AppOpsManager
open class AppOpsManager
kotlin.Any | |
↳ | android.app.AppOpsManager |
App-ops are used for two purposes: Access control and tracking.
App-ops cover a wide variety of functionality from helping with runtime permissions access control and tracking to battery consumption tracking.
Access control
App-ops can either be controlled for each uid or for each package. Which one is used depends on the API provider maintaining this app-op. For any security or privacy related app-op the provider needs to control the app-op for per uid as all security and privacy is based on uid in Android.
To control access the app-op can be set to a mode to:
MODE_DEFAULT
- Default behavior, might differ from app-op or app-op
MODE_ALLOWED
- Allow the access
MODE_IGNORED
- Don't allow the access, i.e. don't perform the requested action or return no or placeholder data
MODE_ERRORED
- Throw a
SecurityException
on access. This can be suppressed by using a...noThrow
method to check the mode
API providers need to check the mode returned by #noteOp if they are are allowing access to operations gated by the app-op. unsafeCheckOp
should be used to check the mode if no access is granted. E.g. this can be used for displaying app-op state in the UI or when checking the state before later calling #noteOp anyway.
If an operation refers to a time span (e.g. a audio-recording session) the API provider should use #startOp and #finishOp instead of #noteOp.
Runtime permissions and app-ops
Each platform defined runtime permission (beside background modifiers) has an associated app op which is used for tracking but also to allow for silent failures. I.e. if the runtime permission is denied the caller gets a SecurityException
, but if the permission is granted and the app-op is MODE_IGNORED
then the callers gets placeholder behavior, e.g. location callbacks would not happen.
App-op permissions
App-ops permissions are platform defined permissions that can be overridden. The security check for app-op permissions should by default
check the permission grant state. If the app-op state is set to MODE_ALLOWED
or MODE_IGNORED
the app-op state should be checked instead of the permission grant state.
This functionality allows to grant access by default to apps fulfilling the requirements for a certain permission level. Still the behavior can be overridden when needed.
Tracking
App-ops track many important events, including all accesses to runtime permission protected APIs. This is done by tracking when an app-op was #noteOp or #startOp. The tracked data can only be read by system components.
Only #noteOp/#startOp are tracked; unsafeCheckOp
is not tracked. Hence it is important to eventually call #noteOp or #startOp when providing access to protected operations or data.
Some apps are forwarding access to other apps. E.g. an app might get the location from the system's location provider and then send the location further to a 3rd app. In this case the app passing on the data needs to call #noteProxyOp to signal the access proxying. This might also make sense inside of a single app if the access is forwarded between two parts of the tagged with different attribution tags.
An app can register an OnOpNotedCallback
to get informed about what accesses the system is tracking for it. As each runtime permission has an associated app-op this API is particularly useful for an app that want to find unexpected private data accesses.
Summary
Nested classes | |
---|---|
abstract |
Callback for notification of changes to operation active state. |
abstract |
Callback for notification of changes to operation state. |
abstract |
Callback an app can |
Constants | |
---|---|
static Int |
Result from |
static Int |
Result from |
static Int |
Result from |
static Int |
Special mode that means "allow only when app is in foreground. |
static Int |
Result from |
static String |
Required to access phone state related information. |
static String |
Answer incoming phone calls |
static String |
Access to body sensors such as heart rate, etc. |
static String |
Allows an application to initiate a phone call. |
static String |
Required to be able to access the camera device. |
static String |
Access to coarse location information. |
static String |
Access to fine location information. |
static String |
Access to |
static String |
Inject mock location into the system. |
static String |
Continually monitoring location data with a relatively high power request. |
static String |
Continually monitoring location data. |
static String |
Access to picture-in-picture. |
static String |
Access APIs for diverting outgoing calls |
static String |
Allows an application to read the user's calendar data. |
static String |
Allows an application to read the user's call log. |
static String |
Read previously received cell broadcast messages. |
static String |
