AppOpsManager
public
class
AppOpsManager
extends Object
java.lang.Object | |
↳ | android.app.AppOpsManager |
App-ops are used for two purposes: Access control and tracking.
App-ops cover a wide variety of functionality from helping with runtime permissions access control and tracking to battery consumption tracking.
Access control
App-ops can either be controlled for each uid or for each package. Which one is used depends on the API provider maintaining this app-op. For any security or privacy related app-op the provider needs to control the app-op for per uid as all security and privacy is based on uid in Android.
To control access the app-op can be set to a mode to:
MODE_DEFAULT
- Default behavior, might differ from app-op or app-op
MODE_ALLOWED
- Allow the access
MODE_IGNORED
- Don't allow the access, i.e. don't perform the requested action or return no or placeholder data
MODE_ERRORED
- Throw a
SecurityException
on access. This can be suppressed by using a...noThrow
method to check the mode
API providers need to check the mode returned by noteOp(String, int, String)
if they are are allowing
access to operations gated by the app-op. unsafeCheckOp(String, int, String)
should be used to check the
mode if no access is granted. E.g. this can be used for displaying app-op state in the UI or
when checking the state before later calling noteOp(String, int, String)
anyway.
If an operation refers to a time span (e.g. a audio-recording session) the API provider
should use startOp(String, int, String)
and finishOp(String, int, String)
instead of noteOp(String, int, String)
.
Runtime permissions and app-ops
Each platform defined runtime permission (beside background modifiers) has an associated app
op which is used for tracking but also to allow for silent failures. I.e. if the runtime
permission is denied the caller gets a SecurityException
, but if the permission is
granted and the app-op is MODE_IGNORED
then the callers gets placeholder behavior, e.g.
location callbacks would not happen.
App-op permissions
App-ops permissions are platform defined permissions that can be overridden. The security
check for app-op permissions should by default
check the permission grant
state. If the app-op state is set to MODE_ALLOWED
or MODE_IGNORED
the app-op
state should be checked instead of the permission grant state.
This functionality allows to grant access by default to apps fulfilling the requirements for a certain permission level. Still the behavior can be overridden when needed.
Tracking
App-ops track many important events, including all accesses to runtime permission protected
APIs. This is done by tracking when an app-op was noted
or
started
. The tracked data can only be read by system components.
Only noteOp(String, int, String)
/startOp(String, int, String)
are tracked; unsafeCheckOp(String, int, String)
is not tracked.
Hence it is important to eventually call noteOp(String, int, String)
or startOp(String, int, String)
when providing
access to protected operations or data.
Some apps are forwarding access to other apps. E.g. an app might get the location from the
system's location provider and then send the location further to a 3rd app. In this case the
app passing on the data needs to call noteProxyOp(String, String)
to signal the access proxying. This
might also make sense inside of a single app if the access is forwarded between two parts of
the tagged with different attribution tags.
An app can register an OnOpNotedCallback
to get informed about what accesses the
system is tracking for it. As each runtime permission has an associated app-op this API is
particularly useful for an app that want to find unexpected private data accesses.
Summary
Nested classes | |
---|---|
interface |
AppOpsManager.OnOpActiveChangedListener
Callback for notification of changes to operation active state. |
interface |
AppOpsManager.OnOpChangedListener
Callback for notification of changes to operation state. |
class |
AppOpsManager.OnOpNotedCallback
Callback an app can |
Constants | |
---|---|
int |
MODE_ALLOWED
Result from |
int |
MODE_DEFAULT
Result from |
int |
MODE_ERRORED
Result from |
int |
MODE_FOREGROUND
Special mode that means "allow only when app is in foreground." This is not
returned from |
int |
MODE_IGNORED
Result from |
String |
OPSTR_ADD_VOICEMAIL
Required to access phone state related information. |
String |
OPSTR_ANSWER_PHONE_CALLS
Answer incoming phone calls |
String |
