From b093a01a4a3f19b329b19def03df94273188ec95 Mon Sep 17 00:00:00 2001
From: "Philip P. Moltmann" <moltmann@google.com>
Date: Thu, 9 Apr 2020 16:31:05 -0700
Subject: [PATCH] Allow non-system server code to AppOpsManager.checkOp and
 NoteOp

1. Allow checkOp from any caller, not only callers with
  android.permission.UPDATE_APP_OPS_STATS. This is ok as checkOp does not
  update any stats
2. Clear the binder identity when calling noteOp so that it is checked
  if the service can perform the operation, not the caller.

Test: Verified that RecognitionService can be used by third party apps
Fixes: 152436092
Change-Id: Ie6fe90b5737a1cd24e45446ea91560940b41c8fc
---
 services/core/java/com/android/server/appop/AppOpsService.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index 31bcceaba889f..8ecda8f1a131a 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -2830,7 +2830,6 @@ public class AppOpsService extends IAppOpsService.Stub {
 
     private int checkOperationImpl(int code, int uid, String packageName,
                 boolean raw) {
-        verifyIncomingUid(uid);
         verifyIncomingOp(code);
         String resolvedPackageName = resolvePackageName(uid, packageName);
         if (resolvedPackageName == null) {