Add body sensors app op - framework native
Change-Id: I727a2bb1e28ae9158f2df9c74dd0aee977dfd47f
diff --git a/include/android/sensor.h b/include/android/sensor.h
index d58c460..969677f 100644
--- a/include/android/sensor.h
+++ b/include/android/sensor.h
@@ -193,17 +193,6 @@
/*****************************************************************************/
/*
- * Get a reference to the sensor manager. ASensorManager is a singleton.
- *
- * Example:
- *
- * ASensorManager* sensorManager = ASensorManager_getInstance();
- *
- */
-ASensorManager* ASensorManager_getInstance();
-
-
-/*
* Returns the list of available sensors.
*/
int ASensorManager_getSensorList(ASensorManager* manager, ASensorList* list);
diff --git a/include/binder/AppOpsManager.h b/include/binder/AppOpsManager.h
index ea33952..042927c 100644
--- a/include/binder/AppOpsManager.h
+++ b/include/binder/AppOpsManager.h
@@ -87,7 +87,11 @@
OP_ASSIST_STRUCTURE = 49,
OP_ASSIST_SCREENSHOT = 50,
OP_READ_PHONE_STATE = 51,
- OP_ADD_VOICEMAIL = 52
+ OP_ADD_VOICEMAIL = 52,
+ OP_USE_SIP = 53,
+ OP_PROCESS_OUTGOING_CALLS = 54,
+ OP_USE_FINGERPRINT = 55,
+ OP_BODY_SENSORS = 56
};
AppOpsManager();
@@ -99,6 +103,7 @@
void startWatchingMode(int32_t op, const String16& packageName,
const sp<IAppOpsCallback>& callback);
void stopWatchingMode(const sp<IAppOpsCallback>& callback);
+ int32_t permissionToOpCode(const String16& permission);
private:
Mutex mLock;
diff --git a/include/binder/IAppOpsService.h b/include/binder/IAppOpsService.h
index 193e9cc..cd81efa 100644
--- a/include/binder/IAppOpsService.h
+++ b/include/binder/IAppOpsService.h
@@ -40,6 +40,7 @@
const sp<IAppOpsCallback>& callback) = 0;
virtual void stopWatchingMode(const sp<IAppOpsCallback>& callback) = 0;
virtual sp<IBinder> getToken(const sp<IBinder>& clientToken) = 0;
+ virtual int32_t permissionToOpCode(const String16& permission) = 0;
enum {
CHECK_OPERATION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION,
@@ -49,6 +50,7 @@
START_WATCHING_MODE_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+4,
STOP_WATCHING_MODE_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+5,
GET_TOKEN_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+6,
+ PERMISSION_TO_OP_CODE_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+7,
};
enum {
diff --git a/include/binder/IPermissionController.h b/include/binder/IPermissionController.h
index f3f0a92..4e5fb34 100644
--- a/include/binder/IPermissionController.h
+++ b/include/binder/IPermissionController.h
@@ -34,9 +34,12 @@
virtual void getPackagesForUid(const uid_t uid, Vector<String16> &packages) = 0;
+ virtual bool isRuntimePermission(const String16& permission) = 0;
+
enum {
CHECK_PERMISSION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION,
- GET_PACKAGES_FOR_UID_TRANSACTION = CHECK_PERMISSION_TRANSACTION + 1
+ GET_PACKAGES_FOR_UID_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 1,
+ IS_RUNTIME_PERMISSION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 2
};
};
diff --git a/include/gui/ISensorServer.h b/include/gui/ISensorServer.h
index ee3484c..4feb6db 100644
--- a/include/gui/ISensorServer.h
+++ b/include/gui/ISensorServer.h
@@ -37,9 +37,9 @@
public:
DECLARE_META_INTERFACE(SensorServer);