Allows an application to read the user's contacts data. |
static String |
Read external storage. |
static String | |
static String |
Required to access phone state related information. |
static String |
Allows an application to read SMS messages. |
static String |
Allows an application to receive MMS messages. |
static String |
Allows an application to receive SMS messages. |
static String |
Allows an application to receive WAP push messages. |
static String |
Required to be able to access the microphone device. |
static String |
Allows an application to send SMS messages. |
static String |
Required to draw on top of other apps. |
static String |
Use the fingerprint API. |
static String |
Access APIs for SIP calling over VOIP or WiFi |
static String |
Allows an application to write to the user's calendar data. |
static String |
Allows an application to write to the user's call log. |
static String |
Allows an application to write to the user's contacts data. |
static String |
Write external storage. |
static String |
Required to write/modify/update system settings. |
static Int |
Flag for |
Public methods | |
---|---|
open Int |
Check whether an application can perform an operation. |
open Int |
checkOpNoThrow(op: String, uid: Int, packageName: String) Like |
open Unit |
checkPackage(uid: Int, packageName: String) |
open Unit | |
open Unit |
Report that an application is no longer performing an operation that had previously been started with |
open Unit |
finishProxyOp(op: String, proxiedUid: Int, proxiedPackageName: String, proxiedAttributionTag: String?) Report that an application is no longer performing an operation that had previously been started with |
open Boolean |
isOpActive(op: String, uid: Int, packageName: String) Checks whether the given op for a package is active, i. |
open Int | |
open Int |
Make note of an application performing an operation and check if the application is allowed to perform it. |
open Int |
noteOpNoThrow(op: String, uid: Int, packageName: String) |
open Int |
Like |
open Int |
noteProxyOp(op: String, proxiedPackageName: String) |
open Int |
noteProxyOp(op: String, proxiedPackageName: String?, proxiedUid: Int, proxiedAttributionTag: String?, message: String?) Make note of an application performing an operation on behalf of another application when handling an IPC. |
open Int |
noteProxyOpNoThrow(op: String, proxiedPackageName: String) |
open Int |
noteProxyOpNoThrow(op: String, proxiedPackageName: String?, proxiedUid: Int) |
open Int |
noteProxyOpNoThrow(op: String, proxiedPackageName: String?, proxiedUid: Int, proxiedAttributionTag: String?, message: String?) Like |
open static String? |
permissionToOp(permission: String) Gets the app-op name associated with a given permission. |
open Unit |
setOnOpNotedCallback(asyncExecutor: Executor?, callback: AppOpsManager.OnOpNotedCallback?) Set a new |
open Int | |
open Int |
Report that an application has started executing a long-running operation. |
open Int |
startOpNoThrow(op: String, uid: Int, packageName: String) |
open Int |
startOpNoThrow(op: String, uid: Int, packageName: String, attributionTag: String?, message: String?) Like |
open Int |
startProxyOp(op: String, proxiedUid: Int, proxiedPackageName: String, proxiedAttributionTag: String?, message: String?) Report that an application has started executing a long-running operation on behalf of another application when handling an IPC. |
open Int |
startProxyOpNoThrow(op: String, proxiedUid: Int, proxiedPackageName: String, proxiedAttributionTag: String?, message: String?) Like |
open Unit |
startWatchingActive(ops: Array<String!>, executor: Executor, callback: AppOpsManager.OnOpActiveChangedListener) Start watching for changes to the active state of app-ops. |
open Unit |
startWatchingMode(op: String, packageName: String?, callback: AppOpsManager.OnOpChangedListener) Monitor for changes to the operating mode for the given op in the given app package. |
open Unit |
startWatchingMode(op: String, packageName: String?, flags: Int, callback: AppOpsManager.OnOpChangedListener) Monitor for changes to the operating mode for the given op in the given app package. |
open Unit |
Stop watching for changes to the active state of an app-op. |
open Unit |
Stop monitoring that was previously started with #startWatchingMode. |
open Int |
unsafeCheckOp(op: String, uid: Int, packageName: String) Check whether an application might be able to perform an operation. |
open Int |
unsafeCheckOpNoThrow(op: String, uid: Int, packageName: String) Like |
open Int |
unsafeCheckOpRaw(op: String, uid: Int, packageName: String) Like |
open Int |
unsafeCheckOpRawNoThrow(op: String, uid: Int, packageName: String) Like |
Constants
MODE_ALLOWED
static val MODE_ALLOWED: Int
Result from checkOp
, #noteOp, #startOp: the given caller is allowed to perform the given operation.
