Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes from topic "permission_hub_2_framework" into rvc-qpr-dev

Browse Source 
* changes:
  Give Permission Controller the ability to see all accounts.
  Allow perm controller to read historical app-op data
This commit is contained in:
TreeHugger Robot
2020-07-22 06:21:01 +00:00
committed by Android (Google) Code Review
parent 92e9590e7c 9abf24f032
commit b7130b274c
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/etc/privapp-permissions-platform.xml
View File

@@ -143,6 +143,9 @@ applications that come with the platform
<permission name="android.permission.SUBSTITUTE_NOTIFICATION_APP_NAME" />
<permission name="android.permission.PACKAGE_USAGE_STATS" />
<permission name="android.permission.CHANGE_COMPONENT_ENABLED_STATE" />
<!-- For permission hub 2 debugging only -->
<permission name="android.permission.GET_ACCOUNTS_PRIVILEGED"/>
</privapp-permissions>
<privapp-permissions package="com.android.phone">

12
services/core/java/com/android/server/appop/AppOpsService.java
View File

@@ -2052,6 +2052,8 @@ public class AppOpsService extends IAppOpsService.Stub {
public void getHistoricalOps(int uid, String packageName, String attributionTag,
List<String> opNames, int filter, long beginTimeMillis, long endTimeMillis,
int flags, RemoteCallback callback) {
PackageManager pm = mContext.getPackageManager();
ensureHistoricalOpRequestIsValid(uid, packageName, attributionTag, opNames, filter,
beginTimeMillis, endTimeMillis, flags);
Objects.requireNonNull(callback, "callback cannot be null");
@@ -2059,8 +2061,16 @@ public class AppOpsService extends IAppOpsService.Stub {
ActivityManagerInternal ami = LocalServices.getService(ActivityManagerInternal.class);
boolean isCallerInstrumented = ami.isUidCurrentlyInstrumented(Binder.getCallingUid());
boolean isCallerSystem = Binder.getCallingPid() == Process.myPid();
boolean isCallerPermissionController;
try {
isCallerPermissionController = pm.getPackageUid(
mContext.getPackageManager().getPermissionControllerPackageName(), 0)
== Binder.getCallingUid();
} catch (PackageManager.NameNotFoundException doesNotHappen) {
return;
}
if (!isCallerSystem && !isCallerInstrumented) {
if (!isCallerSystem && !isCallerInstrumented && !isCallerPermissionController) {
mHandler.post(() -> callback.sendResult(new Bundle()));
return;
}