Kill processes when permissions are revoked.
Some permissions are associated with gids, so we need to
kill any running processes if their permission is revoked.
We will do this for any permission being revoked, since
the association between gids and permissions can change
over time.
Change-Id: Ieb7408e032539c4f21eb089d65a7a7e6c289f010
diff --git a/core/java/android/app/ActivityManagerNative.java b/core/java/android/app/ActivityManagerNative.java
index aca4f9c..c99051b 100644
--- a/core/java/android/app/ActivityManagerNative.java
+++ b/core/java/android/app/ActivityManagerNative.java
@@ -1853,6 +1853,15 @@
return true;
}
+ case KILL_UID_TRANSACTION: {
+ data.enforceInterface(IActivityManager.descriptor);
+ int uid = data.readInt();
+ String reason = data.readString();
+ killUid(uid, reason);
+ reply.writeNoException();
+ return true;
+ }
+
}
return super.onTransact(code, data, reply, flags);
@@ -3335,6 +3344,7 @@
data.writeString(reason);
data.writeInt(secure ? 1 : 0);
mRemote.transact(KILL_PIDS_TRANSACTION, data, reply, 0);
+ reply.readException();
boolean res = reply.readInt() != 0;
data.recycle();
reply.recycle();
@@ -4229,5 +4239,17 @@
reply.recycle();
}
+ public void killUid(int uid, String reason) throws RemoteException {
+ Parcel data = Parcel.obtain();
+ Parcel reply = Parcel.obtain();
+ data.writeInterfaceToken(IActivityManager.descriptor);
+ data.writeInt(uid);
+ data.writeString(reason);
+ mRemote.transact(KILL_UID_TRANSACTION, data, reply, 0);
+ reply.readException();
+ data.recycle();
+ reply.recycle();
+ }
+
private IBinder mRemote;
}
diff --git a/core/java/android/app/IActivityManager.java b/core/java/android/app/IActivityManager.java
index cf4c729..fa8839a 100644
--- a/core/java/android/app/IActivityManager.java
+++ b/core/java/android/app/IActivityManager.java
@@ -373,6 +373,8 @@
public void reportTopActivityExtras(IBinder token, Bundle extras) throws RemoteException;
+ public void killUid(int uid, String reason) throws RemoteException;
+
/*
* Private non-Binder interfaces
*/
@@ -632,4 +634,5 @@
int GET_TOP_ACTIVITY_EXTRAS_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+161;
int REPORT_TOP_ACTIVITY_EXTRAS_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+162;
int GET_LAUNCHED_FROM_PACKAGE_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+163;
+ int KILL_UID_TRANSACTION = IBinder.FIRST_CALL_TRANSACTION+164;
}
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java
index 7710f13..0eac523 100644
--- a/services/java/com/android/server/am/ActivityManagerService.java
+++ b/services/java/com/android/server/am/ActivityManagerService.java
@@ -3858,6 +3858,9 @@
if (app.userId != userId) {
continue;
}
+ if (appId >= 0 && UserHandle.getAppId(app.uid) != appId) {
+ continue;
+ }
// Package has been specified, we want to hit all processes
// that match it. We need to qualify this by the processes
// that are running under the specified app and user ID.
@@ -7733,6 +7736,18 @@
}
@Override
+ public void killUid(int uid, String reason) {
+ if (Binder.getCallingUid() != Process.SYSTEM_UID) {
+ throw new SecurityException("killUid only available to the system");
+ }
+ synchronized (this) {
+ killPackageProcessesLocked(null, UserHandle.getAppId(uid), UserHandle.getUserId(uid),
+ ProcessList.FOREGROUND_APP_ADJ-1, false, true, true, false,
+ reason != null ? reason : "kill uid");
+ }
+ }
+
+ @Override
public boolean killProcessesBelowForeground(String reason) {
if (Binder.getCallingUid() != Process.SYSTEM_UID) {
throw new SecurityException("killProcessesBelowForeground() only available to system");
diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java
index ca7bba2..12e6a04 100644
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -2308,6 +2308,8 @@
}
public void revokePermission(String packageName, String permissionName) {
+ int changedAppId = -1;
+
synchronized (mPackages) {
final PackageParser.Package pkg = mPackages.get(packageName);
if (pkg == null) {
@@ -2335,6 +2337,30 @@
gp.gids = removeInts(gp.gids, bp.gids);
}
mSettings.writeLPr();
+ changedAppId = ps.appId;
+ }
+ }
+
+ if (changedAppId >= 0) {
+ // We changed the perm on someone, kill its processes.
+ IActivityManager am = ActivityManagerNative.getDefault();
+ if (am != null) {
+ final int callingUserId = UserHandle.getCallingUserId();
+ final long ident = Binder.clearCallingIdentity();
+ try {
+ //XXX we should only revoke for the calling user's app permissions,
+ // but for now we impact all users.
+ //am.killUid(UserHandle.getUid(callingUserId, changedAppId),
+ // "revoke " + permissionName);
+ int[] users = sUserManager.getUserIds();
+ for (int user : users) {
+ am.killUid(UserHandle.getUid(user, changedAppId),
+ "revoke " + permissionName);
+ }
+ } catch (RemoteException e) {
+ } finally {
+ Binder.restoreCallingIdentity(ident);
+ }
}
}
}
@@ -10655,19 +10681,18 @@
|| mSettings.mReadExternalStorageEnforced != enforced) {
mSettings.mReadExternalStorageEnforced = enforced;
mSettings.writeLPr();
-
- // kill any non-foreground processes so we restart them and
- // grant/revoke the GID.
- final IActivityManager am = ActivityManagerNative.getDefault();
- if (am != null) {
- final long token = Binder.clearCallingIdentity();
- try {
- am.killProcessesBelowForeground("setPermissionEnforcement");
- } catch (RemoteException e) {
- } finally {
- Binder.restoreCallingIdentity(token);
- }
- }
+ }
+ }
+ // kill any non-foreground processes so we restart them and
+ // grant/revoke the GID.
+ final IActivityManager am = ActivityManagerNative.getDefault();
+ if (am != null) {
+ final long token = Binder.clearCallingIdentity();
+ try {
+ am.killProcessesBelowForeground("setPermissionEnforcement");
+ } catch (RemoteException e) {
+ } finally {
+ Binder.restoreCallingIdentity(token);
}
}
} else {