3 files changed, 43 insertions, 4 deletions

diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index 2be5dc966746..6e31c0fb9205 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -1000,7 +1000,7 @@ public class AppOpsManager {
             "WRITE_WALLPAPER",
             "ASSIST_STRUCTURE",
             "ASSIST_SCREENSHOT",
-            "OP_READ_PHONE_STATE",
+            "READ_PHONE_STATE",
             "ADD_VOICEMAIL",
             "USE_SIP",
             "PROCESS_OUTGOING_CALLS",
diff --git a/services/core/java/com/android/server/AppOpsService.java b/services/core/java/com/android/server/AppOpsService.java
index 5814064e5fbd..99f7eb484dab 100644
--- a/services/core/java/com/android/server/AppOpsService.java
+++ b/services/core/java/com/android/server/AppOpsService.java
@@ -25,6 +25,8 @@ import static android.app.AppOpsManager.UID_STATE_LAST_NON_RESTRICTED;
 import static android.app.AppOpsManager.UID_STATE_PERSISTENT;
 import static android.app.AppOpsManager.UID_STATE_TOP;
 import static android.app.AppOpsManager._NUM_UID_STATE;
+import static android.app.AppOpsManager.modeToName;
+import static android.app.AppOpsManager.opToName;
 
 import android.Manifest;
 import android.annotation.NonNull;
@@ -877,6 +879,9 @@ public class AppOpsService extends IAppOpsService.Stub {
     }
 
     private ArrayList<AppOpsManager.OpEntry> collectOps(SparseIntArray uidOps, int[] ops) {
+        if (uidOps == null) {
+            return null;
+        }
         ArrayList<AppOpsManager.OpEntry> resOps = null;
         if (ops == null) {
             resOps = new ArrayList<>();
@@ -1131,6 +1136,11 @@ public class AppOpsService extends IAppOpsService.Stub {
 
     @Override
     public void setUidMode(int code, int uid, int mode) {
+        if (DEBUG) {
+            Slog.i(TAG, "uid " + uid + " OP_" + opToName(code) + " := " + modeToName(mode)
+                    + " by uid " + Binder.getCallingUid());
+        }
+
         enforceManageAppOpsModes(Binder.getCallingPid(), Binder.getCallingUid(), uid);
         verifyIncomingOp(code);
         code = AppOpsManager.opToSwitch(code);
@@ -3024,11 +3034,21 @@ public class AppOpsService extends IAppOpsService.Stub {
                         return res;
                     }
 
-                    List<AppOpsManager.PackageOps> ops;
+                    List<AppOpsManager.PackageOps> ops = new ArrayList<>();
                     if (shell.packageName != null) {
-                        ops = shell.mInterface.getOpsForPackage(
+                        // Uid mode overrides package mode, so make sure it's also reported
+                        List<AppOpsManager.PackageOps> r = shell.mInterface.getUidOps(
+                                shell.packageUid,
+                                shell.op != AppOpsManager.OP_NONE ? new int[]{shell.op} : null);
+                        if (r != null) {
+                            ops.addAll(r);
+                        }
+                        r = shell.mInterface.getOpsForPackage(
                                 shell.packageUid, shell.packageName,
                                 shell.op != AppOpsManager.OP_NONE ? new int[]{shell.op} : null);
+                        if (r != null) {
+                            ops.addAll(r);
+                        }
                     } else {
                         ops = shell.mInterface.getUidOps(
                                 shell.nonpackageUid,
@@ -3044,7 +3064,11 @@ public class AppOpsService extends IAppOpsService.Stub {
                     }
                     final long now = System.currentTimeMillis();
                     for (int i=0; i<ops.size(); i++) {
-                        List<AppOpsManager.OpEntry> entries = ops.get(i).getOps();
+                        AppOpsManager.PackageOps packageOps = ops.get(i);
+                        if (packageOps.getPackageName() == null) {
+                            pw.print("Uid mode: ");
+                        }
+                        List<AppOpsManager.OpEntry> entries = packageOps.getOps();
                         for (int j=0; j<entries.size(); j++) {
                             AppOpsManager.OpEntry ent = entries.get(j);
                             pw.print(AppOpsManager.opToName(ent.getOp()));
diff --git a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
index 32b2bf05ac48..774134c994b3 100644
--- a/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
+++ b/services/core/java/com/android/server/pm/permission/DefaultPermissionGrantPolicy.java
@@ -1205,6 +1205,21 @@ public final class DefaultPermissionGrantPolicy {
                     if (DEBUG) {
                         Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
                                 + permission + " to default handler " + pkg);
+
+                        int appOp = AppOpsManager.permissionToOpCode(permission);
+                        if (appOp != AppOpsManager.OP_NONE
+                                && AppOpsManager.opToDefaultMode(appOp)
+                                        != AppOpsManager.MODE_ALLOWED) {
+                            // Permission has a corresponding appop which is not allowed by default
+                            // We must allow it as well, as it's usually checked alongside the
+                            // permission
+                            if (DEBUG) {
+                                Log.i(TAG, "Granting OP_" + AppOpsManager.opToName(appOp)
+                                        + " to " + pkg.packageName);
+                            }
+                            mContext.getSystemService(AppOpsManager.class).setUidMode(
+                                    appOp, pkg.applicationInfo.uid, AppOpsManager.MODE_ALLOWED);
+                        }
                     }
                 }