AppOpsManager


public class AppOpsManager
extends Object

java.lang.Object
   ↳ android.app.AppOpsManager


App-ops are used for two purposes: Access control and tracking.

App-ops cover a wide variety of functionality from helping with runtime permissions access control and tracking to battery consumption tracking.

Access control

App-ops can either be controlled for each uid or for each package. Which one is used depends on the API provider maintaining this app-op. For any security or privacy related app-op the provider needs to control the app-op for per uid as all security and privacy is based on uid in Android.

To control access the app-op can be set to a mode to:

MODE_DEFAULT
Default behavior, might differ from app-op or app-op
MODE_ALLOWED
Allow the access
MODE_IGNORED
Don't allow the access, i.e. don't perform the requested action or return no or placeholder data
MODE_ERRORED
Throw a SecurityException on access. This can be suppressed by using a ...noThrow method to check the mode

API providers need to check the mode returned by noteOp(String, int, String) if they are are allowing access to operations gated by the app-op. unsafeCheckOp(String, int, String) should be used to check the mode if no access is granted. E.g. this can be used for displaying app-op state in the UI or when checking the state before later calling noteOp(String, int, String) anyway.

If an operation refers to a time span (e.g. a audio-recording session) the API provider should use startOp(String, int, String) and finishOp(String, int, String) instead of noteOp(String, int, String).

Runtime permissions and app-ops

Each platform defined runtime permission (beside background modifiers) has an associated app op which is used for tracking but also to allow for silent failures. I.e. if the runtime permission is denied the caller gets a SecurityException, but if the permission is granted and the app-op is MODE_IGNORED then the callers gets placeholder behavior, e.g. location callbacks would not happen.

App-op permissions

App-ops permissions are platform defined permissions that can be overridden. The security check for app-op permissions should by default check the permission grant state. If the app-op state is set to MODE_ALLOWED or MODE_IGNORED the app-op state should be checked instead of the permission grant state.

This functionality allows to grant access by default to apps fulfilling the requirements for a certain permission level. Still the behavior can be overridden when needed.

Tracking

App-ops track many important events, including all accesses to runtime permission protected APIs. This is done by tracking when an app-op was noted or started. The tracked data can only be read by system components.

Only noteOp(String, int, String)/startOp(String, int, String) are tracked; unsafeCheckOp(String, int, String) is not tracked. Hence it is important to eventually call noteOp(String, int, String) or startOp(String, int, String) when providing access to protected operations or data.

Some apps are forwarding access to other apps. E.g. an app might get the location from the system's location provider and then send the location further to a 3rd app. In this case the app passing on the data needs to call noteProxyOp(String, String) to signal the access proxying. This might also make sense inside of a single app if the access is forwarded between two parts of the tagged with different attribution tags.

An app can register an OnOpNotedCallback to get informed about what accesses the system is tracking for it. As each runtime permission has an associated app-op this API is particularly useful for an app that want to find unexpected private data accesses.

Summary

Nested classes

interface AppOpsManager.OnOpActiveChangedListener

Callback for notification of changes to operation active state. 

interface AppOpsManager.OnOpChangedListener

Callback for notification of changes to operation state. 

class AppOpsManager.OnOpNotedCallback

Callback an app can set to monitor the app-ops the system has tracked for it. 

Constants

int MODE_ALLOWED

Result from checkOp(String, int, String), noteOp(String, int, String), startOp(String, int, String): the given caller is allowed to perform the given operation.

int MODE_DEFAULT

Result from checkOp(String, int, String), noteOp(String, int, String), startOp(String, int, String): the given caller should use its default security check.

int MODE_ERRORED

Result from checkOpNoThrow(String, int, String), noteOpNoThrow(String, int, String), startOpNoThrow(String, int, String): the given caller is not allowed to perform the given operation, and this attempt should cause it to have a fatal error, typically a SecurityException.

int MODE_FOREGROUND

Special mode that means "allow only when app is in foreground." This is not returned from unsafeCheckOp(String, int, String), noteOp(String, int, String), startOp(String, int, String).

int MODE_IGNORED

Result from checkOp(String, int, String), noteOp(String, int, String), startOp(String, int, String): the given caller is not allowed to perform the given operation, and this attempt should silently fail (it should not cause the app to crash).

