1 /*
2  * Copyright (C) 2012 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.app;
18 
19 import android.Manifest;
20 import android.annotation.RequiresPermission;
21 import android.annotation.SystemApi;
22 import android.annotation.SystemService;
23 import android.app.usage.UsageStatsManager;
24 import android.content.Context;
25 import android.media.AudioAttributes.AttributeUsage;
26 import android.os.Binder;
27 import android.os.IBinder;
28 import android.os.Parcel;
29 import android.os.Parcelable;
30 import android.os.Process;
31 import android.os.RemoteException;
32 import android.os.UserHandle;
33 import android.os.UserManager;
34 import android.util.ArrayMap;
35 
36 import com.android.internal.app.IAppOpsCallback;
37 import com.android.internal.app.IAppOpsService;
38 
39 import java.util.ArrayList;
40 import java.util.HashMap;
41 import java.util.List;
42 
43 /**
44  * API for interacting with "application operation" tracking.
45  *
46  * <p>This API is not generally intended for third party application developers; most
47  * features are only available to system applications.
48  */
49 @SystemService(Context.APP_OPS_SERVICE)
50 public class AppOpsManager {
51     /**
52      * <p>App ops allows callers to:</p>
53      *
54      * <ul>
55      * <li> Note when operations are happening, and find out if they are allowed for the current
56      * caller.</li>
57      * <li> Disallow specific apps from doing specific operations.</li>
58      * <li> Collect all of the current information about operations that have been executed or
59      * are not being allowed.</li>
60      * <li> Monitor for changes in whether an operation is allowed.</li>
61      * </ul>
62      *
63      * <p>Each operation is identified by a single integer; these integers are a fixed set of
64      * operations, enumerated by the OP_* constants.
65      *
66      * <p></p>When checking operations, the result is a "mode" integer indicating the current
67      * setting for the operation under that caller: MODE_ALLOWED, MODE_IGNORED (don't execute
68      * the operation but fake its behavior enough so that the caller doesn't crash),
69      * MODE_ERRORED (throw a SecurityException back to the caller; the normal operation calls
70      * will do this for you).
71      */
72 
73     final Context mContext;
74     final IAppOpsService mService;
75     final ArrayMap<OnOpChangedListener, IAppOpsCallback> mModeWatchers
76             = new ArrayMap<OnOpChangedListener, IAppOpsCallback>();
77 
78     static IBinder sToken;
79 
80     /**
81      * Result from {@link #checkOp}, {@link #noteOp}, {@link #startOp}: the given caller is
82      * allowed to perform the given operation.
83      */
84     public static final int MODE_ALLOWED = 0;
85 
86     /**
87      * Result from {@link #checkOp}, {@link #noteOp}, {@link #startOp}: the given caller is
88      * not allowed to perform the given operation, and this attempt should
89      * <em>silently fail</em> (it should not cause the app to crash).
90      */
91     public static final int MODE_IGNORED = 1;
92 
93     /**
94      * Result from {@link #checkOpNoThrow}, {@link #noteOpNoThrow}, {@link #startOpNoThrow}: the
95      * given caller is not allowed to perform the given operation, and this attempt should
96      * cause it to have a fatal error, typically a {@link SecurityException}.
97      */
98     public static final int MODE_ERRORED = 2;
99 
100     /**
101      * Result from {@link #checkOp}, {@link #noteOp}, {@link #startOp}: the given caller should
102      * use its default security check.  This mode is not normally used; it should only be used
103      * with appop permissions, and callers must explicitly check for it and deal with it.
104      */
105     public static final int MODE_DEFAULT = 3;
106 
107     // when adding one of these:
108     //  - increment _NUM_OP
109     //  - add rows to sOpToSwitch, sOpToString, sOpNames, sOpToPerms, sOpDefault
110     //  - add descriptive strings to Settings/res/values/arrays.xml
111     //  - add the op to the appropriate template in AppOpsState.OpsTemplate (settings app)
112 
113     /** @hide No operation specified. */
114     public static final int OP_NONE = -1;
115     /** @hide Access to coarse location information. */
116     public static final int OP_COARSE_LOCATION = 0;
117     /** @hide Access to fine location information. */
118     public static final int OP_FINE_LOCATION = 1;
119     /** @hide Causing GPS to run. */
120     public static final int OP_GPS = 2;
121     /** @hide */
122     public static final int OP_VIBRATE = 3;
123     /** @hide */
124     public static final int OP_READ_CONTACTS = 4;
125     /** @hide */
126     public static final int OP_WRITE_CONTACTS = 5;
127     /** @hide */
128     public static final int OP_READ_CALL_LOG = 6;
129     /** @hide */
130     public static final int OP_WRITE_CALL_LOG = 7;
131     /** @hide */
132     public static final int OP_READ_CALENDAR = 8;
133     /** @hide */
134     public static final int OP_WRITE_CALENDAR = 9;
135     /** @hide */
136     public static final int OP_WIFI_SCAN = 10;
137     /** @hide */
138     public static final int OP_POST_NOTIFICATION = 11;
139     /** @hide */
140     public static final int OP_NEIGHBORING_CELLS = 12;
141     /** @hide */
142     public static final int OP_CALL_PHONE = 13;
143     /** @hide */
144     public static final int OP_READ_SMS = 14;
145     /** @hide */
146     public static final int OP_WRITE_SMS = 15;
147     /** @hide */
148     public static final int OP_RECEIVE_SMS = 16;
149     /** @hide */
150     public static final int OP_RECEIVE_EMERGECY_SMS = 17;
151     /** @hide */
152     public static final int OP_RECEIVE_MMS = 18;
153     /** @hide */
154     public static final int OP_RECEIVE_WAP_PUSH = 19;
155     /** @hide */
156     public static final int OP_SEND_SMS = 20;
157     /** @hide */
158     public static final int OP_READ_ICC_SMS = 21;
159     /** @hide */
160     public static final int OP_WRITE_ICC_SMS = 22;
161     /** @hide */
162     public static final int OP_WRITE_SETTINGS = 23;
163     /** @hide */
164     public static final int OP_SYSTEM_ALERT_WINDOW = 24;
165     /** @hide */
166     public static final int OP_ACCESS_NOTIFICATIONS = 25;
167     /** @hide */
168     public static final int OP_CAMERA = 26;
169     /** @hide */
170     public static final int OP_RECORD_AUDIO = 27;
171     /** @hide */
172     public static final int OP_PLAY_AUDIO = 28;
173     /** @hide */
174     public static final int OP_READ_CLIPBOARD = 29;
175     /** @hide */
176     public static final int OP_WRITE_CLIPBOARD = 30;
177     /** @hide */
178     public static final int OP_TAKE_MEDIA_BUTTONS = 31;
179     /** @hide */
180     public static final int OP_TAKE_AUDIO_FOCUS = 32;
181     /** @hide */
182     public static final int OP_AUDIO_MASTER_VOLUME = 33;
183     /** @hide */
184     public static final int OP_AUDIO_VOICE_VOLUME = 34;
185     /** @hide */
186     public static final int OP_AUDIO_RING_VOLUME = 35;
187     /** @hide */
188     public static final int OP_AUDIO_MEDIA_VOLUME = 36;
189     /** @hide */
190     public static final int OP_AUDIO_ALARM_VOLUME = 37;
191     /** @hide */
192     public static final int OP_AUDIO_NOTIFICATION_VOLUME = 38;
193     /** @hide */
194     public static final int OP_AUDIO_BLUETOOTH_VOLUME = 39;
195     /** @hide */
196     public static final int OP_WAKE_LOCK = 40;
197     /** @hide Continually monitoring location data. */
198     public static final int OP_MONITOR_LOCATION = 41;
199     /** @hide Continually monitoring location data with a relatively high power request. */
200     public static final int OP_MONITOR_HIGH_POWER_LOCATION = 42;
201     /** @hide Retrieve current usage stats via {@link UsageStatsManager}. */
202     public static final int OP_GET_USAGE_STATS = 43;
203     /** @hide */
204     public static final int OP_MUTE_MICROPHONE = 44;
205     /** @hide */
206     public static final int OP_TOAST_WINDOW = 45;
207     /** @hide Capture the device's display contents and/or audio */
208     public static final int OP_PROJECT_MEDIA = 46;
209     /** @hide Activate a VPN connection without user intervention. */
210     public static final int OP_ACTIVATE_VPN = 47;
211     /** @hide Access the WallpaperManagerAPI to write wallpapers. */
212     public static final int OP_WRITE_WALLPAPER = 48;
213     /** @hide Received the assist structure from an app. */
214     public static final int OP_ASSIST_STRUCTURE = 49;
215     /** @hide Received a screenshot from assist. */
216     public static final int OP_ASSIST_SCREENSHOT = 50;
217     /** @hide Read the phone state. */
218     public static final int OP_READ_PHONE_STATE = 51;
219     /** @hide Add voicemail messages to the voicemail content provider. */
220     public static final int OP_ADD_VOICEMAIL = 52;
221     /** @hide Access APIs for SIP calling over VOIP or WiFi. */
222     public static final int OP_USE_SIP = 53;
223     /** @hide Intercept outgoing calls. */
224     public static final int OP_PROCESS_OUTGOING_CALLS = 54;
225     /** @hide User the fingerprint API. */
226     public static final int OP_USE_FINGERPRINT = 55;
227     /** @hide Access to body sensors such as heart rate, etc. */
228     public static final int OP_BODY_SENSORS = 56;
229     /** @hide Read previously received cell broadcast messages. */
230     public static final int OP_READ_CELL_BROADCASTS = 57;
231     /** @hide Inject mock location into the system. */
232     public static final int OP_MOCK_LOCATION = 58;
233     /** @hide Read external storage. */
234     public static final int OP_READ_EXTERNAL_STORAGE = 59;
235     /** @hide Write external storage. */
236     public static final int OP_WRITE_EXTERNAL_STORAGE = 60;
237     /** @hide Turned on the screen. */
238     public static final int OP_TURN_SCREEN_ON = 61;
239     /** @hide Get device accounts. */
240     public static final int OP_GET_ACCOUNTS = 62;
241     /** @hide Control whether an application is allowed to run in the background. */
242     public static final int OP_RUN_IN_BACKGROUND = 63;
243     /** @hide */
244     public static final int OP_AUDIO_ACCESSIBILITY_VOLUME = 64;
245     /** @hide Read the phone number. */
246     public static final int OP_READ_PHONE_NUMBERS = 65;
247     /** @hide Request package installs through package installer */
248     public static final int OP_REQUEST_INSTALL_PACKAGES = 66;
249     /** @hide Enter picture-in-picture. */
250     public static final int OP_PICTURE_IN_PICTURE = 67;
251     /** @hide Instant app start foreground service. */
252     public static final int OP_INSTANT_APP_START_FOREGROUND = 68;
253     /** @hide Answer incoming phone calls */
