From 84c7d230ab453826560b97b479f3c31193ebc8b0 Mon Sep 17 00:00:00 2001 From: Tad Date: Fri, 24 Sep 2021 22:49:45 -0400 Subject: [PATCH] Permission for sensors access patches from @MSe1969 Signed-off-by: Tad --- .../0009-Sensors-P1.patch | 197 +++++++++++++ .../0009-Sensors-P2.patch | 49 ++++ .../0009-Sensors-P3.patch | 35 +++ .../0001-Sensors.patch | 139 ++++++++++ .../0002-Sensors-P1.patch | 175 ++++++++++++ .../0002-Sensors-P2.patch | 37 +++ .../0007-Sensors.patch | 237 ++++++++++++++++ .../0001-Sensors.patch | 155 +++++++++++ .../0005-Sensors-P1.patch | 188 +++++++++++++ .../0005-Sensors-P2.patch | 37 +++ .../0011-Sensors.patch | 248 +++++++++++++++++ .../0001-Sensors.patch | 156 +++++++++++ .../0002-Sensors-P1.patch | 203 ++++++++++++++ .../0002-Sensors-P2.patch | 37 +++ .../0011-Sensors.patch | 103 +++++++ .../0001-Sensors.patch | 81 ++++++ .../0002-Sensors.patch | 262 ++++++++++++++++++ .../0010-Sensors.patch | 104 +++++++ .../0001-Sensors.patch | 73 +++++ .../0002-Sensors.patch | 260 +++++++++++++++++ Scripts/LineageOS-14.1/Patch.sh | 9 + Scripts/LineageOS-15.1/Functions.sh | 3 +- Scripts/LineageOS-15.1/Patch.sh | 7 + Scripts/LineageOS-16.0/Patch.sh | 7 + Scripts/LineageOS-17.1/Patch.sh | 6 + Scripts/LineageOS-18.1/Patch.sh | 6 + 26 files changed, 2812 insertions(+), 2 deletions(-) create mode 100644 Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P1.patch create mode 100644 Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P2.patch create mode 100644 Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P3.patch create mode 100644 Patches/LineageOS-14.1/android_frameworks_native/0001-Sensors.patch create mode 100644 Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P1.patch create mode 100644 Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P2.patch create mode 100644 Patches/LineageOS-15.1/android_frameworks_base/0007-Sensors.patch create mode 100644 Patches/LineageOS-15.1/android_frameworks_native/0001-Sensors.patch create mode 100644 Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P1.patch create mode 100644 Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P2.patch create mode 100644 Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch create mode 100644 Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch create mode 100644 Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P1.patch create mode 100644 Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P2.patch create mode 100644 Patches/LineageOS-17.1/android_frameworks_base/0011-Sensors.patch create mode 100644 Patches/LineageOS-17.1/android_frameworks_native/0001-Sensors.patch create mode 100644 Patches/LineageOS-17.1/android_packages_apps_Settings/0002-Sensors.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_base/0010-Sensors.patch create mode 100644 Patches/LineageOS-18.1/android_frameworks_native/0001-Sensors.patch create mode 100644 Patches/LineageOS-18.1/android_packages_apps_Settings/0002-Sensors.patch diff --git a/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P1.patch b/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P1.patch new file mode 100644 index 00000000..4e984da4 --- /dev/null +++ b/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P1.patch @@ -0,0 +1,197 @@ +From 5ccfecfc925ec64d2f49c634701b1f9c1804dbcb Mon Sep 17 00:00:00 2001 +From: MSe +Date: Mon, 26 Feb 2018 17:53:23 +0100 +Subject: [PATCH 1/3] - AppOps/PrivacyGuard: New Sensor checks [base] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: allow, strict) +- OP_OTHER_SENSORS (default: allow) + +Change-Id: I05ad545285eac84c0cd98868b6e330b7bcdab4cc +--- + core/java/android/app/AppOpsManager.java | 34 +++++++++++++++++++++--- + core/res/res/values-de/cm_strings.xml | 2 ++ + core/res/res/values-fr/cm_strings.xml | 2 ++ + core/res/res/values/cm_arrays.xml | 4 +++ + core/res/res/values/cm_strings.xml | 2 ++ + 5 files changed, 41 insertions(+), 3 deletions(-) + +diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java +index e13947335d2a..a9a00a60f0e5 100644 +--- a/core/java/android/app/AppOpsManager.java ++++ b/core/java/android/app/AppOpsManager.java +@@ -267,7 +267,11 @@ public class AppOpsManager { + /** @hide */ + public static final int OP_SU = 69; + /** @hide */ +- public static final int _NUM_OP = 70; ++ public static final int OP_MOTION_SENSORS = 70; ++ /** @hide */ ++ public static final int OP_OTHER_SENSORS = 71; ++ /** @hide */ ++ public static final int _NUM_OP = 72; + + /** Access to coarse location information. */ + public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; +@@ -378,6 +382,10 @@ public class AppOpsManager { + "android:data_connect_change"; + private static final String OPSTR_SU = + "android:su"; ++ private static final String OPSTR_MOTION_SENSORS = ++ "android:motion_sensors"; ++ private static final String OPSTR_OTHER_SENSORS = ++ "android:other_sensors"; + + private static final int[] RUNTIME_PERMISSIONS_OPS = { + // Contacts +@@ -494,7 +502,9 @@ public class AppOpsManager { + OP_BOOT_COMPLETED, + OP_NFC_CHANGE, + OP_DATA_CONNECT_CHANGE, +- OP_SU ++ OP_SU, ++ OP_MOTION_SENSORS, ++ OP_OTHER_SENSORS + }; + + /** +@@ -572,6 +582,8 @@ public class AppOpsManager { + OPSTR_NFC_CHANGE, + OPSTR_DATA_CONNECT_CHANGE, + OPSTR_SU, ++ OPSTR_MOTION_SENSORS, ++ OPSTR_OTHER_SENSORS, + }; + + /** +@@ -649,6 +661,8 @@ public class AppOpsManager { + "NFC_CHANGE", + "DATA_CONNECT_CHANGE", + "SU", ++ "MOTION_SENSORS", ++ "OTHER_SENSORS", + }; + + /** +@@ -726,6 +740,8 @@ public class AppOpsManager { + Manifest.permission.NFC, + Manifest.permission.MODIFY_PHONE_STATE, + null, ++ null, ++ null, + }; + + /** +@@ -804,6 +820,8 @@ public class AppOpsManager { + null, //NFC_CHANGE + null, //DATA_CONNECT_CHANGE + UserManager.DISALLOW_SU, //SU TODO: this should really be investigated. ++ null, //MOTION_SENSORS ++ null, //OTHER_SENSORS + }; + + /** +@@ -881,6 +899,8 @@ public class AppOpsManager { + true, // NFC_CHANGE + true, //DATA_CONNECT_CHANGE + false, //SU ++ false, //MOTION_SENSORS ++ false, //OTHER_SENSORS + }; + + /** +@@ -956,7 +976,9 @@ public class AppOpsManager { + AppOpsManager.MODE_ALLOWED, // OP_BOOT_COMPLETED + AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE + AppOpsManager.MODE_ALLOWED, +- AppOpsManager.MODE_ASK, // OP_SU ++ AppOpsManager.MODE_ASK, // OP_SU ++ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS ++ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + + /** +@@ -1034,6 +1056,8 @@ public class AppOpsManager { + AppOpsManager.MODE_ASK, // OP_NFC_CHANGE + AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE + AppOpsManager.MODE_ASK, // OP_SU ++ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS ++ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + + /** +@@ -1110,6 +1134,8 @@ public class AppOpsManager { + true, // OP_NFC_CHANGE + true, // OP_DATA_CONNECT_CHANGE + true, // OP_SU ++ true, // OP_MOTION_SENSORS ++ false, // OP_OTHER_SENSORS + }; + + /** +@@ -1190,6 +1216,8 @@ public class AppOpsManager { + false, // OP_NFC_CHANGE + false, // OP_DATA_CONNECT_CHANGE + false, // OP_SU ++ false, // OP_MOTION_SENSORS ++ false, // OP_OTHER_SENSORS + }; + + /** +diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml +index ad742ee840b6..432ed9bf1882 100644 +--- a/core/res/res/values-de/cm_strings.xml ++++ b/core/res/res/values-de/cm_strings.xml +@@ -108,6 +108,8 @@ + im Hintergrund ausgeführt zu werden + WLAN-Status zu ändern + Root-Zugriff zu erhalten ++ Bewegungssensoren zu nutzen ++ sonstige Sensoren zu nutzen + Start der Aktivität blockiert + %1$s ist vom Starten abgehalten worden. Tippen Sie, um sich zu authentifizieren und die App zu starten. + Zum Lösen dieser Ansicht drücken und halten Sie die Zurück-Taste. +diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml +index 27abe58ec15a..aa16f8998b1b 100644 +--- a/core/res/res/values-fr/cm_strings.xml ++++ b/core/res/res/values-fr/cm_strings.xml +@@ -108,6 +108,8 @@ + exécuter en arrière-plan + changer l\'état du Wi-Fi + obtenir l\'accès root ++ utiliser les capteurs de mouvement ++ utiliser d\'autres capteurs + Lancement d\'activité bloqué + %1$s est protégé contre tout lancement. Toucher pour s\'authentifier et lancer l\'application. + Pour déverrouiller l\'écran, appuyez et maintenez le bouton Retour. +diff --git a/core/res/res/values/cm_arrays.xml b/core/res/res/values/cm_arrays.xml +index 8e34a4dafd05..1d054baaced4 100644 +--- a/core/res/res/values/cm_arrays.xml ++++ b/core/res/res/values/cm_arrays.xml +@@ -182,6 +182,10 @@ + @string/app_ops_toggle_mobile_data + + @string/app_ops_su ++ ++ @string/app_ops_motion_sensors ++ ++ @string/app_ops_other_sensors + + + + Activity launch blocked +-- +2.31.1 + diff --git a/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P2.patch b/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P2.patch new file mode 100644 index 00000000..2a1d4ec0 --- /dev/null +++ b/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P2.patch @@ -0,0 +1,49 @@ +From 7fcc6be5ca1672ca0b48fa6d55224b34d0d0ebea Mon Sep 17 00:00:00 2001 +From: MSe +Date: Wed, 25 Apr 2018 23:07:47 +0200 +Subject: [PATCH 2/3] AppOpsService: Default mode 'allowed' for systemUID and + platform signed + +To avoid severe issues when setting selected Ops to 'ASK', the default +mode for systemui, apps with uid 1000 (system) and apps signed with the +platform key will always get the 'allowed' mode as default. + +Change-Id: I71d9618d5b900241b99c060d43bc4270da05305b +--- + .../com/android/server/AppOpsService.java | 20 +++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java +index a9e350570508..de31ba177ca2 100644 +--- a/services/core/java/com/android/server/AppOpsService.java ++++ b/services/core/java/com/android/server/AppOpsService.java +@@ -2576,6 +2576,26 @@ public class AppOpsService extends IAppOpsService.Stub { + } + + private int getDefaultMode(int code, int uid, String packageName) { ++ // To allow setting 'MODE_ASK' for own Ops, some precautions to ++ // avoid privileged apps to trigger the toggle are needed: ++ ++ // 1st check: Skip uid 1000 and systemui ++ if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) { ++ return AppOpsManager.MODE_ALLOWED; ++ } ++ // 2nd check: Skip apps signed with platform key, except for the 'root' Op ++ if (code != AppOpsManager.OP_SU) { ++ try { ++ int match = AppGlobals.getPackageManager().checkSignatures("android", packageName); ++ if (match >= PackageManager.SIGNATURE_MATCH) { ++ return AppOpsManager.MODE_ALLOWED; ++ } ++ } catch (RemoteException re) { ++ Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re); ++ } ++ } ++ // end ++ + int mode = AppOpsManager.opToDefaultMode(code, + isStrict(code, uid, packageName)); + if (AppOpsManager.isStrictOp(code) && mPolicy != null) { +-- +2.31.1 + diff --git a/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P3.patch b/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P3.patch new file mode 100644 index 00000000..7601495b --- /dev/null +++ b/Patches/LineageOS-14.1/android_frameworks_base/0009-Sensors-P3.patch @@ -0,0 +1,35 @@ +From 302c2986458e43cb666aa502e7767be389b2682f Mon Sep 17 00:00:00 2001 +From: MSe +Date: Wed, 25 Apr 2018 23:12:20 +0200 +Subject: [PATCH 3/3] AppOps: Default MODE_ASK for OP_MOTION_SENSORS + +Change-Id: I4e8380c21b5c8a9e90c99d52e35d825ef0db6d98 +--- + core/java/android/app/AppOpsManager.java | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java +index a9a00a60f0e5..84b196a2375b 100644 +--- a/core/java/android/app/AppOpsManager.java ++++ b/core/java/android/app/AppOpsManager.java +@@ -977,7 +977,7 @@ public class AppOpsManager { + AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE + AppOpsManager.MODE_ALLOWED, + AppOpsManager.MODE_ASK, // OP_SU +- AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS ++ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS + AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + +@@ -1056,7 +1056,7 @@ public class AppOpsManager { + AppOpsManager.MODE_ASK, // OP_NFC_CHANGE + AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE + AppOpsManager.MODE_ASK, // OP_SU +- AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS ++ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS + AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + +-- +2.31.1 + diff --git a/Patches/LineageOS-14.1/android_frameworks_native/0001-Sensors.patch b/Patches/LineageOS-14.1/android_frameworks_native/0001-Sensors.patch new file mode 100644 index 00000000..7377349b --- /dev/null +++ b/Patches/LineageOS-14.1/android_frameworks_native/0001-Sensors.patch @@ -0,0 +1,139 @@ +From def2d20e4361c1bd048353d91fe2fd6e38ff6a04 Mon Sep 17 00:00:00 2001 +From: MSe +Date: Mon, 26 Feb 2018 17:58:17 +0100 +Subject: [PATCH] [PATCH 2/3] - AppOps/PrivacyGuard: New Sensor checks [native] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: allow, strict) +- OP_OTHER_SENSORS (default: allow) + +This change updated the AppOPs binder for the newly defined Ops, +implements the logic for the sensors and adapts the logic for +checking the Ops, if an Op is not linked to a permission. + +Change-Id: I17bd646c81346f43d1ffdd2dd85dd7c934cd3bd7 +--- + include/binder/AppOpsManager.h | 4 +++- + libs/gui/Sensor.cpp | 8 ++++++++ + services/sensorservice/SensorService.cpp | 25 +++++++++++++----------- + 3 files changed, 25 insertions(+), 12 deletions(-) + +diff --git a/include/binder/AppOpsManager.h b/include/binder/AppOpsManager.h +index e2a6e702f4..62daa8f066 100644 +--- a/include/binder/AppOpsManager.h ++++ b/include/binder/AppOpsManager.h +@@ -104,7 +104,9 @@ class AppOpsManager + OP_BOOT_COMPLETED = 66, + OP_NFC_CHANGE = 67, + OP_DATA_CONNECT_CHANGE = 68, +- OP_SU = 69 ++ OP_SU = 69, ++ OP_MOTION_SENSORS = 70, ++ OP_OTHER_SENSORS = 71 + }; + + AppOpsManager(); +diff --git a/libs/gui/Sensor.cpp b/libs/gui/Sensor.cpp +index 4697d2f34b..575d6ca250 100644 +--- a/libs/gui/Sensor.cpp ++++ b/libs/gui/Sensor.cpp +@@ -58,6 +58,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + mMinDelay = hwSensor.minDelay; + mFlags = 0; + mUuid = uuid; ++ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set + + // Set fifo event count zero for older devices which do not support batching. Fused + // sensors also have their fifo counts set to zero. +@@ -92,6 +93,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + switch (mType) { + case SENSOR_TYPE_ACCELEROMETER: + mStringType = SENSOR_STRING_TYPE_ACCELEROMETER; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_AMBIENT_TEMPERATURE: +@@ -112,10 +114,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_GYROSCOPE: + mStringType = SENSOR_STRING_TYPE_GYROSCOPE; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED: + mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_HEART_RATE: { +@@ -133,6 +137,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_LINEAR_ACCELERATION: + mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_MAGNETIC_FIELD: +@@ -169,16 +174,19 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + case SENSOR_TYPE_SIGNIFICANT_MOTION: + mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION; + mFlags |= SENSOR_FLAG_ONE_SHOT_MODE; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) { + mFlags |= SENSOR_FLAG_WAKE_UP; + } + break; + case SENSOR_TYPE_STEP_COUNTER: + mStringType = SENSOR_STRING_TYPE_STEP_COUNTER; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_ON_CHANGE_MODE; + break; + case SENSOR_TYPE_STEP_DETECTOR: + mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE; + break; + case SENSOR_TYPE_TEMPERATURE: +diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp +index d8e08775a4..fe47eb37e1 100644 +--- a/services/sensorservice/SensorService.cpp ++++ b/services/sensorservice/SensorService.cpp +@@ -1254,6 +1254,20 @@ status_t SensorService::flushSensor(const sp& connection, + + bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + const String16& opPackageName) { ++ ++ // Due to the new SENSOR AppOps, which do not correspond to any permission, ++ // we need to check for the AppOp BEFORE checking any permission ++ const int32_t opCode = sensor.getRequiredAppOp(); ++ if (opCode >= 0) { ++ AppOpsManager appOps; ++ if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName) ++ != AppOpsManager::MODE_ALLOWED) { ++ ALOGE("%s a sensor (%s) without enabled required app op: %d", ++ operation, sensor.getName().string(), opCode); ++ return false; ++ } ++ } ++ + const String8& requiredPermission = sensor.getRequiredPermission(); + + if (requiredPermission.length() <= 0) { +@@ -1276,17 +1290,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + return false; + } + +- const int32_t opCode = sensor.getRequiredAppOp(); +- if (opCode >= 0) { +- AppOpsManager appOps; +- if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName) +- != AppOpsManager::MODE_ALLOWED) { +- ALOGE("%s a sensor (%s) without enabled required app op: %d", +- operation, sensor.getName().string(), opCode); +- return false; +- } +- } +- + return true; + } + diff --git a/Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P1.patch b/Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P1.patch new file mode 100644 index 00000000..76200321 --- /dev/null +++ b/Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P1.patch @@ -0,0 +1,175 @@ +From 2180a97b8aafc377c52cff014e44ea173f30db87 Mon Sep 17 00:00:00 2001 +From: MSe +Date: Mon, 26 Feb 2018 18:01:44 +0100 +Subject: [PATCH 1/2] - AppOps/PrivacyGuard: New Sensor checks [Settings] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: allow, strict) +- OP_OTHER_SENSORS (default: allow) + +Add new Sensor template + +Change-Id: Ibef721505784dbc0f23974468a768f89c9e15c46 +--- + res/values-de/cm_strings.xml | 5 +++++ + res/values-fr/cm_strings.xml | 5 +++++ + res/values/cm_arrays.xml | 5 +++++ + res/values/cm_strings.xml | 6 ++++++ + .../android/settings/applications/AppOpsState.java | 11 ++++++++++- + 5 files changed, 31 insertions(+), 1 deletion(-) + +diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml +index b968d7b685..d2778dfc8d 100644 +--- a/res/values-de/cm_strings.xml ++++ b/res/values-de/cm_strings.xml +@@ -48,6 +48,7 @@ + Gerät + Hintergrund + Systemstart ++ Sensoren + Root-Zugriff + Andere + Ungefährer Standort +@@ -118,6 +119,8 @@ + Beim Booten starten + NFC ein-/ausschalten + Mobile Daten ein-/ausschalten ++ Nutzung Bewegungssensoren ++ Sonstige Sensoren + Root-Zugriff + Ungefährer Standort + Genauer Standort +@@ -187,6 +190,8 @@ + Beim Booten starten + NFC ein-/ausschalten + Mobile Daten ein-/ausschalten ++ Bewegungssensoren ++ sonstige Sensoren + Root-Zugriff + Erlaubt + Verboten +diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml +index 395b87195c..b5e9213441 100644 +--- a/res/values-fr/cm_strings.xml ++++ b/res/values-fr/cm_strings.xml +@@ -49,6 +49,7 @@ Vous êtes maintenant à %1$d étapes de l\'a + Appareil + Arrière-plan + Démarrage ++ Capteurs + Accès root + Autre + localisation approximative +@@ -120,6 +121,8 @@ Vous êtes maintenant à %1$d étapes de l\'a + démarrer au lancement + activer/désactiver le NFC + activer/désactiver les données mobiles ++ utiliser les capteurs de mouvement ++ utiliser d\'autres capteurs + accès root + Position approximative + Position précise +@@ -190,6 +193,8 @@ Vous êtes maintenant à %1$d étapes de l\'a + Démarrer au lancement + Activer/désactiver le NFC + Activer/désactiver les données mobiles ++ Capteur de mouvement ++ autres Capteurs + Accès root + Autorisé + Ignoré +diff --git a/res/values/cm_arrays.xml b/res/values/cm_arrays.xml +index 38568e4baf..f6a2e8ad19 100644 +--- a/res/values/cm_arrays.xml ++++ b/res/values/cm_arrays.xml +@@ -50,6 +50,7 @@ + @string/app_ops_categories_background + @string/app_ops_categories_bootup + @string/app_ops_categories_su ++ @string/app_ops_categories_sensors + @string/app_ops_categories_other + + +@@ -125,6 +126,8 @@ + @string/app_ops_summaries_toggle_nfc + @string/app_ops_summaries_toggle_mobile_data + @string/app_ops_summaries_superuser ++ @string/app_ops_summaries_motion_sensors ++ @string/app_ops_summaries_other_sensors + + + +@@ -199,6 +202,8 @@ + @string/app_ops_labels_toggle_nfc + @string/app_ops_labels_toggle_mobile_data + @string/app_ops_labels_superuser ++ @string/app_ops_labels_motion_sensors ++ @string/app_ops_labels_other_sensors + + + +diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml +index 0dd77d2439..6441556fa4 100644 +--- a/res/values/cm_strings.xml ++++ b/res/values/cm_strings.xml +@@ -70,6 +70,7 @@ + Device + Background + Bootup ++ Sensors + Root access + Other + +@@ -143,8 +144,11 @@ + start at boot + toggle NFC + toggle cellular data ++ Motion Sensor usage ++ Other Sensor usage + root access + ++ + + Coarse location + Fine location +@@ -215,6 +219,8 @@ + Start at boot + Toggle NFC + Toggle cellular data ++ Motion Sensors ++ Other Sensors + Root access + + +diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java +index b3d344ed5e..827ef67e9d 100644 +--- a/src/com/android/settings/applications/AppOpsState.java ++++ b/src/com/android/settings/applications/AppOpsState.java +@@ -233,6 +233,15 @@ public class AppOpsState { + new boolean[] { true } + ); + ++ public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate( ++ new int[] { AppOpsManager.OP_BODY_SENSORS, ++ AppOpsManager.OP_MOTION_SENSORS, ++ AppOpsManager.OP_OTHER_SENSORS }, ++ new boolean[] { true, ++ false, ++ false } ++ ); ++ + public static final OpsTemplate SU_TEMPLATE = new OpsTemplate( + new int[] { AppOpsManager.OP_SU }, + new boolean[] { false } +@@ -283,7 +292,7 @@ public class AppOpsState { + public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] { + LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE, + MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE, +- BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE ++ BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE + }; + + /** +-- +2.31.1 + diff --git a/Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P2.patch b/Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P2.patch new file mode 100644 index 00000000..662dab72 --- /dev/null +++ b/Patches/LineageOS-14.1/android_packages_apps_Settings/0002-Sensors-P2.patch @@ -0,0 +1,37 @@ +From 52752e68d5307d6a5421fb48a754b6f93d622454 Mon Sep 17 00:00:00 2001 +From: MSe +Date: Wed, 10 Apr 2019 22:11:15 +0200 +Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor + AppOps + +Change-Id: Ic68954f30ba8214041c685a4efca4fc65b99ddaf +--- + src/com/android/settings/applications/AppOpsDetails.java | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/com/android/settings/applications/AppOpsDetails.java b/src/com/android/settings/applications/AppOpsDetails.java +index a51a3279f1..504267ab27 100644 +--- a/src/com/android/settings/applications/AppOpsDetails.java ++++ b/src/com/android/settings/applications/AppOpsDetails.java +@@ -109,6 +109,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment { + OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location); + OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone); + OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc); ++ OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_perm_data); + OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications); + OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard); + OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background); +@@ -193,6 +194,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment { + if (icon == null && op != -1 && OP_ICONS.containsKey(op)) { + icon = getActivity().getDrawable(OP_ICONS.get(op)); + } ++ if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) { ++ icon = getIconByPermission(AppOpsManager.opToPermission( ++ AppOpsManager.OP_USE_FINGERPRINT)); ++ } + + final AppOpsManager.OpEntry firstOp = entry.getOpEntry(0); + final int switchOp = AppOpsManager.opToSwitch(firstOp.getOp()); +-- +2.31.1 + diff --git a/Patches/LineageOS-15.1/android_frameworks_base/0007-Sensors.patch b/Patches/LineageOS-15.1/android_frameworks_base/0007-Sensors.patch new file mode 100644 index 00000000..655292e7 --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_base/0007-Sensors.patch @@ -0,0 +1,237 @@ +From 846d74b9b422a0c616c024e63bcfee3f6454a3c3 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sun, 17 Jun 2018 10:49:09 +0200 +Subject: [PATCH] - AppOps/PrivacyGuard: New Sensor checks [base] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: ask, strict) +- OP_OTHER_SENSORS (default: allow) + +To avoid severe issues when setting selected Ops to 'ASK', the default +mode for systemui, apps with uid 1000 (system) and apps signed with the +platform key will always get the 'allowed' mode as default. + +Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb +--- + core/java/android/app/AppOpsManager.java | 34 +++++++++++++++++-- + core/res/res/values-de/cm_strings.xml | 2 ++ + core/res/res/values-fr/cm_strings.xml | 2 ++ + core/res/res/values/cm_strings.xml | 2 ++ + core/res/res/values/lineage_arrays.xml | 4 +++ + .../com/android/server/AppOpsService.java | 20 +++++++++++ + 6 files changed, 61 insertions(+), 3 deletions(-) + +diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java +index 2db36c8f4e02..d2587f2009df 100644 +--- a/core/java/android/app/AppOpsManager.java ++++ b/core/java/android/app/AppOpsManager.java +@@ -280,8 +280,12 @@ public class AppOpsManager { + public static final int OP_DATA_CONNECT_CHANGE = 74; + /** @hide SU access */ + public static final int OP_SU = 75; ++ /** @hide Motion Sensors */ ++ public static final int OP_MOTION_SENSORS = 76; ++ /** @hide Other Sensors */ ++ public static final int OP_OTHER_SENSORS = 77; + /** @hide */ +- public static final int _NUM_OP = 76; ++ public static final int _NUM_OP = 78; + + /** Access to coarse location information. */ + public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; +@@ -407,6 +411,10 @@ public class AppOpsManager { + = "android:data_connect_change"; + private static final String OPSTR_SU + = "android:su"; ++ private static final String OPSTR_MOTION_SENSORS = ++ "android:motion_sensors"; ++ private static final String OPSTR_OTHER_SENSORS = ++ "android:other_sensors"; + + // Warning: If an permission is added here it also has to be added to + // com.android.packageinstaller.permission.utils.EventLogger +@@ -540,7 +548,9 @@ public class AppOpsManager { + OP_BOOT_COMPLETED, + OP_NFC_CHANGE, + OP_DATA_CONNECT_CHANGE, +- OP_SU ++ OP_SU, ++ OP_MOTION_SENSORS, ++ OP_OTHER_SENSORS + }; + + /** +@@ -624,6 +634,8 @@ public class AppOpsManager { + OPSTR_NFC_CHANGE, + OPSTR_DATA_CONNECT_CHANGE, + OPSTR_SU, ++ OPSTR_MOTION_SENSORS, ++ OPSTR_OTHER_SENSORS, + }; + + /** +@@ -707,6 +719,8 @@ public class AppOpsManager { + "NFC_CHANGE", + "DATA_CONNECT_CHANGE", + "SU", ++ "MOTION_SENSORS", ++ "OTHER_SENSORS", + }; + + /** +@@ -790,6 +804,8 @@ public class AppOpsManager { + Manifest.permission.NFC, + Manifest.permission.MODIFY_PHONE_STATE, + null, ++ null, ++ null, + }; + + /** +@@ -874,6 +890,8 @@ public class AppOpsManager { + null, //NFC_CHANGE + null, //DATA_CONNECT_CHANGE + UserManager.DISALLOW_SU, //SU TODO: this should really be investigated. ++ null, //MOTION_SENSORS ++ null, //OTHER_SENSORS + }; + + /** +@@ -957,6 +975,8 @@ public class AppOpsManager { + true, // NFC_CHANGE + true, //DATA_CONNECT_CHANGE + false, //SU ++ false, //MOTION_SENSORS ++ false, //OTHER_SENSORS + }; + + /** +@@ -1038,7 +1058,9 @@ public class AppOpsManager { + AppOpsManager.MODE_ALLOWED, // OP_BOOT_COMPLETED + AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE + AppOpsManager.MODE_ALLOWED, +- AppOpsManager.MODE_ASK, // OP_SU ++ AppOpsManager.MODE_ASK, // OP_SU ++ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS ++ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + + /** +@@ -1122,6 +1144,8 @@ public class AppOpsManager { + AppOpsManager.MODE_ASK, // OP_NFC_CHANGE + AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE + AppOpsManager.MODE_ASK, // OP_SU ++ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS ++ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + + /** +@@ -1204,6 +1228,8 @@ public class AppOpsManager { + true, // OP_NFC_CHANGE + true, // OP_DATA_CONNECT_CHANGE + true, // OP_SU ++ true, // OP_MOTION_SENSORS ++ false, // OP_OTHER_SENSORS + }; + + /** +@@ -1290,6 +1316,8 @@ public class AppOpsManager { + false, // OP_NFC_CHANGE + false, // OP_DATA_CONNECT_CHANGE + false, // OP_SU ++ false, // OP_MOTION_SENSORS ++ false, // OP_OTHER_SENSORS + }; + + /** +diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml +index af5c3fbe12f0..6a8a1e0fc45a 100644 +--- a/core/res/res/values-de/cm_strings.xml ++++ b/core/res/res/values-de/cm_strings.xml +@@ -57,7 +57,9 @@ + die Zwischenablage zu ändern + Kontakte zu ändern + Einstellungen zu ändern ++ Bewegungssensoren zu nutzen + das Mikrofon zu aktivieren/deaktivieren ++ sonstige Sensoren zu nutzen + Anrufe zu beantworten + Bild im Bild zu verwenden + Audio wiederzugeben +diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml +index c223ccbc5dd8..28ee5ba28dcf 100644 +--- a/core/res/res/values-fr/cm_strings.xml ++++ b/core/res/res/values-fr/cm_strings.xml +@@ -57,7 +57,9 @@ + modifier le presse-papiers + mettre à jour vos contacts + mettre à jour les paramètres du système ++ utiliser les capteurs de mouvement + activer/désactiver le microphone ++ utiliser d\'autres capteurs + répondre aux appels téléphoniques + utiliser le mode Picture-in-Picture + lecture audio +diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml +index 4c34888c94ab..d0ec04891c8d 100644 +--- a/core/res/res/values/cm_strings.xml ++++ b/core/res/res/values/cm_strings.xml +@@ -70,7 +70,9 @@ + modify the clipboard + update your contacts + update system settings ++ use the motion sensors + mute/unmute the microphone ++ use other sensors + answer phone calls + use picture in picture + play audio +diff --git a/core/res/res/values/lineage_arrays.xml b/core/res/res/values/lineage_arrays.xml +index 65149d2a9e54..5cb3120dbc47 100644 +--- a/core/res/res/values/lineage_arrays.xml ++++ b/core/res/res/values/lineage_arrays.xml +@@ -170,6 +170,10 @@ + @string/app_ops_toggle_mobile_data + + @string/app_ops_su ++ ++ @string/app_ops_motion_sensors ++ ++ @string/app_ops_other_sensors + + + +diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java +index 8dc8272303e3..0a74101de471 100644 +--- a/services/core/java/com/android/server/AppOpsService.java ++++ b/services/core/java/com/android/server/AppOpsService.java +@@ -2841,6 +2841,26 @@ public class AppOpsService extends IAppOpsService.Stub { + } + + private int getDefaultMode(int code, int uid, String packageName) { ++ // To allow setting 'MODE_ASK' for own Ops, some precautions to ++ // avoid privileged apps to trigger the toggle are needed: ++ ++ // 1st check: Skip uid 1000 and systemui ++ if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) { ++ return AppOpsManager.MODE_ALLOWED; ++ } ++ // 2nd check: Skip apps signed with platform key, except for the 'root' Op ++ if (code != AppOpsManager.OP_SU) { ++ try { ++ int match = AppGlobals.getPackageManager().checkSignatures("android", packageName); ++ if (match >= PackageManager.SIGNATURE_MATCH) { ++ return AppOpsManager.MODE_ALLOWED; ++ } ++ } catch (RemoteException re) { ++ Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re); ++ } ++ } ++ // end ++ + int mode = AppOpsManager.opToDefaultMode(code, + isStrict(code, uid, packageName)); + if (AppOpsManager.isStrictOp(code) && mPolicy != null) { +-- +2.31.1 + diff --git a/Patches/LineageOS-15.1/android_frameworks_native/0001-Sensors.patch b/Patches/LineageOS-15.1/android_frameworks_native/0001-Sensors.patch new file mode 100644 index 00000000..35d8566c --- /dev/null +++ b/Patches/LineageOS-15.1/android_frameworks_native/0001-Sensors.patch @@ -0,0 +1,155 @@ +From cf5355b4ffb23b30b45a937d907e4a728214b02a Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sun, 17 Jun 2018 11:33:33 +0200 +Subject: [PATCH] [PATCH 2/3] - AppOps/PrivacyGuard: New Sensor checks [native] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: ask, strict) +- OP_OTHER_SENSORS (default: allow) + +This change updated the AppOPs binder for the newly defined Ops, +implements the logic for the sensors and adapts the logic for +checking the Ops, if an Op is not linked to a permission. + +Change-Id: Ic56e7bd48acda8790d6ab917a07cd7b747d4de87 +--- + libs/binder/include/binder/AppOpsManager.h | 4 +++- + libs/sensor/Sensor.cpp | 10 +++++++++ + services/sensorservice/SensorService.cpp | 25 ++++++++++++---------- + 3 files changed, 27 insertions(+), 12 deletions(-) + +diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h +index 1beabd3fc4..dd7b3482f3 100644 +--- a/libs/binder/include/binder/AppOpsManager.h ++++ b/libs/binder/include/binder/AppOpsManager.h +@@ -110,7 +110,9 @@ class AppOpsManager + OP_BOOT_COMPLETED = 72, + OP_NFC_CHANGE = 73, + OP_DATA_CONNECT_CHANGE = 74, +- OP_SU = 75 ++ OP_SU = 75, ++ OP_MOTION_SENSORS = 76, ++ OP_OTHER_SENSORS = 77 + }; + + AppOpsManager(); +diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp +index a0e368c7e4..919d5311c9 100644 +--- a/libs/sensor/Sensor.cpp ++++ b/libs/sensor/Sensor.cpp +@@ -52,6 +52,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + mMinDelay = hwSensor.minDelay; + mFlags = 0; + mUuid = uuid; ++ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set + + // Set fifo event count zero for older devices which do not support batching. Fused + // sensors also have their fifo counts set to zero. +@@ -86,6 +87,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + switch (mType) { + case SENSOR_TYPE_ACCELEROMETER: + mStringType = SENSOR_STRING_TYPE_ACCELEROMETER; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_AMBIENT_TEMPERATURE: +@@ -106,10 +108,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_GYROSCOPE: + mStringType = SENSOR_STRING_TYPE_GYROSCOPE; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED: + mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_HEART_RATE: { +@@ -125,6 +129,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_LINEAR_ACCELERATION: + mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_MAGNETIC_FIELD: +@@ -161,16 +166,19 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + case SENSOR_TYPE_SIGNIFICANT_MOTION: + mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION; + mFlags |= SENSOR_FLAG_ONE_SHOT_MODE; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) { + mFlags |= SENSOR_FLAG_WAKE_UP; + } + break; + case SENSOR_TYPE_STEP_COUNTER: + mStringType = SENSOR_STRING_TYPE_STEP_COUNTER; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_ON_CHANGE_MODE; + break; + case SENSOR_TYPE_STEP_DETECTOR: + mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE; + break; + case SENSOR_TYPE_TEMPERATURE: +@@ -236,6 +244,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_MOTION_DETECT: + mStringType = SENSOR_STRING_TYPE_MOTION_DETECT; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_ONE_SHOT_MODE; + if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) { + mFlags |= SENSOR_FLAG_WAKE_UP; +@@ -251,6 +260,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + + case SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED: + mStringType = SENSOR_STRING_TYPE_ACCELEROMETER_UNCALIBRATED; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + default: +diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp +index a1f07b281a..1a0e5e8531 100644 +--- a/services/sensorservice/SensorService.cpp ++++ b/services/sensorservice/SensorService.cpp +@@ -1445,6 +1445,20 @@ status_t SensorService::flushSensor(const sp& connection, + + bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + const String16& opPackageName) { ++ ++ // Due to the new SENSOR AppOps, which do not correspond to any permission, ++ // we need to check for the AppOp BEFORE checking any permission ++ const int32_t opCode = sensor.getRequiredAppOp(); ++ if (opCode >= 0) { ++ AppOpsManager appOps; ++ if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName) ++ != AppOpsManager::MODE_ALLOWED) { ++ ALOGE("%s a sensor (%s) without enabled required app op: %d", ++ operation, sensor.getName().string(), opCode); ++ return false; ++ } ++ } ++ + const String8& requiredPermission = sensor.getRequiredPermission(); + + if (requiredPermission.length() <= 0) { +@@ -1467,17 +1481,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + return false; + } + +- const int32_t opCode = sensor.getRequiredAppOp(); +- if (opCode >= 0) { +- AppOpsManager appOps; +- if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName) +- != AppOpsManager::MODE_ALLOWED) { +- ALOGE("%s a sensor (%s) without enabled required app op: %d", +- operation, sensor.getName().string(), opCode); +- return false; +- } +- } +- + return true; + } + diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P1.