Loading core/java/android/app/AppOpsManager.java +1 −11 Original line number Diff line number Diff line Loading @@ -7413,18 +7413,8 @@ public class AppOpsManager { */ public void setUserRestrictionForUser(int code, boolean restricted, IBinder token, @Nullable Map<String, String[]> excludedPackageTags, int userId) { setUserRestrictionForUser(code, restricted, token, excludedPackageTags, userId, false); } /** * An empty array of attribution tags means exclude all tags under that package. * @hide */ public void setUserRestrictionForUser(int code, boolean restricted, IBinder token, @Nullable Map<String, String[]> excludedPackageTags, int userId, boolean rejectBypass) { try { mService.setUserRestriction(code, restricted, token, userId, excludedPackageTags, rejectBypass); mService.setUserRestriction(code, restricted, token, userId, excludedPackageTags); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading core/java/com/android/internal/app/IAppOpsService.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ interface IAppOpsService { void setAudioRestriction(int code, int usage, int uid, int mode, in String[] exceptionPackages); void setUserRestrictions(in Bundle restrictions, IBinder token, int userHandle); void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, in Map<String, String[]> excludedPackageTags, boolean rejectBypass); void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, in Map<String, String[]> excludedPackageTags); void removeUser(int userHandle); void startWatchingActive(in int[] ops, IAppOpsActiveCallback callback); Loading services/core/java/com/android/server/SensorPrivacyService.java +9 −66 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import static android.app.AppOpsManager.OP_CAMERA; import static android.app.AppOpsManager.OP_PHONE_CALL_CAMERA; import static android.app.AppOpsManager.OP_PHONE_CALL_MICROPHONE; import static android.app.AppOpsManager.OP_RECORD_AUDIO; import static android.app.AppOpsManager.OP_RECORD_AUDIO_HOTWORD; import static android.content.Intent.EXTRA_PACKAGE_NAME; import static android.content.Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS; import static android.content.pm.PackageManager.PERMISSION_GRANTED; Loading Loading @@ -54,7 +55,6 @@ import android.content.Context; import android.content.Intent; import android.content.IntentFilter; import android.content.pm.PackageManager; import android.content.pm.UserInfo; import android.graphics.drawable.Icon; import android.hardware.ISensorPrivacyListener; import android.hardware.ISensorPrivacyManager; Loading Loading @@ -167,8 +167,6 @@ public final class SensorPrivacyService extends SystemService { private EmergencyCallHelper mEmergencyCallHelper; private KeyguardManager mKeyguardManager; private int mCurrentUser = -1; public SensorPrivacyService(Context context) { super(context); mContext = context; Loading @@ -179,19 +177,6 @@ public final class SensorPrivacyService extends SystemService { mTelephonyManager = context.getSystemService(TelephonyManager.class); mSensorPrivacyServiceImpl = new SensorPrivacyServiceImpl(); mUserManagerInternal.addUserLifecycleListener( new UserManagerInternal.UserLifecycleListener() { @Override public void onUserCreated(UserInfo user, Object token) { setCurrentUserRestriction(); } @Override public void onUserRemoved(UserInfo user) { removeUserRestrictions(user.id); } }); } @Override Loading @@ -210,20 +195,6 @@ public final class SensorPrivacyService extends SystemService { } } @Override public void onUserStarting(TargetUser user) { if (mCurrentUser == -1) { mCurrentUser = user.getUserIdentifier(); setCurrentUserRestriction(); } } @Override public void onUserSwitching(TargetUser from, TargetUser to) { mCurrentUser = to.getUserIdentifier(); setCurrentUserRestriction(); } class SensorPrivacyServiceImpl extends ISensorPrivacyManager.Stub implements AppOpsManager.OnOpNotedListener, AppOpsManager.OnOpStartedListener, IBinder.DeathRecipient, UserManagerInternal.UserRestrictionsListener { Loading Loading @@ -1386,45 +1357,17 @@ public final class SensorPrivacyService extends SystemService { } private void setUserRestriction(int userId, int sensor, boolean enabled) { if (userId == mCurrentUser) { setCurrentUserRestriction(sensor, enabled); if (sensor == CAMERA) { mAppOpsManager.setUserRestrictionForUser(OP_CAMERA, enabled, mAppOpsRestrictionToken, null, userId); } else if (sensor == MICROPHONE) { mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO, enabled, mAppOpsRestrictionToken, null, userId); mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO_HOTWORD, enabled, mAppOpsRestrictionToken, null, userId); } } private void setCurrentUserRestriction() { boolean micState = mSensorPrivacyServiceImpl .isIndividualSensorPrivacyEnabled(mCurrentUser, MICROPHONE); boolean camState = mSensorPrivacyServiceImpl .isIndividualSensorPrivacyEnabled(mCurrentUser, CAMERA); setCurrentUserRestriction(MICROPHONE, micState); setCurrentUserRestriction(CAMERA, camState); } private void setCurrentUserRestriction(int sensor, boolean enabled) { int[] userIds = mUserManagerInternal.getUserIds(); int code; if (sensor == MICROPHONE) { code = OP_RECORD_AUDIO; } else if (sensor == CAMERA) { code = OP_CAMERA; } else { Log.w(TAG, "Invalid sensor id: " + sensor, new RuntimeException()); return; } for (int i = 0; i < userIds.length; i++) { mAppOpsManager.setUserRestrictionForUser(code, enabled, mAppOpsRestrictionToken, null, userIds[i], true); } } private void removeUserRestrictions(int userId) { mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO, false, mAppOpsRestrictionToken, null, userId, true); mAppOpsManager.setUserRestrictionForUser(OP_CAMERA, false, mAppOpsRestrictionToken, null, userId, true); } private final class DeathRecipient implements IBinder.DeathRecipient { private ISensorPrivacyListener mListener; Loading services/core/java/com/android/server/appop/AppOpsService.java +6 −46 Original line number Diff line number Diff line Loading @@ -4568,9 +4568,6 @@ public class AppOpsService extends IAppOpsService.Stub { // package is exempt from the restriction. ClientRestrictionState restrictionState = mOpUserRestrictions.valueAt(i); if (restrictionState.hasRestriction(code, packageName, attributionTag, userHandle)) { if (restrictionState.rejectBypass(code, userHandle)) { return true; } RestrictionBypass opBypass = opAllowSystemBypassRestriction(code); if (opBypass != null) { // If we are the system, bypass user restrictions for certain codes Loading Loading @@ -6152,8 +6149,6 @@ public class AppOpsService extends IAppOpsService.Stub { for (int j = 0; j < restrictionCount; j++) { int userId = restrictionState.perUserRestrictions.keyAt(j); boolean[] restrictedOps = restrictionState.perUserRestrictions.valueAt(j); boolean[] rejectBypassOps = restrictionState.perUserRejectBypasses.valueAt(j); if (restrictedOps == null) { continue; } Loading @@ -6178,9 +6173,6 @@ public class AppOpsService extends IAppOpsService.Stub { restrictedOpsValue.append(", "); } restrictedOpsValue.append(AppOpsManager.opToName(k)); if (rejectBypassOps != null && rejectBypassOps[k]) { restrictedOpsValue.append(" rejectBypass=true"); } } } restrictedOpsValue.append("]"); Loading Loading @@ -6261,14 +6253,14 @@ public class AppOpsService extends IAppOpsService.Stub { String restriction = AppOpsManager.opToRestriction(i); if (restriction != null) { setUserRestrictionNoCheck(i, restrictions.getBoolean(restriction, false), token, userHandle, null, false); userHandle, null); } } } @Override public void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, Map<String, String[]> excludedPackageTags, boolean rejectBypass) { Map<String, String[]> excludedPackageTags) { if (Binder.getCallingPid() != Process.myPid()) { mContext.enforcePermission(Manifest.permission.MANAGE_APP_OPS_RESTRICTIONS, Binder.getCallingPid(), Binder.getCallingUid(), null); Loading @@ -6284,12 +6276,11 @@ public class AppOpsService extends IAppOpsService.Stub { } verifyIncomingOp(code); Objects.requireNonNull(token); setUserRestrictionNoCheck(code, restricted, token, userHandle, excludedPackageTags, rejectBypass); setUserRestrictionNoCheck(code, restricted, token, userHandle, excludedPackageTags); } private void setUserRestrictionNoCheck(int code, boolean restricted, IBinder token, int userHandle, Map<String, String[]> excludedPackageTags, boolean rejectBypass) { int userHandle, Map<String, String[]> excludedPackageTags) { synchronized (AppOpsService.this) { ClientRestrictionState restrictionState = mOpUserRestrictions.get(token); Loading @@ -6303,7 +6294,7 @@ public class AppOpsService extends IAppOpsService.Stub { } if (restrictionState.setRestriction(code, restricted, excludedPackageTags, userHandle, rejectBypass)) { userHandle)) { mHandler.sendMessage(PooledLambda.obtainMessage( AppOpsService::notifyWatchersOfChange, this, code, UID_ANY)); mHandler.sendMessage(PooledLambda.obtainMessage( Loading