Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 092156bc authored by Evan Severson's avatar Evan Severson Committed by Kevin F. Haggerty
Browse files

Make CheckOp return allowed if any attr tag for a package is excluded 

checkOp doesn't support checking against an attribution tag, this causes
some checkOps to fail when a noteOp is successful meaning that a
preflight routine might fail before delivering data and doing the more
precise check. This only affects when a user restriction is applied and
there are excepted package+tag.

Test: Checkop with test app
Bug: 232502990
Bug: 231496105
Merged-In: Idcf5ac9a5401ad8089f5873da1f978fdf9258b5a
Change-Id: Idcf5ac9a5401ad8089f5873da1f978fdf9258b5a
(cherry picked from commit 61c2d029)
(cherry picked from commit 25f1b6a1)
Merged-In: Idcf5ac9a5401ad8089f5873da1f978fdf9258b5a
parent 9642f85f

services/core/java/com/android/server/appop/AppOpsService.java

+13 −7
Original line number Diff line number Diff line
@@ -3242,7 +3242,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
            return AppOpsManager.MODE_IGNORED;

        }

        synchronized (this) {

            if (isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass)) {

            if (isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass, true)) {

                return AppOpsManager.MODE_IGNORED;

            }

            code = AppOpsManager.opToSwitch(code);
@@ -3459,7 +3459,7 @@ public class AppOpsService extends IAppOpsService.Stub { 


            final int switchCode = AppOpsManager.opToSwitch(code);

            final UidState uidState = ops.uidState;

            if (isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass)) {

            if (isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass, false)) {

                attributedOp.rejected(uidState.state, flags);

                scheduleOpNotedIfNeededLocked(code, uid, packageName, attributionTag, flags,

                        AppOpsManager.MODE_IGNORED);
@@ -3973,7 +3973,8 @@ public class AppOpsService extends IAppOpsService.Stub { 
            final Op op = getOpLocked(ops, code, uid, true);

            final AttributedOp attributedOp = op.getOrCreateAttribution(op, attributionTag);

            final UidState uidState = ops.uidState;

            isRestricted = isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass);

            isRestricted = isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass,

                    false);

            final int switchCode = AppOpsManager.opToSwitch(code);

            // If there is a non-default per UID policy (we set UID op mode only if

            // non-default) it takes over, otherwise use the per package policy.
@@ -4764,7 +4765,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
    }



    private boolean isOpRestrictedLocked(int uid, int code, String packageName,

            String attributionTag, @Nullable RestrictionBypass appBypass) {

            String attributionTag, @Nullable RestrictionBypass appBypass, boolean isCheckOp) {

        int restrictionSetCount = mOpGlobalRestrictions.size();



        for (int i = 0; i < restrictionSetCount; i++) {
@@ -4781,7 +4782,8 @@ public class AppOpsService extends IAppOpsService.Stub { 
            // For each client, check that the given op is not restricted, or that the given

            // package is exempt from the restriction.

            ClientUserRestrictionState restrictionState = mOpUserRestrictions.valueAt(i);

            if (restrictionState.hasRestriction(code, packageName, attributionTag, userHandle)) {

            if (restrictionState.hasRestriction(code, packageName, attributionTag, userHandle,

                    isCheckOp)) {

                RestrictionBypass opBypass = opAllowSystemBypassRestriction(code);

                if (opBypass != null) {

                    // If we are the system, bypass user restrictions for certain codes
@@ -7141,7 +7143,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
        }



        public boolean hasRestriction(int restriction, String packageName, String attributionTag,

                int userId) {

                int userId, boolean isCheckOp) {

            if (perUserRestrictions == null) {

                return false;

            }
@@ -7160,6 +7162,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
                return true;

            }



            if (isCheckOp) {

                return !perUserExclusions.includes(packageName);

            }

            return !perUserExclusions.contains(packageName, attributionTag);

        }
@@ -7326,7 +7331,8 @@ public class AppOpsService extends IAppOpsService.Stub { 
                int numRestrictions = mOpUserRestrictions.size();

                for (int i = 0; i < numRestrictions; i++) {

                    if (mOpUserRestrictions.valueAt(i)

                            .hasRestriction(code, pkg, attributionTag, user.getIdentifier())) {

                            .hasRestriction(code, pkg, attributionTag, user.getIdentifier(),

                                    false)) {

                        number++;

                    }

                }