OPSTR_BODY_SENSORS
Access to body sensors such as heart rate, etc. |
String |
OPSTR_CALL_PHONE
Allows an application to initiate a phone call. |
String |
OPSTR_CAMERA
Required to be able to access the camera device. |
String |
OPSTR_COARSE_LOCATION
Access to coarse location information. |
String |
OPSTR_FINE_LOCATION
Access to fine location information. |
String |
OPSTR_GET_USAGE_STATS
Access to |
String |
OPSTR_MOCK_LOCATION
Inject mock location into the system. |
String |
OPSTR_MONITOR_HIGH_POWER_LOCATION
Continually monitoring location data with a relatively high power request. |
String |
OPSTR_MONITOR_LOCATION
Continually monitoring location data. |
String |
OPSTR_PICTURE_IN_PICTURE
Access to picture-in-picture. |
String |
OPSTR_PROCESS_OUTGOING_CALLS
Access APIs for diverting outgoing calls |
String |
OPSTR_READ_CALENDAR
Allows an application to read the user's calendar data. |
String |
OPSTR_READ_CALL_LOG
Allows an application to read the user's call log. |
String |
OPSTR_READ_CELL_BROADCASTS
Read previously received cell broadcast messages. |
String |
OPSTR_READ_CONTACTS
Allows an application to read the user's contacts data. |
String |
OPSTR_READ_EXTERNAL_STORAGE
Read external storage. |
String |
OPSTR_READ_PHONE_NUMBERS
|
String |
OPSTR_READ_PHONE_STATE
Required to access phone state related information. |
String |
OPSTR_READ_SMS
Allows an application to read SMS messages. |
String |
OPSTR_RECEIVE_MMS
Allows an application to receive MMS messages. |
String |
OPSTR_RECEIVE_SMS
Allows an application to receive SMS messages. |
String |
OPSTR_RECEIVE_WAP_PUSH
Allows an application to receive WAP push messages. |
String |
OPSTR_RECORD_AUDIO
Required to be able to access the microphone device. |
String |
OPSTR_SEND_SMS
Allows an application to send SMS messages. |
String |
OPSTR_SYSTEM_ALERT_WINDOW
Required to draw on top of other apps. |
String |
OPSTR_USE_FINGERPRINT
Use the fingerprint API. |
String |
OPSTR_USE_SIP
Access APIs for SIP calling over VOIP or WiFi |
String |
OPSTR_WRITE_CALENDAR
Allows an application to write to the user's calendar data. |
String |
OPSTR_WRITE_CALL_LOG
Allows an application to write to the user's call log. |
String |
OPSTR_WRITE_CONTACTS
Allows an application to write to the user's contacts data. |
String |
OPSTR_WRITE_EXTERNAL_STORAGE
Write external storage. |
String |
OPSTR_WRITE_SETTINGS
Required to write/modify/update system settings. |
int |
WATCH_FOREGROUND_CHANGES
Flag for |
Public methods | |
---|---|
int
|
checkOp(String op, int uid, String packageName)
Check whether an application can perform an operation. |
int
|
checkOpNoThrow(String op, int uid, String packageName)
Like |
void
|
checkPackage(int uid, String packageName)
This method was deprecated
in API level 30.
Use |
void
|
finishOp(String op, int uid, String packageName)
This method was deprecated
in API level 30.
Use |
void
|
finishOp(String op, int uid, String packageName, String attributionTag)
Report that an application is no longer performing an operation that had previously
been started with |
void
|
finishProxyOp(String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag)
Report that an application is no longer performing an operation that had previously
been started with |
boolean
|
isOpActive(String op, int uid, String packageName)
Checks whether the given op for a package is active, i.e. |
int
|
noteOp(String op, int uid, String packageName)
This method was deprecated
in API level 30.
Use |
int
|
noteOp(String op, int uid, String packageName, String attributionTag, String message)
Make note of an application performing an operation and check if the application is allowed to perform it. |
int
|
noteOpNoThrow(String op, int uid, String packageName, String attributionTag, String message)
Like |
int
|
noteOpNoThrow(String op, int uid, String packageName)
This method was deprecated
in API level 30.
Use |
int
|
noteProxyOp(String op, String proxiedPackageName, int proxiedUid, String proxiedAttributionTag, String message)
Make note of an application performing an operation on behalf of another application when handling an IPC. |
int
|
noteProxyOp(String op, String proxiedPackageName)
This method was deprecated
in API level 30.
Use |
int
|
noteProxyOpNoThrow(String op, String proxiedPackageName)
This method was deprecated
in API level 30.
Use |
int
|
noteProxyOpNoThrow(String op, String proxiedPackageName, int proxiedUid)
This method was deprecated
in API level 30.
