Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 393d109f authored by Soonil Nagarkar's avatar Soonil Nagarkar
Browse files

Add support for excluding tags from restrictions 

Allow user restrictions to provide an excluded map of packages and tags
rather than just packages.

Bug: 187421886
Test: manual
Change-Id: I8f90ba6cdd288068664b352fdb540d0f11fe3dfc
parent 9f43567a

core/java/android/app/AppOpsManager.java

+15 −8
Original line number Diff line number Diff line
@@ -7394,20 +7394,27 @@ public class AppOpsManager { 


    /** @hide */

    public void setUserRestriction(int code, boolean restricted, IBinder token) {

        setUserRestriction(code, restricted, token, /*exceptionPackages*/null);

        setUserRestriction(code, restricted, token, (Map<String, String[]>) null);

    }



    /** @hide */

    /**

     * An empty array of attribution tags means exclude all tags under that package.

     * @hide

     */

    public void setUserRestriction(int code, boolean restricted, IBinder token,

            String[] exceptionPackages) {

        setUserRestrictionForUser(code, restricted, token, exceptionPackages, mContext.getUserId());

            @Nullable Map<String, String[]> excludedPackageTags) {

        setUserRestrictionForUser(code, restricted, token, excludedPackageTags,

                mContext.getUserId());

    }



    /** @hide */

    /**

     * An empty array of attribution tags means exclude all tags under that package.

     * @hide

     */

    public void setUserRestrictionForUser(int code, boolean restricted, IBinder token,

            String[] exceptionPackages, int userId) {

            @Nullable Map<String, String[]> excludedPackageTags, int userId) {

        try {

            mService.setUserRestriction(code, restricted, token, userId, exceptionPackages);

            mService.setUserRestriction(code, restricted, token, userId, excludedPackageTags);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }
@@ -7949,7 +7956,7 @@ public class AppOpsManager { 
     */

    public int unsafeCheckOpRawNoThrow(int op, int uid, @NonNull String packageName) {

        try {

            return mService.checkOperationRaw(op, uid, packageName);

            return mService.checkOperationRaw(op, uid, packageName, null);

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

core/java/android/app/AppOpsManagerInternal.java

+6 −3
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ import com.android.internal.util.function.HexFunction; 
import com.android.internal.util.function.NonaFunction;

import com.android.internal.util.function.OctFunction;

import com.android.internal.util.function.QuadFunction;

import com.android.internal.util.function.QuintFunction;

import com.android.internal.util.function.TriFunction;



/**
@@ -45,12 +46,14 @@ public abstract class AppOpsManagerInternal { 
         * @param code The op code to check.

         * @param uid The UID for which to check.

         * @param packageName The package for which to check.

         * @param superImpl The super implementation.

         * @param attributionTag The attribution tag for which to check.

         * @param raw Whether to check the raw op i.e. not interpret the mode based on UID state.

         * @param superImpl The super implementation.

         * @return The app op check result.

         */

        int checkOperation(int code, int uid, String packageName, boolean raw,

                QuadFunction<Integer, Integer, String, Boolean, Integer> superImpl);

        int checkOperation(int code, int uid, String packageName, @Nullable String attributionTag,

                boolean raw,

                QuintFunction<Integer, Integer, String, String, Boolean, Integer> superImpl);



        /**

         * Allows overriding check audio operation behavior.

core/java/com/android/internal/app/IAppOpsService.aidl

+2 −2
Original line number Diff line number Diff line
@@ -92,7 +92,7 @@ interface IAppOpsService { 
    void setAudioRestriction(int code, int usage, int uid, int mode, in String[] exceptionPackages);



    void setUserRestrictions(in Bundle restrictions, IBinder token, int userHandle);

    void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, in String[] exceptionPackages);

    void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, in Map<String, String[]> excludedPackageTags);

    void removeUser(int userHandle);



    void startWatchingActive(in int[] ops, IAppOpsActiveCallback callback);
@@ -113,7 +113,7 @@ interface IAppOpsService { 
    void stopWatchingAsyncNoted(String packageName, IAppOpsAsyncNotedCallback callback);

    List<AsyncNotedAppOp> extractAsyncOps(String packageName);



    int checkOperationRaw(int code, int uid, String packageName);

    int checkOperationRaw(int code, int uid, String packageName, @nullable String attributionTag);



    void reloadNonHistoricalState();

services/core/java/com/android/server/SensorPrivacyService.java

+3 −3
Original line number Diff line number Diff line
@@ -1320,12 +1320,12 @@ public final class SensorPrivacyService extends SystemService { 
    private void setUserRestriction(int userId, int sensor, boolean enabled) {

        if (sensor == CAMERA) {

            mAppOpsManager.setUserRestrictionForUser(OP_CAMERA, enabled,

                    mAppOpsRestrictionToken, new String[]{}, userId);

                    mAppOpsRestrictionToken, null, userId);

        } else if (sensor == MICROPHONE) {

            mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO, enabled,

                    mAppOpsRestrictionToken, new String[]{}, userId);

                    mAppOpsRestrictionToken, null, userId);

            mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO_HOTWORD, enabled,

                    mAppOpsRestrictionToken, new String[]{}, userId);

                    mAppOpsRestrictionToken, null, userId);

        }

    }

services/core/java/com/android/server/am/ActivityManagerService.java

+6 −4
Original line number Diff line number Diff line
@@ -351,6 +351,7 @@ import com.android.internal.util.function.HexFunction; 
import com.android.internal.util.function.NonaFunction;

import com.android.internal.util.function.OctFunction;

import com.android.internal.util.function.QuadFunction;

import com.android.internal.util.function.QuintFunction;

import com.android.internal.util.function.TriFunction;

import com.android.server.AlarmManagerInternal;

import com.android.server.DeviceIdleInternal;
@@ -16741,19 +16742,20 @@ public class ActivityManagerService extends IActivityManager.Stub 
        }















        @Override













        public int checkOperation(int code, int uid, String packageName, boolean raw,













                QuadFunction<Integer, Integer, String, Boolean, Integer> superImpl) {













        public int checkOperation(int code, int uid, String packageName,













                String attributionTag, boolean raw,













                QuintFunction<Integer, Integer, String, String, Boolean, Integer> superImpl) {















            if (uid == mTargetUid && isTargetOp(code)) {















                final int shellUid = UserHandle.getUid(UserHandle.getUserId(uid),















                        Process.SHELL_UID);















                final long identity = Binder.clearCallingIdentity();















                try {













                    return superImpl.apply(code, shellUid, "com.android.shell", raw);













                    return superImpl.apply(code, shellUid, "com.android.shell", null, raw);















                } finally {















                    Binder.restoreCallingIdentity(identity);















                }















            }













            return superImpl.apply(code, uid, packageName, raw);













            return superImpl.apply(code, uid, packageName, attributionTag, raw);















        }





























        @Override