commit 060275ffc7fbfc72b19871f7dd7aefb61a81a1fc
author Billy Lau <billylau@google.com> Wed Jul 15 22:29:19 2015 +0100
committer Billy Lau <billylau@google.com> Thu Jul 16 00:34:26 2015 +0100
tree 35f650b9f697e74d3cee72a127287172ffdb7372
parent 22b3f4cb15207239e203d5ec8b72ec6bc90fef35

Bug: 21589105 Rescoping SYSTEM_ALERT_WINDOW...

AppOpsManager:
Changed the default mode for SYSTEM_ALERT_WINDOW to MODE_DEFAULT instead of
MODE_ALLOWED. Otherwise, an app that did not declare for this permission will
actually be allowed to perform OP_SYSTEM_ALERT_WINDOW, which is undesirable.
This change also allows callers to make their own decision based on the
current policy (M vs pre-M apps).

policy/PhoneWindowManager:
Added additional checks that will handle MODE_DEFAULT - this happens when an app
is newly installed but not yet configured.

wm/WindowManagerService:
Enriched some checks to include the treatment of MODE_DEFAULT - this will allow
pre-M apps uninterupted capability to draw on top of other apps.

Change-Id: I8de77730e158c97587427820cfba721bd5607bea

services/core/java/com/android/server/policy/PhoneWindowManager.java

diff --git a/services/core/java/com/android/server/policy/PhoneWindowManager.java b/services/core/java/com/android/server/policy/PhoneWindowManager.java
index 3393d7d..c75a418 100644
--- a/services/core/java/com/android/server/policy/PhoneWindowManager.java
+++ b/services/core/java/com/android/server/policy/PhoneWindowManager.java
@@ -123,6 +123,7 @@
 import java.io.FileReader;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 
@@ -1827,21 +1828,33 @@
         if (permission != null) {
             if (permission == android.Manifest.permission.SYSTEM_ALERT_WINDOW) {
                 final int callingUid = Binder.getCallingUid();
-                // check if this is a system uid first before bothering with
-                // obtaining package name
+                // system processes will be automatically allowed privilege to draw
                 if (callingUid == Process.SYSTEM_UID) {
                     return WindowManagerGlobal.ADD_OKAY;
                 }
 
+                // check if user has enabled this operation. SecurityException will be thrown if
+                // this app has not been allowed by the user
                 final int mode = mAppOpsManager.checkOp(outAppOp[0], callingUid,
                         attrs.packageName);
-                if (mode == AppOpsManager.MODE_DEFAULT) {
-                    if (mContext.checkCallingPermission(permission) !=
-                            PackageManager.PERMISSION_GRANTED) {
+                switch (mode) {
+                    case AppOpsManager.MODE_ALLOWED:
+                    case AppOpsManager.MODE_IGNORED:
+                        // although we return ADD_OKAY for MODE_IGNORED, the added window will
+                        // actually be hidden in WindowManagerService
+                        return WindowManagerGlobal.ADD_OKAY;
+                    case AppOpsManager.MODE_ERRORED:
                         return WindowManagerGlobal.ADD_PERMISSION_DENIED;
-                    }
+                    default:
+                        // in the default mode, we will make a decision here based on
+                        // checkCallingPermission()
+                        if (mContext.checkCallingPermission(permission) !=
+                                PackageManager.PERMISSION_GRANTED) {
+                            return WindowManagerGlobal.ADD_PERMISSION_DENIED;
+                        } else {
+                            return WindowManagerGlobal.ADD_OKAY;
+                        }
                 }
-                return WindowManagerGlobal.ADD_OKAY;
             }
 
             if (mContext.checkCallingOrSelfPermission(permission)