From 7fcc6be5ca1672ca0b48fa6d55224b34d0d0ebea Mon Sep 17 00:00:00 2001 From: MSe Date: Wed, 25 Apr 2018 23:07:47 +0200 Subject: [PATCH 2/3] AppOpsService: Default mode 'allowed' for systemUID and platform signed To avoid severe issues when setting selected Ops to 'ASK', the default mode for systemui, apps with uid 1000 (system) and apps signed with the platform key will always get the 'allowed' mode as default. Change-Id: I71d9618d5b900241b99c060d43bc4270da05305b --- .../com/android/server/AppOpsService.java | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java index a9e350570508..de31ba177ca2 100644 --- a/services/core/java/com/android/server/AppOpsService.java +++ b/services/core/java/com/android/server/AppOpsService.java @@ -2576,6 +2576,26 @@ public class AppOpsService extends IAppOpsService.Stub { } private int getDefaultMode(int code, int uid, String packageName) { + // To allow setting 'MODE_ASK' for own Ops, some precautions to + // avoid privileged apps to trigger the toggle are needed: + + // 1st check: Skip uid 1000 and systemui + if (uid == android.os.Process.SYSTEM_UID || "com.android.systemui".equals(packageName)) { + return AppOpsManager.MODE_ALLOWED; + } + // 2nd check: Skip apps signed with platform key, except for the 'root' Op + if (code != AppOpsManager.OP_SU) { + try { + int match = AppGlobals.getPackageManager().checkSignatures("android", packageName); + if (match >= PackageManager.SIGNATURE_MATCH) { + return AppOpsManager.MODE_ALLOWED; + } + } catch (RemoteException re) { + Log.e(TAG, "AppOps getDefaultMode: Can't talk to PM f. Sig.Check", re); + } + } + // end + int mode = AppOpsManager.opToDefaultMode(code, isStrict(code, uid, packageName)); if (AppOpsManager.isStrictOp(code) && mPolicy != null) { -- 2.31.1