Access mock location is no longer a runtime permission - settings
The access mock location is no longer a runtime permission. It is a
signature protected one that apps cannot get but the fact they request
it means they want to inject location into the system. Now the user
gets to choose the current mock location app in developer options from
the apps that request the mock location permission. The access to mock
location is no longer guarded by the permisson but from a new app op
which is off by default and the settiings UI sets it to enabled only
for the currently selected mock location app.
bug:21078873
Change-Id: I6555179ecf0cc37d9bb857e9dfb3b04c091ea612
diff --git a/res/values/strings.xml b/res/values/strings.xml
index ebf1fb4..4291581 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -3540,10 +3540,14 @@
<string name="select_logd_size_title">Logger buffer sizes</string>
<!-- UI debug setting: limit size of Android logger buffers [CHAR LIMIT=59] -->
<string name="select_logd_size_dialog_title">Select Logger sizes per log buffer</string>
- <!-- Setting Checkbox title whether to allow mock locations -->
- <string name="allow_mock_location">Allow mock locations</string>
- <!-- setting Checkbox summary whether to allow mock locations -->
- <string name="allow_mock_location_summary">Allow mock locations</string>
+
+ <!-- UI debug setting: select current app to mock location [CHAR LIMIT=50] -->
+ <string name="mock_location_app">Select mock location app</string>
+ <!-- UI debug setting: no mock location app has been set [CHAR LIMIT=50] -->
+ <string name="mock_location_app_not_set">No mock location app set</string>
+ <!-- UI debug setting: mock location app has been set [CHAR LIMIT=50] -->
+ <string name="mock_location_app_set">Mock location app: <xliff:g id="app_name">%1$s</xliff:g></string>
+
<!-- Setting Checkbox title whether to enable view attribute inspection -->
<string name="debug_view_attributes">Enable view attribute inspection</string>
<!-- Title of warning dialog about the implications of enabling USB debugging -->
diff --git a/res/xml/development_prefs.xml b/res/xml/development_prefs.xml
index 39866c9..32c96c1 100644
--- a/res/xml/development_prefs.xml
+++ b/res/xml/development_prefs.xml
@@ -86,10 +86,8 @@
android:title="@string/bugreport_in_power"
android:summary="@string/bugreport_in_power_summary"/>
- <SwitchPreference
- android:key="allow_mock_location"
- android:title="@string/allow_mock_location"
- android:summary="@string/allow_mock_location_summary"/>
+ <PreferenceScreen android:key="mock_location_app"
+ android:title="@string/mock_location_app" />
<SwitchPreference
android:key="debug_view_attributes"
diff --git a/src/com/android/settings/AppPicker.java b/src/com/android/settings/AppPicker.java
index d525427..2447bcb 100644
--- a/src/com/android/settings/AppPicker.java
+++ b/src/com/android/settings/AppPicker.java
@@ -22,6 +22,8 @@
import java.util.Comparator;
import java.util.List;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
import com.android.settings.applications.AppViewHolder;
import android.app.ListActivity;
@@ -40,10 +42,20 @@
public class AppPicker extends ListActivity {
private AppListAdapter mAdapter;
+ public static final String EXTRA_REQUESTIING_PERMISSION
+ = "com.android.settings.extra.REQUESTIING_PERMISSION";
+ public static final String EXTRA_DEBUGGABLE = "com.android.settings.extra.DEBUGGABLE";
+
+ private String mPermissionName;
+ private boolean mDebuggableOnly;
+
@Override
protected void onCreate(Bundle icicle) {
super.onCreate(icicle);
+ mPermissionName = getIntent().getStringExtra(EXTRA_REQUESTIING_PERMISSION);
+ mDebuggableOnly = getIntent().getBooleanExtra(EXTRA_DEBUGGABLE, false);
+
mAdapter = new AppListAdapter(this);
if (mAdapter.getCount() <= 0) {
finish();
@@ -89,13 +101,41 @@
if (ai.uid == Process.SYSTEM_UID) {
continue;
}
- // On a user build, we only allow debugging of apps that
- // are marked as debuggable. Otherwise (for platform development)
- // we allow all apps.
