diff options
| -rw-r--r-- | api/current.txt | 1 | ||||
| -rw-r--r-- | core/java/android/app/Service.java | 12 | ||||
| -rw-r--r-- | core/java/android/os/Build.java | 8 | ||||
| -rw-r--r-- | core/res/AndroidManifest.xml | 9 | ||||
| -rw-r--r-- | core/res/res/values/strings.xml | 5 | ||||
| -rw-r--r-- | core/tests/coretests/AndroidManifest.xml | 1 | ||||
| -rw-r--r-- | packages/MtpDocumentsProvider/AndroidManifest.xml | 1 | ||||
| -rw-r--r-- | packages/Shell/AndroidManifest.xml | 1 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActiveServices.java | 22 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 14 | ||||
| -rw-r--r-- | services/tests/servicestests/AndroidManifest.xml | 1 | ||||
| -rw-r--r-- | tests/FrameworkPerf/AndroidManifest.xml | 1 | ||||
| -rw-r--r-- | tests/OneMedia/AndroidManifest.xml | 1 |
13 files changed, 55 insertions, 22 deletions
diff --git a/api/current.txt b/api/current.txt index f7cfc75dc41f..e85beab85e72 100644 --- a/api/current.txt +++ b/api/current.txt @@ -72,6 +72,7 @@ package android { field public static final java.lang.String DUMP = "android.permission.DUMP"; field public static final java.lang.String EXPAND_STATUS_BAR = "android.permission.EXPAND_STATUS_BAR"; field public static final java.lang.String FACTORY_TEST = "android.permission.FACTORY_TEST"; + field public static final java.lang.String FOREGROUND_SERVICE = "android.permission.FOREGROUND_SERVICE"; field public static final java.lang.String GET_ACCOUNTS = "android.permission.GET_ACCOUNTS"; field public static final java.lang.String GET_ACCOUNTS_PRIVILEGED = "android.permission.GET_ACCOUNTS_PRIVILEGED"; field public static final java.lang.String GET_PACKAGE_SIZE = "android.permission.GET_PACKAGE_SIZE"; diff --git a/core/java/android/app/Service.java b/core/java/android/app/Service.java index 256c47934dc5..ea0fd75bec90 100644 --- a/core/java/android/app/Service.java +++ b/core/java/android/app/Service.java @@ -471,14 +471,6 @@ public abstract class Service extends ContextWrapper implements ComponentCallbac * {@link #onStart} and returns either {@link #START_STICKY} * or {@link #START_STICKY_COMPATIBILITY}. * - * <p>If you need your application to run on platform versions prior to API - * level 5, you can use the following model to handle the older {@link #onStart} - * callback in that case. The <code>handleCommand</code> method is implemented by - * you as appropriate: - * - * {@sample development/samples/ApiDemos/src/com/example/android/apis/app/ForegroundService.java - * start_compatibility} - * * <p class="caution">Note that the system calls this on your * service's main thread. A service's main thread is the same * thread where UI operations take place for Activities running in the @@ -687,6 +679,10 @@ public abstract class Service extends ContextWrapper implements ComponentCallbac * {@link #startService(Intent)} first to tell the system it should keep the service running, * and then use this method to tell it to keep it running harder.</p> * + * <p>Apps targeting API {@link android.os.Build.VERSION_CODES#P} or later must request + * the permission {@link android.Manifest.permission#FOREGROUND_SERVICE} in order to use + * this API.</p> + * * @param id The identifier for this notification as per * {@link NotificationManager#notify(int, Notification) * NotificationManager.notify(int, Notification)}; must not be 0. diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java index 48f56847e88d..fc7886191898 100644 --- a/core/java/android/os/Build.java +++ b/core/java/android/os/Build.java @@ -894,6 +894,14 @@ public class Build { /** * P. + * + * <p>Applications targeting this or a later release will get these + * new changes in behavior:</p> + * <ul> + * <li>{@link android.app.Service#startForeground Service.startForeground} requires + * that apps hold the permission + * {@link android.Manifest.permission#FOREGROUND_SERVICE}.