Cross Reference: /frameworks/base/services/core/java/com/android/server/AppOpsService.java

History log of /frameworks/base/services/core/java/com/android/server/AppOpsService.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
5376edd3b18984dfdfca16d7c15bd8913c5ceba5	05-Jun-2018	Dianne Hackborn <hackbod@google.com>	Fix issue #109746350: startWatchingMode fails on P Remove permission check, reverting to O behavior. Bug: 109746350 Test: manual Change-Id: I643321d508abc5fac5df83f4df3605ad8252e378 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
a1ce9637435f28b1de2b9e8e8a2175b53cc9e0f2	29-May-2018	Amith Yamasani <yamasani@google.com>	Fix for missing location icon OpEntry.duration was being used to indicate that the operation was still running if -1 is returned. A recent change caused a regression. Adding a new mRunning field in OpEntry to explicitly hold the running state, even when partial duration is updated. Change-Id: Ib29f4c903f990aaa202e84f964959aedfc24abdb Fixes: 80242152 Test: atest FrameworksServicesTests:AppOpsActiveWatcherTest Test: Launch maps and verify the location icon is visible in the status bar /frameworks/base/services/core/java/com/android/server/AppOpsService.java
b94d82f41576fa81fc2aa1994a88796b71c6b9e4	17-May-2018	Dianne Hackborn <hackbod@google.com>	Fix dump formatting. Bug: 78480444 Test: manual Change-Id: Ic16411458f952ed101be72997e48a86afe2a03b2 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
e93ab41d2a98f154f5e2a58c10da93226921c462	15-May-2018	Dianne Hackborn <hackbod@google.com>	More app ops fg/bg tuning - Only report that something has changed when a uid changes between the restricted and unrestricted states. (Adds new constant that defines this important division point.) - Have different settle times for different key transitions: (a) out of the top state, (b) out of any other unrestricted state, (c) down to a lower background state. - But, don't apply any settle time when transitioning from top to another unrestricted state... there is no need to. Bug: 78480444 Test: manual Change-Id: Ife772858009a6da5c286e285a4059aea3ad3f6c7 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
adaca2146dff3f4a5fb543451d81bb1be899195d	14-May-2018	Dianne Hackborn <hackbod@google.com>	Merge "Allow device/profile owners to change app ops modes." into pi-dev
d52544183e2532f22cee33df582bc7bece400837	12-May-2018	Dianne Hackborn <hackbod@google.com>	Allow device/profile owners to change app ops modes. This allows them to continue to have this capability the same as before we locked down access to it. Bug: 78480444 Test: manual Change-Id: If2b0722945235eb67676ace3f54efaa71a64bcde /frameworks/base/services/core/java/com/android/server/AppOpsService.java
45c79b0b24ad62cb6fc95955b9bdea0520f028c2	11-May-2018	Dianne Hackborn <hackbod@google.com>	Fix issue #79541100: [Blueline][PI][SPT]: Watchdog killing process and SIGSEGV Bug: 79541100 Test: manual Change-Id: I1456d27938d99d8ee56e5cde843f505a46c9fc72 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
65a4f251c7e14307f46911e376db49c8c7a1a8bb	09-May-2018	Dianne Hackborn <hackbod@google.com>	Further flesh out app ops foreground state. Fix some bugs, add the ability to monitor state changes, improve dumpsys output to help debugging, add a new check API that allows the caller to get the real state. Bug: 78480444 Test: atest FrameworksServicesTests:AppOpsServiceTest Test: atest CtsPermissionTestCases:AppOpsTest Change-Id: I3d41be9968c1d95a1456f4052da958ea64aa068d /frameworks/base/services/core/java/com/android/server/AppOpsService.java
2378a4a3faa989a51c1aea8a4dd325c9f0235a58	26-Apr-2018	Dianne Hackborn <hackbod@google.com>	Work on issue #78480444: Start tracking uid state in app ops Introduce new app op mode that uses uid state to determine whether the caller has access. This will determine what noteOp() and startOp() return, based on the state of the uid. Bug: 78480444 Test: atest FrameworksServicesTests:AppOpsServiceTest Test: atest CtsPermissionTestCases:AppOpsTest Change-Id: I12b744b74f3129782dbda9567043f5170919b5d3 Merged-In: I55fd74023cc4dae8151372e28c3afc7d259c7a1c /frameworks/base/services/core/java/com/android/server/AppOpsService.java
cd1f30b4392ed7fdb50befa2f2190e1be4eada43	24-Apr-2018	Dianne Hackborn <hackbod@google.com>	Work on issue #78480444: Start tracking uid state in app ops We now push uid states down from activity manager in to app ops, and it uses them to keep track of access/reject times for each uid/package at the various states. Bug: 78480444 Test: manual Change-Id: Ia0bc9174b60b4bf0851834961cc48507a6a60951 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
3b563fcb998db1d8d5eaf9f8dbc12eec4a497ff3	17-Apr-2018	Dianne Hackborn <hackbod@google.com>	Fix issue #78138020: Improve app ops dumpsys Now have all the information needed to understand who is monitoring what. Bug: 78138020 Test: manual Change-Id: Idd18eaae64549ac66b52e091f72f786865d93601 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
069aa9dce4642118a03dc477c95f9a7936ce3670	25-Mar-2018	Svetoslav Ganov <svetoslavganov@google.com>	Merge "Notify all affected UIDs for user/audio restriction changes" into pi-dev
3a95f837f32ce4a18f922b7a6409a66b480e2f9c	24-Mar-2018	Svet Ganov <svetoslavganov@google.com>	Notify all affected UIDs for user/audio restriction changes Test: pass: adb shell am instrument -w com.android.frameworks.servicestests /android.support.test.runner.AndroidJUnitRunner pass: cts-tradefed run cts-dev -m CtsPermissionTestCases -t android.permission.cts.AppOpsTest Bug: 75274546 Change-Id: I788823fcc3ade8a4cf752d64bd11b87b212e4d31 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
f5d5af1389827884ad0173485e15678ff16e6866	18-Mar-2018	Svet Ganov <svetoslavganov@google.com>	Don't warn finishing ops for gone packages We finish ops when packages get removed to guarantee no dangling started ops. However, some part of the system may asynchronously finish ops for an already gone package. Hence, finishing an op for a non existing package is fine and we don't log as a wtf. Test: manual bug:75436227 Change-Id: I33156d3f999f671ea65a70b485dac8afd4639b42 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
