Loading core/java/android/permission/flags.aconfig +0 −8 Original line number Diff line number Diff line Loading @@ -212,14 +212,6 @@ flag { } } flag { name: "runtime_permission_appops_mapping_enabled" is_fixed_read_only: true namespace: "permissions" description: "Use runtime permission state to determine appop state" bug: "266164193" } flag { name: "device_id_in_op_proxy_info_enabled" is_fixed_read_only: true Loading services/core/java/com/android/server/appop/AppOpsService.java +1 −2 Original line number Diff line number Diff line Loading @@ -2926,8 +2926,7 @@ public class AppOpsService extends IAppOpsService.Stub { */ private static boolean isOpAllowedForUid(int uid) { int appId = UserHandle.getAppId(uid); return Flags.runtimePermissionAppopsMappingEnabled() && (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID); return appId == Process.ROOT_UID || appId == Process.SYSTEM_UID; } @Override Loading services/permission/java/com/android/server/permission/access/appop/AppOpService.kt +30 −45 Original line number Diff line number Diff line Loading @@ -22,7 +22,6 @@ import android.os.Binder import android.os.Handler import android.os.UserHandle import android.permission.PermissionManager import android.permission.flags.Flags import android.util.ArrayMap import android.util.ArraySet import android.util.LongSparseArray Loading Loading @@ -107,13 +106,11 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS } override fun systemReady() { if (Flags.runtimePermissionAppopsMappingEnabled()) { createPermissionAppOpMapping() val permissionListener = OnPermissionFlagsChangedListener() permissionPolicy.addOnPermissionFlagsChangedListener(permissionListener) devicePermissionPolicy.addOnPermissionFlagsChangedListener(permissionListener) } } private fun createPermissionAppOpMapping() { val permissions = service.getState { with(permissionPolicy) { getPermissions() } } Loading Loading @@ -154,15 +151,12 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS service.getState { val modes = with(appIdPolicy) { opNameMapToOpSparseArray(getAppOpModes(appId, userId)?.map) } if (Flags.runtimePermissionAppopsMappingEnabled()) { runtimePermissionNameToAppOp.forEachIndexed { _, permissionName, appOpCode -> val mode = getUidModeFromPermissionState(appId, userId, permissionName, deviceId) val mode = getUidModeFromPermissionState(appId, userId, permissionName, deviceId) if (mode != AppOpsManager.opToDefaultMode(appOpCode)) { modes[appOpCode] = mode } } } return modes } Loading @@ -178,7 +172,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS val opName = AppOpsManager.opToPublicName(op) val permissionName = runtimeAppOpToPermissionNames[op] return if (!Flags.runtimePermissionAppopsMappingEnabled() || permissionName == null) { return if (permissionName == null) { service.getState { with(appIdPolicy) { getAppOpMode(appId, userId, opName) } } } else { service.getState { Loading @@ -197,7 +191,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS appId: Int, userId: Int, permissionName: String, deviceId: String deviceId: String, ): Int { val checkDevicePermissionFlags = deviceId != VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT && Loading Loading @@ -237,7 +231,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS private fun evaluateModeFromPermissionFlags( foregroundFlags: Int, backgroundFlags: Int = PermissionFlags.RUNTIME_GRANTED backgroundFlags: Int = PermissionFlags.RUNTIME_GRANTED, ): Int = if (PermissionFlags.isAppOpGranted(foregroundFlags)) { if (PermissionFlags.isAppOpGranted(backgroundFlags)) { Loading @@ -254,9 +248,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS val userId = UserHandle.getUserId(uid) val appOpName = AppOpsManager.opToPublicName(code) if ( Flags.runtimePermissionAppopsMappingEnabled() && code in runtimeAppOpToPermissionNames ) { if (code in runtimeAppOpToPermissionNames) { val oldMode = service.getState { with(appIdPolicy) { getAppOpMode(appId, userId, appOpName) } } val wouldHaveChanged = oldMode != mode Loading Loading @@ -296,15 +288,12 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS override fun setPackageMode(packageName: String, appOpCode: Int, mode: Int, userId: Int) { val appOpName = AppOpsManager.opToPublicName(appOpCode) if ( Flags.runtimePermissionAppopsMappingEnabled() && appOpCode in runtimeAppOpToPermissionNames ) { if (appOpCode in runtimeAppOpToPermissionNames) { Slog.w( LOG_TAG, "(packageName=$packageName, userId=$userId)'s appop state" + " for runtime op $appOpName should not be set directly.", RuntimeException() RuntimeException(), ) return } Loading Loading @@ -350,7 +339,6 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS this[AppOpsManager.strOpToOp(op)] = true } } if (Flags.runtimePermissionAppopsMappingEnabled()) { foregroundableOps.forEachIndexed { _, op, _ -> if (getUidMode(uid, deviceId, op) == AppOpsManager.MODE_FOREGROUND) { this[op] = true Loading @@ -358,7 +346,6 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS } } } } override fun getForegroundOps(packageName: String, userId: