Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 379d64ea authored by Soonil Nagarkar's avatar Soonil Nagarkar Committed by Automerger Merge Worker
Browse files

DO NOT MERGE Add permission checks before delivery am: ca643c5c 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12198208

Change-Id: Id1723478e8616b60be28d12ccaa4705d6a87395b
parents 6248935f ca643c5c

services/core/java/com/android/server/location/AppOpsHelper.java

+30 −2
Original line number Diff line number Diff line
@@ -18,7 +18,9 @@ package com.android.server.location; 


import static android.app.AppOpsManager.OP_MONITOR_HIGH_POWER_LOCATION;

import static android.app.AppOpsManager.OP_MONITOR_LOCATION;

import static android.content.pm.PackageManager.PERMISSION_GRANTED;



import static com.android.server.location.CallerIdentity.PERMISSION_NONE;

import static com.android.server.location.LocationManagerService.D;

import static com.android.server.location.LocationManagerService.TAG;
@@ -122,8 +124,18 @@ public class AppOpsHelper { 
            Preconditions.checkState(mAppOps != null);

        }



        if (callerIdentity.permissionLevel == PERMISSION_NONE) {

            return false;

        }



        long identity = Binder.clearCallingIdentity();

        try {

            if (mContext.checkPermission(

                    CallerIdentity.asPermission(callerIdentity.permissionLevel), callerIdentity.pid,

                    callerIdentity.uid) != PERMISSION_GRANTED) {

                return false;

            }



            return mAppOps.checkOpNoThrow(

                    CallerIdentity.asAppOp(callerIdentity.permissionLevel),

                    callerIdentity.uid,
@@ -138,8 +150,24 @@ public class AppOpsHelper { 
     * called right before a location is delivered, and if it returns false, the location should not

     * be delivered.

     */

    public boolean noteLocationAccess(CallerIdentity identity) {

        return noteOpNoThrow(CallerIdentity.asAppOp(identity.permissionLevel), identity);

    public boolean noteLocationAccess(CallerIdentity callerIdentity) {

        if (callerIdentity.permissionLevel == PERMISSION_NONE) {

            return false;

        }



        long identity = Binder.clearCallingIdentity();

        try {

            if (mContext.checkPermission(

                    CallerIdentity.asPermission(callerIdentity.permissionLevel), callerIdentity.pid,

                    callerIdentity.uid) != PERMISSION_GRANTED) {

                return false;

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }



        return noteOpNoThrow(CallerIdentity.asAppOp(callerIdentity.permissionLevel),

                callerIdentity);

    }



    /**