String OPSTR_ADD_VOICEMAIL

Required to access phone state related information.

String OPSTR_ANSWER_PHONE_CALLS

Answer incoming phone calls

String OPSTR_BODY_SENSORS

Access to body sensors such as heart rate, etc.

String OPSTR_CALL_PHONE

Allows an application to initiate a phone call.

String OPSTR_CAMERA

Required to be able to access the camera device.

String OPSTR_COARSE_LOCATION

Access to coarse location information.

String OPSTR_FINE_LOCATION

Access to fine location information.

String OPSTR_GET_USAGE_STATS

Access to UsageStatsManager.

String OPSTR_MOCK_LOCATION

Inject mock location into the system.

String OPSTR_MONITOR_HIGH_POWER_LOCATION

Continually monitoring location data with a relatively high power request.

String OPSTR_MONITOR_LOCATION

Continually monitoring location data.

String OPSTR_PICTURE_IN_PICTURE

Access to picture-in-picture.

String OPSTR_PROCESS_OUTGOING_CALLS

Access APIs for diverting outgoing calls

String OPSTR_READ_CALENDAR

Allows an application to read the user's calendar data.

String OPSTR_READ_CALL_LOG

Allows an application to read the user's call log.

String OPSTR_READ_CELL_BROADCASTS

Read previously received cell broadcast messages.

String OPSTR_READ_CONTACTS

Allows an application to read the user's contacts data.

String OPSTR_READ_EXTERNAL_STORAGE

Read external storage.

String OPSTR_READ_PHONE_NUMBERS

String OPSTR_READ_PHONE_STATE

Required to access phone state related information.

String OPSTR_READ_SMS

Allows an application to read SMS messages.

String OPSTR_RECEIVE_MMS

Allows an application to receive MMS messages.

String OPSTR_RECEIVE_SMS

Allows an application to receive SMS messages.

String OPSTR_RECEIVE_WAP_PUSH

Allows an application to receive WAP push messages.

String OPSTR_RECORD_AUDIO

Required to be able to access the microphone device.

String OPSTR_SEND_SMS

Allows an application to send SMS messages.

String OPSTR_SYSTEM_ALERT_WINDOW

Required to draw on top of other apps.

String OPSTR_USE_FINGERPRINT

Use the fingerprint API.

String OPSTR_USE_SIP

Access APIs for SIP calling over VOIP or WiFi

String OPSTR_WRITE_CALENDAR

Allows an application to write to the user's calendar data.

String OPSTR_WRITE_CALL_LOG

Allows an application to write to the user's call log.

String OPSTR_WRITE_CONTACTS

Allows an application to write to the user's contacts data.

String OPSTR_WRITE_EXTERNAL_STORAGE

Write external storage.

String OPSTR_WRITE_SETTINGS

Required to write/modify/update system settings.

int WATCH_FOREGROUND_CHANGES

Flag for startWatchingMode(java.lang.String, java.lang.String, int, android.app.AppOpsManager.OnOpChangedListener): Also get reports if the foreground state of an op's uid changes.

Public methods

int checkOp(String op, int uid, String packageName)

This method was deprecated in API level 29. Renamed to unsafeCheckOp(java.lang.String, int, java.lang.String).

int checkOpNoThrow(String op, int uid, String packageName)

This method was deprecated in API level 29. Renamed to unsafeCheckOpNoThrow(java.lang.String, int, java.lang.String).

void checkPackage(int uid, String packageName)

This method was deprecated in API level 30. Use PackageManager#getPackageUid instead

void finishOp(String op, int uid, String packageName)

This method was deprecated in API level 30. Use finishOp(java.lang.String, int, java.lang.String, java.lang.String) instead

void finishOp(String op, int uid, String packageName, String attributionTag)

Report that an application is no longer performing an operation that had previously been started with startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String).

void finishProxyOp(String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag)

Report that an application is no longer performing an operation that had previously been started with startProxyOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String).

boolean isOpActive(String op, int uid, String packageName)

Checks whether the given op for a package is active, i.e.

int noteOp(String op, int uid, String packageName)

This method was deprecated in API level 30. Use noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) instead

int noteOp(String op, int uid, String packageName, String attributionTag, String message)

Make note of an application performing an operation and check if the application is allowed to perform it.

int noteOpNoThrow(String op, int uid, String packageName, String attributionTag, String message)

