Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6a700f91 authored by Brian Stack's avatar Brian Stack
Browse files

Do not check AppOp if not required 

Only check the AppOp if a sensor explicitly requires an AppOp.
Otherwise, only check if the client has permission to access the
sensor.

Bug: 131910349
Test: Verified a_sns_test can access sensors.
Test: Verified app targeting Q must have AR permission to access Step
      Detector and Step Counter.
Test: Verified app targeting P with AR permission defined in manifest
      cannot receive Step Counter or Step Detector events if user
      revokes AR permission.
Test: Verified app targeting P without any permissions defined in the
      manifest can access Step Counter and Step Detector.
Test: Verified app targeting J cannot receive Step Counter or Step
      Detector events if user revokes AR permission.
Change-Id: I3c2dd20889b99bce047025607cc6e921330de52e
parent 46b45af9

services/sensorservice/SensorService.cpp

+20 −17
Original line number Diff line number Diff line
@@ -1686,28 +1686,31 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, 
    const int32_t opCode = sensor.getRequiredAppOp();

    const int32_t appOpMode = sAppOpsManager.checkOp(opCode,

            IPCThreadState::self()->getCallingUid(), opPackageName);

    bool appOpAllowed = appOpMode == AppOpsManager::MODE_ALLOWED;



    // Ensure that the AppOp is allowed

    //

    // This check is also required to ensure that the user hasn't revoked the necessary permissions

    // to access the Step Detector and Step Counter when the application targets pre-Q. Without this

    // check, if the user revokes the pre-Q install-time GMS Core AR permission, the app would

    // still be able to receive Step Counter and Step Detector events.

    bool canAccess = false;

    if (opCode >= 0 && appOpMode == AppOpsManager::MODE_ALLOWED) {

    if (hasPermissionForSensor(sensor)) {

        // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor

        if (opCode < 0 || appOpAllowed) {

            canAccess = true;

        }

    } else if (sensor.getType() == SENSOR_TYPE_STEP_COUNTER ||

            sensor.getType() == SENSOR_TYPE_STEP_DETECTOR) {

        int targetSdkVersion = getTargetSdkVersion(opPackageName);

        // Allow access to the sensor if the application targets pre-Q, which is before the

        // requirement to hold the AR permission to access Step Counter and Step Detector events

            // was introduced.

            if (targetSdkVersion > 0 && targetSdkVersion <= __ANDROID_API_P__) {

        // was introduced, and the user hasn't revoked the app op.

        //

        // Verifying the app op is required to ensure that the user hasn't revoked the necessary

        // permissions to access the Step Detector and Step Counter when the application targets

        // pre-Q. Without this check, if the user revokes the pre-Q install-time GMS Core AR

        // permission, the app would still be able to receive Step Counter and Step Detector events.

        if (appOpAllowed &&

                targetSdkVersion > 0 &&

                targetSdkVersion <= __ANDROID_API_P__) {

            canAccess = true;

        }

    }

    }



    if (canAccess) {

        sAppOpsManager.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName);