Loading
appops: Privacy Guard for P (1/2)
Squashed commit of all PG-related features including superuser
Authors:
- Sam Mortimer
- Danesh Mondegarian
- Jorge Ruesga
- Diogo Ferreira
- Roman Birg
- Adnan Begovic
- Chirayu Desai
- Lars Greiss
- Steve Kondik
- CodeAurora
Pulled together from:
Author: Danesh M <daneshm90@gmail.com>
Date: Thu Sep 5 19:23:15 2013 -0700
Privacy Guard : Reimplement backed by AppOps
Re-implements privacy guard to use appops.
Change-Id: I2b52e8cf0d6e126fb156f83df885b5551503cd9d
Author: Shashank Mittal <mittals@codeaurora.org>
Date: Fri Aug 16 01:09:28 2013 -0700
AppOpsService: Add MODE_ASK support to AppOps.
Add support for new mode(MODE_ASK) in AppOpsService to show a permission
dialog box to user to confirm user permission before allowing or ignoring
that operation.
All strict operations (defined in AppOpsManager) are going to be in
MODE_ASK by default.
Operations will be moved to MODE_ALLOWED or MODE_IGNORED according to
user's choice.
Change-Id: I1314125a2b8be558e422e4a9eea0ff066c21bf94
Author: Shashank Mittal <mittals@codeaurora.org>
Date: Tue Sep 3 19:23:10 2013 -0700
wifi: Confirm user permission before toggling wifi.
Check user permissions before enabling/disabling wifi.
Change-Id: I1ddae6e47f42b6d3fc831c2c135ece75cf9e935d
Author: Shashank Mittal <mittals@codeaurora.org>
Date: Thu Sep 5 17:24:44 2013 -0700
AppOps: Add Bluetooth enable control into AppOps
Check user permission before enabling bluetooth.
Change-Id: Iefa4ea3319b33b2639beaf38d261d83649bbcf85
Author: Sam Mortimer <sam@mortimer.me.uk>
Date: Wed Oct 2 22:06:42 2013 -0700
[2/2] AppOps: Add per Op allowed and ignored counters
Change-Id: Ifb3d25e17dbab082b816a0a655b4796a83af336b
Author: Jorge Ruesga <jorge@ruesga.com>
Date: Sat Jan 4 01:34:39 2014 +0100
privacyguard: Share privacy package name between activity stacks
AOSP 4.4 now has a stack supervisor with differents activity stacks for home and focus activities.
Every ActivityStack instance has a ref to this supervisor. Just share the privacy guard package name
throught the supervisor.
JIRA: CYAN-2874
Issue: https://jira.cyanogenmod.org/browse/CYAN-2874
Author: Steve Kondik <shade@chemlab.org>
Date: Sun Feb 23 19:23:31 2014 +0100
Use MODE_ASK as the default ops mode in Privacy Guard
* Prompting the user is far more useful as a default behavior. The
choice will be remembered after the first request.
Author: Steve Kondik <shade@chemlab.org>
Date: Tue Feb 25 13:11:12 2014 +0100
Relocate and cleanup new app ops features and PGify it
Author: Shashank Mittal <mittals@codeaurora.org>
Date: Wed Dec 4 12:32:12 2013 -0800
[2/2] Framework AppOps: Add BOOT_COMPLETED operation.
Add BOOT_COMPLETED operation in AppOps.
This operation is used to allow user to control auto start of
applications and services at bootup.
Change-Id: Ie8488ec1b4683c8617ca569cfc858709f0d35ba2
Author: Sam Mortimer <sam@mortimer.me.uk>
Date: Mon Dec 8 13:51:02 2014 -0800
Frameworks: Redirect appops strings to string references
adapted to reflect new permission indices and codes
Change-Id: Iba9a45838ee8eb7f5cb6ec6d29776574c86e84b6
Author: Kun Liang <kunliang@codeaurora.org>
Date: Thu May 15 14:52:15 2014 +0800
AppOps: Add nfc enable control into AppOps
Check user permission before enabling nfc.
Change-Id: Ia84e33c299e4fdecfd66ee933d9e7d37ed29c340
Author: Kun Liang <kunliang@codeaurora.org>
Date: Thu Dec 11 12:57:33 2014 +0800
AppOps: fix deadlock issue when showing dialog
WindowManagerService need call PowerManagerService to release
wakelock. The Notifier in PowerManagerService need call AppOpsService
to notify holding wakelock ops is finished. Meanwhile, AppOpsService
may need call WindowManagerService to show dialog. This scenario
will lead to deadlock issue.
To move showing dialog action out of lock section to fix this issue.
