Add OP_READ_PHONE_STATE app op - framework

The READ_PHONE_STATE permission protects PII information and is in the Phone group. This change is adding the corrseponding app op for gating access to the API guarded by READ_POHNE state which will be used instead as an access control for legacy apps. Change-Id: I2ff895a5a0e529f26ec0ad706266a30d829268ba
author: Svet Ganov <svetoslavganov@google.com> 2015-04-16 10:32:04 -0700
committer: Svetoslav Ganov <svetoslavganov@google.com> 2015-04-17 20:43:56 +0000
commit: 16a16899505ec0a9ede5b76650bfb8817b3227c7 (patch)
tree: ab1ff64e6befd59d55de65dbe7a89614feadcd2f /core/java/android
parent: d01242946eb7423612998b5bdbc71a6a1b3e8581 (diff)
download: frameworks_base-16a16899505ec0a9ede5b76650bfb8817b3227c7.zip
frameworks_base-16a16899505ec0a9ede5b76650bfb8817b3227c7.tar.gz
frameworks_base-16a16899505ec0a9ede5b76650bfb8817b3227c7.tar.bz2
8 files changed, 66 insertions, 13 deletions
diff --git a/core/java/android/app/ActivityManagerNative.java b/core/java/android/app/ActivityManagerNative.java
index 256d87d..add7af2 100644
--- a/core/java/android/app/ActivityManagerNative.java
+++ b/core/java/android/app/ActivityManagerNative.java
@@ -93,15 +93,20 @@ public abstract class ActivityManagerNative extends Binder implements IActivityM
     }
     static boolean sSystemReady = false;
 
+    static public void broadcastStickyIntent(Intent intent, String permission, int userId) {
+        broadcastStickyIntent(intent, permission, AppOpsManager.OP_NONE, userId);
+    }
+
     /**
      * Convenience for sending a sticky broadcast.  For internal use only.
      * If you don't care about permission, use null.
      */
-    static public void broadcastStickyIntent(Intent intent, String permission, int userId) {
+    static public void broadcastStickyIntent(Intent intent, String permission, int appOp,
+            int userId) {
         try {
             getDefault().broadcastIntent(
                 null, intent, null, null, Activity.RESULT_OK, null, null,
-                null /*permission*/, AppOpsManager.OP_NONE, false, true, userId);
+                null /*permission*/, appOp, false, true, userId);
         } catch (RemoteException ex) {
         }
     }
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index 381c20c..06ece8e 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -16,6 +16,7 @@
 
 package android.app;
 
+import android.Manifest;
 import android.annotation.SystemApi;
 import android.app.usage.UsageStatsManager;
 import android.content.Context;
@@ -212,8 +213,10 @@ public class AppOpsManager {
     public static final int OP_ASSIST_STRUCTURE = 49;
     /** @hide Received a screenshot from assist. */
     public static final int OP_ASSIST_SCREENSHOT = 50;
+    /** @hide Read the phone state. */
+    public static final int OP_READ_PHONE_STATE = 51;
     /** @hide */
-    public static final int _NUM_OP = 51;
+    public static final int _NUM_OP = 52;
 
     /** Access to coarse location information. */
     public static final String OPSTR_COARSE_LOCATION =
@@ -294,6 +297,7 @@ public class AppOpsManager {
             OP_WRITE_WALLPAPER,
             OP_ASSIST_STRUCTURE,
             OP_ASSIST_SCREENSHOT,
+            OP_READ_PHONE_STATE
     };
 
     /**
@@ -352,6 +356,7 @@ public class AppOpsManager {
             null,
             null,
             null,
+            null
     };
 
     /**
@@ -409,7 +414,8 @@ public class AppOpsManager {
             "ACTIVATE_VPN",
             "WRITE_WALLPAPER",
             "ASSIST_STRUCTURE",
-            "ASSIST_SCREENSHOT"
+            "ASSIST_SCREENSHOT",
+            "OP_READ_PHONE_STATE"
     };
 
     /**
@@ -468,6 +474,7 @@ public class AppOpsManager {
             null, // no permission for supporting wallpaper
             null, // no permission for receiving assist structure
             null, // no permission for receiving assist screenshot
+            Manifest.permission.READ_PHONE_STATE
     };
 
