diff options
Diffstat (limited to 'services/java/com/android')
6 files changed, 119 insertions, 100 deletions
diff --git a/services/java/com/android/server/am/ActiveServices.java b/services/java/com/android/server/am/ActiveServices.java index fbbff4c..df6c51e 100644 --- a/services/java/com/android/server/am/ActiveServices.java +++ b/services/java/com/android/server/am/ActiveServices.java @@ -478,7 +478,8 @@ public class ActiveServices { if (res.record == null) { return -1; } - if (mAm.isSingleton(res.record.processName, res.record.appInfo)) { + if (mAm.isSingleton(res.record.processName, res.record.appInfo, + res.record.serviceInfo.name, res.record.serviceInfo.flags)) { userId = 0; res = retrieveServiceLocked(service, resolvedType, Binder.getCallingPid(), Binder.getCallingUid(), 0); @@ -787,22 +788,9 @@ public class ActiveServices { ComponentName name = new ComponentName( sInfo.applicationInfo.packageName, sInfo.name); if (userId > 0) { - if (mAm.isSingleton(sInfo.processName, sInfo.applicationInfo) - || (sInfo.flags&ServiceInfo.FLAG_SINGLE_USER) != 0) { + if (mAm.isSingleton(sInfo.processName, sInfo.applicationInfo, + sInfo.name, sInfo.flags)) { userId = 0; - } else if ((sInfo.flags&ServiceInfo.FLAG_SINGLE_USER) != 0) { - if (mAm.checkComponentPermission( - android.Manifest.permission.INTERACT_ACROSS_USERS, - callingPid, callingUid, -1, true) - == PackageManager.PERMISSION_GRANTED) { - userId = 0; - } else { - String msg = "Permission Denial: Service " + name - + " requests FLAG_SINGLE_USER, but app does not hold " - + android.Manifest.permission.INTERACT_ACROSS_USERS; - Slog.w(TAG, msg); - throw new SecurityException(msg); - } } sInfo = new ServiceInfo(sInfo); sInfo.applicationInfo = mAm.getAppInfoForUser(sInfo.applicationInfo, userId); diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java index 98d3482..05f38a5 100644 --- a/services/java/com/android/server/am/ActivityManagerService.java +++ b/services/java/com/android/server/am/ActivityManagerService.java @@ -5936,15 +5936,26 @@ public final class ActivityManagerService extends ActivityManagerNative Slog.v(TAG_MU, "generateApplicationProvidersLocked, app.info.uid = " + app.uid); int userId = app.userId; if (providers != null) { - final int N = providers.size(); + int N = providers.size(); for (int i=0; i<N; i++) { ProviderInfo cpi = (ProviderInfo)providers.get(i); + boolean singleton = isSingleton(cpi.processName, cpi.applicationInfo, + cpi.name, cpi.flags); + if (singleton && UserId.getUserId(app.uid) != 0) { + // This is a singleton provider, but a user besides the + // default user is asking to initialize a process it runs + // in... well, no, it doesn't actually run in this process, + // it runs in the process of the default user. Get rid of it. + providers.remove(i); + N--; + continue; + } ComponentName comp = new ComponentName(cpi.packageName, cpi.name); ContentProviderRecord cpr = mProviderMap.getProviderByClass(comp, userId); if (cpr == null) { - cpr = new ContentProviderRecord(this, cpi, app.info, comp); + cpr = new ContentProviderRecord(this, cpi, app.info, comp, singleton); mProviderMap.putProviderByClass(comp, cpr); } if (DEBUG_MU) @@ -6177,6 +6188,7 @@ public final class ActivityManagerService extends ActivityManagerNative Binder.restoreCallingIdentity(origId); } + boolean singleton; if (!providerRunning) { try { cpi = AppGlobals.getPackageManager(). @@ -6187,7 +6199,9 @@ public final class ActivityManagerService extends ActivityManagerNative if (cpi == null) { return null; } - if (isSingleton(cpi.processName, cpi.applicationInfo)) { + singleton = isSingleton(cpi.processName, cpi.applicationInfo, + cpi.name, cpi.flags); + if (singleton) { userId = 0; } cpi.applicationInfo = getAppInfoForUser(cpi.applicationInfo, userId); @@ -6222,7 +6236,7 @@ public final class ActivityManagerService