Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ab14ea87 authored by Diogo Ferreira's avatar Diogo Ferreira Committed by Roman Birg
Browse files

appops: Add support for SU 

This patch adds support for superuser app-ops control. The end-goal
is to better prepare superuser for the multi-user experience while
also replacing the superuser app with existing components.

Change-Id: I52acf98a39f18f12a23f4f902a39ae3f7c5b4895
parent ad1a04a7

core/java/android/app/AppOpsManager.java

+15 −1
Original line number Diff line number Diff line
@@ -261,7 +261,9 @@ public class AppOpsManager { 
    /** @hide */

    public static final int OP_DATA_CONNECT_CHANGE = 67;

    /** @hide */

    public static final int _NUM_OP = 68;

    public static final int OP_SU = 68;

    /** @hide */

    public static final int _NUM_OP = 69;



    /** Access to coarse location information. */

    public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
@@ -370,6 +372,8 @@ public class AppOpsManager { 
            "android:nfc_change";

    private static final String OPSTR_DATA_CONNECT_CHANGE =

            "android:data_connect_change";

    private static final String OPSTR_SU =

            "android:su";



    /**

     * This maps each operation to the operation that serves as the
@@ -448,6 +452,7 @@ public class AppOpsManager { 
            OP_BOOT_COMPLETED,

            OP_NFC_CHANGE,

            OP_DATA_CONNECT_CHANGE,

            OP_SU

    };



    /**
@@ -523,6 +528,7 @@ public class AppOpsManager { 
            OPSTR_BOOT_COMPLETED,

            OPSTR_NFC_CHANGE,

            OPSTR_DATA_CONNECT_CHANGE,

            OPSTR_SU,

    };



    /**
@@ -598,6 +604,7 @@ public class AppOpsManager { 
            "BOOT_COMPLETED",

            "NFC_CHANGE",

            "DATA_CONNECT_CHANGE",

            "SU",

    };



    /**
@@ -673,6 +680,7 @@ public class AppOpsManager { 
            Manifest.permission.RECEIVE_BOOT_COMPLETED,

            Manifest.permission.NFC,

            Manifest.permission.MODIFY_PHONE_STATE,

            null,

    };



    /**
@@ -749,6 +757,7 @@ public class AppOpsManager { 
            null, //BOOT_COMPLETED

            null, //NFC_CHANGE

            null, //DATA_CONNECT_CHANGE

            UserManager.DISALLOW_SU, //SU TODO: this should really be investigated.

    };



    /**
@@ -824,6 +833,7 @@ public class AppOpsManager { 
            false, // BOOT_COMPLETED

            false, // NFC_CHANGE

            false, //DATA_CONNECT_CHANGE

            false, //SU

    };



    /**
@@ -898,6 +908,7 @@ public class AppOpsManager { 
            AppOpsManager.MODE_ALLOWED, // OP_BOOT_COMPLETED

            AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE

            AppOpsManager.MODE_ALLOWED,

            AppOpsManager.MODE_ASK, // OP_SU

    };



    /**
@@ -973,6 +984,7 @@ public class AppOpsManager { 
            AppOpsManager.MODE_ALLOWED, // OP_BOOT_COMPLETED

            AppOpsManager.MODE_ASK,     // OP_NFC_CHANGE

            AppOpsManager.MODE_ASK,     // OP_DATA_CONNECT_CHANGE

            AppOpsManager.MODE_ASK,     // OP_SU

    };



    /**
@@ -1047,6 +1059,7 @@ public class AppOpsManager { 
        false,    // OP_BOOT_COMPLETED

        true,     // OP_NFC_CHANGE

        true,     // OP_DATA_CONNECT_CHANGE

        true,     // OP_SU

    };



    /**
@@ -1125,6 +1138,7 @@ public class AppOpsManager { 
            false,     // OP_BOOT_COMPLETED

            false,     // OP_NFC_CHANGE

            false,     // OP_DATA_CONNECT_CHANGE

            false,     // OP_SU

    };



    /**

core/java/android/os/UserManager.java

+14 −0
Original line number Diff line number Diff line
@@ -489,6 +489,18 @@ public class UserManager { 
     */

    public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending";



    /**

     * Specifies if the user is not allowed to use SU commands.

     * The default value is <code>false</code>.

     *

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * @see #setUserRestrictions(Bundle)

     * @see #getUserRestrictions()

     * @hide

     */

    public static final String DISALLOW_SU = "no_su";



    /** @hide */

    public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3;

    /** @hide */
@@ -853,6 +865,7 @@ public class UserManager { 
                Bundle guestRestrictions = mService.getDefaultGuestRestrictions();

                guestRestrictions.putBoolean(DISALLOW_SMS, true);

                guestRestrictions.putBoolean(DISALLOW_INSTALL_UNKNOWN_SOURCES, true);

                guestRestrictions.putBoolean(DISALLOW_SU, true);

                mService.setUserRestrictions(guestRestrictions, guest.id);

            } catch (RemoteException re) {

                Log.w(TAG, "Could not update guest restrictions");
@@ -892,6 +905,7 @@ public class UserManager { 
    private static void addDefaultUserRestrictions(Bundle restrictions) {

        restrictions.putBoolean(DISALLOW_OUTGOING_CALLS, true);

        restrictions.putBoolean(DISALLOW_SMS, true);

        restrictions.putBoolean(DISALLOW_SU, true);

    }



    /**

core/res/res/values/qcom_strings.xml

+1 −0
Original line number Diff line number Diff line
@@ -89,5 +89,6 @@ 
        <item>Trying to start at bootup</item>

        <item>Trying to turn on/off NFC</item>

        <item>Trying to turn on mobile data</item>

        <item>Trying to get Superuser access</item>

    </string-array>

</resources>

services/core/java/com/android/server/AppOpsService.java

+4 −0
Original line number Diff line number Diff line
@@ -1165,6 +1165,10 @@ public class AppOpsService extends IAppOpsService.Stub { 
    }



    private void verifyIncomingUid(int uid) {

        if (Binder.getCallingUid() == 0) {

            // Allow root to delegate uid operations.

            return;

        }

        if (uid == Binder.getCallingUid()) {

            return;

        }