DivestOS/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P2.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: MSe <mse1969@posteo.de>
Date: Wed, 25 Apr 2018 23:07:47 +0200
Subject: [PATCH] AppOpsService: Default mode 'allowed' for systemUID and
 platform signed

To avoid severe issues when setting selected Ops to 'ASK', the default
mode for systemui, apps with uid 1000 (system) and apps signed with the
platform key will always get the 'allowed' mode as default.

Change-Id: I71d9618d5b900241b99c060d43bc4270da05305b
---
 .../com/android/server/AppOpsService.java     | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
index a9e350570508..de31ba177ca2 100644
--- a/services/core/java/com/android/server/AppOpsService.java
+++ b/services/core/java/com/android/server/AppOpsService.java
@@ -2576,6 +2576,26 @@ public class AppOpsService extends IAppOpsService.Stub {
     }
 
     private int getDefaultMode(int code, int uid, String packageName) {
+        // To allow setting 'MODE_ASK' for own Ops, some precautions to
+        // avoid privileged apps to trigger the toggle are needed:
+        
+        // 1st check: Skip uid 1000 and systemui
+        if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) {
+            return AppOpsManager.MODE_ALLOWED;
+        }
+        // 2nd check: Skip apps signed with platform key, except for the 'root' Op
+        if (code != AppOpsManager.OP_SU) {
+            try {
+                int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);        
+                if (match >= PackageManager.SIGNATURE_MATCH) {
+                    return AppOpsManager.MODE_ALLOWED;
+                }
+            } catch (RemoteException re) {            
+                Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);
+            }
+        }
+        // end
+        
         int mode = AppOpsManager.opToDefaultMode(code,
                 isStrict(code, uid, packageName));
         if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
-- 
2.31.1
Refresh most branch specific patches Fixed up: LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch Must review again: LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch Signed-off-by: Tad <tad@spotco.us> 2021-10-16 14:05:45 -04:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
Permission for sensors access patches from @MSe1969 Signed-off-by: Tad <tad@spotco.us> 2021-09-24 22:49:45 -04:00			`From: MSe <mse1969@posteo.de>`
			`Date: Wed, 25 Apr 2018 23:07:47 +0200`
Refresh most branch specific patches Fixed up: LineageOS-16.0/android_packages_apps_Backgrounds/308977.patch LineageOS-16.0/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch LineageOS-17.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch LineageOS-18.1/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch Must review again: LineageOS-14.1/android_packages_apps_PackageInstaller/64d8b44.patch Signed-off-by: Tad <tad@spotco.us> 2021-10-16 14:05:45 -04:00			`Subject: [PATCH] AppOpsService: Default mode 'allowed' for systemUID and`
Permission for sensors access patches from @MSe1969 Signed-off-by: Tad <tad@spotco.us> 2021-09-24 22:49:45 -04:00			`platform signed`

			`To avoid severe issues when setting selected Ops to 'ASK', the default`
			`mode for systemui, apps with uid 1000 (system) and apps signed with the`
			`platform key will always get the 'allowed' mode as default.`

			`Change-Id: I71d9618d5b900241b99c060d43bc4270da05305b`
			`---`
			`.../com/android/server/AppOpsService.java \| 20 +++++++++++++++++++`
			`1 file changed, 20 insertions(+)`

			`diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java`
			`index a9e350570508..de31ba177ca2 100644`
			`--- a/services/core/java/com/android/server/AppOpsService.java`
			`+++ b/services/core/java/com/android/server/AppOpsService.java`
			`@@ -2576,6 +2576,26 @@ public class AppOpsService extends IAppOpsService.Stub {`
			`}`

			`private int getDefaultMode(int code, int uid, String packageName) {`
			`+ // To allow setting 'MODE_ASK' for own Ops, some precautions to`
			`+ // avoid privileged apps to trigger the toggle are needed:`
			`+`
			`+ // 1st check: Skip uid 1000 and systemui`
			`+ if (uid == android.os.Process.SYSTEM_UID \|\| "com.android.systemui".equals(packageName)) {`
			`+ return AppOpsManager.MODE_ALLOWED;`
			`+ }`
			`+ // 2nd check: Skip apps signed with platform key, except for the 'root' Op`
			`+ if (code != AppOpsManager.OP_SU) {`
			`+ try {`
			`+ int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);`
			`+ if (match >= PackageManager.SIGNATURE_MATCH) {`
			`+ return AppOpsManager.MODE_ALLOWED;`
			`+ }`
			`+ } catch (RemoteException re) {`
			`+ Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);`
			`+ }`
			`+ }`
			`+ // end`
			`+`
			`int mode = AppOpsManager.opToDefaultMode(code,`
			`isStrict(code, uid, packageName));`
			`if (AppOpsManager.isStrictOp(code) && mPolicy != null) {`
			`--`
			`2.31.1`