extends ActivityManagerNative return null; } ai = getAppInfoForUser(ai, userId); - cpr = new ContentProviderRecord(this, cpi, ai, comp); + cpr = new ContentProviderRecord(this, cpi, ai, comp, singleton); } catch (RemoteException ex) { // pm is in same process, this will never happen. } @@ -10515,17 +10529,31 @@ public final class ActivityManagerService extends ActivityManagerNative } } - boolean isSingleton(String componentProcessName, ApplicationInfo aInfo) { + boolean isSingleton(String componentProcessName, ApplicationInfo aInfo, + String className, int flags) { boolean result = false; if (UserId.getAppId(aInfo.uid) >= Process.FIRST_APPLICATION_UID) { - result = false; + if ((flags&ServiceInfo.FLAG_SINGLE_USER) != 0) { + if (ActivityManager.checkUidPermission( + android.Manifest.permission.INTERACT_ACROSS_USERS, + aInfo.uid) != PackageManager.PERMISSION_GRANTED) { + ComponentName comp = new ComponentName(aInfo.packageName, className); + String msg = "Permission Denial: Component " + comp.flattenToShortString() + + " requests FLAG_SINGLE_USER, but app does not hold " + + android.Manifest.permission.INTERACT_ACROSS_USERS; + Slog.w(TAG, msg); + throw new SecurityException(msg); + } + result = true; + } } else if (componentProcessName == aInfo.packageName) { result = (aInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0; } else if ("system".equals(componentProcessName)) { result = true; } if (DEBUG_MU) { - Slog.v(TAG, "isSingleton(" + componentProcessName + ", " + aInfo + ") = " + result); + Slog.v(TAG, "isSingleton(" + componentProcessName + ", " + aInfo + + ", " + className + ", 0x" + Integer.toHexString(flags) + ") = " + result); } return result; } @@ -11131,30 +11159,15 @@ public final class ActivityManagerService extends ActivityManagerNative List receivers = null; List<BroadcastFilter> registeredReceivers = null; try { - if (intent.getComponent() != null) { - // Broadcast is going to one specific receiver class... - ActivityInfo ai = AppGlobals.getPackageManager(). - getReceiverInfo(intent.getComponent(), STOCK_PM_FLAGS, userId); - if (ai != null) { - receivers = new ArrayList(); - ResolveInfo ri = new ResolveInfo(); - if (isSingleton(ai.processName, ai.applicationInfo)) { - ri.activityInfo = getActivityInfoForUser(ai, 0); - } else { - ri.activityInfo = getActivityInfoForUser(ai, userId); - } - receivers.add(ri); - } - } else { - // Need to resolve the intent to interested receivers... - if ((intent.getFlags()&Intent.FLAG_RECEIVER_REGISTERED_ONLY) - == 0) { - receivers = - AppGlobals.getPackageManager().queryIntentReceivers( - intent, resolvedType, STOCK_PM_FLAGS, userId); - } - registeredReceivers = mReceiverResolver.queryIntent(intent, resolvedType, false, - userId); + // Need to resolve the intent to interested receivers... + if ((intent.getFlags()&Intent.FLAG_RECEIVER_REGISTERED_ONLY) + == 0) { + receivers = AppGlobals.getPackageManager().queryIntentReceivers( + intent, resolvedType, STOCK_PM_FLAGS, userId); + } + if (intent.getComponent() == null) { + registeredReceivers = mReceiverResolver.queryIntent(intent, + resolvedType, false, userId); } } catch (RemoteException ex) { // pm is in same process, this will never happen. diff --git a/services/java/com/android/server/am/ActivityStack.java b/services/java/com/android/server/am/ActivityStack.java index c9a633e..196a259 100755 --- a/services/java/com/android/server/am/ActivityStack.java +++ b/services/java/com/android/server/am/ActivityStack.java @@ -3014,7 +3014,8 @@ final class ActivityStack { // Collect information about the target of the Intent. ActivityInfo aInfo = resolveActivity(intent, resolvedType, startFlags, profileFile, profileFd, userId); - if (aInfo != null && mService.isSingleton(aInfo.processName, aInfo.applicationInfo)) { + if (aInfo != null && mService.isSingleton(aInfo.processName, aInfo.applicationInfo, + null, 0)) { userId = 0; } aInfo = mService.getActivityInfoForUser(aInfo, userId); diff --git a/services/java/com/android/server/am/BroadcastQueue.java b/services/java/com/android/server/am/BroadcastQueue.java index c6d46fc..76ddb96 100644 --- a/services/java/com/android/server/am/BroadcastQueue.java +++ b/services/java/com/android/server/am/BroadcastQueue.java @@ -20,12 +20,15 @@ import java.io.FileDescriptor; import java.io.PrintWriter; import java.util.ArrayList; +import android.app.ActivityManager; import android.app.AppGlobals; import android.content.ComponentName; import android.content.IIntentReceiver; import android.content.Intent; +import android.content.pm.ActivityInfo; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; +import android.content.pm.ServiceInfo; import android.os.Bundle; import android.os.Handler; import android.os.IBinder; @@ -249,7 +252,7 @@ public class BroadcastQueue { finishReceiverLocked(br, br.resultCode, br.resultData, br.resultExtras, br.resultAbort, true); scheduleBroadcastsLocked(); - // We need to reset the state if we fails to start the receiver. + // We need to reset the state if we failed to start the receiver. br.state = BroadcastRecord.IDLE; throw new RuntimeException(e.getMessage()); } @@ -659,6 +662,9 @@ public class BroadcastQueue { ResolveInfo info = (ResolveInfo)nextReceiver; + ComponentName component = new ComponentName( + info.activityInfo.applicationInfo.packageName, + info.activityInfo.name); boolean skip = false; if (r.onlySendToCaller) { @@ -667,6 +673,7 @@ public class BroadcastQueue { + r.intent.toString() + " from " + r.callerPackage + " (pid=" + r.callingPid + ", uid=" + r.callingUid + ")" + + " to " + component.flattenToShortString() + " not allowed to go to different app " + info.activityInfo.applicationInfo.uid); skip = true; @@ -682,16 +689,14 @@ public class BroadcastQueue { + " from " + r.callerPackage + " (pid=" + r.callingPid + ", uid=" + r.callingUid + ")" + " is not exported from uid " + info.activityInfo.applicationInfo.uid - + " due to receiver " + info.activityInfo.packageName - + "/" + info.activityInfo.name); + + " due to receiver " + component.flattenToShortString()); } else { Slog.w(TAG, "Permission Denial: broadcasting " + r.intent.toString() + " from " + r.callerPackage + " (pid=" + r.callingPid + ", uid=" + r.callingUid + ")" + " requires " + info.activityInfo.permission - + " due to receiver " + info.activityInfo.packageName - + "/" + info.activityInfo.name); + + " due to receiver " + component.flattenToShortString()); } skip = true; } @@ -707,13 +712,33 @@ public class BroadcastQueue { if (perm != PackageManager.PERMISSION_GRANTED) { Slog.w(TAG, "Permission Denial: receiving " + r.intent + " to " - + info.activityInfo.applicationInfo.packageName + + component.flattenToShortString() + " requires " + r.requiredPermission + " due to sender " + r.callerPackage + " (uid " + r.callingUid + ")"); skip = true; } } + boolean isSingleton = false; + try { + isSingleton = mService.isSingleton(info.activityInfo.processName, + info.activityInfo.applicationInfo, + info.activityInfo.name, info.activityInfo.flags); + } catch (SecurityException e) { + Slog.w(TAG, e.getMessage()); + skip = true; + } + if ((info.activityInfo.flags&ActivityInfo.FLAG_SINGLE_USER) != 0) { + if (ActivityManager.checkUidPermission( + android.Manifest.permission.INTERACT_ACROSS_USERS, + info.activityInfo.applicationInfo.uid) + != PackageManager.PERMISSION_GRANTED) { + Slog.w(TAG, "Permission Denial: Receiver " + component.flattenToShortString() + + " requests FLAG_SINGLE_USER, but app does not hold " + + android.Manifest.permission.INTERACT_ACROSS_USERS); + skip = true; + } + } if (r.curApp != null && r.curApp.crashing) { // If the target process is crashing, just skip it. if (DEBUG_BROADCAST) Slog.v(TAG, @@ -736,14 +761,9 @@ public class BroadcastQueue { r.state = BroadcastRecord.APP_RECEIVE; String targetProcess = info.activityInfo.processName; - r.curComponent = new ComponentName( - info.activityInfo.applicationInfo.packageName, - info.activityInfo.name); - if (r.callingUid != Process.SYSTEM_UID) { - boolean isSingleton = mService.isSingleton(info.activityInfo.processName, - info.activityInfo.applicationInfo); - int targetUserId = isSingleton ? 