mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-24 15:09:34 -05:00
Switch 16.0/17.1/18.1 to the more robust GrapheneOS sensors permission patchset
Like done for 19.1 Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
parent
0895190ffa
commit
d50a3a043b
@ -92,12 +92,30 @@ nojit
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/f1898802c8fd7474f723f9a44a316142d940dfed
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/58c9f58bbde6789f944daf41d86acdc7b3e205f2
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/2d14a42f7bc285e141377018285dc4e3fd8f8f86
|
||||
11 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/87837ab83af7ea8a9aa5e47c65e4361cd84479cf
|
||||
11 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/1aa3ca343e98d99d98fdc35fd3dd1d2e5a17fa7d
|
||||
11 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/a87929c2040dd4c36d72b52b211d281a74015dc2
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/8d68accb37299400bba65df9fce805fa5a98fc9a
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/4d5d82f4e2fb9ff68158bf30f3944591bb74dd04
|
||||
9 https://github.com/GrapheneOS/platform_frameworks_base/commit/09632b10185b9133949a431e27089f72b5cfeefa
|
||||
|
||||
[implemented] sensors permission
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/452c474dfae9a312f6e01db5b28de308dbb14cc2
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/daed8c4e3ff8bf94a2a9aa319d32ec2ff5653c8f
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_native/commit/dcef490d7cab7bb9f96f8bfe19a8779ac140b26d
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/a949bd530bdbedf2078119a90a93d7c15bca6975
|
||||
11 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/d18b364558ca86fe3d9bbb643f7dc79d1a57aa5d
|
||||
11 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/cc9b673157996228e8096f83b993cce33a717e14
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_native/commit/6ff4e668467a79b610a003bd989bc0833ade0912
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/83e312089610419029b9e20272c3947edb7a9cc5
|
||||
10 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/a1204e6126189810018ff5540858536a1c58ac37
|
||||
10 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/fc8c816e07ce39583774db8fe668e0505b6aa504
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_native/commit/ff005a6b6a38baef95c4a01d7e1fc75aac651a58
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/9ec9f7f521323552fa658b46862c8408f1a7b41b
|
||||
9 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/af08eeff533855ea164e80a42e18280f7002b4ea
|
||||
9 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/ae0f7cd347a92540b55175a44e3520c2f7145bc5
|
||||
9 https://github.com/GrapheneOS/platform_frameworks_native/commit/3e92487c4b0b4ff7b114640f7dcede2fe61bc6df
|
||||
9 https://github.com/GrapheneOS/platform_frameworks_base/commit/899441075ddbfc945cff97e433c9e1c9d6bde7af
|
||||
|
||||
[implemented] network permission
|
||||
12 https://github.com/GrapheneOS/platform_frameworks_base/commit/947744f753638c82775186a3876f2b2ffd7c0244
|
||||
@ -114,6 +132,22 @@ nojit
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Connectivity/commit/dbf6ae4cd96450a21be0a4dd85fb5addeba67462
|
||||
12 https://github.com/GrapheneOS/platform_packages_modules_Connectivity/commit/34cded990ebd8da8c47cab88f0b1ef523a05d122
|
||||
12 https://github.com/GrapheneOS/platform_libcore/commit/7110daa77503720bbd2f233df53be90b742ce85a
|
||||
11 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/d4b073b2c17f382a4bc922c3f12dc3673e3d8472
|
||||
11 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/7396a2da80a06f1405b34370a9e2883dca57ba79
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/2071543704d726333d77f934f73596c53d8f0595
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/811d25733eb627d0b1a97e9fe86009763ed58a20
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/826a021126b2d2592452205e8c37e5b26543809f
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/ae1a600f3bb804df86a3652e3fae977107addaf3
|
||||
11 https://github.com/GrapheneOS/platform_frameworks_base/commit/1f69f6d5c07d1d883328f91e40e8011ba386fdf8
|
||||
10 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/6c4f112dde47f21ce5a583f5bd8b217db6de5c02
|
||||
10 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/a07271ed7e45239369f2ca33496d939d2e9cbd08
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/246e5450929137c7c773c30fdc75268d30a1eea5
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/b5c9f9407d5f5407686ea8c02fa67573ddc07824
|
||||
10 https://github.com/GrapheneOS/platform_frameworks_base/commit/f412994d2c974b08941646acb61f0aee6cdfed05
|
||||
9 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/880011e7af233249e1b70177daa3cd786574bc85
|
||||
9 https://github.com/GrapheneOS/platform_packages_modules_Permission/commit/c3c6a3206c1753cac7a8db72e2f05ddcf4c66d99
|
||||
9 https://github.com/GrapheneOS/platform_frameworks_base/commit/2dd00723364fcf10e6c9e6c2e022e31524fda92d
|
||||
9 https://github.com/GrapheneOS/platform_frameworks_base/commit/6ef61fd6f745b9709269d3612a3a4eea2250ebec
|
||||
|
||||
[implemented] protected fifo/regular
|
||||
12 https://github.com/GrapheneOS/platform_system_core/commit/ddf48612c160b13552588af4d64bc7bb55571618
|
||||
|
@ -1,206 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Fri, 15 Mar 2019 22:05:36 +0100
|
||||
Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [base]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
Change-Id: Id12b91720f1e02ea5ca606ecefb30121d19b92bb
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 35 ++++++++++++++++++++++--
|
||||
core/res/res/values-de/cm_strings.xml | 2 ++
|
||||
core/res/res/values-fr/cm_strings.xml | 2 ++
|
||||
core/res/res/values/cm_strings.xml | 2 ++
|
||||
core/res/res/values/lineage_arrays.xml | 4 +++
|
||||
5 files changed, 43 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index 5b763e50c38f..fef17859af8c 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -371,8 +371,12 @@ public class AppOpsManager {
|
||||
public static final int OP_DATA_CONNECT_CHANGE = 81;
|
||||
/** @hide SU access */
|
||||
public static final int OP_SU = 82;
|
||||
+ /** @hide Motion Sensors */
|
||||
+ public static final int OP_MOTION_SENSORS = 83;
|
||||
+ /** @hide Other Sensors */
|
||||
+ public static final int OP_OTHER_SENSORS = 84;
|
||||
/** @hide */
|
||||
- public static final int _NUM_OP = 83;
|
||||
+ public static final int _NUM_OP = 85;
|
||||
|
||||
/** Access to coarse location information. */
|
||||
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
|
||||
@@ -628,6 +632,11 @@ public class AppOpsManager {
|
||||
/** @hide */
|
||||
public static final String OPSTR_SU = "android:su";
|
||||
|
||||
+ public static final String OPSTR_MOTION_SENSORS =
|
||||
+ "android:motion_sensors";
|
||||
+ public static final String OPSTR_OTHER_SENSORS =
|
||||
+ "android:other_sensors";
|
||||
+
|
||||
// Warning: If an permission is added here it also has to be added to
|
||||
// com.android.packageinstaller.permission.utils.EventLogger
|
||||
private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = {
|
||||
@@ -676,7 +685,9 @@ public class AppOpsManager {
|
||||
OP_WRITE_SETTINGS,
|
||||
OP_REQUEST_INSTALL_PACKAGES,
|
||||
OP_START_FOREGROUND,
|
||||
- OP_SU
|
||||
+ OP_SU,
|
||||
+ OP_MOTION_SENSORS,
|
||||
+ OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -771,6 +782,8 @@ public class AppOpsManager {
|
||||
OP_NFC_CHANGE, // NFC_CHANGE
|
||||
OP_DATA_CONNECT_CHANGE, // DATA_CONNECT_CHANGE
|
||||
OP_SU, // SU
|
||||
+ OP_MOTION_SENSORS, // MOTION_SENSORS
|
||||
+ OP_OTHER_SENSORS // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -860,6 +873,8 @@ public class AppOpsManager {
|
||||
OPSTR_NFC_CHANGE,
|
||||
OPSTR_DATA_CONNECT_CHANGE,
|
||||
OPSTR_SU,
|
||||
+ OPSTR_MOTION_SENSORS,
|
||||
+ OPSTR_OTHER_SENSORS,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -950,6 +965,8 @@ public class AppOpsManager {
|
||||
"NFC_CHANGE",
|
||||
"DATA_CONNECT_CHANGE",
|
||||
"SU",
|
||||
+ "MOTION_SENSORS",
|
||||
+ "OTHER_SENSORS",
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1040,6 +1057,8 @@ public class AppOpsManager {
|
||||
Manifest.permission.NFC,
|
||||
null,
|
||||
null, // no permission for OP_SU
|
||||
+ null, // no permission for OP_MOTION_SENSORS
|
||||
+ null, // no permission for OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1131,6 +1150,8 @@ public class AppOpsManager {
|
||||
null, // NFC_CHANGE
|
||||
null, // DATA_CONNECT_CHANGE
|
||||
UserManager.DISALLOW_SU, // SU TODO: this should really be investigated.
|
||||
+ null, //MOTION_SENSORS
|
||||
+ null, //OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1221,6 +1242,8 @@ public class AppOpsManager {
|
||||
true, // NFC_CHANGE
|
||||
true, // DATA_CONNECT_CHANGE
|
||||
false, // SU
|
||||
+ false, //MOTION_SENSORS
|
||||
+ false, //OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1310,6 +1333,8 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ALLOWED, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ALLOWED, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1400,6 +1425,8 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ASK, // OP_NFC_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_DATA_CONNECT_CHANGE
|
||||
AppOpsManager.MODE_ASK, // OP_SU
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_MOTION_SENSORS
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1489,6 +1516,8 @@ public class AppOpsManager {
|
||||
true, // NFC_CHANGE
|
||||
true, // DATA_CONNECT_CHANGE
|
||||
true, // SU
|
||||
+ true, // OP_MOTION_SENSORS
|
||||
+ false, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1582,6 +1611,8 @@ public class AppOpsManager {
|
||||
false, // OP_NFC_CHANGE
|
||||
false, // OP_DATA_CONNECT_CHANGE
|
||||
false, // OP_SU
|
||||
+ false, // OP_MOTION_SENSORS
|
||||
+ false, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
diff --git a/core/res/res/values-de/cm_strings.xml b/core/res/res/values-de/cm_strings.xml
|
||||
index 8248b4d50731..e0f1b79882f7 100644
|
||||
--- a/core/res/res/values-de/cm_strings.xml
|
||||
+++ b/core/res/res/values-de/cm_strings.xml
|
||||
@@ -51,7 +51,9 @@
|
||||
<string name="app_ops_modify_clipboard">die Zwischenablage zu ändern</string>
|
||||
<string name="app_ops_modify_contacts">Kontakte zu ändern</string>
|
||||
<string name="app_ops_modify_settings">Einstellungen zu ändern</string>
|
||||
+ <string name="app_ops_motion_sensors">Bewegungssensoren zu nutzen</string>
|
||||
<string name="app_ops_mute_unmute_microphone">das Mikrofon zu aktivieren/deaktivieren</string>
|
||||
+ <string name="app_ops_other_sensors">sonstige Sensoren zu nutzen</string>
|
||||
<string name="app_ops_phone_calls">Anrufe zu beantworten</string>
|
||||
<string name="app_ops_picture_in_picture">Bild im Bild zu verwenden</string>
|
||||
<string name="app_ops_play_audio">Audio wiederzugeben</string>
|
||||
diff --git a/core/res/res/values-fr/cm_strings.xml b/core/res/res/values-fr/cm_strings.xml
|
||||
index 38cfd54ec910..027f79c607c2 100644
|
||||
--- a/core/res/res/values-fr/cm_strings.xml
|
||||
+++ b/core/res/res/values-fr/cm_strings.xml
|
||||
@@ -51,7 +51,9 @@
|
||||
<string name="app_ops_modify_clipboard">modifier le presse-papiers</string>
|
||||
<string name="app_ops_modify_contacts">mettre à jour vos contacts</string>
|
||||
<string name="app_ops_modify_settings">mettre à jour les paramètres du système</string>
|
||||
+ <string name="app_ops_motion_sensors">utiliser les capteurs de mouvement</string>
|
||||
<string name="app_ops_mute_unmute_microphone">activer/désactiver le microphone</string>
|
||||
+ <string name="app_ops_other_sensors">utiliser d\'autres capteurs</string>
|
||||
<string name="app_ops_phone_calls">répondre aux appels téléphoniques</string>
|
||||
<string name="app_ops_picture_in_picture">utiliser le mode Picture-in-Picture</string>
|
||||
<string name="app_ops_play_audio">lecture audio</string>
|
||||
diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml
|
||||
index 301131e2663d..5939cae77b8e 100644
|
||||
--- a/core/res/res/values/cm_strings.xml
|
||||
+++ b/core/res/res/values/cm_strings.xml
|
||||
@@ -57,7 +57,9 @@
|
||||
<string name="app_ops_modify_clipboard">modify the clipboard</string>
|
||||
<string name="app_ops_modify_contacts">update your contacts</string>
|
||||
<string name="app_ops_modify_settings">update system settings</string>
|
||||
+ <string name="app_ops_motion_sensors">use the motion sensors</string>
|
||||
<string name="app_ops_mute_unmute_microphone">mute/unmute the microphone</string>
|
||||
+ <string name="app_ops_other_sensors">use other sensors</string>
|
||||
<string name="app_ops_phone_calls">answer phone calls</string>
|
||||
<string name="app_ops_picture_in_picture">use picture in picture</string>
|
||||
<string name="app_ops_play_audio">play audio</string>
|
||||
diff --git a/core/res/res/values/lineage_arrays.xml b/core/res/res/values/lineage_arrays.xml
|
||||
index 58567d1c8bd1..11a7d99b8d48 100644
|
||||
--- a/core/res/res/values/lineage_arrays.xml
|
||||
+++ b/core/res/res/values/lineage_arrays.xml
|
||||
@@ -184,6 +184,10 @@
|
||||
<item>@string/app_ops_toggle_mobile_data</item>
|
||||
<!-- OP_SU -->
|
||||
<item>@string/app_ops_su</item>
|
||||
+ <!-- OP_MOTION_SENSORS -->
|
||||
+ <item>@string/app_ops_motion_sensors</item>
|
||||
+ <!-- OP_OTHER_SENSORS -->
|
||||
+ <item>@string/app_ops_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
</resources>
|
@ -1,116 +1,36 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 08:42:55 -0400
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
|
||||
These are treated as a runtime permission even for legacy apps. They
|
||||
need to be granted by default for all apps to maintain compatibility.
|
||||
---
|
||||
.../server/pm/PackageManagerService.java | 3 +-
|
||||
.../permission/PermissionManagerService.java | 30 ++++++++++++++-----
|
||||
2 files changed, 25 insertions(+), 8 deletions(-)
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index dc44fe17722d..e9fd656478dc 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -19704,7 +19704,8 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index af1a6fa9e3c5..873162098247 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1361,7 +1361,7 @@
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
- android:protectionLevel="normal|instant" />
|
||||
+ android:protectionLevel="dangerous|instant" />
|
||||
|
||||
// If this permission was granted by default, make sure it is.
|
||||
- if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
|
||||
+ if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|
||||
+ || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
|
||||
if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
!= PERMISSION_OPERATION_FAILURE) {
|
||||
writeRuntimePermissions = true;
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 79b2636481b3..9f1fe8a6414a 100644
|
||||
index 9f1fe8a6414a..f16f671a51dd 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -730,6 +730,10 @@ public class PermissionManagerService {
|
||||
}
|
||||
@@ -731,7 +731,7 @@ public class PermissionManagerService {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return false;
|
||||
+ return Manifest.permission.INTERNET.equals(permission);
|
||||
}
|
||||
|
||||
+ public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
String packageOfInterest, PermissionCallback callback) {
|
||||
// IMPORTANT: There are two types of permissions: install and runtime.
|
||||
@@ -838,7 +842,8 @@ public class PermissionManagerService {
|
||||
// their permissions as always granted runtime ones since we need
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
- if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired) {
|
||||
+ if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired &&
|
||||
+ !isSpecialRuntimePermission(bp.getName())) {
|
||||
// For legacy apps dangerous permissions are install time ones.
|
||||
grant = GRANT_INSTALL;
|
||||
} else if (origPermissions.hasInstallPermission(bp.getName())) {
|
||||
@@ -948,7 +953,8 @@ public class PermissionManagerService {
|
||||
updatedUserIds, userId);
|
||||
}
|
||||
} else if (mSettings.mPermissionReviewRequired
|
||||
- && !appSupportsRuntimePermissions) {
|
||||
+ && !appSupportsRuntimePermissions
|
||||
+ && !isSpecialRuntimePermission(bp.getName())) {
|
||||
// For legacy apps that need a permission review, every new
|
||||
// runtime permission is granted but it is pending a review.
|
||||
// We also need to review only platform defined runtime
|
||||
@@ -969,7 +975,15 @@ public class PermissionManagerService {
|
||||
updatedUserIds = ArrayUtils.appendInt(
|
||||
updatedUserIds, userId);
|
||||
}
|
||||
- }
|
||||
+ } else if (isSpecialRuntimePermission(bp.name) &&
|
||||
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
|
||||
+ if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
+ != PermissionsState.PERMISSION_OPERATION_FAILURE) {
|
||||
+ // We changed the permission, hence have to write.
|
||||
+ updatedUserIds = ArrayUtils.appendInt(
|
||||
+ updatedUserIds, userId);
|
||||
+ }
|
||||
+ }
|
||||
// Propagate the permission flags.
|
||||
permissionsState.updatePermissionFlags(bp, userId, flags, flags);
|
||||
}
|
||||
@@ -1421,7 +1435,7 @@ public class PermissionManagerService {
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
- if (supportsRuntimePermissions) {
|
||||
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
||||
@@ -1480,7 +1494,7 @@ public class PermissionManagerService {
|
||||
// install permission's state is shared across all users.
|
||||
if (mSettings.mPermissionReviewRequired
|
||||
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1516,7 +1530,8 @@ public class PermissionManagerService {
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
- if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
|
||||
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -1601,7 +1616,8 @@ public class PermissionManagerService {
|
||||
// install permission's state is shared across all users.
|
||||
if (mSettings.mPermissionReviewRequired
|
||||
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime()
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -1,36 +1,51 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
core/res/AndroidManifest.xml | 10 ++++++++++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
2 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index af1a6fa9e3c5..873162098247 100644
|
||||
index 873162098247..8efe5474dfea 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1361,7 +1361,7 @@
|
||||
@@ -1355,10 +1355,20 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
|
||||
+ <!-- Network access
|
||||
+ @hide
|
||||
+ -->
|
||||
+ <permission-group android:name="android.permission-group.NETWORK"
|
||||
+ android:icon="@drawable/perm_group_network"
|
||||
+ android:label="@string/permgrouplab_network"
|
||||
+ android:description="@string/permgroupdesc_network"
|
||||
+ android:priority="900" />
|
||||
+
|
||||
<!-- Allows applications to open network sockets.
|
||||
<p>Protection level: normal
|
||||
-->
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
+ android:permissionGroup="android.permission-group.NETWORK"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
- android:protectionLevel="normal|instant" />
|
||||
+ android:protectionLevel="dangerous|instant" />
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 29af7d71914f..fd30d719b996 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -747,6 +747,11 @@
|
||||
<string name="permgrouprequest_sensors">Allow
|
||||
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access sensor data about your vital signs?</string>
|
||||
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 9f1fe8a6414a..f16f671a51dd 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -731,7 +731,7 @@ public class PermissionManagerService {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return false;
|
||||
+ return Manifest.permission.INTERNET.equals(permission);
|
||||
}
|
||||
|
||||
private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_network">Network</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_network">network access</string>
|
||||
+
|
||||
<!-- Title for the capability of an accessibility service to retrieve window content. -->
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
||||
|
@ -1,51 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
|
||||
---
|
||||
core/res/AndroidManifest.xml | 10 ++++++++++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
2 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 873162098247..8efe5474dfea 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1355,10 +1355,20 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
|
||||
+ <!-- Network access
|
||||
+ @hide
|
||||
+ -->
|
||||
+ <permission-group android:name="android.permission-group.NETWORK"
|
||||
+ android:icon="@drawable/perm_group_network"
|
||||
+ android:label="@string/permgrouplab_network"
|
||||
+ android:description="@string/permgroupdesc_network"
|
||||
+ android:priority="900" />
|
||||
+
|
||||
<!-- Allows applications to open network sockets.
|
||||
<p>Protection level: normal
|
||||
-->
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
+ android:permissionGroup="android.permission-group.NETWORK"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 29af7d71914f..fd30d719b996 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -747,6 +747,11 @@
|
||||
<string name="permgrouprequest_sensors">Allow
|
||||
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access sensor data about your vital signs?</string>
|
||||
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_network">Network</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_network">network access</string>
|
||||
+
|
||||
<!-- Title for the capability of an accessibility service to retrieve window content. -->
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
@ -0,0 +1,95 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:54:42 -0400
|
||||
Subject: [PATCH] add special runtime permission for other sensors
|
||||
|
||||
This covers sensors not included in the existing runtime permission for
|
||||
body sensors.
|
||||
---
|
||||
core/java/android/content/pm/PackageParser.java | 2 ++
|
||||
core/res/AndroidManifest.xml | 14 ++++++++++++++
|
||||
core/res/res/values/strings.xml | 12 ++++++++++++
|
||||
.../pm/permission/PermissionManagerService.java | 2 +-
|
||||
4 files changed, 29 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index e0c2d2dc6dde..b89c46132b26 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -280,6 +280,8 @@ public class PackageParser {
|
||||
*/
|
||||
public static final PackageParser.NewPermissionInfo NEW_PERMISSIONS[] =
|
||||
new PackageParser.NewPermissionInfo[] {
|
||||
+ new PackageParser.NewPermissionInfo(android.Manifest.permission.OTHER_SENSORS,
|
||||
+ android.os.Build.VERSION_CODES.CUR_DEVELOPMENT + 1, 0),
|
||||
new PackageParser.NewPermissionInfo(android.Manifest.permission.WRITE_EXTERNAL_STORAGE,
|
||||
android.os.Build.VERSION_CODES.DONUT, 0),
|
||||
new PackageParser.NewPermissionInfo(android.Manifest.permission.READ_PHONE_STATE,
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 8efe5474dfea..69ddf1d37a7f 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1148,6 +1148,20 @@
|
||||
android:description="@string/permdesc_useBiometric"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <!-- @hide -->
|
||||
+ <permission-group android:name="android.permission-group.OTHER_SENSORS"
|
||||
+ android:icon="@drawable/perm_group_location"
|
||||
+ android:label="@string/permgrouplab_otherSensors"
|
||||
+ android:description="@string/permgroupdesc_otherSensors"
|
||||
+ android:priority="1000" />
|
||||
+
|
||||
+ <!-- @hide -->
|
||||
+ <permission android:name="android.permission.OTHER_SENSORS"
|
||||
+ android:permissionGroup="android.permission-group.OTHER_SENSORS"
|
||||
+ android:label="@string/permlab_otherSensors"
|
||||
+ android:description="@string/permdesc_otherSensors"
|
||||
+ android:protectionLevel="dangerous" />
|
||||
+
|
||||
<!-- ====================================================================== -->
|
||||
<!-- REMOVED PERMISSIONS -->
|
||||
<!-- ====================================================================== -->
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index fd30d719b996..1a64ae235456 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -747,6 +747,11 @@
|
||||
<string name="permgrouprequest_sensors">Allow
|
||||
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access sensor data about your vital signs?</string>
|
||||
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_otherSensors">Sensors</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_otherSensors">access sensor data about orientation, movement, etc.</string>
|
||||
+
|
||||
<!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permgrouplab_network">Network</string>
|
||||
<!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
@@ -1061,6 +1066,13 @@
|
||||
<string name="permdesc_bodySensors" product="default">Allows the app to access data from sensors
|
||||
that monitor your physical condition, such as your heart rate.</string>
|
||||
|
||||
+ <!-- Title of the sensors permission, listed so the user can decide whether to allow the application to access sensor data. [CHAR LIMIT=80] -->
|
||||
+ <string name="permlab_otherSensors">access sensors (like the compass)
|
||||
+ </string>
|
||||
+ <!-- Description of the sensors permission, listed so the user can decide whether to allow the application to access data from sensors. [CHAR LIMIT=NONE] -->
|
||||
+ <string name="permdesc_otherSensors" product="default">Allows the app to access data from sensors
|
||||
+ monitoring orientation, movement, vibration (including low frequency sound) and environmental data</string>
|
||||
+
|
||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permlab_readCalendar">Read calendar events and details</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index f16f671a51dd..4a60c12e9823 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -731,7 +731,7 @@ public class PermissionManagerService {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return Manifest.permission.INTERNET.equals(permission);
|
||||
+ return Manifest.permission.INTERNET.equals(permission) || Manifest.permission.OTHER_SENSORS.equals(permission);
|
||||
}
|
||||
|
||||
private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
@ -0,0 +1,116 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 08:42:55 -0400
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
|
||||
These are treated as a runtime permission even for legacy apps. They
|
||||
need to be granted by default for all apps to maintain compatibility.
|
||||
---
|
||||
.../server/pm/PackageManagerService.java | 3 +-
|
||||
.../permission/PermissionManagerService.java | 30 ++++++++++++++-----
|
||||
2 files changed, 25 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index dc44fe17722d..e9fd656478dc 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -19704,7 +19704,8 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
|
||||
// If this permission was granted by default, make sure it is.
|
||||
- if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
|
||||
+ if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|
||||
+ || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
|
||||
if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
!= PERMISSION_OPERATION_FAILURE) {
|
||||
writeRuntimePermissions = true;
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 79b2636481b3..9f1fe8a6414a 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -730,6 +730,10 @@ public class PermissionManagerService {
|
||||
}
|
||||
}
|
||||
|
||||
+ public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
private void grantPermissions(PackageParser.Package pkg, boolean replace,
|
||||
String packageOfInterest, PermissionCallback callback) {
|
||||
// IMPORTANT: There are two types of permissions: install and runtime.
|
||||
@@ -838,7 +842,8 @@ public class PermissionManagerService {
|
||||
// their permissions as always granted runtime ones since we need
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
- if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired) {
|
||||
+ if (!appSupportsRuntimePermissions && !mSettings.mPermissionReviewRequired &&
|
||||
+ !isSpecialRuntimePermission(bp.getName())) {
|
||||
// For legacy apps dangerous permissions are install time ones.
