e33f61319049810ae9cb318e2ba45e8a3449fb43 |
|
02-Jun-2016 |
Svetoslav Ganov <svetoslavganov@google.com> |
Fix permissions update for VrListenerService on user changes. - Fixes a bug where we would not update the overlay restrictions if the VR listener we are bound to changes bug the VR enabled state doesn't. - Also fixed a case where the notification listener access and location permission were not granted/revoked for the correct user. For example, if a vr activity in one user calls a VR activity in another (possible for cross profiles) we end up not revoking the special access for the vr service in the first user. The notification listener setting was also updated for the system user instead of the user for which we grant/revoke specal access. - Properly remove the overlay restrictions for the old user if we transition from a vr actiivty in one user to a vr activity in a profile of this user. Bug: 29273985 Change-Id: Ib1de6f2f5445001ac61edca5c77ea3a066544307
/frameworks/base/core/java/android/app/AppOpsManager.java
|
33d03a9e435eb474e3bdd3e958943e0057866477 |
|
02-Jun-2016 |
Tony Mak <tonymak@google.com> |
OP_ACTIVATE_VPN should not map to DISALLOW_CONFIG_VPN They are two different things. OP_ACTIVATE_VPN means can we allow a vpn app to establish without user interaction while DISALLOW_CONFIG_VPN means can the user modify vpn config. Testing: 1. Turn on DISALLOW_CONFIG_VPN, user cannot modify vpn config through setting 2. Turn on DISALLOW_CONFIG_VPN, Dpm.setAlwaysOnVpn works. 3. Reboot after 2, vpn established automatically. Bug: 29086229 Change-Id: I24899d6c7f0dd62bf441a44c6ee66fee35973a11
/frameworks/base/core/java/android/app/AppOpsManager.java
|
eaca4c5022fc2bde816ac58fe57d80f7e9706ead |
|
06-May-2016 |
Svetoslav Ganov <svetoslavganov@google.com> |
Properly map runtime permissions to app ops The code assumed mapping from a permission to an app op is one to one but this is not always the case. For example, READ_SMS is mapped to OP_READ_SMS and OP_READ_ICC_SMS which resulted mapping the READ_SMS permission to the OP_READ_ICC_SMS instead of OP_READ_SMS resulting in a failure to find the op name given the permission. This breaks the AppOpsManager.permissionToOp() API for READ_SMS returning null instead of OPST_READ_SMS. The consequence of this is that the apps that proxy permission protected operations may let the operations for READ_SMS go through as they would get a null app op, i.e. no app op while there is one and it can be disabled for the caller. bug:28620132 Change-Id: I92f8ef375ae2122b7266c50653ce73f3d90f4b28
/frameworks/base/core/java/android/app/AppOpsManager.java
|
ae0e03a9e03de34e37b768b971d7596d7220a053 |
|
26-Feb-2016 |
Svet Ganov <svetoslavganov@google.com> |
Cleanup of the PackageInstaller API - Frameworks The PackageInstaller app manages side-loading apps as well as permission management. It should be updatable, hence should rely on system APIs to talk to the platform. This is the first step of defining an API boundary. Change-Id: I9814eafd0b22ae03b4b847a7007cdbf14c9e5466
/frameworks/base/core/java/android/app/AppOpsManager.java
|
29931bc684bde6b430923122777684178ee2681c |
|
11-Mar-2016 |
Ruben Brunk <rubenbrunk@google.com> |
Allow per-package exemptions for restricted AppOps - When setting blanket user restrictions, per-package exemptions may be granted. - Exempt the current active VrListenerService from the blanket restriction on drawing overlays while in VR mode. Bug: 26775563 Change-Id: I14b17a126502c7905a970ad42d25d6dd600b86b1
/frameworks/base/core/java/android/app/AppOpsManager.java
|
57b82f38c42d9926d0eb09d600480bebe54500ae |
|
01-Mar-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Merge "Allow system to bypass DISALLOW_SHARE_LOCATION restriction" into nyc-dev
|
f8880561e67e1da246970b49b14285efd4164ab1 |
|
26-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
When system server goes down, crash apps more. Similar to first patch, but now using new "rethrowFromSystemServer()" method which internally translates DeadObjectException into DeadSystemException. New logic over in Log.printlns() now suppresses the DeadSystemException stack traces, since they're misleading and just added pressure to the precious log buffer space. Add some extra RuntimeInit checks to suppress logging-about-logging when the system server is dead. Bug: 27364859 Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123
/frameworks/base/core/java/android/app/AppOpsManager.java
|
639e73db9531257d993c9096c737908576aa9c50 |
|
25-Feb-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Allow system to bypass DISALLOW_SHARE_LOCATION restriction This is required for Bluetooth to work in Settings for restricted profiles with DISALLOW_SHARE_LOCATION restriction set. Bug: 23727276 Change-Id: I9aba7ce011ae856526fabd89c13ea9dd11f9a442
/frameworks/base/core/java/android/app/AppOpsManager.java
|
9cea80cdddbecadb304eb7c8373cf1ed397f433a |
|
16-Feb-2016 |
Svet Ganov <svetoslavganov@google.com> |
No overlay when permissions shown - framework bug:26973205 Change-Id: I88395e47649191bb7db6dd8723c49e741ef4f1e4
/frameworks/base/core/java/android/app/AppOpsManager.java
|
bef28feba57be7fd6a4d14a85a8229154338b2ed |
|
30-Oct-2015 |
Dianne Hackborn <hackbod@google.com> |