Value: 0
MODE_DEFAULT
static val MODE_DEFAULT: Int
Result from checkOp
, #noteOp, #startOp: the given caller should use its default security check. This mode is not normally used; it should only be used with appop permissions, and callers must explicitly check for it and deal with it.
Value: 3
MODE_ERRORED
static val MODE_ERRORED: Int
Result from checkOpNoThrow
, #noteOpNoThrow, #startOpNoThrow: the given caller is not allowed to perform the given operation, and this attempt should cause it to have a fatal error, typically a SecurityException
.
Value: 2
MODE_FOREGROUND
static val MODE_FOREGROUND: Int
Special mode that means "allow only when app is in foreground." This is not returned from unsafeCheckOp
, #noteOp, #startOp. Rather, unsafeCheckOp
will always return MODE_ALLOWED
(because it is always possible for it to be ultimately allowed, depending on the app's background state), and #noteOp and #startOp will return MODE_ALLOWED
when the app being checked is currently in the foreground, otherwise MODE_IGNORED
.
The only place you will this normally see this value is through unsafeCheckOpRaw
, which returns the actual raw mode of the op. Note that because you can't know the current state of the app being checked (and it can change at any point), you can only treat the result here as an indication that it will vary between MODE_ALLOWED
and MODE_IGNORED
depending on changes in the background state of the app. You thus must always use #noteOp or #startOp to do the actual check for access to the op.
Value: 4
MODE_IGNORED
static val MODE_IGNORED: Int
Result from checkOp
, #noteOp, #startOp: the given caller is not allowed to perform the given operation, and this attempt should silently fail (it should not cause the app to crash).
Value: 1
OPSTR_ADD_VOICEMAIL
static val OPSTR_ADD_VOICEMAIL: String
Required to access phone state related information.
Value: "android:add_voicemail"
OPSTR_ANSWER_PHONE_CALLS
static val OPSTR_ANSWER_PHONE_CALLS: String
Answer incoming phone calls
Value: "android:answer_phone_calls"
OPSTR_BODY_SENSORS
static val OPSTR_BODY_SENSORS: String
Access to body sensors such as heart rate, etc.
Value: "android:body_sensors"
OPSTR_CALL_PHONE
static val OPSTR_CALL_PHONE: String
Allows an application to initiate a phone call.
Value: "android:call_phone"
OPSTR_CAMERA
static val OPSTR_CAMERA: String
Required to be able to access the camera device.
Value: "android:camera"
OPSTR_COARSE_LOCATION
static val OPSTR_COARSE_LOCATION: String
Access to coarse location information.
Value: "android:coarse_location"
OPSTR_FINE_LOCATION
static val OPSTR_FINE_LOCATION: String
Access to fine location information.
Value: "android:fine_location"
OPSTR_GET_USAGE_STATS
static val OPSTR_GET_USAGE_STATS: String
Access to android.app.usage.UsageStatsManager
.
Value: "android:get_usage_stats"
OPSTR_MOCK_LOCATION
static val OPSTR_MOCK_LOCATION: String
Inject mock location into the system.
Value: "android:mock_location"
OPSTR_MONITOR_HIGH_POWER_LOCATION
static val OPSTR_MONITOR_HIGH_POWER_LOCATION: String
Continually monitoring location data with a relatively high power request.
Value: "android:monitor_location_high_power"
OPSTR_MONITOR_LOCATION
static val OPSTR_MONITOR_LOCATION: String
Continually monitoring location data.
Value: "android:monitor_location"
OPSTR_PICTURE_IN_PICTURE
static val OPSTR_PICTURE_IN_PICTURE: String
Access to picture-in-picture.
Value: "android:picture_in_picture"
OPSTR_PROCESS_OUTGOING_CALLS
static val OPSTR_PROCESS_OUTGOING_CALLS: String
Access APIs for diverting outgoing calls
Value: "android:process_outgoing_calls"
OPSTR_READ_CALENDAR
static val OPSTR_READ_CALENDAR: String
Allows an application to read the user's calendar data.