Int): SparseBooleanArray { return SparseBooleanArray().apply { Loading @@ -367,7 +354,6 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS this[AppOpsManager.strOpToOp(op)] = true } } if (Flags.runtimePermissionAppopsMappingEnabled()) { foregroundableOps.forEachIndexed { _, op, _ -> if (getPackageMode(packageName, op, userId) == AppOpsManager.MODE_FOREGROUND) { this[op] = true Loading @@ -375,7 +361,6 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS } } } } override fun addAppOpsModeChangedListener(listener: AppOpsModeChangedListener): Boolean { synchronized(listenersLock) { Loading Loading @@ -405,7 +390,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS userId: Int, appOpName: String, oldMode: Int, newMode: Int newMode: Int, ) { val uid = UserHandle.getUid(userId, appId) val appOpCode = AppOpsManager.strOpToOp(appOpName) Loading @@ -425,7 +410,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS uid, appOpCode, mode, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, ) } } Loading @@ -444,7 +429,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS userId: Int, appOpName: String, oldMode: Int, newMode: Int newMode: Int, ) { val appOpCode = AppOpsManager.strOpToOp(appOpName) val key = Triple(packageName, userId, appOpCode) Loading Loading @@ -479,7 +464,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS userId: Int, permissionName: String, oldFlags: Int, newFlags: Int newFlags: Int, ) { onDevicePermissionFlagsChanged( appId, Loading @@ -487,7 +472,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, permissionName, oldFlags, newFlags newFlags, ) } Loading @@ -497,7 +482,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS deviceId: String, permissionName: String, oldFlags: Int, newFlags: Int newFlags: Int, ) { backgroundToForegroundPermissionNames[permissionName]?.let { foregroundPermissions -> // This is a background permission; there may be multiple foreground permissions Loading @@ -514,7 +499,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS foregroundPermissionFlags, oldFlags, foregroundPermissionFlags, newFlags newFlags, ) } } Loading @@ -532,7 +517,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS oldFlags, backgroundPermissionFlags, newFlags, backgroundPermissionFlags backgroundPermissionFlags, ) } } Loading @@ -545,7 +530,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS oldFlags, PermissionFlags.RUNTIME_GRANTED, newFlags, PermissionFlags.RUNTIME_GRANTED PermissionFlags.RUNTIME_GRANTED, ) } } Loading Loading
core/java/android/permission/flags.aconfig +0 −8 Original line number Diff line number Diff line Loading @@ -212,14 +212,6 @@ flag { } } flag { name: "runtime_permission_appops_mapping_enabled" is_fixed_read_only: true namespace: "permissions" description: "Use runtime permission state to determine appop state" bug: "266164193" } flag { name: "device_id_in_op_proxy_info_enabled" is_fixed_read_only: true Loading
services/core/java/com/android/server/appop/AppOpsService.java +1 −2 Original line number Diff line number Diff line Loading @@ -2926,8 +2926,7 @@ public class AppOpsService extends IAppOpsService.Stub { */ private static boolean isOpAllowedForUid(int uid) { int appId = UserHandle.getAppId(uid); return Flags.runtimePermissionAppopsMappingEnabled() && (appId == Process.ROOT_UID || appId == Process.SYSTEM_UID); return appId == Process.ROOT_UID || appId == Process.SYSTEM_UID; } @Override Loading
services/permission/java/com/android/server/permission/access/appop/AppOpService.kt +30 −45 Original line number Diff line number Diff line Loading @@ -22,7 +22,6 @@ import android.os.Binder import android.os.Handler import android.os.UserHandle import android.permission.PermissionManager import android.permission.flags.Flags import android.util.ArrayMap import android.util.ArraySet import android.util.LongSparseArray Loading Loading @@ -107,13 +106,11 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS } override fun systemReady() { if (Flags.runtimePermissionAppopsMappingEnabled()) { createPermissionAppOpMapping() val permissionListener = OnPermissionFlagsChangedListener() permissionPolicy.addOnPermissionFlagsChangedListener(permissionListener) devicePermissionPolicy.addOnPermissionFlagsChangedListener(permissionListener) } } private fun createPermissionAppOpMapping() { val permissions = service.getState { with(permissionPolicy) { getPermissions() } } Loading Loading @@ -154,15 +151,12 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS service.getState { val modes = with(appIdPolicy) { opNameMapToOpSparseArray(getAppOpModes(appId, userId)?.map) } if (Flags.runtimePermissionAppopsMappingEnabled()) { runtimePermissionNameToAppOp.forEachIndexed { _, permissionName, appOpCode -> val mode = getUidModeFromPermissionState(appId, userId, permissionName, deviceId) val mode = getUidModeFromPermissionState(appId, userId, permissionName, deviceId) if (mode != AppOpsManager.opToDefaultMode(appOpCode)) { modes[appOpCode] = mode } } } return modes } Loading @@ -178,7 +172,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS val opName = AppOpsManager.opToPublicName(op) val permissionName = runtimeAppOpToPermissionNames[op] return if (!Flags.runtimePermissionAppopsMappingEnabled() || permissionName == null) { return if (permissionName == null) { service.getState { with(appIdPolicy) { getAppOpMode(appId, userId, opName) } } } else { service.getState { Loading @@ -197,7 +191,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS appId: Int, userId: Int, permissionName: String, deviceId: String deviceId: String, ): Int { val checkDevicePermissionFlags = deviceId != VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT && Loading Loading @@ -237,7 +231,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS private fun evaluateModeFromPermissionFlags( foregroundFlags: Int, backgroundFlags: Int = PermissionFlags.RUNTIME_GRANTED backgroundFlags: Int = PermissionFlags.RUNTIME_GRANTED, ): Int = if (PermissionFlags.isAppOpGranted(foregroundFlags)) { if (PermissionFlags.isAppOpGranted(backgroundFlags)) { Loading @@ -254,9 +248,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS val userId = UserHandle.getUserId(uid) val appOpName = AppOpsManager.opToPublicName(code) if ( Flags.runtimePermissionAppopsMappingEnabled() && code in runtimeAppOpToPermissionNames ) { if (code in runtimeAppOpToPermissionNames) { val oldMode = service.getState { with(appIdPolicy) { getAppOpMode(appId, userId, appOpName) } } val wouldHaveChanged = oldMode != mode Loading Loading @@ -296,15 +288,12 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS override fun setPackageMode(packageName: String, appOpCode: Int, mode: Int, userId: Int) { val appOpName = AppOpsManager.opToPublicName(appOpCode) if ( Flags.runtimePermissionAppopsMappingEnabled() && appOpCode in runtimeAppOpToPermissionNames ) { if (appOpCode in runtimeAppOpToPermissionNames) { Slog.w( LOG_TAG, "(packageName=$packageName, userId=$userId)'s appop state" + " for runtime op $appOpName should not be set directly.", RuntimeException() RuntimeException(), ) return } Loading Loading @@ -350,7 +339,6 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS this[AppOpsManager.strOpToOp(op)] = true } } if (Flags.runtimePermissionAppopsMappingEnabled()) { foregroundableOps.forEachIndexed { _, op, _ -> if (getUidMode(uid, deviceId, op) == AppOpsManager.MODE_FOREGROUND) { this[op] = true Loading @@ -358,7 +346,6 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS } } } } override fun getForegroundOps(packageName: String, userId: Int): SparseBooleanArray { return SparseBooleanArray().apply { Loading @@ -367,7 +354,6 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS this[AppOpsManager.strOpToOp(op)] = true } } if (Flags.runtimePermissionAppopsMappingEnabled()) { foregroundableOps.forEachIndexed { _, op, _ -> if (getPackageMode(packageName, op, userId) == AppOpsManager.MODE_FOREGROUND) { this[op] = true Loading @@ -375,7 +361,6 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS } } } } override fun addAppOpsModeChangedListener(listener: AppOpsModeChangedListener): Boolean { synchronized(listenersLock) { Loading Loading @@ -405,7 +390,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS userId: Int, appOpName: String, oldMode: Int, newMode: Int newMode: Int, ) { val uid = UserHandle.getUid(userId, appId) val appOpCode = AppOpsManager.strOpToOp(appOpName) Loading @@ -425,7 +410,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS uid, appOpCode, mode, VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, ) } } Loading @@ -444,7 +429,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS userId: Int, appOpName: String, oldMode: Int, newMode: Int newMode: Int, ) { val appOpCode = AppOpsManager.strOpToOp(appOpName) val key = Triple(packageName, userId, appOpCode) Loading Loading @@ -479,7 +464,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS userId: Int, permissionName: String, oldFlags: Int, newFlags: Int newFlags: Int, ) { onDevicePermissionFlagsChanged( appId, Loading @@ -487,7 +472,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS VirtualDeviceManager.PERSISTENT_DEVICE_ID_DEFAULT, permissionName, oldFlags, newFlags newFlags, ) } Loading @@ -497,7 +482,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS deviceId: String, permissionName: String, oldFlags: Int, newFlags: Int newFlags: Int, ) { backgroundToForegroundPermissionNames[permissionName]?.let { foregroundPermissions -> // This is a background permission; there may be multiple foreground permissions Loading @@ -514,7 +499,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS foregroundPermissionFlags, oldFlags, foregroundPermissionFlags, newFlags newFlags, ) } } Loading @@ -532,7 +517,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS oldFlags, backgroundPermissionFlags, newFlags, backgroundPermissionFlags backgroundPermissionFlags, ) } } Loading @@ -545,7 +530,7 @@ class AppOpService(private val service: AccessCheckingService) : AppOpsCheckingS oldFlags, PermissionFlags.RUNTIME_GRANTED, newFlags, PermissionFlags.RUNTIME_GRANTED PermissionFlags.RUNTIME_GRANTED, ) } } Loading