Like noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

int noteOpNoThrow(String op, int uid, String packageName)

This method was deprecated in API level 30. Use noteOpNoThrow(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) instead

int noteProxyOp(String op, String proxiedPackageName, int proxiedUid, String proxiedAttributionTag, String message)

Make note of an application performing an operation on behalf of another application when handling an IPC.

int noteProxyOp(String op, String proxiedPackageName)

This method was deprecated in API level 30. Use noteProxyOp(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String) instead

int noteProxyOpNoThrow(String op, String proxiedPackageName)

This method was deprecated in API level 30. Use noteProxyOpNoThrow(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String) instead

int noteProxyOpNoThrow(String op, String proxiedPackageName, int proxiedUid)

This method was deprecated in API level 30. Use noteProxyOpNoThrow(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String) instead

int noteProxyOpNoThrow(String op, String proxiedPackageName, int proxiedUid, String proxiedAttributionTag, String message)

Like noteProxyOp(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

static String permissionToOp(String permission)

Gets the app-op name associated with a given permission.

void setOnOpNotedCallback(Executor asyncExecutor, AppOpsManager.OnOpNotedCallback callback)

Set a new OnOpNotedCallback.

int startOp(String op, int uid, String packageName)

This method was deprecated in API level 30. use startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) instead

int startOp(String op, int uid, String packageName, String attributionTag, String message)

Report that an application has started executing a long-running operation.

int startOpNoThrow(String op, int uid, String packageName, String attributionTag, String message)

Like startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

int startOpNoThrow(String op, int uid, String packageName)

This method was deprecated in API level 30. use startOpNoThrow(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) instead

int startProxyOp(String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag, String message)

Report that an application has started executing a long-running operation on behalf of another application when handling an IPC.

int startProxyOpNoThrow(String op, int proxiedUid, String proxiedPackageName, String proxiedAttributionTag, String message)

Like startProxyOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

void startWatchingActive(String[] ops, Executor executor, AppOpsManager.OnOpActiveChangedListener callback)

Start watching for changes to the active state of app-ops.

void startWatchingMode(String op, String packageName, AppOpsManager.OnOpChangedListener callback)

Monitor for changes to the operating mode for the given op in the given app package.

void startWatchingMode(String op, String packageName, int flags, AppOpsManager.OnOpChangedListener callback)

Monitor for changes to the operating mode for the given op in the given app package.

void stopWatchingActive(AppOpsManager.OnOpActiveChangedListener callback)

Stop watching for changes to the active state of an app-op.

void stopWatchingMode(AppOpsManager.OnOpChangedListener callback)

Stop monitoring that was previously started with startWatchingMode(String, String, OnOpChangedListener).

int unsafeCheckOp(String op, int uid, String packageName)

Do a quick check for whether an application might be able to perform an operation.

int unsafeCheckOpNoThrow(String op, int uid, String packageName)

Like checkOp(String, int, String) but instead of throwing a SecurityException it returns MODE_ERRORED.

int unsafeCheckOpRaw(String op, int uid, String packageName)

Like checkOp(String, int, String) but returns the raw mode associated with the op.

int unsafeCheckOpRawNoThrow(String op, int uid, String packageName)

Like unsafeCheckOpNoThrow(java.lang.String, int, java.lang.String) but returns the raw mode associated with the op.

Inherited methods

Constants

MODE_ALLOWED

Added in API level 19
public static final int MODE_ALLOWED

Result from checkOp(String, int, String), noteOp(String, int, String), startOp(String, int, String): the given caller is allowed to perform the given operation.

Constant Value: 0 (0x00000000)

MODE_DEFAULT

Added in API level 21
public static final int MODE_DEFAULT

Result from checkOp(String, int, String), noteOp(String, int, String), startOp(String, int, String): the given caller should use its default security check. This mode is not normally used; it should only be used with appop permissions, and callers must explicitly check for it and deal with it.

Constant Value: 3 (0x00000003)

MODE_ERRORED

Added in API level 19
public static final int MODE_ERRORED

Result from checkOpNoThrow(String, int, String), noteOpNoThrow(String, int, String), startOpNoThrow(String, int, String): the given caller is not allowed to perform the given operation, and this attempt should cause it to have a fatal error, typically a SecurityException.

