libbinder: Hide AppOpsManager/Service from vendor.

Vendor apps can still use these behind stable SDK or NDK APIs as applicable, but native code on the vendor image can't use these APIs because they are using /dev/vndbinder and have an incompatible copy of libbinder. Since no vendor binary is serving this, removing extra pound defines and making the vendor version of this library slightly smaller. Bug: 124524556 Test: builds (no vendor code has added dependencies on this yet) Change-Id: Idf01641d4b340ca6fe33c181969507ec071ef930
author: Steven Moreland <smoreland@google.com> 2019-09-09 16:07:52 -0700
committer: Steven Moreland <smoreland@google.com> 2019-09-09 16:14:53 -0700
commit: c326a94d15828aee6a9261763bb40b82824f0c6c (patch)
tree: e97acc0d4f4f9457db2683525f7c21ec7101db3c
parent: 95ad8b142447acabbce0845a84b99dc37632e2b4 (diff)
5 files changed, 10 insertions, 30 deletions
diff --git a/libs/binder/Android.bp b/libs/binder/Android.bp
index 6ece4a2162..86f19c5873 100644
--- a/libs/binder/Android.bp
+++ b/libs/binder/Android.bp
@@ -86,8 +86,10 @@ cc_library_shared {
         vendor: {
             exclude_srcs: [
                 "ActivityManager.cpp",
+                "AppOpsManager.cpp",
                 "IActivityManager.cpp",
                 "IAppOpsCallback.cpp",
+                "IAppOpsService.cpp",
                 "IBatteryStats.cpp",
                 "IMediaResourceMonitor.cpp",
                 "IPermissionController.cpp",
diff --git a/libs/binder/AppOpsManager.cpp b/libs/binder/AppOpsManager.cpp
index e2af01c161..711fed96a1 100644
--- a/libs/binder/AppOpsManager.cpp
+++ b/libs/binder/AppOpsManager.cpp
@@ -32,7 +32,6 @@ namespace android {
 
 namespace {
 
-#ifndef __ANDROID_VNDK__
 #if defined(__BRILLO__)
 // Because Brillo has no application model, security policy is managed
 // statically (at build time) with SELinux controls.
@@ -41,17 +40,13 @@ const int APP_OPS_MANAGER_UNAVAILABLE_MODE = AppOpsManager::MODE_ALLOWED;
 #else
 const int APP_OPS_MANAGER_UNAVAILABLE_MODE = AppOpsManager::MODE_IGNORED;
 #endif  // defined(__BRILLO__)
-#endif // __ANDROID_VNDK__
 
 }  // namespace
 
 static String16 _appops("appops");
-#ifndef __ANDROID_VNDK__
 static pthread_mutex_t gTokenMutex = PTHREAD_MUTEX_INITIALIZER;
-#endif // __ANDROID_VNDK__
 static sp<IBinder> gToken;
 
-#ifndef __ANDROID_VNDK__
 static const sp<IBinder>& getToken(const sp<IAppOpsService>& service) {
     pthread_mutex_lock(&gTokenMutex);
     if (gToken == nullptr || gToken->pingBinder() != NO_ERROR) {
@@ -60,17 +55,12 @@ static const sp<IBinder>& getToken(const sp<IAppOpsService>& service) {
     pthread_mutex_unlock(&gTokenMutex);
     return gToken;
 }
-#endif // __ANDROID_VNDK__
 
 thread_local uint64_t notedAppOpsInThisBinderTransaction[2];
 thread_local int32_t uidOfThisBinderTransaction = -1;
 
 // Whether an appop should be collected: 0 == not initialized, 1 == don't note, 2 == note
-#ifndef __ANDROID_VNDK__
 uint8_t appOpsToNote[AppOpsManager::_NUM_OP] = {0};
-#else
-uint8_t appOpsToNote[128] = {0};
-#endif // __ANDROID_VNDK__
 
 AppOpsManager::AppOpsManager()
 {
@@ -108,7 +98,6 @@ sp<IAppOpsService> AppOpsManager::getService()
 }
 #endif  // defined(__BRILLO__)
 
-#ifndef __ANDROID_VNDK__
 int32_t AppOpsManager::checkOp(int32_t op, int32_t uid, const String16& callingPackage)
 {
     sp<IAppOpsService> service = getService();
@@ -200,8 +189,6 @@ void AppOpsManager::setCameraAudioRestriction(int32_t mode) {
     }
 }
 
-#endif // __ANDROID_VNDK__
-
 bool AppOpsManager::shouldCollectNotes(int32_t opcode) {
     sp<IAppOpsService> service = getService();
     if (service != nullptr) {
diff --git a/libs/binder/IAppOpsService.cpp b/libs/binder/IAppOpsService.cpp
index b6360cbffd..c58ea029b3 100644
--- a/libs/binder/IAppOpsService.cpp
+++ b/libs/binder/IAppOpsService.cpp
@@ -34,7 +34,6 @@ public:
     {
     }
 
-#ifndef __ANDROID_VNDK__
     virtual int32_t checkOperation(int32_t code, int32_t uid, const String16& packageName) {
         Parcel data, reply;
         data.writeInterfaceToken(IAppOpsService::getInterfaceDescriptor());
@@ -145,7 +144,6 @@ public:
         remote()->transact(SET_CAMERA_AUDIO_RESTRICTION_TRANSACTION, data, &reply);
     }
 