254     public static final int OP_ANSWER_PHONE_CALLS = 69;
255     /** @hide */
256     public static final int _NUM_OP = 70;
257 
258     /** Access to coarse location information. */
259     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
260     /** Access to fine location information. */
261     public static final String OPSTR_FINE_LOCATION =
262             "android:fine_location";
263     /** Continually monitoring location data. */
264     public static final String OPSTR_MONITOR_LOCATION
265             = "android:monitor_location";
266     /** Continually monitoring location data with a relatively high power request. */
267     public static final String OPSTR_MONITOR_HIGH_POWER_LOCATION
268             = "android:monitor_location_high_power";
269     /** Access to {@link android.app.usage.UsageStatsManager}. */
270     public static final String OPSTR_GET_USAGE_STATS
271             = "android:get_usage_stats";
272     /** Activate a VPN connection without user intervention. @hide */
273     @SystemApi
274     public static final String OPSTR_ACTIVATE_VPN
275             = "android:activate_vpn";
276     /** Allows an application to read the user's contacts data. */
277     public static final String OPSTR_READ_CONTACTS
278             = "android:read_contacts";
279     /** Allows an application to write to the user's contacts data. */
280     public static final String OPSTR_WRITE_CONTACTS
281             = "android:write_contacts";
282     /** Allows an application to read the user's call log. */
283     public static final String OPSTR_READ_CALL_LOG
284             = "android:read_call_log";
285     /** Allows an application to write to the user's call log. */
286     public static final String OPSTR_WRITE_CALL_LOG
287             = "android:write_call_log";
288     /** Allows an application to read the user's calendar data. */
289     public static final String OPSTR_READ_CALENDAR
290             = "android:read_calendar";
291     /** Allows an application to write to the user's calendar data. */
292     public static final String OPSTR_WRITE_CALENDAR
293             = "android:write_calendar";
294     /** Allows an application to initiate a phone call. */
295     public static final String OPSTR_CALL_PHONE
296             = "android:call_phone";
297     /** Allows an application to read SMS messages. */
298     public static final String OPSTR_READ_SMS
299             = "android:read_sms";
300     /** Allows an application to receive SMS messages. */
301     public static final String OPSTR_RECEIVE_SMS
302             = "android:receive_sms";
303     /** Allows an application to receive MMS messages. */
304     public static final String OPSTR_RECEIVE_MMS
305             = "android:receive_mms";
306     /** Allows an application to receive WAP push messages. */
307     public static final String OPSTR_RECEIVE_WAP_PUSH
308             = "android:receive_wap_push";
309     /** Allows an application to send SMS messages. */
310     public static final String OPSTR_SEND_SMS
311             = "android:send_sms";
312     /** Required to be able to access the camera device. */
313     public static final String OPSTR_CAMERA
314             = "android:camera";
315     /** Required to be able to access the microphone device. */
316     public static final String OPSTR_RECORD_AUDIO
317             = "android:record_audio";
318     /** Required to access phone state related information. */
319     public static final String OPSTR_READ_PHONE_STATE
320             = "android:read_phone_state";
321     /** Required to access phone state related information. */
322     public static final String OPSTR_ADD_VOICEMAIL
323             = "android:add_voicemail";
324     /** Access APIs for SIP calling over VOIP or WiFi */
325     public static final String OPSTR_USE_SIP
326             = "android:use_sip";
327     /** Access APIs for diverting outgoing calls */
328     public static final String OPSTR_PROCESS_OUTGOING_CALLS
329             = "android:process_outgoing_calls";
330     /** Use the fingerprint API. */
331     public static final String OPSTR_USE_FINGERPRINT
332             = "android:use_fingerprint";
333     /** Access to body sensors such as heart rate, etc. */
334     public static final String OPSTR_BODY_SENSORS
335             = "android:body_sensors";
336     /** Read previously received cell broadcast messages. */
337     public static final String OPSTR_READ_CELL_BROADCASTS
338             = "android:read_cell_broadcasts";
339     /** Inject mock location into the system. */
340     public static final String OPSTR_MOCK_LOCATION
341             = "android:mock_location";
342     /** Read external storage. */
343     public static final String OPSTR_READ_EXTERNAL_STORAGE
344             = "android:read_external_storage";
345     /** Write external storage. */
346     public static final String OPSTR_WRITE_EXTERNAL_STORAGE
347             = "android:write_external_storage";
348     /** Required to draw on top of other apps. */
349     public static final String OPSTR_SYSTEM_ALERT_WINDOW
350             = "android:system_alert_window";
351     /** Required to write/modify/update system settingss. */
352     public static final String OPSTR_WRITE_SETTINGS
353             = "android:write_settings";
354     /** @hide Get device accounts. */
355     public static final String OPSTR_GET_ACCOUNTS
356             = "android:get_accounts";
357     public static final String OPSTR_READ_PHONE_NUMBERS
358             = "android:read_phone_numbers";
359     /** Access to picture-in-picture. */
360     public static final String OPSTR_PICTURE_IN_PICTURE
361             = "android:picture_in_picture";
362     /** @hide */
363     public static final String OPSTR_INSTANT_APP_START_FOREGROUND
364             = "android:instant_app_start_foreground";
365     /** Answer incoming phone calls */
366     public static final String OPSTR_ANSWER_PHONE_CALLS
367             = "android:answer_phone_calls";
368 
369     // Warning: If an permission is added here it also has to be added to
370     // com.android.packageinstaller.permission.utils.EventLogger
371     private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = {
372             // RUNTIME PERMISSIONS
373             // Contacts
374             OP_READ_CONTACTS,
375             OP_WRITE_CONTACTS,
376             OP_GET_ACCOUNTS,
377             // Calendar
378             OP_READ_CALENDAR,
379             OP_WRITE_CALENDAR,
380             // SMS
381             OP_SEND_SMS,
382             OP_RECEIVE_SMS,
383             OP_READ_SMS,
384             OP_RECEIVE_WAP_PUSH,
385             OP_RECEIVE_MMS,
386             OP_READ_CELL_BROADCASTS,
387             // Storage
388             OP_READ_EXTERNAL_STORAGE,
389             OP_WRITE_EXTERNAL_STORAGE,
390             // Location
391             OP_COARSE_LOCATION,
392             OP_FINE_LOCATION,
393             // Phone
394             OP_READ_PHONE_STATE,
395             OP_READ_PHONE_NUMBERS,
396             OP_CALL_PHONE,
397             OP_READ_CALL_LOG,
398             OP_WRITE_CALL_LOG,
399             OP_ADD_VOICEMAIL,
400             OP_USE_SIP,
401             OP_PROCESS_OUTGOING_CALLS,
402             OP_ANSWER_PHONE_CALLS,
403             // Microphone
404             OP_RECORD_AUDIO,
405             // Camera
406             OP_CAMERA,
407             // Body sensors
408             OP_BODY_SENSORS,
409 
410             // APPOP PERMISSIONS
411             OP_ACCESS_NOTIFICATIONS,
412             OP_SYSTEM_ALERT_WINDOW,
413             OP_WRITE_SETTINGS,
414             OP_REQUEST_INSTALL_PACKAGES,
415     };
416 
417     /**
418      * This maps each operation to the operation that serves as the
419      * switch to determine whether it is allowed.  Generally this is
420      * a 1:1 mapping, but for some things (like location) that have
421      * multiple low-level operations being tracked that should be
422      * presented to the user as one switch then this can be used to
423      * make them all controlled by the same single operation.
424      */
425     private static int[] sOpToSwitch = new int[] {
426             OP_COARSE_LOCATION,
427             OP_COARSE_LOCATION,
428             OP_COARSE_LOCATION,
429             OP_VIBRATE,
430             OP_READ_CONTACTS,
431             OP_WRITE_CONTACTS,
432             OP_READ_CALL_LOG,
433             OP_WRITE_CALL_LOG,
434             OP_READ_CALENDAR,
435             OP_WRITE_CALENDAR,
436             OP_COARSE_LOCATION,
437             OP_POST_NOTIFICATION,
438             OP_COARSE_LOCATION,
439             OP_CALL_PHONE,
440             OP_READ_SMS,
441             OP_WRITE_SMS,
442             OP_RECEIVE_SMS,
443             OP_RECEIVE_SMS,
444             OP_RECEIVE_MMS,
445             OP_RECEIVE_WAP_PUSH,
446             OP_SEND_SMS,
447             OP_READ_SMS,
448             OP_WRITE_SMS,
449             OP_WRITE_SETTINGS,
450             OP_SYSTEM_ALERT_WINDOW,
451             OP_ACCESS_NOTIFICATIONS,
452             OP_CAMERA,
453             OP_RECORD_AUDIO,
454             OP_PLAY_AUDIO,
455             OP_READ_CLIPBOARD,
456             OP_WRITE_CLIPBOARD,
457             OP_TAKE_MEDIA_BUTTONS,
458             OP_TAKE_AUDIO_FOCUS,
459             OP_AUDIO_MASTER_VOLUME,
460             OP_AUDIO_VOICE_VOLUME,
461             OP_AUDIO_RING_VOLUME,
462             OP_AUDIO_MEDIA_VOLUME,
463             OP_AUDIO_ALARM_VOLUME,
464             OP_AUDIO_NOTIFICATION_VOLUME,
465             OP_AUDIO_BLUETOOTH_VOLUME,
466             OP_WAKE_LOCK,
467             OP_COARSE_LOCATION,
468             OP_COARSE_LOCATION,
469             OP_GET_USAGE_STATS,
470             OP_MUTE_MICROPHONE,
471             OP_TOAST_WINDOW,
472             OP_PROJECT_MEDIA,
473             OP_ACTIVATE_VPN,
474             OP_WRITE_WALLPAPER,
475             OP_ASSIST_STRUCTURE,
476             OP_ASSIST_SCREENSHOT,
477             OP_READ_PHONE_STATE,
478             OP_ADD_VOICEMAIL,
479             OP_USE_SIP,
480             OP_PROCESS_OUTGOING_CALLS,
481             OP_USE_FINGERPRINT,
482             OP_BODY_SENSORS,
483             OP_READ_CELL_BROADCASTS,
484             OP_MOCK_LOCATION,
485             OP_READ_EXTERNAL_STORAGE,
486             OP_WRITE_EXTERNAL_STORAGE,
487             OP_TURN_SCREEN_ON,
488             OP_GET_ACCOUNTS,
489             OP_RUN_IN_BACKGROUND,
490             OP_AUDIO_ACCESSIBILITY_VOLUME,
491             OP_READ_PHONE_NUMBERS,
492             OP_REQUEST_INSTALL_PACKAGES,
493             OP_PICTURE_IN_PICTURE,
494             OP_INSTANT_APP_START_FOREGROUND,
495             OP_ANSWER_PHONE_CALLS
496     };
497 
498     /**
499      * This maps each operation to the public string constant for it.
