appops: Add support for SU (35a8a2e9) · Commits · e / os / android_frameworks_base

core/java/android/app/AppOpsManager.java

+16 −1

Original line number	Diff line number	Diff line
		@@ -245,7 +245,9 @@ public class AppOpsManager {
		/** @hide */
		public static final int OP_ALARM_WAKEUP = 60;
		/** @hide */
		public static final int _NUM_OP = 61;
		public static final int OP_SU = 61;
		/** @hide */
		public static final int _NUM_OP = 62;

		/** Access to coarse location information. */
		public static final String OPSTR_COARSE_LOCATION =
		@@ -376,6 +378,8 @@ public class AppOpsManager {
		"android:data_connect_change";
		private static final String OPSTR_ALARM_WAKEUP =
		"android:alarm_wakeup";
		private static final String OPSTR_SU =
		"android:su";

		/**
		* This maps each operation to the operation that serves as the
		@@ -447,6 +451,7 @@ public class AppOpsManager {
		OP_DELETE_CALL_LOG,
		OP_DATA_CONNECT_CHANGE,
		OP_ALARM_WAKEUP,
		OP_SU
		};

		/**
		@@ -515,6 +520,7 @@ public class AppOpsManager {
		null,
		null,
		null,
		OPSTR_SU,
		};

		/**
		@@ -583,6 +589,7 @@ public class AppOpsManager {
		OPSTR_DELETE_CALL_LOG,
		OPSTR_DATA_CONNECT_CHANGE,
		OPSTR_ALARM_WAKEUP,
		OPSTR_SU,
		};

		/**
		@@ -651,6 +658,7 @@ public class AppOpsManager {
		"DELETE_CALL_LOG",
		"DATA_CONNECT_CHANGE",
		"ALARM_WAKEUP",
		"SU",
		};

		/**
		@@ -719,6 +727,7 @@ public class AppOpsManager {
		android.Manifest.permission.WRITE_CALL_LOG,
		android.Manifest.permission.MODIFY_PHONE_STATE,
		null, // OP_ALARM_WAKEUP
		null,
		};

		/**
		@@ -788,6 +797,7 @@ public class AppOpsManager {
		null, //DELETE_CALL_LOG
		null, //DATA_CONNECT_CHANGE
		null, //ALARM_WAKEUP
		UserManager.DISALLOW_SU, //SU TODO: this should really be investigated.
		};

		/**
		@@ -856,6 +866,7 @@ public class AppOpsManager {
		false, //DELETE_CALL_LOG
		false, //DATA_CONNECT_CHANGE
		true, //ALARM_WAKEUP
		false, //SU
		};

		/**
		@@ -923,6 +934,7 @@ public class AppOpsManager {
		AppOpsManager.MODE_ALLOWED,
		AppOpsManager.MODE_ALLOWED,
		AppOpsManager.MODE_ALLOWED, // OP_ALARM_WAKEUP
		AppOpsManager.MODE_ASK, // OP_SU
		};

		/**
		@@ -991,6 +1003,7 @@ public class AppOpsManager {
		AppOpsManager.MODE_ASK, // OP_DELETE_CALL_LOG
		AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
		AppOpsManager.MODE_ALLOWED, // OP_ALARM_WAKEUP
		AppOpsManager.MODE_ASK, // OP_SU
		};

		/**
		@@ -1058,6 +1071,7 @@ public class AppOpsManager {
		true, // OP_DELETE_CALL_LOG
		true, // OP_DATA_CONNECT_CHANGE
		false, // OP_ALARM_WAKEUP
		true, // OP_SU
		};

		/**
		@@ -1129,6 +1143,7 @@ public class AppOpsManager {
		false, // OP_DELETE_CALL_LOG
		false, // OP_DATA_CONNECT_CHANGE
		false, // OP_ALARM_WAKEUP
		false, // OP_SU
		};

		private static HashMap<String, Integer> sOpStrToOp = new HashMap<String, Integer>();

core/java/android/os/UserManager.java

+14 −0

Original line number	Diff line number	Diff line
		@@ -371,6 +371,18 @@ public class UserManager {
		*/
		public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam";

		/**
		* Specifies if the user is not allowed to use SU commands.
		* The default value is <code>false</code>.
		*
		* <p/>Key for user restrictions.
		* <p/>Type: Boolean
		* @see #setUserRestrictions(Bundle)
		* @see #getUserRestrictions()
		* @hide
		*/
		public static final String DISALLOW_SU = "no_su";

		/** @hide */
		public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;
		/** @hide */
		@@ -712,6 +724,7 @@ public class UserManager {
		Bundle guestRestrictions = mService.getDefaultGuestRestrictions();
		guestRestrictions.putBoolean(DISALLOW_SMS, true);
		guestRestrictions.putBoolean(DISALLOW_INSTALL_UNKNOWN_SOURCES, true);
		guestRestrictions.putBoolean(DISALLOW_SU, true);
		mService.setUserRestrictions(guestRestrictions, guest.id);
		} catch (RemoteException re) {
		Log.w(TAG, "Could not update guest restrictions");
		@@ -751,6 +764,7 @@ public class UserManager {
		private static void addDefaultUserRestrictions(Bundle restrictions) {
		restrictions.putBoolean(DISALLOW_OUTGOING_CALLS, true);
		restrictions.putBoolean(DISALLOW_SMS, true);
		restrictions.putBoolean(DISALLOW_SU, true);
		}

		/**

core/res/res/values/cm_arrays.xml

+1 −0

Original line number	Diff line number	Diff line
		@@ -103,6 +103,7 @@
		<item>@string/app_ops_delete_call_log</item>
		<item>@string/app_ops_toggle_mobile_data</item>
		<item>@string/app_ops_alarm_wakeup</item>
		<item>@string/app_ops_su</item>
		</string-array>

		<!-- Performance profiles -->

core/res/res/values/cm_strings.xml

+1 −0

Original line number	Diff line number	Diff line
		@@ -120,6 +120,7 @@
		<string name="app_ops_access_notifications">read your notifications</string>
		<string name="app_ops_activate_vpn">activate a VPN</string>
		<string name="app_ops_alarm_wakeup">wake up the device</string>
		<string name="app_ops_su">get Superuser access</string>
		<string name="app_ops_auto_start">start at power up</string>
		<string name="app_ops_delete_call_log">delete your call log</string>
		<string name="app_ops_delete_contacts">delete your contacts</string>

services/core/java/com/android/server/AppOpsService.java

+4 −0

Original line number	Diff line number	Diff line
		@@ -837,6 +837,10 @@ public class AppOpsService extends IAppOpsService.Stub {
		}

		private void verifyIncomingUid(int uid) {
		if (Binder.getCallingUid() == 0) {
		// Allow root to delegate uid operations.
		return;
		}
		if (uid == Binder.getCallingUid()) {
		return;
		}