Value: "android:read_calendar"
OPSTR_READ_CALL_LOG
static val OPSTR_READ_CALL_LOG: String
Allows an application to read the user's call log.
Value: "android:read_call_log"
OPSTR_READ_CELL_BROADCASTS
static val OPSTR_READ_CELL_BROADCASTS: String
Read previously received cell broadcast messages.
Value: "android:read_cell_broadcasts"
OPSTR_READ_CONTACTS
static val OPSTR_READ_CONTACTS: String
Allows an application to read the user's contacts data.
Value: "android:read_contacts"
OPSTR_READ_EXTERNAL_STORAGE
static val OPSTR_READ_EXTERNAL_STORAGE: String
Read external storage.
Value: "android:read_external_storage"
OPSTR_READ_PHONE_NUMBERS
static val OPSTR_READ_PHONE_NUMBERS: String
Value: "android:read_phone_numbers"
OPSTR_READ_PHONE_STATE
static val OPSTR_READ_PHONE_STATE: String
Required to access phone state related information.
Value: "android:read_phone_state"
OPSTR_READ_SMS
static val OPSTR_READ_SMS: String
Allows an application to read SMS messages.
Value: "android:read_sms"
OPSTR_RECEIVE_MMS
static val OPSTR_RECEIVE_MMS: String
Allows an application to receive MMS messages.
Value: "android:receive_mms"
OPSTR_RECEIVE_SMS
static val OPSTR_RECEIVE_SMS: String
Allows an application to receive SMS messages.
Value: "android:receive_sms"
OPSTR_RECEIVE_WAP_PUSH
static val OPSTR_RECEIVE_WAP_PUSH: String
Allows an application to receive WAP push messages.
Value: "android:receive_wap_push"
OPSTR_RECORD_AUDIO
static val OPSTR_RECORD_AUDIO: String
Required to be able to access the microphone device.
Value: "android:record_audio"
OPSTR_SEND_SMS
static val OPSTR_SEND_SMS: String
Allows an application to send SMS messages.
Value: "android:send_sms"
OPSTR_SYSTEM_ALERT_WINDOW
static val OPSTR_SYSTEM_ALERT_WINDOW: String
Required to draw on top of other apps.
Value: "android:system_alert_window"
OPSTR_USE_FINGERPRINT
static val OPSTR_USE_FINGERPRINT: String
Use the fingerprint API.
Value: "android:use_fingerprint"
OPSTR_USE_SIP
static val OPSTR_USE_SIP: String
Access APIs for SIP calling over VOIP or WiFi
Value: "android:use_sip"
OPSTR_WRITE_CALENDAR
static val OPSTR_WRITE_CALENDAR: String
Allows an application to write to the user's calendar data.
Value: "android:write_calendar"
OPSTR_WRITE_CALL_LOG
static val OPSTR_WRITE_CALL_LOG: String
Allows an application to write to the user's call log.
Value: "android:write_call_log"
OPSTR_WRITE_CONTACTS
static val OPSTR_WRITE_CONTACTS: String
Allows an application to write to the user's contacts data.
Value: "android:write_contacts"
OPSTR_WRITE_EXTERNAL_STORAGE
static val OPSTR_WRITE_EXTERNAL_STORAGE: String
Write external storage.
Value: "android:write_external_storage"
OPSTR_WRITE_SETTINGS
static val OPSTR_WRITE_SETTINGS: String
Required to write/modify/update system settings.
Value: "android:write_settings"
WATCH_FOREGROUND_CHANGES
static val WATCH_FOREGROUND_CHANGES: Int
Flag for startWatchingMode(java.lang.String,java.lang.String,int,android.app.AppOpsManager.OnOpChangedListener)
: Also get reports if the foreground state of an op's uid changes. This only works when watching a particular op, not when watching a package.
Value: 1
Public methods
checkOp
open funcheckOp(
op: String,
uid: Int,
packageName: String
): Int
Deprecated: Deprecated in Java.
Check whether an application can perform an operation.
For platform versions before android.os.Build.VERSION_CODES#BAKLAVA
, this is not a security check; you must use noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
or startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
for your actual security checks. This function can just be used for a quick check to see if an operation has been disabled for the application, as an early reject of some work.
