Permission for sensors access patches from @MSe1969

Signed-off-by: Tad <tad@spotco.us>

Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P1.patch

@@ -0,0 +1,197 @@
+From 5ccfecfc925ec64d2f49c634701b1f9c1804dbcb Mon Sep 17 00:00:00 2001
+From: MSe <mse1969@posteo.de>
+Date: Mon, 26 Feb 2018 17:53:23 +0100
+Subject: [PATCH 1/3] - AppOps/PrivacyGuard: New Sensor checks [base]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: allow, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+Change-Id: I05ad545285eac84c0cd98868b6e330b7bcdab4cc
+---
+ core/java/android/app/AppOpsManager.java | 34 +++++++++++++++++++++---
+ core/res/res/values-de/cm_strings.xml    |  2 ++
+ core/res/res/values-fr/cm_strings.xml    |  2 ++
+ core/res/res/values/cm_arrays.xml        |  4 +++
+ core/res/res/values/cm_strings.xml       |  2 ++
+ 5 files changed, 41 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
+index e13947335d2a..a9a00a60f0e5 100644
+--- a/core/java/android/app/AppOpsManager.java
++++ b/core/java/android/app/AppOpsManager.java
+@@ -267,7 +267,11 @@ public class AppOpsManager {
+     /** @hide */
+     public static final int OP_SU = 69;
+     /** @hide */
+-    public static final int _NUM_OP = 70;
++    public static final int OP_MOTION_SENSORS = 70;
++    /** @hide */
++    public static final int OP_OTHER_SENSORS = 71;
++    /** @hide */
++    public static final int _NUM_OP = 72;
+ 
+     /** Access to coarse location information. */
+     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
+@@ -378,6 +382,10 @@ public class AppOpsManager {
+             "android:data_connect_change";
+     private static final String OPSTR_SU =
+             "android:su";
++    private static final String OPSTR_MOTION_SENSORS =
++            "android:motion_sensors";
++    private static final String OPSTR_OTHER_SENSORS =
++            "android:other_sensors";
+ 
+     private static final int[] RUNTIME_PERMISSIONS_OPS = {
+             // Contacts
+@@ -494,7 +502,9 @@ public class AppOpsManager {
+             OP_BOOT_COMPLETED,
+             OP_NFC_CHANGE,
+             OP_DATA_CONNECT_CHANGE,
+-            OP_SU
++            OP_SU,
++            OP_MOTION_SENSORS,
++            OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -572,6 +582,8 @@ public class AppOpsManager {
+             OPSTR_NFC_CHANGE,
+             OPSTR_DATA_CONNECT_CHANGE,
+             OPSTR_SU,
++            OPSTR_MOTION_SENSORS,
++            OPSTR_OTHER_SENSORS,
+     };
+ 
+     /**
+@@ -649,6 +661,8 @@ public class AppOpsManager {
+             "NFC_CHANGE",
+             "DATA_CONNECT_CHANGE",
+             "SU",
++            "MOTION_SENSORS",
++            "OTHER_SENSORS",
+     };
+ 
+     /**
+@@ -726,6 +740,8 @@ public class AppOpsManager {
+             Manifest.permission.NFC,
+             Manifest.permission.MODIFY_PHONE_STATE,
+             null,
++            null,
++            null,
+     };
+ 
+     /**
+@@ -804,6 +820,8 @@ public class AppOpsManager {
+             null, //NFC_CHANGE
+             null, //DATA_CONNECT_CHANGE
+             UserManager.DISALLOW_SU, //SU TODO: this should really be investigated.
++            null, //MOTION_SENSORS
++            null, //OTHER_SENSORS
+     };
+ 
+     /**
+@@ -881,6 +899,8 @@ public class AppOpsManager {
+             true, // NFC_CHANGE
+             true, //DATA_CONNECT_CHANGE
+             false, //SU
++            false, //MOTION_SENSORS
++            false, //OTHER_SENSORS
+     };
+ 
+     /**
+@@ -956,7 +976,9 @@ public class AppOpsManager {
+             AppOpsManager.MODE_ALLOWED, // OP_BOOT_COMPLETED
+             AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
+             AppOpsManager.MODE_ALLOWED,
+-            AppOpsManager.MODE_ASK, // OP_SU
++            AppOpsManager.MODE_ASK,     // OP_SU
++            AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
++            AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1034,6 +1056,8 @@ public class AppOpsManager {
+             AppOpsManager.MODE_ASK,     // OP_NFC_CHANGE
+             AppOpsManager.MODE_ASK,     // OP_DATA_CONNECT_CHANGE
+             AppOpsManager.MODE_ASK,     // OP_SU
++            AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
++            AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1110,6 +1134,8 @@ public class AppOpsManager {
+         true,     // OP_NFC_CHANGE
+         true,     // OP_DATA_CONNECT_CHANGE
+         true,     // OP_SU
++        true,     // OP_MOTION_SENSORS
++        false,    // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1190,6 +1216,8 @@ public class AppOpsManager {
+             false,     // OP_NFC_CHANGE
+             false,     // OP_DATA_CONNECT_CHANGE
+             false,     // OP_SU
++            false,     // OP_MOTION_SENSORS
++            false,     // OP_OTHER_SENSORS
+     };
+ 
+     /**
+diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml
+index ad742ee840b6..432ed9bf1882 100644
+--- a/core/res/res/values-de/cm_strings.xml
++++ b/core/res/res/values-de/cm_strings.xml
+@@ -108,6 +108,8 @@
+     <string name="app_ops_run_in_background">im Hintergrund ausgeführt zu werden</string>
+     <string name="app_ops_wifi_change">WLAN-Status zu ändern</string>
+     <string name="app_ops_su">Root-Zugriff zu erhalten</string>
++    <string name="app_ops_motion_sensors">Bewegungssensoren zu nutzen</string>
++    <string name="app_ops_other_sensors">sonstige Sensoren zu nutzen</string>
+     <string name="notify_package_component_protected_title">Start der Aktivität blockiert</string>
+     <string name="notify_package_component_protected_text"><xliff:g id="app_name">%1$s</xliff:g> ist vom Starten abgehalten worden. Tippen Sie, um sich zu authentifizieren und die App zu starten.</string>
+     <string name="lock_to_app_toast_no_navbar">Zum Lösen dieser Ansicht drücken und halten Sie die Zurück-Taste.</string>
+diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml
+index 27abe58ec15a..aa16f8998b1b 100644
+--- a/core/res/res/values-fr/cm_strings.xml
++++ b/core/res/res/values-fr/cm_strings.xml
+@@ -108,6 +108,8 @@
+     <string name="app_ops_run_in_background">exécuter en arrière-plan</string>
+     <string name="app_ops_wifi_change">changer l\'état du Wi-Fi</string>
+     <string name="app_ops_su">obtenir l\'accès root</string>
++    <string name="app_ops_motion_sensors">utiliser les capteurs de mouvement</string>
++    <string name="app_ops_other_sensors">utiliser d\'autres capteurs</string>
+     <string name="notify_package_component_protected_title">Lancement d\'activité bloqué</string>
+     <string name="notify_package_component_protected_text"><xliff:g id="app_name">%1$s</xliff:g> est protégé contre tout lancement. Toucher pour s\'authentifier et lancer l\'application.</string>
+     <string name="lock_to_app_toast_no_navbar">Pour déverrouiller l\'écran, appuyez et maintenez le bouton Retour.</string>
+diff --git a/core/res/res/values/cm_arrays.xml b/core/res/res/values/cm_arrays.xml
+index 8e34a4dafd05..1d054baaced4 100644
+--- a/core/res/res/values/cm_arrays.xml
++++ b/core/res/res/values/cm_arrays.xml
+@@ -182,6 +182,10 @@
+         <item>@string/app_ops_toggle_mobile_data</item>
+         <!-- OP_SU -->
+         <item>@string/app_ops_su</item>
++        <!-- OP_MOTION_SENSORS -->
++        <item>@string/app_ops_motion_sensors</item>
++        <!-- OP_OTHER_SENSORS -->
++        <item>@string/app_ops_other_sensors</item>
+     </string-array>
+ 
+     <!-- A list of pre-installed applications that will be treated as carrier apps,
+diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml
+index 026c10237add..f5c374df200d 100644
+--- a/core/res/res/values/cm_strings.xml
++++ b/core/res/res/values/cm_strings.xml
+@@ -140,6 +140,8 @@
+     <string name="app_ops_run_in_background">run in background</string>
+     <string name="app_ops_wifi_change">change Wi-Fi state</string>
+     <string name="app_ops_su">get root access</string>
++    <string name="app_ops_motion_sensors">use the motion sensors</string>
++    <string name="app_ops_other_sensors">use other sensors</string>
+ 
+     <!-- Protected Apps Notification -->
+     <string name="notify_package_component_protected_title">Activity launch blocked</string>
+-- 
+2.31.1
+

Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P2.patch

@@ -0,0 +1,49 @@
+From 7fcc6be5ca1672ca0b48fa6d55224b34d0d0ebea Mon Sep 17 00:00:00 2001
+From: MSe <mse1969@posteo.de>
+Date: Wed, 25 Apr 2018 23:07:47 +0200
+Subject: [PATCH 2/3] AppOpsService: Default mode 'allowed' for systemUID and
+ platform signed
+
+To avoid severe issues when setting selected Ops to 'ASK', the default
+mode for systemui, apps with uid 1000 (system) and apps signed with the
+platform key will always get the 'allowed' mode as default.
+
+Change-Id: I71d9618d5b900241b99c060d43bc4270da05305b
+---
+ .../com/android/server/AppOpsService.java     | 20 +++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
+index a9e350570508..de31ba177ca2 100644
+--- a/services/core/java/com/android/server/AppOpsService.java
++++ b/services/core/java/com/android/server/AppOpsService.java
+@@ -2576,6 +2576,26 @@ public class AppOpsService extends IAppOpsService.Stub {
+     }
+ 
+     private int getDefaultMode(int code, int uid, String packageName) {
++        // To allow setting 'MODE_ASK' for own Ops, some precautions to
++        // avoid privileged apps to trigger the toggle are needed:
++        
++        // 1st check: Skip uid 1000 and systemui
++        if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) {
++            return AppOpsManager.MODE_ALLOWED;
++        }
++        // 2nd check: Skip apps signed with platform key, except for the 'root' Op
++        if (code != AppOpsManager.OP_SU) {
++            try {
++                int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);        
++                if (match >= PackageManager.SIGNATURE_MATCH) {
++                    return AppOpsManager.MODE_ALLOWED;
++                }
++            } catch (RemoteException re) {            
++                Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);
++            }
++        }
++        // end
++        
+         int mode = AppOpsManager.opToDefaultMode(code,
+                 isStrict(code, uid, packageName));
+         if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
+-- 
+2.31.1
+

Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P3.patch

@@ -0,0 +1,35 @@
+From 302c2986458e43cb666aa502e7767be389b2682f Mon Sep 17 00:00:00 2001
+From: MSe <mse1969@posteo.de>
+Date: Wed, 25 Apr 2018 23:12:20 +0200
+Subject: [PATCH 3/3] AppOps: Default MODE_ASK for OP_MOTION_SENSORS
+
+Change-Id: I4e8380c21b5c8a9e90c99d52e35d825ef0db6d98
+---
+ core/java/android/app/AppOpsManager.java | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
+index a9a00a60f0e5..84b196a2375b 100644
+--- a/core/java/android/app/AppOpsManager.java
++++ b/core/java/android/app/AppOpsManager.java
+@@ -977,7 +977,7 @@ public class AppOpsManager {
+             AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
+             AppOpsManager.MODE_ALLOWED,
+             AppOpsManager.MODE_ASK,     // OP_SU
+-            AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
++            AppOpsManager.MODE_ASK,     // OP_MOTION_SENSORS
+             AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
+     };
+ 
+@@ -1056,7 +1056,7 @@ public class AppOpsManager {
+             AppOpsManager.MODE_ASK,     // OP_NFC_CHANGE
+             AppOpsManager.MODE_ASK,     // OP_DATA_CONNECT_CHANGE
+             AppOpsManager.MODE_ASK,     // OP_SU
+-            AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
++            AppOpsManager.MODE_ASK,     // OP_MOTION_SENSORS
+             AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
+     };
+ 
+-- 
+2.31.1
+

Patches/LineageOS-14.1/android_frameworks_native/0001-Sensors.patch

@@ -0,0 +1,139 @@
+From def2d20e4361c1bd048353d91fe2fd6e38ff6a04 Mon Sep 17 00:00:00 2001
+From: MSe <mse1969@posteo.de>
+Date: Mon, 26 Feb 2018 17:58:17 +0100
+Subject: [PATCH] [PATCH 2/3] - AppOps/PrivacyGuard: New Sensor checks [native]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: allow, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+This change updated the AppOPs binder for the newly defined Ops,
+implements the logic for the sensors and adapts the logic for
+checking the Ops, if an Op is not linked to a permission.
+
+Change-Id: I17bd646c81346f43d1ffdd2dd85dd7c934cd3bd7
+---
+ include/binder/AppOpsManager.h           |  4 +++-
+ libs/gui/Sensor.cpp                      |  8 ++++++++
+ services/sensorservice/SensorService.cpp | 25 +++++++++++++-----------
+ 3 files changed, 25 insertions(+), 12 deletions(-)
+
+diff --git a/include/binder/AppOpsManager.h b/include/binder/AppOpsManager.h
+index e2a6e702f4..62daa8f066 100644
+--- a/include/binder/AppOpsManager.h
++++ b/include/binder/AppOpsManager.h
+@@ -104,7 +104,9 @@ class AppOpsManager
+         OP_BOOT_COMPLETED = 66,
+         OP_NFC_CHANGE = 67,
+         OP_DATA_CONNECT_CHANGE = 68,
+-        OP_SU = 69
++        OP_SU = 69,
++        OP_MOTION_SENSORS = 70,
++        OP_OTHER_SENSORS = 71
+     };
+ 
+     AppOpsManager();
+diff --git a/libs/gui/Sensor.cpp b/libs/gui/Sensor.cpp
+index 4697d2f34b..575d6ca250 100644
+--- a/libs/gui/Sensor.cpp
++++ b/libs/gui/Sensor.cpp
+@@ -58,6 +58,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     mMinDelay = hwSensor.minDelay;
+     mFlags = 0;
+     mUuid = uuid;
++    mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS;  //default, other values are explicitly set
+ 
+     // Set fifo event count zero for older devices which do not support batching. Fused
+     // sensors also have their fifo counts set to zero.
+@@ -92,6 +93,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     switch (mType) {
+     case SENSOR_TYPE_ACCELEROMETER:
+         mStringType = SENSOR_STRING_TYPE_ACCELEROMETER;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_AMBIENT_TEMPERATURE:
+@@ -112,10 +114,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_GYROSCOPE:
+         mStringType = SENSOR_STRING_TYPE_GYROSCOPE;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
+         mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_HEART_RATE: {
+@@ -133,6 +137,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_LINEAR_ACCELERATION:
+         mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_MAGNETIC_FIELD:
+@@ -169,16 +174,19 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     case SENSOR_TYPE_SIGNIFICANT_MOTION:
+         mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION;
+         mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
+             mFlags |= SENSOR_FLAG_WAKE_UP;
+         }
+         break;
+     case SENSOR_TYPE_STEP_COUNTER:
+         mStringType = SENSOR_STRING_TYPE_STEP_COUNTER;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
+         break;
+     case SENSOR_TYPE_STEP_DETECTOR:
+         mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE;
+         break;
+     case SENSOR_TYPE_TEMPERATURE:
+diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
+index d8e08775a4..fe47eb37e1 100644
+--- a/services/sensorservice/SensorService.cpp
++++ b/services/sensorservice/SensorService.cpp
+@@ -1254,6 +1254,20 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
+ 
+ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         const String16& opPackageName) {
++
++    // Due to the new SENSOR AppOps, which do not correspond to any permission,
++    // we need to check for the AppOp BEFORE checking any permission
++    const int32_t opCode = sensor.getRequiredAppOp();
++    if (opCode >= 0) {
++        AppOpsManager appOps;
++        if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
++                        != AppOpsManager::MODE_ALLOWED) {
++            ALOGE("%s a sensor (%s) without enabled required app op: %d",
++                    operation, sensor.getName().string(), opCode);
++            return false;
++        }
++    }
++
+     const String8& requiredPermission = sensor.getRequiredPermission();
+ 
+     if (requiredPermission.length() <= 0) {
+@@ -1276,17 +1290,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         return false;
+     }
+ 
+-    const int32_t opCode = sensor.getRequiredAppOp();
+-    if (opCode >= 0) {
+-        AppOpsManager appOps;
+-        if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
+-                        != AppOpsManager::MODE_ALLOWED) {
+-            ALOGE("%s a sensor (%s) without enabled required app op: %d",
+-                    operation, sensor.getName().string(), opCode);
+-            return false;
+-        }
+-    }
+-
+     return true;
+ }
+ 

Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P1.patch

@@ -0,0 +1,175 @@
+From 2180a97b8aafc377c52cff014e44ea173f30db87 Mon Sep 17 00:00:00 2001
+From: MSe <mse1969@posteo.de>
+Date: Mon, 26 Feb 2018 18:01:44 +0100
+Subject: [PATCH 1/2] - AppOps/PrivacyGuard: New Sensor checks [Settings]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: allow, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+Add new Sensor template
+
+Change-Id: Ibef721505784dbc0f23974468a768f89c9e15c46
+---
+ res/values-de/cm_strings.xml                          |  5 +++++
+ res/values-fr/cm_strings.xml                          |  5 +++++
+ res/values/cm_arrays.xml                              |  5 +++++
+ res/values/cm_strings.xml                             |  6 ++++++
+ .../android/settings/applications/AppOpsState.java    | 11 ++++++++++-
+ 5 files changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
+index b968d7b685..d2778dfc8d 100644
+--- a/res/values-de/cm_strings.xml
++++ b/res/values-de/cm_strings.xml
+@@ -48,6 +48,7 @@
+     <string name="app_ops_categories_device">Gerät</string>
+     <string name="app_ops_categories_background">Hintergrund</string>
+     <string name="app_ops_categories_bootup">Systemstart</string>
++    <string name="app_ops_categories_sensors">Sensoren</string>
+     <string name="app_ops_categories_su">Root-Zugriff</string>
+     <string name="app_ops_categories_other">Andere</string>
+     <string name="app_ops_summaries_coarse_location">Ungefährer Standort</string>
+@@ -118,6 +119,8 @@
+     <string name="app_ops_summaries_start_at_boot">Beim Booten starten</string>
+     <string name="app_ops_summaries_toggle_nfc">NFC ein-/ausschalten</string>
+     <string name="app_ops_summaries_toggle_mobile_data">Mobile Daten ein-/ausschalten</string>
++    <string name="app_ops_summaries_motion_sensors">Nutzung Bewegungssensoren</string>
++    <string name="app_ops_summaries_other_sensors">Sonstige Sensoren</string>
+     <string name="app_ops_summaries_superuser">Root-Zugriff</string>
+     <string name="app_ops_labels_coarse_location">Ungefährer Standort</string>
+     <string name="app_ops_labels_fine_location">Genauer Standort</string>
+@@ -187,6 +190,8 @@
+     <string name="app_ops_labels_start_at_boot">Beim Booten starten</string>
+     <string name="app_ops_labels_toggle_nfc">NFC ein-/ausschalten</string>
+     <string name="app_ops_labels_toggle_mobile_data">Mobile Daten ein-/ausschalten</string>
++    <string name="app_ops_labels_motion_sensors">Bewegungssensoren</string>
++    <string name="app_ops_labels_other_sensors">sonstige Sensoren</string>
+     <string name="app_ops_labels_superuser">Root-Zugriff</string>
+     <string name="app_ops_permissions_allowed">Erlaubt</string>
+     <string name="app_ops_permissions_ignored">Verboten</string>
+diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml
+index 395b87195c..b5e9213441 100644
+--- a/res/values-fr/cm_strings.xml
++++ b/res/values-fr/cm_strings.xml
+@@ -49,6 +49,7 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
+     <string name="app_ops_categories_device">Appareil</string>
+     <string name="app_ops_categories_background">Arrière-plan</string>
+     <string name="app_ops_categories_bootup">Démarrage</string>
++    <string name="app_ops_categories_sensors">Capteurs</string>
+     <string name="app_ops_categories_su">Accès root</string>
+     <string name="app_ops_categories_other">Autre</string>
+     <string name="app_ops_summaries_coarse_location">localisation approximative</string>
+@@ -120,6 +121,8 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
+     <string name="app_ops_summaries_start_at_boot">démarrer au lancement</string>
+     <string name="app_ops_summaries_toggle_nfc">activer/désactiver le NFC</string>
+     <string name="app_ops_summaries_toggle_mobile_data">activer/désactiver les données mobiles</string>
++    <string name="app_ops_summaries_motion_sensors">utiliser les capteurs de mouvement</string>
++    <string name="app_ops_summaries_other_sensors">utiliser d\'autres capteurs</string>
+     <string name="app_ops_summaries_superuser">accès root</string>
+     <string name="app_ops_labels_coarse_location">Position approximative</string>
+     <string name="app_ops_labels_fine_location">Position précise</string>
+@@ -190,6 +193,8 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
+     <string name="app_ops_labels_start_at_boot">Démarrer au lancement</string>
+     <string name="app_ops_labels_toggle_nfc">Activer/désactiver le NFC</string>
+     <string name="app_ops_labels_toggle_mobile_data">Activer/désactiver les données mobiles</string>
++    <string name="app_ops_labels_motion_sensors">Capteur de mouvement</string>
++    <string name="app_ops_labels_other_sensors">autres Capteurs</string>
+     <string name="app_ops_labels_superuser">Accès root</string>
+     <string name="app_ops_permissions_allowed">Autorisé</string>
+     <string name="app_ops_permissions_ignored">Ignoré</string>
+diff --git a/res/values/cm_arrays.xml b/res/values/cm_arrays.xml
+index 38568e4baf..f6a2e8ad19 100644
+--- a/res/values/cm_arrays.xml
++++ b/res/values/cm_arrays.xml
+@@ -50,6 +50,7 @@
+         <item>@string/app_ops_categories_background</item>
+         <item>@string/app_ops_categories_bootup</item>
+         <item>@string/app_ops_categories_su</item>
++        <item>@string/app_ops_categories_sensors</item>
+         <item>@string/app_ops_categories_other</item>
+     </string-array>
+ 
+@@ -125,6 +126,8 @@
+         <item>@string/app_ops_summaries_toggle_nfc</item>
+         <item>@string/app_ops_summaries_toggle_mobile_data</item>
+         <item>@string/app_ops_summaries_superuser</item>
++        <item>@string/app_ops_summaries_motion_sensors</item>
++        <item>@string/app_ops_summaries_other_sensors</item>
+     </string-array>
+ 
+     <!-- User display names for app ops codes - extension of AOSP -->
+@@ -199,6 +202,8 @@
+         <item>@string/app_ops_labels_toggle_nfc</item>
+         <item>@string/app_ops_labels_toggle_mobile_data</item>
+         <item>@string/app_ops_labels_superuser</item>
++        <item>@string/app_ops_labels_motion_sensors</item>
++        <item>@string/app_ops_labels_other_sensors</item>
+     </string-array>
+ 
+     <!-- App ops permissions -->
+diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
+index 0dd77d2439..6441556fa4 100644
+--- a/res/values/cm_strings.xml
++++ b/res/values/cm_strings.xml
+@@ -70,6 +70,7 @@
+     <string name="app_ops_categories_device">Device</string>
+     <string name="app_ops_categories_background">Background</string>
+     <string name="app_ops_categories_bootup">Bootup</string>
++    <string name="app_ops_categories_sensors">Sensors</string>
+     <string name="app_ops_categories_su">Root access</string>
+     <string name="app_ops_categories_other">Other</string>
+ 
+@@ -143,8 +144,11 @@
+     <string name="app_ops_summaries_start_at_boot">start at boot</string>
+     <string name="app_ops_summaries_toggle_nfc">toggle NFC</string>
+     <string name="app_ops_summaries_toggle_mobile_data">toggle cellular data</string>
++    <string name="app_ops_summaries_motion_sensors">Motion Sensor usage</string>
++    <string name="app_ops_summaries_other_sensors">Other Sensor usage</string>
+     <string name="app_ops_summaries_superuser">root access</string>
+ 
++
+     <!-- User display names for app ops codes - extension of AOSP -->
+     <string name="app_ops_labels_coarse_location">Coarse location</string>
+     <string name="app_ops_labels_fine_location">Fine location</string>
+@@ -215,6 +219,8 @@
+     <string name="app_ops_labels_start_at_boot">Start at boot</string>
+     <string name="app_ops_labels_toggle_nfc">Toggle NFC</string>
+     <string name="app_ops_labels_toggle_mobile_data">Toggle cellular data</string>
++    <string name="app_ops_labels_motion_sensors">Motion Sensors</string>
++    <string name="app_ops_labels_other_sensors">Other Sensors</string>
+     <string name="app_ops_labels_superuser">Root access</string>
+ 
+     <!-- App ops permissions -->
+diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java
+index b3d344ed5e..827ef67e9d 100644
+--- a/src/com/android/settings/applications/AppOpsState.java
++++ b/src/com/android/settings/applications/AppOpsState.java
+@@ -233,6 +233,15 @@ public class AppOpsState {
+             new boolean[] { true }
+             );
+ 
++    public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate(
++            new int[] { AppOpsManager.OP_BODY_SENSORS,
++                    AppOpsManager.OP_MOTION_SENSORS,
++                    AppOpsManager.OP_OTHER_SENSORS },
++            new boolean[] { true,
++                    false,
++                    false }
++            );
++
+     public static final OpsTemplate SU_TEMPLATE = new OpsTemplate(
+             new int[] { AppOpsManager.OP_SU },
+             new boolean[] { false }
+@@ -283,7 +292,7 @@ public class AppOpsState {
+     public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] {
+             LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE,
+             MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE,
+-            BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE
++            BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE
+     };
+ 
+     /**
+-- 
+2.31.1
+

Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P2.patch

@@ -0,0 +1,37 @@
+From 52752e68d5307d6a5421fb48a754b6f93d622454 Mon Sep 17 00:00:00 2001
+From: MSe <mse1969@posteo.de>
+Date: Wed, 10 Apr 2019 22:11:15 +0200
+Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor
+ AppOps
+
+Change-Id: Ic68954f30ba8214041c685a4efca4fc65b99ddaf
+---
+ src/com/android/settings/applications/AppOpsDetails.java | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/com/android/settings/applications/AppOpsDetails.java b/src/com/android/settings/applications/AppOpsDetails.java
+index a51a3279f1..504267ab27 100644
+--- a/src/com/android/settings/applications/AppOpsDetails.java
++++ b/src/com/android/settings/applications/AppOpsDetails.java
+@@ -109,6 +109,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
+         OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location);
+         OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone);
+         OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc);
++        OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_perm_data);
+         OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications);
+         OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard);
+         OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background);
+@@ -193,6 +194,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
+                 if (icon == null && op != -1 && OP_ICONS.containsKey(op)) {
+                     icon = getActivity().getDrawable(OP_ICONS.get(op));
+                 }
++                if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) {
++                    icon = getIconByPermission(AppOpsManager.opToPermission(
++                                   AppOpsManager.OP_USE_FINGERPRINT));
++                }
+ 
+                 final AppOpsManager.OpEntry firstOp = entry.getOpEntry(0);
+                 final int switchOp = AppOpsManager.opToSwitch(firstOp.getOp());
+-- 
+2.31.1
+

