mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-25 23:05:56 -05:00
Fixup the sensors permission patches on 7, 8, and 9.
Switch these patches to MODE_ALLOWED from MODE_ASK to fix breakage of system services. Also remove some code that adds a likely security issue. Will need some extra regression testing. Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
f7295a0f74
commit
621441349e
@ -1,46 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe <mse1969@posteo.de>
|
||||
Date: Wed, 25 Apr 2018 23:07:47 +0200
|
||||
Subject: [PATCH] AppOpsService: Default mode 'allowed' for systemUID and
|
||||
platform signed
|
||||
|
||||
To avoid severe issues when setting selected Ops to 'ASK', the default
|
||||
mode for systemui, apps with uid 1000 (system) and apps signed with the
|
||||
platform key will always get the 'allowed' mode as default.
|
||||
|
||||
Change-Id: I71d9618d5b900241b99c060d43bc4270da05305b
|
||||
---
|
||||
.../com/android/server/AppOpsService.java | 20 +++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
|
||||
index a9e350570508..de31ba177ca2 100644
|
||||
--- a/services/core/java/com/android/server/AppOpsService.java
|
||||
+++ b/services/core/java/com/android/server/AppOpsService.java
|
||||
@@ -2576,6 +2576,26 @@ public class AppOpsService extends IAppOpsService.Stub {
|
||||
}
|
||||
|
||||
private int getDefaultMode(int code, int uid, String packageName) {
|
||||
+ // To allow setting 'MODE_ASK' for own Ops, some precautions to
|
||||
+ // avoid privileged apps to trigger the toggle are needed:
|
||||
+
|
||||
+ // 1st check: Skip uid 1000 and systemui
|
||||
+ if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) {
|
||||
+ return AppOpsManager.MODE_ALLOWED;
|
||||
+ }
|
||||
+ // 2nd check: Skip apps signed with platform key, except for the 'root' Op
|
||||
+ if (code != AppOpsManager.OP_SU) {
|
||||
+ try {
|
||||
+ int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);
|
||||
+ if (match >= PackageManager.SIGNATURE_MATCH) {
|
||||
+ return AppOpsManager.MODE_ALLOWED;
|
||||
+ }
|
||||
+ } catch (RemoteException re) {
|
||||
+ Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);
|
||||
+ }
|
||||
+ }
|
||||
+ // end
|
||||
+
|
||||
int mode = AppOpsManager.opToDefaultMode(code,
|
||||
isStrict(code, uid, packageName));
|
||||
if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
|
@ -1,32 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe <mse1969@posteo.de>
|
||||
Date: Wed, 25 Apr 2018 23:12:20 +0200
|
||||
Subject: [PATCH] AppOps: Default MODE_ASK for OP_MOTION_SENSORS
|
||||
|
||||
Change-Id: I4e8380c21b5c8a9e90c99d52e35d825ef0db6d98
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index a9a00a60f0e5..84b196a2375b 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -977,7 +977,7 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ALLOWED,
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
- AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
@@ -1056,7 +1056,7 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ASK, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
- AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
@ -4,25 +4,20 @@ Date: Sun, 17 Jun 2018 10:49:09 +0200
|
||||
Subject: [PATCH] - AppOps/PrivacyGuard: New Sensor checks [base]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
To avoid severe issues when setting selected Ops to 'ASK', the default
|
||||
mode for systemui, apps with uid 1000 (system) and apps signed with the
|
||||
platform key will always get the 'allowed' mode as default.