31d83ae577c47fff132d4205f1941cd7af13f020	15-Mar-2018	Svet Ganov <svetoslavganov@google.com>	Don't throw but wtf to help chase mismatched start/finish op calls Bug: 74681706 Test: manual Change-Id: I4661d46f953ad6dc6f11eccc5b3824bf51899374 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
bf1b57d856685243f677e1f1bd29866e637a16fb	07-Mar-2018	Dianne Hackborn <hackbod@google.com>	Fix issue #62342672: API Review: OPSTR_ACTIVATE_VPN SystemApi Add a new platform-only permission for being able to change app ops mode, so nothing outside of the platform can do this. Bug: 62342672 Test: Booted, ran, settings works, shell works, apps install Change-Id: I372e649c019a8f9b95919ff0da6f56612d7061c2 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
6cb5fcc40d9af1825e00e7b35207d58334159b7e	27-Feb-2018	Julia Reynolds <juliacr@google.com>	Add appops shell cmd for start/stop op Bug: 64085448 Test: run commands Change-Id: Iab1ba88d21683d603dcc0654636f062942d59787 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
a7a0db6c93a57b70bc22682536c2506a2738180f	28-Feb-2018	Svet Ganov <svetoslavganov@google.com>	Finish ops started on behalf of a removed package. Two issues here - ops stated for a package that went away by another package were not marked as finished. And when the process that started the ops died we did not finish all nested ops. Test: atest android.permission.cts.AppOpsTest bug: 64085448 Change-Id: Id57b3043605a65f2dfc1eea50b81793dd86f58d1 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
f7b4725375dfb5f6b65433f1679c44501c2478e3	26-Feb-2018	Svet Ganov <svetoslavganov@google.com>	Use start/finish app ops in window manager Add infrastructure to app ops to specify how to treat mode_default (for now only for startOp) allowing the caller to decide of this mode should be treated as success - this is useful if the caller already performed the default permission checks which determined that the caller would perform the operation if the mode is default. This way there is a record in the app ops history that this op was performed. This is now used by the window manager service which starts/finishes ops when an alert window is shown/hidden. The window manager allows adding the window if the mode is default but the caller has the fallback permission. In this case the alert window would be shown and we want that noted in the op history. Now the window manager properly starts/finishes alert window op when an alert window is shown/hidden. This is required to allow SystemUI to badge notifications from apps showing alert windows or add a dedicated notification if the app has no notifications. Test: cts-tradefed run cts-dev -m CtsWindowManagerDeviceTestCases Added android.server.wm.AppOpAlertWindowAppOpsTest cts-tradefed run cts-dev -m CtsPermissionTestCases -t android.permission.cts.AppOpsTest bug:64085448 Change-Id: I9041b1ac287bc5f9ed11d39bb203beba80f3f0f6 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
2d20fb47f4a7162450f993728876c74762b93112	09-Feb-2018	Svetoslav Ganov <svetoslavganov@google.com>	APIs to watch active op changes System singed components can watch for starting/finishing of long running app ops. Also protected the APIs to watch op mode changes with a singature permission for the cross-uid use case. Test: atest com.android.server.appops.AppOpsActiveWatcherTest bug:64085448 Change-Id: Id7fe79ce1de4c5690b4f52786424ec5a5d9eb0fa /frameworks/base/services/core/java/com/android/server/AppOpsService.java
e17b445b6c813f6f9bc93a5e3811128a197ef50b	10-Jan-2018	Dianne Hackborn <hackbod@google.com>	Reduce pss collection amount, improve logging. Tuned rates that we collect PSS, to reduce how much we do that heavy operation. Added a new way to determine whether a process has changed to a state for the "first" time -- now this is when it has gone to that state for the first time since it was in a lower state. This will reduce the amount of time we consider a process to be first to only when it has previously gone into a higher state than it had before. Keep track of more fine-grained information about why we collect a PSS sample (not just internal, but for a single process, all processes because of a mem state change, all processes because of a poll). Started collecting RSS in various places, so we can start looking at that w.r.t. PSS and see about transitioning to it is a new primary metric. Added logging for many of the places where the system writes its configuration files, so we can more easily see any bad behavior going on in those areas. Added some currently disabled code to read smaps directly instead of using fgets(). Probably won't help, but want tot test. Bug: 70859548 Test: atest CtsAppTestCases Change-Id: I400dba0f3ae9c024df51c946cfa592561028b598 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
82f09bcf93cc2e0f9a363f40bf8a64bcaa6d8b9f	13-Jan-2018	Svet Ganov <svetoslavganov@google.com>	No camera for idle uids - framework If a UID is idle (being in the background for more than cartain amount of time) it should not be able to use the camera. If the UID becomes idle we generate an eror and close the cameras for this UID. If an app in an idle UID tries to use the camera we immediately generate an error. Since apps already should handle these errors it is safe to apply this policy to all apps to protect user privacy. Test: Pass - cts-tradefed run cts -m CtsCameraTestCases Added - CameraTest#testCameraAccessForIdleUid Change-Id: If6ad1662f2af6592b6aca1aeee4bd481389b5e00 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