0 : UserId.getUserId(r.callingUid); - info.activityInfo = mService.getActivityInfoForUser(info.activityInfo,targetUserId); + r.curComponent = component; + if (r.callingUid != Process.SYSTEM_UID && isSingleton) { + info.activityInfo = mService.getActivityInfoForUser(info.activityInfo, 0); } r.curReceiver = info.activityInfo; if (DEBUG_MU && r.callingUid > UserId.PER_USER_RANGE) { diff --git a/services/java/com/android/server/am/ContentProviderRecord.java b/services/java/com/android/server/am/ContentProviderRecord.java index fb21b06..c80d63a 100644 --- a/services/java/com/android/server/am/ContentProviderRecord.java +++ b/services/java/com/android/server/am/ContentProviderRecord.java @@ -38,6 +38,7 @@ class ContentProviderRecord { final int uid; final ApplicationInfo appInfo; final ComponentName name; + final boolean singleton; public IContentProvider provider; public boolean noReleaseNeeded; // All attached clients @@ -54,12 +55,13 @@ class ContentProviderRecord { String shortStringName; public ContentProviderRecord(ActivityManagerService _service, ProviderInfo _info, - ApplicationInfo ai, ComponentName _name) { + ApplicationInfo ai, ComponentName _name, boolean _singleton) { service = _service; info = _info; uid = ai.uid; appInfo = ai; name = _name; + singleton = _singleton; noReleaseNeeded = uid == 0 || uid == Process.SYSTEM_UID; } @@ -69,6 +71,7 @@ class ContentProviderRecord { uid = cpr.uid; appInfo = cpr.appInfo; name = cpr.name; + singleton = cpr.singleton; noReleaseNeeded = cpr.noReleaseNeeded; } @@ -150,6 +153,9 @@ class ContentProviderRecord { pw.print(prefix); pw.print("uid="); pw.print(uid); pw.print(" provider="); pw.println(provider); } + if (singleton) { + pw.print(prefix); pw.print("singleton="); pw.println(singleton); + } pw.print(prefix); pw.print("authority="); pw.println(info.authority); if (full) { if (info.isSyncable || info.multiprocess || info.initOrder != 0) { diff --git a/services/java/com/android/server/am/ProviderMap.java b/services/java/com/android/server/am/ProviderMap.java index d148ec3..f4d0f9b 100644 --- a/services/java/com/android/server/am/ProviderMap.java +++ b/services/java/com/android/server/am/ProviderMap.java @@ -44,9 +44,9 @@ public class ProviderMap { private static final boolean DBG = false; - private final HashMap<String, ContentProviderRecord> mGlobalByName + private final HashMap<String, ContentProviderRecord> mSingletonByName = new HashMap<String, ContentProviderRecord>(); - private final HashMap<ComponentName, ContentProviderRecord> mGlobalByClass + private final HashMap<ComponentName, ContentProviderRecord> mSingletonByClass = new HashMap<ComponentName, ContentProviderRecord>(); private final SparseArray<HashMap<String, ContentProviderRecord>> mProvidersByNamePerUser @@ -63,7 +63,7 @@ public class ProviderMap { Slog.i(TAG, "getProviderByName: " + name + " , callingUid = " + Binder.getCallingUid()); } // Try to find it in the global list - ContentProviderRecord record = mGlobalByName.get(name); + ContentProviderRecord record = mSingletonByName.get(name); if (record != null) { return record; } @@ -81,7 +81,7 @@ public class ProviderMap { Slog.i(TAG, "getProviderByClass: " + name + ", callingUid = " + Binder.getCallingUid()); } // Try to find it in the global list - ContentProviderRecord record = mGlobalByClass.get(name); + ContentProviderRecord