Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 20630096 authored by Hani Kazmi's avatar Hani Kazmi
Browse files

Replace ECM AppOps call with service 

A new ECM service was introcuded in changeId
I831391e4437b51b3312b5273a2360bd029a3d8ee.

We begin calling it, and update/cleanup method signatures to match.

Note: There are two feature flags:

1. enhancedConfirmationModeApisEnabled - read only, protects the
   mainline API.

2. extendEcmToAllSettings - runtime - gates calls to the above APIs.

We use both so we can ramp up in teamfood as needed.

Bug: 297372999
Test: Tested on device
Test: atest SpaPrivilegedLibTests
Test: atest com.android.settings.applications.specialaccess.notificationaccess
Test: atest com.android.settings.datausage
Test: atest PremiumSmsAccessTest
Test: atest RestrictedPreferenceHelperTest
Change-Id: I945ec51df5cd63de548a8ffdd1acc4f09f2301e5
parent 96ab2b9e

src/com/android/settings/ActionDisabledByAppOpsDialog.java

+0 −1
Original line number Diff line number Diff line
@@ -21,7 +21,6 @@ import android.app.AppOpsManager; 
import android.content.DialogInterface;

import android.content.Intent;

import android.os.Bundle;

import android.util.Log;



public class ActionDisabledByAppOpsDialog extends Activity

        implements DialogInterface.OnDismissListener {

src/com/android/settings/accessibility/AccessibilityDetailsSettingsFragment.java

+4 −10
Original line number Diff line number Diff line
@@ -43,6 +43,7 @@ import com.android.settings.R; 
import com.android.settings.core.InstrumentedFragment;

import com.android.settings.core.SubSettingLauncher;

import com.android.settings.overlay.FeatureFactory;

import com.android.settingslib.RestrictedLockUtilsInternal;

import com.android.settingslib.accessibility.AccessibilityUtils;



import java.util.List;
@@ -164,16 +165,9 @@ public class AccessibilityDetailsSettingsFragment extends InstrumentedFragment { 
        if (permittedServices != null && !permittedServices.contains(packageName)) {

            return false;

        }

        try {

            final int mode = mAppOps.noteOpNoThrow(AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,

                    uid, packageName);

            final boolean ecmEnabled = getContext().getResources().getBoolean(

                    com.android.internal.R.bool.config_enhancedConfirmationModeEnabled);

            return !ecmEnabled || mode == AppOpsManager.MODE_ALLOWED;

        } catch (Exception e) {

            // Fallback in case if app ops is not available in testing.

            return true;

        }



        return !RestrictedLockUtilsInternal.isEnhancedConfirmationRestricted(getContext(),

                packageName, AppOpsManager.OPSTR_BIND_ACCESSIBILITY_SERVICE);

    }



    private AccessibilityServiceInfo getAccessibilityServiceInfo(ComponentName componentName) {

src/com/android/settings/accessibility/RestrictedPreferenceHelper.java

+34 −34
Original line number Diff line number Diff line
@@ -235,10 +235,11 @@ public class RestrictedPreferenceHelper { 
        boolean serviceAllowed = permittedServices == null || permittedServices.contains(

                preference.getPackageName());



        if (android.security.Flags.extendEcmToAllSettings()) {

        if (android.permission.flags.Flags.enhancedConfirmationModeApisEnabled()

                && android.security.Flags.extendEcmToAllSettings()) {

            preference.checkEcmRestrictionAndSetDisabled(

                    AppOpsManager.OPSTR_BIND_ACCESSIBILITY_SERVICE,

                    preference.getPackageName(), preference.getUid());

                    preference.getPackageName());

            if (preference.isDisabledByEcm()) {

                serviceAllowed = false;

            }
@@ -257,9 +258,7 @@ public class RestrictedPreferenceHelper { 
                    preference.setEnabled(false);

                }

            }

            return;

        }



        } else {

            boolean appOpsAllowed;

            if (serviceAllowed) {

                try {
@@ -294,6 +293,7 @@ public class RestrictedPreferenceHelper { 
                }

            }

        }

    }



    /** Puts the basic extras into {@link RestrictedPreference}'s getExtras(). */

    private void putBasicExtras(RestrictedPreference preference, String prefKey,

src/com/android/settings/applications/UsageAccessDetails.java

+1 −1
Original line number Diff line number Diff line
@@ -174,7 +174,7 @@ public class UsageAccessDetails extends AppInfoWithHeader implements OnPreferenc 


        if (shouldEnable && !hasAccess) {

            mSwitchPref.checkEcmRestrictionAndSetDisabled(AppOpsManager.OPSTR_GET_USAGE_STATS,

                    mPackageName, mPackageInfo.applicationInfo.uid);

                    mPackageName);

            shouldEnable = !mSwitchPref.isDisabledByEcm();

        }

src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java

+37 −14
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ import android.app.Activity; 
import android.app.AppOpsManager;

import android.app.KeyguardManager;

import android.app.admin.DevicePolicyManager;

import android.app.ecm.EnhancedConfirmationManager;

import android.app.settings.SettingsEnums;

import android.content.BroadcastReceiver;

import android.content.Context;
@@ -490,12 +491,23 @@ public class AppInfoDashboardFragment extends DashboardFragment 
                return true;

            case ACCESS_RESTRICTED_SETTINGS:

                showLockScreen(getContext(), () -> {

                    if (android.permission.flags.Flags.enhancedConfirmationModeApisEnabled()

                            && android.security.Flags.extendEcmToAllSettings()) {

                        EnhancedConfirmationManager manager = getContext().getSystemService(

                                EnhancedConfirmationManager.class);

                        try {

                            manager.clearRestriction(getPackageName());

                        } catch (NameNotFoundException e) {

                            Log.e(TAG, "Exception when retrieving package:" + getPackageName(), e);

                        }

                    } else {

                        final AppOpsManager appOpsManager = getContext().getSystemService(

                                AppOpsManager.class);

                        appOpsManager.setMode(AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,

                                getUid(),

                                getPackageName(),

                                AppOpsManager.MODE_ALLOWED);

                    }

                    getActivity().invalidateOptionsMenu();

                    final String toastString = getContext().getString(

                            R.string.toast_allows_restricted_settings_successfully,
@@ -527,6 +539,16 @@ public class AppInfoDashboardFragment extends DashboardFragment 
    }



    private boolean shouldShowAccessRestrictedSettings() {

        if (android.permission.flags.Flags.enhancedConfirmationModeApisEnabled()

                && android.security.Flags.extendEcmToAllSettings()) {

            try {

                return getSystemService(EnhancedConfirmationManager.class)

                        .isClearRestrictionAllowed(getPackageName());

            } catch (NameNotFoundException e) {

                Log.e(TAG, "Exception when retrieving package:" + getPackageName(), e);

                return false;

            }

        } else {

            try {

                final int mode = getSystemService(AppOpsManager.class).noteOpNoThrow(

                        AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS, getUid(),
@@ -537,6 +559,7 @@ public class AppInfoDashboardFragment extends DashboardFragment 
                return false;

            }

        }

    }



    @VisibleForTesting

    boolean shouldShowUninstallForAll(AppEntry appEntry) {