Constant Value: 2 (0x00000002)

MODE_FOREGROUND

Added in API level 29
public static final int MODE_FOREGROUND

Special mode that means "allow only when app is in foreground." This is not returned from unsafeCheckOp(String, int, String), noteOp(String, int, String), startOp(String, int, String). Rather, unsafeCheckOp(String, int, String) will always return MODE_ALLOWED (because it is always possible for it to be ultimately allowed, depending on the app's background state), and noteOp(String, int, String) and startOp(String, int, String) will return MODE_ALLOWED when the app being checked is currently in the foreground, otherwise MODE_IGNORED.

The only place you will this normally see this value is through unsafeCheckOpRaw(String, int, String), which returns the actual raw mode of the op. Note that because you can't know the current state of the app being checked (and it can change at any point), you can only treat the result here as an indication that it will vary between MODE_ALLOWED and MODE_IGNORED depending on changes in the background state of the app. You thus must always use noteOp(String, int, String) or startOp(String, int, String) to do the actual check for access to the op.

Constant Value: 4 (0x00000004)

MODE_IGNORED

Added in API level 19
public static final int MODE_IGNORED

Result from checkOp(String, int, String), noteOp(String, int, String), startOp(String, int, String): the given caller is not allowed to perform the given operation, and this attempt should silently fail (it should not cause the app to crash).

Constant Value: 1 (0x00000001)

OPSTR_ADD_VOICEMAIL

Added in API level 23
public static final String OPSTR_ADD_VOICEMAIL

Required to access phone state related information.

Constant Value: "android:add_voicemail"

OPSTR_ANSWER_PHONE_CALLS

Added in API level 26
public static final String OPSTR_ANSWER_PHONE_CALLS

Answer incoming phone calls

Constant Value: "android:answer_phone_calls"

OPSTR_BODY_SENSORS

Added in API level 23
public static final String OPSTR_BODY_SENSORS

Access to body sensors such as heart rate, etc.

Constant Value: "android:body_sensors"

OPSTR_CALL_PHONE

Added in API level 23
public static final String OPSTR_CALL_PHONE

Allows an application to initiate a phone call.

Constant Value: "android:call_phone"

OPSTR_CAMERA

Added in API level 23
public static final String OPSTR_CAMERA

Required to be able to access the camera device.

Constant Value: "android:camera"

OPSTR_COARSE_LOCATION

Added in API level 19
public static final String OPSTR_COARSE_LOCATION

Access to coarse location information.

Constant Value: "android:coarse_location"

OPSTR_FINE_LOCATION

Added in API level 19
public static final String OPSTR_FINE_LOCATION

Access to fine location information.

Constant Value: "android:fine_location"

OPSTR_GET_USAGE_STATS

Added in API level 21
public static final String OPSTR_GET_USAGE_STATS

Access to UsageStatsManager.

Constant Value: "android:get_usage_stats"

OPSTR_MOCK_LOCATION

Added in API level 23
public static final String OPSTR_MOCK_LOCATION

Inject mock location into the system.

Constant Value: "android:mock_location"

OPSTR_MONITOR_HIGH_POWER_LOCATION

Added in API level 19
public static final String OPSTR_MONITOR_HIGH_POWER_LOCATION

Continually monitoring location data with a relatively high power request.

Constant Value: "android:monitor_location_high_power"

OPSTR_MONITOR_LOCATION

Added in API level 19
public static final String OPSTR_MONITOR_LOCATION

Continually monitoring location data.

Constant Value: "android:monitor_location"

OPSTR_PICTURE_IN_PICTURE

Added in API level 26
public static final String OPSTR_PICTURE_IN_PICTURE

Access to picture-in-picture.

Constant Value: "android:picture_in_picture"

OPSTR_PROCESS_OUTGOING_CALLS

Added in API level 26
public static final String OPSTR_PROCESS_OUTGOING_CALLS

Access APIs for diverting outgoing calls

Constant Value: "android:process_outgoing_calls"

OPSTR_READ_CALENDAR

Added in API level 23
public static final String OPSTR_READ_CALENDAR

Allows an application to read the user's calendar data.

Constant Value: "android:read_calendar"

OPSTR_READ_CALL_LOG

Added in API level 23
public static final String OPSTR_READ_CALL_LOG

Allows an application to read the user's call log.

