diff options
author | Wale Ogunwale <ogunwale@google.com> | 2015-04-06 16:08:52 -0700 |
---|---|---|
committer | The Android Automerger <android-build@google.com> | 2015-07-27 12:29:57 -0700 |
commit | b4814103262c366888bc11e418878236345e81cb (patch) | |
tree | 1c249c9bd24801f4df173c84de69a33edc5e3366 | |
parent | b7a79bd35d2ca063ddebe58af5c76c5bc7be4c13 (diff) | |
download | base-b4814103262c366888bc11e418878236345e81cb.tar.gz |
Lockdown AM.getRunningAppProcesses API with permission.REAL_GET_TASKS
* Applications must now have ...permission.REAL_GET_TASKS to
be able to get process information for all applications.
* Only the process information for the calling application will be
returned if the app doesn't have the permission.
* Privilages apps will temporarily be able to get process information
for all applications if they don't have the new permission, but have
deprecated ...permission.GET_TASKS.
Bug: 20034603
Change-Id: I67ae9491f65d2280adb6a81593693d499714a216
(cherry picked from commit 9dbaa54f6834e013a63f18bd51ace554de811d80)
-rwxr-xr-x | services/core/java/com/android/server/am/ActivityManagerService.java | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 2ab447ab4ec7..4d37ab86dda1 100755 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -8122,7 +8122,7 @@ public final class ActivityManagerService extends ActivityManagerNative } if (!allowed) { Slog.w(TAG, caller + ": caller " + callingUid - + " does not hold GET_TASKS; limiting output"); + + " does not hold REAL_GET_TASKS; limiting output"); } return allowed; } @@ -12241,16 +12241,23 @@ public final class ActivityManagerService extends ActivityManagerNative public List<ActivityManager.RunningAppProcessInfo> getRunningAppProcesses() { enforceNotIsolatedCaller("getRunningAppProcesses"); + + final int callingUid = Binder.getCallingUid(); + // Lazy instantiation of list List<ActivityManager.RunningAppProcessInfo> runList = null; final boolean allUsers = ActivityManager.checkUidPermission(INTERACT_ACROSS_USERS_FULL, - Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED; - int userId = UserHandle.getUserId(Binder.getCallingUid()); + callingUid) == PackageManager.PERMISSION_GRANTED; + final int userId = UserHandle.getUserId(callingUid); + final boolean allUids = isGetTasksAllowed( + "getRunningAppProcesses", Binder.getCallingPid(), callingUid); + synchronized (this) { // Iterate across all processes - for (int i=mLruProcesses.size()-1; i>=0; i--) { + for (int i = mLruProcesses.size() - 1; i >= 0; i--) { ProcessRecord app = mLruProcesses.get(i); - if (!allUsers && app.userId != userId) { + if ((!allUsers && app.userId != userId) + || (!allUids && app.uid != callingUid)) { continue; } if ((app.thread != null) && (!app.crashing && !app.notResponding)) { @@ -12274,7 +12281,7 @@ public final class ActivityManagerService extends ActivityManagerNative //Slog.v(TAG, "Proc " + app.processName + ": imp=" + currApp.importance // + " lru=" + currApp.lru); if (runList == null) { - runList = new ArrayList<ActivityManager.RunningAppProcessInfo>(); + runList = new ArrayList<>(); } runList.add(currApp); } |