• Steve Kondik's avatar
    appops: Privacy Guard for O · a604f39c
    Steve Kondik authored
    Squashed commit of all PG-related features including superuser
       - Sam Mortimer
       - Danesh Mondegarian
       - Jorge Ruesga
       - Diogo Ferreira
       - Roman Birg
       - Adnan Begovic
       - Chirayu Desai
       - Lars Greiss
       - Steve Kondik
       - CodeAurora
    Pulled together from:
    Author: Danesh M <daneshm90@gmail.com>
    Date:   Thu Sep 5 19:23:15 2013 -0700
        Privacy Guard : Reimplement backed by AppOps
        Re-implements privacy guard to use appops.
        Change-Id: I2b52e8cf0d6e126fb156f83df885b5551503cd9d
    Author: Shashank Mittal <mittals@codeaurora.org>
    Date:   Fri Aug 16 01:09:28 2013 -0700
        AppOpsService: Add MODE_ASK support to AppOps.
        Add support for new mode(MODE_ASK) in AppOpsService to show a permission
        dialog box to user to confirm user permission before allowing or ignoring
        that operation.
        All strict operations (defined in AppOpsManager) are going to be in
        MODE_ASK by default.
        Operations will be moved to MODE_ALLOWED or MODE_IGNORED according to
        user's choice.
        Change-Id: I1314125a2b8be558e422e4a9eea0ff066c21bf94
    Author: Shashank Mittal <mittals@codeaurora.org>
    Date:   Tue Sep 3 19:23:10 2013 -0700
        wifi: Confirm user permission before toggling wifi.
        Check user permissions before enabling/disabling wifi.
        Change-Id: I1ddae6e47f42b6d3fc831c2c135ece75cf9e935d
    Author: Shashank Mittal <mittals@codeaurora.org>
    Date:   Thu Sep 5 17:24:44 2013 -0700
        AppOps: Add Bluetooth enable control into AppOps
        Check user permission before enabling bluetooth.
        Change-Id: Iefa4ea3319b33b2639beaf38d261d83649bbcf85
    Author: Sam Mortimer <sam@mortimer.me.uk>
    Date:   Wed Oct 2 22:06:42 2013 -0700
        [2/2] AppOps: Add per Op allowed and ignored counters
        Change-Id: Ifb3d25e17dbab082b816a0a655b4796a83af336b
    Author: Sam Mortimer <sam@mortimer.me.uk>
    Date:   Sun Oct 20 23:48:00 2013 -0700
        AppOps: track op persistence by name instead of id
        On XML write, include the op name.  On XML read, map
        the name back to op id (if it exists).
        Persistent AppOp state now follows the op name instead
        numeric id.  This allows upgrades between versions of
        android that have different code<>name mappings.
        Change-Id: Iffc02095b6838a34ff999f8db51c2c6739dd0db8
    Author: Jorge Ruesga <jorge@ruesga.com>
    Date:   Sat Jan 4 01:34:39 2014 +0100
        privacyguard: Share privacy package name between activity stacks
        AOSP 4.4 now has a stack supervisor with differents activity stacks for home and focus activities.
        Every ActivityStack instance has a ref to this supervisor. Just share the privacy guard package name
        throught the supervisor.
        JIRA: CYAN-2874
        Issue: https://jira.cyanogenmod.org/browse/CYAN-2874
    Author: Steve Kondik <shade@chemlab.org>
    Date:   Sun Feb 23 19:23:31 2014 +0100
        Use MODE_ASK as the default ops mode in Privacy Guard
        * Prompting the user is far more useful as a default behavior. The
          choice will be remembered after the first request.
    Author: Steve Kondik <shade@chemlab.org>
    Date:   Tue Feb 25 13:11:12 2014 +0100
        Relocate and cleanup new app ops features and PGify it
    Author: Shashank Mittal <mittals@codeaurora.org>
    Date:   Wed Dec 4 12:32:12 2013 -0800
        [2/2] Framework AppOps: Add BOOT_COMPLETED operation.
        Add BOOT_COMPLETED operation in AppOps.
        This operation is used to allow user to control auto start of
        applications and services at bootup.