a965d65cd382c381b5b83e460213174ac82ec2e0	13-Oct-2017	Yohei Yukawa <yukawa@google.com>	Suppress warnings from AppOpsManager#checkPackage() AppOpsManager#checkPackage() is the recommended API to check whether a given package belongs to a certain UID or not. You can check whether a SecurityException is thrown or not to get the answer. However, if the given package does not belong to the UID specified, the app developer not only sees SecurityException but also sees the warning in messages like below, which is a bit spammy and may actually confuse QA team. W AppOps : Bad call: specified package com.android under uid 12345 but it is really -1 W AppOps : java.lang.RuntimeException: here W AppOps : at com.android.server.AppOpsService.getOpsRawLocked(AppOpsService.java:1330) W AppOps : at com.android.server.AppOpsService.checkPackage(AppOpsService.java:1049) W AppOps : at com.android.internal.app.IAppOpsService$Stub.onTransact(IAppOpsService.java:169) W AppOps : at android.os.Binder.execTransact(Binder.java:696) With this CL, AppOpsManager#checkPackage() no longer triggers the above warnings in logcat. Hopefully app developers do log something in logcat if the package name / UID mismatch is actually unexpected. This CL should have no semantic behavior change anyway. Fixes: 67745316 Test: Locally verified by making the following API call. context.getSystemService(AppOpsManager.class) .checkPackage(12345, "com.android") While it still throws SecurityException, warning messages are no longer shown in the logcat. Change-Id: Ic7af4ef84ad9e7ae5c0fbaa9cd1343f5443e8603 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
3ac1daac4044c70ad4ee673214074306de499a18	14-Jul-2017	Suprabh Shukla <suprabh@google.com>	Restricting background apps from running jobs Introducing a new app op which controls whether apps are allowed to run jobs in the background. When the app op mode is set to ignored, jobs will be delayed until the app is in the foreground. The same semantics as background check for O apps will apply, which means power whitelisted apps can still run jobs freely and apps will have some settle time after going to background after which their jobs will be stopped. Test: Added AppOpsUpgradeTest for upgrading appops to inherit existing value of OP_RUN_ANY_IN_BACKGROUND from OP_RUN_IN_BACKGROUND Added backgroundRestrictionsTest for background jobs. To run the test: mmm -j32 services/tests/servicestests/ adb install -r \ out/target/product/marlin/data/app/JobTestApp/JobTestApp.apk adb install -r \ out/target/product/marlin/data/app/FrameworksServicesTests/FrameworksServicesTests.apk adb shell am instrument -e class 'com.android.server.job.BackgroundRestrictionsTest' -w 'com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner' Bug: 63001625 Change-Id: I6eb01adb6cd2c1d0e7be4f7eca960f57ad9581bf /frameworks/base/services/core/java/com/android/server/AppOpsService.java
e683f19c4939ce683c7a7d6fe4286b16e372324f	23-Jun-2017	Philip P. Moltmann <moltmann@google.com>	Allow ALL_USERS in setUserRestrictionForUser This will be used e.g. by the permission granting UI. Fixes: 35612487 Test: 1. Installed facebook messanger and enabled chat-heads in private profile 2. Opened work-profile camera which asks for location permission 3. Chat head disappered during permission check 4. Chat head re-appeared after permission check Change-Id: Ie9a5e5379c20972f34945c9cb062cd8e3df483d4 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
35e46d297255363a20ccde62af3c58c4ce3c13c5	09-Jun-2017	Jeff Sharkey <jsharkey@android.com>	Active camera apps can defy reserved cache space. We normally prevent apps from allocating into the "reserved" cache space, but this change makes an exception for an active camera app, since the user is probably trying to capture an important memory. This change only lets the active camera app clear up to half of the reserved space, since we don't want to completely destroy the experience of all other apps. Test: manual app before/during/after active camera session Bug: 38267830 Change-Id: Ie9e63884fb2638ca881e10b894629eea84601648 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
c7214a3ade62db082c89b933a51a0ddd9f57b49d	11-Apr-2017	Dianne Hackborn <hackbod@google.com>	Allow appops command to modify uid ops. The get and set commands can now operate on per-uid app ops as well as per-package ones. The to parse a uid string in to a more generic place, but for now we'll leave it here. Test: none Change-Id: I7efbb3966ddb79639dafabbe4bf1df659bed6240 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
6df866a8510af2776c48425a361f708ae7f5d7d6	31-Mar-2017	Jeff Sharkey <jsharkey@android.com>	Enforce PACKAGE_USAGE_STATS for usage data. Some system services are offering package usage data through both public/system APIs and through dump() calls. In principle, usage data hould always be protected with PACKAGE_USAGE_STATS, so start enforcing that. (Otherwise if a user blocked PACKAGE_USAGE_STATS access to an app, that app could still obtain the data via dump() if they held the DUMP permission.) Bottom line, let's respect the user's wishes. Protecting the entire output like this is pretty blunt, but future CLs can add more nuance to the output if desired. Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest Bug: 32806790 Change-Id: I46173562713bea7d89e12a4313c78eb52ea8d77d /frameworks/base/services/core/java/com/android/server/AppOpsService.java
fe9a53bc45fd0124a876dc0a49680aaf86641d3e	31-Mar-2017	Jeff Sharkey <jsharkey@android.com>	Consistent dump() permission checking. This change introduces new methods on DumpUtils that can check if the caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all existing dump() methods to use these checks so that we emit consistent error messages. Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest Bug: 32806790 Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca /frameworks/base/services/core/java/com/android/server/AppOpsService.java
