diff options
| author | Diogo Ferreira <defer@cyngn.com> | 2014-12-17 11:56:22 +0000 |
|---|---|---|
| committer | Roman Birg <roman@cyngn.com> | 2015-11-03 12:21:35 -0800 |
| commit | 5dbce4fec2fc4dcdbf2a2800d03b8b4eade5d41a (patch) | |
| tree | 13a553630a7f687c6e5488eb50dbf77d89c5e629 | |
| parent | db521697716ce627bb9dd574de86e60b756ca2fa (diff) | |
| download | packages_apps_Settings-5dbce4fec2fc4dcdbf2a2800d03b8b4eade5d41a.zip packages_apps_Settings-5dbce4fec2fc4dcdbf2a2800d03b8b4eade5d41a.tar.gz packages_apps_Settings-5dbce4fec2fc4dcdbf2a2800d03b8b4eade5d41a.tar.bz2 | |
su: Add Root access app-ops control
Adds an app-ops option for root access.
Platform-signed apps weren't previously being listed but there are some
that use root access (FileManager comes to mind).
So we list all of them, but for platform-signed apps we only show the
root toggle and none of the permission-based ones.
Change-Id: Ie716974156d55eb66061e78dc39505569e5bdc2a
| -rw-r--r-- | res/values/cm_arrays.xml | 19 | ||||
| -rw-r--r-- | res/values/cm_strings.xml | 16 | ||||
| -rw-r--r-- | src/com/android/settings/applications/AppOpsDetails.java | 43 | ||||
| -rw-r--r-- | src/com/android/settings/applications/AppOpsState.java | 12 | ||||
| -rw-r--r-- | src/com/android/settings/privacyguard/PrivacyGuardManager.java | 16 |
5 files changed, 89 insertions, 17 deletions
diff --git a/res/values/cm_arrays.xml b/res/values/cm_arrays.xml index 1ee23a1..d639102 100644 --- a/res/values/cm_arrays.xml +++ b/res/values/cm_arrays.xml @@ -235,6 +235,25 @@ <item>@string/hardware_keys_action_last_app</item> </string-array> + <!-- Names of categories of app ops tabs --> + <string-array name="app_ops_categories_cm" translatable="false"> + <item>@string/app_ops_categories_location</item> + <item>@string/app_ops_categories_personal</item> + <item>@string/app_ops_categories_messaging</item> + <item>@string/app_ops_categories_media</item> + <item>@string/app_ops_categories_device</item> + <item>@string/app_ops_categories_bootup</item> + <item>@string/app_ops_categories_su</item> + </string-array> + + <!-- App ops permissions --> + <string-array name="app_ops_permissions"> + <item>@string/app_ops_permissions_allowed</item> + <item>@string/app_ops_permissions_ignored</item> + <item>@string/app_ops_permissions_always_ask</item> + </string-array> + + <string-array name="hardware_keys_action_values" translatable="false"> <item>0</item> <item>1</item> diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml index 281f8e9..988b3d6 100644 --- a/res/values/cm_strings.xml +++ b/res/values/cm_strings.xml @@ -320,6 +320,22 @@ <string name="adb_notify">Debugging notify</string> <string name="adb_notify_summary">Display a notification when USB or network debugging is enabled</string> + <!-- App ops categories --> + <string name="app_ops_categories_location">Location</string> + <string name="app_ops_categories_personal">Personal</string> + <string name="app_ops_categories_messaging">Messaging</string> + <string name="app_ops_categories_media">Media</string> + <string name="app_ops_categories_device">Device</string> + <string name="app_ops_categories_bootup">Bootup</string> + <string name="app_ops_categories_su">Superuser</string> + + <!-- App ops permissions --> + <string name="app_ops_permissions_allowed">Allowed</string> + <string name="app_ops_permissions_ignored">Ignored</string> + <string name="app_ops_permissions_always_ask">Always ask</string> + + <string name="ok">OK</string> + <!