Loading @@ -6834,10 +6825,8 @@ public class AppOpsService extends IAppOpsService.Stub { private final class ClientRestrictionState implements DeathRecipient { private final IBinder token; SparseArray<boolean[]> perUserRestrictions; SparseArray<boolean[]> perUserRejectBypasses; SparseArray<Map<String, String[]>> perUserExcludedPackageTags; public ClientRestrictionState(IBinder token) throws RemoteException { token.linkToDeath(this, 0); Loading @@ -6845,17 +6834,13 @@ public class AppOpsService extends IAppOpsService.Stub { } public boolean setRestriction(int code, boolean restricted, Map<String, String[]> excludedPackageTags, int userId, boolean rejectBypass) { Map<String, String[]> excludedPackageTags, int userId) { boolean changed = false; if (perUserRestrictions == null && restricted) { perUserRestrictions = new SparseArray<>(); } if (perUserRejectBypasses == null && rejectBypass) { perUserRejectBypasses = new SparseArray<>(); } int[] users; if (userId == UserHandle.USER_ALL) { // TODO(b/162888972): this call is returning all users, not just live ones - we Loading Loading @@ -6915,20 +6900,6 @@ public class AppOpsService extends IAppOpsService.Stub { } changed = true; } boolean[] userRejectBypasses = perUserRejectBypasses.get(thisUserId); if (userRejectBypasses == null && rejectBypass) { userRejectBypasses = new boolean[AppOpsManager._NUM_OP]; perUserRejectBypasses.put(thisUserId, userRejectBypasses); } if (userRejectBypasses != null && userRejectBypasses[code] != rejectBypass) { userRejectBypasses[code] = rejectBypass; if (!rejectBypass && isDefault(userRejectBypasses)) { perUserRejectBypasses.remove(thisUserId); } changed = true; } } } } Loading Loading @@ -6966,17 +6937,6 @@ public class AppOpsService extends IAppOpsService.Stub { return !ArrayUtils.contains(excludedTags, attributionTag); } public boolean rejectBypass(int restriction, int userId) { if (perUserRejectBypasses == null) { return false; } boolean[] rejectBypasses = perUserRejectBypasses.get(userId); if (rejectBypasses == null) { return false; } return rejectBypasses[restriction]; } public void removeUser(int userId) { if (perUserExcludedPackageTags != null) { perUserExcludedPackageTags.remove(userId); Loading Loading
core/java/android/app/AppOpsManager.java +1 −11 Original line number Diff line number Diff line Loading @@ -7413,18 +7413,8 @@ public class AppOpsManager { */ public void setUserRestrictionForUser(int code, boolean restricted, IBinder token, @Nullable Map<String, String[]> excludedPackageTags, int userId) { setUserRestrictionForUser(code, restricted, token, excludedPackageTags, userId, false); } /** * An empty array of attribution tags means exclude all tags under that package. * @hide */ public void setUserRestrictionForUser(int code, boolean restricted, IBinder token, @Nullable Map<String, String[]> excludedPackageTags, int userId, boolean rejectBypass) { try { mService.setUserRestriction(code, restricted, token, userId, excludedPackageTags, rejectBypass); mService.setUserRestriction(code, restricted, token, userId, excludedPackageTags); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading
core/java/com/android/internal/app/IAppOpsService.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -92,7 +92,7 @@ interface IAppOpsService { void setAudioRestriction(int code, int usage, int uid, int mode, in String[] exceptionPackages); void setUserRestrictions(in Bundle restrictions, IBinder token, int userHandle); void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, in Map<String, String[]> excludedPackageTags, boolean rejectBypass); void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, in Map<String, String[]> excludedPackageTags); void removeUser(int userHandle); void startWatchingActive(in int[] ops, IAppOpsActiveCallback callback); Loading
