Loading
appops: Privacy Guard for N
* Squashed commit of all PG-related features including superuser
Authors:
- Sam Mortimer
- Danesh Mondegarian
- Jorge Ruesga
- Diogo Ferreira
- Roman Birg
- Adnan Begovic
- Chirayu Desai
- Lars Greiss
- Steve Kondik
- CodeAurora
AppOps: track op persistence by name instead of id
On XML write, include the op name. On XML read, map
the name back to op id (if it exists).
Persistent AppOp state now follows the op name instead
numeric id. This allows upgrades between versions of
android that have different code<>name mappings.
AppOpsService: Add MODE_ASK support to AppOps.
Add support for new mode(MODE_ASK) in AppOpsService to show a permission
dialog box to user to confirm user permission before allowing or ignoring
that operation.
All strict operations (defined in AppOpsManager) are going to be in
MODE_ASK by default.
Operations will be moved to MODE_ALLOWED or MODE_IGNORED according to
user's choice.
AppOps: Add support for AppOps policy file
Add support to read AppOps policy file.
AppOps policy file can be used to configure Ops default policy.
[1/2] frameworks/base: Privacy Guard
PS2: * add missing call to updatePrivacyGuardNotificationLocked()
* remove ic_privacy_guard and ic_privacy_guard_off
* use stat_notify_privacy_guard drawable from Björn
* rebase
PS3: * exclude MODE_IGNORED from causing
getPrivacyGuardSettingForPackage() returning true.
multiuser restrictions on calls/sms otherwise
cause privacyguard to appear to be on when really
it isn't.
* rebase
Pulled together from:
Author: Danesh M <daneshm90@gmail.com>
Date: Thu Sep 5 19:23:15 2013 -0700
Privacy Guard : Reimplement backed by AppOps
Re-implements privacy guard to use appops.
Author: Jorge Ruesga <jorge@ruesga.com>
Date: Sat Jan 4 01:34:39 2014 +0100
privacyguard: Share privacy package name between activity stacks
AOSP 4.4 now has a stack supervisor with differents activity stacks for home and focus activities.
Every ActivityStack instance has a ref to this supervisor. Just share the privacy guard package name
throught the supervisor.
Patchset 2: Fix formatting
JIRA: CYAN-2874
Issue: https://jira.cyanogenmod.org/browse/CYAN-2874
Author: Steve Kondik <shade@chemlab.org>
Date: Sun Feb 23 19:23:31 2014 +0100
Use MODE_ASK as the default ops mode in Privacy Guard
* Prompting the user is far more useful as a default behavior. The
choice will be remembered after the first request.
Author: Steve Kondik <shade@chemlab.org>
Date: Tue Feb 25 13:11:12 2014 +0100
Relocate and cleanup new app ops features and PGify it
[2/2] Framework AppOps: Add per Op allowed and ignored counters
Port from cm-10.2 and cm-11.0
Author: Sam Mortimer <sam@mortimer.me.uk>
Date: Wed Oct 2 22:06:42 2013 -0700
[2/2] AppOps: Add per Op allowed and ignored counters
wifi: Confirm user permission before toggling wifi
Check user permissions before enabling/disabling wifi.
AppOps: Add Bluetooth enable control into AppOps
Check user permission before enabling bluetooth.
AppOps: Add BOOT_COMPLETED operation
Add BOOT_COMPLETED operation in AppOps.
This operation is used to allow user to control auto start of
applications and services at bootup.
AppOps: Add nfc enable control into AppOps.
Check user permission before enabling nfc.
appops: Add support for SU
This patch adds support for superuser app-ops control. The end-goal
is to better prepare superuser for the multi-user experience while
also replacing the superuser app with existing components.
su: Add an indicator when a 'su' session is active
This adds an indicator to the statusbar that is visible whenever a root
session is active, akin to the fine location icon.
AppOps: fix wifi scan op
There's no direct permission tied to it and fix the op-to-switch entry.
AppOps: add a default constructor
Frameworks: Redirect appops strings to string references
adapted to reflect new permission indices and codes
appops: Disassociate appops requests from notification broadcasts
The AppOpsService is essentially a manager for a set of counters
and permissions. Each operation request has the potential to change
the state and, as such, access to such state is synchronized.
We are whitnessing deadlocks caused by the broadcast and, in fact,
while we want to notify superuser changes eventually, it does not
have to be synchronous with the app ops request. This patch uses the
request to schedule the notification on a handler, leaving the locking
semantics of appops intact.
add missing app ops to string array
Also added op codes to prevent further mismatches.
Add new OP_RUN_IN_BACKGROUND to list
AppOps: fix deadlock issue when showing dialog
WindowManagerService need call PowerManagerService to release
wakelock. The Notifier in PowerManagerService need call AppOpsService
to notify holding wakelock ops is finished. Meanwhile, AppOpsService
may need call WindowManagerService to show dialog. This scenario
will lead to deadlock issue.
To move showing dialog action out of lock section to fix this issue.
Since only UI work is moved out of lock area, it is supposed to be
safe.
AppOps: relax some system appops for systemui
Grant wifi, bt, boot_complete, nfc, and data changes for systemui.
Also remove the bluetooth permission tied to the bluetooth_change op -
it is not always directly tied to BLUETOOTH or BLUETOOTH_ADMIN, so we
can't force one there.
cyanogen: Add missing RUN_IN_BACKGROUND where required
Revert "AppOps: add a default constructor"
* Not needed after http://review.cyanogenmod.org/126381
This reverts commit 19e0ce07.
appops: Implement concept of delayedcount.
High frequency request ops will be delayed until their ignore count
ceiling is met. This is to mitigate the overloading the main activity
manager service handler and having watchdog kill our service.
Google play services likes to share its uid with numerous packages to avoid
having to grant permissions from the users perspective and thus is the worst
example of overloading this queue -- so, to not encourage bad behavior,
we move them to the back of the line. NOTE: these values are magic, and may need
tuning. Ideally we'd want a ringbuffer or token bucket here to do proper rate
limiting.
appops: Respect screen interactivity before creating dialogs.
If the device's screen is currently off, do not queue ask
runnables who cannot be interacted with. Since these events
are gating mechanisms for closing an IPC loop, they need to
happen when the user is interacting with the device.
Likewise, on screen off, clear the queue of every op as they
become unnecessary.
Change-Id: Ia2bbb56509bedb4aa7272e53cb67a4d94fec450d
Allow disabling the privacy guard notification - port from cm-12.1 (2/3)
Change-Id: Iab0288f50685220c8be0c11ea5075f91ec1bbe32
Launch app privacy settings when tapping on PG notification (1/2)
Based on https://github.com/SlimRoms/frameworks_base/commit/97ccae06cd0ad1aa366c3a70e8e744277c409b06
JIRA: CYAN-6077
Change-Id: I8632e8c944c1d5d7ad2fb2a2276bae5fe2d4a0a0