Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6aaa106d authored by Joanne Chung's avatar Joanne Chung
Browse files

Allow voice recognition service to blame other apps access. 

This is a workaround solution for Android R QPR2. We are not allowed
to change the API for QPR release. This is a special case that allows
the current voice recognizer to note proxy ops if it is also the
voice interactor. In S, we will define a new permission that designed
one as a trusted blamer and tie it to a role.

Bug: 17095434
Test: manual
Test: TreeHugger presubmit

Merged-In: I506bbeb95e622b99693dbf5a135c7961b7fd81c1
Change-Id: I0852d1bb438d25b3e93224a71de1bf3b6df72c1c
parent 265a962d

core/java/android/app/AppOpsManager.java

+37 −2
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ import android.compat.Compatibility; 
import android.compat.annotation.ChangeId;

import android.compat.annotation.EnabledAfter;

import android.compat.annotation.UnsupportedAppUsage;

import android.content.ComponentName;

import android.content.ContentResolver;

import android.content.Context;

import android.content.pm.PackageManager;
@@ -52,6 +53,7 @@ import android.os.RemoteException; 
import android.os.ServiceManager;

import android.os.SystemClock;

import android.os.UserManager;

import android.provider.Settings;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.LongSparseArray;
@@ -7619,8 +7621,9 @@ public class AppOpsManager { 
                    collectNotedOpForSelf(op, proxiedAttributionTag);

                } else if (collectionMode == COLLECT_SYNC

                        // Only collect app-ops when the proxy is trusted

                        && mContext.checkPermission(Manifest.permission.UPDATE_APP_OPS_STATS, -1,

                        myUid) == PackageManager.PERMISSION_GRANTED) {

                        && (mContext.checkPermission(Manifest.permission.UPDATE_APP_OPS_STATS, -1,

                        myUid) == PackageManager.PERMISSION_GRANTED

                        || isTrustedVoiceServiceProxy(mContext, mContext.getOpPackageName(), op))) {

                    collectNotedOpSync(op, proxiedAttributionTag);

                }

            }
@@ -7631,6 +7634,38 @@ public class AppOpsManager { 
        }

    }



    /**

     * Checks if the voice recognition service is a trust proxy.

     *

     * @return {@code true} if the package is a trust voice recognition service proxy

     * @hide

     */

    public static boolean isTrustedVoiceServiceProxy(Context context, String packageName,

            int code) {

        // This is a workaround for R QPR, new API change is not allowed. We only allow the current

        // voice recognizer is also the voice interactor to noteproxy op.

        if (code != OP_RECORD_AUDIO) {

            return false;

        }

        final String voiceRecognitionComponent = Settings.Secure.getString(

                context.getContentResolver(), Settings.Secure.VOICE_RECOGNITION_SERVICE);

        final String voiceInteractionComponent = Settings.Secure.getString(

                context.getContentResolver(), Settings.Secure.VOICE_INTERACTION_SERVICE);



        final String voiceRecognitionServicePackageName =

                getComponentPackagenameFromString(voiceRecognitionComponent);

        final String voiceInteractionServicePackageName =

                getComponentPackagenameFromString(voiceInteractionComponent);



        return Objects.equals(packageName, voiceRecognitionServicePackageName) && Objects.equals(

                voiceRecognitionServicePackageName, voiceInteractionServicePackageName);

    }



    private static String getComponentPackagenameFromString(String from) {

        ComponentName componentName = from != null ? ComponentName.unflattenFromString(from) : null;

        return componentName != null ? componentName.getPackageName() : "";

    }



    /**

     * Do a quick check for whether an application might be able to perform an operation.

     * This is <em>not</em> a security check; you must use {@link #noteOp(String, int, String,

services/core/java/com/android/server/appop/AppOpsService.java

+5 −1
Original line number Diff line number Diff line
@@ -2989,9 +2989,13 @@ public class AppOpsService extends IAppOpsService.Stub { 
            return AppOpsManager.MODE_IGNORED;

        }



        // This is a workaround for R QPR, new API change is not allowed. We only allow the current

        // voice recognizer is also the voice interactor to noteproxy op.

        final boolean isTrustVoiceServiceProxy =

                AppOpsManager.isTrustedVoiceServiceProxy(mContext, proxyPackageName, code);

        final boolean isProxyTrusted = mContext.checkPermission(

                Manifest.permission.UPDATE_APP_OPS_STATS, -1, proxyUid)

                == PackageManager.PERMISSION_GRANTED;

                == PackageManager.PERMISSION_GRANTED || isTrustVoiceServiceProxy;



        final int proxyFlags = isProxyTrusted ? AppOpsManager.OP_FLAG_TRUSTED_PROXY

                : AppOpsManager.OP_FLAG_UNTRUSTED_PROXY;