Cross Reference: /frameworks/base/core/java/android/app/AppOpsManager.java

History log of /frameworks/base/core/java/android/app/AppOpsManager.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
e33f61319049810ae9cb318e2ba45e8a3449fb43	02-Jun-2016	Svetoslav Ganov <svetoslavganov@google.com>	Fix permissions update for VrListenerService on user changes. - Fixes a bug where we would not update the overlay restrictions if the VR listener we are bound to changes bug the VR enabled state doesn't. - Also fixed a case where the notification listener access and location permission were not granted/revoked for the correct user. For example, if a vr activity in one user calls a VR activity in another (possible for cross profiles) we end up not revoking the special access for the vr service in the first user. The notification listener setting was also updated for the system user instead of the user for which we grant/revoke specal access. - Properly remove the overlay restrictions for the old user if we transition from a vr actiivty in one user to a vr activity in a profile of this user. Bug: 29273985 Change-Id: Ib1de6f2f5445001ac61edca5c77ea3a066544307 /frameworks/base/core/java/android/app/AppOpsManager.java
33d03a9e435eb474e3bdd3e958943e0057866477	02-Jun-2016	Tony Mak <tonymak@google.com>	OP_ACTIVATE_VPN should not map to DISALLOW_CONFIG_VPN They are two different things. OP_ACTIVATE_VPN means can we allow a vpn app to establish without user interaction while DISALLOW_CONFIG_VPN means can the user modify vpn config. Testing: 1. Turn on DISALLOW_CONFIG_VPN, user cannot modify vpn config through setting 2. Turn on DISALLOW_CONFIG_VPN, Dpm.setAlwaysOnVpn works. 3. Reboot after 2, vpn established automatically. Bug: 29086229 Change-Id: I24899d6c7f0dd62bf441a44c6ee66fee35973a11 /frameworks/base/core/java/android/app/AppOpsManager.java
eaca4c5022fc2bde816ac58fe57d80f7e9706ead	06-May-2016	Svetoslav Ganov <svetoslavganov@google.com>	Properly map runtime permissions to app ops The code assumed mapping from a permission to an app op is one to one but this is not always the case. For example, READ_SMS is mapped to OP_READ_SMS and OP_READ_ICC_SMS which resulted mapping the READ_SMS permission to the OP_READ_ICC_SMS instead of OP_READ_SMS resulting in a failure to find the op name given the permission. This breaks the AppOpsManager.permissionToOp() API for READ_SMS returning null instead of OPST_READ_SMS. The consequence of this is that the apps that proxy permission protected operations may let the operations for READ_SMS go through as they would get a null app op, i.e. no app op while there is one and it can be disabled for the caller. bug:28620132 Change-Id: I92f8ef375ae2122b7266c50653ce73f3d90f4b28 /frameworks/base/core/java/android/app/AppOpsManager.java
ae0e03a9e03de34e37b768b971d7596d7220a053	26-Feb-2016	Svet Ganov <svetoslavganov@google.com>	Cleanup of the PackageInstaller API - Frameworks The PackageInstaller app manages side-loading apps as well as permission management. It should be updatable, hence should rely on system APIs to talk to the platform. This is the first step of defining an API boundary. Change-Id: I9814eafd0b22ae03b4b847a7007cdbf14c9e5466 /frameworks/base/core/java/android/app/AppOpsManager.java
29931bc684bde6b430923122777684178ee2681c	11-Mar-2016	Ruben Brunk <rubenbrunk@google.com>	Allow per-package exemptions for restricted AppOps - When setting blanket user restrictions, per-package exemptions may be granted. - Exempt the current active VrListenerService from the blanket restriction on drawing overlays while in VR mode. Bug: 26775563 Change-Id: I14b17a126502c7905a970ad42d25d6dd600b86b1 /frameworks/base/core/java/android/app/AppOpsManager.java
57b82f38c42d9926d0eb09d600480bebe54500ae	01-Mar-2016	Fyodor Kupolov <fkupolov@google.com>	Merge "Allow system to bypass DISALLOW_SHARE_LOCATION restriction" into nyc-dev
f8880561e67e1da246970b49b14285efd4164ab1	26-Feb-2016	Jeff Sharkey <jsharkey@android.com>	When system server goes down, crash apps more. Similar to first patch, but now using new "rethrowFromSystemServer()" method which internally translates DeadObjectException into DeadSystemException. New logic over in Log.printlns() now suppresses the DeadSystemException stack traces, since they're misleading and just added pressure to the precious log buffer space. Add some extra RuntimeInit checks to suppress logging-about-logging when the system server is dead. Bug: 27364859 Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123 /frameworks/base/core/java/android/app/AppOpsManager.java
639e73db9531257d993c9096c737908576aa9c50	25-Feb-2016	Fyodor Kupolov <fkupolov@google.com>	Allow system to bypass DISALLOW_SHARE_LOCATION restriction This is required for Bluetooth to work in Settings for restricted profiles with DISALLOW_SHARE_LOCATION restriction set. Bug: 23727276 Change-Id: I9aba7ce011ae856526fabd89c13ea9dd11f9a442 /frameworks/base/core/java/android/app/AppOpsManager.java
9cea80cdddbecadb304eb7c8373cf1ed397f433a	16-Feb-2016	Svet Ganov <svetoslavganov@google.com>	No overlay when permissions shown - framework bug:26973205 Change-Id: I88395e47649191bb7db6dd8723c49e741ef4f1e4 /frameworks/base/core/java/android/app/AppOpsManager.java