Initial stab at background check. Actually, this implementation is more what we want for ephemeral apps. I am realizing the two are not really the same thing. :( For this implementation, we now keep track of how long a uid has been in the background, and after a certain amount of time (currently 1 minute) we mark it as "idle". Any packages associated with that uid are then no longer allowed to run in the background. This means, until the app next goes in the foreground: - No manifest broadcast receivers in the app will execute. - No services can be started (binding services is still okay, as this is outside dependencies on the app that should still be represented). - All alarms for the app are cancelled and no more can be set. - All jobs for the app are cancelled and no more can be scheduled. - All syncs for the app are cancelled and no more can be requested. Change-Id: If53714ca4beed35faf2e89f916ce9eaaabd9290d
/frameworks/base/core/java/android/app/AppOpsManager.java
|
759a763f5f03fda86b96d238faedb870fbee24ec |
|
29-Oct-2015 |
Makoto Onuki <omakoto@google.com> |
Allow DO to disable camera device-wise. Bug 24538855 Change-Id: I421690f14ee57fa818d2b233fe48a90a0a575a9e
/frameworks/base/core/java/android/app/AppOpsManager.java
|
f3f02ac931d04e6ba4393e27558cd317cb1e6b44 |
|
08-Sep-2015 |
Svetoslav <svetoslavganov@google.com> |
Add get_accounts app op For each runtime permission we have an app op to toggle the permission for legacy apps as they cannot handle permission revocations. We were lacking an app op for get_accounts which prevented the user from controlling access to accounts regardelss that they change the state of the permission toggle in the UI. Even worse the permission UI is written with the assumption that every runtime permission has an app op and as a result revoking the contacts group (if the app requests the get_accounts permission) is reset back to allowed in the UI. bug:23854618 Change-Id: I12b83dfd22974d130e5b8e7a195421120813e2db
/frameworks/base/core/java/android/app/AppOpsManager.java
|
8dbd48485044b1ab25fb8fb5e8e9b9772a3478c4 |
|
01-Aug-2015 |
Svetoslav Ganov <svetoslavganov@google.com> |
Merge "Add per UID control to app ops." into mnc-dev
|
2af5708ab0e55fe68f1810cefdc6e3889233c186 |
|
30-Jul-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add per UID control to app ops. The app ops mananger service maintains a mapping from UID to a list of packages where each package is mapped to a list of non-default app op states (default states are inferred and not stored). Hence, specifying the app op state for a UID requires setting the app op for each package in the shared UID. This is problematic when installing new packages if there is a non-default app op policy set for another already installed package in the same UID as the app op for the new package has to be updated to be in sync. The package installer cannot do this as it is in another process and the app op update will not be atomic. Therefore, the app ops manager service has to support specifying app op policy on a per UID basis. We now have a UID state object that contains the per package non-default app op states as well as the per uid non-default app op states. If there is a UID policy specified then it takes precedence over the per package one. Even further, changing the uid policy updates the package policies in this UID if the state is non-default. Changing a package app op state also updates the app op state for the whole UID if the per UID policy for this op is non-default. Clearing the app op state for a package, clears the policy for the UID as well. bug:22802981 Change-Id: I78044906d9fcc6066abf07e706c2c88f3397d293
/frameworks/base/core/java/android/app/AppOpsManager.java
|
6ad2d66072795dd9836350b273dcde52910ab4c3 |
|
18-Jul-2015 |
Billy Lau <billylau@google.com> |
Bug: 21589105 Rescope WRITE_SETTINGS permission (framework services perm check changes) AppOpsManager: Changed the default operating mode for WRITE_SETTINGS to MODE_DEFAULT from MODE_ALLOWED. packages/SettingsProvider: We no longer do static permission checks for WRITE_SETTINGS in early checks and defer that to app op when MODE_DEFAULT is returned. For some operations, checking against WRITE_SECURE_SETTINGS is sufficient. ActivityManagerService & PowerManagerService: Incorporated app op checks and handled the MODE_DEFAULT case. provider/Settings: Added helper function to do checks on whether app ops protected operations can be performed by a caller. This includes checks for WRITE_SETTINGS and SYSTEM_ALERT_WINDOW. Also added a public API (with javadocs) for apps to query if they can modify system settings. Changed the javadocs description for ACTION_MANAGE_WRITE_SETTINGS and ACTION_MANAGE_OVERLAY_PERMISSION. Added public API (with javadocs) for apps to query whether they can draw overlays or not, and also javadocs description on how to use that check. Change-Id: I7b651fe8af836c2074defdbd6acfec3f32acdbe9
/frameworks/base/core/java/android/app/AppOpsManager.java
|
24b9c8314bf67637daf0d3b28440e0d5f08502c2 |
|
20-Jul-2015 |
Billy Lau <billylau@google.com> |
Bug: 22598083 Document how apps can detect WRITE_SETTINGS or SYSTEM_ALERT_WINDOW through AppOps Expose OP_STR strings that describes the ops for WRITE_SETTINGS and SYSTEM_ALERT_WINDOW permissions such that apps can query AppOpsManager whether this capability is turned on or off by the user. Change-Id: I0e7a6f39e02389290232e450624b40ffb255abfb
/frameworks/base/core/java/android/app/AppOpsManager.java
|
008409a2ea1feed095d53ce51429e4fed964c50c |
|
16-Jul-2015 |
Billy Lau <billylau@google.com> |
Merge "Bug: 21589105 Rescoping SYSTEM_ALERT_WINDOW..." into mnc-dev
|
060275ffc7fbfc72b19871f7dd7aefb61a81a1fc |
|
15-Jul-2015 |
Billy Lau <billylau@google.com> |