500      * If it doesn't have a public string constant, it maps to null.
501      */
502     private static String[] sOpToString = new String[] {
503             OPSTR_COARSE_LOCATION,
504             OPSTR_FINE_LOCATION,
505             null,
506             null,
507             OPSTR_READ_CONTACTS,
508             OPSTR_WRITE_CONTACTS,
509             OPSTR_READ_CALL_LOG,
510             OPSTR_WRITE_CALL_LOG,
511             OPSTR_READ_CALENDAR,
512             OPSTR_WRITE_CALENDAR,
513             null,
514             null,
515             null,
516             OPSTR_CALL_PHONE,
517             OPSTR_READ_SMS,
518             null,
519             OPSTR_RECEIVE_SMS,
520             null,
521             OPSTR_RECEIVE_MMS,
522             OPSTR_RECEIVE_WAP_PUSH,
523             OPSTR_SEND_SMS,
524             null,
525             null,
526             OPSTR_WRITE_SETTINGS,
527             OPSTR_SYSTEM_ALERT_WINDOW,
528             null,
529             OPSTR_CAMERA,
530             OPSTR_RECORD_AUDIO,
531             null,
532             null,
533             null,
534             null,
535             null,
536             null,
537             null,
538             null,
539             null,
540             null,
541             null,
542             null,
543             null,
544             OPSTR_MONITOR_LOCATION,
545             OPSTR_MONITOR_HIGH_POWER_LOCATION,
546             OPSTR_GET_USAGE_STATS,
547             null,
548             null,
549             null,
550             OPSTR_ACTIVATE_VPN,
551             null,
552             null,
553             null,
554             OPSTR_READ_PHONE_STATE,
555             OPSTR_ADD_VOICEMAIL,
556             OPSTR_USE_SIP,
557             OPSTR_PROCESS_OUTGOING_CALLS,
558             OPSTR_USE_FINGERPRINT,
559             OPSTR_BODY_SENSORS,
560             OPSTR_READ_CELL_BROADCASTS,
561             OPSTR_MOCK_LOCATION,
562             OPSTR_READ_EXTERNAL_STORAGE,
563             OPSTR_WRITE_EXTERNAL_STORAGE,
564             null,
565             OPSTR_GET_ACCOUNTS,
566             null,
567             null, // OP_AUDIO_ACCESSIBILITY_VOLUME
568             OPSTR_READ_PHONE_NUMBERS,
569             null, // OP_REQUEST_INSTALL_PACKAGES
570             OPSTR_PICTURE_IN_PICTURE,
571             OPSTR_INSTANT_APP_START_FOREGROUND,
572             OPSTR_ANSWER_PHONE_CALLS,
573     };
574 
575     /**
576      * This provides a simple name for each operation to be used
577      * in debug output.
578      */
579     private static String[] sOpNames = new String[] {
580             "COARSE_LOCATION",
581             "FINE_LOCATION",
582             "GPS",
583             "VIBRATE",
584             "READ_CONTACTS",
585             "WRITE_CONTACTS",
586             "READ_CALL_LOG",
587             "WRITE_CALL_LOG",
588             "READ_CALENDAR",
589             "WRITE_CALENDAR",
590             "WIFI_SCAN",
591             "POST_NOTIFICATION",
592             "NEIGHBORING_CELLS",
593             "CALL_PHONE",
594             "READ_SMS",
595             "WRITE_SMS",
596             "RECEIVE_SMS",
597             "RECEIVE_EMERGECY_SMS",
598             "RECEIVE_MMS",
599             "RECEIVE_WAP_PUSH",
600             "SEND_SMS",
601             "READ_ICC_SMS",
602             "WRITE_ICC_SMS",
603             "WRITE_SETTINGS",
604             "SYSTEM_ALERT_WINDOW",
605             "ACCESS_NOTIFICATIONS",
606             "CAMERA",
607             "RECORD_AUDIO",
608             "PLAY_AUDIO",
609             "READ_CLIPBOARD",
610             "WRITE_CLIPBOARD",
611             "TAKE_MEDIA_BUTTONS",
612             "TAKE_AUDIO_FOCUS",
613             "AUDIO_MASTER_VOLUME",
614             "AUDIO_VOICE_VOLUME",
615             "AUDIO_RING_VOLUME",
616             "AUDIO_MEDIA_VOLUME",
617             "AUDIO_ALARM_VOLUME",
618             "AUDIO_NOTIFICATION_VOLUME",
619             "AUDIO_BLUETOOTH_VOLUME",
620             "WAKE_LOCK",
621             "MONITOR_LOCATION",
622             "MONITOR_HIGH_POWER_LOCATION",
623             "GET_USAGE_STATS",
624             "MUTE_MICROPHONE",
625             "TOAST_WINDOW",
626             "PROJECT_MEDIA",
627             "ACTIVATE_VPN",
628             "WRITE_WALLPAPER",
629             "ASSIST_STRUCTURE",
630             "ASSIST_SCREENSHOT",
631             "OP_READ_PHONE_STATE",
632             "ADD_VOICEMAIL",
633             "USE_SIP",
634             "PROCESS_OUTGOING_CALLS",
635             "USE_FINGERPRINT",
636             "BODY_SENSORS",
637             "READ_CELL_BROADCASTS",
638             "MOCK_LOCATION",
639             "READ_EXTERNAL_STORAGE",
640             "WRITE_EXTERNAL_STORAGE",
641             "TURN_ON_SCREEN",
642             "GET_ACCOUNTS",
643             "RUN_IN_BACKGROUND",
644             "AUDIO_ACCESSIBILITY_VOLUME",
645             "READ_PHONE_NUMBERS",
646             "REQUEST_INSTALL_PACKAGES",
647             "PICTURE_IN_PICTURE",
648             "INSTANT_APP_START_FOREGROUND",
649             "ANSWER_PHONE_CALLS",
650     };
651 
652     /**
653      * This optionally maps a permission to an operation.  If there
654      * is no permission associated with an operation, it is null.
655      */
656     private static String[] sOpPerms = new String[] {
657             android.Manifest.permission.ACCESS_COARSE_LOCATION,
658             android.Manifest.permission.ACCESS_FINE_LOCATION,
659             null,
660             android.Manifest.permission.VIBRATE,
661             android.Manifest.permission.READ_CONTACTS,
662             android.Manifest.permission.WRITE_CONTACTS,
663             android.Manifest.permission.READ_CALL_LOG,
664             android.Manifest.permission.WRITE_CALL_LOG,
665             android.Manifest.permission.READ_CALENDAR,
666             android.Manifest.permission.WRITE_CALENDAR,
667             android.Manifest.permission.ACCESS_WIFI_STATE,
668             null, // no permission required for notifications
669             null, // neighboring cells shares the coarse location perm
670             android.Manifest.permission.CALL_PHONE,
671             android.Manifest.permission.READ_SMS,
672             null, // no permission required for writing sms
673             android.Manifest.permission.RECEIVE_SMS,
674             android.Manifest.permission.RECEIVE_EMERGENCY_BROADCAST,
675             android.Manifest.permission.RECEIVE_MMS,
676             android.Manifest.permission.RECEIVE_WAP_PUSH,
677             android.Manifest.permission.SEND_SMS,
678             android.Manifest.permission.READ_SMS,
679             null, // no permission required for writing icc sms
680             android.Manifest.permission.WRITE_SETTINGS,
681             android.Manifest.permission.SYSTEM_ALERT_WINDOW,
682             android.Manifest.permission.ACCESS_NOTIFICATIONS,
683             android.Manifest.permission.CAMERA,
684             android.Manifest.permission.RECORD_AUDIO,
685             null, // no permission for playing audio
686             null, // no permission for reading clipboard
687             null, // no permission for writing clipboard
688             null, // no permission for taking media buttons
689             null, // no permission for taking audio focus
690             null, // no permission for changing master volume
691             null, // no permission for changing voice volume
692             null, // no permission for changing ring volume
693             null, // no permission for changing media volume
694             null, // no permission for changing alarm volume
695             null, // no permission for changing notification volume
696             null, // no permission for changing bluetooth volume
697             android.Manifest.permission.WAKE_LOCK,
698             null, // no permission for generic location monitoring
699             null, // no permission for high power location monitoring
700             android.Manifest.permission.PACKAGE_USAGE_STATS,
701             null, // no permission for muting/unmuting microphone
702             null, // no permission for displaying toasts
703             null, // no permission for projecting media
704             null, // no permission for activating vpn
705             null, // no permission for supporting wallpaper
706             null, // no permission for receiving assist structure
707             null, // no permission for receiving assist screenshot
708             Manifest.permission.READ_PHONE_STATE,
709             Manifest.permission.ADD_VOICEMAIL,
710             Manifest.permission.USE_SIP,
711             Manifest.permission.PROCESS_OUTGOING_CALLS,
712             Manifest.permission.USE_FINGERPRINT,
713             Manifest.permission.BODY_SENSORS,
714             Manifest.permission.READ_CELL_BROADCASTS,
715             null,
716             Manifest.permission.READ_EXTERNAL_STORAGE,
717             Manifest.permission.WRITE_EXTERNAL_STORAGE,
718             null, // no permission for turning the screen on
719             Manifest.permission.GET_ACCOUNTS,
720             null, // no permission for running in background
721             null, // no permission for changing accessibility volume
722             Manifest.permission.READ_PHONE_NUMBERS,
723             Manifest.permission.REQUEST_INSTALL_PACKAGES,
724             null, // no permission for entering picture-in-picture on hide
725             Manifest.permission.INSTANT_APP_FOREGROUND_SERVICE,
726             Manifest.permission.ANSWER_PHONE_CALLS,
727     };
728 
729     /**
730      * Specifies whether an Op should be restricted by a user restriction.
