Java Code Examples for android.os.Process#ROOT_UID
The following examples show how to use
android.os.Process#ROOT_UID .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AppOpsService.java From android_9.0.0_r45 with Apache License 2.0 | 6 votes |
|
private static int resolveUid(String packageName) {
if (packageName == null) {
return -1;
}
switch (packageName) {
case "root":
return Process.ROOT_UID;
case "shell":
return Process.SHELL_UID;
case "media":
return Process.MEDIA_UID;
case "audioserver":
return Process.AUDIOSERVER_UID;
case "cameraserver":
return Process.CAMERASERVER_UID;
}
return -1;
}
Example 2
| Source File: AppOpsService.java From android_9.0.0_r45 with Apache License 2.0 | 6 votes |
|
private static String resolvePackageName(int uid, String packageName) {
if (uid == Process.ROOT_UID) {
return "root";
} else if (uid == Process.SHELL_UID) {
return "com.android.shell";
} else if (uid == Process.MEDIA_UID) {
return "media";
} else if (uid == Process.AUDIOSERVER_UID) {
return "audioserver";
} else if (uid == Process.CAMERASERVER_UID) {
return "cameraserver";
} else if (uid == Process.SYSTEM_UID && packageName == null) {
return "android";
}
return packageName;
}
Example 3
| Source File: ContextImpl.java From AndroidComponentPlugin with Apache License 2.0 | 6 votes |
|
@Override
public int checkPermission(String permission, int pid, int uid) {
if (permission == null) {
throw new IllegalArgumentException("permission is null");
}
final IActivityManager am = ActivityManager.getService();
if (am == null) {
// Well this is super awkward; we somehow don't have an active
// ActivityManager instance. If we're testing a root or system
// UID, then they totally have whatever permission this is.
final int appId = UserHandle.getAppId(uid);
if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
Slog.w(TAG, "Missing ActivityManager; assuming " + uid + " holds " + permission);
return PackageManager.PERMISSION_GRANTED;
}
}
try {
return am.checkPermission(permission, pid, uid);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
Example 4
| Source File: ContextImpl.java From AndroidComponentPlugin with Apache License 2.0 | 6 votes |
|
@Override
public int checkPermission(String permission, int pid, int uid) {
if (permission == null) {
throw new IllegalArgumentException("permission is null");
}
final IActivityManager am = ActivityManager.getService();
if (am == null) {
// Well this is super awkward; we somehow don't have an active
// ActivityManager instance. If we're testing a root or system
// UID, then they totally have whatever permission this is.
final int appId = UserHandle.getAppId(uid);
if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
Slog.w(TAG, "Missing ActivityManager; assuming " + uid + " holds " + permission);
return PackageManager.PERMISSION_GRANTED;
}
}
try {
return am.checkPermission(permission, pid, uid);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
Example 5
| Source File: ContextImpl.java From AndroidComponentPlugin with Apache License 2.0 | 6 votes |
|
@Override
public int checkPermission(String permission, int pid, int uid) {
if (permission == null) {
throw new IllegalArgumentException("permission is null");
}
final IActivityManager am = ActivityManager.getService();
if (am == null) {
// Well this is super awkward; we somehow don't have an active
// ActivityManager instance. If we're testing a root or system
// UID, then they totally have whatever permission this is.
final int appId = UserHandle.getAppId(uid);
if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
Slog.w(TAG, "Missing ActivityManager; assuming " + uid + " holds " + permission);
return PackageManager.PERMISSION_GRANTED;
}
}
try {
return am.checkPermission(permission, pid, uid);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
Example 6
| Source File: ActivityManager.java From AndroidComponentPlugin with Apache License 2.0 | 5 votes |
|
/** @hide */
public static int checkComponentPermission(String permission, int uid,
int owningUid, boolean exported) {
// Root, system server get to do everything.
final int appId = UserHandle.getAppId(uid);
if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
return PackageManager.PERMISSION_GRANTED;
}
// Isolated processes don't get any permissions.
if (UserHandle.isIsolated(uid)) {
return PackageManager.PERMISSION_DENIED;
}
// If there is a uid that owns whatever is being accessed, it has
// blanket access to it regardless of the permissions it requires.
if (owningUid >= 0 && UserHandle.isSameApp(uid, owningUid)) {
return PackageManager.PERMISSION_GRANTED;
}
// If the target is not exported, then nobody else can get to it.
if (!exported) {
/*
RuntimeException here = new RuntimeException("here");
here.fillInStackTrace();
Slog.w(TAG, "Permission denied: checkComponentPermission() owningUid=" + owningUid,
here);
*/
return PackageManager.PERMISSION_DENIED;
}
if (permission == null) {
return PackageManager.PERMISSION_GRANTED;
}
try {
return AppGlobals.getPackageManager()
.checkUidPermission(permission, uid);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
Example 7
| Source File: PackageInstallerSession.java From android_9.0.0_r45 with Apache License 2.0 | 5 votes |
|
/**
* Checks if the permissions still need to be confirmed.