Bug: 21589105 Rescoping SYSTEM_ALERT_WINDOW... AppOpsManager: Changed the default mode for SYSTEM_ALERT_WINDOW to MODE_DEFAULT instead of MODE_ALLOWED. Otherwise, an app that did not declare for this permission will actually be allowed to perform OP_SYSTEM_ALERT_WINDOW, which is undesirable. This change also allows callers to make their own decision based on the current policy (M vs pre-M apps). policy/PhoneWindowManager: Added additional checks that will handle MODE_DEFAULT - this happens when an app is newly installed but not yet configured. wm/WindowManagerService: Enriched some checks to include the treatment of MODE_DEFAULT - this will allow pre-M apps uninterupted capability to draw on top of other apps. Change-Id: I8de77730e158c97587427820cfba721bd5607bea
/frameworks/base/core/java/android/app/AppOpsManager.java
|
280a64e793d081847c5dcea23ed9be38aa5332d2 |
|
13-Jul-2015 |
Dianne Hackborn <hackbod@google.com> |
Improve tracking of screen on reasons. - New screen on app op to record the last time each app has caused the screen to be turned on. - New battery stats event that tells us the reason the screen has been asked to turn on. - Propagate out power manager API to specify the reason a caller is asking to have the screen turned on. Note that currently the window flag to turn the screen on bypasses much of this because it is being handled in the window manager by just directly telling the power manager to turn the screen on. To make this better we need a new API where it can specify who it is calling the API for. Change-Id: I667e56cb1f80508d054da004db667efbcc22e971
/frameworks/base/core/java/android/app/AppOpsManager.java
|
99b6043dad9d215cf15810b885b6b8c215dd5b5a |
|
27-Jun-2015 |
Svet Ganov <svetoslavganov@google.com> |
Teach receivers, activities, providers, and services app ops. Perform app op check in addition to the permisison check for all four paltform components - activities, content providers, broadcast receivers, services - if they are guarded by a permssion that has an associated app op. This ensures that legacy apps will behave correctly if the permission of the caller has been revoked, i.e. the app op for that permission was disabled. bug:22199666 Change-Id: Ia22d1c38d58b3cd6aabdc655cb7c7bddd85da7a2
/frameworks/base/core/java/android/app/AppOpsManager.java
|
921c7dfc80e6872014e7d6a033f148a4c2a5f87f |
|
30-Jun-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add read/write external storage app ops bug:22104418 Change-Id: Ic9088f95bc02622c1163c1393e44382df6597707
/frameworks/base/core/java/android/app/AppOpsManager.java
|
715cf2ac0bcd44720096cc91709b690b4828f0df |
|
14-Jun-2015 |
Svet Ganov <svetoslavganov@google.com> |
Make AppOpsManager#permissionToOp API public We need this API to implement permission checker API in the support lib that takes into account both app ops and permissions. bug:21277214 Change-Id: I684fc002bb71ec5e1cd2994098faa0d2036297ac
/frameworks/base/core/java/android/app/AppOpsManager.java
|
f7e9cf4fb48ea80cbc5088204ac3f898109623f7 |
|
13-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Access mock location is no longer a runtime permission - framework The access mock location is no longer a runtime permission. It is a signature protected one that apps cannot get but the fact they request it means they want to inject location into the system. Now the user gets to choose the current mock location app in developer options from the apps that request the mock location permission. The access to mock location is no longer guarded by the permisson but from a new app op which is off by default and the settiings UI sets it to enabled only for the currently selected mock location app. bug:21078873 Change-Id: I19e3f9dc7c7de82eab46b30fec1abfbca54a0e59
/frameworks/base/core/java/android/app/AppOpsManager.java
|
b501330a1b6ef14ff512a5727f7a01bc423d6fbb |
|
18-Apr-2015 |
Fyodor Kupolov <fkupolov@google.com> |
Disable multi-user background recording On user switch, kill existing processes of the background user with android.permission.RECORD_AUDIO permission. Home activity should not be killed to avoid an expensive restart of the home launcher, when the user switches back. Introduced DISALLOW_RECORD_AUDIO user restriction, which is enabled for the background user, and removed for the foreground user. Introduced a concept of system controlled user restriction, which can only be set by the system, rather than device administrator. Bug: 20346194 Change-Id: Ic942fd565e80d14424230dae612965a8e229c4ef
/frameworks/base/core/java/android/app/AppOpsManager.java
|
4a64b19f239b6bff82a032329ce5781681843044 |
|
05-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Merge "Permission UI - legacy apps support" into mnc-dev
|
019d2304998f3ed77c0a608df6cf4bea1138f8dc |
|
04-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Permission UI - legacy apps support Change-Id: Id3f98c138422d33868363d587dd196898b42a0d4
/frameworks/base/core/java/android/app/AppOpsManager.java
|
ede431678e5f6ccf9d038479e84ea66da3f821e3 |
|
03-May-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add read cell broadcast app op - framework Change-Id: Icecc9d918db55493ada7a0faa6bfcc41d4114bbd
/frameworks/base/core/java/android/app/AppOpsManager.java
|
b9d71a6f89b1183f6389b1774652445a420c6cbf |
|
30-Apr-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add body sensors app op - framework base Change-Id: Idd5cd573fab3405e5b2a6e51d2d9d115650826e9
/frameworks/base/core/java/android/app/AppOpsManager.java
|
3327f3d6886a96ad70f4e96e4b7c26b9555429b6 |
|
30-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Merge "Add use fingerprint app op - framework" into mnc-dev
|
729d0a06eaaa40f5be4d9dc5bd580f525ba8360e |
|