|
||||
grant = GRANT_INSTALL;
|
||||
} else if (origPermissions.hasInstallPermission(bp.getName())) {
|
||||
@@ -948,7 +953,8 @@ public class PermissionManagerService {
|
||||
updatedUserIds, userId);
|
||||
}
|
||||
} else if (mSettings.mPermissionReviewRequired
|
||||
- && !appSupportsRuntimePermissions) {
|
||||
+ && !appSupportsRuntimePermissions
|
||||
+ && !isSpecialRuntimePermission(bp.getName())) {
|
||||
// For legacy apps that need a permission review, every new
|
||||
// runtime permission is granted but it is pending a review.
|
||||
// We also need to review only platform defined runtime
|
||||
@@ -969,7 +975,15 @@ public class PermissionManagerService {
|
||||
updatedUserIds = ArrayUtils.appendInt(
|
||||
updatedUserIds, userId);
|
||||
}
|
||||
- }
|
||||
+ } else if (isSpecialRuntimePermission(bp.name) &&
|
||||
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
|
||||
+ if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
+ != PermissionsState.PERMISSION_OPERATION_FAILURE) {
|
||||
+ // We changed the permission, hence have to write.
|
||||
+ updatedUserIds = ArrayUtils.appendInt(
|
||||
+ updatedUserIds, userId);
|
||||
+ }
|
||||
+ }
|
||||
// Propagate the permission flags.
|
||||
permissionsState.updatePermissionFlags(bp, userId, flags, flags);
|
||||
}
|
||||
@@ -1421,7 +1435,7 @@ public class PermissionManagerService {
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
- if (supportsRuntimePermissions) {
|
||||
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
||||
@@ -1480,7 +1494,7 @@ public class PermissionManagerService {
|
||||
// install permission's state is shared across all users.
|
||||
if (mSettings.mPermissionReviewRequired
|
||||
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1516,7 +1530,8 @@ public class PermissionManagerService {
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
- if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
|
||||
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -1601,7 +1616,8 @@ public class PermissionManagerService {
|
||||
// install permission's state is shared across all users.
|
||||
if (mSettings.mPermissionReviewRequired
|
||||
&& pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime()
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
return;
|
||||
}
|
||||
|
@ -1,156 +1,21 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Fri, 15 Mar 2019 22:14:54 +0100
|
||||
Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [native]
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 16:28:57 -0400
|
||||
Subject: [PATCH] require OTHER_SENSORS permission for sensors
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
This change updated the AppOPs binder for the newly defined Ops,
|
||||
implements the logic for the sensors and adapts the logic for
|
||||
checking the Ops, if an Op is not linked to a permission.
|
||||
|
||||
Change-Id: Ic56e7bd48acda8790d6ab917a07cd7b747d4de87
|
||||
---
|
||||
libs/binder/include/binder/AppOpsManager.h | 4 +++-
|
||||
libs/sensor/Sensor.cpp | 10 +++++++++
|
||||
services/sensorservice/SensorService.cpp | 25 ++++++++++++----------
|
||||
3 files changed, 27 insertions(+), 12 deletions(-)
|
||||
libs/sensor/Sensor.cpp | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
|
||||
index fb682ecde7..83887787c9 100644
|
||||
--- a/libs/binder/include/binder/AppOpsManager.h
|
||||
+++ b/libs/binder/include/binder/AppOpsManager.h
|
||||
@@ -119,7 +119,9 @@ public:
|
||||
OP_BOOT_COMPLETED = 79,
|
||||
OP_NFC_CHANGE = 80,
|
||||
OP_DATA_CONNECT_CHANGE = 81,
|
||||
- OP_SU = 82
|
||||
+ OP_SU = 82,
|
||||
+ OP_MOTION_SENSORS = 83,
|
||||
+ OP_OTHER_SENSORS = 84
|
||||
};
|
||||
|
||||
AppOpsManager();
|
||||
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
|
||||
index 2383516c95..835794b1bd 100644
|
||||
index 2383516c95..054596b83a 100644
|
||||
--- a/libs/sensor/Sensor.cpp
|
||||
+++ b/libs/sensor/Sensor.cpp
|
||||
@@ -52,6 +52,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
mMinDelay = hwSensor.minDelay;
|
||||
mFlags = 0;
|
||||
mUuid = uuid;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set
|
||||
+ mRequiredPermission = "android.permission.OTHER_SENSORS";
|
||||
|
||||
// Set fifo event count zero for older devices which do not support batching. Fused
|
||||
// sensors also have their fifo counts set to zero.
|
||||
@@ -86,6 +87,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
switch (mType) {
|
||||
case SENSOR_TYPE_ACCELEROMETER:
|
||||
mStringType = SENSOR_STRING_TYPE_ACCELEROMETER;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_AMBIENT_TEMPERATURE:
|
||||
@@ -106,10 +108,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_GYROSCOPE:
|
||||
mStringType = SENSOR_STRING_TYPE_GYROSCOPE;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_GYROSCOPE_UNCALIBRATED:
|
||||
mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_HEART_RATE: {
|
||||
@@ -125,6 +129,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_LINEAR_ACCELERATION:
|
||||
mStringType = SENSOR_STRING_TYPE_LINEAR_ACCELERATION;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_MAGNETIC_FIELD:
|
||||
@@ -160,6 +165,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_SIGNIFICANT_MOTION:
|
||||
mStringType = SENSOR_STRING_TYPE_SIGNIFICANT_MOTION;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
|
||||
if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
|
||||
mFlags |= SENSOR_FLAG_WAKE_UP;
|
||||
@@ -167,10 +173,12 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_STEP_COUNTER:
|
||||
mStringType = SENSOR_STRING_TYPE_STEP_COUNTER;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_STEP_DETECTOR:
|
||||
mStringType = SENSOR_STRING_TYPE_STEP_DETECTOR;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_SPECIAL_REPORTING_MODE;
|
||||
break;
|
||||
case SENSOR_TYPE_TEMPERATURE:
|
||||
@@ -236,6 +244,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
break;
|
||||
case SENSOR_TYPE_MOTION_DETECT:
|
||||
mStringType = SENSOR_STRING_TYPE_MOTION_DETECT;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_ONE_SHOT_MODE;
|
||||
if (halVersion < SENSORS_DEVICE_API_VERSION_1_3) {
|
||||
mFlags |= SENSOR_FLAG_WAKE_UP;
|
||||
@@ -251,6 +260,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
|
||||
case SENSOR_TYPE_ACCELEROMETER_UNCALIBRATED:
|
||||
mStringType = SENSOR_STRING_TYPE_ACCELEROMETER_UNCALIBRATED;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_MOTION_SENSORS;
|
||||
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
|
||||
break;
|
||||
default:
|
||||
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
|
||||
index 1c3e943543..142c5a274e 100644
|
||||
--- a/services/sensorservice/SensorService.cpp
|
||||
+++ b/services/sensorservice/SensorService.cpp
|
||||
@@ -1545,6 +1545,20 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
|
||||
|
||||
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
const String16& opPackageName) {
|
||||
+
|
||||
+ // Due to the new SENSOR AppOps, which do not correspond to any permission,
|
||||
+ // we need to check for the AppOp BEFORE checking any permission
|
||||
+ const int32_t opCode = sensor.getRequiredAppOp();
|
||||
+ if (opCode >= 0) {
|
||||
+ AppOpsManager appOps;
|
||||
+ if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
|
||||
+ != AppOpsManager::MODE_ALLOWED) {
|
||||
+ ALOGE("%s a sensor (%s) without enabled required app op: %d",
|
||||
+ operation, sensor.getName().string(), opCode);
|
||||
+ return false;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
const String8& requiredPermission = sensor.getRequiredPermission();
|
||||
|
||||
if (requiredPermission.length() <= 0) {
|
||||
@@ -1567,17 +1581,6 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
return false;
|
||||
}
|
||||
|
||||
- const int32_t opCode = sensor.getRequiredAppOp();
|
||||
- if (opCode >= 0) {
|
||||
- AppOpsManager appOps;
|
||||
- if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
|
||||
- != AppOpsManager::MODE_ALLOWED) {
|
||||
- ALOGE("%s a sensor (%s) without enabled required app op: %d",
|
||||
- operation, sensor.getName().string(), opCode);
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -0,0 +1,23 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:56:35 -0400
|
||||
Subject: [PATCH] add OTHER_SENSORS permission group
|
||||
|
||||
---
|
||||
src/com/android/packageinstaller/permission/utils/Utils.java | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/com/android/packageinstaller/permission/utils/Utils.java b/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
index 423b319ee..d22a399bc 100644
|
||||
--- a/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
+++ b/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
@@ -52,7 +52,8 @@ public final class Utils {
|
||||
Manifest.permission_group.PHONE,
|
||||
Manifest.permission_group.MICROPHONE,
|
||||
Manifest.permission_group.STORAGE,
|
||||
- Manifest.permission_group.NETWORK
|
||||
+ Manifest.permission_group.NETWORK,
|
||||
+ Manifest.permission_group.OTHER_SENSORS
|
||||
};
|
||||
|
||||
private static final Intent LAUNCHER_INTENT = new Intent(Intent.ACTION_MAIN, null)
|
@ -0,0 +1,40 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:55:58 -0400
|
||||
Subject: [PATCH] always treat OTHER_SENSORS as a runtime permission
|
||||
|
||||
---
|
||||
.../permission/model/AppPermissionGroup.java | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
index e6087de4c..617309963 100644
|
||||
--- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
+++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
@@ -339,7 +339,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
&& !ArrayUtils.contains(filterPermissions, permission.getName())) {
|
||||
continue;
|
||||
}
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
if (permission.isGranted()) {
|
||||
return true;
|
||||
}
|
||||
@@ -372,7 +372,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
continue;
|
||||
}
|
||||
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
// Do not touch permissions fixed by the system.
|
||||
if (permission.isSystemFixed()) {
|
||||
return false;
|
||||
@@ -474,7 +474,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
continue;
|
||||
}
|
||||
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
// Do not touch permissions fixed by the system.
|
||||
if (permission.isSystemFixed()) {
|
||||
return false;
|
@ -1,200 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Fri, 15 Mar 2019 22:29:43 +0100
|
||||
Subject: [PATCH] AppOps/PrivacyGuard: New Sensor checks [Settings]
|
||||
|
||||
Add two AppOps for sensor access:
|
||||
- OP_MOTION_SENSORS (default: allow, strict)
|
||||
- OP_OTHER_SENSORS (default: allow)
|
||||
|
||||
Add new Sensor template, relocate BODY_SENSORS into it
|
||||
|
||||
Change-Id: I9b51c47e27a330823ecb4472b9a7818718ef4209
|
||||
---
|
||||
res/values-de/cm_strings.xml | 5 +++++
|
||||
res/values-fr/cm_strings.xml | 5 +++++
|
||||
res/values/cm_strings.xml | 5 +++++
|
||||
res/values/lineage_arrays.xml | 9 +++++++++
|
||||
.../settings/applications/appops/AppOpsState.java | 13 ++++++++++---
|
||||
5 files changed, 34 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/res/values-de/cm_strings.xml b/res/values-de/cm_strings.xml
|
||||
index dee07db2b4..02cafb1b05 100644
|
||||
--- a/res/values-de/cm_strings.xml
|
||||
+++ b/res/values-de/cm_strings.xml
|
||||
@@ -39,6 +39,7 @@
|
||||
<string name="app_ops_categories_device">Gerät</string>
|
||||
<string name="app_ops_categories_run_in_background">Im Hintergrund ausführen</string>
|
||||
<string name="app_ops_categories_bootup">Systemstart</string>
|
||||
+ <string name="app_ops_categories_sensors">Sensoren</string>
|
||||
<string name="app_ops_categories_su">Root-Zugriff</string>
|
||||
<string name="app_ops_categories_other">Andere</string>
|
||||
<string name="app_ops_summaries_accept_handover">Anrufeübergabe aus einer anderen App anzunehmen</string>
|
||||
@@ -76,8 +77,10 @@
|
||||
<string name="app_ops_summaries_modify_settings">Einstellungen ändern</string>
|
||||
<string name="app_ops_summaries_monitor_high_power_location">Standort mit hohem Stromverbrauch beobachten</string>
|
||||
<string name="app_ops_summaries_monitor_location">Standort beobachten</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">Nutzung Bewegungssensoren</string>
|
||||
<string name="app_ops_summaries_mute_unmute_microphone">Mikrofon ein-/ausschalten</string>
|
||||
<string name="app_ops_summaries_neighboring_cells">Benachbarte Netze</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">Sonstige Sensoren</string>
|
||||
<string name="app_ops_summaries_phone_calls">Anrufe beantworten</string>
|
||||
<string name="app_ops_summaries_picture_in_picture">Bild im Bild verwenden</string>
|
||||
<string name="app_ops_summaries_play_audio">Audio wiedergeben</string>
|
||||
@@ -162,8 +165,10 @@
|
||||
<string name="app_ops_labels_modify_settings">Einstellungen ändern</string>
|
||||
<string name="app_ops_labels_monitor_high_power_location">Standort mit hohem Stromverbrauch beobachten</string>
|
||||
<string name="app_ops_labels_monitor_location">Standort beobachten</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Bewegungssensoren</string>
|
||||
<string name="app_ops_labels_mute_unmute_microphone">Mikrofon ein-/ausschalten</string>
|
||||
<string name="app_ops_labels_neighboring_cells">Benachbarte Zellen</string>
|
||||
+ <string name="app_ops_labels_other_sensors">sonstige Sensoren</string>
|
||||
<string name="app_ops_labels_phone_calls">Anrufe beantworten</string>
|
||||
<string name="app_ops_labels_picture_in_picture">Bild im Bild verwenden</string>
|
||||
<string name="app_ops_labels_play_audio">Audio wiedergeben</string>
|
||||
diff --git a/res/values-fr/cm_strings.xml b/res/values-fr/cm_strings.xml
|
||||
index 523d87d673..3133e8d4bf 100644
|
||||
--- a/res/values-fr/cm_strings.xml
|
||||
+++ b/res/values-fr/cm_strings.xml
|
||||
@@ -39,6 +39,7 @@
|
||||
<string name="app_ops_categories_device">Appareil</string>
|
||||
<string name="app_ops_categories_run_in_background">Exécuter en arrière plan</string>
|
||||
<string name="app_ops_categories_bootup">Démarrage</string>
|
||||
+ <string name="app_ops_categories_sensors">Capteurs</string>
|
||||
<string name="app_ops_categories_su">Accès root</string>
|
||||
<string name="app_ops_categories_other">Autre</string>
|
||||
<string name="app_ops_summaries_accept_handover">transférer un appel d\'une autre application</string>
|
||||
@@ -76,8 +77,10 @@
|
||||
<string name="app_ops_summaries_modify_settings">modifier les paramètres</string>
|
||||
<string name="app_ops_summaries_monitor_high_power_location">surveiller la position (à puissance élevée)</string>
|
||||
<string name="app_ops_summaries_monitor_location">surveiller la position</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">utiliser les capteurs de mouvement</string>
|
||||
<string name="app_ops_summaries_mute_unmute_microphone">activer/désactiver le microphone</string>
|
||||
<string name="app_ops_summaries_neighboring_cells">nœuds environnants</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">utiliser d\'autres capteurs</string>
|
||||
<string name="app_ops_summaries_phone_calls">répondre aux appels téléphoniques</string>
|
||||
<string name="app_ops_summaries_picture_in_picture">utiliser le mode Picture-in-Picture</string>
|
||||
<string name="app_ops_summaries_play_audio">lecture audio</string>
|
||||
@@ -162,8 +165,10 @@
|
||||
<string name="app_ops_labels_modify_settings">Modifier les paramètres</string>
|
||||
<string name="app_ops_labels_monitor_high_power_location">Surveiller la position (à puissance élevée)</string>
|
||||
<string name="app_ops_labels_monitor_location">Surveiller la position</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Capteur de mouvement</string>
|
||||
<string name="app_ops_labels_mute_unmute_microphone">Activer/désactiver le microphone</string>
|
||||
<string name="app_ops_labels_neighboring_cells">Noeuds environnants</string>
|
||||
+ <string name="app_ops_labels_other_sensors">autres Capteurs</string>
|
||||
<string name="app_ops_labels_phone_calls">Répondre aux appels téléphoniques</string>
|
||||
<string name="app_ops_labels_picture_in_picture">Utiliser le mode Picture-in-Picture</string>
|
||||
<string name="app_ops_labels_play_audio">Lecture audio</string>
|
||||
diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
|
||||
index c4a0aaa915..1150011970 100644
|
||||
--- a/res/values/cm_strings.xml
|
||||
+++ b/res/values/cm_strings.xml
|
||||
@@ -50,6 +50,7 @@
|
||||
<string name="app_ops_categories_device">Device</string>
|
||||
<string name="app_ops_categories_run_in_background">Run in background</string>
|
||||
<string name="app_ops_categories_bootup">Bootup</string>
|
||||
+ <string name="app_ops_categories_sensors">Sensors</string>
|
||||
<string name="app_ops_categories_su">Root access</string>
|
||||
<string name="app_ops_categories_other">Other</string>
|
||||
|
||||
@@ -89,7 +90,9 @@
|
||||
<string name="app_ops_summaries_modify_settings">modify settings</string>
|
||||
<string name="app_ops_summaries_monitor_high_power_location">monitor high power location</string>
|
||||
<string name="app_ops_summaries_monitor_location">monitor location</string>
|
||||
+ <string name="app_ops_summaries_motion_sensors">Motion Sensor usage</string>
|
||||
<string name="app_ops_summaries_mute_unmute_microphone">mute/unmute microphone</string>
|
||||
+ <string name="app_ops_summaries_other_sensors">Other Sensor usage</string>
|
||||
<string name="app_ops_summaries_neighboring_cells">neighboring cells</string>
|
||||
<string name="app_ops_summaries_phone_calls">answer phone calls</string>
|
||||
<string name="app_ops_summaries_picture_in_picture">use picture in picture</string>
|
||||
@@ -177,8 +180,10 @@
|
||||
<string name="app_ops_labels_modify_settings">Modify settings</string>
|
||||
<string name="app_ops_labels_monitor_high_power_location">Monitor high power location</string>
|
||||
<string name="app_ops_labels_monitor_location">Monitor location</string>
|
||||
+ <string name="app_ops_labels_motion_sensors">Motion Sensors</string>
|
||||
<string name="app_ops_labels_mute_unmute_microphone">Mute/unmute microphone</string>
|
||||
<string name="app_ops_labels_neighboring_cells">Neighboring cells</string>
|
||||
+ <string name="app_ops_labels_other_sensors">Other Sensors</string>
|
||||
<string name="app_ops_labels_phone_calls">Answer phone calls</string>
|
||||
<string name="app_ops_labels_picture_in_picture">Use picture in picture</string>
|
||||
<string name="app_ops_labels_play_audio">Play audio</string>
|
||||
diff --git a/res/values/lineage_arrays.xml b/res/values/lineage_arrays.xml
|
||||
index 0145438148..40fea7be2d 100644
|
||||
--- a/res/values/lineage_arrays.xml
|
||||
+++ b/res/values/lineage_arrays.xml
|
||||
@@ -51,6 +51,7 @@
|
||||
<item>@string/app_ops_categories_run_in_background</item>
|
||||
<item>@string/app_ops_categories_bootup</item>
|
||||
<item>@string/app_ops_categories_su</item>
|
||||
+ <item>@string/app_ops_categories_sensors</item>
|
||||
<item>@string/app_ops_categories_other</item>
|
||||
</string-array>
|
||||
|
||||
@@ -222,6 +223,10 @@
|
||||
<item>@string/app_ops_summaries_toggle_mobile_data</item>
|
||||
<!-- OP_SU -->
|
||||
<item>@string/app_ops_summaries_su</item>
|
||||
+ <!-- OP_MOTION_SENSORS -->
|
||||
+ <item>@string/app_ops_summaries_motion_sensors</item>
|
||||
+ <!-- OP_OTHER_SENSORS -->
|
||||
+ <item>@string/app_ops_summaries_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- User display names for app ops codes - extension of AOSP -->
|
||||
@@ -392,6 +397,10 @@
|
||||
<item>@string/app_ops_labels_toggle_mobile_data</item>
|
||||
<!-- OP_SU -->
|
||||
<item>@string/app_ops_labels_su</item>
|
||||
+ <!-- OP_MOTION_SENSORS -->
|
||||
+ <item>@string/app_ops_labels_motion_sensors</item>
|
||||
+ <!-- OP_OTHER_SENSORS -->
|
||||
+ <item>@string/app_ops_labels_other_sensors</item>
|
||||
</string-array>
|
||||
|
||||
<!-- App ops permissions -->
|
||||
diff --git a/src/com/android/settings/applications/appops/AppOpsState.java b/src/com/android/settings/applications/appops/AppOpsState.java
|
||||
index eeb1b2d302..8c8d2283ba 100644
|
||||
--- a/src/com/android/settings/applications/appops/AppOpsState.java
|
||||
+++ b/src/com/android/settings/applications/appops/AppOpsState.java
|
||||
@@ -236,6 +236,15 @@ public class AppOpsState {
|
||||
new boolean[] { true }
|
||||
);
|
||||
|
||||
+ public static final OpsTemplate SENSOR_TEMPLATE = new OpsTemplate(
|
||||
+ new int[] { AppOpsManager.OP_BODY_SENSORS,
|
||||
+ AppOpsManager.OP_MOTION_SENSORS,
|
||||
+ AppOpsManager.OP_OTHER_SENSORS },
|
||||
+ new boolean[] { true,
|
||||
+ false,
|
||||
+ false }
|
||||
+ );
|
||||
+
|
||||
public static final OpsTemplate SU_TEMPLATE = new OpsTemplate(
|
||||
new int[] { AppOpsManager.OP_SU },
|
||||
new boolean[] { false }
|
||||
@@ -252,7 +261,6 @@ public class AppOpsState {
|
||||
AppOpsManager.OP_USE_SIP,
|
||||
AppOpsManager.OP_PROCESS_OUTGOING_CALLS,
|
||||
AppOpsManager.OP_USE_FINGERPRINT,
|
||||
- AppOpsManager.OP_BODY_SENSORS,
|
||||
AppOpsManager.OP_READ_CELL_BROADCASTS,
|
||||
AppOpsManager.OP_MOCK_LOCATION,
|
||||
AppOpsManager.OP_READ_EXTERNAL_STORAGE,
|
||||
@@ -272,7 +280,6 @@ public class AppOpsState {
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
- true,
|
||||
true }
|
||||
);
|
||||
|
||||
@@ -286,7 +293,7 @@ public class AppOpsState {
|
||||
public static final OpsTemplate[] ALL_PERMS_TEMPLATES = new OpsTemplate[] {
|
||||
LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE,
|
||||
MEDIA_TEMPLATE, DEVICE_TEMPLATE, RUN_IN_BACKGROUND_TEMPLATE,
|
||||
- BOOTUP_TEMPLATE, SU_TEMPLATE, REMAINING_TEMPLATE
|
||||
+ BOOTUP_TEMPLATE, SU_TEMPLATE, SENSOR_TEMPLATE, REMAINING_TEMPLATE
|
||||
};
|
||||
|
||||
/**
|
@ -1,33 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Tue, 19 Mar 2019 22:35:38 +0100
|
||||
Subject: [PATCH] AppOps details: Add permission icons for new Sensor AppOps
|
||||
|
||||
Change-Id: Ifc337517818dcc929a406ed455fb76e6533507ab
|
||||
---
|
||||
.../android/settings/applications/appops/AppOpsDetails.java | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/com/android/settings/applications/appops/AppOpsDetails.java b/src/com/android/settings/applications/appops/AppOpsDetails.java
|
||||
index 2f210435e8..4f01ceabda 100644
|
||||
--- a/src/com/android/settings/applications/appops/AppOpsDetails.java
|
||||
+++ b/src/com/android/settings/applications/appops/AppOpsDetails.java
|
||||
@@ -115,6 +115,7 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
|
||||
OP_ICONS.put(AppOpsManager.OP_GPS, R.drawable.ic_perm_location);
|
||||
OP_ICONS.put(AppOpsManager.OP_MUTE_MICROPHONE, R.drawable.ic_perm_microphone);
|
||||
OP_ICONS.put(AppOpsManager.OP_NFC_CHANGE, R.drawable.ic_perm_nfc);
|
||||
+ OP_ICONS.put(AppOpsManager.OP_OTHER_SENSORS, R.drawable.ic_phone_info);
|
||||
OP_ICONS.put(AppOpsManager.OP_POST_NOTIFICATION, R.drawable.ic_perm_notifications);
|
||||
OP_ICONS.put(AppOpsManager.OP_READ_CLIPBOARD, R.drawable.ic_perm_clipboard);
|
||||
OP_ICONS.put(AppOpsManager.OP_RUN_IN_BACKGROUND, R.drawable.ic_perm_background);
|
||||
@@ -213,6 +214,10 @@ public class AppOpsDetails extends SettingsPreferenceFragment {
|
||||
if (icon == null && op != -1 && OP_ICONS.containsKey(op)) {
|
||||
icon = getActivity().getDrawable(OP_ICONS.get(op));
|
||||
}
|
||||
+ if (icon == null && op == AppOpsManager.OP_MOTION_SENSORS) {
|
||||
+ icon = getIconByPermission(AppOpsManager.opToPermission(
|
||||
+ AppOpsManager.OP_USE_FINGERPRINT));
|
||||
+ }
|
||||
if (icon == null) {
|
||||
Log.e(TAG, "Failed to retrieve icon for permission: " + perm);
|
||||
} else {
|
@ -1,103 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 13:04:05 +0100
|
||||
Subject: [PATCH] AppOps: Add further Op for accessing Sensors
|
||||
|
||||
Change-Id: Id7d84d910b849cc4f781aac2a6c21278e08bdeec
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 16 +++++++++++++++-
|
||||
1 file changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index 77875354d732..af535f62c10b 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -836,10 +836,12 @@ public class AppOpsManager {
|
||||
public static final int OP_READ_DEVICE_IDENTIFIERS = 89;
|
||||
/** @hide Read location metadata from media */
|
||||
public static final int OP_ACCESS_MEDIA_LOCATION = 90;
|
||||
+ /** @hide Access other Sensors */
|
||||
+ public static final int OP_OTHER_SENSORS = 91;
|
||||
|
||||
/** @hide */
|
||||
@UnsupportedAppUsage
|
||||
- public static final int _NUM_OP = 91;
|
||||
+ public static final int _NUM_OP = 92;
|
||||
|
||||
/** Access to coarse location information. */
|
||||
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
|
||||
@@ -1119,6 +1121,10 @@ public class AppOpsManager {
|
||||
/** @hide Read device identifiers */
|
||||
public static final String OPSTR_READ_DEVICE_IDENTIFIERS = "android:read_device_identifiers";
|
||||
|
||||
+ /** @hide Other Sensors */
|
||||
+ public static final String OPSTR_OTHER_SENSORS = "android:other_sensors";
|
||||
+
|
||||
+
|
||||
// Warning: If an permission is added here it also has to be added to
|
||||
// com.android.packageinstaller.permission.utils.EventLogger
|
||||
private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = {
|
||||
@@ -1281,6 +1287,7 @@ public class AppOpsManager {
|
||||
OP_ACCESS_ACCESSIBILITY, // ACCESS_ACCESSIBILITY
|
||||
OP_READ_DEVICE_IDENTIFIERS, // READ_DEVICE_IDENTIFIERS
|
||||
OP_ACCESS_MEDIA_LOCATION, // ACCESS_MEDIA_LOCATION
|
||||
+ OP_OTHER_SENSORS, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1378,6 +1385,7 @@ public class AppOpsManager {
|
||||
OPSTR_ACCESS_ACCESSIBILITY,
|
||||
OPSTR_READ_DEVICE_IDENTIFIERS,
|
||||
OPSTR_ACCESS_MEDIA_LOCATION,
|
||||
+ OPSTR_OTHER_SENSORS,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1476,6 +1484,7 @@ public class AppOpsManager {
|
||||
"ACCESS_ACCESSIBILITY",
|
||||
"READ_DEVICE_IDENTIFIERS",
|
||||
"ACCESS_MEDIA_LOCATION",
|
||||
+ "OTHER_SENSORS",
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1575,6 +1584,7 @@ public class AppOpsManager {
|
||||
null, // no permission for OP_ACCESS_ACCESSIBILITY
|
||||
null, // no direct permission for OP_READ_DEVICE_IDENTIFIERS
|
||||
Manifest.permission.ACCESS_MEDIA_LOCATION,
|
||||
+ null, // no direct permission for OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1674,6 +1684,7 @@ public class AppOpsManager {
|
||||
null, // ACCESS_ACCESSIBILITY
|
||||
null, // READ_DEVICE_IDENTIFIERS
|
||||
null, // ACCESS_MEDIA_LOCATION
|
||||
+ null, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1772,6 +1783,7 @@ public class AppOpsManager {
|
||||
false, // ACCESS_ACCESSIBILITY
|
||||
false, // READ_DEVICE_IDENTIFIERS
|
||||
false, // ACCESS_MEDIA_LOCATION
|
||||
+ false, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1869,6 +1881,7 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ALLOWED, // ACCESS_ACCESSIBILITY
|
||||
AppOpsManager.MODE_ERRORED, // READ_DEVICE_IDENTIFIERS
|
||||
AppOpsManager.MODE_ALLOWED, // ALLOW_MEDIA_LOCATION
|
||||
+ AppOpsManager.MODE_ALLOWED, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1970,6 +1983,7 @@ public class AppOpsManager {
|
||||
false, // ACCESS_ACCESSIBILITY
|
||||
false, // READ_DEVICE_IDENTIFIERS
|
||||
false, // ACCESS_MEDIA_LOCATION
|
||||
+ false, // OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
@ -1,102 +1,36 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 08:42:55 -0400
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
|
||||
These are treated as a runtime permission even for legacy apps. They
|
||||
need to be granted by default for all apps to maintain compatibility.
