mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-25 23:05:56 -05:00
Permission for sensors access patches from @MSe1969
Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
f5a58bd35f
commit
84c7d230ab
@ -0,0 +1,197 @@
|
||||
From 5ccfecfc925ec64d2f49c634701b1f9c1804dbcb Mon Sep 17 00:00:00 2001
|
||||
From: MSe <mse1969@posteo.de>
|
||||
Date: Mon, 26 Feb 2018 17:53:23 +0100
|
||||
Subject: [PATCH 1/3] - AppOps/PrivacyGuard: New Sensor checks [base]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
Change-Id: I05ad545285eac84c0cd98868b6e330b7bcdab4cc
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 34 +++++++++++++++++++++---
|
||||
core/res/res/values-de/cm_strings.xml | 2 ++
|
||||
core/res/res/values-fr/cm_strings.xml | 2 ++
|
||||
core/res/res/values/cm_arrays.xml | 4 +++
|
||||
core/res/res/values/cm_strings.xml | 2 ++
|
||||
5 files changed, 41 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index e13947335d2a..a9a00a60f0e5 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -267,7 +267,11 @@ public class AppOpsManager {
|
||||
/** @hide */
|
||||
public static final int OP_SU = 69;
|
||||
/** @hide */
|
||||
- public static final int _NUM_OP = 70;
|
||||
+ public static final int OP_MOTION_SENSORS = 70;
|
||||
+ /** @hide */
|
||||
+ public static final int OP_OTHER_SENSORS = 71;
|
||||
+ /** @hide */
|
||||
+ public static final int _NUM_OP = 72;
|
||||
|
||||
/** Access to coarse location information. */
|
||||
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
|
||||
@@ -378,6 +382,10 @@ public class AppOpsManager {
|
||||
"android:data_connect_change";
|
||||
private static final String OPSTR_SU =
|
||||
"android:su";
|
||||
+ private static final String OPSTR_MOTION_SENSORS =
|
||||
+ "android:motion_sensors";
|
||||
+ private static final String OPSTR_OTHER_SENSORS =
|
||||
+ "android:other_sensors";
|
||||
|
||||
private static final int[] RUNTIME_PERMISSIONS_OPS = {
|
||||
// Contacts
|
||||
@@ -494,7 +502,9 @@ public class AppOpsManager {
|
||||
OP_BOOT_COMPLETED,
|
||||
OP_NFC_CHANGE,
|
||||
OP_DATA_CONNECT_CHANGE,
|
||||
- OP_SU
|
||||
+ OP_SU,
|
||||
+ OP_MOTION_SENSORS,
|
||||
+ OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -572,6 +582,8 @@ public class AppOpsManager {
|
||||
OPSTR_NFC_CHANGE,
|
||||
OPSTR_DATA_CONNECT_CHANGE,
|
||||
OPSTR_SU,
|
||||
+ OPSTR_MOTION_SENSORS,
|
||||
+ OPSTR_OTHER_SENSORS,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -649,6 +661,8 @@ public class AppOpsManager {
|
||||
"NFC_CHANGE",
|
||||
"DATA_CONNECT_CHANGE",
|
||||
"SU",
|
||||
+ "MOTION_SENSORS",
|
||||
+ "OTHER_SENSORS",
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -726,6 +740,8 @@ public class AppOpsManager {
|
||||
Manifest.permission.NFC,
|
||||
Manifest.permission.MODIFY_PHONE_STATE,
|
||||
null,
|
||||
+ null,
|
||||
+ null,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -804,6 +820,8 @@ public class AppOpsManager {
|
||||
null, //NFC_CHANGE
|
||||
null, //DATA_CONNECT_CHANGE
|
||||
UserManager.DISALLOW_SU, //SU TODO: this should really be investigated.
|
||||
+ null, //MOTION_SENSORS
|
||||
+ null, //OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -881,6 +899,8 @@ public class AppOpsManager {
|
||||
true, // NFC_CHANGE
|
||||
true, //DATA_CONNECT_CHANGE
|
||||
false, //SU
|
||||
+ false, //MOTION_SENSORS
|
||||
+ false, //OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -956,7 +976,9 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ALLOWED, // OP_BOOT_COMPLETED
|
||||
AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ALLOWED,
|
||||
- AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1034,6 +1056,8 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ASK, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1110,6 +1134,8 @@ public class AppOpsManager {
|
||||
true, // OP_NFC_CHANGE
|
||||
true, // OP_DATA_CONNECT_CHANGE
|
||||
true, // OP_SU
|
||||
+ true, // OP_MOTION_SENSORS
|
||||
+ false, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1190,6 +1216,8 @@ public class AppOpsManager {
|
||||
false, // OP_NFC_CHANGE
|
||||
false, // OP_DATA_CONNECT_CHANGE
|
||||
false, // OP_SU
|
||||
+ false, // OP_MOTION_SENSORS
|
||||
+ false, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml
|
||||
index ad742ee840b6..432ed9bf1882 100644
|
||||
--- a/core/res/res/values-de/cm_strings.xml
|
||||
+++ b/core/res/res/values-de/cm_strings.xml
|
||||
@@ -108,6 +108,8 @@
|
||||
<string name="app_ops_run_in_background">im Hintergrund ausgeführt zu werden</string>
|
||||
<string name="app_ops_wifi_change">WLAN-Status zu ändern</string>
|
||||
<string name="app_ops_su">Root-Zugriff zu erhalten</string>
|
||||
+ <string name="app_ops_motion_sensors">Bewegungssensoren zu nutzen</string>
|
||||
+ <string name="app_ops_other_sensors">sonstige Sensoren zu nutzen</string>
|
||||
<string name="notify_package_component_protected_title">Start der Aktivität blockiert</string>
|
||||
<string name="notify_package_component_protected_text"><xliff:g id="app_name">%1$s</xliff:g> ist vom Starten abgehalten worden. Tippen Sie, um sich zu authentifizieren und die App zu starten.</string>
|
||||
<string name="lock_to_app_toast_no_navbar">Zum Lösen dieser Ansicht drücken und halten Sie die Zurück-Taste.</string>
|
||||
diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml
|
||||
index 27abe58ec15a..aa16f8998b1b 100644
|
||||
--- a/core/res/res/values-fr/cm_strings.xml
|
||||
+++ b/core/res/res/values-fr/cm_strings.xml
|
||||
@@ -108,6 +108,8 @@
|
||||
<string name="app_ops_run_in_background">exécuter en arrière-plan</string>
|
||||
<string name="app_ops_wifi_change">changer l\'état du Wi-Fi</string>
|
||||
<string name="app_ops_su">obtenir l\'accès root</string>
|
||||
+ <string name="app_ops_motion_sensors">utiliser les capteurs de mouvement</string>
|
||||
+ <string name="app_ops_other_sensors">utiliser d\'autres capteurs</string>
|
||||
<string name="notify_package_component_protected_title">Lancement d\'activité bloqué</string>
|
||||
<string name="notify_package_component_protected_text"><xliff:g id="app_name">%1$s</xliff:g> est protégé contre tout lancement. Toucher pour s\'authentifier et lancer l\'application.</string>
|
||||
<string name="lock_to_app_toast_no_navbar">Pour déverrouiller l\'écran, appuyez et maintenez le bouton Retour.</string>
|
||||
diff --git a/core/res/res/values/cm_arrays.xml b/core/res/res/values/cm_arrays.xml
|
||||
index 8e34a4dafd05..1d054baaced4 100644
|
||||
--- a/core/res/res/values/cm_arrays.xml
|
||||
+++ b/core/res/res/values/cm_arrays.xml
|
||||
@@ -182,6 +182,10 @@
|
||||
<item>@string/app_ops_toggle_mobile_data</item>
|
||||
<!-- OP_SU -->
|
||||
<item>@string/app_ops_su</item>
|
||||
+ <!-- OP_MOTION_SENSORS -->
|
||||
+ <item>@string/app_ops_motion_sensors</item>
|
||||
+ <!-- OP_OTHER_SENSORS -->
|
||||
+ <item>@string/app_ops_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- A list of pre-installed applications that will be treated as carrier apps,
|
||||
diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml
|
||||
index 026c10237add..f5c374df200d 100644
|
||||
--- a/core/res/res/values/cm_strings.xml
|
||||
+++ b/core/res/res/values/cm_strings.xml
|
||||
@@ -140,6 +140,8 @@
|
||||
<string name="app_ops_run_in_background">run in background</string>
|
||||
<string name="app_ops_wifi_change">change Wi-Fi state</string>
|
||||
<string name="app_ops_su">get root access</string>
|
||||
+ <string name="app_ops_motion_sensors">use the motion sensors</string>
|
||||
+ <string name="app_ops_other_sensors">use other sensors</string>
|
||||
|
||||
<!-- Protected Apps Notification -->
|
||||
<string name="notify_package_component_protected_title">Activity launch blocked</string>
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,49 @@
|
||||
From 7fcc6be5ca1672ca0b48fa6d55224b34d0d0ebea Mon Sep 17 00:00:00 2001
|
||||
From: MSe <mse1969@posteo.de>
|
||||
Date: Wed, 25 Apr 2018 23:07:47 +0200
|
||||
Subject: [PATCH 2/3] AppOpsService: Default mode 'allowed' for systemUID and
|
||||
platform signed
|
||||
|
||||
To avoid severe issues when setting selected Ops to 'ASK', the default
|
||||
mode for systemui, apps with uid 1000 (system) and apps signed with the
|
||||
platform key will always get the 'allowed' mode as default.
|
||||
|
||||
Change-Id: I71d9618d5b900241b99c060d43bc4270da05305b
|
||||
---
|
||||
.../com/android/server/AppOpsService.java | 20 +++++++++++++++++++
|
||||
1 file changed, 20 insertions(+)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
|
||||
index a9e350570508..de31ba177ca2 100644
|
||||
--- a/services/core/java/com/android/server/AppOpsService.java
|
||||
+++ b/services/core/java/com/android/server/AppOpsService.java
|
||||
@@ -2576,6 +2576,26 @@ public class AppOpsService extends IAppOpsService.Stub {
|
||||
}
|
||||
|
||||
private int getDefaultMode(int code, int uid, String packageName) {
|
||||
+ // To allow setting 'MODE_ASK' for own Ops, some precautions to
|
||||
+ // avoid privileged apps to trigger the toggle are needed:
|
||||
+
|
||||
+ // 1st check: Skip uid 1000 and systemui
|
||||
+ if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) {
|
||||
+ return AppOpsManager.MODE_ALLOWED;
|
||||
+ }
|
||||
+ // 2nd check: Skip apps signed with platform key, except for the 'root' Op
|
||||
+ if (code != AppOpsManager.OP_SU) {
|
||||
+ try {
|
||||
+ int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);
|
||||
+ if (match >= PackageManager.SIGNATURE_MATCH) {
|
||||
+ return AppOpsManager.MODE_ALLOWED;
|
||||
+ }
|
||||
+ } catch (RemoteException re) {
|
||||
+ Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);
|
||||
+ }
|
||||
+ }
|
||||
+ // end
|
||||
+
|
||||
int mode = AppOpsManager.opToDefaultMode(code,
|
||||
isStrict(code, uid, packageName));
|
||||
if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,35 @@
|
||||
From 302c2986458e43cb666aa502e7767be389b2682f Mon Sep 17 00:00:00 2001
|
||||
From: MSe <mse1969@posteo.de>
|
||||
Date: Wed, 25 Apr 2018 23:12:20 +0200
|
||||
Subject: [PATCH 3/3] AppOps: Default MODE_ASK for OP_MOTION_SENSORS
|
||||
|
||||
Change-Id: I4e8380c21b5c8a9e90c99d52e35d825ef0db6d98
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index a9a00a60f0e5..84b196a2375b 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -977,7 +977,7 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ALLOWED,
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
- AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
@@ -1056,7 +1056,7 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ASK, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
- AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,139 @@
|
||||
From def2d20e4361c1bd048353d91fe2fd6e38ff6a04 Mon Sep 17 00:00:00 2001
|
||||
From: MSe <mse1969@posteo.de>
|
||||
Date: Mon, 26 Feb 2018 17:58:17 +0100
|
||||
Subject: [PATCH] [PATCH 2/3] - AppOps/PrivacyGuard: New Sensor checks [native]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
This change updated the AppOPs binder for the newly defined Ops,
|
||||
implements the logic for the sensors and adapts the logic for
|
||||
checking the Ops, if an Op is not linked to a permission.
|
||||
|
||||
Change-Id: I17bd646c81346f43d1ffdd2dd85dd7c934cd3bd7
|
||||
---
|
||||
include/binder/AppOpsManager.h | 4 +++-
|
||||
libs/gui/Sensor.cpp | 8 ++++++++
|
||||
services/sensorservice/SensorService.cpp | 25 +++++++++++++-----------
|
||||
3 files changed, 25 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/include/binder/AppOpsManager.h b/include/binder/AppOpsManager.h
|
||||
index e2a6e702f4..62daa8f066 100644
|
||||
--- a/include/binder/AppOpsManager.h
|
||||
+++ b/include/binder/AppOpsManager.h
|
||||
@@ -104,7 +104,9 @@ class AppOpsManager
|
||||
OP_BOOT_COMPLETED = 66,
|
||||
OP_NFC_CHANGE = 67,
|
||||
OP_DATA_CONNECT_CHANGE = 68,
|
||||
- OP_SU = 69
|
||||
+ OP_SU = 69,
|
||||
+ OP_MOTION_SENSORS = 70,
|
||||
+ OP_OTHER_SENSORS = 71
|
||||
};
|
||||
|
||||
AppOpsManager();
|
||||
diff --git a/libs/gui/Sensor.cpp b/libs/gui/Sensor.cpp
|
||||
index 4697d2f34b..575d6ca250 100644
|
||||
--- a/libs/gui/Sensor.cpp
|
||||
+++ b/libs/gui/Sensor.cpp
|
||||
@@ -58,6 +58,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
mMinDelay = hwSensor.minDelay;
|
||||
mFlags = 0;
|
||||
mUuid = uuid;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set
|
||||
|
||||
// Set fifo event count zero for older devices which do not support batching. Fused
|
||||
// sensors also have their fifo counts set to zero.