731      * Each Op should be filled with a restriction string from UserManager or
732      * null to specify it is not affected by any user restriction.
733      */
734     private static String[] sOpRestrictions = new String[] {
735             UserManager.DISALLOW_SHARE_LOCATION, //COARSE_LOCATION
736             UserManager.DISALLOW_SHARE_LOCATION, //FINE_LOCATION
737             UserManager.DISALLOW_SHARE_LOCATION, //GPS
738             null, //VIBRATE
739             null, //READ_CONTACTS
740             null, //WRITE_CONTACTS
741             UserManager.DISALLOW_OUTGOING_CALLS, //READ_CALL_LOG
742             UserManager.DISALLOW_OUTGOING_CALLS, //WRITE_CALL_LOG
743             null, //READ_CALENDAR
744             null, //WRITE_CALENDAR
745             UserManager.DISALLOW_SHARE_LOCATION, //WIFI_SCAN
746             null, //POST_NOTIFICATION
747             null, //NEIGHBORING_CELLS
748             null, //CALL_PHONE
749             UserManager.DISALLOW_SMS, //READ_SMS
750             UserManager.DISALLOW_SMS, //WRITE_SMS
751             UserManager.DISALLOW_SMS, //RECEIVE_SMS
752             null, //RECEIVE_EMERGENCY_SMS
753             UserManager.DISALLOW_SMS, //RECEIVE_MMS
754             null, //RECEIVE_WAP_PUSH
755             UserManager.DISALLOW_SMS, //SEND_SMS
756             UserManager.DISALLOW_SMS, //READ_ICC_SMS
757             UserManager.DISALLOW_SMS, //WRITE_ICC_SMS
758             null, //WRITE_SETTINGS
759             UserManager.DISALLOW_CREATE_WINDOWS, //SYSTEM_ALERT_WINDOW
760             null, //ACCESS_NOTIFICATIONS
761             UserManager.DISALLOW_CAMERA, //CAMERA
762             UserManager.DISALLOW_RECORD_AUDIO, //RECORD_AUDIO
763             null, //PLAY_AUDIO
764             null, //READ_CLIPBOARD
765             null, //WRITE_CLIPBOARD
766             null, //TAKE_MEDIA_BUTTONS
767             null, //TAKE_AUDIO_FOCUS
768             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_MASTER_VOLUME
769             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_VOICE_VOLUME
770             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_RING_VOLUME
771             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_MEDIA_VOLUME
772             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_ALARM_VOLUME
773             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_NOTIFICATION_VOLUME
774             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_BLUETOOTH_VOLUME
775             null, //WAKE_LOCK
776             UserManager.DISALLOW_SHARE_LOCATION, //MONITOR_LOCATION
777             UserManager.DISALLOW_SHARE_LOCATION, //MONITOR_HIGH_POWER_LOCATION
778             null, //GET_USAGE_STATS
779             UserManager.DISALLOW_UNMUTE_MICROPHONE, // MUTE_MICROPHONE
780             UserManager.DISALLOW_CREATE_WINDOWS, // TOAST_WINDOW
781             null, //PROJECT_MEDIA
782             null, // ACTIVATE_VPN
783             UserManager.DISALLOW_WALLPAPER, // WRITE_WALLPAPER
784             null, // ASSIST_STRUCTURE
785             null, // ASSIST_SCREENSHOT
786             null, // READ_PHONE_STATE
787             null, // ADD_VOICEMAIL
788             null, // USE_SIP
789             null, // PROCESS_OUTGOING_CALLS
790             null, // USE_FINGERPRINT
791             null, // BODY_SENSORS
792             null, // READ_CELL_BROADCASTS
793             null, // MOCK_LOCATION
794             null, // READ_EXTERNAL_STORAGE
795             null, // WRITE_EXTERNAL_STORAGE
796             null, // TURN_ON_SCREEN
797             null, // GET_ACCOUNTS
798             null, // RUN_IN_BACKGROUND
799             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_ACCESSIBILITY_VOLUME
800             null, // READ_PHONE_NUMBERS
801             null, // REQUEST_INSTALL_PACKAGES
802             null, // ENTER_PICTURE_IN_PICTURE_ON_HIDE
803             null, // INSTANT_APP_START_FOREGROUND
804             null, // ANSWER_PHONE_CALLS
805     };
806 
807     /**
808      * This specifies whether each option should allow the system
809      * (and system ui) to bypass the user restriction when active.
810      */
811     private static boolean[] sOpAllowSystemRestrictionBypass = new boolean[] {
812             true, //COARSE_LOCATION
813             true, //FINE_LOCATION
814             false, //GPS
815             false, //VIBRATE
816             false, //READ_CONTACTS
817             false, //WRITE_CONTACTS
818             false, //READ_CALL_LOG
819             false, //WRITE_CALL_LOG
820             false, //READ_CALENDAR
821             false, //WRITE_CALENDAR
822             true, //WIFI_SCAN
823             false, //POST_NOTIFICATION
824             false, //NEIGHBORING_CELLS
825             false, //CALL_PHONE
826             false, //READ_SMS
827             false, //WRITE_SMS
828             false, //RECEIVE_SMS
829             false, //RECEIVE_EMERGECY_SMS
830             false, //RECEIVE_MMS
831             false, //RECEIVE_WAP_PUSH
832             false, //SEND_SMS
833             false, //READ_ICC_SMS
834             false, //WRITE_ICC_SMS
835             false, //WRITE_SETTINGS
836             true, //SYSTEM_ALERT_WINDOW
837             false, //ACCESS_NOTIFICATIONS
838             false, //CAMERA
839             false, //RECORD_AUDIO
840             false, //PLAY_AUDIO
841             false, //READ_CLIPBOARD
842             false, //WRITE_CLIPBOARD
843             false, //TAKE_MEDIA_BUTTONS
844             false, //TAKE_AUDIO_FOCUS
845             false, //AUDIO_MASTER_VOLUME
846             false, //AUDIO_VOICE_VOLUME
847             false, //AUDIO_RING_VOLUME
848             false, //AUDIO_MEDIA_VOLUME
849             false, //AUDIO_ALARM_VOLUME
850             false, //AUDIO_NOTIFICATION_VOLUME
851             false, //AUDIO_BLUETOOTH_VOLUME
852             false, //WAKE_LOCK
853             false, //MONITOR_LOCATION
854             false, //MONITOR_HIGH_POWER_LOCATION
855             false, //GET_USAGE_STATS
856             false, //MUTE_MICROPHONE
857             true, //TOAST_WINDOW
858             false, //PROJECT_MEDIA
859             false, //ACTIVATE_VPN
860             false, //WALLPAPER
861             false, //ASSIST_STRUCTURE
862             false, //ASSIST_SCREENSHOT
863             false, //READ_PHONE_STATE
864             false, //ADD_VOICEMAIL
865             false, // USE_SIP
866             false, // PROCESS_OUTGOING_CALLS
867             false, // USE_FINGERPRINT
868             false, // BODY_SENSORS
869             false, // READ_CELL_BROADCASTS
870             false, // MOCK_LOCATION
871             false, // READ_EXTERNAL_STORAGE
872             false, // WRITE_EXTERNAL_STORAGE
873             false, // TURN_ON_SCREEN
874             false, // GET_ACCOUNTS
875             false, // RUN_IN_BACKGROUND
876             false, // AUDIO_ACCESSIBILITY_VOLUME
877             false, // READ_PHONE_NUMBERS
878             false, // REQUEST_INSTALL_PACKAGES
879             false, // ENTER_PICTURE_IN_PICTURE_ON_HIDE
880             false, // INSTANT_APP_START_FOREGROUND
881             false, // ANSWER_PHONE_CALLS
882     };
883 
884     /**
885      * This specifies the default mode for each operation.
