From e8fb83fd623a63ddef5c942a3e9f69c1f8fc06e1 Mon Sep 17 00:00:00 2001
From: Phil Weaver <pweaver@google.com>
Date: Sat, 16 Dec 2017 00:55:51 +0000
Subject: [PATCH] Revert "Log an App Op when an accessibility action is
 performed."

CTS tests are now throwing security exceptions for accessibility actions.

This reverts commit 19eb58959b2b9cbf0d082ddc0640a6da99c8a3dc.

Change-Id: I2027ee4cca0fcc2b38bb615a58d992ef309e2d70
---
 core/java/android/app/AppOpsManager.java           | 12 +----------
 .../AccessibilityClientConnection.java             | 24 ----------------------
 2 files changed, 1 insertion(+), 35 deletions(-)

diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index 50e3f0a9a133..ea22d332cc4e 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -260,10 +260,8 @@ public class AppOpsManager {
     public static final int OP_REQUEST_DELETE_PACKAGES = 72;
     /** @hide Bind an accessibility service. */
     public static final int OP_BIND_ACCESSIBILITY_SERVICE = 73;
-    /** @hide Interact with the system UI via an Accessibility Service */
-    public static final int OP_PERFORM_ACCESSIBILITY_ACTION = 74;
     /** @hide */
-    public static final int _NUM_OP = 75;
+    public static final int _NUM_OP = 74;
 
     /** Access to coarse location information. */
     public static final String OPSTR_COARSE_LOCATION = "android:coarse_location";
@@ -508,7 +506,6 @@ public class AppOpsManager {
             OP_CHANGE_WIFI_STATE,
             OP_REQUEST_DELETE_PACKAGES,
             OP_BIND_ACCESSIBILITY_SERVICE,
-            OP_PERFORM_ACCESSIBILITY_ACTION,
     };
 
     /**
@@ -590,7 +587,6 @@ public class AppOpsManager {
             null, // OP_CHANGE_WIFI_STATE
             null, // OP_REQUEST_DELETE_PACKAGES
             null, // OP_BIND_ACCESSIBILITY_SERVICE
-            null, // OP_PERFORM_ACCESSIBILITY_ACTION
     };
 
     /**
@@ -672,7 +668,6 @@ public class AppOpsManager {
             "CHANGE_WIFI_STATE",
             "REQUEST_DELETE_PACKAGES",
             "BIND_ACCESSIBILITY_SERVICE",
-            "OP_PERFORM_ACCESSIBILITY_ACTION",
     };
 
     /**
@@ -754,7 +749,6 @@ public class AppOpsManager {
             Manifest.permission.CHANGE_WIFI_STATE,
             Manifest.permission.REQUEST_DELETE_PACKAGES,
             Manifest.permission.BIND_ACCESSIBILITY_SERVICE,
-            null, // no permission for OP_PERFORM_ACCESSIBILITY_ACTION
     };
 
     /**
@@ -837,7 +831,6 @@ public class AppOpsManager {
             null, // OP_CHANGE_WIFI_STATE
             null, // REQUEST_DELETE_PACKAGES
             null, // OP_BIND_ACCESSIBILITY_SERVICE
-            null, // OP_PERFORM_ACCESSIBILITY_ACTION
     };
 
     /**
@@ -919,7 +912,6 @@ public class AppOpsManager {
             false, // OP_CHANGE_WIFI_STATE
             false, // OP_REQUEST_DELETE_PACKAGES
             false, // OP_BIND_ACCESSIBILITY_SERVICE
-            false, // OP_PERFORM_ACCESSIBILITY_ACTION
     };
 
     /**
@@ -1000,7 +992,6 @@ public class AppOpsManager {
             AppOpsManager.MODE_ALLOWED,  // OP_CHANGE_WIFI_STATE
             AppOpsManager.MODE_ALLOWED,  // REQUEST_DELETE_PACKAGES
             AppOpsManager.MODE_ALLOWED,  // OP_BIND_ACCESSIBILITY_SERVICE
-            AppOpsManager.MODE_ALLOWED,  // OP_PERFORM_ACCESSIBILITY_ACTION
     };
 