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P1.patch new file mode 100644 index 00000000..8e70dc24 --- /dev/null +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P1.patch @@ -0,0 +1,188 @@ +From f2eede97b47cf25553aa5edf10909429f087cfd9 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sun, 17 Jun 2018 13:03:27 +0200 +Subject: [PATCH 1/2] - AppOps/PrivacyGuard: New Sensor checks [Settings] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: ask, strict) +- OP_OTHER_SENSORS (default: allow) + +Add new Sensor template, relocate BODY_SENSORS into it + +Change-Id: I9b51c47e27a330823ecb4472b9a7818718ef4209 +--- + res/values-de/cm_strings.xml | 5 +++++ + res/values-fr/cm_strings.xml | 5 +++++ + res/values/cm_arrays.xml | 5 +++++ + res/values/cm_strings.xml | 5 +++++ + .../android/settings/applications/AppOpsState.java | 13 ++++++++++--- + 5 files changed, 30 insertions(+), 3 deletions(-) + +diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml +index e7a59a5d96..10ea1ae860 100644 +--- a/res/values-de/cm_strings.xml ++++ b/res/values-de/cm_strings.xml +@@ -100,6 +100,7 @@ + Gerät + Im Hintergrund ausführen + Systemstart ++ Sensoren + Root-Zugriff + Andere + Ungefährer Standort +@@ -177,6 +178,8 @@ + Beim Booten starten + NFC ein-/ausschalten + Mobile Daten ein-/ausschalten ++ Nutzung Bewegungssensoren ++ Sonstige Sensoren + Root-Zugriff + Ungefährer Standort + Genauer Standort +@@ -253,6 +256,8 @@ + Beim Booten starten + NFC ein-/ausschalten + Mobile Daten ein-/ausschalten ++ Bewegungssensoren ++ sonstige Sensoren + Root-Zugriff + Erlaubt + Verboten +diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml +index dc0cee3d61..992258f378 100644 +--- a/res/values-fr/cm_strings.xml ++++ b/res/values-fr/cm_strings.xml +@@ -101,6 +101,7 @@ Vous êtes maintenant à %1$d étapes de l\'a + Appareil + Exécuter en arrière plan + Démarrage ++ Capteurs + Accès root + Autre + localisation approximative +@@ -178,6 +179,8 @@ Vous êtes maintenant à %1$d étapes de l\'a + démarrer au lancement + activer/désactiver le NFC + activer/désactiver les données mobiles ++ utiliser les capteurs de mouvement ++ utiliser d\'autres capteurs + accès root + Position approximative + Position précise +@@ -254,6 +257,8 @@ Vous êtes maintenant à %1$d étapes de l\'a + Démarrer au lancement + Activer/désactiver le NFC + Activer/désactiver les données mobiles ++ Capteur de mouvement ++ autres Capteurs + Accès root + Autorisé + Ignoré +diff --git a/res/values/cm_arrays.xml b/res/values/cm_arrays.xml +index 901773fcc7..4796f9399c 100644 +--- a/res/values/cm_arrays.xml ++++ b/res/values/cm_arrays.xml +@@ -34,6 +34,7 @@ + @string/app_ops_categories_run_in_background + @string/app_ops_categories_bootup + @string/app_ops_categories_su ++ @string/app_ops_categories_sensors + @string/app_ops_categories_other + + +@@ -115,6 +116,8 @@ + @string/app_ops_summaries_toggle_nfc + @string/app_ops_summaries_toggle_mobile_data + @string/app_ops_summaries_superuser ++ @string/app_ops_summaries_motion_sensors ++ @string/app_ops_summaries_other_sensors + + + +@@ -195,6 +198,8 @@ + @string/app_ops_labels_toggle_nfc + @string/app_ops_labels_toggle_mobile_data + @string/app_ops_labels_superuser ++ @string/app_ops_labels_motion_sensors ++ @string/app_ops_labels_other_sensors + + + +diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml +index 91238336d9..f978f86bed 100644 +--- a/res/values/cm_strings.xml ++++ b/res/values/cm_strings.xml +@@ -165,6 +165,7 @@ + Device + Run in background + Bootup ++ Sensors + Root access + Other + +@@ -244,6 +245,8 @@ + start at boot + toggle NFC + toggle cellular data ++ Motion Sensor usage ++ Other Sensor usage + root access + + +@@ -322,6 +325,8 @@ + Start at boot + Toggle NFC + Toggle cellular data ++ Motion Sensors ++ Other Sensors + Root access + + +diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java +index f1a2e4dce1..4f946f2792 100644 +--- a/src/com/android/settings/applications/AppOpsState.java ++++ b/src/com/android/settings/applications/AppOpsState.java +@@ -235,6 +235,15 @@ public class AppOpsState { + new boolean[] { true } + ); + ++ public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate( ++ new int[] { AppOpsManager.OP_BODY_SENSORS, ++ AppOpsManager.OP_MOTION_SENSORS, ++ AppOpsManager.OP_OTHER_SENSORS }, ++ new boolean[] { true, ++ false, ++ false } ++ ); ++ + public static final OpsTemplate SU_TEMPLATE = new OpsTemplate( + new int[] { AppOpsManager.OP_SU }, + new boolean[] { false } +@@ -251,7 +260,6 @@ public class AppOpsState { + AppOpsManager.OP_USE_SIP, + AppOpsManager.OP_PROCESS_OUTGOING_CALLS, + AppOpsManager.OP_USE_FINGERPRINT, +- AppOpsManager.OP_BODY_SENSORS, + AppOpsManager.OP_READ_CELL_BROADCASTS, + AppOpsManager.OP_MOCK_LOCATION, + AppOpsManager.OP_READ_EXTERNAL_STORAGE, +@@ -271,7 +279,6 @@ public class AppOpsState { + true, + true, + true, +- true, + true } + ); + +@@ -285,7 +292,7 @@ public class AppOpsState { + public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] { + LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE, + MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE, +- BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE ++ BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE + }; + + /** +-- +2.31.1 + diff --git a/Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P2.patch b/Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P2.patch new file mode 100644 index 00000000..d2f97192 --- /dev/null +++ b/Patches/LineageOS-15.1/android_packages_apps_Settings/0005-Sensors-P2.patch @@ -0,0 +1,37 @@ +From 4467cf678f558ee4b04fb1b9345a43f87b51d681 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Wed, 20 Mar 2019 08:42:49 +0100 +Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor + AppOps + +Change-Id: Ic68954f30ba8214041c685a4efca4fc65b99ddaf +--- + src/com/android/settings/applications/AppOpsDetails.java | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/com/android/settings/applications/AppOpsDetails.java b/src/com/android/settings/applications/AppOpsDetails.java +index 220bdff005..db948ab5cd 100644 +--- a/src/com/android/settings/applications/AppOpsDetails.java ++++ b/src/com/android/settings/applications/AppOpsDetails.java +@@ -111,6 +111,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment { + OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location); + OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone); + OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc); ++ OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_devices_other); + OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications); + OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard); + OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background); +@@ -205,6 +206,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment { + if (icon == null && op != -1 && OP_ICONS.containsKey(op)) { + icon = getActivity().getDrawable(OP_ICONS.get(op)); + } ++ if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) { ++ icon = getIconByPermission(AppOpsManager.opToPermission( ++ AppOpsManager.OP_USE_FINGERPRINT)); ++ } + if (icon == null) { + Log.e(TAG, "Failed to retrieve icon for permission: " + perm); + } else { +-- +2.31.1 + diff --git a/Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch b/Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch new file mode 100644 index 00000000..6ca27817 --- /dev/null +++ b/Patches/LineageOS-16.0/android_frameworks_base/0011-Sensors.patch @@ -0,0 +1,248 @@ +From d0663b7dc73564744e89d5dd93675ff8929cc532 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Fri, 15 Mar 2019 22:05:36 +0100 +Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [base] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: ask, strict) +- OP_OTHER_SENSORS (default: allow) + +To avoid severe issues when setting selected Ops to 'ASK', the default +mode for apps with uid 1000 (system) will always get the 'allowed' mode +as default, same as com.android.systemui + +Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb +--- + core/java/android/app/AppOpsManager.java | 35 +++++++++++++++++-- + core/res/res/values-de/cm_strings.xml | 2 ++ + core/res/res/values-fr/cm_strings.xml | 2 ++ + core/res/res/values/cm_strings.xml | 2 ++ + core/res/res/values/lineage_arrays.xml | 4 +++ + .../com/android/server/AppOpsService.java | 19 +++++++++- + 6 files changed, 61 insertions(+), 3 deletions(-) + +diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java +index a112cafb3b5e..c7338214a265 100644 +--- a/core/java/android/app/AppOpsManager.java ++++ b/core/java/android/app/AppOpsManager.java +@@ -371,8 +371,12 @@ + public static final int OP_DATA_CONNECT_CHANGE = 81; + /** @hide SU access */ + public static final int OP_SU = 82; ++ /** @hide Motion Sensors */ ++ public static final int OP_MOTION_SENSORS = 83; ++ /** @hide Other Sensors */ ++ public static final int OP_OTHER_SENSORS = 84; + /** @hide */ +- public static final int _NUM_OP = 83; ++ public static final int _NUM_OP = 85; + + /** Access to coarse location information. */ + public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; +@@ -628,6 +632,11 @@ + /** @hide */ + public static final String OPSTR_SU = "android:su"; + ++ public static final String OPSTR_MOTION_SENSORS = ++ "android:motion_sensors"; ++ public static final String OPSTR_OTHER_SENSORS = ++ "android:other_sensors"; ++ + // Warning: If an permission is added here it also has to be added to + // com.android.packageinstaller.permission.utils.EventLogger + private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = { +@@ -676,7 +685,9 @@ + OP_WRITE_SETTINGS, + OP_REQUEST_INSTALL_PACKAGES, + OP_START_FOREGROUND, +- OP_SU ++ OP_SU, ++ OP_MOTION_SENSORS, ++ OP_OTHER_SENSORS + }; + + /** +@@ -771,6 +782,8 @@ + OP_NFC_CHANGE, // NFC_CHANGE + OP_DATA_CONNECT_CHANGE, // DATA_CONNECT_CHANGE + OP_SU, // SU ++ OP_MOTION_SENSORS, // MOTION_SENSORS ++ OP_OTHER_SENSORS // OTHER_SENSORS + }; + + /** +@@ -860,6 +873,8 @@ + OPSTR_NFC_CHANGE, + OPSTR_DATA_CONNECT_CHANGE, + OPSTR_SU, ++ OPSTR_MOTION_SENSORS, ++ OPSTR_OTHER_SENSORS, + }; + + /** +@@ -950,6 +965,8 @@ + "NFC_CHANGE", + "DATA_CONNECT_CHANGE", + "SU", ++ "MOTION_SENSORS", ++ "OTHER_SENSORS", + }; + + /** +@@ -1040,6 +1057,8 @@ + Manifest.permission.NFC, + null, + null, // no permission for OP_SU ++ null, // no permission for OP_MOTION_SENSORS ++ null, // no permission for OP_OTHER_SENSORS + }; + + /** +@@ -1131,6 +1150,8 @@ + null, // NFC_CHANGE + null, // DATA_CONNECT_CHANGE + UserManager.DISALLOW_SU, // SU TODO: this should really be investigated. ++ null, //MOTION_SENSORS ++ null, //OTHER_SENSORS + }; + + /** +@@ -1221,6 +1242,8 @@ + true, // NFC_CHANGE + true, // DATA_CONNECT_CHANGE + false, // SU ++ false, //MOTION_SENSORS ++ false, //OTHER_SENSORS + }; + + /** +@@ -1310,6 +1333,8 @@ + AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE + AppOpsManager.MODE_ALLOWED, // OP_DATA_CONNECT_CHANGE + AppOpsManager.MODE_ASK, // OP_SU ++ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS ++ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + + /** +@@ -1400,6 +1425,8 @@ + AppOpsManager.MODE_ASK, // OP_NFC_CHANGE + AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE + AppOpsManager.MODE_ASK, // OP_SU ++ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS ++ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + + /** +@@ -1489,6 +1516,8 @@ + true, // NFC_CHANGE + true, // DATA_CONNECT_CHANGE + true, // SU ++ true, // OP_MOTION_SENSORS ++ false, // OP_OTHER_SENSORS + }; + + /** +@@ -1582,6 +1611,8 @@ + false, // OP_NFC_CHANGE + false, // OP_DATA_CONNECT_CHANGE + false, // OP_SU ++ false, // OP_MOTION_SENSORS ++ false, // OP_OTHER_SENSORS + }; + + /** +diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml +index a8fd5700e374..837dccd09425 100644 +--- a/core/res/res/values-de/cm_strings.xml ++++ b/core/res/res/values-de/cm_strings.xml +@@ -52,7 +52,9 @@ + die Zwischenablage zu ändern + Kontakte zu ändern + Einstellungen zu ändern ++ Bewegungssensoren zu nutzen + das Mikrofon zu aktivieren/deaktivieren ++ sonstige Sensoren zu nutzen + Anrufe zu beantworten + Bild im Bild zu verwenden + Audio wiederzugeben +diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml +index fb1835759a7f..fc294608074f 100644 +--- a/core/res/res/values-fr/cm_strings.xml ++++ b/core/res/res/values-fr/cm_strings.xml +@@ -48,7 +48,9 @@ + modifier le presse-papiers + mettre à jour vos contacts + mettre à jour les paramètres du système ++ utiliser les capteurs de mouvement + activer/désactiver le microphone ++ utiliser d\'autres capteurs + répondre aux appels téléphoniques + utiliser le mode Picture-in-Picture + lecture audio +diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml +index 301131e2663d..5939cae77b8e 100644 +--- a/core/res/res/values/cm_strings.xml ++++ b/core/res/res/values/cm_strings.xml +@@ -57,7 +57,9 @@ + modify the clipboard + update your contacts + update system settings ++ use the motion sensors + mute/unmute the microphone ++ use other sensors + answer phone calls + use picture in picture + play audio +diff --git a/core/res/res/values/lineage_arrays.xml b/core/res/res/values/lineage_arrays.xml +index 58567d1c8bd1..11a7d99b8d48 100644 +--- a/core/res/res/values/lineage_arrays.xml ++++ b/core/res/res/values/lineage_arrays.xml +@@ -184,6 +184,10 @@ + @string/app_ops_toggle_mobile_data + + @string/app_ops_su ++ ++ @string/app_ops_motion_sensors ++ ++ @string/app_ops_other_sensors + + + +diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java +index cdee2ba49c10..9c7f0700236e 100644 +--- a/services/core/java/com/android/server/AppOpsService.java ++++ b/services/core/java/com/android/server/AppOpsService.java +@@ -1775,6 +1775,15 @@ private int noteOperationUnchecked(int code, int uid, String packageName, + op.rejectTime[uidState.state] = System.currentTimeMillis(); + op.ignoredCount++; + return mode; ++ } else if (uid == Process.SYSTEM_UID || packageName == "com.android.systemui") { ++ /* ++ * To avoid a deadlock situation in case of system/privileged apps having ++ * 'MODE_ASK'as default in case of own AppOps (e.g. OP_MOTION_SENSORS), ++ * we need to grant always access to such privileged system apps. ++ * ++ * This 'blind' condition causes the PermissionDialog req not to be ++ * initialised, hence the `if (req == null)` condition below applies. ++ */ + } else if (mode == AppOpsManager.MODE_ASK) { + if (Looper.myLooper() == mLooper || Thread.holdsLock(mActivityManagerService)) { + Slog.e(TAG, "noteOperation: this method will deadlock if called" + +@@ -1953,7 +1962,15 @@ public int startOperation(IBinder token, int code, int uid, String packageName, + op.rejectTime[uidState.state] = System.currentTimeMillis(); + op.ignoredCount++; + return mode; +- } else if (mode == AppOpsManager.MODE_ALLOWED) { ++ } else if ((mode == AppOpsManager.MODE_ALLOWED) || ++ /* ++ * To avoid a deadlock situation in case of system/privileged apps having ++ * 'MODE_ASK'as default in case of own AppOps (e.g. OP_MOTION_SENSORS), ++ * we need to grant always access to such privileged system apps ++ */ ++ ((uid == Process.SYSTEM_UID || packageName == "com.android.systemui") && ++ (mode == AppOpsManager.MODE_ASK))) { ++ + if (DEBUG) Slog.d(TAG, "startOperation: allowing code " + code + " uid " + uid + + " package " + resolvedPackageName); + if (op.startNesting == 0) { diff --git a/Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch b/Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch new file mode 100644 index 00000000..ff5785c0 --- /dev/null +++ b/Patches/LineageOS-16.0/android_frameworks_native/0001-Sensors.patch @@ -0,0 +1,156 @@ +From 292631a7e653549c02a6c29aa98cba8db770a21b Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Fri, 15 Mar 2019 22:14:54 +0100 +Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [native] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: ask, strict) +- OP_OTHER_SENSORS (default: allow) + +This change updated the AppOPs binder for the newly defined Ops, +implements the logic for the sensors and adapts the logic for +checking the Ops, if an Op is not linked to a permission. + +Change-Id: Ic56e7bd48acda8790d6ab917a07cd7b747d4de87 +--- + libs/binder/include/binder/AppOpsManager.h | 4 +++- + libs/sensor/Sensor.cpp | 10 +++++++++ + services/sensorservice/SensorService.cpp | 25 ++++++++++++---------- + 3 files changed, 27 insertions(+), 12 deletions(-) + +diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h +index fb682ecde7..83887787c9 100644 +--- a/libs/binder/include/binder/AppOpsManager.h ++++ b/libs/binder/include/binder/AppOpsManager.h +@@ -119,7 +119,9 @@ class AppOpsManager + OP_BOOT_COMPLETED = 79, + OP_NFC_CHANGE = 80, + OP_DATA_CONNECT_CHANGE = 81, +- OP_SU = 82 ++ OP_SU = 82, ++ OP_MOTION_SENSORS = 83, ++ OP_OTHER_SENSORS = 84 + }; + + AppOpsManager(); +diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp +index a0e368c7e4..03fee85bf8 100644 +--- a/libs/sensor/Sensor.cpp ++++ b/libs/sensor/Sensor.cpp +@@ -52,6 +52,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + mMinDelay = hwSensor.minDelay; + mFlags = 0; + mUuid = uuid; ++ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set + + // Set fifo event count zero for older devices which do not support batching. Fused + // sensors also have their fifo counts set to zero. +@@ -86,6 +87,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + switch (mType) { + case SENSOR_TYPE_ACCELEROMETER: + mStringType = SENSOR_STRING_TYPE_ACCELEROMETER; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_AMBIENT_TEMPERATURE: +@@ -106,10 +108,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_GYROSCOPE: + mStringType = SENSOR_STRING_TYPE_GYROSCOPE; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED: + mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_HEART_RATE: { +@@ -125,6 +129,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_LINEAR_ACCELERATION: + mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + case SENSOR_TYPE_MAGNETIC_FIELD: +@@ -160,6 +165,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_SIGNIFICANT_MOTION: + mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_ONE_SHOT_MODE; + if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) { + mFlags |= SENSOR_FLAG_WAKE_UP; +@@ -167,10 +173,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_STEP_COUNTER: + mStringType = SENSOR_STRING_TYPE_STEP_COUNTER; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_ON_CHANGE_MODE; + break; + case SENSOR_TYPE_STEP_DETECTOR: + mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE; + break; + case SENSOR_TYPE_TEMPERATURE: +@@ -236,6 +244,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + break; + case SENSOR_TYPE_MOTION_DETECT: + mStringType = SENSOR_STRING_TYPE_MOTION_DETECT; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_ONE_SHOT_MODE; + if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) { + mFlags |= SENSOR_FLAG_WAKE_UP; +@@ -251,6 +260,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + + case SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED: + mStringType = SENSOR_STRING_TYPE_ACCELEROMETER_UNCALIBRATED; ++ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS; + mFlags |= SENSOR_FLAG_CONTINUOUS_MODE; + break; + default: +diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp +index 1c3e943543..142c5a274e 100644 +--- a/services/sensorservice/SensorService.cpp ++++ b/services/sensorservice/SensorService.cpp +@@ -1545,6 +1545,20 @@ status_t SensorService::flushSensor(const sp& connection, + + bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + const String16& opPackageName) { ++ ++ // Due to the new SENSOR AppOps, which do not correspond to any permission, ++ // we need to check for the AppOp BEFORE checking any permission ++ const int32_t opCode = sensor.getRequiredAppOp(); ++ if (opCode >= 0) { ++ AppOpsManager appOps; ++ if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName) ++ != AppOpsManager::MODE_ALLOWED) { ++ ALOGE("%s a sensor (%s) without enabled required app op: %d", ++ operation, sensor.getName().string(), opCode); ++ return false; ++ } ++ } ++ + const String8& requiredPermission = sensor.getRequiredPermission(); + + if (requiredPermission.length() <= 0) { +@@ -1567,17 +1581,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + return false; + } + +- const int32_t opCode = sensor.getRequiredAppOp(); +- if (opCode >= 0) { +- AppOpsManager appOps; +- if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName) +- != AppOpsManager::MODE_ALLOWED) { +- ALOGE("%s a sensor (%s) without enabled required app op: %d", +- operation, sensor.getName().string(), opCode); +- return false; +- } +- } +- + return true; + } + diff --git a/Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P1.patch b/Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P1.patch new file mode 100644 index 00000000..7afeb606 --- /dev/null +++ b/Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P1.patch @@ -0,0 +1,203 @@ +From 72b86ddf9fe37cf2fb45266edf53446eb34a86df Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Fri, 15 Mar 2019 22:29:43 +0100 +Subject: [PATCH 1/2] AppOps/PrivacyGuard: New Sensor checks [Settings] + +Add two AppOps for sensor access: +- OP_MOTION_SENSORS (default: ask, strict) +- OP_OTHER_SENSORS (default: allow) + +Add new Sensor template, relocate BODY_SENSORS into it + +Change-Id: I9b51c47e27a330823ecb4472b9a7818718ef4209 +--- + res/values-de/cm_strings.xml | 5 +++++ + res/values-fr/cm_strings.xml | 5 +++++ + res/values/cm_strings.xml | 5 +++++ + res/values/lineage_arrays.xml | 9 +++++++++ + .../settings/applications/appops/AppOpsState.java | 13 ++++++++++--- + 5 files changed, 34 insertions(+), 3 deletions(-) + +diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml +index 53dca0e6e7..740ecdb8ee 100644 +--- a/res/values-de/cm_strings.xml ++++ b/res/values-de/cm_strings.xml +@@ -39,6 +39,7 @@ + Gerät + Im Hintergrund ausführen + Systemstart ++ Sensoren + Root-Zugriff + Andere + Anrufeübergabe aus einer anderen App anzunehmen +@@ -76,8 +77,10 @@ + Einstellungen ändern + Standort mit hohem Stromverbrauch beobachten + Standort beobachten ++ Nutzung Bewegungssensoren + Mikrofon ein-/ausschalten + Benachbarte Netze ++ Sonstige Sensoren + Anrufe beantworten + Bild im Bild verwenden + Audio wiedergeben +@@ -162,8 +165,10 @@ + Einstellungen ändern + Standort mit hohem Stromverbrauch beobachten + Standort beobachten ++ Bewegungssensoren + Mikrofon ein-/ausschalten + Benachbarte Zellen ++ sonstige Sensoren + Anrufe beantworten + Bild im Bild verwenden + Audio wiedergeben +diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml +index 523d87d673..3133e8d4bf 100644 +--- a/res/values-fr/cm_strings.xml ++++ b/res/values-fr/cm_strings.xml +@@ -39,6 +39,7 @@ + Appareil + Exécuter en arrière plan + Démarrage ++ Capteurs + Accès root + Autre + transférer un appel d\'une autre application +@@ -76,8 +77,10 @@ + modifier les paramètres + surveiller la position (à puissance élevée) + surveiller la position ++ utiliser les capteurs de mouvement + activer/désactiver le microphone + nœuds environnants ++ utiliser d\'autres capteurs + répondre aux appels téléphoniques + utiliser le mode Picture-in-Picture + lecture audio +@@ -162,8 +165,10 @@ + Modifier les paramètres + Surveiller la position (à puissance élevée) + Surveiller la position ++ Capteur de mouvement + Activer/désactiver le microphone + Noeuds environnants ++ autres Capteurs + Répondre aux appels téléphoniques + Utiliser le mode Picture-in-Picture + Lecture audio +diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml +index 7d0b80d3c0..83abcf8580 100644 +--- a/res/values/cm_strings.xml ++++ b/res/values/cm_strings.xml +@@ -50,6 +50,7 @@ + Device + Run in background + Bootup ++ Sensors + Root access + Other + +@@ -89,7 +90,9 @@ + modify settings + monitor high power location + monitor location ++ Motion Sensor usage + mute/unmute microphone ++ Other Sensor usage + neighboring cells + answer phone calls + use picture in picture +@@ -177,8 +180,10 @@ + Modify settings + Monitor high power location + Monitor location ++ Motion Sensors + Mute/unmute microphone + Neighboring cells ++ Other Sensors + Answer phone calls + Use picture in picture + Play audio +diff --git a/res/values/lineage_arrays.xml b/res/values/lineage_arrays.xml +index 0145438148..40fea7be2d 100644 +--- a/res/values/lineage_arrays.xml ++++ b/res/values/lineage_arrays.xml +@@ -51,6 +51,7 @@ + @string/app_ops_categories_run_in_background + @string/app_ops_categories_bootup + @string/app_ops_categories_su ++ @string/app_ops_categories_sensors + @string/app_ops_categories_other + + +@@ -222,6 +223,10 @@ + @string/app_ops_summaries_toggle_mobile_data + + @string/app_ops_summaries_su ++ ++ @string/app_ops_summaries_motion_sensors ++ ++ @string/app_ops_summaries_other_sensors + + + +@@ -392,6 +397,10 @@ + @string/app_ops_labels_toggle_mobile_data + + @string/app_ops_labels_su ++ ++ @string/app_ops_labels_motion_sensors ++ ++ @string/app_ops_labels_other_sensors + + + +diff --git a/src/com/android/settings/applications/appops/AppOpsState.java b/src/com/android/settings/applications/appops/AppOpsState.java +index eeb1b2d302..8c8d2283ba 100644 +--- a/src/com/android/settings/applications/appops/AppOpsState.java ++++ b/src/com/android/settings/applications/appops/AppOpsState.java +@@ -236,6 +236,15 @@ public class AppOpsState { + new boolean[] { true } + ); + ++ public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate( ++ new int[] { AppOpsManager.OP_BODY_SENSORS, ++ AppOpsManager.OP_MOTION_SENSORS, ++ AppOpsManager.OP_OTHER_SENSORS }, ++ new boolean[] { true, ++ false, ++ false } ++ ); ++ + public static final OpsTemplate SU_TEMPLATE = new OpsTemplate( + new int[] { AppOpsManager.OP_SU }, + new boolean[] { false } +@@ -252,7 +261,6 @@ public class AppOpsState { + AppOpsManager.OP_USE_SIP, + AppOpsManager.OP_PROCESS_OUTGOING_CALLS, + AppOpsManager.OP_USE_FINGERPRINT, +- AppOpsManager.OP_BODY_SENSORS, + AppOpsManager.OP_READ_CELL_BROADCASTS, + AppOpsManager.OP_MOCK_LOCATION, + AppOpsManager.OP_READ_EXTERNAL_STORAGE, +@@ -272,7 +280,6 @@ public class AppOpsState { + true, + true, + true, +- true, + true } + ); + +@@ -286,7 +293,7 @@ public class AppOpsState { + public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] { + LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE, + MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE, +- BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE ++ BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE + }; + + /** +-- +2.31.1 + diff --git a/Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P2.patch b/Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P2.patch new file mode 100644 index 00000000..30176b25 --- /dev/null +++ b/Patches/LineageOS-16.0/android_packages_apps_Settings/0002-Sensors-P2.patch @@ -0,0 +1,37 @@ +From e25aed77e6309bfd63a6fde119cf4e2dd22612b3 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Tue, 19 Mar 2019 22:35:38 +0100 +Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor + AppOps + +Change-Id: Ifc337517818dcc929a406ed455fb76e6533507ab +--- + .../android/settings/applications/appops/AppOpsDetails.java | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/com/android/settings/applications/appops/AppOpsDetails.java b/src/com/android/settings/applications/appops/AppOpsDetails.java +index 2f210435e8..4f01ceabda 100644 +--- a/src/com/android/settings/applications/appops/AppOpsDetails.java ++++ b/src/com/android/settings/applications/appops/AppOpsDetails.java +@@ -115,6 +115,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment { + OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location); + OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone); + OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc); ++ OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_phone_info); + OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications); + OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard); + OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background); +@@ -213,6 +214,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment { + if (icon == null && op != -1 && OP_ICONS.containsKey(op)) { + icon = getActivity().getDrawable(OP_ICONS.get(op)); + } ++ if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) { ++ icon = getIconByPermission(AppOpsManager.opToPermission( ++ AppOpsManager.OP_USE_FINGERPRINT)); ++ } + if (icon == null) { + Log.e(TAG, "Failed to retrieve icon for permission: " + perm); + } else { +-- +2.31.1 + diff --git a/Patches/LineageOS-17.1/android_frameworks_base/0011-Sensors.patch b/Patches/LineageOS-17.1/android_frameworks_base/0011-Sensors.patch new file mode 100644 index 00000000..04b40055 --- /dev/null +++ b/Patches/LineageOS-17.1/android_frameworks_base/0011-Sensors.patch @@ -0,0 +1,103 @@ +From cfc06a04979f028a14ab68fb733a7ecfe6bafcae Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sat, 14 Nov 2020 13:04:05 +0100 +Subject: [PATCH] AppOps: Add further Op for accessing Sensors + +Change-Id: Id7d84d910b849cc4f781aac2a6c21278e08bdeec +--- + core/java/android/app/AppOpsManager.java | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java +index 77875354d732..af535f62c10b 100644 +--- a/core/java/android/app/AppOpsManager.java ++++ b/core/java/android/app/AppOpsManager.java +@@ -836,10 +836,12 @@ public static String flagsToString(@OpFlags int flags) { + public static final int OP_READ_DEVICE_IDENTIFIERS = 89; + /** @hide Read location metadata from media */ + public static final int OP_ACCESS_MEDIA_LOCATION = 90; ++ /** @hide Access other Sensors */ ++ public static final int OP_OTHER_SENSORS = 91; + + /** @hide */ + @UnsupportedAppUsage +- public static final int _NUM_OP = 91; ++ public static final int _NUM_OP = 92; + + /** Access to coarse location information. */ + public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; +@@ -1119,6 +1121,10 @@ public static String flagsToString(@OpFlags int flags) { + /** @hide Read device identifiers */ + public static final String OPSTR_READ_DEVICE_IDENTIFIERS = "android:read_device_identifiers"; + ++ /** @hide Other Sensors */ ++ public static final String OPSTR_OTHER_SENSORS = "android:other_sensors"; ++ ++ + // Warning: If an permission is added here it also has to be added to + // com.android.packageinstaller.permission.utils.EventLogger + private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = { +@@ -1281,6 +1287,7 @@ public static String flagsToString(@OpFlags int flags) { + OP_ACCESS_ACCESSIBILITY, // ACCESS_ACCESSIBILITY + OP_READ_DEVICE_IDENTIFIERS, // READ_DEVICE_IDENTIFIERS + OP_ACCESS_MEDIA_LOCATION, // ACCESS_MEDIA_LOCATION ++ OP_OTHER_SENSORS, // OTHER_SENSORS + }; + + /** +@@ -1378,6 +1385,7 @@ public static String flagsToString(@OpFlags int flags) { + OPSTR_ACCESS_ACCESSIBILITY, + OPSTR_READ_DEVICE_IDENTIFIERS, + OPSTR_ACCESS_MEDIA_LOCATION, ++ OPSTR_OTHER_SENSORS, + }; + + /** +@@ -1476,6 +1484,7 @@ public static String flagsToString(@OpFlags int flags) { + "ACCESS_ACCESSIBILITY", + "READ_DEVICE_IDENTIFIERS", + "ACCESS_MEDIA_LOCATION", ++ "OTHER_SENSORS", + }; + + /** +@@ -1575,6 +1584,7 @@ public static String flagsToString(@OpFlags int flags) { + null, // no permission for OP_ACCESS_ACCESSIBILITY + null, // no direct permission for OP_READ_DEVICE_IDENTIFIERS + Manifest.permission.ACCESS_MEDIA_LOCATION, ++ null, // no direct permission for OP_OTHER_SENSORS + }; + + /** +@@ -1674,6 +1684,7 @@ public static String flagsToString(@OpFlags int flags) { + null, // ACCESS_ACCESSIBILITY + null, // READ_DEVICE_IDENTIFIERS + null, // ACCESS_MEDIA_LOCATION ++ null, // OTHER_SENSORS + }; + + /** +@@ -1772,6 +1783,7 @@ public static String flagsToString(@OpFlags int flags) { + false, // ACCESS_ACCESSIBILITY + false, // READ_DEVICE_IDENTIFIERS + false, // ACCESS_MEDIA_LOCATION ++ false, // OTHER_SENSORS + }; + + /** +@@ -1869,6 +1881,7 @@ public static String flagsToString(@OpFlags int flags) { + AppOpsManager.MODE_ALLOWED, // ACCESS_ACCESSIBILITY + AppOpsManager.MODE_ERRORED, // READ_DEVICE_IDENTIFIERS + AppOpsManager.MODE_ALLOWED, // ALLOW_MEDIA_LOCATION ++ AppOpsManager.MODE_ALLOWED, // OTHER_SENSORS + }; + + /** +@@ -1970,6 +1983,7 @@ public static String flagsToString(@OpFlags int flags) { + false, // ACCESS_ACCESSIBILITY + false, // READ_DEVICE_IDENTIFIERS + false, // ACCESS_MEDIA_LOCATION ++ false, // OTHER_SENSORS + }; + + /** diff --git a/Patches/LineageOS-17.1/android_frameworks_native/0001-Sensors.patch b/Patches/LineageOS-17.1/android_frameworks_native/0001-Sensors.patch new file mode 100644 index 00000000..5bdaa257 --- /dev/null +++ b/Patches/LineageOS-17.1/android_frameworks_native/0001-Sensors.patch @@ -0,0 +1,81 @@ +From 8dccd92c719f3cfabb75f2d4cda2743e9f8cd4a8 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sat, 14 Nov 2020 13:21:18 +0100 +Subject: [PATCH] AppOps: New Op for (Other) sensors access + + * Add missing Ops to the enum, as pre-requisite to add new sensor op + * Add new sensor op to enum + * Invoke OP_OTHER_SENSORS as default + * Adapt logic for checking the Ops, if no permission is linked + +Change-Id: If4011566a391314afed9a26e1dcf6e4bc838e4f7 +--- + libs/binder/include/binder/AppOpsManager.h | 13 +++++++++++++ + libs/sensor/Sensor.cpp | 1 + + services/sensorservice/SensorService.cpp | 9 +++++---- + 3 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h +index 17493b4252..89c0eacb8a 100644 +--- a/libs/binder/include/binder/AppOpsManager.h ++++ b/libs/binder/include/binder/AppOpsManager.h +@@ -109,6 +109,19 @@ class AppOpsManager + OP_START_FOREGROUND = 76, + OP_BLUETOOTH_SCAN = 77, + OP_USE_BIOMETRIC = 78, ++ OP_ACTIVITY_RECOGNITION = 79, ++ OP_SMS_FINANCIAL_TRANSACTIONS = 80, ++ OP_READ_MEDIA_AUDIO = 81, ++ OP_WRITE_MEDIA_AUDIO = 82, ++ OP_READ_MEDIA_VIDEO = 83, ++ OP_WRITE_MEDIA_VIDEO = 84, ++ OP_READ_MEDIA_IMAGES = 85, ++ OP_WRITE_MEDIA_IMAGES = 86, ++ OP_LEGACY_STORAGE = 87, ++ OP_ACCESS_ACCESSIBILITY = 88, ++ OP_READ_DEVICE_IDENTIFIERS = 89, ++ OP_ACCESS_MEDIA_LOCATION = 90, ++ OP_OTHER_SENSORS = 91, + }; + + AppOpsManager(); +diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp +index abc910302c..8a318543a7 100644 +--- a/libs/sensor/Sensor.cpp ++++ b/libs/sensor/Sensor.cpp +@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + mMinDelay = hwSensor.minDelay; + mFlags = 0; + mUuid = uuid; ++ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set + + // Set fifo event count zero for older devices which do not support batching. Fused + // sensors also have their fifo counts set to zero. +diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp +index 6bb250e7bb..58297122a5 100644 +--- a/services/sensorservice/SensorService.cpp ++++ b/services/sensorservice/SensorService.cpp +@@ -1643,10 +1643,9 @@ status_t SensorService::flushSensor(const sp& connection, + + bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + const String16& opPackageName) { ++ + // Check if a permission is required for this sensor +- if (sensor.getRequiredPermission().length() <= 0) { +- return true; +- } ++ bool noAssociatedPermission = (sensor.getRequiredPermission().length() <= 0); + + const int32_t opCode = sensor.getRequiredAppOp(); + const int32_t appOpMode = sAppOpsManager.checkOp(opCode, +@@ -1654,7 +1653,9 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + bool appOpAllowed = appOpMode == AppOpsManager::MODE_ALLOWED; + + bool canAccess = false; +- if (hasPermissionForSensor(sensor)) { ++ if (noAssociatedPermission) { ++ canAccess = appOpAllowed; ++ } else if (hasPermissionForSensor(sensor)) { + // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor + if (opCode < 0 || appOpAllowed) { + canAccess = true; diff --git a/Patches/LineageOS-17.1/android_packages_apps_Settings/0002-Sensors.patch b/Patches/LineageOS-17.1/android_packages_apps_Settings/0002-Sensors.patch new file mode 100644 index 00000000..99a4f905 --- /dev/null +++ b/Patches/LineageOS-17.1/android_packages_apps_Settings/0002-Sensors.patch @@ -0,0 +1,262 @@ +From cbaa03f90faaed007e522306be77fa79c5b87859 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sat, 14 Nov 2020 15:17:37 +0100 +Subject: [PATCH] Special Access: Add an