- if ((ai.flags&ApplicationInfo.FLAG_DEBUGGABLE) == 0
- && "user".equals(Build.TYPE)) {
- continue;
+
+ // Filter out apps that are not debuggable if required.
+ if (mDebuggableOnly) {
+ // On a user build, we only allow debugging of apps that
+ // are marked as debuggable. Otherwise (for platform development)
+ // we allow all apps.
+ if ((ai.flags&ApplicationInfo.FLAG_DEBUGGABLE) == 0
+ && "user".equals(Build.TYPE)) {
+ continue;
+ }
}
+
+ // Filter out apps that do not request the permission if required.
+ if (mPermissionName != null) {
+ boolean requestsPermission = false;
+ try {
+ PackageInfo pi = getPackageManager().getPackageInfo(ai.packageName,
+ PackageManager.GET_PERMISSIONS);
+ if (pi.requestedPermissions == null) {
+ continue;
+ }
+ for (String requestedPermission : pi.requestedPermissions) {
+ if (requestedPermission.equals(mPermissionName)) {
+ requestsPermission = true;
+ break;
+ }
+ }
+ if (!requestsPermission) {
+ continue;
+ }
+ } catch (PackageManager.NameNotFoundException e) {
+ continue;
+ }
+ }
+
MyApplicationInfo info = new MyApplicationInfo();
info.info = ai;
info.label = info.info.loadLabel(getPackageManager()).toString();
diff --git a/src/com/android/settings/DevelopmentSettings.java b/src/com/android/settings/DevelopmentSettings.java
index 314e70a..5148e1a 100644
--- a/src/com/android/settings/DevelopmentSettings.java
+++ b/src/com/android/settings/DevelopmentSettings.java
@@ -16,9 +16,12 @@
package com.android.settings;
+import android.Manifest;
import android.app.Activity;
import android.app.ActivityManagerNative;
import android.app.AlertDialog;
+import android.app.AppOpsManager;
+import android.app.AppOpsManager.PackageOps;
import android.app.Dialog;
import android.app.admin.DevicePolicyManager;
import android.app.backup.IBackupManager;
@@ -74,6 +77,7 @@
import com.android.settings.search.Indexable;
import com.android.settings.widget.SwitchBar;
+import java.lang.Process;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
@@ -106,7 +110,6 @@
private static final String KEEP_SCREEN_ON = "keep_screen_on";
private static final String BT_HCI_SNOOP_LOG = "bt_hci_snoop_log";
private static final String ENABLE_OEM_UNLOCK = "oem_unlock_enable";
- private static final String ALLOW_MOCK_LOCATION = "allow_mock_location";
private static final String HDCP_CHECKING_KEY = "hdcp_checking";
private static final String HDCP_CHECKING_PROPERTY = "persist.sys.hdcp_checking";
private static final String LOCAL_BACKUP_PASSWORD = "local_backup_password";
@@ -119,6 +122,7 @@
private static final String DEBUG_APP_KEY = "debug_app";
private static final String WAIT_FOR_DEBUGGER_KEY = "wait_for_debugger";
+ private static final String MOCK_LOCATION_APP_KEY = "mock_location_app";
private static final String VERIFY_APPS_OVER_USB_KEY = "verify_apps_over_usb";
private static final String DEBUG_VIEW_ATTRIBUTES = "debug_view_attributes";
private static final String STRICT_MODE_KEY = "strict_mode";
@@ -174,6 +178,7 @@
private static final String TERMINAL_APP_PACKAGE = "com.android.terminal";
private static final int RESULT_DEBUG_APP = 1000;
+ private static final int RESULT_MOCK_LOCATION_APP = 1001;
private static final String PERSISTENT_DATA_BLOCK_PROP = "ro.frp.pst";