-#endif
     virtual void noteAsyncOp(const String16& callingPackageName, int32_t uid,
             const String16& packageName, int32_t opCode, const String16& message) {
         Parcel data, reply;
@@ -195,7 +193,6 @@ status_t BnAppOpsService::onTransact(
 {
     //printf("AppOpsService received: "); data.print();
     switch(code) {
-#ifndef __ANDROID_VNDK__
         case CHECK_OPERATION_TRANSACTION: {
             CHECK_INTERFACE(IAppOpsService, data, reply);
             int32_t code = data.readInt32();
@@ -288,7 +285,6 @@ status_t BnAppOpsService::onTransact(
             reply->writeNoException();
             return NO_ERROR;
         } break;
-#endif // __ANDROID_VNDK__
         case NOTE_ASYNC_OP_TRANSACTION: {
             CHECK_INTERFACE(IAppOpsService, data, reply);
             String16 callingPackageName = data.readString16();
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
index dff4d49596..f5a54cea4c 100644
--- a/libs/binder/include/binder/AppOpsManager.h
+++ b/libs/binder/include/binder/AppOpsManager.h
@@ -21,6 +21,10 @@
 
 #include <utils/threads.h>
 
+#ifdef __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif
+
 // ---------------------------------------------------------------------------
 namespace android {
 
@@ -33,7 +37,6 @@ public:
         MODE_ERRORED = IAppOpsService::MODE_ERRORED
     };
 
-#ifndef __ANDROID_VNDK__
     enum {
         OP_NONE = -1,
         OP_COARSE_LOCATION = 0,
@@ -121,11 +124,9 @@ public:
         OP_READ_DEVICE_IDENTIFIERS = 89,
         _NUM_OP = 90
     };
-#endif // __ANDROID_VNDK__
 
     AppOpsManager();
 
-#ifndef __ANDROID_VNDK__
     int32_t checkOp(int32_t op, int32_t uid, const String16& callingPackage);
     int32_t checkAudioOpNoThrow(int32_t op, int32_t usage, int32_t uid,
             const String16& callingPackage);
@@ -145,7 +146,6 @@ public:
     void stopWatchingMode(const sp<IAppOpsCallback>& callback);
     int32_t permissionToOpCode(const String16& permission);
     void setCameraAudioRestriction(int32_t mode);
-#endif // __ANDROID_VNDK__
     void noteAsyncOp(const String16& callingPackageName, int32_t uid, const String16& packageName,
             int32_t opCode, const String16& message);
 
diff --git a/libs/binder/include/binder/IAppOpsService.h b/libs/binder/include/binder/IAppOpsService.h
index 009ef6c7a7..978400304e 100644
--- a/libs/binder/include/binder/IAppOpsService.h
+++ b/libs/binder/include/binder/IAppOpsService.h
@@ -18,11 +18,13 @@
 #ifndef ANDROID_IAPP_OPS_SERVICE_H
 #define ANDROID_IAPP_OPS_SERVICE_H
 
-#ifndef __ANDROID_VNDK__
 #include <binder/IAppOpsCallback.h>
-#endif
 #include <binder/IInterface.h>
 
+#ifdef __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif
+
 namespace android {
 
 // ----------------------------------------------------------------------
@@ -32,7 +34,6 @@ class IAppOpsService : public IInterface
 public:
     DECLARE_META_INTERFACE(AppOpsService)
 
-#ifndef __ANDROID_VNDK__
     virtual int32_t checkOperation(int32_t code, int32_t uid, const String16& packageName) = 0;
     virtual int32_t noteOperation(int32_t code, int32_t uid, const String16& packageName) = 0;
     virtual int32_t startOperation(const sp<IBinder>& token, int32_t code, int32_t uid,
@@ -47,13 +48,11 @@ public:
     virtual int32_t checkAudioOperation(int32_t code, int32_t usage,int32_t uid,
             const String16& packageName) = 0;
     virtual void setCameraAudioRestriction(int32_t mode) = 0;
-#endif // __ANDROID_VNDK__
     virtual void noteAsyncOp(const String16& callingPackageName, int32_t uid,
             const String16& packageName, int32_t opCode, const String16& message) = 0;
     virtual bool shouldCollectNotes(int32_t opCode) = 0;
 
     enum {
-#ifndef __ANDROID_VNDK__
         CHECK_OPERATION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION,
         NOTE_OPERATION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+1,
         START_OPERATION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+2,
@@ -63,13 +62,9 @@ public:
         GET_TOKEN_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+6,
         PERMISSION_TO_OP_CODE_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+7,
         CHECK_AUDIO_OPERATION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+8,
-#endif // __ANDROID_VNDK__
         NOTE_ASYNC_OP_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+9,
         SHOULD_COLLECT_NOTES_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+10,
-#ifndef __ANDROID_VNDK__
         SET_CAMERA_AUDIO_RESTRICTION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION+11,
-#endif // __ANDROID_VNDK__
-
     };
 
     enum {
author	Steven Moreland <smoreland@google.com>	2019-09-09 16:07:52 -0700
committer	Steven Moreland <smoreland@google.com>	2019-09-09 16:14:53 -0700
commit	c326a94d15828aee6a9261763bb40b82824f0c6c (patch)
tree	e97acc0d4f4f9457db2683525f7c21ec7101db3c
parent	95ad8b142447acabbce0845a84b99dc37632e2b4 (diff)