- virtual Vector<Sensor> getSensorList() = 0;
+ virtual Vector<Sensor> getSensorList(const String16& opPackageName) = 0;
virtual sp<ISensorEventConnection> createSensorEventConnection(const String8& packageName,
- int mode) = 0;
+ int mode, const String16& opPackageName) = 0;
virtual status_t enableDataInjection(int enable) = 0;
};
diff --git a/include/gui/Sensor.h b/include/gui/Sensor.h
index 27a215e..8142be6 100644
--- a/include/gui/Sensor.h
+++ b/include/gui/Sensor.h
@@ -71,6 +71,8 @@
uint32_t getFifoMaxEventCount() const;
const String8& getStringType() const;
const String8& getRequiredPermission() const;
+ bool isRequiredPermissionRuntime() const;
+ int32_t getRequiredAppOp() const;
int32_t getMaxDelay() const;
uint32_t getFlags() const;
bool isWakeUpSensor() const;
@@ -97,6 +99,8 @@
uint32_t mFifoMaxEventCount;
String8 mStringType;
String8 mRequiredPermission;
+ bool mRequiredPermissionRuntime = false;
+ int32_t mRequiredAppOp;
int32_t mMaxDelay;
uint32_t mFlags;
static void flattenString8(void*& buffer, size_t& size, const String8& string8);
diff --git a/include/gui/SensorEventQueue.h b/include/gui/SensorEventQueue.h
index b70957b..e5b9fc5 100644
--- a/include/gui/SensorEventQueue.h
+++ b/include/gui/SensorEventQueue.h
@@ -23,6 +23,7 @@
#include <utils/Errors.h>
#include <utils/RefBase.h>
#include <utils/Timers.h>
+#include <utils/String16.h>
#include <gui/BitTube.h>
@@ -52,7 +53,7 @@
enum { MAX_RECEIVE_BUFFER_EVENT_COUNT = 256 };
- SensorEventQueue(const sp<ISensorEventConnection>& connection);
+ SensorEventQueue(const sp<ISensorEventConnection>& connection);
virtual ~SensorEventQueue();
virtual void onFirstRef();
diff --git a/include/gui/SensorManager.h b/include/gui/SensorManager.h
index 4cabf59..d0c63d4 100644
--- a/include/gui/SensorManager.h
+++ b/include/gui/SensorManager.h
@@ -44,11 +44,10 @@
// ----------------------------------------------------------------------------
class SensorManager :
- public ASensorManager,
- public Singleton<SensorManager>
+ public ASensorManager
{
public:
- SensorManager();
+ SensorManager(const String16& opPackageName);
~SensorManager();
ssize_t getSensorList(Sensor const* const** list) const;
@@ -68,6 +67,7 @@
mutable Sensor const** mSensorList;
mutable Vector<Sensor> mSensors;
mutable sp<IBinder::DeathRecipient> mDeathObserver;
+ const String16 mOpPackageName;
};
// ----------------------------------------------------------------------------
diff --git a/libs/binder/AppOpsManager.cpp b/libs/binder/AppOpsManager.cpp
index c562c30..e4d8201 100644
--- a/libs/binder/AppOpsManager.cpp
+++ b/libs/binder/AppOpsManager.cpp
@@ -104,4 +104,13 @@
}
}
+int32_t AppOpsManager::permissionToOpCode(const String16& permission) {
+ sp<IAppOpsService> service = getService();
+ if (service != NULL) {
+ return service->permissionToOpCode(permission);
+ }
+ return -1;
+}
+
+
}; // namespace android
diff --git a/libs/binder/IAppOpsService.cpp b/libs/binder/IAppOpsService.cpp
index 86abdc0..9558376 100644
--- a/libs/binder/IAppOpsService.cpp
+++ b/libs/binder/IAppOpsService.cpp
@@ -111,6 +111,17 @@
if (reply.readExceptionCode() != 0) return NULL;
return reply.readStrongBinder();
}
+
+
+ virtual int32_t permissionToOpCode(const String16& permission) {
+ Parcel data, reply;
