Restricts notified app ops based on flags

        <permission name="android.permission.MODIFY_PHONE_STATE"/>

        <permission name="android.permission.MODIFY_PHONE_STATE"/>

        <permission name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS"/>

        <permission name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS"/>

        <permission name="android.permission.OBSERVE_NETWORK_POLICY"/>

        <permission name="android.permission.OBSERVE_NETWORK_POLICY"/>

        <permission name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS" />

        <permission name="android.permission.OVERRIDE_WIFI_CONFIG"/>

        <permission name="android.permission.OVERRIDE_WIFI_CONFIG"/>

        <permission name="android.permission.PACKAGE_USAGE_STATS" />

        <permission name="android.permission.PACKAGE_USAGE_STATS" />

        <permission name="android.permission.READ_DREAM_STATE"/>

        <permission name="android.permission.READ_DREAM_STATE"/>

    <!-- Listen app op changes -->

    <!-- Listen app op changes -->

    <uses-permission android:name="android.permission.WATCH_APPOPS" />

    <uses-permission android:name="android.permission.WATCH_APPOPS" />

    <uses-permission android:name="android.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS" />

    <!-- to read and change hvac values in a car -->

    <!-- to read and change hvac values in a car -->

    <uses-permission android:name="android.car.permission.CONTROL_CAR_CLIMATE" />

    <uses-permission android:name="android.car.permission.CONTROL_CAR_CLIMATE" />

import android.app.AppOpsManager;

import android.app.AppOpsManager;

import android.content.Context;

import android.content.Context;

import android.content.pm.PackageManager;

import android.os.Handler;

import android.os.Handler;

import android.os.Looper;

import android.os.Looper;

import android.os.UserHandle;

import android.os.UserHandle;

import android.util.Log;

import android.util.Log;

import android.util.SparseArray;

import android.util.SparseArray;

import androidx.annotation.WorkerThread;

import com.android.internal.annotations.GuardedBy;

import com.android.internal.annotations.GuardedBy;

import com.android.internal.annotations.VisibleForTesting;

import com.android.internal.annotations.VisibleForTesting;

import com.android.systemui.Dumpable;

import com.android.systemui.Dumpable;

import com.android.systemui.dagger.qualifiers.Background;

import com.android.systemui.dagger.qualifiers.Background;

import com.android.systemui.dump.DumpManager;

import com.android.systemui.dump.DumpManager;

import com.android.systemui.util.Assert;

import java.io.FileDescriptor;

import java.io.FileDescriptor;

import java.io.PrintWriter;

import java.io.PrintWriter;

    private H mBGHandler;

    private H mBGHandler;

    private final List<AppOpsController.Callback> mCallbacks = new ArrayList<>();

    private final List<AppOpsController.Callback> mCallbacks = new ArrayList<>();

    private final SparseArray<Set<Callback>> mCallbacksByCode = new SparseArray<>();

    private final SparseArray<Set<Callback>> mCallbacksByCode = new SparseArray<>();

    private final PermissionFlagsCache mFlagsCache;

    private boolean mListening;

    private boolean mListening;

    @GuardedBy("mActiveItems")

    @GuardedBy("mActiveItems")

    public AppOpsControllerImpl(

    public AppOpsControllerImpl(

            Context context,

            Context context,

            @Background Looper bgLooper,

            @Background Looper bgLooper,

            DumpManager dumpManager) {

            DumpManager dumpManager,

            PermissionFlagsCache cache

    ) {

        mAppOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);

        mAppOps = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);

        mFlagsCache = cache;

        mBGHandler = new H(bgLooper);

        mBGHandler = new H(bgLooper);

        final int numOps = OPS.length;

        final int numOps = OPS.length;

        for (int i = 0; i < numOps; i++) {

        for (int i = 0; i < numOps; i++) {

        return createdNew;

        return createdNew;

    }

    }

    /**

     * Does the app-op code refer to a user sensitive permission for the specified user id

     * and package. Only user sensitive permission should be shown to the user by default.

     *

     * @param appOpCode The code of the app-op.

     * @param uid The uid of the user.

     * @param packageName The name of the package.

     *

     * @return {@code true} iff the app-op item is user sensitive

     */

    private boolean isUserSensitive(int appOpCode, int uid, String packageName) {

        String permission = AppOpsManager.opToPermission(appOpCode);

        if (permission == null) {

            return false;

        }

        int permFlags = mFlagsCache.getPermissionFlags(permission,

                packageName, uid);

        return (permFlags & PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED) != 0;

    }

    /**

     * Does the app-op item refer to an operation that should be shown to the user.