Use |
int
|
noteProxyOpNoThrow(String op, String proxiedPackageName, int proxiedUid, String proxiedAttributionTag, String message)
Like |
static
String
|
permissionToOp(String permission)
Gets the app-op name associated with a given permission. |
void
|
setOnOpNotedCallback(Executor asyncExecutor, AppOpsManager.OnOpNotedCallback callback)
Set a new |
int
|
startOp(String op, int uid, String packageName)
This method was deprecated
in API level 30.
use |
int
|
startOp(String op, int uid, String packageName, String attributionTag, String message)
Report that an application has started executing a long-running operation. |
int
|
startOpNoThrow(String op, int uid, String packageName, String attributionTag, String message)
Like |
int
|
startOpNoThrow(String op, int uid, String packageName)
This method was deprecated
in API level 30.
use |
int
|
startProxyOp(String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag, String message)
Report that an application has started executing a long-running operation on behalf of another application when handling an IPC. |
int
|
startProxyOpNoThrow(String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag, String message)
Like |
void
|
startWatchingActive(String[] ops, Executor executor, AppOpsManager.OnOpActiveChangedListener callback)
Start watching for changes to the active state of app-ops. |
void
|
startWatchingMode(String op, String packageName, AppOpsManager.OnOpChangedListener callback)
Monitor for changes to the operating mode for the given op in the given app package. |
void
|
startWatchingMode(String op, String packageName, int flags, AppOpsManager.OnOpChangedListener callback)
Monitor for changes to the operating mode for the given op in the given app package. |
void
|
stopWatchingActive(AppOpsManager.OnOpActiveChangedListener callback)
Stop watching for changes to the active state of an app-op. |
void
|
stopWatchingMode(AppOpsManager.OnOpChangedListener callback)
Stop monitoring that was previously started with |
int
|
unsafeCheckOp(String op, int uid, String packageName)
Check whether an application might be able to perform an operation. |
int
|
unsafeCheckOpNoThrow(String op, int uid, String packageName)
Like |
int
|
unsafeCheckOpRaw(String op, int uid, String packageName)
Like |
int
|
unsafeCheckOpRawNoThrow(String op, int uid, String packageName)
Like |
Inherited methods | |
---|---|
Constants
MODE_ALLOWED
public static final int MODE_ALLOWED
Result from checkOp(String, int, String)
, noteOp(String, int, String)
, startOp(String, int, String)
: the given caller is
allowed to perform the given operation.
Constant Value: 0 (0x00000000)
MODE_DEFAULT
public static final int MODE_DEFAULT
Result from checkOp(String, int, String)
, noteOp(String, int, String)
, startOp(String, int, String)
: the given caller should
use its default security check. This mode is not normally used; it should only be used
with appop permissions, and callers must explicitly check for it and deal with it.
Constant Value: 3 (0x00000003)
MODE_ERRORED
public static final int MODE_ERRORED
Result from checkOpNoThrow(String, int, String)
, noteOpNoThrow(String, int, String)
, startOpNoThrow(String, int, String)
: the
given caller is not allowed to perform the given operation, and this attempt should
cause it to have a fatal error, typically a SecurityException
.
Constant Value: 2 (0x00000002)
MODE_FOREGROUND
public static final int MODE_FOREGROUND
Special mode that means "allow only when app is in foreground." This is not
returned from unsafeCheckOp(String, int, String)
, noteOp(String, int, String)
, startOp(String, int, String)
. Rather,
unsafeCheckOp(String, int, String)
will always return MODE_ALLOWED
(because it is always
possible for it to be ultimately allowed, depending on the app's background state),
and noteOp(String, int, String)
and startOp(String, int, String)
will return MODE_ALLOWED
when the app
being checked is currently in the foreground, otherwise MODE_IGNORED
.
The only place you will this normally see this value is through
unsafeCheckOpRaw(String, int, String)
, which returns the actual raw mode of the op. Note that because
you can't know the current state of the app being checked (and it can change at any
point), you can only treat the result here as an indication that it will vary between
MODE_ALLOWED
and MODE_IGNORED
depending on changes in the background
state of the app. You thus must always use noteOp(String, int, String)
or startOp(String, int, String)
to do
the actual check for access to the op.
Constant Value: 4 (0x00000004)
MODE_IGNORED
public static final int MODE_IGNORED
Result from checkOp(String, int, String)
, noteOp(String, int, String)
, startOp(String, int, String)
: the given caller is
not allowed to perform the given operation, and this attempt should
silently fail (it should not cause the app to crash).
Constant Value: 1 (0x00000001)
OPSTR_ADD_VOICEMAIL
public static final String OPSTR_ADD_VOICEMAIL
Required to access phone state related information.
Constant Value: "android:add_voicemail"
OPSTR_ANSWER_PHONE_CALLS
public static final String OPSTR_ANSWER_PHONE_CALLS
Answer incoming phone calls
Constant Value: "android:answer_phone_calls"
OPSTR_BODY_SENSORS
public static final String OPSTR_BODY_SENSORS
Access to body sensors such as heart rate, etc.
Constant Value: "android:body_sensors"
OPSTR_CALL_PHONE
public static final String OPSTR_CALL_PHONE
Allows an application to initiate a phone call.