bef28feba57be7fd6a4d14a85a8229154338b2ed	30-Oct-2015	Dianne Hackborn <hackbod@google.com>	Initial stab at background check. Actually, this implementation is more what we want for ephemeral apps. I am realizing the two are not really the same thing. :( For this implementation, we now keep track of how long a uid has been in the background, and after a certain amount of time (currently 1 minute) we mark it as "idle". Any packages associated with that uid are then no longer allowed to run in the background. This means, until the app next goes in the foreground: - No manifest broadcast receivers in the app will execute. - No services can be started (binding services is still okay, as this is outside dependencies on the app that should still be represented). - All alarms for the app are cancelled and no more can be set. - All jobs for the app are cancelled and no more can be scheduled. - All syncs for the app are cancelled and no more can be requested. Change-Id: If53714ca4beed35faf2e89f916ce9eaaabd9290d /frameworks/base/core/java/android/app/AppOpsManager.java
759a763f5f03fda86b96d238faedb870fbee24ec	29-Oct-2015	Makoto Onuki <omakoto@google.com>	Allow DO to disable camera device-wise. Bug 24538855 Change-Id: I421690f14ee57fa818d2b233fe48a90a0a575a9e /frameworks/base/core/java/android/app/AppOpsManager.java
f3f02ac931d04e6ba4393e27558cd317cb1e6b44	08-Sep-2015	Svetoslav <svetoslavganov@google.com>	Add get_accounts app op For each runtime permission we have an app op to toggle the permission for legacy apps as they cannot handle permission revocations. We were lacking an app op for get_accounts which prevented the user from controlling access to accounts regardelss that they change the state of the permission toggle in the UI. Even worse the permission UI is written with the assumption that every runtime permission has an app op and as a result revoking the contacts group (if the app requests the get_accounts permission) is reset back to allowed in the UI. bug:23854618 Change-Id: I12b83dfd22974d130e5b8e7a195421120813e2db /frameworks/base/core/java/android/app/AppOpsManager.java
8dbd48485044b1ab25fb8fb5e8e9b9772a3478c4	01-Aug-2015	Svetoslav Ganov <svetoslavganov@google.com>	Merge "Add per UID control to app ops." into mnc-dev
2af5708ab0e55fe68f1810cefdc6e3889233c186	30-Jul-2015	Svet Ganov <svetoslavganov@google.com>	Add per UID control to app ops. The app ops mananger service maintains a mapping from UID to a list of packages where each package is mapped to a list of non-default app op states (default states are inferred and not stored). Hence, specifying the app op state for a UID requires setting the app op for each package in the shared UID. This is problematic when installing new packages if there is a non-default app op policy set for another already installed package in the same UID as the app op for the new package has to be updated to be in sync. The package installer cannot do this as it is in another process and the app op update will not be atomic. Therefore, the app ops manager service has to support specifying app op policy on a per UID basis. We now have a UID state object that contains the per package non-default app op states as well as the per uid non-default app op states. If there is a UID policy specified then it takes precedence over the per package one. Even further, changing the uid policy updates the package policies in this UID if the state is non-default. Changing a package app op state also updates the app op state for the whole UID if the per UID policy for this op is non-default. Clearing the app op state for a package, clears the policy for the UID as well. bug:22802981 Change-Id: I78044906d9fcc6066abf07e706c2c88f3397d293 /frameworks/base/core/java/android/app/AppOpsManager.java
6ad2d66072795dd9836350b273dcde52910ab4c3	18-Jul-2015	Billy Lau <billylau@google.com>	Bug: 21589105 Rescope WRITE_SETTINGS permission (framework services perm check changes) AppOpsManager: Changed the default operating mode for WRITE_SETTINGS to MODE_DEFAULT from MODE_ALLOWED. packages/SettingsProvider: We no longer do static permission checks for WRITE_SETTINGS in early checks and defer that to app op when MODE_DEFAULT is returned. For some operations, checking against WRITE_SECURE_SETTINGS is sufficient. ActivityManagerService & PowerManagerService: Incorporated app op checks and handled the MODE_DEFAULT case. provider/Settings: Added helper function to do checks on whether app ops protected operations can be performed by a caller. This includes checks for WRITE_SETTINGS and SYSTEM_ALERT_WINDOW. Also added a public API (with javadocs) for apps to query if they can modify system settings. Changed the javadocs description for ACTION_MANAGE_WRITE_SETTINGS and ACTION_MANAGE_OVERLAY_PERMISSION. Added public API (with javadocs) for apps to query whether they can draw overlays or not, and also javadocs description on how to use that check. Change-Id: I7b651fe8af836c2074defdbd6acfec3f32acdbe9 /frameworks/base/core/java/android/app/AppOpsManager.java
24b9c8314bf67637daf0d3b28440e0d5f08502c2	20-Jul-2015	Billy Lau <billylau@google.com>	Bug: 22598083 Document how apps can detect WRITE_SETTINGS or SYSTEM_ALERT_WINDOW through AppOps Expose OP_STR strings that describes the ops for WRITE_SETTINGS and SYSTEM_ALERT_WINDOW permissions such that apps can query AppOpsManager whether this capability is turned on or off by the user. Change-Id: I0e7a6f39e02389290232e450624b40ffb255abfb /frameworks/base/core/java/android/app/AppOpsManager.java
008409a2ea1feed095d53ce51429e4fed964c50c	16-Jul-2015	Billy Lau <billylau@google.com>	Merge "Bug: 21589105 Rescoping SYSTEM_ALERT_WINDOW..." into mnc-dev