For platform versions equal to or after android.os.Build.VERSION_CODES#BAKLAVA
, it does the same security check as noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
and startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
, and should be preferred to use.
This API does not modify the time stamp or other data about the operation.
Parameters | |
---|---|
op |
String: The operation to check. One of the OPSTR_* constants. This value cannot be null . |
uid |
Int: The uid of the application attempting to perform the operation. |
packageName |
String: The name of the application attempting to perform the operation. This value cannot be null . |
Return | |
---|---|
Int |
Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash). |
Exceptions | |
---|---|
java.lang.SecurityException |
If the app has been configured to crash on this op. |
checkOpNoThrow
open funcheckOpNoThrow(
op: String,
uid: Int,
packageName: String
): Int
Deprecated: Deprecated in Java.
Like checkOp(java.lang.String,int,java.lang.String)
but instead of throwing a SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
checkPackage
open funcheckPackage(
uid: Int,
packageName: String
): Unit
Deprecated: Use android.content.pm.PackageManager#getPackageUid instead
Parameters | |
---|---|
packageName |
String: This value cannot be null . |
finishOp
open funfinishOp(
op: String,
uid: Int,
packageName: String
): Unit
Deprecated: Use finishOp(java.lang.String,int,java.lang.String,java.lang.String)
instead
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
finishOp
open fun finishOp(
op: String,
uid: Int,
packageName: String,
attributionTag: String?
): Unit
Report that an application is no longer performing an operation that had previously been started with startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
. There is no validation of input or result; the parameters supplied here must be the exact same ones previously passed in when starting the operation.
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
attributionTag |
String?: This value may be null . |
finishProxyOp
open fun finishProxyOp(
op: String,
proxiedUid: Int,
proxiedPackageName: String,
proxiedAttributionTag: String?
): Unit
Report that an application is no longer performing an operation that had previously been started with startProxyOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
. There is no validation of input or result; the parameters supplied here must be the exact same ones previously passed in when starting the operation.
Parameters | |
---|---|
op |
String: The operation which was started This value cannot be null . |
proxiedUid |
Int: The proxied appp's UID |
proxiedPackageName |
String: The proxied appp's package name This value cannot be null . |
proxiedAttributionTag |
String?: The proxied appp's attribution tag or null for default attribution |
isOpActive
open fun isOpActive(
op: String,
uid: Int,
packageName: String
): Boolean
Checks whether the given op for a package is active, i.e. did someone call #startOp without #finishOp yet.
If you don't hold the android.Manifest.permission#WATCH_APPOPS
permission you can query only for your UID.
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
noteOp
open funnoteOp(
op: String,
uid: Int,
packageName: String
): Int
Deprecated: Use noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
instead
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
noteOp
open fun noteOp(
op: String,
uid: Int,
packageName: String?,
attributionTag: String?,
message: String?
): Int
Make note of an application performing an operation and check if the application is allowed to perform it.
If this is a check that is not preceding the protected operation, use unsafeCheckOp
instead.
The identity of the package the app-op is noted for is specified by the uid
and packageName
parameters. If this is noted for a regular app both should be set and the package needs to be part of the uid. In the very rare case that an app-op is noted for an entity that does not have a package name, the package can be null
. As it is possible that a single process contains more than one package the packageName
should be read
from the context of the caller of the API (in the app process) that eventually triggers this check. If this op is not noted for a running process the packageName
cannot be read from the context, but it should be clear which package the note is for.
If the uid
and packageName
do not match this return MODE_IGNORED
.
Beside the access check this method also records the access. While the access check is based on uid
and/or packageName
the access recording is done based on the packageName
and attributionTag
. The attributionTag
should be read
from the same context the package name is read from. In the case the check is not related to an API call, the attributionTag
should be null
. Please note that e.g. registering a callback for later is still an API call and the code should store the attribution tag along the package name for being used in this method later.
The message
parameter only needs to be set when this method is
- not
OnOpNotedCallback.onAsyncNoted(AsyncNotedAppOp)
callback. A good example of a useful message is including the System.identityHashCode(Object)
of the listener that will receive data or the name of the manifest-receiver.