@@ -181,6 +186,8 @@
private static String DEFAULT_LOG_RING_BUFFER_SIZE_IN_BYTES = "262144"; // 256K
+ private static final int[] MOCK_LOCATOIN_APP_OPS = new int[] {AppOpsManager.OP_MOCK_LOCATION};
+
private static final String MULTI_WINDOW_SYSTEM_PROPERTY = "persist.sys.debug.multi_window";
private IWindowManager mWindowManager;
private IBackupManager mBackupManager;
@@ -201,12 +208,15 @@
private SwitchPreference mKeepScreenOn;
private SwitchPreference mBtHciSnoopLog;
private SwitchPreference mEnableOemUnlock;
- private SwitchPreference mAllowMockLocation;
private SwitchPreference mDebugViewAttributes;
private PreferenceScreen mPassword;
private String mDebugApp;
private Preference mDebugAppPref;
+
+ private String mMockLocationApp;
+ private Preference mMockLocationAppPref;
+
private SwitchPreference mWaitForDebugger;
private SwitchPreference mVerifyAppsOverUsb;
private SwitchPreference mWifiDisplayCertification;
@@ -317,7 +327,7 @@
removePreference(mEnableOemUnlock);
mEnableOemUnlock = null;
}
- mAllowMockLocation = findAndInitSwitchPref(ALLOW_MOCK_LOCATION);
+
mDebugViewAttributes = findAndInitSwitchPref(DEBUG_VIEW_ATTRIBUTES);
mPassword = (PreferenceScreen) findPreference(LOCAL_BACKUP_PASSWORD);
mAllPrefs.add(mPassword);
@@ -333,6 +343,10 @@
mDebugAppPref = findPreference(DEBUG_APP_KEY);
mAllPrefs.add(mDebugAppPref);
mWaitForDebugger = findAndInitSwitchPref(WAIT_FOR_DEBUGGER_KEY);
+
+ mMockLocationAppPref = findPreference(MOCK_LOCATION_APP_KEY);
+ mAllPrefs.add(mMockLocationAppPref);
+
mVerifyAppsOverUsb = findAndInitSwitchPref(VERIFY_APPS_OVER_USB_KEY);
if (!showVerifierSetting()) {
if (debugDebuggingCategory != null) {
@@ -558,13 +572,12 @@
if (mEnableOemUnlock != null) {
updateSwitchPreference(mEnableOemUnlock, Utils.isOemUnlockEnabled(getActivity()));
}
- updateSwitchPreference(mAllowMockLocation, Settings.Secure.getInt(cr,
- Settings.Secure.ALLOW_MOCK_LOCATION, 0) != 0);
updateSwitchPreference(mDebugViewAttributes, Settings.Global.getInt(cr,
Settings.Global.DEBUG_VIEW_ATTRIBUTES, 0) != 0);
updateHdcpValues();
updatePasswordSummary();
updateDebuggerOptions();
+ updateMockLocation();
updateStrictModeVisualOptions();
updatePointerLocationOptions();
updateShowTouchesOptions();
@@ -677,6 +690,41 @@
}
}
+ private void writeMockLocation() {
+ AppOpsManager appOpsManager = (AppOpsManager) getSystemService(Context.APP_OPS_SERVICE);
+
+ // Disable the app op of the previous mock location app if such.
+ List<PackageOps> packageOps = appOpsManager.getPackagesForOps(MOCK_LOCATOIN_APP_OPS);
+ if (packageOps != null) {
+ // Should be one but in case we are in a bad state due to use of command line tools.
+ for (PackageOps packageOp : packageOps) {
+ if (packageOp.getOps().get(0).getMode() != AppOpsManager.MODE_ERRORED) {
+ String oldMockLocationApp = packageOp.getPackageName();
+ try {
+ ApplicationInfo ai = getActivity().getPackageManager().getApplicationInfo(
+ oldMockLocationApp, PackageManager.GET_DISABLED_COMPONENTS);
+ appOpsManager.setMode(AppOpsManager.OP_MOCK_LOCATION, ai.uid,
+ oldMockLocationApp, AppOpsManager.MODE_ERRORED);
+ } catch (NameNotFoundException e) {
+ /* ignore */
+ }
+ }
+ }
+ }
+
+ // Enable the app op of the new mock location app if such.