30-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Merge "Add process outgoing calls app op - framework" into mnc-dev
|
c27b3fca8258c3d7c27b42b4f6978d91f09dcb52 |
|
30-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Merge "Add SIP app op - framework." into mnc-dev
|
6e8f67c444d45fc71483a98e101b6e4d041c51a6 |
|
30-Apr-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add permission to ap op mappings for all runtime permissions. Change-Id: I1b41fac9405352f135b3d0137cc924ce51388e1e
/frameworks/base/core/java/android/app/AppOpsManager.java
|
4af76a51d5082c740609563e07cf35f30bc2224e |
|
30-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Add use fingerprint app op - framework Change-Id: Ibbd1c70e1fc771b804a8b0099d29d4fbd8360966
/frameworks/base/core/java/android/app/AppOpsManager.java
|
c656e6fba6c804b26a4453698808b3029c670244 |
|
29-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Add process outgoing calls app op - framework Change-Id: If662b47372a1ddb6ff60ccdbd910192577abc924
/frameworks/base/core/java/android/app/AppOpsManager.java
|
5335b6793cb8cb57c6b034c57bac23ebc599179d |
|
29-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Add SIP app op - framework. Change-Id: Iac552a12e0ed5d1cf585179430c468d8603b6c01
/frameworks/base/core/java/android/app/AppOpsManager.java
|
fbf01f77969c1b46d1ffb517a142381c9a914eb8 |
|
29-Apr-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add API to get app op for a permission Change-Id: Id75d8fca6654c694fb78d1b4a3564b01e90a4e78
/frameworks/base/core/java/android/app/AppOpsManager.java
|
c3300090f5967daa31878edd41fdbd35b37e2bda |
|
17-Apr-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add OP_ADD_VOICEMAIL app op - framework Change-Id: Id21063b93958c9e372dcbaac8ff9f4fa8b5f0cb3
/frameworks/base/core/java/android/app/AppOpsManager.java
|
6c589570c44752d96f35620de271ccae7d32502d |
|
17-Apr-2015 |
Svetoslav <svetoslavganov@google.com> |
Remove unnecessary WRITE_SMS permission - framework Currently only one app can write to the SMS provider and it has to be set as the default SMS app by the user in the UI. The default SMS app is set by enabling the write SMS app op for it and keeping this op off for other SMS apps. Hence, this permission does not guard anything and can be taken out. The API change is fine as if an app refers to the permission in the manifest as string it will be ignored and if it was referred in Java the value is statically compiled in the source. Change-Id: I1128c3b034e6c7dda4baa051500ac1ef46a53575
/frameworks/base/core/java/android/app/AppOpsManager.java
|
16a16899505ec0a9ede5b76650bfb8817b3227c7 |
|
16-Apr-2015 |
Svet Ganov <svetoslavganov@google.com> |
Add OP_READ_PHONE_STATE app op - framework The READ_PHONE_STATE permission protects PII information and is in the Phone group. This change is adding the corrseponding app op for gating access to the API guarded by READ_POHNE state which will be used instead as an access control for legacy apps. Change-Id: I2ff895a5a0e529f26ec0ad706266a30d829268ba
/frameworks/base/core/java/android/app/AppOpsManager.java
|
d59a5d59df920d743723521a2afed9de1da3373b |
|
04-Apr-2015 |
Dianne Hackborn <hackbod@google.com> |
Various fixes and improvements... Issue #19912529: VI: VoiceInteractor callback ClassCastException Fix to use correct argument. Issue #19912636: VI: Documentation for VoiceInteractionSession.onBackPressed Added documentation. Issue #19912703: VI: VoiceInteractionSession NPE on Abort Request Maybe fix this -- don't crash if there is no active session. Issue #19953731: VI: Add value index to... ...android.app.VoiceInteractor.PickOptionRequest.Option There is now an optional index integer that can be associated with every Option object. Issue #19912635: VI: Behavior of startActivity when in voice... ...interaction is unexpected We now forcibly finish the current voice interaction task whenever another activity takes focus from it. Issue #20066569: Add API to request heap dumps New ActivityManager API to set the pss limit to generate heap dumps. Also added app ops for assist receiving structure and screenshot data, so that we can track when it does these things. Change-Id: I688d4ff8f0bd0b8b9e3390a32375b4bb7875c1a1
/frameworks/base/core/java/android/app/AppOpsManager.java
|
f3ece36535d4999cf2bfd2175a33da6c3cdf298e |
|
11-Feb-2015 |
Benjamin Franz <bfranz@google.com> |
Block setting wallpapers from managed profiles. Silently fail when a managed profile app tries to change the wallpaper and return default values for getters in that case. This is implemented through a new AppOp that is controlled by a new user restriction that will be set during provisioning. Bug: 18725052 Change-Id: I1601852617e738be86560f054daf3435dd9f5a9f
/frameworks/base/core/java/android/app/AppOpsManager.java
|
7b7c58b3842d47c4c8df4876e2e2248c58477d97 |
|
03-Dec-2014 |
Dianne Hackborn <hackbod@google.com> |
Work on issue #18572506: AppOps in-memory state is invalid after... ...uninstalling updates to a system app Things seem to be working fine, however we were not as aggressive at writing out the current state in this case as we probably should be. Also introduce more features to the appops command, which are useful for testing this. Change-Id: I177a9cc0e16e98b76fee0d052d742e06842bb3f9
/frameworks/base/core/java/android/app/AppOpsManager.java
|
5064e7c70c54000abc0b37fda9caa8d71407f2f4 |
|
02-Sep-2014 |
Dianne Hackborn <hackbod@google.com> |
Add public constant for usage stats app op. Change-Id: Ibc031b50e9fa4f1bd0955e0afd98e8b1bd77b905
/frameworks/base/core/java/android/app/AppOpsManager.java
|
05542603dd4f1e0ea47a3dca01de3999a9a329a9 |