+ data.writeInterfaceToken(IAppOpsService::getInterfaceDescriptor());
+ data.writeString16(permission);
+ remote()->transact(PERMISSION_TO_OP_CODE_TRANSACTION, data, &reply);
+ // fail on exception
+ if (reply.readExceptionCode() != 0) return -1;
+ return reply.readInt32();
+ }
};
IMPLEMENT_META_INTERFACE(AppOpsService, "com.android.internal.app.IAppOpsService");
@@ -187,6 +198,14 @@
reply->writeStrongBinder(token);
return NO_ERROR;
} break;
+ case PERMISSION_TO_OP_CODE_TRANSACTION: {
+ CHECK_INTERFACE(IAppOpsService, data, reply);
+ String16 permission = data.readString16();
+ const int32_t opCode = permissionToOpCode(permission);
+ reply->writeNoException();
+ reply->writeInt32(opCode);
+ return NO_ERROR;
+ } break;
default:
return BBinder::onTransact(code, data, reply, flags);
}
diff --git a/libs/binder/IPermissionController.cpp b/libs/binder/IPermissionController.cpp
index 67dac27..6bba996 100644
--- a/libs/binder/IPermissionController.cpp
+++ b/libs/binder/IPermissionController.cpp
@@ -67,6 +67,17 @@
packages.push(reply.readString16());
}
}
+
+ virtual bool isRuntimePermission(const String16& permission)
+ {
+ Parcel data, reply;
+ data.writeInterfaceToken(IPermissionController::getInterfaceDescriptor());
+ data.writeString16(permission);
+ remote()->transact(IS_RUNTIME_PERMISSION_TRANSACTION, data, &reply);
+ // fail on exception
+ if (reply.readExceptionCode() != 0) return false;
+ return reply.readInt32() != 0;
+ }
};
IMPLEMENT_META_INTERFACE(PermissionController, "android.os.IPermissionController");
@@ -102,6 +113,15 @@
return NO_ERROR;
} break;
+ case IS_RUNTIME_PERMISSION_TRANSACTION: {
+ CHECK_INTERFACE(IPermissionController, data, reply);
+ String16 permission = data.readString16();
+ const bool res = isRuntimePermission(permission);
+ reply->writeNoException();
+ reply->writeInt32(res ? 1 : 0);
+ return NO_ERROR;
+ } break;
+
default:
return BBinder::onTransact(code, data, reply, flags);
}
diff --git a/libs/gui/ISensorServer.cpp b/libs/gui/ISensorServer.cpp
index 140712e..5dde9f9 100644
--- a/libs/gui/ISensorServer.cpp
+++ b/libs/gui/ISensorServer.cpp
@@ -48,10 +48,11 @@
virtual ~BpSensorServer();
- virtual Vector<Sensor> getSensorList()
+ virtual Vector<Sensor> getSensorList(const String16& opPackageName)
{
Parcel data, reply;
data.writeInterfaceToken(ISensorServer::getInterfaceDescriptor());
+ data.writeString16(opPackageName);
remote()->transact(GET_SENSOR_LIST, data, &reply);
Sensor s;
Vector<Sensor> v;
@@ -65,12 +66,13 @@
}
virtual sp<ISensorEventConnection> createSensorEventConnection(const String8& packageName,
- int mode)
+ int mode, const String16& opPackageName)
{
Parcel data, reply;
data.writeInterfaceToken(ISensorServer::getInterfaceDescriptor());
data.writeString8(packageName);
data.writeInt32(mode);
+ data.writeString16(opPackageName);
remote()->transact(CREATE_SENSOR_EVENT_CONNECTION, data, &reply);
return interface_cast<ISensorEventConnection>(reply.readStrongBinder());
}
@@ -98,7 +100,8 @@
switch(code) {
case GET_SENSOR_LIST: {
CHECK_INTERFACE(ISensorServer, data, reply);
- Vector<Sensor> v(getSensorList());
+ const String16& opPackageName = data.readString16();
+ Vector<Sensor> v(getSensorList(opPackageName));
size_t n = v.size();