|
||||
---
|
||||
.../server/pm/PackageManagerService.java | 3 ++-
|
||||
.../permission/PermissionManagerService.java | 23 +++++++++++++++----
|
||||
2 files changed, 20 insertions(+), 6 deletions(-)
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index edaa60f4b09e..834a6b0d5260 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -20162,7 +20162,8 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 7bcd7a048db4..571099f059c8 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1539,7 +1539,7 @@
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
- android:protectionLevel="normal|instant" />
|
||||
+ android:protectionLevel="dangerous|instant" />
|
||||
|
||||
// If this permission was granted by default, make sure it is.
|
||||
- if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
|
||||
+ if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|
||||
+ || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
|
||||
mPermissionManager.grantRuntimePermission(permName, packageName, false,
|
||||
Process.SYSTEM_UID, userId, delayingPermCallback);
|
||||
// Allow app op later as we are holding mPackages
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 82f963e1df2a..293bdc7ba197 100644
|
||||
index 293bdc7ba197..3a71bc8d015b 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -984,6 +984,10 @@ public class PermissionManagerService {
|
||||
}
|
||||
@@ -985,7 +985,7 @@ public class PermissionManagerService {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return false;
|
||||
+ return Manifest.permission.INTERNET.equals(permission);
|
||||
}
|
||||
|
||||
+ public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Restore the permission state for a package.
|
||||
*
|
||||
@@ -1277,6 +1281,14 @@ public class PermissionManagerService {
|
||||
}
|
||||
}
|
||||
}
|
||||
+
|
||||
+ if (isSpecialRuntimePermission(bp.name) &&
|
||||
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
|
||||
+ if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
+ != PERMISSION_OPERATION_FAILURE) {
|
||||
+ wasChanged = true;
|
||||
+ }
|
||||
+ }
|
||||
} else {
|
||||
if (permState == null) {
|
||||
// New permission
|
||||
@@ -1410,7 +1422,7 @@ public class PermissionManagerService {
|
||||
wasChanged = true;
|
||||
}
|
||||
}
|
||||
- } else {
|
||||
+ } else {
|
||||
if (!permissionsState.hasRuntimePermission(bp.name, userId)
|
||||
&& permissionsState.grantRuntimePermission(bp,
|
||||
userId) != PERMISSION_OPERATION_FAILURE) {
|
||||
@@ -2183,7 +2195,7 @@ public class PermissionManagerService {
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
- if (supportsRuntimePermissions) {
|
||||
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
||||
@@ -2242,7 +2254,7 @@ public class PermissionManagerService {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -2294,7 +2306,8 @@ public class PermissionManagerService {
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
- if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
|
||||
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -2381,7 +2394,7 @@ public class PermissionManagerService {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(permName)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -1,36 +1,62 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
api/current.txt | 1 +
|
||||
core/res/AndroidManifest.xml | 8 ++++++++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
3 files changed, 14 insertions(+)
|
||||
|
||||
diff --git a/api/current.txt b/api/current.txt
|
||||
index cd78602d9cd9..b99634c11742 100644
|
||||
--- a/api/current.txt
|
||||
+++ b/api/current.txt
|
||||
@@ -176,6 +176,7 @@ package android {
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
+ field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 7bcd7a048db4..571099f059c8 100644
|
||||
index 571099f059c8..b51e4f21454b 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1539,7 +1539,7 @@
|
||||
@@ -1533,10 +1533,18 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
|
||||
+ <!-- Network access -->
|
||||
+ <permission-group android:name="android.permission-group.NETWORK"
|
||||
+ android:icon="@drawable/perm_group_network"
|
||||
+ android:label="@string/permgrouplab_network"
|
||||
+ android:description="@string/permgroupdesc_network"
|
||||
+ android:priority="900" />
|
||||
+
|
||||
<!-- Allows applications to open network sockets.
|
||||
<p>Protection level: normal
|
||||
-->
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
- android:protectionLevel="normal|instant" />
|
||||
+ android:protectionLevel="dangerous|instant" />
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index e2afd1e1e0cc..2cf2b923ef90 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -792,6 +792,11 @@
|
||||
<string name="permgrouprequest_sensors">Allow
|
||||
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access sensor data about your vital signs?</string>
|
||||
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 293bdc7ba197..3a71bc8d015b 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -985,7 +985,7 @@ public class PermissionManagerService {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return false;
|
||||
+ return Manifest.permission.INTERNET.equals(permission);
|
||||
}
|
||||
|
||||
/**
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_network">Network</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_network">access the network</string>
|
||||
+
|
||||
<!-- Title for the capability of an accessibility service to retrieve window content. -->
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
||||
|
@ -1,62 +1,111 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
From: Zoraver Kang <zkang@wpi.edu>
|
||||
Date: Mon, 16 Sep 2019 16:41:30 -0400
|
||||
Subject: [PATCH] Enforce INTERNET as a runtime permission.
|
||||
|
||||
---
|
||||
api/current.txt | 1 +
|
||||
core/res/AndroidManifest.xml | 8 ++++++++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
3 files changed, 14 insertions(+)
|
||||
.../connectivity/PermissionMonitor.java | 59 ++++++++++++-------
|
||||
1 file changed, 39 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/api/current.txt b/api/current.txt
|
||||
index cd78602d9cd9..b99634c11742 100644
|
||||
--- a/api/current.txt
|
||||
+++ b/api/current.txt
|
||||
@@ -176,6 +176,7 @@ package android {
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
+ field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 571099f059c8..b51e4f21454b 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1533,10 +1533,18 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 56f4959a9714..0b2012fa759a 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -29,6 +29,7 @@ import static android.os.Process.INVALID_UID;
|
||||
import static android.os.Process.SYSTEM_UID;
|
||||
|
||||
+ <!-- Network access -->
|
||||
+ <permission-group android:name="android.permission-group.NETWORK"
|
||||
+ android:icon="@drawable/perm_group_network"
|
||||
+ android:label="@string/permgrouplab_network"
|
||||
+ android:description="@string/permgroupdesc_network"
|
||||
+ android:priority="900" />
|
||||
+
|
||||
<!-- Allows applications to open network sockets.
|
||||
<p>Protection level: normal
|
||||
-->
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index e2afd1e1e0cc..2cf2b923ef90 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -792,6 +792,11 @@
|
||||
<string name="permgrouprequest_sensors">Allow
|
||||
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access sensor data about your vital signs?</string>
|
||||
import android.annotation.NonNull;
|
||||
+import android.annotation.UserIdInt;
|
||||
import android.content.Context;
|
||||
import android.content.pm.ApplicationInfo;
|
||||
import android.content.pm.PackageInfo;
|
||||
@@ -55,6 +56,7 @@ import com.android.internal.util.ArrayUtils;
|
||||
import com.android.internal.util.IndentingPrintWriter;
|
||||
import com.android.server.LocalServices;
|
||||
import com.android.server.SystemConfig;
|
||||
+import com.android.server.pm.permission.PermissionManagerServiceInternal;
|
||||
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_network">Network</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_network">access the network</string>
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
@@ -80,6 +82,7 @@ public class PermissionMonitor {
|
||||
private static final int VERSION_Q = Build.VERSION_CODES.Q;
|
||||
|
||||
private final PackageManager mPackageManager;
|
||||
+ private final PackageManagerInternal mPackageManagerInternal;
|
||||
private final UserManager mUserManager;
|
||||
private final INetd mNetd;
|
||||
|
||||
@@ -104,26 +107,6 @@ public class PermissionMonitor {
|
||||
|
||||
private class PackageListObserver implements PackageManagerInternal.PackageListObserver {
|
||||
|
||||
- private int getPermissionForUid(int uid) {
|
||||
- int permission = 0;
|
||||
- // Check all the packages for this UID. The UID has the permission if any of the
|
||||
- // packages in it has the permission.
|
||||
- String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
- if (packages != null && packages.length > 0) {
|
||||
- for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
- permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- }
|
||||
- }
|
||||
- } else {
|
||||
- // The last package of this uid is removed from device. Clean the package up.
|
||||
- permission = INetd.PERMISSION_UNINSTALLED;
|
||||
- }
|
||||
- return permission;
|
||||
- }
|
||||
-
|
||||
@Override
|
||||
public void onPackageAdded(String packageName, int uid) {
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
@@ -140,10 +123,46 @@ public class PermissionMonitor {
|
||||
}
|
||||
}
|
||||
|
||||
+ private int getPermissionForUid(int uid) {
|
||||
+ int permission = 0;
|
||||
+ // Check all the packages for this UID. The UID has the permission if any of the
|
||||
+ // packages in it has the permission.
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages != null && packages.length > 0) {
|
||||
+ for (String name : packages) {
|
||||
+ final PackageInfo app = getPackageInfo(name);
|
||||
+ if (app != null && app.requestedPermissions != null) {
|
||||
+ permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ }
|
||||
+ }
|
||||
+ } else {
|
||||
+ // The last package of this uid is removed from device. Clean the package up.
|
||||
+ permission = INetd.PERMISSION_UNINSTALLED;
|
||||
+ }
|
||||
+ return permission;
|
||||
+ }
|
||||
+
|
||||
<!-- Title for the capability of an accessibility service to retrieve window content. -->
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
||||
+ // implements OnRuntimePermissionStateChangedListener
|
||||
+ private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
+ @UserIdInt int userId) {
|
||||
+ // userId is _not_ uid
|
||||
+ int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
+ }
|
||||
+
|
||||
public PermissionMonitor(Context context, INetd netd) {
|
||||
mPackageManager = context.getPackageManager();
|
||||
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
||||
mNetd = netd;
|
||||
+
|
||||
+ mPackageManagerInternal = LocalServices.getService(
|
||||
+ PackageManagerInternal.class);
|
||||
+
|
||||
+ final PermissionManagerServiceInternal permManagerInternal = LocalServices.getService(
|
||||
+ PermissionManagerServiceInternal.class);
|
||||
+ permManagerInternal.addOnRuntimePermissionStateChangedListener(
|
||||
+ this::enforceINTERNETAsRuntimePermission);
|
||||
}
|
||||
|
||||
// Intended to be called only once at startup, after the system is ready. Installs a broadcast
|
||||
|
@ -1,111 +1,82 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Zoraver Kang <zkang@wpi.edu>
|
||||
Date: Mon, 16 Sep 2019 16:41:30 -0400
|
||||
Subject: [PATCH] Enforce INTERNET as a runtime permission.
|
||||
From: pratyush <codelab@pratyush.dev>
|
||||
Date: Sun, 25 Apr 2021 07:04:03 +0530
|
||||
Subject: [PATCH] fix INTERNET enforcement for secondary users
|
||||
|
||||
This code was not specifying the profile for the app so it wasn't
|
||||
working properly with INTERNET as a runtime permission.
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 59 ++++++++++++-------
|
||||
1 file changed, 39 insertions(+), 20 deletions(-)
|
||||
.../connectivity/PermissionMonitor.java | 20 +++++++++----------
|
||||
1 file changed, 10 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 56f4959a9714..0b2012fa759a 100644
|
||||
index 0b2012fa759a..3187d4ba1491 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -29,6 +29,7 @@ import static android.os.Process.INVALID_UID;
|
||||
import static android.os.Process.SYSTEM_UID;
|
||||
@@ -130,7 +130,8 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
+ int userId = UserHandle.getUserId(uid);
|
||||
+ final PackageInfo app = getPackageInfo(name, userId);
|
||||
if (app != null && app.requestedPermissions != null) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
@@ -147,7 +148,7 @@ public class PermissionMonitor {
|
||||
private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
@UserIdInt int userId) {
|
||||
// userId is _not_ uid
|
||||
- int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ int uid = mPackageManagerInternal.getPackageUid( packageName, GET_PERMISSIONS, userId);
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
}
|
||||
|
||||
import android.annotation.NonNull;
|
||||
+import android.annotation.UserIdInt;
|
||||
import android.content.Context;
|
||||
import android.content.pm.ApplicationInfo;
|
||||
import android.content.pm.PackageInfo;
|
||||
@@ -55,6 +56,7 @@ import com.android.internal.util.ArrayUtils;
|
||||
import com.android.internal.util.IndentingPrintWriter;
|
||||
import com.android.server.LocalServices;
|
||||
import com.android.server.SystemConfig;
|
||||
+import com.android.server.pm.permission.PermissionManagerServiceInternal;
|
||||
@@ -363,12 +364,13 @@ public class PermissionMonitor {
|
||||
}
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
@@ -80,6 +82,7 @@ public class PermissionMonitor {
|
||||
private static final int VERSION_Q = Build.VERSION_CODES.Q;
|
||||
|
||||
private final PackageManager mPackageManager;
|
||||
+ private final PackageManagerInternal mPackageManagerInternal;
|
||||
private final UserManager mUserManager;
|
||||
private final INetd mNetd;
|
||||
|
||||
@@ -104,26 +107,6 @@ public class PermissionMonitor {
|
||||
|
||||
private class PackageListObserver implements PackageManagerInternal.PackageListObserver {
|
||||
|
||||
- private int getPermissionForUid(int uid) {
|
||||
- int permission = 0;
|
||||
- // Check all the packages for this UID. The UID has the permission if any of the
|
||||
- // packages in it has the permission.
|
||||
- String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
- if (packages != null && packages.length > 0) {
|
||||
- for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
- permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- }
|
||||
- }
|
||||
- } else {
|
||||
- // The last package of this uid is removed from device. Clean the package up.
|
||||
- permission = INetd.PERMISSION_UNINSTALLED;
|
||||
- }
|
||||
- return permission;
|
||||
- }
|
||||
-
|
||||
@Override
|
||||
public void onPackageAdded(String packageName, int uid) {
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
@@ -140,10 +123,46 @@ public class PermissionMonitor {
|
||||
@VisibleForTesting
|
||||
- protected Boolean highestPermissionForUid(Boolean currentPermission, String name) {
|
||||
+ protected Boolean highestPermissionForUid(Boolean currentPermission, String name, int uid) {
|
||||
if (currentPermission == SYSTEM) {
|
||||
return currentPermission;
|
||||
}
|
||||
try {
|
||||
- final PackageInfo app = mPackageManager.getPackageInfo(name, GET_PERMISSIONS);
|
||||
+ final PackageInfo app = mPackageManager.getPackageInfoAsUser(name, GET_PERMISSIONS,
|
||||
+ UserHandle.getUserId(uid));
|
||||
final boolean isNetwork = hasNetworkPermission(app);
|
||||
final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
if (isNetwork || hasRestrictedPermission) {
|
||||
@@ -392,7 +394,7 @@ public class PermissionMonitor {
|
||||
public synchronized void onPackageAdded(String packageName, int uid) {
|
||||
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName);
|
||||
+ final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName, uid);
|
||||
if (permission != mApps.get(uid)) {
|
||||
mApps.put(uid, permission);
|
||||
|
||||
@@ -444,7 +446,7 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- permission = highestPermissionForUid(permission, name);
|
||||
+ permission = highestPermissionForUid(permission, name, uid);
|
||||
if (permission == SYSTEM) {
|
||||
// An app with this UID still has the SYSTEM permission.
|
||||
// Therefore, this UID must already have the SYSTEM permission.
|
||||
@@ -484,11 +486,9 @@ public class PermissionMonitor {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
+ private int getPermissionForUid(int uid) {
|
||||
+ int permission = 0;
|
||||
+ // Check all the packages for this UID. The UID has the permission if any of the
|
||||
+ // packages in it has the permission.
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages != null && packages.length > 0) {
|
||||
+ for (String name : packages) {
|
||||
+ final PackageInfo app = getPackageInfo(name);
|
||||
+ if (app != null && app.requestedPermissions != null) {
|
||||
+ permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ }
|
||||
+ }
|
||||
+ } else {
|
||||
+ // The last package of this uid is removed from device. Clean the package up.
|
||||
+ permission = INetd.PERMISSION_UNINSTALLED;
|
||||
+ }
|
||||
+ return permission;
|
||||
+ }
|
||||
+
|
||||
+ // implements OnRuntimePermissionStateChangedListener
|
||||
+ private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
+ @UserIdInt int userId) {
|
||||
+ // userId is _not_ uid
|
||||
+ int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
+ }
|
||||
+
|
||||
public PermissionMonitor(Context context, INetd netd) {
|
||||
mPackageManager = context.getPackageManager();
|
||||
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
||||
mNetd = netd;
|
||||
+
|
||||
+ mPackageManagerInternal = LocalServices.getService(
|
||||
+ PackageManagerInternal.class);
|
||||
+
|
||||
+ final PermissionManagerServiceInternal permManagerInternal = LocalServices.getService(
|
||||
+ PermissionManagerServiceInternal.class);
|
||||
+ permManagerInternal.addOnRuntimePermissionStateChangedListener(
|
||||
+ this::enforceINTERNETAsRuntimePermission);
|
||||
}
|
||||
|
||||
// Intended to be called only once at startup, after the system is ready. Installs a broadcast
|
||||
- private PackageInfo getPackageInfo(String packageName) {
|
||||
+ private PackageInfo getPackageInfo(String packageName, int userId) {
|
||||
try {
|
||||
- PackageInfo app = mPackageManager.getPackageInfo(packageName, GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- return app;
|
||||
+ return mPackageManager.getPackageInfoAsUser(packageName, GET_PERMISSIONS, userId);
|
||||
} catch (NameNotFoundException e) {
|
||||
return null;
|
||||
}
|
||||
|
@ -1,82 +1,125 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: pratyush <codelab@pratyush.dev>
|
||||
Date: Sun, 25 Apr 2021 07:04:03 +0530
|
||||
Subject: [PATCH] fix INTERNET enforcement for secondary users
|
||||
From: Pratyush <codelab@pratyush.dev>
|
||||
Date: Thu, 12 Aug 2021 03:44:41 +0530
|
||||
Subject: [PATCH] send uid for each user instead of just owner/admin user
|
||||
|
||||
This code was not specifying the profile for the app so it wasn't
|
||||
working properly with INTERNET as a runtime permission.
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 20 +++++++++----------
|
||||
1 file changed, 10 insertions(+), 10 deletions(-)
|
||||
.../connectivity/PermissionMonitor.java | 83 +++++++++++--------
|
||||
1 file changed, 49 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 0b2012fa759a..3187d4ba1491 100644
|
||||
index 3187d4ba1491..0a9b8b6a6e94 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -130,7 +130,8 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
@@ -132,7 +132,7 @@ public class PermissionMonitor {
|
||||
for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
+ int userId = UserHandle.getUserId(uid);
|
||||
+ final PackageInfo app = getPackageInfo(name, userId);
|
||||
if (app != null && app.requestedPermissions != null) {
|
||||
int userId = UserHandle.getUserId(uid);
|
||||
final PackageInfo app = getPackageInfo(name, userId);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
+ if (app != null && app.requestedPermissions != null && app.applicationInfo.uid == uid) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
@@ -147,7 +148,7 @@ public class PermissionMonitor {
|
||||
private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
@UserIdInt int userId) {
|
||||
// userId is _not_ uid
|
||||
- int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ int uid = mPackageManagerInternal.getPackageUid( packageName, GET_PERMISSIONS, userId);
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
}
|
||||
}
|
||||
@@ -177,44 +177,45 @@ public class PermissionMonitor {
|
||||
} else {
|
||||
loge("failed to get the PackageManagerInternal service");
|
||||
}
|
||||
- List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- if (apps == null) {
|
||||
- loge("No apps");
|
||||
- return;
|
||||
- }
|
||||
|
||||
@@ -363,12 +364,13 @@ public class PermissionMonitor {
|
||||
}
|
||||
SparseIntArray netdPermsUids = new SparseIntArray();
|
||||
|
||||
@VisibleForTesting
|
||||
- protected Boolean highestPermissionForUid(Boolean currentPermission, String name) {
|
||||
+ protected Boolean highestPermissionForUid(Boolean currentPermission, String name, int uid) {
|
||||
if (currentPermission == SYSTEM) {
|
||||
return currentPermission;
|
||||
- for (PackageInfo app : apps) {
|
||||
- int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
- if (uid < 0) {
|
||||
- continue;
|
||||
- }
|
||||
- mAllApps.add(UserHandle.getAppId(uid));
|
||||
-
|
||||
- boolean isNetwork = hasNetworkPermission(app);
|
||||
- boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
-
|
||||
- if (isNetwork || hasRestrictedPermission) {
|
||||
- Boolean permission = mApps.get(uid);
|
||||
- // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
- // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- if (permission == null || permission == NETWORK) {
|
||||
- mApps.put(uid, hasRestrictedPermission);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- //TODO: unify the management of the permissions into one codepath.
|
||||
- int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
- }
|
||||
-
|
||||
List<UserInfo> users = mUserManager.getUsers(true); // exclude dying users
|
||||
if (users != null) {
|
||||
for (UserInfo user : users) {
|
||||
mUsers.add(user.id);
|
||||
+
|
||||
+ List<PackageInfo> apps = mPackageManager.getInstalledPackagesAsUser(GET_PERMISSIONS, user.id);
|
||||
+ if (apps == null) {
|
||||
+ loge("No apps");
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ for (PackageInfo app : apps) {
|
||||
+ int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
+ if (uid < 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ mAllApps.add(UserHandle.getAppId(uid));
|
||||
+
|
||||
+ boolean isNetwork = hasNetworkPermission(app);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ Boolean permission = mApps.get(uid);
|
||||
+ // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
+ // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
+ if (permission == null || permission == NETWORK) {
|
||||
+ mApps.put(uid, hasRestrictedPermission);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ //TODO: unify the management of the permissions into one codepath.
|
||||
+ int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
+ }
|
||||
+
|
||||
}
|
||||
}
|
||||
|
||||
@@ -307,9 +308,23 @@ public class PermissionMonitor {
|
||||
List<Integer> network = new ArrayList<>();
|
||||
List<Integer> system = new ArrayList<>();
|
||||
for (Entry<Integer, Boolean> app : apps.entrySet()) {
|
||||
- List<Integer> list = app.getValue() ? system : network;
|
||||
for (int user : users) {
|
||||
- list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ int uid = UserHandle.getUid(user, UserHandle.getAppId(app.getKey()));
|
||||
+ if (uid < 0) continue;
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages == null) continue;
|
||||
+ for (String pkg : packages) {
|
||||
+ PackageInfo info = getPackageInfo(pkg, user);
|
||||
+ if (info != null && info.applicationInfo.uid == uid) {
|
||||
+ boolean isNetwork = hasNetworkPermission(info);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(info);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ List<Integer> list = hasRestrictedPermission ? system : network;
|
||||
+ list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
try {
|
||||
- final PackageInfo app = mPackageManager.getPackageInfo(name, GET_PERMISSIONS);
|
||||
+ final PackageInfo app = mPackageManager.getPackageInfoAsUser(name, GET_PERMISSIONS,
|
||||
+ UserHandle.getUserId(uid));
|
||||
final boolean isNetwork = hasNetworkPermission(app);
|
||||
final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
if (isNetwork || hasRestrictedPermission) {
|
||||
@@ -392,7 +394,7 @@ public class PermissionMonitor {
|
||||
public synchronized void onPackageAdded(String packageName, int uid) {
|
||||
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName);
|
||||
+ final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName, uid);
|
||||
if (permission != mApps.get(uid)) {
|
||||
mApps.put(uid, permission);
|
||||
|
||||
@@ -444,7 +446,7 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- permission = highestPermissionForUid(permission, name);
|
||||
+ permission = highestPermissionForUid(permission, name, uid);
|
||||
if (permission == SYSTEM) {
|
||||
// An app with this UID still has the SYSTEM permission.
