Fix issue #62342672: API Review: OPSTR_ACTIVATE_VPN SystemApi (bf1b57d8) · Commits · e / os / android_frameworks_base

api/system-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -261,6 +261,7 @@ package android.app {

		public class AppOpsManager {
		method public static java.lang.String[] getOpStrs();
		method public void setMode(java.lang.String, int, java.lang.String, int);
		method public void setUidMode(java.lang.String, int, int);
		field public static final java.lang.String OPSTR_ACCEPT_HANDOVER = "android:accept_handover";
		field public static final java.lang.String OPSTR_ACCESS_NOTIFICATIONS = "android:access_notifications";

core/java/android/app/AppOpsManager.java

+26 −1

Original line number	Diff line number	Diff line
		@@ -1609,6 +1609,7 @@ public class AppOpsManager {
		* @param mode The app op mode to set.
		* @hide
		*/
		@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
		public void setUidMode(int code, int uid, int mode) {
		try {
		mService.setUidMode(code, uid, mode);
		@@ -1628,7 +1629,7 @@ public class AppOpsManager {
		* @hide
		*/
		@SystemApi
		@RequiresPermission(android.Manifest.permission.UPDATE_APP_OPS_STATS)
		@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
		public void setUidMode(String appOp, int uid, int mode) {
		try {
		mService.setUidMode(AppOpsManager.strOpToOp(appOp), uid, mode);
		@@ -1660,6 +1661,7 @@ public class AppOpsManager {

		/** @hide */
		@TestApi
		@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
		public void setMode(int code, int uid, String packageName, int mode) {
		try {
		mService.setMode(code, uid, packageName, mode);
		@@ -1668,6 +1670,27 @@ public class AppOpsManager {
		}
		}

		/**
		* Change the operating mode for the given op in the given app package. You must pass
		* in both the uid and name of the application whose mode is being modified; if these
		* do not match, the modification will not be applied.
		*
		* @param op The operation to modify. One of the OPSTR_* constants.
		* @param uid The user id of the application whose mode will be changed.
		* @param packageName The name of the application package name whose mode will
		* be changed.
		* @hide
		*/
		@SystemApi
		@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
		public void setMode(String op, int uid, String packageName, int mode) {
		try {
		mService.setMode(strOpToOp(op), uid, packageName, mode);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}

		/**
		* Set a non-persisted restriction on an audio operation at a stream-level.
		* Restrictions are temporary additional constraints imposed on top of the persisted rules
		@@ -1679,6 +1702,7 @@ public class AppOpsManager {
		* @param exceptionPackages Optional list of packages to exclude from the restriction.
		* @hide
		*/
		@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
		public void setRestriction(int code, @AttributeUsage int usage, int mode,
		String[] exceptionPackages) {
		try {
		@@ -1690,6 +1714,7 @@ public class AppOpsManager {
		}

		/** @hide */
		@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
		public void resetAllModes() {
		try {
		mService.resetAllModes(mContext.getUserId(), null);

core/res/AndroidManifest.xml

+6 −0

Original line number	Diff line number	Diff line
		@@ -2552,6 +2552,12 @@
		<permission android:name="android.permission.MANAGE_APP_OPS_RESTRICTIONS"
		android:protectionLevel="signature\|installer" />

		<!-- Allows an application to update the user app op modes.
		Not for use by third party apps.
		@hide -->
		<permission android:name="android.permission.MANAGE_APP_OPS_MODES"
		android:protectionLevel="signature\|installer\|verifier" />

		<!-- @SystemApi Allows an application to open windows that are for use by parts
		of the system user interface.
		<p>Not for use by third-party applications.

packages/Shell/AndroidManifest.xml

+1 −0

Original line number	Diff line number	Diff line
		@@ -118,6 +118,7 @@
		<uses-permission android:name="android.permission.REGISTER_CONNECTION_MANAGER" />
		<uses-permission android:name="android.permission.REGISTER_SIM_SUBSCRIPTION" />
		<uses-permission android:name="android.permission.GET_APP_OPS_STATS" />
		<uses-permission android:name="android.permission.MANAGE_APP_OPS_MODES" />
		<uses-permission android:name="android.permission.VIBRATE" />
		<uses-permission android:name="android.permission.MANAGE_ACTIVITY_STACKS" />
		<uses-permission android:name="android.permission.ACTIVITY_EMBEDDING" />

services/core/java/com/android/server/AppOpsService.java

+7 −5

Original line number	Diff line number	Diff line
		@@ -610,7 +610,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		@Override
		public void setUidMode(int code, int uid, int mode) {
		if (Binder.getCallingPid() != Process.myPid()) {
		mContext.enforcePermission(android.Manifest.permission.UPDATE_APP_OPS_STATS,
		mContext.enforcePermission(android.Manifest.permission.MANAGE_APP_OPS_MODES,
		Binder.getCallingPid(), Binder.getCallingUid(), null);
		}
		verifyIncomingOp(code);
		@@ -714,7 +714,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		@Override
		public void setMode(int code, int uid, String packageName, int mode) {
		if (Binder.getCallingPid() != Process.myPid()) {
		mContext.enforcePermission(android.Manifest.permission.UPDATE_APP_OPS_STATS,
		mContext.enforcePermission(android.Manifest.permission.MANAGE_APP_OPS_MODES,
		Binder.getCallingPid(), Binder.getCallingUid(), null);
		}
		verifyIncomingOp(code);
		@@ -832,7 +832,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		public void resetAllModes(int reqUserId, String reqPackageName) {
		final int callingPid = Binder.getCallingPid();
		final int callingUid = Binder.getCallingUid();
		mContext.enforcePermission(android.Manifest.permission.UPDATE_APP_OPS_STATS,
		mContext.enforcePermission(android.Manifest.permission.MANAGE_APP_OPS_MODES,
		callingPid, callingUid, null);
		reqUserId = ActivityManager.handleIncomingUser(callingPid, callingUid, reqUserId,
		true, true, "resetAllModes", null);
		@@ -1087,6 +1087,8 @@ public class AppOpsService extends IAppOpsService.Stub {
		String[] exceptionPackages) {
		verifyIncomingUid(uid);
		verifyIncomingOp(code);
		mContext.enforcePermission(android.Manifest.permission.MANAGE_APP_OPS_MODES,
		Binder.getCallingPid(), Binder.getCallingUid(), null);
		synchronized (this) {
		SparseArray<Restriction> usageRestrictions = mAudioRestrictions.get(code);
		if (usageRestrictions == null) {
		@@ -2330,7 +2332,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		}
		case "write-settings": {
		shell.mInternal.mContext.enforcePermission(
		android.Manifest.permission.UPDATE_APP_OPS_STATS,
		android.Manifest.permission.MANAGE_APP_OPS_MODES,
		Binder.getCallingPid(), Binder.getCallingUid(), null);
		long token = Binder.clearCallingIdentity();
		try {
		@@ -2346,7 +2348,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		}
		case "read-settings": {
		shell.mInternal.mContext.enforcePermission(
		android.Manifest.permission.UPDATE_APP_OPS_STATS,
		android.Manifest.permission.MANAGE_APP_OPS_MODES,
		Binder.getCallingPid(), Binder.getCallingUid(), null);
		long token = Binder.clearCallingIdentity();
		try {