     /**
@@ -1085,7 +1076,6 @@ public class AppOpsManager {
             false, // OP_CHANGE_WIFI_STATE
             false, // OP_REQUEST_DELETE_PACKAGES
             false, // OP_BIND_ACCESSIBILITY_SERVICE
-            false, // OP_PERFORM_ACCESSIBILITY_ACTION
     };
 
     /**
diff --git a/services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java b/services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java
index ad31cc5e0c33..01679ddad04b 100644
--- a/services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java
+++ b/services/accessibility/java/com/android/server/accessibility/AccessibilityClientConnection.java
@@ -25,7 +25,6 @@ import android.accessibilityservice.IAccessibilityServiceClient;
 import android.accessibilityservice.IAccessibilityServiceConnection;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
-import android.app.AppOpsManager;
 import android.app.PendingIntent;
 import android.content.ComponentName;
 import android.content.Context;
@@ -40,9 +39,7 @@ import android.os.Handler;
 import android.os.IBinder;
 import android.os.Looper;
 import android.os.Message;
-import android.os.Process;
 import android.os.RemoteException;
-import android.os.UserHandle;
 import android.util.Slog;
 import android.util.SparseArray;
 import android.view.KeyEvent;
@@ -96,7 +93,6 @@ abstract class AccessibilityClientConnection extends IAccessibilityServiceConnec
     protected final Object mLock;
 
     protected final SecurityPolicy mSecurityPolicy;
-    private final AppOpsManager mAppOpsManager;
 
     // The service that's bound to this instance. Whenever this value is non-null, this
     // object is registered as a death recipient
@@ -254,7 +250,6 @@ abstract class AccessibilityClientConnection extends IAccessibilityServiceConnec
         mAccessibilityServiceInfo = accessibilityServiceInfo;
         mLock = lock;
         mSecurityPolicy = securityPolicy;
-        mAppOpsManager = (AppOpsManager) context.getSystemService(Context.APP_OPS_SERVICE);
         mGlobalActionPerformer = globalActionPerfomer;
         mSystemSupport = systemSupport;
         mInvocationHandler = new InvocationHandler(mainHandler.getLooper());
@@ -711,16 +706,6 @@ abstract class AccessibilityClientConnection extends IAccessibilityServiceConnec
             long accessibilityNodeId, int action, Bundle arguments, int interactionId,
             IAccessibilityInteractionConnectionCallback callback, long interrogatingTid)
             throws RemoteException {
-
-        // Skip this if the caller is the Accessibility InteractionBridge.
-        if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID) {
-            if (mAppOpsManager.noteOp(AppOpsManager.OP_PERFORM_ACCESSIBILITY_ACTION,
-                    Binder.getCallingUid(), mComponentName.getPackageName())
-                    != AppOpsManager.MODE_ALLOWED) {
-                return false;
-            }
-        }
-
         final int resolvedWindowId;
         IAccessibilityInteractionConnection connection = null;
         synchronized (mLock) {
@@ -740,15 +725,6 @@ abstract class AccessibilityClientConnection extends IAccessibilityServiceConnec
 
     @Override
     public boolean performGlobalAction(int action) {
-        // Skip this if the caller is the Accessibility InteractionBridge.
-        if (UserHandle.getAppId(Binder.getCallingUid()) != Process.SYSTEM_UID) {
-            if (mAppOpsManager.noteOp(AppOpsManager.OP_PERFORM_ACCESSIBILITY_ACTION,
-                    Binder.getCallingUid(), mComponentName.getPackageName())
-                    != AppOpsManager.MODE_ALLOWED) {
-                return false;
-            }
-        }
-
         synchronized (mLock) {
             if (!isCalledForCurrentUserLocked()) {
                 return false;
-- 
2.11.0