     /**
@@ -527,6 +534,7 @@ public class AppOpsManager {
             UserManager.DISALLOW_WALLPAPER, // WRITE_WALLPAPER
             null, // ASSIST_STRUCTURE
             null, // ASSIST_SCREENSHOT
+            null  // READ_PHONE_STATE
     };
 
     /**
@@ -585,6 +593,7 @@ public class AppOpsManager {
             false, //WALLPAPER
             false, //ASSIST_STRUCTURE
             false, //ASSIST_SCREENSHOT
+            false, //READ_PHONE_STATE
     };
 
     /**
@@ -642,6 +651,7 @@ public class AppOpsManager {
             AppOpsManager.MODE_ALLOWED,
             AppOpsManager.MODE_ALLOWED,
             AppOpsManager.MODE_ALLOWED,
+            AppOpsManager.MODE_ALLOWED
     };
 
     /**
@@ -703,6 +713,7 @@ public class AppOpsManager {
             false,
             false,
             false,
+            false
     };
 
     private static HashMap<String, Integer> sOpStrToOp = new HashMap<String, Integer>();
diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java
index 4ccd69f..81a78f6 100644
--- a/core/java/android/app/ContextImpl.java
+++ b/core/java/android/app/ContextImpl.java
@@ -860,13 +860,19 @@ class ContextImpl extends Context {
     @Override
     public void sendBroadcastAsUser(Intent intent, UserHandle user,
             String receiverPermission) {
+        sendBroadcastAsUser(intent, user, receiverPermission, AppOpsManager.OP_NONE);
+    }
+
+    @Override
+    public void sendBroadcastAsUser(Intent intent, UserHandle user,
+            String receiverPermission, int appOp) {
         String resolvedType = intent.resolveTypeIfNeeded(getContentResolver());
         try {
             intent.prepareToLeaveProcess();
             ActivityManagerNative.getDefault().broadcastIntent(
-                mMainThread.getApplicationThread(), intent, resolvedType, null,
-                Activity.RESULT_OK, null, null, receiverPermission, AppOpsManager.OP_NONE, false, false,
-                user.getIdentifier());
+                    mMainThread.getApplicationThread(), intent, resolvedType, null,
+                    Activity.RESULT_OK, null, null, receiverPermission, appOp, false, false,
+                    user.getIdentifier());
         } catch (RemoteException e) {
         }
     }
diff --git a/core/java/android/app/SystemServiceRegistry.java b/core/java/android/app/SystemServiceRegistry.java
index e446700..46da025 100644
--- a/core/java/android/app/SystemServiceRegistry.java
+++ b/core/java/android/app/SystemServiceRegistry.java
@@ -332,10 +332,10 @@ final class SystemServiceRegistry {
             }});
 
         registerService(Context.NETWORK_POLICY_SERVICE, NetworkPolicyManager.class,
-                new StaticServiceFetcher<NetworkPolicyManager>() {
+                new CachedServiceFetcher<NetworkPolicyManager>() {
             @Override
-            public NetworkPolicyManager createService() {
-                return new NetworkPolicyManager(INetworkPolicyManager.Stub.asInterface(
+            public NetworkPolicyManager createService(ContextImpl ctx) {
+                return new NetworkPolicyManager(ctx, INetworkPolicyManager.Stub.asInterface(
                         ServiceManager.getService(Context.NETWORK_POLICY_SERVICE)));
             }});
 
diff --git a/core/java/android/content/Context.java b/core/java/android/content/Context.java
index 370f61c..3bf3f85 100644
--- a/core/java/android/content/Context.java
+++ b/core/java/android/content/Context.java
@@ -1608,6 +1608,28 @@ public abstract class Context {
     public abstract void sendBroadcastAsUser(Intent intent, UserHandle user,
             @Nullable String receiverPermission);
 
