diff options
Diffstat (limited to 'core/java/android/app/AppOpsManager.java')
| -rw-r--r-- | core/java/android/app/AppOpsManager.java | 189 |
1 files changed, 56 insertions, 133 deletions
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java index ef4f099f441d..e2039c6b5c96 100644 --- a/core/java/android/app/AppOpsManager.java +++ b/core/java/android/app/AppOpsManager.java @@ -7337,21 +7337,48 @@ public class AppOpsManager { } /** - * Make note of an application performing an operation. Note that you must pass - * in both the uid and name of the application to be checked; this function will verify - * that these two match, and if not, return {@link #MODE_IGNORED}. If this call - * succeeds, the last execution time of the operation for this app will be updated to - * the current time. + * Make note of an application performing an operation and check if the application is allowed + * to perform it. * * <p>If this is a check that is not preceding the protected operation, use * {@link #unsafeCheckOp} instead. * + * <p>The identity of the package the app-op is noted for is specified by the + * {@code uid} and {@code packageName} parameters. If this is noted for a regular app both + * should be set and the package needs to be part of the uid. In the very rare case that an + * app-op is noted for an entity that does not have a package name, the package can be + * {@code null}. As it is possible that a single process contains more than one package the + * {@code packageName} should be {@link Context#getPackageName() read} from the context of the + * caller of the API (in the app process) that eventually triggers this check. If this op is + * not noted for a running process the {@code packageName} cannot be read from the context, but + * it should be clear which package the note is for. + * + * <p>If the {@code uid} and {@code packageName} do not match this return + * {@link #MODE_IGNORED}. + * + * <p>Beside the access check this method also records the access. While the access check is + * based on {@code uid} and/or {@code packageName} the access recording is done based on the + * {@code packageName} and {@code attributionTag}. The {@code attributionTag} should be + * {@link Context#getAttributionTag() read} from the same context the package name is read from. + * In the case the check is not related to an API call, the {@code attributionTag} should be + * {@code null}. Please note that e.g. registering a callback for later is still an API call and + * the code should store the attribution tag along the package name for being used in this + * method later. + * + * <p>The {@code message} parameter only needs to be set when this method is <ul>not</ul> + * called in a two-way binder call from the client. In this case the message is a free form text + * that is meant help the app developer determine what part of the app's code triggered the + * note. This message is passed back to the app in the + * {@link OnOpNotedCallback#onAsyncNoted(AsyncNotedAppOp)} callback. A good example of a useful + * message is including the {@link System#identityHashCode(Object)} of the listener that will + * receive data or the name of the manifest-receiver. + * * @param op The operation to note. One of the OPSTR_* constants. - * @param uid The user id of the application attempting to perform the operation. + * @param uid The uid of the application attempting to perform the operation. * @param packageName The name of the application attempting to perform the operation. - * @param attributionTag The {@link Context#createAttributionContext attribution tag} or {@code - * null} for default attribution - * @param message A message describing the reason the op was noted + * @param attributionTag The {@link Context#createAttributionContext attribution tag} of the + * calling context or {@code null} for default attribution + * @param message A message describing why the op was noted * * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without @@ -7359,33 +7386,16 @@ public class AppOpsManager { * * @throws SecurityException If the app has been configured to crash on this op. */ + // For platform callers of this method, please read the package name parameter from + // Context#getOpPackageName. + // When noting a callback, the message can be computed using the #toReceiverId method. public int noteOp(@NonNull String op, int uid, @Nullable String packageName, @Nullable String attributionTag, @Nullable String message) { return noteOp(strOpToOp(op), uid, packageName, attributionTag, message); } /** - * Make note of an application performing an operation. Note that you must pass - * in both the uid and name of the application to be checked; this function will verify - * that these two match, and if not, return {@link #MODE_IGNORED}. If this call - * succeeds, the last execution time of the operation for this app will be updated to - * the current time. - * - * <p>If