Merge "Revert "Sanitize app op service inputs"" into nyc-dev (ef431884) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/AppOpsService.java

+30 −68

Original line number	Diff line number	Diff line
		@@ -447,12 +447,8 @@ public class AppOpsService extends IAppOpsService.Stub {
		int[] ops) {
		mContext.enforcePermission(android.Manifest.permission.GET_APP_OPS_STATS,
		Binder.getCallingPid(), Binder.getCallingUid(), null);
		String resolvedPackageName = resolvePackageName(uid, packageName);
		if (resolvedPackageName == null) {
		return Collections.emptyList();
		}
		synchronized (this) {
		Ops pkgOps = getOpsRawLocked(uid, resolvedPackageName, false);
		Ops pkgOps = getOpsLocked(uid, packageName, false);
		if (pkgOps == null) {
		return null;
		}
		@@ -470,7 +466,7 @@ public class AppOpsService extends IAppOpsService.Stub {

		private void pruneOp(Op op, int uid, String packageName) {
		if (op.time == 0 && op.rejectTime == 0) {
		Ops ops = getOpsRawLocked(uid, packageName, false);
		Ops ops = getOpsLocked(uid, packageName, false);
		if (ops != null) {
		ops.remove(op.op);
		if (ops.size() <= 0) {
		@@ -884,12 +880,8 @@ public class AppOpsService extends IAppOpsService.Stub {
		public int checkOperation(int code, int uid, String packageName) {
		verifyIncomingUid(uid);
		verifyIncomingOp(code);
		String resolvedPackageName = resolvePackageName(uid, packageName);
		if (resolvedPackageName == null) {
		return AppOpsManager.MODE_IGNORED;
		}
		synchronized (this) {
		if (isOpRestricted(uid, code, resolvedPackageName)) {
		if (isOpRestricted(uid, code, packageName)) {
		return AppOpsManager.MODE_IGNORED;
		}
		code = AppOpsManager.opToSwitch(code);
		@@ -900,7 +892,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		return uidMode;
		}
		}
		Op op = getOpLocked(code, uid, resolvedPackageName, false);
		Op op = getOpLocked(code, uid, packageName, false);
		if (op == null) {
		return AppOpsManager.opToDefaultMode(code);
		}
		@@ -976,7 +968,6 @@ public class AppOpsService extends IAppOpsService.Stub {

		@Override
		public int checkPackage(int uid, String packageName) {
		Preconditions.checkNotNull(packageName);
		synchronized (this) {
		if (getOpsRawLocked(uid, packageName, true) != null) {
		return AppOpsManager.MODE_ALLOWED;
		@@ -990,39 +981,26 @@ public class AppOpsService extends IAppOpsService.Stub {
		public int noteProxyOperation(int code, String proxyPackageName,
		int proxiedUid, String proxiedPackageName) {
		verifyIncomingOp(code);
		final int proxyUid = Binder.getCallingUid();
		String resolveProxyPackageName = resolvePackageName(proxyUid, proxyPackageName);
		if (resolveProxyPackageName == null) {
		return AppOpsManager.MODE_IGNORED;
		}
		final int proxyMode = noteOperationUnchecked(code, proxyUid,
		resolveProxyPackageName, -1, null);
		final int proxyMode = noteOperationUnchecked(code, Binder.getCallingUid(),
		proxyPackageName, -1, null);
		if (proxyMode != AppOpsManager.MODE_ALLOWED \|\| Binder.getCallingUid() == proxiedUid) {
		return proxyMode;
		}
		String resolveProxiedPackageName = resolvePackageName(proxiedUid, proxiedPackageName);
		if (resolveProxiedPackageName == null) {
		return AppOpsManager.MODE_IGNORED;
		}
		return noteOperationUnchecked(code, proxiedUid, resolveProxiedPackageName,
		proxyMode, resolveProxyPackageName);
		return noteOperationUnchecked(code, proxiedUid, proxiedPackageName,
		Binder.getCallingUid(), proxyPackageName);
		}

		@Override
		public int noteOperation(int code, int uid, String packageName) {
		verifyIncomingUid(uid);
		verifyIncomingOp(code);
		String resolvedPackageName = resolvePackageName(uid, packageName);
		if (resolvedPackageName == null) {
		return AppOpsManager.MODE_IGNORED;
		}
		return noteOperationUnchecked(code, uid, resolvedPackageName, 0, null);
		return noteOperationUnchecked(code, uid, packageName, 0, null);
		}

