Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e192e43c authored by MSe1969's avatar MSe1969 Committed by Danny Baumann
Browse files

ClipboardService: Restore different method calls to AppOps to fix PG 

Commit 34ffba62 'Limit instant app access
to clipboard' (AOSP Bug-ID: 34231507) has introduced the new method
'clipboardAccessAllowed', which replaces all AppOps calls. However, whilst
the previous coding made use of the methods checkOp, noteOp and
checkOpNoThrow, the new method only uses method 'checkOp'. Different from
'noteOp', the 'checkOp' call only performs a check without setting the
counter or initializing the Op.
As a consequence, ClipBoard access did not show up any longer in Lineage's
Privacy Guard, hence users couldn't control anymore the apps accordingly.

This change aims at restoring the former call behavior by extending the
'clipboardAccessAllowed' method with a parameter to specify the AppOp
calling method according to the former code, which fixes the Privacy Guard
issue.

Change-Id: I4db7b4f043eb39068cd7a6346a0eb645648cfada
parent 5d1ef85d

services/core/java/com/android/server/clipboard/ClipboardService.java

+29 −9
Original line number Diff line number Diff line
@@ -155,6 +155,11 @@ public class ClipboardService extends SystemService { 


    private final SparseArray<PerUserClipboard> mClipboards = new SparseArray<>();



    /* App op check variants for the clipboardAccessAllowed method */

    private static final int APPOP_NOTE = 1;    /** Call AppOps.noteOp method */

    private static final int APPOP_CHECK = 2;   /** Call AppOps.checkOp method */

    private static final int APPOP_NOTHROW = 3; /** Call AppOps.checkOpNoThrow method */



    /**

     * Instantiates the clipboard.

     */
@@ -256,7 +261,7 @@ public class ClipboardService extends SystemService { 
                }

                final int callingUid = Binder.getCallingUid();

                if (!clipboardAccessAllowed(AppOpsManager.OP_WRITE_CLIPBOARD, callingPackage,

                            callingUid)) {

                            callingUid, APPOP_NOTE)) {

                    return;

                }

                checkDataOwnerLocked(clip, callingUid);
@@ -305,7 +310,7 @@ public class ClipboardService extends SystemService { 
        public ClipData getPrimaryClip(String pkg) {

            synchronized (this) {

                if (!clipboardAccessAllowed(AppOpsManager.OP_READ_CLIPBOARD, pkg,

                            Binder.getCallingUid()) || isDeviceLocked()) {

                            Binder.getCallingUid(), APPOP_NOTE) || isDeviceLocked()) {

                    return null;

                }

                addActiveOwnerLocked(Binder.getCallingUid(), pkg);
@@ -317,7 +322,7 @@ public class ClipboardService extends SystemService { 
        public ClipDescription getPrimaryClipDescription(String callingPackage) {

            synchronized (this) {

                if (!clipboardAccessAllowed(AppOpsManager.OP_READ_CLIPBOARD, callingPackage,

                            Binder.getCallingUid()) || isDeviceLocked()) {

                            Binder.getCallingUid(), APPOP_CHECK) || isDeviceLocked()) {

                    return null;

                }

                PerUserClipboard clipboard = getClipboard();
@@ -329,7 +334,7 @@ public class ClipboardService extends SystemService { 
        public boolean hasPrimaryClip(String callingPackage) {

            synchronized (this) {

                if (!clipboardAccessAllowed(AppOpsManager.OP_READ_CLIPBOARD, callingPackage,

                            Binder.getCallingUid()) || isDeviceLocked()) {

                            Binder.getCallingUid(), APPOP_CHECK) || isDeviceLocked()) {

                    return false;

                }

                return getClipboard().primaryClip != null;
@@ -356,7 +361,7 @@ public class ClipboardService extends SystemService { 
        public boolean hasClipboardText(String callingPackage) {

            synchronized (this) {

                if (!clipboardAccessAllowed(AppOpsManager.OP_READ_CLIPBOARD, callingPackage,

                            Binder.getCallingUid()) || isDeviceLocked()) {

                            Binder.getCallingUid(), APPOP_CHECK) || isDeviceLocked()) {

                    return false;

                }

                PerUserClipboard clipboard = getClipboard();
@@ -419,7 +424,7 @@ public class ClipboardService extends SystemService { 
                            clipboard.primaryClipListeners.getBroadcastCookie(i);



                    if (clipboardAccessAllowed(AppOpsManager.OP_READ_CLIPBOARD, li.mPackageName,

                                li.mUid)) {

                                li.mUid, APPOP_NOTHROW)) {

                        clipboard.primaryClipListeners.getBroadcastItem(i)

                                .dispatchPrimaryClipChanged();

                    }
@@ -565,9 +570,24 @@ public class ClipboardService extends SystemService { 
        }

    }



    private boolean clipboardAccessAllowed(int op, String callingPackage, int callingUid) {

        // Check the AppOp.

        if (mAppOps.checkOp(op, callingUid, callingPackage) != AppOpsManager.MODE_ALLOWED) {

    private boolean clipboardAccessAllowed(int op, String callingPackage,

            int callingUid, int appOpMethod) {

        int appOpResult;



        // Check the AppOp depending on specified method

        switch (appOpMethod) {

            case APPOP_NOTE:

                appOpResult = mAppOps.noteOp(op, callingUid, callingPackage);

                break;

            case APPOP_NOTHROW:

                appOpResult = mAppOps.checkOpNoThrow(op, callingUid, callingPackage);

                break;

            default:

                appOpResult = mAppOps.checkOp(op, callingUid, callingPackage);

                break;

        }



        if (appOpResult != AppOpsManager.MODE_ALLOWED) {

            return false;

        }

        try {