4d345d7af1
The system shouldn't be granting read URI permissions as itself. This means that heap dumps aren't successfully shared. Moving the heap dump sharing mechanism to SHELL, which already has the permission to dump heaps so that dumps can be shared properly. The ActivityManagerService changes are submitted separately. Bug: 126885951 Bug: 135150619 Test: collect a heap dump and confirm it's successfully shared with an app Test: do manual test on a secondary user & confirm it's not available to other user Change-Id: I6fad69280b5124c8ec2d3b4bef0f7dddb6a9422c
287 lines
17 KiB
XML
287 lines
17 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!--
|
|
/*
|
|
* Copyright (C) 2015 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
-->
|
|
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
|
|
package="com.android.shell"
|
|
coreApp="true"
|
|
android:sharedUserId="android.uid.shell"
|
|
>
|
|
|
|
<!-- Standard permissions granted to the shell. -->
|
|
<uses-permission android:name="android.permission.GET_RUNTIME_PERMISSIONS" />
|
|
<uses-permission android:name="android.permission.SEND_SMS" />
|
|
<uses-permission android:name="android.permission.READ_SMS" />
|
|
<uses-permission android:name="android.permission.CALL_PHONE" />
|
|
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
|
|
<uses-permission android:name="android.permission.READ_PRECISE_PHONE_STATE" />
|
|
<uses-permission android:name="android.permission.READ_ACTIVE_EMERGENCY_SESSION" />
|
|
<uses-permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE" />
|
|
<uses-permission android:name="android.permission.READ_CONTACTS" />
|
|
<uses-permission android:name="android.permission.WRITE_CONTACTS" />
|
|
<uses-permission android:name="android.permission.READ_CALENDAR" />
|
|
<uses-permission android:name="android.permission.WRITE_CALENDAR" />
|
|
<uses-permission android:name="android.permission.READ_USER_DICTIONARY" />
|
|
<uses-permission android:name="android.permission.WRITE_USER_DICTIONARY" />
|
|
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
|
|
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
|
|
<uses-permission android:name="android.permission.ACCESS_LOCATION_EXTRA_COMMANDS" />
|
|
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
|
|
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
|
|
<uses-permission android:name="android.permission.BLUETOOTH" />
|
|
<uses-permission android:name="android.permission.LOCAL_MAC_ADDRESS" />
|
|
<uses-permission android:name="android.permission.EXPAND_STATUS_BAR" />
|
|
<uses-permission android:name="android.permission.DISABLE_KEYGUARD" />
|
|
<uses-permission android:name="android.permission.MANAGE_NETWORK_POLICY" />
|
|
<uses-permission android:name="android.permission.MANAGE_USB" />
|
|
<uses-permission android:name="android.permission.USE_RESERVED_DISK" />
|
|
<uses-permission android:name="android.permission.FOREGROUND_SERVICE"/>
|
|
<!-- System tool permissions granted to the shell. -->
|
|
<uses-permission android:name="android.permission.REAL_GET_TASKS" />
|
|
<uses-permission android:name="android.permission.CHANGE_CONFIGURATION" />
|
|
<uses-permission android:name="android.permission.REORDER_TASKS" />
|
|
<uses-permission android:name="android.permission.REMOVE_TASKS" />
|
|
<uses-permission android:name="android.permission.SET_ANIMATION_SCALE" />
|
|
<uses-permission android:name="android.permission.SET_PREFERRED_APPLICATIONS" />
|
|
<uses-permission android:name="android.permission.WRITE_SETTINGS" />
|
|
<uses-permission android:name="android.permission.WRITE_SECURE_SETTINGS" />
|
|
<uses-permission android:name="android.permission.READ_DEVICE_CONFIG" />
|
|
<uses-permission android:name="android.permission.WRITE_DEVICE_CONFIG" />
|
|
<uses-permission android:name="android.permission.BROADCAST_STICKY" />
|
|
<uses-permission android:name="android.permission.MANAGE_ACCESSIBILITY" />
|
|
<!-- Development tool permissions granted to the shell. -->
|
|
<uses-permission android:name="android.permission.SET_DEBUG_APP" />
|
|
<uses-permission android:name="android.permission.SET_PROCESS_LIMIT" />
|
|
<uses-permission android:name="android.permission.SET_ALWAYS_FINISH" />
|
|
<uses-permission android:name="android.permission.DUMP" />
