Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b919b807 authored by Presubmit Automerger Backend's avatar Presubmit Automerger Backend
Browse files

[automerge] DO NOT MERGE: Revert "Make CheckOp return allowed if any attr tag... 

[automerge] DO NOT MERGE: Revert "Make CheckOp return allowed if any attr tag for a package is excluded" 2p: de7b0f6d

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/19245451

Bug: 231496105
Change-Id: I02054942e9b0b3df13dc322c6ef368d024645b98
parents ed729f2d de7b0f6d

core/java/android/app/AppOpsManager.java

+9 −14
Original line number Original line Diff line number Diff line
@@ -2463,8 +2463,8 @@ public class AppOpsManager { 
     * restriction} for a certain app-op.

     * restriction} for a certain app-op.

     */

     */

    private static RestrictionBypass[] sOpAllowSystemRestrictionBypass = new RestrictionBypass[] {

    private static RestrictionBypass[] sOpAllowSystemRestrictionBypass = new RestrictionBypass[] {

            new RestrictionBypass(true, false, false), //COARSE_LOCATION

            new RestrictionBypass(true, false), //COARSE_LOCATION

            new RestrictionBypass(true, false, false), //FINE_LOCATION

            new RestrictionBypass(true, false), //FINE_LOCATION

            null, //GPS

            null, //GPS

            null, //VIBRATE

            null, //VIBRATE

            null, //READ_CONTACTS

            null, //READ_CONTACTS
@@ -2473,7 +2473,7 @@ public class AppOpsManager { 
            null, //WRITE_CALL_LOG

            null, //WRITE_CALL_LOG

            null, //READ_CALENDAR

            null, //READ_CALENDAR

            null, //WRITE_CALENDAR

            null, //WRITE_CALENDAR

            new RestrictionBypass(false, true, false), //WIFI_SCAN

            new RestrictionBypass(true, false), //WIFI_SCAN

            null, //POST_NOTIFICATION

            null, //POST_NOTIFICATION

            null, //NEIGHBORING_CELLS

            null, //NEIGHBORING_CELLS

            null, //CALL_PHONE

            null, //CALL_PHONE
@@ -2487,10 +2487,10 @@ public class AppOpsManager { 
            null, //READ_ICC_SMS

            null, //READ_ICC_SMS

            null, //WRITE_ICC_SMS

            null, //WRITE_ICC_SMS

            null, //WRITE_SETTINGS

            null, //WRITE_SETTINGS

            new RestrictionBypass(false, true, false), //SYSTEM_ALERT_WINDOW

            new RestrictionBypass(true, false), //SYSTEM_ALERT_WINDOW

            null, //ACCESS_NOTIFICATIONS

            null, //ACCESS_NOTIFICATIONS

            null, //CAMERA

            null, //CAMERA

            new RestrictionBypass(false, false, true), //RECORD_AUDIO

            new RestrictionBypass(false, true), //RECORD_AUDIO

            null, //PLAY_AUDIO

            null, //PLAY_AUDIO

            null, //READ_CLIPBOARD

            null, //READ_CLIPBOARD

            null, //WRITE_CLIPBOARD

            null, //WRITE_CLIPBOARD
@@ -2508,7 +2508,7 @@ public class AppOpsManager { 
            null, //MONITOR_HIGH_POWER_LOCATION

            null, //MONITOR_HIGH_POWER_LOCATION

            null, //GET_USAGE_STATS

            null, //GET_USAGE_STATS

            null, //MUTE_MICROPHONE

            null, //MUTE_MICROPHONE

            new RestrictionBypass(false, true, false), //TOAST_WINDOW

            new RestrictionBypass(true, false), //TOAST_WINDOW

            null, //PROJECT_MEDIA

            null, //PROJECT_MEDIA

            null, //ACTIVATE_VPN

            null, //ACTIVATE_VPN

            null, //WALLPAPER

            null, //WALLPAPER
@@ -2540,7 +2540,7 @@ public class AppOpsManager { 
            null, // ACCEPT_HANDOVER

            null, // ACCEPT_HANDOVER

            null, // MANAGE_IPSEC_HANDOVERS

            null, // MANAGE_IPSEC_HANDOVERS

            null, // START_FOREGROUND

            null, // START_FOREGROUND

            new RestrictionBypass(false, true, false), // BLUETOOTH_SCAN

            new RestrictionBypass(true, false), // BLUETOOTH_SCAN

            null, // USE_BIOMETRIC

            null, // USE_BIOMETRIC

            null, // ACTIVITY_RECOGNITION

            null, // ACTIVITY_RECOGNITION

            null, // SMS_FINANCIAL_TRANSACTIONS

            null, // SMS_FINANCIAL_TRANSACTIONS
@@ -3105,9 +3105,6 @@ public class AppOpsManager { 
     * @hide

