Properly check per UID app ops and dump user restrictions.
Test: Permission CTS tests pass and shell dump correct
Change-Id: I7cf4c85781172319891756034b5bade62f76803f
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
index 570843e..1f62945 100644
--- a/services/core/java/com/android/server/AppOpsService.java
+++ b/services/core/java/com/android/server/AppOpsService.java
@@ -881,11 +881,9 @@
}
code = AppOpsManager.opToSwitch(code);
UidState uidState = getUidStateLocked(uid, false);
- if (uidState != null && uidState.opModes != null) {
- final int uidMode = uidState.opModes.get(code);
- if (uidMode != AppOpsManager.MODE_ALLOWED) {
- return uidMode;
- }
+ if (uidState != null && uidState.opModes != null
+ && uidState.opModes.indexOfKey(code) >= 0) {
+ return uidState.opModes.get(code);
}
Op op = getOpLocked(code, uid, resolvedPackageName, false);
if (op == null) {
@@ -2126,6 +2124,7 @@
UidState uidState = mUidStates.valueAt(i);
pw.print(" Uid "); UserHandle.formatUid(pw, uidState.uid); pw.println(":");
+ needSep = true;
SparseIntArray opModes = uidState.opModes;
if (opModes != null) {
@@ -2166,6 +2165,55 @@
}
}
}
+ if (needSep) {
+ pw.println();
+ }
+
+ final int userRestrictionCount = mOpUserRestrictions.size();
+ for (int i = 0; i < userRestrictionCount; i++) {
+ IBinder token = mOpUserRestrictions.keyAt(i);
+ ClientRestrictionState restrictionState = mOpUserRestrictions.valueAt(i);
+ pw.println(" User restrictions for token " + token + ":");
+
+ final int restrictionCount = restrictionState.perUserRestrictions != null
+ ? restrictionState.perUserRestrictions.size() : 0;
+ if (restrictionCount > 0) {
+ pw.println(" Restricted ops:");
+ for (int j = 0; j < restrictionCount; j++) {
+ int userId = restrictionState.perUserRestrictions.keyAt(j);
+ boolean[] restrictedOps = restrictionState.perUserRestrictions.valueAt(j);
+ if (restrictedOps == null) {
+ continue;
+ }
+ StringBuilder restrictedOpsValue = new StringBuilder();
+ restrictedOpsValue.append("[");
+ final int restrictedOpCount = restrictedOps.length;
+ for (int k = 0; k < restrictedOpCount; k++) {
+ if (restrictedOps[k]) {
+ if (restrictedOpsValue.length() > 1) {
+ restrictedOpsValue.append(", ");
+ }
+ restrictedOpsValue.append(AppOpsManager.opToName(k));
+ }
+ }
+ restrictedOpsValue.append("]");
+ pw.print(" "); pw.print("user: "); pw.print(userId);
+ pw.print(" restricted ops: "); pw.println(restrictedOpsValue);
+ }
+ }
+
+ final int excludedPackageCount = restrictionState.perUserExcludedPackages != null
+ ? restrictionState.perUserExcludedPackages.size() : 0;
+ if (excludedPackageCount > 0) {
+ pw.println(" Excluded packages:");
+ for (int j = 0; j < excludedPackageCount; j++) {
+ int userId = restrictionState.perUserExcludedPackages.keyAt(j);
+ String[] packageNames = restrictionState.perUserExcludedPackages.valueAt(j);
+ pw.print(" "); pw.print("user: "); pw.print(userId);
+ pw.print(" packages: "); pw.println(Arrays.toString(packageNames));
+ }
+ }
+ }
}
}