+ if (!TextUtils.isEmpty(mMockLocationApp)) {
+ try {
+ ApplicationInfo ai = getActivity().getPackageManager().getApplicationInfo(
+ mMockLocationApp, PackageManager.GET_DISABLED_COMPONENTS);
+ appOpsManager.setMode(AppOpsManager.OP_MOCK_LOCATION, ai.uid,
+ mMockLocationApp, AppOpsManager.MODE_ALLOWED);
+ } catch (NameNotFoundException e) {
+ /* ignore */
+ }
+ }
+ }
+
private static void resetDebuggerOptions() {
try {
ActivityManagerNative.getDefault().setDebugApp(
@@ -709,6 +757,39 @@
}
}
+ private void updateMockLocation() {
+ AppOpsManager appOpsManager = (AppOpsManager) getSystemService(Context.APP_OPS_SERVICE);
+
+ List<PackageOps> packageOps = appOpsManager.getPackagesForOps(MOCK_LOCATOIN_APP_OPS);
+ if (packageOps != null) {
+ for (PackageOps packageOp : packageOps) {
+ if (packageOp.getOps().get(0).getMode() == AppOpsManager.MODE_ALLOWED) {
+ mMockLocationApp = packageOps.get(0).getPackageName();
+ break;
+ }
+ }
+ }
+
+ if (!TextUtils.isEmpty(mMockLocationApp)) {
+ String label = mMockLocationApp;
+ try {
+ ApplicationInfo ai = getActivity().getPackageManager().getApplicationInfo(
+ mMockLocationApp, PackageManager.GET_DISABLED_COMPONENTS);
+ CharSequence appLabel = getPackageManager().getApplicationLabel(ai);
+ if (appLabel != null) {
+ label = appLabel.toString();
+ }
+ } catch (PackageManager.NameNotFoundException e) {
+ /* ignore */
+ }
+
+ mMockLocationAppPref.setSummary(getString(R.string.mock_location_app_set, label));
+ mHaveDebugSettings = true;
+ } else {
+ mMockLocationAppPref.setSummary(getString(R.string.mock_location_app_not_set));
+ }
+ }
+
private void updateVerifyAppsOverUsbOptions() {
updateSwitchPreference(mVerifyAppsOverUsb, Settings.Global.getInt(getActivity().getContentResolver(),
Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, 1) != 0);
@@ -1506,6 +1587,12 @@
writeDebuggerOptions();
updateDebuggerOptions();
}
+ } else if (requestCode == RESULT_MOCK_LOCATION_APP) {
+ if (resultCode == Activity.RESULT_OK) {
+ mMockLocationApp = data.getAction();
+ writeMockLocation();
+ updateMockLocation();
+ }
} else if (requestCode == REQUEST_CODE_ENABLE_OEM_UNLOCK) {
if (resultCode == Activity.RESULT_OK) {
if (mEnableOemUnlock.isChecked()) {
@@ -1574,16 +1661,19 @@
Utils.setOemUnlockEnabled(getActivity(), false);
}
}
- } else if (preference == mAllowMockLocation) {
- Settings.Secure.putInt(getActivity().getContentResolver(),
- Settings.Secure.ALLOW_MOCK_LOCATION,
- mAllowMockLocation.isChecked() ? 1 : 0);
+ } else if (preference == mMockLocationAppPref) {
+ Intent intent = new Intent(getActivity(), AppPicker.class);
+ intent.putExtra(AppPicker.EXTRA_REQUESTIING_PERMISSION,
+ Manifest.permission.ACCESS_MOCK_LOCATION);
+ startActivityForResult(intent, RESULT_MOCK_LOCATION_APP);
} else if (preference == mDebugViewAttributes) {
Settings.Global.putInt(getActivity().getContentResolver(),
Settings.Global.DEBUG_VIEW_ATTRIBUTES,
mDebugViewAttributes.isChecked() ? 1 : 0);
} else if (preference == mDebugAppPref) {
- startActivityForResult(new Intent(getActivity(), AppPicker.class), RESULT_DEBUG_APP);
+ Intent intent = new Intent(getActivity(), AppPicker.class);
+ intent.putExtra(AppPicker.EXTRA_DEBUGGABLE, true);
+ startActivityForResult(intent, RESULT_DEBUG_APP);
} else if (preference == mWaitForDebugger) {
writeDebuggerOptions();
} else if (preference == mVerifyAppsOverUsb) {