     * @hide

     */

     */

    public static class RestrictionBypass {

    public static class RestrictionBypass {

        /** Does the app need to be system uid to bypass the restriction */

        public boolean isSystemUid;



        /** Does the app need to be privileged to bypass the restriction */

        /** Does the app need to be privileged to bypass the restriction */

        public boolean isPrivileged;

        public boolean isPrivileged;
@@ -3117,14 +3114,12 @@ public class AppOpsManager { 
         */

         */

        public boolean isRecordAudioRestrictionExcept;

        public boolean isRecordAudioRestrictionExcept;





        public RestrictionBypass(boolean isSystemUid, boolean isPrivileged,

        public RestrictionBypass(boolean isPrivileged, boolean isRecordAudioRestrictionExcept) {

                boolean isRecordAudioRestrictionExcept) {

            this.isSystemUid = isSystemUid;

            this.isPrivileged = isPrivileged;

            this.isPrivileged = isPrivileged;

            this.isRecordAudioRestrictionExcept = isRecordAudioRestrictionExcept;

            this.isRecordAudioRestrictionExcept = isRecordAudioRestrictionExcept;

        }

        }





        public static RestrictionBypass UNRESTRICTED = new RestrictionBypass(false, true, true);

        public static RestrictionBypass UNRESTRICTED = new RestrictionBypass(true, true);

    }

    }





    /**

    /**

services/core/java/com/android/server/appop/AppOpsService.java

+9 −19
Original line number Original line Diff line number Diff line
@@ -3242,7 +3242,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
            return AppOpsManager.MODE_IGNORED;

            return AppOpsManager.MODE_IGNORED;

        }

        }

        synchronized (this) {

        synchronized (this) {

            if (isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass, true)) {

            if (isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass)) {

                return AppOpsManager.MODE_IGNORED;

                return AppOpsManager.MODE_IGNORED;

            }

            }

            code = AppOpsManager.opToSwitch(code);

            code = AppOpsManager.opToSwitch(code);
@@ -3459,7 +3459,7 @@ public class AppOpsService extends IAppOpsService.Stub { 




            final int switchCode = AppOpsManager.opToSwitch(code);

            final int switchCode = AppOpsManager.opToSwitch(code);

            final UidState uidState = ops.uidState;

            final UidState uidState = ops.uidState;

            if (isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass, false)) {

            if (isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass)) {

                attributedOp.rejected(uidState.state, flags);

                attributedOp.rejected(uidState.state, flags);

                scheduleOpNotedIfNeededLocked(code, uid, packageName, attributionTag, flags,

                scheduleOpNotedIfNeededLocked(code, uid, packageName, attributionTag, flags,

                        AppOpsManager.MODE_IGNORED);

                        AppOpsManager.MODE_IGNORED);
@@ -3973,8 +3973,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
            final Op op = getOpLocked(ops, code, uid, true);

            final Op op = getOpLocked(ops, code, uid, true);

            final AttributedOp attributedOp = op.getOrCreateAttribution(op, attributionTag);

            final AttributedOp attributedOp = op.getOrCreateAttribution(op, attributionTag);

            final UidState uidState = ops.uidState;

            final UidState uidState = ops.uidState;

            isRestricted = isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass,

            isRestricted = isOpRestrictedLocked(uid, code, packageName, attributionTag, pvr.bypass);

                    false);

            final int switchCode = AppOpsManager.opToSwitch(code);

            final int switchCode = AppOpsManager.opToSwitch(code);

            // If there is a non-default per UID policy (we set UID op mode only if

            // If there is a non-default per UID policy (we set UID op mode only if

            // non-default) it takes over, otherwise use the per package policy.