Patches/LineageOS-15.1/android_frameworks_base/0007-Sensors.patch

@@ -0,0 +1,237 @@
+From 846d74b9b422a0c616c024e63bcfee3f6454a3c3 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sun, 17 Jun 2018 10:49:09 +0200
+Subject: [PATCH] - AppOps/PrivacyGuard: New Sensor checks [base]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: ask, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+To avoid severe issues when setting selected Ops to 'ASK', the default
+mode for systemui, apps with uid 1000 (system) and apps signed with the
+platform key will always get the 'allowed' mode as default.
+
+Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb
+---
+ core/java/android/app/AppOpsManager.java      | 34 +++++++++++++++++--
+ core/res/res/values-de/cm_strings.xml         |  2 ++
+ core/res/res/values-fr/cm_strings.xml         |  2 ++
+ core/res/res/values/cm_strings.xml            |  2 ++
+ core/res/res/values/lineage_arrays.xml        |  4 +++
+ .../com/android/server/AppOpsService.java     | 20 +++++++++++
+ 6 files changed, 61 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
+index 2db36c8f4e02..d2587f2009df 100644
+--- a/core/java/android/app/AppOpsManager.java
++++ b/core/java/android/app/AppOpsManager.java
+@@ -280,8 +280,12 @@ public class AppOpsManager {
+     public static final int OP_DATA_CONNECT_CHANGE = 74;
+     /** @hide SU access */
+     public static final int OP_SU = 75;
++    /** @hide Motion Sensors */
++    public static final int OP_MOTION_SENSORS = 76;
++    /** @hide Other Sensors */
++    public static final int OP_OTHER_SENSORS = 77;
+     /** @hide */
+-    public static final int _NUM_OP = 76;
++    public static final int _NUM_OP = 78;
+ 
+     /** Access to coarse location information. */
+     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
+@@ -407,6 +411,10 @@ public class AppOpsManager {
+             = "android:data_connect_change";
+     private static final String OPSTR_SU
+             = "android:su";
++    private static final String OPSTR_MOTION_SENSORS =
++            "android:motion_sensors";
++    private static final String OPSTR_OTHER_SENSORS =
++            "android:other_sensors";
+ 
+     // Warning: If an permission is added here it also has to be added to
+     // com.android.packageinstaller.permission.utils.EventLogger
+@@ -540,7 +548,9 @@ public class AppOpsManager {
+             OP_BOOT_COMPLETED,
+             OP_NFC_CHANGE,
+             OP_DATA_CONNECT_CHANGE,
+-            OP_SU
++            OP_SU,
++            OP_MOTION_SENSORS,
++            OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -624,6 +634,8 @@ public class AppOpsManager {
+             OPSTR_NFC_CHANGE,
+             OPSTR_DATA_CONNECT_CHANGE,
+             OPSTR_SU,
++            OPSTR_MOTION_SENSORS,
++            OPSTR_OTHER_SENSORS,
+     };
+ 
+     /**
+@@ -707,6 +719,8 @@ public class AppOpsManager {
+             "NFC_CHANGE",
+             "DATA_CONNECT_CHANGE",
+             "SU",
++            "MOTION_SENSORS",
++            "OTHER_SENSORS",
+     };
+ 
+     /**
+@@ -790,6 +804,8 @@ public class AppOpsManager {
+             Manifest.permission.NFC,
+             Manifest.permission.MODIFY_PHONE_STATE,
+             null,
++            null,
++            null,
+     };
+ 
+     /**
+@@ -874,6 +890,8 @@ public class AppOpsManager {
+             null, //NFC_CHANGE
+             null, //DATA_CONNECT_CHANGE
+             UserManager.DISALLOW_SU, //SU TODO: this should really be investigated.
++            null, //MOTION_SENSORS
++            null, //OTHER_SENSORS
+     };
+ 
+     /**
+@@ -957,6 +975,8 @@ public class AppOpsManager {
+             true, // NFC_CHANGE
+             true, //DATA_CONNECT_CHANGE
+             false, //SU
++            false, //MOTION_SENSORS
++            false, //OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1038,7 +1058,9 @@ public class AppOpsManager {
+             AppOpsManager.MODE_ALLOWED, // OP_BOOT_COMPLETED
+             AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
+             AppOpsManager.MODE_ALLOWED,
+-            AppOpsManager.MODE_ASK, // OP_SU
++            AppOpsManager.MODE_ASK,     // OP_SU
++            AppOpsManager.MODE_ASK,     // OP_MOTION_SENSORS
++            AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1122,6 +1144,8 @@ public class AppOpsManager {
+             AppOpsManager.MODE_ASK,     // OP_NFC_CHANGE
+             AppOpsManager.MODE_ASK,     // OP_DATA_CONNECT_CHANGE
+             AppOpsManager.MODE_ASK,     // OP_SU
++            AppOpsManager.MODE_ASK,     // OP_MOTION_SENSORS
++            AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1204,6 +1228,8 @@ public class AppOpsManager {
+         true,     // OP_NFC_CHANGE
+         true,     // OP_DATA_CONNECT_CHANGE
+         true,     // OP_SU
++        true,     // OP_MOTION_SENSORS
++        false,    // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1290,6 +1316,8 @@ public class AppOpsManager {
+             false, // OP_NFC_CHANGE
+             false, // OP_DATA_CONNECT_CHANGE
+             false, // OP_SU
++            false, // OP_MOTION_SENSORS
++            false, // OP_OTHER_SENSORS
+     };
+ 
+     /**
+diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml
+index af5c3fbe12f0..6a8a1e0fc45a 100644
+--- a/core/res/res/values-de/cm_strings.xml
++++ b/core/res/res/values-de/cm_strings.xml
+@@ -57,7 +57,9 @@
+     <string name="app_ops_modify_clipboard">die Zwischenablage zu ändern</string>
+     <string name="app_ops_modify_contacts">Kontakte zu ändern</string>
+     <string name="app_ops_modify_settings">Einstellungen zu ändern</string>
++    <string name="app_ops_motion_sensors">Bewegungssensoren zu nutzen</string>
+     <string name="app_ops_mute_unmute_microphone">das Mikrofon zu aktivieren/deaktivieren</string>
++    <string name="app_ops_other_sensors">sonstige Sensoren zu nutzen</string>
+     <string name="app_ops_phone_calls">Anrufe zu beantworten</string>
+     <string name="app_ops_picture_in_picture">Bild im Bild zu verwenden</string>
+     <string name="app_ops_play_audio">Audio wiederzugeben</string>
+diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml
+index c223ccbc5dd8..28ee5ba28dcf 100644
+--- a/core/res/res/values-fr/cm_strings.xml
++++ b/core/res/res/values-fr/cm_strings.xml
+@@ -57,7 +57,9 @@
+     <string name="app_ops_modify_clipboard">modifier le presse-papiers</string>
+     <string name="app_ops_modify_contacts">mettre à jour vos contacts</string>
+     <string name="app_ops_modify_settings">mettre à jour les paramètres du système</string>
++    <string name="app_ops_motion_sensors">utiliser les capteurs de mouvement</string>
+     <string name="app_ops_mute_unmute_microphone">activer/désactiver le microphone</string>
++    <string name="app_ops_other_sensors">utiliser d\'autres capteurs</string>
+     <string name="app_ops_phone_calls">répondre aux appels téléphoniques</string>
+     <string name="app_ops_picture_in_picture">utiliser le mode Picture-in-Picture</string>
+     <string name="app_ops_play_audio">lecture audio</string>
+diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml
+index 4c34888c94ab..d0ec04891c8d 100644
+--- a/core/res/res/values/cm_strings.xml
++++ b/core/res/res/values/cm_strings.xml
+@@ -70,7 +70,9 @@
+     <string name="app_ops_modify_clipboard">modify the clipboard</string>
+     <string name="app_ops_modify_contacts">update your contacts</string>
+     <string name="app_ops_modify_settings">update system settings</string>
++    <string name="app_ops_motion_sensors">use the motion sensors</string>
+     <string name="app_ops_mute_unmute_microphone">mute/unmute the microphone</string>
++    <string name="app_ops_other_sensors">use other sensors</string>
+     <string name="app_ops_phone_calls">answer phone calls</string>
+     <string name="app_ops_picture_in_picture">use picture in picture</string>
+     <string name="app_ops_play_audio">play audio</string>
+diff --git a/core/res/res/values/lineage_arrays.xml b/core/res/res/values/lineage_arrays.xml
+index 65149d2a9e54..5cb3120dbc47 100644
+--- a/core/res/res/values/lineage_arrays.xml
++++ b/core/res/res/values/lineage_arrays.xml
+@@ -170,6 +170,10 @@
+         <item>@string/app_ops_toggle_mobile_data</item>
+         <!-- OP_SU -->
+         <item>@string/app_ops_su</item>
++        <!-- OP_MOTION_SENSORS -->
++        <item>@string/app_ops_motion_sensors</item>
++        <!-- OP_OTHER_SENSORS -->
++        <item>@string/app_ops_other_sensors</item>
+     </string-array>
+ 
+ </resources>
+diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
+index 8dc8272303e3..0a74101de471 100644
+--- a/services/core/java/com/android/server/AppOpsService.java
++++ b/services/core/java/com/android/server/AppOpsService.java
+@@ -2841,6 +2841,26 @@ public class AppOpsService extends IAppOpsService.Stub {
+     }
+ 
+     private int getDefaultMode(int code, int uid, String packageName) {
++        // To allow setting 'MODE_ASK' for own Ops, some precautions to
++        // avoid privileged apps to trigger the toggle are needed:
++        
++        // 1st check: Skip uid 1000 and systemui
++        if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) {
++            return AppOpsManager.MODE_ALLOWED;
++        }
++        // 2nd check: Skip apps signed with platform key, except for the 'root' Op
++        if (code != AppOpsManager.OP_SU) {
++            try {
++                int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);        
++                if (match >= PackageManager.SIGNATURE_MATCH) {
++                    return AppOpsManager.MODE_ALLOWED;
++                }
++            } catch (RemoteException re) {            
++                Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);
++            }
++        }
++        // end
++        
+         int mode = AppOpsManager.opToDefaultMode(code,
+                 isStrict(code, uid, packageName));
+         if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
+-- 
+2.31.1
+

Patches/LineageOS-15.1/android_frameworks_native/0001-Sensors.patch

@@ -0,0 +1,155 @@
+From cf5355b4ffb23b30b45a937d907e4a728214b02a Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sun, 17 Jun 2018 11:33:33 +0200
+Subject: [PATCH] [PATCH 2/3] - AppOps/PrivacyGuard: New Sensor checks [native]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: ask, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+This change updated the AppOPs binder for the newly defined Ops,
+implements the logic for the sensors and adapts the logic for
+checking the Ops, if an Op is not linked to a permission.
+
+Change-Id: Ic56e7bd48acda8790d6ab917a07cd7b747d4de87
+---
+ libs/binder/include/binder/AppOpsManager.h |  4 +++-
+ libs/sensor/Sensor.cpp                     | 10 +++++++++
+ services/sensorservice/SensorService.cpp   | 25 ++++++++++++----------
+ 3 files changed, 27 insertions(+), 12 deletions(-)
+
+diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
+index 1beabd3fc4..dd7b3482f3 100644
+--- a/libs/binder/include/binder/AppOpsManager.h
++++ b/libs/binder/include/binder/AppOpsManager.h
+@@ -110,7 +110,9 @@ class AppOpsManager
+         OP_BOOT_COMPLETED = 72,
+         OP_NFC_CHANGE = 73,
+         OP_DATA_CONNECT_CHANGE = 74,
+-        OP_SU = 75
++        OP_SU = 75,
++        OP_MOTION_SENSORS = 76,
++        OP_OTHER_SENSORS = 77
+     };
+ 
+     AppOpsManager();
+diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
+index a0e368c7e4..919d5311c9 100644
+--- a/libs/sensor/Sensor.cpp
++++ b/libs/sensor/Sensor.cpp
+@@ -52,6 +52,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     mMinDelay = hwSensor.minDelay;
+     mFlags = 0;
+     mUuid = uuid;
++    mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS;  //default, other values are explicitly set
+ 
+     // Set fifo event count zero for older devices which do not support batching. Fused
+     // sensors also have their fifo counts set to zero.
+@@ -86,6 +87,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     switch (mType) {
+     case SENSOR_TYPE_ACCELEROMETER:
+         mStringType = SENSOR_STRING_TYPE_ACCELEROMETER;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_AMBIENT_TEMPERATURE:
+@@ -106,10 +108,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_GYROSCOPE:
+         mStringType = SENSOR_STRING_TYPE_GYROSCOPE;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
+         mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_HEART_RATE: {
+@@ -125,6 +129,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_LINEAR_ACCELERATION:
+         mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_MAGNETIC_FIELD:
+@@ -161,16 +166,19 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     case SENSOR_TYPE_SIGNIFICANT_MOTION:
+         mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION;
+         mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
+             mFlags |= SENSOR_FLAG_WAKE_UP;
+         }
+         break;
+     case SENSOR_TYPE_STEP_COUNTER:
+         mStringType = SENSOR_STRING_TYPE_STEP_COUNTER;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
+         break;
+     case SENSOR_TYPE_STEP_DETECTOR:
+         mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE;
+         break;
+     case SENSOR_TYPE_TEMPERATURE:
+@@ -236,6 +244,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_MOTION_DETECT:
+         mStringType = SENSOR_STRING_TYPE_MOTION_DETECT;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
+         if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
+             mFlags |= SENSOR_FLAG_WAKE_UP;
+@@ -251,6 +260,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+ 
+     case SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED:
+         mStringType = SENSOR_STRING_TYPE_ACCELEROMETER_UNCALIBRATED;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     default:
+diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
+index a1f07b281a..1a0e5e8531 100644
+--- a/services/sensorservice/SensorService.cpp
++++ b/services/sensorservice/SensorService.cpp
+@@ -1445,6 +1445,20 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
+ 
+ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         const String16& opPackageName) {
++
++    // Due to the new SENSOR AppOps, which do not correspond to any permission,
++    // we need to check for the AppOp BEFORE checking any permission
++    const int32_t opCode = sensor.getRequiredAppOp();
++    if (opCode >= 0) {
++        AppOpsManager appOps;
++        if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
++                        != AppOpsManager::MODE_ALLOWED) {
++            ALOGE("%s a sensor (%s) without enabled required app op: %d",
++                    operation, sensor.getName().string(), opCode);
++            return false;
++        }
++    }
++
+     const String8& requiredPermission = sensor.getRequiredPermission();
+ 
+     if (requiredPermission.length() <= 0) {
+@@ -1467,17 +1481,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         return false;
+     }
+ 
+-    const int32_t opCode = sensor.getRequiredAppOp();
+-    if (opCode >= 0) {
+-        AppOpsManager appOps;
+-        if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
+-                        != AppOpsManager::MODE_ALLOWED) {
+-            ALOGE("%s a sensor (%s) without enabled required app op: %d",
+-                    operation, sensor.getName().string(), opCode);
+-            return false;
+-        }
+-    }
+-
+     return true;
+ }
+ 

Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P1.patch

@@ -0,0 +1,188 @@
+From f2eede97b47cf25553aa5edf10909429f087cfd9 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sun, 17 Jun 2018 13:03:27 +0200
+Subject: [PATCH 1/2] - AppOps/PrivacyGuard: New Sensor checks [Settings]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: ask, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+Add new Sensor template, relocate BODY_SENSORS into it
+
+Change-Id: I9b51c47e27a330823ecb4472b9a7818718ef4209
+---
+ res/values-de/cm_strings.xml                        |  5 +++++
+ res/values-fr/cm_strings.xml                        |  5 +++++
+ res/values/cm_arrays.xml                            |  5 +++++
+ res/values/cm_strings.xml                           |  5 +++++
+ .../android/settings/applications/AppOpsState.java  | 13 ++++++++++---
+ 5 files changed, 30 insertions(+), 3 deletions(-)
+
+diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
+index e7a59a5d96..10ea1ae860 100644
+--- a/res/values-de/cm_strings.xml
++++ b/res/values-de/cm_strings.xml
+@@ -100,6 +100,7 @@
+     <string name="app_ops_categories_device">Gerät</string>
+     <string name="app_ops_categories_run_in_background">Im Hintergrund ausführen</string>
+     <string name="app_ops_categories_bootup">Systemstart</string>
++    <string name="app_ops_categories_sensors">Sensoren</string>
+     <string name="app_ops_categories_su">Root-Zugriff</string>
+     <string name="app_ops_categories_other">Andere</string>
+     <string name="app_ops_summaries_coarse_location">Ungefährer Standort</string>
+@@ -177,6 +178,8 @@
+     <string name="app_ops_summaries_start_at_boot">Beim Booten starten</string>
+     <string name="app_ops_summaries_toggle_nfc">NFC ein-/ausschalten</string>
+     <string name="app_ops_summaries_toggle_mobile_data">Mobile Daten ein-/ausschalten</string>
++    <string name="app_ops_summaries_motion_sensors">Nutzung Bewegungssensoren</string>
++    <string name="app_ops_summaries_other_sensors">Sonstige Sensoren</string>
+     <string name="app_ops_summaries_superuser">Root-Zugriff</string>
+     <string name="app_ops_labels_coarse_location">Ungefährer Standort</string>
+     <string name="app_ops_labels_fine_location">Genauer Standort</string>
+@@ -253,6 +256,8 @@
+     <string name="app_ops_labels_start_at_boot">Beim Booten starten</string>
+     <string name="app_ops_labels_toggle_nfc">NFC ein-/ausschalten</string>
+     <string name="app_ops_labels_toggle_mobile_data">Mobile Daten ein-/ausschalten</string>
++    <string name="app_ops_labels_motion_sensors">Bewegungssensoren</string>
++    <string name="app_ops_labels_other_sensors">sonstige Sensoren</string>
+     <string name="app_ops_labels_superuser">Root-Zugriff</string>
+     <string name="app_ops_permissions_allowed">Erlaubt</string>
+     <string name="app_ops_permissions_ignored">Verboten</string>
+diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml
+index dc0cee3d61..992258f378 100644
+--- a/res/values-fr/cm_strings.xml
++++ b/res/values-fr/cm_strings.xml
+@@ -101,6 +101,7 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
+     <string name="app_ops_categories_device">Appareil</string>
+     <string name="app_ops_categories_run_in_background">Exécuter en arrière plan</string>
+     <string name="app_ops_categories_bootup">Démarrage</string>
++    <string name="app_ops_categories_sensors">Capteurs</string>
+     <string name="app_ops_categories_su">Accès root</string>
+     <string name="app_ops_categories_other">Autre</string>
+     <string name="app_ops_summaries_coarse_location">localisation approximative</string>
+@@ -178,6 +179,8 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
+     <string name="app_ops_summaries_start_at_boot">démarrer au lancement</string>
+     <string name="app_ops_summaries_toggle_nfc">activer/désactiver le NFC</string>
+     <string name="app_ops_summaries_toggle_mobile_data">activer/désactiver les données mobiles</string>
++    <string name="app_ops_summaries_motion_sensors">utiliser les capteurs de mouvement</string>
++    <string name="app_ops_summaries_other_sensors">utiliser d\'autres capteurs</string>
+     <string name="app_ops_summaries_superuser">accès root</string>
+     <string name="app_ops_labels_coarse_location">Position approximative</string>
+     <string name="app_ops_labels_fine_location">Position précise</string>
+@@ -254,6 +257,8 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
+     <string name="app_ops_labels_start_at_boot">Démarrer au lancement</string>
+     <string name="app_ops_labels_toggle_nfc">Activer/désactiver le NFC</string>
+     <string name="app_ops_labels_toggle_mobile_data">Activer/désactiver les données mobiles</string>
++    <string name="app_ops_labels_motion_sensors">Capteur de mouvement</string>
++    <string name="app_ops_labels_other_sensors">autres Capteurs</string>
+     <string name="app_ops_labels_superuser">Accès root</string>
+     <string name="app_ops_permissions_allowed">Autorisé</string>
+     <string name="app_ops_permissions_ignored">Ignoré</string>
+diff --git a/res/values/cm_arrays.xml b/res/values/cm_arrays.xml
+index 901773fcc7..4796f9399c 100644
+--- a/res/values/cm_arrays.xml
++++ b/res/values/cm_arrays.xml
+@@ -34,6 +34,7 @@
+         <item>@string/app_ops_categories_run_in_background</item>
+         <item>@string/app_ops_categories_bootup</item>
+         <item>@string/app_ops_categories_su</item>
++        <item>@string/app_ops_categories_sensors</item>
+         <item>@string/app_ops_categories_other</item>
+     </string-array>
+ 
+@@ -115,6 +116,8 @@
+         <item>@string/app_ops_summaries_toggle_nfc</item>
+         <item>@string/app_ops_summaries_toggle_mobile_data</item>
+         <item>@string/app_ops_summaries_superuser</item>
++        <item>@string/app_ops_summaries_motion_sensors</item>
++        <item>@string/app_ops_summaries_other_sensors</item>
+     </string-array>
+ 
+     <!-- User display names for app ops codes - extension of AOSP -->
+@@ -195,6 +198,8 @@
+         <item>@string/app_ops_labels_toggle_nfc</item>
+         <item>@string/app_ops_labels_toggle_mobile_data</item>
+         <item>@string/app_ops_labels_superuser</item>
++        <item>@string/app_ops_labels_motion_sensors</item>
++        <item>@string/app_ops_labels_other_sensors</item>
+     </string-array>
+ 
+     <!-- App ops permissions -->
+diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
+index 91238336d9..f978f86bed 100644
+--- a/res/values/cm_strings.xml
++++ b/res/values/cm_strings.xml
+@@ -165,6 +165,7 @@
+     <string name="app_ops_categories_device">Device</string>
+     <string name="app_ops_categories_run_in_background">Run in background</string>
+     <string name="app_ops_categories_bootup">Bootup</string>
++    <string name="app_ops_categories_sensors">Sensors</string>
+     <string name="app_ops_categories_su">Root access</string>
+     <string name="app_ops_categories_other">Other</string>
+ 
+@@ -244,6 +245,8 @@
+     <string name="app_ops_summaries_start_at_boot">start at boot</string>
+     <string name="app_ops_summaries_toggle_nfc">toggle NFC</string>
+     <string name="app_ops_summaries_toggle_mobile_data">toggle cellular data</string>
++    <string name="app_ops_summaries_motion_sensors">Motion Sensor usage</string>
++    <string name="app_ops_summaries_other_sensors">Other Sensor usage</string>
+     <string name="app_ops_summaries_superuser">root access</string>
+ 
+     <!-- User display names for app ops codes - extension of AOSP -->
+@@ -322,6 +325,8 @@
+     <string name="app_ops_labels_start_at_boot">Start at boot</string>
+     <string name="app_ops_labels_toggle_nfc">Toggle NFC</string>
+     <string name="app_ops_labels_toggle_mobile_data">Toggle cellular data</string>
++    <string name="app_ops_labels_motion_sensors">Motion Sensors</string>
++    <string name="app_ops_labels_other_sensors">Other Sensors</string>
+     <string name="app_ops_labels_superuser">Root access</string>
+ 
+     <!-- App ops permissions -->
+diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java
+index f1a2e4dce1..4f946f2792 100644
+--- a/src/com/android/settings/applications/AppOpsState.java
++++ b/src/com/android/settings/applications/AppOpsState.java
+@@ -235,6 +235,15 @@ public class AppOpsState {
+             new boolean[] { true }
+             );
+ 
++    public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate(
++            new int[] { AppOpsManager.OP_BODY_SENSORS,
++                    AppOpsManager.OP_MOTION_SENSORS,
++                    AppOpsManager.OP_OTHER_SENSORS },
++            new boolean[] { true,
++                    false,
++                    false }
++            );
++
+     public static final OpsTemplate SU_TEMPLATE = new OpsTemplate(
+             new int[] { AppOpsManager.OP_SU },
+             new boolean[] { false }
+@@ -251,7 +260,6 @@ public class AppOpsState {
+                     AppOpsManager.OP_USE_SIP,
+                     AppOpsManager.OP_PROCESS_OUTGOING_CALLS,
+                     AppOpsManager.OP_USE_FINGERPRINT,
+-                    AppOpsManager.OP_BODY_SENSORS,
+                     AppOpsManager.OP_READ_CELL_BROADCASTS,
+                     AppOpsManager.OP_MOCK_LOCATION,
+                     AppOpsManager.OP_READ_EXTERNAL_STORAGE,
+@@ -271,7 +279,6 @@ public class AppOpsState {
+                     true,
+                     true,
+                     true,
+-                    true,
+                     true }
+     );
+ 
+@@ -285,7 +292,7 @@ public class AppOpsState {
+     public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] {
+             LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE,
+             MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE,
+-            BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE
++            BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE
+     };
+ 
+     /**
+-- 
+2.31.1
+

Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P2.patch

@@ -0,0 +1,37 @@
+From 4467cf678f558ee4b04fb1b9345a43f87b51d681 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Wed, 20 Mar 2019 08:42:49 +0100
+Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor
+ AppOps
+
+Change-Id: Ic68954f30ba8214041c685a4efca4fc65b99ddaf
+---
+ src/com/android/settings/applications/AppOpsDetails.java | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/com/android/settings/applications/AppOpsDetails.java b/src/com/android/settings/applications/AppOpsDetails.java
+index 220bdff005..db948ab5cd 100644
+--- a/src/com/android/settings/applications/AppOpsDetails.java
++++ b/src/com/android/settings/applications/AppOpsDetails.java
+@@ -111,6 +111,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
+         OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location);
+         OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone);
+         OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc);
++        OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_devices_other);
+         OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications);
+         OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard);
+         OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background);
+@@ -205,6 +206,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
+                 if (icon == null && op != -1 && OP_ICONS.containsKey(op)) {
+                     icon = getActivity().getDrawable(OP_ICONS.get(op));
+                 }
++                if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) {
++                    icon = getIconByPermission(AppOpsManager.opToPermission(
++                                   AppOpsManager.OP_USE_FINGERPRINT));
++                }
+                 if (icon == null) {
+                     Log.e(TAG, "Failed to retrieve icon for permission: " + perm);
+                 } else {
+-- 
+2.31.1
+

Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch

@@ -0,0 +1,248 @@
+From d0663b7dc73564744e89d5dd93675ff8929cc532 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Fri, 15 Mar 2019 22:05:36 +0100
+Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [base]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: ask, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+To avoid severe issues when setting selected Ops to 'ASK', the default
+mode for apps with uid 1000 (system) will always get the 'allowed' mode
+as default, same as com.android.systemui
+
+Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb
+---
+ core/java/android/app/AppOpsManager.java      | 35 +++++++++++++++++--
+ core/res/res/values-de/cm_strings.xml         |  2 ++
+ core/res/res/values-fr/cm_strings.xml         |  2 ++
+ core/res/res/values/cm_strings.xml            |  2 ++
+ core/res/res/values/lineage_arrays.xml        |  4 +++
+ .../com/android/server/AppOpsService.java     | 19 +++++++++-
+ 6 files changed, 61 insertions(+), 3 deletions(-)
+
+diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
+index a112cafb3b5e..c7338214a265 100644
+--- a/core/java/android/app/AppOpsManager.java
++++ b/core/java/android/app/AppOpsManager.java
+@@ -371,8 +371,12 @@
+     public static final int OP_DATA_CONNECT_CHANGE = 81;
+     /** @hide SU access */
+     public static final int OP_SU = 82;
++    /** @hide Motion Sensors */
++    public static final int OP_MOTION_SENSORS = 83;
++    /** @hide Other Sensors */
++    public static final int OP_OTHER_SENSORS = 84;
+     /** @hide */
+-    public static final int _NUM_OP = 83;
++    public static final int _NUM_OP = 85;
+ 
+     /** Access to coarse location information. */
+     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
+@@ -628,6 +632,11 @@
+     /** @hide */
+     public static final String OPSTR_SU = "android:su";
+ 
++    public static final String OPSTR_MOTION_SENSORS =
++            "android:motion_sensors";
++    public static final String OPSTR_OTHER_SENSORS =
++            "android:other_sensors";
++
+     // Warning: If an permission is added here it also has to be added to
+     // com.android.packageinstaller.permission.utils.EventLogger
+     private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = {
+@@ -676,7 +685,9 @@
+             OP_WRITE_SETTINGS,
+             OP_REQUEST_INSTALL_PACKAGES,
+             OP_START_FOREGROUND,
+-            OP_SU
++            OP_SU,
++            OP_MOTION_SENSORS,
++            OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -771,6 +782,8 @@
+             OP_NFC_CHANGE,                      // NFC_CHANGE
+             OP_DATA_CONNECT_CHANGE,             // DATA_CONNECT_CHANGE
+             OP_SU,                              // SU
++            OP_MOTION_SENSORS,                  // MOTION_SENSORS
++            OP_OTHER_SENSORS                    // OTHER_SENSORS
+     };
+ 
+     /**
+@@ -860,6 +873,8 @@
+             OPSTR_NFC_CHANGE,
+             OPSTR_DATA_CONNECT_CHANGE,
+             OPSTR_SU,
++            OPSTR_MOTION_SENSORS,
++            OPSTR_OTHER_SENSORS,
+     };
+ 
+     /**
+@@ -950,6 +965,8 @@
+             "NFC_CHANGE",
+             "DATA_CONNECT_CHANGE",
+             "SU",
++            "MOTION_SENSORS",
++            "OTHER_SENSORS",
+     };
+ 
+     /**
+@@ -1040,6 +1057,8 @@
+             Manifest.permission.NFC,
+             null,
+             null, // no permission for OP_SU
++            null, // no permission for OP_MOTION_SENSORS
++            null, // no permission for OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1131,6 +1150,8 @@
+             null, // NFC_CHANGE
+             null, // DATA_CONNECT_CHANGE
+             UserManager.DISALLOW_SU, // SU TODO: this should really be investigated.
++            null, //MOTION_SENSORS
++            null, //OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1221,6 +1242,8 @@
+             true, // NFC_CHANGE
+             true, // DATA_CONNECT_CHANGE
+             false, // SU
++            false, //MOTION_SENSORS
++            false, //OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1310,6 +1333,8 @@
+             AppOpsManager.MODE_ALLOWED,  // OP_NFC_CHANGE
+             AppOpsManager.MODE_ALLOWED,  // OP_DATA_CONNECT_CHANGE
+             AppOpsManager.MODE_ASK,      // OP_SU
++            AppOpsManager.MODE_ASK,      // OP_MOTION_SENSORS
++            AppOpsManager.MODE_ALLOWED,  // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1400,6 +1425,8 @@
+             AppOpsManager.MODE_ASK,     // OP_NFC_CHANGE
+             AppOpsManager.MODE_ASK,     // OP_DATA_CONNECT_CHANGE
+             AppOpsManager.MODE_ASK,     // OP_SU
++            AppOpsManager.MODE_ASK,     // OP_MOTION_SENSORS
++            AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1489,6 +1516,8 @@
+             true,  // NFC_CHANGE
+             true,  // DATA_CONNECT_CHANGE
+             true,  // SU
++            true,     // OP_MOTION_SENSORS
++            false,    // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1582,6 +1611,8 @@
+             false, // OP_NFC_CHANGE
+             false, // OP_DATA_CONNECT_CHANGE
+             false, // OP_SU
++            false, // OP_MOTION_SENSORS
++            false, // OP_OTHER_SENSORS
+     };
+ 
+     /**
+diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml
+index a8fd5700e374..837dccd09425 100644
+--- a/core/res/res/values-de/cm_strings.xml
++++ b/core/res/res/values-de/cm_strings.xml
+@@ -52,7 +52,9 @@
+     <string name="app_ops_modify_clipboard">die Zwischenablage zu ändern</string>
+     <string name="app_ops_modify_contacts">Kontakte zu ändern</string>
+     <string name="app_ops_modify_settings">Einstellungen zu ändern</string>
++    <string name="app_ops_motion_sensors">Bewegungssensoren zu nutzen</string>
+     <string name="app_ops_mute_unmute_microphone">das Mikrofon zu aktivieren/deaktivieren</string>
++    <string name="app_ops_other_sensors">sonstige Sensoren zu nutzen</string>
+     <string name="app_ops_phone_calls">Anrufe zu beantworten</string>
+     <string name="app_ops_picture_in_picture">Bild im Bild zu verwenden</string>
+     <string name="app_ops_play_audio">Audio wiederzugeben</string>
+diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml
+index fb1835759a7f..fc294608074f 100644
+--- a/core/res/res/values-fr/cm_strings.xml
++++ b/core/res/res/values-fr/cm_strings.xml
+@@ -48,7 +48,9 @@
+     <string name="app_ops_modify_clipboard">modifier le presse-papiers</string>
+     <string name="app_ops_modify_contacts">mettre à jour vos contacts</string>
+     <string name="app_ops_modify_settings">mettre à jour les paramètres du système</string>
++    <string name="app_ops_motion_sensors">utiliser les capteurs de mouvement</string>
+     <string name="app_ops_mute_unmute_microphone">activer/désactiver le microphone</string>
++    <string name="app_ops_other_sensors">utiliser d\'autres capteurs</string>
+     <string name="app_ops_phone_calls">répondre aux appels téléphoniques</string>
+     <string name="app_ops_picture_in_picture">utiliser le mode Picture-in-Picture</string>
+     <string name="app_ops_play_audio">lecture audio</string>
+diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml
+index 301131e2663d..5939cae77b8e 100644
+--- a/core/res/res/values/cm_strings.xml
++++ b/core/res/res/values/cm_strings.xml
+@@ -57,7 +57,9 @@
+     <string name="app_ops_modify_clipboard">modify the clipboard</string>
+     <string name="app_ops_modify_contacts">update your contacts</string>
+     <string name="app_ops_modify_settings">update system settings</string>
++    <string name="app_ops_motion_sensors">use the motion sensors</string>
+     <string name="app_ops_mute_unmute_microphone">mute/unmute the microphone</string>
++    <string name="app_ops_other_sensors">use other sensors</string>
+     <string name="app_ops_phone_calls">answer phone calls</string>
+     <string name="app_ops_picture_in_picture">use picture in picture</string>
+     <string name="app_ops_play_audio">play audio</string>
+diff --git a/core/res/res/values/lineage_arrays.xml b/core/res/res/values/lineage_arrays.xml
+index 58567d1c8bd1..11a7d99b8d48 100644
+--- a/core/res/res/values/lineage_arrays.xml
++++ b/core/res/res/values/lineage_arrays.xml
+@@ -184,6 +184,10 @@
+         <item>@string/app_ops_toggle_mobile_data</item>
+         <!-- OP_SU -->
+         <item>@string/app_ops_su</item>
++        <!-- OP_MOTION_SENSORS -->
++        <item>@string/app_ops_motion_sensors</item>
++        <!-- OP_OTHER_SENSORS -->
++        <item>@string/app_ops_other_sensors</item>
+     </string-array>
+ 
+ </resources>
+diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
+index cdee2ba49c10..9c7f0700236e 100644
+--- a/services/core/java/com/android/server/AppOpsService.java
++++ b/services/core/java/com/android/server/AppOpsService.java
+@@ -1775,6 +1775,15 @@ private int noteOperationUnchecked(int code, int uid, String packageName,
+                     op.rejectTime[uidState.state] = System.currentTimeMillis();
+                     op.ignoredCount++;
+                     return mode;
++                } else if (uid == Process.SYSTEM_UID || packageName == "com.android.systemui") {
++                    /*
++                     *  To avoid a deadlock situation in case of system/privileged apps having
++                     *  'MODE_ASK'as default in case of own AppOps (e.g. OP_MOTION_SENSORS),
++                     *  we need to grant always access to such privileged system apps.
++                     *
++                     *  This 'blind' condition causes the PermissionDialog req not to be
++                     *  initialised, hence the `if (req == null)` condition below applies.
++                     */
+                 } else if (mode == AppOpsManager.MODE_ASK) {
+                     if (Looper.myLooper() == mLooper || Thread.holdsLock(mActivityManagerService)) {
+                         Slog.e(TAG, "noteOperation: this method will deadlock if called" +
+@@ -1953,7 +1962,15 @@ public int startOperation(IBinder token, int code, int uid, String packageName,
+                 op.rejectTime[uidState.state] = System.currentTimeMillis();
+                 op.ignoredCount++;
+                 return mode;
+-            } else if (mode == AppOpsManager.MODE_ALLOWED) {
++            } else if ((mode == AppOpsManager.MODE_ALLOWED) ||
++                    /*
++                     * To avoid a deadlock situation in case of system/privileged apps having
++                     * 'MODE_ASK'as default in case of own AppOps (e.g. OP_MOTION_SENSORS),
++                     * we need to grant always access to such privileged system apps
++                     */
++                    ((uid == Process.SYSTEM_UID || packageName == "com.android.systemui") &&
++                    (mode == AppOpsManager.MODE_ASK))) {
++
+                 if (DEBUG) Slog.d(TAG, "startOperation: allowing code " + code + " uid " + uid
+                         + " package " + resolvedPackageName);
+                 if (op.startNesting == 0) {

Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch

@@ -0,0 +1,156 @@
+From 292631a7e653549c02a6c29aa98cba8db770a21b Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Fri, 15 Mar 2019 22:14:54 +0100
+Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [native]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: ask, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+This change updated the AppOPs binder for the newly defined Ops,
+implements the logic for the sensors and adapts the logic for
+checking the Ops, if an Op is not linked to a permission.
+
+Change-Id: Ic56e7bd48acda8790d6ab917a07cd7b747d4de87
+---
+ libs/binder/include/binder/AppOpsManager.h |  4 +++-
+ libs/sensor/Sensor.cpp                     | 10 +++++++++
+ services/sensorservice/SensorService.cpp   | 25 ++++++++++++----------
+ 3 files changed, 27 insertions(+), 12 deletions(-)
+
+diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
+index fb682ecde7..83887787c9 100644
+--- a/libs/binder/include/binder/AppOpsManager.h
++++ b/libs/binder/include/binder/AppOpsManager.h
+@@ -119,7 +119,9 @@ class AppOpsManager
+         OP_BOOT_COMPLETED = 79,
+         OP_NFC_CHANGE = 80,
+         OP_DATA_CONNECT_CHANGE = 81,
+-        OP_SU = 82
++        OP_SU = 82,
++        OP_MOTION_SENSORS = 83,
++        OP_OTHER_SENSORS = 84
+     };
+ 
+     AppOpsManager();
+diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
+index a0e368c7e4..03fee85bf8 100644
+--- a/libs/sensor/Sensor.cpp
++++ b/libs/sensor/Sensor.cpp
+@@ -52,6 +52,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     mMinDelay = hwSensor.minDelay;
+     mFlags = 0;
+     mUuid = uuid;
++    mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS;  //default, other values are explicitly set
+ 
+     // Set fifo event count zero for older devices which do not support batching. Fused
+     // sensors also have their fifo counts set to zero.
+@@ -86,6 +87,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     switch (mType) {
+     case SENSOR_TYPE_ACCELEROMETER:
+         mStringType = SENSOR_STRING_TYPE_ACCELEROMETER;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_AMBIENT_TEMPERATURE:
+@@ -106,10 +108,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_GYROSCOPE:
+         mStringType = SENSOR_STRING_TYPE_GYROSCOPE;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
+         mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_HEART_RATE: {
+@@ -125,6 +129,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_LINEAR_ACCELERATION:
+         mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     case SENSOR_TYPE_MAGNETIC_FIELD:
+@@ -160,6 +165,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_SIGNIFICANT_MOTION:
+         mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
+         if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
+             mFlags |= SENSOR_FLAG_WAKE_UP;
+@@ -167,10 +173,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_STEP_COUNTER:
+         mStringType = SENSOR_STRING_TYPE_STEP_COUNTER;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
+         break;
+     case SENSOR_TYPE_STEP_DETECTOR:
+         mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE;
+         break;
+     case SENSOR_TYPE_TEMPERATURE:
+@@ -236,6 +244,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+         break;
+     case SENSOR_TYPE_MOTION_DETECT:
+         mStringType = SENSOR_STRING_TYPE_MOTION_DETECT;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
+         if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
+             mFlags |= SENSOR_FLAG_WAKE_UP;
+@@ -251,6 +260,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+ 
+     case SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED:
+         mStringType = SENSOR_STRING_TYPE_ACCELEROMETER_UNCALIBRATED;
++        mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
+         mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
+         break;
+     default:
+diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
+index 1c3e943543..142c5a274e 100644
+--- a/services/sensorservice/SensorService.cpp
++++ b/services/sensorservice/SensorService.cpp
+@@ -1545,6 +1545,20 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
+ 
+ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         const String16& opPackageName) {
++
++    // Due to the new SENSOR AppOps, which do not correspond to any permission,
++    // we need to check for the AppOp BEFORE checking any permission
++    const int32_t opCode = sensor.getRequiredAppOp();
++    if (opCode >= 0) {
++        AppOpsManager appOps;
++        if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
++                        != AppOpsManager::MODE_ALLOWED) {
++            ALOGE("%s a sensor (%s) without enabled required app op: %d",
++                    operation, sensor.getName().string(), opCode);
++            return false;
++        }
++    }
++
+     const String8& requiredPermission = sensor.getRequiredPermission();
+ 
+     if (requiredPermission.length() <= 0) {
+@@ -1567,17 +1581,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         return false;
+     }
+ 
+-    const int32_t opCode = sensor.getRequiredAppOp();
+-    if (opCode >= 0) {
+-        AppOpsManager appOps;
+-        if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
+-                        != AppOpsManager::MODE_ALLOWED) {
+-            ALOGE("%s a sensor (%s) without enabled required app op: %d",
+-                    operation, sensor.getName().string(), opCode);
+-            return false;
+-        }
+-    }
+-
+     return true;
+ }
+ 

Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P1.patch

@@ -0,0 +1,203 @@
+From 72b86ddf9fe37cf2fb45266edf53446eb34a86df Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Fri, 15 Mar 2019 22:29:43 +0100
+Subject: [PATCH 1/2] AppOps/PrivacyGuard: New Sensor checks [Settings]
+
+Add two AppOps for sensor access:
+- OP_MOTION_SENSORS (default: ask, strict)
+- OP_OTHER_SENSORS  (default: allow)
+
+Add new Sensor template, relocate BODY_SENSORS into it
+
+Change-Id: I9b51c47e27a330823ecb4472b9a7818718ef4209
+---
+ res/values-de/cm_strings.xml                        |  5 +++++
+ res/values-fr/cm_strings.xml                        |  5 +++++
+ res/values/cm_strings.xml                           |  5 +++++
+ res/values/lineage_arrays.xml                       |  9 +++++++++
+ .../settings/applications/appops/AppOpsState.java   | 13 ++++++++++---
+ 5 files changed, 34 insertions(+), 3 deletions(-)
+
+diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
+index 53dca0e6e7..740ecdb8ee 100644
+--- a/res/values-de/cm_strings.xml
++++ b/res/values-de/cm_strings.xml
+@@ -39,6 +39,7 @@
+     <string name="app_ops_categories_device">Gerät</string>
+     <string name="app_ops_categories_run_in_background">Im Hintergrund ausführen</string>
+     <string name="app_ops_categories_bootup">Systemstart</string>
++    <string name="app_ops_categories_sensors">Sensoren</string>
+     <string name="app_ops_categories_su">Root-Zugriff</string>
+     <string name="app_ops_categories_other">Andere</string>
+     <string name="app_ops_summaries_accept_handover">Anrufeübergabe aus einer anderen App anzunehmen</string>
+@@ -76,8 +77,10 @@
+     <string name="app_ops_summaries_modify_settings">Einstellungen ändern</string>
+     <string name="app_ops_summaries_monitor_high_power_location">Standort mit hohem Stromverbrauch beobachten</string>
+     <string name="app_ops_summaries_monitor_location">Standort beobachten</string>
++    <string name="app_ops_summaries_motion_sensors">Nutzung Bewegungssensoren</string>
+     <string name="app_ops_summaries_mute_unmute_microphone">Mikrofon ein-/ausschalten</string>
+     <string name="app_ops_summaries_neighboring_cells">Benachbarte Netze</string>
++    <string name="app_ops_summaries_other_sensors">Sonstige Sensoren</string>
+     <string name="app_ops_summaries_phone_calls">Anrufe beantworten</string>
+     <string name="app_ops_summaries_picture_in_picture">Bild im Bild verwenden</string>
+     <string name="app_ops_summaries_play_audio">Audio wiedergeben</string>
+@@ -162,8 +165,10 @@
+     <string name="app_ops_labels_modify_settings">Einstellungen ändern</string>
+     <string name="app_ops_labels_monitor_high_power_location">Standort mit hohem Stromverbrauch beobachten</string>
+     <string name="app_ops_labels_monitor_location">Standort beobachten</string>
++    <string name="app_ops_labels_motion_sensors">Bewegungssensoren</string>
+     <string name="app_ops_labels_mute_unmute_microphone">Mikrofon ein-/ausschalten</string>
+     <string name="app_ops_labels_neighboring_cells">Benachbarte Zellen</string>
++    <string name="app_ops_labels_other_sensors">sonstige Sensoren</string>
+     <string name="app_ops_labels_phone_calls">Anrufe beantworten</string>
+     <string name="app_ops_labels_picture_in_picture">Bild im Bild verwenden</string>
+     <string name="app_ops_labels_play_audio">Audio wiedergeben</string>
+diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml
+index 523d87d673..3133e8d4bf 100644
+--- a/res/values-fr/cm_strings.xml
++++ b/res/values-fr/cm_strings.xml
+@@ -39,6 +39,7 @@
+     <string name="app_ops_categories_device">Appareil</string>
+     <string name="app_ops_categories_run_in_background">Exécuter en arrière plan</string>
+     <string name="app_ops_categories_bootup">Démarrage</string>
++    <string name="app_ops_categories_sensors">Capteurs</string>
+     <string name="app_ops_categories_su">Accès root</string>
+     <string name="app_ops_categories_other">Autre</string>
+     <string name="app_ops_summaries_accept_handover">transférer un appel d\'une autre application</string>
+@@ -76,8 +77,10 @@
+     <string name="app_ops_summaries_modify_settings">modifier les paramètres</string>
+     <string name="app_ops_summaries_monitor_high_power_location">surveiller la position (à puissance élevée)</string>
+     <string name="app_ops_summaries_monitor_location">surveiller la position</string>
++    <string name="app_ops_summaries_motion_sensors">utiliser les capteurs de mouvement</string>
+     <string name="app_ops_summaries_mute_unmute_microphone">activer/désactiver le microphone</string>
+     <string name="app_ops_summaries_neighboring_cells">nœuds environnants</string>
++    <string name="app_ops_summaries_other_sensors">utiliser d\'autres capteurs</string>
+     <string name="app_ops_summaries_phone_calls">répondre aux appels téléphoniques</string>
+     <string name="app_ops_summaries_picture_in_picture">utiliser le mode Picture-in-Picture</string>
+     <string name="app_ops_summaries_play_audio">lecture audio</string>
+@@ -162,8 +165,10 @@
+     <string name="app_ops_labels_modify_settings">Modifier les paramètres</string>
+     <string name="app_ops_labels_monitor_high_power_location">Surveiller la position (à puissance élevée)</string>
+     <string name="app_ops_labels_monitor_location">Surveiller la position</string>
++    <string name="app_ops_labels_motion_sensors">Capteur de mouvement</string>
+     <string name="app_ops_labels_mute_unmute_microphone">Activer/désactiver le microphone</string>
+     <string name="app_ops_labels_neighboring_cells">Noeuds environnants</string>
++    <string name="app_ops_labels_other_sensors">autres Capteurs</string>
+     <string name="app_ops_labels_phone_calls">Répondre aux appels téléphoniques</string>
+     <string name="app_ops_labels_picture_in_picture">Utiliser le mode Picture-in-Picture</string>
+     <string name="app_ops_labels_play_audio">Lecture audio</string>
+diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
+index 7d0b80d3c0..83abcf8580 100644
+--- a/res/values/cm_strings.xml
++++ b/res/values/cm_strings.xml
+@@ -50,6 +50,7 @@
+     <string name="app_ops_categories_device">Device</string>
+     <string name="app_ops_categories_run_in_background">Run in background</string>
+     <string name="app_ops_categories_bootup">Bootup</string>
++    <string name="app_ops_categories_sensors">Sensors</string>
+     <string name="app_ops_categories_su">Root access</string>
+     <string name="app_ops_categories_other">Other</string>
+ 
+@@ -89,7 +90,9 @@
+     <string name="app_ops_summaries_modify_settings">modify settings</string>
+     <string name="app_ops_summaries_monitor_high_power_location">monitor high power location</string>
+     <string name="app_ops_summaries_monitor_location">monitor location</string>
++    <string name="app_ops_summaries_motion_sensors">Motion Sensor usage</string>
+     <string name="app_ops_summaries_mute_unmute_microphone">mute/unmute microphone</string>
++    <string name="app_ops_summaries_other_sensors">Other Sensor usage</string>
+     <string name="app_ops_summaries_neighboring_cells">neighboring cells</string>
+     <string name="app_ops_summaries_phone_calls">answer phone calls</string>
+     <string name="app_ops_summaries_picture_in_picture">use picture in picture</string>
+@@ -177,8 +180,10 @@
+     <string name="app_ops_labels_modify_settings">Modify settings</string>
+     <string name="app_ops_labels_monitor_high_power_location">Monitor high power location</string>
+     <string name="app_ops_labels_monitor_location">Monitor location</string>
++    <string name="app_ops_labels_motion_sensors">Motion Sensors</string>
+     <string name="app_ops_labels_mute_unmute_microphone">Mute/unmute microphone</string>
+     <string name="app_ops_labels_neighboring_cells">Neighboring cells</string>
++    <string name="app_ops_labels_other_sensors">Other Sensors</string>
+     <string name="app_ops_labels_phone_calls">Answer phone calls</string>
+     <string name="app_ops_labels_picture_in_picture">Use picture in picture</string>
+     <string name="app_ops_labels_play_audio">Play audio</string>
+diff --git a/res/values/lineage_arrays.xml b/res/values/lineage_arrays.xml
+index 0145438148..40fea7be2d 100644
+--- a/res/values/lineage_arrays.xml
++++ b/res/values/lineage_arrays.xml
+@@ -51,6 +51,7 @@
+         <item>@string/app_ops_categories_run_in_background</item>
+         <item>@string/app_ops_categories_bootup</item>
+         <item>@string/app_ops_categories_su</item>
++        <item>@string/app_ops_categories_sensors</item>
+         <item>@string/app_ops_categories_other</item>
+     </string-array>
+ 
+@@ -222,6 +223,10 @@
+         <item>@string/app_ops_summaries_toggle_mobile_data</item>
+         <!-- OP_SU -->
+         <item>@string/app_ops_summaries_su</item>
++        <!-- OP_MOTION_SENSORS -->
++        <item>@string/app_ops_summaries_motion_sensors</item>
++        <!-- OP_OTHER_SENSORS -->
++        <item>@string/app_ops_summaries_other_sensors</item>
+     </string-array>
+ 
+     <!-- User display names for app ops codes - extension of AOSP -->
+@@ -392,6 +397,10 @@
+         <item>@string/app_ops_labels_toggle_mobile_data</item>
+         <!-- OP_SU -->
+         <item>@string/app_ops_labels_su</item>
++        <!-- OP_MOTION_SENSORS -->
++        <item>@string/app_ops_labels_motion_sensors</item>
++        <!-- OP_OTHER_SENSORS -->
++        <item>@string/app_ops_labels_other_sensors</item>
+     </string-array>
+ 
+     <!-- App ops permissions -->
+diff --git a/src/com/android/settings/applications/appops/AppOpsState.java b/src/com/android/settings/applications/appops/AppOpsState.java
+index eeb1b2d302..8c8d2283ba 100644
+--- a/src/com/android/settings/applications/appops/AppOpsState.java
++++ b/src/com/android/settings/applications/appops/AppOpsState.java
+@@ -236,6 +236,15 @@ public class AppOpsState {
+             new boolean[] { true }
+             );
+ 
++    public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate(
++            new int[] { AppOpsManager.OP_BODY_SENSORS,
++                    AppOpsManager.OP_MOTION_SENSORS,
++                    AppOpsManager.OP_OTHER_SENSORS },
++            new boolean[] { true,
++                    false,
++                    false }
++            );
++
+     public static final OpsTemplate SU_TEMPLATE = new OpsTemplate(
+             new int[] { AppOpsManager.OP_SU },
+             new boolean[] { false }
+@@ -252,7 +261,6 @@ public class AppOpsState {
+                     AppOpsManager.OP_USE_SIP,
+                     AppOpsManager.OP_PROCESS_OUTGOING_CALLS,
+                     AppOpsManager.OP_USE_FINGERPRINT,
+-                    AppOpsManager.OP_BODY_SENSORS,
+                     AppOpsManager.OP_READ_CELL_BROADCASTS,
+                     AppOpsManager.OP_MOCK_LOCATION,
+                     AppOpsManager.OP_READ_EXTERNAL_STORAGE,
+@@ -272,7 +280,6 @@ public class AppOpsState {
+                     true,
+                     true,
+                     true,
+-                    true,
+                     true }
+     );
+ 
+@@ -286,7 +293,7 @@ public class AppOpsState {
+     public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] {
+             LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE,
+             MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE,
+-            BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE
++            BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE
+     };
+ 
+     /**
+-- 
+2.31.1
+

Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P2.patch

@@ -0,0 +1,37 @@
+From e25aed77e6309bfd63a6fde119cf4e2dd22612b3 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Tue, 19 Mar 2019 22:35:38 +0100
+Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor
+ AppOps
+
+Change-Id: Ifc337517818dcc929a406ed455fb76e6533507ab
+---
+ .../android/settings/applications/appops/AppOpsDetails.java  | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/com/android/settings/applications/appops/AppOpsDetails.java b/src/com/android/settings/applications/appops/AppOpsDetails.java
+index 2f210435e8..4f01ceabda 100644
+--- a/src/com/android/settings/applications/appops/AppOpsDetails.java
++++ b/src/com/android/settings/applications/appops/AppOpsDetails.java
+@@ -115,6 +115,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
+         OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location);
+         OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone);
+         OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc);
++        OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_phone_info);
+         OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications);
+         OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard);
+         OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background);
+@@ -213,6 +214,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
+                 if (icon == null && op != -1 && OP_ICONS.containsKey(op)) {
+                     icon = getActivity().getDrawable(OP_ICONS.get(op));
+                 }
++                if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) {
++                    icon = getIconByPermission(AppOpsManager.opToPermission(
++                                   AppOpsManager.OP_USE_FINGERPRINT));
++                }
+                 if (icon == null) {
+                     Log.e(TAG, "Failed to retrieve icon for permission: " + perm);
+                 } else {
+-- 
+2.31.1
+

Patches/LineageOS-17.1/android_frameworks_base/0011-Sensors.patch

@@ -0,0 +1,103 @@
+From cfc06a04979f028a14ab68fb733a7ecfe6bafcae Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sat, 14 Nov 2020 13:04:05 +0100
+Subject: [PATCH] AppOps: Add further Op for accessing Sensors
+
+Change-Id: Id7d84d910b849cc4f781aac2a6c21278e08bdeec
+---
+ core/java/android/app/AppOpsManager.java | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
+index 77875354d732..af535f62c10b 100644
+--- a/core/java/android/app/AppOpsManager.java
++++ b/core/java/android/app/AppOpsManager.java
+@@ -836,10 +836,12 @@ public static String flagsToString(@OpFlags int flags) {
+     public static final int OP_READ_DEVICE_IDENTIFIERS = 89;
+     /** @hide Read location metadata from media */
+     public static final int OP_ACCESS_MEDIA_LOCATION = 90;
++    /** @hide Access other Sensors */
++    public static final int OP_OTHER_SENSORS = 91;
+ 
+     /** @hide */
+     @UnsupportedAppUsage
+-    public static final int _NUM_OP = 91;
++    public static final int _NUM_OP = 92;
+ 
+     /** Access to coarse location information. */
+     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
+@@ -1119,6 +1121,10 @@ public static String flagsToString(@OpFlags int flags) {
+     /** @hide Read device identifiers */
+     public static final String OPSTR_READ_DEVICE_IDENTIFIERS = "android:read_device_identifiers";
+ 
++    /** @hide Other Sensors */
++    public static final String OPSTR_OTHER_SENSORS = "android:other_sensors";
++
++
+     // Warning: If an permission is added here it also has to be added to
+     // com.android.packageinstaller.permission.utils.EventLogger
+     private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = {
+@@ -1281,6 +1287,7 @@ public static String flagsToString(@OpFlags int flags) {
+             OP_ACCESS_ACCESSIBILITY,            // ACCESS_ACCESSIBILITY
+             OP_READ_DEVICE_IDENTIFIERS,         // READ_DEVICE_IDENTIFIERS
+             OP_ACCESS_MEDIA_LOCATION,           // ACCESS_MEDIA_LOCATION
++            OP_OTHER_SENSORS,                   // OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1378,6 +1385,7 @@ public static String flagsToString(@OpFlags int flags) {
+             OPSTR_ACCESS_ACCESSIBILITY,
+             OPSTR_READ_DEVICE_IDENTIFIERS,
+             OPSTR_ACCESS_MEDIA_LOCATION,
++            OPSTR_OTHER_SENSORS,
+     };
+ 
+     /**
+@@ -1476,6 +1484,7 @@ public static String flagsToString(@OpFlags int flags) {
+             "ACCESS_ACCESSIBILITY",
+             "READ_DEVICE_IDENTIFIERS",
+             "ACCESS_MEDIA_LOCATION",
++            "OTHER_SENSORS",
+     };
+ 
+     /**
+@@ -1575,6 +1584,7 @@ public static String flagsToString(@OpFlags int flags) {
+             null, // no permission for OP_ACCESS_ACCESSIBILITY
+             null, // no direct permission for OP_READ_DEVICE_IDENTIFIERS
+             Manifest.permission.ACCESS_MEDIA_LOCATION,
++            null, // no direct permission for OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1674,6 +1684,7 @@ public static String flagsToString(@OpFlags int flags) {
+             null, // ACCESS_ACCESSIBILITY
+             null, // READ_DEVICE_IDENTIFIERS
+             null, // ACCESS_MEDIA_LOCATION
++            null, // OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1772,6 +1783,7 @@ public static String flagsToString(@OpFlags int flags) {
+             false, // ACCESS_ACCESSIBILITY
+             false, // READ_DEVICE_IDENTIFIERS
+             false, // ACCESS_MEDIA_LOCATION
++            false, // OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1869,6 +1881,7 @@ public static String flagsToString(@OpFlags int flags) {
+             AppOpsManager.MODE_ALLOWED, // ACCESS_ACCESSIBILITY
+             AppOpsManager.MODE_ERRORED, // READ_DEVICE_IDENTIFIERS
+             AppOpsManager.MODE_ALLOWED, // ALLOW_MEDIA_LOCATION
++            AppOpsManager.MODE_ALLOWED, // OTHER_SENSORS
+     };
+ 
+     /**
+@@ -1970,6 +1983,7 @@ public static String flagsToString(@OpFlags int flags) {
+             false, // ACCESS_ACCESSIBILITY
+             false, // READ_DEVICE_IDENTIFIERS
+             false, // ACCESS_MEDIA_LOCATION
++            false, // OTHER_SENSORS
+     };
+ 
+     /**

Patches/LineageOS-17.1/android_frameworks_native/0001-Sensors.patch

@@ -0,0 +1,81 @@
+From 8dccd92c719f3cfabb75f2d4cda2743e9f8cd4a8 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sat, 14 Nov 2020 13:21:18 +0100
+Subject: [PATCH] AppOps: New Op for (Other) sensors access
+
+ * Add missing Ops to the enum, as pre-requisite to add new sensor op
+ * Add new sensor op to enum
+ * Invoke OP_OTHER_SENSORS as default
+ * Adapt logic for checking the Ops, if no permission is linked
+
+Change-Id: If4011566a391314afed9a26e1dcf6e4bc838e4f7
+---
+ libs/binder/include/binder/AppOpsManager.h | 13 +++++++++++++
+ libs/sensor/Sensor.cpp                     |  1 +
+ services/sensorservice/SensorService.cpp   |  9 +++++----
+ 3 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
+index 17493b4252..89c0eacb8a 100644
+--- a/libs/binder/include/binder/AppOpsManager.h
++++ b/libs/binder/include/binder/AppOpsManager.h
+@@ -109,6 +109,19 @@ class AppOpsManager
+         OP_START_FOREGROUND = 76,
+         OP_BLUETOOTH_SCAN = 77,
+         OP_USE_BIOMETRIC = 78,
++        OP_ACTIVITY_RECOGNITION = 79,
++        OP_SMS_FINANCIAL_TRANSACTIONS = 80,
++        OP_READ_MEDIA_AUDIO = 81,
++        OP_WRITE_MEDIA_AUDIO = 82,
++        OP_READ_MEDIA_VIDEO = 83,
++        OP_WRITE_MEDIA_VIDEO = 84,
++        OP_READ_MEDIA_IMAGES = 85,
++        OP_WRITE_MEDIA_IMAGES = 86,
++        OP_LEGACY_STORAGE = 87,
++        OP_ACCESS_ACCESSIBILITY = 88,
++        OP_READ_DEVICE_IDENTIFIERS = 89,
++        OP_ACCESS_MEDIA_LOCATION = 90,
++        OP_OTHER_SENSORS = 91,
+     };
+ 
+     AppOpsManager();
+diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
+index abc910302c..8a318543a7 100644
+--- a/libs/sensor/Sensor.cpp
++++ b/libs/sensor/Sensor.cpp
+@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     mMinDelay = hwSensor.minDelay;
+     mFlags = 0;
+     mUuid = uuid;
++    mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS;  //default, other values are explicitly set
+ 
+     // Set fifo event count zero for older devices which do not support batching. Fused
+     // sensors also have their fifo counts set to zero.
+diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
+index 6bb250e7bb..58297122a5 100644
+--- a/services/sensorservice/SensorService.cpp
++++ b/services/sensorservice/SensorService.cpp
+@@ -1643,10 +1643,9 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
+ 
+ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         const String16& opPackageName) {
++
+     // Check if a permission is required for this sensor
+-    if (sensor.getRequiredPermission().length() <= 0) {
+-        return true;
+-    }
++    bool noAssociatedPermission = (sensor.getRequiredPermission().length() <= 0);
+ 
+     const int32_t opCode = sensor.getRequiredAppOp();
+     const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
+@@ -1654,7 +1653,9 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+     bool appOpAllowed = appOpMode == AppOpsManager::MODE_ALLOWED;
+ 
+     bool canAccess = false;
+-    if (hasPermissionForSensor(sensor)) {
++    if (noAssociatedPermission) {
++        canAccess = appOpAllowed;
++    } else if (hasPermissionForSensor(sensor)) {
+         // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
+         if (opCode < 0 || appOpAllowed) {
+             canAccess = true;