Constant Value: "android:read_call_log"

OPSTR_READ_CELL_BROADCASTS

Added in API level 23
public static final String OPSTR_READ_CELL_BROADCASTS

Read previously received cell broadcast messages.

Constant Value: "android:read_cell_broadcasts"

OPSTR_READ_CONTACTS

Added in API level 23
public static final String OPSTR_READ_CONTACTS

Allows an application to read the user's contacts data.

Constant Value: "android:read_contacts"

OPSTR_READ_EXTERNAL_STORAGE

Added in API level 23
public static final String OPSTR_READ_EXTERNAL_STORAGE

Read external storage.

Constant Value: "android:read_external_storage"

OPSTR_READ_PHONE_NUMBERS

Added in API level 26
public static final String OPSTR_READ_PHONE_NUMBERS

Constant Value: "android:read_phone_numbers"

OPSTR_READ_PHONE_STATE

Added in API level 23
public static final String OPSTR_READ_PHONE_STATE

Required to access phone state related information.

Constant Value: "android:read_phone_state"

OPSTR_READ_SMS

Added in API level 23
public static final String OPSTR_READ_SMS

Allows an application to read SMS messages.

Constant Value: "android:read_sms"

OPSTR_RECEIVE_MMS

Added in API level 23
public static final String OPSTR_RECEIVE_MMS

Allows an application to receive MMS messages.

Constant Value: "android:receive_mms"

OPSTR_RECEIVE_SMS

Added in API level 23
public static final String OPSTR_RECEIVE_SMS

Allows an application to receive SMS messages.

Constant Value: "android:receive_sms"

OPSTR_RECEIVE_WAP_PUSH

Added in API level 23
public static final String OPSTR_RECEIVE_WAP_PUSH

Allows an application to receive WAP push messages.

Constant Value: "android:receive_wap_push"

OPSTR_RECORD_AUDIO

Added in API level 23
public static final String OPSTR_RECORD_AUDIO

Required to be able to access the microphone device.

Constant Value: "android:record_audio"

OPSTR_SEND_SMS

Added in API level 23
public static final String OPSTR_SEND_SMS

Allows an application to send SMS messages.

Constant Value: "android:send_sms"

OPSTR_SYSTEM_ALERT_WINDOW

Added in API level 23
public static final String OPSTR_SYSTEM_ALERT_WINDOW

Required to draw on top of other apps.

Constant Value: "android:system_alert_window"

OPSTR_USE_FINGERPRINT

Added in API level 23
public static final String OPSTR_USE_FINGERPRINT

Use the fingerprint API.

Constant Value: "android:use_fingerprint"

OPSTR_USE_SIP

Added in API level 23
public static final String OPSTR_USE_SIP

Access APIs for SIP calling over VOIP or WiFi

Constant Value: "android:use_sip"

OPSTR_WRITE_CALENDAR

Added in API level 23
public static final String OPSTR_WRITE_CALENDAR

Allows an application to write to the user's calendar data.

Constant Value: "android:write_calendar"

OPSTR_WRITE_CALL_LOG

Added in API level 23
public static final String OPSTR_WRITE_CALL_LOG

Allows an application to write to the user's call log.

Constant Value: "android:write_call_log"

OPSTR_WRITE_CONTACTS

Added in API level 23
public static final String OPSTR_WRITE_CONTACTS

Allows an application to write to the user's contacts data.

Constant Value: "android:write_contacts"

OPSTR_WRITE_EXTERNAL_STORAGE

Added in API level 23
public static final String OPSTR_WRITE_EXTERNAL_STORAGE

Write external storage.

Constant Value: "android:write_external_storage"

OPSTR_WRITE_SETTINGS

Added in API level 23
public static final String OPSTR_WRITE_SETTINGS

Required to write/modify/update system settings.

Constant Value: "android:write_settings"

WATCH_FOREGROUND_CHANGES

Added in API level 29
public static final int WATCH_FOREGROUND_CHANGES

Flag for startWatchingMode(java.lang.String, java.lang.String, int, android.app.AppOpsManager.OnOpChangedListener): Also get reports if the foreground state of an op's uid changes. This only works when watching a particular op, not when watching a package.