        Change-Id: Ie8488ec1b4683c8617ca569cfc858709f0d35ba2
    Author: Sam Mortimer <sam@mortimer.me.uk>
    Date:   Mon Dec 8 13:51:02 2014 -0800
        Frameworks: Redirect appops strings to string references
        adapted to reflect new permission indices and codes
        Change-Id: Iba9a45838ee8eb7f5cb6ec6d29776574c86e84b6
    Author: Kun Liang <kunliang@codeaurora.org>
    Date:   Thu May 15 14:52:15 2014 +0800
        AppOps: Add nfc enable control into AppOps
        Check user permission before enabling nfc.
        Change-Id: Ia84e33c299e4fdecfd66ee933d9e7d37ed29c340
    Author: Shashank Mittal <mittals@codeaurora.org>
    Date:   Wed Jul 16 17:31:22 2014 -0700
        AppOps: Add support for AppOps policy file
        Add support to read AppOps policy file.
        AppOps policy file can be used to configure Ops default policy.
        Change-Id: Idb4e3501ff9f58e491b06e74152342aa9574afbf
    Author: Kun Liang <kunliang@codeaurora.org>
    Date:   Thu Dec 11 12:57:33 2014 +0800
        AppOps: fix deadlock issue when showing dialog
        WindowManagerService need call PowerManagerService to release
        wakelock. The Notifier in PowerManagerService need call AppOpsService
        to notify holding wakelock ops is finished.  Meanwhile, AppOpsService
        may need call WindowManagerService to show dialog. This scenario
        will lead to deadlock issue.
        To move showing dialog action out of lock section to fix this issue.
        Since only UI work is moved out of lock area, it is supposed to be
        Change-Id: I3f2bf4b9c9d81914cfd3c0fc3fc76d0b4a06a1f6
        CRs-fixed: 786466
    Author: Diogo Ferreira <defer@cyngn.com>
    Date:   Mon Dec 15 12:07:42 2014 +0000
        appops: Add support for SU
        This patch adds support for superuser app-ops control. The end-goal
        is to better prepare superuser for the multi-user experience while
        also replacing the superuser app with existing components.
        Change-Id: I52acf98a39f18f12a23f4f902a39ae3f7c5b4895
    Author: Diogo Ferreira <defer@cyngn.com>
    Date:   Wed Dec 17 17:16:16 2014 +0000
        su: Add an indicator when a 'su' session is active
        This adds an indicator to the statusbar that is visible whenever a root
        session is active, akin to the fine location icon.
        Change-Id: I669fcc87e2b7a3201308170d7727ec5fb0e00e2b
    Author: Diogo Ferreira <defer@cyngn.com>
    Date:   Wed Jan 14 08:44:03 2015 +0000
        appops: Disassociate appops requests from notification broadcasts
        The AppOpsService is essentially a manager for a set of counters
        and permissions. Each operation request has the potential to change
        the state and, as such, access to such state is synchronized.
        We are whitnessing deadlocks caused by the broadcast and, in fact,
        while we want to notify superuser changes eventually, it does not
        have to be synchronous with the app ops request. This patch uses the
        request to schedule the notification on a handler, leaving the locking
        semantics of appops intact.
        Change-Id: I94f6dd2c66b9492f95d3c9ffb438b3e6417007d7
    Author: Lars Greiss <kufikugel@googlemail.com>
    Date:   Sat Apr 25 03:01:35 2015 +0300
        Launch app privacy settings when tapping on PG notification (1/2)
        Based on https://github.com/SlimRoms/frameworks_base/commit/97ccae06cd0ad1aa366c3a70e8e744277c409b06
        JIRA: CYAN-6077
        Change-Id: I8632e8c944c1d5d7ad2fb2a2276bae5fe2d4a0a0
    Author: Roman Birg <roman@cyngn.com>
    Date:   Tue Oct 27 11:52:53 2015 -0700
        AppOps: fix wifi scan op
        There's no direct permission tied to it and fix the op-to-switch entry.
        Change-Id: I661ef6707ba50adb371e3223a91880c4838df669
    Signed-off-by: default avatarRoman Birg <roman@cyngn.com>
    Author: Roman Birg <roman@cyngn.com>
    Date:   Tue Oct 27 13:44:57 2015 -0700
        AppOps: add a default constructor
        Change-Id: I4229a65c362fe4915e62684e5ebc209525c9f9d3
    Signed-off-by: default avatarRoman Birg <roman@cyngn.com>
    Author: Roman Birg <roman@cyngn.com>
    Date:   Thu Oct 29 12:59:14 2015 -0700
        add missing app ops to string array
        Also added op codes to prevent further mismatches.
