Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 9642f85f authored by Evan Severson's avatar Evan Severson Committed by Kevin F. Haggerty
Browse files

Allow system server uid to bypass location restriction 

Blocking system server from giving itself location restriction doesn't
make much sense.

Test: Disable, reboot, observe bootloop, apply patch, build, flash,
          observe successful boot
Bug: 230861324
Bug: 231496105
Merged-In: Ic869da4847e4f39896861f3bf6e83f6f6c76ea62
Change-Id: Ic869da4847e4f39896861f3bf6e83f6f6c76ea62
(cherry picked from commit 1dddfe1f)
Merged-In: Ic869da4847e4f39896861f3bf6e83f6f6c76ea62
parent 475c5c80

core/java/android/app/AppOpsManager.java

+14 −9
Original line number Diff line number Diff line
@@ -2463,8 +2463,8 @@ public class AppOpsManager { 
     * restriction} for a certain app-op.

     */

    private static RestrictionBypass[] sOpAllowSystemRestrictionBypass = new RestrictionBypass[] {

            null, //COARSE_LOCATION

            null, //FINE_LOCATION

            new RestrictionBypass(true, false, false), //COARSE_LOCATION

            new RestrictionBypass(true, false, false), //FINE_LOCATION

            null, //GPS

            null, //VIBRATE

            null, //READ_CONTACTS
@@ -2473,7 +2473,7 @@ public class AppOpsManager { 
            null, //WRITE_CALL_LOG

            null, //READ_CALENDAR

            null, //WRITE_CALENDAR

            new RestrictionBypass(true, false), //WIFI_SCAN

            new RestrictionBypass(false, true, false), //WIFI_SCAN

            null, //POST_NOTIFICATION

            null, //NEIGHBORING_CELLS

            null, //CALL_PHONE
@@ -2487,10 +2487,10 @@ public class AppOpsManager { 
            null, //READ_ICC_SMS

            null, //WRITE_ICC_SMS

            null, //WRITE_SETTINGS

            new RestrictionBypass(true, false), //SYSTEM_ALERT_WINDOW

            new RestrictionBypass(false, true, false), //SYSTEM_ALERT_WINDOW

            null, //ACCESS_NOTIFICATIONS

            null, //CAMERA

            new RestrictionBypass(false, true), //RECORD_AUDIO

            new RestrictionBypass(false, false, true), //RECORD_AUDIO

            null, //PLAY_AUDIO

            null, //READ_CLIPBOARD

            null, //WRITE_CLIPBOARD
@@ -2508,7 +2508,7 @@ public class AppOpsManager { 
            null, //MONITOR_HIGH_POWER_LOCATION

            null, //GET_USAGE_STATS

            null, //MUTE_MICROPHONE

            new RestrictionBypass(true, false), //TOAST_WINDOW

            new RestrictionBypass(false, true, false), //TOAST_WINDOW

            null, //PROJECT_MEDIA

            null, //ACTIVATE_VPN

            null, //WALLPAPER
@@ -2540,7 +2540,7 @@ public class AppOpsManager { 
            null, // ACCEPT_HANDOVER

            null, // MANAGE_IPSEC_HANDOVERS

            null, // START_FOREGROUND

            new RestrictionBypass(true, false), // BLUETOOTH_SCAN

            new RestrictionBypass(false, true, false), // BLUETOOTH_SCAN

            null, // USE_BIOMETRIC

            null, // ACTIVITY_RECOGNITION

            null, // SMS_FINANCIAL_TRANSACTIONS
@@ -3105,6 +3105,9 @@ public class AppOpsManager { 
     * @hide

     */

    public static class RestrictionBypass {

        /** Does the app need to be system uid to bypass the restriction */

        public boolean isSystemUid;



        /** Does the app need to be privileged to bypass the restriction */

        public boolean isPrivileged;
@@ -3114,12 +3117,14 @@ public class AppOpsManager { 
         */

        public boolean isRecordAudioRestrictionExcept;



        public RestrictionBypass(boolean isPrivileged, boolean isRecordAudioRestrictionExcept) {

        public RestrictionBypass(boolean isSystemUid, boolean isPrivileged,

                boolean isRecordAudioRestrictionExcept) {

            this.isSystemUid = isSystemUid;

            this.isPrivileged = isPrivileged;

            this.isRecordAudioRestrictionExcept = isRecordAudioRestrictionExcept;

        }



        public static RestrictionBypass UNRESTRICTED = new RestrictionBypass(true, true);

        public static RestrictionBypass UNRESTRICTED = new RestrictionBypass(false, true, true);

    }



    /**

services/core/java/com/android/server/appop/AppOpsService.java

+6 −2
Original line number Diff line number Diff line
@@ -4502,8 +4502,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
     * @return The restriction matching the package

     */

    private RestrictionBypass getBypassforPackage(@NonNull AndroidPackage pkg) {

        return new RestrictionBypass(pkg.isPrivileged(), mContext.checkPermission(

                android.Manifest.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS, -1, pkg.getUid())

        return new RestrictionBypass(pkg.getUid() == Process.SYSTEM_UID, pkg.isPrivileged(),

                mContext.checkPermission(android.Manifest.permission

                        .EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS, -1, pkg.getUid())

                == PackageManager.PERMISSION_GRANTED);

    }
@@ -4785,6 +4786,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
                if (opBypass != null) {

                    // If we are the system, bypass user restrictions for certain codes

                    synchronized (this) {

                        if (opBypass.isSystemUid && appBypass != null && appBypass.isSystemUid) {

                            return false;

                        }

                        if (opBypass.isPrivileged && appBypass != null && appBypass.isPrivileged) {

                            return false;

                        }