</li> + * </ul> */ public static final int P = CUR_DEVELOPMENT; // STOPSHIP Replace with the real version. } diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index e6912f73d6e8..b04680877f89 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -3717,6 +3717,15 @@ <permission android:name="android.permission.INSTANT_APP_FOREGROUND_SERVICE" android:protectionLevel="signature|development|instant|appop" /> + <!-- Allows a regular application to use {@link android.app.Service#startForeground + Service.startForeground}. + <p>Protection level: normal + --> + <permission android:name="android.permission.FOREGROUND_SERVICE" + android:description="@string/permdesc_foregroundService" + android:label="@string/permlab_foregroundService" + android:protectionLevel="normal|instant" /> + <!-- @hide Allows system components to access all app shortcuts. --> <permission android:name="android.permission.ACCESS_SHORTCUTS" android:protectionLevel="signature" /> diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml index 4119cdcf4c5e..71e963a5bf9e 100644 --- a/core/res/res/values/strings.xml +++ b/core/res/res/values/strings.xml @@ -916,6 +916,11 @@ <string name="permdesc_persistentActivity" product="default">Allows the app to make parts of itself persistent in memory. This can limit memory available to other apps slowing down the phone.</string> <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> + <string name="permlab_foregroundService">run foreground service</string> + <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> + <string name="permdesc_foregroundService">Allows the app to make use of foreground services.</string> + + <!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permlab_getPackageSize">measure app storage space</string> <!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. --> <string name="permdesc_getPackageSize">Allows the app to retrieve its code, data, and cache sizes</string> diff --git a/core/tests/coretests/AndroidManifest.xml b/core/tests/coretests/AndroidManifest.xml index e0947723f502..3e380104fa99 100644 --- a/core/tests/coretests/AndroidManifest.xml +++ b/core/tests/coretests/AndroidManifest.xml @@ -51,6 +51,7 @@ <uses-permission android:name="android.permission.CLEAR_APP_USER_DATA" /> <uses-permission android:name="android.permission.DELETE_CACHE_FILES" /> <uses-permission android:name="android.permission.DOWNLOAD_CACHE_NON_PURGEABLE" /> + <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/> <uses-permission android:name="android.permission.GET_PACKAGE_SIZE" /> <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.INJECT_EVENTS" /> diff --git a/packages/MtpDocumentsProvider/AndroidManifest.xml b/packages/MtpDocumentsProvider/AndroidManifest.xml index 8d79f62f21d7..c0a59b3badbf 100644 --- a/packages/MtpDocumentsProvider/AndroidManifest.xml +++ b/packages/MtpDocumentsProvider/AndroidManifest.xml @@ -3,6 +3,7 @@ package="com.android.mtp" android:sharedUserId="android.media"> <uses-feature android:name="android.hardware.usb.host" /> + <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/> <uses-permission android:name="android.permission.MANAGE_USB" /> <application android:label="@string/app_label"> <provider diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml index 64b2ae6e23d3..79299aa6abcb 100644 --- a/packages/Shell/AndroidManifest.xml +++ b/packages/Shell/AndroidManifest.xml @@ -44,6 +44,7 @@ <uses-permission android:name="android.permission.MANAGE_NETWORK_POLICY" /> <uses-permission android:name="android.permission.MANAGE_USB" /> <uses-permission android:name="android.permission.USE_RESERVED_DISK" /> + <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/> <!