        Change-Id: I6e20cc5bcabe6a3216cec47d984768bf12cf4311
    Signed-off-by: default avatarRoman Birg <roman@cyngn.com>
    Author: Roman Birg <roman@cyngn.com>
    Date:   Mon Nov 2 09:50:47 2015 -0800
        AppOps: relax some system appops for systemui
        Grant wifi, bt, boot_complete, nfc, and data changes for systemui.
        Also remove the bluetooth permission tied to the bluetooth_change op -
        it is not always directly tied to BLUETOOTH or BLUETOOTH_ADMIN, so we
        can't force one there.
        Change-Id: Ib042dc34b0763b2d84a57baa71dc9fa995724d64
    Signed-off-by: default avatarRoman Birg <roman@cyngn.com>
    Author: Chirayu Desai <cdesai@cyanogenmod.org>
    Date:   Mon Dec 7 14:10:44 2015 -0800
        Allow disabling the privacy guard notification - port from cm-12.1 (2/3)
        Change-Id: Iab0288f50685220c8be0c11ea5075f91ec1bbe32
    Author: Michael Bestas <mikeioannina@gmail.com>
    Date:   Sun Jan 3 04:36:26 2016 +0200
        Revert "AppOps: add a default constructor"
        * Not needed after http://review.cyanogenmod.org/126381
        This reverts commit 19e0ce07.
        Change-Id: I12bfe4f7d119627a3fe08d01e8ae5b065b0f709a
    Author: Gabriele M <moto.falcon.git@gmail.com>
    Date:   Wed Jan 6 18:27:32 2016 +0100
        Align checkbox and description in permission confirmation dialog
        Change-Id: I9a9ab3a3f59e3d56fc774174ba37d9e191698fe5
    Author: Adnan Begovic <adnan@cyngn.com>
    Date:   Mon May 23 16:06:10 2016 -0700
        appops: Implement concept of delayedcount.
         High frequency request ops will be delayed until their ignore count
         ceiling is met. This is to mitigate the overloading the main activity
         manager service handler and having watchdog kill our service.
         Google play services likes to share its uid with numerous packages to avoid
         having to grant permissions from the users perspective and thus is the worst
         example of overloading this queue -- so, to not encourage bad behavior,
         we move them to the back of the line. NOTE: these values are magic, and may need
         tuning. Ideally we'd want a ringbuffer or token bucket here to do proper rate
        Change-Id: I5c3e88807abc80f9700dd68dcecd87dac4626de7
        TICKET: CYNGNOS-2869
    Author: Adnan Begovic <adnan@cyngn.com>
    Date:   Tue May 24 18:17:03 2016 -0700
        appops: Respect screen interactivity before creating dialogs.
          If the device's screen is currently off, do not queue ask
          runnables who cannot be interacted with. Since these events
          are gating mechanisms for closing an IPC loop, they need to
          happen when the user is interacting with the device.
          Likewise, on screen off, clear the queue of every op as they
          become unnecessary.
        Change-Id: Ie930d200839c9408e882510c6bc3ede37ea889ef
        TICKET: CYNGNOS-2869
    Author: Gabriele M <moto.falcon.git@gmail.com>
    Date:   Sun Aug 6 13:08:33 2017 +0200
        Change visibility of the Privacy Guard ops set
        Change-Id: Iafcf058f5e2074982bf45f8c82ef8d027b9358f0
    Author: Unpublished <unpublished@gmx.net>
    Date:   Tue Oct 24 21:09:31 2017 +0200
        We don't want to feel deprecated...
        use official api instead of deprecated internal method that prints an
        error everytime we call it
        Change-Id: Ie00efe5f514ff8db2b82eeade3a588a17af8cfb4
    Author: Jane Manchun Wong <jane@wongmjane.com>
    Date:   Wed Mar 1 23:37:58 2017 -0500
        Remove Cid from PrivacyGuard's notification icon
        Change-Id: I5dfe6c2d10e9dd1a022e50e02f72151b1b8a520e
    Author: Zhao Wei Liew <zhaoweiliew@gmail.com>
    Date:   Tue Sep 6 21:33:57 2016 +0800
        core: Import some PG string improvements from CM 13.0
        This commit partially squashes the following commits:
        core: String improvements from cm-12.1
        String update, change wording from "Mobile" to "Cellular"
        Change-Id: I0616eb06f48813814b4005e9b60358669f69b0c8
    Change-Id: I5414dd0be6a81e143f5035e58709ac4258c93616