1 /*
2  * Copyright (C) 2012 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.app;
18 
19 import android.Manifest;
20 import android.annotation.NonNull;
21 import android.annotation.RequiresPermission;
22 import android.annotation.SystemApi;
23 import android.annotation.SystemService;
24 import android.annotation.TestApi;
25 import android.app.usage.UsageStatsManager;
26 import android.content.Context;
27 import android.media.AudioAttributes.AttributeUsage;
28 import android.os.Binder;
29 import android.os.IBinder;
30 import android.os.Parcel;
31 import android.os.Parcelable;
32 import android.os.Process;
33 import android.os.RemoteException;
34 import android.os.UserManager;
35 import android.util.ArrayMap;
36 
37 import com.android.internal.app.IAppOpsActiveCallback;
38 import com.android.internal.app.IAppOpsCallback;
39 import com.android.internal.app.IAppOpsService;
40 import com.android.internal.util.Preconditions;
41 
42 import java.util.ArrayList;
43 import java.util.Arrays;
44 import java.util.HashMap;
45 import java.util.List;
46 
47 /**
48  * API for interacting with "application operation" tracking.
49  *
50  * <p>This API is not generally intended for third party application developers; most
51  * features are only available to system applications.
52  */
53 @SystemService(Context.APP_OPS_SERVICE)
54 public class AppOpsManager {
55     /**
56      * <p>App ops allows callers to:</p>
57      *
58      * <ul>
59      * <li> Note when operations are happening, and find out if they are allowed for the current
60      * caller.</li>
61      * <li> Disallow specific apps from doing specific operations.</li>
62      * <li> Collect all of the current information about operations that have been executed or
63      * are not being allowed.</li>
64      * <li> Monitor for changes in whether an operation is allowed.</li>
65      * </ul>
66      *
67      * <p>Each operation is identified by a single integer; these integers are a fixed set of
68      * operations, enumerated by the OP_* constants.
69      *
70      * <p></p>When checking operations, the result is a "mode" integer indicating the current
71      * setting for the operation under that caller: MODE_ALLOWED, MODE_IGNORED (don't execute
72      * the operation but fake its behavior enough so that the caller doesn't crash),
73      * MODE_ERRORED (throw a SecurityException back to the caller; the normal operation calls
74      * will do this for you).
75      */
76 
77     final Context mContext;
78     final IAppOpsService mService;
79     final ArrayMap<OnOpChangedListener, IAppOpsCallback> mModeWatchers = new ArrayMap<>();
80     final ArrayMap<OnOpActiveChangedListener, IAppOpsActiveCallback> mActiveWatchers =
81             new ArrayMap<>();
82 
83     static IBinder sToken;
84 
85     /**
86      * Result from {@link #checkOp}, {@link #noteOp}, {@link #startOp}: the given caller is
87      * allowed to perform the given operation.
88      */
89     public static final int MODE_ALLOWED = 0;
90 
91     /**
92      * Result from {@link #checkOp}, {@link #noteOp}, {@link #startOp}: the given caller is
93      * not allowed to perform the given operation, and this attempt should
94      * <em>silently fail</em> (it should not cause the app to crash).
95      */
96     public static final int MODE_IGNORED = 1;
97 
98     /**
99      * Result from {@link #checkOpNoThrow}, {@link #noteOpNoThrow}, {@link #startOpNoThrow}: the
100      * given caller is not allowed to perform the given operation, and this attempt should
101      * cause it to have a fatal error, typically a {@link SecurityException}.
102      */
103     public static final int MODE_ERRORED = 2;
104 
105     /**
106      * Result from {@link #checkOp}, {@link #noteOp}, {@link #startOp}: the given caller should
107      * use its default security check.  This mode is not normally used; it should only be used
108      * with appop permissions, and callers must explicitly check for it and deal with it.
109      */
110     public static final int MODE_DEFAULT = 3;
111 
112     /**
113      * Special mode that means "allow only when app is in foreground."  This is <b>not</b>
114      * returned from {@link #checkOp}, {@link #noteOp}, {@link #startOp}; rather, when this
115      * mode is set, these functions will return {@link #MODE_ALLOWED} when the app being
116      * checked is currently in the foreground, otherwise {@link #MODE_IGNORED}.
117      * @hide
118      */
119     public static final int MODE_FOREGROUND = 4;
120 
121     /**
122      * Flag for {@link #startWatchingMode(String, String, int, OnOpChangedListener)}:
123      * Also get reports if the foreground state of an op's uid changes.  This only works
124      * when watching a particular op, not when watching a package.
125      * @hide
126      */
127     public static final int WATCH_FOREGROUND_CHANGES = 1 << 0;
128 
129     /**
130      * @hide
131      */
132     public static final String[] MODE_NAMES = new String[] {
133             "allow",        // MODE_ALLOWED
134             "ignore",       // MODE_IGNORED
135             "deny",         // MODE_ERRORED
136             "default",      // MODE_DEFAULT
137             "foreground",   // MODE_FOREGROUND
138     };
139 
140     /**
141      * Metrics about an op when its uid is persistent.
142      * @hide
143      */
144     public static final int UID_STATE_PERSISTENT = 0;
145 
146     /**
147      * Metrics about an op when its uid is at the top.
148      * @hide
149      */
150     public static final int UID_STATE_TOP = 1;
151 
152     /**
153      * Metrics about an op when its uid is running a foreground service.
154      * @hide
155      */
156     public static final int UID_STATE_FOREGROUND_SERVICE = 2;
157 
158     /**
159      * Last UID state in which we don't restrict what an op can do.
160      * @hide
161      */
162     public static final int UID_STATE_LAST_NON_RESTRICTED = UID_STATE_FOREGROUND_SERVICE;
163 
164     /**
165      * Metrics about an op when its uid is in the foreground for any other reasons.
166      * @hide
167      */
168     public static final int UID_STATE_FOREGROUND = 3;
169 
170     /**
171      * Metrics about an op when its uid is in the background for any reason.
172      * @hide
173      */
174     public static final int UID_STATE_BACKGROUND = 4;
175 
176     /**
177      * Metrics about an op when its uid is cached.
178      * @hide
179      */
180     public static final int UID_STATE_CACHED = 5;
181 
182     /**
183      * Number of uid states we track.
184      * @hide
185      */
186     public static final int _NUM_UID_STATE = 6;
187 
188     // when adding one of these:
189     //  - increment _NUM_OP
190     //  - define an OPSTR_* constant (marked as @SystemApi)
191     //  - add rows to sOpToSwitch, sOpToString, sOpNames, sOpToPerms, sOpDefault
192     //  - add descriptive strings to Settings/res/values/arrays.xml
193     //  - add the op to the appropriate template in AppOpsState.OpsTemplate (settings app)
194 
195     /** @hide No operation specified. */
196     public static final int OP_NONE = -1;
197     /** @hide Access to coarse location information. */
198     public static final int OP_COARSE_LOCATION = 0;
199     /** @hide Access to fine location information. */
200     public static final int OP_FINE_LOCATION = 1;
201     /** @hide Causing GPS to run. */
202     public static final int OP_GPS = 2;
203     /** @hide */
204     public static final int OP_VIBRATE = 3;
205     /** @hide */
206     public static final int OP_READ_CONTACTS = 4;
207     /** @hide */
208     public static final int OP_WRITE_CONTACTS = 5;
209     /** @hide */
210     public static final int OP_READ_CALL_LOG = 6;
211     /** @hide */
212     public static final int OP_WRITE_CALL_LOG = 7;
213     /** @hide */
214     public static final int OP_READ_CALENDAR = 8;
215     /** @hide */
216     public static final int OP_WRITE_CALENDAR = 9;
217     /** @hide */
218     public static final int OP_WIFI_SCAN = 10;
219     /** @hide */
220     public static final int OP_POST_NOTIFICATION = 11;
221     /** @hide */
222     public static final int OP_NEIGHBORING_CELLS = 12;
223     /** @hide */
224     public static final int OP_CALL_PHONE = 13;
225     /** @hide */
226     public static final int OP_READ_SMS = 14;
227     /** @hide */
228     public static final int OP_WRITE_SMS = 15;
229     /** @hide */
230     public static final int OP_RECEIVE_SMS = 16;
231     /** @hide */
232     public static final int OP_RECEIVE_EMERGECY_SMS = 17;
233     /** @hide */
234     public static final int OP_RECEIVE_MMS = 18;
235     /** @hide */
236     public static final int OP_RECEIVE_WAP_PUSH = 19;
237     /** @hide */
238     public static final int OP_SEND_SMS = 20;
239     /** @hide */
240     public static final int OP_READ_ICC_SMS = 21;
241     /** @hide */
242     public static final int OP_WRITE_ICC_SMS = 22;
243     /** @hide */
244     public static final int OP_WRITE_SETTINGS = 23;
245     /** @hide Required to draw on top of other apps. */
246     @TestApi
247     public static final int OP_SYSTEM_ALERT_WINDOW = 24;
248     /** @hide */
249     public static final int OP_ACCESS_NOTIFICATIONS = 25;
250     /** @hide */
251     public static final int OP_CAMERA = 26;
252     /** @hide */
253     @TestApi
254     public static final int OP_RECORD_AUDIO = 27;
255     /** @hide */
256     public static final int OP_PLAY_AUDIO = 28;
257     /** @hide */
258     public static final int OP_READ_CLIPBOARD = 29;
259     /** @hide */
260     public static final int OP_WRITE_CLIPBOARD = 30;
261     /** @hide */
262     public static final int OP_TAKE_MEDIA_BUTTONS = 31;
263     /** @hide */
264     public static final int OP_TAKE_AUDIO_FOCUS = 32;
265     /** @hide */
266     public static final int OP_AUDIO_MASTER_VOLUME = 33;
267     /** @hide */
268     public static final int OP_AUDIO_VOICE_VOLUME = 34;
269     /** @hide */
270     public static final int OP_AUDIO_RING_VOLUME = 35;
271     /** @hide */
272     public static final int OP_AUDIO_MEDIA_VOLUME = 36;
273     /** @hide */
274     public static final int OP_AUDIO_ALARM_VOLUME = 37;
275     /** @hide */
276     public static final int OP_AUDIO_NOTIFICATION_VOLUME = 38;
277     /** @hide */
278     public static final int OP_AUDIO_BLUETOOTH_VOLUME = 39;
279     /** @hide */
280     public static final int OP_WAKE_LOCK = 40;
281     /** @hide Continually monitoring location data. */
282     public static final int OP_MONITOR_LOCATION = 41;
283     /** @hide Continually monitoring location data with a relatively high power request. */
284     public static final int OP_MONITOR_HIGH_POWER_LOCATION = 42;
285     /** @hide Retrieve current usage stats via {@link UsageStatsManager}. */
286     public static final int OP_GET_USAGE_STATS = 43;
287     /** @hide */
288     public static final int OP_MUTE_MICROPHONE = 44;
289     /** @hide */
290     public static final int OP_TOAST_WINDOW = 45;
291     /** @hide Capture the device's display contents and/or audio */
292     public static final int OP_PROJECT_MEDIA = 46;
293     /** @hide Activate a VPN connection without user intervention. */
294     public static final int OP_ACTIVATE_VPN = 47;
295     /** @hide Access the WallpaperManagerAPI to write wallpapers. */
296     public static final int OP_WRITE_WALLPAPER = 48;
297     /** @hide Received the assist structure from an app. */
298     public static final int OP_ASSIST_STRUCTURE = 49;
299     /** @hide Received a screenshot from assist. */
300     public static final int OP_ASSIST_SCREENSHOT = 50;
301     /** @hide Read the phone state. */
302     public static final int OP_READ_PHONE_STATE = 51;
303     /** @hide Add voicemail messages to the voicemail content provider. */
304     public static final int OP_ADD_VOICEMAIL = 52;
305     /** @hide Access APIs for SIP calling over VOIP or WiFi. */
306     public static final int OP_USE_SIP = 53;
307     /** @hide Intercept outgoing calls. */
308     public static final int OP_PROCESS_OUTGOING_CALLS = 54;
309     /** @hide User the fingerprint API. */
310     public static final int OP_USE_FINGERPRINT = 55;
311     /** @hide Access to body sensors such as heart rate, etc. */
312     public static final int OP_BODY_SENSORS = 56;
313     /** @hide Read previously received cell broadcast messages. */
314     public static final int OP_READ_CELL_BROADCASTS = 57;
315     /** @hide Inject mock location into the system. */
316     public static final int OP_MOCK_LOCATION = 58;
317     /** @hide Read external storage. */
318     public static final int OP_READ_EXTERNAL_STORAGE = 59;
319     /** @hide Write external storage. */
320     public static final int OP_WRITE_EXTERNAL_STORAGE = 60;
321     /** @hide Turned on the screen. */
322     public static final int OP_TURN_SCREEN_ON = 61;
323     /** @hide Get device accounts. */
324     public static final int OP_GET_ACCOUNTS = 62;
325     /** @hide Control whether an application is allowed to run in the background. */
326     public static final int OP_RUN_IN_BACKGROUND = 63;
327     /** @hide */
328     public static final int OP_AUDIO_ACCESSIBILITY_VOLUME = 64;
329     /** @hide Read the phone number. */
330     public static final int OP_READ_PHONE_NUMBERS = 65;
331     /** @hide Request package installs through package installer */
332     public static final int OP_REQUEST_INSTALL_PACKAGES = 66;
333     /** @hide Enter picture-in-picture. */
334     public static final int OP_PICTURE_IN_PICTURE = 67;
335     /** @hide Instant app start foreground service. */
336     public static final int OP_INSTANT_APP_START_FOREGROUND = 68;
337     /** @hide Answer incoming phone calls */
338     public static final int OP_ANSWER_PHONE_CALLS = 69;
339     /** @hide Run jobs when in background */
340     public static final int OP_RUN_ANY_IN_BACKGROUND = 70;
341     /** @hide Change Wi-Fi connectivity state */
342     public static final int OP_CHANGE_WIFI_STATE = 71;
343     /** @hide Request package deletion through package installer */
344     public static final int OP_REQUEST_DELETE_PACKAGES = 72;
345     /** @hide Bind an accessibility service. */
346     public static final int OP_BIND_ACCESSIBILITY_SERVICE = 73;
347     /** @hide Continue handover of a call from another app */
