Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1dddfe1f authored by Evan Severson's avatar Evan Severson
Browse files

Allow system server uid to bypass location restriction 

Blocking system server from giving itself location restriction doesn't
make much sense.

Test: Disable, reboot, observe bootloop, apply patch, build, flash,
          observe successful boot
Bug: 230861324
Bug: 231496105
Merged-In: Ic869da4847e4f39896861f3bf6e83f6f6c76ea62
Change-Id: Ic869da4847e4f39896861f3bf6e83f6f6c76ea62
parent 807f4cfc

core/java/android/app/AppOpsManager.java

+14 −9
Original line number Original line Diff line number Diff line
@@ -2463,8 +2463,8 @@ public class AppOpsManager { 
     * restriction} for a certain app-op.

     * restriction} for a certain app-op.

     */

     */

    private static RestrictionBypass[] sOpAllowSystemRestrictionBypass = new RestrictionBypass[] {

    private static RestrictionBypass[] sOpAllowSystemRestrictionBypass = new RestrictionBypass[] {

            null, //COARSE_LOCATION

            new RestrictionBypass(true, false, false), //COARSE_LOCATION

            null, //FINE_LOCATION

            new RestrictionBypass(true, false, false), //FINE_LOCATION

            null, //GPS

            null, //GPS

            null, //VIBRATE

            null, //VIBRATE

            null, //READ_CONTACTS

            null, //READ_CONTACTS
@@ -2473,7 +2473,7 @@ public class AppOpsManager { 
            null, //WRITE_CALL_LOG

            null, //WRITE_CALL_LOG

            null, //READ_CALENDAR

            null, //READ_CALENDAR

            null, //WRITE_CALENDAR

            null, //WRITE_CALENDAR

            new RestrictionBypass(true, false), //WIFI_SCAN

            new RestrictionBypass(false, true, false), //WIFI_SCAN

            null, //POST_NOTIFICATION

            null, //POST_NOTIFICATION

            null, //NEIGHBORING_CELLS

            null, //NEIGHBORING_CELLS

            null, //CALL_PHONE

            null, //CALL_PHONE
@@ -2487,10 +2487,10 @@ public class AppOpsManager { 
            null, //READ_ICC_SMS

            null, //READ_ICC_SMS

            null, //WRITE_ICC_SMS

            null, //WRITE_ICC_SMS

            null, //WRITE_SETTINGS

            null, //WRITE_SETTINGS

            new RestrictionBypass(true, false), //SYSTEM_ALERT_WINDOW

            new RestrictionBypass(false, true, false), //SYSTEM_ALERT_WINDOW

            null, //ACCESS_NOTIFICATIONS

            null, //ACCESS_NOTIFICATIONS

            null, //CAMERA

            null, //CAMERA

            new RestrictionBypass(false, true), //RECORD_AUDIO

            new RestrictionBypass(false, false, true), //RECORD_AUDIO

            null, //PLAY_AUDIO

            null, //PLAY_AUDIO

            null, //READ_CLIPBOARD

            null, //READ_CLIPBOARD

            null, //WRITE_CLIPBOARD

            null, //WRITE_CLIPBOARD
@@ -2508,7 +2508,7 @@ public class AppOpsManager { 
            null, //MONITOR_HIGH_POWER_LOCATION

            null, //MONITOR_HIGH_POWER_LOCATION

            null, //GET_USAGE_STATS

            null, //GET_USAGE_STATS

            null, //MUTE_MICROPHONE

            null, //MUTE_MICROPHONE

            new RestrictionBypass(true, false), //TOAST_WINDOW

            new RestrictionBypass(false, true, false), //TOAST_WINDOW

            null, //PROJECT_MEDIA

            null, //PROJECT_MEDIA

            null, //ACTIVATE_VPN

            null, //ACTIVATE_VPN

            null, //WALLPAPER

            null, //WALLPAPER
@@ -2540,7 +2540,7 @@ public class AppOpsManager { 
            null, // ACCEPT_HANDOVER

            null, // ACCEPT_HANDOVER

            null, // MANAGE_IPSEC_HANDOVERS

            null, // MANAGE_IPSEC_HANDOVERS

            null, // START_FOREGROUND

            null, // START_FOREGROUND

            new RestrictionBypass(true, false), // BLUETOOTH_SCAN

            new RestrictionBypass(false, true, false), // BLUETOOTH_SCAN

            null, // USE_BIOMETRIC

            null, // USE_BIOMETRIC

            null, // ACTIVITY_RECOGNITION

            null, // ACTIVITY_RECOGNITION

            null, // SMS_FINANCIAL_TRANSACTIONS

            null, // SMS_FINANCIAL_TRANSACTIONS
@@ -3105,6 +3105,9 @@ public class AppOpsManager { 
     * @hide

     * @hide

     */

     */

    public static class RestrictionBypass {

    public static class RestrictionBypass {

        /** Does the app need to be system uid to bypass the restriction */

        public boolean isSystemUid;



        /** Does the app need to be privileged to bypass the restriction */

        /** Does the app need to be privileged to bypass the restriction */

        public boolean isPrivileged;

        public boolean isPrivileged;
@@ -3114,12 +3117,14 @@ public class AppOpsManager { 
         */

         */

        public boolean isRecordAudioRestrictionExcept;

        public boolean isRecordAudioRestrictionExcept;





        public RestrictionBypass(boolean isPrivileged, boolean isRecordAudioRestrictionExcept) {

        public RestrictionBypass(boolean isSystemUid, boolean isPrivileged,

                boolean isRecordAudioRestrictionExcept) {

            this.isSystemUid = isSystemUid;

            this.isPrivileged = isPrivileged;

            this.isPrivileged = isPrivileged;

            this.isRecordAudioRestrictionExcept = isRecordAudioRestrictionExcept;

            this.isRecordAudioRestrictionExcept = isRecordAudioRestrictionExcept;

        }

        }





        public static RestrictionBypass UNRESTRICTED = new RestrictionBypass(true, true);

        public static RestrictionBypass UNRESTRICTED = new RestrictionBypass(false, true, true);

    }

    }





    /**

    /**

services/core/java/com/android/server/appop/AppOpsService.java

+6 −2
Original line number Original line Diff line number Diff line
@@ -4502,8 +4502,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
     * @return The restriction matching the package

     * @return The restriction matching the package

     */

     */

    private RestrictionBypass getBypassforPackage(@NonNull AndroidPackage pkg) {

    private RestrictionBypass getBypassforPackage(@NonNull AndroidPackage pkg) {

        return new RestrictionBypass(pkg.isPrivileged(), mContext.checkPermission(

        return new RestrictionBypass(pkg.getUid() == Process.SYSTEM_UID, pkg.isPrivileged(),

                android.Manifest.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS, -1, pkg.getUid())

                mContext.checkPermission(android.Manifest.permission

                        .EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS, -1, pkg.getUid())

                == PackageManager.PERMISSION_GRANTED);

                == PackageManager.PERMISSION_GRANTED);

    }

    }
@@ -4785,6 +4786,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
                if (opBypass != null) {

                if (opBypass != null) {

                    // If we are the system, bypass user restrictions for certain codes

                    // If we are the system, bypass user restrictions for certain codes

                    synchronized (this) {

                    synchronized (this) {

                        if (opBypass.isSystemUid && appBypass != null && appBypass.isSystemUid) {

                            return false;

                        }

                        if (opBypass.isPrivileged && appBypass != null && appBypass.isPrivileged) {

                        if (opBypass.isPrivileged && appBypass != null && appBypass.isPrivileged) {

                            return false;

                            return false;

                        }

                        }