Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bf7fe659 authored by Ben Gruver's avatar Ben Gruver
Browse files

Add role-only GET_HISTORICAL_APP_OPS_STATS permission 

This is a role-only permission for the app protection service role
that will grant access to historical app ops.

Security review: b/196982126

Bug: 204929538
Test: manual build and install
Change-Id: I4193a2f5469018aae0ebd7b53ba110d19d6f7e6c
parent 7d24318f

core/api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -105,6 +105,7 @@ package android { 
    field public static final String FORCE_BACK = "android.permission.FORCE_BACK";

    field public static final String FORCE_STOP_PACKAGES = "android.permission.FORCE_STOP_PACKAGES";

    field public static final String GET_APP_OPS_STATS = "android.permission.GET_APP_OPS_STATS";

    field public static final String GET_HISTORICAL_APP_OPS_STATS = "android.permission.GET_HISTORICAL_APP_OPS_STATS";

    field public static final String GET_PROCESS_STATE_AND_OOM_SCORE = "android.permission.GET_PROCESS_STATE_AND_OOM_SCORE";

    field public static final String GET_RUNTIME_PERMISSIONS = "android.permission.GET_RUNTIME_PERMISSIONS";

    field public static final String GET_TOP_ACTIVITY_INFO = "android.permission.GET_TOP_ACTIVITY_INFO";

core/res/AndroidManifest.xml

+7 −0
Original line number Diff line number Diff line
@@ -3578,6 +3578,13 @@ 
    <permission android:name="android.permission.GET_APP_OPS_STATS"

        android:protectionLevel="signature|privileged|development" />



    <!-- @SystemApi @hide Allows an application to collect historical application operation

         statistics.

         <p>Not for use by third party applications.

    -->

    <permission android:name="android.permission.GET_HISTORICAL_APP_OPS_STATS"

        android:protectionLevel="internal|role" />



    <!-- @SystemApi Allows an application to update application operation statistics. Not for

         use by third party apps.

         @hide -->

services/core/java/com/android/server/appop/AppOpsService.java

+7 −1
Original line number Diff line number Diff line
@@ -2375,7 +2375,13 @@ public class AppOpsService extends IAppOpsService.Stub { 
                return;

            }



            if (!isCallerSystem && !isCallerInstrumented && !isCallerPermissionController) {

            boolean doesCallerHavePermission = mContext.checkPermission(

                    android.Manifest.permission.GET_HISTORICAL_APP_OPS_STATS,

                    Binder.getCallingPid(), Binder.getCallingUid())

                    == PackageManager.PERMISSION_GRANTED;



            if (!isCallerSystem && !isCallerInstrumented && !isCallerPermissionController

                    && !doesCallerHavePermission) {

                mHandler.post(() -> callback.sendResult(new Bundle()));

                return;

            }