|
||||
@@ -92,6 +93,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
switch (mType) {
|
||||
case SENSOR_TYPE_ACCELEROMETER:
|
||||
mStringType = SENSOR_STRING_TYPE_ACCELEROMETER;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_AMBIENT_TEMPERATURE:
|
||||
@@ -112,10 +114,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_GYROSCOPE:
|
||||
mStringType = SENSOR_STRING_TYPE_GYROSCOPE;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
|
||||
mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_HEART_RATE: {
|
||||
@@ -133,6 +137,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_LINEAR_ACCELERATION:
|
||||
mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_MAGNETIC_FIELD:
|
||||
@@ -169,16 +174,19 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
case SENSOR_TYPE_SIGNIFICANT_MOTION:
|
||||
mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION;
|
||||
mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
|
||||
mFlags |= SENSOR_FLAG_WAKE_UP;
|
||||
}
|
||||
break;
|
||||
case SENSOR_TYPE_STEP_COUNTER:
|
||||
mStringType = SENSOR_STRING_TYPE_STEP_COUNTER;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_STEP_DETECTOR:
|
||||
mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_TEMPERATURE:
|
||||
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
|
||||
index d8e08775a4..fe47eb37e1 100644
|
||||
--- a/services/sensorservice/SensorService.cpp
|
||||
+++ b/services/sensorservice/SensorService.cpp
|
||||
@@ -1254,6 +1254,20 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
|
||||
|
||||
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
const String16& opPackageName) {
|
||||
+
|
||||
+ // Due to the new SENSOR AppOps, which do not correspond to any permission,
|
||||
+ // we need to check for the AppOp BEFORE checking any permission
|
||||
+ const int32_t opCode = sensor.getRequiredAppOp();
|
||||
+ if (opCode >= 0) {
|
||||
+ AppOpsManager appOps;
|
||||
+ if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
|
||||
+ != AppOpsManager::MODE_ALLOWED) {
|
||||
+ ALOGE("%s a sensor (%s) without enabled required app op: %d",
|
||||
+ operation, sensor.getName().string(), opCode);
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
const String8& requiredPermission = sensor.getRequiredPermission();
|
||||
|
||||
if (requiredPermission.length() <= 0) {
|
||||
@@ -1276,17 +1290,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
return false;
|
||||
}
|
||||
|
||||
- const int32_t opCode = sensor.getRequiredAppOp();
|
||||
- if (opCode >= 0) {
|
||||
- AppOpsManager appOps;
|
||||
- if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
|
||||
- != AppOpsManager::MODE_ALLOWED) {
|
||||
- ALOGE("%s a sensor (%s) without enabled required app op: %d",
|
||||
- operation, sensor.getName().string(), opCode);
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
return true;
|
||||
}
|
||||
|
@ -0,0 +1,175 @@
|
||||
From 2180a97b8aafc377c52cff014e44ea173f30db87 Mon Sep 17 00:00:00 2001
|
||||
From: MSe <mse1969@posteo.de>
|
||||
Date: Mon, 26 Feb 2018 18:01:44 +0100
|
||||
Subject: [PATCH 1/2] - AppOps/PrivacyGuard: New Sensor checks [Settings]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
Add new Sensor template
|
||||
|
||||
Change-Id: Ibef721505784dbc0f23974468a768f89c9e15c46
|
||||
---
|
||||
res/values-de/cm_strings.xml | 5 +++++
|
||||
res/values-fr/cm_strings.xml | 5 +++++
|
||||
res/values/cm_arrays.xml | 5 +++++
|
||||
res/values/cm_strings.xml | 6 ++++++
|
||||
.../android/settings/applications/AppOpsState.java | 11 ++++++++++-
|
||||
5 files changed, 31 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
|
||||
index b968d7b685..d2778dfc8d 100644
|
||||
--- a/res/values-de/cm_strings.xml
|
||||
+++ b/res/values-de/cm_strings.xml
|
||||
@@ -48,6 +48,7 @@
|
||||
<string name="app_ops_categories_device">Gerät</string>
|
||||
<string name="app_ops_categories_background">Hintergrund</string>
|
||||
<string name="app_ops_categories_bootup">Systemstart</string>
|
||||
+ <string name="app_ops_categories_sensors">Sensoren</string>
|
||||
<string name="app_ops_categories_su">Root-Zugriff</string>
|
||||
<string name="app_ops_categories_other">Andere</string>
|
||||
<string name="app_ops_summaries_coarse_location">Ungefährer Standort</string>
|
||||
@@ -118,6 +119,8 @@
|
||||
<string name="app_ops_summaries_start_at_boot">Beim Booten starten</string>
|
||||
<string name="app_ops_summaries_toggle_nfc">NFC ein-/ausschalten</string>
|
||||
<string name="app_ops_summaries_toggle_mobile_data">Mobile Daten ein-/ausschalten</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">Nutzung Bewegungssensoren</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">Sonstige Sensoren</string>
|
||||
<string name="app_ops_summaries_superuser">Root-Zugriff</string>
|
||||
<string name="app_ops_labels_coarse_location">Ungefährer Standort</string>
|
||||
<string name="app_ops_labels_fine_location">Genauer Standort</string>
|
||||
@@ -187,6 +190,8 @@
|
||||
<string name="app_ops_labels_start_at_boot">Beim Booten starten</string>
|
||||
<string name="app_ops_labels_toggle_nfc">NFC ein-/ausschalten</string>
|
||||
<string name="app_ops_labels_toggle_mobile_data">Mobile Daten ein-/ausschalten</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Bewegungssensoren</string>
|
||||
+ <string name="app_ops_labels_other_sensors">sonstige Sensoren</string>
|
||||
<string name="app_ops_labels_superuser">Root-Zugriff</string>
|
||||
<string name="app_ops_permissions_allowed">Erlaubt</string>
|
||||
<string name="app_ops_permissions_ignored">Verboten</string>
|
||||
diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml
|
||||
index 395b87195c..b5e9213441 100644
|
||||
--- a/res/values-fr/cm_strings.xml
|
||||
+++ b/res/values-fr/cm_strings.xml
|
||||
@@ -49,6 +49,7 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
|
||||
<string name="app_ops_categories_device">Appareil</string>
|
||||
<string name="app_ops_categories_background">Arrière-plan</string>
|
||||
<string name="app_ops_categories_bootup">Démarrage</string>
|
||||
+ <string name="app_ops_categories_sensors">Capteurs</string>
|
||||
<string name="app_ops_categories_su">Accès root</string>
|
||||
<string name="app_ops_categories_other">Autre</string>
|
||||
<string name="app_ops_summaries_coarse_location">localisation approximative</string>
|
||||
@@ -120,6 +121,8 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
|
||||
<string name="app_ops_summaries_start_at_boot">démarrer au lancement</string>
|
||||
<string name="app_ops_summaries_toggle_nfc">activer/désactiver le NFC</string>
|
||||
<string name="app_ops_summaries_toggle_mobile_data">activer/désactiver les données mobiles</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">utiliser les capteurs de mouvement</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">utiliser d\'autres capteurs</string>
|
||||
<string name="app_ops_summaries_superuser">accès root</string>
|
||||
<string name="app_ops_labels_coarse_location">Position approximative</string>
|
||||
<string name="app_ops_labels_fine_location">Position précise</string>
|
||||
@@ -190,6 +193,8 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
|
||||
<string name="app_ops_labels_start_at_boot">Démarrer au lancement</string>
|
||||
<string name="app_ops_labels_toggle_nfc">Activer/désactiver le NFC</string>
|
||||
<string name="app_ops_labels_toggle_mobile_data">Activer/désactiver les données mobiles</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Capteur de mouvement</string>
|
||||
+ <string name="app_ops_labels_other_sensors">autres Capteurs</string>
|
||||
<string name="app_ops_labels_superuser">Accès root</string>
|
||||
<string name="app_ops_permissions_allowed">Autorisé</string>
|
||||
<string name="app_ops_permissions_ignored">Ignoré</string>
|
||||
diff --git a/res/values/cm_arrays.xml b/res/values/cm_arrays.xml
|
||||
index 38568e4baf..f6a2e8ad19 100644
|
||||
--- a/res/values/cm_arrays.xml
|
||||
+++ b/res/values/cm_arrays.xml
|
||||
@@ -50,6 +50,7 @@
|
||||
<item>@string/app_ops_categories_background</item>
|
||||
<item>@string/app_ops_categories_bootup</item>
|
||||
<item>@string/app_ops_categories_su</item>
|
||||
+ <item>@string/app_ops_categories_sensors</item>
|
||||
<item>@string/app_ops_categories_other</item>
|
||||
</string-array>
|
||||
|
||||
@@ -125,6 +126,8 @@
|
||||
<item>@string/app_ops_summaries_toggle_nfc</item>
|
||||
<item>@string/app_ops_summaries_toggle_mobile_data</item>
|
||||
<item>@string/app_ops_summaries_superuser</item>
|
||||
+ <item>@string/app_ops_summaries_motion_sensors</item>
|
||||
+ <item>@string/app_ops_summaries_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- User display names for app ops codes - extension of AOSP -->
|
||||
@@ -199,6 +202,8 @@
|
||||
<item>@string/app_ops_labels_toggle_nfc</item>
|
||||
<item>@string/app_ops_labels_toggle_mobile_data</item>
|
||||
<item>@string/app_ops_labels_superuser</item>
|
||||
+ <item>@string/app_ops_labels_motion_sensors</item>
|
||||
+ <item>@string/app_ops_labels_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- App ops permissions -->
|
||||
diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
|
||||
index 0dd77d2439..6441556fa4 100644
|
||||
--- a/res/values/cm_strings.xml
|
||||
+++ b/res/values/cm_strings.xml
|
||||
@@ -70,6 +70,7 @@
|
||||
<string name="app_ops_categories_device">Device</string>
|
||||
<string name="app_ops_categories_background">Background</string>
|
||||
<string name="app_ops_categories_bootup">Bootup</string>
|
||||
+ <string name="app_ops_categories_sensors">Sensors</string>
|
||||
<string name="app_ops_categories_su">Root access</string>
|
||||
<string name="app_ops_categories_other">Other</string>
|
||||
|
||||
@@ -143,8 +144,11 @@
|
||||
<string name="app_ops_summaries_start_at_boot">start at boot</string>
|
||||
<string name="app_ops_summaries_toggle_nfc">toggle NFC</string>
|
||||
<string name="app_ops_summaries_toggle_mobile_data">toggle cellular data</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">Motion Sensor usage</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">Other Sensor usage</string>
|
||||
<string name="app_ops_summaries_superuser">root access</string>
|
||||
|
||||
+
|
||||
<!-- User display names for app ops codes - extension of AOSP -->
|
||||
<string name="app_ops_labels_coarse_location">Coarse location</string>
|
||||
<string name="app_ops_labels_fine_location">Fine location</string>
|
||||
@@ -215,6 +219,8 @@
|
||||
<string name="app_ops_labels_start_at_boot">Start at boot</string>
|
||||
<string name="app_ops_labels_toggle_nfc">Toggle NFC</string>
|
||||
<string name="app_ops_labels_toggle_mobile_data">Toggle cellular data</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Motion Sensors</string>
|
||||
+ <string name="app_ops_labels_other_sensors">Other Sensors</string>
|
||||
<string name="app_ops_labels_superuser">Root access</string>
|
||||
|
||||
<!-- App ops permissions -->
|
||||
diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java
|
||||
index b3d344ed5e..827ef67e9d 100644
|
||||
--- a/src/com/android/settings/applications/AppOpsState.java
|
||||
+++ b/src/com/android/settings/applications/AppOpsState.java
|
||||
@@ -233,6 +233,15 @@ public class AppOpsState {
|
||||
new boolean[] { true }
|
||||
);
|
||||
|
||||
+ public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate(
|
||||
+ new int[] { AppOpsManager.OP_BODY_SENSORS,
|
||||
+ AppOpsManager.OP_MOTION_SENSORS,
|
||||
+ AppOpsManager.OP_OTHER_SENSORS },
|
||||
+ new boolean[] { true,
|
||||
+ false,
|
||||
+ false }
|
||||
+ );
|
||||
+
|
||||
public static final OpsTemplate SU_TEMPLATE = new OpsTemplate(
|
||||
new int[] { AppOpsManager.OP_SU },
|
||||
new boolean[] { false }
|
||||
@@ -283,7 +292,7 @@ public class AppOpsState {
|
||||
public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] {
|
||||
LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE,
|
||||
MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE,
|
||||
- BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE
|
||||
+ BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE
|
||||
};
|
||||
|
||||
/**
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,37 @@
|
||||
From 52752e68d5307d6a5421fb48a754b6f93d622454 Mon Sep 17 00:00:00 2001
|
||||
From: MSe <mse1969@posteo.de>
|
||||
Date: Wed, 10 Apr 2019 22:11:15 +0200
|
||||
Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor
|
||||
AppOps
|
||||
|
||||
Change-Id: Ic68954f30ba8214041c685a4efca4fc65b99ddaf
|
||||
---
|
||||
src/com/android/settings/applications/AppOpsDetails.java | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/com/android/settings/applications/AppOpsDetails.java b/src/com/android/settings/applications/AppOpsDetails.java
|
||||
index a51a3279f1..504267ab27 100644
|
||||
--- a/src/com/android/settings/applications/AppOpsDetails.java
|
||||
+++ b/src/com/android/settings/applications/AppOpsDetails.java
|
||||
@@ -109,6 +109,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
|
||||
OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location);
|
||||
OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone);
|
||||
OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc);
|
||||
+ OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_perm_data);
|
||||
OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications);
|
||||
OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard);
|
||||
OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background);
|
||||
@@ -193,6 +194,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
|
||||
if (icon == null && op != -1 && OP_ICONS.containsKey(op)) {
|
||||
icon = getActivity().getDrawable(OP_ICONS.get(op));
|
||||
}
|
||||
+ if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) {
|
||||
+ icon = getIconByPermission(AppOpsManager.opToPermission(
|
||||
+ AppOpsManager.OP_USE_FINGERPRINT));
|
||||
+ }
|
||||
|
||||
final AppOpsManager.OpEntry firstOp = entry.getOpEntry(0);
|
||||
final int switchOp = AppOpsManager.opToSwitch(firstOp.getOp());
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,237 @@
|
||||
From 846d74b9b422a0c616c024e63bcfee3f6454a3c3 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sun, 17 Jun 2018 10:49:09 +0200
|
||||
Subject: [PATCH] - AppOps/PrivacyGuard: New Sensor checks [base]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
To avoid severe issues when setting selected Ops to 'ASK', the default
|
||||
mode for systemui, apps with uid 1000 (system) and apps signed with the
|
||||
platform key will always get the 'allowed' mode as default.
|
||||
|
||||
Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 34 +++++++++++++++++--
|
||||
core/res/res/values-de/cm_strings.xml | 2 ++
|
||||
core/res/res/values-fr/cm_strings.xml | 2 ++
|
||||
core/res/res/values/cm_strings.xml | 2 ++
|
||||
core/res/res/values/lineage_arrays.xml | 4 +++
|
||||
.../com/android/server/AppOpsService.java | 20 +++++++++++
|
||||
6 files changed, 61 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index 2db36c8f4e02..d2587f2009df 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -280,8 +280,12 @@ public class AppOpsManager {
|
||||
public static final int OP_DATA_CONNECT_CHANGE = 74;
|
||||
/** @hide SU access */
|
||||
public static final int OP_SU = 75;
|
||||
+ /** @hide Motion Sensors */
|
||||
+ public static final int OP_MOTION_SENSORS = 76;
|
||||
+ /** @hide Other Sensors */
|
||||
+ public static final int OP_OTHER_SENSORS = 77;
|
||||
/** @hide */
|
||||
- public static final int _NUM_OP = 76;
|
||||
+ public static final int _NUM_OP = 78;
|
||||
|
||||
/** Access to coarse location information. */
|
||||
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
|
||||
@@ -407,6 +411,10 @@ public class AppOpsManager {
|
||||
= "android:data_connect_change";
|
||||
private static final String OPSTR_SU
|
||||
= "android:su";
|
||||
+ private static final String OPSTR_MOTION_SENSORS =
|
||||
+ "android:motion_sensors";
|
||||
+ private static final String OPSTR_OTHER_SENSORS =
|
||||
+ "android:other_sensors";
|
||||
|
||||
// Warning: If an permission is added here it also has to be added to
|
||||
// com.android.packageinstaller.permission.utils.EventLogger
|
||||
@@ -540,7 +548,9 @@ public class AppOpsManager {
|
||||
OP_BOOT_COMPLETED,
|
||||
OP_NFC_CHANGE,
|
||||
OP_DATA_CONNECT_CHANGE,
|
||||
- OP_SU
|
||||
+ OP_SU,
|
||||
+ OP_MOTION_SENSORS,
|
||||
+ OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -624,6 +634,8 @@ public class AppOpsManager {
|
||||
OPSTR_NFC_CHANGE,
|
||||
OPSTR_DATA_CONNECT_CHANGE,
|
||||
OPSTR_SU,
|
||||
+ OPSTR_MOTION_SENSORS,
|
||||
+ OPSTR_OTHER_SENSORS,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -707,6 +719,8 @@ public class AppOpsManager {
|
||||
"NFC_CHANGE",
|
||||
"DATA_CONNECT_CHANGE",
|
||||
"SU",
|
||||
+ "MOTION_SENSORS",
|
||||
+ "OTHER_SENSORS",
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -790,6 +804,8 @@ public class AppOpsManager {
|
||||
Manifest.permission.NFC,
|
||||
Manifest.permission.MODIFY_PHONE_STATE,
|
||||
null,
|
||||
+ null,
|
||||
+ null,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -874,6 +890,8 @@ public class AppOpsManager {
|
||||
null, //NFC_CHANGE
|
||||
null, //DATA_CONNECT_CHANGE
|
||||
UserManager.DISALLOW_SU, //SU TODO: this should really be investigated.