|
||||
|
||||
Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 34 +++++++++++++++++--
|
||||
core/java/android/app/AppOpsManager.java | 34 +++++++++++++++++++++---
|
||||
core/res/res/values-de/cm_strings.xml | 2 ++
|
||||
core/res/res/values-fr/cm_strings.xml | 2 ++
|
||||
core/res/res/values/cm_strings.xml | 2 ++
|
||||
core/res/res/values/lineage_arrays.xml | 4 +++
|
||||
.../com/android/server/AppOpsService.java | 20 +++++++++++
|
||||
6 files changed, 61 insertions(+), 3 deletions(-)
|
||||
5 files changed, 41 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index 2db36c8f4e02..d2587f2009df 100644
|
||||
index 2db36c8f4e02..e59869c11e90 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -280,8 +280,12 @@ public class AppOpsManager {
|
||||
@ -112,7 +107,7 @@ index 2db36c8f4e02..d2587f2009df 100644
|
||||
AppOpsManager.MODE_ALLOWED,
|
||||
- AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
@ -121,7 +116,7 @@ index 2db36c8f4e02..d2587f2009df 100644
|
||||
AppOpsManager.MODE_ASK, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
@ -201,34 +196,3 @@ index 65149d2a9e54..5cb3120dbc47 100644
|
||||
</string-array>
|
||||
|
||||
</resources>
|
||||
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
|
||||
index 8dc8272303e3..0a74101de471 100644
|
||||
--- a/services/core/java/com/android/server/AppOpsService.java
|
||||
+++ b/services/core/java/com/android/server/AppOpsService.java
|
||||
@@ -2841,6 +2841,26 @@ public class AppOpsService extends IAppOpsService.Stub {
|
||||
}
|
||||
|
||||
private int getDefaultMode(int code, int uid, String packageName) {
|
||||
+ // To allow setting 'MODE_ASK' for own Ops, some precautions to
|
||||
+ // avoid privileged apps to trigger the toggle are needed:
|
||||
+
|
||||
+ // 1st check: Skip uid 1000 and systemui
|
||||
+ if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) {
|
||||
+ return AppOpsManager.MODE_ALLOWED;
|
||||
+ }
|
||||
+ // 2nd check: Skip apps signed with platform key, except for the 'root' Op
|
||||
+ if (code != AppOpsManager.OP_SU) {
|
||||
+ try {
|
||||
+ int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);
|
||||
+ if (match >= PackageManager.SIGNATURE_MATCH) {
|
||||
+ return AppOpsManager.MODE_ALLOWED;
|
||||
+ }
|
||||
+ } catch (RemoteException re) {
|
||||
+ Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);
|
||||
+ }
|
||||
+ }
|
||||
+ // end
|
||||
+
|
||||
int mode = AppOpsManager.opToDefaultMode(code,
|
||||
isStrict(code, uid, packageName));
|
||||
if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
|
||||
|
@ -4,7 +4,7 @@ Date: Sun, 17 Jun 2018 11:33:33 +0200
|
||||
Subject: [PATCH] - AppOps/PrivacyGuard: New Sensor checks [native]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
This change updated the AppOPs binder for the newly defined Ops,
|
||||
|
@ -4,7 +4,7 @@ Date: Sun, 17 Jun 2018 13:03:27 +0200
|
||||
Subject: [PATCH] - AppOps/PrivacyGuard: New Sensor checks [Settings]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
Add new Sensor template, relocate BODY_SENSORS into it
|
||||
|
@ -4,25 +4,20 @@ Date: Fri, 15 Mar 2019 22:05:36 +0100
|
||||
Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [base]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
To avoid severe issues when setting selected Ops to 'ASK', the default
|
||||
mode for apps with uid 1000 (system) will always get the 'allowed' mode
|
||||
as default, same as com.android.systemui
|
||||
|
||||
Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 35 +++++++++++++++++--
|
||||
core/java/android/app/AppOpsManager.java | 35 ++++++++++++++++++++++--
|
||||
core/res/res/values-de/cm_strings.xml | 2 ++
|
||||
core/res/res/values-fr/cm_strings.xml | 2 ++
|
||||
core/res/res/values/cm_strings.xml | 2 ++
|
||||
core/res/res/values/lineage_arrays.xml | 4 +++
|
||||
.../com/android/server/AppOpsService.java | 19 +++++++++-
|
||||
6 files changed, 61 insertions(+), 3 deletions(-)
|
||||
5 files changed, 43 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index 5b763e50c38f..bd9f9224f325 100644
|
||||
index 5b763e50c38f..fef17859af8c 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -371,8 +371,12 @@ public class AppOpsManager {
|
||||
@ -120,7 +115,7 @@ index 5b763e50c38f..bd9f9224f325 100644
|
||||
AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ALLOWED, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
@ -129,7 +124,7 @@ index 5b763e50c38f..bd9f9224f325 100644
|
||||
AppOpsManager.MODE_ASK, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
@ -209,40 +204,3 @@ index 58567d1c8bd1..11a7d99b8d48 100644
|
||||
</string-array>
|
||||
|
||||
</resources>
|
||||
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
|
||||
index 95ba50246db0..a6cf19f9be8a 100644
|
||||
--- a/services/core/java/com/android/server/AppOpsService.java
|
||||
+++ b/services/core/java/com/android/server/AppOpsService.java
|
||||
@@ -1822,6 +1822,15 @@ public class AppOpsService extends IAppOpsService.Stub {
|
||||
op.rejectTime[uidState.state] = System.currentTimeMillis();
|
||||
op.ignoredCount++;
|
||||
return mode;
|
||||
+ } else if (uid == Process.SYSTEM_UID || packageName == "com.android.systemui") {
|
||||
+ /*
|
||||
+ * To avoid a deadlock situation in case of system/privileged apps having
|
||||
+ * 'MODE_ASK'as default in case of own AppOps (e.g. OP_MOTION_SENSORS),
|
||||
+ * we need to grant always access to such privileged system apps.