060275ffc7fbfc72b19871f7dd7aefb61a81a1fc	15-Jul-2015	Billy Lau <billylau@google.com>	Bug: 21589105 Rescoping SYSTEM_ALERT_WINDOW... AppOpsManager: Changed the default mode for SYSTEM_ALERT_WINDOW to MODE_DEFAULT instead of MODE_ALLOWED. Otherwise, an app that did not declare for this permission will actually be allowed to perform OP_SYSTEM_ALERT_WINDOW, which is undesirable. This change also allows callers to make their own decision based on the current policy (M vs pre-M apps). policy/PhoneWindowManager: Added additional checks that will handle MODE_DEFAULT - this happens when an app is newly installed but not yet configured. wm/WindowManagerService: Enriched some checks to include the treatment of MODE_DEFAULT - this will allow pre-M apps uninterupted capability to draw on top of other apps. Change-Id: I8de77730e158c97587427820cfba721bd5607bea /frameworks/base/core/java/android/app/AppOpsManager.java
280a64e793d081847c5dcea23ed9be38aa5332d2	13-Jul-2015	Dianne Hackborn <hackbod@google.com>	Improve tracking of screen on reasons. - New screen on app op to record the last time each app has caused the screen to be turned on. - New battery stats event that tells us the reason the screen has been asked to turn on. - Propagate out power manager API to specify the reason a caller is asking to have the screen turned on. Note that currently the window flag to turn the screen on bypasses much of this because it is being handled in the window manager by just directly telling the power manager to turn the screen on. To make this better we need a new API where it can specify who it is calling the API for. Change-Id: I667e56cb1f80508d054da004db667efbcc22e971 /frameworks/base/core/java/android/app/AppOpsManager.java
99b6043dad9d215cf15810b885b6b8c215dd5b5a	27-Jun-2015	Svet Ganov <svetoslavganov@google.com>	Teach receivers, activities, providers, and services app ops. Perform app op check in addition to the permisison check for all four paltform components - activities, content providers, broadcast receivers, services - if they are guarded by a permssion that has an associated app op. This ensures that legacy apps will behave correctly if the permission of the caller has been revoked, i.e. the app op for that permission was disabled. bug:22199666 Change-Id: Ia22d1c38d58b3cd6aabdc655cb7c7bddd85da7a2 /frameworks/base/core/java/android/app/AppOpsManager.java
921c7dfc80e6872014e7d6a033f148a4c2a5f87f	30-Jun-2015	Svet Ganov <svetoslavganov@google.com>	Add read/write external storage app ops bug:22104418 Change-Id: Ic9088f95bc02622c1163c1393e44382df6597707 /frameworks/base/core/java/android/app/AppOpsManager.java
715cf2ac0bcd44720096cc91709b690b4828f0df	14-Jun-2015	Svet Ganov <svetoslavganov@google.com>	Make AppOpsManager#permissionToOp API public We need this API to implement permission checker API in the support lib that takes into account both app ops and permissions. bug:21277214 Change-Id: I684fc002bb71ec5e1cd2994098faa0d2036297ac /frameworks/base/core/java/android/app/AppOpsManager.java
f7e9cf4fb48ea80cbc5088204ac3f898109623f7	13-May-2015	Svet Ganov <svetoslavganov@google.com>	Access mock location is no longer a runtime permission - framework The access mock location is no longer a runtime permission. It is a signature protected one that apps cannot get but the fact they request it means they want to inject location into the system. Now the user gets to choose the current mock location app in developer options from the apps that request the mock location permission. The access to mock location is no longer guarded by the permisson but from a new app op which is off by default and the settiings UI sets it to enabled only for the currently selected mock location app. bug:21078873 Change-Id: I19e3f9dc7c7de82eab46b30fec1abfbca54a0e59 /frameworks/base/core/java/android/app/AppOpsManager.java
b501330a1b6ef14ff512a5727f7a01bc423d6fbb	18-Apr-2015	Fyodor Kupolov <fkupolov@google.com>	Disable multi-user background recording On user switch, kill existing processes of the background user with android.permission.RECORD_AUDIO permission. Home activity should not be killed to avoid an expensive restart of the home launcher, when the user switches back. Introduced DISALLOW_RECORD_AUDIO user restriction, which is enabled for the background user, and removed for the foreground user. Introduced a concept of system controlled user restriction, which can only be set by the system, rather than device administrator. Bug: 20346194 Change-Id: Ic942fd565e80d14424230dae612965a8e229c4ef /frameworks/base/core/java/android/app/AppOpsManager.java
4a64b19f239b6bff82a032329ce5781681843044	05-May-2015	Svet Ganov <svetoslavganov@google.com>	Merge "Permission UI - legacy apps support" into mnc-dev
019d2304998f3ed77c0a608df6cf4bea1138f8dc	04-May-2015	Svet Ganov <svetoslavganov@google.com>	Permission UI - legacy apps support Change-Id: Id3f98c138422d33868363d587dd196898b42a0d4 /frameworks/base/core/java/android/app/AppOpsManager.java
ede431678e5f6ccf9d038479e84ea66da3f821e3	03-May-2015	Svet Ganov <svetoslavganov@google.com>	Add read cell broadcast app op - framework Change-Id: Icecc9d918db55493ada7a0faa6bfcc41d4114bbd /frameworks/base/core/java/android/app/AppOpsManager.java
b9d71a6f89b1183f6389b1774652445a420c6cbf	30-Apr-2015	Svet Ganov <svetoslavganov@google.com>	Add body sensors app op - framework base Change-Id: Idd5cd573fab3405e5b2a6e51d2d9d115650826e9 /frameworks/base/core/java/android/app/AppOpsManager.java
3327f3d6886a96ad70f4e96e4b7c26b9555429b6	30-Apr-2015	Svetoslav <svetoslavganov@google.com>	Merge "Add use fingerprint app op - framework" into mnc-dev