|
|
<uses-permission android:name="android.permission.SIGNAL_PERSISTENT_PROCESSES" />
|
|
<uses-permission android:name="android.permission.KILL_BACKGROUND_PROCESSES" />
|
|
<!-- Internal permissions granted to the shell. -->
|
|
<uses-permission android:name="android.permission.FORCE_BACK" />
|
|
<uses-permission android:name="android.permission.BATTERY_STATS" />
|
|
<uses-permission android:name="android.permission.PACKAGE_USAGE_STATS" />
|
|
<uses-permission android:name="android.permission.INTERNAL_SYSTEM_WINDOW" />
|
|
<uses-permission android:name="android.permission.INJECT_EVENTS" />
|
|
<uses-permission android:name="android.permission.RETRIEVE_WINDOW_CONTENT" />
|
|
<uses-permission android:name="android.permission.SET_ACTIVITY_WATCHER" />
|
|
<uses-permission android:name="android.permission.READ_INPUT_STATE" />
|
|
<uses-permission android:name="android.permission.SET_ORIENTATION" />
|
|
<uses-permission android:name="android.permission.INSTALL_PACKAGES" />
|
|
<uses-permission android:name="android.permission.MOVE_PACKAGE" />
|
|
<uses-permission android:name="android.permission.CLEAR_APP_USER_DATA" />
|
|
<uses-permission android:name="android.permission.CLEAR_APP_CACHE" />
|
|
<uses-permission android:name="android.permission.ACCESS_INSTANT_APPS" />
|
|
<uses-permission android:name="android.permission.DELETE_CACHE_FILES" />
|
|
<uses-permission android:name="android.permission.DELETE_PACKAGES" />
|
|
<uses-permission android:name="android.permission.MANAGE_ROLLBACKS" />
|
|
<uses-permission android:name="android.permission.TEST_MANAGE_ROLLBACKS" />
|
|
<uses-permission android:name="android.permission.ACCESS_SURFACE_FLINGER" />
|
|
<uses-permission android:name="android.permission.READ_FRAME_BUFFER" />
|
|
<uses-permission android:name="android.permission.DEVICE_POWER" />
|
|
<uses-permission android:name="android.permission.POWER_SAVER" />
|
|
<uses-permission android:name="android.permission.INSTALL_LOCATION_PROVIDER" />
|
|
<uses-permission android:name="android.permission.BACKUP" />
|
|
<uses-permission android:name="android.permission.FORCE_STOP_PACKAGES" />
|
|
<uses-permission android:name="android.permission.STOP_APP_SWITCHES" />
|
|
<uses-permission android:name="android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY" />
|
|
<uses-permission android:name="android.permission.GRANT_RUNTIME_PERMISSIONS" />
|
|
<uses-permission android:name="android.permission.REVOKE_RUNTIME_PERMISSIONS" />
|
|
<uses-permission android:name="android.permission.INSTALL_GRANT_RUNTIME_PERMISSIONS" />
|
|
<uses-permission android:name="android.permission.WHITELIST_RESTRICTED_PERMISSIONS" />
|
|
<uses-permission android:name="android.permission.SET_KEYBOARD_LAYOUT" />
|
|
<uses-permission android:name="android.permission.GET_DETAILED_TASKS" />
|
|
<uses-permission android:name="android.permission.SET_SCREEN_COMPATIBILITY" />
|
|
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
|
|
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
|
|
<uses-permission android:name="android.permission.WRITE_MEDIA_STORAGE" />
|
|
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />
|
|
<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />
|
|
<uses-permission android:name="android.permission.CREATE_USERS" />
|
|
<uses-permission android:name="android.permission.MANAGE_DEVICE_ADMINS" />
|
|
<uses-permission android:name="android.permission.ACCESS_LOWPAN_STATE"/>
|
|
<uses-permission android:name="android.permission.CHANGE_LOWPAN_STATE"/>
|
|
<uses-permission android:name="android.permission.READ_LOWPAN_CREDENTIAL"/>
|
|
<uses-permission android:name="android.permission.BLUETOOTH_STACK" />
|
|
<uses-permission android:name="android.permission.GET_ACCOUNTS" />
|
|
<uses-permission android:name="android.permission.RETRIEVE_WINDOW_TOKEN" />
|
|
<uses-permission android:name="android.permission.FRAME_STATS" />
|
|
<uses-permission android:name="android.permission.BIND_APPWIDGET" />
|
|
<uses-permission android:name="android.permission.UPDATE_APP_OPS_STATS" />
|
|
<uses-permission android:name="android.permission.MODIFY_APPWIDGET_BIND_PERMISSIONS"/>
|
|
<uses-permission android:name="android.permission.CHANGE_APP_IDLE_STATE" />
|
|