886      */
887     private static int[] sOpDefaultMode = new int[] {
888             AppOpsManager.MODE_ALLOWED,
889             AppOpsManager.MODE_ALLOWED,
890             AppOpsManager.MODE_ALLOWED,
891             AppOpsManager.MODE_ALLOWED,
892             AppOpsManager.MODE_ALLOWED,
893             AppOpsManager.MODE_ALLOWED,
894             AppOpsManager.MODE_ALLOWED,
895             AppOpsManager.MODE_ALLOWED,
896             AppOpsManager.MODE_ALLOWED,
897             AppOpsManager.MODE_ALLOWED,
898             AppOpsManager.MODE_ALLOWED,
899             AppOpsManager.MODE_ALLOWED,
900             AppOpsManager.MODE_ALLOWED,
901             AppOpsManager.MODE_ALLOWED,
902             AppOpsManager.MODE_ALLOWED,
903             AppOpsManager.MODE_IGNORED, // OP_WRITE_SMS
904             AppOpsManager.MODE_ALLOWED,
905             AppOpsManager.MODE_ALLOWED,
906             AppOpsManager.MODE_ALLOWED,
907             AppOpsManager.MODE_ALLOWED,
908             AppOpsManager.MODE_ALLOWED,
909             AppOpsManager.MODE_ALLOWED,
910             AppOpsManager.MODE_ALLOWED,
911             AppOpsManager.MODE_DEFAULT, // OP_WRITE_SETTINGS
912             AppOpsManager.MODE_DEFAULT, // OP_SYSTEM_ALERT_WINDOW
913             AppOpsManager.MODE_ALLOWED,
914             AppOpsManager.MODE_ALLOWED,
915             AppOpsManager.MODE_ALLOWED,
916             AppOpsManager.MODE_ALLOWED,
917             AppOpsManager.MODE_ALLOWED,
918             AppOpsManager.MODE_ALLOWED,
919             AppOpsManager.MODE_ALLOWED,
920             AppOpsManager.MODE_ALLOWED,
921             AppOpsManager.MODE_ALLOWED,
922             AppOpsManager.MODE_ALLOWED,
923             AppOpsManager.MODE_ALLOWED,
924             AppOpsManager.MODE_ALLOWED,
925             AppOpsManager.MODE_ALLOWED,
926             AppOpsManager.MODE_ALLOWED,
927             AppOpsManager.MODE_ALLOWED,
928             AppOpsManager.MODE_ALLOWED,
929             AppOpsManager.MODE_ALLOWED,
930             AppOpsManager.MODE_ALLOWED,
931             AppOpsManager.MODE_DEFAULT, // OP_GET_USAGE_STATS
932             AppOpsManager.MODE_ALLOWED,
933             AppOpsManager.MODE_ALLOWED,
934             AppOpsManager.MODE_IGNORED, // OP_PROJECT_MEDIA
935             AppOpsManager.MODE_IGNORED, // OP_ACTIVATE_VPN
936             AppOpsManager.MODE_ALLOWED,
937             AppOpsManager.MODE_ALLOWED,
938             AppOpsManager.MODE_ALLOWED,
939             AppOpsManager.MODE_ALLOWED,
940             AppOpsManager.MODE_ALLOWED,
941             AppOpsManager.MODE_ALLOWED,
942             AppOpsManager.MODE_ALLOWED,
943             AppOpsManager.MODE_ALLOWED,
944             AppOpsManager.MODE_ALLOWED,
945             AppOpsManager.MODE_ALLOWED,
946             AppOpsManager.MODE_ERRORED,  // OP_MOCK_LOCATION
947             AppOpsManager.MODE_ALLOWED,
948             AppOpsManager.MODE_ALLOWED,
949             AppOpsManager.MODE_ALLOWED,  // OP_TURN_ON_SCREEN
950             AppOpsManager.MODE_ALLOWED,
951             AppOpsManager.MODE_ALLOWED,  // OP_RUN_IN_BACKGROUND
952             AppOpsManager.MODE_ALLOWED,  // OP_AUDIO_ACCESSIBILITY_VOLUME
953             AppOpsManager.MODE_ALLOWED,
954             AppOpsManager.MODE_DEFAULT,  // OP_REQUEST_INSTALL_PACKAGES
955             AppOpsManager.MODE_ALLOWED,  // OP_PICTURE_IN_PICTURE
956             AppOpsManager.MODE_DEFAULT,  // OP_INSTANT_APP_START_FOREGROUND
957             AppOpsManager.MODE_ALLOWED, // ANSWER_PHONE_CALLS
958     };
959 
960     /**
961      * This specifies whether each option is allowed to be reset
962      * when resetting all app preferences.  Disable reset for
963      * app ops that are under strong control of some part of the
964      * system (such as OP_WRITE_SMS, which should be allowed only
965      * for whichever app is selected as the current SMS app).
966      */
967     private static boolean[] sOpDisableReset = new boolean[] {
968             false,
969             false,
970             false,
971             false,
972             false,
973             false,
974             false,
975             false,
976             false,
977             false,
978             false,
979             false,
980             false,
981             false,
982             false,
983             true,      // OP_WRITE_SMS
984             false,
985             false,
986             false,
987             false,
988             false,
989             false,
990             false,
991             false,
992             false,
993             false,
994             false,
995             false,
996             false,
997             false,
998             false,
999             false,
1000             false,
1001             false,
1002             false,
1003             false,
1004             false,
1005             false,
1006             false,
1007             false,
1008             false,
1009             false,
1010             false,
1011             false,
1012             false,
1013             false,
1014             false,
1015             false,
1016             false,
1017             false,
1018             false,
1019             false,
1020             false,
1021             false,
1022             false,
1023             false,
1024             false,
1025             false,
1026             false,
1027             false,
1028             false,
1029             false,
1030             false,
1031             false,
1032             false, // OP_AUDIO_ACCESSIBILITY_VOLUME
1033             false,
1034             false, // OP_REQUEST_INSTALL_PACKAGES
1035             false, // OP_PICTURE_IN_PICTURE
1036             false,
1037             false, // ANSWER_PHONE_CALLS
1038     };
1039 
1040     /**
1041      * Mapping from an app op name to the app op code.
1042      */
1043     private static HashMap<String, Integer> sOpStrToOp = new HashMap<>();
1044 
1045     /**
1046      * Mapping from a permission to the corresponding app op.
1047      */
1048     private static HashMap<String, Integer> sPermToOp = new HashMap<>();
1049 
1050     static {
1051         if (sOpToSwitch.length != _NUM_OP) {
1052             throw new IllegalStateException("sOpToSwitch length " + sOpToSwitch.length
1053                     + " should be " + _NUM_OP);
1054         }
1055         if (sOpToString.length != _NUM_OP) {
1056             throw new IllegalStateException("sOpToString length " + sOpToString.length
1057                     + " should be " + _NUM_OP);
1058         }
1059         if (sOpNames.length != _NUM_OP) {
1060             throw new IllegalStateException("sOpNames length " + sOpNames.length
1061                     + " should be " + _NUM_OP);
1062         }
1063         if (sOpPerms.length != _NUM_OP) {
1064             throw new IllegalStateException("sOpPerms length " + sOpPerms.length
1065                     + " should be " + _NUM_OP);
1066         }
1067         if (sOpDefaultMode.length != _NUM_OP) {
1068             throw new IllegalStateException("sOpDefaultMode length " + sOpDefaultMode.length
1069                     + " should be " + _NUM_OP);
1070         }
1071         if (sOpDisableReset.length != _NUM_OP) {
1072             throw new IllegalStateException("sOpDisableReset length " + sOpDisableReset.length
1073                     + " should be " + _NUM_OP);
1074         }
1075         if (sOpRestrictions.length != _NUM_OP) {
1076             throw new IllegalStateException("sOpRestrictions length " + sOpRestrictions.length
1077                     + " should be " + _NUM_OP);
1078         }
1079         if (sOpAllowSystemRestrictionBypass.length != _NUM_OP) {
1080             throw new IllegalStateException("sOpAllowSYstemRestrictionsBypass length "
1081                     + sOpRestrictions.length + " should be " + _NUM_OP);
1082         }
1083         for (int i=0; i<_NUM_OP; i++) {
1084             if (sOpToString[i] != null) {
sOpStrToOp.put(sOpToString[i], i)1085                 sOpStrToOp.put(sOpToString[i], i);
1086             }
1087         }
1088         for (int op : RUNTIME_AND_APPOP_PERMISSIONS_OPS) {
1089             if (sOpPerms[op] != null) {
sPermToOp.put(sOpPerms[op], op)1090                 sPermToOp.put(sOpPerms[op], op);
1091             }
1092         }
1093     }
1094 
1095     /**
1096      * Retrieve the op switch that controls the given operation.
1097      * @hide
1098      */
opToSwitch(int op)1099     public static int opToSwitch(int op) {
1100         return sOpToSwitch[op];
1101     }
1102 
1103     /**
1104      * Retrieve a non-localized name for the operation, for debugging output.
1105      * @hide
1106      */
opToName(int op)1107     public static String opToName(int op) {
1108         if (op == OP_NONE) return "NONE";
1109         return op < sOpNames.length ? sOpNames[op] : ("Unknown(" + op + ")");
1110     }
1111 
1112     /**
1113      * @hide
1114      */
strDebugOpToOp(String op)1115     public static int strDebugOpToOp(String op) {
1116         for (int i=0; i<sOpNames.length; i++) {
1117             if (sOpNames[i].equals(op)) {
1118                 return i;
1119             }
1120         }
1121         throw new IllegalArgumentException("Unknown operation string: " + op);
1122     }
1123 
1124     /**
1125      * Retrieve the permission associated with an operation, or null if there is not one.
1126      * @hide
1127      */
opToPermission(int op)1128     public static String opToPermission(int op) {
1129         return sOpPerms[op];
1130     }
1131 
1132     /**
1133      * Retrieve the user restriction associated with an operation, or null if there is not one.
1134      * @hide
1135      */
opToRestriction(int op)1136     public static String opToRestriction(int op) {
1137         return sOpRestrictions[op];
1138     }
1139 
1140     /**
1141      * Retrieve the app op code for a permission, or null if there is not one.
1142      * This API is intended to be used for mapping runtime or appop permissions
1143      * to the corresponding app op.
1144      * @hide
1145      */
permissionToOpCode(String permission)1146     public static int permissionToOpCode(String permission) {
1147         Integer boxedOpCode = sPermToOp.get(permission);
1148         return boxedOpCode != null ? boxedOpCode : OP_NONE;
1149     }
1150 
1151     /**
1152      * Retrieve whether the op allows the system (and system ui) to
1153      * bypass the user restriction.
1154      * @hide
1155      */
opAllowSystemBypassRestriction(int op)1156     public static boolean opAllowSystemBypassRestriction(int op) {
1157         return sOpAllowSystemRestrictionBypass[op];
1158     }
1159 
1160     /**
1161      * Retrieve the default mode for the operation.
1162      * @hide
1163      */
opToDefaultMode(int op)1164     public static int opToDefaultMode(int op) {
1165         return sOpDefaultMode[op];
1166     }
1167 
1168     /**
1169      * Retrieve whether the op allows itself to be reset.
1170      * @hide
1171      */
opAllowsReset(int op)1172     public static boolean opAllowsReset(int op) {
1173         return !sOpDisableReset[op];
1174     }
1175 
1176     /**
1177      * Class holding all of the operation information associated with an app.