Constant Value: "android:call_phone"
OPSTR_CAMERA
public static final String OPSTR_CAMERA
Required to be able to access the camera device.
Constant Value: "android:camera"
OPSTR_COARSE_LOCATION
public static final String OPSTR_COARSE_LOCATION
Access to coarse location information.
Constant Value: "android:coarse_location"
OPSTR_FINE_LOCATION
public static final String OPSTR_FINE_LOCATION
Access to fine location information.
Constant Value: "android:fine_location"
OPSTR_GET_USAGE_STATS
public static final String OPSTR_GET_USAGE_STATS
Access to UsageStatsManager
.
Constant Value: "android:get_usage_stats"
OPSTR_MOCK_LOCATION
public static final String OPSTR_MOCK_LOCATION
Inject mock location into the system.
Constant Value: "android:mock_location"
OPSTR_MONITOR_HIGH_POWER_LOCATION
public static final String OPSTR_MONITOR_HIGH_POWER_LOCATION
Continually monitoring location data with a relatively high power request.
Constant Value: "android:monitor_location_high_power"
OPSTR_MONITOR_LOCATION
public static final String OPSTR_MONITOR_LOCATION
Continually monitoring location data.
Constant Value: "android:monitor_location"
OPSTR_PICTURE_IN_PICTURE
public static final String OPSTR_PICTURE_IN_PICTURE
Access to picture-in-picture.
Constant Value: "android:picture_in_picture"
OPSTR_PROCESS_OUTGOING_CALLS
public static final String OPSTR_PROCESS_OUTGOING_CALLS
Access APIs for diverting outgoing calls
Constant Value: "android:process_outgoing_calls"
OPSTR_READ_CALENDAR
public static final String OPSTR_READ_CALENDAR
Allows an application to read the user's calendar data.
Constant Value: "android:read_calendar"
OPSTR_READ_CALL_LOG
public static final String OPSTR_READ_CALL_LOG
Allows an application to read the user's call log.
Constant Value: "android:read_call_log"
OPSTR_READ_CELL_BROADCASTS
public static final String OPSTR_READ_CELL_BROADCASTS
Read previously received cell broadcast messages.
Constant Value: "android:read_cell_broadcasts"
OPSTR_READ_CONTACTS
public static final String OPSTR_READ_CONTACTS
Allows an application to read the user's contacts data.
Constant Value: "android:read_contacts"
OPSTR_READ_EXTERNAL_STORAGE
public static final String OPSTR_READ_EXTERNAL_STORAGE
Read external storage.
Constant Value: "android:read_external_storage"
OPSTR_READ_PHONE_NUMBERS
public static final String OPSTR_READ_PHONE_NUMBERS
Constant Value: "android:read_phone_numbers"
OPSTR_READ_PHONE_STATE
public static final String OPSTR_READ_PHONE_STATE
Required to access phone state related information.
Constant Value: "android:read_phone_state"
OPSTR_READ_SMS
public static final String OPSTR_READ_SMS
Allows an application to read SMS messages.
Constant Value: "android:read_sms"
OPSTR_RECEIVE_MMS
public static final String OPSTR_RECEIVE_MMS
Allows an application to receive MMS messages.
Constant Value: "android:receive_mms"
OPSTR_RECEIVE_SMS
public static final String OPSTR_RECEIVE_SMS
Allows an application to receive SMS messages.
Constant Value: "android:receive_sms"
OPSTR_RECEIVE_WAP_PUSH
public static final String OPSTR_RECEIVE_WAP_PUSH
Allows an application to receive WAP push messages.
Constant Value: "android:receive_wap_push"
OPSTR_RECORD_AUDIO
public static final String OPSTR_RECORD_AUDIO
Required to be able to access the microphone device.
Constant Value: "android:record_audio"
OPSTR_SEND_SMS
public static final String OPSTR_SEND_SMS
Allows an application to send SMS messages.
Constant Value: "android:send_sms"
OPSTR_SYSTEM_ALERT_WINDOW
public static final String OPSTR_SYSTEM_ALERT_WINDOW
Required to draw on top of other apps.
Constant Value: "android:system_alert_window"
OPSTR_USE_FINGERPRINT
public static final String OPSTR_USE_FINGERPRINT
Use the fingerprint API.
Constant Value: "android:use_fingerprint"
OPSTR_USE_SIP
public static final String OPSTR_USE_SIP
Access APIs for SIP calling over VOIP or WiFi
Constant Value: "android:use_sip"
OPSTR_WRITE_CALENDAR
public static final String OPSTR_WRITE_CALENDAR
Allows an application to write to the user's calendar data.