reply->writeUint32(static_cast<uint32_t>(n));
for (size_t i = 0; i < n; i++) {
@@ -110,7 +113,9 @@
CHECK_INTERFACE(ISensorServer, data, reply);
String8 packageName = data.readString8();
int32_t mode = data.readInt32();
- sp<ISensorEventConnection> connection(createSensorEventConnection(packageName, mode));
+ const String16& opPackageName = data.readString16();
+ sp<ISensorEventConnection> connection(createSensorEventConnection(packageName, mode,
+ opPackageName));
reply->writeStrongBinder(IInterface::asBinder(connection));
return NO_ERROR;
}
diff --git a/libs/gui/Sensor.cpp b/libs/gui/Sensor.cpp
index 35661f2..2545eec 100644
--- a/libs/gui/Sensor.cpp
+++ b/libs/gui/Sensor.cpp
@@ -25,6 +25,9 @@
#include <hardware/sensors.h>
+#include <binder/AppOpsManager.h>
+#include <binder/IServiceManager.h>
+
#include <gui/Sensor.h>
#include <log/log.h>
@@ -113,11 +116,13 @@
mStringType = SENSOR_STRING_TYPE_GYROSCOPE_UNCALIBRATED;
mFlags |= SENSOR_FLAG_CONTINUOUS_MODE;
break;
- case SENSOR_TYPE_HEART_RATE:
+ case SENSOR_TYPE_HEART_RATE: {
mStringType = SENSOR_STRING_TYPE_HEART_RATE;
mRequiredPermission = SENSOR_PERMISSION_BODY_SENSORS;
+ AppOpsManager appOps;
+ mRequiredAppOp = appOps.permissionToOpCode(String16(SENSOR_PERMISSION_BODY_SENSORS));
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
- break;
+ } break;
case SENSOR_TYPE_LIGHT:
mStringType = SENSOR_STRING_TYPE_LIGHT;
mFlags |= SENSOR_FLAG_ON_CHANGE_MODE;
@@ -252,6 +257,17 @@
}
}
+
+ if (mRequiredPermission.length() > 0) {
+ // If the sensor is protected by a permission we need to know if it is
+ // a runtime one to determine whether we can use the permission cache.
+ sp<IBinder> binder = defaultServiceManager()->getService(String16("permission"));
+ if (binder != 0) {
+ sp<IPermissionController> permCtrl = interface_cast<IPermissionController>(binder);
+ mRequiredPermissionRuntime = permCtrl->isRuntimePermission(
+ String16(mRequiredPermission));
+ }
+ }
}
Sensor::~Sensor()
@@ -318,6 +334,14 @@
return mRequiredPermission;
}
+bool Sensor::isRequiredPermissionRuntime() const {
+ return mRequiredPermissionRuntime;
+}
+
+int32_t Sensor::getRequiredAppOp() const {
+ return mRequiredAppOp;
+}
+
int32_t Sensor::getMaxDelay() const {
return mMaxDelay;
}
@@ -339,7 +363,8 @@
size_t fixedSize =
sizeof(int32_t) * 3 +
sizeof(float) * 4 +
- sizeof(int32_t) * 5;
+ sizeof(int32_t) * 6 +
+ sizeof(bool);
size_t variableSize =
sizeof(uint32_t) + FlattenableUtils::align<4>(mName.length()) +
@@ -369,6 +394,8 @@
FlattenableUtils::write(buffer, size, mFifoMaxEventCount);
flattenString8(buffer, size, mStringType);
flattenString8(buffer, size, mRequiredPermission);
+ FlattenableUtils::write(buffer, size, mRequiredPermissionRuntime);
+ FlattenableUtils::write(buffer, size, mRequiredAppOp);
FlattenableUtils::write(buffer, size, mMaxDelay);
FlattenableUtils::write(buffer, size, mFlags);
return NO_ERROR;
@@ -407,6 +434,8 @@
if (!unflattenString8(buffer, size, mRequiredPermission)) {
return NO_MEMORY;
}
+ FlattenableUtils::read(buffer, size, mRequiredPermissionRuntime);
+ FlattenableUtils::read(buffer, size, mRequiredAppOp);
FlattenableUtils::read(buffer, size, mMaxDelay);
FlattenableUtils::read(buffer, size, mFlags);
return NO_ERROR;