Parameters | |
---|---|
op |
String: The operation to note. One of the OPSTR_* constants. This value cannot be null . |
uid |
Int: The uid of the application attempting to perform the operation. |
packageName |
String?: The name of the application attempting to perform the operation. This value may be null . |
attributionTag |
String?: The attribution tag of the calling context or null for default attribution |
message |
String?: A message describing why the op was noted This value may be null . |
Return | |
---|---|
Int |
Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash). |
Exceptions | |
---|---|
java.lang.SecurityException |
If the app has been configured to crash on this op. |
noteOpNoThrow
open funnoteOpNoThrow(
op: String,
uid: Int,
packageName: String
): Int
Deprecated: Use noteOpNoThrow(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
instead
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
noteOpNoThrow
open fun noteOpNoThrow(
op: String,
uid: Int,
packageName: String,
attributionTag: String?,
message: String?
): Int
Like noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
but instead of throwing a SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
attributionTag |
String?: This value may be null . |
message |
String?: This value may be null . |
noteProxyOp
open funnoteProxyOp(
op: String,
proxiedPackageName: String
): Int
Deprecated: Use noteProxyOp(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String)
instead
Parameters | |
---|---|
op |
String: This value cannot be null . |
proxiedPackageName |
String: This value cannot be null . |
noteProxyOp
open fun noteProxyOp(
op: String,
proxiedPackageName: String?,
proxiedUid: Int,
proxiedAttributionTag: String?,
message: String?
): Int
Make note of an application performing an operation on behalf of another application when handling an IPC. This function will verify that the calling uid and proxied package name match, and if not, return MODE_IGNORED
. If this call succeeds, the last execution time of the operation for the proxied app and your app will be updated to the current time.
Parameters | |
---|---|
op |
String: The operation to note. One of the OPSTR_* constants. This value cannot be null . |
proxiedPackageName |
String?: The name of the application calling into the proxy application. This value may be null . |
proxiedUid |
Int: The uid of the proxied application |
proxiedAttributionTag |
String?: The proxied attribution tag or null for default attribution |
message |
String?: A message describing the reason the op was noted This value may be null . |
Return | |
---|---|
Int |
Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash). |
Exceptions | |
---|---|
java.lang.SecurityException |
If the proxy or proxied app has been configured to crash on this op. |
noteProxyOpNoThrow
open funnoteProxyOpNoThrow(
op: String,
proxiedPackageName: String
): Int
Deprecated: Use noteProxyOpNoThrow(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String)
instead
Parameters | |
---|---|
op |
String: This value cannot be null . |
proxiedPackageName |
String: This value cannot be null . |
noteProxyOpNoThrow
open funnoteProxyOpNoThrow(
op: String,
proxiedPackageName: String?,
proxiedUid: Int
): Int
Deprecated: Use noteProxyOpNoThrow(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String)
instead
Parameters | |
---|---|
op |
String: This value cannot be null . |
proxiedPackageName |
String?: This value may be null . |
noteProxyOpNoThrow
open fun noteProxyOpNoThrow(
op: String,
proxiedPackageName: String?,
proxiedUid: Int,
proxiedAttributionTag: String?,
message: String?
): Int
Like noteProxyOp(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String)
but instead of throwing a SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String: This value cannot be null . |
proxiedPackageName |
String?: This value may be null . |
proxiedAttributionTag |
String?: This value may be null . |
message |
String?: This value may be null . |
permissionToOp
open static fun permissionToOp(permission: String): String?
Gets the app-op name associated with a given permission.
The app-op name is one of the public constants defined in this class such as OPSTR_COARSE_LOCATION
. This API is intended to be used for mapping runtime permissions to the corresponding app-op.
Parameters | |
---|---|
permission |
String: The permission. This value cannot be null . |
Return | |
---|---|
String? |
The app-op associated with the permission or null . |
setOnOpNotedCallback
open fun setOnOpNotedCallback(
asyncExecutor: Executor?,
callback: AppOpsManager.OnOpNotedCallback?
): Unit
Set a new OnOpNotedCallback
.
There can only ever be one collector per process. If there currently is another callback set, this will fail.