348     public static final int OP_ACCEPT_HANDOVER = 74;
349     /** @hide Create and Manage IPsec Tunnels */
350     public static final int OP_MANAGE_IPSEC_TUNNELS = 75;
351     /** @hide Any app start foreground service. */
352     public static final int OP_START_FOREGROUND = 76;
353     /** @hide */
354     public static final int OP_BLUETOOTH_SCAN = 77;
355     /** @hide */
356     public static final int _NUM_OP = 78;
357 
358     /** Access to coarse location information. */
359     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
360     /** Access to fine location information. */
361     public static final String OPSTR_FINE_LOCATION =
362             "android:fine_location";
363     /** Continually monitoring location data. */
364     public static final String OPSTR_MONITOR_LOCATION
365             = "android:monitor_location";
366     /** Continually monitoring location data with a relatively high power request. */
367     public static final String OPSTR_MONITOR_HIGH_POWER_LOCATION
368             = "android:monitor_location_high_power";
369     /** Access to {@link android.app.usage.UsageStatsManager}. */
370     public static final String OPSTR_GET_USAGE_STATS
371             = "android:get_usage_stats";
372     /** Activate a VPN connection without user intervention. @hide */
373     @SystemApi @TestApi
374     public static final String OPSTR_ACTIVATE_VPN
375             = "android:activate_vpn";
376     /** Allows an application to read the user's contacts data. */
377     public static final String OPSTR_READ_CONTACTS
378             = "android:read_contacts";
379     /** Allows an application to write to the user's contacts data. */
380     public static final String OPSTR_WRITE_CONTACTS
381             = "android:write_contacts";
382     /** Allows an application to read the user's call log. */
383     public static final String OPSTR_READ_CALL_LOG
384             = "android:read_call_log";
385     /** Allows an application to write to the user's call log. */
386     public static final String OPSTR_WRITE_CALL_LOG
387             = "android:write_call_log";
388     /** Allows an application to read the user's calendar data. */
389     public static final String OPSTR_READ_CALENDAR
390             = "android:read_calendar";
391     /** Allows an application to write to the user's calendar data. */
392     public static final String OPSTR_WRITE_CALENDAR
393             = "android:write_calendar";
394     /** Allows an application to initiate a phone call. */
395     public static final String OPSTR_CALL_PHONE
396             = "android:call_phone";
397     /** Allows an application to read SMS messages. */
398     public static final String OPSTR_READ_SMS
399             = "android:read_sms";
400     /** Allows an application to receive SMS messages. */
401     public static final String OPSTR_RECEIVE_SMS
402             = "android:receive_sms";
403     /** Allows an application to receive MMS messages. */
404     public static final String OPSTR_RECEIVE_MMS
405             = "android:receive_mms";
406     /** Allows an application to receive WAP push messages. */
407     public static final String OPSTR_RECEIVE_WAP_PUSH
408             = "android:receive_wap_push";
409     /** Allows an application to send SMS messages. */
410     public static final String OPSTR_SEND_SMS
411             = "android:send_sms";
412     /** Required to be able to access the camera device. */
413     public static final String OPSTR_CAMERA
414             = "android:camera";
415     /** Required to be able to access the microphone device. */
416     public static final String OPSTR_RECORD_AUDIO
417             = "android:record_audio";
418     /** Required to access phone state related information. */
419     public static final String OPSTR_READ_PHONE_STATE
420             = "android:read_phone_state";
421     /** Required to access phone state related information. */
422     public static final String OPSTR_ADD_VOICEMAIL
423             = "android:add_voicemail";
424     /** Access APIs for SIP calling over VOIP or WiFi */
425     public static final String OPSTR_USE_SIP
426             = "android:use_sip";
427     /** Access APIs for diverting outgoing calls */
428     public static final String OPSTR_PROCESS_OUTGOING_CALLS
429             = "android:process_outgoing_calls";
430     /** Use the fingerprint API. */
431     public static final String OPSTR_USE_FINGERPRINT
432             = "android:use_fingerprint";
433     /** Access to body sensors such as heart rate, etc. */
434     public static final String OPSTR_BODY_SENSORS
435             = "android:body_sensors";
436     /** Read previously received cell broadcast messages. */
437     public static final String OPSTR_READ_CELL_BROADCASTS
438             = "android:read_cell_broadcasts";
439     /** Inject mock location into the system. */
440     public static final String OPSTR_MOCK_LOCATION
441             = "android:mock_location";
442     /** Read external storage. */
443     public static final String OPSTR_READ_EXTERNAL_STORAGE
444             = "android:read_external_storage";
445     /** Write external storage. */
446     public static final String OPSTR_WRITE_EXTERNAL_STORAGE
447             = "android:write_external_storage";
448     /** Required to draw on top of other apps. */
449     public static final String OPSTR_SYSTEM_ALERT_WINDOW
450             = "android:system_alert_window";
451     /** Required to write/modify/update system settingss. */
452     public static final String OPSTR_WRITE_SETTINGS
453             = "android:write_settings";
454     /** @hide Get device accounts. */
455     @SystemApi @TestApi
456     public static final String OPSTR_GET_ACCOUNTS
457             = "android:get_accounts";
458     public static final String OPSTR_READ_PHONE_NUMBERS
459             = "android:read_phone_numbers";
460     /** Access to picture-in-picture. */
461     public static final String OPSTR_PICTURE_IN_PICTURE
462             = "android:picture_in_picture";
463     /** @hide */
464     @SystemApi @TestApi
465     public static final String OPSTR_INSTANT_APP_START_FOREGROUND
466             = "android:instant_app_start_foreground";
467     /** Answer incoming phone calls */
468     public static final String OPSTR_ANSWER_PHONE_CALLS
469             = "android:answer_phone_calls";
470     /**
471      * Accept call handover
472      * @hide
473      */
474     @SystemApi @TestApi
475     public static final String OPSTR_ACCEPT_HANDOVER
476             = "android:accept_handover";
477     /** @hide */
478     @SystemApi @TestApi
479     public static final String OPSTR_GPS = "android:gps";
480     /** @hide */
481     @SystemApi @TestApi
482     public static final String OPSTR_VIBRATE = "android:vibrate";
483     /** @hide */
484     @SystemApi @TestApi
485     public static final String OPSTR_WIFI_SCAN = "android:wifi_scan";
486     /** @hide */
487     @SystemApi @TestApi
488     public static final String OPSTR_POST_NOTIFICATION = "android:post_notification";
489     /** @hide */
490     @SystemApi @TestApi
491     public static final String OPSTR_NEIGHBORING_CELLS = "android:neighboring_cells";
492     /** @hide */
493     @SystemApi @TestApi
494     public static final String OPSTR_WRITE_SMS = "android:write_sms";
495     /** @hide */
496     @SystemApi @TestApi
497     public static final String OPSTR_RECEIVE_EMERGENCY_BROADCAST =
498             "android:receive_emergency_broadcast";
499     /** @hide */
500     @SystemApi @TestApi
501     public static final String OPSTR_READ_ICC_SMS = "android:read_icc_sms";
502     /** @hide */
503     @SystemApi @TestApi
504     public static final String OPSTR_WRITE_ICC_SMS = "android:write_icc_sms";
505     /** @hide */
506     @SystemApi @TestApi
507     public static final String OPSTR_ACCESS_NOTIFICATIONS = "android:access_notifications";
508     /** @hide */
509     @SystemApi @TestApi
510     public static final String OPSTR_PLAY_AUDIO = "android:play_audio";
511     /** @hide */
512     @SystemApi @TestApi
513     public static final String OPSTR_READ_CLIPBOARD = "android:read_clipboard";
514     /** @hide */
515     @SystemApi @TestApi
516     public static final String OPSTR_WRITE_CLIPBOARD = "android:write_clipboard";
517     /** @hide */
518     @SystemApi @TestApi
519     public static final String OPSTR_TAKE_MEDIA_BUTTONS = "android:take_media_buttons";
520     /** @hide */
521     @SystemApi @TestApi
522     public static final String OPSTR_TAKE_AUDIO_FOCUS = "android:take_audio_focus";
523     /** @hide */
524     @SystemApi @TestApi
525     public static final String OPSTR_AUDIO_MASTER_VOLUME = "android:audio_master_volume";
526     /** @hide */
527     @SystemApi @TestApi
528     public static final String OPSTR_AUDIO_VOICE_VOLUME = "android:audio_voice_volume";
529     /** @hide */
530     @SystemApi @TestApi
531     public static final String OPSTR_AUDIO_RING_VOLUME = "android:audio_ring_volume";
532     /** @hide */
533     @SystemApi @TestApi
534     public static final String OPSTR_AUDIO_MEDIA_VOLUME = "android:audio_media_volume";
535     /** @hide */
536     @SystemApi @TestApi
537     public static final String OPSTR_AUDIO_ALARM_VOLUME = "android:audio_alarm_volume";
538     /** @hide */
539     @SystemApi @TestApi
540     public static final String OPSTR_AUDIO_NOTIFICATION_VOLUME =
541             "android:audio_notification_volume";
542     /** @hide */
543     @SystemApi @TestApi
544     public static final String OPSTR_AUDIO_BLUETOOTH_VOLUME = "android:audio_bluetooth_volume";
545     /** @hide */
546     @SystemApi @TestApi
547     public static final String OPSTR_WAKE_LOCK = "android:wake_lock";
548     /** @hide */
549     @SystemApi @TestApi
550     public static final String OPSTR_MUTE_MICROPHONE = "android:mute_microphone";
551     /** @hide */
552     @SystemApi @TestApi
553     public static final String OPSTR_TOAST_WINDOW = "android:toast_window";
554     /** @hide */
555     @SystemApi @TestApi
556     public static final String OPSTR_PROJECT_MEDIA = "android:project_media";
557     /** @hide */
558     @SystemApi @TestApi
559     public static final String OPSTR_WRITE_WALLPAPER = "android:write_wallpaper";
560     /** @hide */
561     @SystemApi @TestApi
562     public static final String OPSTR_ASSIST_STRUCTURE = "android:assist_structure";
563     /** @hide */
564     @SystemApi @TestApi
565     public static final String OPSTR_ASSIST_SCREENSHOT = "android:assist_screenshot";
566     /** @hide */
567     @SystemApi @TestApi
568     public static final String OPSTR_TURN_SCREEN_ON = "android:turn_screen_on";
569     /** @hide */
570     @SystemApi @TestApi
571     public static final String OPSTR_RUN_IN_BACKGROUND = "android:run_in_background";
572     /** @hide */
573     @SystemApi @TestApi
574     public static final String OPSTR_AUDIO_ACCESSIBILITY_VOLUME =
575             "android:audio_accessibility_volume";
576     /** @hide */
577     @SystemApi @TestApi
578     public static final String OPSTR_REQUEST_INSTALL_PACKAGES = "android:request_install_packages";
579     /** @hide */
580     @SystemApi @TestApi
581     public static final String OPSTR_RUN_ANY_IN_BACKGROUND = "android:run_any_in_background";
582     /** @hide */
583     @SystemApi @TestApi
584     public static final String OPSTR_CHANGE_WIFI_STATE = "android:change_wifi_state";
585     /** @hide */
586     @SystemApi @TestApi
587     public static final String OPSTR_REQUEST_DELETE_PACKAGES = "android:request_delete_packages";
588     /** @hide */
589     @SystemApi @TestApi
590     public static final String OPSTR_BIND_ACCESSIBILITY_SERVICE =
591             "android:bind_accessibility_service";
592     /** @hide */
593     @SystemApi @TestApi
594     public static final String OPSTR_MANAGE_IPSEC_TUNNELS = "android:manage_ipsec_tunnels";
595     /** @hide */
596     @SystemApi @TestApi
597     public static final String OPSTR_START_FOREGROUND = "android:start_foreground";
598     /** @hide */
599     public static final String OPSTR_BLUETOOTH_SCAN = "android:bluetooth_scan";
600 
601     // Warning: If an permission is added here it also has to be added to
602     // com.android.packageinstaller.permission.utils.EventLogger
603     private static final int[] RUNTIME_AND_APPOP_PERMISSIONS_OPS = {
604             // RUNTIME PERMISSIONS
605             // Contacts
606             OP_READ_CONTACTS,
607             OP_WRITE_CONTACTS,
608             OP_GET_ACCOUNTS,
609             // Calendar
610             OP_READ_CALENDAR,
611             OP_WRITE_CALENDAR,
612             // SMS
613             OP_SEND_SMS,
614             OP_RECEIVE_SMS,
615             OP_READ_SMS,
616             OP_RECEIVE_WAP_PUSH,
617             OP_RECEIVE_MMS,
618             OP_READ_CELL_BROADCASTS,
619             // Storage
620             OP_READ_EXTERNAL_STORAGE,
621             OP_WRITE_EXTERNAL_STORAGE,
622             // Location
623             OP_COARSE_LOCATION,
624             OP_FINE_LOCATION,
625             // Phone
626             OP_READ_PHONE_STATE,
627             OP_READ_PHONE_NUMBERS,
628             OP_CALL_PHONE,
629             OP_READ_CALL_LOG,
630             OP_WRITE_CALL_LOG,
631             OP_ADD_VOICEMAIL,
632             OP_USE_SIP,
633             OP_PROCESS_OUTGOING_CALLS,
634             OP_ANSWER_PHONE_CALLS,
635             OP_ACCEPT_HANDOVER,
636             // Microphone
637             OP_RECORD_AUDIO,
638             // Camera
639             OP_CAMERA,
640             // Body sensors
641             OP_BODY_SENSORS,
642 
643             // APPOP PERMISSIONS
644             OP_ACCESS_NOTIFICATIONS,
645             OP_SYSTEM_ALERT_WINDOW,
646             OP_WRITE_SETTINGS,
647             OP_REQUEST_INSTALL_PACKAGES,
648             OP_START_FOREGROUND,
649     };
650 
651     /**
652      * This maps each operation to the operation that serves as the
653      * switch to determine whether it is allowed.  Generally this is
654      * a 1:1 mapping, but for some things (like location) that have
655      * multiple low-level operations being tracked that should be
656      * presented to the user as one switch then this can be used to
657      * make them all controlled by the same single operation.