-- System tool permissions granted to the shell. --> <uses-permission android:name="android.permission.REAL_GET_TASKS" /> <uses-permission android:name="android.permission.CHANGE_CONFIGURATION" /> diff --git a/services/core/java/com/android/server/am/ActiveServices.java b/services/core/java/com/android/server/am/ActiveServices.java index 2f7d4c1ec634..266abf8c3f4c 100644 --- a/services/core/java/com/android/server/am/ActiveServices.java +++ b/services/core/java/com/android/server/am/ActiveServices.java @@ -1042,20 +1042,14 @@ public final class ActiveServices { throw new SecurityException("Instant app " + r.appInfo.packageName + " does not have permission to create foreground services"); default: - try { - if (AppGlobals.getPackageManager().checkPermission( - android.Manifest.permission.INSTANT_APP_FOREGROUND_SERVICE, - r.appInfo.packageName, UserHandle.getUserId(r.appInfo.uid)) - != PackageManager.PERMISSION_GRANTED) { - throw new SecurityException("Instant app " + r.appInfo.packageName - + " does not have permission to create foreground" - + "services"); - } - } catch (RemoteException e) { - throw new SecurityException("Failed to check instant app permission." , - e); - } - } + mAm.enforcePermission( + android.Manifest.permission.INSTANT_APP_FOREGROUND_SERVICE, + r.app.pid, r.appInfo.uid, "startForeground"); + } + } else if (r.appInfo.targetSdkVersion >= Build.VERSION_CODES.P) { + mAm.enforcePermission( + android.Manifest.permission.FOREGROUND_SERVICE, + r.app.pid, r.appInfo.uid, "startForeground"); } if (r.fgRequired) { if (DEBUG_SERVICE || DEBUG_BACKGROUND_CHECK) { diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 36ad94f39055..83976154ab11 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -8884,6 +8884,20 @@ public class ActivityManagerService extends IActivityManager.Stub /** * This can be called with or without the global lock held. */ + void enforcePermission(String permission, int pid, int uid, String func) { + if (checkPermission(permission, pid, uid) == PackageManager.PERMISSION_GRANTED) { + return; + } + + String msg = "Permission Denial: " + func + " from pid=" + pid + ", uid=" + uid + + " requires " + permission; + Slog.w(TAG, msg); + throw new SecurityException(msg); + } + + /** + * This can be called with or without the global lock held. + */ void enforceCallerIsRecentsOrHasPermission(String permission, String func) { if (!mRecentTasks.isCallerRecents(Binder.getCallingUid())) { enforceCallingPermission(permission, func); diff --git a/services/tests/servicestests/AndroidManifest.xml b/services/tests/servicestests/AndroidManifest.xml index 0499bf0eccc7..94e4e306be15 100644 --- a/services/tests/servicestests/AndroidManifest.xml +++ b/services/tests/servicestests/AndroidManifest.xml @@ -59,6 +59,7 @@ <uses-permission android:name="android.permission.STATUS_BAR_SERVICE" /> <uses-permission android:name="android.permission.ACCESS_SURFACE_FLINGER" /> <uses-permission android:name="android.permission.READ_FRAME_BUFFER" /> + <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/> <!-- Uses API introduced in O (26) --> <uses-sdk android:minSdkVersion="1" diff --git a/tests/FrameworkPerf/AndroidManifest.xml b/tests/FrameworkPerf/AndroidManifest.xml index 2591aaf8f1a6..d62ef9ec210c 100644 --- a/tests/FrameworkPerf/AndroidManifest.xml +++ b/tests/FrameworkPerf/AndroidManifest.xml @@ -1,5 +1,6 @@ <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.android.frameworkperf"> + <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/> <uses-permission android:name="android.permission.WAKE_LOCK" /> <uses-sdk android:minSdkVersion="5" /> diff --git a/tests/OneMedia/AndroidManifest.xml b/tests/OneMedia/AndroidManifest.xml index c6824ecea976..8697f1b085bf 100644 --- a/tests/OneMedia/AndroidManifest.xml +++ b/tests/OneMedia/AndroidManifest.xml @@ -5,6 +5,7 @@ android:versionName="1.0" > <uses-sdk android:minSdkVersion="19"/> + <uses-permission android:name="android.permission.FOREGROUND_SERVICE"/> <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" /> |