5f3e93451e87d72c513e75c5d5459a4bd2cc41b2	13-Mar-2017	Jeff Sharkey <jsharkey@android.com>	Lower-overhead version of LockGuard. Instead of building up a giant set of all locks inside the system server, there are only a handful that we're interested in watching: specifically those below the ActivityManagerService lock. This change adds a index-based variant of lock registering and checking, which has much lower overhead that doesn't bring a device to its knees. It's disabled by default, but can be enabled on local development builds. Currently uses the boostPriorityForLockedSection() hook in AMS to check for lock inversions when enabled. Test: builds, boots, no AMS lock inversions detected Bug: 35410906 Change-Id: I473d634d23c08538029412a1254bf4f92b96fb84 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
68d76555582ebd414158af9874f64bae3832540c	28-Feb-2017	Dianne Hackborn <hackbod@google.com>	Fix issue #34327404: AppOpsManager.stopWatchingMode(callback)... ...does not remove all references to callback Keep the callbacks in a set, so each callback can only appear once. Test: none currently, not sure how to do a CTS test for this. (But verifying the system boots and runs.) Change-Id: I01c8ea2a662e09ad0a0cdf713f0ea7f175182e82 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
aef2513c7157a28236d097a81fe74d7ba6b710c9	24-Jan-2017	Suprabh Shukla <suprabh@google.com>	Adding an api for apps to check whether they can install apps Some apps may want to check whether they are trusted to install apps on the device, so they can prompt the user to go to settings and mark them as trusted before they do an intensive operation like downloading an apk. Test: cts-tradefed run cts -m CtsExternalSourcesTestCases Bug: 31002700 Change-Id: Icd9d04daa157e6733decba245ec251ce4acd4122 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
ee438d4a99eef0dc391f66698b0bf6129b0a6ce9	20-Jan-2017	Svet Ganov <svetoslavganov@google.com>	Properly check per UID app ops and dump user restrictions. Test: Permission CTS tests pass and shell dump correct Change-Id: I7cf4c85781172319891756034b5bade62f76803f /frameworks/base/services/core/java/com/android/server/AppOpsService.java
2250d56a0b47b93016018340c8f4040325aa5611	08-Nov-2016	Sudheer Shanka <sudheersai@google.com>	Rename MountService to StorageManagerService. Bug: 30977067 Test: Existing tests pass Change-Id: Ieac0f11c2b249dcd60441b14c1f391e6f8131d42 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
354736e196ff79962b3ddb52619a674044d773e2	23-Aug-2016	Dianne Hackborn <hackbod@google.com>	New infrastructure to switch remaining commands to "cmd" calls. This introduces a new feature of the IBinder command protocol to allow the shell command implementation to call back into its caller to ask it to open files in the calling context. This is needed so that commands that have arguments specifying files can open those files as the calling shell, not the system (or whatever) process. To test this all out, move the "am start" implementation over to ActivityManagerShellCommand, in particular along with its option to specify a file in which to write profiling data. Test: Manual Change-Id: I0c1e3857defefbd19a2ac29413aafbb34b1e48a3 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
bc2fadd080d1f190a51184a538f4a0990c1c1cce	28-Sep-2016	Sudheer Shanka <sudheersai@google.com>	Update AppOpsService to remove user state after the user is removed. Change-Id: I5de3ec680b0ba1a6cb8dd0557fe10a3e06ecb285 Fixes: 31779315 Test: manual /frameworks/base/services/core/java/com/android/server/AppOpsService.java
442ed57e4b68e0904813b22ab6bb4c55e56bb984	18-Aug-2016	Svet Ganov <svetoslavganov@google.com>	Grab lock when accessing mutable state bug:30881375 Change-Id: Ied52fd9666f28b5c2038144b85cd74480ccfde43 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
64e0dcb989f27fc9246f3b2f40accd261f574d7e	25-May-2016	Suprabh Shukla <suprabh@google.com>	Updating user restrictions when they are removed Local user restrictions were not being updated in AppOpsService#setUserRestrictions when a restriction was removed. Bug: 28908581 Change-Id: If22f5834fadca33ec8b80bc4fb3993c1e1c29824 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
ffddadb04a8df12f05f42721cc59e242e78c2a64	21-May-2016	Suprabh Shukla <suprabh@google.com>	Fixing isOpRestricted in AppOpsService AppOpsService was returning false for a restricted operation if the operation did not allow the system to bypass the restrictions on it. Bug: 28860721 Change-Id: I487e23f1d3bf6ea602caee439fb500c058e7c8ff /frameworks/base/services/core/java/com/android/server/AppOpsService.java
a8bbd76d9b5249c64ef31aa162e9a84abaad39ba	14-May-2016	Svetoslav Ganov <svetoslavganov@google.com>	Ensure app op restrictions reset when the app that set them dies. We were not keeping track when an app that set an app op restriction dies to clean up after that. As a result we may end up with stale restrictions that will be there until the device reoots - not cool. This change adds remote binder death tracking and simplifies the code as adding the formed would have made more complex. bug:28770536 Change-Id: I7dcaafba2354843a0cdf0206ab1f96625edc5120 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
3397c88f7900d8db677204cdbe9e7a5dc26e453a	06-Apr-2016	Julia Reynolds <juliacr@google.com>	Merge "Notify app op watchers when audio restrictions change." into nyc-dev
1984bba8c80d9b9abb73836f7824428807d34a50	05-Apr-2016	Svetoslav Ganov <svetoslavganov@google.com>	UID appop state should always override package appop bug:27831867 Change-Id: I32829137f84a2f1d70363b6d1481ccbb87c15d1c /frameworks/base/services/core/java/com/android/server/AppOpsService.java
bb21c25b3f927eeb1a1e56fa3023093f0d74204c	05-Apr-2016	Julia Reynolds <juliacr@google.com>	Notify app op watchers when audio restrictions change. Bug: 27702159 Change-Id: I09c70708b8a32c0bf9a21a3c256100796167780e /frameworks/base/services/core/java/com/android/server/AppOpsService.java
f73adb6c7249a1655bcd2ec17760ec754502f59d	29-Mar-2016	Svetoslav Ganov <svetoslavganov@google.com>	Sanitize app op service inputs bug:26587386 This reverts commit 9888e00b7a36cd03821001a58e4ff86224e3d858. Change-Id: I37069b6eb50ee1a1b29d6f116e96ad9f226883c9 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