            // non-default) it takes over, otherwise use the per package policy.
@@ -4503,9 +4502,8 @@ public class AppOpsService extends IAppOpsService.Stub { 
     * @return The restriction matching the package

     * @return The restriction matching the package

     */

     */

    private RestrictionBypass getBypassforPackage(@NonNull AndroidPackage pkg) {

    private RestrictionBypass getBypassforPackage(@NonNull AndroidPackage pkg) {

        return new RestrictionBypass(pkg.getUid() == Process.SYSTEM_UID, pkg.isPrivileged(),

        return new RestrictionBypass(pkg.isPrivileged(), mContext.checkPermission(

                mContext.checkPermission(android.Manifest.permission

                android.Manifest.permission.EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS, -1, pkg.getUid())

                        .EXEMPT_FROM_AUDIO_RECORD_RESTRICTIONS, -1, pkg.getUid())

                == PackageManager.PERMISSION_GRANTED);

                == PackageManager.PERMISSION_GRANTED);

    }

    }
@@ -4765,7 +4763,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
    }

    }





    private boolean isOpRestrictedLocked(int uid, int code, String packageName,

    private boolean isOpRestrictedLocked(int uid, int code, String packageName,

            String attributionTag, @Nullable RestrictionBypass appBypass, boolean isCheckOp) {

            String attributionTag, @Nullable RestrictionBypass appBypass) {

        int restrictionSetCount = mOpGlobalRestrictions.size();

        int restrictionSetCount = mOpGlobalRestrictions.size();





        for (int i = 0; i < restrictionSetCount; i++) {

        for (int i = 0; i < restrictionSetCount; i++) {
@@ -4782,15 +4780,11 @@ public class AppOpsService extends IAppOpsService.Stub { 
            // For each client, check that the given op is not restricted, or that the given

            // For each client, check that the given op is not restricted, or that the given

            // package is exempt from the restriction.

            // package is exempt from the restriction.

            ClientUserRestrictionState restrictionState = mOpUserRestrictions.valueAt(i);

            ClientUserRestrictionState restrictionState = mOpUserRestrictions.valueAt(i);

            if (restrictionState.hasRestriction(code, packageName, attributionTag, userHandle,

            if (restrictionState.hasRestriction(code, packageName, attributionTag, userHandle)) {

                    isCheckOp)) {

                RestrictionBypass opBypass = opAllowSystemBypassRestriction(code);

                RestrictionBypass opBypass = opAllowSystemBypassRestriction(code);

                if (opBypass != null) {

                if (opBypass != null) {

                    // If we are the system, bypass user restrictions for certain codes

                    // If we are the system, bypass user restrictions for certain codes

                    synchronized (this) {

                    synchronized (this) {

                        if (opBypass.isSystemUid && appBypass != null && appBypass.isSystemUid) {

                            return false;

                        }

                        if (opBypass.isPrivileged && appBypass != null && appBypass.isPrivileged) {

                        if (opBypass.isPrivileged && appBypass != null && appBypass.isPrivileged) {

                            return false;

                            return false;

                        }

                        }
@@ -7143,7 +7137,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
        }

        }





        public boolean hasRestriction(int restriction, String packageName, String attributionTag,

        public boolean hasRestriction(int restriction, String packageName, String attributionTag,

                int userId, boolean isCheckOp) {

                int userId) {

            if (perUserRestrictions == null) {

            if (perUserRestrictions == null) {

                return false;

                return false;

            }

            }
@@ -7162,9 +7156,6 @@ public class AppOpsService extends IAppOpsService.Stub { 
                return true;

                return true;

            }

            }





            if (isCheckOp) {

                return !perUserExclusions.includes(packageName);

            }

            return !perUserExclusions.contains(packageName, attributionTag);

            return !perUserExclusions.contains(packageName, attributionTag);

        }

        }
@@ -7331,8 +7322,7 @@ public class AppOpsService extends IAppOpsService.Stub { 
                int numRestrictions = mOpUserRestrictions.size();

                int numRestrictions = mOpUserRestrictions.size();

                for (int i = 0; i < numRestrictions; i++) {

                for (int i = 0; i < numRestrictions; i++) {

                    if (mOpUserRestrictions.valueAt(i)

                    if (mOpUserRestrictions.valueAt(i)

                            .hasRestriction(code, pkg, attributionTag, user.getIdentifier(),

                            .hasRestriction(code, pkg, attributionTag, user.getIdentifier())) {

                                    false)) {

                        number++;

                        number++;

                    }

                    }

                }

                }