Patches/LineageOS-17.1/android_packages_apps_Settings/0002-Sensors.patch

@@ -0,0 +1,262 @@
+From cbaa03f90faaed007e522306be77fa79c5b87859 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sat, 14 Nov 2020 15:17:37 +0100
+Subject: [PATCH] Special Access: Add an option to administer Sensor access
+
+Accesses the added AppOp for OP_OTHER_SENSORS
+
+Change-Id: I79c0ed4ab97494434edc6c308a8a54bd123c02ee
+---
+ res/values-de/strings.xml                     |   3 +
+ res/values-fr/strings.xml                     |   3 +
+ res/values/strings.xml                        |   5 +
+ res/xml/special_access.xml                    |   7 +
+ .../specialaccess/sensor/SensorAccess.java    | 178 ++++++++++++++++++
+ 5 files changed, 196 insertions(+)
+ create mode 100644 src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
+
+diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
+index 0893b5c318..a81d55df07 100644
+--- a/res/values-de/strings.xml
++++ b/res/values-de/strings.xml
+@@ -4671,4 +4671,7 @@
+     <string name="rtt_settings_no_visible" msgid="7440356831140948382"></string>
+     <string name="rtt_settings_visible_during_call" msgid="7866181103286073700"></string>
+     <string name="rtt_settings_always_visible" msgid="2364173070088756238"></string>
++    <string name="sensor_access_summary">Sensorzugriff von Benutzer-Apps kontrollieren</string>
++    <string name="sensor_access_title">Zugriff auf Sensoren</string>
++    <string name="sensor_access_title_empty_text">Keine installierte App hat Sensorzugriff angefordert.</string>
+ </resources>
+diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml
+index a1461ea6a2..c7aa02d04f 100644
+--- a/res/values-fr/strings.xml
++++ b/res/values-fr/strings.xml
+@@ -4670,4 +4670,7 @@
+     <string name="rtt_settings_no_visible" msgid="7440356831140948382"></string>
+     <string name="rtt_settings_visible_during_call" msgid="7866181103286073700"></string>
+     <string name="rtt_settings_always_visible" msgid="2364173070088756238"></string>
++    <string name="sensor_access_summary">Contrôler l\'accès des applications utilisateurs aux capteurs</string>
++    <string name="sensor_access_title">Access aux Capteurs</string>
++    <string name="sensor_access_title_empty_text">Aucune app installée n\'a demandé de l\'accès aux capteurs.</string>
+ </resources>
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index 5b4f19c18b..d8a769645e 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -11426,6 +11426,11 @@
+     <!-- Subtext for showing the option of RTT setting. [CHAR LIMIT=NONE] -->
+     <string name="rtt_settings_always_visible"></string>
+ 
++    <!-- Sensor AppOps -->
++    <string name="sensor_access_summary">Control sensor access for user apps</string>
++    <string name="sensor_access_title">Access to Sensors</string>
++    <string name="sensor_access_title_empty_text">No installed apps have requested sensors access.</string>
++
+     <!-- Bluetooth message permission alert for notification content [CHAR LIMIT=none] -->
+     <string name="bluetooth_message_access_notification_content">A device wants to access your messages. Tap for details.</string>
+     <!-- Bluetooth message permission alert for dialog title [CHAR LIMIT=none] -->
+diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml
+index f846298341..bee9d6e2eb 100644
+--- a/res/xml/special_access.xml
++++ b/res/xml/special_access.xml
+@@ -145,6 +145,13 @@
+             android:value="com.android.settings.Settings$ChangeWifiStateActivity" />
+     </Preference>
+ 
++    <Preference
++        android:key="sensor_access"
++        android:title="@string/sensor_access_title"
++        android:summary="@string/sensor_access_summary"
++        android:fragment="com.android.settings.applications.specialaccess.sensor.SensorAccess">
++    </Preference>
++
+     <Preference
+         android:key="special_access_more"
+         android:title="@string/special_access_more"
+diff --git a/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
+new file mode 100644
+index 0000000000..2c29f3abfd
+--- /dev/null
++++ b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
+@@ -0,0 +1,178 @@
++package com.android.settings.applications.specialaccess.sensor;
++
++import android.annotation.Nullable;
++import android.app.AlertDialog;
++import android.app.Dialog;
++import android.app.DialogFragment;
++import android.app.AppOpsManager;
++import android.content.Context;
++import android.content.DialogInterface;
++import android.content.pm.ApplicationInfo;
++import android.content.pm.PackageInfo;
++import android.content.pm.PackageItemInfo;
++import android.content.pm.PackageManager;
++import android.database.ContentObserver;
++import android.net.Uri;
++import android.os.Bundle;
++import android.os.Handler;
++import android.os.Looper;
++import android.text.TextUtils;
++import android.util.ArraySet;
++import android.util.Log;
++import android.util.TypedValue;
++import android.view.Gravity;
++import android.view.View;
++import android.view.ViewGroup;
++import android.view.ViewGroup.LayoutParams;
++import android.widget.TextView;
++import android.widget.Toast;
++
++import androidx.preference.Preference;
++import androidx.preference.Preference.OnPreferenceChangeListener;
++import androidx.preference.PreferenceScreen;
++import androidx.preference.SwitchPreference;
++
++import com.android.settings.R;
++import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
++import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
++import com.android.settings.SettingsPreferenceFragment;
++
++import java.util.Arrays;
++import java.util.ArrayList;
++import java.util.Collections;
++import java.util.List;
++
++public class SensorAccess extends SettingsPreferenceFragment {
++
++    private final SettingObserver mObserver = new SettingObserver();
++
++    static final String TAG = "SensorAccess";
++
++    private Context mContext;
++    private PackageManager mPackageManager;
++    private AppOpsManager mAppOpsManager;
++    private TextView mEmpty;
++
++    @Override
++    public int getMetricsCategory() {
++        return MetricsEvent.VIEW_UNKNOWN;
++    }
++
++    @Override
++    public void onCreate(Bundle icicle) {
++        super.onCreate(icicle);
++
++        mContext = getActivity();
++        mPackageManager = mContext.getPackageManager();
++        mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
++        setPreferenceScreen(getPreferenceManager().createPreferenceScreen(mContext));
++    }
++
++    @Override
++    public void onViewCreated(View view, @Nullable Bundle savedInstanceState) {
++        super.onViewCreated(view, savedInstanceState);
++        mEmpty = new TextView(getContext());
++        mEmpty.setGravity(Gravity.CENTER);
++        mEmpty.setText(R.string.sensor_access_title_empty_text);
++        TypedValue value = new TypedValue();
++        getContext().getTheme().resolveAttribute(android.R.attr.textAppearanceMedium, value, true);
++        mEmpty.setTextAppearance(value.resourceId);
++        ((ViewGroup) view.findViewById(android.R.id.list_container)).addView(mEmpty,
++                new LayoutParams(LayoutParams.MATCH_PARENT, LayoutParams.MATCH_PARENT));
++        setEmptyView(mEmpty);
++        reloadList();
++    }
++
++    @Override
++    public void onResume() {
++        super.onResume();
++        getActivity().getActionBar().setTitle(R.string.sensor_access_title);
++        reloadList();
++    }
++
++    private void reloadList() {
++        final PreferenceScreen screen = getPreferenceScreen();
++        screen.removeAll();
++
++        final ArrayList<ApplicationInfo> apps = new ArrayList<>();
++        final List<ApplicationInfo> installed = mPackageManager.getInstalledApplications(0);
++        if (installed != null) {
++            for (ApplicationInfo app : installed) {
++                // Skip system apps
++                if (isUserApp(app.packageName)) {
++                    // Only apps effectively having the Op OTHER_SENSORS
++                    if (mAppOpsManager.getOpsForPackage(getPackageUid(app.packageName),
++                            app.packageName, new int[]{AppOpsManager.OP_OTHER_SENSORS}) != null)
++                        apps.add(app);
++                }
++            }
++        }
++        Collections.sort(apps, new PackageItemInfo.DisplayNameComparator(mPackageManager));
++        for (ApplicationInfo app : apps) {
++            final String pkg = app.packageName;
++            final CharSequence label = app.loadLabel(mPackageManager);
++            final SwitchPreference pref = new SwitchPreference(getPrefContext());
++            pref.setPersistent(false);
++            pref.setIcon(app.loadIcon(mPackageManager));
++            pref.setTitle(label);
++            updateState(pref, pkg);
++            pref.setOnPreferenceChangeListener(new OnPreferenceChangeListener() {
++                @Override
++                public boolean onPreferenceChange(Preference preference, Object newValue) {
++                    boolean switchOn = (Boolean) newValue;
++                    mAppOpsManager.setMode(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg,
++                            switchOn ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED);
++                    pref.setChecked(switchOn);
++                    return false;
++                }
++            });
++            screen.addPreference(pref);
++        }
++    }
++
++    public void updateState(SwitchPreference preference, String pkg) {
++        final int mode = mAppOpsManager
++                .checkOpNoThrow(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg);
++        if (mode == AppOpsManager.MODE_ERRORED) {
++            preference.setChecked(false);
++        } else {
++            final boolean checked = mode != AppOpsManager.MODE_IGNORED;
++            preference.setChecked(checked);
++        }
++    }
++
++    private boolean isUserApp(String pkg) {
++        ApplicationInfo appInfo;
++        try {
++            appInfo = mPackageManager.getApplicationInfo(pkg,
++                        PackageManager.GET_DISABLED_COMPONENTS
++                        | PackageManager.GET_UNINSTALLED_PACKAGES);
++        } catch (PackageManager.NameNotFoundException e) {
++                Log.w(TAG, "Unable to find info for package " + pkg);
++                return false;
++        }
++        return ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0);
++    }
++
++    private int getPackageUid(String pkg) {
++        int uid;
++        try {
++            uid = mPackageManager.getPackageUid(pkg, 0);
++        } catch (PackageManager.NameNotFoundException e) {
++            // We shouldn't hit this, ever. What can we even do after this?
++            uid = -1;
++        }
++        return uid;
++    }
++
++    private final class SettingObserver extends ContentObserver {
++        public SettingObserver() {
++            super(new Handler(Looper.getMainLooper()));
++        }
++
++        @Override
++        public void onChange(boolean selfChange, Uri uri) {
++            reloadList();
++        }
++    }
++}
+-- 
+2.31.1
+

Patches/LineageOS-18.1/android_frameworks_base/0010-Sensors.patch

@@ -0,0 +1,104 @@
+From 28d7fc27bb5f69753d3b3a7e2329d692d99c4433 Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sat, 14 Nov 2020 13:04:05 +0100
+Subject: [PATCH] AppOps: Add further Op for accessing Sensors
+
+ (Adapted for R)
+
+Change-Id: Id7d84d910b849cc4f781aac2a6c21278e08bdeec
+---
+ core/java/android/app/AppOpsManager.java | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
+index 6baabb69e028..fb685b57e0a6 100644
+--- a/core/java/android/app/AppOpsManager.java
++++ b/core/java/android/app/AppOpsManager.java
+@@ -1150,9 +1150,12 @@ public static String flagsToString(@OpFlags int flags) {
+     // TODO: Add as AppProtoEnums
+     public static final int OP_RECORD_AUDIO_HOTWORD = 102;
+ 
++    /** @hide  Access to other Sensors **/
++    public static final int OP_OTHER_SENSORS = 103;
++
+     /** @hide */
+     @UnsupportedAppUsage
+-    public static final int _NUM_OP = 103;
++    public static final int _NUM_OP = 104;
+ 
+     /** Access to coarse location information. */
+     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
+@@ -1490,6 +1493,9 @@ public static String flagsToString(@OpFlags int flags) {
+      */
+     public static final String OPSTR_RECORD_AUDIO_HOTWORD = "android:record_audio_hotword";
+ 
++    /** @hide Other Sensors */
++    public static final String OPSTR_OTHER_SENSORS = "android:other_sensors";
++
+     /** {@link #sAppOpsToNote} not initialized yet for this op */
+     private static final byte SHOULD_COLLECT_NOTE_OP_NOT_INITIALIZED = 0;
+     /** Should not collect noting of this app-op in {@link #sAppOpsToNote} */
+@@ -1682,6 +1688,7 @@ public static String flagsToString(@OpFlags int flags) {
+             OP_PHONE_CALL_MICROPHONE,           // OP_PHONE_CALL_MICROPHONE
+             OP_PHONE_CALL_CAMERA,               // OP_PHONE_CALL_CAMERA
+             OP_RECORD_AUDIO_HOTWORD,            // RECORD_AUDIO_HOTWORD
++            OP_OTHER_SENSORS,                   // OTHER SENSORS
+     };
+ 
+     /**
+@@ -1791,6 +1798,7 @@ public static String flagsToString(@OpFlags int flags) {
+             OPSTR_PHONE_CALL_MICROPHONE,
+             OPSTR_PHONE_CALL_CAMERA,
+             OPSTR_RECORD_AUDIO_HOTWORD,
++            OPSTR_OTHER_SENSORS,
+     };
+ 
+     /**
+@@ -1901,6 +1909,7 @@ public static String flagsToString(@OpFlags int flags) {
+             "PHONE_CALL_MICROPHONE",
+             "PHONE_CALL_CAMERA",
+             "RECORD_AUDIO_HOTWORD",
++            "OTHER_SENSORS",
+     };
+ 
+     /**
+@@ -2012,6 +2021,7 @@ public static String flagsToString(@OpFlags int flags) {
+             null, // no permission for OP_PHONE_CALL_MICROPHONE
+             null, // no permission for OP_PHONE_CALL_CAMERA
+             null, // no permission for OP_RECORD_AUDIO_HOTWORD
++            null, // no permission for OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -2123,6 +2133,7 @@ public static String flagsToString(@OpFlags int flags) {
+             null, // PHONE_CALL_MICROPHONE
+             null, // PHONE_CALL_MICROPHONE
+             null, // RECORD_AUDIO_HOTWORD
++            null, // OTHER SENSORS
+     };
+ 
+     /**
+@@ -2233,6 +2244,7 @@ public static String flagsToString(@OpFlags int flags) {
+             null, // PHONE_CALL_MICROPHONE
+             null, // PHONE_CALL_CAMERA
+             null, // RECORD_AUDIO_HOTWORD
++            null, // OTHER SENSORS
+     };
+ 
+     /**
+@@ -2342,6 +2354,7 @@ public static String flagsToString(@OpFlags int flags) {
+             AppOpsManager.MODE_ALLOWED, // PHONE_CALL_MICROPHONE
+             AppOpsManager.MODE_ALLOWED, // PHONE_CALL_CAMERA
+             AppOpsManager.MODE_ALLOWED, // OP_RECORD_AUDIO_HOTWORD
++            AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
+     };
+ 
+     /**
+@@ -2455,6 +2468,7 @@ public static String flagsToString(@OpFlags int flags) {
+             false, // PHONE_CALL_MICROPHONE
+             false, // PHONE_CALL_CAMERA
+             false, // RECORD_AUDIO_HOTWORD
++            false, // OTHER SENSORS
+     };
+ 
+     /**

Patches/LineageOS-18.1/android_frameworks_native/0001-Sensors.patch

@@ -0,0 +1,73 @@
+From fbe7bf4aec5c1f436f3750f2136ebdc580564a3a Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sat, 14 Nov 2020 13:21:18 +0100
+Subject: [PATCH] AppOps: New Op for (Other) sensors access
+
+ * Add new sensor op to enum
+ * Invoke OP_OTHER_SENSORS as default
+ * Adapt logic for checking the Ops, if no permission is linked
+
+cherry-picked from lin17-microG and adapted for R
+
+Change-Id: If4011566a391314afed9a26e1dcf6e4bc838e4f7
+---
+ libs/binder/include/binder/AppOpsManager.h |  3 ++-
+ libs/sensor/Sensor.cpp                     |  1 +
+ services/sensorservice/SensorService.cpp   | 10 ++++++----
+ 3 files changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
+index d93935ae5d..4a8c36f5b2 100644
+--- a/libs/binder/include/binder/AppOpsManager.h
++++ b/libs/binder/include/binder/AppOpsManager.h
+@@ -135,7 +135,8 @@ class AppOpsManager
+         OP_PHONE_CALL_MICROPHONE = 100,
+         OP_PHONE_CALL_CAMERA = 101,
+         OP_RECORD_AUDIO_HOTWORD = 102,
+-        _NUM_OP = 103
++        OP_OTHER_SENSORS = 103,
++        _NUM_OP = 104
+     };
+ 
+     AppOpsManager();
+diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
+index 9d817ae0bd..76d365d5f7 100644
+--- a/libs/sensor/Sensor.cpp
++++ b/libs/sensor/Sensor.cpp
+@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
+     mMinDelay = hwSensor.minDelay;
+     mFlags = 0;
+     mUuid = uuid;
++    mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS;  //default, other values are explicitly set
+ 
+     // Set fifo event count zero for older devices which do not support batching. Fused
+     // sensors also have their fifo counts set to zero.
+diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
+index 3ca34bba1b..8a62b2bb9c 100644
+--- a/services/sensorservice/SensorService.cpp
++++ b/services/sensorservice/SensorService.cpp
+@@ -1798,10 +1798,9 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
+ 
+ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         const String16& opPackageName) {
++
+     // Check if a permission is required for this sensor
+-    if (sensor.getRequiredPermission().length() <= 0) {
+-        return true;
+-    }
++    bool noAssociatedPermission = (sensor.getRequiredPermission().length() <= 0);
+ 
+     const int32_t opCode = sensor.getRequiredAppOp();
+     const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
+@@ -1816,7 +1815,10 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+         // Allow access to step sensors if the application targets pre-Q, which is before the
+         // requirement to hold the AR permission to access Step Counter and Step Detector events
+         // was introduced.
+-        canAccess = true;
++        // [MSe1969: Of course only, if AppOpAllowed]
++        canAccess = appOpAllowed;
++    } else if (noAssociatedPermission) {
++        canAccess = appOpAllowed;
+     } else if (hasPermissionForSensor(sensor)) {
+         // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
+         if (opCode < 0 || appOpAllowed) {