-- Hostname setting --> <string name="device_hostname">Device hostname</string> diff --git a/src/com/android/settings/applications/AppOpsDetails.java b/src/com/android/settings/applications/AppOpsDetails.java index f53e57d..d48af27 100644 --- a/src/com/android/settings/applications/AppOpsDetails.java +++ b/src/com/android/settings/applications/AppOpsDetails.java @@ -60,6 +60,41 @@ public class AppOpsDetails extends InstrumentedFragment { private View mRootView; private LinearLayout mOperationsSection; + private final int MODE_ALLOWED = 0; + private final int MODE_IGNORED = 1; + private final int MODE_ASK = 2; + + private int modeToPosition (int mode) { + switch(mode) { + case AppOpsManager.MODE_ALLOWED: + return MODE_ALLOWED; + case AppOpsManager.MODE_IGNORED: + return MODE_IGNORED; + case AppOpsManager.MODE_ASK: + return MODE_ASK; + }; + + return MODE_IGNORED; + } + + private int positionToMode (int position) { + switch(position) { + case MODE_ALLOWED: + return AppOpsManager.MODE_ALLOWED; + case MODE_IGNORED: + return AppOpsManager.MODE_IGNORED; + case MODE_ASK: + return AppOpsManager.MODE_ASK; + }; + + return AppOpsManager.MODE_IGNORED; + } + + private boolean isPlatformSigned() { + final int match = mPm.checkSignatures("android", mPackageInfo.packageName); + return match >= PackageManager.SIGNATURE_MATCH; + } + // Utility method to set application label and icon. private void setAppLabelAndIcon(PackageInfo pkgInfo) { final View appSnippet = mRootView.findViewById(R.id.app_snippet); @@ -102,7 +137,15 @@ public class AppOpsDetails extends InstrumentedFragment { mOperationsSection.removeAllViews(); String lastPermGroup = ""; + boolean isPlatformSigned = isPlatformSigned(); for (AppOpsState.OpsTemplate tpl : AppOpsState.ALL_TEMPLATES) { + /* If we are platform signed, only show the root switch, this + * one is safe to toggle while other permission-based ones could + * certainly cause system-wide problems + */ + if (isPlatformSigned && tpl != AppOpsState.SU_TEMPLATE) { + continue; + } List<AppOpsState.AppOpEntry> entries = mState.buildState(tpl, mPackageInfo.applicationInfo.uid, mPackageInfo.packageName); for (final AppOpsState.AppOpEntry entry : entries) { diff --git a/src/com/android/settings/applications/AppOpsState.java b/src/com/android/settings/applications/AppOpsState.java index 9176815..5ac08c7 100644 --- a/src/com/android/settings/applications/AppOpsState.java +++ b/src/com/android/settings/applications/AppOpsState.java @@ -207,9 +207,19 @@ public class AppOpsState { false } ); + public static final OpsTemplate BOOTUP_TEMPLATE = new OpsTemplate( + new int[] { AppOpsManager.OP_BOOT_COMPLETED }, + new boolean[] { true, } + ); + + public static final OpsTemplate SU_TEMPLATE = new OpsTemplate( + new int[] { AppOpsManager.OP_SU }, + new boolean[] { false } + ); + public static final OpsTemplate[] ALL_TEMPLATES = new OpsTemplate[] { LOCATION_TEMPLATE, PERSONAL_TEMPLATE, MESSAGING_TEMPLATE, - MEDIA_TEMPLATE, DEVICE_TEMPLATE + MEDIA_TEMPLATE, DEVICE_TEMPLATE, BOOTUP_TEMPLATE, SU_TEMPLATE }; /** diff --git a/src/com/android/settings/privacyguard/PrivacyGuardManager.java b/src/com/android/settings/privacyguard/PrivacyGuardManager.java index 9fb8c9d..74eeee0 100644 --- a/src/com/android/settings/privacyguard/PrivacyGuardManager.java +++ b/src/com/android/settings/privacyguard/PrivacyGuardManager.java @@ -30,7 +30,6 @@ import android.content.Intent; import android.content.pm.ApplicationInfo; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; -import android.content.pm.Signature; import android.content.SharedPreferences; import android.net.Uri; import android.os.Bundle; @@ -277,25 +276,10 @@ public class PrivacyGuardManager extends Fragment List<PackageInfo> packages = mPm.getInstalledPackages( PackageManager.GET_PERMISSIONS | PackageManager.GET_SIGNATURES); boolean showSystemApps = shouldShowSystemApps(); - Signature platformCert; - - try { - PackageInfo sysInfo = mPm.getPackageInfo("android", PackageManager.GET_SIGNATURES); - platformCert = sysInfo.signatures[0]; - } catch (PackageManager.NameNotFoundException e) { - platformCert = null; - } for (PackageInfo info : packages) { final ApplicationInfo appInfo = info.applicationInfo; - // hide apps signed with the platform certificate to avoid the user - // shooting himself in the foot - if (platformCert != null && info.signatures != null - && platformCert.equals(info.signatures[0])) { - continue; - } - // skip all system apps if they shall not be included if (!showSystemApps && (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { continue; |