diff --git a/libs/gui/SensorManager.cpp b/libs/gui/SensorManager.cpp
index cedcf56..8c9f95b 100644
--- a/libs/gui/SensorManager.cpp
+++ b/libs/gui/SensorManager.cpp
@@ -36,10 +36,8 @@
namespace android {
// ----------------------------------------------------------------------------
-ANDROID_SINGLETON_STATIC_INSTANCE(SensorManager)
-
-SensorManager::SensorManager()
- : mSensorList(0)
+SensorManager::SensorManager(const String16& opPackageName)
+ : mSensorList(0), mOpPackageName(opPackageName)
{
// okay we're not locked here, but it's not needed during construction
assertStateLocked();
@@ -88,7 +86,7 @@
mDeathObserver = new DeathObserver(*const_cast<SensorManager *>(this));
IInterface::asBinder(mSensorServer)->linkToDeath(mDeathObserver);
- mSensors = mSensorServer->getSensorList();
+ mSensors = mSensorServer->getSensorList(mOpPackageName);
size_t count = mSensors.size();
mSensorList =
static_cast<Sensor const**>(malloc(count * sizeof(Sensor*)));
@@ -143,7 +141,7 @@
Mutex::Autolock _l(mLock);
while (assertStateLocked() == NO_ERROR) {
sp<ISensorEventConnection> connection =
- mSensorServer->createSensorEventConnection(packageName, mode);
+ mSensorServer->createSensorEventConnection(packageName, mode, mOpPackageName);
if (connection == NULL) {
// SensorService just died or the app doesn't have required permissions.
ALOGE("createEventQueue: connection is NULL.");
diff --git a/services/sensorservice/SensorDevice.cpp b/services/sensorservice/SensorDevice.cpp
index 3bcbd58..dbba9c1 100644
--- a/services/sensorservice/SensorDevice.cpp
+++ b/services/sensorservice/SensorDevice.cpp
@@ -379,14 +379,14 @@
sensor_handle, 0);
// Add all the connections that were registered for this sensor to the disabled
// clients list.
- for (int j = 0; j < info.batchParams.size(); ++j) {
+ for (size_t j = 0; j < info.batchParams.size(); ++j) {
mDisabledClients.add(info.batchParams.keyAt(j));
}
}
}
}
-status_t SensorDevice::injectSensorData(const sensors_event_t *injected_sensor_event, size_t count) {
+status_t SensorDevice::injectSensorData(const sensors_event_t *injected_sensor_event) {
ALOGD_IF(DEBUG_CONNECTIONS,
"sensor_event handle=%d ts=%lld data=%.2f, %.2f, %.2f %.2f %.2f %.2f",
injected_sensor_event->sensor,
diff --git a/services/sensorservice/SensorDevice.h b/services/sensorservice/SensorDevice.h
index 4b3fe85..c484849 100644
--- a/services/sensorservice/SensorDevice.h
+++ b/services/sensorservice/SensorDevice.h
@@ -102,7 +102,7 @@
void disableAllSensors();
void enableAllSensors();
void autoDisable(void *ident, int handle);
- status_t injectSensorData(const sensors_event_t *event, size_t count);
+ status_t injectSensorData(const sensors_event_t *event);
void dump(String8& result);
};
diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp
index c8dc6ec..c7bcaef 100644
--- a/services/sensorservice/SensorService.cpp
+++ b/services/sensorservice/SensorService.cpp
@@ -31,6 +31,7 @@
#include <utils/Singleton.h>
#include <utils/String16.h>
+#include <binder/AppOpsManager.h>
#include <binder/BinderService.h>
#include <binder/IServiceManager.h>
#include <binder/PermissionCache.h>
@@ -156,7 +157,7 @@
// Check if the device really supports batching by looking at the FIFO event
// counts for each sensor.
