appops: Privacy Guard for N
* Squashed commit of all PG-related features including superuser Authors: - Sam Mortimer - Danesh Mondegarian - Jorge Ruesga - Diogo Ferreira - Roman Birg - Adnan Begovic - Chirayu Desai - Lars Greiss - Steve Kondik - CodeAurora AppOps: track op persistence by name instead of id On XML write, include the op name. On XML read, map the name back to op id (if it exists). Persistent AppOp state now follows the op name instead numeric id. This allows upgrades between versions of android that have different code<>name mappings. AppOpsService: Add MODE_ASK support to AppOps. Add support for new mode(MODE_ASK) in AppOpsService to show a permission dialog box to user to confirm user permission before allowing or ignoring that operation. All strict operations (defined in AppOpsManager) are going to be in MODE_ASK by default. Operations will be moved to MODE_ALLOWED or MODE_IGNORED according to user's choice. AppOps: Add support for AppOps policy file Add support to read AppOps policy file. AppOps policy file can be used to configure Ops default policy. [1/2] frameworks/base: Privacy Guard PS2: * add missing call to updatePrivacyGuardNotificationLocked() * remove ic_privacy_guard and ic_privacy_guard_off * use stat_notify_privacy_guard drawable from Björn * rebase PS3: * exclude MODE_IGNORED from causing getPrivacyGuardSettingForPackage() returning true. multiuser restrictions on calls/sms otherwise cause privacyguard to appear to be on when really it isn't. * rebase Pulled together from: Author: Danesh M <daneshm90@gmail.com> Date: Thu Sep 5 19:23:15 2013 -0700 Privacy Guard : Reimplement backed by AppOps Re-implements privacy guard to use appops. Author: Jorge Ruesga <jorge@ruesga.com> Date: Sat Jan 4 01:34:39 2014 +0100 privacyguard: Share privacy package name between activity stacks AOSP 4.4 now has a stack supervisor with differents activity stacks for home and focus activities. Every ActivityStack instance has a ref to this supervisor. Just share the privacy guard package name throught the supervisor. Patchset 2: Fix formatting JIRA: CYAN-2874 Issue: https://jira.cyanogenmod.org/browse/CYAN-2874 Author: Steve Kondik <shade@chemlab.org> Date: Sun Feb 23 19:23:31 2014 +0100 Use MODE_ASK as the default ops mode in Privacy Guard * Prompting the user is far more useful as a default behavior. The choice will be remembered after the first request. Author: Steve Kondik <shade@chemlab.org> Date: Tue Feb 25 13:11:12 2014 +0100 Relocate and cleanup new app ops features and PGify it [2/2] Framework AppOps: Add per Op allowed and ignored counters Port from cm-10.2 and cm-11.0 Author: Sam Mortimer <sam@mortimer.me.uk> Date: Wed Oct 2 22:06:42 2013 -0700 [2/2] AppOps: Add per Op allowed and ignored counters wifi: Confirm user permission before toggling wifi Check user permissions before enabling/disabling wifi. AppOps: Add Bluetooth enable control into AppOps Check user permission before enabling bluetooth. AppOps: Add BOOT_COMPLETED operation Add BOOT_COMPLETED operation in AppOps. This operation is used to allow user to control auto start of applications and services at bootup. AppOps: Add nfc enable control into AppOps. Check user permission before enabling nfc. appops: Add support for SU This patch adds support for superuser app-ops control. The end-goal is to better prepare superuser for the multi-user experience while also replacing the superuser app with existing components. su: Add an indicator when a 'su' session is active This adds an indicator to the statusbar that is visible whenever a root session is active, akin to the fine location icon. AppOps: fix wifi scan op There's no direct permission tied to it and fix the op-to-switch entry. AppOps: add a default constructor Frameworks: Redirect appops strings to string references adapted to reflect new permission indices and codes appops: Disassociate appops requests from notification broadcasts The AppOpsService is essentially a manager for a set of counters and permissions. Each operation request has the potential to change the state and, as such, access to such state is synchronized. We are whitnessing deadlocks caused by the broadcast and, in fact, while we want to notify superuser changes eventually, it does not have to be synchronous with the app ops request. This patch uses the request to schedule the notification on a handler, leaving the locking semantics of appops intact. add missing app ops to string array Also added op codes to prevent further mismatches. Add new OP_RUN_IN_BACKGROUND to list AppOps: fix deadlock issue when showing dialog WindowManagerService need call PowerManagerService to release wakelock. The Notifier in PowerManagerService need call AppOpsService to notify holding wakelock ops is finished. Meanwhile, AppOpsService may need call WindowManagerService to show dialog. This scenario will lead to deadlock issue. To move showing dialog action out of lock section to fix this issue. Since only UI work is moved out of lock area, it is supposed to be safe. AppOps: relax some system appops for systemui Grant wifi, bt, boot_complete, nfc, and data changes for systemui. Also remove the bluetooth permission tied to the bluetooth_change op - it is not always directly tied to BLUETOOTH or BLUETOOTH_ADMIN, so we can't force one there. cyanogen: Add missing RUN_IN_BACKGROUND where required Revert "AppOps: add a default constructor" * Not needed after http://review.cyanogenmod.org/126381 This reverts commit 19e0ce07. appops: Implement concept of delayedcount. High frequency request ops will be delayed until their ignore count ceiling is met. This is to mitigate the overloading the main activity manager service handler and having watchdog kill our service. Google play services likes to share its uid with numerous packages to avoid having to grant permissions from the users perspective and thus is the worst example of overloading this queue -- so, to not encourage bad behavior, we move them to the back of the line. NOTE: these values are magic, and may need tuning. Ideally we'd want a ringbuffer or token bucket here to do proper rate limiting. appops: Respect screen interactivity before creating dialogs. If the device's screen is currently off, do not queue ask runnables who cannot be interacted with. Since these events are gating mechanisms for closing an IPC loop, they need to happen when the user is interacting with the device. Likewise, on screen off, clear the queue of every op as they become unnecessary. Change-Id: Ia2bbb56509bedb4aa7272e53cb67a4d94fec450d Allow disabling the privacy guard notification - port from cm-12.1 (2/3) Change-Id: Iab0288f50685220c8be0c11ea5075f91ec1bbe32 Launch app privacy settings when tapping on PG notification (1/2) Based on https://github.com/SlimRoms/frameworks_base/commit/97ccae06cd0ad1aa366c3a70e8e744277c409b06 JIRA: CYAN-6077 Change-Id: I8632e8c944c1d5d7ad2fb2a2276bae5fe2d4a0a0
Loading
Please register or sign in to comment