Make sure unsafeCheckOpRaw ops check raw ops
Test: manual
bug:119323172
Change-Id: Ic21d03af3a08bdca76821f2bc644482e7e5a1300
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index a278423..791f3da 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -3078,7 +3078,7 @@
*/
public int unsafeCheckOpRaw(String op, int uid, String packageName) {
try {
- return mService.checkOperation(strOpToOp(op), uid, packageName);
+ return mService.checkOperationRaw(strOpToOp(op), uid, packageName);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
diff --git a/core/java/android/app/AppOpsManagerInternal.java b/core/java/android/app/AppOpsManagerInternal.java
index 7fe21b2..139a39f 100644
--- a/core/java/android/app/AppOpsManagerInternal.java
+++ b/core/java/android/app/AppOpsManagerInternal.java
@@ -37,10 +37,11 @@
* @param uid The UID for which to check.
* @param packageName The package for which to check.
* @param superImpl The super implementation.
+ * @param raw Whether to check the raw op i.e. not interpret the mode based on UID state.
* @return The app op check result.
*/
- int checkOperation(int code, int uid, String packageName,
- TriFunction<Integer, Integer, String, Integer> superImpl);
+ int checkOperation(int code, int uid, String packageName, boolean raw,
+ QuadFunction<Integer, Integer, String, Boolean, Integer> superImpl);
/**
* Allows overriding check audio operation behavior.
diff --git a/core/java/com/android/internal/app/IAppOpsService.aidl b/core/java/com/android/internal/app/IAppOpsService.aidl
index e571656..e59bee4 100644
--- a/core/java/com/android/internal/app/IAppOpsService.aidl
+++ b/core/java/com/android/internal/app/IAppOpsService.aidl
@@ -65,4 +65,6 @@
void startWatchingNoted(in int[] ops, IAppOpsNotedCallback callback);
void stopWatchingNoted(IAppOpsNotedCallback callback);
+
+ int checkOperationRaw(int code, int uid, String packageName);
}
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
index f0ec69f..f027253 100644
--- a/services/core/java/com/android/server/AppOpsService.java
+++ b/services/core/java/com/android/server/AppOpsService.java
@@ -65,7 +65,6 @@
import android.os.ShellCallback;
import android.os.ShellCommand;
import android.os.SystemClock;
-import android.os.SystemProperties;
import android.os.UserHandle;
import android.os.UserManager;
import android.os.storage.StorageManager;
@@ -1646,29 +1645,40 @@
}
@Override
+ public int checkOperationRaw(int code, int uid, String packageName) {
+ return checkOperationInternal(code, uid, packageName, true /*raw*/);
+ }
+
+ @Override
public int checkOperation(int code, int uid, String packageName) {
+ return checkOperationInternal(code, uid, packageName, false /*raw*/);
+ }
+
+ private int checkOperationInternal(int code, int uid, String packageName, boolean raw) {
final CheckOpsDelegate delegate;
synchronized (this) {
delegate = mCheckOpsDelegate;
}
if (delegate == null) {
- return checkOperationImpl(code, uid, packageName);
+ return checkOperationImpl(code, uid, packageName, raw);
}
- return delegate.checkOperation(code, uid, packageName,
+ return delegate.checkOperation(code, uid, packageName, raw,
AppOpsService.this::checkOperationImpl);
}
- private int checkOperationImpl(int code, int uid, String packageName) {
+ private int checkOperationImpl(int code, int uid, String packageName,
+ boolean raw) {
verifyIncomingUid(uid);
verifyIncomingOp(code);
String resolvedPackageName = resolvePackageName(uid, packageName);
if (resolvedPackageName == null) {
return AppOpsManager.MODE_IGNORED;
}
- return checkOperationUnchecked(code, uid, resolvedPackageName);
+ return checkOperationUnchecked(code, uid, resolvedPackageName, raw);
}
- private int checkOperationUnchecked(int code, int uid, String packageName) {
+ private int checkOperationUnchecked(int code, int uid, String packageName,
+ boolean raw) {
synchronized (this) {
if (isOpRestrictedLocked(uid, code, packageName)) {
return AppOpsManager.MODE_IGNORED;
@@ -1677,7 +1687,8 @@
UidState uidState = getUidStateLocked(uid, false);
if (uidState != null && uidState.opModes != null
&& uidState.opModes.indexOfKey(code) >= 0) {
- return uidState.evalMode(uidState.opModes.get(code));
+ final int rawMode = uidState.opModes.get(code);
+ return raw ? rawMode : uidState.evalMode(rawMode);
}
Op op = getOpLocked(code, uid, packageName, false, true, false);
if (op == null) {
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 3bfd363..983ec4b 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -20117,18 +20117,18 @@
}
@Override
- public int checkOperation(int code, int uid, String packageName,
- TriFunction<Integer, Integer, String, Integer> superImpl) {
+ public int checkOperation(int code, int uid, String packageName, boolean raw,
+ QuadFunction<Integer, Integer, String, Boolean, Integer> superImpl) {
if (uid == mTargetUid && isTargetOp(code)) {
final long identity = Binder.clearCallingIdentity();
try {
return superImpl.apply(code, Process.SHELL_UID,
- "com.android.shell");
+ "com.android.shell", raw);
} finally {
Binder.restoreCallingIdentity(identity);
}
}
- return superImpl.apply(code, uid, packageName);
+ return superImpl.apply(code, uid, packageName, raw);
}
@Override