efc4a344a173ae20ec72b8c05c45b794687fda87	22-Mar-2016	Andrei Stingaceanu <stg@google.com>	AfW - suspend apps - API polish * renamed getPackageSuspended => isPackageSuspended * does not return false for an error, instead throws NameNotFoundException if the package could not be found, or if there is an unknown RemoteException, wraps it in a RuntimeException and rethrows. Bug: 27532430 Bug: 22776761 Change-Id: Iee00600089b1c0556a3312b10456826464fa8f9f /frameworks/base/services/core/java/com/android/server/AppOpsService.java
e91f3e7e8d8aec8b880e6ed284a3889f849dfd91	26-Mar-2016	Dianne Hackborn <hackbod@google.com>	Fix issue #27776639: Background Check: Conn_Change... ...shouldnt be received when app is awake (Really any implicit broadcast.) Fix up a few things so we are more strict when not in lenient mode. Change-Id: I3c711525787e07ea7c604d0f9bc123e02448fa68 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
ef43188489d287f317af6d48c3145dd2170aaf84	22-Mar-2016	Ian Pedowitz <ijpedowitz@google.com>	Merge "Revert "Sanitize app op service inputs"" into nyc-dev
9888e00b7a36cd03821001a58e4ff86224e3d858	22-Mar-2016	Ian Pedowitz <ijpedowitz@google.com>	Revert "Sanitize app op service inputs" This reverts commit fcf01503c5f04841bc0b2c51a2f30cffaf60a2f6. Bug: 26587386 Bug: 27759382 Change-Id: Iedfe3657b51c3965bcbddb6b2dc6dfbc1d7b9c37 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
98a41e32cf5f5de037e92e68fb82d881792ee0a9	17-Mar-2016	Svetoslav Ganov <svetoslavganov@google.com>	Merge "Sanitize app op service inputs" into nyc-dev
32f0fa4a50d8452c224ac936048b553bf70bd48e	12-Mar-2016	Ruben Brunk <rubenbrunk@google.com>	Chaser patch for AppOps restriction changes. Bug: 26775563 Change-Id: Id7980cec242995d5e83e54b81e3f6990496a59bb /frameworks/base/services/core/java/com/android/server/AppOpsService.java
29931bc684bde6b430923122777684178ee2681c	11-Mar-2016	Ruben Brunk <rubenbrunk@google.com>	Allow per-package exemptions for restricted AppOps - When setting blanket user restrictions, per-package exemptions may be granted. - Exempt the current active VrListenerService from the blanket restriction on drawing overlays while in VR mode. Bug: 26775563 Change-Id: I14b17a126502c7905a970ad42d25d6dd600b86b1 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
fcf01503c5f04841bc0b2c51a2f30cffaf60a2f6	02-Mar-2016	Svetoslav Ganov <svetoslavganov@google.com>	Sanitize app op service inputs bug:26587386 Change-Id: I3dd72ebb5ecdb7caaf75282aa6588db2f59295c1 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
9cea80cdddbecadb304eb7c8373cf1ed397f433a	16-Feb-2016	Svet Ganov <svetoslavganov@google.com>	No overlay when permissions shown - framework bug:26973205 Change-Id: I88395e47649191bb7db6dd8723c49e741ef4f1e4 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
355b232d7998cfc9b29d42a0356390e25191bcbd	12-Feb-2016	Andrei Stingaceanu <stg@google.com>	Suspend packages - new API for retrieving the suspended status Instead of always rebuilding the full ApplicationInfo for a package when callers are only interested in the suspended status add a new fast API in Packagemanager (which only checks the suspended user setting for the requested package and returns a boolean) and change the appropriate caller code too. Bug: 26794775 Bug: 22776761 Change-Id: Ide8428ef734479360d5a8a75fd8e0ed8ddf2da7a /frameworks/base/services/core/java/com/android/server/AppOpsService.java
2bc2febd56b12131e7a5e5b1ad49d62b3092ec17	11-Feb-2016	Andrei Stingaceanu <stg@google.com>	Suspend apps - disable audio/vibrations Do not allow audio or vibrations for suspended apps. Bug: 22776761 Bug: 26949521 Bug: 26954754 Bug: 26953560 Change-Id: I181288823e38efdb1631bc26ee23278697eeb0f5 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
bd098d4ed3240b5beb5c0d1c1c8d87d2aa708dd7	28-Jan-2016	Chien-Yu Chen <cychen@google.com>	Merge changes from topic 'camera-hardening' * changes: Add cameraserver process Camera: update connect call
75cade0a5fd5ec432870de9977f81091ab389423	11-Jan-2016	Chien-Yu Chen <cychen@google.com>	Add cameraserver process Add UID and permissions for cameraserver process. Bug: 24511454 Change-Id: Iccbda4b42e5584a1f56f9afe5e15a16f40dd2922 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
cd65448ccd13c4c2d0fe9e9623fec3a898ab9372	09-Jan-2016	Jeff Sharkey <jsharkey@android.com>	Even more PackageManager caller triage. Finish moving all UID/GID callers to single AIDL method that requires callers to provide flags. Triage AppWidgets and PrintServices, which currently can only live on internal storage; we should revisit that later. Fix two bugs where we'd drop pending install sessions and persisted Uri grants for apps installed on external storage. Bug: 26471205 Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd /frameworks/base/services/core/java/com/android/server/AppOpsService.java
1aba5230c531152aaffffc68bbb9e6c6fb3a5a2d	11-Dec-2015	Andy Hung <hunga@google.com>	Merge "Add Android permissions for audioserver"
8de5971ac68fdae1a418ed6cd95d276b98b21996	10-Dec-2015	Svetoslav Ganov <svetoslavganov@google.com>	Avoid caller NPE if callback null in AppOpsService bug:25863432 Change-Id: Ib0386ed4c1637ff8b084f32592ba316b65498005 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
ed0ea40a41aae8e65bc189efe6b631ca78259383	30-Oct-2015	Andy Hung <hunga@google.com>	Add Android permissions for audioserver audioserver has the same permissions as mediaserver. TBD: Pare down permissions. Bug: 24511453 Change-Id: Id7abddd79a730ad95b554a94207df3aa4b676f2a /frameworks/base/services/core/java/com/android/server/AppOpsService.java
8fbf16f6c662d5ff6b5106d16f4a930646eb5b6d	03-Dec-2015	Jeff Sharkey <jsharkey@android.com>	Merge "Fix race condition when collecting op callback." am: 98844a97d2 am: 678011854b am: 28d8b8c988 * commit '28d8b8c9882e501f95ec3076a4f1fffc759ea999': Fix race condition when collecting op callback.