658      */
659     private static int[] sOpToSwitch = new int[] {
660             OP_COARSE_LOCATION,                 // COARSE_LOCATION
661             OP_COARSE_LOCATION,                 // FINE_LOCATION
662             OP_COARSE_LOCATION,                 // GPS
663             OP_VIBRATE,                         // VIBRATE
664             OP_READ_CONTACTS,                   // READ_CONTACTS
665             OP_WRITE_CONTACTS,                  // WRITE_CONTACTS
666             OP_READ_CALL_LOG,                   // READ_CALL_LOG
667             OP_WRITE_CALL_LOG,                  // WRITE_CALL_LOG
668             OP_READ_CALENDAR,                   // READ_CALENDAR
669             OP_WRITE_CALENDAR,                  // WRITE_CALENDAR
670             OP_COARSE_LOCATION,                 // WIFI_SCAN
671             OP_POST_NOTIFICATION,               // POST_NOTIFICATION
672             OP_COARSE_LOCATION,                 // NEIGHBORING_CELLS
673             OP_CALL_PHONE,                      // CALL_PHONE
674             OP_READ_SMS,                        // READ_SMS
675             OP_WRITE_SMS,                       // WRITE_SMS
676             OP_RECEIVE_SMS,                     // RECEIVE_SMS
677             OP_RECEIVE_SMS,                     // RECEIVE_EMERGECY_SMS
678             OP_RECEIVE_MMS,                     // RECEIVE_MMS
679             OP_RECEIVE_WAP_PUSH,                // RECEIVE_WAP_PUSH
680             OP_SEND_SMS,                        // SEND_SMS
681             OP_READ_SMS,                        // READ_ICC_SMS
682             OP_WRITE_SMS,                       // WRITE_ICC_SMS
683             OP_WRITE_SETTINGS,                  // WRITE_SETTINGS
684             OP_SYSTEM_ALERT_WINDOW,             // SYSTEM_ALERT_WINDOW
685             OP_ACCESS_NOTIFICATIONS,            // ACCESS_NOTIFICATIONS
686             OP_CAMERA,                          // CAMERA
687             OP_RECORD_AUDIO,                    // RECORD_AUDIO
688             OP_PLAY_AUDIO,                      // PLAY_AUDIO
689             OP_READ_CLIPBOARD,                  // READ_CLIPBOARD
690             OP_WRITE_CLIPBOARD,                 // WRITE_CLIPBOARD
691             OP_TAKE_MEDIA_BUTTONS,              // TAKE_MEDIA_BUTTONS
692             OP_TAKE_AUDIO_FOCUS,                // TAKE_AUDIO_FOCUS
693             OP_AUDIO_MASTER_VOLUME,             // AUDIO_MASTER_VOLUME
694             OP_AUDIO_VOICE_VOLUME,              // AUDIO_VOICE_VOLUME
695             OP_AUDIO_RING_VOLUME,               // AUDIO_RING_VOLUME
696             OP_AUDIO_MEDIA_VOLUME,              // AUDIO_MEDIA_VOLUME
697             OP_AUDIO_ALARM_VOLUME,              // AUDIO_ALARM_VOLUME
698             OP_AUDIO_NOTIFICATION_VOLUME,       // AUDIO_NOTIFICATION_VOLUME
699             OP_AUDIO_BLUETOOTH_VOLUME,          // AUDIO_BLUETOOTH_VOLUME
700             OP_WAKE_LOCK,                       // WAKE_LOCK
701             OP_COARSE_LOCATION,                 // MONITOR_LOCATION
702             OP_COARSE_LOCATION,                 // MONITOR_HIGH_POWER_LOCATION
703             OP_GET_USAGE_STATS,                 // GET_USAGE_STATS
704             OP_MUTE_MICROPHONE,                 // MUTE_MICROPHONE
705             OP_TOAST_WINDOW,                    // TOAST_WINDOW
706             OP_PROJECT_MEDIA,                   // PROJECT_MEDIA
707             OP_ACTIVATE_VPN,                    // ACTIVATE_VPN
708             OP_WRITE_WALLPAPER,                 // WRITE_WALLPAPER
709             OP_ASSIST_STRUCTURE,                // ASSIST_STRUCTURE
710             OP_ASSIST_SCREENSHOT,               // ASSIST_SCREENSHOT
711             OP_READ_PHONE_STATE,                // READ_PHONE_STATE
712             OP_ADD_VOICEMAIL,                   // ADD_VOICEMAIL
713             OP_USE_SIP,                         // USE_SIP
714             OP_PROCESS_OUTGOING_CALLS,          // PROCESS_OUTGOING_CALLS
715             OP_USE_FINGERPRINT,                 // USE_FINGERPRINT
716             OP_BODY_SENSORS,                    // BODY_SENSORS
717             OP_READ_CELL_BROADCASTS,            // READ_CELL_BROADCASTS
718             OP_MOCK_LOCATION,                   // MOCK_LOCATION
719             OP_READ_EXTERNAL_STORAGE,           // READ_EXTERNAL_STORAGE
720             OP_WRITE_EXTERNAL_STORAGE,          // WRITE_EXTERNAL_STORAGE
721             OP_TURN_SCREEN_ON,                  // TURN_SCREEN_ON
722             OP_GET_ACCOUNTS,                    // GET_ACCOUNTS
723             OP_RUN_IN_BACKGROUND,               // RUN_IN_BACKGROUND
724             OP_AUDIO_ACCESSIBILITY_VOLUME,      // AUDIO_ACCESSIBILITY_VOLUME
725             OP_READ_PHONE_NUMBERS,              // READ_PHONE_NUMBERS
726             OP_REQUEST_INSTALL_PACKAGES,        // REQUEST_INSTALL_PACKAGES
727             OP_PICTURE_IN_PICTURE,              // ENTER_PICTURE_IN_PICTURE_ON_HIDE
728             OP_INSTANT_APP_START_FOREGROUND,    // INSTANT_APP_START_FOREGROUND
729             OP_ANSWER_PHONE_CALLS,              // ANSWER_PHONE_CALLS
730             OP_RUN_ANY_IN_BACKGROUND,           // OP_RUN_ANY_IN_BACKGROUND
731             OP_CHANGE_WIFI_STATE,               // OP_CHANGE_WIFI_STATE
732             OP_REQUEST_DELETE_PACKAGES,         // OP_REQUEST_DELETE_PACKAGES
733             OP_BIND_ACCESSIBILITY_SERVICE,      // OP_BIND_ACCESSIBILITY_SERVICE
734             OP_ACCEPT_HANDOVER,                 // ACCEPT_HANDOVER
735             OP_MANAGE_IPSEC_TUNNELS,            // MANAGE_IPSEC_HANDOVERS
736             OP_START_FOREGROUND,                // START_FOREGROUND
737             OP_COARSE_LOCATION,                 // BLUETOOTH_SCAN
738     };
739 
740     /**
741      * This maps each operation to the public string constant for it.
742      */
743     private static String[] sOpToString = new String[]{
744             OPSTR_COARSE_LOCATION,
745             OPSTR_FINE_LOCATION,
746             OPSTR_GPS,
747             OPSTR_VIBRATE,
748             OPSTR_READ_CONTACTS,
749             OPSTR_WRITE_CONTACTS,
750             OPSTR_READ_CALL_LOG,
751             OPSTR_WRITE_CALL_LOG,
752             OPSTR_READ_CALENDAR,
753             OPSTR_WRITE_CALENDAR,
754             OPSTR_WIFI_SCAN,
755             OPSTR_POST_NOTIFICATION,
756             OPSTR_NEIGHBORING_CELLS,
757             OPSTR_CALL_PHONE,
758             OPSTR_READ_SMS,
759             OPSTR_WRITE_SMS,
760             OPSTR_RECEIVE_SMS,
761             OPSTR_RECEIVE_EMERGENCY_BROADCAST,
762             OPSTR_RECEIVE_MMS,
763             OPSTR_RECEIVE_WAP_PUSH,
764             OPSTR_SEND_SMS,
765             OPSTR_READ_ICC_SMS,
766             OPSTR_WRITE_ICC_SMS,
767             OPSTR_WRITE_SETTINGS,
768             OPSTR_SYSTEM_ALERT_WINDOW,
769             OPSTR_ACCESS_NOTIFICATIONS,
770             OPSTR_CAMERA,
771             OPSTR_RECORD_AUDIO,
772             OPSTR_PLAY_AUDIO,
773             OPSTR_READ_CLIPBOARD,
774             OPSTR_WRITE_CLIPBOARD,
775             OPSTR_TAKE_MEDIA_BUTTONS,
776             OPSTR_TAKE_AUDIO_FOCUS,
777             OPSTR_AUDIO_MASTER_VOLUME,
778             OPSTR_AUDIO_VOICE_VOLUME,
779             OPSTR_AUDIO_RING_VOLUME,
780             OPSTR_AUDIO_MEDIA_VOLUME,
781             OPSTR_AUDIO_ALARM_VOLUME,
782             OPSTR_AUDIO_NOTIFICATION_VOLUME,
783             OPSTR_AUDIO_BLUETOOTH_VOLUME,
784             OPSTR_WAKE_LOCK,
785             OPSTR_MONITOR_LOCATION,
786             OPSTR_MONITOR_HIGH_POWER_LOCATION,
787             OPSTR_GET_USAGE_STATS,
788             OPSTR_MUTE_MICROPHONE,
789             OPSTR_TOAST_WINDOW,
790             OPSTR_PROJECT_MEDIA,
791             OPSTR_ACTIVATE_VPN,
792             OPSTR_WRITE_WALLPAPER,
793             OPSTR_ASSIST_STRUCTURE,
794             OPSTR_ASSIST_SCREENSHOT,
795             OPSTR_READ_PHONE_STATE,
796             OPSTR_ADD_VOICEMAIL,
797             OPSTR_USE_SIP,
798             OPSTR_PROCESS_OUTGOING_CALLS,
799             OPSTR_USE_FINGERPRINT,
800             OPSTR_BODY_SENSORS,
801             OPSTR_READ_CELL_BROADCASTS,
802             OPSTR_MOCK_LOCATION,
803             OPSTR_READ_EXTERNAL_STORAGE,
804             OPSTR_WRITE_EXTERNAL_STORAGE,
805             OPSTR_TURN_SCREEN_ON,
806             OPSTR_GET_ACCOUNTS,
807             OPSTR_RUN_IN_BACKGROUND,
808             OPSTR_AUDIO_ACCESSIBILITY_VOLUME,
809             OPSTR_READ_PHONE_NUMBERS,
810             OPSTR_REQUEST_INSTALL_PACKAGES,
811             OPSTR_PICTURE_IN_PICTURE,
812             OPSTR_INSTANT_APP_START_FOREGROUND,
813             OPSTR_ANSWER_PHONE_CALLS,
814             OPSTR_RUN_ANY_IN_BACKGROUND,
815             OPSTR_CHANGE_WIFI_STATE,
816             OPSTR_REQUEST_DELETE_PACKAGES,
817             OPSTR_BIND_ACCESSIBILITY_SERVICE,
818             OPSTR_ACCEPT_HANDOVER,
819             OPSTR_MANAGE_IPSEC_TUNNELS,
820             OPSTR_START_FOREGROUND,
821             OPSTR_BLUETOOTH_SCAN,
822     };
823 
824     /**
825      * This provides a simple name for each operation to be used
826      * in debug output.
827      */
828     private static String[] sOpNames = new String[] {
829             "COARSE_LOCATION",
830             "FINE_LOCATION",
831             "GPS",
832             "VIBRATE",
833             "READ_CONTACTS",
834             "WRITE_CONTACTS",
835             "READ_CALL_LOG",
836             "WRITE_CALL_LOG",
837             "READ_CALENDAR",
838             "WRITE_CALENDAR",
839             "WIFI_SCAN",
840             "POST_NOTIFICATION",
841             "NEIGHBORING_CELLS",
842             "CALL_PHONE",
843             "READ_SMS",
844             "WRITE_SMS",
845             "RECEIVE_SMS",
846             "RECEIVE_EMERGECY_SMS",
847             "RECEIVE_MMS",
848             "RECEIVE_WAP_PUSH",
849             "SEND_SMS",
850             "READ_ICC_SMS",
851             "WRITE_ICC_SMS",
852             "WRITE_SETTINGS",
853             "SYSTEM_ALERT_WINDOW",
854             "ACCESS_NOTIFICATIONS",
855             "CAMERA",
856             "RECORD_AUDIO",
857             "PLAY_AUDIO",
858             "READ_CLIPBOARD",
859             "WRITE_CLIPBOARD",
860             "TAKE_MEDIA_BUTTONS",
861             "TAKE_AUDIO_FOCUS",
862             "AUDIO_MASTER_VOLUME",
863             "AUDIO_VOICE_VOLUME",
864             "AUDIO_RING_VOLUME",
865             "AUDIO_MEDIA_VOLUME",
866             "AUDIO_ALARM_VOLUME",
867             "AUDIO_NOTIFICATION_VOLUME",
868             "AUDIO_BLUETOOTH_VOLUME",
869             "WAKE_LOCK",
870             "MONITOR_LOCATION",
871             "MONITOR_HIGH_POWER_LOCATION",
872             "GET_USAGE_STATS",
873             "MUTE_MICROPHONE",
874             "TOAST_WINDOW",
875             "PROJECT_MEDIA",
876             "ACTIVATE_VPN",
877             "WRITE_WALLPAPER",
878             "ASSIST_STRUCTURE",
879             "ASSIST_SCREENSHOT",
880             "OP_READ_PHONE_STATE",
881             "ADD_VOICEMAIL",
882             "USE_SIP",
883             "PROCESS_OUTGOING_CALLS",
884             "USE_FINGERPRINT",
885             "BODY_SENSORS",
886             "READ_CELL_BROADCASTS",
887             "MOCK_LOCATION",
888             "READ_EXTERNAL_STORAGE",
889             "WRITE_EXTERNAL_STORAGE",
890             "TURN_ON_SCREEN",
891             "GET_ACCOUNTS",
892             "RUN_IN_BACKGROUND",
893             "AUDIO_ACCESSIBILITY_VOLUME",
894             "READ_PHONE_NUMBERS",
895             "REQUEST_INSTALL_PACKAGES",
896             "PICTURE_IN_PICTURE",
897             "INSTANT_APP_START_FOREGROUND",
898             "ANSWER_PHONE_CALLS",
899             "RUN_ANY_IN_BACKGROUND",
900             "CHANGE_WIFI_STATE",
901             "REQUEST_DELETE_PACKAGES",
902             "BIND_ACCESSIBILITY_SERVICE",
903             "ACCEPT_HANDOVER",
904             "MANAGE_IPSEC_TUNNELS",
905             "START_FOREGROUND",
906             "BLUETOOTH_SCAN",
907     };
908 
909     /**
910      * This optionally maps a permission to an operation.  If there
911      * is no permission associated with an operation, it is null.
