From 6a700f91a915df5f4e15746b4ccde295aec3f9be Mon Sep 17 00:00:00 2001 From: Brian Stack Date: Wed, 8 May 2019 17:02:53 -0700 Subject: Do not check AppOp if not required Only check the AppOp if a sensor explicitly requires an AppOp. Otherwise, only check if the client has permission to access the sensor. Bug: 131910349 Test: Verified a_sns_test can access sensors. Test: Verified app targeting Q must have AR permission to access Step Detector and Step Counter. Test: Verified app targeting P with AR permission defined in manifest cannot receive Step Counter or Step Detector events if user revokes AR permission. Test: Verified app targeting P without any permissions defined in the manifest can access Step Counter and Step Detector. Test: Verified app targeting J cannot receive Step Counter or Step Detector events if user revokes AR permission. Change-Id: I3c2dd20889b99bce047025607cc6e921330de52e --- services/sensorservice/SensorService.cpp | 37 +++++++++++++++++--------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/services/sensorservice/SensorService.cpp b/services/sensorservice/SensorService.cpp index 639ce78ed3..fa1e2329cd 100644 --- a/services/sensorservice/SensorService.cpp +++ b/services/sensorservice/SensorService.cpp @@ -1686,26 +1686,29 @@ bool SensorService::canAccessSensor(const Sensor& sensor, const char* operation, const int32_t opCode = sensor.getRequiredAppOp(); const int32_t appOpMode = sAppOpsManager.checkOp(opCode, IPCThreadState::self()->getCallingUid(), opPackageName); + bool appOpAllowed = appOpMode == AppOpsManager::MODE_ALLOWED; - // Ensure that the AppOp is allowed - // - // This check is also required to ensure that the user hasn't revoked the necessary permissions - // to access the Step Detector and Step Counter when the application targets pre-Q. Without this - // check, if the user revokes the pre-Q install-time GMS Core AR permission, the app would - // still be able to receive Step Counter and Step Detector events. bool canAccess = false; - if (opCode >= 0 && appOpMode == AppOpsManager::MODE_ALLOWED) { - if (hasPermissionForSensor(sensor)) { + if (hasPermissionForSensor(sensor)) { + // Ensure that the AppOp is allowed, or that there is no necessary app op for the sensor + if (opCode < 0 || appOpAllowed) { + canAccess = true; + } + } else if (sensor.getType() == SENSOR_TYPE_STEP_COUNTER || + sensor.getType() == SENSOR_TYPE_STEP_DETECTOR) { + int targetSdkVersion = getTargetSdkVersion(opPackageName); + // Allow access to the sensor if the application targets pre-Q, which is before the + // requirement to hold the AR permission to access Step Counter and Step Detector events + // was introduced, and the user hasn't revoked the app op. + // + // Verifying the app op is required to ensure that the user hasn't revoked the necessary + // permissions to access the Step Detector and Step Counter when the application targets + // pre-Q. Without this check, if the user revokes the pre-Q install-time GMS Core AR + // permission, the app would still be able to receive Step Counter and Step Detector events. + if (appOpAllowed && + targetSdkVersion > 0 && + targetSdkVersion <= __ANDROID_API_P__) { canAccess = true; - } else if (sensor.getType() == SENSOR_TYPE_STEP_COUNTER || - sensor.getType() == SENSOR_TYPE_STEP_DETECTOR) { - int targetSdkVersion = getTargetSdkVersion(opPackageName); - // Allow access to the sensor if the application targets pre-Q, which is before the - // requirement to hold the AR permission to access Step Counter and Step Detector events - // was introduced. - if (targetSdkVersion > 0 && targetSdkVersion <= __ANDROID_API_P__) { - canAccess = true; - } } } -- cgit v1.2.3-59-g8ed1b