|
11-Aug-2014 |
Jeff Davidson <jpd@google.com> |
Less intrusive VPN dialog and other UX tweaks. -The ability to launch VPNs is now sticky; once approved by the user, further approvals are not needed UNLESS the connection is revoked in Quick Settings. -The old persistent notification has been removed in favor of the new Quick Settings UI. -The name of the VPN app is now pulled from the label of the VPN service rather than the app itself, if one is set. Bug: 12878887 Bug: 16578022 Change-Id: I102a14c05db26ee3aef030cda971e5165f078a91
/frameworks/base/core/java/android/app/AppOpsManager.java
|
b5cf61be7c82392a6f34f53d97c8382d9a0f0b3a |
|
19-Aug-2014 |
Adam Lesinski <adamlesinski@google.com> |
Add Shell command to set AppOps permissions Change-Id: I6446543b27f0d2d2e69590a2807e713c6d5ccbbc
/frameworks/base/core/java/android/app/AppOpsManager.java
|
15f83c6f64e26a74acf9b75ce41d39870d5a5b7a |
|
13-Aug-2014 |
Yorke Lee <yorkelee@google.com> |
Disable call log for users with DISALLOW_OUTGOING_CALLS restriction Bug: 16217514 Change-Id: Iacd5699d0a540ca0e5a678662379bf8c611f7462
/frameworks/base/core/java/android/app/AppOpsManager.java
|
41c1ded7f042a4cf303479550b38fa66d7a18906 |
|
05-Aug-2014 |
Amith Yamasani <yamasani@google.com> |
Allow phone UID to export singleton providers Also add a user variant of replacePreferredActivity for use by SmsApplication. Map user restrictions for SMS/MMS to AppOps perms. Bug: 16681533 Change-Id: I3dfed5fc754e33bb51c6f571851653a7c2770e46
/frameworks/base/core/java/android/app/AppOpsManager.java
|
33f5ddd1bea21296938f2cba196f95d223aa247c |
|
22-Jul-2014 |
Dianne Hackborn <hackbod@google.com> |
Add permissions associated with app ops. Change-Id: I575ad7a3ceea59486ca601f69760b14f6269511d
/frameworks/base/core/java/android/app/AppOpsManager.java
|
7b41467704f941b11af6aace3e40993afc7f6c6f |
|
18-Jul-2014 |
John Spurlock <jspurlock@google.com> |
Zen mode filtering should use new usage constants. Refactor stream-based calls to usage-based calls. Bug:15279516 Change-Id: I3f7757d8123c14670e2ad5f8e6aa4e9803efe7ec
/frameworks/base/core/java/android/app/AppOpsManager.java
|
c39d47a8e7c74bd539104b0efab898ef6fc43ddf |
|
09-Jul-2014 |
Michael Wright <michaelwr@google.com> |
Add MediaProjection APIs. The new MediaProjection infrastructure allows the system to hand out tokens granting the ability to capture the screen's contents, audio, etc. at a granular level. It's intended to be used both for screen casting, via the cast APIs, as well as screen sharing via third party applications. The screen sharing case is implemented, but all of audio capturing is still forthcoming. Change-Id: I4b24669bed7083e11413c10ed8d6b025f5375316
/frameworks/base/core/java/android/app/AppOpsManager.java
|
9854d5764887351a703568192a2ce7227cae03b5 |
|
02-Jul-2014 |
Julia Reynolds <juliacr@google.com> |
Map location-based op codes to UserManager.DISALLOW_SHARE_LOCATION. Bug: 15928422 Change-Id: I9c59599d3bd2026277dcb382c92d23deec950d40
/frameworks/base/core/java/android/app/AppOpsManager.java
|
1c7c319bb89b9988bfd12afc3e8d89449fd163fc |
|
26-Jun-2014 |
Jason Monk <jmonk@google.com> |
User restriction for disallowing window creation Block any types of windows that could by used by apps to create views on top of a locked app. This can be used by device admins in conjunction with lock task mode. Added a way for system (and priv apps) to bypass user restrictions for specified op codes. Bug: 15279535 Change-Id: I2381530ef6226a5bb32a99bb4030baafb39bf564
/frameworks/base/core/java/android/app/AppOpsManager.java
|
22c921a910d236abf3a1705a02541a49fdaf3a14 |
|
28-May-2014 |
Emily Bernier <ember@google.com> |
Add an app ops code for microphone muting. When OP_AUDIO_MICROPHONE (linked to the DISALLOW_UNMUTE_MICROPHONE user restriction) is set, the system blocks calls to setMicrophoneMute. Bug: 13585692 Change-Id: Ib32138bcc256cfbac4fe21a090d5ba34f5c641fc
/frameworks/base/core/java/android/app/AppOpsManager.java
|
45775c4f93ccac604dcd5b027c8201872bbd0d46 |
|
16-May-2014 |
Emily Bernier <ember@google.com> |
Connect user audio restrictions to app ops. Setting DISALLOW_ADJUST_VOLUME sets the relevant app ops as well, blocking calls in AudioService. Change-Id: I256b294465fc2e8b93cb0389b21299eacf0efb95
/frameworks/base/core/java/android/app/AppOpsManager.java
|
62062996dd256df8b575b2ba1f0bf97109c4e0ba |
|
06-May-2014 |
Jason Monk <jmonk@google.com> |
Notify AppOpsService of UserRestrictions and Owners This makes the DevicePolicyManagerService and UserManagerService push the DeviceOwner/ProfileOwners and user restrictions on boot as well as on any change. This also adds a list of restrictions that allow any op to connected with a user restriction such that it will return MODE_IGNORED when the user restriction is present (except for the device/profile owner). Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c
/frameworks/base/core/java/android/app/AppOpsManager.java
|
e22b3b143240f0f18e3d6d3c06686ad3c23b131b |
|
08-May-2014 |
Dianne Hackborn <hackbod@google.com> |
Usage stats! Start reworking the usage stats service to be able to have an API we can publish. The basic information it keeps is still the same, though that will be changing in the future. The one big addition here is that we are also now collecting configuration usage stats. Also introduce the start of an access model for usage stats, using app ops. There is an new app op that gives an application access to usage stats even if it normally wouldn't have it, disabled by default. Change-Id: I6ead28e18a7f08eafd057d6ff37dd9cb216358f4