     * Only specficic ops (like SYSTEM_ALERT_WINDOW) or ops that refer to user sensitive

     * permission should be shown to the user by default.

     *

     * @param item The item

     *

     * @return {@code true} iff the app-op item should be shown to the user

     */

    private boolean isUserVisible(AppOpItem item) {

        return isUserVisible(item.getCode(), item.getUid(), item.getPackageName());

    }

    /**

     * Does the app-op, uid and package name, refer to an operation that should be shown to the

     * user. Only specficic ops (like {@link AppOpsManager.OP_SYSTEM_ALERT_WINDOW}) or

     * ops that refer to user sensitive permission should be shown to the user by default.

     *

     * @param item The item

     *

     * @return {@code true} iff the app-op for should be shown to the user

     */

    private boolean isUserVisible(int appOpCode, int uid, String packageName) {

        // currently OP_SYSTEM_ALERT_WINDOW does not correspond to a platform permission

        // which may be user senstive, so for now always show it to the user.

        if (appOpCode == AppOpsManager.OP_SYSTEM_ALERT_WINDOW) {

            return true;

        }

        return isUserSensitive(appOpCode, uid, packageName);

    }

    /**

    /**

     * Returns a copy of the list containing all the active AppOps that the controller tracks.

     * Returns a copy of the list containing all the active AppOps that the controller tracks.

     *

     *

     * Call from a worker thread as it may perform long operations.

     *

     * @return List of active AppOps information

     * @return List of active AppOps information

     */

     */

    @WorkerThread

    public List<AppOpItem> getActiveAppOps() {

    public List<AppOpItem> getActiveAppOps() {

        return getActiveAppOpsForUser(UserHandle.USER_ALL);

        return getActiveAppOpsForUser(UserHandle.USER_ALL);

    }

    }

     * Returns a copy of the list containing all the active AppOps that the controller tracks, for

     * Returns a copy of the list containing all the active AppOps that the controller tracks, for

     * a given user id.

     * a given user id.

     *

     *

     * Call from a worker thread as it may perform long operations.

     *

     * @param userId User id to track, can be {@link UserHandle#USER_ALL}

     * @param userId User id to track, can be {@link UserHandle#USER_ALL}

     *

     *

     * @return List of active AppOps information for that user id

     * @return List of active AppOps information for that user id

     */

     */

    @WorkerThread

    public List<AppOpItem> getActiveAppOpsForUser(int userId) {

    public List<AppOpItem> getActiveAppOpsForUser(int userId) {

        Assert.isNotMainThread();

        List<AppOpItem> list = new ArrayList<>();

        List<AppOpItem> list = new ArrayList<>();

        synchronized (mActiveItems) {

        synchronized (mActiveItems) {

            final int numActiveItems = mActiveItems.size();

            final int numActiveItems = mActiveItems.size();

            for (int i = 0; i < numActiveItems; i++) {

            for (int i = 0; i < numActiveItems; i++) {

                AppOpItem item = mActiveItems.get(i);

                AppOpItem item = mActiveItems.get(i);

                if ((userId == UserHandle.USER_ALL

                if ((userId == UserHandle.USER_ALL

                        || UserHandle.getUserId(item.getUid()) == userId)) {

                        || UserHandle.getUserId(item.getUid()) == userId)

                        && isUserVisible(item)) {

                    list.add(item);

                    list.add(item);

                }

                }

            }

            }

            for (int i = 0; i < numNotedItems; i++) {

            for (int i = 0; i < numNotedItems; i++) {

                AppOpItem item = mNotedItems.get(i);

                AppOpItem item = mNotedItems.get(i);

                if ((userId == UserHandle.USER_ALL

                if ((userId == UserHandle.USER_ALL

                        || UserHandle.getUserId(item.getUid()) == userId)) {

                        || UserHandle.getUserId(item.getUid()) == userId)

                        && isUserVisible(item)) {

                    list.add(item);

                    list.add(item);