|
||||
+ null, //MOTION_SENSORS
|
||||
+ null, //OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -957,6 +975,8 @@ public class AppOpsManager {
|
||||
true, // NFC_CHANGE
|
||||
true, //DATA_CONNECT_CHANGE
|
||||
false, //SU
|
||||
+ false, //MOTION_SENSORS
|
||||
+ false, //OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1038,7 +1058,9 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ALLOWED, // OP_BOOT_COMPLETED
|
||||
AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ALLOWED,
|
||||
- AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1122,6 +1144,8 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ASK, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1204,6 +1228,8 @@ public class AppOpsManager {
|
||||
true, // OP_NFC_CHANGE
|
||||
true, // OP_DATA_CONNECT_CHANGE
|
||||
true, // OP_SU
|
||||
+ true, // OP_MOTION_SENSORS
|
||||
+ false, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1290,6 +1316,8 @@ public class AppOpsManager {
|
||||
false, // OP_NFC_CHANGE
|
||||
false, // OP_DATA_CONNECT_CHANGE
|
||||
false, // OP_SU
|
||||
+ false, // OP_MOTION_SENSORS
|
||||
+ false, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml
|
||||
index af5c3fbe12f0..6a8a1e0fc45a 100644
|
||||
--- a/core/res/res/values-de/cm_strings.xml
|
||||
+++ b/core/res/res/values-de/cm_strings.xml
|
||||
@@ -57,7 +57,9 @@
|
||||
<string name="app_ops_modify_clipboard">die Zwischenablage zu ändern</string>
|
||||
<string name="app_ops_modify_contacts">Kontakte zu ändern</string>
|
||||
<string name="app_ops_modify_settings">Einstellungen zu ändern</string>
|
||||
+ <string name="app_ops_motion_sensors">Bewegungssensoren zu nutzen</string>
|
||||
<string name="app_ops_mute_unmute_microphone">das Mikrofon zu aktivieren/deaktivieren</string>
|
||||
+ <string name="app_ops_other_sensors">sonstige Sensoren zu nutzen</string>
|
||||
<string name="app_ops_phone_calls">Anrufe zu beantworten</string>
|
||||
<string name="app_ops_picture_in_picture">Bild im Bild zu verwenden</string>
|
||||
<string name="app_ops_play_audio">Audio wiederzugeben</string>
|
||||
diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml
|
||||
index c223ccbc5dd8..28ee5ba28dcf 100644
|
||||
--- a/core/res/res/values-fr/cm_strings.xml
|
||||
+++ b/core/res/res/values-fr/cm_strings.xml
|
||||
@@ -57,7 +57,9 @@
|
||||
<string name="app_ops_modify_clipboard">modifier le presse-papiers</string>
|
||||
<string name="app_ops_modify_contacts">mettre à jour vos contacts</string>
|
||||
<string name="app_ops_modify_settings">mettre à jour les paramètres du système</string>
|
||||
+ <string name="app_ops_motion_sensors">utiliser les capteurs de mouvement</string>
|
||||
<string name="app_ops_mute_unmute_microphone">activer/désactiver le microphone</string>
|
||||
+ <string name="app_ops_other_sensors">utiliser d\'autres capteurs</string>
|
||||
<string name="app_ops_phone_calls">répondre aux appels téléphoniques</string>
|
||||
<string name="app_ops_picture_in_picture">utiliser le mode Picture-in-Picture</string>
|
||||
<string name="app_ops_play_audio">lecture audio</string>
|
||||
diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml
|
||||
index 4c34888c94ab..d0ec04891c8d 100644
|
||||
--- a/core/res/res/values/cm_strings.xml
|
||||
+++ b/core/res/res/values/cm_strings.xml
|
||||
@@ -70,7 +70,9 @@
|
||||
<string name="app_ops_modify_clipboard">modify the clipboard</string>
|
||||
<string name="app_ops_modify_contacts">update your contacts</string>
|
||||
<string name="app_ops_modify_settings">update system settings</string>
|
||||
+ <string name="app_ops_motion_sensors">use the motion sensors</string>
|
||||
<string name="app_ops_mute_unmute_microphone">mute/unmute the microphone</string>
|
||||
+ <string name="app_ops_other_sensors">use other sensors</string>
|
||||
<string name="app_ops_phone_calls">answer phone calls</string>
|
||||
<string name="app_ops_picture_in_picture">use picture in picture</string>
|
||||
<string name="app_ops_play_audio">play audio</string>
|
||||
diff --git a/core/res/res/values/lineage_arrays.xml b/core/res/res/values/lineage_arrays.xml
|
||||
index 65149d2a9e54..5cb3120dbc47 100644
|
||||
--- a/core/res/res/values/lineage_arrays.xml
|
||||
+++ b/core/res/res/values/lineage_arrays.xml
|
||||
@@ -170,6 +170,10 @@
|
||||
<item>@string/app_ops_toggle_mobile_data</item>
|
||||
<!-- OP_SU -->
|
||||
<item>@string/app_ops_su</item>
|
||||
+ <!-- OP_MOTION_SENSORS -->
|
||||
+ <item>@string/app_ops_motion_sensors</item>
|
||||
+ <!-- OP_OTHER_SENSORS -->
|
||||
+ <item>@string/app_ops_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
</resources>
|
||||
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
|
||||
index 8dc8272303e3..0a74101de471 100644
|
||||
--- a/services/core/java/com/android/server/AppOpsService.java
|
||||
+++ b/services/core/java/com/android/server/AppOpsService.java
|
||||
@@ -2841,6 +2841,26 @@ public class AppOpsService extends IAppOpsService.Stub {
|
||||
}
|
||||
|
||||
private int getDefaultMode(int code, int uid, String packageName) {
|
||||
+ // To allow setting 'MODE_ASK' for own Ops, some precautions to
|
||||
+ // avoid privileged apps to trigger the toggle are needed:
|
||||
+
|
||||
+ // 1st check: Skip uid 1000 and systemui
|
||||
+ if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) {
|
||||
+ return AppOpsManager.MODE_ALLOWED;
|
||||
+ }
|
||||
+ // 2nd check: Skip apps signed with platform key, except for the 'root' Op
|
||||
+ if (code != AppOpsManager.OP_SU) {
|
||||
+ try {
|
||||
+ int match = AppGlobals.getPackageManager().checkSignatures("android", packageName);
|
||||
+ if (match >= PackageManager.SIGNATURE_MATCH) {
|
||||
+ return AppOpsManager.MODE_ALLOWED;
|
||||
+ }
|
||||
+ } catch (RemoteException re) {
|
||||
+ Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re);
|
||||
+ }
|
||||
+ }
|
||||
+ // end
|
||||
+
|
||||
int mode = AppOpsManager.opToDefaultMode(code,
|
||||
isStrict(code, uid, packageName));
|
||||
if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,155 @@
|
||||
From cf5355b4ffb23b30b45a937d907e4a728214b02a Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sun, 17 Jun 2018 11:33:33 +0200
|
||||
Subject: [PATCH] [PATCH 2/3] - AppOps/PrivacyGuard: New Sensor checks [native]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
This change updated the AppOPs binder for the newly defined Ops,
|
||||
implements the logic for the sensors and adapts the logic for
|
||||
checking the Ops, if an Op is not linked to a permission.
|
||||
|
||||
Change-Id: Ic56e7bd48acda8790d6ab917a07cd7b747d4de87
|
||||
---
|
||||
libs/binder/include/binder/AppOpsManager.h | 4 +++-
|
||||
libs/sensor/Sensor.cpp | 10 +++++++++
|
||||
services/sensorservice/SensorService.cpp | 25 ++++++++++++----------
|
||||
3 files changed, 27 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
|
||||
index 1beabd3fc4..dd7b3482f3 100644
|
||||
--- a/libs/binder/include/binder/AppOpsManager.h
|
||||
+++ b/libs/binder/include/binder/AppOpsManager.h
|
||||
@@ -110,7 +110,9 @@ class AppOpsManager
|
||||
OP_BOOT_COMPLETED = 72,
|
||||
OP_NFC_CHANGE = 73,
|
||||
OP_DATA_CONNECT_CHANGE = 74,
|
||||
- OP_SU = 75
|
||||
+ OP_SU = 75,
|
||||
+ OP_MOTION_SENSORS = 76,
|
||||
+ OP_OTHER_SENSORS = 77
|
||||
};
|
||||
|
||||
AppOpsManager();
|
||||
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
|
||||
index a0e368c7e4..919d5311c9 100644
|
||||
--- a/libs/sensor/Sensor.cpp
|
||||
+++ b/libs/sensor/Sensor.cpp
|
||||
@@ -52,6 +52,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
mMinDelay = hwSensor.minDelay;
|
||||
mFlags = 0;
|
||||
mUuid = uuid;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set
|
||||
|
||||
// Set fifo event count zero for older devices which do not support batching. Fused
|
||||
// sensors also have their fifo counts set to zero.
|
||||
@@ -86,6 +87,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
switch (mType) {
|
||||
case SENSOR_TYPE_ACCELEROMETER:
|
||||
mStringType = SENSOR_STRING_TYPE_ACCELEROMETER;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_AMBIENT_TEMPERATURE:
|
||||
@@ -106,10 +108,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_GYROSCOPE:
|
||||
mStringType = SENSOR_STRING_TYPE_GYROSCOPE;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
|
||||
mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_HEART_RATE: {
|
||||
@@ -125,6 +129,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_LINEAR_ACCELERATION:
|
||||
mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_MAGNETIC_FIELD:
|
||||
@@ -161,16 +166,19 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
case SENSOR_TYPE_SIGNIFICANT_MOTION:
|
||||
mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION;
|
||||
mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
|
||||
mFlags |= SENSOR_FLAG_WAKE_UP;
|
||||
}
|
||||
break;
|
||||
case SENSOR_TYPE_STEP_COUNTER:
|
||||
mStringType = SENSOR_STRING_TYPE_STEP_COUNTER;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_STEP_DETECTOR:
|
||||
mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_TEMPERATURE:
|
||||
@@ -236,6 +244,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_MOTION_DETECT:
|
||||
mStringType = SENSOR_STRING_TYPE_MOTION_DETECT;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
|
||||
if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
|
||||
mFlags |= SENSOR_FLAG_WAKE_UP;
|
||||
@@ -251,6 +260,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
|
||||
case SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED:
|
||||
mStringType = SENSOR_STRING_TYPE_ACCELEROMETER_UNCALIBRATED;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
default:
|
||||
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
|
||||
index a1f07b281a..1a0e5e8531 100644
|
||||
--- a/services/sensorservice/SensorService.cpp
|
||||
+++ b/services/sensorservice/SensorService.cpp
|
||||
@@ -1445,6 +1445,20 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
|
||||
|
||||
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
const String16& opPackageName) {
|
||||
+
|
||||
+ // Due to the new SENSOR AppOps, which do not correspond to any permission,
|
||||
+ // we need to check for the AppOp BEFORE checking any permission
|
||||
+ const int32_t opCode = sensor.getRequiredAppOp();
|
||||
+ if (opCode >= 0) {
|
||||
+ AppOpsManager appOps;
|
||||
+ if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
|
||||
+ != AppOpsManager::MODE_ALLOWED) {
|
||||
+ ALOGE("%s a sensor (%s) without enabled required app op: %d",
|
||||
+ operation, sensor.getName().string(), opCode);
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
const String8& requiredPermission = sensor.getRequiredPermission();
|
||||
|
||||
if (requiredPermission.length() <= 0) {
|
||||
@@ -1467,17 +1481,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
return false;
|
||||
}
|
||||
|
||||
- const int32_t opCode = sensor.getRequiredAppOp();
|
||||
- if (opCode >= 0) {
|
||||
- AppOpsManager appOps;
|
||||
- if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
|
||||
- != AppOpsManager::MODE_ALLOWED) {
|
||||
- ALOGE("%s a sensor (%s) without enabled required app op: %d",
|
||||
- operation, sensor.getName().string(), opCode);
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
return true;
|
||||
}
|
||||
|
@ -0,0 +1,188 @@
|
||||
From f2eede97b47cf25553aa5edf10909429f087cfd9 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sun, 17 Jun 2018 13:03:27 +0200
|
||||
Subject: [PATCH 1/2] - AppOps/PrivacyGuard: New Sensor checks [Settings]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
Add new Sensor template, relocate BODY_SENSORS into it
|
||||
|
||||
Change-Id: I9b51c47e27a330823ecb4472b9a7818718ef4209
|
||||
---
|
||||
res/values-de/cm_strings.xml | 5 +++++
|
||||
res/values-fr/cm_strings.xml | 5 +++++
|
||||
res/values/cm_arrays.xml | 5 +++++
|
||||
res/values/cm_strings.xml | 5 +++++
|
||||
.../android/settings/applications/AppOpsState.java | 13 ++++++++++---
|
||||
5 files changed, 30 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
|
||||
index e7a59a5d96..10ea1ae860 100644
|
||||
--- a/res/values-de/cm_strings.xml
|
||||
+++ b/res/values-de/cm_strings.xml
|
||||
@@ -100,6 +100,7 @@
|
||||
<string name="app_ops_categories_device">Gerät</string>
|
||||
<string name="app_ops_categories_run_in_background">Im Hintergrund ausführen</string>
|
||||
<string name="app_ops_categories_bootup">Systemstart</string>
|
||||
+ <string name="app_ops_categories_sensors">Sensoren</string>
|
||||
<string name="app_ops_categories_su">Root-Zugriff</string>
|
||||
<string name="app_ops_categories_other">Andere</string>
|
||||
<string name="app_ops_summaries_coarse_location">Ungefährer Standort</string>
|
||||
@@ -177,6 +178,8 @@
|
||||
<string name="app_ops_summaries_start_at_boot">Beim Booten starten</string>
|
||||
<string name="app_ops_summaries_toggle_nfc">NFC ein-/ausschalten</string>
|
||||
<string name="app_ops_summaries_toggle_mobile_data">Mobile Daten ein-/ausschalten</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">Nutzung Bewegungssensoren</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">Sonstige Sensoren</string>
|
||||
<string name="app_ops_summaries_superuser">Root-Zugriff</string>
|
||||
<string name="app_ops_labels_coarse_location">Ungefährer Standort</string>
|
||||
<string name="app_ops_labels_fine_location">Genauer Standort</string>
|
||||
@@ -253,6 +256,8 @@
|
||||
<string name="app_ops_labels_start_at_boot">Beim Booten starten</string>
|
||||
<string name="app_ops_labels_toggle_nfc">NFC ein-/ausschalten</string>
|
||||
<string name="app_ops_labels_toggle_mobile_data">Mobile Daten ein-/ausschalten</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Bewegungssensoren</string>
|
||||
+ <string name="app_ops_labels_other_sensors">sonstige Sensoren</string>
|
||||
<string name="app_ops_labels_superuser">Root-Zugriff</string>
|
||||
<string name="app_ops_permissions_allowed">Erlaubt</string>
|
||||
<string name="app_ops_permissions_ignored">Verboten</string>
|
||||
diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml
|
||||
index dc0cee3d61..992258f378 100644
|
||||
--- a/res/values-fr/cm_strings.xml
|
||||
+++ b/res/values-fr/cm_strings.xml
|
||||
@@ -101,6 +101,7 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
|
||||
<string name="app_ops_categories_device">Appareil</string>
|
||||
<string name="app_ops_categories_run_in_background">Exécuter en arrière plan</string>
|
||||
<string name="app_ops_categories_bootup">Démarrage</string>
|
||||
+ <string name="app_ops_categories_sensors">Capteurs</string>
|
||||
<string name="app_ops_categories_su">Accès root</string>
|
||||
<string name="app_ops_categories_other">Autre</string>
|
||||
<string name="app_ops_summaries_coarse_location">localisation approximative</string>
|
||||
@@ -178,6 +179,8 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
|
||||
<string name="app_ops_summaries_start_at_boot">démarrer au lancement</string>
|
||||
<string name="app_ops_summaries_toggle_nfc">activer/désactiver le NFC</string>
|
||||
<string name="app_ops_summaries_toggle_mobile_data">activer/désactiver les données mobiles</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">utiliser les capteurs de mouvement</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">utiliser d\'autres capteurs</string>
|
||||
<string name="app_ops_summaries_superuser">accès root</string>
|
||||
<string name="app_ops_labels_coarse_location">Position approximative</string>
|
||||
<string name="app_ops_labels_fine_location">Position précise</string>
|
||||
@@ -254,6 +257,8 @@ Vous êtes maintenant à <xliff:g id="step_count">%1$d</xliff:g> étapes de l\'a
|
||||
<string name="app_ops_labels_start_at_boot">Démarrer au lancement</string>
|
||||
<string name="app_ops_labels_toggle_nfc">Activer/désactiver le NFC</string>
|
||||