Constant Value: 1 (0x00000001)

Public methods

checkOp

Added in API level 19
Deprecated in API level 29
public int checkOp (String op, 
                int uid, 
                String packageName)

This method was deprecated in API level 29.
Renamed to unsafeCheckOp(java.lang.String, int, java.lang.String).

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int

checkOpNoThrow

Added in API level 19
Deprecated in API level 29
public int checkOpNoThrow (String op, 
                int uid, 
                String packageName)

This method was deprecated in API level 29.
Renamed to unsafeCheckOpNoThrow(java.lang.String, int, java.lang.String).

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int

checkPackage

Added in API level 19
Deprecated in API level 30
public void checkPackage (int uid, 
                String packageName)

This method was deprecated in API level 30.
Use PackageManager#getPackageUid instead

Parameters
uid int

packageName String: This value cannot be null.

finishOp

Added in API level 19
Deprecated in API level 30
public void finishOp (String op, 
                int uid, 
                String packageName)

This method was deprecated in API level 30.
Use finishOp(java.lang.String, int, java.lang.String, java.lang.String) instead

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

finishOp

Added in API level 30
public void finishOp (String op, 
                int uid, 
                String packageName, 
                String attributionTag)

Report that an application is no longer performing an operation that had previously been started with startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String). There is no validation of input or result; the parameters supplied here must be the exact same ones previously passed in when starting the operation.

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

attributionTag String: This value may be null.

finishProxyOp

Added in API level 31
public void finishProxyOp (String op, 
                int proxiedUid, 
                String proxiedPackageName, 
                String proxiedAttributionTag)

Report that an application is no longer performing an operation that had previously been started with startProxyOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String). There is no validation of input or result; the parameters supplied here must be the exact same ones previously passed in when starting the operation.

Parameters
op String: The operation which was started This value cannot be null.

proxiedUid int: The proxied appp's UID

proxiedPackageName String: The proxied appp's package name This value cannot be null.

proxiedAttributionTag String: The proxied appp's attribution tag or null for default attribution

isOpActive

Added in API level 30
public boolean isOpActive (String op, 
                int uid, 
                String packageName)

Checks whether the given op for a package is active, i.e. did someone call startOp(String, int, String) without finishOp(String, int, String) yet.

If you don't hold the android.Manifest.permission#WATCH_APPOPS permission you can query only for your UID.

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
boolean

noteOp

Added in API level 19
Deprecated in API level 30
public int noteOp (String op, 
                int uid, 
                String packageName)

This method was deprecated in API level 30.
Use noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) instead

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int

noteOp

Added in API level 30
public int noteOp (String op, 
                int uid, 
                String packageName, 
                String attributionTag, 
                String message)

Make note of an application performing an operation and check if the application is allowed to perform it.

If this is a check that is not preceding the protected operation, use unsafeCheckOp(String, int, String) instead.

The identity of the package the app-op is noted for is specified by the uid and packageName parameters. If this is noted for a regular app both should be set and the package needs to be part of the uid. In the very rare case that an app-op is noted for an entity that does not have a package name, the package can be null. As it is possible that a single process contains more than one package the packageName should be read from the context of the caller of the API (in the app process) that eventually triggers this check. If this op is not noted for a running process the packageName cannot be read from the context, but it should be clear which package the note is for.

If the uid and packageName do not match this return MODE_IGNORED.

Beside the access check this method also records the access. While the access check is based on uid and/or packageName the access recording is done based on the packageName and attributionTag. The attributionTag should be read from the same context the package name is read from. In the case the check is not related to an API call, the attributionTag should be null. Please note that e.g. registering a callback for later is still an API call and the code should store the attribution tag along the package name for being used in this method later.

The message parameter only needs to be set when this method is

    not
called in a two-way binder call from the client. In this case the message is a free form text that is meant help the app developer determine what part of the app's code triggered the note. This message is passed back to the app in the OnOpNotedCallback#onAsyncNoted(AsyncNotedAppOp) callback. A good example of a useful message is including the System#identityHashCode(Object) of the listener that will receive data or the name of the manifest-receiver.

Parameters
op String: The operation to note. One of the OPSTR_* constants. This value cannot be null.

uid int: The uid of the application attempting to perform the operation.

packageName String: The name of the application attempting to perform the operation. This value may be null.

attributionTag String: The attribution tag of the calling context or null for default attribution

message String: A message describing why the op was noted This value may be null.