|
||||
// Therefore, this UID must already have the SYSTEM permission.
|
||||
@@ -484,11 +486,9 @@ public class PermissionMonitor {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
- private PackageInfo getPackageInfo(String packageName) {
|
||||
+ private PackageInfo getPackageInfo(String packageName, int userId) {
|
||||
try {
|
||||
- PackageInfo app = mPackageManager.getPackageInfo(packageName, GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- return app;
|
||||
+ return mPackageManager.getPackageInfoAsUser(packageName, GET_PERMISSIONS, userId);
|
||||
} catch (NameNotFoundException e) {
|
||||
return null;
|
||||
}
|
||||
|
@ -1,125 +1,42 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Pratyush <codelab@pratyush.dev>
|
||||
Date: Thu, 12 Aug 2021 03:44:41 +0530
|
||||
Subject: [PATCH] send uid for each user instead of just owner/admin user
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Tue, 14 Dec 2021 18:17:11 +0200
|
||||
Subject: [PATCH] skip reportNetworkConnectivity() when permission is revoked
|
||||
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 83 +++++++++++--------
|
||||
1 file changed, 49 insertions(+), 34 deletions(-)
|
||||
core/java/android/net/ConnectivityManager.java | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 3187d4ba1491..0a9b8b6a6e94 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -132,7 +132,7 @@ public class PermissionMonitor {
|
||||
for (String name : packages) {
|
||||
int userId = UserHandle.getUserId(uid);
|
||||
final PackageInfo app = getPackageInfo(name, userId);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
+ if (app != null && app.requestedPermissions != null && app.applicationInfo.uid == uid) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
}
|
||||
@@ -177,44 +177,45 @@ public class PermissionMonitor {
|
||||
} else {
|
||||
loge("failed to get the PackageManagerInternal service");
|
||||
}
|
||||
- List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- if (apps == null) {
|
||||
- loge("No apps");
|
||||
- return;
|
||||
- }
|
||||
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
|
||||
index 12102a140947..21661609ff72 100644
|
||||
--- a/core/java/android/net/ConnectivityManager.java
|
||||
+++ b/core/java/android/net/ConnectivityManager.java
|
||||
@@ -17,6 +17,7 @@ package android.net;
|
||||
|
||||
SparseIntArray netdPermsUids = new SparseIntArray();
|
||||
import static android.net.IpSecManager.INVALID_RESOURCE_ID;
|
||||
|
||||
- for (PackageInfo app : apps) {
|
||||
- int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
- if (uid < 0) {
|
||||
- continue;
|
||||
- }
|
||||
- mAllApps.add(UserHandle.getAppId(uid));
|
||||
-
|
||||
- boolean isNetwork = hasNetworkPermission(app);
|
||||
- boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
-
|
||||
- if (isNetwork || hasRestrictedPermission) {
|
||||
- Boolean permission = mApps.get(uid);
|
||||
- // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
- // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- if (permission == null || permission == NETWORK) {
|
||||
- mApps.put(uid, hasRestrictedPermission);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- //TODO: unify the management of the permissions into one codepath.
|
||||
- int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
- }
|
||||
-
|
||||
List<UserInfo> users = mUserManager.getUsers(true); // exclude dying users
|
||||
if (users != null) {
|
||||
for (UserInfo user : users) {
|
||||
mUsers.add(user.id);
|
||||
+
|
||||
+ List<PackageInfo> apps = mPackageManager.getInstalledPackagesAsUser(GET_PERMISSIONS, user.id);
|
||||
+ if (apps == null) {
|
||||
+ loge("No apps");
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ for (PackageInfo app : apps) {
|
||||
+ int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
+ if (uid < 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ mAllApps.add(UserHandle.getAppId(uid));
|
||||
+
|
||||
+ boolean isNetwork = hasNetworkPermission(app);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ Boolean permission = mApps.get(uid);
|
||||
+ // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
+ // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
+ if (permission == null || permission == NETWORK) {
|
||||
+ mApps.put(uid, hasRestrictedPermission);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ //TODO: unify the management of the permissions into one codepath.
|
||||
+ int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
+ }
|
||||
+
|
||||
}
|
||||
}
|
||||
|
||||
@@ -307,9 +308,23 @@ public class PermissionMonitor {
|
||||
List<Integer> network = new ArrayList<>();
|
||||
List<Integer> system = new ArrayList<>();
|
||||
for (Entry<Integer, Boolean> app : apps.entrySet()) {
|
||||
- List<Integer> list = app.getValue() ? system : network;
|
||||
for (int user : users) {
|
||||
- list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ int uid = UserHandle.getUid(user, UserHandle.getAppId(app.getKey()));
|
||||
+ if (uid < 0) continue;
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages == null) continue;
|
||||
+ for (String pkg : packages) {
|
||||
+ PackageInfo info = getPackageInfo(pkg, user);
|
||||
+ if (info != null && info.applicationInfo.uid == uid) {
|
||||
+ boolean isNetwork = hasNetworkPermission(info);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(info);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ List<Integer> list = hasRestrictedPermission ? system : network;
|
||||
+ list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
+import android.Manifest;
|
||||
import android.annotation.CallbackExecutor;
|
||||
import android.annotation.IntDef;
|
||||
import android.annotation.NonNull;
|
||||
@@ -31,6 +32,7 @@ import android.annotation.UnsupportedAppUsage;
|
||||
import android.app.PendingIntent;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
+import android.content.pm.PackageManager;
|
||||
import android.net.IpSecManager.UdpEncapsulationSocket;
|
||||
import android.net.SocketKeepalive.Callback;
|
||||
import android.os.Binder;
|
||||
@@ -3054,6 +3056,12 @@ public class ConnectivityManager {
|
||||
*/
|
||||
public void reportNetworkConnectivity(@Nullable Network network, boolean hasConnectivity) {
|
||||
printStackTrace();
|
||||
+ if (mContext.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
|
||||
+ // ConnectivityService enforces this by throwing an unexpected SecurityException,
|
||||
+ // which puts GMS into a crash loop. Also useful for other apps that don't expect that
|
||||
+ // INTERNET permission might get revoked.
|
||||
+ return;
|
||||
+ }
|
||||
try {
|
||||
mService.reportNetworkConnectivity(network, hasConnectivity);
|
||||
} catch (RemoteException e) {
|
||||
|
@ -1,42 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Tue, 14 Dec 2021 18:17:11 +0200
|
||||
Subject: [PATCH] skip reportNetworkConnectivity() when permission is revoked
|
||||
|
||||
---
|
||||
core/java/android/net/ConnectivityManager.java | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
|
||||
index 12102a140947..21661609ff72 100644
|
||||
--- a/core/java/android/net/ConnectivityManager.java
|
||||
+++ b/core/java/android/net/ConnectivityManager.java
|
||||
@@ -17,6 +17,7 @@ package android.net;
|
||||
|
||||
import static android.net.IpSecManager.INVALID_RESOURCE_ID;
|
||||
|
||||
+import android.Manifest;
|
||||
import android.annotation.CallbackExecutor;
|
||||
import android.annotation.IntDef;
|
||||
import android.annotation.NonNull;
|
||||
@@ -31,6 +32,7 @@ import android.annotation.UnsupportedAppUsage;
|
||||
import android.app.PendingIntent;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
+import android.content.pm.PackageManager;
|
||||
import android.net.IpSecManager.UdpEncapsulationSocket;
|
||||
import android.net.SocketKeepalive.Callback;
|
||||
import android.os.Binder;
|
||||
@@ -3054,6 +3056,12 @@ public class ConnectivityManager {
|
||||
*/
|
||||
public void reportNetworkConnectivity(@Nullable Network network, boolean hasConnectivity) {
|
||||
printStackTrace();
|
||||
+ if (mContext.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
|
||||
+ // ConnectivityService enforces this by throwing an unexpected SecurityException,
|
||||
+ // which puts GMS into a crash loop. Also useful for other apps that don't expect that
|
||||
+ // INTERNET permission might get revoked.
|
||||
+ return;
|
||||
+ }
|
||||
try {
|
||||
mService.reportNetworkConnectivity(network, hasConnectivity);
|
||||
} catch (RemoteException e) {
|
@ -0,0 +1,114 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:54:42 -0400
|
||||
Subject: [PATCH] add special runtime permission for other sensors
|
||||
|
||||
This covers sensors not included in the existing runtime permission for
|
||||
body sensors.
|
||||
---
|
||||
api/current.txt | 2 ++
|
||||
core/java/android/content/pm/PackageParser.java | 2 ++
|
||||
core/res/AndroidManifest.xml | 12 ++++++++++++
|
||||
core/res/res/values/strings.xml | 12 ++++++++++++
|
||||
.../pm/permission/PermissionManagerService.java | 2 +-
|
||||
5 files changed, 29 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/api/current.txt b/api/current.txt
|
||||
index b99634c11742..d74627f45dbd 100644
|
||||
--- a/api/current.txt
|
||||
+++ b/api/current.txt
|
||||
@@ -100,6 +100,7 @@ package android {
|
||||
field public static final String MOUNT_UNMOUNT_FILESYSTEMS = "android.permission.MOUNT_UNMOUNT_FILESYSTEMS";
|
||||
field public static final String NFC = "android.permission.NFC";
|
||||
field public static final String NFC_TRANSACTION_EVENT = "android.permission.NFC_TRANSACTION_EVENT";
|
||||
+ field public static final String OTHER_SENSORS = "android.permission.OTHER_SENSORS";
|
||||
field public static final String PACKAGE_USAGE_STATS = "android.permission.PACKAGE_USAGE_STATS";
|
||||
field @Deprecated public static final String PERSISTENT_ACTIVITY = "android.permission.PERSISTENT_ACTIVITY";
|
||||
field @Deprecated public static final String PROCESS_OUTGOING_CALLS = "android.permission.PROCESS_OUTGOING_CALLS";
|
||||
@@ -177,6 +178,7 @@ package android {
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
+ field public static final String OTHER_SENSORS = "android.permission-group.OTHER_SENSORS";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index 861b0d922d32..e9a0696ebaff 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -286,6 +286,8 @@ public class PackageParser {
|
||||
@UnsupportedAppUsage
|
||||
public static final PackageParser.NewPermissionInfo NEW_PERMISSIONS[] =
|
||||
new PackageParser.NewPermissionInfo[] {
|
||||
+ new PackageParser.NewPermissionInfo(android.Manifest.permission.OTHER_SENSORS,
|
||||
+ android.os.Build.VERSION_CODES.CUR_DEVELOPMENT + 1, 0),
|
||||
new PackageParser.NewPermissionInfo(android.Manifest.permission.WRITE_EXTERNAL_STORAGE,
|
||||
android.os.Build.VERSION_CODES.DONUT, 0),
|
||||
new PackageParser.NewPermissionInfo(android.Manifest.permission.READ_PHONE_STATE,
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index b51e4f21454b..d5bc3cd38c07 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1331,6 +1331,18 @@
|
||||
android:description="@string/permdesc_useBiometric"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <permission-group android:name="android.permission-group.OTHER_SENSORS"
|
||||
+ android:icon="@drawable/perm_group_location"
|
||||
+ android:label="@string/permgrouplab_otherSensors"
|
||||
+ android:description="@string/permgroupdesc_otherSensors"
|
||||
+ android:priority="1000" />
|
||||
+
|
||||
+ <permission android:name="android.permission.OTHER_SENSORS"
|
||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
+ android:label="@string/permlab_otherSensors"
|
||||
+ android:description="@string/permdesc_otherSensors"
|
||||
+ android:protectionLevel="dangerous" />
|
||||
+
|
||||
<!-- ====================================================================== -->
|
||||
<!-- REMOVED PERMISSIONS -->
|
||||
<!-- ====================================================================== -->
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 2cf2b923ef90..ae206c1f5872 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -792,6 +792,11 @@
|
||||
<string name="permgrouprequest_sensors">Allow
|
||||
<b><xliff:g id="app_name" example="Gmail">%1$s</xliff:g></b> to access sensor data about your vital signs?</string>
|
||||
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_otherSensors">Sensors</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_otherSensors">access sensor data about orientation, movement, etc.</string>
|
||||
+
|
||||
<!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permgrouplab_network">Network</string>
|
||||
<!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
@@ -1085,6 +1090,13 @@
|
||||
<string name="permdesc_bodySensors" product="default">Allows the app to access data from sensors
|
||||
that monitor your physical condition, such as your heart rate.</string>
|
||||
|
||||
+ <!-- Title of the sensors permission, listed so the user can decide whether to allow the application to access sensor data. [CHAR LIMIT=80] -->
|
||||
+ <string name="permlab_otherSensors">access sensors (like the compass)
|
||||
+ </string>
|
||||
+ <!-- Description of the sensors permission, listed so the user can decide whether to allow the application to access data from sensors. [CHAR LIMIT=NONE] -->
|
||||
+ <string name="permdesc_otherSensors" product="default">Allows the app to access data from sensors
|
||||
+ monitoring orientation, movement, vibration (including low frequency sound) and environmental data</string>
|
||||
+
|
||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permlab_readCalendar">Read calendar events and details</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 3a71bc8d015b..3eb4262ba634 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -985,7 +985,7 @@ public class PermissionManagerService {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return Manifest.permission.INTERNET.equals(permission);
|
||||
+ return Manifest.permission.INTERNET.equals(permission) || Manifest.permission.OTHER_SENSORS.equals(permission);
|
||||
}
|
||||
|
||||
/**
|
@ -0,0 +1,102 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 08:42:55 -0400
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
|
||||
These are treated as a runtime permission even for legacy apps. They
|
||||
need to be granted by default for all apps to maintain compatibility.
|
||||
---
|
||||
.../server/pm/PackageManagerService.java | 3 ++-
|
||||
.../permission/PermissionManagerService.java | 23 +++++++++++++++----
|
||||
2 files changed, 20 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
index edaa60f4b09e..834a6b0d5260 100644
|
||||
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
|
||||
@@ -20162,7 +20162,8 @@ public class PackageManagerService extends IPackageManager.Stub
|
||||
}
|
||||
|
||||
// If this permission was granted by default, make sure it is.
|
||||
- if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0) {
|
||||
+ if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|
||||
+ || PermissionManagerService.isSpecialRuntimePermission(bp.getName())) {
|
||||
mPermissionManager.grantRuntimePermission(permName, packageName, false,
|
||||
Process.SYSTEM_UID, userId, delayingPermCallback);
|
||||
// Allow app op later as we are holding mPackages
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 82f963e1df2a..293bdc7ba197 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -984,6 +984,10 @@ public class PermissionManagerService {
|
||||
}
|
||||
}
|
||||
|
||||
+ public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Restore the permission state for a package.
|
||||
*
|
||||
@@ -1277,6 +1281,14 @@ public class PermissionManagerService {
|
||||
}
|
||||
}
|
||||
}
|
||||
+
|
||||
+ if (isSpecialRuntimePermission(bp.name) &&
|
||||
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
|
||||
+ if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
+ != PERMISSION_OPERATION_FAILURE) {
|
||||
+ wasChanged = true;
|
||||
+ }
|
||||
+ }
|
||||
} else {
|
||||
if (permState == null) {
|
||||
// New permission
|
||||
@@ -1410,7 +1422,7 @@ public class PermissionManagerService {
|
||||
wasChanged = true;
|
||||
}
|
||||
}
|
||||
- } else {
|
||||
+ } else {
|
||||
if (!permissionsState.hasRuntimePermission(bp.name, userId)
|
||||
&& permissionsState.grantRuntimePermission(bp,
|
||||
userId) != PERMISSION_OPERATION_FAILURE) {
|
||||
@@ -2183,7 +2195,7 @@ public class PermissionManagerService {
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
- if (supportsRuntimePermissions) {
|
||||
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermission(permission, pkg.packageName, false, callingUid,
|
||||
@@ -2242,7 +2254,7 @@ public class PermissionManagerService {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -2294,7 +2306,8 @@ public class PermissionManagerService {
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
- if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M) {
|
||||
+ if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -2381,7 +2394,7 @@ public class PermissionManagerService {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.applicationInfo.targetSdkVersion < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(permName)) {
|
||||
return;
|
||||
}
|
||||
|
@ -1,81 +1,21 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 13:21:18 +0100
|
||||
Subject: [PATCH] AppOps: New Op for (Other) sensors access
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 16:28:57 -0400
|
||||
Subject: [PATCH] require OTHER_SENSORS permission for sensors
|
||||
|
||||
* Add missing Ops to the enum, as pre-requisite to add new sensor op
|
||||
* Add new sensor op to enum
|
||||
* Invoke OP_OTHER_SENSORS as default
|
||||
* Adapt logic for checking the Ops, if no permission is linked
|
||||
|
||||
Change-Id: If4011566a391314afed9a26e1dcf6e4bc838e4f7
|
||||
---
|
||||
libs/binder/include/binder/AppOpsManager.h | 13 +++++++++++++
|
||||
libs/sensor/Sensor.cpp | 1 +
|
||||
services/sensorservice/SensorService.cpp | 9 +++++----
|
||||
3 files changed, 19 insertions(+), 4 deletions(-)
|
||||
libs/sensor/Sensor.cpp | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
|
||||
index 17493b4252..89c0eacb8a 100644
|
||||
--- a/libs/binder/include/binder/AppOpsManager.h
|
||||
+++ b/libs/binder/include/binder/AppOpsManager.h
|
||||
@@ -109,6 +109,19 @@ public:
|
||||
OP_START_FOREGROUND = 76,
|
||||
OP_BLUETOOTH_SCAN = 77,
|
||||
OP_USE_BIOMETRIC = 78,
|
||||
+ OP_ACTIVITY_RECOGNITION = 79,
|
||||
+ OP_SMS_FINANCIAL_TRANSACTIONS = 80,
|
||||
+ OP_READ_MEDIA_AUDIO = 81,
|
||||
+ OP_WRITE_MEDIA_AUDIO = 82,
|
||||
+ OP_READ_MEDIA_VIDEO = 83,
|
||||
+ OP_WRITE_MEDIA_VIDEO = 84,
|
||||
+ OP_READ_MEDIA_IMAGES = 85,
|
||||
+ OP_WRITE_MEDIA_IMAGES = 86,
|
||||
+ OP_LEGACY_STORAGE = 87,
|
||||
+ OP_ACCESS_ACCESSIBILITY = 88,
|
||||
+ OP_READ_DEVICE_IDENTIFIERS = 89,
|
||||
+ OP_ACCESS_MEDIA_LOCATION = 90,
|
||||
+ OP_OTHER_SENSORS = 91,
|
||||
};
|
||||
|
||||
AppOpsManager();
|
||||
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
|
||||
index abc910302c..8a318543a7 100644
|
||||
index abc910302c..8b6e96aef6 100644
|
||||
--- a/libs/sensor/Sensor.cpp
|
||||
+++ b/libs/sensor/Sensor.cpp
|
||||
@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
mMinDelay = hwSensor.minDelay;
|
||||
mFlags = 0;
|
||||
mUuid = uuid;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set
|
||||
+ mRequiredPermission = "android.permission.OTHER_SENSORS";
|
||||
|
||||
// Set fifo event count zero for older devices which do not support batching. Fused
|
||||
// sensors also have their fifo counts set to zero.
|
||||
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
|
||||
index 6bb250e7bb..58297122a5 100644
|
||||
--- a/services/sensorservice/SensorService.cpp
|
||||
+++ b/services/sensorservice/SensorService.cpp
|
||||
@@ -1643,10 +1643,9 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
|
||||
|
||||
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
const String16& opPackageName) {
|
||||
+
|
||||
// Check if a permission is required for this sensor
|
||||
- if (sensor.getRequiredPermission().length() <= 0) {
|
||||
- return true;
|
||||
- }
|
||||
+ bool noAssociatedPermission = (sensor.getRequiredPermission().length() <= 0);
|
||||
|
||||
const int32_t opCode = sensor.getRequiredAppOp();
|
||||
const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
|
||||
@@ -1654,7 +1653,9 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
bool appOpAllowed = appOpMode == AppOpsManager::MODE_ALLOWED;
|
||||
|
||||
bool canAccess = false;
|
||||
- if (hasPermissionForSensor(sensor)) {
|
||||
+ if (noAssociatedPermission) {
|
||||
+ canAccess = appOpAllowed;
|
||||
+ } else if (hasPermissionForSensor(sensor)) {
|
||||
// Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
|
||||
if (opCode < 0 || appOpAllowed) {
|
||||
canAccess = true;
|
||||
|
@ -0,0 +1,45 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:55:58 -0400
|
||||
Subject: [PATCH] always treat OTHER_SENSORS as a runtime permission
|
||||
|
||||
---
|
||||
.../packageinstaller/permission/model/AppPermissionGroup.java | 4 ++--
|
||||
.../android/packageinstaller/permission/model/Permission.java | 2 +-
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
index c9fa2ca3e..7930b46ce 100644
|
||||
--- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
+++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
|
||||
@@ -786,7 +786,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
|
||||
boolean wasGranted = permission.isGrantedIncludingAppOp();
|
||||
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
// Do not touch permissions fixed by the system.
|
||||
if (permission.isSystemFixed()) {
|
||||
wasAllGranted = false;
|
||||
@@ -963,7 +963,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
break;
|
||||
}
|
||||
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
// Revoke the permission if needed.
|
||||
if (permission.isGranted()) {
|
||||
permission.setGranted(false);
|
||||
diff --git a/src/com/android/packageinstaller/permission/model/Permission.java b/src/com/android/packageinstaller/permission/model/Permission.java
|
||||
index c2ec88902..4cd2a7349 100644
|
||||
--- a/src/com/android/packageinstaller/permission/model/Permission.java
|
||||
+++ b/src/com/android/packageinstaller/permission/model/Permission.java
|
||||
@@ -137,7 +137,7 @@ public final class Permission {
|
||||
* @return {@code true} if the permission (and the app-op) is granted.