Note that if an app has multiple processes registering for this callback, the system would fan out async op noted callbacks to each of the processes, resulting in the same data being delivered multiple times to an app, which is usually undesired. To avoid this, consider listening to async ops only in one process. See #setOnOpNotedCallback(java.util.concurrent.Executor,android.app.AppOpsManager.OnOpNotedCallback,int) for how to do this.
Parameters | |
---|---|
asyncExecutor |
Executor?: executor to execute OnOpNotedCallback.onAsyncNoted on, null to unset Callback and listener events are dispatched through this Executor , providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor() . Otherwise, provide an Executor that dispatches to an appropriate thread. |
callback |
AppOpsManager.OnOpNotedCallback?: listener to set, null to unset |
Exceptions | |
---|---|
java.lang.IllegalStateException |
If another callback is already registered |
startOp
open funstartOp(
op: String,
uid: Int,
packageName: String
): Int
Deprecated: use startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
instead
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
startOp
open fun startOp(
op: String,
uid: Int,
packageName: String?,
attributionTag: String?,
message: String?
): Int
Report that an application has started executing a long-running operation.
For more details how to determine the callingPackageName
, callingAttributionTag
, and message
, please check the description in noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
Parameters | |
---|---|
op |
String: The operation to start. One of the OPSTR_* constants. This value cannot be null . |
uid |
Int: The user id of the application attempting to perform the operation. |
packageName |
String?: The name of the application attempting to perform the operation. This value may be null . |
attributionTag |
String?: The attribution tag or null for default attribution |
message |
String?: Description why op was started This value may be null . |
Return | |
---|---|
Int |
Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash). |
Exceptions | |
---|---|
java.lang.SecurityException |
If the app has been configured to crash on this op or the package is not in the passed in UID. |
startOpNoThrow
open funstartOpNoThrow(
op: String,
uid: Int,
packageName: String
): Int
Deprecated: use startOpNoThrow(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
instead
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
startOpNoThrow
open fun startOpNoThrow(
op: String,
uid: Int,
packageName: String,
attributionTag: String?,
message: String?
): Int
Like startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
but instead of throwing a SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
attributionTag |
String?: This value may be null . |
message |
String?: This value may be null . |
startProxyOp
open fun startProxyOp(
op: String,
proxiedUid: Int,
proxiedPackageName: String,
proxiedAttributionTag: String?,
message: String?
): Int
Report that an application has started executing a long-running operation on behalf of another application when handling an IPC. This function will verify that the calling uid and proxied package name match, and if not, return MODE_IGNORED
.
Parameters | |
---|---|
op |
String: The op to note This value cannot be null . |
proxiedUid |
Int: The uid to note the op for null |
proxiedPackageName |
String: The package name the uid belongs to This value cannot be null . |
proxiedAttributionTag |
String?: The proxied attribution tag or null for default attribution |
message |
String?: A message describing the reason the op was noted This value may be null . |
Return | |
---|---|
Int |
Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash). |
Exceptions | |
---|---|
java.lang.SecurityException |
If the proxy or proxied app has been configured to crash on this op. |
startProxyOpNoThrow
open fun startProxyOpNoThrow(
op: String,
proxiedUid: Int,
proxiedPackageName: String,
proxiedAttributionTag: String?,
message: String?
): Int
Like startProxyOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
but instead of throwing a SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String: This value cannot be null . |
proxiedPackageName |
String: This value cannot be null . |
proxiedAttributionTag |
String?: This value may be null . |
message |
String?: This value may be null . |
startWatchingActive
open fun startWatchingActive(
ops: Array<String!>,
executor: Executor,
callback: AppOpsManager.OnOpActiveChangedListener
): Unit
Start watching for changes to the active state of app-ops. An app-op may be long running and it has a clear start and stop delimiters. If an op is being started or stopped by any package you will get a callback. To change the watched ops for a registered callback you need to unregister and register it again.
If you don't hold the android.Manifest.permission#WATCH_APPOPS
permission you can watch changes only for your UID.