1178      * @hide
1179      */
1180     public static class PackageOps implements Parcelable {
1181         private final String mPackageName;
1182         private final int mUid;
1183         private final List<OpEntry> mEntries;
1184 
PackageOps(String packageName, int uid, List<OpEntry> entries)1185         public PackageOps(String packageName, int uid, List<OpEntry> entries) {
1186             mPackageName = packageName;
1187             mUid = uid;
1188             mEntries = entries;
1189         }
1190 
getPackageName()1191         public String getPackageName() {
1192             return mPackageName;
1193         }
1194 
getUid()1195         public int getUid() {
1196             return mUid;
1197         }
1198 
getOps()1199         public List<OpEntry> getOps() {
1200             return mEntries;
1201         }
1202 
1203         @Override
describeContents()1204         public int describeContents() {
1205             return 0;
1206         }
1207 
1208         @Override
writeToParcel(Parcel dest, int flags)1209         public void writeToParcel(Parcel dest, int flags) {
1210             dest.writeString(mPackageName);
1211             dest.writeInt(mUid);
1212             dest.writeInt(mEntries.size());
1213             for (int i=0; i<mEntries.size(); i++) {
1214                 mEntries.get(i).writeToParcel(dest, flags);
1215             }
1216         }
1217 
PackageOps(Parcel source)1218         PackageOps(Parcel source) {
1219             mPackageName = source.readString();
1220             mUid = source.readInt();
1221             mEntries = new ArrayList<OpEntry>();
1222             final int N = source.readInt();
1223             for (int i=0; i<N; i++) {
1224                 mEntries.add(OpEntry.CREATOR.createFromParcel(source));
1225             }
1226         }
1227 
1228         public static final Creator<PackageOps> CREATOR = new Creator<PackageOps>() {
1229             @Override public PackageOps createFromParcel(Parcel source) {
1230                 return new PackageOps(source);
1231             }
1232 
1233             @Override public PackageOps[] newArray(int size) {
1234                 return new PackageOps[size];
1235             }
1236         };
1237     }
1238 
1239     /**
1240      * Class holding the information about one unique operation of an application.
1241      * @hide
1242      */
1243     public static class OpEntry implements Parcelable {
1244         private final int mOp;
1245         private final int mMode;
1246         private final long mTime;
1247         private final long mRejectTime;
1248         private final int mDuration;
1249         private final int mProxyUid;
1250         private final String mProxyPackageName;
1251 
OpEntry(int op, int mode, long time, long rejectTime, int duration, int proxyUid, String proxyPackage)1252         public OpEntry(int op, int mode, long time, long rejectTime, int duration,
1253                 int proxyUid, String proxyPackage) {
1254             mOp = op;
1255             mMode = mode;
1256             mTime = time;
1257             mRejectTime = rejectTime;
1258             mDuration = duration;
1259             mProxyUid = proxyUid;
1260             mProxyPackageName = proxyPackage;
1261         }
1262 
getOp()1263         public int getOp() {
1264             return mOp;
1265         }
1266 
getMode()1267         public int getMode() {
1268             return mMode;
1269         }
1270 
getTime()1271         public long getTime() {
1272             return mTime;
1273         }
1274 
getRejectTime()1275         public long getRejectTime() {
1276             return mRejectTime;
1277         }
1278 
isRunning()1279         public boolean isRunning() {
1280             return mDuration == -1;
1281         }
1282 
getDuration()1283         public int getDuration() {
1284             return mDuration == -1 ? (int)(System.currentTimeMillis()-mTime) : mDuration;
1285         }
1286 
getProxyUid()1287         public int getProxyUid() {
1288             return  mProxyUid;
1289         }
1290 
getProxyPackageName()1291         public String getProxyPackageName() {
1292             return mProxyPackageName;
1293         }
1294 
1295         @Override
describeContents()1296         public int describeContents() {
1297             return 0;
1298         }
1299 
1300         @Override
writeToParcel(Parcel dest, int flags)1301         public void writeToParcel(Parcel dest, int flags) {
1302             dest.writeInt(mOp);
1303             dest.writeInt(mMode);
1304             dest.writeLong(mTime);
1305             dest.writeLong(mRejectTime);
1306             dest.writeInt(mDuration);
1307             dest.writeInt(mProxyUid);
1308             dest.writeString(mProxyPackageName);
1309         }
1310 
OpEntry(Parcel source)1311         OpEntry(Parcel source) {
1312             mOp = source.readInt();
1313             mMode = source.readInt();
1314             mTime = source.readLong();
1315             mRejectTime = source.readLong();
1316             mDuration = source.readInt();
1317             mProxyUid = source.readInt();
1318             mProxyPackageName = source.readString();
1319         }
1320 
1321         public static final Creator<OpEntry> CREATOR = new Creator<OpEntry>() {
1322             @Override public OpEntry createFromParcel(Parcel source) {
1323                 return new OpEntry(source);
1324             }
1325 
1326             @Override public OpEntry[] newArray(int size) {
1327                 return new OpEntry[size];
1328             }
1329         };
1330     }
1331 
1332     /**
1333      * Callback for notification of changes to operation state.
1334      */
1335     public interface OnOpChangedListener {
onOpChanged(String op, String packageName)1336         public void onOpChanged(String op, String packageName);
1337     }
1338 
1339     /**
1340      * Callback for notification of changes to operation state.
1341      * This allows you to see the raw op codes instead of strings.
1342      * @hide
1343      */
1344     public static class OnOpChangedInternalListener implements OnOpChangedListener {
onOpChanged(String op, String packageName)1345         public void onOpChanged(String op, String packageName) { }
onOpChanged(int op, String packageName)1346         public void onOpChanged(int op, String packageName) { }
1347     }
1348 
AppOpsManager(Context context, IAppOpsService service)1349     AppOpsManager(Context context, IAppOpsService service) {
1350         mContext = context;
1351         mService = service;
1352     }
1353 
1354     /**
1355      * Retrieve current operation state for all applications.
1356      *
1357      * @param ops The set of operations you are interested in, or null if you want all of them.
1358      * @hide
1359      */
getPackagesForOps(int[] ops)1360     public List<AppOpsManager.PackageOps> getPackagesForOps(int[] ops) {
1361         try {
1362             return mService.getPackagesForOps(ops);
1363         } catch (RemoteException e) {
1364             throw e.rethrowFromSystemServer();
1365         }
1366     }
1367 
1368     /**
1369      * Retrieve current operation state for one application.
1370      *
1371      * @param uid The uid of the application of interest.
1372      * @param packageName The name of the application of interest.
1373      * @param ops The set of operations you are interested in, or null if you want all of them.
1374      * @hide
1375      */
getOpsForPackage(int uid, String packageName, int[] ops)1376     public List<AppOpsManager.PackageOps> getOpsForPackage(int uid, String packageName, int[] ops) {
1377         try {
1378             return mService.getOpsForPackage(uid, packageName, ops);
1379         } catch (RemoteException e) {
1380             throw e.rethrowFromSystemServer();
1381         }
1382     }
1383 
1384     /**
1385      * Sets given app op in the specified mode for app ops in the UID.
1386      * This applies to all apps currently in the UID or installed in
1387      * this UID in the future.
1388      *
1389      * @param code The app op.
1390      * @param uid The UID for which to set the app.
1391      * @param mode The app op mode to set.
1392      * @hide
1393      */
setUidMode(int code, int uid, int mode)1394     public void setUidMode(int code, int uid, int mode) {
1395         try {
1396             mService.setUidMode(code, uid, mode);
1397         } catch (RemoteException e) {
1398             throw e.rethrowFromSystemServer();
1399         }
1400     }
1401 
1402     /**
1403      * Sets given app op in the specified mode for app ops in the UID.
1404      * This applies to all apps currently in the UID or installed in
1405      * this UID in the future.
1406      *
1407      * @param appOp The app op.
1408      * @param uid The UID for which to set the app.
1409      * @param mode The app op mode to set.
1410      * @hide
1411      */
1412     @SystemApi
1413     @RequiresPermission(android.Manifest.permission.UPDATE_APP_OPS_STATS)
setUidMode(String appOp, int uid, int mode)1414     public void setUidMode(String appOp, int uid, int mode) {
1415         try {
1416             mService.setUidMode(AppOpsManager.strOpToOp(appOp), uid, mode);
1417         } catch (RemoteException e) {
1418             throw e.rethrowFromSystemServer();
1419         }
1420     }
1421 
1422     /** @hide */
setUserRestriction(int code, boolean restricted, IBinder token)1423     public void setUserRestriction(int code, boolean restricted, IBinder token) {
1424         setUserRestriction(code, restricted, token, /*exceptionPackages*/null);
1425     }
1426 
1427     /** @hide */
setUserRestriction(int code, boolean restricted, IBinder token, String[] exceptionPackages)1428     public void setUserRestriction(int code, boolean restricted, IBinder token,
1429             String[] exceptionPackages) {
1430         setUserRestrictionForUser(code, restricted, token, exceptionPackages, mContext.getUserId());
1431     }
1432 
1433     /** @hide */
setUserRestrictionForUser(int code, boolean restricted, IBinder token, String[] exceptionPackages, int userId)1434     public void setUserRestrictionForUser(int code, boolean restricted, IBinder token,
1435             String[] exceptionPackages, int userId) {
1436         try {
1437             mService.setUserRestriction(code, restricted, token, userId, exceptionPackages);
1438         } catch (RemoteException e) {
1439             throw e.rethrowFromSystemServer();
1440         }
1441     }
1442 
1443     /** @hide */
setMode(int code, int uid, String packageName, int mode)1444     public void setMode(int code, int uid, String packageName, int mode) {
1445         try {
1446             mService.setMode(code, uid, packageName, mode);
1447         } catch (RemoteException e) {
1448             throw e.rethrowFromSystemServer();
1449         }
1450     }
1451 
1452     /**
1453      * Set a non-persisted restriction on an audio operation at a stream-level.
1454      * Restrictions are temporary additional constraints imposed on top of the persisted rules
1455      * defined by {@link #setMode}.
1456      *
1457      * @param code The operation to restrict.
1458      * @param usage The {@link android.media.AudioAttributes} usage value.
1459      * @param mode The restriction mode (MODE_IGNORED,MODE_ERRORED) or MODE_ALLOWED to unrestrict.
1460      * @param exceptionPackages Optional list of packages to exclude from the restriction.