/frameworks/base/core/java/android/app/AppOpsManager.java
|
1af30c7ac480e5d335f267a3ac3b2e6c748ce240 |
|
10-Mar-2014 |
John Spurlock <jspurlock@google.com> |
Add stream-level suppression to vibrate/audio services. - Add new audio restriction layer to app-ops. Restrictions add additional constraints to audio operations at a stream-level. Restrictions do not affect the persistable state, and are purely additive: that is, they can only impose additional contstraints, not enable something that has already been disabled. Restrictions also support a whitelisted set of exempt package names. - Add new audio stream-level checks to app-ops. - Implement a provisional OP_PLAY_AUDIO suppression to three java entry points MediaPlayer, AudioTrack, & SoundPool. - Enhance vibrator api to take stream information as an optional hint - the constants correspond to AudioManager stream types. OP_VIBRATE now supports the stream-level restriction check. - Simplify Vibrator subclasses by adding default implementations for two .vibrate calls. - Migrate NoMan's zen-mode control to use the new app-ops stream-level restriction mechanism. Change-Id: Ifae8952647202f728cf1c73e881452660c704678
/frameworks/base/core/java/android/app/AppOpsManager.java
|
75985bbe2f04519cc663db7ad54e8e69f3eabfc0 |
|
14-Mar-2014 |
John Spurlock <jspurlock@google.com> |
am 62826f55: am f6228d95: Merge "Fix doc typos in AppOpsManager.java" into klp-docs * commit '62826f55be4415684b4e321469298ba43d598bbb': Fix doc typos in AppOpsManager.java
|
925b85eae8ee605ef33bb8cca1018e474cef402a |
|
10-Mar-2014 |
John Spurlock <jspurlock@google.com> |
Fix doc typos in AppOpsManager.java Change-Id: I3c930a2afce48c57570681a95595149df5158053
/frameworks/base/core/java/android/app/AppOpsManager.java
|
fa06d03edf7b40f62615c58233dbdf135bac11df |
|
08-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am 0b8fd029: am a299862d: Merge "Fix App Ops permission mapping structure." * commit '0b8fd029c052784d4adee940eaa904a339db6716': Fix App Ops permission mapping structure.
|
0b8fd029c052784d4adee940eaa904a339db6716 |
|
08-Oct-2013 |
Nick Kralevich <nnk@google.com> |
am a299862d: Merge "Fix App Ops permission mapping structure." * commit 'a299862dd2d46fda54678df07db66bef1a63bb9b': Fix App Ops permission mapping structure.
|
f97616c7baf989919a44c04a4bf3852f1b32ce06 |
|
07-Oct-2013 |
Robert Craig <rpcraig@tycho.ncsc.mil> |
Fix App Ops permission mapping structure. The entry to map the post notification op to a permission is at the wrong offset within the sOpPerms array. This patch fixes the issue. Change-Id: Ia241d274e484b6a24edbfb17b87bb887b61f1ee1 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
/frameworks/base/core/java/android/app/AppOpsManager.java
|
e4cb66fd77084b2642e519bb7f4c27ae7ef95939 |
|
02-Oct-2013 |
Dianne Hackborn <hackbod@google.com> |
Fix issue #11044267: AppOpsManager.startWatchingMode should take a String Change-Id: I193a738f2e4ef147c22fb46cfa34ec14ad95d192
/frameworks/base/core/java/android/app/AppOpsManager.java
|
8828d3a153e28fe631edcd5145e6cc706e0b34c8 |
|
26-Sep-2013 |
Dianne Hackborn <hackbod@google.com> |
Fix issue #10919261: Don't clear OP_WRITE_SMS when resetting app prefs Add a new array indicating whether each op allows itself to be reset, and use it. Change-Id: I494f630bda170e061196a380563512e9e77b51a8
/frameworks/base/core/java/android/app/AppOpsManager.java
|
9bb0ee9131b0fa8cf2720f200575ba2ede48a65c |
|
22-Sep-2013 |
Dianne Hackborn <hackbod@google.com> |
Issue #10461551: KLP API Review: AppOpsManager Changed public constants from integers to strings. Internally everything is still integers, since we want that more efficient representation for most things. Changed the Callback interface to OnOpChangedListener. We also have a private versin that again takes an int, and tricks to make both work. Reworked the class documentation to be appropriate to the SDK (as much as it can be); most of the existing documentation is moved to the private implementation. Also added documentation of the MODE constants. Change-Id: I4f7e73cc99fe66beff9194e960e072e2aa9458f8
/frameworks/base/core/java/android/app/AppOpsManager.java
|
f5d831915dd11e77cdcf5669228c55fe17a21c5e |
|
16-Sep-2013 |
David Braun <dabraun@google.com> |
Implement new method for handling SMS/MMS on the platform Multi project change: The changes in this project add the new (hidden) default sms application setting to Settings.Secure and updates AppOps to support the concept of an op defaulting to something other than allowed. OP_WRITE_SMS is set to default to MODE_IGNORED. Bug: 10449618 Change-Id: I37619784ac70c27cf9fbcbfcac1b263398bc4e01
/frameworks/base/core/java/android/app/AppOpsManager.java
|
95d785346b4dae808a2d8f77356175e55a572d96 |
|
11-Sep-2013 |
Dianne Hackborn <hackbod@google.com> |
Fix issue #10688644: Java crash in com.android.phone: java.lang.SecurityException: Operation not allowed There was a situation I wasn't taking into account -- components declared by the system has a special ability to run in the processes of other uids. This means that if that code loaded into another process tries to do anything needing an app op verification, it will fail, because it will say it is calling as the system package name but it is not actually coming from the system uid. To fix this, we add a new Context.getOpPackageName() to go along-side getBasePackageName(). This is a special call for use by all app ops verification, which will be initialized with either the base package name, the actual package name, or now the default package name of the process if we are creating a context for system code being loaded into a non-system process. I had to update all of the code doing app ops checks to switch to this method to get the calling package name. Also improve the security exception throw to have a more descriptive error message. Change-Id: Ic04f77b3938585b02fccabbc12d2f0dc62b9ef25
