3 Commits

Author SHA1 Message Date
Christopher Tate
ccbf84f44c Some system apps are more system than others
"signatureOrSystem" permissions are no longer available to all apps
residing en the /system partition.  Instead, there is a new /system/priv-app
directory, and only apps whose APKs are in that directory are allowed
to use signatureOrSystem permissions without sharing the platform cert.
This will reduce the surface area for possible exploits of system-
bundled applications to try to gain access to permission-guarded
operations.

The ApplicationInfo.FLAG_SYSTEM flag continues to mean what it is
says in the documentation: it indicates that the application apk was
bundled on the /system partition.  A new hidden flag FLAG_PRIVILEGED
has been introduced that reflects the actual right to access these
permissions.

At some point the "system" permission category will be
renamed to "privileged".

Bug 8765951

Change-Id: I6f0fd9cdb9170e076dfc66d83ecea76f8dd7335d
2013-06-17 12:47:35 -07:00
Jeff Sharkey
02ffba940c Handle finished bugreports, share from private.
Show notification when a bugreport is finished, letting the user
launch a SEND_MULTIPLE intent to share them.  Add dialog that warns
user about contents before sharing.  Since bugreports are now stored
in private app data of the Shell app, use FileProvider to build Uris
that we can grant others access to.

Define BUGREPORT_FINISHED as being a protected broadcast.  Delete
older bugreports automatically to reclaim disk space.  Migrate any
Intent extras to ClipData when building PendingIntents.

Add --receiver-permission support to am shell command.

Bug: 7005318
Change-Id: If6c607dbcf137362d5887eac482ff7391563890f
2013-03-13 16:42:38 -07:00
Dianne Hackborn
514074fae8 App ops: cleanup, handle root and shell, perms.
Rework how the shell user is defined so that it is
associated with an actual apk, instead of being a free
roaming uid with special permissions assigned to it.
This allows us to correctly account for its operations
in app ops.

Implement a special case for the root user in app ops --
it is always allowed, always with the package name "root".

Add various code to take care of cleaning up package state
from app ops -- when packages are uninstalled, and during
boot if any packages currently being stored no longer exist.

Also fix a bug in the activity manager to correctly grant
permissions in all cases when onNewIntent() is being called.

Change-Id: Iae9f6d793ee48b93518c984ad957e46ae4582581
2013-02-11 15:33:48 -08:00