912      */
913     private static String[] sOpPerms = new String[] {
914             android.Manifest.permission.ACCESS_COARSE_LOCATION,
915             android.Manifest.permission.ACCESS_FINE_LOCATION,
916             null,
917             android.Manifest.permission.VIBRATE,
918             android.Manifest.permission.READ_CONTACTS,
919             android.Manifest.permission.WRITE_CONTACTS,
920             android.Manifest.permission.READ_CALL_LOG,
921             android.Manifest.permission.WRITE_CALL_LOG,
922             android.Manifest.permission.READ_CALENDAR,
923             android.Manifest.permission.WRITE_CALENDAR,
924             android.Manifest.permission.ACCESS_WIFI_STATE,
925             null, // no permission required for notifications
926             null, // neighboring cells shares the coarse location perm
927             android.Manifest.permission.CALL_PHONE,
928             android.Manifest.permission.READ_SMS,
929             null, // no permission required for writing sms
930             android.Manifest.permission.RECEIVE_SMS,
931             android.Manifest.permission.RECEIVE_EMERGENCY_BROADCAST,
932             android.Manifest.permission.RECEIVE_MMS,
933             android.Manifest.permission.RECEIVE_WAP_PUSH,
934             android.Manifest.permission.SEND_SMS,
935             android.Manifest.permission.READ_SMS,
936             null, // no permission required for writing icc sms
937             android.Manifest.permission.WRITE_SETTINGS,
938             android.Manifest.permission.SYSTEM_ALERT_WINDOW,
939             android.Manifest.permission.ACCESS_NOTIFICATIONS,
940             android.Manifest.permission.CAMERA,
941             android.Manifest.permission.RECORD_AUDIO,
942             null, // no permission for playing audio
943             null, // no permission for reading clipboard
944             null, // no permission for writing clipboard
945             null, // no permission for taking media buttons
946             null, // no permission for taking audio focus
947             null, // no permission for changing master volume
948             null, // no permission for changing voice volume
949             null, // no permission for changing ring volume
950             null, // no permission for changing media volume
951             null, // no permission for changing alarm volume
952             null, // no permission for changing notification volume
953             null, // no permission for changing bluetooth volume
954             android.Manifest.permission.WAKE_LOCK,
955             null, // no permission for generic location monitoring
956             null, // no permission for high power location monitoring
957             android.Manifest.permission.PACKAGE_USAGE_STATS,
958             null, // no permission for muting/unmuting microphone
959             null, // no permission for displaying toasts
960             null, // no permission for projecting media
961             null, // no permission for activating vpn
962             null, // no permission for supporting wallpaper
963             null, // no permission for receiving assist structure
964             null, // no permission for receiving assist screenshot
965             Manifest.permission.READ_PHONE_STATE,
966             Manifest.permission.ADD_VOICEMAIL,
967             Manifest.permission.USE_SIP,
968             Manifest.permission.PROCESS_OUTGOING_CALLS,
969             Manifest.permission.USE_FINGERPRINT,
970             Manifest.permission.BODY_SENSORS,
971             Manifest.permission.READ_CELL_BROADCASTS,
972             null,
973             Manifest.permission.READ_EXTERNAL_STORAGE,
974             Manifest.permission.WRITE_EXTERNAL_STORAGE,
975             null, // no permission for turning the screen on
976             Manifest.permission.GET_ACCOUNTS,
977             null, // no permission for running in background
978             null, // no permission for changing accessibility volume
979             Manifest.permission.READ_PHONE_NUMBERS,
980             Manifest.permission.REQUEST_INSTALL_PACKAGES,
981             null, // no permission for entering picture-in-picture on hide
982             Manifest.permission.INSTANT_APP_FOREGROUND_SERVICE,
983             Manifest.permission.ANSWER_PHONE_CALLS,
984             null, // no permission for OP_RUN_ANY_IN_BACKGROUND
985             Manifest.permission.CHANGE_WIFI_STATE,
986             Manifest.permission.REQUEST_DELETE_PACKAGES,
987             Manifest.permission.BIND_ACCESSIBILITY_SERVICE,
988             Manifest.permission.ACCEPT_HANDOVER,
989             null, // no permission for OP_MANAGE_IPSEC_TUNNELS
990             Manifest.permission.FOREGROUND_SERVICE,
991             null, // no permission for OP_BLUETOOTH_SCAN
992     };
993 
994     /**
995      * Specifies whether an Op should be restricted by a user restriction.
996      * Each Op should be filled with a restriction string from UserManager or
997      * null to specify it is not affected by any user restriction.
998      */
999     private static String[] sOpRestrictions = new String[] {
1000             UserManager.DISALLOW_SHARE_LOCATION, //COARSE_LOCATION
1001             UserManager.DISALLOW_SHARE_LOCATION, //FINE_LOCATION
1002             UserManager.DISALLOW_SHARE_LOCATION, //GPS
1003             null, //VIBRATE
1004             null, //READ_CONTACTS
1005             null, //WRITE_CONTACTS
1006             UserManager.DISALLOW_OUTGOING_CALLS, //READ_CALL_LOG
1007             UserManager.DISALLOW_OUTGOING_CALLS, //WRITE_CALL_LOG
1008             null, //READ_CALENDAR
1009             null, //WRITE_CALENDAR
1010             UserManager.DISALLOW_SHARE_LOCATION, //WIFI_SCAN
1011             null, //POST_NOTIFICATION
1012             null, //NEIGHBORING_CELLS
1013             null, //CALL_PHONE
1014             UserManager.DISALLOW_SMS, //READ_SMS
1015             UserManager.DISALLOW_SMS, //WRITE_SMS
1016             UserManager.DISALLOW_SMS, //RECEIVE_SMS
1017             null, //RECEIVE_EMERGENCY_SMS
1018             UserManager.DISALLOW_SMS, //RECEIVE_MMS
1019             null, //RECEIVE_WAP_PUSH
1020             UserManager.DISALLOW_SMS, //SEND_SMS
1021             UserManager.DISALLOW_SMS, //READ_ICC_SMS
1022             UserManager.DISALLOW_SMS, //WRITE_ICC_SMS
1023             null, //WRITE_SETTINGS
1024             UserManager.DISALLOW_CREATE_WINDOWS, //SYSTEM_ALERT_WINDOW
1025             null, //ACCESS_NOTIFICATIONS
1026             UserManager.DISALLOW_CAMERA, //CAMERA
1027             UserManager.DISALLOW_RECORD_AUDIO, //RECORD_AUDIO
1028             null, //PLAY_AUDIO
1029             null, //READ_CLIPBOARD
1030             null, //WRITE_CLIPBOARD
1031             null, //TAKE_MEDIA_BUTTONS
1032             null, //TAKE_AUDIO_FOCUS
1033             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_MASTER_VOLUME
1034             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_VOICE_VOLUME
1035             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_RING_VOLUME
1036             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_MEDIA_VOLUME
1037             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_ALARM_VOLUME
1038             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_NOTIFICATION_VOLUME
1039             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_BLUETOOTH_VOLUME
1040             null, //WAKE_LOCK
1041             UserManager.DISALLOW_SHARE_LOCATION, //MONITOR_LOCATION
1042             UserManager.DISALLOW_SHARE_LOCATION, //MONITOR_HIGH_POWER_LOCATION
1043             null, //GET_USAGE_STATS
1044             UserManager.DISALLOW_UNMUTE_MICROPHONE, // MUTE_MICROPHONE
1045             UserManager.DISALLOW_CREATE_WINDOWS, // TOAST_WINDOW
1046             null, //PROJECT_MEDIA
1047             null, // ACTIVATE_VPN
1048             UserManager.DISALLOW_WALLPAPER, // WRITE_WALLPAPER
1049             null, // ASSIST_STRUCTURE
1050             null, // ASSIST_SCREENSHOT
1051             null, // READ_PHONE_STATE
1052             null, // ADD_VOICEMAIL
1053             null, // USE_SIP
1054             null, // PROCESS_OUTGOING_CALLS
1055             null, // USE_FINGERPRINT
1056             null, // BODY_SENSORS
1057             null, // READ_CELL_BROADCASTS
1058             null, // MOCK_LOCATION
1059             null, // READ_EXTERNAL_STORAGE
1060             null, // WRITE_EXTERNAL_STORAGE
1061             null, // TURN_ON_SCREEN
1062             null, // GET_ACCOUNTS
1063             null, // RUN_IN_BACKGROUND
1064             UserManager.DISALLOW_ADJUST_VOLUME, //AUDIO_ACCESSIBILITY_VOLUME
1065             null, // READ_PHONE_NUMBERS
1066             null, // REQUEST_INSTALL_PACKAGES
1067             null, // ENTER_PICTURE_IN_PICTURE_ON_HIDE
1068             null, // INSTANT_APP_START_FOREGROUND
1069             null, // ANSWER_PHONE_CALLS
1070             null, // OP_RUN_ANY_IN_BACKGROUND
1071             null, // OP_CHANGE_WIFI_STATE
1072             null, // REQUEST_DELETE_PACKAGES
1073             null, // OP_BIND_ACCESSIBILITY_SERVICE
1074             null, // ACCEPT_HANDOVER
1075             null, // MANAGE_IPSEC_TUNNELS
1076             null, // START_FOREGROUND
1077             null, // maybe should be UserManager.DISALLOW_SHARE_LOCATION, //BLUETOOTH_SCAN
1078     };
1079 
1080     /**
1081      * This specifies whether each option should allow the system
1082      * (and system ui) to bypass the user restriction when active.
1083      */
1084     private static boolean[] sOpAllowSystemRestrictionBypass = new boolean[] {
1085             true, //COARSE_LOCATION
1086             true, //FINE_LOCATION
1087             false, //GPS
1088             false, //VIBRATE
1089             false, //READ_CONTACTS
1090             false, //WRITE_CONTACTS
1091             false, //READ_CALL_LOG
1092             false, //WRITE_CALL_LOG
1093             false, //READ_CALENDAR
1094             false, //WRITE_CALENDAR
1095             true, //WIFI_SCAN
1096             false, //POST_NOTIFICATION
1097             false, //NEIGHBORING_CELLS
1098             false, //CALL_PHONE
1099             false, //READ_SMS
1100             false, //WRITE_SMS
1101             false, //RECEIVE_SMS
1102             false, //RECEIVE_EMERGECY_SMS
1103             false, //RECEIVE_MMS
1104             false, //RECEIVE_WAP_PUSH
1105             false, //SEND_SMS
1106             false, //READ_ICC_SMS
1107             false, //WRITE_ICC_SMS
1108             false, //WRITE_SETTINGS
1109             true, //SYSTEM_ALERT_WINDOW
1110             false, //ACCESS_NOTIFICATIONS
1111             false, //CAMERA
1112             false, //RECORD_AUDIO
1113             false, //PLAY_AUDIO
1114             false, //READ_CLIPBOARD
1115             false, //WRITE_CLIPBOARD
1116             false, //TAKE_MEDIA_BUTTONS
1117             false, //TAKE_AUDIO_FOCUS
1118             false, //AUDIO_MASTER_VOLUME
1119             false, //AUDIO_VOICE_VOLUME
1120             false, //AUDIO_RING_VOLUME
1121             false, //AUDIO_MEDIA_VOLUME
1122             false, //AUDIO_ALARM_VOLUME
1123             false, //AUDIO_NOTIFICATION_VOLUME
1124             false, //AUDIO_BLUETOOTH_VOLUME
1125             false, //WAKE_LOCK
1126             false, //MONITOR_LOCATION
1127             false, //MONITOR_HIGH_POWER_LOCATION
1128             false, //GET_USAGE_STATS
1129             false, //MUTE_MICROPHONE
1130             true, //TOAST_WINDOW
1131             false, //PROJECT_MEDIA
1132             false, //ACTIVATE_VPN
1133             false, //WALLPAPER
1134             false, //ASSIST_STRUCTURE
1135             false, //ASSIST_SCREENSHOT
1136             false, //READ_PHONE_STATE
1137             false, //ADD_VOICEMAIL
1138             false, // USE_SIP
1139             false, // PROCESS_OUTGOING_CALLS
1140             false, // USE_FINGERPRINT
1141             false, // BODY_SENSORS
1142             false, // READ_CELL_BROADCASTS
1143             false, // MOCK_LOCATION
1144             false, // READ_EXTERNAL_STORAGE
1145             false, // WRITE_EXTERNAL_STORAGE
1146             false, // TURN_ON_SCREEN
1147             false, // GET_ACCOUNTS
1148             false, // RUN_IN_BACKGROUND
1149             false, // AUDIO_ACCESSIBILITY_VOLUME
1150             false, // READ_PHONE_NUMBERS
1151             false, // REQUEST_INSTALL_PACKAGES
1152             false, // ENTER_PICTURE_IN_PICTURE_ON_HIDE
1153             false, // INSTANT_APP_START_FOREGROUND
1154             false, // ANSWER_PHONE_CALLS
1155             false, // OP_RUN_ANY_IN_BACKGROUND
1156             false, // OP_CHANGE_WIFI_STATE
1157             false, // OP_REQUEST_DELETE_PACKAGES
1158             false, // OP_BIND_ACCESSIBILITY_SERVICE
1159             false, // ACCEPT_HANDOVER
1160             false, // MANAGE_IPSEC_HANDOVERS
1161             false, // START_FOREGROUND
1162             true, // BLUETOOTH_SCAN
1163     };
1164 
1165     /**
1166      * This specifies the default mode for each operation.