Patches/LineageOS-18.1/android_packages_apps_Settings/0002-Sensors.patch

@@ -0,0 +1,260 @@
+From a0087ffdd73ca128dc9f27118fc9eb4fd43c798b Mon Sep 17 00:00:00 2001
+From: MSe1969 <mse1969@posteo.de>
+Date: Sat, 14 Nov 2020 15:17:37 +0100
+Subject: [PATCH] Special Access: Add an option to administer Sensor access
+
+Accesses the added AppOp for OP_OTHER_SENSORS
+
+Change-Id: I79c0ed4ab97494434edc6c308a8a54bd123c02ee
+---
+ res/values-de/strings.xml                     |   3 +
+ res/values-fr/strings.xml                     |   3 +
+ res/values/strings.xml                        |   5 +
+ res/xml/special_access.xml                    |   7 +
+ .../specialaccess/sensor/SensorAccess.java    | 178 ++++++++++++++++++
+ 5 files changed, 196 insertions(+)
+ create mode 100644 src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
+
+diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
+index b2acb11e61..f5815df4a8 100644
+--- a/res/values-de/strings.xml
++++ b/res/values-de/strings.xml
+@@ -4969,4 +4969,7 @@
+     <string name="bluetooth_phonebook_access_notification_content" msgid="4280361621526852063">"Ein nicht vertrauenswürdiges Gerät fordert Zugriff auf deine Kontakte und deine Anrufliste an. Weitere Informationen."</string>
+     <string name="bluetooth_phonebook_access_dialog_title" msgid="7624607995928968721">"Möchtest du den Zugriff auf Kontakte und Anrufliste zulassen?"</string>
+     <string name="bluetooth_phonebook_access_dialog_content" msgid="4766700015848574532">"Ein nicht vertrauenswürdiges Bluetooth-Gerät (<xliff:g id="DEVICE_NAME_0">%1$s</xliff:g>) möchte auf deine Kontakte und deine Anrufliste zugreifen. Dazu gehören auch Daten über ein- und ausgehende Anrufe.\n\nDu warst bisher noch nicht mit <xliff:g id="DEVICE_NAME_1">%2$s</xliff:g> verbunden."</string>
++    <string name="sensor_access_summary">Sensorzugriff von Benutzer-Apps kontrollieren</string>
++    <string name="sensor_access_title">Zugriff auf Sensoren</string>
++    <string name="sensor_access_title_empty_text">Keine installierte App hat Sensorzugriff angefordert.</string>
+ </resources>
+diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml
+index 42545707e6..d65e050664 100644
+--- a/res/values-fr/strings.xml
++++ b/res/values-fr/strings.xml
+@@ -4968,4 +4968,7 @@
+     <string name="bluetooth_phonebook_access_notification_content" msgid="4280361621526852063">"Un appareil non vérifié souhaite accéder à vos contacts et à votre journal d\'appels. Appuyez ici pour plus de détails."</string>
+     <string name="bluetooth_phonebook_access_dialog_title" msgid="7624607995928968721">"Autoriser l\'accès aux contacts et au journal d\'appels ?"</string>
+     <string name="bluetooth_phonebook_access_dialog_content" msgid="4766700015848574532">"Un appareil Bluetooth non vérifié, <xliff:g id="DEVICE_NAME_0">%1$s</xliff:g>, souhaite accéder à vos contacts et à votre journal d\'appels. Ceci inclut des données concernant les appels entrants et sortants.\n\nVous ne vous êtes jamais connecté à <xliff:g id="DEVICE_NAME_1">%2$s</xliff:g> auparavant."</string>
++    <string name="sensor_access_summary">Contrôler l\'accès des applications utilisateurs aux capteurs</string>
++    <string name="sensor_access_title">Access aux Capteurs</string>
++    <string name="sensor_access_title_empty_text">Aucune app installée n\'a demandé de l\'accès aux capteurs.</string>
+ </resources>
+diff --git a/res/values/strings.xml b/res/values/strings.xml
+index adf837a034..e4e0c9d129 100644
+--- a/res/values/strings.xml
++++ b/res/values/strings.xml
+@@ -12227,4 +12227,9 @@
+     <string name="bluetooth_connect_access_dialog_negative">Don\u2019t connect</string>
+     <!-- Strings for Dialog connect button -->
+     <string name="bluetooth_connect_access_dialog_positive">Connect</string>
++
++    <!-- Sensor AppOps -->
++    <string name="sensor_access_summary">Control sensor access for user apps</string>
++    <string name="sensor_access_title">Access to Sensors</string>
++    <string name="sensor_access_title_empty_text">No installed apps have requested sensors access.</string>
+ </resources>
+diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml
+index 6ee87f4664..f65ee68f7e 100644
+--- a/res/xml/special_access.xml
++++ b/res/xml/special_access.xml
+@@ -154,6 +154,13 @@
+             android:value="com.android.settings.Settings$ChangeWifiStateActivity" />
+     </Preference>
+ 
++    <Preference
++        android:key="sensor_access"
++        android:title="@string/sensor_access_title"
++        android:summary="@string/sensor_access_summary"
++        android:fragment="com.android.settings.applications.specialaccess.sensor.SensorAccess">
++    </Preference>
++
+     <Preference
+         android:key="special_access_more"
+         android:title="@string/special_access_more"
+diff --git a/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
+new file mode 100644
+index 0000000000..2c29f3abfd
+--- /dev/null
++++ b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
+@@ -0,0 +1,178 @@
++package com.android.settings.applications.specialaccess.sensor;
++
++import android.annotation.Nullable;
++import android.app.AlertDialog;
++import android.app.Dialog;
++import android.app.DialogFragment;
++import android.app.AppOpsManager;
++import android.content.Context;
++import android.content.DialogInterface;
++import android.content.pm.ApplicationInfo;
++import android.content.pm.PackageInfo;
++import android.content.pm.PackageItemInfo;
++import android.content.pm.PackageManager;
++import android.database.ContentObserver;
++import android.net.Uri;
++import android.os.Bundle;
++import android.os.Handler;
++import android.os.Looper;
++import android.text.TextUtils;
++import android.util.ArraySet;
++import android.util.Log;
++import android.util.TypedValue;
++import android.view.Gravity;
++import android.view.View;
++import android.view.ViewGroup;
++import android.view.ViewGroup.LayoutParams;
++import android.widget.TextView;
++import android.widget.Toast;
++
++import androidx.preference.Preference;
++import androidx.preference.Preference.OnPreferenceChangeListener;
++import androidx.preference.PreferenceScreen;
++import androidx.preference.SwitchPreference;
++
++import com.android.settings.R;
++import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
++import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
++import com.android.settings.SettingsPreferenceFragment;
++
++import java.util.Arrays;
++import java.util.ArrayList;
++import java.util.Collections;
++import java.util.List;
++
++public class SensorAccess extends SettingsPreferenceFragment {
++
++    private final SettingObserver mObserver = new SettingObserver();
++
++    static final String TAG = "SensorAccess";
++
++    private Context mContext;
++    private PackageManager mPackageManager;
++    private AppOpsManager mAppOpsManager;
++    private TextView mEmpty;
++
++    @Override
++    public int getMetricsCategory() {
++        return MetricsEvent.VIEW_UNKNOWN;
++    }
++
++    @Override
++    public void onCreate(Bundle icicle) {
++        super.onCreate(icicle);
++
++        mContext = getActivity();
++        mPackageManager = mContext.getPackageManager();
++        mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
++        setPreferenceScreen(getPreferenceManager().createPreferenceScreen(mContext));
++    }
++
++    @Override
++    public void onViewCreated(View view, @Nullable Bundle savedInstanceState) {
++        super.onViewCreated(view, savedInstanceState);
++        mEmpty = new TextView(getContext());
++        mEmpty.setGravity(Gravity.CENTER);
++        mEmpty.setText(R.string.sensor_access_title_empty_text);
++        TypedValue value = new TypedValue();
++        getContext().getTheme().resolveAttribute(android.R.attr.textAppearanceMedium, value, true);
++        mEmpty.setTextAppearance(value.resourceId);
++        ((ViewGroup) view.findViewById(android.R.id.list_container)).addView(mEmpty,
++                new LayoutParams(LayoutParams.MATCH_PARENT, LayoutParams.MATCH_PARENT));
++        setEmptyView(mEmpty);
++        reloadList();
++    }
++
++    @Override
++    public void onResume() {
++        super.onResume();
++        getActivity().getActionBar().setTitle(R.string.sensor_access_title);
++        reloadList();
++    }
++
++    private void reloadList() {
++        final PreferenceScreen screen = getPreferenceScreen();
++        screen.removeAll();
++
++        final ArrayList<ApplicationInfo> apps = new ArrayList<>();
++        final List<ApplicationInfo> installed = mPackageManager.getInstalledApplications(0);
++        if (installed != null) {
++            for (ApplicationInfo app : installed) {
++                // Skip system apps
++                if (isUserApp(app.packageName)) {
++                    // Only apps effectively having the Op OTHER_SENSORS
++                    if (mAppOpsManager.getOpsForPackage(getPackageUid(app.packageName),
++                            app.packageName, new int[]{AppOpsManager.OP_OTHER_SENSORS}) != null)
++                        apps.add(app);
++                }
++            }
++        }
++        Collections.sort(apps, new PackageItemInfo.DisplayNameComparator(mPackageManager));
++        for (ApplicationInfo app : apps) {
++            final String pkg = app.packageName;
++            final CharSequence label = app.loadLabel(mPackageManager);
++            final SwitchPreference pref = new SwitchPreference(getPrefContext());
++            pref.setPersistent(false);
++            pref.setIcon(app.loadIcon(mPackageManager));
++            pref.setTitle(label);
++            updateState(pref, pkg);
++            pref.setOnPreferenceChangeListener(new OnPreferenceChangeListener() {
++                @Override
++                public boolean onPreferenceChange(Preference preference, Object newValue) {
++                    boolean switchOn = (Boolean) newValue;
++                    mAppOpsManager.setMode(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg,
++                            switchOn ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED);
++                    pref.setChecked(switchOn);
++                    return false;
++                }
++            });
++            screen.addPreference(pref);
++        }
++    }
++
++    public void updateState(SwitchPreference preference, String pkg) {
++        final int mode = mAppOpsManager
++                .checkOpNoThrow(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg);
++        if (mode == AppOpsManager.MODE_ERRORED) {
++            preference.setChecked(false);
++        } else {
++            final boolean checked = mode != AppOpsManager.MODE_IGNORED;
++            preference.setChecked(checked);
++        }
++    }
++
++    private boolean isUserApp(String pkg) {
++        ApplicationInfo appInfo;
++        try {
++            appInfo = mPackageManager.getApplicationInfo(pkg,
++                        PackageManager.GET_DISABLED_COMPONENTS
++                        | PackageManager.GET_UNINSTALLED_PACKAGES);
++        } catch (PackageManager.NameNotFoundException e) {
++                Log.w(TAG, "Unable to find info for package " + pkg);
++                return false;
++        }
++        return ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0);
++    }
++
++    private int getPackageUid(String pkg) {
++        int uid;
++        try {
++            uid = mPackageManager.getPackageUid(pkg, 0);
++        } catch (PackageManager.NameNotFoundException e) {
++            // We shouldn't hit this, ever. What can we even do after this?
++            uid = -1;
++        }
++        return uid;
++    }
++
++    private final class SettingObserver extends ContentObserver {
++        public SettingObserver() {
++            super(new Handler(Looper.getMainLooper()));
++        }
++
++        @Override
++        public void onChange(boolean selfChange, Uri uri) {
++            reloadList();
++        }
++    }
++}
+-- 
+2.31.1
+

Scripts/LineageOS-14.1/Patch.sh

@@ -106,10 +106,17 @@ changeDefaultDNS; #Change the default DNS servers
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
 patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P2.patch";
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P3.patch";
 rm -rf packages/Osu; #Automatic Wi-Fi connection non-sense
 rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
 fi;
 
+if enterAndClear "frameworks/native"; then
+patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
+fi;
+
 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
 if enterAndClear "frameworks/opt/net/ims"; then
 patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
@@ -208,6 +215,8 @@ if enterAndClear "packages/apps/Settings"; then
 git revert --no-edit 2ebe6058c546194a301c1fd22963d6be4adbf961; #Don't hide OEM unlock
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/201113.patch"; #wifi: Add world regulatory domain country code
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch";
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
 sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options

Scripts/LineageOS-15.1/Functions.sh

@@ -85,8 +85,7 @@ patchWorkspace() {
 	umask 0022;
 	if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
 
-	source build/envsetup.sh;
-	repopick -it O_asb_2021-09;
+	#source build/envsetup.sh;
 
 	source "$DOS_SCRIPTS/Patch.sh";
 	source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";

Scripts/LineageOS-15.1/Patch.sh

@@ -109,11 +109,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch";
 patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
 patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
 patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Sensors.patch"; #Permission for sensors access (MSe1969)
 if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
 rm -rf packages/Osu packages/Osu2; #Automatic Wi-Fi connection non-sense
 rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
 fi;
 
+if enterAndClear "frameworks/native"; then
+patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
+fi;
+
 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
 if enterAndClear "frameworks/opt/net/ims"; then
 patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
@@ -184,6 +189,8 @@ if enterAndClear "packages/apps/Settings"; then
 git revert --no-edit a96df110e84123fe1273bff54feca3b4ca484dcd; #Don't hide OEM unlock
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0004-PDB_Fixes.patch"; #Fix crashes when the PersistentDataBlockManager service isn't available XXX: This might be broken!
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P2.patch";
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
 sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options

Scripts/LineageOS-16.0/Patch.sh

@@ -118,11 +118,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re
 if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS)
 patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
 patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; #Permission for sensors access (MSe1969)
 sed -i '301i\        if(packageList != null && packageList.length() > 0) { packageList += ","; } packageList += "net.sourceforge.opencamera";' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist
 if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
 rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
 fi;
 
+if enterAndClear "frameworks/native"; then
+patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
+fi;
+
 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
 if enterAndClear "frameworks/opt/net/ims"; then
 patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
@@ -196,6 +201,8 @@ if enterAndClear "packages/apps/Settings"; then
 git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch";
 sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
 fi;

Scripts/LineageOS-17.1/Patch.sh

@@ -114,12 +114,17 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re
 if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS)
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; #Permission for sensors access (MSe1969)
 if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
 #sed -i '295i\        if(packageList != null && packageList.size() > 0) { packageList.add("net.sourceforge.opencamera"); }' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist XXX: needs testing, broke boot last time
 rm -rf packages/OsuLogin; #Automatic Wi-Fi connection non-sense
 rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
 fi;
 
+if enterAndClear "frameworks/native"; then
+patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
+fi;
+
 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
 if enterAndClear "frameworks/opt/net/ims"; then
 patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
@@ -194,6 +199,7 @@ fi;
 if enterAndClear "packages/apps/Settings"; then
 git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors.patch"; #Permission for sensors access (MSe1969)
 sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
 sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options

Scripts/LineageOS-18.1/Patch.sh

@@ -96,11 +96,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
 patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
+patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Sensors.patch"; #Permission for sensors access (MSe1969)
 #sed -i '301i\        if(packageList != null && packageList.size() > 0) { packageList.add("net.sourceforge.opencamera"); }' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist XXX: needs testing, broke boot last time
 if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
 rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
 fi;
 
+if enterAndClear "frameworks/native"; then
+patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
+fi;
+
 if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
 if enterAndClear "frameworks/opt/net/ims"; then
 patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
@@ -181,6 +186,7 @@ fi;
 
 if enterAndClear "packages/apps/Settings"; then
 patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
+patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors.patch"; #Permission for sensors access (MSe1969)
 sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
 if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
 fi;