28d8b8c9882e501f95ec3076a4f1fffc759ea999	03-Dec-2015	Jeff Sharkey <jsharkey@android.com>	Merge "Fix race condition when collecting op callback." am: 98844a97d2 am: 678011854b * commit '678011854b0969f5fe69d597911beabcadcb03e8': Fix race condition when collecting op callback.
40b300fd80708fd100d22f22ff6100db20ee467f	23-Nov-2015	riddle_hsu <riddle_hsu@htc.com>	Fix race condition when collecting op callback. Other threads may change mOpModeWatchers, mPackageModeWatchers by startWatchingMode, stopWatchingMode. Change-Id: Id260172979ddfc2df9331880805d16ee13e183eb /frameworks/base/services/core/java/com/android/server/AppOpsService.java
268e4e3d00df6ea0eae6fca321e474a3d512fb7e	19-Nov-2015	Dianne Hackborn <hackbod@google.com>	Move appops command to the service. The "appops" shell command is now just a wrapper around doing "cmd appops", no more need to launch a Java VM! Change-Id: I06fc68762d0ab95a016fb24db0affb0d91197588 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
bef28feba57be7fd6a4d14a85a8229154338b2ed	30-Oct-2015	Dianne Hackborn <hackbod@google.com>	Initial stab at background check. Actually, this implementation is more what we want for ephemeral apps. I am realizing the two are not really the same thing. :( For this implementation, we now keep track of how long a uid has been in the background, and after a certain amount of time (currently 1 minute) we mark it as "idle". Any packages associated with that uid are then no longer allowed to run in the background. This means, until the app next goes in the foreground: - No manifest broadcast receivers in the app will execute. - No services can be started (binding services is still okay, as this is outside dependencies on the app that should still be represented). - All alarms for the app are cancelled and no more can be set. - All jobs for the app are cancelled and no more can be scheduled. - All syncs for the app are cancelled and no more can be requested. Change-Id: If53714ca4beed35faf2e89f916ce9eaaabd9290d /frameworks/base/services/core/java/com/android/server/AppOpsService.java
e2ed23e6b221185ce2587fb19a6e904dbf7ec77b	30-Oct-2015	Jeff Sharkey <jsharkey@android.com>	Handle "uninstalled" apps when pruning app-ops. During system boot, we prune app-ops belonging to apps that have been uninstalled. However, apps installed on adopted storage devices haven't been scanned at this point, so they appear to be uninstalled. To avoid pruning app-ops for these apps, we need a getPackageUid() variant that also considers "uninstalled" apps for which we still have PackageSetting values. Bug: 25206071 Change-Id: I1820f674d45c5ddc1c5f10ed7d859e7025005e28 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
8f1ea834f9af5ccf6cea1f529f63e727cd13b6a8	27-Aug-2015	Tim Kilbourn <tkilbourn@google.com>	Handle the -a flag for dumpsys appops. Bug: 23017449 Change-Id: I6ce9ac368e2739153867c246893eb544d052834f /frameworks/base/services/core/java/com/android/server/AppOpsService.java
4d34bb8304ae2e85c2b12628c9a6346c6835de5d	08-Aug-2015	Dianne Hackborn <hackbod@google.com>	Fix issue #23037093: "Write system settings" permission value fails... ...to persist after reboot We were writing a corrupt settings file, so would always reset back to the default app ops state after boot...! Also add new appops service commands to manually write and read its settings, since that is very useful for testing. Change-Id: Ia510507764738fd82e45ec0be6db840c6ea30c28 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
215b44a1c2c883e628e1ab5b945a1a4aa04ee392	05-Aug-2015	Svetoslav <svetoslavganov@google.com>	Fix app ops regressions introduced by the per UID policy change 1. Add a missing statement in the parsing code 2. Notify for all packages on UID ap op policy change bug:22957162 Change-Id: Ic2bd5d07ef52be207e66b63ffe45fd8a456eb5a8 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
f3807aa57267117eba83cc2a3b13add59d4a251a	02-Aug-2015	Svet Ganov <svetoslavganov@google.com>	Fix NPE in AppOpsService bug:22802981 Change-Id: I73eee5ff9cf1603d8f30355554ef075aa14afd30 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
2af5708ab0e55fe68f1810cefdc6e3889233c186	30-Jul-2015	Svet Ganov <svetoslavganov@google.com>	Add per UID control to app ops. The app ops mananger service maintains a mapping from UID to a list of packages where each package is mapped to a list of non-default app op states (default states are inferred and not stored). Hence, specifying the app op state for a UID requires setting the app op for each package in the shared UID. This is problematic when installing new packages if there is a non-default app op policy set for another already installed package in the same UID as the app op for the new package has to be updated to be in sync. The package installer cannot do this as it is in another process and the app op update will not be atomic. Therefore, the app ops manager service has to support specifying app op policy on a per UID basis. We now have a UID state object that contains the per package non-default app op states as well as the per uid non-default app op states. If there is a UID policy specified then it takes precedence over the per package one. Even further, changing the uid policy updates the package policies in this UID if the state is non-default. Changing a package app op state also updates the app op state for the whole UID if the per UID policy for this op is non-default. Clearing the app op state for a package, clears the policy for the UID as well. bug:22802981 Change-Id: I78044906d9fcc6066abf07e706c2c88f3397d293 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
