diff options
author | Jing Ji <jji@google.com> | 2022-10-25 22:39:52 -0700 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-06-08 20:33:27 +0000 |
commit | 5b7edbf2ba076b04000eb5d27101927eeb609c26 (patch) | |
tree | d0af2a7543d1cb1c44fac47be9533600dab0ee4d | |
parent | a267ee1bc216c7e62ec984a88aa2310762bb5519 (diff) | |
download | base-5b7edbf2ba076b04000eb5d27101927eeb609c26.tar.gz |
DO NOT MERGE: ActivityManager#killBackgroundProcesses can kill caller's own app only
unless it's a system app.
Bug: 239423414
Bug: 223376078
Test: atest CtsAppTestCases:ActivityManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fa94ce5c7738e449cb6bd68c77af4858018e49e0)
Merged-In: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
Change-Id: Iac6baa889965b8ffecd9a43179a4c96632ad1d02
-rw-r--r-- | core/java/android/app/ActivityManager.java | 3 | ||||
-rw-r--r-- | core/res/AndroidManifest.xml | 6 | ||||
-rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 32 |
3 files changed, 38 insertions, 3 deletions
diff --git a/core/java/android/app/ActivityManager.java b/core/java/android/app/ActivityManager.java index 5d1d225f4d2d..68a42d148109 100644 --- a/core/java/android/app/ActivityManager.java +++ b/core/java/android/app/ActivityManager.java @@ -3934,6 +3934,9 @@ public class ActivityManager { * processes to reclaim memory; the system will take care of restarting * these processes in the future as needed. * + * <p class="note">Third party applications can only use this API to kill their own processes. + * </p> + * * @param packageName The name of the package whose processes are to * be killed. */ diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index 7439b2f0921f..cb000115de24 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -3123,7 +3123,11 @@ android:protectionLevel="normal" /> <!-- Allows an application to call - {@link android.app.ActivityManager#killBackgroundProcesses}. + {@link android.app.ActivityManager#killBackgroundProcesses}. + + <p class="note">Third party applications can only use this API to kill their own + processes.</p> + <p>Protection level: normal --> <permission android:name="android.permission.KILL_BACKGROUND_PROCESSES" diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index a70a01f0afa7..cd221a8feb18 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -3837,8 +3837,20 @@ public class ActivityManagerService extends IActivityManager.Stub Slog.w(TAG, msg); throw new SecurityException(msg); } + final int callingUid = Binder.getCallingUid(); + final int callingPid = Binder.getCallingPid(); + final int callingAppId = UserHandle.getAppId(callingUid); - userId = mUserController.handleIncomingUser(Binder.getCallingPid(), Binder.getCallingUid(), + ProcessRecord proc; + synchronized (mPidsSelfLocked) { + proc = mPidsSelfLocked.get(callingPid); + } + final boolean hasKillAllPermission = PERMISSION_GRANTED == checkPermission( + android.Manifest.permission.FORCE_STOP_PACKAGES, callingPid, callingUid) + || UserHandle.isCore(callingUid) + || (proc != null && proc.info.isSystemApp()); + + userId = mUserController.handleIncomingUser(callingPid, callingUid, userId, true, ALLOW_FULL_ONLY, "killBackgroundProcesses", null); final int[] userIds = mUserController.expandUserId(userId); @@ -3853,7 +3865,7 @@ public class ActivityManagerService extends IActivityManager.Stub targetUserId)); } catch (RemoteException e) { } - if (appId == -1) { + if (appId == -1 || (!hasKillAllPermission && appId != callingAppId)) { Slog.w(TAG, "Invalid packageName: " + packageName); return; } @@ -3881,6 +3893,22 @@ public class ActivityManagerService extends IActivityManager.Stub throw new SecurityException(msg); } + final int callingUid = Binder.getCallingUid(); + final int callingPid = Binder.getCallingPid(); + + ProcessRecord proc; + synchronized (mPidsSelfLocked) { + proc = mPidsSelfLocked.get(callingPid); + } + if (callingUid >= FIRST_APPLICATION_UID + && (proc == null || !proc.info.isSystemApp())) { + final String msg = "Permission Denial: killAllBackgroundProcesses() from pid=" + + callingPid + ", uid=" + callingUid + " is not allowed"; + Slog.w(TAG, msg); + // Silently return to avoid existing apps from crashing. + return; + } + final long callingId = Binder.clearCallingIdentity(); try { synchronized (this) { |