Constant Value: "android:write_calendar"
OPSTR_WRITE_CALL_LOG
public static final String OPSTR_WRITE_CALL_LOG
Allows an application to write to the user's call log.
Constant Value: "android:write_call_log"
OPSTR_WRITE_CONTACTS
public static final String OPSTR_WRITE_CONTACTS
Allows an application to write to the user's contacts data.
Constant Value: "android:write_contacts"
OPSTR_WRITE_EXTERNAL_STORAGE
public static final String OPSTR_WRITE_EXTERNAL_STORAGE
Write external storage.
Constant Value: "android:write_external_storage"
OPSTR_WRITE_SETTINGS
public static final String OPSTR_WRITE_SETTINGS
Required to write/modify/update system settings.
Constant Value: "android:write_settings"
WATCH_FOREGROUND_CHANGES
public static final int WATCH_FOREGROUND_CHANGES
Flag for startWatchingMode(java.lang.String, java.lang.String, int, android.app.AppOpsManager.OnOpChangedListener)
:
Also get reports if the foreground state of an op's uid changes. This only works
when watching a particular op, not when watching a package.
Constant Value: 1 (0x00000001)
Public methods
checkOp
public int checkOp (String op, int uid, String packageName)
Check whether an application can perform an operation.
For platform versions before Build.VERSION_CODES.BAKLAVA
, this is
not a security check; you must use noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
or startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
for your actual security
checks. This function can just be used for a quick check to see if an operation has been
disabled for the application, as an early reject of some work.
For platform versions equal to or after Build.VERSION_CODES.BAKLAVA
, it
does the same security check as noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
and
startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
, and should be preferred to use.
This API does not modify the time stamp or other data about the operation.
Parameters | |
---|---|
op |
String : The operation to check. One of the OPSTR_* constants.
This value cannot be null . |
uid |
int : The uid of the application attempting to perform the operation. |
packageName |
String : The name of the application attempting to perform the operation.
This value cannot be null . |
Returns | |
---|---|
int |
Returns MODE_ALLOWED if the operation is allowed, or
MODE_IGNORED if it is not allowed and should be silently ignored (without
causing the app to crash). |
Throws | |
---|---|
SecurityException |
If the app has been configured to crash on this op. |
checkOpNoThrow
public int checkOpNoThrow (String op, int uid, String packageName)
Like checkOp(java.lang.String, int, java.lang.String)
but instead of throwing a
SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
checkPackage
public void checkPackage (int uid, String packageName)
This method was deprecated
in API level 30.
Use PackageManager.getPackageUid
instead
Parameters | |
---|---|
uid |
int |
packageName |
String : This value cannot be null . |
finishOp
public void finishOp (String op, int uid, String packageName)
This method was deprecated
in API level 30.
Use finishOp(java.lang.String, int, java.lang.String, java.lang.String)
instead
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
finishOp
public void finishOp (String op, int uid, String packageName, String attributionTag)
Report that an application is no longer performing an operation that had previously
been started with startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
. There is no
validation of input or result; the parameters supplied here must be the exact same ones
previously passed in when starting the operation.
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
attributionTag |
String : This value may be null . |
finishProxyOp
public void finishProxyOp (String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag)
Report that an application is no longer performing an operation that had previously
been started with startProxyOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
. There is no
validation of input or result; the parameters supplied here must be the exact same ones
previously passed in when starting the operation.
Parameters | |
---|---|
op |
String : The operation which was started
This value cannot be null . |
proxiedUid |
int : The proxied appp's UID |
proxiedPackageName |
String : The proxied appp's package name
This value cannot be null . |
proxiedAttributionTag |
String : The proxied appp's attribution tag or
null for default attribution |
isOpActive
public boolean isOpActive (String op, int uid, String packageName)
Checks whether the given op for a package is active, i.e. did someone call startOp(String, int, String)
without finishOp(String, int, String)
yet.
If you don't hold the android.Manifest.permission#WATCH_APPOPS
permission you can query only for your UID.
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
boolean |
noteOp
public int noteOp (String op, int uid, String packageName)
This method was deprecated
in API level 30.
Use noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
instead
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
noteOp
public int noteOp (String op, int uid, String packageName, String attributionTag, String message)
Make note of an application performing an operation and check if the application is allowed to perform it.
If this is a check that is not preceding the protected operation, use
unsafeCheckOp(String, int, String)
instead.