<string name="app_ops_labels_toggle_mobile_data">Activer/désactiver les données mobiles</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Capteur de mouvement</string>
|
||||
+ <string name="app_ops_labels_other_sensors">autres Capteurs</string>
|
||||
<string name="app_ops_labels_superuser">Accès root</string>
|
||||
<string name="app_ops_permissions_allowed">Autorisé</string>
|
||||
<string name="app_ops_permissions_ignored">Ignoré</string>
|
||||
diff --git a/res/values/cm_arrays.xml b/res/values/cm_arrays.xml
|
||||
index 901773fcc7..4796f9399c 100644
|
||||
--- a/res/values/cm_arrays.xml
|
||||
+++ b/res/values/cm_arrays.xml
|
||||
@@ -34,6 +34,7 @@
|
||||
<item>@string/app_ops_categories_run_in_background</item>
|
||||
<item>@string/app_ops_categories_bootup</item>
|
||||
<item>@string/app_ops_categories_su</item>
|
||||
+ <item>@string/app_ops_categories_sensors</item>
|
||||
<item>@string/app_ops_categories_other</item>
|
||||
</string-array>
|
||||
|
||||
@@ -115,6 +116,8 @@
|
||||
<item>@string/app_ops_summaries_toggle_nfc</item>
|
||||
<item>@string/app_ops_summaries_toggle_mobile_data</item>
|
||||
<item>@string/app_ops_summaries_superuser</item>
|
||||
+ <item>@string/app_ops_summaries_motion_sensors</item>
|
||||
+ <item>@string/app_ops_summaries_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- User display names for app ops codes - extension of AOSP -->
|
||||
@@ -195,6 +198,8 @@
|
||||
<item>@string/app_ops_labels_toggle_nfc</item>
|
||||
<item>@string/app_ops_labels_toggle_mobile_data</item>
|
||||
<item>@string/app_ops_labels_superuser</item>
|
||||
+ <item>@string/app_ops_labels_motion_sensors</item>
|
||||
+ <item>@string/app_ops_labels_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- App ops permissions -->
|
||||
diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
|
||||
index 91238336d9..f978f86bed 100644
|
||||
--- a/res/values/cm_strings.xml
|
||||
+++ b/res/values/cm_strings.xml
|
||||
@@ -165,6 +165,7 @@
|
||||
<string name="app_ops_categories_device">Device</string>
|
||||
<string name="app_ops_categories_run_in_background">Run in background</string>
|
||||
<string name="app_ops_categories_bootup">Bootup</string>
|
||||
+ <string name="app_ops_categories_sensors">Sensors</string>
|
||||
<string name="app_ops_categories_su">Root access</string>
|
||||
<string name="app_ops_categories_other">Other</string>
|
||||
|
||||
@@ -244,6 +245,8 @@
|
||||
<string name="app_ops_summaries_start_at_boot">start at boot</string>
|
||||
<string name="app_ops_summaries_toggle_nfc">toggle NFC</string>
|
||||
<string name="app_ops_summaries_toggle_mobile_data">toggle cellular data</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">Motion Sensor usage</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">Other Sensor usage</string>
|
||||
<string name="app_ops_summaries_superuser">root access</string>
|
||||
|
||||
<!-- User display names for app ops codes - extension of AOSP -->
|
||||
@@ -322,6 +325,8 @@
|
||||
<string name="app_ops_labels_start_at_boot">Start at boot</string>
|
||||
<string name="app_ops_labels_toggle_nfc">Toggle NFC</string>
|
||||
<string name="app_ops_labels_toggle_mobile_data">Toggle cellular data</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Motion Sensors</string>
|
||||
+ <string name="app_ops_labels_other_sensors">Other Sensors</string>
|
||||
<string name="app_ops_labels_superuser">Root access</string>
|
||||
|
||||
<!-- App ops permissions -->
|
||||
diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java
|
||||
index f1a2e4dce1..4f946f2792 100644
|
||||
--- a/src/com/android/settings/applications/AppOpsState.java
|
||||
+++ b/src/com/android/settings/applications/AppOpsState.java
|
||||
@@ -235,6 +235,15 @@ public class AppOpsState {
|
||||
new boolean[] { true }
|
||||
);
|
||||
|
||||
+ public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate(
|
||||
+ new int[] { AppOpsManager.OP_BODY_SENSORS,
|
||||
+ AppOpsManager.OP_MOTION_SENSORS,
|
||||
+ AppOpsManager.OP_OTHER_SENSORS },
|
||||
+ new boolean[] { true,
|
||||
+ false,
|
||||
+ false }
|
||||
+ );
|
||||
+
|
||||
public static final OpsTemplate SU_TEMPLATE = new OpsTemplate(
|
||||
new int[] { AppOpsManager.OP_SU },
|
||||
new boolean[] { false }
|
||||
@@ -251,7 +260,6 @@ public class AppOpsState {
|
||||
AppOpsManager.OP_USE_SIP,
|
||||
AppOpsManager.OP_PROCESS_OUTGOING_CALLS,
|
||||
AppOpsManager.OP_USE_FINGERPRINT,
|
||||
- AppOpsManager.OP_BODY_SENSORS,
|
||||
AppOpsManager.OP_READ_CELL_BROADCASTS,
|
||||
AppOpsManager.OP_MOCK_LOCATION,
|
||||
AppOpsManager.OP_READ_EXTERNAL_STORAGE,
|
||||
@@ -271,7 +279,6 @@ public class AppOpsState {
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
- true,
|
||||
true }
|
||||
);
|
||||
|
||||
@@ -285,7 +292,7 @@ public class AppOpsState {
|
||||
public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] {
|
||||
LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE,
|
||||
MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE,
|
||||
- BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE
|
||||
+ BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE
|
||||
};
|
||||
|
||||
/**
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,37 @@
|
||||
From 4467cf678f558ee4b04fb1b9345a43f87b51d681 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Wed, 20 Mar 2019 08:42:49 +0100
|
||||
Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor
|
||||
AppOps
|
||||
|
||||
Change-Id: Ic68954f30ba8214041c685a4efca4fc65b99ddaf
|
||||
---
|
||||
src/com/android/settings/applications/AppOpsDetails.java | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/com/android/settings/applications/AppOpsDetails.java b/src/com/android/settings/applications/AppOpsDetails.java
|
||||
index 220bdff005..db948ab5cd 100644
|
||||
--- a/src/com/android/settings/applications/AppOpsDetails.java
|
||||
+++ b/src/com/android/settings/applications/AppOpsDetails.java
|
||||
@@ -111,6 +111,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
|
||||
OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location);
|
||||
OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone);
|
||||
OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc);
|
||||
+ OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_devices_other);
|
||||
OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications);
|
||||
OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard);
|
||||
OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background);
|
||||
@@ -205,6 +206,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
|
||||
if (icon == null && op != -1 && OP_ICONS.containsKey(op)) {
|
||||
icon = getActivity().getDrawable(OP_ICONS.get(op));
|
||||
}
|
||||
+ if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) {
|
||||
+ icon = getIconByPermission(AppOpsManager.opToPermission(
|
||||
+ AppOpsManager.OP_USE_FINGERPRINT));
|
||||
+ }
|
||||
if (icon == null) {
|
||||
Log.e(TAG, "Failed to retrieve icon for permission: " + perm);
|
||||
} else {
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,248 @@
|
||||
From d0663b7dc73564744e89d5dd93675ff8929cc532 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Fri, 15 Mar 2019 22:05:36 +0100
|
||||
Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [base]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
To avoid severe issues when setting selected Ops to 'ASK', the default
|
||||
mode for apps with uid 1000 (system) will always get the 'allowed' mode
|
||||
as default, same as com.android.systemui
|
||||
|
||||
Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 35 +++++++++++++++++--
|
||||
core/res/res/values-de/cm_strings.xml | 2 ++
|
||||
core/res/res/values-fr/cm_strings.xml | 2 ++
|
||||
core/res/res/values/cm_strings.xml | 2 ++
|
||||
core/res/res/values/lineage_arrays.xml | 4 +++
|
||||
.../com/android/server/AppOpsService.java | 19 +++++++++-
|
||||
6 files changed, 61 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index a112cafb3b5e..c7338214a265 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -371,8 +371,12 @@
|
||||
public static final int OP_DATA_CONNECT_CHANGE = 81;
|
||||
/** @hide SU access */
|
||||
public static final int OP_SU = 82;
|
||||
+ /** @hide Motion Sensors */
|
||||
+ public static final int OP_MOTION_SENSORS = 83;
|
||||
+ /** @hide Other Sensors */
|
||||
+ public static final int OP_OTHER_SENSORS = 84;
|
||||
/** @hide */
|
||||
- public static final int _NUM_OP = 83;
|
||||
+ public static final int _NUM_OP = 85;
|
||||
|
||||
/** Access to coarse location information. */
|
||||
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
|
||||
@@ -628,6 +632,11 @@
|
||||
/** @hide */
|
||||
public static final String OPSTR_SU = "android:su";
|
||||
|
||||
+ public static final String OPSTR_MOTION_SENSORS =
|
||||
+ "android:motion_sensors";
|
||||
+ public static final String OPSTR_OTHER_SENSORS =
|
||||
+ "android:other_sensors";
|
||||
+
|
||||
// Warning: If an permission is added here it also has to be added to
|
||||
// com.android.packageinstaller.permission.utils.EventLogger
|
||||
private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = {
|
||||
@@ -676,7 +685,9 @@
|
||||
OP_WRITE_SETTINGS,
|
||||
OP_REQUEST_INSTALL_PACKAGES,
|
||||
OP_START_FOREGROUND,
|
||||
- OP_SU
|
||||
+ OP_SU,
|
||||
+ OP_MOTION_SENSORS,
|
||||
+ OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -771,6 +782,8 @@
|
||||
OP_NFC_CHANGE, // NFC_CHANGE
|
||||
OP_DATA_CONNECT_CHANGE, // DATA_CONNECT_CHANGE
|
||||
OP_SU, // SU
|
||||
+ OP_MOTION_SENSORS, // MOTION_SENSORS
|
||||
+ OP_OTHER_SENSORS // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -860,6 +873,8 @@
|
||||
OPSTR_NFC_CHANGE,
|
||||
OPSTR_DATA_CONNECT_CHANGE,
|
||||
OPSTR_SU,
|
||||
+ OPSTR_MOTION_SENSORS,
|
||||
+ OPSTR_OTHER_SENSORS,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -950,6 +965,8 @@
|
||||
"NFC_CHANGE",
|
||||
"DATA_CONNECT_CHANGE",
|
||||
"SU",
|
||||
+ "MOTION_SENSORS",
|
||||
+ "OTHER_SENSORS",
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1040,6 +1057,8 @@
|
||||
Manifest.permission.NFC,
|
||||
null,
|
||||
null, // no permission for OP_SU
|
||||
+ null, // no permission for OP_MOTION_SENSORS
|
||||
+ null, // no permission for OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1131,6 +1150,8 @@
|
||||
null, // NFC_CHANGE
|
||||
null, // DATA_CONNECT_CHANGE
|
||||
UserManager.DISALLOW_SU, // SU TODO: this should really be investigated.
|
||||
+ null, //MOTION_SENSORS
|
||||
+ null, //OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1221,6 +1242,8 @@
|
||||
true, // NFC_CHANGE
|
||||
true, // DATA_CONNECT_CHANGE
|
||||
false, // SU
|
||||
+ false, //MOTION_SENSORS
|
||||
+ false, //OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1310,6 +1333,8 @@
|
||||
AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ALLOWED, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1400,6 +1425,8 @@
|
||||
AppOpsManager.MODE_ASK, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ASK, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1489,6 +1516,8 @@
|
||||
true, // NFC_CHANGE
|
||||
true, // DATA_CONNECT_CHANGE
|
||||
true, // SU
|
||||
+ true, // OP_MOTION_SENSORS
|
||||
+ false, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1582,6 +1611,8 @@
|
||||
false, // OP_NFC_CHANGE
|
||||
false, // OP_DATA_CONNECT_CHANGE
|
||||
false, // OP_SU
|
||||
+ false, // OP_MOTION_SENSORS
|
||||
+ false, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml
|
||||
index a8fd5700e374..837dccd09425 100644
|
||||
--- a/core/res/res/values-de/cm_strings.xml
|
||||
+++ b/core/res/res/values-de/cm_strings.xml
|
||||
@@ -52,7 +52,9 @@
|
||||
<string name="app_ops_modify_clipboard">die Zwischenablage zu ändern</string>
|
||||
<string name="app_ops_modify_contacts">Kontakte zu ändern</string>
|
||||
<string name="app_ops_modify_settings">Einstellungen zu ändern</string>
|
||||
+ <string name="app_ops_motion_sensors">Bewegungssensoren zu nutzen</string>
|
||||
<string name="app_ops_mute_unmute_microphone">das Mikrofon zu aktivieren/deaktivieren</string>
|
||||
+ <string name="app_ops_other_sensors">sonstige Sensoren zu nutzen</string>
|
||||
<string name="app_ops_phone_calls">Anrufe zu beantworten</string>
|
||||
<string name="app_ops_picture_in_picture">Bild im Bild zu verwenden</string>
|
||||
<string name="app_ops_play_audio">Audio wiederzugeben</string>
|
||||
diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml
|
||||
index fb1835759a7f..fc294608074f 100644
|
||||
--- a/core/res/res/values-fr/cm_strings.xml
|
||||
+++ b/core/res/res/values-fr/cm_strings.xml
|
||||
@@ -48,7 +48,9 @@
|
||||
<string name="app_ops_modify_clipboard">modifier le presse-papiers</string>
|
||||
<string name="app_ops_modify_contacts">mettre à jour vos contacts</string>
|
||||
<string name="app_ops_modify_settings">mettre à jour les paramètres du système</string>
|
||||
+ <string name="app_ops_motion_sensors">utiliser les capteurs de mouvement</string>
|
||||
<string name="app_ops_mute_unmute_microphone">activer/désactiver le microphone</string>
|
||||
+ <string name="app_ops_other_sensors">utiliser d\'autres capteurs</string>
|
||||
<string name="app_ops_phone_calls">répondre aux appels téléphoniques</string>
|
||||
<string name="app_ops_picture_in_picture">utiliser le mode Picture-in-Picture</string>
|
||||
<string name="app_ops_play_audio">lecture audio</string>
|
||||
diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml
|
||||
index 301131e2663d..5939cae77b8e 100644
|
||||
--- a/core/res/res/values/cm_strings.xml
|
||||
+++ b/core/res/res/values/cm_strings.xml
|
||||
@@ -57,7 +57,9 @@
|
||||
<string name="app_ops_modify_clipboard">modify the clipboard</string>
|
||||
<string name="app_ops_modify_contacts">update your contacts</string>
|
||||
<string name="app_ops_modify_settings">update system settings</string>
|
||||
+ <string name="app_ops_motion_sensors">use the motion sensors</string>
|
||||
<string name="app_ops_mute_unmute_microphone">mute/unmute the microphone</string>
|
||||
+ <string name="app_ops_other_sensors">use other sensors</string>
|
||||
<string name="app_ops_phone_calls">answer phone calls</string>
|
||||
<string name="app_ops_picture_in_picture">use picture in picture</string>
|
||||
<string name="app_ops_play_audio">play audio</string>
|
||||
diff --git a/core/res/res/values/lineage_arrays.xml b/core/res/res/values/lineage_arrays.xml
|
||||
index 58567d1c8bd1..11a7d99b8d48 100644
|
||||
--- a/core/res/res/values/lineage_arrays.xml
|
||||
+++ b/core/res/res/values/lineage_arrays.xml
|
||||
@@ -184,6 +184,10 @@
|
||||
<item>@string/app_ops_toggle_mobile_data</item>
|
||||
<!-- OP_SU -->
|
||||
<item>@string/app_ops_su</item>
|
||||
+ <!-- OP_MOTION_SENSORS -->
|
||||
+ <item>@string/app_ops_motion_sensors</item>
|
||||
+ <!-- OP_OTHER_SENSORS -->
|
||||
+ <item>@string/app_ops_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
</resources>
|
||||
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
|
||||
index cdee2ba49c10..9c7f0700236e 100644
|
||||
--- a/services/core/java/com/android/server/AppOpsService.java
|
||||
+++ b/services/core/java/com/android/server/AppOpsService.java
|
||||
@@ -1775,6 +1775,15 @@ private int noteOperationUnchecked(int code, int uid, String packageName,
|
||||
op.rejectTime[uidState.state] = System.currentTimeMillis();
|
||||
op.ignoredCount++;
|
||||
return mode;
|
||||
+ } else if (uid == Process.SYSTEM_UID || packageName == "com.android.systemui") {
|
||||
+ /*
|
||||
+ * To avoid a deadlock situation in case of system/privileged apps having
|
||||
+ * 'MODE_ASK'as default in case of own AppOps (e.g. OP_MOTION_SENSORS),
|
||||
+ * we need to grant always access to such privileged system apps.
|
||||
+ *
|
||||
+ * This 'blind' condition causes the PermissionDialog req not to be
|
||||
+ * initialised, hence the `if (req == null)` condition below applies.