|
||||
*/
|
||||
public boolean isGrantedIncludingAppOp() {
|
||||
- return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName));
|
||||
+ return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName) || Manifest.permission.OTHER_SENSORS.equals(mName));
|
||||
}
|
||||
|
||||
public boolean isReviewRequired() {
|
@ -0,0 +1,29 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:56:35 -0400
|
||||
Subject: [PATCH] add OTHER_SENSORS permission group
|
||||
|
||||
---
|
||||
src/com/android/packageinstaller/permission/utils/Utils.java | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/com/android/packageinstaller/permission/utils/Utils.java b/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
index 162b15f37..d1a19200b 100644
|
||||
--- a/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
+++ b/src/com/android/packageinstaller/permission/utils/Utils.java
|
||||
@@ -25,6 +25,7 @@ import static android.Manifest.permission_group.CONTACTS;
|
||||
import static android.Manifest.permission_group.LOCATION;
|
||||
import static android.Manifest.permission_group.MICROPHONE;
|
||||
import static android.Manifest.permission_group.NETWORK;
|
||||
+import static android.Manifest.permission_group.OTHER_SENSORS;
|
||||
import static android.Manifest.permission_group.PHONE;
|
||||
import static android.Manifest.permission_group.SENSORS;
|
||||
import static android.Manifest.permission_group.SMS;
|
||||
@@ -175,6 +176,7 @@ public final class Utils {
|
||||
PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS);
|
||||
|
||||
PLATFORM_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
|
||||
+ PLATFORM_PERMISSIONS.put(Manifest.permission.OTHER_SENSORS, OTHER_SENSORS);
|
||||
|
||||
PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
|
||||
int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
|
@ -1,263 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 15:17:37 +0100
|
||||
Subject: [PATCH] Special Access: Add an option to administer Sensor access
|
||||
|
||||
Accesses the added AppOp for OP_OTHER_SENSORS
|
||||
|
||||
Change-Id: I79c0ed4ab97494434edc6c308a8a54bd123c02ee
|
||||
---
|
||||
res/values-de/strings.xml | 3 +
|
||||
res/values-fr/strings.xml | 3 +
|
||||
res/values/strings.xml | 5 +
|
||||
res/xml/special_access.xml | 7 +
|
||||
.../specialaccess/sensor/SensorAccess.java | 178 ++++++++++++++++++
|
||||
5 files changed, 196 insertions(+)
|
||||
create mode 100644 src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
|
||||
diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
|
||||
index e0b5bebaec..e4df5eb84f 100644
|
||||
--- a/res/values-de/strings.xml
|
||||
+++ b/res/values-de/strings.xml
|
||||
@@ -4667,6 +4667,9 @@
|
||||
<string name="dual_cdma_sim_warning_notification_channel_title" msgid="1049161096896074364">"SIM-Kombination"</string>
|
||||
<string name="work_policy_privacy_settings" msgid="2702644843505242596">"Informationen zu den Arbeitsrichtlinien"</string>
|
||||
<string name="work_policy_privacy_settings_summary" msgid="690118670737638405">"Einstellungen, die von deinem IT-Administrator verwaltet werden"</string>
|
||||
+ <string name="sensor_access_summary">Sensorzugriff von Benutzer-Apps kontrollieren</string>
|
||||
+ <string name="sensor_access_title">Zugriff auf Sensoren</string>
|
||||
+ <string name="sensor_access_title_empty_text">Keine installierte App hat Sensorzugriff angefordert.</string>
|
||||
<string name="rtt_settings_title" msgid="7049259598645966354"></string>
|
||||
<string name="rtt_settings_no_visible" msgid="7440356831140948382"></string>
|
||||
<string name="rtt_settings_visible_during_call" msgid="7866181103286073700"></string>
|
||||
diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml
|
||||
index fe92e77035..7834851bd9 100644
|
||||
--- a/res/values-fr/strings.xml
|
||||
+++ b/res/values-fr/strings.xml
|
||||
@@ -4666,6 +4666,9 @@
|
||||
<string name="dual_cdma_sim_warning_notification_channel_title" msgid="1049161096896074364">"Combinaison de cartes SIM"</string>
|
||||
<string name="work_policy_privacy_settings" msgid="2702644843505242596">"Informations sur les règles professionnelles"</string>
|
||||
<string name="work_policy_privacy_settings_summary" msgid="690118670737638405">"Paramètres gérés par votre administrateur informatique"</string>
|
||||
+ <string name="sensor_access_summary">Contrôler l\'accès des applications utilisateurs aux capteurs</string>
|
||||
+ <string name="sensor_access_title">Access aux Capteurs</string>
|
||||
+ <string name="sensor_access_title_empty_text">Aucune app installée n\'a demandé de l\'accès aux capteurs.</string>
|
||||
<string name="rtt_settings_title" msgid="7049259598645966354"></string>
|
||||
<string name="rtt_settings_no_visible" msgid="7440356831140948382"></string>
|
||||
<string name="rtt_settings_visible_during_call" msgid="7866181103286073700"></string>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 2180ea45f6..6f48171135 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11426,6 +11426,11 @@
|
||||
<!-- Subtext for showing the option of RTT setting. [CHAR LIMIT=NONE] -->
|
||||
<string name="rtt_settings_always_visible"></string>
|
||||
|
||||
+ <!-- Sensor AppOps -->
|
||||
+ <string name="sensor_access_summary">Control sensor access for user apps</string>
|
||||
+ <string name="sensor_access_title">Access to Sensors</string>
|
||||
+ <string name="sensor_access_title_empty_text">No installed apps have requested sensors access.</string>
|
||||
+
|
||||
<!-- Bluetooth message permission alert for notification content [CHAR LIMIT=none] -->
|
||||
<string name="bluetooth_message_access_notification_content">A device wants to access your messages. Tap for details.</string>
|
||||
<!-- Bluetooth message permission alert for dialog title [CHAR LIMIT=none] -->
|
||||
diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml
|
||||
index f846298341..bee9d6e2eb 100644
|
||||
--- a/res/xml/special_access.xml
|
||||
+++ b/res/xml/special_access.xml
|
||||
@@ -145,6 +145,13 @@
|
||||
android:value="com.android.settings.Settings$ChangeWifiStateActivity" />
|
||||
</Preference>
|
||||
|
||||
+ <Preference
|
||||
+ android:key="sensor_access"
|
||||
+ android:title="@string/sensor_access_title"
|
||||
+ android:summary="@string/sensor_access_summary"
|
||||
+ android:fragment="com.android.settings.applications.specialaccess.sensor.SensorAccess">
|
||||
+ </Preference>
|
||||
+
|
||||
<Preference
|
||||
android:key="special_access_more"
|
||||
android:title="@string/special_access_more"
|
||||
diff --git a/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
new file mode 100644
|
||||
index 0000000000..2c29f3abfd
|
||||
--- /dev/null
|
||||
+++ b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
@@ -0,0 +1,178 @@
|
||||
+package com.android.settings.applications.specialaccess.sensor;
|
||||
+
|
||||
+import android.annotation.Nullable;
|
||||
+import android.app.AlertDialog;
|
||||
+import android.app.Dialog;
|
||||
+import android.app.DialogFragment;
|
||||
+import android.app.AppOpsManager;
|
||||
+import android.content.Context;
|
||||
+import android.content.DialogInterface;
|
||||
+import android.content.pm.ApplicationInfo;
|
||||
+import android.content.pm.PackageInfo;
|
||||
+import android.content.pm.PackageItemInfo;
|
||||
+import android.content.pm.PackageManager;
|
||||
+import android.database.ContentObserver;
|
||||
+import android.net.Uri;
|
||||
+import android.os.Bundle;
|
||||
+import android.os.Handler;
|
||||
+import android.os.Looper;
|
||||
+import android.text.TextUtils;
|
||||
+import android.util.ArraySet;
|
||||
+import android.util.Log;
|
||||
+import android.util.TypedValue;
|
||||
+import android.view.Gravity;
|
||||
+import android.view.View;
|
||||
+import android.view.ViewGroup;
|
||||
+import android.view.ViewGroup.LayoutParams;
|
||||
+import android.widget.TextView;
|
||||
+import android.widget.Toast;
|
||||
+
|
||||
+import androidx.preference.Preference;
|
||||
+import androidx.preference.Preference.OnPreferenceChangeListener;
|
||||
+import androidx.preference.PreferenceScreen;
|
||||
+import androidx.preference.SwitchPreference;
|
||||
+
|
||||
+import com.android.settings.R;
|
||||
+import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
|
||||
+import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
|
||||
+import com.android.settings.SettingsPreferenceFragment;
|
||||
+
|
||||
+import java.util.Arrays;
|
||||
+import java.util.ArrayList;
|
||||
+import java.util.Collections;
|
||||
+import java.util.List;
|
||||
+
|
||||
+public class SensorAccess extends SettingsPreferenceFragment {
|
||||
+
|
||||
+ private final SettingObserver mObserver = new SettingObserver();
|
||||
+
|
||||
+ static final String TAG = "SensorAccess";
|
||||
+
|
||||
+ private Context mContext;
|
||||
+ private PackageManager mPackageManager;
|
||||
+ private AppOpsManager mAppOpsManager;
|
||||
+ private TextView mEmpty;
|
||||
+
|
||||
+ @Override
|
||||
+ public int getMetricsCategory() {
|
||||
+ return MetricsEvent.VIEW_UNKNOWN;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onCreate(Bundle icicle) {
|
||||
+ super.onCreate(icicle);
|
||||
+
|
||||
+ mContext = getActivity();
|
||||
+ mPackageManager = mContext.getPackageManager();
|
||||
+ mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
|
||||
+ setPreferenceScreen(getPreferenceManager().createPreferenceScreen(mContext));
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onViewCreated(View view, @Nullable Bundle savedInstanceState) {
|
||||
+ super.onViewCreated(view, savedInstanceState);
|
||||
+ mEmpty = new TextView(getContext());
|
||||
+ mEmpty.setGravity(Gravity.CENTER);
|
||||
+ mEmpty.setText(R.string.sensor_access_title_empty_text);
|
||||
+ TypedValue value = new TypedValue();
|
||||
+ getContext().getTheme().resolveAttribute(android.R.attr.textAppearanceMedium, value, true);
|
||||
+ mEmpty.setTextAppearance(value.resourceId);
|
||||
+ ((ViewGroup) view.findViewById(android.R.id.list_container)).addView(mEmpty,
|
||||
+ new LayoutParams(LayoutParams.MATCH_PARENT, LayoutParams.MATCH_PARENT));
|
||||
+ setEmptyView(mEmpty);
|
||||
+ reloadList();
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onResume() {
|
||||
+ super.onResume();
|
||||
+ getActivity().getActionBar().setTitle(R.string.sensor_access_title);
|
||||
+ reloadList();
|
||||
+ }
|
||||
+
|
||||
+ private void reloadList() {
|
||||
+ final PreferenceScreen screen = getPreferenceScreen();
|
||||
+ screen.removeAll();
|
||||
+
|
||||
+ final ArrayList<ApplicationInfo> apps = new ArrayList<>();
|
||||
+ final List<ApplicationInfo> installed = mPackageManager.getInstalledApplications(0);
|
||||
+ if (installed != null) {
|
||||
+ for (ApplicationInfo app : installed) {
|
||||
+ // Skip system apps
|
||||
+ if (isUserApp(app.packageName)) {
|
||||
+ // Only apps effectively having the Op OTHER_SENSORS
|
||||
+ if (mAppOpsManager.getOpsForPackage(getPackageUid(app.packageName),
|
||||
+ app.packageName, new int[]{AppOpsManager.OP_OTHER_SENSORS}) != null)
|
||||
+ apps.add(app);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ Collections.sort(apps, new PackageItemInfo.DisplayNameComparator(mPackageManager));
|
||||
+ for (ApplicationInfo app : apps) {
|
||||
+ final String pkg = app.packageName;
|
||||
+ final CharSequence label = app.loadLabel(mPackageManager);
|
||||
+ final SwitchPreference pref = new SwitchPreference(getPrefContext());
|
||||
+ pref.setPersistent(false);
|
||||
+ pref.setIcon(app.loadIcon(mPackageManager));
|
||||
+ pref.setTitle(label);
|
||||
+ updateState(pref, pkg);
|
||||
+ pref.setOnPreferenceChangeListener(new OnPreferenceChangeListener() {
|
||||
+ @Override
|
||||
+ public boolean onPreferenceChange(Preference preference, Object newValue) {
|
||||
+ boolean switchOn = (Boolean) newValue;
|
||||
+ mAppOpsManager.setMode(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg,
|
||||
+ switchOn ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED);
|
||||
+ pref.setChecked(switchOn);
|
||||
+ return false;
|
||||
+ }
|
||||
+ });
|
||||
+ screen.addPreference(pref);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public void updateState(SwitchPreference preference, String pkg) {
|
||||
+ final int mode = mAppOpsManager
|
||||
+ .checkOpNoThrow(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg);
|
||||
+ if (mode == AppOpsManager.MODE_ERRORED) {
|
||||
+ preference.setChecked(false);
|
||||
+ } else {
|
||||
+ final boolean checked = mode != AppOpsManager.MODE_IGNORED;
|
||||
+ preference.setChecked(checked);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ private boolean isUserApp(String pkg) {
|
||||
+ ApplicationInfo appInfo;
|
||||
+ try {
|
||||
+ appInfo = mPackageManager.getApplicationInfo(pkg,
|
||||
+ PackageManager.GET_DISABLED_COMPONENTS
|
||||
+ | PackageManager.GET_UNINSTALLED_PACKAGES);
|
||||
+ } catch (PackageManager.NameNotFoundException e) {
|
||||
+ Log.w(TAG, "Unable to find info for package " + pkg);
|
||||
+ return false;
|
||||
+ }
|
||||
+ return ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0);
|
||||
+ }
|
||||
+
|
||||
+ private int getPackageUid(String pkg) {
|
||||
+ int uid;
|
||||
+ try {
|
||||
+ uid = mPackageManager.getPackageUid(pkg, 0);
|
||||
+ } catch (PackageManager.NameNotFoundException e) {
|
||||
+ // We shouldn't hit this, ever. What can we even do after this?
|
||||
+ uid = -1;
|
||||
+ }
|
||||
+ return uid;
|
||||
+ }
|
||||
+
|
||||
+ private final class SettingObserver extends ContentObserver {
|
||||
+ public SettingObserver() {
|
||||
+ super(new Handler(Looper.getMainLooper()));
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onChange(boolean selfChange, Uri uri) {
|
||||
+ reloadList();
|
||||
+ }
|
||||
+ }
|
||||
+}
|
@ -55,7 +55,7 @@ index b983f467df..5813bb18db 100644
|
||||
<item msgid="6490061470416867723">Small</item>
|
||||
<item msgid="3579015730662088893">Default</item>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 6f48171135..e2469b4734 100644
|
||||
index 2180ea45f6..eeee1c039f 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -810,6 +810,9 @@
|
||||
|
@ -67,7 +67,7 @@ index 5813bb18db..40d01907a4 100644
|
||||
<string-array name="screen_timeout_entries">
|
||||
<item>15 seconds</item>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index e2469b4734..288dca24e0 100644
|
||||
index eeee1c039f..c5287c4489 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -25,6 +25,25 @@
|
||||
|
@ -67,7 +67,7 @@ index 40d01907a4..0a9a9a31e8 100644
|
||||
<string-array name="screen_timeout_entries">
|
||||
<item>15 seconds</item>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 288dca24e0..dde0923463 100644
|
||||
index c5287c4489..0f254706ff 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -44,6 +44,25 @@
|
||||
|
@ -12,7 +12,7 @@ Subject: [PATCH] add native debugging setting
|
||||
create mode 100644 src/com/android/settings/security/NativeDebugPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index dde0923463..fd3d1cde64 100644
|
||||
index 0f254706ff..fcac812417 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11316,6 +11316,9 @@
|
||||
|
@ -12,7 +12,7 @@ Subject: [PATCH] add exec spawning toggle
|
||||
create mode 100644 src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index fd3d1cde64..4b9b109d89 100644
|
||||
index fcac812417..197882d66e 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11316,6 +11316,8 @@
|
||||
|
@ -1,104 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 13:04:05 +0100
|
||||
Subject: [PATCH] AppOps: Add further Op for accessing Sensors
|
||||
|
||||
(Adapted for R)
|
||||
|
||||
Change-Id: Id7d84d910b849cc4f781aac2a6c21278e08bdeec
|
||||
---
|
||||
core/java/android/app/AppOpsManager.java | 16 +++++++++++++++-
|
||||
1 file changed, 15 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
|
||||
index 6baabb69e028..fb685b57e0a6 100644
|
||||
--- a/core/java/android/app/AppOpsManager.java
|
||||
+++ b/core/java/android/app/AppOpsManager.java
|
||||
@@ -1150,9 +1150,12 @@ public class AppOpsManager {
|
||||
// TODO: Add as AppProtoEnums
|
||||
public static final int OP_RECORD_AUDIO_HOTWORD = 102;
|
||||
|
||||
+ /** @hide Access to other Sensors **/
|
||||
+ public static final int OP_OTHER_SENSORS = 103;
|
||||
+
|
||||
/** @hide */
|
||||
@UnsupportedAppUsage
|
||||
- public static final int _NUM_OP = 103;
|
||||
+ public static final int _NUM_OP = 104;
|
||||
|
||||
/** Access to coarse location information. */
|
||||
public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
|
||||
@@ -1490,6 +1493,9 @@ public class AppOpsManager {
|
||||
*/
|
||||
public static final String OPSTR_RECORD_AUDIO_HOTWORD = "android:record_audio_hotword";
|
||||
|
||||
+ /** @hide Other Sensors */
|
||||
+ public static final String OPSTR_OTHER_SENSORS = "android:other_sensors";
|
||||
+
|
||||
/** {@link #sAppOpsToNote} not initialized yet for this op */
|
||||
private static final byte SHOULD_COLLECT_NOTE_OP_NOT_INITIALIZED = 0;
|
||||
/** Should not collect noting of this app-op in {@link #sAppOpsToNote} */
|
||||
@@ -1682,6 +1688,7 @@ public class AppOpsManager {
|
||||
OP_PHONE_CALL_MICROPHONE, // OP_PHONE_CALL_MICROPHONE
|
||||
OP_PHONE_CALL_CAMERA, // OP_PHONE_CALL_CAMERA
|
||||
OP_RECORD_AUDIO_HOTWORD, // RECORD_AUDIO_HOTWORD
|
||||
+ OP_OTHER_SENSORS, // OTHER SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1791,6 +1798,7 @@ public class AppOpsManager {
|
||||
OPSTR_PHONE_CALL_MICROPHONE,
|
||||
OPSTR_PHONE_CALL_CAMERA,
|
||||
OPSTR_RECORD_AUDIO_HOTWORD,
|
||||
+ OPSTR_OTHER_SENSORS,
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -1901,6 +1909,7 @@ public class AppOpsManager {
|
||||
"PHONE_CALL_MICROPHONE",
|
||||
"PHONE_CALL_CAMERA",
|
||||
"RECORD_AUDIO_HOTWORD",
|
||||
+ "OTHER_SENSORS",
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2012,6 +2021,7 @@ public class AppOpsManager {
|
||||
null, // no permission for OP_PHONE_CALL_MICROPHONE
|
||||
null, // no permission for OP_PHONE_CALL_CAMERA
|
||||
null, // no permission for OP_RECORD_AUDIO_HOTWORD
|
||||
+ null, // no permission for OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2123,6 +2133,7 @@ public class AppOpsManager {
|
||||
null, // PHONE_CALL_MICROPHONE
|
||||
null, // PHONE_CALL_MICROPHONE
|
||||
null, // RECORD_AUDIO_HOTWORD
|
||||
+ null, // OTHER SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2233,6 +2244,7 @@ public class AppOpsManager {
|
||||
null, // PHONE_CALL_MICROPHONE
|
||||
null, // PHONE_CALL_CAMERA
|
||||
null, // RECORD_AUDIO_HOTWORD
|
||||
+ null, // OTHER SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2342,6 +2354,7 @@ public class AppOpsManager {
|
||||
AppOpsManager.MODE_ALLOWED, // PHONE_CALL_MICROPHONE
|
||||
AppOpsManager.MODE_ALLOWED, // PHONE_CALL_CAMERA
|
||||
AppOpsManager.MODE_ALLOWED, // OP_RECORD_AUDIO_HOTWORD
|
||||
+ AppOpsManager.MODE_ALLOWED, // OP_OTHER_SENSORS
|
||||
};
|
||||
|
||||
/**
|
||||
@@ -2455,6 +2468,7 @@ public class AppOpsManager {
|
||||
false, // PHONE_CALL_MICROPHONE
|
||||
false, // PHONE_CALL_CAMERA
|
||||
false, // RECORD_AUDIO_HOTWORD
|
||||
+ false, // OTHER SENSORS
|
||||
};
|
||||
|
||||
/**
|
@ -1,95 +1,37 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: inthewaves <inthewaves@pm.me>
|
||||
Date: Sat, 12 Sep 2020 12:28:34 -0700
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
|
||||
These are treated as a runtime permission even for legacy apps. They
|
||||
need to be granted by default for all apps to maintain compatibility.
|
||||
|
||||
Ported from 10: 4d5d82f4e2fb9ff68158bf30f3944591bb74dd04
|
||||
|
||||
Changes from 10:
|
||||
- It seems like parts of PackageManagerService#resetUserChangesToRuntimePermissionsAndFlagsLPw
|
||||
were refactored into PermissionManagerService#resetRuntimePermissionsInternal.
|
||||
As a result, PackageManagerService is no longer modified.
|
||||
Ported from 10: 5e2898e9d21dd6802bb0b0139e7e496c41e1cd80
|
||||
---
|
||||
.../permission/PermissionManagerService.java | 24 +++++++++++++++----
|
||||
1 file changed, 19 insertions(+), 5 deletions(-)
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 26fd27b7b5ff..2a79c6019fc1 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1607,7 +1607,7 @@
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
- android:protectionLevel="normal|instant" />
|
||||
+ android:protectionLevel="dangerous|instant" />
|
||||
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 8d2363b6e831..26b959879084 100644
|
||||
index 26b959879084..9e6ecc739ffe 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -1461,7 +1461,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(permName)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1513,7 +1513,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
- if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M) {
|
||||
+ if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -1623,7 +1624,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1847,7 +1848,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
|
||||
// If this permission was granted by default or role, make sure it is.
|
||||
if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|
||||
- || (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0) {
|
||||
+ || (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0
|
||||
+ || isSpecialRuntimePermission(bp.getName())) {
|
||||
// PermissionPolicyService will handle the app op for runtime permissions later.
|
||||
grantRuntimePermissionInternal(permName, packageName, false,
|
||||
Process.SYSTEM_UID, userId, delayingPermCallback);
|
||||
@@ -2606,6 +2608,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
}
|
||||
@@ -2609,7 +2609,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return false;
|
||||
+ return Manifest.permission.INTERNET.equals(permission);
|
||||
}
|
||||
|
||||
+ public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Restore the permission state for a package.
|
||||
*
|
||||
@@ -2952,6 +2958,14 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
}
|
||||
}
|
||||
}
|
||||
+
|
||||
+ if (isSpecialRuntimePermission(bp.name) &&
|
||||
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
|
||||
+ if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
+ != PERMISSION_OPERATION_FAILURE) {
|
||||
+ wasChanged = true;
|
||||
+ }
|
||||
+ }
|
||||
} else {
|
||||
if (permState == null) {
|
||||
// New permission
|
||||
@@ -3907,7 +3921,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
- if (supportsRuntimePermissions) {
|
||||
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermissionInternal(permission, pkg.getPackageName(), false,
|
||||
|
@ -1,37 +1,81 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sun, 17 Mar 2019 11:59:15 -0400
|
||||
Subject: [PATCH] make INTERNET into a special runtime permission
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
|
||||
Ported from 10: 5e2898e9d21dd6802bb0b0139e7e496c41e1cd80
|
||||
Ported from 10: b5c9f9407d5f5407686ea8c02fa67573ddc07824
|
||||
|
||||
Changes from 10:
|
||||
- Needed to run `m api-stubs-docs-non-updatable-update-current-api`
|
||||
to fix the "You have tried to change the API from what has been
|
||||
previously approved" errors.
|
||||
---
|
||||
core/res/AndroidManifest.xml | 2 +-
|
||||
.../android/server/pm/permission/PermissionManagerService.java | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
api/current.txt | 1 +
|
||||
core/res/AndroidManifest.xml | 8 ++++++++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
non-updatable-api/current.txt | 1 +
|
||||
4 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/api/current.txt b/api/current.txt
|
||||
index 952ccdad992c..728c0e95ca6d 100644
|
||||
--- a/api/current.txt
|
||||
+++ b/api/current.txt
|
||||
@@ -184,6 +184,7 @@ package android {
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
+ field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 26fd27b7b5ff..2a79c6019fc1 100644
|
||||
index 2a79c6019fc1..e70e54b62f61 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1607,7 +1607,7 @@
|
||||
@@ -1601,10 +1601,18 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
|
||||
+ <!-- Network access -->
|
||||
+ <permission-group android:name="android.permission-group.NETWORK"
|
||||
+ android:icon="@drawable/perm_group_network"
|
||||
+ android:label="@string/permgrouplab_network"
|
||||
+ android:description="@string/permgroupdesc_network"
|
||||
+ android:priority="900" />
|
||||
+
|
||||
<!-- Allows applications to open network sockets.
|
||||
<p>Protection level: normal
|
||||
-->
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
- android:protectionLevel="normal|instant" />
|
||||
+ android:protectionLevel="dangerous|instant" />
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 5c659123b027..7f114cf9b6b4 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -804,6 +804,11 @@
|
||||
<!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permgroupdesc_sensors">access sensor data about your vital signs</string>
|
||||
|
||||
<!-- Allows applications to access information about networks.
|
||||
<p>Protection level: normal
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 26b959879084..9e6ecc739ffe 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -2609,7 +2609,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return false;
|
||||
+ return Manifest.permission.INTERNET.equals(permission);
|
||||
}
|
||||
|
||||
/**
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_network">Network</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_network">access the network</string>
|
||||
+
|
||||
<!-- Title for the capability of an accessibility service to retrieve window content. -->
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
||||
diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt
|
||||
index 5f15216e8400..189544f98594 100644
|
||||
--- a/non-updatable-api/current.txt
|
||||
+++ b/non-updatable-api/current.txt
|
||||
@@ -184,6 +184,7 @@ package android {
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
+ field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
|
@ -1,81 +1,112 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Fri, 21 Jul 2017 11:23:07 -0400
|
||||
Subject: [PATCH] add a NETWORK permission group for INTERNET
|
||||
From: Zoraver Kang <zkang@wpi.edu>
|
||||
Date: Mon, 16 Sep 2019 16:41:30 -0400
|
||||
Subject: [PATCH] Enforce INTERNET as a runtime permission.
|
||||
|
||||
Ported from 10: b5c9f9407d5f5407686ea8c02fa67573ddc07824
|
||||
|
||||
Changes from 10:
|
||||
- Needed to run `m api-stubs-docs-non-updatable-update-current-api`
|
||||
to fix the "You have tried to change the API from what has been
|
||||
previously approved" errors.
|
||||
Ported from 10: 69f726bc4219a7acea0319ae8d4b5fda48cd9861
|
||||
---
|
||||
api/current.txt | 1 +
|
||||
core/res/AndroidManifest.xml | 8 ++++++++
|
||||
core/res/res/values/strings.xml | 5 +++++
|
||||
non-updatable-api/current.txt | 1 +
|
||||
4 files changed, 15 insertions(+)
|
||||
.../connectivity/PermissionMonitor.java | 59 ++++++++++++-------
|
||||
1 file changed, 39 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/api/current.txt b/api/current.txt
|
||||
index 952ccdad992c..728c0e95ca6d 100644
|
||||
--- a/api/current.txt
|
||||
+++ b/api/current.txt
|
||||
@@ -184,6 +184,7 @@ package android {
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
+ field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index 2a79c6019fc1..e70e54b62f61 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1601,10 +1601,18 @@
|
||||
<!-- ======================================= -->
|
||||
<eat-comment />
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index f0b7150dd84f..41c013b4b197 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -29,6 +29,7 @@ import static android.os.Process.INVALID_UID;
|
||||
import static android.os.Process.SYSTEM_UID;
|
||||
|
||||
+ <!-- Network access -->
|
||||
+ <permission-group android:name="android.permission-group.NETWORK"
|
||||
+ android:icon="@drawable/perm_group_network"
|
||||
+ android:label="@string/permgrouplab_network"
|
||||
+ android:description="@string/permgroupdesc_network"
|
||||
+ android:priority="900" />
|
||||
+
|
||||
<!-- Allows applications to open network sockets.
|
||||
<p>Protection level: normal
|
||||
-->
|
||||
<permission android:name="android.permission.INTERNET"
|
||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
android:description="@string/permdesc_createNetworkSockets"
|
||||
android:label="@string/permlab_createNetworkSockets"
|
||||
android:protectionLevel="dangerous|instant" />
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 5c659123b027..7f114cf9b6b4 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -804,6 +804,11 @@
|
||||
<!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permgroupdesc_sensors">access sensor data about your vital signs</string>
|
||||
import android.annotation.NonNull;
|
||||
+import android.annotation.UserIdInt;
|
||||
import android.content.Context;
|
||||
import android.content.pm.ApplicationInfo;
|
||||
import android.content.pm.PackageInfo;
|
||||
@@ -55,6 +56,7 @@ import com.android.internal.util.ArrayUtils;
|
||||
import com.android.internal.util.IndentingPrintWriter;
|
||||
import com.android.server.LocalServices;
|
||||
import com.android.server.SystemConfig;
|
||||
+import com.android.server.pm.permission.PermissionManagerServiceInternal;
|
||||
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_network">Network</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_network">access the network</string>
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
@@ -80,6 +82,7 @@ public class PermissionMonitor {
|
||||
private static final int VERSION_Q = Build.VERSION_CODES.Q;
|
||||
|
||||
private final PackageManager mPackageManager;
|
||||
+ private final PackageManagerInternal mPackageManagerInternal;
|
||||
private final UserManager mUserManager;
|
||||
private final INetd mNetd;
|
||||
|
||||
@@ -104,26 +107,6 @@ public class PermissionMonitor {
|
||||
|
||||
private class PackageListObserver implements PackageManagerInternal.PackageListObserver {
|
||||
|
||||
- private int getPermissionForUid(int uid) {
|
||||
- int permission = 0;
|
||||
- // Check all the packages for this UID. The UID has the permission if any of the
|
||||
- // packages in it has the permission.
|
||||
- String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
- if (packages != null && packages.length > 0) {
|
||||
- for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
- permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- }
|
||||
- }
|
||||
- } else {
|
||||
- // The last package of this uid is removed from device. Clean the package up.
|
||||
- permission = INetd.PERMISSION_UNINSTALLED;
|
||||
- }
|
||||
- return permission;
|
||||
- }
|
||||
-
|
||||
@Override
|
||||
public void onPackageAdded(String packageName, int uid) {
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
@@ -140,10 +123,46 @@ public class PermissionMonitor {
|
||||
}
|
||||
}
|
||||
|
||||
+ private int getPermissionForUid(int uid) {
|
||||
+ int permission = 0;
|
||||
+ // Check all the packages for this UID. The UID has the permission if any of the
|
||||
+ // packages in it has the permission.
