From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jing Ji <jji@google.com>
Date: Thu, 19 Oct 2023 14:22:58 -0700
Subject: [PATCH] DO NOT MERGE: Fix ActivityManager#killBackgroundProcesses
 permissions

In the pevious CL, we incorrectly added the permission check in the
killBackgroundProcessesExcept. Now fix this issue.

Bug: 239423414
Bug: 223376078
Test: atest CtsAppTestCases:ActivityManagerTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:140fce861944419a375c669010c6c47cd7ff5b37)
Merged-In: I9471a77188ee63ec32cd0c81569193e4ccad885b
Change-Id: I9471a77188ee63ec32cd0c81569193e4ccad885b
---
 .../server/am/ActivityManagerService.java     | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 25b797cdfd8a..aaa642896202 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -6201,6 +6201,22 @@ public class ActivityManagerService extends IActivityManager.Stub
             throw new SecurityException(msg);
         }
 
+        final int callingUid = Binder.getCallingUid();
+        final int callingPid = Binder.getCallingPid();
+
+        ProcessRecord proc;
+        synchronized (mPidsSelfLocked) {
+            proc = mPidsSelfLocked.get(callingPid);
+        }
+        if (callingUid >= FIRST_APPLICATION_UID
+                && (proc == null || !proc.info.isSystemApp())) {
+            final String msg = "Permission Denial: killAllBackgroundProcesses() from pid="
+                    + callingPid + ", uid=" + callingUid + " is not allowed";
+            Slog.w(TAG, msg);
+            // Silently return to avoid existing apps from crashing.
+            return;
+        }
+
         final long callingId = Binder.clearCallingIdentity();
         try {
             synchronized (this) {
@@ -6258,22 +6274,6 @@ public class ActivityManagerService extends IActivityManager.Stub
             throw new SecurityException(msg);
         }
 
-        final int callingUid = Binder.getCallingUid();
-        final int callingPid = Binder.getCallingPid();
-
-        ProcessRecord proc;
-        synchronized (mPidsSelfLocked) {
-            proc = mPidsSelfLocked.get(callingPid);
-        }
-        if (callingUid >= FIRST_APPLICATION_UID
-                && (proc == null || !proc.info.isSystemApp())) {
-            final String msg = "Permission Denial: killAllBackgroundProcesses() from pid="
-                    + callingPid + ", uid=" + callingUid + " is not allowed";
-            Slog.w(TAG, msg);
-            // Silently return to avoid existing apps from crashing.
-            return;
-        }
-
         final long callingId = Binder.clearCallingIdentity();
         try {
             synchronized (this) {