option to administer Sensor access + +Accesses the added AppOp for OP_OTHER_SENSORS + +Change-Id: I79c0ed4ab97494434edc6c308a8a54bd123c02ee +--- + res/values-de/strings.xml | 3 + + res/values-fr/strings.xml | 3 + + res/values/strings.xml | 5 + + res/xml/special_access.xml | 7 + + .../specialaccess/sensor/SensorAccess.java | 178 ++++++++++++++++++ + 5 files changed, 196 insertions(+) + create mode 100644 src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java + +diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml +index 0893b5c318..a81d55df07 100644 +--- a/res/values-de/strings.xml ++++ b/res/values-de/strings.xml +@@ -4671,4 +4671,7 @@ + + + ++ Sensorzugriff von Benutzer-Apps kontrollieren ++ Zugriff auf Sensoren ++ Keine installierte App hat Sensorzugriff angefordert. + +diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml +index a1461ea6a2..c7aa02d04f 100644 +--- a/res/values-fr/strings.xml ++++ b/res/values-fr/strings.xml +@@ -4670,4 +4670,7 @@ + + + ++ Contrôler l\'accès des applications utilisateurs aux capteurs ++ Access aux Capteurs ++ Aucune app installée n\'a demandé de l\'accès aux capteurs. + +diff --git a/res/values/strings.xml b/res/values/strings.xml +index 5b4f19c18b..d8a769645e 100644 +--- a/res/values/strings.xml ++++ b/res/values/strings.xml +@@ -11426,6 +11426,11 @@ + + + ++ ++ Control sensor access for user apps ++ Access to Sensors ++ No installed apps have requested sensors access. ++ + + A device wants to access your messages. Tap for details. + +diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml +index f846298341..bee9d6e2eb 100644 +--- a/res/xml/special_access.xml ++++ b/res/xml/special_access.xml +@@ -145,6 +145,13 @@ + android:value="com.android.settings.Settings$ChangeWifiStateActivity" /> + + ++ ++ ++ + apps = new ArrayList<>(); ++ final List installed = mPackageManager.getInstalledApplications(0); ++ if (installed != null) { ++ for (ApplicationInfo app : installed) { ++ // Skip system apps ++ if (isUserApp(app.packageName)) { ++ // Only apps effectively having the Op OTHER_SENSORS ++ if (mAppOpsManager.getOpsForPackage(getPackageUid(app.packageName), ++ app.packageName, new int[]{AppOpsManager.OP_OTHER_SENSORS}) != null) ++ apps.add(app); ++ } ++ } ++ } ++ Collections.sort(apps, new PackageItemInfo.DisplayNameComparator(mPackageManager)); ++ for (ApplicationInfo app : apps) { ++ final String pkg = app.packageName; ++ final CharSequence label = app.loadLabel(mPackageManager); ++ final SwitchPreference pref = new SwitchPreference(getPrefContext()); ++ pref.setPersistent(false); ++ pref.setIcon(app.loadIcon(mPackageManager)); ++ pref.setTitle(label); ++ updateState(pref, pkg); ++ pref.setOnPreferenceChangeListener(new OnPreferenceChangeListener() { ++ @Override ++ public boolean onPreferenceChange(Preference preference, Object newValue) { ++ boolean switchOn = (Boolean) newValue; ++ mAppOpsManager.setMode(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg, ++ switchOn ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED); ++ pref.setChecked(switchOn); ++ return false; ++ } ++ }); ++ screen.addPreference(pref); ++ } ++ } ++ ++ public void updateState(SwitchPreference preference, String pkg) { ++ final int mode = mAppOpsManager ++ .checkOpNoThrow(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg); ++ if (mode == AppOpsManager.MODE_ERRORED) { ++ preference.setChecked(false); ++ } else { ++ final boolean checked = mode != AppOpsManager.MODE_IGNORED; ++ preference.setChecked(checked); ++ } ++ } ++ ++ private boolean isUserApp(String pkg) { ++ ApplicationInfo appInfo; ++ try { ++ appInfo = mPackageManager.getApplicationInfo(pkg, ++ PackageManager.GET_DISABLED_COMPONENTS ++ | PackageManager.GET_UNINSTALLED_PACKAGES); ++ } catch (PackageManager.NameNotFoundException e) { ++ Log.w(TAG, "Unable to find info for package " + pkg); ++ return false; ++ } ++ return ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0); ++ } ++ ++ private int getPackageUid(String pkg) { ++ int uid; ++ try { ++ uid = mPackageManager.getPackageUid(pkg, 0); ++ } catch (PackageManager.NameNotFoundException e) { ++ // We shouldn't hit this, ever. What can we even do after this? ++ uid = -1; ++ } ++ return uid; ++ } ++ ++ private final class SettingObserver extends ContentObserver { ++ public SettingObserver() { ++ super(new Handler(Looper.getMainLooper())); ++ } ++ ++ @Override ++ public void onChange(boolean selfChange, Uri uri) { ++ reloadList(); ++ } ++ } ++} +-- +2.31.1 + diff --git a/Patches/LineageOS-18.1/android_frameworks_base/0010-Sensors.patch b/Patches/LineageOS-18.1/android_frameworks_base/0010-Sensors.patch new file mode 100644 index 00000000..6879d13a --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_base/0010-Sensors.patch @@ -0,0 +1,104 @@ +From 28d7fc27bb5f69753d3b3a7e2329d692d99c4433 Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sat, 14 Nov 2020 13:04:05 +0100 +Subject: [PATCH] AppOps: Add further Op for accessing Sensors + + (Adapted for R) + +Change-Id: Id7d84d910b849cc4f781aac2a6c21278e08bdeec +--- + core/java/android/app/AppOpsManager.java | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java +index 6baabb69e028..fb685b57e0a6 100644 +--- a/core/java/android/app/AppOpsManager.java ++++ b/core/java/android/app/AppOpsManager.java +@@ -1150,9 +1150,12 @@ public static String flagsToString(@OpFlags int flags) { + // TODO: Add as AppProtoEnums + public static final int OP_RECORD_AUDIO_HOTWORD = 102; + ++ /** @hide Access to other Sensors **/ ++ public static final int OP_OTHER_SENSORS = 103; ++ + /** @hide */ + @UnsupportedAppUsage +- public static final int _NUM_OP = 103; ++ public static final int _NUM_OP = 104; + + /** Access to coarse location information. */ + public static final String OPSTR_COARSE_LOCATION = "android:coarse_location"; +@@ -1490,6 +1493,9 @@ public static String flagsToString(@OpFlags int flags) { + */ + public static final String OPSTR_RECORD_AUDIO_HOTWORD = "android:record_audio_hotword"; + ++ /** @hide Other Sensors */ ++ public static final String OPSTR_OTHER_SENSORS = "android:other_sensors"; ++ + /** {@link #sAppOpsToNote} not initialized yet for this op */ + private static final byte SHOULD_COLLECT_NOTE_OP_NOT_INITIALIZED = 0; + /** Should not collect noting of this app-op in {@link #sAppOpsToNote} */ +@@ -1682,6 +1688,7 @@ public static String flagsToString(@OpFlags int flags) { + OP_PHONE_CALL_MICROPHONE, // OP_PHONE_CALL_MICROPHONE + OP_PHONE_CALL_CAMERA, // OP_PHONE_CALL_CAMERA + OP_RECORD_AUDIO_HOTWORD, // RECORD_AUDIO_HOTWORD ++ OP_OTHER_SENSORS, // OTHER SENSORS + }; + + /** +@@ -1791,6 +1798,7 @@ public static String flagsToString(@OpFlags int flags) { + OPSTR_PHONE_CALL_MICROPHONE, + OPSTR_PHONE_CALL_CAMERA, + OPSTR_RECORD_AUDIO_HOTWORD, ++ OPSTR_OTHER_SENSORS, + }; + + /** +@@ -1901,6 +1909,7 @@ public static String flagsToString(@OpFlags int flags) { + "PHONE_CALL_MICROPHONE", + "PHONE_CALL_CAMERA", + "RECORD_AUDIO_HOTWORD", ++ "OTHER_SENSORS", + }; + + /** +@@ -2012,6 +2021,7 @@ public static String flagsToString(@OpFlags int flags) { + null, // no permission for OP_PHONE_CALL_MICROPHONE + null, // no permission for OP_PHONE_CALL_CAMERA + null, // no permission for OP_RECORD_AUDIO_HOTWORD ++ null, // no permission for OP_OTHER_SENSORS + }; + + /** +@@ -2123,6 +2133,7 @@ public static String flagsToString(@OpFlags int flags) { + null, // PHONE_CALL_MICROPHONE + null, // PHONE_CALL_MICROPHONE + null, // RECORD_AUDIO_HOTWORD ++ null, // OTHER SENSORS + }; + + /** +@@ -2233,6 +2244,7 @@ public static String flagsToString(@OpFlags int flags) { + null, // PHONE_CALL_MICROPHONE + null, // PHONE_CALL_CAMERA + null, // RECORD_AUDIO_HOTWORD ++ null, // OTHER SENSORS + }; + + /** +@@ -2342,6 +2354,7 @@ public static String flagsToString(@OpFlags int flags) { + AppOpsManager.MODE_ALLOWED, // PHONE_CALL_MICROPHONE + AppOpsManager.MODE_ALLOWED, // PHONE_CALL_CAMERA + AppOpsManager.MODE_ALLOWED, // OP_RECORD_AUDIO_HOTWORD ++ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS + }; + + /** +@@ -2455,6 +2468,7 @@ public static String flagsToString(@OpFlags int flags) { + false, // PHONE_CALL_MICROPHONE + false, // PHONE_CALL_CAMERA + false, // RECORD_AUDIO_HOTWORD ++ false, // OTHER SENSORS + }; + + /** diff --git a/Patches/LineageOS-18.1/android_frameworks_native/0001-Sensors.patch b/Patches/LineageOS-18.1/android_frameworks_native/0001-Sensors.patch new file mode 100644 index 00000000..9e4563cc --- /dev/null +++ b/Patches/LineageOS-18.1/android_frameworks_native/0001-Sensors.patch @@ -0,0 +1,73 @@ +From fbe7bf4aec5c1f436f3750f2136ebdc580564a3a Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sat, 14 Nov 2020 13:21:18 +0100 +Subject: [PATCH] AppOps: New Op for (Other) sensors access + + * Add new sensor op to enum + * Invoke OP_OTHER_SENSORS as default + * Adapt logic for checking the Ops, if no permission is linked + +cherry-picked from lin17-microG and adapted for R + +Change-Id: If4011566a391314afed9a26e1dcf6e4bc838e4f7 +--- + libs/binder/include/binder/AppOpsManager.h | 3 ++- + libs/sensor/Sensor.cpp | 1 + + services/sensorservice/SensorService.cpp | 10 ++++++---- + 3 files changed, 9 insertions(+), 5 deletions(-) + +diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h +index d93935ae5d..4a8c36f5b2 100644 +--- a/libs/binder/include/binder/AppOpsManager.h ++++ b/libs/binder/include/binder/AppOpsManager.h +@@ -135,7 +135,8 @@ class AppOpsManager + OP_PHONE_CALL_MICROPHONE = 100, + OP_PHONE_CALL_CAMERA = 101, + OP_RECORD_AUDIO_HOTWORD = 102, +- _NUM_OP = 103 ++ OP_OTHER_SENSORS = 103, ++ _NUM_OP = 104 + }; + + AppOpsManager(); +diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp +index 9d817ae0bd..76d365d5f7 100644 +--- a/libs/sensor/Sensor.cpp ++++ b/libs/sensor/Sensor.cpp +@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi + mMinDelay = hwSensor.minDelay; + mFlags = 0; + mUuid = uuid; ++ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set + + // Set fifo event count zero for older devices which do not support batching. Fused + // sensors also have their fifo counts set to zero. +diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp +index 3ca34bba1b..8a62b2bb9c 100644 +--- a/services/sensorservice/SensorService.cpp ++++ b/services/sensorservice/SensorService.cpp +@@ -1798,10 +1798,9 @@ status_t SensorService::flushSensor(const sp& connection, + + bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + const String16& opPackageName) { ++ + // Check if a permission is required for this sensor +- if (sensor.getRequiredPermission().length() <= 0) { +- return true; +- } ++ bool noAssociatedPermission = (sensor.getRequiredPermission().length() <= 0); + + const int32_t opCode = sensor.getRequiredAppOp(); + const int32_t appOpMode = sAppOpsManager.checkOp(opCode, +@@ -1816,7 +1815,10 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, + // Allow access to step sensors if the application targets pre-Q, which is before the + // requirement to hold the AR permission to access Step Counter and Step Detector events + // was introduced. +- canAccess = true; ++ // [MSe1969: Of course only, if AppOpAllowed] ++ canAccess = appOpAllowed; ++ } else if (noAssociatedPermission) { ++ canAccess = appOpAllowed; + } else if (hasPermissionForSensor(sensor)) { + // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor + if (opCode < 0 || appOpAllowed) { diff --git a/Patches/LineageOS-18.1/android_packages_apps_Settings/0002-Sensors.patch b/Patches/LineageOS-18.1/android_packages_apps_Settings/0002-Sensors.patch new file mode 100644 index 00000000..5c8e615e --- /dev/null +++ b/Patches/LineageOS-18.1/android_packages_apps_Settings/0002-Sensors.patch @@ -0,0 +1,260 @@ +From a0087ffdd73ca128dc9f27118fc9eb4fd43c798b Mon Sep 17 00:00:00 2001 +From: MSe1969 +Date: Sat, 14 Nov 2020 15:17:37 +0100 +Subject: [PATCH] Special Access: Add an option to administer Sensor access + +Accesses the added AppOp for OP_OTHER_SENSORS + +Change-Id: I79c0ed4ab97494434edc6c308a8a54bd123c02ee +--- + res/values-de/strings.xml | 3 + + res/values-fr/strings.xml | 3 + + res/values/strings.xml | 5 + + res/xml/special_access.xml | 7 + + .../specialaccess/sensor/SensorAccess.java | 178 ++++++++++++++++++ + 5 files changed, 196 insertions(+) + create mode 100644 src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java + +diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml +index b2acb11e61..f5815df4a8 100644 +--- a/res/values-de/strings.xml ++++ b/res/values-de/strings.xml +@@ -4969,4 +4969,7 @@ + "Ein nicht vertrauenswürdiges Gerät fordert Zugriff auf deine Kontakte und deine Anrufliste an. Weitere Informationen." + "Möchtest du den Zugriff auf Kontakte und Anrufliste zulassen?" + "Ein nicht vertrauenswürdiges Bluetooth-Gerät (%1$s) möchte auf deine Kontakte und deine Anrufliste zugreifen. Dazu gehören auch Daten über ein- und ausgehende Anrufe.