*
* <p>This is dependant on the identity of the installer, hence this cannot be cached if the
* installer might still {@link #transfer(String) change}.
*
* @return {@code true} iff we need to ask to confirm the permissions?
*/
@GuardedBy("mLock")
private boolean needToAskForPermissionsLocked() {
if (mPermissionsManuallyAccepted) {
return false;
}
final boolean isInstallPermissionGranted =
(mPm.checkUidPermission(android.Manifest.permission.INSTALL_PACKAGES,
mInstallerUid) == PackageManager.PERMISSION_GRANTED);
final boolean isSelfUpdatePermissionGranted =
(mPm.checkUidPermission(android.Manifest.permission.INSTALL_SELF_UPDATES,
mInstallerUid) == PackageManager.PERMISSION_GRANTED);
final boolean isUpdatePermissionGranted =
(mPm.checkUidPermission(android.Manifest.permission.INSTALL_PACKAGE_UPDATES,
mInstallerUid) == PackageManager.PERMISSION_GRANTED);
final int targetPackageUid = mPm.getPackageUid(mPackageName, 0, userId);
final boolean isPermissionGranted = isInstallPermissionGranted
|| (isUpdatePermissionGranted && targetPackageUid != -1)
|| (isSelfUpdatePermissionGranted && targetPackageUid == mInstallerUid);
final boolean isInstallerRoot = (mInstallerUid == Process.ROOT_UID);
final boolean isInstallerSystem = (mInstallerUid == Process.SYSTEM_UID);
final boolean forcePermissionPrompt =
(params.installFlags & PackageManager.INSTALL_FORCE_PERMISSION_PROMPT) != 0;
// Device owners and affiliated profile owners are allowed to silently install packages, so
// the permission check is waived if the installer is the device owner.
return forcePermissionPrompt || !(isPermissionGranted || isInstallerRoot
|| isInstallerSystem || isInstallerDeviceOwnerOrAffiliatedProfileOwnerLocked());
}
Example 8
| Source File: ActivityManager.java From android_9.0.0_r45 with Apache License 2.0 | 5 votes |
|
/** @hide */
public static int checkComponentPermission(String permission, int uid,
int owningUid, boolean exported) {
// Root, system server get to do everything.
final int appId = UserHandle.getAppId(uid);
if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
return PackageManager.PERMISSION_GRANTED;
}
// Isolated processes don't get any permissions.
if (UserHandle.isIsolated(uid)) {
return PackageManager.PERMISSION_DENIED;
}
// If there is a uid that owns whatever is being accessed, it has
// blanket access to it regardless of the permissions it requires.
if (owningUid >= 0 && UserHandle.isSameApp(uid, owningUid)) {
return PackageManager.PERMISSION_GRANTED;
}
// If the target is not exported, then nobody else can get to it.
if (!exported) {
/*
RuntimeException here = new RuntimeException("here");
here.fillInStackTrace();
Slog.w(TAG, "Permission denied: checkComponentPermission() owningUid=" + owningUid,
here);
*/
return PackageManager.PERMISSION_DENIED;
}
if (permission == null) {
return PackageManager.PERMISSION_GRANTED;
}
try {
return AppGlobals.getPackageManager()
.checkUidPermission(permission, uid);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
Example 9
| Source File: PackageInstallerService.java From android_9.0.0_r45 with Apache License 2.0 | 5 votes |
|
private boolean isCallingUidOwner(PackageInstallerSession session) {
final int callingUid = Binder.getCallingUid();
if (callingUid == Process.ROOT_UID) {
return true;
} else {
return (session != null) && (callingUid == session.getInstallerUid());
}
}
Example 10
| Source File: ContextImpl.java From android_9.0.0_r45 with Apache License 2.0 | 5 votes |
|
@Override
public int checkPermission(String permission, int pid, int uid) {
if (permission == null) {
throw new IllegalArgumentException("permission is null");
}
final IActivityManager am = ActivityManager.getService();
if (am == null) {
// Well this is super awkward; we somehow don't have an active
// ActivityManager instance. If we're testing a root or system
// UID, then they totally have whatever permission this is.