|
||||
+ *
|
||||
+ * This 'blind' condition causes the PermissionDialog req not to be
|
||||
+ * initialised, hence the `if (req == null)` condition below applies.
|
||||
+ */
|
||||
} else if (mode == AppOpsManager.MODE_ASK) {
|
||||
if (Looper.myLooper() == mLooper || Thread.holdsLock(mActivityManagerService)) {
|
||||
Slog.e(TAG, "noteOperation: this method will deadlock if called" +
|
||||
@@ -2000,7 +2009,15 @@ public class AppOpsService extends IAppOpsService.Stub {
|
||||
op.rejectTime[uidState.state] = System.currentTimeMillis();
|
||||
op.ignoredCount++;
|
||||
return mode;
|
||||
- } else if (mode == AppOpsManager.MODE_ALLOWED) {
|
||||
+ } else if ((mode == AppOpsManager.MODE_ALLOWED) ||
|
||||
+ /*
|
||||
+ * To avoid a deadlock situation in case of system/privileged apps having
|
||||
+ * 'MODE_ASK'as default in case of own AppOps (e.g. OP_MOTION_SENSORS),
|
||||
+ * we need to grant always access to such privileged system apps
|
||||
+ */
|
||||
+ ((uid == Process.SYSTEM_UID || packageName == "com.android.systemui") &&
|
||||
+ (mode == AppOpsManager.MODE_ASK))) {
|
||||
+
|
||||
if (DEBUG) Slog.d(TAG, "startOperation: allowing code " + code + " uid " + uid
|
||||
+ " package " + resolvedPackageName);
|
||||
if (op.startNesting == 0) {
|
||||
|
@ -4,7 +4,7 @@ Date: Fri, 15 Mar 2019 22:14:54 +0100
|
||||
Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [native]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
This change updated the AppOPs binder for the newly defined Ops,
|
||||
|
@ -4,7 +4,7 @@ Date: Fri, 15 Mar 2019 22:29:43 +0100
|
||||
Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [Settings]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
Add new Sensor template, relocate BODY_SENSORS into it
|
||||
|
@ -105,8 +105,6 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch";
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P2.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P3.patch";
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0003-Signature_Spoofing.patch"; fi; #Allow packages to spoof their signature (microG)
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0005-Harden_Sig_Spoofing.patch"; fi; #Restrict signature spoofing to system apps signed with the platform key
|
||||
hardenLocationFWB "$DOS_BUILD_BASE"; #Harden the default GPS config
|
||||
|
@ -291,9 +291,9 @@ if enterAndClear "device/lge/msm8996-common"; then
|
||||
sed -i '3itypeattribute hwaddrs misc_block_device_exception;' sepolicy/hwaddrs.te;
|
||||
fi;
|
||||
|
||||
if enterAndClear "device/moto/shamu"; then
|
||||
#if enterAndClear "device/moto/shamu"; then
|
||||
#git revert --no-edit 05fb49518049440f90423341ff25d4f75f10bc0c; #restore releasetools #TODO
|
||||
fi;
|
||||
#fi;
|
||||
|
||||
if enterAndClear "device/oneplus/oneplus2"; then
|
||||
sed -i 's|etc/permissions/qti_libpermissions.xml|vendor/etc/permissions/qti_libpermissions.xml|' proprietary-files.txt; #Fix outdated path
|
||||
|
@ -133,6 +133,7 @@ patchWorkspace() {
|
||||
#source build/envsetup.sh;
|
||||
#repopick -it eleven-firewall;
|
||||
#repopick -it R_tzdb2021a1;
|
||||
#repopick -it R_asb_2021-11; #TODO: needs cherrypicks too
|
||||
|
||||
sh "$DOS_SCRIPTS/Patch.sh";
|
||||
sh "$DOS_SCRIPTS_COMMON/Enable_Verity.sh";
|
||||
|
Loading…
x
Reference in New Issue
Block a user