1167      */
1168     private static int[] sOpDefaultMode = new int[] {
1169             AppOpsManager.MODE_ALLOWED,
1170             AppOpsManager.MODE_ALLOWED,
1171             AppOpsManager.MODE_ALLOWED,
1172             AppOpsManager.MODE_ALLOWED,
1173             AppOpsManager.MODE_ALLOWED,
1174             AppOpsManager.MODE_ALLOWED,
1175             AppOpsManager.MODE_ALLOWED,
1176             AppOpsManager.MODE_ALLOWED,
1177             AppOpsManager.MODE_ALLOWED,
1178             AppOpsManager.MODE_ALLOWED,
1179             AppOpsManager.MODE_ALLOWED,
1180             AppOpsManager.MODE_ALLOWED,
1181             AppOpsManager.MODE_ALLOWED,
1182             AppOpsManager.MODE_ALLOWED,
1183             AppOpsManager.MODE_ALLOWED,
1184             AppOpsManager.MODE_IGNORED, // OP_WRITE_SMS
1185             AppOpsManager.MODE_ALLOWED,
1186             AppOpsManager.MODE_ALLOWED,
1187             AppOpsManager.MODE_ALLOWED,
1188             AppOpsManager.MODE_ALLOWED,
1189             AppOpsManager.MODE_ALLOWED,
1190             AppOpsManager.MODE_ALLOWED,
1191             AppOpsManager.MODE_ALLOWED,
1192             AppOpsManager.MODE_DEFAULT, // OP_WRITE_SETTINGS
1193             AppOpsManager.MODE_DEFAULT, // OP_SYSTEM_ALERT_WINDOW
1194             AppOpsManager.MODE_ALLOWED,
1195             AppOpsManager.MODE_ALLOWED,
1196             AppOpsManager.MODE_ALLOWED,
1197             AppOpsManager.MODE_ALLOWED,
1198             AppOpsManager.MODE_ALLOWED,
1199             AppOpsManager.MODE_ALLOWED,
1200             AppOpsManager.MODE_ALLOWED,
1201             AppOpsManager.MODE_ALLOWED,
1202             AppOpsManager.MODE_ALLOWED,
1203             AppOpsManager.MODE_ALLOWED,
1204             AppOpsManager.MODE_ALLOWED,
1205             AppOpsManager.MODE_ALLOWED,
1206             AppOpsManager.MODE_ALLOWED,
1207             AppOpsManager.MODE_ALLOWED,
1208             AppOpsManager.MODE_ALLOWED,
1209             AppOpsManager.MODE_ALLOWED,
1210             AppOpsManager.MODE_ALLOWED,
1211             AppOpsManager.MODE_ALLOWED,
1212             AppOpsManager.MODE_DEFAULT, // OP_GET_USAGE_STATS
1213             AppOpsManager.MODE_ALLOWED,
1214             AppOpsManager.MODE_ALLOWED,
1215             AppOpsManager.MODE_IGNORED, // OP_PROJECT_MEDIA
1216             AppOpsManager.MODE_IGNORED, // OP_ACTIVATE_VPN
1217             AppOpsManager.MODE_ALLOWED,
1218             AppOpsManager.MODE_ALLOWED,
1219             AppOpsManager.MODE_ALLOWED,
1220             AppOpsManager.MODE_ALLOWED,
1221             AppOpsManager.MODE_ALLOWED,
1222             AppOpsManager.MODE_ALLOWED,
1223             AppOpsManager.MODE_ALLOWED,
1224             AppOpsManager.MODE_ALLOWED,
1225             AppOpsManager.MODE_ALLOWED,
1226             AppOpsManager.MODE_ALLOWED,
1227             AppOpsManager.MODE_ERRORED,  // OP_MOCK_LOCATION
1228             AppOpsManager.MODE_ALLOWED,
1229             AppOpsManager.MODE_ALLOWED,
1230             AppOpsManager.MODE_ALLOWED,  // OP_TURN_ON_SCREEN
1231             AppOpsManager.MODE_ALLOWED,
1232             AppOpsManager.MODE_ALLOWED,  // OP_RUN_IN_BACKGROUND
1233             AppOpsManager.MODE_ALLOWED,  // OP_AUDIO_ACCESSIBILITY_VOLUME
1234             AppOpsManager.MODE_ALLOWED,
1235             AppOpsManager.MODE_DEFAULT,  // OP_REQUEST_INSTALL_PACKAGES
1236             AppOpsManager.MODE_ALLOWED,  // OP_PICTURE_IN_PICTURE
1237             AppOpsManager.MODE_DEFAULT,  // OP_INSTANT_APP_START_FOREGROUND
1238             AppOpsManager.MODE_ALLOWED,  // ANSWER_PHONE_CALLS
1239             AppOpsManager.MODE_ALLOWED,  // OP_RUN_ANY_IN_BACKGROUND
1240             AppOpsManager.MODE_ALLOWED,  // OP_CHANGE_WIFI_STATE
1241             AppOpsManager.MODE_ALLOWED,  // REQUEST_DELETE_PACKAGES
1242             AppOpsManager.MODE_ALLOWED,  // OP_BIND_ACCESSIBILITY_SERVICE
1243             AppOpsManager.MODE_ALLOWED,  // ACCEPT_HANDOVER
1244             AppOpsManager.MODE_ERRORED,  // MANAGE_IPSEC_TUNNELS
1245             AppOpsManager.MODE_ALLOWED,  // OP_START_FOREGROUND
1246             AppOpsManager.MODE_ALLOWED,  // OP_BLUETOOTH_SCAN
1247     };
1248 
1249     /**
1250      * This specifies whether each option is allowed to be reset
1251      * when resetting all app preferences.  Disable reset for
1252      * app ops that are under strong control of some part of the
1253      * system (such as OP_WRITE_SMS, which should be allowed only
1254      * for whichever app is selected as the current SMS app).
1255      */
1256     private static boolean[] sOpDisableReset = new boolean[] {
1257             false,
1258             false,
1259             false,
1260             false,
1261             false,
1262             false,
1263             false,
1264             false,
1265             false,
1266             false,
1267             false,
1268             false,
1269             false,
1270             false,
1271             false,
1272             true,      // OP_WRITE_SMS
1273             false,
1274             false,
1275             false,
1276             false,
1277             false,
1278             false,
1279             false,
1280             false,
1281             false,
1282             false,
1283             false,
1284             false,
1285             false,
1286             false,
1287             false,
1288             false,
1289             false,
1290             false,
1291             false,
1292             false,
1293             false,
1294             false,
1295             false,
1296             false,
1297             false,
1298             false,
1299             false,
1300             false,
1301             false,
1302             false,
1303             false,
1304             false,
1305             false,
1306             false,
1307             false,
1308             false,
1309             false,
1310             false,
1311             false,
1312             false,
1313             false,
1314             false,
1315             false,
1316             false,
1317             false,
1318             false,
1319             false,
1320             false,
1321             false, // OP_AUDIO_ACCESSIBILITY_VOLUME
1322             false,
1323             false, // OP_REQUEST_INSTALL_PACKAGES
1324             false, // OP_PICTURE_IN_PICTURE
1325             false,
1326             false, // ANSWER_PHONE_CALLS
1327             false, // OP_RUN_ANY_IN_BACKGROUND
1328             false, // OP_CHANGE_WIFI_STATE
1329             false, // OP_REQUEST_DELETE_PACKAGES
1330             false, // OP_BIND_ACCESSIBILITY_SERVICE
1331             false, // ACCEPT_HANDOVER
1332             false, // MANAGE_IPSEC_TUNNELS
1333             false, // START_FOREGROUND
1334             false, // BLUETOOTH_SCAN
1335     };
1336 
1337     /**
1338      * Mapping from an app op name to the app op code.
1339      */
1340     private static HashMap<String, Integer> sOpStrToOp = new HashMap<>();
1341 
1342     /**
1343      * Mapping from a permission to the corresponding app op.
1344      */
1345     private static HashMap<String, Integer> sPermToOp = new HashMap<>();
1346 
1347     static {
1348         if (sOpToSwitch.length != _NUM_OP) {
1349             throw new IllegalStateException("sOpToSwitch length " + sOpToSwitch.length
1350                     + " should be " + _NUM_OP);
1351         }
1352         if (sOpToString.length != _NUM_OP) {
1353             throw new IllegalStateException("sOpToString length " + sOpToString.length
1354                     + " should be " + _NUM_OP);
1355         }
1356         if (sOpNames.length != _NUM_OP) {
1357             throw new IllegalStateException("sOpNames length " + sOpNames.length
1358                     + " should be " + _NUM_OP);
1359         }
1360         if (sOpPerms.length != _NUM_OP) {
1361             throw new IllegalStateException("sOpPerms length " + sOpPerms.length
1362                     + " should be " + _NUM_OP);
1363         }
1364         if (sOpDefaultMode.length != _NUM_OP) {
1365             throw new IllegalStateException("sOpDefaultMode length " + sOpDefaultMode.length
1366                     + " should be " + _NUM_OP);
1367         }
1368         if (sOpDisableReset.length != _NUM_OP) {
1369             throw new IllegalStateException("sOpDisableReset length " + sOpDisableReset.length
1370                     + " should be " + _NUM_OP);
1371         }
1372         if (sOpRestrictions.length != _NUM_OP) {
1373             throw new IllegalStateException("sOpRestrictions length " + sOpRestrictions.length
1374                     + " should be " + _NUM_OP);
1375         }
1376         if (sOpAllowSystemRestrictionBypass.length != _NUM_OP) {
1377             throw new IllegalStateException("sOpAllowSYstemRestrictionsBypass length "
1378                     + sOpRestrictions.length + " should be " + _NUM_OP);
1379         }
1380         for (int i=0; i<_NUM_OP; i++) {
1381             if (sOpToString[i] != null) {
sOpStrToOp.put(sOpToString[i], i)1382                 sOpStrToOp.put(sOpToString[i], i);
1383             }
1384         }
1385         for (int op : RUNTIME_AND_APPOP_PERMISSIONS_OPS) {
1386             if (sOpPerms[op] != null) {
sPermToOp.put(sOpPerms[op], op)1387                 sPermToOp.put(sOpPerms[op], op);
1388             }
1389         }
1390     }
1391 
1392     /**
1393      * Retrieve the op switch that controls the given operation.
1394      * @hide
1395      */
opToSwitch(int op)1396     public static int opToSwitch(int op) {
1397         return sOpToSwitch[op];
1398     }
1399 
1400     /**
1401      * Retrieve a non-localized name for the operation, for debugging output.
1402      * @hide
1403      */
opToName(int op)1404     public static String opToName(int op) {
1405         if (op == OP_NONE) return "NONE";
1406         return op < sOpNames.length ? sOpNames[op] : ("Unknown(" + op + ")");
1407     }
1408 
1409     /**
1410      * @hide
1411      */
strDebugOpToOp(String op)1412     public static int strDebugOpToOp(String op) {
1413         for (int i=0; i<sOpNames.length; i++) {
1414             if (sOpNames[i].equals(op)) {
1415                 return i;
1416             }
1417         }
1418         throw new IllegalArgumentException("Unknown operation string: " + op);
1419     }
1420 
1421     /**
1422      * Retrieve the permission associated with an operation, or null if there is not one.
1423      * @hide
1424      */
opToPermission(int op)1425     public static String opToPermission(int op) {
1426         return sOpPerms[op];
1427     }
1428 
1429     /**
1430      * Retrieve the user restriction associated with an operation, or null if there is not one.
1431      * @hide
1432      */
opToRestriction(int op)1433     public static String opToRestriction(int op) {
1434         return sOpRestrictions[op];
1435     }
1436 
1437     /**
1438      * Retrieve the app op code for a permission, or null if there is not one.
1439      * This API is intended to be used for mapping runtime or appop permissions
1440      * to the corresponding app op.
1441      * @hide
1442      */
permissionToOpCode(String permission)1443     public static int permissionToOpCode(String permission) {
1444         Integer boxedOpCode = sPermToOp.get(permission);
1445         return boxedOpCode != null ? boxedOpCode : OP_NONE;
1446     }
1447 
1448     /**
1449      * Retrieve whether the op allows the system (and system ui) to
1450      * bypass the user restriction.
1451      * @hide
1452      */
opAllowSystemBypassRestriction(int op)1453     public static boolean opAllowSystemBypassRestriction(int op) {
1454         return sOpAllowSystemRestrictionBypass[op];
1455     }
1456 
1457     /**
1458      * Retrieve the default mode for the operation.
1459      * @hide
1460      */
opToDefaultMode(int op)1461     public static int opToDefaultMode(int op) {
1462         return sOpDefaultMode[op];
1463     }
1464 
1465     /**
1466      * Retrieve the human readable mode.
1467      * @hide
1468      */
modeToName(int mode)1469     public static String modeToName(int mode) {
1470         if (mode >= 0 && mode < MODE_NAMES.length) {
1471             return MODE_NAMES[mode];
1472         }
1473         return "mode=" + mode;
1474     }
1475 
1476     /**
1477      * Retrieve whether the op allows itself to be reset.
1478      * @hide
1479      */
opAllowsReset(int op)1480     public static boolean opAllowsReset(int op) {
1481         return !sOpDisableReset[op];
1482     }
1483 
1484     /**
1485      * Class holding all of the operation information associated with an app.
1486      * @hide
1487      */
1488     public static class PackageOps implements Parcelable {
1489         private final String mPackageName;
1490         private final int mUid;
1491         private final List<OpEntry> mEntries;
1492 
PackageOps(String packageName, int uid, List<OpEntry> entries)1493         public PackageOps(String packageName, int uid, List<OpEntry> entries) {
1494             mPackageName = packageName;
1495             mUid = uid;
1496             mEntries = entries;
1497         }
1498 
getPackageName()1499         public String getPackageName() {
1500             return mPackageName;
1501         }
1502 
getUid()1503         public int getUid() {
1504             return mUid;
1505         }
1506 
getOps()1507         public List<OpEntry> getOps() {
1508             return mEntries;
1509         }
1510 
1511         @Override
describeContents()1512         public int describeContents() {
1513             return 0;
1514         }
1515 
1516         @Override
writeToParcel(Parcel dest, int flags)1517         public void writeToParcel(Parcel dest, int flags) {
1518             dest.writeString(mPackageName);
1519             dest.writeInt(mUid);
1520             dest.writeInt(mEntries.size());
1521             for (int i=0; i<mEntries.size(); i++) {
1522                 mEntries.get(i).writeToParcel(dest, flags);
1523             }
1524         }
1525 
PackageOps(Parcel source)1526         PackageOps(Parcel source) {
1527             mPackageName = source.readString();
1528             mUid = source.readInt();
1529             mEntries = new ArrayList<OpEntry>();
1530             final int N = source.readInt();
1531             for (int i=0; i<N; i++) {
1532                 mEntries.add(OpEntry.CREATOR.createFromParcel(source));
1533             }
1534         }
1535 
1536         public static final Creator<PackageOps> CREATOR = new Creator<PackageOps>() {
1537             @Override public PackageOps createFromParcel(Parcel source) {
1538                 return new PackageOps(source);
1539             }
1540 
1541             @Override public PackageOps[] newArray(int size) {
1542                 return new PackageOps[size];
1543             }
1544         };
1545     }
1546 
1547     /**
1548      * Class holding the information about one unique operation of an application.