final int appId = UserHandle.getAppId(uid);
if (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID) {
Slog.w(TAG, "Missing ActivityManager; assuming " + uid + " holds " + permission);
return PackageManager.PERMISSION_GRANTED;
}
Slog.w(TAG, "Missing ActivityManager; assuming " + uid + " does not hold "
+ permission);
return PackageManager.PERMISSION_DENIED;
}
try {
return am.checkPermission(permission, pid, uid);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
Example 11
| Source File: ContentService.java From android_9.0.0_r45 with Apache License 2.0 | 5 votes |
|
private void validateExtras(int callingUid, Bundle extras) {
if (extras.containsKey(ContentResolver.SYNC_VIRTUAL_EXTRAS_EXEMPTION_FLAG)) {
switch (callingUid) {
case Process.ROOT_UID:
case Process.SHELL_UID:
case Process.SYSTEM_UID:
break; // Okay
default:
final String msg = "Invalid extras specified.";
Log.w(TAG, msg + " requestsync -f/-F needs to run on 'adb shell'");
throw new SecurityException(msg);
}
}
}
Example 12
| Source File: ContentService.java From AndroidComponentPlugin with Apache License 2.0 | 5 votes |
|
private void validateExtras(int callingUid, Bundle extras) {
if (extras.containsKey(ContentResolver.SYNC_VIRTUAL_EXTRAS_EXEMPTION_FLAG)) {
switch (callingUid) {
case Process.ROOT_UID:
case Process.SHELL_UID:
case Process.SYSTEM_UID:
break; // Okay
default:
final String msg = "Invalid extras specified.";
Log.w(TAG, msg + " requestsync -f/-F needs to run on 'adb shell'");
throw new SecurityException(msg);
}
}
}
Example 13
| Source File: SettingsService.java From Study_Android_Demo with Apache License 2.0 | 5 votes |
|
public static String resolveCallingPackage() {
switch (Binder.getCallingUid()) {
case Process.ROOT_UID: {
return "root";
}
case Process.SHELL_UID: {
return "com.android.shell";
}
default: {
return null;
}
}
}
Example 14
| Source File: LockSettingsService.java From android_9.0.0_r45 with Apache License 2.0 | 4 votes |
|
private boolean isCallerShell() {
final int callingUid = Binder.getCallingUid();
return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
}
Example 15
| Source File: ContentService.java From android_9.0.0_r45 with Apache License 2.0 | 4 votes |
|
private void enforceShell(String method) {
final int callingUid = Binder.getCallingUid();
if (callingUid != Process.SHELL_UID && callingUid != Process.ROOT_UID) {
throw new SecurityException("Non-shell user attempted to call " + method);
}
}
Example 16
| Source File: ShortcutService.java From android_9.0.0_r45 with Apache License 2.0 | 4 votes |
|
private boolean isCallerShell() {
final int callingUid = injectBinderCallingUid();
return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
}
Example 17
| Source File: PackageInstallerService.java From android_9.0.0_r45 with Apache License 2.0 | 4 votes |
|
@Override
public void uninstall(VersionedPackage versionedPackage, String callerPackageName, int flags,
IntentSender statusReceiver, int userId) throws RemoteException {
final int callingUid = Binder.getCallingUid();
mPermissionManager.enforceCrossUserPermission(callingUid, userId, true, true, "uninstall");
if ((callingUid != Process.SHELL_UID) && (callingUid != Process.ROOT_UID)) {
mAppOps.checkPackage(callingUid, callerPackageName);
}
// Check whether the caller is device owner or affiliated profile owner, in which case we do
// it silently.
final int callingUserId = UserHandle.getUserId(callingUid);
DevicePolicyManagerInternal dpmi =
LocalServices.getService(DevicePolicyManagerInternal.class);
final boolean isDeviceOwnerOrAffiliatedProfileOwner =
dpmi != null && dpmi.isActiveAdminWithPolicy(callingUid,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER)
&& dpmi.isUserAffiliatedWithDevice(callingUserId);
final PackageDeleteObserverAdapter adapter = new PackageDeleteObserverAdapter(mContext,
statusReceiver, versionedPackage.getPackageName(),
isDeviceOwnerOrAffiliatedProfileOwner, userId);
if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DELETE_PACKAGES)
== PackageManager.PERMISSION_GRANTED) {
// Sweet, call straight through!