<uses-permission android:name="android.permission.CHANGE_DEVICE_IDLE_TEMP_WHITELIST" />
|
|
<uses-permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" />
|
|
<uses-permission android:name="android.permission.MOUNT_FORMAT_FILESYSTEMS" />
|
|
<uses-permission android:name="android.permission.MODIFY_PHONE_STATE" />
|
|
<!-- Shell only holds android.permission.NETWORK_SCAN in order to to enable CTS testing -->
|
|
<uses-permission android:name="android.permission.NETWORK_SCAN" />
|
|
<uses-permission android:name="android.permission.REGISTER_CALL_PROVIDER" />
|
|
<uses-permission android:name="android.permission.REGISTER_CONNECTION_MANAGER" />
|
|
<uses-permission android:name="android.permission.REGISTER_SIM_SUBSCRIPTION" />
|
|
<uses-permission android:name="android.permission.GET_APP_OPS_STATS" />
|
|
<uses-permission android:name="android.permission.MANAGE_APP_OPS_MODES" />
|
|
<uses-permission android:name="android.permission.VIBRATE" />
|
|
<uses-permission android:name="android.permission.MANAGE_ACTIVITY_STACKS" />
|
|
<uses-permission android:name="android.permission.START_TASKS_FROM_RECENTS" />
|
|
<uses-permission android:name="android.permission.START_ACTIVITIES_FROM_BACKGROUND" />
|
|
<uses-permission android:name="android.permission.ACTIVITY_EMBEDDING" />
|
|
<uses-permission android:name="android.permission.CONNECTIVITY_INTERNAL" />
|
|
<uses-permission android:name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" />
|
|
<uses-permission android:name="android.permission.MANAGE_AUTO_FILL" />
|
|
<uses-permission android:name="android.permission.MANAGE_CONTENT_CAPTURE" />
|
|
<uses-permission android:name="android.permission.MANAGE_CONTENT_SUGGESTIONS" />
|
|
<uses-permission android:name="android.permission.MANAGE_APP_PREDICTIONS" />
|
|
<uses-permission android:name="android.permission.NETWORK_SETTINGS" />
|
|
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
|
|
<uses-permission android:name="android.permission.SET_TIME" />
|
|
<uses-permission android:name="android.permission.SET_TIME_ZONE" />
|
|
<uses-permission android:name="android.permission.DISABLE_HIDDEN_API_CHECKS" />
|
|
<uses-permission android:name="android.permission.MANAGE_ROLE_HOLDERS" />
|
|
<uses-permission android:name="android.permission.OBSERVE_ROLE_HOLDERS" />
|
|
<uses-permission android:name="android.permission.STATUS_BAR_SERVICE" />
|
|
<uses-permission android:name="android.permission.STATUS_BAR" />
|
|
<!-- Permission needed to rename bugreport notifications (so they're not shown as Shell) -->
|
|
<uses-permission android:name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME" />
|
|
<uses-permission android:name="android.permission.REQUEST_NOTIFICATION_ASSISTANT_SERVICE" />
|
|
<!-- Permission needed to hold a wakelock in dumpstate.cpp (drop_root_user()) -->
|
|
<uses-permission android:name="android.permission.WAKE_LOCK" />
|
|
<!-- Permission needed to enable/disable overlays -->
|
|
<uses-permission android:name="android.permission.CHANGE_OVERLAY_PACKAGES" />
|
|
<!-- Permission needed to access privileged VR APIs -->
|
|
<uses-permission android:name="android.permission.RESTRICTED_VR_ACCESS" />
|
|
<uses-permission android:name="android.permission.MANAGE_BIND_INSTANT_SERVICE" />
|
|
<uses-permission android:name="android.permission.SET_HARMFUL_APP_WARNINGS" />
|
|
<uses-permission android:name="android.permission.MANAGE_SENSORS" />
|
|
<uses-permission android:name="android.permission.MANAGE_AUDIO_POLICY" />
|
|
<uses-permission android:name="android.permission.MANAGE_CAMERA" />
|
|
<!-- Permission needed to enable/disable Bluetooth/Wifi -->
|
|
<uses-permission android:name="android.permission.MANAGE_BLUETOOTH_WHEN_WIRELESS_CONSENT_REQUIRED" />
|
|
<uses-permission android:name="android.permission.MANAGE_WIFI_WHEN_WIRELESS_CONSENT_REQUIRED" />
|
|
<!-- Permission needed to invoke DynamicSystem (AOT) -->
|
|
<uses-permission android:name="android.permission.INSTALL_DYNAMIC_SYSTEM" />
|
|
<!-- Used to clean up heap dumps on boot. -->
|
|
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
|
|
|
|
|
|
<uses-permission android:name="android.permission.CONTROL_KEYGUARD" />
|
|
<uses-permission android:name="android.permission.SUSPEND_APPS" />
|
|