The identity of the package the app-op is noted for is specified by the
uid
and packageName
parameters. If this is noted for a regular app both
should be set and the package needs to be part of the uid. In the very rare case that an
app-op is noted for an entity that does not have a package name, the package can be
null
. As it is possible that a single process contains more than one package the
packageName
should be read
from the context of the
caller of the API (in the app process) that eventually triggers this check. If this op is
not noted for a running process the packageName
cannot be read from the context, but
it should be clear which package the note is for.
If the uid
and packageName
do not match this return
MODE_IGNORED
.
Beside the access check this method also records the access. While the access check is
based on uid
and/or packageName
the access recording is done based on the
packageName
and attributionTag
. The attributionTag
should be
read
from the same context the package name is read from.
In the case the check is not related to an API call, the attributionTag
should be
null
. Please note that e.g. registering a callback for later is still an API call and
the code should store the attribution tag along the package name for being used in this
method later.
The message
parameter only needs to be set when this method is
- not
OnOpNotedCallback.onAsyncNoted(AsyncNotedAppOp)
callback. A good example of a useful
message is including the System.identityHashCode(Object)
of the listener that will
receive data or the name of the manifest-receiver.
Parameters | |
---|---|
op |
String : The operation to note. One of the OPSTR_* constants.
This value cannot be null . |
uid |
int : The uid of the application attempting to perform the operation. |
packageName |
String : The name of the application attempting to perform the operation.
This value may be null . |
attributionTag |
String : The attribution tag of the
calling context or null for default attribution |
message |
String : A message describing why the op was noted
This value may be null . |
Returns | |
---|---|
int |
Returns MODE_ALLOWED if the operation is allowed, or
MODE_IGNORED if it is not allowed and should be silently ignored (without
causing the app to crash). |
Throws | |
---|---|
SecurityException |
If the app has been configured to crash on this op. |
noteOpNoThrow
public int noteOpNoThrow (String op, int uid, String packageName, String attributionTag, String message)
Like noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
but instead of throwing a
SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
attributionTag |
String : This value may be null . |
message |
String : This value may be null . |
Returns | |
---|---|
int |
noteOpNoThrow
public int noteOpNoThrow (String op, int uid, String packageName)
This method was deprecated
in API level 30.
Use noteOpNoThrow(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
instead
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
noteProxyOp
public int noteProxyOp (String op, String proxiedPackageName, int proxiedUid, String proxiedAttributionTag, String message)
Make note of an application performing an operation on behalf of another application when
handling an IPC. This function will verify that the calling uid and proxied package name
match, and if not, return MODE_IGNORED
. If this call succeeds, the last execution
time of the operation for the proxied app and your app will be updated to the current time.
Parameters | |
---|---|
op |
String : The operation to note. One of the OPSTR_* constants.
This value cannot be null . |
proxiedPackageName |
String : The name of the application calling into the proxy application.
This value may be null . |
proxiedUid |
int : The uid of the proxied application |
proxiedAttributionTag |
String : The proxied attribution tag or null for default attribution |
message |
String : A message describing the reason the op was noted
This value may be null . |
Returns | |
---|---|
int |
Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED
if it is not allowed and should be silently ignored (without causing the app to crash). |
Throws | |
---|---|
SecurityException |
If the proxy or proxied app has been configured to crash on this op. |
noteProxyOp
public int noteProxyOp (String op, String proxiedPackageName)
This method was deprecated
in API level 30.
Use noteProxyOp(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String)
instead
Parameters | |
---|---|
op |
String : This value cannot be null . |
proxiedPackageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
noteProxyOpNoThrow
public int noteProxyOpNoThrow (String op, String proxiedPackageName)
This method was deprecated
in API level 30.
Use noteProxyOpNoThrow(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String)
instead
Parameters | |
---|---|
op |
String : This value cannot be null . |
proxiedPackageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
noteProxyOpNoThrow
public int noteProxyOpNoThrow (String op, String proxiedPackageName, int proxiedUid)
This method was deprecated
in API level 30.
Use noteProxyOpNoThrow(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String)
instead
Parameters | |
---|---|
op |
String : This value cannot be null . |
proxiedPackageName |
String : This value may be null . |
proxiedUid |
int |
Returns | |
---|---|
int |
noteProxyOpNoThrow
public int noteProxyOpNoThrow (String op, String proxiedPackageName, int proxiedUid, String proxiedAttributionTag, String message)
Like noteProxyOp(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String)
but instead
of throwing a SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String : This value cannot be null . |
proxiedPackageName |
String : This value may be null . |
proxiedUid |
int |
proxiedAttributionTag |
String : This value may be null . |
message |
String : This value may be null . |
Returns | |
---|---|
int |
permissionToOp
public static String permissionToOp (String permission)
Gets the app-op name associated with a given permission.