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages != null && packages.length > 0) {
|
||||
+ for (String name : packages) {
|
||||
+ final PackageInfo app = getPackageInfo(name);
|
||||
+ if (app != null && app.requestedPermissions != null) {
|
||||
+ permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ }
|
||||
+ }
|
||||
+ } else {
|
||||
+ // The last package of this uid is removed from device. Clean the package up.
|
||||
+ permission = INetd.PERMISSION_UNINSTALLED;
|
||||
+ }
|
||||
+ return permission;
|
||||
+ }
|
||||
+
|
||||
<!-- Title for the capability of an accessibility service to retrieve window content. -->
|
||||
<string name="capability_title_canRetrieveWindowContent">Retrieve window content</string>
|
||||
<!-- Description for the capability of an accessibility service to retrieve window content. -->
|
||||
diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt
|
||||
index 5f15216e8400..189544f98594 100644
|
||||
--- a/non-updatable-api/current.txt
|
||||
+++ b/non-updatable-api/current.txt
|
||||
@@ -184,6 +184,7 @@ package android {
|
||||
field public static final String CONTACTS = "android.permission-group.CONTACTS";
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
+ field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
+ // implements OnRuntimePermissionStateChangedListener
|
||||
+ private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
+ @UserIdInt int userId) {
|
||||
+ // userId is _not_ uid
|
||||
+ int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
+ }
|
||||
+
|
||||
public PermissionMonitor(Context context, INetd netd) {
|
||||
mPackageManager = context.getPackageManager();
|
||||
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
||||
mNetd = netd;
|
||||
+
|
||||
+ mPackageManagerInternal = LocalServices.getService(
|
||||
+ PackageManagerInternal.class);
|
||||
+
|
||||
+ final PermissionManagerServiceInternal permManagerInternal = LocalServices.getService(
|
||||
+ PermissionManagerServiceInternal.class);
|
||||
+ permManagerInternal.addOnRuntimePermissionStateChangedListener(
|
||||
+ this::enforceINTERNETAsRuntimePermission);
|
||||
}
|
||||
|
||||
// Intended to be called only once at startup, after the system is ready. Installs a broadcast
|
||||
|
@ -1,112 +1,82 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Zoraver Kang <zkang@wpi.edu>
|
||||
Date: Mon, 16 Sep 2019 16:41:30 -0400
|
||||
Subject: [PATCH] Enforce INTERNET as a runtime permission.
|
||||
From: pratyush <codelab@pratyush.dev>
|
||||
Date: Sun, 25 Apr 2021 07:04:03 +0530
|
||||
Subject: [PATCH] fix INTERNET enforcement for secondary users
|
||||
|
||||
Ported from 10: 69f726bc4219a7acea0319ae8d4b5fda48cd9861
|
||||
This code was not specifying the profile for the app so it wasn't
|
||||
working properly with INTERNET as a runtime permission.
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 59 ++++++++++++-------
|
||||
1 file changed, 39 insertions(+), 20 deletions(-)
|
||||
.../connectivity/PermissionMonitor.java | 20 +++++++++----------
|
||||
1 file changed, 10 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index f0b7150dd84f..41c013b4b197 100644
|
||||
index 41c013b4b197..09cd274cbb05 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -29,6 +29,7 @@ import static android.os.Process.INVALID_UID;
|
||||
import static android.os.Process.SYSTEM_UID;
|
||||
@@ -130,7 +130,8 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
+ int userId = UserHandle.getUserId(uid);
|
||||
+ final PackageInfo app = getPackageInfo(name, userId);
|
||||
if (app != null && app.requestedPermissions != null) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
@@ -147,7 +148,7 @@ public class PermissionMonitor {
|
||||
private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
@UserIdInt int userId) {
|
||||
// userId is _not_ uid
|
||||
- int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ int uid = mPackageManagerInternal.getPackageUidInternal( packageName, GET_PERMISSIONS, userId);
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
}
|
||||
|
||||
import android.annotation.NonNull;
|
||||
+import android.annotation.UserIdInt;
|
||||
import android.content.Context;
|
||||
import android.content.pm.ApplicationInfo;
|
||||
import android.content.pm.PackageInfo;
|
||||
@@ -55,6 +56,7 @@ import com.android.internal.util.ArrayUtils;
|
||||
import com.android.internal.util.IndentingPrintWriter;
|
||||
import com.android.server.LocalServices;
|
||||
import com.android.server.SystemConfig;
|
||||
+import com.android.server.pm.permission.PermissionManagerServiceInternal;
|
||||
@@ -364,12 +365,13 @@ public class PermissionMonitor {
|
||||
}
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
@@ -80,6 +82,7 @@ public class PermissionMonitor {
|
||||
private static final int VERSION_Q = Build.VERSION_CODES.Q;
|
||||
|
||||
private final PackageManager mPackageManager;
|
||||
+ private final PackageManagerInternal mPackageManagerInternal;
|
||||
private final UserManager mUserManager;
|
||||
private final INetd mNetd;
|
||||
|
||||
@@ -104,26 +107,6 @@ public class PermissionMonitor {
|
||||
|
||||
private class PackageListObserver implements PackageManagerInternal.PackageListObserver {
|
||||
|
||||
- private int getPermissionForUid(int uid) {
|
||||
- int permission = 0;
|
||||
- // Check all the packages for this UID. The UID has the permission if any of the
|
||||
- // packages in it has the permission.
|
||||
- String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
- if (packages != null && packages.length > 0) {
|
||||
- for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
- permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- }
|
||||
- }
|
||||
- } else {
|
||||
- // The last package of this uid is removed from device. Clean the package up.
|
||||
- permission = INetd.PERMISSION_UNINSTALLED;
|
||||
- }
|
||||
- return permission;
|
||||
- }
|
||||
-
|
||||
@Override
|
||||
public void onPackageAdded(String packageName, int uid) {
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
@@ -140,10 +123,46 @@ public class PermissionMonitor {
|
||||
@VisibleForTesting
|
||||
- protected Boolean highestPermissionForUid(Boolean currentPermission, String name) {
|
||||
+ protected Boolean highestPermissionForUid(Boolean currentPermission, String name, int uid) {
|
||||
if (currentPermission == SYSTEM) {
|
||||
return currentPermission;
|
||||
}
|
||||
try {
|
||||
- final PackageInfo app = mPackageManager.getPackageInfo(name, GET_PERMISSIONS);
|
||||
+ final PackageInfo app = mPackageManager.getPackageInfoAsUser(name, GET_PERMISSIONS,
|
||||
+ UserHandle.getUserId(uid));
|
||||
final boolean isNetwork = hasNetworkPermission(app);
|
||||
final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
if (isNetwork || hasRestrictedPermission) {
|
||||
@@ -393,7 +395,7 @@ public class PermissionMonitor {
|
||||
public synchronized void onPackageAdded(String packageName, int uid) {
|
||||
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName);
|
||||
+ final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName, uid);
|
||||
if (permission != mApps.get(uid)) {
|
||||
mApps.put(uid, permission);
|
||||
|
||||
@@ -445,7 +447,7 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- permission = highestPermissionForUid(permission, name);
|
||||
+ permission = highestPermissionForUid(permission, name, uid);
|
||||
if (permission == SYSTEM) {
|
||||
// An app with this UID still has the SYSTEM permission.
|
||||
// Therefore, this UID must already have the SYSTEM permission.
|
||||
@@ -485,11 +487,9 @@ public class PermissionMonitor {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
+ private int getPermissionForUid(int uid) {
|
||||
+ int permission = 0;
|
||||
+ // Check all the packages for this UID. The UID has the permission if any of the
|
||||
+ // packages in it has the permission.
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages != null && packages.length > 0) {
|
||||
+ for (String name : packages) {
|
||||
+ final PackageInfo app = getPackageInfo(name);
|
||||
+ if (app != null && app.requestedPermissions != null) {
|
||||
+ permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ }
|
||||
+ }
|
||||
+ } else {
|
||||
+ // The last package of this uid is removed from device. Clean the package up.
|
||||
+ permission = INetd.PERMISSION_UNINSTALLED;
|
||||
+ }
|
||||
+ return permission;
|
||||
+ }
|
||||
+
|
||||
+ // implements OnRuntimePermissionStateChangedListener
|
||||
+ private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
+ @UserIdInt int userId) {
|
||||
+ // userId is _not_ uid
|
||||
+ int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
+ }
|
||||
+
|
||||
public PermissionMonitor(Context context, INetd netd) {
|
||||
mPackageManager = context.getPackageManager();
|
||||
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
||||
mNetd = netd;
|
||||
+
|
||||
+ mPackageManagerInternal = LocalServices.getService(
|
||||
+ PackageManagerInternal.class);
|
||||
+
|
||||
+ final PermissionManagerServiceInternal permManagerInternal = LocalServices.getService(
|
||||
+ PermissionManagerServiceInternal.class);
|
||||
+ permManagerInternal.addOnRuntimePermissionStateChangedListener(
|
||||
+ this::enforceINTERNETAsRuntimePermission);
|
||||
}
|
||||
|
||||
// Intended to be called only once at startup, after the system is ready. Installs a broadcast
|
||||
- private PackageInfo getPackageInfo(String packageName) {
|
||||
+ private PackageInfo getPackageInfo(String packageName, int userId) {
|
||||
try {
|
||||
- PackageInfo app = mPackageManager.getPackageInfo(packageName, GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- return app;
|
||||
+ return mPackageManager.getPackageInfoAsUser(packageName, GET_PERMISSIONS, userId);
|
||||
} catch (NameNotFoundException e) {
|
||||
return null;
|
||||
}
|
||||
|
@ -1,82 +1,125 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: pratyush <codelab@pratyush.dev>
|
||||
Date: Sun, 25 Apr 2021 07:04:03 +0530
|
||||
Subject: [PATCH] fix INTERNET enforcement for secondary users
|
||||
From: Pratyush <codelab@pratyush.dev>
|
||||
Date: Thu, 12 Aug 2021 03:44:41 +0530
|
||||
Subject: [PATCH] send uid for each user instead of just owner/admin user
|
||||
|
||||
This code was not specifying the profile for the app so it wasn't
|
||||
working properly with INTERNET as a runtime permission.
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 20 +++++++++----------
|
||||
1 file changed, 10 insertions(+), 10 deletions(-)
|
||||
.../connectivity/PermissionMonitor.java | 83 +++++++++++--------
|
||||
1 file changed, 49 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 41c013b4b197..09cd274cbb05 100644
|
||||
index 09cd274cbb05..ee0c531ef13e 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -130,7 +130,8 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
@@ -132,7 +132,7 @@ public class PermissionMonitor {
|
||||
for (String name : packages) {
|
||||
- final PackageInfo app = getPackageInfo(name);
|
||||
+ int userId = UserHandle.getUserId(uid);
|
||||
+ final PackageInfo app = getPackageInfo(name, userId);
|
||||
if (app != null && app.requestedPermissions != null) {
|
||||
int userId = UserHandle.getUserId(uid);
|
||||
final PackageInfo app = getPackageInfo(name, userId);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
+ if (app != null && app.requestedPermissions != null && app.applicationInfo.uid == uid) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
@@ -147,7 +148,7 @@ public class PermissionMonitor {
|
||||
private void enforceINTERNETAsRuntimePermission(@NonNull String packageName,
|
||||
@UserIdInt int userId) {
|
||||
// userId is _not_ uid
|
||||
- int uid = mPackageManagerInternal.getPackageUid(packageName, 0, userId);
|
||||
+ int uid = mPackageManagerInternal.getPackageUidInternal( packageName, GET_PERMISSIONS, userId);
|
||||
sendPackagePermissionsForUid(uid, getPermissionForUid(uid));
|
||||
}
|
||||
}
|
||||
@@ -177,44 +177,45 @@ public class PermissionMonitor {
|
||||
} else {
|
||||
loge("failed to get the PackageManagerInternal service");
|
||||
}
|
||||
- List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- if (apps == null) {
|
||||
- loge("No apps");
|
||||
- return;
|
||||
- }
|
||||
|
||||
@@ -364,12 +365,13 @@ public class PermissionMonitor {
|
||||
}
|
||||
SparseIntArray netdPermsUids = new SparseIntArray();
|
||||
|
||||
@VisibleForTesting
|
||||
- protected Boolean highestPermissionForUid(Boolean currentPermission, String name) {
|
||||
+ protected Boolean highestPermissionForUid(Boolean currentPermission, String name, int uid) {
|
||||
if (currentPermission == SYSTEM) {
|
||||
return currentPermission;
|
||||
- for (PackageInfo app : apps) {
|
||||
- int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
- if (uid < 0) {
|
||||
- continue;
|
||||
- }
|
||||
- mAllApps.add(UserHandle.getAppId(uid));
|
||||
-
|
||||
- boolean isNetwork = hasNetworkPermission(app);
|
||||
- boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
-
|
||||
- if (isNetwork || hasRestrictedPermission) {
|
||||
- Boolean permission = mApps.get(uid);
|
||||
- // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
- // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- if (permission == null || permission == NETWORK) {
|
||||
- mApps.put(uid, hasRestrictedPermission);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- //TODO: unify the management of the permissions into one codepath.
|
||||
- int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
- }
|
||||
-
|
||||
List<UserInfo> users = mUserManager.getUsers(true); // exclude dying users
|
||||
if (users != null) {
|
||||
for (UserInfo user : users) {
|
||||
mUsers.add(user.id);
|
||||
+
|
||||
+ List<PackageInfo> apps = mPackageManager.getInstalledPackagesAsUser(GET_PERMISSIONS, user.id);
|
||||
+ if (apps == null) {
|
||||
+ loge("No apps");
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ for (PackageInfo app : apps) {
|
||||
+ int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
+ if (uid < 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ mAllApps.add(UserHandle.getAppId(uid));
|
||||
+
|
||||
+ boolean isNetwork = hasNetworkPermission(app);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ Boolean permission = mApps.get(uid);
|
||||
+ // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
+ // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
+ if (permission == null || permission == NETWORK) {
|
||||
+ mApps.put(uid, hasRestrictedPermission);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ //TODO: unify the management of the permissions into one codepath.
|
||||
+ int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
+ }
|
||||
+
|
||||
}
|
||||
}
|
||||
|
||||
@@ -308,9 +309,23 @@ public class PermissionMonitor {
|
||||
List<Integer> network = new ArrayList<>();
|
||||
List<Integer> system = new ArrayList<>();
|
||||
for (Entry<Integer, Boolean> app : apps.entrySet()) {
|
||||
- List<Integer> list = app.getValue() ? system : network;
|
||||
for (int user : users) {
|
||||
- list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ int uid = UserHandle.getUid(user, UserHandle.getAppId(app.getKey()));
|
||||
+ if (uid < 0) continue;
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages == null) continue;
|
||||
+ for (String pkg : packages) {
|
||||
+ PackageInfo info = getPackageInfo(pkg, user);
|
||||
+ if (info != null && info.applicationInfo.uid == uid) {
|
||||
+ boolean isNetwork = hasNetworkPermission(info);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(info);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ List<Integer> list = hasRestrictedPermission ? system : network;
|
||||
+ list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
try {
|
||||
- final PackageInfo app = mPackageManager.getPackageInfo(name, GET_PERMISSIONS);
|
||||
+ final PackageInfo app = mPackageManager.getPackageInfoAsUser(name, GET_PERMISSIONS,
|
||||
+ UserHandle.getUserId(uid));
|
||||
final boolean isNetwork = hasNetworkPermission(app);
|
||||
final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
if (isNetwork || hasRestrictedPermission) {
|
||||
@@ -393,7 +395,7 @@ public class PermissionMonitor {
|
||||
public synchronized void onPackageAdded(String packageName, int uid) {
|
||||
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName);
|
||||
+ final Boolean permission = highestPermissionForUid(mApps.get(uid), packageName, uid);
|
||||
if (permission != mApps.get(uid)) {
|
||||
mApps.put(uid, permission);
|
||||
|
||||
@@ -445,7 +447,7 @@ public class PermissionMonitor {
|
||||
String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
if (packages != null && packages.length > 0) {
|
||||
for (String name : packages) {
|
||||
- permission = highestPermissionForUid(permission, name);
|
||||
+ permission = highestPermissionForUid(permission, name, uid);
|
||||
if (permission == SYSTEM) {
|
||||
// An app with this UID still has the SYSTEM permission.
|
||||
// Therefore, this UID must already have the SYSTEM permission.
|
||||
@@ -485,11 +487,9 @@ public class PermissionMonitor {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
- private PackageInfo getPackageInfo(String packageName) {
|
||||
+ private PackageInfo getPackageInfo(String packageName, int userId) {
|
||||
try {
|
||||
- PackageInfo app = mPackageManager.getPackageInfo(packageName, GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- return app;
|
||||
+ return mPackageManager.getPackageInfoAsUser(packageName, GET_PERMISSIONS, userId);
|
||||
} catch (NameNotFoundException e) {
|
||||
return null;
|
||||
}
|
||||
|
@ -1,125 +1,42 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Pratyush <codelab@pratyush.dev>
|
||||
Date: Thu, 12 Aug 2021 03:44:41 +0530
|
||||
Subject: [PATCH] send uid for each user instead of just owner/admin user
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Tue, 14 Dec 2021 18:17:11 +0200
|
||||
Subject: [PATCH] skip reportNetworkConnectivity() when permission is revoked
|
||||
|
||||
---
|
||||
.../connectivity/PermissionMonitor.java | 83 +++++++++++--------
|
||||
1 file changed, 49 insertions(+), 34 deletions(-)
|
||||
core/java/android/net/ConnectivityManager.java | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
index 09cd274cbb05..ee0c531ef13e 100644
|
||||
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
|
||||
@@ -132,7 +132,7 @@ public class PermissionMonitor {
|
||||
for (String name : packages) {
|
||||
int userId = UserHandle.getUserId(uid);
|
||||
final PackageInfo app = getPackageInfo(name, userId);
|
||||
- if (app != null && app.requestedPermissions != null) {
|
||||
+ if (app != null && app.requestedPermissions != null && app.applicationInfo.uid == uid) {
|
||||
permission |= getNetdPermissionMask(app.requestedPermissions,
|
||||
app.requestedPermissionsFlags);
|
||||
}
|
||||
@@ -177,44 +177,45 @@ public class PermissionMonitor {
|
||||
} else {
|
||||
loge("failed to get the PackageManagerInternal service");
|
||||
}
|
||||
- List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS
|
||||
- | MATCH_ANY_USER);
|
||||
- if (apps == null) {
|
||||
- loge("No apps");
|
||||
- return;
|
||||
- }
|
||||
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
|
||||
index 7df32c10b16b..a2b04f3e9540 100644
|
||||
--- a/core/java/android/net/ConnectivityManager.java
|
||||
+++ b/core/java/android/net/ConnectivityManager.java
|
||||
@@ -17,6 +17,7 @@ package android.net;
|
||||
|
||||
SparseIntArray netdPermsUids = new SparseIntArray();
|
||||
import static android.net.IpSecManager.INVALID_RESOURCE_ID;
|
||||
|
||||
- for (PackageInfo app : apps) {
|
||||
- int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
- if (uid < 0) {
|
||||
- continue;
|
||||
- }
|
||||
- mAllApps.add(UserHandle.getAppId(uid));
|
||||
-
|
||||
- boolean isNetwork = hasNetworkPermission(app);
|
||||
- boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
-
|
||||
- if (isNetwork || hasRestrictedPermission) {
|
||||
- Boolean permission = mApps.get(uid);
|
||||
- // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
- // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
- if (permission == null || permission == NETWORK) {
|
||||
- mApps.put(uid, hasRestrictedPermission);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- //TODO: unify the management of the permissions into one codepath.
|
||||
- int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
- app.requestedPermissionsFlags);
|
||||
- netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
- }
|
||||
-
|
||||
List<UserInfo> users = mUserManager.getUsers(true); // exclude dying users
|
||||
if (users != null) {
|
||||
for (UserInfo user : users) {
|
||||
mUsers.add(user.id);
|
||||
+
|
||||
+ List<PackageInfo> apps = mPackageManager.getInstalledPackagesAsUser(GET_PERMISSIONS, user.id);
|
||||
+ if (apps == null) {
|
||||
+ loge("No apps");
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
+ for (PackageInfo app : apps) {
|
||||
+ int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
|
||||
+ if (uid < 0) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ mAllApps.add(UserHandle.getAppId(uid));
|
||||
+
|
||||
+ boolean isNetwork = hasNetworkPermission(app);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ Boolean permission = mApps.get(uid);
|
||||
+ // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
|
||||
+ // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
|
||||
+ if (permission == null || permission == NETWORK) {
|
||||
+ mApps.put(uid, hasRestrictedPermission);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ //TODO: unify the management of the permissions into one codepath.
|
||||
+ int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
|
||||
+ app.requestedPermissionsFlags);
|
||||
+ netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms);
|
||||
+ }
|
||||
+
|
||||
}
|
||||
}
|
||||
|
||||
@@ -308,9 +309,23 @@ public class PermissionMonitor {
|
||||
List<Integer> network = new ArrayList<>();
|
||||
List<Integer> system = new ArrayList<>();
|
||||
for (Entry<Integer, Boolean> app : apps.entrySet()) {
|
||||
- List<Integer> list = app.getValue() ? system : network;
|
||||
for (int user : users) {
|
||||
- list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ int uid = UserHandle.getUid(user, UserHandle.getAppId(app.getKey()));
|
||||
+ if (uid < 0) continue;
|
||||
+ String[] packages = mPackageManager.getPackagesForUid(uid);
|
||||
+ if (packages == null) continue;
|
||||
+ for (String pkg : packages) {
|
||||
+ PackageInfo info = getPackageInfo(pkg, user);
|
||||
+ if (info != null && info.applicationInfo.uid == uid) {
|
||||
+ boolean isNetwork = hasNetworkPermission(info);
|
||||
+ boolean hasRestrictedPermission = hasRestrictedNetworkPermission(info);
|
||||
+
|
||||
+ if (isNetwork || hasRestrictedPermission) {
|
||||
+ List<Integer> list = hasRestrictedPermission ? system : network;
|
||||
+ list.add(UserHandle.getUid(user, app.getKey()));
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
+import android.Manifest;
|
||||
import android.annotation.CallbackExecutor;
|
||||
import android.annotation.IntDef;
|
||||
import android.annotation.NonNull;
|
||||
@@ -31,6 +32,7 @@ import android.app.PendingIntent;
|
||||
import android.compat.annotation.UnsupportedAppUsage;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
+import android.content.pm.PackageManager;
|
||||
import android.net.IpSecManager.UdpEncapsulationSocket;
|
||||
import android.net.SocketKeepalive.Callback;
|
||||
import android.net.TetheringManager.StartTetheringCallback;
|
||||
@@ -3047,6 +3049,12 @@ public class ConnectivityManager {
|
||||
*/
|
||||
public void reportNetworkConnectivity(@Nullable Network network, boolean hasConnectivity) {
|
||||
printStackTrace();
|
||||
+ if (mContext.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
|
||||
+ // ConnectivityService enforces this by throwing an unexpected SecurityException,
|
||||
+ // which puts GMS into a crash loop. Also useful for other apps that don't expect that
|
||||
+ // INTERNET permission might get revoked.
|
||||
+ return;
|
||||
+ }
|
||||
try {
|
||||
mService.reportNetworkConnectivity(network, hasConnectivity);
|
||||
} catch (RemoteException e) {
|
||||
|
@ -1,42 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Dmitry Muhomor <muhomor.dmitry@gmail.com>
|
||||
Date: Tue, 14 Dec 2021 18:17:11 +0200
|
||||
Subject: [PATCH] skip reportNetworkConnectivity() when permission is revoked
|
||||
|
||||
---
|
||||
core/java/android/net/ConnectivityManager.java | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
|
||||
index 7df32c10b16b..a2b04f3e9540 100644
|
||||
--- a/core/java/android/net/ConnectivityManager.java
|
||||
+++ b/core/java/android/net/ConnectivityManager.java
|
||||
@@ -17,6 +17,7 @@ package android.net;
|
||||
|
||||
import static android.net.IpSecManager.INVALID_RESOURCE_ID;
|
||||
|
||||
+import android.Manifest;
|
||||
import android.annotation.CallbackExecutor;
|
||||
import android.annotation.IntDef;
|
||||
import android.annotation.NonNull;
|
||||
@@ -31,6 +32,7 @@ import android.app.PendingIntent;
|
||||
import android.compat.annotation.UnsupportedAppUsage;
|
||||
import android.content.Context;
|
||||
import android.content.Intent;
|
||||
+import android.content.pm.PackageManager;
|
||||
import android.net.IpSecManager.UdpEncapsulationSocket;
|
||||
import android.net.SocketKeepalive.Callback;
|
||||
import android.net.TetheringManager.StartTetheringCallback;
|
||||
@@ -3047,6 +3049,12 @@ public class ConnectivityManager {
|
||||
*/
|
||||
public void reportNetworkConnectivity(@Nullable Network network, boolean hasConnectivity) {
|
||||
printStackTrace();
|
||||
+ if (mContext.checkSelfPermission(Manifest.permission.INTERNET) != PackageManager.PERMISSION_GRANTED) {
|
||||
+ // ConnectivityService enforces this by throwing an unexpected SecurityException,
|
||||
+ // which puts GMS into a crash loop. Also useful for other apps that don't expect that
|
||||
+ // INTERNET permission might get revoked.
|
||||
+ return;
|
||||
+ }
|
||||
try {
|
||||
mService.reportNetworkConnectivity(network, hasConnectivity);
|
||||
} catch (RemoteException e) {
|
@ -0,0 +1,142 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:54:42 -0400
|
||||
Subject: [PATCH] add special runtime permission for other sensors
|
||||
|
||||
This covers sensors not included in the existing runtime permission for
|
||||
body sensors.
|
||||
|
||||
Ported from 10: 9ec9f7f521323552fa658b46862c8408f1a7b41b
|
||||
|
||||
Changes from 10:
|
||||
- Needed to run `m api-stubs-docs-non-updatable-update-current-api`
|
||||
to fix the "You have tried to change the API from what has been
|
||||
previously approved" errors.