/frameworks/base/core/java/android/app/AppOpsManager.java
|
b776122a8aa9fd082fa8aaa216c8a589d709c4c9 |
|
10-Sep-2013 |
David Braun <dabraun@google.com> |
Merge "Factor out read/write SMS settings seperate from send/receive." into klp-dev
|
18966a8dd8dfae553eaaafa87a656af3b7518fc6 |
|
10-Sep-2013 |
David Braun <dabraun@google.com> |
Factor out read/write SMS settings seperate from send/receive. Change-Id: I161782b1508be433c910ec13c0b18e728bf7d2ba
/frameworks/base/core/java/android/app/AppOpsManager.java
|
911d7f411f36f2279aae44c89ff1d33a29140046 |
|
06-Sep-2013 |
Jeff Sharkey <jsharkey@android.com> |
Provide calling package to ContentProviders. The calling package is important for ContentProviders that want to grant Uri permissions as a side effect of operations, so offer it through a new API. Validates the provided package against the calling UID before returning. Bug: 10626527 Change-Id: I7277880eebbd48444c024bcf5f69199133cd59e4
/frameworks/base/core/java/android/app/AppOpsManager.java
|
0770f9ef66f6e0d8724c972fbdce81aae6de2ca1 |
|
03-Aug-2013 |
Dianne Hackborn <hackbod@google.com> |
resolved conflicts for merge of c8911ddd to master Change-Id: I790b547268a23848577199256fc5abc9bdb7abb8
|
607b414d0444067e166fa54d8ea37563f2715ea3 |
|
03-Aug-2013 |
Dianne Hackborn <hackbod@google.com> |
Add new app ops method to reset all op modes. Change-Id: I5ee6764de8dc31d812e5a788914ab0099bbef4c0
/frameworks/base/core/java/android/app/AppOpsManager.java
|
0b8374501975aecd7a628336e2f7e53c272ebeea |
|
30-Jul-2013 |
David Christie <dnchrist@google.com> |
Add new app op to monitor high power location requests. This is a new op parallel to the existing OP_MONITOR_LOCATION but only tracks those requests deemed to be above a power threshold. Change-Id: I76fe4d9d2e550293b9da6d5cf902a5b4dd499f0f
/frameworks/base/core/java/android/app/AppOpsManager.java
|
e98f5dbe6b6f9f2cb6a73ee750faacda2596b34f |
|
18-Jul-2013 |
Dianne Hackborn <hackbod@google.com> |
Make it safe to use start/stop app ops outside of system proc We now keep track of all of the active start operations per non-system process, so they can be cleaned up if the process goes away. Change-Id: I9d05f1e0281c47dbe1213de014f0491f1359685c
/frameworks/base/core/java/android/app/AppOpsManager.java
|
3e82ba1a67b0c756ab6a289985f4cfc53725b311 |
|
16-Jul-2013 |
Dianne Hackborn <hackbod@google.com> |
Make ArrayMap public! :) Also do some tweaking of the various container classes to synchronize them with the support lib and make it easier to copy code between the two. And update activity/fragment to use ArrayMap. Change-Id: I3cfe82392a17119dfc72c3d9961f64e1914f42be
/frameworks/base/core/java/android/app/AppOpsManager.java
|
1304f4ae32cf7121fe11e95f2a7151ea208b6cca |
|
10-Jul-2013 |
Dianne Hackborn <hackbod@google.com> |
Add new location monitoring op, make some of app ops public. The new location monitoring op is to tell us when an application is monitoring for any location changes. It may be useful information in addition to the more explicitly information about when location data actually goes to the app. Also make parts of AppOpsManager public for use by gcore. It is not available to third party apps. Change-Id: Ib639f704258ffdd7f3acd7567350ed2539da628a
/frameworks/base/core/java/android/app/AppOpsManager.java
|
713df150b92a0a5eea877f99405e31eefbf93a09 |
|
17-May-2013 |
Dianne Hackborn <hackbod@google.com> |
Add app ops for wake locks. Currently only supports auditing, not disabling. Change-Id: Ie85f02c29b490d96e073f54d59e165d48c7c00c9
/frameworks/base/core/java/android/app/AppOpsManager.java
|
ba50b97cff80e73620a0e3d13cae169e095974a7 |
|
01-May-2013 |
Dianne Hackborn <hackbod@google.com> |
Add new app ops for various interesting audio service things. Media buttons: note when an application tries to take ownership of the media buttons. Audio focus: note when an application tries to take audio focus. Volume levels: note changes to the volume level of the various streams. Maybe we should also have some ops for muting streams, soloing streams, etc? Change-Id: I79a5d477b0bad4ff61486cdb73ffb1196a674964
/frameworks/base/core/java/android/app/AppOpsManager.java
|
efcc1a23a1f731390ef8506b3536b9562d18ed78 |
|
26-Feb-2013 |
Dianne Hackborn <hackbod@google.com> |
App ops: adding operations for reading/writing clipboard. Change-Id: Ic4cade153618fe86954754a3b3edde64a52a0a9c
/frameworks/base/core/java/android/app/AppOpsManager.java
|
d7d28e675ea7aac151c0c302d233b476537af946 |
|
12-Feb-2013 |
Dianne Hackborn <hackbod@google.com> |
App ops: media ops, set up to be callable from native code. This is to help implementation of bug #8181262 and maybe bug #8181261 Adds some definition for media ops (though nothing is yet using them), and re-arranges things a bit so we can implement native calling in to the app ops service. Also add some java docs. Change-Id: I637959745db820e676f23a35a5d2224f51bc6689
/frameworks/base/core/java/android/app/AppOpsManager.java
|
fde19b106b2b77bc3540b04445357870caf878b5 |
|
17-Jan-2013 |
Daniel Sandler <dsandler@android.com> |
New API to request a list of current notifications. The ACCESS_NOTIFICATIONS permission is signature|system only. Change-Id: I41338230aee9611117cbdac251c1b6b6c3cebf00
/frameworks/base/core/java/android/app/AppOpsManager.java
|