The app-op name is one of the public constants defined
in this class such as OPSTR_COARSE_LOCATION
.
This API is intended to be used for mapping runtime
permissions to the corresponding app-op.
Parameters | |
---|---|
permission |
String : The permission.
This value cannot be null . |
Returns | |
---|---|
String |
The app-op associated with the permission or null . |
setOnOpNotedCallback
public void setOnOpNotedCallback (Executor asyncExecutor, AppOpsManager.OnOpNotedCallback callback)
Set a new OnOpNotedCallback
.
There can only ever be one collector per process. If there currently is another callback set, this will fail.
Note that if an app has multiple processes registering for this callback, the system would
fan out async op noted callbacks to each of the processes, resulting in the same data being
delivered multiple times to an app, which is usually undesired. To avoid this, consider
listening to async ops only in one process. See
ERROR(/#setOnOpNotedCallback(java.util.concurrent.Executor,android.app.AppOpsManager.OnOpNotedCallback,int))
for how to do this.
Parameters | |
---|---|
asyncExecutor |
Executor : executor to execute OnOpNotedCallback.onAsyncNoted on, null to unset
Callback and listener events are dispatched through this
Executor , providing an easy way to control which thread is
used. To dispatch events through the main thread of your
application, you can use
Context.getMainExecutor() .
Otherwise, provide an Executor that dispatches to an appropriate thread. |
callback |
AppOpsManager.OnOpNotedCallback : listener to set, null to unset |
Throws | |
---|---|
IllegalStateException |
If another callback is already registered |
startOp
public int startOp (String op, int uid, String packageName)
This method was deprecated
in API level 30.
use startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
instead
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
startOp
public int startOp (String op, int uid, String packageName, String attributionTag, String message)
Report that an application has started executing a long-running operation.
For more details how to determine the callingPackageName
,
callingAttributionTag
, and message
, please check the description in
noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
Parameters | |
---|---|
op |
String : The operation to start. One of the OPSTR_* constants.
This value cannot be null . |
uid |
int : The user id of the application attempting to perform the operation. |
packageName |
String : The name of the application attempting to perform the operation.
This value may be null . |
attributionTag |
String : The attribution tag or
null for default attribution |
message |
String : Description why op was started
This value may be null . |
Returns | |
---|---|
int |
Returns MODE_ALLOWED if the operation is allowed, or
MODE_IGNORED if it is not allowed and should be silently ignored (without
causing the app to crash). |
Throws | |
---|---|
SecurityException |
If the app has been configured to crash on this op or the package is not in the passed in UID. |
startOpNoThrow
public int startOpNoThrow (String op, int uid, String packageName, String attributionTag, String message)
Like startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
but instead of throwing a
SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
attributionTag |
String : This value may be null . |
message |
String : This value may be null . |
Returns | |
---|---|
int |
startOpNoThrow
public int startOpNoThrow (String op, int uid, String packageName)
This method was deprecated
in API level 30.
use startOpNoThrow(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
instead
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
startProxyOp
public int startProxyOp (String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag, String message)
Report that an application has started executing a long-running operation on behalf of
another application when handling an IPC. This function will verify that the calling uid and
proxied package name match, and if not, return MODE_IGNORED
.
Parameters | |
---|---|
op |
String : The op to note
This value cannot be null . |
proxiedUid |
int : The uid to note the op for null |
proxiedPackageName |
String : The package name the uid belongs to
This value cannot be null . |
proxiedAttributionTag |
String : The proxied attribution tag or null for default attribution |
message |
String : A message describing the reason the op was noted
This value may be null . |
Returns | |
---|---|
int |
Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED
if it is not allowed and should be silently ignored (without causing the app to crash). |
Throws | |
---|---|
SecurityException |
If the proxy or proxied app has been configured to crash on this op. |
startProxyOpNoThrow
public int startProxyOpNoThrow (String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag, String message)
Like startProxyOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
but instead
of throwing a SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String : This value cannot be null . |
proxiedUid |
int |
proxiedPackageName |
String : This value cannot be null . |
proxiedAttributionTag |
String : This value may be null . |
message |
String : This value may be null . |
Returns | |
---|---|
int |
startWatchingActive
public void startWatchingActive (String[] ops, Executor executor, AppOpsManager.OnOpActiveChangedListener callback)
Start watching for changes to the active state of app-ops. An app-op may be long running and it has a clear start and stop delimiters. If an op is being started or stopped by any package you will get a callback. To change the watched ops for a registered callback you need to unregister and register it again.