|
||||
+ */
|
||||
} else if (mode == AppOpsManager.MODE_ASK) {
|
||||
if (Looper.myLooper() == mLooper || Thread.holdsLock(mActivityManagerService)) {
|
||||
Slog.e(TAG, "noteOperation: this method will deadlock if called" +
|
||||
@@ -1953,7 +1962,15 @@ public int startOperation(IBinder token, int code, int uid, String packageName,
|
||||
op.rejectTime[uidState.state] = System.currentTimeMillis();
|
||||
op.ignoredCount++;
|
||||
return mode;
|
||||
- } else if (mode == AppOpsManager.MODE_ALLOWED) {
|
||||
+ } else if ((mode == AppOpsManager.MODE_ALLOWED) ||
|
||||
+ /*
|
||||
+ * To avoid a deadlock situation in case of system/privileged apps having
|
||||
+ * 'MODE_ASK'as default in case of own AppOps (e.g. OP_MOTION_SENSORS),
|
||||
+ * we need to grant always access to such privileged system apps
|
||||
+ */
|
||||
+ ((uid == Process.SYSTEM_UID || packageName == "com.android.systemui") &&
|
||||
+ (mode == AppOpsManager.MODE_ASK))) {
|
||||
+
|
||||
if (DEBUG) Slog.d(TAG, "startOperation: allowing code " + code + " uid " + uid
|
||||
+ " package " + resolvedPackageName);
|
||||
if (op.startNesting == 0) {
|
@ -0,0 +1,156 @@
|
||||
From 292631a7e653549c02a6c29aa98cba8db770a21b Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Fri, 15 Mar 2019 22:14:54 +0100
|
||||
Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [native]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
This change updated the AppOPs binder for the newly defined Ops,
|
||||
implements the logic for the sensors and adapts the logic for
|
||||
checking the Ops, if an Op is not linked to a permission.
|
||||
|
||||
Change-Id: Ic56e7bd48acda8790d6ab917a07cd7b747d4de87
|
||||
---
|
||||
libs/binder/include/binder/AppOpsManager.h | 4 +++-
|
||||
libs/sensor/Sensor.cpp | 10 +++++++++
|
||||
services/sensorservice/SensorService.cpp | 25 ++++++++++++----------
|
||||
3 files changed, 27 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
|
||||
index fb682ecde7..83887787c9 100644
|
||||
--- a/libs/binder/include/binder/AppOpsManager.h
|
||||
+++ b/libs/binder/include/binder/AppOpsManager.h
|
||||
@@ -119,7 +119,9 @@ class AppOpsManager
|
||||
OP_BOOT_COMPLETED = 79,
|
||||
OP_NFC_CHANGE = 80,
|
||||
OP_DATA_CONNECT_CHANGE = 81,
|
||||
- OP_SU = 82
|
||||
+ OP_SU = 82,
|
||||
+ OP_MOTION_SENSORS = 83,
|
||||
+ OP_OTHER_SENSORS = 84
|
||||
};
|
||||
|
||||
AppOpsManager();
|
||||
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
|
||||
index a0e368c7e4..03fee85bf8 100644
|
||||
--- a/libs/sensor/Sensor.cpp
|
||||
+++ b/libs/sensor/Sensor.cpp
|
||||
@@ -52,6 +52,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
mMinDelay = hwSensor.minDelay;
|
||||
mFlags = 0;
|
||||
mUuid = uuid;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set
|
||||
|
||||
// Set fifo event count zero for older devices which do not support batching. Fused
|
||||
// sensors also have their fifo counts set to zero.
|
||||
@@ -86,6 +87,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
switch (mType) {
|
||||
case SENSOR_TYPE_ACCELEROMETER:
|
||||
mStringType = SENSOR_STRING_TYPE_ACCELEROMETER;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_AMBIENT_TEMPERATURE:
|
||||
@@ -106,10 +108,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_GYROSCOPE:
|
||||
mStringType = SENSOR_STRING_TYPE_GYROSCOPE;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
|
||||
mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_HEART_RATE: {
|
||||
@@ -125,6 +129,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_LINEAR_ACCELERATION:
|
||||
mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_MAGNETIC_FIELD:
|
||||
@@ -160,6 +165,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_SIGNIFICANT_MOTION:
|
||||
mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
|
||||
if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
|
||||
mFlags |= SENSOR_FLAG_WAKE_UP;
|
||||
@@ -167,10 +173,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_STEP_COUNTER:
|
||||
mStringType = SENSOR_STRING_TYPE_STEP_COUNTER;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_STEP_DETECTOR:
|
||||
mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_TEMPERATURE:
|
||||
@@ -236,6 +244,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_MOTION_DETECT:
|
||||
mStringType = SENSOR_STRING_TYPE_MOTION_DETECT;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
|
||||
if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
|
||||
mFlags |= SENSOR_FLAG_WAKE_UP;
|
||||
@@ -251,6 +260,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
|
||||
case SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED:
|
||||
mStringType = SENSOR_STRING_TYPE_ACCELEROMETER_UNCALIBRATED;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
default:
|
||||
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
|
||||
index 1c3e943543..142c5a274e 100644
|
||||
--- a/services/sensorservice/SensorService.cpp
|
||||
+++ b/services/sensorservice/SensorService.cpp
|
||||
@@ -1545,6 +1545,20 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
|
||||
|
||||
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
const String16& opPackageName) {
|
||||
+
|
||||
+ // Due to the new SENSOR AppOps, which do not correspond to any permission,
|
||||
+ // we need to check for the AppOp BEFORE checking any permission
|
||||
+ const int32_t opCode = sensor.getRequiredAppOp();
|
||||
+ if (opCode >= 0) {
|
||||
+ AppOpsManager appOps;
|
||||
+ if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
|
||||
+ != AppOpsManager::MODE_ALLOWED) {
|
||||
+ ALOGE("%s a sensor (%s) without enabled required app op: %d",
|
||||
+ operation, sensor.getName().string(), opCode);
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
const String8& requiredPermission = sensor.getRequiredPermission();
|
||||
|
||||
if (requiredPermission.length() <= 0) {
|
||||
@@ -1567,17 +1581,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
return false;
|
||||
}
|
||||
|
||||
- const int32_t opCode = sensor.getRequiredAppOp();
|
||||
- if (opCode >= 0) {
|
||||
- AppOpsManager appOps;
|
||||
- if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
|
||||
- != AppOpsManager::MODE_ALLOWED) {
|
||||
- ALOGE("%s a sensor (%s) without enabled required app op: %d",
|
||||
- operation, sensor.getName().string(), opCode);
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
return true;
|
||||
}
|
||||
|
@ -0,0 +1,203 @@
|
||||
From 72b86ddf9fe37cf2fb45266edf53446eb34a86df Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Fri, 15 Mar 2019 22:29:43 +0100
|
||||
Subject: [PATCH 1/2] AppOps/PrivacyGuard: New Sensor checks [Settings]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: ask, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
Add new Sensor template, relocate BODY_SENSORS into it
|
||||
|
||||
Change-Id: I9b51c47e27a330823ecb4472b9a7818718ef4209
|
||||
---
|
||||
res/values-de/cm_strings.xml | 5 +++++
|
||||
res/values-fr/cm_strings.xml | 5 +++++
|
||||
res/values/cm_strings.xml | 5 +++++
|
||||
res/values/lineage_arrays.xml | 9 +++++++++
|
||||
.../settings/applications/appops/AppOpsState.java | 13 ++++++++++---
|
||||
5 files changed, 34 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
|
||||
index 53dca0e6e7..740ecdb8ee 100644
|
||||
--- a/res/values-de/cm_strings.xml
|
||||
+++ b/res/values-de/cm_strings.xml
|
||||
@@ -39,6 +39,7 @@
|
||||
<string name="app_ops_categories_device">Gerät</string>
|
||||
<string name="app_ops_categories_run_in_background">Im Hintergrund ausführen</string>
|
||||
<string name="app_ops_categories_bootup">Systemstart</string>
|
||||
+ <string name="app_ops_categories_sensors">Sensoren</string>
|
||||
<string name="app_ops_categories_su">Root-Zugriff</string>
|
||||
<string name="app_ops_categories_other">Andere</string>
|
||||
<string name="app_ops_summaries_accept_handover">Anrufeübergabe aus einer anderen App anzunehmen</string>
|
||||
@@ -76,8 +77,10 @@
|
||||
<string name="app_ops_summaries_modify_settings">Einstellungen ändern</string>
|
||||
<string name="app_ops_summaries_monitor_high_power_location">Standort mit hohem Stromverbrauch beobachten</string>
|
||||
<string name="app_ops_summaries_monitor_location">Standort beobachten</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">Nutzung Bewegungssensoren</string>
|
||||
<string name="app_ops_summaries_mute_unmute_microphone">Mikrofon ein-/ausschalten</string>
|
||||
<string name="app_ops_summaries_neighboring_cells">Benachbarte Netze</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">Sonstige Sensoren</string>
|
||||
<string name="app_ops_summaries_phone_calls">Anrufe beantworten</string>
|
||||
<string name="app_ops_summaries_picture_in_picture">Bild im Bild verwenden</string>
|
||||
<string name="app_ops_summaries_play_audio">Audio wiedergeben</string>
|
||||
@@ -162,8 +165,10 @@
|
||||
<string name="app_ops_labels_modify_settings">Einstellungen ändern</string>
|
||||
<string name="app_ops_labels_monitor_high_power_location">Standort mit hohem Stromverbrauch beobachten</string>
|
||||
<string name="app_ops_labels_monitor_location">Standort beobachten</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Bewegungssensoren</string>
|
||||
<string name="app_ops_labels_mute_unmute_microphone">Mikrofon ein-/ausschalten</string>
|
||||
<string name="app_ops_labels_neighboring_cells">Benachbarte Zellen</string>
|
||||
+ <string name="app_ops_labels_other_sensors">sonstige Sensoren</string>
|
||||
<string name="app_ops_labels_phone_calls">Anrufe beantworten</string>
|
||||
<string name="app_ops_labels_picture_in_picture">Bild im Bild verwenden</string>
|
||||
<string name="app_ops_labels_play_audio">Audio wiedergeben</string>
|
||||
diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml
|
||||
index 523d87d673..3133e8d4bf 100644
|
||||
--- a/res/values-fr/cm_strings.xml
|
||||
+++ b/res/values-fr/cm_strings.xml
|
||||
@@ -39,6 +39,7 @@
|
||||
<string name="app_ops_categories_device">Appareil</string>
|
||||
<string name="app_ops_categories_run_in_background">Exécuter en arrière plan</string>
|
||||
<string name="app_ops_categories_bootup">Démarrage</string>
|
||||
+ <string name="app_ops_categories_sensors">Capteurs</string>
|
||||
<string name="app_ops_categories_su">Accès root</string>
|
||||
<string name="app_ops_categories_other">Autre</string>
|
||||
<string name="app_ops_summaries_accept_handover">transférer un appel d\'une autre application</string>
|
||||
@@ -76,8 +77,10 @@
|
||||
<string name="app_ops_summaries_modify_settings">modifier les paramètres</string>
|
||||
<string name="app_ops_summaries_monitor_high_power_location">surveiller la position (à puissance élevée)</string>
|
||||
<string name="app_ops_summaries_monitor_location">surveiller la position</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">utiliser les capteurs de mouvement</string>
|
||||
<string name="app_ops_summaries_mute_unmute_microphone">activer/désactiver le microphone</string>
|
||||
<string name="app_ops_summaries_neighboring_cells">nœuds environnants</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">utiliser d\'autres capteurs</string>
|
||||
<string name="app_ops_summaries_phone_calls">répondre aux appels téléphoniques</string>
|
||||
<string name="app_ops_summaries_picture_in_picture">utiliser le mode Picture-in-Picture</string>
|
||||
<string name="app_ops_summaries_play_audio">lecture audio</string>
|
||||
@@ -162,8 +165,10 @@
|
||||
<string name="app_ops_labels_modify_settings">Modifier les paramètres</string>
|
||||
<string name="app_ops_labels_monitor_high_power_location">Surveiller la position (à puissance élevée)</string>
|
||||
<string name="app_ops_labels_monitor_location">Surveiller la position</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Capteur de mouvement</string>
|
||||
<string name="app_ops_labels_mute_unmute_microphone">Activer/désactiver le microphone</string>
|
||||
<string name="app_ops_labels_neighboring_cells">Noeuds environnants</string>
|
||||
+ <string name="app_ops_labels_other_sensors">autres Capteurs</string>
|
||||
<string name="app_ops_labels_phone_calls">Répondre aux appels téléphoniques</string>
|
||||
<string name="app_ops_labels_picture_in_picture">Utiliser le mode Picture-in-Picture</string>
|
||||
<string name="app_ops_labels_play_audio">Lecture audio</string>
|
||||
diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
|
||||
index 7d0b80d3c0..83abcf8580 100644
|
||||
--- a/res/values/cm_strings.xml
|
||||
+++ b/res/values/cm_strings.xml
|
||||
@@ -50,6 +50,7 @@
|
||||
<string name="app_ops_categories_device">Device</string>
|
||||
<string name="app_ops_categories_run_in_background">Run in background</string>
|
||||
<string name="app_ops_categories_bootup">Bootup</string>
|
||||
+ <string name="app_ops_categories_sensors">Sensors</string>
|
||||
<string name="app_ops_categories_su">Root access</string>
|
||||
<string name="app_ops_categories_other">Other</string>
|
||||
|
||||
@@ -89,7 +90,9 @@
|
||||
<string name="app_ops_summaries_modify_settings">modify settings</string>
|
||||
<string name="app_ops_summaries_monitor_high_power_location">monitor high power location</string>
|
||||
<string name="app_ops_summaries_monitor_location">monitor location</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">Motion Sensor usage</string>
|
||||
<string name="app_ops_summaries_mute_unmute_microphone">mute/unmute microphone</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">Other Sensor usage</string>
|
||||
<string name="app_ops_summaries_neighboring_cells">neighboring cells</string>
|
||||
<string name="app_ops_summaries_phone_calls">answer phone calls</string>
|
||||
<string name="app_ops_summaries_picture_in_picture">use picture in picture</string>
|
||||
@@ -177,8 +180,10 @@
|
||||
<string name="app_ops_labels_modify_settings">Modify settings</string>
|
||||
<string name="app_ops_labels_monitor_high_power_location">Monitor high power location</string>
|
||||
<string name="app_ops_labels_monitor_location">Monitor location</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Motion Sensors</string>
|
||||
<string name="app_ops_labels_mute_unmute_microphone">Mute/unmute microphone</string>
|
||||
<string name="app_ops_labels_neighboring_cells">Neighboring cells</string>
|
||||
+ <string name="app_ops_labels_other_sensors">Other Sensors</string>
|
||||
<string name="app_ops_labels_phone_calls">Answer phone calls</string>
|
||||
<string name="app_ops_labels_picture_in_picture">Use picture in picture</string>
|
||||
<string name="app_ops_labels_play_audio">Play audio</string>
|
||||
diff --git a/res/values/lineage_arrays.xml b/res/values/lineage_arrays.xml
|
||||
index 0145438148..40fea7be2d 100644
|
||||
--- a/res/values/lineage_arrays.xml
|
||||
+++ b/res/values/lineage_arrays.xml
|
||||
@@ -51,6 +51,7 @@
|
||||
<item>@string/app_ops_categories_run_in_background</item>
|
||||
<item>@string/app_ops_categories_bootup</item>
|
||||