record = mSingletonByClass.get(name); if (record != null) { return record; } @@ -95,8 +95,8 @@ public class ProviderMap { Slog.i(TAG, "putProviderByName: " + name + " , callingUid = " + Binder.getCallingUid() + ", record uid = " + record.appInfo.uid); } - if (record.appInfo.uid < Process.FIRST_APPLICATION_UID) { - mGlobalByName.put(name, record); + if (record.singleton) { + mSingletonByName.put(name, record); } else { final int userId = UserId.getUserId(record.appInfo.uid); getProvidersByName(userId).put(name, record); @@ -108,8 +108,8 @@ public class ProviderMap { Slog.i(TAG, "putProviderByClass: " + name + " , callingUid = " + Binder.getCallingUid() + ", record uid = " + record.appInfo.uid); } - if (record.appInfo.uid < Process.FIRST_APPLICATION_UID) { - mGlobalByClass.put(name, record); + if (record.singleton) { + mSingletonByClass.put(name, record); } else { final int userId = UserId.getUserId(record.appInfo.uid); getProvidersByClass(userId).put(name, record); @@ -117,10 +117,10 @@ public class ProviderMap { } void removeProviderByName(String name, int optionalUserId) { - if (mGlobalByName.containsKey(name)) { + if (mSingletonByName.containsKey(name)) { if (DBG) Slog.i(TAG, "Removing from globalByName name=" + name); - mGlobalByName.remove(name); + mSingletonByName.remove(name); } else { // TODO: Verify this works, i.e., the caller happens to be from the correct user if (DBG) @@ -132,10 +132,10 @@ public class ProviderMap { } void removeProviderByClass(ComponentName name, int optionalUserId) { - if (mGlobalByClass.containsKey(name)) { + if (mSingletonByClass.containsKey(name)) { if (DBG) Slog.i(TAG, "Removing from globalByClass name=" + name); - mGlobalByClass.remove(name); + mSingletonByClass.remove(name); } else { if (DBG) Slog.i(TAG, @@ -197,37 +197,30 @@ public class ProviderMap { } void dumpProvidersLocked(PrintWriter pw, boolean dumpAll) { - boolean needSep = false; - if (mGlobalByClass.size() > 0) { - if (needSep) - pw.println(" "); - pw.println(" Published content providers (by class):"); - dumpProvidersByClassLocked(pw, dumpAll, mGlobalByClass); + if (mSingletonByClass.size() > 0) { + pw.println(""); + pw.println(" Published single-user content providers (by class):"); + dumpProvidersByClassLocked(pw, dumpAll, mSingletonByClass); } - if (mProvidersByClassPerUser.size() > 1) { - pw.println(""); - for (int i = 0; i < mProvidersByClassPerUser.size(); i++) { - HashMap<ComponentName, ContentProviderRecord> map = mProvidersByClassPerUser.valueAt(i); - pw.println(" User " + mProvidersByClassPerUser.keyAt(i) + ":"); - dumpProvidersByClassLocked(pw, dumpAll, map); - pw.println(" "); - } - } else if (mProvidersByClassPerUser.size() == 1) { - HashMap<ComponentName, ContentProviderRecord> map = mProvidersByClassPerUser.valueAt(0); + pw.println(""); + for (int i = 0; i < mProvidersByClassPerUser.size(); i++) { + HashMap<ComponentName, ContentProviderRecord> map = mProvidersByClassPerUser.valueAt(i); + pw.println(" Published user " + mProvidersByClassPerUser.keyAt(i) + + " content providers (by class):"); dumpProvidersByClassLocked(pw, dumpAll, map); + pw.println(" "); } - needSep = true; if (dumpAll) { - pw.println(" "); - pw.println(" Authority to provider mappings:"); - dumpProvidersByNameLocked(pw, mGlobalByName); + pw.println(""); + pw.println(" Single-user authority to provider mappings:"); + dumpProvidersByNameLocked(pw, mSingletonByName); for (int i = 0; i < mProvidersByNamePerUser.size(); i++) { - if (i > 0) { - pw.println(" User " + mProvidersByNamePerUser.keyAt(i) + ":"); - } + pw.println(""); + pw.println(" User " + mProvidersByNamePerUser.keyAt(i) + + " authority to provider mappings:"); dumpProvidersByNameLocked(pw, mProvidersByNamePerUser.valueAt(i)); } } @@ -328,6 +321,4 @@ public class ProviderMap { } } } - - } |