729d0a06eaaa40f5be4d9dc5bd580f525ba8360e	30-Apr-2015	Svetoslav <svetoslavganov@google.com>	Merge "Add process outgoing calls app op - framework" into mnc-dev
c27b3fca8258c3d7c27b42b4f6978d91f09dcb52	30-Apr-2015	Svetoslav <svetoslavganov@google.com>	Merge "Add SIP app op - framework." into mnc-dev
6e8f67c444d45fc71483a98e101b6e4d041c51a6	30-Apr-2015	Svet Ganov <svetoslavganov@google.com>	Add permission to ap op mappings for all runtime permissions. Change-Id: I1b41fac9405352f135b3d0137cc924ce51388e1e /frameworks/base/core/java/android/app/AppOpsManager.java
4af76a51d5082c740609563e07cf35f30bc2224e	30-Apr-2015	Svetoslav <svetoslavganov@google.com>	Add use fingerprint app op - framework Change-Id: Ibbd1c70e1fc771b804a8b0099d29d4fbd8360966 /frameworks/base/core/java/android/app/AppOpsManager.java
c656e6fba6c804b26a4453698808b3029c670244	29-Apr-2015	Svetoslav <svetoslavganov@google.com>	Add process outgoing calls app op - framework Change-Id: If662b47372a1ddb6ff60ccdbd910192577abc924 /frameworks/base/core/java/android/app/AppOpsManager.java
5335b6793cb8cb57c6b034c57bac23ebc599179d	29-Apr-2015	Svetoslav <svetoslavganov@google.com>	Add SIP app op - framework. Change-Id: Iac552a12e0ed5d1cf585179430c468d8603b6c01 /frameworks/base/core/java/android/app/AppOpsManager.java
fbf01f77969c1b46d1ffb517a142381c9a914eb8	29-Apr-2015	Svet Ganov <svetoslavganov@google.com>	Add API to get app op for a permission Change-Id: Id75d8fca6654c694fb78d1b4a3564b01e90a4e78 /frameworks/base/core/java/android/app/AppOpsManager.java
c3300090f5967daa31878edd41fdbd35b37e2bda	17-Apr-2015	Svet Ganov <svetoslavganov@google.com>	Add OP_ADD_VOICEMAIL app op - framework Change-Id: Id21063b93958c9e372dcbaac8ff9f4fa8b5f0cb3 /frameworks/base/core/java/android/app/AppOpsManager.java
6c589570c44752d96f35620de271ccae7d32502d	17-Apr-2015	Svetoslav <svetoslavganov@google.com>	Remove unnecessary WRITE_SMS permission - framework Currently only one app can write to the SMS provider and it has to be set as the default SMS app by the user in the UI. The default SMS app is set by enabling the write SMS app op for it and keeping this op off for other SMS apps. Hence, this permission does not guard anything and can be taken out. The API change is fine as if an app refers to the permission in the manifest as string it will be ignored and if it was referred in Java the value is statically compiled in the source. Change-Id: I1128c3b034e6c7dda4baa051500ac1ef46a53575 /frameworks/base/core/java/android/app/AppOpsManager.java
16a16899505ec0a9ede5b76650bfb8817b3227c7	16-Apr-2015	Svet Ganov <svetoslavganov@google.com>	Add OP_READ_PHONE_STATE app op - framework The READ_PHONE_STATE permission protects PII information and is in the Phone group. This change is adding the corrseponding app op for gating access to the API guarded by READ_POHNE state which will be used instead as an access control for legacy apps. Change-Id: I2ff895a5a0e529f26ec0ad706266a30d829268ba /frameworks/base/core/java/android/app/AppOpsManager.java
d59a5d59df920d743723521a2afed9de1da3373b	04-Apr-2015	Dianne Hackborn <hackbod@google.com>	Various fixes and improvements... Issue #19912529: VI: VoiceInteractor callback ClassCastException Fix to use correct argument. Issue #19912636: VI: Documentation for VoiceInteractionSession.onBackPressed Added documentation. Issue #19912703: VI: VoiceInteractionSession NPE on Abort Request Maybe fix this -- don't crash if there is no active session. Issue #19953731: VI: Add value index to... ...android.app.VoiceInteractor.PickOptionRequest.Option There is now an optional index integer that can be associated with every Option object. Issue #19912635: VI: Behavior of startActivity when in voice... ...interaction is unexpected We now forcibly finish the current voice interaction task whenever another activity takes focus from it. Issue #20066569: Add API to request heap dumps New ActivityManager API to set the pss limit to generate heap dumps. Also added app ops for assist receiving structure and screenshot data, so that we can track when it does these things. Change-Id: I688d4ff8f0bd0b8b9e3390a32375b4bb7875c1a1 /frameworks/base/core/java/android/app/AppOpsManager.java
f3ece36535d4999cf2bfd2175a33da6c3cdf298e	11-Feb-2015	Benjamin Franz <bfranz@google.com>	Block setting wallpapers from managed profiles. Silently fail when a managed profile app tries to change the wallpaper and return default values for getters in that case. This is implemented through a new AppOp that is controlled by a new user restriction that will be set during provisioning. Bug: 18725052 Change-Id: I1601852617e738be86560f054daf3435dd9f5a9f /frameworks/base/core/java/android/app/AppOpsManager.java
7b7c58b3842d47c4c8df4876e2e2248c58477d97	03-Dec-2014	Dianne Hackborn <hackbod@google.com>	Work on issue #18572506: AppOps in-memory state is invalid after... ...uninstalling updates to a system app Things seem to be working fine, however we were not as aggressive at writing out the current state in this case as we probably should be. Also introduce more features to the appops command, which are useful for testing this. Change-Id: I177a9cc0e16e98b76fee0d052d742e06842bb3f9 /frameworks/base/core/java/android/app/AppOpsManager.java
5064e7c70c54000abc0b37fda9caa8d71407f2f4	02-Sep-2014	Dianne Hackborn <hackbod@google.com>	Add public constant for usage stats app op. Change-Id: Ibc031b50e9fa4f1bd0955e0afd98e8b1bd77b905 /frameworks/base/core/java/android/app/AppOpsManager.java
