Binder.getCallingUid(), userId, true, false,
"revokeRuntimePermission");
- final SettingBase sb;
+ final int appId;
synchronized (mPackages) {
final PackageParser.Package pkg = mPackages.get(packageName);
@@ -3531,7 +3532,7 @@ public class PackageManagerService extends IPackageManager.Stub {
enforceDeclaredAsUsedAndRuntimePermission(pkg, bp);
- sb = (SettingBase) pkg.mExtras;
+ SettingBase sb = (SettingBase) pkg.mExtras;
if (sb == null) {
throw new IllegalArgumentException("Unknown package: " + packageName);
}
@@ -3553,9 +3554,11 @@ public class PackageManagerService extends IPackageManager.Stub {
// Critical, after this call app should never have the permission.
mSettings.writeRuntimePermissionsForUserLPr(userId, true);
+
+ appId = UserHandle.getAppId(pkg.applicationInfo.uid);
}
- killSettingPackagesForUser(sb, userId, KILL_APP_REASON_PERMISSIONS_REVOKED);
+ killUid(appId, userId, KILL_APP_REASON_PERMISSIONS_REVOKED);
}
@Override
@@ -3859,28 +3862,15 @@ public class PackageManagerService extends IPackageManager.Stub {
}
}
- private void killSettingPackagesForUser(SettingBase sb, int userId, String reason) {
+ private void killUid(int appId, int userId, String reason) {
final long identity = Binder.clearCallingIdentity();
try {
- if (sb instanceof SharedUserSetting) {
- SharedUserSetting sus = (SharedUserSetting) sb;
- final int packageCount = sus.packages.size();
- for (int i = 0; i < packageCount; i++) {
- PackageSetting susPs = sus.packages.valueAt(i);
- if (userId == UserHandle.USER_ALL) {
- killApplication(susPs.pkg.packageName, susPs.appId, reason);
- } else {
- final int uid = UserHandle.getUid(userId, susPs.appId);
- killUid(uid, reason);
- }
- }
- } else if (sb instanceof PackageSetting) {
- PackageSetting ps = (PackageSetting) sb;
- if (userId == UserHandle.USER_ALL) {
- killApplication(ps.pkg.packageName, ps.appId, reason);
- } else {
- final int uid = UserHandle.getUid(userId, ps.appId);
- killUid(uid, reason);
+ IActivityManager am = ActivityManagerNative.getDefault();
+ if (am != null) {
+ try {
+ am.killUid(appId, userId, reason);
+ } catch (RemoteException e) {
+ /* ignore - same process */
}
}
} finally {
@@ -3888,17 +3878,6 @@ public class PackageManagerService extends IPackageManager.Stub {
}
}
- private static void killUid(int uid, String reason) {
- IActivityManager am = ActivityManagerNative.getDefault();
- if (am != null) {
- try {
- am.killUid(uid, reason);
- } catch (RemoteException e) {
- /* ignore - same process */
- }
- }
- }
-
/**
* Compares two sets of signatures. Returns:
* <br />
@@ -12821,7 +12800,7 @@ public class PackageManagerService extends IPackageManager.Stub {
@Override
public void run() {
// This has to happen with no lock held.
- killSettingPackagesForUser(deletedPs, userIdToKill,
+ killApplication(deletedPs.name, deletedPs.appId,
KILL_APP_REASON_GIDS_CHANGED);
}
});
@@ -13403,13 +13382,11 @@ public class PackageManagerService extends IPackageManager.Stub {
case PERMISSION_OPERATION_SUCCESS_GIDS_CHANGED: {
writeRuntimePermissions = true;
- // If gids changed for this user, kill all affected packages.
+ final int appId = ps.appId;
mHandler.post(new Runnable() {
@Override
public void run() {
- // This has to happen with no lock held.
- killSettingPackagesForUser(ps, userId,
- KILL_APP_REASON_GIDS_CHANGED);
+ killUid(appId, userId, KILL_APP_REASON_GIDS_CHANGED);
}
});
} break;
--
cgit v1.1