<item>@string/app_ops_categories_su</item>
|
||||
+ <item>@string/app_ops_categories_sensors</item>
|
||||
<item>@string/app_ops_categories_other</item>
|
||||
</string-array>
|
||||
|
||||
@@ -222,6 +223,10 @@
|
||||
<item>@string/app_ops_summaries_toggle_mobile_data</item>
|
||||
<!-- OP_SU -->
|
||||
<item>@string/app_ops_summaries_su</item>
|
||||
+ <!-- OP_MOTION_SENSORS -->
|
||||
+ <item>@string/app_ops_summaries_motion_sensors</item>
|
||||
+ <!-- OP_OTHER_SENSORS -->
|
||||
+ <item>@string/app_ops_summaries_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- User display names for app ops codes - extension of AOSP -->
|
||||
@@ -392,6 +397,10 @@
|
||||
<item>@string/app_ops_labels_toggle_mobile_data</item>
|
||||
<!-- OP_SU -->
|
||||
<item>@string/app_ops_labels_su</item>
|
||||
+ <!-- OP_MOTION_SENSORS -->
|
||||
+ <item>@string/app_ops_labels_motion_sensors</item>
|
||||
+ <!-- OP_OTHER_SENSORS -->
|
||||
+ <item>@string/app_ops_labels_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- App ops permissions -->
|
||||
diff --git a/src/com/android/settings/applications/appops/AppOpsState.java b/src/com/android/settings/applications/appops/AppOpsState.java
|
||||
index eeb1b2d302..8c8d2283ba 100644
|
||||
--- a/src/com/android/settings/applications/appops/AppOpsState.java
|
||||
+++ b/src/com/android/settings/applications/appops/AppOpsState.java
|
||||
@@ -236,6 +236,15 @@ public class AppOpsState {
|
||||
new boolean[] { true }
|
||||
);
|
||||
|
||||
+ public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate(
|
||||
+ new int[] { AppOpsManager.OP_BODY_SENSORS,
|
||||
+ AppOpsManager.OP_MOTION_SENSORS,
|
||||
+ AppOpsManager.OP_OTHER_SENSORS },
|
||||
+ new boolean[] { true,
|
||||
+ false,
|
||||
+ false }
|
||||
+ );
|
||||
+
|
||||
public static final OpsTemplate SU_TEMPLATE = new OpsTemplate(
|
||||
new int[] { AppOpsManager.OP_SU },
|
||||
new boolean[] { false }
|
||||
@@ -252,7 +261,6 @@ public class AppOpsState {
|
||||
AppOpsManager.OP_USE_SIP,
|
||||
AppOpsManager.OP_PROCESS_OUTGOING_CALLS,
|
||||
AppOpsManager.OP_USE_FINGERPRINT,
|
||||
- AppOpsManager.OP_BODY_SENSORS,
|
||||
AppOpsManager.OP_READ_CELL_BROADCASTS,
|
||||
AppOpsManager.OP_MOCK_LOCATION,
|
||||
AppOpsManager.OP_READ_EXTERNAL_STORAGE,
|
||||
@@ -272,7 +280,6 @@ public class AppOpsState {
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
- true,
|
||||
true }
|
||||
);
|
||||
|
||||
@@ -286,7 +293,7 @@ public class AppOpsState {
|
||||
public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] {
|
||||
LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE,
|
||||
MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE,
|
||||
- BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE
|
||||
+ BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE
|
||||
};
|
||||
|
||||
/**
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,37 @@
|
||||
From e25aed77e6309bfd63a6fde119cf4e2dd22612b3 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Tue, 19 Mar 2019 22:35:38 +0100
|
||||
Subject: [PATCH 2/2] AppOps details: Add permission icons for new Sensor
|
||||
AppOps
|
||||
|
||||
Change-Id: Ifc337517818dcc929a406ed455fb76e6533507ab
|
||||
---
|
||||
.../android/settings/applications/appops/AppOpsDetails.java | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/com/android/settings/applications/appops/AppOpsDetails.java b/src/com/android/settings/applications/appops/AppOpsDetails.java
|
||||
index 2f210435e8..4f01ceabda 100644
|
||||
--- a/src/com/android/settings/applications/appops/AppOpsDetails.java
|
||||
+++ b/src/com/android/settings/applications/appops/AppOpsDetails.java
|
||||
@@ -115,6 +115,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
|
||||
OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location);
|
||||
OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone);
|
||||
OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc);
|
||||
+ OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_phone_info);
|
||||
OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications);
|
||||
OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard);
|
||||
OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background);
|
||||
@@ -213,6 +214,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
|
||||
if (icon == null && op != -1 && OP_ICONS.containsKey(op)) {
|
||||
icon = getActivity().getDrawable(OP_ICONS.get(op));
|
||||
}
|
||||
+ if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) {
|
||||
+ icon = getIconByPermission(AppOpsManager.opToPermission(
|
||||
+ AppOpsManager.OP_USE_FINGERPRINT));
|
||||
+ }
|
||||
if (icon == null) {
|
||||
Log.e(TAG, "Failed to retrieve icon for permission: " + perm);
|
||||
} else {
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,103 @@
|
||||
From cfc06a04979f028a14ab68fb733a7ecfe6bafcae Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 13:04:05 +0100
|
||||
Subject: [PATCH] AppOps: Add further Op for accessing Sensors
|
||||
|
||||
Change-Id: Id7d84d910b849cc4f781aac2a6c21278e08bdeec
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 16 +++++++++++++++-
|
||||
1 file changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index 77875354d732..af535f62c10b 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -836,10 +836,12 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
public static final int OP_READ_DEVICE_IDENTIFIERS = 89;
|
||||
/** @hide Read location metadata from media */
|
||||
public static final int OP_ACCESS_MEDIA_LOCATION = 90;
|
||||
+ /** @hide Access other Sensors */
|
||||
+ public static final int OP_OTHER_SENSORS = 91;
|
||||
|
||||
/** @hide */
|
||||
@UnsupportedAppUsage
|
||||
- public static final int _NUM_OP = 91;
|
||||
+ public static final int _NUM_OP = 92;
|
||||
|
||||
/** Access to coarse location information. */
|
||||
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
|
||||
@@ -1119,6 +1121,10 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
/** @hide Read device identifiers */
|
||||
public static final String OPSTR_READ_DEVICE_IDENTIFIERS = "android:read_device_identifiers";
|
||||
|
||||
+ /** @hide Other Sensors */
|
||||
+ public static final String OPSTR_OTHER_SENSORS = "android:other_sensors";
|
||||
+
|
||||
+
|
||||
// Warning: If an permission is added here it also has to be added to
|
||||
// com.android.packageinstaller.permission.utils.EventLogger
|
||||
private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = {
|
||||
@@ -1281,6 +1287,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
OP_ACCESS_ACCESSIBILITY, // ACCESS_ACCESSIBILITY
|
||||
OP_READ_DEVICE_IDENTIFIERS, // READ_DEVICE_IDENTIFIERS
|
||||
OP_ACCESS_MEDIA_LOCATION, // ACCESS_MEDIA_LOCATION
|
||||
+ OP_OTHER_SENSORS, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1378,6 +1385,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
OPSTR_ACCESS_ACCESSIBILITY,
|
||||
OPSTR_READ_DEVICE_IDENTIFIERS,
|
||||
OPSTR_ACCESS_MEDIA_LOCATION,
|
||||
+ OPSTR_OTHER_SENSORS,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1476,6 +1484,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
"ACCESS_ACCESSIBILITY",
|
||||
"READ_DEVICE_IDENTIFIERS",
|
||||
"ACCESS_MEDIA_LOCATION",
|
||||
+ "OTHER_SENSORS",
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1575,6 +1584,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
null, // no permission for OP_ACCESS_ACCESSIBILITY
|
||||
null, // no direct permission for OP_READ_DEVICE_IDENTIFIERS
|
||||
Manifest.permission.ACCESS_MEDIA_LOCATION,
|
||||
+ null, // no direct permission for OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1674,6 +1684,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
null, // ACCESS_ACCESSIBILITY
|
||||
null, // READ_DEVICE_IDENTIFIERS
|
||||
null, // ACCESS_MEDIA_LOCATION
|
||||
+ null, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1772,6 +1783,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
false, // ACCESS_ACCESSIBILITY
|
||||
false, // READ_DEVICE_IDENTIFIERS
|
||||
false, // ACCESS_MEDIA_LOCATION
|
||||
+ false, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1869,6 +1881,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
AppOpsManager.MODE_ALLOWED, // ACCESS_ACCESSIBILITY
|
||||
AppOpsManager.MODE_ERRORED, // READ_DEVICE_IDENTIFIERS
|
||||
AppOpsManager.MODE_ALLOWED, // ALLOW_MEDIA_LOCATION
|
||||
+ AppOpsManager.MODE_ALLOWED, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1970,6 +1983,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
false, // ACCESS_ACCESSIBILITY
|
||||
false, // READ_DEVICE_IDENTIFIERS
|
||||
false, // ACCESS_MEDIA_LOCATION
|
||||
+ false, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
@ -0,0 +1,81 @@
|
||||
From 8dccd92c719f3cfabb75f2d4cda2743e9f8cd4a8 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 13:21:18 +0100
|
||||
Subject: [PATCH] AppOps: New Op for (Other) sensors access
|
||||
|
||||
* Add missing Ops to the enum, as pre-requisite to add new sensor op
|
||||
* Add new sensor op to enum
|
||||
* Invoke OP_OTHER_SENSORS as default
|
||||
* Adapt logic for checking the Ops, if no permission is linked
|
||||
|
||||
Change-Id: If4011566a391314afed9a26e1dcf6e4bc838e4f7
|
||||
---
|
||||
libs/binder/include/binder/AppOpsManager.h | 13 +++++++++++++
|
||||
libs/sensor/Sensor.cpp | 1 +
|
||||
services/sensorservice/SensorService.cpp | 9 +++++----
|
||||
3 files changed, 19 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
|
||||
index 17493b4252..89c0eacb8a 100644
|
||||
--- a/libs/binder/include/binder/AppOpsManager.h
|
||||
+++ b/libs/binder/include/binder/AppOpsManager.h
|
||||
@@ -109,6 +109,19 @@ class AppOpsManager
|
||||
OP_START_FOREGROUND = 76,
|
||||
OP_BLUETOOTH_SCAN = 77,
|
||||
OP_USE_BIOMETRIC = 78,
|
||||
+ OP_ACTIVITY_RECOGNITION = 79,
|
||||
+ OP_SMS_FINANCIAL_TRANSACTIONS = 80,
|
||||
+ OP_READ_MEDIA_AUDIO = 81,
|
||||
+ OP_WRITE_MEDIA_AUDIO = 82,
|
||||
+ OP_READ_MEDIA_VIDEO = 83,
|
||||
+ OP_WRITE_MEDIA_VIDEO = 84,
|
||||
+ OP_READ_MEDIA_IMAGES = 85,
|
||||
+ OP_WRITE_MEDIA_IMAGES = 86,
|
||||
+ OP_LEGACY_STORAGE = 87,
|
||||
+ OP_ACCESS_ACCESSIBILITY = 88,
|
||||
+ OP_READ_DEVICE_IDENTIFIERS = 89,
|
||||
+ OP_ACCESS_MEDIA_LOCATION = 90,
|
||||
+ OP_OTHER_SENSORS = 91,
|
||||
};
|
||||
|
||||
AppOpsManager();
|
||||
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
|
||||
index abc910302c..8a318543a7 100644
|
||||
--- a/libs/sensor/Sensor.cpp
|
||||
+++ b/libs/sensor/Sensor.cpp
|
||||
@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
mMinDelay = hwSensor.minDelay;
|
||||
mFlags = 0;
|
||||
mUuid = uuid;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set
|
||||
|
||||
// Set fifo event count zero for older devices which do not support batching. Fused
|
||||
// sensors also have their fifo counts set to zero.
|
||||
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
|
||||
index 6bb250e7bb..58297122a5 100644
|
||||
--- a/services/sensorservice/SensorService.cpp
|
||||
+++ b/services/sensorservice/SensorService.cpp
|
||||
@@ -1643,10 +1643,9 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
|
||||
|
||||
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
const String16& opPackageName) {
|
||||
+
|
||||
// Check if a permission is required for this sensor
|
||||
- if (sensor.getRequiredPermission().length() <= 0) {
|
||||
- return true;
|
||||
- }
|
||||
+ bool noAssociatedPermission = (sensor.getRequiredPermission().length() <= 0);
|
||||
|
||||
const int32_t opCode = sensor.getRequiredAppOp();
|
||||
const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
|
||||
@@ -1654,7 +1653,9 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
bool appOpAllowed = appOpMode == AppOpsManager::MODE_ALLOWED;
|
||||
|
||||
bool canAccess = false;
|
||||
- if (hasPermissionForSensor(sensor)) {
|
||||
+ if (noAssociatedPermission) {
|
||||
+ canAccess = appOpAllowed;
|
||||
+ } else if (hasPermissionForSensor(sensor)) {
|
||||
// Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
|
||||
if (opCode < 0 || appOpAllowed) {
|
||||
canAccess = true;
|
@ -0,0 +1,262 @@
|
||||
From cbaa03f90faaed007e522306be77fa79c5b87859 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 15:17:37 +0100
|
||||
Subject: [PATCH] Special Access: Add an option to administer Sensor access
|
||||
|
||||
Accesses the added AppOp for OP_OTHER_SENSORS
|
||||
|
||||
Change-Id: I79c0ed4ab97494434edc6c308a8a54bd123c02ee
|
||||
---
|
||||
res/values-de/strings.xml | 3 +
|
||||
res/values-fr/strings.xml | 3 +
|
||||
res/values/strings.xml | 5 +
|
||||
res/xml/special_access.xml | 7 +
|
||||
.../specialaccess/sensor/SensorAccess.java | 178 ++++++++++++++++++
|
||||
5 files changed, 196 insertions(+)
|
||||
create mode 100644 src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
|
||||
diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
|
||||
index 0893b5c318..a81d55df07 100644
|
||||
--- a/res/values-de/strings.xml
|
||||
+++ b/res/values-de/strings.xml
|
||||
@@ -4671,4 +4671,7 @@
|
||||
<string name="rtt_settings_no_visible" msgid="7440356831140948382"></string>
|
||||
<string name="rtt_settings_visible_during_call" msgid="7866181103286073700"></string>
|
||||
<string name="rtt_settings_always_visible" msgid="2364173070088756238"></string>
|
||||
+ <string name="sensor_access_summary">Sensorzugriff von Benutzer-Apps kontrollieren</string>
|
||||
+ <string name="sensor_access_title">Zugriff auf Sensoren</string>
|
||||
+ <string name="sensor_access_title_empty_text">Keine installierte App hat Sensorzugriff angefordert.</string>
|
||||
</resources>
|
||||
diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml
|
||||
index a1461ea6a2..c7aa02d04f 100644
|
||||
--- a/res/values-fr/strings.xml
|
||||
+++ b/res/values-fr/strings.xml
|
||||
@@ -4670,4 +4670,7 @@
|
||||
<string name="rtt_settings_no_visible" msgid="7440356831140948382"></string>
|
||||
<string name="rtt_settings_visible_during_call" msgid="7866181103286073700"></string>
|
||||
<string name="rtt_settings_always_visible" msgid="2364173070088756238"></string>
|
||||
+ <string name="sensor_access_summary">Contrôler l\'accès des applications utilisateurs aux capteurs</string>
|
||||
+ <string name="sensor_access_title">Access aux Capteurs</string>
|
||||
+ <string name="sensor_access_title_empty_text">Aucune app installée n\'a demandé de l\'accès aux capteurs.</string>
|
||||
</resources>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 5b4f19c18b..d8a769645e 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11426,6 +11426,11 @@
|
||||
<!-- Subtext for showing the option of RTT setting. [CHAR LIMIT=NONE] -->
|
||||
<string name="rtt_settings_always_visible"></string>
|
||||
|
||||
+ <!-- Sensor AppOps -->
|
||||
+ <string name="sensor_access_summary">Control sensor access for user apps</string>
|
||||
+ <string name="sensor_access_title">Access to Sensors</string>
|
||||
+ <string name="sensor_access_title_empty_text">No installed apps have requested sensors access.</string>