+
+    /**
+     * Version of {@link #sendBroadcast(Intent, String)} that allows you to specify the
+     * user the broadcast will be sent to.  This is not available to applications
+     * that are not pre-installed on the system image.  Using it requires holding
+     * the INTERACT_ACROSS_USERS permission.
+     *
+     * @param intent The Intent to broadcast; all receivers matching this
+     *               Intent will receive the broadcast.
+     * @param user UserHandle to send the intent to.
+     * @param receiverPermission (optional) String naming a permission that
+     *               a receiver must hold in order to receive your broadcast.
+     *               If null, no permission is required.
+     * @param appOp The app op associated with the broadcast.
+     *
+     * @see #sendBroadcast(Intent, String)
+     *
+     * @hide
+     */
+    public abstract void sendBroadcastAsUser(Intent intent, UserHandle user,
+            @Nullable String receiverPermission, int appOp);
+
     /**
      * Version of
      * {@link #sendOrderedBroadcast(Intent, String, BroadcastReceiver, Handler, int, String, Bundle)}
diff --git a/core/java/android/content/ContextWrapper.java b/core/java/android/content/ContextWrapper.java
index 92f0079..fb9e194 100644
--- a/core/java/android/content/ContextWrapper.java
+++ b/core/java/android/content/ContextWrapper.java
@@ -444,6 +444,13 @@ public class ContextWrapper extends Context {
         mBase.sendBroadcastAsUser(intent, user, receiverPermission);
     }
 
+    /** @hide */
+    @Override
+    public void sendBroadcastAsUser(Intent intent, UserHandle user,
+            String receiverPermission, int appOp) {
+        mBase.sendBroadcastAsUser(intent, user, receiverPermission, appOp);
+    }
+
     @Override
     public void sendOrderedBroadcastAsUser(Intent intent, UserHandle user,
             String receiverPermission, BroadcastReceiver resultReceiver, Handler scheduler,
diff --git a/core/java/android/net/INetworkPolicyManager.aidl b/core/java/android/net/INetworkPolicyManager.aidl
index 7e92de2..db7c35c 100644
--- a/core/java/android/net/INetworkPolicyManager.aidl
+++ b/core/java/android/net/INetworkPolicyManager.aidl
@@ -45,7 +45,7 @@ interface INetworkPolicyManager {
 
     /** Control network policies atomically. */
     void setNetworkPolicies(in NetworkPolicy[] policies);
-    NetworkPolicy[] getNetworkPolicies();
+    NetworkPolicy[] getNetworkPolicies(String callingPackage);
 
     /** Snooze limit on policy matching given template. */
     void snoozeLimit(in NetworkTemplate template);
diff --git a/core/java/android/net/NetworkPolicyManager.java b/core/java/android/net/NetworkPolicyManager.java
index a7ffee9..25ad928 100644
--- a/core/java/android/net/NetworkPolicyManager.java
+++ b/core/java/android/net/NetworkPolicyManager.java
@@ -61,12 +61,14 @@ public class NetworkPolicyManager {
      */
     public static final String EXTRA_NETWORK_TEMPLATE = "android.net.NETWORK_TEMPLATE";
 
+    private final Context mContext;
     private INetworkPolicyManager mService;
 
-    public NetworkPolicyManager(INetworkPolicyManager service) {
+    public NetworkPolicyManager(Context context, INetworkPolicyManager service) {
         if (service == null) {
             throw new IllegalArgumentException("missing INetworkPolicyManager");
         }
+        mContext = context;
         mService = service;
     }
 
@@ -158,7 +160,7 @@ public class NetworkPolicyManager {
 
     public NetworkPolicy[] getNetworkPolicies() {
         try {
-            return mService.getNetworkPolicies();
+            return mService.getNetworkPolicies(mContext.getOpPackageName());
         } catch (RemoteException e) {
             return null;
         }
author	Svet Ganov <svetoslavganov@google.com>	2015-04-16 10:32:04 -0700
committer	Svetoslav Ganov <svetoslavganov@google.com>	2015-04-17 20:43:56 +0000
commit	16a16899505ec0a9ede5b76650bfb8817b3227c7 (patch)
tree	ab1ff64e6befd59d55de65dbe7a89614feadcd2f /core/java/android
parent	d01242946eb7423612998b5bdbc71a6a1b3e8581 (diff)
download	frameworks_base-16a16899505ec0a9ede5b76650bfb8817b3227c7.zip frameworks_base-16a16899505ec0a9ede5b76650bfb8817b3227c7.tar.gz frameworks_base-16a16899505ec0a9ede5b76650bfb8817b3227c7.tar.bz2