bool batchingSupported = false;
- for (int i = 0; i < mSensorList.size(); ++i) {
+ for (size_t i = 0; i < mSensorList.size(); ++i) {
if (mSensorList[i].getFifoMaxEventCount() > 0) {
batchingSupported = true;
break;
@@ -666,7 +667,7 @@
return mActiveSensors.valueFor(handle);
}
-Vector<Sensor> SensorService::getSensorList()
+Vector<Sensor> SensorService::getSensorList(const String16& opPackageName)
{
char value[PROPERTY_VALUE_MAX];
property_get("debug.sensors", value, "0");
@@ -675,19 +676,20 @@
Vector<Sensor> accessibleSensorList;
for (size_t i = 0; i < initialSensorList.size(); i++) {
Sensor sensor = initialSensorList[i];
- if (canAccessSensor(sensor)) {
+ if (canAccessSensor(sensor, "getSensorList", opPackageName)) {
accessibleSensorList.add(sensor);
} else {
- ALOGI("Skipped sensor %s because it requires permission %s",
+ ALOGI("Skipped sensor %s because it requires permission %s and app op %d",
sensor.getName().string(),
- sensor.getRequiredPermission().string());
+ sensor.getRequiredPermission().string(),
+ sensor.getRequiredAppOp());
}
}
return accessibleSensorList;
}
sp<ISensorEventConnection> SensorService::createSensorEventConnection(const String8& packageName,
- int requestedMode) {
+ int requestedMode, const String16& opPackageName) {
// Only 2 modes supported for a SensorEventConnection ... NORMAL and DATA_INJECTION.
if (requestedMode != NORMAL && requestedMode != DATA_INJECTION) {
return NULL;
@@ -700,7 +702,7 @@
Mutex::Autolock _l(mLock);
uid_t uid = IPCThreadState::self()->getCallingUid();
sp<SensorEventConnection> result(new SensorEventConnection(this, uid, packageName,
- requestedMode == DATA_INJECTION));
+ requestedMode == DATA_INJECTION, opPackageName));
if (requestedMode == DATA_INJECTION) {
if (mActiveConnections.indexOf(result) < 0) {
mActiveConnections.add(result);
@@ -802,7 +804,8 @@
}
status_t SensorService::enable(const sp<SensorEventConnection>& connection,
- int handle, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags)
+ int handle, nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags,
+ const String16& opPackageName)
{
if (mInitCheck != NO_ERROR)
return mInitCheck;
@@ -812,7 +815,7 @@
return BAD_VALUE;
}
- if (!verifyCanAccessSensor(sensor->getSensor(), "Tried enabling")) {
+ if (!canAccessSensor(sensor->getSensor(), "Tried enabling", opPackageName)) {
return BAD_VALUE;
}
@@ -950,7 +953,7 @@
}
status_t SensorService::setEventRate(const sp<SensorEventConnection>& connection,
- int handle, nsecs_t ns)
+ int handle, nsecs_t ns, const String16& opPackageName)
{
if (mInitCheck != NO_ERROR)
return mInitCheck;
@@ -959,7 +962,7 @@
if (!sensor)
return BAD_VALUE;
- if (!verifyCanAccessSensor(sensor->getSensor(), "Tried configuring")) {
+ if (!canAccessSensor(sensor->getSensor(), "Tried configuring", opPackageName)) {
return BAD_VALUE;
}
@@ -974,7 +977,8 @@
return sensor->setDelay(connection.get(), handle, ns);
}
-status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection) {
+status_t SensorService::flushSensor(const sp<SensorEventConnection>& connection,
+ const String16& opPackageName) {
if (mInitCheck != NO_ERROR) return mInitCheck;
SensorDevice& dev(SensorDevice::getInstance());
const int halVersion = dev.getHalDeviceVersion();
@@ -994,6 +998,10 @@
// flush complete event.
connection->incrementPendingFlushCount(handle);
} else {
+ if (!canAccessSensor(sensor->getSensor(), "Tried flushing", opPackageName)) {
+ err = INVALID_OPERATION;
+ continue;
+ }
status_t err_flush = sensor->flush(connection.get(), handle);
if (err_flush == NO_ERROR) {
SensorRecord* rec = mActiveSensors.valueFor(handle);
@@ -1005,23 +1013,42 @@
return err;
}
-bool SensorService::canAccessSensor(const Sensor& sensor) {
- return (sensor.getRequiredPermission().isEmpty()) ||
- PermissionCache::checkCallingPermission(String16(sensor.getRequiredPermission()));
-}
+bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation,
+ const String16& opPackageName) {
+ const String8& requiredPermission = sensor.getRequiredPermission();
-bool SensorService::verifyCanAccessSensor(const Sensor& sensor, const char* operation) {
- if (canAccessSensor(sensor)) {
+ if (requiredPermission.length() <= 0) {
return true;
+ }
+
+ bool hasPermission = false;
+
+ // Runtime permissions can't use the cache as they may change.