05542603dd4f1e0ea47a3dca01de3999a9a329a9	11-Aug-2014	Jeff Davidson <jpd@google.com>	Less intrusive VPN dialog and other UX tweaks. -The ability to launch VPNs is now sticky; once approved by the user, further approvals are not needed UNLESS the connection is revoked in Quick Settings. -The old persistent notification has been removed in favor of the new Quick Settings UI. -The name of the VPN app is now pulled from the label of the VPN service rather than the app itself, if one is set. Bug: 12878887 Bug: 16578022 Change-Id: I102a14c05db26ee3aef030cda971e5165f078a91 /frameworks/base/core/java/android/app/AppOpsManager.java
b5cf61be7c82392a6f34f53d97c8382d9a0f0b3a	19-Aug-2014	Adam Lesinski <adamlesinski@google.com>	Add Shell command to set AppOps permissions Change-Id: I6446543b27f0d2d2e69590a2807e713c6d5ccbbc /frameworks/base/core/java/android/app/AppOpsManager.java
15f83c6f64e26a74acf9b75ce41d39870d5a5b7a	13-Aug-2014	Yorke Lee <yorkelee@google.com>	Disable call log for users with DISALLOW_OUTGOING_CALLS restriction Bug: 16217514 Change-Id: Iacd5699d0a540ca0e5a678662379bf8c611f7462 /frameworks/base/core/java/android/app/AppOpsManager.java
41c1ded7f042a4cf303479550b38fa66d7a18906	05-Aug-2014	Amith Yamasani <yamasani@google.com>	Allow phone UID to export singleton providers Also add a user variant of replacePreferredActivity for use by SmsApplication. Map user restrictions for SMS/MMS to AppOps perms. Bug: 16681533 Change-Id: I3dfed5fc754e33bb51c6f571851653a7c2770e46 /frameworks/base/core/java/android/app/AppOpsManager.java
33f5ddd1bea21296938f2cba196f95d223aa247c	22-Jul-2014	Dianne Hackborn <hackbod@google.com>	Add permissions associated with app ops. Change-Id: I575ad7a3ceea59486ca601f69760b14f6269511d /frameworks/base/core/java/android/app/AppOpsManager.java
7b41467704f941b11af6aace3e40993afc7f6c6f	18-Jul-2014	John Spurlock <jspurlock@google.com>	Zen mode filtering should use new usage constants. Refactor stream-based calls to usage-based calls. Bug:15279516 Change-Id: I3f7757d8123c14670e2ad5f8e6aa4e9803efe7ec /frameworks/base/core/java/android/app/AppOpsManager.java
c39d47a8e7c74bd539104b0efab898ef6fc43ddf	09-Jul-2014	Michael Wright <michaelwr@google.com>	Add MediaProjection APIs. The new MediaProjection infrastructure allows the system to hand out tokens granting the ability to capture the screen's contents, audio, etc. at a granular level. It's intended to be used both for screen casting, via the cast APIs, as well as screen sharing via third party applications. The screen sharing case is implemented, but all of audio capturing is still forthcoming. Change-Id: I4b24669bed7083e11413c10ed8d6b025f5375316 /frameworks/base/core/java/android/app/AppOpsManager.java
9854d5764887351a703568192a2ce7227cae03b5	02-Jul-2014	Julia Reynolds <juliacr@google.com>	Map location-based op codes to UserManager.DISALLOW_SHARE_LOCATION. Bug: 15928422 Change-Id: I9c59599d3bd2026277dcb382c92d23deec950d40 /frameworks/base/core/java/android/app/AppOpsManager.java
1c7c319bb89b9988bfd12afc3e8d89449fd163fc	26-Jun-2014	Jason Monk <jmonk@google.com>	User restriction for disallowing window creation Block any types of windows that could by used by apps to create views on top of a locked app. This can be used by device admins in conjunction with lock task mode. Added a way for system (and priv apps) to bypass user restrictions for specified op codes. Bug: 15279535 Change-Id: I2381530ef6226a5bb32a99bb4030baafb39bf564 /frameworks/base/core/java/android/app/AppOpsManager.java
22c921a910d236abf3a1705a02541a49fdaf3a14	28-May-2014	Emily Bernier <ember@google.com>	Add an app ops code for microphone muting. When OP_AUDIO_MICROPHONE (linked to the DISALLOW_UNMUTE_MICROPHONE user restriction) is set, the system blocks calls to setMicrophoneMute. Bug: 13585692 Change-Id: Ib32138bcc256cfbac4fe21a090d5ba34f5c641fc /frameworks/base/core/java/android/app/AppOpsManager.java
45775c4f93ccac604dcd5b027c8201872bbd0d46	16-May-2014	Emily Bernier <ember@google.com>	Connect user audio restrictions to app ops. Setting DISALLOW_ADJUST_VOLUME sets the relevant app ops as well, blocking calls in AudioService. Change-Id: I256b294465fc2e8b93cb0389b21299eacf0efb95 /frameworks/base/core/java/android/app/AppOpsManager.java
62062996dd256df8b575b2ba1f0bf97109c4e0ba	06-May-2014	Jason Monk <jmonk@google.com>	Notify AppOpsService of UserRestrictions and Owners This makes the DevicePolicyManagerService and UserManagerService push the DeviceOwner/ProfileOwners and user restrictions on boot as well as on any change. This also adds a list of restrictions that allow any op to connected with a user restriction such that it will return MODE_IGNORED when the user restriction is present (except for the device/profile owner). Change-Id: Id8a9591d8f04fe5ecebd95750d9010afc0cd786c /frameworks/base/core/java/android/app/AppOpsManager.java
e22b3b143240f0f18e3d6d3c06686ad3c23b131b	08-May-2014	Dianne Hackborn <hackbod@google.com>	Usage stats! Start reworking the usage stats service to be able to have an API we can publish. The basic information it keeps is still the same, though that will be changing in the future. The one big addition here is that we are also now collecting configuration usage stats. Also introduce the start of an access model for usage stats, using app ops. There is an new app op that gives an application access to usage stats even if it normally wouldn't have it, disabled by default. Change-Id: I6ead28e18a7f08eafd057d6ff37dd9cb216358f4 /frameworks/base/core/java/android/app/AppOpsManager.java