Returns
int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).

Throws
SecurityException If the app has been configured to crash on this op.

noteOpNoThrow

Added in API level 30
public int noteOpNoThrow (String op, 
                int uid, 
                String packageName, 
                String attributionTag, 
                String message)

Like noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

attributionTag String: This value may be null.

message String: This value may be null.

Returns
int

noteOpNoThrow

Added in API level 19
Deprecated in API level 30
public int noteOpNoThrow (String op, 
                int uid, 
                String packageName)

This method was deprecated in API level 30.
Use noteOpNoThrow(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) instead

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int

noteProxyOp

Added in API level 30
public int noteProxyOp (String op, 
                String proxiedPackageName, 
                int proxiedUid, 
                String proxiedAttributionTag, 
                String message)

Make note of an application performing an operation on behalf of another application when handling an IPC. This function will verify that the calling uid and proxied package name match, and if not, return MODE_IGNORED. If this call succeeds, the last execution time of the operation for the proxied app and your app will be updated to the current time.

Parameters
op String: The operation to note. One of the OPSTR_* constants. This value cannot be null.

proxiedPackageName String: The name of the application calling into the proxy application. This value may be null.

proxiedUid int: The uid of the proxied application

proxiedAttributionTag String: The proxied attribution tag or null for default attribution

message String: A message describing the reason the op was noted This value may be null.

Returns
int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).

Throws
SecurityException If the proxy or proxied app has been configured to crash on this op.

noteProxyOp

Added in API level 23
Deprecated in API level 30
public int noteProxyOp (String op, 
                String proxiedPackageName)

This method was deprecated in API level 30.
Use noteProxyOp(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String) instead

Parameters
op String: This value cannot be null.

proxiedPackageName String: This value cannot be null.

Returns
int

noteProxyOpNoThrow

Added in API level 23
Deprecated in API level 30
public int noteProxyOpNoThrow (String op, 
                String proxiedPackageName)

This method was deprecated in API level 30.
Use noteProxyOpNoThrow(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String) instead

Parameters
op String: This value cannot be null.

proxiedPackageName String: This value cannot be null.

Returns
int

noteProxyOpNoThrow

Added in API level 29
Deprecated in API level 30
public int noteProxyOpNoThrow (String op, 
                String proxiedPackageName, 
                int proxiedUid)

This method was deprecated in API level 30.
Use noteProxyOpNoThrow(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String) instead

Parameters
op String: This value cannot be null.

proxiedPackageName String: This value may be null.

proxiedUid int

Returns
int

noteProxyOpNoThrow

Added in API level 30
public int noteProxyOpNoThrow (String op, 
                String proxiedPackageName, 
                int proxiedUid, 
                String proxiedAttributionTag, 
                String message)

Like noteProxyOp(java.lang.String, java.lang.String, int, java.lang.String, java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.

proxiedPackageName String: This value may be null.

proxiedUid int

proxiedAttributionTag String: This value may be null.

message String: This value may be null.

Returns
int

permissionToOp

Added in API level 23
public static String permissionToOp (String permission)

Gets the app-op name associated with a given permission.

The app-op name is one of the public constants defined in this class such as OPSTR_COARSE_LOCATION. This API is intended to be used for mapping runtime permissions to the corresponding app-op.

Parameters
permission String: The permission. This value cannot be null.

Returns
String The app-op associated with the permission or null.

setOnOpNotedCallback

Added in API level 30
public void setOnOpNotedCallback (Executor asyncExecutor, 
                AppOpsManager.OnOpNotedCallback callback)

Set a new OnOpNotedCallback.

There can only ever be one collector per process. If there currently is another callback set, this will fail.

Parameters
asyncExecutor Executor: executor to execute OnOpNotedCallback#onAsyncNoted on, null to unset Callback and listener events are dispatched through this Executor, providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor(). Otherwise, provide an Executor that dispatches to an appropriate thread.

callback AppOpsManager.OnOpNotedCallback: listener to set, null to unset

Throws
IllegalStateException If another callback is already registered

startOp

Added in API level 19
Deprecated in API level 30
public int startOp (String op, 
                int uid, 
                String packageName)

This method was deprecated in API level 30.
use startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) instead

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int

startOp

Added in API level 30
public int startOp (String op, 
                int uid, 
                String packageName, 
                String attributionTag, 
                String message)

Report that an application has started executing a long-running operation.