6ee871e59812fea4525c50231f677c4bd10c74b8	10-Jul-2015	Svet Ganov <svetoslavganov@google.com>	Teach storage appops. For modern apps targeting M SDK and up the external storage state is deterined by granted permissions. For apps targeting older SDK the storage access is determined by app ops correspning to the storage permissions as the latter are always granted. When app ops change we do not remount as we kill the app process in both cases enabling and disabling an app op since legacy code is not prepared for dynamic behavior where an operation that failed may next succeed. Hence, we remount when we start the app. For modern apps we don't kill the app process on a permission grant, therefore we synchronously remount the app storage. bug:22104923 Change-Id: I601c19c764a74c2d15bea6630d0f5fdc52bf6a5a /frameworks/base/services/core/java/com/android/server/AppOpsService.java
99b6043dad9d215cf15810b885b6b8c215dd5b5a	27-Jun-2015	Svet Ganov <svetoslavganov@google.com>	Teach receivers, activities, providers, and services app ops. Perform app op check in addition to the permisison check for all four paltform components - activities, content providers, broadcast receivers, services - if they are guarded by a permssion that has an associated app op. This ensures that legacy apps will behave correctly if the permission of the caller has been revoked, i.e. the app op for that permission was disabled. bug:22199666 Change-Id: Ia22d1c38d58b3cd6aabdc655cb7c7bddd85da7a2 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
3853611f77997fd7670163afdc8d9f546dfba566	19-May-2015	Svet Ganov <svetoslavganov@google.com>	Clear binder identity before dispatching ap op mode changes. bug:21078841 Change-Id: I409b739bbda10542142c8aac1522ad49882f5ec5 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4	08-May-2015	Wojciech Staszkiewicz <staszkiewicz@google.com>	Pass charset to XmlPullParser.setInput instead of null Passing null to XmlPullParser.setInput forces it to do additional work, which can be easily avoided if we know the charset beforehand. bug: b/20849543 Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
b9d71a6f89b1183f6389b1774652445a420c6cbf	30-Apr-2015	Svet Ganov <svetoslavganov@google.com>	Add body sensors app op - framework base Change-Id: Idd5cd573fab3405e5b2a6e51d2d9d115650826e9 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
33d3c53da021f0d044028860ace0f4ad817273f5	11-Feb-2015	Alex Klyubin <klyubin@google.com>	resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp Change-Id: Ic20b6c8851458483dd73a144bd5ae6e8d141e62a
b9f8a5204a1b0b3919fa921e858d04124c582828	03-Feb-2015	Alex Klyubin <klyubin@google.com>	Move hidden ApplicationInfo flags into a separate field. The public API field android.content.pm.ApplicationInfo.flags can support only 32 flags. This limit has been reached. As a short term workaround to enable new public flags to be added, this CL moves flags which are not public API into a separate new field privateFlags and renames the affected flags constants accordingly (e.g., FLAG_PRIVILEGED is now PRIVATE_FLAG_PRIVILEGED). The new privateFlags field is not public API and should not be used for flags that are public API. The flags that are moved out of ApplicationInfo.flags are: * FLAG_HIDDEN, * FLAG_CANT_SAVE_STATE, * FLAG_FORWARD_LOCK, and * FLAG_PRIVILEGED. NOTE: This changes the format of packages.xml. Prior to this CL flags were stored in the "flags" attribute. With this CL, the public flags are stored in a new "publicFlags" attribute and private flags are stored in a new "privateFlags" attribute. The old "flags" attribute is interpreted by using the old values of hidden/private flags. Change-Id: Ie23eb8ddd5129de3c6e008c5261b639e22182ee5 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
7b7c58b3842d47c4c8df4876e2e2248c58477d97	03-Dec-2014	Dianne Hackborn <hackbod@google.com>	Work on issue #18572506: AppOps in-memory state is invalid after... ...uninstalling updates to a system app Things seem to be working fine, however we were not as aggressive at writing out the current state in this case as we probably should be. Also introduce more features to the appops command, which are useful for testing this. Change-Id: I177a9cc0e16e98b76fee0d052d742e06842bb3f9 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
0fcef84cca23724c13ecfe775b90dec3614cc3e3	13-Sep-2014	Dianne Hackborn <hackbod@google.com>	Fix issue #17479850: AppOpsManager.checkPackage() allows... ...root or shell to claim any package name Re-arrange so checkPackage() doesn't go through the path where the package name will be forced for root and shell uids. Change-Id: I450cd6ac8148afd75b526724afdf46ab63de4c43 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
d6a98979b5d45fff1fa842932274517e999a59c2	04-Aug-2014	Alexandra Gherghina <alexgherghina@google.com>	Fix resetAllModes call to act only on the calling user This makes it consistent with other methods in different services. Also fixes the Settigns bug referenced below. Bug: 16727586 Change-Id: I0b8bcb248f621fcfa2cb12163caeec9eb8ff5b1c /frameworks/base/services/core/java/com/android/server/AppOpsService.java