1af30c7ac480e5d335f267a3ac3b2e6c748ce240	10-Mar-2014	John Spurlock <jspurlock@google.com>	Add stream-level suppression to vibrate/audio services. - Add new audio restriction layer to app-ops. Restrictions add additional constraints to audio operations at a stream-level. Restrictions do not affect the persistable state, and are purely additive: that is, they can only impose additional contstraints, not enable something that has already been disabled. Restrictions also support a whitelisted set of exempt package names. - Add new audio stream-level checks to app-ops. - Implement a provisional OP_PLAY_AUDIO suppression to three java entry points MediaPlayer, AudioTrack, & SoundPool. - Enhance vibrator api to take stream information as an optional hint - the constants correspond to AudioManager stream types. OP_VIBRATE now supports the stream-level restriction check. - Simplify Vibrator subclasses by adding default implementations for two .vibrate calls. - Migrate NoMan's zen-mode control to use the new app-ops stream-level restriction mechanism. Change-Id: Ifae8952647202f728cf1c73e881452660c704678 /frameworks/base/core/java/android/app/AppOpsManager.java
75985bbe2f04519cc663db7ad54e8e69f3eabfc0	14-Mar-2014	John Spurlock <jspurlock@google.com>	am 62826f55: am f6228d95: Merge "Fix doc typos in AppOpsManager.java" into klp-docs * commit '62826f55be4415684b4e321469298ba43d598bbb': Fix doc typos in AppOpsManager.java
925b85eae8ee605ef33bb8cca1018e474cef402a	10-Mar-2014	John Spurlock <jspurlock@google.com>	Fix doc typos in AppOpsManager.java Change-Id: I3c930a2afce48c57570681a95595149df5158053 /frameworks/base/core/java/android/app/AppOpsManager.java
fa06d03edf7b40f62615c58233dbdf135bac11df	08-Oct-2013	Nick Kralevich <nnk@google.com>	am 0b8fd029: am a299862d: Merge "Fix App Ops permission mapping structure." * commit '0b8fd029c052784d4adee940eaa904a339db6716': Fix App Ops permission mapping structure.
0b8fd029c052784d4adee940eaa904a339db6716	08-Oct-2013	Nick Kralevich <nnk@google.com>	am a299862d: Merge "Fix App Ops permission mapping structure." * commit 'a299862dd2d46fda54678df07db66bef1a63bb9b': Fix App Ops permission mapping structure.
f97616c7baf989919a44c04a4bf3852f1b32ce06	07-Oct-2013	Robert Craig <rpcraig@tycho.ncsc.mil>	Fix App Ops permission mapping structure. The entry to map the post notification op to a permission is at the wrong offset within the sOpPerms array. This patch fixes the issue. Change-Id: Ia241d274e484b6a24edbfb17b87bb887b61f1ee1 Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> /frameworks/base/core/java/android/app/AppOpsManager.java
e4cb66fd77084b2642e519bb7f4c27ae7ef95939	02-Oct-2013	Dianne Hackborn <hackbod@google.com>	Fix issue #11044267: AppOpsManager.startWatchingMode should take a String Change-Id: I193a738f2e4ef147c22fb46cfa34ec14ad95d192 /frameworks/base/core/java/android/app/AppOpsManager.java
8828d3a153e28fe631edcd5145e6cc706e0b34c8	26-Sep-2013	Dianne Hackborn <hackbod@google.com>	Fix issue #10919261: Don't clear OP_WRITE_SMS when resetting app prefs Add a new array indicating whether each op allows itself to be reset, and use it. Change-Id: I494f630bda170e061196a380563512e9e77b51a8 /frameworks/base/core/java/android/app/AppOpsManager.java
9bb0ee9131b0fa8cf2720f200575ba2ede48a65c	22-Sep-2013	Dianne Hackborn <hackbod@google.com>	Issue #10461551: KLP API Review: AppOpsManager Changed public constants from integers to strings. Internally everything is still integers, since we want that more efficient representation for most things. Changed the Callback interface to OnOpChangedListener. We also have a private versin that again takes an int, and tricks to make both work. Reworked the class documentation to be appropriate to the SDK (as much as it can be); most of the existing documentation is moved to the private implementation. Also added documentation of the MODE constants. Change-Id: I4f7e73cc99fe66beff9194e960e072e2aa9458f8 /frameworks/base/core/java/android/app/AppOpsManager.java
f5d831915dd11e77cdcf5669228c55fe17a21c5e	16-Sep-2013	David Braun <dabraun@google.com>	Implement new method for handling SMS/MMS on the platform Multi project change: The changes in this project add the new (hidden) default sms application setting to Settings.Secure and updates AppOps to support the concept of an op defaulting to something other than allowed. OP_WRITE_SMS is set to default to MODE_IGNORED. Bug: 10449618 Change-Id: I37619784ac70c27cf9fbcbfcac1b263398bc4e01 /frameworks/base/core/java/android/app/AppOpsManager.java
95d785346b4dae808a2d8f77356175e55a572d96	11-Sep-2013	Dianne Hackborn <hackbod@google.com>	Fix issue #10688644: Java crash in com.android.phone: java.lang.SecurityException: Operation not allowed There was a situation I wasn't taking into account -- components declared by the system has a special ability to run in the processes of other uids. This means that if that code loaded into another process tries to do anything needing an app op verification, it will fail, because it will say it is calling as the system package name but it is not actually coming from the system uid. To fix this, we add a new Context.getOpPackageName() to go along-side getBasePackageName(). This is a special call for use by all app ops verification, which will be initialized with either the base package name, the actual package name, or now the default package name of the process if we are creating a context for system code being loaded into a non-system process. I had to update all of the code doing app ops checks to switch to this method to get the calling package name. Also improve the security exception throw to have a more descriptive error message. Change-Id: Ic04f77b3938585b02fccabbc12d2f0dc62b9ef25 /frameworks/base/core/java/android/app/AppOpsManager.java
