Do not check AppOp if not required
Only check the AppOp if a sensor explicitly requires an AppOp.
Otherwise, only check if the client has permission to access the
sensor.
Bug: 131910349
Test: Verified a_sns_test can access sensors.
Test: Verified app targeting Q must have AR permission to access Step
Detector and Step Counter.
Test: Verified app targeting P with AR permission defined in manifest
cannot receive Step Counter or Step Detector events if user
revokes AR permission.
Test: Verified app targeting P without any permissions defined in the
manifest can access Step Counter and Step Detector.
Test: Verified app targeting J cannot receive Step Counter or Step
Detector events if user revokes AR permission.
Change-Id: I3c2dd20889b99bce047025607cc6e921330de52e
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index 639ce78..fa1e232 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp
@@ -1686,26 +1686,29 @@
const int32_t opCode = sensor.getRequiredAppOp();
const int32_t appOpMode = sAppOpsManager.checkOp(opCode,
IPCThreadState::self()->getCallingUid(), opPackageName);
+ bool appOpAllowed = appOpMode == AppOpsManager::MODE_ALLOWED;
- // Ensure that the AppOp is allowed
- //
- // This check is also required to ensure that the user hasn't revoked the necessary permissions
- // to access the Step Detector and Step Counter when the application targets pre-Q. Without this
- // check, if the user revokes the pre-Q install-time GMS Core AR permission, the app would
- // still be able to receive Step Counter and Step Detector events.
bool canAccess = false;
- if (opCode >= 0 && appOpMode == AppOpsManager::MODE_ALLOWED) {
- if (hasPermissionForSensor(sensor)) {
+ if (hasPermissionForSensor(sensor)) {
+ // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor
+ if (opCode < 0 || appOpAllowed) {
canAccess = true;
- } else if (sensor.getType() == SENSOR_TYPE_STEP_COUNTER ||
- sensor.getType() == SENSOR_TYPE_STEP_DETECTOR) {
- int targetSdkVersion = getTargetSdkVersion(opPackageName);
- // Allow access to the sensor if the application targets pre-Q, which is before the
- // requirement to hold the AR permission to access Step Counter and Step Detector events
- // was introduced.
- if (targetSdkVersion > 0 && targetSdkVersion <= __ANDROID_API_P__) {
- canAccess = true;
- }
+ }
+ } else if (sensor.getType() == SENSOR_TYPE_STEP_COUNTER ||
+ sensor.getType() == SENSOR_TYPE_STEP_DETECTOR) {
+ int targetSdkVersion = getTargetSdkVersion(opPackageName);
+ // Allow access to the sensor if the application targets pre-Q, which is before the
+ // requirement to hold the AR permission to access Step Counter and Step Detector events
+ // was introduced, and the user hasn't revoked the app op.
+ //
+ // Verifying the app op is required to ensure that the user hasn't revoked the necessary
+ // permissions to access the Step Detector and Step Counter when the application targets
+ // pre-Q. Without this check, if the user revokes the pre-Q install-time GMS Core AR
+ // permission, the app would still be able to receive Step Counter and Step Detector events.
+ if (appOpAllowed &&
+ targetSdkVersion > 0 &&
+ targetSdkVersion <= __ANDROID_API_P__) {
+ canAccess = true;
}
}