1549      * @hide
1550      */
1551     public static class OpEntry implements Parcelable {
1552         private final int mOp;
1553         private final int mMode;
1554         private final long[] mTimes;
1555         private final long[] mRejectTimes;
1556         private final int mDuration;
1557         private final int mProxyUid;
1558         private final boolean mRunning;
1559         private final String mProxyPackageName;
1560 
OpEntry(int op, int mode, long time, long rejectTime, int duration, int proxyUid, String proxyPackage)1561         public OpEntry(int op, int mode, long time, long rejectTime, int duration,
1562                 int proxyUid, String proxyPackage) {
1563             mOp = op;
1564             mMode = mode;
1565             mTimes = new long[_NUM_UID_STATE];
1566             mRejectTimes = new long[_NUM_UID_STATE];
1567             mTimes[0] = time;
1568             mRejectTimes[0] = rejectTime;
1569             mDuration = duration;
1570             mRunning = duration == -1;
1571             mProxyUid = proxyUid;
1572             mProxyPackageName = proxyPackage;
1573         }
1574 
OpEntry(int op, int mode, long[] times, long[] rejectTimes, int duration, boolean running, int proxyUid, String proxyPackage)1575         public OpEntry(int op, int mode, long[] times, long[] rejectTimes, int duration,
1576                 boolean running, int proxyUid, String proxyPackage) {
1577             mOp = op;
1578             mMode = mode;
1579             mTimes = new long[_NUM_UID_STATE];
1580             mRejectTimes = new long[_NUM_UID_STATE];
1581             System.arraycopy(times, 0, mTimes, 0, _NUM_UID_STATE);
1582             System.arraycopy(rejectTimes, 0, mRejectTimes, 0, _NUM_UID_STATE);
1583             mDuration = duration;
1584             mRunning = running;
1585             mProxyUid = proxyUid;
1586             mProxyPackageName = proxyPackage;
1587         }
1588 
OpEntry(int op, int mode, long[] times, long[] rejectTimes, int duration, int proxyUid, String proxyPackage)1589         public OpEntry(int op, int mode, long[] times, long[] rejectTimes, int duration,
1590                 int proxyUid, String proxyPackage) {
1591             this(op, mode, times, rejectTimes, duration, duration == -1, proxyUid, proxyPackage);
1592         }
1593 
getOp()1594         public int getOp() {
1595             return mOp;
1596         }
1597 
getMode()1598         public int getMode() {
1599             return mMode;
1600         }
1601 
getTime()1602         public long getTime() {
1603             return maxTime(mTimes, 0, _NUM_UID_STATE);
1604         }
1605 
getLastAccessTime()1606         public long getLastAccessTime() {
1607             return maxTime(mTimes, 0, _NUM_UID_STATE);
1608         }
1609 
getLastAccessForegroundTime()1610         public long getLastAccessForegroundTime() {
1611             return maxTime(mTimes, UID_STATE_PERSISTENT, UID_STATE_LAST_NON_RESTRICTED + 1);
1612         }
1613 
getLastAccessBackgroundTime()1614         public long getLastAccessBackgroundTime() {
1615             return maxTime(mTimes, UID_STATE_LAST_NON_RESTRICTED + 1, _NUM_UID_STATE);
1616         }
1617 
getLastTimeFor(int uidState)1618         public long getLastTimeFor(int uidState) {
1619             return mTimes[uidState];
1620         }
1621 
getRejectTime()1622         public long getRejectTime() {
1623             return maxTime(mRejectTimes, 0, _NUM_UID_STATE);
1624         }
1625 
getLastRejectTime()1626         public long getLastRejectTime() {
1627             return maxTime(mRejectTimes, 0, _NUM_UID_STATE);
1628         }
1629 
getLastRejectForegroundTime()1630         public long getLastRejectForegroundTime() {
1631             return maxTime(mRejectTimes, UID_STATE_PERSISTENT, UID_STATE_LAST_NON_RESTRICTED + 1);
1632         }
1633 
getLastRejectBackgroundTime()1634         public long getLastRejectBackgroundTime() {
1635             return maxTime(mRejectTimes, UID_STATE_LAST_NON_RESTRICTED + 1, _NUM_UID_STATE);
1636         }
1637 
getLastRejectTimeFor(int uidState)1638         public long getLastRejectTimeFor(int uidState) {
1639             return mRejectTimes[uidState];
1640         }
1641 
isRunning()1642         public boolean isRunning() {
1643             return mRunning;
1644         }
1645 
getDuration()1646         public int getDuration() {
1647             return mDuration;
1648         }
1649 
getProxyUid()1650         public int getProxyUid() {
1651             return  mProxyUid;
1652         }
1653 
getProxyPackageName()1654         public String getProxyPackageName() {
1655             return mProxyPackageName;
1656         }
1657 
1658         @Override
describeContents()1659         public int describeContents() {
1660             return 0;
1661         }
1662 
1663         @Override
writeToParcel(Parcel dest, int flags)1664         public void writeToParcel(Parcel dest, int flags) {
1665             dest.writeInt(mOp);
1666             dest.writeInt(mMode);
1667             dest.writeLongArray(mTimes);
1668             dest.writeLongArray(mRejectTimes);
1669             dest.writeInt(mDuration);
1670             dest.writeBoolean(mRunning);
1671             dest.writeInt(mProxyUid);
1672             dest.writeString(mProxyPackageName);
1673         }
1674 
OpEntry(Parcel source)1675         OpEntry(Parcel source) {
1676             mOp = source.readInt();
1677             mMode = source.readInt();
1678             mTimes = source.createLongArray();
1679             mRejectTimes = source.createLongArray();
1680             mDuration = source.readInt();
1681             mRunning = source.readBoolean();
1682             mProxyUid = source.readInt();
1683             mProxyPackageName = source.readString();
1684         }
1685 
1686         public static final Creator<OpEntry> CREATOR = new Creator<OpEntry>() {
1687             @Override public OpEntry createFromParcel(Parcel source) {
1688                 return new OpEntry(source);
1689             }
1690 
1691             @Override public OpEntry[] newArray(int size) {
1692                 return new OpEntry[size];
1693             }
1694         };
1695     }
1696 
1697     /**
1698      * Callback for notification of changes to operation state.
1699      */
1700     public interface OnOpChangedListener {
onOpChanged(String op, String packageName)1701         public void onOpChanged(String op, String packageName);
1702     }
1703 
1704     /**
1705      * Callback for notification of changes to operation active state.
1706      *
1707      * @hide
1708      */
1709     @TestApi
1710     public interface OnOpActiveChangedListener {
1711         /**
1712          * Called when the active state of an app op changes.
1713          *
1714          * @param code The op code.
1715          * @param uid The UID performing the operation.
1716          * @param packageName The package performing the operation.
1717          * @param active Whether the operation became active or inactive.
1718          */
onOpActiveChanged(int code, int uid, String packageName, boolean active)1719         void onOpActiveChanged(int code, int uid, String packageName, boolean active);
1720     }
1721 
1722     /**
1723      * Callback for notification of changes to operation state.
1724      * This allows you to see the raw op codes instead of strings.
1725      * @hide
1726      */
1727     public static class OnOpChangedInternalListener implements OnOpChangedListener {
onOpChanged(String op, String packageName)1728         public void onOpChanged(String op, String packageName) { }
onOpChanged(int op, String packageName)1729         public void onOpChanged(int op, String packageName) { }
1730     }
1731 
AppOpsManager(Context context, IAppOpsService service)1732     AppOpsManager(Context context, IAppOpsService service) {
1733         mContext = context;
1734         mService = service;
1735     }
1736 
1737     /**
1738      * Retrieve current operation state for all applications.
1739      *
1740      * @param ops The set of operations you are interested in, or null if you want all of them.
1741      * @hide
1742      */
1743     @RequiresPermission(android.Manifest.permission.GET_APP_OPS_STATS)
getPackagesForOps(int[] ops)1744     public List<AppOpsManager.PackageOps> getPackagesForOps(int[] ops) {
1745         try {
1746             return mService.getPackagesForOps(ops);
1747         } catch (RemoteException e) {
1748             throw e.rethrowFromSystemServer();
1749         }
1750     }
1751 
1752     /**
1753      * Retrieve current operation state for one application.
1754      *
1755      * @param uid The uid of the application of interest.
1756      * @param packageName The name of the application of interest.
1757      * @param ops The set of operations you are interested in, or null if you want all of them.
1758      * @hide
1759      */
1760     @RequiresPermission(android.Manifest.permission.GET_APP_OPS_STATS)
getOpsForPackage(int uid, String packageName, int[] ops)1761     public List<AppOpsManager.PackageOps> getOpsForPackage(int uid, String packageName, int[] ops) {
1762         try {
1763             return mService.getOpsForPackage(uid, packageName, ops);
1764         } catch (RemoteException e) {
1765             throw e.rethrowFromSystemServer();
1766         }
1767     }
1768 
1769     /**
1770      * Sets given app op in the specified mode for app ops in the UID.
1771      * This applies to all apps currently in the UID or installed in
1772      * this UID in the future.
1773      *
1774      * @param code The app op.
1775      * @param uid The UID for which to set the app.
1776      * @param mode The app op mode to set.
1777      * @hide
1778      */
1779     @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
setUidMode(int code, int uid, int mode)1780     public void setUidMode(int code, int uid, int mode) {
1781         try {
1782             mService.setUidMode(code, uid, mode);
1783         } catch (RemoteException e) {
1784             throw e.rethrowFromSystemServer();
1785         }
1786     }
1787 
1788     /**
1789      * Sets given app op in the specified mode for app ops in the UID.
1790      * This applies to all apps currently in the UID or installed in
1791      * this UID in the future.
1792      *
1793      * @param appOp The app op.
1794      * @param uid The UID for which to set the app.
1795      * @param mode The app op mode to set.
1796      * @hide
1797      */
1798     @SystemApi
1799     @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
setUidMode(String appOp, int uid, int mode)1800     public void setUidMode(String appOp, int uid, int mode) {
1801         try {
1802             mService.setUidMode(AppOpsManager.strOpToOp(appOp), uid, mode);
1803         } catch (RemoteException e) {
1804             throw e.rethrowFromSystemServer();
1805         }
1806     }
1807 
1808     /** @hide */
setUserRestriction(int code, boolean restricted, IBinder token)1809     public void setUserRestriction(int code, boolean restricted, IBinder token) {
1810         setUserRestriction(code, restricted, token, /*exceptionPackages*/null);
1811     }
1812 
1813     /** @hide */
setUserRestriction(int code, boolean restricted, IBinder token, String[] exceptionPackages)1814     public void setUserRestriction(int code, boolean restricted, IBinder token,
1815             String[] exceptionPackages) {
1816         setUserRestrictionForUser(code, restricted, token, exceptionPackages, mContext.getUserId());
1817     }
1818 
1819     /** @hide */
setUserRestrictionForUser(int code, boolean restricted, IBinder token, String[] exceptionPackages, int userId)1820     public void setUserRestrictionForUser(int code, boolean restricted, IBinder token,
1821             String[] exceptionPackages, int userId) {
1822         try {
1823             mService.setUserRestriction(code, restricted, token, userId, exceptionPackages);
1824         } catch (RemoteException e) {
1825             throw e.rethrowFromSystemServer();
1826         }
1827     }
1828 
1829     /** @hide */
1830     @TestApi
1831     @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
setMode(int code, int uid, String packageName, int mode)1832     public void setMode(int code, int uid, String packageName, int mode) {
1833         try {
1834             mService.setMode(code, uid, packageName, mode);
1835         } catch (RemoteException e) {
1836             throw e.rethrowFromSystemServer();
1837         }
1838     }
1839 
1840     /**
1841      * Change the operating mode for the given op in the given app package.  You must pass
1842      * in both the uid and name of the application whose mode is being modified; if these
1843      * do not match, the modification will not be applied.
1844      *
1845      * @param op The operation to modify.  One of the OPSTR_* constants.
1846      * @param uid The user id of the application whose mode will be changed.
1847      * @param packageName The name of the application package name whose mode will
1848      * be changed.
1849      * @hide
1850      */
1851     @SystemApi
1852     @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
setMode(String op, int uid, String packageName, int mode)1853     public void setMode(String op, int uid, String packageName, int mode) {
1854         try {
1855             mService.setMode(strOpToOp(op), uid, packageName, mode);
1856         } catch (RemoteException e) {
1857             throw e.rethrowFromSystemServer();
1858         }
1859     }
1860 
1861     /**
1862      * Set a non-persisted restriction on an audio operation at a stream-level.
1863      * Restrictions are temporary additional constraints imposed on top of the persisted rules
1864      * defined by {@link #setMode}.
1865      *
1866      * @param code The operation to restrict.
1867      * @param usage The {@link android.media.AudioAttributes} usage value.
1868      * @param mode The restriction mode (MODE_IGNORED,MODE_ERRORED) or MODE_ALLOWED to unrestrict.
1869      * @param exceptionPackages Optional list of packages to exclude from the restriction.
1870      * @hide
1871      */
1872     @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
setRestriction(int code, @AttributeUsage int usage, int mode, String[] exceptionPackages)1873     public void setRestriction(int code, @AttributeUsage int usage, int mode,
1874             String[] exceptionPackages) {
1875         try {
1876             final int uid = Binder.getCallingUid();
1877             mService.setAudioRestriction(code, usage, uid, mode, exceptionPackages);
1878         } catch (RemoteException e) {
1879             throw e.rethrowFromSystemServer();
1880         }
1881     }
1882 
1883     /** @hide */
1884     @RequiresPermission(android.Manifest.permission.MANAGE_APP_OPS_MODES)
resetAllModes()1885     public void resetAllModes() {
1886         try {
1887             mService.resetAllModes(mContext.getUserId(), null);
1888         } catch (RemoteException e) {
1889             throw e.rethrowFromSystemServer();
1890         }
1891     }
1892 
1893     /**
1894      * Gets the app op name associated with a given permission.
1895      * The app op name is one of the public constants defined
1896      * in this class such as {@link #OPSTR_COARSE_LOCATION}.
1897      * This API is intended to be used for mapping runtime
1898      * permissions to the corresponding app op.
1899      *
1900      * @param permission The permission.
1901      * @return The app op associated with the permission or null.
1902      */
permissionToOp(String permission)1903     public static String permissionToOp(String permission) {
1904         final Integer opCode = sPermToOp.get(permission);
1905         if (opCode == null) {
1906             return null;
1907         }
1908         return sOpToString[opCode];
1909     }
1910 
1911     /**
1912      * Monitor for changes to the operating mode for the given op in the given app package.
1913      * You can watch op changes only for your UID.
