Move SystemUI out of system UID.
Add permissions for various things it pokes. Create new permission
to control launching non-exported activities from recents. Hidden
API to relax WallpaperService checks.
Change-Id: I547fdcd7c213dd153ae101533ce7c56cd8f86a0d
diff --git a/core/java/android/service/wallpaper/WallpaperService.java b/core/java/android/service/wallpaper/WallpaperService.java
index 7ce96c0..6917fb2 100644
--- a/core/java/android/service/wallpaper/WallpaperService.java
+++ b/core/java/android/service/wallpaper/WallpaperService.java
@@ -140,6 +140,7 @@
boolean mIsCreating;
boolean mDrawingAllowed;
boolean mOffsetsChanged;
+ boolean mFixedSizeAllowed;
int mWidth;
int mHeight;
int mFormat;
@@ -211,7 +212,7 @@
@Override
public void setFixedSize(int width, int height) {
- if (Process.myUid() != Process.SYSTEM_UID) {
+ if (!mFixedSizeAllowed) {
// Regular apps can't do this. It can only work for
// certain designs of window animations, so you can't
// rely on it.
@@ -385,7 +386,12 @@
updateSurface(false, false, false);
}
}
-
+
+ /** {@hide} */
+ public void setFixedSizeAllowed(boolean allowed) {
+ mFixedSizeAllowed = allowed;
+ }
+
/**
* Called once to initialize the engine. After returning, the
* engine's surface will be created by the framework.
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index f5c0f8f..b7ee2ec 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -737,6 +737,14 @@
android:label="@string/permlab_removeTasks"
android:description="@string/permdesc_removeTasks" />
+ <!-- Allows an application to start any activity, regardless of permission
+ protection or exported state. @hide -->
+ <permission android:name="android.permission.START_ANY_ACTIVITY"
+ android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
+ android:protectionLevel="signature"
+ android:label="@string/permlab_startAnyActivity"
+ android:description="@string/permdesc_startAnyActivity" />
+
<!-- @hide Change the screen compatibility mode of applications -->
<permission android:name="android.permission.SET_SCREEN_COMPATIBILITY"
android:permissionGroup="android.permission-group.SYSTEM_TOOLS"
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
index e00986c..7df24a2 100755
--- a/core/res/res/values/strings.xml
+++ b/core/res/res/values/strings.xml
@@ -538,6 +538,11 @@
tasks and kill their apps. Malicious apps may disrupt
the behavior of other apps.</string>
+ <!-- Title of an application permission, allowing an application to start any activity, regardless of permission protection or exported state. -->
+ <string name="permlab_startAnyActivity">start any activity</string>
+ <!-- Description of an application permission, allowing an application to start any activity, regardless of permission protection or exported state. -->
+ <string name="permdesc_startAnyActivity">Allows the app to start any activity, regardless of permission protection or exported state.</string>
+
<!-- Title of an application permission, allowing control of app screen compatibility mode -->
<string name="permlab_setScreenCompatibility">set screen compatibility</string>
<!-- Description of an application permission, allowing control of app screen compatibility mode -->
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml
index e937587..39fb2b4 100644
--- a/packages/SystemUI/AndroidManifest.xml
+++ b/packages/SystemUI/AndroidManifest.xml
@@ -1,15 +1,44 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.systemui"
- coreApp="true"
- android:sharedUserId="android.uid.system"
- android:process="system"
- >
+ coreApp="true">
+
+ <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
+
+ <uses-permission android:name="android.permission.INJECT_EVENTS" />
+ <uses-permission android:name="android.permission.WRITE_SETTINGS" />
<uses-permission android:name="android.permission.STATUS_BAR_SERVICE" />
+ <uses-permission android:name="android.permission.STATUS_BAR" />
+ <uses-permission android:name="android.permission.EXPAND_STATUS_BAR" />
+
+ <!-- Networking and telephony -->
<uses-permission android:name="android.permission.BLUETOOTH" />
<uses-permission android:name="android.permission.BLUETOOTH_ADMIN" />
- <uses-permission android:name="android.permission.GET_TASKS" />
+ <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+ <uses-permission android:name="android.permission.READ_PHONE_STATE" />
+ <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
+ <uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
+
+ <!-- Physical hardware -->
<uses-permission android:name="android.permission.MANAGE_USB" />
+ <uses-permission android:name="android.permission.DEVICE_POWER" />
+ <uses-permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" />
+ <uses-permission android:name="android.permission.UPDATE_DEVICE_STATS" />
+
+ <!-- ActivityManager -->
+ <uses-permission android:name="android.permission.GET_TASKS" />
+ <uses-permission android:name="android.permission.REORDER_TASKS" />
+ <uses-permission android:name="android.permission.REMOVE_TASKS" />
+ <uses-permission android:name="android.permission.STOP_APP_SWITCHES" />
+ <uses-permission android:name="android.permission.SET_SCREEN_COMPATIBILITY" />
+ <uses-permission android:name="android.permission.START_ANY_ACTIVITY" />
+
+ <!-- WindowManager -->
+ <uses-permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW" />
+ <uses-permission android:name="android.permission.READ_FRAME_BUFFER" />
+ <uses-permission android:name="android.permission.MANAGE_APP_TOKENS" />
+ <uses-permission android:name="android.permission.SET_ORIENTATION" />
+ <uses-permission android:name="android.permission.DISABLE_KEYGUARD" />
<application
android:persistent="true"
diff --git a/packages/SystemUI/src/com/android/systemui/ImageWallpaper.java b/packages/SystemUI/src/com/android/systemui/ImageWallpaper.java
index 724679f..c60c806 100644
--- a/packages/SystemUI/src/com/android/systemui/ImageWallpaper.java
+++ b/packages/SystemUI/src/com/android/systemui/ImageWallpaper.java
@@ -155,6 +155,11 @@
}
}
+ public DrawableEngine() {
+ super();
+ setFixedSizeAllowed(true);
+ }
+
@Override
public void onCreate(SurfaceHolder surfaceHolder) {
if (DEBUG) {
diff --git a/services/java/com/android/server/am/ActivityStack.java b/services/java/com/android/server/am/ActivityStack.java
index ad13c41..24bab99 100644
--- a/services/java/com/android/server/am/ActivityStack.java
+++ b/services/java/com/android/server/am/ActivityStack.java
@@ -16,6 +16,9 @@
package com.android.server.am;
+import static android.Manifest.permission.START_ANY_ACTIVITY;
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+
import com.android.internal.app.HeavyWeightSwitcherActivity;
import com.android.internal.os.BatteryStatsImpl;
import com.android.server.am.ActivityManagerService.PendingActivityLaunch;
@@ -2407,9 +2410,11 @@
return err;
}
- final int perm = mService.checkComponentPermission(aInfo.permission, callingPid,
+ final int startAnyPerm = mService.checkPermission(
+ START_ANY_ACTIVITY, callingPid, callingUid);
+ final int componentPerm = mService.checkComponentPermission(aInfo.permission, callingPid,
callingUid, aInfo.applicationInfo.uid, aInfo.exported);
- if (perm != PackageManager.PERMISSION_GRANTED) {
+ if (startAnyPerm != PERMISSION_GRANTED && componentPerm != PERMISSION_GRANTED) {
if (resultRecord != null) {
sendActivityResultLocked(-1,
resultRecord, resultWho, requestCode,