AppOps: Add support for AppOps policy file

Add support to read AppOps policy file.
AppOps policy file can be used to configure Ops default policy.

Change-Id: Idb4e3501ff9f58e491b06e74152342aa9574afbf

1 files changed, 48 insertions, 7 deletions

diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
index dc533ad..7008bfc 100644
--- a/services/core/java/com/android/server/AppOpsService.java
+++ b/services/core/java/com/android/server/AppOpsService.java
@@ -87,11 +87,15 @@ public class AppOpsService extends IAppOpsService.Stub {
     // Write at most every 30 minutes.
     static final long WRITE_DELAY = DEBUG ? 1000 : 30*60*1000;
 
+    // Location of policy file.
+    static final String DEFAULT_POLICY_FILE = "/system/etc/appops_policy.xml";
+
     Context mContext;
     final AtomicFile mFile;
     final Handler mHandler;
     final Looper mLooper;
     final boolean mStrictEnable;
+    AppOpsPolicy mPolicy;
 
     boolean mWriteScheduled;
     boolean mFastWriteScheduled;
@@ -254,6 +258,7 @@ public class AppOpsService extends IAppOpsService.Stub {
 
     public void publish(Context context) {
         mContext = context;
+        readPolicy();
         ServiceManager.addService(Context.APP_OPS_SERVICE, asBinder());
     }
 
@@ -621,7 +626,7 @@ public class AppOpsService extends IAppOpsService.Stub {
                         }
                         repCbs.addAll(cbs);
                     }
-                    if (mode == this.getDefaultMode(code, uid, packageName)) {
+                    if (mode == getDefaultMode(code, uid, packageName)) {
                         // If going into the default mode, prune this op
                         // if there is nothing else interesting in it.
                         pruneOp(op, uid, packageName);
@@ -1468,11 +1473,19 @@ public class AppOpsService extends IAppOpsService.Stub {
                         || code >= AppOpsManager._NUM_OP) {
                     continue;
                 }
-                int defaultMode = getDefaultMode(code, uid, pkgName);
-                Op op = new Op(uid, pkgName, code, defaultMode);
+                Op op = new Op(uid, pkgName, code, AppOpsManager.MODE_ERRORED);
                 String mode = parser.getAttributeValue(null, "m");
                 if (mode != null) {
                     op.mode = Integer.parseInt(mode);
+                } else {
+                    String sDefualtMode = parser.getAttributeValue(null, "dm");
+                    int defaultMode;
+                    if (sDefualtMode != null) {
+                        defaultMode = Integer.parseInt(sDefualtMode);
+                    } else {
+                        defaultMode = getDefaultMode(code, uid, pkgName);
+                    }
+                    op.mode = defaultMode;
                 }
                 String time = parser.getAttributeValue(null, "t");
                 if (time != null) {
@@ -1582,9 +1595,12 @@ public class AppOpsService extends IAppOpsService.Stub {
                             out.startTag(null, "op");
                             out.attribute(null, "n", Integer.toString(op.getOp()));
                             out.attribute(null, "ns", AppOpsManager.opToName(op.getOp()));
-                            if (op.getMode() != this.getDefaultMode(op.getOp(),
-                                    pkg.getUid(), pkg.getPackageName())) {
+                            int defaultMode = getDefaultMode(op.getOp(),
+                                    pkg.getUid(), pkg.getPackageName());
+                            if (op.getMode() != defaultMode) {
                                 out.attribute(null, "m", Integer.toString(op.getMode()));
+                            } else {
+                                out.attribute(null, "dm", Integer.toString(defaultMode));
                             }
                             long time = op.getTime();
                             if (time != 0) {
@@ -1894,8 +1910,15 @@ public class AppOpsService extends IAppOpsService.Stub {
     }
 
     private int getDefaultMode(int code, int uid, String packageName) {
-        return AppOpsManager.opToDefaultMode(code,
+        int mode = AppOpsManager.opToDefaultMode(code,
                 isStrict(code, uid, packageName));
+        if (AppOpsManager.isStrictOp(code) && mPolicy != null) {
+            int policyMode = mPolicy.getDefualtMode(code, packageName);
+            if (policyMode != AppOpsManager.MODE_ERRORED) {
+                mode = policyMode;
+            }
+        }
+        return mode;
     }
 
     private boolean isStrict(int code, int uid, String packageName) {
@@ -2013,7 +2036,7 @@ public class AppOpsService extends IAppOpsService.Stub {
     private static String[] getPackagesForUid(int uid) {
         String[] packageNames = null;
         try {
-            packageNames= AppGlobals.getPackageManager().getPackagesForUid(uid);
+            packageNames = AppGlobals.getPackageManager().getPackagesForUid(uid);
         } catch (RemoteException e) {
             /* ignore - local call */
         }
@@ -2022,4 +2045,22 @@ public class AppOpsService extends IAppOpsService.Stub {
         }
         return packageNames;
     }
+
+    private void readPolicy() {
+        if (mStrictEnable) {
+            mPolicy = new AppOpsPolicy(new File(DEFAULT_POLICY_FILE), mContext);
+            mPolicy.readPolicy();
+            mPolicy.debugPoilcy();
+        } else {
+            mPolicy = null;
+        }
+    }
+
+    public boolean isControlAllowed(int code, String packageName) {
+        boolean isShow = true;
+        if (mPolicy != null) {
+            isShow = mPolicy.isControlAllowed(code, packageName);
+        }
+        return isShow;
+    }
 }