b776122a8aa9fd082fa8aaa216c8a589d709c4c9	10-Sep-2013	David Braun <dabraun@google.com>	Merge "Factor out read/write SMS settings seperate from send/receive." into klp-dev
18966a8dd8dfae553eaaafa87a656af3b7518fc6	10-Sep-2013	David Braun <dabraun@google.com>	Factor out read/write SMS settings seperate from send/receive. Change-Id: I161782b1508be433c910ec13c0b18e728bf7d2ba /frameworks/base/core/java/android/app/AppOpsManager.java
911d7f411f36f2279aae44c89ff1d33a29140046	06-Sep-2013	Jeff Sharkey <jsharkey@android.com>	Provide calling package to ContentProviders. The calling package is important for ContentProviders that want to grant Uri permissions as a side effect of operations, so offer it through a new API. Validates the provided package against the calling UID before returning. Bug: 10626527 Change-Id: I7277880eebbd48444c024bcf5f69199133cd59e4 /frameworks/base/core/java/android/app/AppOpsManager.java
0770f9ef66f6e0d8724c972fbdce81aae6de2ca1	03-Aug-2013	Dianne Hackborn <hackbod@google.com>	resolved conflicts for merge of c8911ddd to master Change-Id: I790b547268a23848577199256fc5abc9bdb7abb8
607b414d0444067e166fa54d8ea37563f2715ea3	03-Aug-2013	Dianne Hackborn <hackbod@google.com>	Add new app ops method to reset all op modes. Change-Id: I5ee6764de8dc31d812e5a788914ab0099bbef4c0 /frameworks/base/core/java/android/app/AppOpsManager.java
0b8374501975aecd7a628336e2f7e53c272ebeea	30-Jul-2013	David Christie <dnchrist@google.com>	Add new app op to monitor high power location requests. This is a new op parallel to the existing OP_MONITOR_LOCATION but only tracks those requests deemed to be above a power threshold. Change-Id: I76fe4d9d2e550293b9da6d5cf902a5b4dd499f0f /frameworks/base/core/java/android/app/AppOpsManager.java
e98f5dbe6b6f9f2cb6a73ee750faacda2596b34f	18-Jul-2013	Dianne Hackborn <hackbod@google.com>	Make it safe to use start/stop app ops outside of system proc We now keep track of all of the active start operations per non-system process, so they can be cleaned up if the process goes away. Change-Id: I9d05f1e0281c47dbe1213de014f0491f1359685c /frameworks/base/core/java/android/app/AppOpsManager.java
3e82ba1a67b0c756ab6a289985f4cfc53725b311	16-Jul-2013	Dianne Hackborn <hackbod@google.com>	Make ArrayMap public! :) Also do some tweaking of the various container classes to synchronize them with the support lib and make it easier to copy code between the two. And update activity/fragment to use ArrayMap. Change-Id: I3cfe82392a17119dfc72c3d9961f64e1914f42be /frameworks/base/core/java/android/app/AppOpsManager.java
1304f4ae32cf7121fe11e95f2a7151ea208b6cca	10-Jul-2013	Dianne Hackborn <hackbod@google.com>	Add new location monitoring op, make some of app ops public. The new location monitoring op is to tell us when an application is monitoring for any location changes. It may be useful information in addition to the more explicitly information about when location data actually goes to the app. Also make parts of AppOpsManager public for use by gcore. It is not available to third party apps. Change-Id: Ib639f704258ffdd7f3acd7567350ed2539da628a /frameworks/base/core/java/android/app/AppOpsManager.java
713df150b92a0a5eea877f99405e31eefbf93a09	17-May-2013	Dianne Hackborn <hackbod@google.com>	Add app ops for wake locks. Currently only supports auditing, not disabling. Change-Id: Ie85f02c29b490d96e073f54d59e165d48c7c00c9 /frameworks/base/core/java/android/app/AppOpsManager.java
ba50b97cff80e73620a0e3d13cae169e095974a7	01-May-2013	Dianne Hackborn <hackbod@google.com>	Add new app ops for various interesting audio service things. Media buttons: note when an application tries to take ownership of the media buttons. Audio focus: note when an application tries to take audio focus. Volume levels: note changes to the volume level of the various streams. Maybe we should also have some ops for muting streams, soloing streams, etc? Change-Id: I79a5d477b0bad4ff61486cdb73ffb1196a674964 /frameworks/base/core/java/android/app/AppOpsManager.java
efcc1a23a1f731390ef8506b3536b9562d18ed78	26-Feb-2013	Dianne Hackborn <hackbod@google.com>	App ops: adding operations for reading/writing clipboard. Change-Id: Ic4cade153618fe86954754a3b3edde64a52a0a9c /frameworks/base/core/java/android/app/AppOpsManager.java
d7d28e675ea7aac151c0c302d233b476537af946	12-Feb-2013	Dianne Hackborn <hackbod@google.com>	App ops: media ops, set up to be callable from native code. This is to help implementation of bug #8181262 and maybe bug #8181261 Adds some definition for media ops (though nothing is yet using them), and re-arranges things a bit so we can implement native calling in to the app ops service. Also add some java docs. Change-Id: I637959745db820e676f23a35a5d2224f51bc6689 /frameworks/base/core/java/android/app/AppOpsManager.java
fde19b106b2b77bc3540b04445357870caf878b5	17-Jan-2013	Daniel Sandler <dsandler@android.com>	New API to request a list of current notifications. The ACCESS_NOTIFICATIONS permission is signature\|system only. Change-Id: I41338230aee9611117cbdac251c1b6b6c3cebf00 /frameworks/base/core/java/android/app/AppOpsManager.java
