Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b7130b27 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge changes from topic "permission_hub_2_framework" into rvc-qpr-dev 

* changes:
  Give Permission Controller the ability to see all accounts.
  Allow perm controller to read historical app-op data
parents 92e9590e 9abf24f0

data/etc/privapp-permissions-platform.xml

+3 −0
Original line number Diff line number Diff line
@@ -143,6 +143,9 @@ applications that come with the platform 
        <permission name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME" />

        <permission name="android.permission.PACKAGE_USAGE_STATS" />

        <permission name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" />



        <!-- For permission hub 2 debugging only -->

        <permission name="android.permission.GET_ACCOUNTS_PRIVILEGED"/>

    </privapp-permissions>



    <privapp-permissions package="com.android.phone">

services/core/java/com/android/server/appop/AppOpsService.java

+11 −1
Original line number Diff line number Diff line
@@ -2052,6 +2052,8 @@ public class AppOpsService extends IAppOpsService.Stub { 
    public void getHistoricalOps(int uid, String packageName, String attributionTag,

            List<String> opNames, int filter, long beginTimeMillis, long endTimeMillis,

            int flags, RemoteCallback callback) {

        PackageManager pm = mContext.getPackageManager();



        ensureHistoricalOpRequestIsValid(uid, packageName, attributionTag, opNames, filter,

                beginTimeMillis, endTimeMillis, flags);

        Objects.requireNonNull(callback, "callback cannot be null");
@@ -2059,8 +2061,16 @@ public class AppOpsService extends IAppOpsService.Stub { 
        ActivityManagerInternal ami = LocalServices.getService(ActivityManagerInternal.class);

        boolean isCallerInstrumented = ami.isUidCurrentlyInstrumented(Binder.getCallingUid());

        boolean isCallerSystem = Binder.getCallingPid() == Process.myPid();

        boolean isCallerPermissionController;

        try {

            isCallerPermissionController = pm.getPackageUid(

                    mContext.getPackageManager().getPermissionControllerPackageName(), 0)

                    == Binder.getCallingUid();

        } catch (PackageManager.NameNotFoundException doesNotHappen) {

            return;

        }



        if (!isCallerSystem && !isCallerInstrumented) {

        if (!isCallerSystem && !isCallerInstrumented && !isCallerPermissionController) {

            mHandler.post(() -> callback.sendResult(new Bundle()));

            return;

        }