|
||||
+
|
||||
<!-- Bluetooth message permission alert for notification content [CHAR LIMIT=none] -->
|
||||
<string name="bluetooth_message_access_notification_content">A device wants to access your messages. Tap for details.</string>
|
||||
<!-- Bluetooth message permission alert for dialog title [CHAR LIMIT=none] -->
|
||||
diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml
|
||||
index f846298341..bee9d6e2eb 100644
|
||||
--- a/res/xml/special_access.xml
|
||||
+++ b/res/xml/special_access.xml
|
||||
@@ -145,6 +145,13 @@
|
||||
android:value="com.android.settings.Settings$ChangeWifiStateActivity" />
|
||||
</Preference>
|
||||
|
||||
+ <Preference
|
||||
+ android:key="sensor_access"
|
||||
+ android:title="@string/sensor_access_title"
|
||||
+ android:summary="@string/sensor_access_summary"
|
||||
+ android:fragment="com.android.settings.applications.specialaccess.sensor.SensorAccess">
|
||||
+ </Preference>
|
||||
+
|
||||
<Preference
|
||||
android:key="special_access_more"
|
||||
android:title="@string/special_access_more"
|
||||
diff --git a/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
new file mode 100644
|
||||
index 0000000000..2c29f3abfd
|
||||
--- /dev/null
|
||||
+++ b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
@@ -0,0 +1,178 @@
|
||||
+package com.android.settings.applications.specialaccess.sensor;
|
||||
+
|
||||
+import android.annotation.Nullable;
|
||||
+import android.app.AlertDialog;
|
||||
+import android.app.Dialog;
|
||||
+import android.app.DialogFragment;
|
||||
+import android.app.AppOpsManager;
|
||||
+import android.content.Context;
|
||||
+import android.content.DialogInterface;
|
||||
+import android.content.pm.ApplicationInfo;
|
||||
+import android.content.pm.PackageInfo;
|
||||
+import android.content.pm.PackageItemInfo;
|
||||
+import android.content.pm.PackageManager;
|
||||
+import android.database.ContentObserver;
|
||||
+import android.net.Uri;
|
||||
+import android.os.Bundle;
|
||||
+import android.os.Handler;
|
||||
+import android.os.Looper;
|
||||
+import android.text.TextUtils;
|
||||
+import android.util.ArraySet;
|
||||
+import android.util.Log;
|
||||
+import android.util.TypedValue;
|
||||
+import android.view.Gravity;
|
||||
+import android.view.View;
|
||||
+import android.view.ViewGroup;
|
||||
+import android.view.ViewGroup.LayoutParams;
|
||||
+import android.widget.TextView;
|
||||
+import android.widget.Toast;
|
||||
+
|
||||
+import androidx.preference.Preference;
|
||||
+import androidx.preference.Preference.OnPreferenceChangeListener;
|
||||
+import androidx.preference.PreferenceScreen;
|
||||
+import androidx.preference.SwitchPreference;
|
||||
+
|
||||
+import com.android.settings.R;
|
||||
+import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
|
||||
+import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
|
||||
+import com.android.settings.SettingsPreferenceFragment;
|
||||
+
|
||||
+import java.util.Arrays;
|
||||
+import java.util.ArrayList;
|
||||
+import java.util.Collections;
|
||||
+import java.util.List;
|
||||
+
|
||||
+public class SensorAccess extends SettingsPreferenceFragment {
|
||||
+
|
||||
+ private final SettingObserver mObserver = new SettingObserver();
|
||||
+
|
||||
+ static final String TAG = "SensorAccess";
|
||||
+
|
||||
+ private Context mContext;
|
||||
+ private PackageManager mPackageManager;
|
||||
+ private AppOpsManager mAppOpsManager;
|
||||
+ private TextView mEmpty;
|
||||
+
|
||||
+ @Override
|
||||
+ public int getMetricsCategory() {
|
||||
+ return MetricsEvent.VIEW_UNKNOWN;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onCreate(Bundle icicle) {
|
||||
+ super.onCreate(icicle);
|
||||
+
|
||||
+ mContext = getActivity();
|
||||
+ mPackageManager = mContext.getPackageManager();
|
||||
+ mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
|
||||
+ setPreferenceScreen(getPreferenceManager().createPreferenceScreen(mContext));
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onViewCreated(View view, @Nullable Bundle savedInstanceState) {
|
||||
+ super.onViewCreated(view, savedInstanceState);
|
||||
+ mEmpty = new TextView(getContext());
|
||||
+ mEmpty.setGravity(Gravity.CENTER);
|
||||
+ mEmpty.setText(R.string.sensor_access_title_empty_text);
|
||||
+ TypedValue value = new TypedValue();
|
||||
+ getContext().getTheme().resolveAttribute(android.R.attr.textAppearanceMedium, value, true);
|
||||
+ mEmpty.setTextAppearance(value.resourceId);
|
||||
+ ((ViewGroup) view.findViewById(android.R.id.list_container)).addView(mEmpty,
|
||||
+ new LayoutParams(LayoutParams.MATCH_PARENT, LayoutParams.MATCH_PARENT));
|
||||
+ setEmptyView(mEmpty);
|
||||
+ reloadList();
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onResume() {
|
||||
+ super.onResume();
|
||||
+ getActivity().getActionBar().setTitle(R.string.sensor_access_title);
|
||||
+ reloadList();
|
||||
+ }
|
||||
+
|
||||
+ private void reloadList() {
|
||||
+ final PreferenceScreen screen = getPreferenceScreen();
|
||||
+ screen.removeAll();
|
||||
+
|
||||
+ final ArrayList<ApplicationInfo> apps = new ArrayList<>();
|
||||
+ final List<ApplicationInfo> installed = mPackageManager.getInstalledApplications(0);
|
||||
+ if (installed != null) {
|
||||
+ for (ApplicationInfo app : installed) {
|
||||
+ // Skip system apps
|
||||
+ if (isUserApp(app.packageName)) {
|
||||
+ // Only apps effectively having the Op OTHER_SENSORS
|
||||
+ if (mAppOpsManager.getOpsForPackage(getPackageUid(app.packageName),
|
||||
+ app.packageName, new int[]{AppOpsManager.OP_OTHER_SENSORS}) != null)
|
||||
+ apps.add(app);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ Collections.sort(apps, new PackageItemInfo.DisplayNameComparator(mPackageManager));
|
||||
+ for (ApplicationInfo app : apps) {
|
||||
+ final String pkg = app.packageName;
|
||||
+ final CharSequence label = app.loadLabel(mPackageManager);
|
||||
+ final SwitchPreference pref = new SwitchPreference(getPrefContext());
|
||||
+ pref.setPersistent(false);
|
||||
+ pref.setIcon(app.loadIcon(mPackageManager));
|
||||
+ pref.setTitle(label);
|
||||
+ updateState(pref, pkg);
|
||||
+ pref.setOnPreferenceChangeListener(new OnPreferenceChangeListener() {
|
||||
+ @Override
|
||||
+ public boolean onPreferenceChange(Preference preference, Object newValue) {
|
||||
+ boolean switchOn = (Boolean) newValue;
|
||||
+ mAppOpsManager.setMode(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg,
|
||||
+ switchOn ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED);
|
||||
+ pref.setChecked(switchOn);
|
||||
+ return false;
|
||||
+ }
|
||||
+ });
|
||||
+ screen.addPreference(pref);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public void updateState(SwitchPreference preference, String pkg) {
|
||||
+ final int mode = mAppOpsManager
|
||||
+ .checkOpNoThrow(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg);
|
||||
+ if (mode == AppOpsManager.MODE_ERRORED) {
|
||||
+ preference.setChecked(false);
|
||||
+ } else {
|
||||
+ final boolean checked = mode != AppOpsManager.MODE_IGNORED;
|
||||
+ preference.setChecked(checked);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ private boolean isUserApp(String pkg) {
|
||||
+ ApplicationInfo appInfo;
|
||||
+ try {
|
||||
+ appInfo = mPackageManager.getApplicationInfo(pkg,
|
||||
+ PackageManager.GET_DISABLED_COMPONENTS
|
||||
+ | PackageManager.GET_UNINSTALLED_PACKAGES);
|
||||
+ } catch (PackageManager.NameNotFoundException e) {
|
||||
+ Log.w(TAG, "Unable to find info for package " + pkg);
|
||||
+ return false;
|
||||
+ }
|
||||
+ return ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0);
|
||||
+ }
|
||||
+
|
||||
+ private int getPackageUid(String pkg) {
|
||||
+ int uid;
|
||||
+ try {
|
||||
+ uid = mPackageManager.getPackageUid(pkg, 0);
|
||||
+ } catch (PackageManager.NameNotFoundException e) {
|
||||
+ // We shouldn't hit this, ever. What can we even do after this?
|
||||
+ uid = -1;
|
||||
+ }
|
||||
+ return uid;
|
||||
+ }
|
||||
+
|
||||
+ private final class SettingObserver extends ContentObserver {
|
||||
+ public SettingObserver() {
|
||||
+ super(new Handler(Looper.getMainLooper()));
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onChange(boolean selfChange, Uri uri) {
|
||||
+ reloadList();
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
--
|
||||
2.31.1
|
||||
|
@ -0,0 +1,104 @@
|
||||
From 28d7fc27bb5f69753d3b3a7e2329d692d99c4433 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 13:04:05 +0100
|
||||
Subject: [PATCH] AppOps: Add further Op for accessing Sensors
|
||||
|
||||
(Adapted for R)
|
||||
|
||||
Change-Id: Id7d84d910b849cc4f781aac2a6c21278e08bdeec
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 16 +++++++++++++++-
|
||||
1 file changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index 6baabb69e028..fb685b57e0a6 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -1150,9 +1150,12 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
// TODO: Add as AppProtoEnums
|
||||
public static final int OP_RECORD_AUDIO_HOTWORD = 102;
|
||||
|
||||
+ /** @hide Access to other Sensors **/
|
||||
+ public static final int OP_OTHER_SENSORS = 103;
|
||||
+
|
||||
/** @hide */
|
||||
@UnsupportedAppUsage
|
||||
- public static final int _NUM_OP = 103;
|
||||
+ public static final int _NUM_OP = 104;
|
||||
|
||||
/** Access to coarse location information. */
|
||||
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
|
||||
@@ -1490,6 +1493,9 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
*/
|
||||
public static final String OPSTR_RECORD_AUDIO_HOTWORD = "android:record_audio_hotword";
|
||||
|
||||
+ /** @hide Other Sensors */
|
||||
+ public static final String OPSTR_OTHER_SENSORS = "android:other_sensors";
|
||||
+
|
||||
/** {@link #sAppOpsToNote} not initialized yet for this op */
|
||||
private static final byte SHOULD_COLLECT_NOTE_OP_NOT_INITIALIZED = 0;
|
||||
/** Should not collect noting of this app-op in {@link #sAppOpsToNote} */
|
||||
@@ -1682,6 +1688,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
OP_PHONE_CALL_MICROPHONE, // OP_PHONE_CALL_MICROPHONE
|
||||
OP_PHONE_CALL_CAMERA, // OP_PHONE_CALL_CAMERA
|
||||
OP_RECORD_AUDIO_HOTWORD, // RECORD_AUDIO_HOTWORD
|
||||
+ OP_OTHER_SENSORS, // OTHER SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1791,6 +1798,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
OPSTR_PHONE_CALL_MICROPHONE,
|
||||
OPSTR_PHONE_CALL_CAMERA,
|
||||
OPSTR_RECORD_AUDIO_HOTWORD,
|
||||
+ OPSTR_OTHER_SENSORS,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1901,6 +1909,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
"PHONE_CALL_MICROPHONE",
|
||||
"PHONE_CALL_CAMERA",
|
||||
"RECORD_AUDIO_HOTWORD",
|
||||
+ "OTHER_SENSORS",
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2012,6 +2021,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
null, // no permission for OP_PHONE_CALL_MICROPHONE
|
||||
null, // no permission for OP_PHONE_CALL_CAMERA
|
||||
null, // no permission for OP_RECORD_AUDIO_HOTWORD
|
||||
+ null, // no permission for OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2123,6 +2133,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
null, // PHONE_CALL_MICROPHONE
|
||||
null, // PHONE_CALL_MICROPHONE
|
||||
null, // RECORD_AUDIO_HOTWORD
|
||||
+ null, // OTHER SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2233,6 +2244,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
null, // PHONE_CALL_MICROPHONE
|
||||
null, // PHONE_CALL_CAMERA
|
||||
null, // RECORD_AUDIO_HOTWORD
|
||||
+ null, // OTHER SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2342,6 +2354,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
AppOpsManager.MODE_ALLOWED, // PHONE_CALL_MICROPHONE
|
||||
AppOpsManager.MODE_ALLOWED, // PHONE_CALL_CAMERA
|
||||
AppOpsManager.MODE_ALLOWED, // OP_RECORD_AUDIO_HOTWORD
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2455,6 +2468,7 @@ public static String flagsToString(@OpFlags int flags) {
|
||||
false, // PHONE_CALL_MICROPHONE
|
||||
false, // PHONE_CALL_CAMERA
|
||||
false, // RECORD_AUDIO_HOTWORD
|
||||
+ false, // OTHER SENSORS
|
||||
};
|
||||
|
||||
/**
|
@ -0,0 +1,73 @@
|
||||
From fbe7bf4aec5c1f436f3750f2136ebdc580564a3a Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 13:21:18 +0100
|
||||
Subject: [PATCH] AppOps: New Op for (Other) sensors access
|
||||
|
||||
* Add new sensor op to enum
|
||||
* Invoke OP_OTHER_SENSORS as default
|
||||
* Adapt logic for checking the Ops, if no permission is linked
|
||||
|
||||
cherry-picked from lin17-microG and adapted for R
|
||||
|
||||
Change-Id: If4011566a391314afed9a26e1dcf6e4bc838e4f7
|
||||
---
|
||||
libs/binder/include/binder/AppOpsManager.h | 3 ++-
|
||||
libs/sensor/Sensor.cpp | 1 +
|
||||
services/sensorservice/SensorService.cpp | 10 ++++++----
|
||||
3 files changed, 9 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
|
||||
index d93935ae5d..4a8c36f5b2 100644
|
||||
--- a/libs/binder/include/binder/AppOpsManager.h
|
||||
+++ b/libs/binder/include/binder/AppOpsManager.h
|
||||
@@ -135,7 +135,8 @@ class AppOpsManager
|
||||
OP_PHONE_CALL_MICROPHONE = 100,
|
||||
OP_PHONE_CALL_CAMERA = 101,
|
||||
OP_RECORD_AUDIO_HOTWORD = 102,
|
||||
- _NUM_OP = 103
|
||||
+ OP_OTHER_SENSORS = 103,
|
||||
+ _NUM_OP = 104
|
||||
};
|
||||
|
||||
AppOpsManager();
|
||||
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
|
||||
index 9d817ae0bd..76d365d5f7 100644
|
||||
--- a/libs/sensor/Sensor.cpp
|
||||
+++ b/libs/sensor/Sensor.cpp
|
||||
@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
mMinDelay = hwSensor.minDelay;
|
||||
mFlags = 0;
|
||||
mUuid = uuid;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set
|
||||
|
||||
// Set fifo event count zero for older devices which do not support batching. Fused
|
||||
// sensors also have their fifo counts set to zero.
|
||||
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
|
||||
index 3ca34bba1b..8a62b2bb9c 100644
|
||||
--- a/services/sensorservice/SensorService.cpp
|
||||
+++ b/services/sensorservice/SensorService.cpp
|
||||
@@ -1798,10 +1798,9 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
|
||||
|
||||
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
const String16& opPackageName) {
|
||||
+
|
||||
// Check if a permission is required for this sensor
|
||||
- if (sensor.getRequiredPermission().length() <= 0) {
|
||||
- return true;
|
||||
- }
|
||||
+ bool noAssociatedPermission = (sensor.getRequiredPermission().length() <= 0);
|
||||
|
||||
const int32_t opCode = sensor.getRequiredAppOp();
|
||||
const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
|
||||
@@ -1816,7 +1815,10 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
// Allow access to step sensors if the application targets pre-Q, which is before the
|
||||
// requirement to hold the AR permission to access Step Counter and Step Detector events
|
||||
// was introduced.