If you don't hold the android.Manifest.permission#WATCH_APPOPS
permission
you can watch changes only for your UID.
Parameters | |
---|---|
ops |
String : The operations to watch.
This value cannot be null . |
executor |
Executor : Callback and listener events are dispatched through this
Executor , providing an easy way to control which thread is
used. To dispatch events through the main thread of your
application, you can use
Context.getMainExecutor() .
Otherwise, provide an Executor that dispatches to an appropriate thread.
This value cannot be null . |
callback |
AppOpsManager.OnOpActiveChangedListener : Where to report changes.
This value cannot be null . |
startWatchingMode
public void startWatchingMode (String op, String packageName, AppOpsManager.OnOpChangedListener callback)
Monitor for changes to the operating mode for the given op in the given app package. You can watch op changes only for your UID.
Parameters | |
---|---|
op |
String : The operation to monitor, one of OPSTR_*.
This value cannot be null . |
packageName |
String : The name of the application to monitor.
This value may be null . |
callback |
AppOpsManager.OnOpChangedListener : Where to report changes.
This value cannot be null . |
startWatchingMode
public void startWatchingMode (String op, String packageName, int flags, AppOpsManager.OnOpChangedListener callback)
Monitor for changes to the operating mode for the given op in the given app package. You can watch op changes only for your UID.
Parameters | |
---|---|
op |
String : The operation to monitor, one of OPSTR_*.
This value cannot be null . |
packageName |
String : The name of the application to monitor.
This value may be null . |
flags |
int : Option flags: any combination of WATCH_FOREGROUND_CHANGES or 0. |
callback |
AppOpsManager.OnOpChangedListener : Where to report changes.
This value cannot be null . |
stopWatchingActive
public void stopWatchingActive (AppOpsManager.OnOpActiveChangedListener callback)
Stop watching for changes to the active state of an app-op. An app-op may be long running and it has a clear start and stop delimiters. Unregistering a non-registered callback has no effect.
Parameters | |
---|---|
callback |
AppOpsManager.OnOpActiveChangedListener : This value cannot be null . |
stopWatchingMode
public void stopWatchingMode (AppOpsManager.OnOpChangedListener callback)
Stop monitoring that was previously started with startWatchingMode(String, String, OnOpChangedListener)
. All
monitoring associated with this callback will be removed.
Parameters | |
---|---|
callback |
AppOpsManager.OnOpChangedListener : This value cannot be null . |
unsafeCheckOp
public int unsafeCheckOp (String op, int uid, String packageName)
Check whether an application might be able to perform an operation.
For platform versions before Build.VERSION_CODES.BAKLAVA
, this is
not a security check; you must use noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
or startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
for your actual security
checks. This function can just be used for a quick check to see if an operation has been
disabled for the application, as an early reject of some work.
For platform versions equal to or after Build.VERSION_CODES.BAKLAVA
, this
is no longer an unsafe check, and it does the same security check as noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
and startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)
.
However, it's preferred to use checkOp(java.lang.String, int, java.lang.String)
, since the word "unsafe"
in the name of this API is no longer accurate.
This API does not modify the time stamp or other data about the operation.
Parameters | |
---|---|
op |
String : The operation to check. One of the OPSTR_* constants.
This value cannot be null . |
uid |
int : The user id of the application attempting to perform the operation. |
packageName |
String : The name of the application attempting to perform the operation.
This value cannot be null . |
Returns | |
---|---|
int |
Returns MODE_ALLOWED if the operation is allowed, or
MODE_IGNORED if it is not allowed and should be silently ignored (without
causing the app to crash). |
Throws | |
---|---|
SecurityException |
If the app has been configured to crash on this op. |
unsafeCheckOpNoThrow
public int unsafeCheckOpNoThrow (String op, int uid, String packageName)
Like unsafeCheckOp(java.lang.String, int, java.lang.String)
but instead of throwing a
SecurityException
it returns MODE_ERRORED
.
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
unsafeCheckOpRaw
public int unsafeCheckOpRaw (String op, int uid, String packageName)
Like checkOp(String, int, String)
but returns the raw mode associated with the op.
Does not throw a security exception, does not translate MODE_FOREGROUND
.
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
unsafeCheckOpRawNoThrow
public int unsafeCheckOpRawNoThrow (String op, int uid, String packageName)
Like checkOp(String, int, String)
but returns the raw mode associated with the op.
Does not throw a security exception, does not translate MODE_FOREGROUND
.
Parameters | |
---|---|
op |
String : This value cannot be null . |
uid |
int |
packageName |
String : This value cannot be null . |
Returns | |
---|---|
int |
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2024-12-18 UTC.