1914      *
1915      * @param op The operation to monitor, one of OPSTR_*.
1916      * @param packageName The name of the application to monitor.
1917      * @param callback Where to report changes.
1918      */
startWatchingMode(String op, String packageName, final OnOpChangedListener callback)1919     public void startWatchingMode(String op, String packageName,
1920             final OnOpChangedListener callback) {
1921         startWatchingMode(strOpToOp(op), packageName, callback);
1922     }
1923 
1924     /**
1925      * Monitor for changes to the operating mode for the given op in the given app package.
1926      * You can watch op changes only for your UID.
1927      *
1928      * @param op The operation to monitor, one of OPSTR_*.
1929      * @param packageName The name of the application to monitor.
1930      * @param flags Option flags: any combination of {@link #WATCH_FOREGROUND_CHANGES} or 0.
1931      * @param callback Where to report changes.
1932      * @hide
1933      */
startWatchingMode(String op, String packageName, int flags, final OnOpChangedListener callback)1934     public void startWatchingMode(String op, String packageName, int flags,
1935             final OnOpChangedListener callback) {
1936         startWatchingMode(strOpToOp(op), packageName, flags, callback);
1937     }
1938 
1939     /**
1940      * Monitor for changes to the operating mode for the given op in the given app package.
1941      *
1942      * <p> If you don't hold the {@link android.Manifest.permission#WATCH_APPOPS} permission
1943      * you can watch changes only for your UID.
1944      *
1945      * @param op The operation to monitor, one of OP_*.
1946      * @param packageName The name of the application to monitor.
1947      * @param callback Where to report changes.
1948      * @hide
1949      */
1950     @RequiresPermission(value=android.Manifest.permission.WATCH_APPOPS, conditional=true)
startWatchingMode(int op, String packageName, final OnOpChangedListener callback)1951     public void startWatchingMode(int op, String packageName, final OnOpChangedListener callback) {
1952         startWatchingMode(op, packageName, 0, callback);
1953     }
1954 
1955     /**
1956      * Monitor for changes to the operating mode for the given op in the given app package.
1957      *
1958      * <p> If you don't hold the {@link android.Manifest.permission#WATCH_APPOPS} permission
1959      * you can watch changes only for your UID.
1960      *
1961      * @param op The operation to monitor, one of OP_*.
1962      * @param packageName The name of the application to monitor.
1963      * @param flags Option flags: any combination of {@link #WATCH_FOREGROUND_CHANGES} or 0.
1964      * @param callback Where to report changes.
1965      * @hide
1966      */
1967     @RequiresPermission(value=android.Manifest.permission.WATCH_APPOPS, conditional=true)
startWatchingMode(int op, String packageName, int flags, final OnOpChangedListener callback)1968     public void startWatchingMode(int op, String packageName, int flags,
1969             final OnOpChangedListener callback) {
1970         synchronized (mModeWatchers) {
1971             IAppOpsCallback cb = mModeWatchers.get(callback);
1972             if (cb == null) {
1973                 cb = new IAppOpsCallback.Stub() {
1974                     public void opChanged(int op, int uid, String packageName) {
1975                         if (callback instanceof OnOpChangedInternalListener) {
1976                             ((OnOpChangedInternalListener)callback).onOpChanged(op, packageName);
1977                         }
1978                         if (sOpToString[op] != null) {
1979                             callback.onOpChanged(sOpToString[op], packageName);
1980                         }
1981                     }
1982                 };
1983                 mModeWatchers.put(callback, cb);
1984             }
1985             try {
1986                 mService.startWatchingModeWithFlags(op, packageName, flags, cb);
1987             } catch (RemoteException e) {
1988                 throw e.rethrowFromSystemServer();
1989             }
1990         }
1991     }
1992 
1993     /**
1994      * Stop monitoring that was previously started with {@link #startWatchingMode}.  All
1995      * monitoring associated with this callback will be removed.
1996      */
stopWatchingMode(OnOpChangedListener callback)1997     public void stopWatchingMode(OnOpChangedListener callback) {
1998         synchronized (mModeWatchers) {
1999             IAppOpsCallback cb = mModeWatchers.get(callback);
2000             if (cb != null) {
2001                 try {
2002                     mService.stopWatchingMode(cb);
2003                 } catch (RemoteException e) {
2004                     throw e.rethrowFromSystemServer();
2005                 }
2006             }
2007         }
2008     }
2009 
2010     /**
2011      * Start watching for changes to the active state of app ops. An app op may be
2012      * long running and it has a clear start and stop delimiters. If an op is being
2013      * started or stopped by any package you will get a callback. To change the
2014      * watched ops for a registered callback you need to unregister and register it
2015      * again.
2016      *
2017      * <p> If you don't hold the {@link android.Manifest.permission#WATCH_APPOPS} permission
2018      * you can watch changes only for your UID.
2019      *
2020      * @param ops The ops to watch.
2021      * @param callback Where to report changes.
2022      *
2023      * @see #isOperationActive(int, int, String)
2024      * @see #stopWatchingActive(OnOpActiveChangedListener)
2025      * @see #startOp(int, int, String)
2026      * @see #finishOp(int, int, String)
2027      *
2028      * @hide
2029      */
2030     @TestApi
2031     // TODO: Uncomment below annotation once b/73559440 is fixed
2032     // @RequiresPermission(value=Manifest.permission.WATCH_APPOPS, conditional=true)
startWatchingActive(@onNull int[] ops, @NonNull OnOpActiveChangedListener callback)2033     public void startWatchingActive(@NonNull int[] ops,
2034             @NonNull OnOpActiveChangedListener callback) {
2035         Preconditions.checkNotNull(ops, "ops cannot be null");
2036         Preconditions.checkNotNull(callback, "callback cannot be null");
2037         IAppOpsActiveCallback cb;
2038         synchronized (mActiveWatchers) {
2039             cb = mActiveWatchers.get(callback);
2040             if (cb != null) {
2041                 return;
2042             }
2043             cb = new IAppOpsActiveCallback.Stub() {
2044                 @Override
2045                 public void opActiveChanged(int op, int uid, String packageName, boolean active) {
2046                     callback.onOpActiveChanged(op, uid, packageName, active);
2047                 }
2048             };
2049             mActiveWatchers.put(callback, cb);
2050         }
2051         try {
2052             mService.startWatchingActive(ops, cb);
2053         } catch (RemoteException e) {
2054             throw e.rethrowFromSystemServer();
2055         }
2056     }
2057 
2058     /**
2059      * Stop watching for changes to the active state of an app op. An app op may be
2060      * long running and it has a clear start and stop delimiters. Unregistering a
2061      * non-registered callback has no effect.
2062      *
2063      * @see #isOperationActive#(int, int, String)
2064      * @see #startWatchingActive(int[], OnOpActiveChangedListener)
2065      * @see #startOp(int, int, String)
2066      * @see #finishOp(int, int, String)
2067      *
2068      * @hide
2069      */
2070     @TestApi
stopWatchingActive(@onNull OnOpActiveChangedListener callback)2071     public void stopWatchingActive(@NonNull OnOpActiveChangedListener callback) {
2072         synchronized (mActiveWatchers) {
2073             final IAppOpsActiveCallback cb = mActiveWatchers.get(callback);
2074             if (cb != null) {
2075                 try {
2076                     mService.stopWatchingActive(cb);
2077                 } catch (RemoteException e) {
2078                     throw e.rethrowFromSystemServer();
2079                 }
2080             }
2081         }
2082     }
2083 
buildSecurityExceptionMsg(int op, int uid, String packageName)2084     private String buildSecurityExceptionMsg(int op, int uid, String packageName) {
2085         return packageName + " from uid " + uid + " not allowed to perform " + sOpNames[op];
2086     }
2087 
2088     /**
2089      * {@hide}
2090      */
strOpToOp(String op)2091     public static int strOpToOp(String op) {
2092         Integer val = sOpStrToOp.get(op);
2093         if (val == null) {
2094             throw new IllegalArgumentException("Unknown operation string: " + op);
2095         }
2096         return val;
2097     }
2098 
2099     /**
2100      * Do a quick check for whether an application might be able to perform an operation.
2101      * This is <em>not</em> a security check; you must use {@link #noteOp(String, int, String)}
2102      * or {@link #startOp(String, int, String)} for your actual security checks, which also
2103      * ensure that the given uid and package name are consistent.  This function can just be
2104      * used for a quick check to see if an operation has been disabled for the application,
2105      * as an early reject of some work.  This does not modify the time stamp or other data
2106      * about the operation.
2107      *
2108      * <p>Important things this will not do (which you need to ultimate use
2109      * {@link #noteOp(String, int, String)} or {@link #startOp(String, int, String)} to cover):</p>
2110      * <ul>
2111      *     <li>Verifying the uid and package are consistent, so callers can't spoof
2112      *     their identity.</li>
2113      *     <li>Taking into account the current foreground/background state of the
2114      *     app; apps whose mode varies by this state will always be reported
2115      *     as {@link #MODE_ALLOWED}.</li>
2116      * </ul>
2117      *
2118      * @param op The operation to check.  One of the OPSTR_* constants.
2119      * @param uid The user id of the application attempting to perform the operation.
2120      * @param packageName The name of the application attempting to perform the operation.
2121      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2122      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2123      * causing the app to crash).
2124      * @throws SecurityException If the app has been configured to crash on this op.
2125      */
checkOp(String op, int uid, String packageName)2126     public int checkOp(String op, int uid, String packageName) {
2127         return checkOp(strOpToOp(op), uid, packageName);
2128     }
2129 
2130     /**
2131      * Like {@link #checkOp} but instead of throwing a {@link SecurityException} it
2132      * returns {@link #MODE_ERRORED}.
2133      */
checkOpNoThrow(String op, int uid, String packageName)2134     public int checkOpNoThrow(String op, int uid, String packageName) {
2135         return checkOpNoThrow(strOpToOp(op), uid, packageName);
2136     }
2137 
2138     /**
2139      * Like {@link #checkOp} but returns the <em>raw</em> mode associated with the op.
2140      * Does not throw a security exception, does not translate {@link #MODE_FOREGROUND}.
2141      * @hide
2142      */
unsafeCheckOpRaw(String op, int uid, String packageName)2143     public int unsafeCheckOpRaw(String op, int uid, String packageName) {
2144         try {
2145             return mService.checkOperation(strOpToOp(op), uid, packageName);
2146         } catch (RemoteException e) {
2147             throw e.rethrowFromSystemServer();
2148         }
2149     }
2150 
2151     /**
2152      * Make note of an application performing an operation.  Note that you must pass
2153      * in both the uid and name of the application to be checked; this function will verify
2154      * that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
2155      * succeeds, the last execution time of the operation for this app will be updated to
2156      * the current time.
2157      * @param op The operation to note.  One of the OPSTR_* constants.
2158      * @param uid The user id of the application attempting to perform the operation.
2159      * @param packageName The name of the application attempting to perform the operation.
2160      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2161      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2162      * causing the app to crash).
2163      * @throws SecurityException If the app has been configured to crash on this op.
2164      */
noteOp(String op, int uid, String packageName)2165     public int noteOp(String op, int uid, String packageName) {
2166         return noteOp(strOpToOp(op), uid, packageName);
2167     }
2168 
2169     /**
2170      * Like {@link #noteOp} but instead of throwing a {@link SecurityException} it
2171      * returns {@link #MODE_ERRORED}.
2172      */
noteOpNoThrow(String op, int uid, String packageName)2173     public int noteOpNoThrow(String op, int uid, String packageName) {
2174         return noteOpNoThrow(strOpToOp(op), uid, packageName);
2175     }
2176 
2177     /**
2178      * Make note of an application performing an operation on behalf of another
2179      * application when handling an IPC. Note that you must pass the package name
2180      * of the application that is being proxied while its UID will be inferred from
2181      * the IPC state; this function will verify that the calling uid and proxied
2182      * package name match, and if not, return {@link #MODE_IGNORED}. If this call
2183      * succeeds, the last execution time of the operation for the proxied app and
2184      * your app will be updated to the current time.
2185      * @param op The operation to note.  One of the OPSTR_* constants.
2186      * @param proxiedPackageName The name of the application calling into the proxy application.
2187      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2188      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2189      * causing the app to crash).
2190      * @throws SecurityException If the app has been configured to crash on this op.
2191      */
noteProxyOp(String op, String proxiedPackageName)2192     public int noteProxyOp(String op, String proxiedPackageName) {
2193         return noteProxyOp(strOpToOp(op), proxiedPackageName);
2194     }
2195 
2196     /**
2197      * Like {@link #noteProxyOp(String, String)} but instead
2198      * of throwing a {@link SecurityException} it returns {@link #MODE_ERRORED}.
2199      */
noteProxyOpNoThrow(String op, String proxiedPackageName)2200     public int noteProxyOpNoThrow(String op, String proxiedPackageName) {
2201         return noteProxyOpNoThrow(strOpToOp(op), proxiedPackageName);
2202     }
2203 
2204     /**
2205      * Report that an application has started executing a long-running operation.  Note that you
2206      * must pass in both the uid and name of the application to be checked; this function will
2207      * verify that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
2208      * succeeds, the last execution time of the operation for this app will be updated to
2209      * the current time and the operation will be marked as "running".  In this case you must
2210      * later call {@link #finishOp(String, int, String)} to report when the application is no
2211      * longer performing the operation.
2212      * @param op The operation to start.  One of the OPSTR_* constants.
2213      * @param uid The user id of the application attempting to perform the operation.
2214      * @param packageName The name of the application attempting to perform the operation.
2215      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2216      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2217      * causing the app to crash).
2218      * @throws SecurityException If the app has been configured to crash on this op.
2219      */
startOp(String op, int uid, String packageName)2220     public int startOp(String op, int uid, String packageName) {
2221         return startOp(strOpToOp(op), uid, packageName);
2222     }
2223 
2224     /**
2225      * Like {@link #startOp} but instead of throwing a {@link SecurityException} it
2226      * returns {@link #MODE_ERRORED}.
2227      */
startOpNoThrow(String op, int uid, String packageName)2228     public int startOpNoThrow(String op, int uid, String packageName) {
2229         return startOpNoThrow(strOpToOp(op), uid, packageName);
2230     }
2231 
2232     /**
2233      * Report that an application is no longer performing an operation that had previously
2234      * been started with {@link #startOp(String, int, String)}.  There is no validation of input
2235      * or result; the parameters supplied here must be the exact same ones previously passed
2236      * in when starting the operation.