mPm.deletePackageVersioned(versionedPackage, adapter.getBinder(), userId, flags);
} else if (isDeviceOwnerOrAffiliatedProfileOwner) {
// Allow the device owner and affiliated profile owner to silently delete packages
// Need to clear the calling identity to get DELETE_PACKAGES permission
long ident = Binder.clearCallingIdentity();
try {
mPm.deletePackageVersioned(versionedPackage, adapter.getBinder(), userId, flags);
} finally {
Binder.restoreCallingIdentity(ident);
}
} else {
ApplicationInfo appInfo = mPm.getApplicationInfo(callerPackageName, 0, userId);
if (appInfo.targetSdkVersion >= Build.VERSION_CODES.P) {
mContext.enforceCallingOrSelfPermission(Manifest.permission.REQUEST_DELETE_PACKAGES,
null);
}
// Take a short detour to confirm with user
final Intent intent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE);
intent.setData(Uri.fromParts("package", versionedPackage.getPackageName(), null));
intent.putExtra(PackageInstaller.EXTRA_CALLBACK, adapter.getBinder().asBinder());
adapter.onUserActionRequired(intent);
}
}
Example 18
| Source File: NetworkWatchlistService.java From android_9.0.0_r45 with Apache License 2.0 | 4 votes |
|
private boolean isCallerShell() {
final int callingUid = Binder.getCallingUid();
return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
}
Example 19
| Source File: SettingsProvider.java From Study_Android_Demo with Apache License 2.0 | 4 votes |
|
/**
* Checks whether changing a setting to a value is prohibited by the corresponding user
* restriction.
*
* <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction(
* Context, int, String, boolean)}, which should be in sync with this method.
*
* @return true if the change is prohibited, false if the change is allowed.
*/
private boolean isGlobalOrSecureSettingRestrictedForUser(String setting, int userId,
String value, int callingUid) {
String restriction;
switch (setting) {
case Settings.Secure.LOCATION_MODE:
// Note LOCATION_MODE will be converted into LOCATION_PROVIDERS_ALLOWED
// in android.provider.Settings.Secure.putStringForUser(), so we shouldn't come
// here normally, but we still protect it here from a direct provider write.
if (String.valueOf(Settings.Secure.LOCATION_MODE_OFF).equals(value)) return false;
restriction = UserManager.DISALLOW_SHARE_LOCATION;
break;
case Settings.Secure.LOCATION_PROVIDERS_ALLOWED:
// See SettingsProvider.updateLocationProvidersAllowedLocked. "-" is to disable
// a provider, which should be allowed even if the user restriction is set.
if (value != null && value.startsWith("-")) return false;
restriction = UserManager.DISALLOW_SHARE_LOCATION;
break;
case Settings.Secure.INSTALL_NON_MARKET_APPS:
if ("0".equals(value)) return false;
restriction = UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES;
break;
case Settings.Global.ADB_ENABLED:
if ("0".equals(value)) return false;
restriction = UserManager.DISALLOW_DEBUGGING_FEATURES;
break;
case Settings.Global.PACKAGE_VERIFIER_ENABLE:
case Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB:
if ("1".equals(value)) return false;
restriction = UserManager.ENSURE_VERIFY_APPS;
break;
case Settings.Global.PREFERRED_NETWORK_MODE:
restriction = UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS;
break;
case Settings.Secure.ALWAYS_ON_VPN_APP:
case Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN:
// Whitelist system uid (ConnectivityService) and root uid to change always-on vpn
final int appId = UserHandle.getAppId(callingUid);
if (appId == Process.SYSTEM_UID || appId == Process.ROOT_UID) {
return false;
}
restriction = UserManager.DISALLOW_CONFIG_VPN;
break;
case Settings.Global.SAFE_BOOT_DISALLOWED:
if ("1".equals(value)) return false;
restriction = UserManager.DISALLOW_SAFE_BOOT;
break;
default:
if (setting != null && setting.startsWith(Settings.Global.DATA_ROAMING)) {
if ("0".equals(value)) return false;
restriction = UserManager.DISALLOW_DATA_ROAMING;
break;
}
return false;
}
return mUserManager.hasUserRestriction(restriction, UserHandle.of(userId));
}
Example 20
| Source File: UserManagerService.java From android_9.0.0_r45 with Apache License 2.0 | 3 votes |
|
/**
* Enforces that only the system UID or root's UID (on any user) can make certain calls to the
* UserManager.
*
* @param message used as message if SecurityException is thrown
* @throws SecurityException if the caller is not system or root
*/
private static void checkSystemOrRoot(String message) {
final int uid = Binder.getCallingUid();
if (!UserHandle.isSameApp(uid, Process.SYSTEM_UID) && uid != Process.ROOT_UID) {
throw new SecurityException("Only system may: " + message);
}
}