Since only UI work is moved out of lock area, it is supposed to be
safe.
Change-Id: I3f2bf4b9c9d81914cfd3c0fc3fc76d0b4a06a1f6
CRs-fixed: 786466
Author: Diogo Ferreira <defer@cyngn.com>
Date: Mon Dec 15 12:07:42 2014 +0000
appops: Add support for SU
This patch adds support for superuser app-ops control. The end-goal
is to better prepare superuser for the multi-user experience while
also replacing the superuser app with existing components.
Change-Id: I52acf98a39f18f12a23f4f902a39ae3f7c5b4895
Author: Diogo Ferreira <defer@cyngn.com>
Date: Wed Dec 17 17:16:16 2014 +0000
su: Add an indicator when a 'su' session is active
This adds an indicator to the statusbar that is visible whenever a root
session is active, akin to the fine location icon.
Change-Id: I669fcc87e2b7a3201308170d7727ec5fb0e00e2b
Author: Diogo Ferreira <defer@cyngn.com>
Date: Wed Jan 14 08:44:03 2015 +0000
appops: Disassociate appops requests from notification broadcasts
The AppOpsService is essentially a manager for a set of counters
and permissions. Each operation request has the potential to change
the state and, as such, access to such state is synchronized.
We are whitnessing deadlocks caused by the broadcast and, in fact,
while we want to notify superuser changes eventually, it does not
have to be synchronous with the app ops request. This patch uses the
request to schedule the notification on a handler, leaving the locking
semantics of appops intact.
Change-Id: I94f6dd2c66b9492f95d3c9ffb438b3e6417007d7
Author: Lars Greiss <kufikugel@googlemail.com>
Date: Sat Apr 25 03:01:35 2015 +0300
Launch app privacy settings when tapping on PG notification (1/2)
Based on https://github.com/SlimRoms/frameworks_base/commit/97ccae06cd0ad1aa366c3a70e8e744277c409b06
JIRA: CYAN-6077
Change-Id: I8632e8c944c1d5d7ad2fb2a2276bae5fe2d4a0a0
Author: Roman Birg <roman@cyngn.com>
Date: Tue Oct 27 11:52:53 2015 -0700
AppOps: fix wifi scan op
There's no direct permission tied to it and fix the op-to-switch entry.
Change-Id: I661ef6707ba50adb371e3223a91880c4838df669
Signed-off-by: 
Roman Birg <roman@cyngn.com>
Author: Roman Birg <roman@cyngn.com>
Date: Thu Oct 29 12:59:14 2015 -0700
add missing app ops to string array
Also added op codes to prevent further mismatches.
Change-Id: I6e20cc5bcabe6a3216cec47d984768bf12cf4311
Signed-off-by: Roman Birg <roman@cyngn.com>
Author: Roman Birg <roman@cyngn.com>
Date: Mon Nov 2 09:50:47 2015 -0800
AppOps: relax some system appops for systemui
Grant wifi, bt, boot_complete, nfc, and data changes for systemui.
Also remove the bluetooth permission tied to the bluetooth_change op -
it is not always directly tied to BLUETOOTH or BLUETOOTH_ADMIN, so we
can't force one there.
Change-Id: Ib042dc34b0763b2d84a57baa71dc9fa995724d64
Signed-off-by: Roman Birg <roman@cyngn.com>
Author: Chirayu Desai <cdesai@cyanogenmod.org>
Date: Mon Dec 7 14:10:44 2015 -0800
Allow disabling the privacy guard notification - port from cm-12.1 (2/3)
Change-Id: Iab0288f50685220c8be0c11ea5075f91ec1bbe32
Author: Gabriele M <moto.falcon.git@gmail.com>
Date: Wed Jan 6 18:27:32 2016 +0100
Align checkbox and description in permission confirmation dialog
Change-Id: I9a9ab3a3f59e3d56fc774174ba37d9e191698fe5
Author: Adnan Begovic <adnan@cyngn.com>
Date: Mon May 23 16:06:10 2016 -0700
appops: Implement concept of delayedcount.
High frequency request ops will be delayed until their ignore count
ceiling is met. This is to mitigate the overloading the main activity
manager service handler and having watchdog kill our service.
Google play services likes to share its uid with numerous packages to avoid
having to grant permissions from the users perspective and thus is the worst
example of overloading this queue -- so, to not encourage bad behavior,
we move them to the back of the line. NOTE: these values are magic, and may need
tuning. Ideally we'd want a ringbuffer or token bucket here to do proper rate
limiting.