|
||||
---
|
||||
api/current.txt | 2 ++
|
||||
core/java/android/content/pm/PackageParser.java | 2 ++
|
||||
core/res/AndroidManifest.xml | 12 ++++++++++++
|
||||
core/res/res/values/strings.xml | 12 ++++++++++++
|
||||
non-updatable-api/current.txt | 2 ++
|
||||
.../pm/permission/PermissionManagerService.java | 2 +-
|
||||
6 files changed, 31 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/api/current.txt b/api/current.txt
|
||||
index 728c0e95ca6d..4ab72254811f 100644
|
||||
--- a/api/current.txt
|
||||
+++ b/api/current.txt
|
||||
@@ -106,6 +106,7 @@ package android {
|
||||
field public static final String NFC = "android.permission.NFC";
|
||||
field public static final String NFC_PREFERRED_PAYMENT_INFO = "android.permission.NFC_PREFERRED_PAYMENT_INFO";
|
||||
field public static final String NFC_TRANSACTION_EVENT = "android.permission.NFC_TRANSACTION_EVENT";
|
||||
+ field public static final String OTHER_SENSORS = "android.permission.OTHER_SENSORS";
|
||||
field public static final String PACKAGE_USAGE_STATS = "android.permission.PACKAGE_USAGE_STATS";
|
||||
field @Deprecated public static final String PERSISTENT_ACTIVITY = "android.permission.PERSISTENT_ACTIVITY";
|
||||
field @Deprecated public static final String PROCESS_OUTGOING_CALLS = "android.permission.PROCESS_OUTGOING_CALLS";
|
||||
@@ -185,6 +186,7 @@ package android {
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
+ field public static final String OTHER_SENSORS = "android.permission-group.OTHER_SENSORS";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
|
||||
index 57f8a713ec13..c63fea6e3e0e 100644
|
||||
--- a/core/java/android/content/pm/PackageParser.java
|
||||
+++ b/core/java/android/content/pm/PackageParser.java
|
||||
@@ -280,6 +280,8 @@ public class PackageParser {
|
||||
@UnsupportedAppUsage
|
||||
public static final PackageParser.NewPermissionInfo NEW_PERMISSIONS[] =
|
||||
new PackageParser.NewPermissionInfo[] {
|
||||
+ new PackageParser.NewPermissionInfo(android.Manifest.permission.OTHER_SENSORS,
|
||||
+ android.os.Build.VERSION_CODES.CUR_DEVELOPMENT + 1, 0),
|
||||
new PackageParser.NewPermissionInfo(android.Manifest.permission.WRITE_EXTERNAL_STORAGE,
|
||||
android.os.Build.VERSION_CODES.DONUT, 0),
|
||||
new PackageParser.NewPermissionInfo(android.Manifest.permission.READ_PHONE_STATE,
|
||||
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
|
||||
index e70e54b62f61..5d554d10b056 100644
|
||||
--- a/core/res/AndroidManifest.xml
|
||||
+++ b/core/res/AndroidManifest.xml
|
||||
@@ -1391,6 +1391,18 @@
|
||||
android:description="@string/permdesc_useBiometric"
|
||||
android:protectionLevel="normal" />
|
||||
|
||||
+ <permission-group android:name="android.permission-group.OTHER_SENSORS"
|
||||
+ android:icon="@drawable/perm_group_location"
|
||||
+ android:label="@string/permgrouplab_otherSensors"
|
||||
+ android:description="@string/permgroupdesc_otherSensors"
|
||||
+ android:priority="1000" />
|
||||
+
|
||||
+ <permission android:name="android.permission.OTHER_SENSORS"
|
||||
+ android:permissionGroup="android.permission-group.UNDEFINED"
|
||||
+ android:label="@string/permlab_otherSensors"
|
||||
+ android:description="@string/permdesc_otherSensors"
|
||||
+ android:protectionLevel="dangerous" />
|
||||
+
|
||||
<!-- ====================================================================== -->
|
||||
<!-- REMOVED PERMISSIONS -->
|
||||
<!-- ====================================================================== -->
|
||||
diff --git a/core/res/res/values/strings.xml b/core/res/res/values/strings.xml
|
||||
index 7f114cf9b6b4..7eaa99ab324f 100644
|
||||
--- a/core/res/res/values/strings.xml
|
||||
+++ b/core/res/res/values/strings.xml
|
||||
@@ -804,6 +804,11 @@
|
||||
<!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permgroupdesc_sensors">access sensor data about your vital signs</string>
|
||||
|
||||
+ <!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgrouplab_otherSensors">Sensors</string>
|
||||
+ <!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
+ <string name="permgroupdesc_otherSensors">access sensor data about orientation, movement, etc.</string>
|
||||
+
|
||||
<!-- Title of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permgrouplab_network">Network</string>
|
||||
<!-- Description of a category of application permissions, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
@@ -1118,6 +1123,13 @@
|
||||
<string name="permdesc_bodySensors" product="default">Allows the app to access data from sensors
|
||||
that monitor your physical condition, such as your heart rate.</string>
|
||||
|
||||
+ <!-- Title of the sensors permission, listed so the user can decide whether to allow the application to access sensor data. [CHAR LIMIT=80] -->
|
||||
+ <string name="permlab_otherSensors">access sensors (like the compass)
|
||||
+ </string>
|
||||
+ <!-- Description of the sensors permission, listed so the user can decide whether to allow the application to access data from sensors. [CHAR LIMIT=NONE] -->
|
||||
+ <string name="permdesc_otherSensors" product="default">Allows the app to access data from sensors
|
||||
+ monitoring orientation, movement, vibration (including low frequency sound) and environmental data</string>
|
||||
+
|
||||
<!-- Title of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
<string name="permlab_readCalendar">Read calendar events and details</string>
|
||||
<!-- Description of an application permission, listed so the user can choose whether they want to allow the application to do this. -->
|
||||
diff --git a/non-updatable-api/current.txt b/non-updatable-api/current.txt
|
||||
index 189544f98594..9badc8c4d9c0 100644
|
||||
--- a/non-updatable-api/current.txt
|
||||
+++ b/non-updatable-api/current.txt
|
||||
@@ -106,6 +106,7 @@ package android {
|
||||
field public static final String NFC = "android.permission.NFC";
|
||||
field public static final String NFC_PREFERRED_PAYMENT_INFO = "android.permission.NFC_PREFERRED_PAYMENT_INFO";
|
||||
field public static final String NFC_TRANSACTION_EVENT = "android.permission.NFC_TRANSACTION_EVENT";
|
||||
+ field public static final String OTHER_SENSORS = "android.permission.OTHER_SENSORS";
|
||||
field public static final String PACKAGE_USAGE_STATS = "android.permission.PACKAGE_USAGE_STATS";
|
||||
field @Deprecated public static final String PERSISTENT_ACTIVITY = "android.permission.PERSISTENT_ACTIVITY";
|
||||
field @Deprecated public static final String PROCESS_OUTGOING_CALLS = "android.permission.PROCESS_OUTGOING_CALLS";
|
||||
@@ -185,6 +186,7 @@ package android {
|
||||
field public static final String LOCATION = "android.permission-group.LOCATION";
|
||||
field public static final String MICROPHONE = "android.permission-group.MICROPHONE";
|
||||
field public static final String NETWORK = "android.permission-group.NETWORK";
|
||||
+ field public static final String OTHER_SENSORS = "android.permission-group.OTHER_SENSORS";
|
||||
field public static final String PHONE = "android.permission-group.PHONE";
|
||||
field public static final String SENSORS = "android.permission-group.SENSORS";
|
||||
field public static final String SMS = "android.permission-group.SMS";
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 9e6ecc739ffe..c744a0b5079a 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -2609,7 +2609,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
}
|
||||
|
||||
public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
- return Manifest.permission.INTERNET.equals(permission);
|
||||
+ return Manifest.permission.INTERNET.equals(permission) || Manifest.permission.OTHER_SENSORS.equals(permission);
|
||||
}
|
||||
|
||||
/**
|
@ -0,0 +1,95 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: inthewaves <inthewaves@pm.me>
|
||||
Date: Sat, 12 Sep 2020 12:28:34 -0700
|
||||
Subject: [PATCH] support new special runtime permissions
|
||||
|
||||
These are treated as a runtime permission even for legacy apps. They
|
||||
need to be granted by default for all apps to maintain compatibility.
|
||||
|
||||
Ported from 10: 4d5d82f4e2fb9ff68158bf30f3944591bb74dd04
|
||||
|
||||
Changes from 10:
|
||||
- It seems like parts of PackageManagerService#resetUserChangesToRuntimePermissionsAndFlagsLPw
|
||||
were refactored into PermissionManagerService#resetRuntimePermissionsInternal.
|
||||
As a result, PackageManagerService is no longer modified.
|
||||
---
|
||||
.../permission/PermissionManagerService.java | 24 +++++++++++++++----
|
||||
1 file changed, 19 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
index 8d2363b6e831..26b959879084 100644
|
||||
--- a/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
+++ b/services/core/java/com/android/server/pm/permission/PermissionManagerService.java
|
||||
@@ -1461,7 +1461,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(permName)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1513,7 +1513,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
+ permName + " for package " + packageName);
|
||||
}
|
||||
|
||||
- if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M) {
|
||||
+ if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
|
||||
+ && !isSpecialRuntimePermission(permName)) {
|
||||
Slog.w(TAG, "Cannot grant runtime permission to a legacy app");
|
||||
return;
|
||||
}
|
||||
@@ -1623,7 +1624,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
// to keep the review required permission flag per user while an
|
||||
// install permission's state is shared across all users.
|
||||
if (pkg.getTargetSdkVersion() < Build.VERSION_CODES.M
|
||||
- && bp.isRuntime()) {
|
||||
+ && bp.isRuntime() && !isSpecialRuntimePermission(bp.name)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -1847,7 +1848,8 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
|
||||
// If this permission was granted by default or role, make sure it is.
|
||||
if ((oldFlags & FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
|
||||
- || (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0) {
|
||||
+ || (oldFlags & FLAG_PERMISSION_GRANTED_BY_ROLE) != 0
|
||||
+ || isSpecialRuntimePermission(bp.getName())) {
|
||||
// PermissionPolicyService will handle the app op for runtime permissions later.
|
||||
grantRuntimePermissionInternal(permName, packageName, false,
|
||||
Process.SYSTEM_UID, userId, delayingPermCallback);
|
||||
@@ -2606,6 +2608,10 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
}
|
||||
}
|
||||
|
||||
+ public static boolean isSpecialRuntimePermission(final String permission) {
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Restore the permission state for a package.
|
||||
*
|
||||
@@ -2952,6 +2958,14 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
}
|
||||
}
|
||||
}
|
||||
+
|
||||
+ if (isSpecialRuntimePermission(bp.name) &&
|
||||
+ origPermissions.getRuntimePermissionState(bp.name, userId) == null) {
|
||||
+ if (permissionsState.grantRuntimePermission(bp, userId)
|
||||
+ != PERMISSION_OPERATION_FAILURE) {
|
||||
+ wasChanged = true;
|
||||
+ }
|
||||
+ }
|
||||
} else {
|
||||
if (permState == null) {
|
||||
// New permission
|
||||
@@ -3907,7 +3921,7 @@ public class PermissionManagerService extends IPermissionManager.Stub {
|
||||
&& (grantedPermissions == null
|
||||
|| ArrayUtils.contains(grantedPermissions, permission))) {
|
||||
final int flags = permissionsState.getPermissionFlags(permission, userId);
|
||||
- if (supportsRuntimePermissions) {
|
||||
+ if (supportsRuntimePermissions || isSpecialRuntimePermission(bp.name)) {
|
||||
// Installer cannot change immutable permissions.
|
||||
if ((flags & immutableFlags) == 0) {
|
||||
grantRuntimePermissionInternal(permission, pkg.getPackageName(), false,
|
@ -1,73 +1,22 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 13:21:18 +0100
|
||||
Subject: [PATCH] AppOps: New Op for (Other) sensors access
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 16:28:57 -0400
|
||||
Subject: [PATCH] require OTHER_SENSORS permission for sensors
|
||||
|
||||
* Add new sensor op to enum
|
||||
* Invoke OP_OTHER_SENSORS as default
|
||||
* Adapt logic for checking the Ops, if no permission is linked
|
||||
|
||||
cherry-picked from lin17-microG and adapted for R
|
||||
|
||||
Change-Id: If4011566a391314afed9a26e1dcf6e4bc838e4f7
|
||||
Ported from 10: ff005a6b6a38baef95c4a01d7e1fc75aac651a58
|
||||
---
|
||||
libs/binder/include/binder/AppOpsManager.h | 3 ++-
|
||||
libs/sensor/Sensor.cpp | 1 +
|
||||
services/sensorservice/SensorService.cpp | 10 ++++++----
|
||||
3 files changed, 9 insertions(+), 5 deletions(-)
|
||||
libs/sensor/Sensor.cpp | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
|
||||
index d93935ae5d..4a8c36f5b2 100644
|
||||
--- a/libs/binder/include/binder/AppOpsManager.h
|
||||
+++ b/libs/binder/include/binder/AppOpsManager.h
|
||||
@@ -135,7 +135,8 @@ public:
|
||||
OP_PHONE_CALL_MICROPHONE = 100,
|
||||
OP_PHONE_CALL_CAMERA = 101,
|
||||
OP_RECORD_AUDIO_HOTWORD = 102,
|
||||
- _NUM_OP = 103
|
||||
+ OP_OTHER_SENSORS = 103,
|
||||
+ _NUM_OP = 104
|
||||
};
|
||||
|
||||
AppOpsManager();
|
||||
diff --git a/libs/sensor/Sensor.cpp b/libs/sensor/Sensor.cpp
|
||||
index 9d817ae0bd..76d365d5f7 100644
|
||||
index 9d817ae0bd..91df16e64a 100644
|
||||
--- a/libs/sensor/Sensor.cpp
|
||||
+++ b/libs/sensor/Sensor.cpp
|
||||
@@ -59,6 +59,7 @@ Sensor::Sensor(struct sensor_t const& hwSensor, const uuid_t& uuid, int halVersi
|
||||
mMinDelay = hwSensor.minDelay;
|
||||
mFlags = 0;
|
||||
mUuid = uuid;
|
||||
+ mRequiredAppOp = AppOpsManager::OP_OTHER_SENSORS; //default, other values are explicitly set
|
||||
+ mRequiredPermission = "android.permission.OTHER_SENSORS";
|
||||
|
||||
// Set fifo event count zero for older devices which do not support batching. Fused
|
||||
// sensors also have their fifo counts set to zero.
|
||||
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
|
||||
index 3ca34bba1b..8a62b2bb9c 100644
|
||||
--- a/services/sensorservice/SensorService.cpp
|
||||
+++ b/services/sensorservice/SensorService.cpp
|
||||
@@ -1798,10 +1798,9 @@ status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
|
||||
|
||||
bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
const String16& opPackageName) {
|
||||
+
|
||||
// Check if a permission is required for this sensor
|
||||
- if (sensor.getRequiredPermission().length() <= 0) {
|
||||
- return true;
|
||||
- }
|
||||
+ bool noAssociatedPermission = (sensor.getRequiredPermission().length() <= 0);
|
||||
|
||||
const int32_t opCode = sensor.getRequiredAppOp();
|
||||
const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
|
||||
@@ -1816,7 +1815,10 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
|
||||
// Allow access to step sensors if the application targets pre-Q, which is before the
|
||||
// requirement to hold the AR permission to access Step Counter and Step Detector events
|
||||
// was introduced.
|
||||
- canAccess = true;
|
||||
+ // [MSe1969: Of course only, if AppOpAllowed]
|
||||
+ canAccess = appOpAllowed;
|
||||
+ } else if (noAssociatedPermission) {
|
||||
+ canAccess = appOpAllowed;
|
||||
} else if (hasPermissionForSensor(sensor)) {
|
||||
// Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
|
||||
if (opCode < 0 || appOpAllowed) {
|
||||
|
@ -0,0 +1,46 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:55:58 -0400
|
||||
Subject: [PATCH] always treat OTHER_SENSORS as a runtime permission
|
||||
|
||||
ported from 10: a1204e6126189810018ff5540858536a1c58ac37
|
||||
---
|
||||
.../permission/model/AppPermissionGroup.java | 4 ++--
|
||||
.../permissioncontroller/permission/model/Permission.java | 2 +-
|
||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
||||
index 0399a1836..4838046ac 100644
|
||||
--- a/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
||||
+++ b/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
||||
@@ -873,7 +873,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
|
||||
boolean wasGranted = permission.isGrantedIncludingAppOp();
|
||||
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
// Do not touch permissions fixed by the system.
|
||||
if (permission.isSystemFixed()) {
|
||||
wasAllGranted = false;
|
||||
@@ -1058,7 +1058,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
|
||||
break;
|
||||
}
|
||||
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
// Revoke the permission if needed.
|
||||
if (permission.isGranted()) {
|
||||
permission.setGranted(false);
|
||||
diff --git a/src/com/android/permissioncontroller/permission/model/Permission.java b/src/com/android/permissioncontroller/permission/model/Permission.java
|
||||
index 3af5241af..f65b75a9c 100644
|
||||
--- a/src/com/android/permissioncontroller/permission/model/Permission.java
|
||||
+++ b/src/com/android/permissioncontroller/permission/model/Permission.java
|
||||
@@ -138,7 +138,7 @@ public final class Permission {
|
||||
* @return {@code true} if the permission (and the app-op) is granted.
|
||||
*/
|
||||
public boolean isGrantedIncludingAppOp() {
|
||||
- return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName));
|
||||
+ return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName) || Manifest.permission.OTHER_SENSORS.equals(mName));
|
||||
}
|
||||
|
||||
public boolean isReviewRequired() {
|
@ -0,0 +1,30 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Micay <danielmicay@gmail.com>
|
||||
Date: Sat, 7 Oct 2017 15:56:35 -0400
|
||||
Subject: [PATCH] add OTHER_SENSORS permission group
|
||||
|
||||
ported from 10: fc8c816e07ce39583774db8fe668e0505b6aa504
|
||||
---
|
||||
.../android/permissioncontroller/permission/utils/Utils.java | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/com/android/permissioncontroller/permission/utils/Utils.java b/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
index 2f0dc3d21..81d1994bc 100644
|
||||
--- a/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
+++ b/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
@@ -26,6 +26,7 @@ import static android.Manifest.permission_group.CONTACTS;
|
||||
import static android.Manifest.permission_group.LOCATION;
|
||||
import static android.Manifest.permission_group.MICROPHONE;
|
||||
import static android.Manifest.permission_group.NETWORK;
|
||||
+import static android.Manifest.permission_group.OTHER_SENSORS;
|
||||
import static android.Manifest.permission_group.PHONE;
|
||||
import static android.Manifest.permission_group.SENSORS;
|
||||
import static android.Manifest.permission_group.SMS;
|
||||
@@ -211,6 +212,7 @@ public final class Utils {
|
||||
PLATFORM_PERMISSIONS.put(Manifest.permission.BODY_SENSORS, SENSORS);
|
||||
|
||||
PLATFORM_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
|
||||
+ PLATFORM_PERMISSIONS.put(Manifest.permission.OTHER_SENSORS, OTHER_SENSORS);
|
||||
|
||||
PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
|
||||
int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
|
@ -4,13 +4,13 @@ Date: Sat, 12 Sep 2020 15:40:58 -0700
|
||||
Subject: [PATCH] refactor handling of special runtime permissions
|
||||
|
||||
---
|
||||
.../permission/model/AppPermissionGroup.java | 5 ++---
|
||||
.../permission/model/Permission.java | 5 +++--
|
||||
.../permission/utils/Utils.java | 17 +++++++++++++++++
|
||||
3 files changed, 22 insertions(+), 5 deletions(-)
|
||||
.../permission/model/AppPermissionGroup.java | 5 ++---
|
||||
.../permission/model/Permission.java | 5 +++--
|
||||
.../permission/utils/Utils.java | 18 ++++++++++++++++++
|
||||
3 files changed, 23 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
||||
index 0399a1836..cb4eab9f7 100644
|
||||
index 4838046ac..cb4eab9f7 100644
|
||||
--- a/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
||||
+++ b/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
|
||||
@@ -34,7 +34,6 @@ import android.content.pm.PackageManager;
|
||||
@ -25,7 +25,7 @@ index 0399a1836..cb4eab9f7 100644
|
||||
|
||||
boolean wasGranted = permission.isGrantedIncludingAppOp();
|
||||
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Utils.isSpecialRuntimePermission(permission.getName())) {
|
||||
// Do not touch permissions fixed by the system.
|
||||
if (permission.isSystemFixed()) {
|
||||
@ -34,13 +34,13 @@ index 0399a1836..cb4eab9f7 100644
|
||||
break;
|
||||
}
|
||||
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName())) {
|
||||
- if (mAppSupportsRuntimePermissions || Manifest.permission.INTERNET.equals(permission.getName()) || Manifest.permission.OTHER_SENSORS.equals(permission.getName())) {
|
||||
+ if (mAppSupportsRuntimePermissions || Utils.isSpecialRuntimePermission(permission.getName())) {
|
||||
// Revoke the permission if needed.
|
||||
if (permission.isGranted()) {
|
||||
permission.setGranted(false);
|
||||
diff --git a/src/com/android/permissioncontroller/permission/model/Permission.java b/src/com/android/permissioncontroller/permission/model/Permission.java
|
||||
index 3af5241af..3f17de882 100644
|
||||
index f65b75a9c..3f17de882 100644
|
||||
--- a/src/com/android/permissioncontroller/permission/model/Permission.java
|
||||
+++ b/src/com/android/permissioncontroller/permission/model/Permission.java
|
||||
@@ -18,10 +18,11 @@ package com.android.permissioncontroller.permission.model;
|
||||
@ -60,16 +60,16 @@ index 3af5241af..3f17de882 100644
|
||||
* @return {@code true} if the permission (and the app-op) is granted.