this is a check that is not preceding the protected operation, use - * {@link #unsafeCheckOp} instead. - * - * @param op The operation to note. One of the OP_* constants. - * @param uid The user id of the application attempting to perform the operation. - * @param packageName The name of the application attempting to perform the operation. - * @param attributionTag The {@link Context#createAttributionContext attribution tag} or {@code - * null} for default attribution - * @param message A message describing the reason the op was noted - * - * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or - * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without - * causing the app to crash). - * - * @throws SecurityException If the app has been configured to crash on this op. + * @see #noteOp(String, int, String, String, String * * @hide */ @@ -7423,16 +7433,7 @@ public class AppOpsManager { * Like {@link #noteOp(String, int, String, String, String)} but instead of throwing a * {@link SecurityException} it returns {@link #MODE_ERRORED}. * - * @param op The operation to note. One of the OPSTR_* constants. - * @param uid The user id of the application attempting to perform the operation. - * @param packageName The name of the application attempting to perform the operation. - * @param attributionTag The {@link Context#createAttributionContext attribution tag} or {@code - * null} for default attribution - * @param message A message describing the reason the op was noted - * - * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or - * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without - * causing the app to crash). + * @see #noteOp(String, int, String, String, String) */ public int noteOpNoThrow(@NonNull String op, int uid, @NonNull String packageName, @Nullable String attributionTag, @Nullable String message) { @@ -7440,19 +7441,7 @@ public class AppOpsManager { } /** - * Like {@link #noteOp(String, int, String, String, String)} but instead of throwing a - * {@link SecurityException} it returns {@link #MODE_ERRORED}. - * - * @param op The operation to note. One of the OP_* constants. - * @param uid The user id of the application attempting to perform the operation. - * @param packageName The name of the application attempting to perform the operation. - * @param attributionTag The {@link Context#createAttributionContext attribution tag} or {@code - * null} for default attribution - * @param message A message describing the reason the op was noted - * - * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or - * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without - * causing the app to crash). + * @see #noteOpNoThrow(String, int, String, String, String) * * @hide */ @@ -7509,23 +7498,7 @@ public class AppOpsManager { } /** - * Make note of an application performing an operation on behalf of another application when - * handling an IPC. This function will verify that the calling uid and proxied package name - * match, and if not, return {@link #MODE_IGNORED}. If this call succeeds, the last execution - * time of the operation for the proxied app and your app will be updated to the current time. - * - * @param op The operation to note. One of the OP_* constants. - * @param proxiedPackageName The name of the application calling into the proxy application. - * @param proxiedUid The uid of the proxied application - * @param proxiedAttributionTag The proxied {@link Context#createAttributionContext - * attribution tag} or {@code null} for default attribution - * @param message A message describing the reason the op was noted - * - * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or {@link #MODE_IGNORED} - * if it is not allowed and should be silently ignored (without causing the app to crash). - * - * @throws SecurityException If the proxy or proxied app has been configured to crash on this - * op. + * @see #noteProxyOp(String, String, int, String, String) * * @hide */ @@ -7587,15 +7560,7 @@ public class AppOpsManager { * Like {@link #noteProxyOp(String, String, int, String, String)} but instead * of throwing a {@link SecurityException} it returns {@link #MODE_ERRORED}. * - * <p>This API requires package with the {@code proxiedPackageName} to belong to - * {@code proxiedUid}. - * - * @param op The op to note - * @param proxiedPackageName The package to note the op for - * @param proxiedUid The uid the package belongs to - * @param proxiedAttributionTag The proxied {@link Context#createAttributionContext - * attribution tag} or {@code null} for default attribution - * @param message A message describing the reason the op was noted + * @see #noteOpNoThrow(String, int, String, String, String) */ public int noteProxyOpNoThrow(@NonNull String op, @Nullable String proxiedPackageName, int proxiedUid, @Nullable String proxiedAttributionTag, @Nullable String message) { @@ -7604,16 +7569,7 @@ public class AppOpsManager { } /** - * Like {@link #noteProxyOp(int, String, int, String, String)} but instead - * of throwing a {@link SecurityException} it returns {@link #MODE_ERRORED}. - * - * @param op The op to note - * @param proxiedPackageName The package to note the op for or {@code null} if the op should be - * noted for the "android" package - * @param proxiedUid The uid the package belongs to - * @param proxiedAttributionTag The proxied {@link Context#createAttributionContext - * attribution tag} or {@code null} for default attribution - * @param message A message describing the reason the op was noted + * @see #noteProxyOpNoThrow(String, String, int, String, String) * * @hide */ @@ -7701,6 +7657,9 @@ public class AppOpsManager { /** * Like {@link #checkOp} but instead of throwing a {@link SecurityException} it * returns {@link #MODE_ERRORED}. + * + * @see #checkOp(int, int, String) + * * @hide */ @UnsupportedAppUsage @@ -7832,6 +7791,10 @@ public class AppOpsManager { /** * Report that an application has started executing a long-running operation. * + * <p>For more details how to determine the {@code callingPackageName}, + * {@code callingAttributionTag}, and {@code message}, please check the description in + * {@link #noteOp(String, int, String, String, String)} + * * @param op The operation to start. One of the OPSTR_* constants. * @param uid The user id of the application attempting to perform the operation. * @param packageName The name of the application attempting to perform the operation. @@ -7852,22 +7815,7 @@ public class AppOpsManager { } /** - * Report that an application has started executing a long-running operation. - * - * @param op The operation to start. One of the OP_* constants. - * @param uid The user id of the application attempting to perform the operation. - * @param packageName The name of the application attempting to perform the operation. - * @param attributionTag The {@link Context#createAttributionContext attribution tag} or - * {@code null} for default attribution - * @param startIfModeDefault Whether to start if mode is {@link #MODE_DEFAULT}. - * @param message Description why op was started - * - * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or - * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without - * causing the app to crash). - * - * @throws SecurityException If the app has been configured to crash on this op or - * the package is not in the passed in UID. + * @see #startOp(String, int, String, String, String) * * @hide */ @@ -7913,16 +7861,7 @@ public class AppOpsManager { * Like {@link #startOp(String, int, String, String, String)} but instead of throwing a * {@link SecurityException} it returns {@link #MODE_ERRORED}. * - * @param op The operation to start. One of the OP_* constants. - * @param uid The user id of the application attempting to perform the operation. - * @param packageName The name of the application attempting to perform the operation. - * @param attributionTag The {@link Context#createAttributionContext attribution tag} or - * {@code null} for default attribution - * @param message Description why op was started - * - * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or - * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without - * causing the app to crash). + * @see #startOp(String, int, String, String, String) */ public int startOpNoThrow(@NonNull String op, int uid, @NonNull String packageName, @NonNull String attributionTag, @Nullable String message) { @@ -7930,20 +7869,7 @@ public class AppOpsManager { } /** - * Like {@link #startOp(int, int, String, boolean, String, String)} but instead of throwing a - * {@link SecurityException} it returns {@link #MODE_ERRORED}. - * - * @param op The operation to start. One of the OP_* constants. - * @param uid The user id of the application attempting to perform the operation. - * @param packageName The name of the application attempting to perform the operation. - * @param attributionTag The {@link Context#createAttributionContext attribution tag} or - * {@code null} for default attribution - * @param startIfModeDefault Whether to start if mode is {@link #MODE_DEFAULT}. - * @param message Description why op was started - * - * @return Returns {@link #MODE_ALLOWED} if the operation is allowed, or - * {@link #MODE_IGNORED} if it is not allowed and should be silently ignored (without - * causing the app to crash). + * @see #startOpNoThrow(String, int, String, String, String) * * @hide */ @@ -8017,10 +7943,7 @@ public class AppOpsManager { } /** - * Report that an application is no longer performing an operation that had previously - * been started with {@link #startOp(int, int, String, boolean, String, String)}. There is no - * validation of input or result; the parameters supplied here must be the exact same ones - * previously passed in when starting the operation. + * @see #finishOp(String, int, String, String) * * @hide */ |