Change-Id: I5c3e88807abc80f9700dd68dcecd87dac4626de7
TICKET: CYNGNOS-2869
Author: Adnan Begovic <adnan@cyngn.com>
Date: Tue May 24 18:17:03 2016 -0700
appops: Respect screen interactivity before creating dialogs.
If the device's screen is currently off, do not queue ask
runnables who cannot be interacted with. Since these events
are gating mechanisms for closing an IPC loop, they need to
happen when the user is interacting with the device.
Likewise, on screen off, clear the queue of every op as they
become unnecessary.
Change-Id: Ie930d200839c9408e882510c6bc3ede37ea889ef
TICKET: CYNGNOS-2869
Author: Gabriele M <moto.falcon.git@gmail.com>
Date: Tue Jul 25 18:47:06 2017 +0200
AppOps: Prevent deadlock when making note of applications
If noteOperation() is called with ActivityManagerService locked,
AppOpsService won't be able to show the PermissionDialog, causing
noteOperation() to wait indefinitely. Keep a reference to the
current ActivityManagerService instance so that we can check
whether showing the PermissionDialog is safe or not.
Even though there's currently no code path that causes startOperation()
to be called with ActivityManagerService locked, add the same check
there to prevent the same from happening in future.
BUGBASH-17
Change-Id: I118aac6ddf91774a038d73047162cfdb8395e58d
Author: Gabriele M <moto.falcon.git@gmail.com>
Date: Sun Aug 6 13:08:33 2017 +0200
Change visibility of the Privacy Guard ops set
Change-Id: Iafcf058f5e2074982bf45f8c82ef8d027b9358f0
Author: Unpublished <unpublished@gmx.net>
Date: Tue Oct 24 21:09:31 2017 +0200
We don't want to feel deprecated...
use official api instead of deprecated internal method that prints an
error everytime we call it
Change-Id: Ie00efe5f514ff8db2b82eeade3a588a17af8cfb4
Author: Jane Manchun Wong <jane@wongmjane.com>
Date: Wed Mar 1 23:37:58 2017 -0500
Remove Cid from PrivacyGuard's notification icon
Change-Id: I5dfe6c2d10e9dd1a022e50e02f72151b1b8a520e
Author: Zhao Wei Liew <zhaoweiliew@gmail.com>
Date: Tue Sep 6 21:33:57 2016 +0800
core: Import some PG string improvements from CM 13.0
This commit partially squashes the following commits:
c682ba59
core: String improvements from cm-12.1
7450f849
String update, change wording from "Mobile" to "Cellular"
Change-Id: I0616eb06f48813814b4005e9b60358669f69b0c8
Author: MSe1969 <mse1969@posteo.de>
Date: Fri, 16 Nov 2018 20:14:56 +0100
ClipboardService: Restore different method calls to
AppOps to fix PG
Commit 34ffba62 'Limit instant app access
to clipboard' (AOSP Bug-ID: 34231507) has introduced the new method
'clipboardAccessAllowed', which replaces all AppOps calls. However, whilst
the previous coding made use of the methods checkOp, noteOp and
checkOpNoThrow, the new method only uses method 'checkOp'. Different from
'noteOp', the 'checkOp' call only performs a check without setting the
counter or initializing the Op.
As a consequence, ClipBoard access did not show up any longer in Lineage's
Privacy Guard, hence users couldn't control anymore the apps accordingly.
This change aims at restoring the former call behavior by extending the
'clipboardAccessAllowed' method with a parameter to specify the AppOp
calling method according to the former code, which fixes the Privacy Guard
issue.
Change-Id: I4db7b4f043eb39068cd7a6346a0eb645648cfada
Author: Danny Baumann <dannybaumann@web.de>
Date: Tue Dec 18 13:30:00 2018 +0100
AppOpsService: Fix deadlock
* When an app had access to external storage and was then set
to "always ask" or "denied", the app could cause a deadlock
on ActivityManager, resulting in a soft reboot
Change-Id: I4341a321562c6ced00215218968f019bfb5f4443
Author: Michael W <baddaemon87@gmail.com>
Date: Tue Dec 25 11:15:49 2018 +0100
AppOpsService: Fix another possible deadlock
* A possible race condition with the isInteractive() calls
can result in a deadlock resulting in a soft reboot
* Use a broadcast receiver instead and listen for screen
state changes
* Use AppOpsService.this for the synchronized part,
otherwise the lock is essentially useless.
* Move the whole content of the receiver under the lock so the
relevant assignment of mIsInteractive is also synchronized
* Idea by Danny Baumann <dannybaumann@web.de>
Change-Id: I3c5a70cf67c3d0b3b9855a598d3d29e17c1aaedc
Change-Id: I5414dd0be6a81e143f5035e58709ac4258c93616