Loading services/core/java/com/android/server/appop/AppOpsService.java +26 −7 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ import static android.content.Intent.ACTION_PACKAGE_REMOVED; import static android.content.Intent.EXTRA_REPLACING; import static android.content.pm.PermissionInfo.PROTECTION_DANGEROUS; import static android.content.pm.PermissionInfo.PROTECTION_FLAG_APPOP; import static android.permission.flags.Flags.runtimePermissionAppopsMappingEnabled; import static com.android.server.appop.AppOpsService.ModeCallback.ALL_OPS; Loading Loading @@ -2683,6 +2684,15 @@ public class AppOpsService extends IAppOpsService.Stub { } } /** * When querying the mode these should always be allowed and the checking service might not * have information on them. */ private static boolean isOpAllowedForUid(int uid) { return runtimePermissionAppopsMappingEnabled() && (uid == Process.ROOT_UID || uid == Process.SYSTEM_UID); } @Override public int checkOperationRaw(int code, int uid, String packageName, @Nullable String attributionTag) { Loading Loading @@ -2758,6 +2768,9 @@ public class AppOpsService extends IAppOpsService.Stub { pvr.bypass, true)) { return AppOpsManager.MODE_IGNORED; } if (isOpAllowedForUid(uid)) { return MODE_ALLOWED; } code = AppOpsManager.opToSwitch(code); UidState uidState = getUidStateLocked(uid, false); if (uidState != null Loading Loading @@ -3072,9 +3085,12 @@ public class AppOpsService extends IAppOpsService.Stub { return new SyncNotedAppOp(AppOpsManager.MODE_IGNORED, code, attributionTag, packageName); } if (isOpAllowedForUid(uid)) { // Op is always allowed for the UID, do nothing. // If there is a non-default per UID policy (we set UID op mode only if // non-default) it takes over, otherwise use the per package policy. if (mAppOpsCheckingService.getUidMode( } else if (mAppOpsCheckingService.getUidMode( uidState.uid, getPersistentId(virtualDeviceId), switchCode) != AppOpsManager.opToDefaultMode(switchCode)) { final int uidMode = Loading Loading @@ -3666,9 +3682,12 @@ public class AppOpsService extends IAppOpsService.Stub { isRestricted = isOpRestrictedLocked(uid, code, packageName, attributionTag, virtualDeviceId, pvr.bypass, false); final int switchCode = AppOpsManager.opToSwitch(code); if (isOpAllowedForUid(uid)) { // Op is always allowed for the UID, do nothing. // If there is a non-default per UID policy (we set UID op mode only if // non-default) it takes over, otherwise use the per package policy. if (mAppOpsCheckingService.getUidMode( } else if (mAppOpsCheckingService.getUidMode( uidState.uid, getPersistentId(virtualDeviceId), switchCode) != AppOpsManager.opToDefaultMode(switchCode)) { final int uidMode = Loading Loading
services/core/java/com/android/server/appop/AppOpsService.java +26 −7 Original line number Diff line number Diff line Loading @@ -70,6 +70,7 @@ import static android.content.Intent.ACTION_PACKAGE_REMOVED; import static android.content.Intent.EXTRA_REPLACING; import static android.content.pm.PermissionInfo.PROTECTION_DANGEROUS; import static android.content.pm.PermissionInfo.PROTECTION_FLAG_APPOP; import static android.permission.flags.Flags.runtimePermissionAppopsMappingEnabled; import static com.android.server.appop.AppOpsService.ModeCallback.ALL_OPS; Loading Loading @@ -2683,6 +2684,15 @@ public class AppOpsService extends IAppOpsService.Stub { } } /** * When querying the mode these should always be allowed and the checking service might not * have information on them. */ private static boolean isOpAllowedForUid(int uid) { return runtimePermissionAppopsMappingEnabled() && (uid == Process.ROOT_UID || uid == Process.SYSTEM_UID); } @Override public int checkOperationRaw(int code, int uid, String packageName, @Nullable String attributionTag) { Loading Loading @@ -2758,6 +2768,9 @@ public class AppOpsService extends IAppOpsService.Stub { pvr.bypass, true)) { return AppOpsManager.MODE_IGNORED; } if (isOpAllowedForUid(uid)) { return MODE_ALLOWED; } code = AppOpsManager.opToSwitch(code); UidState uidState = getUidStateLocked(uid, false); if (uidState != null Loading Loading @@ -3072,9 +3085,12 @@ public class AppOpsService extends IAppOpsService.Stub { return new SyncNotedAppOp(AppOpsManager.MODE_IGNORED, code, attributionTag, packageName); } if (isOpAllowedForUid(uid)) { // Op is always allowed for the UID, do nothing. // If there is a non-default per UID policy (we set UID op mode only if // non-default) it takes over, otherwise use the per package policy. if (mAppOpsCheckingService.getUidMode( } else if (mAppOpsCheckingService.getUidMode( uidState.uid, getPersistentId(virtualDeviceId), switchCode) != AppOpsManager.opToDefaultMode(switchCode)) { final int uidMode = Loading Loading @@ -3666,9 +3682,12 @@ public class AppOpsService extends IAppOpsService.Stub { isRestricted = isOpRestrictedLocked(uid, code, packageName, attributionTag, virtualDeviceId, pvr.bypass, false); final int switchCode = AppOpsManager.opToSwitch(code); if (isOpAllowedForUid(uid)) { // Op is always allowed for the UID, do nothing. // If there is a non-default per UID policy (we set UID op mode only if // non-default) it takes over, otherwise use the per package policy. if (mAppOpsCheckingService.getUidMode( } else if (mAppOpsCheckingService.getUidMode( uidState.uid, getPersistentId(virtualDeviceId), switchCode) != AppOpsManager.opToDefaultMode(switchCode)) { final int uidMode = Loading