+ if (sensor.isRequiredPermissionRuntime()) {
+ hasPermission = checkPermission(String16(requiredPermission),
+ IPCThreadState::self()->getCallingPid(), IPCThreadState::self()->getCallingUid());
} else {
- String8 errorMessage;
- errorMessage.appendFormat(
- "%s a sensor (%s) without holding its required permission: %s",
- operation,
- sensor.getName().string(),
- sensor.getRequiredPermission().string());
+ hasPermission = PermissionCache::checkCallingPermission(String16(requiredPermission));
+ }
+
+ if (!hasPermission) {
+ ALOGE("%s a sensor (%s) without holding its required permission: %s",
+ operation, sensor.getName().string(), sensor.getRequiredPermission().string());
return false;
}
+
+ const int32_t opCode = sensor.getRequiredAppOp();
+ if (opCode >= 0) {
+ AppOpsManager appOps;
+ if (appOps.noteOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName)
+ != AppOpsManager::MODE_ALLOWED) {
+ ALOGE("%s a sensor (%s) without enabled required app op: %D",
+ operation, sensor.getName().string(), opCode);
+ return false;
+ }
+ }
+
+ return true;
}
bool SensorService::hasDataInjectionPermissions() {
@@ -1144,10 +1171,11 @@
// ---------------------------------------------------------------------------
SensorService::SensorEventConnection::SensorEventConnection(
- const sp<SensorService>& service, uid_t uid, String8 packageName, bool isDataInjectionMode)
+ const sp<SensorService>& service, uid_t uid, String8 packageName, bool isDataInjectionMode,
+ const String16& opPackageName)
: mService(service), mUid(uid), mWakeLockRefCount(0), mHasLooperCallbacks(false),
- mDead(false), mEventCache(NULL), mCacheSize(0), mMaxCacheSize(0), mPackageName(packageName),
- mDataInjectionMode(isDataInjectionMode) {
+ mDead(false), mDataInjectionMode(isDataInjectionMode), mEventCache(NULL),
+ mCacheSize(0), mMaxCacheSize(0), mPackageName(packageName), mOpPackageName(opPackageName) {
mChannel = new BitTube(mService->mSocketBufferSize);
#if DEBUG_CONNECTIONS
mEventsReceived = mEventsSentFromCache = mEventsSent = 0;
@@ -1205,7 +1233,8 @@
bool SensorService::SensorEventConnection::addSensor(int32_t handle) {
Mutex::Autolock _l(mConnectionLock);
- if (!verifyCanAccessSensor(mService->getSensorFromHandle(handle), "Tried adding")) {
+ if (!canAccessSensor(mService->getSensorFromHandle(handle),
+ "Tried adding", mOpPackageName)) {
return false;
}
if (mSensorInfo.indexOfKey(handle) < 0) {
@@ -1324,7 +1353,7 @@
sensors_event_t* scratch,
SensorEventConnection const * const * mapFlushEventsToConnections) {
// filter out events not for this connection
- size_t count = 0;
+ int count = 0;
Mutex::Autolock _l(mConnectionLock);
if (scratch) {
size_t i=0;
@@ -1616,7 +1645,7 @@
status_t err;
if (enabled) {
err = mService->enable(this, handle, samplingPeriodNs, maxBatchReportLatencyNs,
- reservedFlags);
+ reservedFlags, mOpPackageName);
} else {
err = mService->disable(this, handle);
@@ -1627,11 +1656,11 @@
status_t SensorService::SensorEventConnection::setEventRate(
int handle, nsecs_t samplingPeriodNs)
{
- return mService->setEventRate(this, handle, samplingPeriodNs);
+ return mService->setEventRate(this, handle, samplingPeriodNs, mOpPackageName);
}
status_t SensorService::SensorEventConnection::flush() {
- return mService->flushSensor(this);
+ return mService->flushSensor(this, mOpPackageName);
}
int SensorService::SensorEventConnection::handleEvent(int fd, int events, void* /*data*/) {
@@ -1674,7 +1703,7 @@
memcpy(&sensor_event, buf, sizeof(sensors_event_t));