1461      * @hide
1462      */
setRestriction(int code, @AttributeUsage int usage, int mode, String[] exceptionPackages)1463     public void setRestriction(int code, @AttributeUsage int usage, int mode,
1464             String[] exceptionPackages) {
1465         try {
1466             final int uid = Binder.getCallingUid();
1467             mService.setAudioRestriction(code, usage, uid, mode, exceptionPackages);
1468         } catch (RemoteException e) {
1469             throw e.rethrowFromSystemServer();
1470         }
1471     }
1472 
1473     /** @hide */
resetAllModes()1474     public void resetAllModes() {
1475         try {
1476             mService.resetAllModes(UserHandle.myUserId(), null);
1477         } catch (RemoteException e) {
1478             throw e.rethrowFromSystemServer();
1479         }
1480     }
1481 
1482     /**
1483      * Gets the app op name associated with a given permission.
1484      * The app op name is one of the public constants defined
1485      * in this class such as {@link #OPSTR_COARSE_LOCATION}.
1486      * This API is intended to be used for mapping runtime
1487      * permissions to the corresponding app op.
1488      *
1489      * @param permission The permission.
1490      * @return The app op associated with the permission or null.
1491      */
permissionToOp(String permission)1492     public static String permissionToOp(String permission) {
1493         final Integer opCode = sPermToOp.get(permission);
1494         if (opCode == null) {
1495             return null;
1496         }
1497         return sOpToString[opCode];
1498     }
1499 
1500     /**
1501      * Monitor for changes to the operating mode for the given op in the given app package.
1502      * @param op The operation to monitor, one of OPSTR_*.
1503      * @param packageName The name of the application to monitor.
1504      * @param callback Where to report changes.
1505      */
startWatchingMode(String op, String packageName, final OnOpChangedListener callback)1506     public void startWatchingMode(String op, String packageName,
1507             final OnOpChangedListener callback) {
1508         startWatchingMode(strOpToOp(op), packageName, callback);
1509     }
1510 
1511     /**
1512      * Monitor for changes to the operating mode for the given op in the given app package.
1513      * @param op The operation to monitor, one of OP_*.
1514      * @param packageName The name of the application to monitor.
1515      * @param callback Where to report changes.
1516      * @hide
1517      */
startWatchingMode(int op, String packageName, final OnOpChangedListener callback)1518     public void startWatchingMode(int op, String packageName, final OnOpChangedListener callback) {
1519         synchronized (mModeWatchers) {
1520             IAppOpsCallback cb = mModeWatchers.get(callback);
1521             if (cb == null) {
1522                 cb = new IAppOpsCallback.Stub() {
1523                     public void opChanged(int op, int uid, String packageName) {
1524                         if (callback instanceof OnOpChangedInternalListener) {
1525                             ((OnOpChangedInternalListener)callback).onOpChanged(op, packageName);
1526                         }
1527                         if (sOpToString[op] != null) {
1528                             callback.onOpChanged(sOpToString[op], packageName);
1529                         }
1530                     }
1531                 };
1532                 mModeWatchers.put(callback, cb);
1533             }
1534             try {
1535                 mService.startWatchingMode(op, packageName, cb);
1536             } catch (RemoteException e) {
1537                 throw e.rethrowFromSystemServer();
1538             }
1539         }
1540     }
1541 
1542     /**
1543      * Stop monitoring that was previously started with {@link #startWatchingMode}.  All
1544      * monitoring associated with this callback will be removed.
1545      */
stopWatchingMode(OnOpChangedListener callback)1546     public void stopWatchingMode(OnOpChangedListener callback) {
1547         synchronized (mModeWatchers) {
1548             IAppOpsCallback cb = mModeWatchers.get(callback);
1549             if (cb != null) {
1550                 try {
1551                     mService.stopWatchingMode(cb);
1552                 } catch (RemoteException e) {
1553                     throw e.rethrowFromSystemServer();
1554                 }
1555             }
1556         }
1557     }
1558 
buildSecurityExceptionMsg(int op, int uid, String packageName)1559     private String buildSecurityExceptionMsg(int op, int uid, String packageName) {
1560         return packageName + " from uid " + uid + " not allowed to perform " + sOpNames[op];
1561     }
1562 
1563     /**
1564      * {@hide}
1565      */
strOpToOp(String op)1566     public static int strOpToOp(String op) {
1567         Integer val = sOpStrToOp.get(op);
1568         if (val == null) {
1569             throw new IllegalArgumentException("Unknown operation string: " + op);
1570         }
1571         return val;
1572     }
1573 
1574     /**
1575      * Do a quick check for whether an application might be able to perform an operation.
1576      * This is <em>not</em> a security check; you must use {@link #noteOp(String, int, String)}
1577      * or {@link #startOp(String, int, String)} for your actual security checks, which also
1578      * ensure that the given uid and package name are consistent.  This function can just be
1579      * used for a quick check to see if an operation has been disabled for the application,
1580      * as an early reject of some work.  This does not modify the time stamp or other data
1581      * about the operation.
1582      * @param op The operation to check.  One of the OPSTR_* constants.
1583      * @param uid The user id of the application attempting to perform the operation.
1584      * @param packageName The name of the application attempting to perform the operation.
1585      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
1586      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
1587      * causing the app to crash).
1588      * @throws SecurityException If the app has been configured to crash on this op.
1589      */
checkOp(String op, int uid, String packageName)1590     public int checkOp(String op, int uid, String packageName) {
1591         return checkOp(strOpToOp(op), uid, packageName);
1592     }
1593 
1594     /**
1595      * Like {@link #checkOp} but instead of throwing a {@link SecurityException} it
1596      * returns {@link #MODE_ERRORED}.
1597      */
checkOpNoThrow(String op, int uid, String packageName)1598     public int checkOpNoThrow(String op, int uid, String packageName) {
1599         return checkOpNoThrow(strOpToOp(op), uid, packageName);
1600     }
1601 
1602     /**
1603      * Make note of an application performing an operation.  Note that you must pass
1604      * in both the uid and name of the application to be checked; this function will verify
1605      * that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
1606      * succeeds, the last execution time of the operation for this app will be updated to
1607      * the current time.
1608      * @param op The operation to note.  One of the OPSTR_* constants.
1609      * @param uid The user id of the application attempting to perform the operation.
1610      * @param packageName The name of the application attempting to perform the operation.
1611      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
1612      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
1613      * causing the app to crash).
1614      * @throws SecurityException If the app has been configured to crash on this op.
1615      */
noteOp(String op, int uid, String packageName)1616     public int noteOp(String op, int uid, String packageName) {
1617         return noteOp(strOpToOp(op), uid, packageName);
1618     }
1619 
1620     /**
1621      * Like {@link #noteOp} but instead of throwing a {@link SecurityException} it
1622      * returns {@link #MODE_ERRORED}.
1623      */
noteOpNoThrow(String op, int uid, String packageName)1624     public int noteOpNoThrow(String op, int uid, String packageName) {
1625         return noteOpNoThrow(strOpToOp(op), uid, packageName);
1626     }
1627 
1628     /**
1629      * Make note of an application performing an operation on behalf of another
1630      * application when handling an IPC. Note that you must pass the package name
1631      * of the application that is being proxied while its UID will be inferred from
1632      * the IPC state; this function will verify that the calling uid and proxied
1633      * package name match, and if not, return {@link #MODE_IGNORED}. If this call
1634      * succeeds, the last execution time of the operation for the proxied app and
1635      * your app will be updated to the current time.
1636      * @param op The operation to note.  One of the OPSTR_* constants.
1637      * @param proxiedPackageName The name of the application calling into the proxy application.
1638      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
1639      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
1640      * causing the app to crash).
1641      * @throws SecurityException If the app has been configured to crash on this op.
1642      */
noteProxyOp(String op, String proxiedPackageName)1643     public int noteProxyOp(String op, String proxiedPackageName) {
1644         return noteProxyOp(strOpToOp(op), proxiedPackageName);
1645     }
1646 
1647     /**
1648      * Like {@link #noteProxyOp(String, String)} but instead
1649      * of throwing a {@link SecurityException} it returns {@link #MODE_ERRORED}.
1650      */
noteProxyOpNoThrow(String op, String proxiedPackageName)1651     public int noteProxyOpNoThrow(String op, String proxiedPackageName) {
1652         return noteProxyOpNoThrow(strOpToOp(op), proxiedPackageName);
1653     }
1654 
1655     /**
1656      * Report that an application has started executing a long-running operation.  Note that you
1657      * must pass in both the uid and name of the application to be checked; this function will
1658      * verify that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
1659      * succeeds, the last execution time of the operation for this app will be updated to
1660      * the current time and the operation will be marked as "running".  In this case you must
1661      * later call {@link #finishOp(String, int, String)} to report when the application is no
1662      * longer performing the operation.
1663      * @param op The operation to start.  One of the OPSTR_* constants.
1664      * @param uid The user id of the application attempting to perform the operation.
1665      * @param packageName The name of the application attempting to perform the operation.
1666      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
1667      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
1668      * causing the app to crash).
1669      * @throws SecurityException If the app has been configured to crash on this op.
1670      */
startOp(String op, int uid, String packageName)1671     public int startOp(String op, int uid, String packageName) {
1672         return startOp(strOpToOp(op), uid, packageName);
1673     }
1674 
1675     /**
1676      * Like {@link #startOp} but instead of throwing a {@link SecurityException} it
1677      * returns {@link #MODE_ERRORED}.
1678      */
startOpNoThrow(String op, int uid, String packageName)1679     public int startOpNoThrow(String op, int uid, String packageName) {
1680         return startOpNoThrow(strOpToOp(op), uid, packageName);
1681     }
1682 
1683     /**
1684      * Report that an application is no longer performing an operation that had previously
1685      * been started with {@link #startOp(String, int, String)}.  There is no validation of input
1686      * or result; the parameters supplied here must be the exact same ones previously passed
1687      * in when starting the operation.
1688      */
finishOp(String op, int uid, String packageName)1689     public void finishOp(String op, int uid, String packageName) {
1690         finishOp(strOpToOp(op), uid, packageName);
1691     }
1692 
1693     /**
1694      * Do a quick check for whether an application might be able to perform an operation.