Parameters | |
---|---|
ops |
Array<String!>: The operations to watch. This value cannot be null . |
callback |
AppOpsManager.OnOpActiveChangedListener: Where to report changes. This value cannot be null . |
executor |
Executor: Callback and listener events are dispatched through this Executor , providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor() . Otherwise, provide an Executor that dispatches to an appropriate thread. This value cannot be null . |
See Also
startWatchingMode
open fun startWatchingMode(
op: String,
packageName: String?,
callback: AppOpsManager.OnOpChangedListener
): Unit
Monitor for changes to the operating mode for the given op in the given app package. You can watch op changes only for your UID.
Parameters | |
---|---|
op |
String: The operation to monitor, one of OPSTR_*. This value cannot be null . |
packageName |
String?: The name of the application to monitor. This value may be null . |
callback |
AppOpsManager.OnOpChangedListener: Where to report changes. This value cannot be null . |
startWatchingMode
open fun startWatchingMode(
op: String,
packageName: String?,
flags: Int,
callback: AppOpsManager.OnOpChangedListener
): Unit
Monitor for changes to the operating mode for the given op in the given app package. You can watch op changes only for your UID.
Parameters | |
---|---|
op |
String: The operation to monitor, one of OPSTR_*. This value cannot be null . |
packageName |
String?: The name of the application to monitor. This value may be null . |
flags |
Int: Option flags: any combination of WATCH_FOREGROUND_CHANGES or 0. |
callback |
AppOpsManager.OnOpChangedListener: Where to report changes. This value cannot be null . |
stopWatchingActive
open fun stopWatchingActive(callback: AppOpsManager.OnOpActiveChangedListener): Unit
Stop watching for changes to the active state of an app-op. An app-op may be long running and it has a clear start and stop delimiters. Unregistering a non-registered callback has no effect.
Parameters | |
---|---|
callback |
AppOpsManager.OnOpActiveChangedListener: This value cannot be null . |
See Also
stopWatchingMode
open fun stopWatchingMode(callback: AppOpsManager.OnOpChangedListener): Unit
Stop monitoring that was previously started with #startWatchingMode. All monitoring associated with this callback will be removed.
Parameters | |
---|---|
callback |
AppOpsManager.OnOpChangedListener: This value cannot be null . |
unsafeCheckOp
open fun unsafeCheckOp(
op: String,
uid: Int,
packageName: String
): Int
Check whether an application might be able to perform an operation.
For platform versions before android.os.Build.VERSION_CODES#BAKLAVA
, this is not a security check; you must use noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
or startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
for your actual security checks. This function can just be used for a quick check to see if an operation has been disabled for the application, as an early reject of some work.
For platform versions equal to or after android.os.Build.VERSION_CODES#BAKLAVA
, this is no longer an unsafe check, and it does the same security check as noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
and startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)
. However, it's preferred to use checkOp(java.lang.String,int,java.lang.String)
, since the word "unsafe" in the name of this API is no longer accurate.
This API does not modify the time stamp or other data about the operation.
Parameters | |
---|---|
op |
String: The operation to check. One of the OPSTR_* constants. This value cannot be null . |
uid |
Int: The user id of the application attempting to perform the operation. |
packageName |
String: The name of the application attempting to perform the operation. This value cannot be null . |
Return | |
---|---|
Int |
Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash). |
Exceptions | |
---|---|
java.lang.SecurityException |
If the app has been configured to crash on this op. |
unsafeCheckOpNoThrow
open fun unsafeCheckOpNoThrow(
op: String,
uid: Int,
packageName: String
): Int
Like unsafeCheckOp(java.lang.String,int,java.lang.String)
but instead of throwing a SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
unsafeCheckOpRaw
open fun unsafeCheckOpRaw(
op: String,
uid: Int,
packageName: String
): Int
Like checkOp
but returns the raw mode associated with the op. Does not throw a security exception, does not translate MODE_FOREGROUND
.
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |
unsafeCheckOpRawNoThrow
open fun unsafeCheckOpRawNoThrow(
op: String,
uid: Int,
packageName: String
): Int
Like checkOp
but returns the raw mode associated with the op. Does not throw a security exception, does not translate MODE_FOREGROUND
.
Parameters | |
---|---|
op |
String: This value cannot be null . |
packageName |
String: This value cannot be null . |