Sensor sensor = mService->getSensorFromHandle(sensor_event.sensor);
sensor_event.type = sensor.getType();
- dev.injectSensorData(&sensor_event, 1);
+ dev.injectSensorData(&sensor_event);
#if DEBUG_CONNECTIONS
++mEventsReceived;
#endif
@@ -1714,8 +1743,8 @@
}
int SensorService::SensorEventConnection::computeMaxCacheSizeLocked() const {
- int fifoWakeUpSensors = 0;
- int fifoNonWakeUpSensors = 0;
+ size_t fifoWakeUpSensors = 0;
+ size_t fifoNonWakeUpSensors = 0;
for (size_t i = 0; i < mSensorInfo.size(); ++i) {
const Sensor& sensor = mService->getSensorFromHandle(mSensorInfo.keyAt(i));
if (sensor.getFifoReservedEventCount() == sensor.getFifoMaxEventCount()) {
diff --git a/services/sensorservice/SensorService.h b/services/sensorservice/SensorService.h
index 4d34471..df04d00 100644
--- a/services/sensorservice/SensorService.h
+++ b/services/sensorservice/SensorService.h
@@ -111,9 +111,9 @@
virtual bool threadLoop();
// ISensorServer interface
- virtual Vector<Sensor> getSensorList();
+ virtual Vector<Sensor> getSensorList(const String16& opPackageName);
virtual sp<ISensorEventConnection> createSensorEventConnection(const String8& packageName,
- int requestedMode);
+ int requestedMode, const String16& opPackageName);
virtual status_t enableDataInjection(int enable);
virtual status_t dump(int fd, const Vector<String16>& args);
@@ -207,6 +207,7 @@
sensors_event_t *mEventCache;
int mCacheSize, mMaxCacheSize;
String8 mPackageName;
+ const String16 mOpPackageName;
#if DEBUG_CONNECTIONS
int mEventsReceived, mEventsSent, mEventsSentFromCache;
int mTotalAcksNeeded, mTotalAcksReceived;
@@ -214,7 +215,7 @@
public:
SensorEventConnection(const sp<SensorService>& service, uid_t uid, String8 packageName,
- bool isDataInjectionMode);
+ bool isDataInjectionMode, const String16& opPackageName);
status_t sendEvents(sensors_event_t const* buffer, size_t count,
sensors_event_t* scratch,
@@ -271,8 +272,8 @@
const sp<SensorEventConnection>& connection, int handle);
void cleanupAutoDisabledSensorLocked(const sp<SensorEventConnection>& connection,
sensors_event_t const* buffer, const int count);
- static bool canAccessSensor(const Sensor& sensor);
- static bool verifyCanAccessSensor(const Sensor& sensor, const char* operation);
+ static bool canAccessSensor(const Sensor& sensor, const char* operation,
+ const String16& opPackageName);
static bool hasDataInjectionPermissions();
// SensorService acquires a partial wakelock for delivering events from wake up sensors. This
// method checks whether all the events from these wake up sensors have been delivered to the
@@ -340,10 +341,13 @@
public:
void cleanupConnection(SensorEventConnection* connection);
status_t enable(const sp<SensorEventConnection>& connection, int handle,
- nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags);
+ nsecs_t samplingPeriodNs, nsecs_t maxBatchReportLatencyNs, int reservedFlags,
+ const String16& opPackageName);
status_t disable(const sp<SensorEventConnection>& connection, int handle);
- status_t setEventRate(const sp<SensorEventConnection>& connection, int handle, nsecs_t ns);
- status_t flushSensor(const sp<SensorEventConnection>& connection);
+ status_t setEventRate(const sp<SensorEventConnection>& connection, int handle, nsecs_t ns,
+ const String16& opPackageName);
+ status_t flushSensor(const sp<SensorEventConnection>& connection,
+ const String16& opPackageName);
};
// ---------------------------------------------------------------------------