|
||||
- canAccess = true;
|
||||
+ // [MSe1969: Of course only, if AppOpAllowed]
|
||||
+ canAccess = appOpAllowed;
|
||||
+ } else if (noAssociatedPermission) {
|
||||
+ canAccess = appOpAllowed;
|
||||
} else if (hasPermissionForSensor(sensor)) {
|
||||
// Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
|
||||
if (opCode < 0 || appOpAllowed) {
|
@ -0,0 +1,260 @@
|
||||
From a0087ffdd73ca128dc9f27118fc9eb4fd43c798b Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 15:17:37 +0100
|
||||
Subject: [PATCH] Special Access: Add an option to administer Sensor access
|
||||
|
||||
Accesses the added AppOp for OP_OTHER_SENSORS
|
||||
|
||||
Change-Id: I79c0ed4ab97494434edc6c308a8a54bd123c02ee
|
||||
---
|
||||
res/values-de/strings.xml | 3 +
|
||||
res/values-fr/strings.xml | 3 +
|
||||
res/values/strings.xml | 5 +
|
||||
res/xml/special_access.xml | 7 +
|
||||
.../specialaccess/sensor/SensorAccess.java | 178 ++++++++++++++++++
|
||||
5 files changed, 196 insertions(+)
|
||||
create mode 100644 src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
|
||||
diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
|
||||
index b2acb11e61..f5815df4a8 100644
|
||||
--- a/res/values-de/strings.xml
|
||||
+++ b/res/values-de/strings.xml
|
||||
@@ -4969,4 +4969,7 @@
|
||||
<string name="bluetooth_phonebook_access_notification_content" msgid="4280361621526852063">"Ein nicht vertrauenswürdiges Gerät fordert Zugriff auf deine Kontakte und deine Anrufliste an. Weitere Informationen."</string>
|
||||
<string name="bluetooth_phonebook_access_dialog_title" msgid="7624607995928968721">"Möchtest du den Zugriff auf Kontakte und Anrufliste zulassen?"</string>
|
||||
<string name="bluetooth_phonebook_access_dialog_content" msgid="4766700015848574532">"Ein nicht vertrauenswürdiges Bluetooth-Gerät (<xliff:g id="DEVICE_NAME_0">%1$s</xliff:g>) möchte auf deine Kontakte und deine Anrufliste zugreifen. Dazu gehören auch Daten über ein- und ausgehende Anrufe.\n\nDu warst bisher noch nicht mit <xliff:g id="DEVICE_NAME_1">%2$s</xliff:g> verbunden."</string>
|
||||
+ <string name="sensor_access_summary">Sensorzugriff von Benutzer-Apps kontrollieren</string>
|
||||
+ <string name="sensor_access_title">Zugriff auf Sensoren</string>
|
||||
+ <string name="sensor_access_title_empty_text">Keine installierte App hat Sensorzugriff angefordert.</string>
|
||||
</resources>
|
||||
diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml
|
||||
index 42545707e6..d65e050664 100644
|
||||
--- a/res/values-fr/strings.xml
|
||||
+++ b/res/values-fr/strings.xml
|
||||
@@ -4968,4 +4968,7 @@
|
||||
<string name="bluetooth_phonebook_access_notification_content" msgid="4280361621526852063">"Un appareil non vérifié souhaite accéder à vos contacts et à votre journal d\'appels. Appuyez ici pour plus de détails."</string>
|
||||
<string name="bluetooth_phonebook_access_dialog_title" msgid="7624607995928968721">"Autoriser l\'accès aux contacts et au journal d\'appels ?"</string>
|
||||
<string name="bluetooth_phonebook_access_dialog_content" msgid="4766700015848574532">"Un appareil Bluetooth non vérifié, <xliff:g id="DEVICE_NAME_0">%1$s</xliff:g>, souhaite accéder à vos contacts et à votre journal d\'appels. Ceci inclut des données concernant les appels entrants et sortants.\n\nVous ne vous êtes jamais connecté à <xliff:g id="DEVICE_NAME_1">%2$s</xliff:g> auparavant."</string>
|
||||
+ <string name="sensor_access_summary">Contrôler l\'accès des applications utilisateurs aux capteurs</string>
|
||||
+ <string name="sensor_access_title">Access aux Capteurs</string>
|
||||
+ <string name="sensor_access_title_empty_text">Aucune app installée n\'a demandé de l\'accès aux capteurs.</string>
|
||||
</resources>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index adf837a034..e4e0c9d129 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -12227,4 +12227,9 @@
|
||||
<string name="bluetooth_connect_access_dialog_negative">Don\u2019t connect</string>
|
||||
<!-- Strings for Dialog connect button -->
|
||||
<string name="bluetooth_connect_access_dialog_positive">Connect</string>
|
||||
+
|
||||
+ <!-- Sensor AppOps -->
|
||||
+ <string name="sensor_access_summary">Control sensor access for user apps</string>
|
||||
+ <string name="sensor_access_title">Access to Sensors</string>
|
||||
+ <string name="sensor_access_title_empty_text">No installed apps have requested sensors access.</string>
|
||||
</resources>
|
||||
diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml
|
||||
index 6ee87f4664..f65ee68f7e 100644
|
||||
--- a/res/xml/special_access.xml
|
||||
+++ b/res/xml/special_access.xml
|
||||
@@ -154,6 +154,13 @@
|
||||
android:value="com.android.settings.Settings$ChangeWifiStateActivity" />
|
||||
</Preference>
|
||||
|
||||
+ <Preference
|
||||
+ android:key="sensor_access"
|
||||
+ android:title="@string/sensor_access_title"
|
||||
+ android:summary="@string/sensor_access_summary"
|
||||
+ android:fragment="com.android.settings.applications.specialaccess.sensor.SensorAccess">
|
||||
+ </Preference>
|
||||
+
|
||||
<Preference
|
||||
android:key="special_access_more"
|
||||
android:title="@string/special_access_more"
|
||||
diff --git a/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
new file mode 100644
|
||||
index 0000000000..2c29f3abfd
|
||||
--- /dev/null
|
||||
+++ b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
@@ -0,0 +1,178 @@
|
||||
+package com.android.settings.applications.specialaccess.sensor;
|
||||
+
|
||||
+import android.annotation.Nullable;
|
||||
+import android.app.AlertDialog;
|
||||
+import android.app.Dialog;
|
||||
+import android.app.DialogFragment;
|
||||
+import android.app.AppOpsManager;
|
||||
+import android.content.Context;
|
||||
+import android.content.DialogInterface;
|
||||
+import android.content.pm.ApplicationInfo;
|
||||
+import android.content.pm.PackageInfo;
|
||||
+import android.content.pm.PackageItemInfo;
|
||||
+import android.content.pm.PackageManager;
|
||||
+import android.database.ContentObserver;
|
||||
+import android.net.Uri;
|
||||
+import android.os.Bundle;
|
||||
+import android.os.Handler;
|
||||
+import android.os.Looper;
|
||||
+import android.text.TextUtils;
|
||||
+import android.util.ArraySet;
|
||||
+import android.util.Log;
|
||||
+import android.util.TypedValue;
|
||||
+import android.view.Gravity;
|
||||
+import android.view.View;
|
||||
+import android.view.ViewGroup;
|
||||
+import android.view.ViewGroup.LayoutParams;
|
||||
+import android.widget.TextView;
|
||||
+import android.widget.Toast;
|
||||
+
|
||||
+import androidx.preference.Preference;
|
||||
+import androidx.preference.Preference.OnPreferenceChangeListener;
|
||||
+import androidx.preference.PreferenceScreen;
|
||||
+import androidx.preference.SwitchPreference;
|
||||
+
|
||||
+import com.android.settings.R;
|
||||
+import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
|
||||
+import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
|
||||
+import com.android.settings.SettingsPreferenceFragment;
|
||||
+
|
||||
+import java.util.Arrays;
|
||||
+import java.util.ArrayList;
|
||||
+import java.util.Collections;
|
||||
+import java.util.List;
|
||||
+
|
||||
+public class SensorAccess extends SettingsPreferenceFragment {
|
||||
+
|
||||
+ private final SettingObserver mObserver = new SettingObserver();
|
||||
+
|
||||
+ static final String TAG = "SensorAccess";
|
||||
+
|
||||
+ private Context mContext;
|
||||
+ private PackageManager mPackageManager;
|
||||
+ private AppOpsManager mAppOpsManager;
|
||||
+ private TextView mEmpty;
|
||||
+
|
||||
+ @Override
|
||||
+ public int getMetricsCategory() {
|
||||
+ return MetricsEvent.VIEW_UNKNOWN;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onCreate(Bundle icicle) {
|
||||
+ super.onCreate(icicle);
|
||||
+
|
||||
+ mContext = getActivity();
|
||||
+ mPackageManager = mContext.getPackageManager();
|
||||
+ mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
|
||||
+ setPreferenceScreen(getPreferenceManager().createPreferenceScreen(mContext));
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onViewCreated(View view, @Nullable Bundle savedInstanceState) {
|
||||
+ super.onViewCreated(view, savedInstanceState);
|
||||
+ mEmpty = new TextView(getContext());
|
||||
+ mEmpty.setGravity(Gravity.CENTER);
|
||||
+ mEmpty.setText(R.string.sensor_access_title_empty_text);
|
||||
+ TypedValue value = new TypedValue();
|
||||
+ getContext().getTheme().resolveAttribute(android.R.attr.textAppearanceMedium, value, true);
|
||||
+ mEmpty.setTextAppearance(value.resourceId);
|
||||
+ ((ViewGroup) view.findViewById(android.R.id.list_container)).addView(mEmpty,
|
||||
+ new LayoutParams(LayoutParams.MATCH_PARENT, LayoutParams.MATCH_PARENT));
|
||||
+ setEmptyView(mEmpty);
|
||||
+ reloadList();
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onResume() {
|
||||
+ super.onResume();
|
||||
+ getActivity().getActionBar().setTitle(R.string.sensor_access_title);
|
||||
+ reloadList();
|
||||
+ }
|
||||
+
|
||||
+ private void reloadList() {
|
||||
+ final PreferenceScreen screen = getPreferenceScreen();
|
||||
+ screen.removeAll();
|
||||
+
|
||||
+ final ArrayList<ApplicationInfo> apps = new ArrayList<>();
|
||||
+ final List<ApplicationInfo> installed = mPackageManager.getInstalledApplications(0);
|
||||
+ if (installed != null) {
|
||||
+ for (ApplicationInfo app : installed) {
|
||||
+ // Skip system apps
|
||||
+ if (isUserApp(app.packageName)) {
|
||||
+ // Only apps effectively having the Op OTHER_SENSORS
|
||||
+ if (mAppOpsManager.getOpsForPackage(getPackageUid(app.packageName),
|
||||
+ app.packageName, new int[]{AppOpsManager.OP_OTHER_SENSORS}) != null)
|
||||
+ apps.add(app);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ Collections.sort(apps, new PackageItemInfo.DisplayNameComparator(mPackageManager));
|
||||
+ for (ApplicationInfo app : apps) {
|
||||
+ final String pkg = app.packageName;
|
||||
+ final CharSequence label = app.loadLabel(mPackageManager);
|
||||
+ final SwitchPreference pref = new SwitchPreference(getPrefContext());
|
||||
+ pref.setPersistent(false);
|
||||
+ pref.setIcon(app.loadIcon(mPackageManager));
|
||||
+ pref.setTitle(label);
|
||||
+ updateState(pref, pkg);
|
||||
+ pref.setOnPreferenceChangeListener(new OnPreferenceChangeListener() {
|
||||
+ @Override
|
||||
+ public boolean onPreferenceChange(Preference preference, Object newValue) {
|
||||
+ boolean switchOn = (Boolean) newValue;
|
||||
+ mAppOpsManager.setMode(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg,
|
||||
+ switchOn ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED);
|
||||
+ pref.setChecked(switchOn);
|
||||
+ return false;
|
||||
+ }
|
||||
+ });
|
||||
+ screen.addPreference(pref);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public void updateState(SwitchPreference preference, String pkg) {
|
||||
+ final int mode = mAppOpsManager
|
||||
+ .checkOpNoThrow(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg);
|
||||
+ if (mode == AppOpsManager.MODE_ERRORED) {
|
||||
+ preference.setChecked(false);
|
||||
+ } else {
|
||||
+ final boolean checked = mode != AppOpsManager.MODE_IGNORED;
|
||||
+ preference.setChecked(checked);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ private boolean isUserApp(String pkg) {
|
||||
+ ApplicationInfo appInfo;
|
||||
+ try {
|
||||
+ appInfo = mPackageManager.getApplicationInfo(pkg,
|
||||
+ PackageManager.GET_DISABLED_COMPONENTS
|
||||
+ | PackageManager.GET_UNINSTALLED_PACKAGES);
|
||||
+ } catch (PackageManager.NameNotFoundException e) {
|
||||
+ Log.w(TAG, "Unable to find info for package " + pkg);
|
||||
+ return false;
|
||||
+ }
|
||||
+ return ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0);
|
||||
+ }
|
||||
+
|
||||
+ private int getPackageUid(String pkg) {
|
||||
+ int uid;
|
||||
+ try {
|
||||
+ uid = mPackageManager.getPackageUid(pkg, 0);
|
||||
+ } catch (PackageManager.NameNotFoundException e) {
|
||||
+ // We shouldn't hit this, ever. What can we even do after this?
|
||||
+ uid = -1;
|
||||
+ }
|
||||
+ return uid;
|
||||
+ }
|
||||
+
|
||||
+ private final class SettingObserver extends ContentObserver {
|
||||
+ public SettingObserver() {
|
||||
+ super(new Handler(Looper.getMainLooper()));
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onChange(boolean selfChange, Uri uri) {
|
||||
+ reloadList();
|
||||
+ }
|
||||
+ }
|
||||
+}
|
||||
--
|
||||
2.31.1
|
||||
|
@ -106,10 +106,17 @@ changeDefaultDNS; #Change the default DNS servers
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Disable_Analytics.patch"; #Disable/reduce functionality of various ad/analytics libraries
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P2.patch";
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-Sensors-P3.patch";
|
||||
rm -rf packages/Osu; #Automatic Wi-Fi connection non-sense
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
if enterAndClear "frameworks/opt/net/ims"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
@ -208,6 +215,8 @@ if enterAndClear "packages/apps/Settings"; then
|
||||
git revert --no-edit 2ebe6058c546194a301c1fd22963d6be4adbf961; #Don't hide OEM unlock
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/201113.patch"; #wifi: Add world regulatory domain country code
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch";
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
|
@ -85,8 +85,7 @@ patchWorkspace() {
|
||||
umask 0022;
|
||||
if [ "$DOS_MALWARE_SCAN_ENABLED" = true ]; then scanForMalware false "$DOS_PREBUILT_APPS $DOS_BUILD_BASE/build $DOS_BUILD_BASE/device $DOS_BUILD_BASE/vendor/lineage"; fi;
|
||||
|
||||
source build/envsetup.sh;
|
||||
repopick -it O_asb_2021-09;
|
||||
#source build/envsetup.sh;
|
||||
|
||||
source "$DOS_SCRIPTS/Patch.sh";
|
||||
source "$DOS_SCRIPTS_COMMON/Copy_Keys.sh";
|
||||
|
@ -109,11 +109,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0006-Disable_Analytics.patch";
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0001-Browser_No_Location.patch"; #Don't grant location permission to system browsers (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0007-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
|
||||
rm -rf packages/Osu packages/Osu2; #Automatic Wi-Fi connection non-sense
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
if enterAndClear "frameworks/opt/net/ims"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
@ -184,6 +189,8 @@ if enterAndClear "packages/apps/Settings"; then
|
||||
git revert --no-edit a96df110e84123fe1273bff54feca3b4ca484dcd; #Don't hide OEM unlock
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0004-PDB_Fixes.patch"; #Fix crashes when the PersistentDataBlockManager service isn't available XXX: This might be broken!
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0005-Sensors-P2.patch";
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
|
@ -118,11 +118,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #Add exec-based spawning support (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
sed -i '301i\ if(packageList != null && packageList.length() > 0) { packageList += ","; } packageList += "net.sourceforge.opencamera";' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist
|
||||
if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
if enterAndClear "frameworks/opt/net/ims"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
@ -196,6 +201,8 @@ if enterAndClear "packages/apps/Settings"; then
|
||||
git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch";
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/PrivacySettings.java; fi; #microG doesn't support Backup, hide the options
|
||||
fi;
|
||||
|
@ -114,12 +114,17 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Re
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Exec_Based_Spawning.patch"; fi; #add exec-based spawning support (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
|
||||
#sed -i '295i\ if(packageList != null && packageList.size() > 0) { packageList.add("net.sourceforge.opencamera"); }' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist XXX: needs testing, broke boot last time
|
||||
rm -rf packages/OsuLogin; #Automatic Wi-Fi connection non-sense
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
if enterAndClear "frameworks/opt/net/ims"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
@ -194,6 +199,7 @@ fi;
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
|
||||
|
@ -96,11 +96,16 @@ patch -p1 < "$DOS_PATCHES/android_frameworks_base/0008-Browser_No_Location.patch
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Review.patch"; #Allow SystemUI to directly manage Bluetooth/WiFi (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_base/0010-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
#sed -i '301i\ if(packageList != null && packageList.size() > 0) { packageList.add("net.sourceforge.opencamera"); }' core/java/android/hardware/Camera.java; #Add Open Camera to aux camera allowlist XXX: needs testing, broke boot last time
|
||||
if [ "$DOS_MICROG_INCLUDED" != "FULL" ]; then rm -rf packages/CompanionDeviceManager; fi; #Used to support Android Wear (which hard depends on GMS)
|
||||
rm -rf packages/PrintRecommendationService; #Creates popups to install proprietary print apps
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
if enterAndClear "frameworks/opt/net/ims"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_frameworks_opt_net_ims/0001-Fix_Calling.patch"; #Fix calling when IMS is removed
|
||||
@ -181,6 +186,7 @@ fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
patch -p1 < "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors.patch"; #Permission for sensors access (MSe1969)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
if [ "$DOS_MICROG_INCLUDED" = "FULL" ]; then sed -i 's/GSETTINGS_PROVIDER = "com.google.settings";/GSETTINGS_PROVIDER = "com.google.oQuae4av";/' src/com/android/settings/backup/PrivacySettingsUtils.java; fi; #microG doesn't support Backup, hide the options
|
||||
fi;
|
||||
|
Loading…
x
Reference in New Issue
Block a user