<uses-permission android:name="android.permission.OBSERVE_APP_USAGE" />
|
|
<uses-permission android:name="android.permission.READ_CLIPBOARD_IN_BACKGROUND" />
|
|
<!-- Permission needed to wipe the device for Test Harness Mode -->
|
|
<uses-permission android:name="android.permission.ENABLE_TEST_HARNESS_MODE" />
|
|
|
|
<uses-permission android:name="android.permission.MANAGE_APPOPS" />
|
|
|
|
<!-- Permission needed to run network tests in CTS -->
|
|
<uses-permission android:name="android.permission.MANAGE_TEST_NETWORKS" />
|
|
<!-- Permission needed to test tcp keepalive offload. -->
|
|
<uses-permission android:name="android.permission.PACKET_KEEPALIVE_OFFLOAD" />
|
|
|
|
<!-- Permission needed to run keyguard manager tests in CTS -->
|
|
<uses-permission android:name="android.permission.CONTROL_KEYGUARD_SECURE_NOTIFICATIONS" />
|
|
|
|
<!-- Permission needed to test wallpaper component -->
|
|
<uses-permission android:name="android.permission.SET_WALLPAPER" />
|
|
<uses-permission android:name="android.permission.SET_WALLPAPER_COMPONENT" />
|
|
|
|
<!-- Permission required to test ContentResolver caching. -->
|
|
<uses-permission android:name="android.permission.CACHE_CONTENT" />
|
|
|
|
<!-- Permission required to test ExplicitHealthCheckServiceImpl. -->
|
|
<uses-permission android:name="android.permission.BIND_EXPLICIT_HEALTH_CHECK_SERVICE" />
|
|
|
|
<!-- Permission required for CTS test - CrossProfileAppsHostSideTest -->
|
|
<uses-permission android:name="android.permission.INTERACT_ACROSS_PROFILES"/>
|
|
|
|
<application android:label="@string/app_label"
|
|
android:theme="@android:style/Theme.DeviceDefault.DayNight"
|
|
android:defaultToDeviceProtectedStorage="true"
|
|
android:directBootAware="true">
|
|
<provider
|
|
android:name="androidx.core.content.FileProvider"
|
|
android:authorities="com.android.shell"
|
|
android:grantUriPermissions="true"
|
|
android:exported="false">
|
|
<meta-data
|
|
android:name="android.support.FILE_PROVIDER_PATHS"
|
|
android:resource="@xml/file_provider_paths" />
|
|
</provider>
|
|
|
|
<provider
|
|
android:name=".BugreportStorageProvider"
|
|
android:authorities="com.android.shell.documents"
|
|
android:grantUriPermissions="true"
|
|
android:exported="true"
|
|
android:permission="android.permission.MANAGE_DOCUMENTS"
|
|
android:enabled="false">
|
|
<intent-filter>
|
|
<action android:name="android.content.action.DOCUMENTS_PROVIDER" />
|
|
</intent-filter>
|
|
</provider>
|
|
|
|
<provider android:name=".HeapDumpProvider"
|
|
android:authorities="com.android.shell.heapdump"
|
|
android:grantUriPermissions="true"
|
|
android:exported="true" />
|
|
|
|
<activity
|
|
android:name=".BugreportWarningActivity"
|
|
android:finishOnCloseSystemDialogs="true"
|
|
android:excludeFromRecents="true"
|
|
android:exported="false" />
|
|
|
|
<activity android:name=".HeapDumpActivity"
|
|
android:theme="@*android:style/Theme.Translucent.NoTitleBar"
|
|
android:label="@*android:string/dump_heap_title"
|
|
android:finishOnCloseSystemDialogs="true"
|
|
android:noHistory="true"
|
|
android:excludeFromRecents="true"
|
|
android:exported="false" />
|
|
|
|
<receiver
|
|
android:name=".BugreportReceiver"
|
|
android:permission="android.permission.DUMP">
|
|
<intent-filter>
|
|
<action android:name="com.android.internal.intent.action.BUGREPORT_STARTED" />
|
|
<action android:name="com.android.internal.intent.action.BUGREPORT_FINISHED" />
|
|
</intent-filter>
|
|
</receiver>
|
|
|
|
<receiver
|
|
android:name=".RemoteBugreportReceiver"
|
|
android:permission="android.permission.DUMP">
|
|
<intent-filter>
|
|
<action android:name="com.android.internal.intent.action.REMOTE_BUGREPORT_FINISHED" />
|
|
</intent-filter>
|
|
</receiver>
|
|
|
|
<receiver
|
|
android:name=".HeapDumpReceiver"
|
|
android:permission="android.permission.DUMP">
|
|
<intent-filter>
|
|
<action android:name="android.intent.action.BOOT_COMPLETED" />
|
|
<action android:name="com.android.internal.intent.action.HEAP_DUMP_FINISHED" />
|
|
<action android:name="com.android.shell.action.DELETE_HEAP_DUMP" />
|
|
</intent-filter>
|
|
</receiver>
|
|
|
|
<service
|
|
android:name=".BugreportProgressService"
|
|
android:exported="false"/>
|
|
</application>
|
|
</manifest>
|