		private int noteOperationUnchecked(int code, int uid, String packageName,
		int proxyUid, String proxyPackageName) {
		synchronized (this) {
		Ops ops = getOpsRawLocked(uid, packageName, true);
		Ops ops = getOpsLocked(uid, packageName, true);
		if (ops == null) {
		if (DEBUG) Log.d(TAG, "noteOperation: no op for code " + code + " uid " + uid
		+ " package " + packageName);
		@@ -1070,20 +1048,16 @@ public class AppOpsService extends IAppOpsService.Stub {
		public int startOperation(IBinder token, int code, int uid, String packageName) {
		verifyIncomingUid(uid);
		verifyIncomingOp(code);
		String resolvedPackageName = resolvePackageName(uid, packageName);
		if (resolvedPackageName == null) {
		return AppOpsManager.MODE_IGNORED;
		}
		ClientState client = (ClientState)token;
		synchronized (this) {
		Ops ops = getOpsRawLocked(uid, resolvedPackageName, true);
		Ops ops = getOpsLocked(uid, packageName, true);
		if (ops == null) {
		if (DEBUG) Log.d(TAG, "startOperation: no op for code " + code + " uid " + uid
		+ " package " + resolvedPackageName);
		+ " package " + packageName);
		return AppOpsManager.MODE_ERRORED;
		}
		Op op = getOpLocked(ops, code, true);
		if (isOpRestricted(uid, code, resolvedPackageName)) {
		if (isOpRestricted(uid, code, packageName)) {
		return AppOpsManager.MODE_IGNORED;
		}
		final int switchCode = AppOpsManager.opToSwitch(code);
		@@ -1093,7 +1067,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		if (uidMode != AppOpsManager.MODE_ALLOWED) {
		if (DEBUG) Log.d(TAG, "noteOperation: reject #" + op.mode + " for code "
		+ switchCode + " (" + code + ") uid " + uid + " package "
		+ resolvedPackageName);
		+ packageName);
		op.rejectTime = System.currentTimeMillis();
		return uidMode;
		}
		@@ -1101,13 +1075,12 @@ public class AppOpsService extends IAppOpsService.Stub {
		final Op switchOp = switchCode != code ? getOpLocked(ops, switchCode, true) : op;
		if (switchOp.mode != AppOpsManager.MODE_ALLOWED) {
		if (DEBUG) Log.d(TAG, "startOperation: reject #" + op.mode + " for code "
		+ switchCode + " (" + code + ") uid " + uid + " package "
		+ resolvedPackageName);
		+ switchCode + " (" + code + ") uid " + uid + " package " + packageName);
		op.rejectTime = System.currentTimeMillis();
		return switchOp.mode;
		}
		if (DEBUG) Log.d(TAG, "startOperation: allowing code " + code + " uid " + uid
		+ " package " + resolvedPackageName);
		+ " package " + packageName);
		if (op.nesting == 0) {
		op.time = System.currentTimeMillis();
		op.rejectTime = 0;
		@@ -1125,16 +1098,9 @@ public class AppOpsService extends IAppOpsService.Stub {
		public void finishOperation(IBinder token, int code, int uid, String packageName) {
		verifyIncomingUid(uid);
		verifyIncomingOp(code);
		String resolvedPackageName = resolvePackageName(uid, packageName);
		if (resolvedPackageName == null) {
		return;
		}
		if (!(token instanceof ClientState)) {
		return;
		}
		ClientState client = (ClientState)token;
		synchronized (this) {
		Op op = getOpLocked(code, uid, resolvedPackageName, true);
		Op op = getOpLocked(code, uid, packageName, true);
		if (op == null) {
		return;
		}
		@@ -1150,9 +1116,6 @@ public class AppOpsService extends IAppOpsService.Stub {

		@Override
		public int permissionToOpCode(String permission) {
		if (permission == null) {
		return AppOpsManager.OP_NONE;
		}
		return AppOpsManager.permissionToOpCode(permission);
		}

		@@ -1202,6 +1165,15 @@ public class AppOpsService extends IAppOpsService.Stub {
		return uidState;
		}

		private Ops getOpsLocked(int uid, String packageName, boolean edit) {
		if (uid == 0) {
		packageName = "root";
		} else if (uid == Process.SHELL_UID) {
		packageName = "com.android.shell";
		}
		return getOpsRawLocked(uid, packageName, edit);
		}

		private Ops getOpsRawLocked(int uid, String packageName, boolean edit) {
		UidState uidState = getUidStateLocked(uid, edit);
		if (uidState == null) {
		@@ -1287,7 +1259,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		}

		private Op getOpLocked(int code, int uid, String packageName, boolean edit) {
		Ops ops = getOpsRawLocked(uid, packageName, edit);
		Ops ops = getOpsLocked(uid, packageName, edit);
		if (ops == null) {
		return null;
		}
		@@ -1345,7 +1317,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		if (AppOpsManager.opAllowSystemBypassRestriction(code)) {
		// If we are the system, bypass user restrictions for certain codes
		synchronized (this) {
		Ops ops = getOpsRawLocked(uid, packageName, true);
		Ops ops = getOpsLocked(uid, packageName, true);
		if ((ops != null) && ops.isPrivileged) {
		return false;
		}
		@@ -1610,7 +1582,7 @@ public class AppOpsService extends IAppOpsService.Stub {
		out.startTag(null, "uid");
		out.attribute(null, "n", Integer.toString(pkg.getUid()));
		synchronized (this) {
		Ops ops = getOpsRawLocked(pkg.getUid(), pkg.getPackageName(), false);
		Ops ops = getOpsLocked(pkg.getUid(), pkg.getPackageName(), false);
		// Should always be present as the list of PackageOps is generated
		// from Ops.
		if (ops != null) {
		@@ -2131,7 +2103,6 @@ public class AppOpsService extends IAppOpsService.Stub {
		@Override
		public void setUserRestrictions(Bundle restrictions, IBinder token, int userHandle) {
		checkSystemUid("setUserRestrictions");
		Preconditions.checkNotNull(restrictions);
		Preconditions.checkNotNull(token);
		final boolean[] opRestrictions = getOrCreateUserRestrictionsForToken(token, userHandle);
		for (int i = 0; i < opRestrictions.length; ++i) {
		@@ -2346,15 +2317,6 @@ public class AppOpsService extends IAppOpsService.Stub {
		}
		}

		private static String resolvePackageName(int uid, String packageName) {
		if (uid == 0) {
		return "root";
		} else if (uid == Process.SHELL_UID) {
		return "com.android.shell";
		}
		return packageName;
		}

		private static String[] getPackagesForUid(int uid) {
		String[] packageNames = null;
		try {