\n\nDu warst bisher noch nicht mit %2$s verbunden." ++ Sensorzugriff von Benutzer-Apps kontrollieren ++ Zugriff auf Sensoren ++ Keine installierte App hat Sensorzugriff angefordert. + +diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml +index 42545707e6..d65e050664 100644 +--- a/res/values-fr/strings.xml ++++ b/res/values-fr/strings.xml +@@ -4968,4 +4968,7 @@ + "Un appareil non vérifié souhaite accéder à vos contacts et à votre journal d\'appels. Appuyez ici pour plus de détails." + "Autoriser l\'accès aux contacts et au journal d\'appels ?" + "Un appareil Bluetooth non vérifié, %1$s, souhaite accéder à vos contacts et à votre journal d\'appels. Ceci inclut des données concernant les appels entrants et sortants.\n\nVous ne vous êtes jamais connecté à %2$s auparavant." ++ Contrôler l\'accès des applications utilisateurs aux capteurs ++ Access aux Capteurs ++ Aucune app installée n\'a demandé de l\'accès aux capteurs. + +diff --git a/res/values/strings.xml b/res/values/strings.xml +index adf837a034..e4e0c9d129 100644 +--- a/res/values/strings.xml ++++ b/res/values/strings.xml +@@ -12227,4 +12227,9 @@ + Don\u2019t connect + + Connect ++ ++ ++ Control sensor access for user apps ++ Access to Sensors ++ No installed apps have requested sensors access. + +diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml +index 6ee87f4664..f65ee68f7e 100644 +--- a/res/xml/special_access.xml ++++ b/res/xml/special_access.xml +@@ -154,6 +154,13 @@ + android:value="com.android.settings.Settings$ChangeWifiStateActivity" /> + + ++ ++ ++ + apps = new ArrayList<>(); ++ final List installed = mPackageManager.getInstalledApplications(0); ++ if (installed != null) { ++ for (ApplicationInfo app : installed) { ++ // Skip system apps ++ if (isUserApp(app.packageName)) { ++ // Only apps effectively having the Op OTHER_SENSORS ++ if (mAppOpsManager.getOpsForPackage(getPackageUid(app.packageName), ++ app.packageName, new int[]{AppOpsManager.OP_OTHER_SENSORS}) != null) ++ apps.add(app); ++ } ++ } ++ } ++ Collections.sort(apps, new PackageItemInfo.DisplayNameComparator(mPackageManager)); ++ for (ApplicationInfo app : apps) { ++ final String pkg = app.packageName; ++ final CharSequence label = app.loadLabel(mPackageManager); ++ final SwitchPreference pref = new SwitchPreference(getPrefContext()); ++ pref.setPersistent(false); ++ pref.setIcon(app.loadIcon(mPackageManager)); ++ pref.setTitle(label); ++ updateState(pref, pkg); ++ pref.setOnPreferenceChangeListener(new OnPreferenceChangeListener() { ++ @Override ++ public boolean onPreferenceChange(Preference preference, Object newValue) { ++ boolean switchOn = (Boolean) newValue; ++ mAppOpsManager.setMode(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg, ++ switchOn ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED); ++ pref.setChecked(switchOn); ++ return false; ++ } ++ }); ++ screen.addPreference(pref); ++ } ++ } ++ ++ public void updateState(SwitchPreference preference, String pkg) { ++ final int mode = mAppOpsManager ++ .checkOpNoThrow(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg); ++ if (mode == AppOpsManager.MODE_ERRORED) { ++ preference.setChecked(false); ++ } else { ++ final boolean checked = mode != AppOpsManager.MODE_IGNORED; ++ preference.setChecked(checked); ++ } ++ } ++ ++ private boolean isUserApp(String pkg) { ++ ApplicationInfo appInfo; ++ try { ++ appInfo = mPackageManager.getApplicationInfo(pkg, ++ PackageManager.GET_DISABLED_COMPONENTS ++ | PackageManager.GET_UNINSTALLED_PACKAGES); ++ } catch (PackageManager.NameNotFoundException e) { ++ Log.w(TAG, "Unable to find info for package " + pkg); ++ return false; ++ } ++ return ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0); ++ } ++ ++ private int getPackageUid(String pkg) { ++ int uid; ++ try { ++ uid = mPackageManager.getPackageUid(pkg, 0); ++ } catch (PackageManager.NameNotFoundException e) { ++ // We shouldn't hit this, ever. What can we even do after this? ++ uid = -1; ++ } ++ return uid; ++ } ++ ++ private final class SettingObserver extends ContentObserver { ++ public SettingObserver() { ++ super(new Handler(Looper.getMainLooper())); ++ } ++ ++ @Override ++ public void onChange(boolean selfChange, Uri uri) { ++ reloadList(); ++ } ++ } ++} +-- +2.31.1 + diff --git a/Scripts/LineageOS-14.1/Patch.sh b/Scripts/LineageOS-14.1/Patch.sh index 95c48be0..f3d67020 100644 --- a/Scripts/LineageOS-14.1/Patch.sh +++ b/Scripts/LineageOS-14.1/Patch.sh @@ -106,10 +106,17 @@ changeDefaultDNS; #Change the default DNS servers patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P1.patch"; #Permission for sensors access (MSe1969) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P2.patch"; +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P3.patch"; rm -rf packages/Osu; #Automatic Wi-Fi connection non-sense rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps fi; +if enterAndClear "frameworks/native"; then +patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969) +fi; + if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then if enterAndClear "frameworks/opt/net/ims"; then patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed @@ -208,6 +215,8 @@ if enterAndClear "packages/apps/Settings"; then git revert --no-edit 2ebe6058c546194a301c1fd22963d6be4adbf961; #Don't hide OEM unlock patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/201113.patch"; #wifi: Add world regulatory domain country code patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P1.patch"; #Permission for sensors access (MSe1969) +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch"; sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options diff --git a/Scripts/LineageOS-15.1/Functions.sh b/Scripts/LineageOS-15.1/Functions.sh index 9ace6689..37f7a9eb 100644 --- a/Scripts/LineageOS-15.1/Functions.sh +++ b/Scripts/LineageOS-15.1/Functions.sh @@ -85,8 +85,7 @@ patchWorkspace() { umask 0022; if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi; - source build/envsetup.sh; - repopick -it O_asb_2021-09; + #source build/envsetup.sh; source "$DOS_SCRIPTS/Patch.sh"; source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh"; diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index f601ff57..39dccb74 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -109,11 +109,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch"; patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS) patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Sensors.patch"; #Permission for sensors access (MSe1969) if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS) rm -rf packages/Osu packages/Osu2; #Automatic Wi-Fi connection non-sense rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps fi; +if enterAndClear "frameworks/native"; then +patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969) +fi; + if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then if enterAndClear "frameworks/opt/net/ims"; then patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed @@ -184,6 +189,8 @@ if enterAndClear "packages/apps/Settings"; then git revert --no-edit a96df110e84123fe1273bff54feca3b4ca484dcd; #Don't hide OEM unlock patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0004-PDB_Fixes.patch"; #Fix crashes when the PersistentDataBlockManager service isn't available XXX: This might be broken! +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P1.patch"; #Permission for sensors access (MSe1969) +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P2.patch"; sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options diff --git a/Scripts/LineageOS-16.0/Patch.sh b/Scripts/LineageOS-16.0/Patch.sh index 6cfb4ed1..57d68c5e 100644 --- a/Scripts/LineageOS-16.0/Patch.sh +++ b/Scripts/LineageOS-16.0/Patch.sh @@ -118,11 +118,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS) patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; #Permission for sensors access (MSe1969) sed -i '301i\ if(packageList != null && packageList.length() > 0) { packageList += ","; } packageList += "net.sourceforge.opencamera";' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS) rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps fi; +if enterAndClear "frameworks/native"; then +patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969) +fi; + if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then if enterAndClear "frameworks/opt/net/ims"; then patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed @@ -196,6 +201,8 @@ if enterAndClear "packages/apps/Settings"; then git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P1.patch"; #Permission for sensors access (MSe1969) +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch"; sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options fi; diff --git a/Scripts/LineageOS-17.1/Patch.sh b/Scripts/LineageOS-17.1/Patch.sh index 69b21003..a457ca72 100644 --- a/Scripts/LineageOS-17.1/Patch.sh +++ b/Scripts/LineageOS-17.1/Patch.sh @@ -114,12 +114,17 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS) patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; #Permission for sensors access (MSe1969) if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS) #sed -i '295i\ if(packageList != null && packageList.size() > 0) { packageList.add("net.sourceforge.opencamera"); }' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist XXX: needs testing, broke boot last time rm -rf packages/OsuLogin; #Automatic Wi-Fi connection non-sense rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps fi; +if enterAndClear "frameworks/native"; then +patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969) +fi; + if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then if enterAndClear "frameworks/opt/net/ims"; then patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed @@ -194,6 +199,7 @@ fi; if enterAndClear "packages/apps/Settings"; then git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors.patch"; #Permission for sensors access (MSe1969) sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options diff --git a/Scripts/LineageOS-18.1/Patch.sh b/Scripts/LineageOS-18.1/Patch.sh index a92ca971..4da768df 100644 --- a/Scripts/LineageOS-18.1/Patch.sh +++ b/Scripts/LineageOS-18.1/Patch.sh @@ -96,11 +96,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS) patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969) patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS) +patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Sensors.patch"; #Permission for sensors access (MSe1969) #sed -i '301i\ if(packageList != null && packageList.size() > 0) { packageList.add("net.sourceforge.opencamera"); }' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist XXX: needs testing, broke boot last time if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS) rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps fi; +if enterAndClear "frameworks/native"; then +patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969) +fi; + if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then if enterAndClear "frameworks/opt/net/ims"; then patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed @@ -181,6 +186,7 @@ fi; if enterAndClear "packages/apps/Settings"; then patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969) +patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors.patch"; #Permission for sensors access (MSe1969) sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options fi;