                }

                }

            }

            }

    }

    }

    private void notifySuscribers(int code, int uid, String packageName, boolean active) {

    private void notifySuscribers(int code, int uid, String packageName, boolean active) {

        if (mCallbacksByCode.contains(code)) {

        if (mCallbacksByCode.contains(code) && isUserVisible(code, uid, packageName)) {

            if (DEBUG) Log.d(TAG, "Notifying of change in package " + packageName);

            if (DEBUG) Log.d(TAG, "Notifying of change in package " + packageName);

            for (Callback cb: mCallbacksByCode.get(code)) {

            for (Callback cb: mCallbacksByCode.get(code)) {

                cb.onActiveStateChanged(code, uid, packageName, active);

                cb.onActiveStateChanged(code, uid, packageName, active);

/*

 * Copyright (C) 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License

 */

package com.android.systemui.appops

import android.content.pm.PackageManager

import android.os.UserHandle

import androidx.annotation.WorkerThread

import com.android.systemui.dagger.qualifiers.Background

import com.android.systemui.util.Assert

import java.util.concurrent.Executor

import javax.inject.Inject

import javax.inject.Singleton

private data class PermissionFlagKey(

    val permission: String,

    val packageName: String,

    val uid: Int

)

/**

 * Cache for PackageManager's PermissionFlags.

 *

 * After a specific `{permission, package, uid}` has been requested, updates to it will be tracked,

 * and changes to the uid will trigger new requests (in the background).

 */

@Singleton

class PermissionFlagsCache @Inject constructor(

    private val packageManager: PackageManager,

    @Background private val executor: Executor

) : PackageManager.OnPermissionsChangedListener {

    private val permissionFlagsCache =

            mutableMapOf<Int, MutableMap<PermissionFlagKey, Int>>()

    private var listening = false

    override fun onPermissionsChanged(uid: Int) {

        executor.execute {

            // Only track those that we've seen before

            val keys = permissionFlagsCache.get(uid)

            if (keys != null) {

                keys.mapValuesTo(keys) {

                    getFlags(it.key)

                }

            }

        }

    }

    /**

     * Retrieve permission flags from cache or PackageManager. There parameters will be passed

     * directly to [PackageManager].

     *

     * Calls to this method should be done from a background thread (though it will only be

     * enforced if the cache is not hit).

     */

    @WorkerThread

    fun getPermissionFlags(permission: String, packageName: String, uid: Int): Int {

        if (!listening) {

            listening = true

            packageManager.addOnPermissionsChangeListener(this)

        }

        val key = PermissionFlagKey(permission, packageName, uid)

        return permissionFlagsCache.getOrPut(uid, { mutableMapOf() }).get(key) ?: run {

            getFlags(key).also {

                Assert.isNotMainThread()

                permissionFlagsCache.get(uid)?.put(key, it)

            }

        }

    }

    private fun getFlags(key: PermissionFlagKey): Int {

        return packageManager.getPermissionFlags(key.permission, key.packageName,

                UserHandle.getUserHandleForUid(key.uid))

    }

}

 No newline at end of file

import com.android.systemui.appops.AppOpItem;

import com.android.systemui.appops.AppOpItem;

import com.android.systemui.appops.AppOpsController;

import com.android.systemui.appops.AppOpsController;

import com.android.systemui.broadcast.BroadcastDispatcher;

import com.android.systemui.broadcast.BroadcastDispatcher;

import com.android.systemui.dagger.qualifiers.Background;

import com.android.systemui.dagger.qualifiers.Main;

import com.android.systemui.dagger.qualifiers.Main;

import com.android.systemui.util.Utils;

import com.android.systemui.util.Utils;

    @Inject

    @Inject

    public LocationControllerImpl(Context context, AppOpsController appOpsController,

    public LocationControllerImpl(Context context, AppOpsController appOpsController,

            @Main Looper mainLooper, BroadcastDispatcher broadcastDispatcher,

            @Main Looper mainLooper, @Background Handler backgroundHandler,

            BootCompleteCache bootCompleteCache) {

            BroadcastDispatcher broadcastDispatcher, BootCompleteCache bootCompleteCache) {

        mContext = context;

        mContext = context;

        mAppOpsController = appOpsController;

        mAppOpsController = appOpsController;

        mBootCompleteCache = bootCompleteCache;

        mBootCompleteCache = bootCompleteCache;

        mAppOpsController.addCallback(new int[]{OP_MONITOR_HIGH_POWER_LOCATION}, this);

        mAppOpsController.addCallback(new int[]{OP_MONITOR_HIGH_POWER_LOCATION}, this);

        // Examine the current location state and initialize the status view.

        // Examine the current location state and initialize the status view.

        updateActiveLocationRequests();

        backgroundHandler.post(this::updateActiveLocationRequests);

    }

    }

    /**

    /**