1695      * This is <em>not</em> a security check; you must use {@link #noteOp(int, int, String)}
1696      * or {@link #startOp(int, int, String)} for your actual security checks, which also
1697      * ensure that the given uid and package name are consistent.  This function can just be
1698      * used for a quick check to see if an operation has been disabled for the application,
1699      * as an early reject of some work.  This does not modify the time stamp or other data
1700      * about the operation.
1701      * @param op The operation to check.  One of the OP_* constants.
1702      * @param uid The user id of the application attempting to perform the operation.
1703      * @param packageName The name of the application attempting to perform the operation.
1704      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
1705      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
1706      * causing the app to crash).
1707      * @throws SecurityException If the app has been configured to crash on this op.
1708      * @hide
1709      */
checkOp(int op, int uid, String packageName)1710     public int checkOp(int op, int uid, String packageName) {
1711         try {
1712             int mode = mService.checkOperation(op, uid, packageName);
1713             if (mode == MODE_ERRORED) {
1714                 throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
1715             }
1716             return mode;
1717         } catch (RemoteException e) {
1718             throw e.rethrowFromSystemServer();
1719         }
1720     }
1721 
1722     /**
1723      * Like {@link #checkOp} but instead of throwing a {@link SecurityException} it
1724      * returns {@link #MODE_ERRORED}.
1725      * @hide
1726      */
checkOpNoThrow(int op, int uid, String packageName)1727     public int checkOpNoThrow(int op, int uid, String packageName) {
1728         try {
1729             return mService.checkOperation(op, uid, packageName);
1730         } catch (RemoteException e) {
1731             throw e.rethrowFromSystemServer();
1732         }
1733     }
1734 
1735     /**
1736      * Do a quick check to validate if a package name belongs to a UID.
1737      *
1738      * @throws SecurityException if the package name doesn't belong to the given
1739      *             UID, or if ownership cannot be verified.
1740      */
checkPackage(int uid, String packageName)1741     public void checkPackage(int uid, String packageName) {
1742         try {
1743             if (mService.checkPackage(uid, packageName) != MODE_ALLOWED) {
1744                 throw new SecurityException(
1745                         "Package " + packageName + " does not belong to " + uid);
1746             }
1747         } catch (RemoteException e) {
1748             throw e.rethrowFromSystemServer();
1749         }
1750     }
1751 
1752     /**
1753      * Like {@link #checkOp} but at a stream-level for audio operations.
1754      * @hide
1755      */
checkAudioOp(int op, int stream, int uid, String packageName)1756     public int checkAudioOp(int op, int stream, int uid, String packageName) {
1757         try {
1758             final int mode = mService.checkAudioOperation(op, stream, uid, packageName);
1759             if (mode == MODE_ERRORED) {
1760                 throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
1761             }
1762             return mode;
1763         } catch (RemoteException e) {
1764             throw e.rethrowFromSystemServer();
1765         }
1766     }
1767 
1768     /**
1769      * Like {@link #checkAudioOp} but instead of throwing a {@link SecurityException} it
1770      * returns {@link #MODE_ERRORED}.
1771      * @hide
1772      */
checkAudioOpNoThrow(int op, int stream, int uid, String packageName)1773     public int checkAudioOpNoThrow(int op, int stream, int uid, String packageName) {
1774         try {
1775             return mService.checkAudioOperation(op, stream, uid, packageName);
1776         } catch (RemoteException e) {
1777             throw e.rethrowFromSystemServer();
1778         }
1779     }
1780 
1781     /**
1782      * Make note of an application performing an operation.  Note that you must pass
1783      * in both the uid and name of the application to be checked; this function will verify
1784      * that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
1785      * succeeds, the last execution time of the operation for this app will be updated to
1786      * the current time.
1787      * @param op The operation to note.  One of the OP_* constants.
1788      * @param uid The user id of the application attempting to perform the operation.
1789      * @param packageName The name of the application attempting to perform the operation.
1790      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
1791      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
1792      * causing the app to crash).
1793      * @throws SecurityException If the app has been configured to crash on this op.
1794      * @hide
1795      */
noteOp(int op, int uid, String packageName)1796     public int noteOp(int op, int uid, String packageName) {
1797         try {
1798             int mode = mService.noteOperation(op, uid, packageName);
1799             if (mode == MODE_ERRORED) {
1800                 throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
1801             }
1802             return mode;
1803         } catch (RemoteException e) {
1804             throw e.rethrowFromSystemServer();
1805         }
1806     }
1807 
1808     /**
1809      * Make note of an application performing an operation on behalf of another
1810      * application when handling an IPC. Note that you must pass the package name
1811      * of the application that is being proxied while its UID will be inferred from
1812      * the IPC state; this function will verify that the calling uid and proxied
1813      * package name match, and if not, return {@link #MODE_IGNORED}. If this call
1814      * succeeds, the last execution time of the operation for the proxied app and
1815      * your app will be updated to the current time.
1816      * @param op The operation to note. One of the OPSTR_* constants.
1817      * @param proxiedPackageName The name of the application calling into the proxy application.
1818      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
1819      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
1820      * causing the app to crash).
1821      * @throws SecurityException If the proxy or proxied app has been configured to
1822      * crash on this op.
1823      *
1824      * @hide
1825      */
noteProxyOp(int op, String proxiedPackageName)1826     public int noteProxyOp(int op, String proxiedPackageName) {
1827         int mode = noteProxyOpNoThrow(op, proxiedPackageName);
1828         if (mode == MODE_ERRORED) {
1829             throw new SecurityException("Proxy package " + mContext.getOpPackageName()
1830                     + " from uid " + Process.myUid() + " or calling package "
1831                     + proxiedPackageName + " from uid " + Binder.getCallingUid()
1832                     + " not allowed to perform " + sOpNames[op]);
1833         }
1834         return mode;
1835     }
1836 
1837     /**
1838      * Like {@link #noteProxyOp(int, String)} but instead
1839      * of throwing a {@link SecurityException} it returns {@link #MODE_ERRORED}.
1840      * @hide
1841      */
noteProxyOpNoThrow(int op, String proxiedPackageName)1842     public int noteProxyOpNoThrow(int op, String proxiedPackageName) {
1843         try {
1844             return mService.noteProxyOperation(op, mContext.getOpPackageName(),
1845                     Binder.getCallingUid(), proxiedPackageName);
1846         } catch (RemoteException e) {
1847             throw e.rethrowFromSystemServer();
1848         }
1849     }
1850 
1851     /**
1852      * Like {@link #noteOp} but instead of throwing a {@link SecurityException} it
1853      * returns {@link #MODE_ERRORED}.
1854      * @hide
1855      */
noteOpNoThrow(int op, int uid, String packageName)1856     public int noteOpNoThrow(int op, int uid, String packageName) {
1857         try {
1858             return mService.noteOperation(op, uid, packageName);
1859         } catch (RemoteException e) {
1860             throw e.rethrowFromSystemServer();
1861         }
1862     }
1863 
1864     /** @hide */
noteOp(int op)1865     public int noteOp(int op) {
1866         return noteOp(op, Process.myUid(), mContext.getOpPackageName());
1867     }
1868 
1869     /** @hide */
getToken(IAppOpsService service)1870     public static IBinder getToken(IAppOpsService service) {
1871         synchronized (AppOpsManager.class) {
1872             if (sToken != null) {
1873                 return sToken;
1874             }
1875             try {
1876                 sToken = service.getToken(new Binder());
1877             } catch (RemoteException e) {
1878                 throw e.rethrowFromSystemServer();
1879             }
1880             return sToken;
1881         }
1882     }
1883 
1884     /**
1885      * Report that an application has started executing a long-running operation.  Note that you
1886      * must pass in both the uid and name of the application to be checked; this function will
1887      * verify that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
1888      * succeeds, the last execution time of the operation for this app will be updated to
1889      * the current time and the operation will be marked as "running".  In this case you must
1890      * later call {@link #finishOp(int, int, String)} to report when the application is no
1891      * longer performing the operation.
1892      * @param op The operation to start.  One of the OP_* constants.
1893      * @param uid The user id of the application attempting to perform the operation.
1894      * @param packageName The name of the application attempting to perform the operation.
1895      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
1896      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
1897      * causing the app to crash).
1898      * @throws SecurityException If the app has been configured to crash on this op.
1899      * @hide
1900      */
startOp(int op, int uid, String packageName)1901     public int startOp(int op, int uid, String packageName) {
1902         try {
1903             int mode = mService.startOperation(getToken(mService), op, uid, packageName);
1904             if (mode == MODE_ERRORED) {
1905                 throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
1906             }
1907             return mode;
1908         } catch (RemoteException e) {
1909             throw e.rethrowFromSystemServer();
1910         }
1911     }
1912 
1913     /**
1914      * Like {@link #startOp} but instead of throwing a {@link SecurityException} it
1915      * returns {@link #MODE_ERRORED}.
1916      * @hide
1917      */
startOpNoThrow(int op, int uid, String packageName)1918     public int startOpNoThrow(int op, int uid, String packageName) {
1919         try {
1920             return mService.startOperation(getToken(mService), op, uid, packageName);
1921         } catch (RemoteException e) {
1922             throw e.rethrowFromSystemServer();
1923         }
1924     }
1925 
1926     /** @hide */
startOp(int op)1927     public int startOp(int op) {
1928         return startOp(op, Process.myUid(), mContext.getOpPackageName());
1929     }
1930 
1931     /**
1932      * Report that an application is no longer performing an operation that had previously
1933      * been started with {@link #startOp(int, int, String)}.  There is no validation of input
1934      * or result; the parameters supplied here must be the exact same ones previously passed
1935      * in when starting the operation.
1936      * @hide
1937      */
finishOp(int op, int uid, String packageName)1938     public void finishOp(int op, int uid, String packageName) {
1939         try {
1940             mService.finishOperation(getToken(mService), op, uid, packageName);
1941         } catch (RemoteException e) {
1942             throw e.rethrowFromSystemServer();
1943         }
1944     }
1945 
1946     /** @hide */
finishOp(int op)1947     public void finishOp(int op) {
1948         finishOp(op, Process.myUid(), mContext.getOpPackageName());
1949     }
1950 }
1951