401de1785eccc946ed6c35e9b7fccab92b2022af	25-Jul-2014	Julia Reynolds <juliacr@google.com>	Remove the profile/device owner user restriction bypass. Bug: 16566096 Change-Id: I4a56046df44d36d82edc64fc727e8cad5dc75382 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
b64afe17064f126eb782c42a238db65f080fc8f0	23-Jul-2014	Dianne Hackborn <hackbod@google.com>	Further fix on issue #16013164 Dumb dumb dumb copy/paste error when moving the uid checking up out of the function. Change-Id: I01513ccd80750b724dbfa8d9d7d171819c6b959b /frameworks/base/services/core/java/com/android/server/AppOpsService.java
7b41467704f941b11af6aace3e40993afc7f6c6f	18-Jul-2014	John Spurlock <jspurlock@google.com>	Zen mode filtering should use new usage constants. Refactor stream-based calls to usage-based calls. Bug:15279516 Change-Id: I3f7757d8123c14670e2ad5f8e6aa4e9803efe7ec /frameworks/base/services/core/java/com/android/server/AppOpsService.java
1c7c319bb89b9988bfd12afc3e8d89449fd163fc	26-Jun-2014	Jason Monk <jmonk@google.com>	User restriction for disallowing window creation Block any types of windows that could by used by apps to create views on top of a locked app. This can be used by device admins in conjunction with lock task mode. Added a way for system (and priv apps) to bypass user restrictions for specified op codes. Bug: 15279535 Change-Id: I2381530ef6226a5bb32a99bb4030baafb39bf564 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
133b9df951c633a1f72b7e12f8aa9ee9d7da9db6	01-Jul-2014	Dianne Hackborn <hackbod@google.com>	Fix issue #16013164: Externally Reported Moderate: AppOpsService.setMode() allows setting mode for own uid without permission Change-Id: Ic60a10f0e95f19658c61567826dff28b657efe73 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
f584f014dbb281727fccfea10bc9c2539a752f17	20-May-2014	Amith Yamasani <yamasani@google.com>	Allow adding a user while still removing other users When at the user limit, removing and adding a user causes a race condition where the deleted user is still being removed and adding another one fails. This change excludes deleted users from the counting to compare against the limit. Also fix an ArrayIndexOutOfBounds recently introduced in AppOpsService. Bug: 13282768 Change-Id: Ib79659e7604396583a280dbbc560b288a6d9051c /frameworks/base/services/core/java/com/android/server/AppOpsService.java
62062996dd256df8b575b2ba1f0bf97109c4e0ba	06-May-2014	Jason Monk <jmonk@google.com>	Notify AppOpsService of UserRestrictions and Owners This makes the DevicePolicyManagerService and UserManagerService push the DeviceOwner/ProfileOwners and user restrictions on boot as well as on any change. This also adds a list of restrictions that allow any op to connected with a user restriction such that it will return MODE_IGNORED when the user restriction is present (except for the device/profile owner). Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c /frameworks/base/services/core/java/com/android/server/AppOpsService.java
1af30c7ac480e5d335f267a3ac3b2e6c748ce240	10-Mar-2014	John Spurlock <jspurlock@google.com>	Add stream-level suppression to vibrate/audio services. - Add new audio restriction layer to app-ops. Restrictions add additional constraints to audio operations at a stream-level. Restrictions do not affect the persistable state, and are purely additive: that is, they can only impose additional contstraints, not enable something that has already been disabled. Restrictions also support a whitelisted set of exempt package names. - Add new audio stream-level checks to app-ops. - Implement a provisional OP_PLAY_AUDIO suppression to three java entry points MediaPlayer, AudioTrack, & SoundPool. - Enhance vibrator api to take stream information as an optional hint - the constants correspond to AudioManager stream types. OP_VIBRATE now supports the stream-level restriction check. - Simplify Vibrator subclasses by adding default implementations for two .vibrate calls. - Migrate NoMan's zen-mode control to use the new app-ops stream-level restriction mechanism. Change-Id: Ifae8952647202f728cf1c73e881452660c704678 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
6f357d3284a833cc50a990e14b39f389b8972254	16-Jan-2014	Jeff Brown <jeffbrown@google.com>	Start untangling system server early bootstrapping. Refactored SystemServer to get rid of a bunch of legacy cruft related to how the ServerThread used to be started up. Create system context first when system server starts. This removes the tangled initialization order dependency that forced us to start the activity manager service before most anything else. Moved factory test related constants into the FactoryTest class. Partially migrated Installer, ActivityManagerService, and PowerManagerService to the new SystemService pattern. There's more work to be done here, particularly around the lifecycle of the power manager. Bug: 12172368 Change-Id: Ia527dd56e3b3fd90f9eeb41289dbe044921230d4 /frameworks/base/services/core/java/com/android/server/AppOpsService.java
9158825f9c41869689d6b1786d7c7aa8bdd524ce	22-Nov-2013	Amith Yamasani <yamasani@google.com>	Move some system services to separate directories Refactored the directory structure so that services can be optionally excluded. This is step 1. Will be followed by another change that makes it possible to remove services from the build. Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85 /frameworks/base/services/core/java/com/android/server/AppOpsService.java