Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Fix issue #62342672: API Review: OPSTR_ACTIVATE_VPN SystemApi" into pi-dev

Browse Source
This commit is contained in:
Dianne Hackborn
2018-03-14 03:02:20 +00:00
committed by Android (Google) Code Review
parent 2801bf00de bf1b57d856
commit bf5387edd8
6 changed files with 53 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api/system-current.txt
View File

@@ -261,6 +261,7 @@ package android.app {
public class AppOpsManager {
method public static java.lang.String[] getOpStrs();
method public void setMode(java.lang.String, int, java.lang.String, int);
method public void setUidMode(java.lang.String, int, int);
field public static final java.lang.String OPSTR_ACCEPT_HANDOVER = "android:accept_handover";
field public static final java.lang.String OPSTR_ACCESS_NOTIFICATIONS = "android:access_notifications";

27
core/java/android/app/AppOpsManager.java
View File

@@ -1609,6 +1609,7 @@ public class AppOpsManager {
* @param mode The app op mode to set.
* @hide
*/
@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
public void setUidMode(int code, int uid, int mode) {
try {
mService.setUidMode(code, uid, mode);
@@ -1628,7 +1629,7 @@ public class AppOpsManager {
* @hide
*/
@SystemApi
@RequiresPermission(android.Manifest.permission.UPDATE_APP_OPS_STATS)
@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
public void setUidMode(String appOp, int uid, int mode) {
try {
mService.setUidMode(AppOpsManager.strOpToOp(appOp), uid, mode);
@@ -1660,6 +1661,7 @@ public class AppOpsManager {
/** @hide */
@TestApi
@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
public void setMode(int code, int uid, String packageName, int mode) {
try {
mService.setMode(code, uid, packageName, mode);
@@ -1668,6 +1670,27 @@ public class AppOpsManager {
}
}
/**
* Change the operating mode for the given op in the given app package. You must pass
* in both the uid and name of the application whose mode is being modified; if these
* do not match, the modification will not be applied.
*
* @param op The operation to modify. One of the OPSTR_* constants.
* @param uid The user id of the application whose mode will be changed.
* @param packageName The name of the application package name whose mode will
* be changed.
* @hide
*/
@SystemApi
@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
public void setMode(String op, int uid, String packageName, int mode) {
try {
mService.setMode(strOpToOp(op), uid, packageName, mode);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
* Set a non-persisted restriction on an audio operation at a stream-level.
* Restrictions are temporary additional constraints imposed on top of the persisted rules
@@ -1679,6 +1702,7 @@ public class AppOpsManager {
* @param exceptionPackages Optional list of packages to exclude from the restriction.
* @hide
*/
@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
public void setRestriction(int code, @AttributeUsage int usage, int mode,
String[] exceptionPackages) {
try {
@@ -1690,6 +1714,7 @@ public class AppOpsManager {
}
/** @hide */
@RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
public void resetAllModes() {
try {
mService.resetAllModes(mContext.getUserId(), null);

6
core/res/AndroidManifest.xml
View File

@@ -2552,6 +2552,12 @@
<permission android:name="android.permission.MANAGE_APP_OPS_RESTRICTIONS"
android:protectionLevel="signature|installer" />
<!-- Allows an application to update the user app op modes.
Not for use by third party apps.
@hide -->
<permission android:name="android.permission.MANAGE_APP_OPS_MODES"
android:protectionLevel="signature|installer|verifier" />
<!-- @SystemApi Allows an application to open windows that are for use by parts
of the system user interface.
<p>Not for use by third-party applications.

