DivestOS/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P2.patch

50 lines
2.1 KiB
Diff
Raw Normal View History

From 7fcc6be5ca1672ca0b48fa6d55224b34d0d0ebea Mon Sep 17 00:00:00 2001
From: MSe <mse1969@posteo.de>
Date: Wed, 25 Apr 2018 23:07:47 +0200
Subject: [PATCH 2/3] AppOpsService: Default mode 'allowed' for systemUID and
platform signed
To avoid severe issues when setting selected Ops to 'ASK', the default
mode for systemui, apps with uid 1000 (system) and apps signed with the
platform key will always get the 'allowed' mode as default.
Change-Id: I71d9618d5b900241b99c060d43bc4270da05305b
---
.../com/android/server/AppOpsService.java | 20 +++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
index a9e350570508..de31ba177ca2 100644
--- a/services/core/java/com/android/server/AppOpsService.java
+++ b/services/core/java/com/android/server/AppOpsService.java
@@ -2576,6 +2576,26 @@ public class AppOpsService extends IAppOpsService.Stub {
}
private int getDefaultMode(int code, int uid, String packageName) {
+ // To allow setting 'MODE_ASK' for own Ops, some precautions to
+ // avoid privileged apps to trigger the toggle are needed:
+
+ // 1st check: Skip uid 1000 and systemui
+ if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) {
+ return AppOpsManager.MODE_ALLOWED;
+ }
+ // 2nd check: Skip apps signed with platform key, except for the 'root' Op
+ if (code != AppOpsManager.OP_SU) {
+ try {
+ int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);
+ if (match >= PackageManager.SIGNATURE_MATCH) {
+ return AppOpsManager.MODE_ALLOWED;
+ }
+ } catch (RemoteException re) {
+ Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);
+ }
+ }
+ // end
+
int mode = AppOpsManager.opToDefaultMode(code,
isStrict(code, uid, packageName));
if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
--
2.31.1