|
||||
*/
|
||||
public boolean isGrantedIncludingAppOp() {
|
||||
- return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName));
|
||||
- return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Manifest.permission.INTERNET.equals(mName) || Manifest.permission.OTHER_SENSORS.equals(mName));
|
||||
+ return mGranted && (!affectsAppOp() || isAppOpAllowed()) && (!isReviewRequired() || Utils.isSpecialRuntimePermission(mName));
|
||||
}
|
||||
|
||||
public boolean isReviewRequired() {
|
||||
diff --git a/src/com/android/permissioncontroller/permission/utils/Utils.java b/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
index 2f0dc3d21..dab86e734 100644
|
||||
index 81d1994bc..2c55aed22 100644
|
||||
--- a/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
+++ b/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
@@ -145,6 +145,9 @@ public final class Utils {
|
||||
@@ -146,6 +146,9 @@ public final class Utils {
|
||||
*/
|
||||
public static final long ONE_TIME_PERMISSIONS_TIMEOUT_MILLIS = 1 * 60 * 1000; // 1 minute
|
||||
|
||||
@ -79,17 +79,18 @@ index 2f0dc3d21..dab86e734 100644
|
||||
/** Mapping permission -> group for all dangerous platform permissions */
|
||||
private static final ArrayMap<String, String> PLATFORM_PERMISSIONS;
|
||||
|
||||
@@ -212,6 +215,9 @@ public final class Utils {
|
||||
|
||||
@@ -214,6 +217,10 @@ public final class Utils {
|
||||
PLATFORM_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
|
||||
PLATFORM_PERMISSIONS.put(Manifest.permission.OTHER_SENSORS, OTHER_SENSORS);
|
||||
|
||||
+ SPECIAL_RUNTIME_PERMISSIONS = new ArrayMap<>();
|
||||
+ SPECIAL_RUNTIME_PERMISSIONS.put(Manifest.permission.INTERNET, NETWORK);
|
||||
+ SPECIAL_RUNTIME_PERMISSIONS.put(Manifest.permission.OTHER_SENSORS, OTHER_SENSORS);
|
||||
+
|
||||
PLATFORM_PERMISSION_GROUPS = new ArrayMap<>();
|
||||
int numPlatformPermissions = PLATFORM_PERMISSIONS.size();
|
||||
for (int i = 0; i < numPlatformPermissions; i++) {
|
||||
@@ -642,6 +648,17 @@ public final class Utils {
|
||||
@@ -644,6 +651,17 @@ public final class Utils {
|
||||
return PLATFORM_PERMISSIONS.containsKey(permission);
|
||||
}
|
||||
|
@ -60,10 +60,10 @@ index 8dd8e8f77..d7f8f229f 100644
|
||||
val revocablePermissions = group.permissions.keys.toList()
|
||||
|
||||
diff --git a/src/com/android/permissioncontroller/permission/utils/Utils.java b/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
index dab86e734..4a7de5416 100644
|
||||
index 2c55aed22..90acf9223 100644
|
||||
--- a/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
+++ b/src/com/android/permissioncontroller/permission/utils/Utils.java
|
||||
@@ -659,6 +659,17 @@ public final class Utils {
|
||||
@@ -662,6 +662,17 @@ public final class Utils {
|
||||
return SPECIAL_RUNTIME_PERMISSIONS.containsKey(permission);
|
||||
}
|
||||
|
@ -1,261 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: MSe1969 <mse1969@posteo.de>
|
||||
Date: Sat, 14 Nov 2020 15:17:37 +0100
|
||||
Subject: [PATCH] Special Access: Add an option to administer Sensor access
|
||||
|
||||
Accesses the added AppOp for OP_OTHER_SENSORS
|
||||
|
||||
Change-Id: I79c0ed4ab97494434edc6c308a8a54bd123c02ee
|
||||
---
|
||||
res/values-de/strings.xml | 3 +
|
||||
res/values-fr/strings.xml | 3 +
|
||||
res/values/strings.xml | 5 +
|
||||
res/xml/special_access.xml | 7 +
|
||||
.../specialaccess/sensor/SensorAccess.java | 178 ++++++++++++++++++
|
||||
5 files changed, 196 insertions(+)
|
||||
create mode 100644 src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
|
||||
diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
|
||||
index 4edd33d66b..a22b3de82c 100644
|
||||
--- a/res/values-de/strings.xml
|
||||
+++ b/res/values-de/strings.xml
|
||||
@@ -4945,6 +4945,9 @@
|
||||
<string name="rtt_settings_no_visible" msgid="7440356831140948382"></string>
|
||||
<string name="rtt_settings_visible_during_call" msgid="7866181103286073700"></string>
|
||||
<string name="rtt_settings_always_visible" msgid="2364173070088756238"></string>
|
||||
+ <string name="sensor_access_summary">Sensorzugriff von Benutzer-Apps kontrollieren</string>
|
||||
+ <string name="sensor_access_title">Zugriff auf Sensoren</string>
|
||||
+ <string name="sensor_access_title_empty_text">Keine installierte App hat Sensorzugriff angefordert.</string>
|
||||
<string name="media_output_panel_stop_casting_button" msgid="6094875883164119035">"Streamen beenden"</string>
|
||||
<string name="volte_5G_limited_title" msgid="5908052268836750629">"VoLTE deaktivieren?"</string>
|
||||
<string name="volte_5G_limited_text" msgid="7150583768725182345">"Dadurch wird auch deine 5G-Verbindung deaktiviert.\nWährend eines Sprachanrufs kannst du das Internet nicht nutzen und manche Apps funktionieren möglicherweise nicht."</string>
|
||||
diff --git a/res/values-fr/strings.xml b/res/values-fr/strings.xml
|
||||
index 005aa05953..7c2ad2eaf3 100644
|
||||
--- a/res/values-fr/strings.xml
|
||||
+++ b/res/values-fr/strings.xml
|
||||
@@ -4944,6 +4944,9 @@
|
||||
<string name="rtt_settings_no_visible" msgid="7440356831140948382"></string>
|
||||
<string name="rtt_settings_visible_during_call" msgid="7866181103286073700"></string>
|
||||
<string name="rtt_settings_always_visible" msgid="2364173070088756238"></string>
|
||||
+ <string name="sensor_access_summary">Contrôler l\'accès des applications utilisateurs aux capteurs</string>
|
||||
+ <string name="sensor_access_title">Access aux Capteurs</string>
|
||||
+ <string name="sensor_access_title_empty_text">Aucune app installée n\'a demandé de l\'accès aux capteurs.</string>
|
||||
<string name="media_output_panel_stop_casting_button" msgid="6094875883164119035">"Arrêter la diffusion"</string>
|
||||
<string name="volte_5G_limited_title" msgid="5908052268836750629">"Désactiver VoLTE ?"</string>
|
||||
<string name="volte_5G_limited_text" msgid="7150583768725182345">"Cela désactive également votre connexion 5G.\nLorsque vous effectuez un appel vocal, vous n\'avez pas accès à Internet et certaines applications peuvent ne pas fonctionner."</string>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 0c6fe1a541..120e82f4dd 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -12237,4 +12237,9 @@
|
||||
<string name="bluetooth_connect_access_dialog_negative">Don\u2019t connect</string>
|
||||
<!-- Strings for Dialog connect button -->
|
||||
<string name="bluetooth_connect_access_dialog_positive">Connect</string>
|
||||
+
|
||||
+ <!-- Sensor AppOps -->
|
||||
+ <string name="sensor_access_summary">Control sensor access for user apps</string>
|
||||
+ <string name="sensor_access_title">Access to Sensors</string>
|
||||
+ <string name="sensor_access_title_empty_text">No installed apps have requested sensors access.</string>
|
||||
</resources>
|
||||
diff --git a/res/xml/special_access.xml b/res/xml/special_access.xml
|
||||
index 6ee87f4664..f65ee68f7e 100644
|
||||
--- a/res/xml/special_access.xml
|
||||
+++ b/res/xml/special_access.xml
|
||||
@@ -154,6 +154,13 @@
|
||||
android:value="com.android.settings.Settings$ChangeWifiStateActivity" />
|
||||
</Preference>
|
||||
|
||||
+ <Preference
|
||||
+ android:key="sensor_access"
|
||||
+ android:title="@string/sensor_access_title"
|
||||
+ android:summary="@string/sensor_access_summary"
|
||||
+ android:fragment="com.android.settings.applications.specialaccess.sensor.SensorAccess">
|
||||
+ </Preference>
|
||||
+
|
||||
<Preference
|
||||
android:key="special_access_more"
|
||||
android:title="@string/special_access_more"
|
||||
diff --git a/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
new file mode 100644
|
||||
index 0000000000..2c29f3abfd
|
||||
--- /dev/null
|
||||
+++ b/src/com/android/settings/applications/specialaccess/sensor/SensorAccess.java
|
||||
@@ -0,0 +1,178 @@
|
||||
+package com.android.settings.applications.specialaccess.sensor;
|
||||
+
|
||||
+import android.annotation.Nullable;
|
||||
+import android.app.AlertDialog;
|
||||
+import android.app.Dialog;
|
||||
+import android.app.DialogFragment;
|
||||
+import android.app.AppOpsManager;
|
||||
+import android.content.Context;
|
||||
+import android.content.DialogInterface;
|
||||
+import android.content.pm.ApplicationInfo;
|
||||
+import android.content.pm.PackageInfo;
|
||||
+import android.content.pm.PackageItemInfo;
|
||||
+import android.content.pm.PackageManager;
|
||||
+import android.database.ContentObserver;
|
||||
+import android.net.Uri;
|
||||
+import android.os.Bundle;
|
||||
+import android.os.Handler;
|
||||
+import android.os.Looper;
|
||||
+import android.text.TextUtils;
|
||||
+import android.util.ArraySet;
|
||||
+import android.util.Log;
|
||||
+import android.util.TypedValue;
|
||||
+import android.view.Gravity;
|
||||
+import android.view.View;
|
||||
+import android.view.ViewGroup;
|
||||
+import android.view.ViewGroup.LayoutParams;
|
||||
+import android.widget.TextView;
|
||||
+import android.widget.Toast;
|
||||
+
|
||||
+import androidx.preference.Preference;
|
||||
+import androidx.preference.Preference.OnPreferenceChangeListener;
|
||||
+import androidx.preference.PreferenceScreen;
|
||||
+import androidx.preference.SwitchPreference;
|
||||
+
|
||||
+import com.android.settings.R;
|
||||
+import com.android.settings.core.instrumentation.InstrumentedDialogFragment;
|
||||
+import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
|
||||
+import com.android.settings.SettingsPreferenceFragment;
|
||||
+
|
||||
+import java.util.Arrays;
|
||||
+import java.util.ArrayList;
|
||||
+import java.util.Collections;
|
||||
+import java.util.List;
|
||||
+
|
||||
+public class SensorAccess extends SettingsPreferenceFragment {
|
||||
+
|
||||
+ private final SettingObserver mObserver = new SettingObserver();
|
||||
+
|
||||
+ static final String TAG = "SensorAccess";
|
||||
+
|
||||
+ private Context mContext;
|
||||
+ private PackageManager mPackageManager;
|
||||
+ private AppOpsManager mAppOpsManager;
|
||||
+ private TextView mEmpty;
|
||||
+
|
||||
+ @Override
|
||||
+ public int getMetricsCategory() {
|
||||
+ return MetricsEvent.VIEW_UNKNOWN;
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onCreate(Bundle icicle) {
|
||||
+ super.onCreate(icicle);
|
||||
+
|
||||
+ mContext = getActivity();
|
||||
+ mPackageManager = mContext.getPackageManager();
|
||||
+ mAppOpsManager = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
|
||||
+ setPreferenceScreen(getPreferenceManager().createPreferenceScreen(mContext));
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onViewCreated(View view, @Nullable Bundle savedInstanceState) {
|
||||
+ super.onViewCreated(view, savedInstanceState);
|
||||
+ mEmpty = new TextView(getContext());
|
||||
+ mEmpty.setGravity(Gravity.CENTER);
|
||||
+ mEmpty.setText(R.string.sensor_access_title_empty_text);
|
||||
+ TypedValue value = new TypedValue();
|
||||
+ getContext().getTheme().resolveAttribute(android.R.attr.textAppearanceMedium, value, true);
|
||||
+ mEmpty.setTextAppearance(value.resourceId);
|
||||
+ ((ViewGroup) view.findViewById(android.R.id.list_container)).addView(mEmpty,
|
||||
+ new LayoutParams(LayoutParams.MATCH_PARENT, LayoutParams.MATCH_PARENT));
|
||||
+ setEmptyView(mEmpty);
|
||||
+ reloadList();
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onResume() {
|
||||
+ super.onResume();
|
||||
+ getActivity().getActionBar().setTitle(R.string.sensor_access_title);
|
||||
+ reloadList();
|
||||
+ }
|
||||
+
|
||||
+ private void reloadList() {
|
||||
+ final PreferenceScreen screen = getPreferenceScreen();
|
||||
+ screen.removeAll();
|
||||
+
|
||||
+ final ArrayList<ApplicationInfo> apps = new ArrayList<>();
|
||||
+ final List<ApplicationInfo> installed = mPackageManager.getInstalledApplications(0);
|
||||
+ if (installed != null) {
|
||||
+ for (ApplicationInfo app : installed) {
|
||||
+ // Skip system apps
|
||||
+ if (isUserApp(app.packageName)) {
|
||||
+ // Only apps effectively having the Op OTHER_SENSORS
|
||||
+ if (mAppOpsManager.getOpsForPackage(getPackageUid(app.packageName),
|
||||
+ app.packageName, new int[]{AppOpsManager.OP_OTHER_SENSORS}) != null)
|
||||
+ apps.add(app);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ Collections.sort(apps, new PackageItemInfo.DisplayNameComparator(mPackageManager));
|
||||
+ for (ApplicationInfo app : apps) {
|
||||
+ final String pkg = app.packageName;
|
||||
+ final CharSequence label = app.loadLabel(mPackageManager);
|
||||
+ final SwitchPreference pref = new SwitchPreference(getPrefContext());
|
||||
+ pref.setPersistent(false);
|
||||
+ pref.setIcon(app.loadIcon(mPackageManager));
|
||||
+ pref.setTitle(label);
|
||||
+ updateState(pref, pkg);
|
||||
+ pref.setOnPreferenceChangeListener(new OnPreferenceChangeListener() {
|
||||
+ @Override
|
||||
+ public boolean onPreferenceChange(Preference preference, Object newValue) {
|
||||
+ boolean switchOn = (Boolean) newValue;
|
||||
+ mAppOpsManager.setMode(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg,
|
||||
+ switchOn ? AppOpsManager.MODE_ALLOWED : AppOpsManager.MODE_IGNORED);
|
||||
+ pref.setChecked(switchOn);
|
||||
+ return false;
|
||||
+ }
|
||||
+ });
|
||||
+ screen.addPreference(pref);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ public void updateState(SwitchPreference preference, String pkg) {
|
||||
+ final int mode = mAppOpsManager
|
||||
+ .checkOpNoThrow(AppOpsManager.OP_OTHER_SENSORS, getPackageUid(pkg), pkg);
|
||||
+ if (mode == AppOpsManager.MODE_ERRORED) {
|
||||
+ preference.setChecked(false);
|
||||
+ } else {
|
||||
+ final boolean checked = mode != AppOpsManager.MODE_IGNORED;
|
||||
+ preference.setChecked(checked);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ private boolean isUserApp(String pkg) {
|
||||
+ ApplicationInfo appInfo;
|
||||
+ try {
|
||||
+ appInfo = mPackageManager.getApplicationInfo(pkg,
|
||||
+ PackageManager.GET_DISABLED_COMPONENTS
|
||||
+ | PackageManager.GET_UNINSTALLED_PACKAGES);
|
||||
+ } catch (PackageManager.NameNotFoundException e) {
|
||||
+ Log.w(TAG, "Unable to find info for package " + pkg);
|
||||
+ return false;
|
||||
+ }
|
||||
+ return ((appInfo.flags & ApplicationInfo.FLAG_SYSTEM) == 0);
|
||||
+ }
|
||||
+
|
||||
+ private int getPackageUid(String pkg) {
|
||||
+ int uid;
|
||||
+ try {
|
||||
+ uid = mPackageManager.getPackageUid(pkg, 0);
|
||||
+ } catch (PackageManager.NameNotFoundException e) {
|
||||
+ // We shouldn't hit this, ever. What can we even do after this?
|
||||
+ uid = -1;
|
||||
+ }
|
||||
+ return uid;
|
||||
+ }
|
||||
+
|
||||
+ private final class SettingObserver extends ContentObserver {
|
||||
+ public SettingObserver() {
|
||||
+ super(new Handler(Looper.getMainLooper()));
|
||||
+ }
|
||||
+
|
||||
+ @Override
|
||||
+ public void onChange(boolean selfChange, Uri uri) {
|
||||
+ reloadList();
|
||||
+ }
|
||||
+ }
|
||||
+}
|
@ -55,7 +55,7 @@ index 617548cadc..9caf926229 100644
|
||||
<item msgid="6490061470416867723">Small</item>
|
||||
<item msgid="3579015730662088893">Default</item>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 120e82f4dd..6ff1f16fdf 100644
|
||||
index 0c6fe1a541..b9f886d492 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -647,6 +647,9 @@
|
||||
|
@ -67,7 +67,7 @@ index 9caf926229..d40e65e536 100644
|
||||
<string-array name="screen_timeout_entries">
|
||||
<item>15 seconds</item>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 6ff1f16fdf..3a7f3878bf 100644
|
||||
index b9f886d492..e925a30b3e 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -27,6 +27,25 @@
|
||||
|
@ -67,7 +67,7 @@ index d40e65e536..6259f4d1a5 100644
|
||||
<string-array name="screen_timeout_entries">
|
||||
<item>15 seconds</item>
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 3a7f3878bf..dbbc4ba758 100644
|
||||
index e925a30b3e..de6d38bcbd 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -46,6 +46,25 @@
|
||||
|
@ -12,7 +12,7 @@ Subject: [PATCH] add native debugging setting
|
||||
create mode 100644 src/com/android/settings/security/NativeDebugPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index dbbc4ba758..87ef39ed10 100644
|
||||
index de6d38bcbd..dc14819f0c 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11957,6 +11957,9 @@
|
||||
|
@ -10,7 +10,7 @@ Subject: [PATCH] UserManager app installation restrictions
|
||||
3 files changed, 44 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index b33a94d4a6..1cd05427d1 100644
|
||||
index e612651bfe..c8e830342b 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -7088,6 +7088,8 @@
|
||||
|
@ -12,7 +12,7 @@ Subject: [PATCH] add exec spawning toggle
|
||||
create mode 100644 src/com/android/settings/security/ExecSpawnPreferenceController.java
|
||||
|
||||
diff --git a/res/values/strings.xml b/res/values/strings.xml
|
||||
index 87ef39ed10..b33a94d4a6 100644
|
||||
index dc14819f0c..e612651bfe 100644
|
||||
--- a/res/values/strings.xml
|
||||
+++ b/res/values/strings.xml
|
||||
@@ -11957,6 +11957,8 @@
|
||||
|
@ -157,13 +157,11 @@ fi;
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS)
|
||||
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
#applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS)
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch";
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Sensors_Permission.patch"; #Add special runtime permission for other sensors (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0014-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||
sed -i 's/DEFAULT_MAX_FILES = 1000;/DEFAULT_MAX_FILES = 0;/' services/core/java/com/android/server/DropBoxManagerService.java; #Disable DropBox internal logging service
|
||||
sed -i 's/DEFAULT_MAX_FILES_LOWRAM = 300;/DEFAULT_MAX_FILES_LOWRAM = 0;/' services/core/java/com/android/server/DropBoxManagerService.java;
|
||||
@ -179,7 +177,7 @@ rm -rf packages/PrintRecommendationService; #Creates popups to install proprieta
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
if [ "$DOS_SENSORS_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
@ -234,7 +232,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_hardware_qcom_display/CVE-2019-2306-msm8
|
||||
fi;
|
||||
|
||||
if enterAndClear "libcore"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_libcore/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0002-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||
fi;
|
||||
|
||||
@ -265,19 +263,15 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/PackageInstaller"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Network_Permission-2.patch";
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Network_Permission-1.patch"; #Always treat INTERNET as a runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Network_Permission-2.patch"; #Add NETWORK permission group (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Sensors_Permission-1.patch"; #Add OTHER_SENSORS permission group (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PackageInstaller/0001-Sensors_Permission-2.patch"; #Always treat OTHER_SENSORS as a runtime permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
git revert --no-edit c240992b4c86c7f226290807a2f41f2619e7e5e8; #Don't hide OEM unlock
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
if [ "$DOS_SENSORS_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P1.patch"; #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors-P2.patch";
|
||||
fi;
|
||||
#applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS) #TODO: Needs work
|
||||
sed -i 's/private int mPasswordMaxLength = 16;/private int mPasswordMaxLength = 48;/' src/com/android/settings/password/ChooseLockPassword.java; #Increase max password length (GrapheneOS)
|
||||
sed -i 's/if (isFullDiskEncrypted()) {/if (false) {/' src/com/android/settings/accessibility/*AccessibilityService*.java; #Never disable secure start-up when enabling an accessibility service
|
||||
@ -304,7 +298,7 @@ applyPatch "$DOS_PATCHES_COMMON/android_packages_inputmethods_LatinIME/0002-Disa
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/providers/DownloadProvider"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/services/Telephony"; then
|
||||
|
@ -152,18 +152,16 @@ fi;
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS)
|
||||
if [ "$DOS_SENSORS_PERM_NEW" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0011-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Restore_SensorsOff.patch"; #Restore the Sensors Off tile
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS)
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-2.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-3.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-4.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-5.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-6.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-7.patch";
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-3.patch"; #Enforce INTERNET as a runtime permission. (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-4.patch"; #Fix INTERNET enforcement for secondary users (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-5.patch"; #Send uid for each user instead of just owner/admin user (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Network_Permission-6.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Sensors_Permission.patch"; #Add special runtime permission for other sensors (GrapheneOS)
|
||||
if [ "$DOS_TIMEOUTS" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0015-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0016-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (GrapheneOS)
|
||||
@ -187,7 +185,7 @@ rm -rf packages/PrintRecommendationService; #Creates popups to install proprieta
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
if [ "$DOS_SENSORS_PERM_NEW" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if [ "$DOS_DEBLOBBER_REMOVE_IMS" = true ]; then
|
||||
@ -247,7 +245,7 @@ if [ "$DOS_GRAPHENE_EXEC" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_libcore/0001-Exec_Based_Spawning-1.patch"; #Add exec-based spawning support (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_libcore/0001-Exec_Based_Spawning-2.patch";
|
||||
fi;
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0003-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_libcore/0003-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0004-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||
fi;
|
||||
|
||||
@ -279,16 +277,15 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/PermissionController"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Network_Permission-2.patch";
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Network_Permission-1.patch"; #Always treat INTERNET as a runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Network_Permission-2.patch"; #Add INTERNET permission toggle (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Sensors_Permission-1.patch"; #Always treat OTHER_SENSORS as a runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0001-Sensors_Permission-2.patch"; #Add OTHER_SENSORS permission group (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
git revert --no-edit 486980cfecce2ca64267f41462f9371486308e9d; #Don't hide OEM unlock
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
if [ "$DOS_SENSORS_PERM_NEW" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch"; #Remove the Sensors Off development tile
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS)
|
||||
if [ "$DOS_TIMEOUTS" = true ]; then
|
||||
@ -333,7 +330,7 @@ fi;
|
||||
#fi;
|
||||
|
||||
if enterAndClear "packages/providers/DownloadProvider"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
#if enterAndClear "packages/services/Telephony"; then
|
||||
@ -364,7 +361,7 @@ applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/netd"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_system_netd/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_system_netd/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/sepolicy"; then
|
||||
|
@ -128,18 +128,16 @@ applyPatch "$DOS_PATCHES/android_frameworks_base/0009-SystemUI_No_Permission_Rev
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0003-SUPL_No_IMSI.patch"; #Don't send IMSI to SUPL (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0004-Fingerprint_Lockout.patch"; #Enable fingerprint lockout after three failed attempts (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES_COMMON/android_frameworks_base/0005-User_Logout.patch"; #Allow user logout (GrapheneOS)
|
||||
if [ "$DOS_SENSORS_PERM_NEW" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_base/0010-Sensors.patch"; fi #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0011-Restore_SensorsOff.patch"; #Restore the Sensors Off tile
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0012-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS)
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-4.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-5.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-6.patch";
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-7.patch";
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Special_Permissions.patch"; #Support new special runtime permissions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-1.patch"; #Make INTERNET into a special runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-2.patch"; #Add a NETWORK permission group for INTERNET (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-3.patch"; #Enforce INTERNET as a runtime permission. (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-4.patch"; #Fix INTERNET enforcement for secondary users (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-5.patch"; #Send uid for each user instead of just owner/admin user (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Network_Permission-6.patch"; #Skip reportNetworkConnectivity() when permission is revoked (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0013-Sensors_Permission.patch"; #Add special runtime permission for other sensors (GrapheneOS)
|
||||
if [ "$DOS_TIMEOUTS" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0014-Automatic_Reboot.patch"; #Timeout for reboot (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_base/0015-Bluetooth_Timeout.patch"; #Timeout for Bluetooth (GrapheneOS)
|
||||
@ -183,7 +181,7 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_fr
|
||||
fi;
|
||||
|
||||
if enterAndClear "frameworks/native"; then
|
||||
if [ "$DOS_SENSORS_PERM_NEW" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/0001-Sensors.patch"; #Require OTHER_SENSORS permission for sensors (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_frameworks_native/0002-fix-uaf.patch"; #Fix use-after-free in adbd_auth (GrapheneOS)
|
||||
fi;
|
||||
|
||||
@ -249,7 +247,7 @@ applyPatch "$DOS_PATCHES/android_hardware_qcom_audio/0001-Unused-sm8150.patch";
|
||||
fi;
|
||||
|
||||
if enterAndClear "libcore"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_libcore/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_libcore/0002-constify_JNINativeMethod.patch"; fi; #Constify JNINativeMethod tables (GrapheneOS)
|
||||
if [ "$DOS_GRAPHENE_EXEC" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_libcore/0003-Exec_Based_Spawning-1.patch"; #Add exec-based spawning support (GrapheneOS)
|
||||
@ -285,18 +283,17 @@ if [ "$DOS_GRAPHENE_CONSTIFY" = true ]; then applyPatch "$DOS_PATCHES/android_pa
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/PermissionController"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-1.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-2.patch";
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-3.patch";
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-4.patch";
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-5.patch";
|
||||
fi;
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-1.patch"; #Always treat INTERNET as a runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Network_Permission-2.patch"; #Add INTERNET permission toggle (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Sensors_Permission-1.patch"; #Add OTHER_SENSORS permission group (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Sensors_Permission-2.patch"; #Always treat OTHER_SENSORS as a runtime permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Special_Permissions-1.patch"; #Refactor handling of special runtime permissions (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Special_Permissions-2.patch"; #Don't auto revoke Network and Sensors (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_PermissionController/0002-Special_Permissions-3.patch"; #UI fix for special runtime permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/apps/Settings"; then
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0001-Captive_Portal_Toggle.patch"; #Add option to disable captive portal checks (MSe1969)
|
||||
if [ "$DOS_SENSORS_PERM_NEW" = true ]; then applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0002-Sensors.patch"; fi; #Permission for sensors access (MSe1969)
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0003-Remove_SensorsOff_Tile.patch"; #Remove the Sensors Off development tile
|
||||
applyPatch "$DOS_PATCHES/android_packages_apps_Settings/0004-Private_DNS.patch"; #More 'Private DNS' options (CalyxOS)
|
||||
if [ "$DOS_TIMEOUTS" = true ]; then
|
||||
@ -341,7 +338,7 @@ fi;
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/providers/DownloadProvider"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_packages_providers_DownloadProvider/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "packages/providers/TelephonyProvider"; then
|
||||
@ -368,7 +365,7 @@ applyPatch "$DOS_PATCHES/android_system_extras/0001-ext4_pad_filenames.patch"; #
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/netd"; then
|
||||
if [ "$DOS_GRAPHENE_NETWORK_PERM" = true ]; then applyPatch "$DOS_PATCHES/android_system_netd/0001-Network_Permission.patch"; fi; #Expose the NETWORK permission (GrapheneOS)
|
||||
applyPatch "$DOS_PATCHES/android_system_netd/0001-Network_Permission.patch"; #Expose the NETWORK permission (GrapheneOS)
|
||||
fi;
|
||||
|
||||
if enterAndClear "system/sepolicy"; then
|
||||
|
@ -62,7 +62,6 @@ export DOS_GRAPHENE_CONSTIFY=true; #Enables 'Constify JNINativeMethod tables' pa
|
||||
export DOS_GRAPHENE_MALLOC=true; #Enables use of GrapheneOS' hardened memory allocator on 64-bit platforms on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_EXEC=true; #Enables use of GrapheneOS' exec spawning feature on 16.0+17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_PTRACE_SCOPE=true; #Enables the GrapheneOS ptrace_scope toggle patchset on 17.1+18.1+19.1
|
||||
export DOS_GRAPHENE_NETWORK_PERM=true; #Enables use of GrapheneOS' NETWORK permission on 17.1+18.1, 19.1 has no toggle
|
||||
export DOS_GRAPHENE_RANDOM_MAC=true; #Enables the GrapheneOS always randomize Wi-Fi MAC patchset on 17.1+18.1+19.1
|
||||
export DOS_TIMEOUTS=true; #Enables the GrapheneOS/CalyxOS patchset for automatic timeouts of reboot/Wi-Fi/Bluetooth on 17.1+18.1+19.1
|
||||
export DOS_HOSTS_BLOCKING=true; #Set false to prevent inclusion of a HOSTS file
|
||||
@ -70,8 +69,7 @@ export DOS_HOSTS_BLOCKING_LIST="https://divested.dev/hosts-wildcards"; #Must be
|
||||
export DOS_LOWRAM_ENABLED=false; #Set true to enable low_ram on all devices
|
||||
export DOS_MICROG_INCLUDED="NONE"; #Determines inclusion of microG. Options: NONE, NLP, FULL (removed)
|
||||
export DOS_SILENCE_INCLUDED=true; #Set false to disable inclusion of Silence SMS app
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1/16.0 #XXX: can break things like camera
|
||||
export DOS_SENSORS_PERM_NEW=true; #For 17.1+18.1
|
||||
export DOS_SENSORS_PERM=false; #Set true to provide a per-app sensors permission for 14.1/15.1 #XXX: can break things like camera
|
||||
export DOS_STRONG_ENCRYPTION_ENABLED=false; #Set true to enable AES 256-bit FDE encryption on 14.1+15.1 XXX: THIS WILL **DESTROY** EXISTING INSTALLS!
|
||||
export DOS_WEBVIEW_LFS=true; #Whether to `git lfs pull` in the WebView repository
|
||||
#alias DOS_WEBVIEW_CHERRYPICK='git pull "https://github.com/LineageOS/android_external_chromium-webview" refs/changes/00/316600/2';
|
||||
@ -132,7 +130,7 @@ gpgVerifyGitHead() {
|
||||
export -f gpgVerifyGitHead;
|
||||
|
||||
BUILD_WORKING_DIR=${PWD##*/};
|
||||
DOS_VERSION=$BUILD_WORKING_DIR;
|
||||
export DOS_VERSION=$BUILD_WORKING_DIR;
|
||||
if [ -d ".repo" ]; then
|
||||
echo "Detected $BUILD_WORKING_DIR";
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user