1
packages/Shell/AndroidManifest.xml
View File

@@ -118,6 +118,7 @@
<uses-permission android:name="android.permission.REGISTER_CONNECTION_MANAGER" />
<uses-permission android:name="android.permission.REGISTER_SIM_SUBSCRIPTION" />
<uses-permission android:name="android.permission.GET_APP_OPS_STATS" />
<uses-permission android:name="android.permission.MANAGE_APP_OPS_MODES" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.MANAGE_ACTIVITY_STACKS" />
<uses-permission android:name="android.permission.ACTIVITY_EMBEDDING" />

12
services/core/java/com/android/server/AppOpsService.java
View File

@@ -610,7 +610,7 @@ public class AppOpsService extends IAppOpsService.Stub {
@Override
public void setUidMode(int code, int uid, int mode) {
if (Binder.getCallingPid() != Process.myPid()) {
mContext.enforcePermission(android.Manifest.permission.UPDATE_APP_OPS_STATS,
mContext.enforcePermission(android.Manifest.permission.MANAGE_APP_OPS_MODES,
Binder.getCallingPid(), Binder.getCallingUid(), null);
}
verifyIncomingOp(code);
@@ -714,7 +714,7 @@ public class AppOpsService extends IAppOpsService.Stub {
@Override
public void setMode(int code, int uid, String packageName, int mode) {
if (Binder.getCallingPid() != Process.myPid()) {
mContext.enforcePermission(android.Manifest.permission.UPDATE_APP_OPS_STATS,
mContext.enforcePermission(android.Manifest.permission.MANAGE_APP_OPS_MODES,
Binder.getCallingPid(), Binder.getCallingUid(), null);
}
verifyIncomingOp(code);
@@ -832,7 +832,7 @@ public class AppOpsService extends IAppOpsService.Stub {
public void resetAllModes(int reqUserId, String reqPackageName) {
final int callingPid = Binder.getCallingPid();
final int callingUid = Binder.getCallingUid();
mContext.enforcePermission(android.Manifest.permission.UPDATE_APP_OPS_STATS,
mContext.enforcePermission(android.Manifest.permission.MANAGE_APP_OPS_MODES,
callingPid, callingUid, null);
reqUserId = ActivityManager.handleIncomingUser(callingPid, callingUid, reqUserId,
true, true, "resetAllModes", null);
@@ -1087,6 +1087,8 @@ public class AppOpsService extends IAppOpsService.Stub {
String[] exceptionPackages) {
verifyIncomingUid(uid);
verifyIncomingOp(code);
mContext.enforcePermission(android.Manifest.permission.MANAGE_APP_OPS_MODES,
Binder.getCallingPid(), Binder.getCallingUid(), null);
synchronized (this) {
SparseArray<Restriction> usageRestrictions = mAudioRestrictions.get(code);
if (usageRestrictions == null) {
@@ -2330,7 +2332,7 @@ public class AppOpsService extends IAppOpsService.Stub {
}
case "write-settings": {
shell.mInternal.mContext.enforcePermission(
android.Manifest.permission.UPDATE_APP_OPS_STATS,
android.Manifest.permission.MANAGE_APP_OPS_MODES,
Binder.getCallingPid(), Binder.getCallingUid(), null);
long token = Binder.clearCallingIdentity();
try {
@@ -2346,7 +2348,7 @@ public class AppOpsService extends IAppOpsService.Stub {
}
case "read-settings": {
shell.mInternal.mContext.enforcePermission(
android.Manifest.permission.UPDATE_APP_OPS_STATS,
android.Manifest.permission.MANAGE_APP_OPS_MODES,
Binder.getCallingPid(), Binder.getCallingUid(), null);
long token = Binder.clearCallingIdentity();
try {

15
services/core/java/com/android/server/notification/ZenModeHelper.java
View File

@@ -893,9 +893,18 @@ public class ZenModeHelper {
protected void applyRestrictions(boolean mute, int usage, int code) {
final String[] exceptionPackages = null; // none (for now)
mAppOps.setRestriction(code, usage,
mute ? AppOpsManager.MODE_IGNORED : AppOpsManager.MODE_ALLOWED,
exceptionPackages);
// Only do this if we are executing within the system process... otherwise
// we are running as test code, so don't have access to the protected call.
if (Process.myUid() == Process.SYSTEM_UID) {
final long ident = Binder.clearCallingIdentity();
try {
mAppOps.setRestriction(code, usage,
mute ? AppOpsManager.MODE_IGNORED : AppOpsManager.MODE_ALLOWED,
exceptionPackages);
} finally {
Binder.restoreCallingIdentity(ident);
}
}
}
@VisibleForTesting