services/core/java/com/android/server/SensorPrivacyService.java +9 −66 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ import static android.app.AppOpsManager.OP_CAMERA; import static android.app.AppOpsManager.OP_PHONE_CALL_CAMERA; import static android.app.AppOpsManager.OP_PHONE_CALL_MICROPHONE; import static android.app.AppOpsManager.OP_RECORD_AUDIO; import static android.app.AppOpsManager.OP_RECORD_AUDIO_HOTWORD; import static android.content.Intent.EXTRA_PACKAGE_NAME; import static android.content.Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS; import static android.content.pm.PackageManager.PERMISSION_GRANTED; Loading Loading @@ -54,7 +55,6 @@ import android.content.Context; import android.content.Intent; import android.content.IntentFilter; import android.content.pm.PackageManager; import android.content.pm.UserInfo; import android.graphics.drawable.Icon; import android.hardware.ISensorPrivacyListener; import android.hardware.ISensorPrivacyManager; Loading Loading @@ -167,8 +167,6 @@ public final class SensorPrivacyService extends SystemService { private EmergencyCallHelper mEmergencyCallHelper; private KeyguardManager mKeyguardManager; private int mCurrentUser = -1; public SensorPrivacyService(Context context) { super(context); mContext = context; Loading @@ -179,19 +177,6 @@ public final class SensorPrivacyService extends SystemService { mTelephonyManager = context.getSystemService(TelephonyManager.class); mSensorPrivacyServiceImpl = new SensorPrivacyServiceImpl(); mUserManagerInternal.addUserLifecycleListener( new UserManagerInternal.UserLifecycleListener() { @Override public void onUserCreated(UserInfo user, Object token) { setCurrentUserRestriction(); } @Override public void onUserRemoved(UserInfo user) { removeUserRestrictions(user.id); } }); } @Override Loading @@ -210,20 +195,6 @@ public final class SensorPrivacyService extends SystemService { } } @Override public void onUserStarting(TargetUser user) { if (mCurrentUser == -1) { mCurrentUser = user.getUserIdentifier(); setCurrentUserRestriction(); } } @Override public void onUserSwitching(TargetUser from, TargetUser to) { mCurrentUser = to.getUserIdentifier(); setCurrentUserRestriction(); } class SensorPrivacyServiceImpl extends ISensorPrivacyManager.Stub implements AppOpsManager.OnOpNotedListener, AppOpsManager.OnOpStartedListener, IBinder.DeathRecipient, UserManagerInternal.UserRestrictionsListener { Loading Loading @@ -1386,45 +1357,17 @@ public final class SensorPrivacyService extends SystemService { } private void setUserRestriction(int userId, int sensor, boolean enabled) { if (userId == mCurrentUser) { setCurrentUserRestriction(sensor, enabled); if (sensor == CAMERA) { mAppOpsManager.setUserRestrictionForUser(OP_CAMERA, enabled, mAppOpsRestrictionToken, null, userId); } else if (sensor == MICROPHONE) { mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO, enabled, mAppOpsRestrictionToken, null, userId); mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO_HOTWORD, enabled, mAppOpsRestrictionToken, null, userId); } } private void setCurrentUserRestriction() { boolean micState = mSensorPrivacyServiceImpl .isIndividualSensorPrivacyEnabled(mCurrentUser, MICROPHONE); boolean camState = mSensorPrivacyServiceImpl .isIndividualSensorPrivacyEnabled(mCurrentUser, CAMERA); setCurrentUserRestriction(MICROPHONE, micState); setCurrentUserRestriction(CAMERA, camState); } private void setCurrentUserRestriction(int sensor, boolean enabled) { int[] userIds = mUserManagerInternal.getUserIds(); int code; if (sensor == MICROPHONE) { code = OP_RECORD_AUDIO; } else if (sensor == CAMERA) { code = OP_CAMERA; } else { Log.w(TAG, "Invalid sensor id: " + sensor, new RuntimeException()); return; } for (int i = 0; i < userIds.length; i++) { mAppOpsManager.setUserRestrictionForUser(code, enabled, mAppOpsRestrictionToken, null, userIds[i], true); } } private void removeUserRestrictions(int userId) { mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO, false, mAppOpsRestrictionToken, null, userId, true); mAppOpsManager.setUserRestrictionForUser(OP_CAMERA, false, mAppOpsRestrictionToken, null, userId, true); } private final class DeathRecipient implements IBinder.DeathRecipient { private ISensorPrivacyListener mListener; Loading
services/core/java/com/android/server/appop/AppOpsService.java +6 −46 Original line number Diff line number Diff line Loading @@ -4568,9 +4568,6 @@ public class AppOpsService extends IAppOpsService.Stub { // package is exempt from the restriction. ClientRestrictionState restrictionState = mOpUserRestrictions.valueAt(i); if (restrictionState.hasRestriction(code, packageName, attributionTag, userHandle)) { if (restrictionState.rejectBypass(code, userHandle)) { return true; } RestrictionBypass opBypass = opAllowSystemBypassRestriction(code); if (opBypass != null) { // If we are the system, bypass user restrictions for certain codes Loading Loading @@ -6152,8 +6149,6 @@ public class AppOpsService extends IAppOpsService.Stub { for (int j = 0; j < restrictionCount; j++) { int userId = restrictionState.perUserRestrictions.keyAt(j); boolean[] restrictedOps = restrictionState.perUserRestrictions.valueAt(j); boolean[] rejectBypassOps = restrictionState.perUserRejectBypasses.valueAt(j); if (restrictedOps == null) { continue; } Loading @@ -6178,9 +6173,6 @@ public class AppOpsService extends IAppOpsService.Stub { restrictedOpsValue.append(", "); } restrictedOpsValue.append(AppOpsManager.opToName(k)); if (rejectBypassOps != null && rejectBypassOps[k]) { restrictedOpsValue.append(" rejectBypass=true"); } } } restrictedOpsValue.append("]"); Loading Loading @@ -6261,14 +6253,14 @@ public class AppOpsService extends IAppOpsService.Stub { String restriction = AppOpsManager.opToRestriction(i); if (restriction != null) { setUserRestrictionNoCheck(i, restrictions.getBoolean(restriction, false), token, userHandle, null, false); userHandle, null); } } } @Override public void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, Map<String, String[]> excludedPackageTags, boolean rejectBypass) { Map<String, String[]> excludedPackageTags) { if (Binder.getCallingPid() != Process.myPid()) { mContext.enforcePermission(Manifest.permission.MANAGE_APP_OPS_RESTRICTIONS, Binder.getCallingPid(), Binder.getCallingUid(), null); Loading @@ -6284,12 +6276,11 @@ public class AppOpsService extends IAppOpsService.Stub { } verifyIncomingOp(code); Objects.requireNonNull(token); setUserRestrictionNoCheck(code, restricted, token, userHandle, excludedPackageTags, rejectBypass); setUserRestrictionNoCheck(code, restricted, token, userHandle, excludedPackageTags); } private void setUserRestrictionNoCheck(int code, boolean restricted, IBinder token, int userHandle, Map<String, String[]> excludedPackageTags, boolean rejectBypass) { int userHandle, Map<String, String[]> excludedPackageTags) { synchronized (AppOpsService.this) { ClientRestrictionState restrictionState = mOpUserRestrictions.get(token); Loading @@ -6303,7 +6294,7 @@ public class AppOpsService extends IAppOpsService.Stub { } if (restrictionState.setRestriction(code, restricted, excludedPackageTags, userHandle, rejectBypass)) { userHandle)) { mHandler.sendMessage(PooledLambda.obtainMessage( AppOpsService::notifyWatchersOfChange, this, code, UID_ANY)); mHandler.sendMessage(PooledLambda.obtainMessage( Loading Loading @@ -6834,10 +6825,8 @@ public class AppOpsService extends IAppOpsService.Stub { private final class ClientRestrictionState implements DeathRecipient { private final IBinder token; SparseArray<boolean[]> perUserRestrictions; SparseArray<boolean[]> perUserRejectBypasses; SparseArray<Map<String, String[]>> perUserExcludedPackageTags; public ClientRestrictionState(IBinder token) throws RemoteException { token.linkToDeath(this, 0); Loading @@ -6845,17 +6834,13 @@ public class AppOpsService extends IAppOpsService.Stub { } public boolean setRestriction(int code, boolean restricted, Map<String, String[]> excludedPackageTags, int userId, boolean rejectBypass) { Map<String, String[]> excludedPackageTags, int userId) { boolean changed = false; if (perUserRestrictions == null && restricted) { perUserRestrictions = new SparseArray<>(); } if (perUserRejectBypasses == null && rejectBypass) { perUserRejectBypasses = new SparseArray<>(); } int[] users; if (userId == UserHandle.USER_ALL) { // TODO(b/162888972): this call is returning all users, not just live ones - we Loading Loading @@ -6915,20 +6900,6 @@ public class AppOpsService extends IAppOpsService.Stub { } changed = true; } boolean[] userRejectBypasses = perUserRejectBypasses.get(thisUserId); if (userRejectBypasses == null && rejectBypass) { userRejectBypasses = new boolean[AppOpsManager._NUM_OP]; perUserRejectBypasses.put(thisUserId, userRejectBypasses); } if (userRejectBypasses != null && userRejectBypasses[code] != rejectBypass) { userRejectBypasses[code] = rejectBypass; if (!rejectBypass && isDefault(userRejectBypasses)) { perUserRejectBypasses.remove(thisUserId); } changed = true; } } } } Loading Loading @@ -6966,17 +6937,6 @@ public class AppOpsService extends IAppOpsService.Stub { return !ArrayUtils.contains(excludedTags, attributionTag); } public boolean rejectBypass(int restriction, int userId) { if (perUserRejectBypasses == null) { return false; } boolean[] rejectBypasses = perUserRejectBypasses.get(userId); if (rejectBypasses == null) { return false; } return rejectBypasses[restriction]; } public void removeUser(int userId) { if (perUserExcludedPackageTags != null) { perUserExcludedPackageTags.remove(userId); Loading