2237      */
finishOp(String op, int uid, String packageName)2238     public void finishOp(String op, int uid, String packageName) {
2239         finishOp(strOpToOp(op), uid, packageName);
2240     }
2241 
2242     /**
2243      * Do a quick check for whether an application might be able to perform an operation.
2244      * This is <em>not</em> a security check; you must use {@link #noteOp(int, int, String)}
2245      * or {@link #startOp(int, int, String)} for your actual security checks, which also
2246      * ensure that the given uid and package name are consistent.  This function can just be
2247      * used for a quick check to see if an operation has been disabled for the application,
2248      * as an early reject of some work.  This does not modify the time stamp or other data
2249      * about the operation.
2250      *
2251      * <p>Important things this will not do (which you need to ultimate use
2252      * {@link #noteOp(int, int, String)} or {@link #startOp(int, int, String)} to cover):</p>
2253      * <ul>
2254      *     <li>Verifying the uid and package are consistent, so callers can't spoof
2255      *     their identity.</li>
2256      *     <li>Taking into account the current foreground/background state of the
2257      *     app; apps whose mode varies by this state will always be reported
2258      *     as {@link #MODE_ALLOWED}.</li>
2259      * </ul>
2260      *
2261      * @param op The operation to check.  One of the OP_* constants.
2262      * @param uid The user id of the application attempting to perform the operation.
2263      * @param packageName The name of the application attempting to perform the operation.
2264      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2265      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2266      * causing the app to crash).
2267      * @throws SecurityException If the app has been configured to crash on this op.
2268      * @hide
2269      */
checkOp(int op, int uid, String packageName)2270     public int checkOp(int op, int uid, String packageName) {
2271         try {
2272             int mode = mService.checkOperation(op, uid, packageName);
2273             if (mode == MODE_ERRORED) {
2274                 throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
2275             }
2276             return mode;
2277         } catch (RemoteException e) {
2278             throw e.rethrowFromSystemServer();
2279         }
2280     }
2281 
2282     /**
2283      * Like {@link #checkOp} but instead of throwing a {@link SecurityException} it
2284      * returns {@link #MODE_ERRORED}.
2285      * @hide
2286      */
checkOpNoThrow(int op, int uid, String packageName)2287     public int checkOpNoThrow(int op, int uid, String packageName) {
2288         try {
2289             int mode = mService.checkOperation(op, uid, packageName);
2290             return mode == AppOpsManager.MODE_FOREGROUND ? AppOpsManager.MODE_ALLOWED : mode;
2291         } catch (RemoteException e) {
2292             throw e.rethrowFromSystemServer();
2293         }
2294     }
2295 
2296     /**
2297      * Do a quick check to validate if a package name belongs to a UID.
2298      *
2299      * @throws SecurityException if the package name doesn't belong to the given
2300      *             UID, or if ownership cannot be verified.
2301      */
checkPackage(int uid, String packageName)2302     public void checkPackage(int uid, String packageName) {
2303         try {
2304             if (mService.checkPackage(uid, packageName) != MODE_ALLOWED) {
2305                 throw new SecurityException(
2306                         "Package " + packageName + " does not belong to " + uid);
2307             }
2308         } catch (RemoteException e) {
2309             throw e.rethrowFromSystemServer();
2310         }
2311     }
2312 
2313     /**
2314      * Like {@link #checkOp} but at a stream-level for audio operations.
2315      * @hide
2316      */
checkAudioOp(int op, int stream, int uid, String packageName)2317     public int checkAudioOp(int op, int stream, int uid, String packageName) {
2318         try {
2319             final int mode = mService.checkAudioOperation(op, stream, uid, packageName);
2320             if (mode == MODE_ERRORED) {
2321                 throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
2322             }
2323             return mode;
2324         } catch (RemoteException e) {
2325             throw e.rethrowFromSystemServer();
2326         }
2327     }
2328 
2329     /**
2330      * Like {@link #checkAudioOp} but instead of throwing a {@link SecurityException} it
2331      * returns {@link #MODE_ERRORED}.
2332      * @hide
2333      */
checkAudioOpNoThrow(int op, int stream, int uid, String packageName)2334     public int checkAudioOpNoThrow(int op, int stream, int uid, String packageName) {
2335         try {
2336             return mService.checkAudioOperation(op, stream, uid, packageName);
2337         } catch (RemoteException e) {
2338             throw e.rethrowFromSystemServer();
2339         }
2340     }
2341 
2342     /**
2343      * Make note of an application performing an operation.  Note that you must pass
2344      * in both the uid and name of the application to be checked; this function will verify
2345      * that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
2346      * succeeds, the last execution time of the operation for this app will be updated to
2347      * the current time.
2348      * @param op The operation to note.  One of the OP_* constants.
2349      * @param uid The user id of the application attempting to perform the operation.
2350      * @param packageName The name of the application attempting to perform the operation.
2351      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2352      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2353      * causing the app to crash).
2354      * @throws SecurityException If the app has been configured to crash on this op.
2355      * @hide
2356      */
noteOp(int op, int uid, String packageName)2357     public int noteOp(int op, int uid, String packageName) {
2358         final int mode = noteOpNoThrow(op, uid, packageName);
2359         if (mode == MODE_ERRORED) {
2360             throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
2361         }
2362         return mode;
2363     }
2364 
2365     /**
2366      * Make note of an application performing an operation on behalf of another
2367      * application when handling an IPC. Note that you must pass the package name
2368      * of the application that is being proxied while its UID will be inferred from
2369      * the IPC state; this function will verify that the calling uid and proxied
2370      * package name match, and if not, return {@link #MODE_IGNORED}. If this call
2371      * succeeds, the last execution time of the operation for the proxied app and
2372      * your app will be updated to the current time.
2373      * @param op The operation to note. One of the OPSTR_* constants.
2374      * @param proxiedPackageName The name of the application calling into the proxy application.
2375      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2376      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2377      * causing the app to crash).
2378      * @throws SecurityException If the proxy or proxied app has been configured to
2379      * crash on this op.
2380      *
2381      * @hide
2382      */
noteProxyOp(int op, String proxiedPackageName)2383     public int noteProxyOp(int op, String proxiedPackageName) {
2384         int mode = noteProxyOpNoThrow(op, proxiedPackageName);
2385         if (mode == MODE_ERRORED) {
2386             throw new SecurityException("Proxy package " + mContext.getOpPackageName()
2387                     + " from uid " + Process.myUid() + " or calling package "
2388                     + proxiedPackageName + " from uid " + Binder.getCallingUid()
2389                     + " not allowed to perform " + sOpNames[op]);
2390         }
2391         return mode;
2392     }
2393 
2394     /**
2395      * Like {@link #noteProxyOp(int, String)} but instead
2396      * of throwing a {@link SecurityException} it returns {@link #MODE_ERRORED}.
2397      * @hide
2398      */
noteProxyOpNoThrow(int op, String proxiedPackageName)2399     public int noteProxyOpNoThrow(int op, String proxiedPackageName) {
2400         try {
2401             return mService.noteProxyOperation(op, mContext.getOpPackageName(),
2402                     Binder.getCallingUid(), proxiedPackageName);
2403         } catch (RemoteException e) {
2404             throw e.rethrowFromSystemServer();
2405         }
2406     }
2407 
2408     /**
2409      * Like {@link #noteOp} but instead of throwing a {@link SecurityException} it
2410      * returns {@link #MODE_ERRORED}.
2411      * @hide
2412      */
noteOpNoThrow(int op, int uid, String packageName)2413     public int noteOpNoThrow(int op, int uid, String packageName) {
2414         try {
2415             return mService.noteOperation(op, uid, packageName);
2416         } catch (RemoteException e) {
2417             throw e.rethrowFromSystemServer();
2418         }
2419     }
2420 
2421     /** @hide */
noteOp(int op)2422     public int noteOp(int op) {
2423         return noteOp(op, Process.myUid(), mContext.getOpPackageName());
2424     }
2425 
2426     /** @hide */
getToken(IAppOpsService service)2427     public static IBinder getToken(IAppOpsService service) {
2428         synchronized (AppOpsManager.class) {
2429             if (sToken != null) {
2430                 return sToken;
2431             }
2432             try {
2433                 sToken = service.getToken(new Binder());
2434             } catch (RemoteException e) {
2435                 throw e.rethrowFromSystemServer();
2436             }
2437             return sToken;
2438         }
2439     }
2440 
2441     /** @hide */
startOp(int op)2442     public int startOp(int op) {
2443         return startOp(op, Process.myUid(), mContext.getOpPackageName());
2444     }
2445 
2446     /**
2447      * Report that an application has started executing a long-running operation.  Note that you
2448      * must pass in both the uid and name of the application to be checked; this function will
2449      * verify that these two match, and if not, return {@link #MODE_IGNORED}.  If this call
2450      * succeeds, the last execution time of the operation for this app will be updated to
2451      * the current time and the operation will be marked as "running".  In this case you must
2452      * later call {@link #finishOp(int, int, String)} to report when the application is no
2453      * longer performing the operation.
2454      *
2455      * @param op The operation to start.  One of the OP_* constants.
2456      * @param uid The user id of the application attempting to perform the operation.
2457      * @param packageName The name of the application attempting to perform the operation.
2458      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2459      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2460      * causing the app to crash).
2461      * @throws SecurityException If the app has been configured to crash on this op.
2462      * @hide
2463      */
startOp(int op, int uid, String packageName)2464     public int startOp(int op, int uid, String packageName) {
2465         return startOp(op, uid, packageName, false);
2466     }
2467 
2468     /**
2469      * Report that an application has started executing a long-running operation. Similar
2470      * to {@link #startOp(String, int, String) except that if the mode is {@link #MODE_DEFAULT}
2471      * the operation should succeed since the caller has performed its standard permission
2472      * checks which passed and would perform the protected operation for this mode.
2473      *
2474      * @param op The operation to start.  One of the OP_* constants.
2475      * @param uid The user id of the application attempting to perform the operation.
2476      * @param packageName The name of the application attempting to perform the operation.
2477      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2478      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2479      * causing the app to crash).
2480      * @param startIfModeDefault Whether to start if mode is {@link #MODE_DEFAULT}.
2481      *
2482      * @throws SecurityException If the app has been configured to crash on this op or
2483      * the package is not in the passed in UID.
2484      *
2485      * @hide
2486      */
startOp(int op, int uid, String packageName, boolean startIfModeDefault)2487     public int startOp(int op, int uid, String packageName, boolean startIfModeDefault) {
2488         final int mode = startOpNoThrow(op, uid, packageName, startIfModeDefault);
2489         if (mode == MODE_ERRORED) {
2490             throw new SecurityException(buildSecurityExceptionMsg(op, uid, packageName));
2491         }
2492         return mode;
2493     }
2494 
2495     /**
2496      * Like {@link #startOp} but instead of throwing a {@link SecurityException} it
2497      * returns {@link #MODE_ERRORED}.
2498      * @hide
2499      */
startOpNoThrow(int op, int uid, String packageName)2500     public int startOpNoThrow(int op, int uid, String packageName) {
2501         return startOpNoThrow(op, uid, packageName, false);
2502     }
2503 
2504     /**
2505      * Like {@link #startOp(int, int, String, boolean)} but instead of throwing a
2506      * {@link SecurityException} it returns {@link #MODE_ERRORED}.
2507      *
2508      * @param op The operation to start.  One of the OP_* constants.
2509      * @param uid The user id of the application attempting to perform the operation.
2510      * @param packageName The name of the application attempting to perform the operation.
2511      * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or
2512      * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without
2513      * causing the app to crash).
2514      * @param startIfModeDefault Whether to start if mode is {@link #MODE_DEFAULT}.
2515      *
2516      * @hide
2517      */
startOpNoThrow(int op, int uid, String packageName, boolean startIfModeDefault)2518     public int startOpNoThrow(int op, int uid, String packageName, boolean startIfModeDefault) {
2519         try {
2520             return mService.startOperation(getToken(mService), op, uid, packageName,
2521                     startIfModeDefault);
2522         } catch (RemoteException e) {
2523             throw e.rethrowFromSystemServer();
2524         }
2525     }
2526 
2527     /**
2528      * Report that an application is no longer performing an operation that had previously
2529      * been started with {@link #startOp(int, int, String)}.  There is no validation of input
2530      * or result; the parameters supplied here must be the exact same ones previously passed
2531      * in when starting the operation.
2532      * @hide
2533      */
finishOp(int op, int uid, String packageName)2534     public void finishOp(int op, int uid, String packageName) {
2535         try {
2536             mService.finishOperation(getToken(mService), op, uid, packageName);
2537         } catch (RemoteException e) {
2538             throw e.rethrowFromSystemServer();
2539         }
2540     }
2541 
2542     /** @hide */
finishOp(int op)2543     public void finishOp(int op) {
2544         finishOp(op, Process.myUid(), mContext.getOpPackageName());
2545     }
2546 
2547     /**
2548      * Checks whether the given op for a UID and package is active.
2549      *
2550      * <p> If you don't hold the {@link android.Manifest.permission#WATCH_APPOPS} permission
2551      * you can query only for your UID.
2552      *
2553      * @see #startWatchingActive(int[], OnOpActiveChangedListener)
2554      * @see #stopWatchingMode(OnOpChangedListener)
2555      * @see #finishOp(int)
2556      * @see #startOp(int)
2557      *
2558      * @hide */
2559     @TestApi
2560     // TODO: Uncomment below annotation once b/73559440 is fixed
2561     // @RequiresPermission(value=Manifest.permission.WATCH_APPOPS, conditional=true)
isOperationActive(int code, int uid, String packageName)2562     public boolean isOperationActive(int code, int uid, String packageName) {
2563         try {
2564             return mService.isOperationActive(code, uid, packageName);
2565         } catch (RemoteException e) {
2566             throw e.rethrowFromSystemServer();
2567         }
2568     }
2569 
2570     /**
2571      * Returns all supported operation names.
2572      * @hide
2573      */
2574     @SystemApi
2575     @TestApi
getOpStrs()2576     public static String[] getOpStrs() {
2577         return Arrays.copyOf(sOpToString, sOpToString.length);
2578     }
2579 
2580     /**
2581      * @hide
2582      */
maxTime(long[] times, int start, int end)2583     public static long maxTime(long[] times, int start, int end) {
2584         long time = 0;
2585         for (int i = start; i < end; i++) {
2586             if (times[i] > time) {
2587                 time = times[i];
2588             }
2589         }
2590         return time;
2591     }
2592 }
2593