Replace ECM AppOps call with service

A new ECM service was introcuded in changeId I831391e4437b51b3312b5273a2360bd029a3d8ee. We begin calling it, and update/cleanup method signatures to match. Note: There are two feature flags: 1. enhancedConfirmationModeApisEnabled - read only, protects the mainline API. 2. extendEcmToAllSettings - runtime - gates calls to the above APIs. We use both so we can ramp up in teamfood as needed. Bug: 297372999 Test: Tested on device Test: atest SpaPrivilegedLibTests Test: atest com.android.settings.applications.specialaccess.notificationaccess Test: atest com.android.settings.datausage Test: atest PremiumSmsAccessTest Test: atest RestrictedPreferenceHelperTest Change-Id: I945ec51df5cd63de548a8ffdd1acc4f09f2301e5
2024-01-29 14:59:22 +00:00
parent 96ab2b9e25
commit 206300962f
23 changed files with 215 additions and 129 deletions
--- a/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
+++ b/src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java
@@ -24,6 +24,7 @@ import android.app.Activity;
 import android.app.AppOpsManager;
 import android.app.KeyguardManager;
 import android.app.admin.DevicePolicyManager;
+import android.app.ecm.EnhancedConfirmationManager;
 import android.app.settings.SettingsEnums;
 import android.content.BroadcastReceiver;
 import android.content.Context;
@@ -490,12 +491,23 @@ public class AppInfoDashboardFragment extends DashboardFragment
                return true;
            case ACCESS_RESTRICTED_SETTINGS:
                showLockScreen(getContext(), () -> {
-                    final AppOpsManager appOpsManager = getContext().getSystemService(
-                            AppOpsManager.class);
-                    appOpsManager.setMode(AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,
-                            getUid(),
-                            getPackageName(),
-                            AppOpsManager.MODE_ALLOWED);
+                    if (android.permission.flags.Flags.enhancedConfirmationModeApisEnabled()
+                            && android.security.Flags.extendEcmToAllSettings()) {
+                        EnhancedConfirmationManager manager = getContext().getSystemService(
+                                EnhancedConfirmationManager.class);
+                        try {
+                            manager.clearRestriction(getPackageName());
+                        } catch (NameNotFoundException e) {
+                            Log.e(TAG, "Exception when retrieving package:" + getPackageName(), e);
+                        }
+                    } else {
+                        final AppOpsManager appOpsManager = getContext().getSystemService(
+                                AppOpsManager.class);
+                        appOpsManager.setMode(AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS,
+                                getUid(),
+                                getPackageName(),
+                                AppOpsManager.MODE_ALLOWED);
+                    }
                    getActivity().invalidateOptionsMenu();
                    final String toastString = getContext().getString(
                            R.string.toast_allows_restricted_settings_successfully,
@@ -527,14 +539,25 @@ public class AppInfoDashboardFragment extends DashboardFragment
    }

    private boolean shouldShowAccessRestrictedSettings() {
-        try {
-            final int mode = getSystemService(AppOpsManager.class).noteOpNoThrow(
-                    AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS, getUid(),
-                    getPackageName());
-            return mode == AppOpsManager.MODE_IGNORED;
-        } catch (Exception e) {
-            // Fallback in case if app ops is not available in testing.
-            return false;
+        if (android.permission.flags.Flags.enhancedConfirmationModeApisEnabled()
+                && android.security.Flags.extendEcmToAllSettings()) {
+            try {
+                return getSystemService(EnhancedConfirmationManager.class)
+                        .isClearRestrictionAllowed(getPackageName());
+            } catch (NameNotFoundException e) {
+                Log.e(TAG, "Exception when retrieving package:" + getPackageName(), e);
+                return false;
+            }
+        } else {
+            try {
+                final int mode = getSystemService(AppOpsManager.class).noteOpNoThrow(
+                        AppOpsManager.OP_ACCESS_RESTRICTED_SETTINGS, getUid(),
+                        getPackageName());
+                return mode == AppOpsManager.MODE_IGNORED;
+            } catch (Exception e) {
+                // Fallback in case if app ops is not available in testing.
+                return false;
+            }
        }
    }