c2293025a25e04b26bf53713d71f85fd9ca5e8e9	07-Feb-2013	Dianne Hackborn <hackbod@google.com>	App ops: track system windows, monitoring changes. Change-Id: I273e82bdad66ada3bf0f7ec9176bc304b9ee1ee8 /frameworks/base/core/java/android/app/AppOpsManager.java
961321fe4ed4431a6362d729d9e4ea26bdecde61	06-Feb-2013	Dianne Hackborn <hackbod@google.com>	App ops: add op for writing settings. Also fix a build. And fix a bug that I think was introduced in the multi-user work that removed the permission check for writing to settings...! Change-Id: I5945682faa789ffc78fd3546c0df7d03693f106d /frameworks/base/core/java/android/app/AppOpsManager.java
f51f61269aacdfcf737b2c32b6b216c48ab61e65	05-Feb-2013	Dianne Hackborn <hackbod@google.com>	App ops: new operations for SMS. Implementation required a new framework feature to associate an app op with a broadcast. Change-Id: I4ff41a52f7ad4ee8fd80cbf7b394f04d6c4315b3 /frameworks/base/core/java/android/app/AppOpsManager.java
f265ea9d8307282ff1da3915978625a94fc2859e	01-Feb-2013	Dianne Hackborn <hackbod@google.com>	App ops: vibration, neighboring cells, dialing, etc. Improve handling of vibration op, so that apps are better blamed (there is now a hidden vibrator API that supplies the app to blame, and the system now uses this when vibrating on behalf of an app). Add operation for retrieving neighboring cell information. Add a new op for calling a phone number. This required plumbing information about the launching package name through the activity manager, which required changing the internal startActivity class, which required hitting a ton of code that uses those internal APIs. Change-Id: I3f8015634fdb296558f07fe654fb8d53e5c94d07 /frameworks/base/core/java/android/app/AppOpsManager.java
4a900acdef4559f9f84ca7e2bce45485215fc130	30-Jan-2013	Daniel Sandler <dsandler@android.com>	Migrate package notification restrictions to AppOps. Change-Id: I23064ce3014d2446d009bbdff92b301280e8b989 /frameworks/base/core/java/android/app/AppOpsManager.java
5e45ee6752528791deb66b83d76250685de15d47	25-Jan-2013	Dianne Hackborn <hackbod@google.com>	App ops: you can now turn off operations. Also add new ops for calendar and wi-fi scans, finish implementing rejection of content provider calls, fix issues with rejecting location calls, fix bug in the new pm call to retrieve apps with permissions. Change-Id: I29d9f8600bfbbf6561abf6d491907e2bbf6af417 /frameworks/base/core/java/android/app/AppOpsManager.java
72e3983d38f656cfa8c7a038eb80bdd9ea06768e	19-Jan-2013	Dianne Hackborn <hackbod@google.com>	New API to get app op information about a single package. Change-Id: I986453d9bb4161da467fb820b12502464e936483 /frameworks/base/core/java/android/app/AppOpsManager.java
d8e1dbb6bc1fbaf4f2e38c3ba92ced94270deaac	18-Jan-2013	Dianne Hackborn <hackbod@google.com>	Rework ParceledListSlice to be much easier to use. Take advantage of this to return better information about packages filtered by permissions -- include the permissions they have in the requested array. Also fix issue #8026793 (Contact picture shows default pic while searching for a contact in qsb) by using the base package name of the Context when reporting the app name of an operation. Otherwise you could make a resource-only context for another application and do calls through that and get reported as the wrong app. Change-Id: I5e0488bf773acea5a3d22f245641828e1a106fb8 /frameworks/base/core/java/android/app/AppOpsManager.java
35654b61e8fe7bc85afcb076ddbb590d51c5865f	15-Jan-2013	Dianne Hackborn <hackbod@google.com>	More work on App Ops service. Implemented reading and writing state to retain information across boots, API to retrieve state from it, improved location manager interaction to monitor both coarse and fine access and only note operations when location data is being delivered back to app (not when it is just registering to get the data at some time in the future). Also implement tracking of read/write ops on contacts and the call log. This involved tweaking the content provider protocol to pass over the name of the calling package, and some infrastructure in the ContentProvider transport to note incoming calls with the app ops service. The contacts provider and call log provider turn this on for themselves. This also implements some of the mechanics of being able to ignore incoming provider calls... all that is left are some new APIs for the real content provider implementation to be involved with providing the correct behavior for query() (return an empty cursor with the right columns) and insert() (need to figure out what URI to return). Change-Id: I36ebbcd63dee58264a480f3d3786891ca7cbdb4c /frameworks/base/core/java/android/app/AppOpsManager.java
a06de0f29b58df9246779cc4bfd8f06f7205ddb6	12-Dec-2012	Dianne Hackborn <hackbod@google.com>	New "app ops" service. Initial implementation, tracking use of the vibrator, GPS, and location reports. Also includes an update to battery stats to also keep track of vibrator usage (since I had to be in the vibrator code anyway to instrument it). The service itself is only half-done. Currently no API to retrieve the data (which once there will allow us to show you which apps are currently causing the GPS to run and who has recently accessed your location), it doesn't persist its data like it should, and no way to tell it to reject app requests for various operations. But hey, it's a start! Change-Id: I05b8d76cc4a4f7f37bc758c1701f51f9e0550e15 /frameworks/base/core/java/android/app/AppOpsManager.java