Loading core/java/android/app/AppOpInfo.java +1 −1 Original line number Diff line number Diff line Loading @@ -88,7 +88,7 @@ class AppOpInfo { /** * This specifies whether each option is only allowed to be read * by apps with manage appops permission. * by apps with privileged appops permission. */ public final boolean restrictRead; Loading core/java/android/app/AppOpsManager.java +1 −1 Original line number Diff line number Diff line Loading @@ -3265,7 +3265,7 @@ public class AppOpsManager { } /** * Retrieve whether the op can be read by apps with manage appops permission. * Retrieve whether the op can be read by apps with privileged appops permission. * @hide */ public static boolean opRestrictsRead(int op) { Loading services/core/java/com/android/server/appop/AppOpsService.java +26 −5 Original line number Diff line number Diff line Loading @@ -1563,10 +1563,17 @@ public class AppOpsService extends IAppOpsService.Stub { private ArrayList<AppOpsManager.OpEntry> collectOps(Ops pkgOps, int[] ops, String persistentDeviceId) { ArrayList<AppOpsManager.OpEntry> resOps = null; boolean shouldReturnRestrictedAppOps = mContext.checkPermission( Manifest.permission.GET_APP_OPS_STATS, Binder.getCallingPid(), Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED; if (ops == null) { resOps = new ArrayList<>(); for (int j = 0; j < pkgOps.size(); j++) { Op curOp = pkgOps.valueAt(j); if (opRestrictsRead(curOp.op) && !shouldReturnRestrictedAppOps) { continue; } resOps.add(getOpEntryForResult(curOp, persistentDeviceId)); } } else { Loading @@ -1576,6 +1583,9 @@ public class AppOpsService extends IAppOpsService.Stub { if (resOps == null) { resOps = new ArrayList<>(); } if (opRestrictsRead(curOp.op) && !shouldReturnRestrictedAppOps) { continue; } resOps.add(getOpEntryForResult(curOp, persistentDeviceId)); } } Loading Loading @@ -4244,10 +4254,21 @@ public class AppOpsService extends IAppOpsService.Stub { private void verifyIncomingOp(int op) { if (op >= 0 && op < AppOpsManager._NUM_OP) { // Enforce manage appops permission if it's a restricted read op. // Enforce privileged appops permission if it's a restricted read op. if (opRestrictsRead(op)) { mContext.enforcePermission(Manifest.permission.MANAGE_APPOPS, Binder.getCallingPid(), Binder.getCallingUid(), "verifyIncomingOp"); if (!(mContext.checkPermission(Manifest.permission.MANAGE_APPOPS, Binder.getCallingPid(), Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED || mContext.checkPermission( Manifest.permission.GET_APP_OPS_STATS, Binder.getCallingPid(), Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED || mContext.checkPermission( Manifest.permission.MANAGE_APP_OPS_MODES, Binder.getCallingPid(), Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED)) { throw new SecurityException("verifyIncomingOp: uid " + Binder.getCallingUid() + " does not have any of {MANAGE_APPOPS, GET_APP_OPS_STATS, " + "MANAGE_APP_OPS_MODES}"); } } return; } Loading Loading
core/java/android/app/AppOpInfo.java +1 −1 Original line number Diff line number Diff line Loading @@ -88,7 +88,7 @@ class AppOpInfo { /** * This specifies whether each option is only allowed to be read * by apps with manage appops permission. * by apps with privileged appops permission. */ public final boolean restrictRead; Loading
core/java/android/app/AppOpsManager.java +1 −1 Original line number Diff line number Diff line Loading @@ -3265,7 +3265,7 @@ public class AppOpsManager { } /** * Retrieve whether the op can be read by apps with manage appops permission. * Retrieve whether the op can be read by apps with privileged appops permission. * @hide */ public static boolean opRestrictsRead(int op) { Loading
services/core/java/com/android/server/appop/AppOpsService.java +26 −5 Original line number Diff line number Diff line Loading @@ -1563,10 +1563,17 @@ public class AppOpsService extends IAppOpsService.Stub { private ArrayList<AppOpsManager.OpEntry> collectOps(Ops pkgOps, int[] ops, String persistentDeviceId) { ArrayList<AppOpsManager.OpEntry> resOps = null; boolean shouldReturnRestrictedAppOps = mContext.checkPermission( Manifest.permission.GET_APP_OPS_STATS, Binder.getCallingPid(), Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED; if (ops == null) { resOps = new ArrayList<>(); for (int j = 0; j < pkgOps.size(); j++) { Op curOp = pkgOps.valueAt(j); if (opRestrictsRead(curOp.op) && !shouldReturnRestrictedAppOps) { continue; } resOps.add(getOpEntryForResult(curOp, persistentDeviceId)); } } else { Loading @@ -1576,6 +1583,9 @@ public class AppOpsService extends IAppOpsService.Stub { if (resOps == null) { resOps = new ArrayList<>(); } if (opRestrictsRead(curOp.op) && !shouldReturnRestrictedAppOps) { continue; } resOps.add(getOpEntryForResult(curOp, persistentDeviceId)); } } Loading Loading @@ -4244,10 +4254,21 @@ public class AppOpsService extends IAppOpsService.Stub { private void verifyIncomingOp(int op) { if (op >= 0 && op < AppOpsManager._NUM_OP) { // Enforce manage appops permission if it's a restricted read op. // Enforce privileged appops permission if it's a restricted read op. if (opRestrictsRead(op)) { mContext.enforcePermission(Manifest.permission.MANAGE_APPOPS, Binder.getCallingPid(), Binder.getCallingUid(), "verifyIncomingOp"); if (!(mContext.checkPermission(Manifest.permission.MANAGE_APPOPS, Binder.getCallingPid(), Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED || mContext.checkPermission( Manifest.permission.GET_APP_OPS_STATS, Binder.getCallingPid(), Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED || mContext.checkPermission( Manifest.permission.MANAGE_APP_OPS_MODES, Binder.getCallingPid(), Binder.getCallingUid()) == PackageManager.PERMISSION_GRANTED)) { throw new SecurityException("verifyIncomingOp: uid " + Binder.getCallingUid() + " does not have any of {MANAGE_APPOPS, GET_APP_OPS_STATS, " + "MANAGE_APP_OPS_MODES}"); } } return; } Loading