c2293025a25e04b26bf53713d71f85fd9ca5e8e9 |
|
07-Feb-2013 |
Dianne Hackborn <hackbod@google.com> |
App ops: track system windows, monitoring changes. Change-Id: I273e82bdad66ada3bf0f7ec9176bc304b9ee1ee8
/frameworks/base/core/java/android/app/AppOpsManager.java
|
961321fe4ed4431a6362d729d9e4ea26bdecde61 |
|
06-Feb-2013 |
Dianne Hackborn <hackbod@google.com> |
App ops: add op for writing settings. Also fix a build. And fix a bug that I think was introduced in the multi-user work that removed the permission check for writing to settings...! Change-Id: I5945682faa789ffc78fd3546c0df7d03693f106d
/frameworks/base/core/java/android/app/AppOpsManager.java
|
f51f61269aacdfcf737b2c32b6b216c48ab61e65 |
|
05-Feb-2013 |
Dianne Hackborn <hackbod@google.com> |
App ops: new operations for SMS. Implementation required a new framework feature to associate an app op with a broadcast. Change-Id: I4ff41a52f7ad4ee8fd80cbf7b394f04d6c4315b3
/frameworks/base/core/java/android/app/AppOpsManager.java
|
f265ea9d8307282ff1da3915978625a94fc2859e |
|
01-Feb-2013 |
Dianne Hackborn <hackbod@google.com> |
App ops: vibration, neighboring cells, dialing, etc. Improve handling of vibration op, so that apps are better blamed (there is now a hidden vibrator API that supplies the app to blame, and the system now uses this when vibrating on behalf of an app). Add operation for retrieving neighboring cell information. Add a new op for calling a phone number. This required plumbing information about the launching package name through the activity manager, which required changing the internal startActivity class, which required hitting a ton of code that uses those internal APIs. Change-Id: I3f8015634fdb296558f07fe654fb8d53e5c94d07
/frameworks/base/core/java/android/app/AppOpsManager.java
|
4a900acdef4559f9f84ca7e2bce45485215fc130 |
|
30-Jan-2013 |
Daniel Sandler <dsandler@android.com> |
Migrate package notification restrictions to AppOps. Change-Id: I23064ce3014d2446d009bbdff92b301280e8b989
/frameworks/base/core/java/android/app/AppOpsManager.java
|
5e45ee6752528791deb66b83d76250685de15d47 |
|
25-Jan-2013 |
Dianne Hackborn <hackbod@google.com> |
App ops: you can now turn off operations. Also add new ops for calendar and wi-fi scans, finish implementing rejection of content provider calls, fix issues with rejecting location calls, fix bug in the new pm call to retrieve apps with permissions. Change-Id: I29d9f8600bfbbf6561abf6d491907e2bbf6af417
/frameworks/base/core/java/android/app/AppOpsManager.java
|
72e3983d38f656cfa8c7a038eb80bdd9ea06768e |
|
19-Jan-2013 |
Dianne Hackborn <hackbod@google.com> |
New API to get app op information about a single package. Change-Id: I986453d9bb4161da467fb820b12502464e936483
/frameworks/base/core/java/android/app/AppOpsManager.java
|
d8e1dbb6bc1fbaf4f2e38c3ba92ced94270deaac |
|
18-Jan-2013 |
Dianne Hackborn <hackbod@google.com> |
Rework ParceledListSlice to be much easier to use. Take advantage of this to return better information about packages filtered by permissions -- include the permissions they have in the requested array. Also fix issue #8026793 (Contact picture shows default pic while searching for a contact in qsb) by using the base package name of the Context when reporting the app name of an operation. Otherwise you could make a resource-only context for another application and do calls through that and get reported as the wrong app. Change-Id: I5e0488bf773acea5a3d22f245641828e1a106fb8
/frameworks/base/core/java/android/app/AppOpsManager.java
|
35654b61e8fe7bc85afcb076ddbb590d51c5865f |
|
15-Jan-2013 |
Dianne Hackborn <hackbod@google.com> |
More work on App Ops service. Implemented reading and writing state to retain information across boots, API to retrieve state from it, improved location manager interaction to monitor both coarse and fine access and only note operations when location data is being delivered back to app (not when it is just registering to get the data at some time in the future). Also implement tracking of read/write ops on contacts and the call log. This involved tweaking the content provider protocol to pass over the name of the calling package, and some infrastructure in the ContentProvider transport to note incoming calls with the app ops service. The contacts provider and call log provider turn this on for themselves. This also implements some of the mechanics of being able to ignore incoming provider calls... all that is left are some new APIs for the real content provider implementation to be involved with providing the correct behavior for query() (return an empty cursor with the right columns) and insert() (need to figure out what URI to return). Change-Id: I36ebbcd63dee58264a480f3d3786891ca7cbdb4c
/frameworks/base/core/java/android/app/AppOpsManager.java
|
a06de0f29b58df9246779cc4bfd8f06f7205ddb6 |
|
12-Dec-2012 |
Dianne Hackborn <hackbod@google.com> |
New "app ops" service. Initial implementation, tracking use of the vibrator, GPS, and location reports. Also includes an update to battery stats to also keep track of vibrator usage (since I had to be in the vibrator code anyway to instrument it). The service itself is only half-done. Currently no API to retrieve the data (which once there will allow us to show you which apps are currently causing the GPS to run and who has recently accessed your location), it doesn't persist its data like it should, and no way to tell it to reject app requests for various operations. But hey, it's a start! Change-Id: I05b8d76cc4a4f7f37bc758c1701f51f9e0550e15
/frameworks/base/core/java/android/app/AppOpsManager.java
|