Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e4ee2c21 authored by Eugene Susla's avatar Eugene Susla
Browse files

Flip appops corresponding to default-granted permissions 

Not that we're starting to change appops' default values
for sms/calllog permissions, default grants by DefaultPermissionGrantPolicy
must take care to also flip the appops, otherwise permission grants don't
take the desired effect.

This also fixes the `appops get` shell command to reflect both uid and
package mode, consistent with how appops are checked

Bug: 117623587
Test: - enable kill switch for sms access restriction
- adb install -g $ANDROID_BUILD_TOP/out/target/product/sailfish/data/app/CellBroadcastReceiverTests/CellBroadcastReceiverTests.apk
- launch the app and press any button
- ensure no "Appop denial" warning in logcat
----
- adb shell appops get com.android.cellbroadcastreceiver android:receive_sms
- ensure result reflects uid mode
Change-Id: I59bb0c89423d3636c310c21b7a1cbf0481c992eb
parent 27600ff5

core/java/android/app/AppOpsManager.java

+1 −1
Original line number Diff line number Diff line
@@ -1000,7 +1000,7 @@ public class AppOpsManager { 
            "WRITE_WALLPAPER",

            "ASSIST_STRUCTURE",

            "ASSIST_SCREENSHOT",

            "OP_READ_PHONE_STATE",

            "READ_PHONE_STATE",

            "ADD_VOICEMAIL",

            "USE_SIP",

            "PROCESS_OUTGOING_CALLS",

services/core/java/com/android/server/AppOpsService.java

+27 −3
Original line number Diff line number Diff line
@@ -25,6 +25,8 @@ import static android.app.AppOpsManager.UID_STATE_LAST_NON_RESTRICTED; 
import static android.app.AppOpsManager.UID_STATE_PERSISTENT;

import static android.app.AppOpsManager.UID_STATE_TOP;

import static android.app.AppOpsManager._NUM_UID_STATE;

import static android.app.AppOpsManager.modeToName;

import static android.app.AppOpsManager.opToName;



import android.Manifest;

import android.annotation.NonNull;
@@ -877,6 +879,9 @@ public class AppOpsService extends IAppOpsService.Stub { 
    }



    private ArrayList<AppOpsManager.OpEntry> collectOps(SparseIntArray uidOps, int[] ops) {

        if (uidOps == null) {

            return null;

        }

        ArrayList<AppOpsManager.OpEntry> resOps = null;

        if (ops == null) {

            resOps = new ArrayList<>();
@@ -1131,6 +1136,11 @@ public class AppOpsService extends IAppOpsService.Stub { 


    @Override

    public void setUidMode(int code, int uid, int mode) {

        if (DEBUG) {

            Slog.i(TAG, "uid " + uid + " OP_" + opToName(code) + " := " + modeToName(mode)

                    + " by uid " + Binder.getCallingUid());

        }



        enforceManageAppOpsModes(Binder.getCallingPid(), Binder.getCallingUid(), uid);

        verifyIncomingOp(code);

        code = AppOpsManager.opToSwitch(code);
@@ -3024,11 +3034,21 @@ public class AppOpsService extends IAppOpsService.Stub { 
                        return res;

                    }



                    List<AppOpsManager.PackageOps> ops;

                    List<AppOpsManager.PackageOps> ops = new ArrayList<>();

                    if (shell.packageName != null) {

                        ops = shell.mInterface.getOpsForPackage(

                        // Uid mode overrides package mode, so make sure it's also reported

                        List<AppOpsManager.PackageOps> r = shell.mInterface.getUidOps(

                                shell.packageUid,

                                shell.op != AppOpsManager.OP_NONE ? new int[]{shell.op} : null);

                        if (r != null) {

                            ops.addAll(r);

                        }

                        r = shell.mInterface.getOpsForPackage(

                                shell.packageUid, shell.packageName,

                                shell.op != AppOpsManager.OP_NONE ? new int[]{shell.op} : null);

                        if (r != null) {

                            ops.addAll(r);

                        }

                    } else {

                        ops = shell.mInterface.getUidOps(

                                shell.nonpackageUid,
@@ -3044,7 +3064,11 @@ public class AppOpsService extends IAppOpsService.Stub { 
                    }

                    final long now = System.currentTimeMillis();

                    for (int i=0; i<ops.size(); i++) {

                        List<AppOpsManager.OpEntry> entries = ops.get(i).getOps();

                        AppOpsManager.PackageOps packageOps = ops.get(i);

                        if (packageOps.getPackageName() == null) {

                            pw.print("Uid mode: ");

                        }

                        List<AppOpsManager.OpEntry> entries = packageOps.getOps();

                        for (int j=0; j<entries.size(); j++) {

                            AppOpsManager.OpEntry ent = entries.get(j);

                            pw.print(AppOpsManager.opToName(ent.getOp()));

services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java

+15 −0
Original line number Diff line number Diff line
@@ -1205,6 +1205,21 @@ public final class DefaultPermissionGrantPolicy { 
                    if (DEBUG) {

                        Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")

                                + permission + " to default handler " + pkg);



                        int appOp = AppOpsManager.permissionToOpCode(permission);

                        if (appOp != AppOpsManager.OP_NONE

                                && AppOpsManager.opToDefaultMode(appOp)

                                        != AppOpsManager.MODE_ALLOWED) {

                            // Permission has a corresponding appop which is not allowed by default

                            // We must allow it as well, as it's usually checked alongside the

                            // permission

                            if (DEBUG) {

                                Log.i(TAG, "Granting OP_" + AppOpsManager.opToName(appOp)

                                        + " to " + pkg.packageName);

                            }

                            mContext.getSystemService(AppOpsManager.class).setUidMode(

                                    appOp, pkg.applicationInfo.uid, AppOpsManager.MODE_ALLOWED);

                        }

                    }

                }