For more details how to determine the callingPackageName, callingAttributionTag, and message, please check the description in noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String)

Parameters
op String: The operation to start. One of the OPSTR_* constants. This value cannot be null.

uid int: The user id of the application attempting to perform the operation.

packageName String: The name of the application attempting to perform the operation. This value may be null.

attributionTag String: The attribution tag or null for default attribution

message String: Description why op was started This value may be null.

Returns
int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).

Throws
SecurityException If the app has been configured to crash on this op or the package is not in the passed in UID.

startOpNoThrow

Added in API level 30
public int startOpNoThrow (String op, 
                int uid, 
                String packageName, 
                String attributionTag, 
                String message)

Like startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

attributionTag String: This value may be null.

message String: This value may be null.

Returns
int

startOpNoThrow

Added in API level 19
Deprecated in API level 30
public int startOpNoThrow (String op, 
                int uid, 
                String packageName)

This method was deprecated in API level 30.
use startOpNoThrow(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) instead

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int

startProxyOp

Added in API level 31
public int startProxyOp (String op, 
                int proxiedUid, 
                String proxiedPackageName, 
                String proxiedAttributionTag, 
                String message)

Report that an application has started executing a long-running operation on behalf of another application when handling an IPC. This function will verify that the calling uid and proxied package name match, and if not, return MODE_IGNORED.

Parameters
op String: The op to note This value cannot be null.

proxiedUid int: The uid to note the op for null

proxiedPackageName String: The package name the uid belongs to This value cannot be null.

proxiedAttributionTag String: The proxied attribution tag or null for default attribution

message String: A message describing the reason the op was noted This value may be null.

Returns
int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).

Throws
SecurityException If the proxy or proxied app has been configured to crash on this op.

startProxyOpNoThrow

Added in API level 31
public int startProxyOpNoThrow (String op, 
                int proxiedUid, 
                String proxiedPackageName, 
                String proxiedAttributionTag, 
                String message)

Like startProxyOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.

proxiedUid int

proxiedPackageName String: This value cannot be null.

proxiedAttributionTag String: This value may be null.

message String: This value may be null.

Returns
int

startWatchingActive

Added in API level 30
public void startWatchingActive (String[] ops, 
                Executor executor, 
                AppOpsManager.OnOpActiveChangedListener callback)

Start watching for changes to the active state of app-ops. An app-op may be long running and it has a clear start and stop delimiters. If an op is being started or stopped by any package you will get a callback. To change the watched ops for a registered callback you need to unregister and register it again.

If you don't hold the android.Manifest.permission#WATCH_APPOPS permission you can watch changes only for your UID.

Parameters
ops String: The operations to watch. This value cannot be null.

executor Executor: Callback and listener events are dispatched through this Executor, providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor(). Otherwise, provide an Executor that dispatches to an appropriate thread. This value cannot be null.

callback AppOpsManager.OnOpActiveChangedListener: Where to report changes. This value cannot be null.

startWatchingMode

Added in API level 19
public void startWatchingMode (String op, 
                String packageName, 
                AppOpsManager.OnOpChangedListener callback)

Monitor for changes to the operating mode for the given op in the given app package. You can watch op changes only for your UID.

Parameters
op String: The operation to monitor, one of OPSTR_*. This value cannot be null.

packageName String: The name of the application to monitor. This value may be null.

callback AppOpsManager.OnOpChangedListener: Where to report changes. This value cannot be null.

startWatchingMode

Added in API level 29
public void startWatchingMode (String op, 
                String packageName, 
                int flags, 
                AppOpsManager.OnOpChangedListener callback)

Monitor for changes to the operating mode for the given op in the given app package. You can watch op changes only for your UID.

Parameters
op String: The operation to monitor, one of OPSTR_*. This value cannot be null.

packageName String: The name of the application to monitor. This value may be null.

flags int: Option flags: any combination of WATCH_FOREGROUND_CHANGES or 0.

callback AppOpsManager.OnOpChangedListener: Where to report changes. This value cannot be null.

stopWatchingActive

Added in API level 30
public void stopWatchingActive (AppOpsManager.OnOpActiveChangedListener callback)

Stop watching for changes to the active state of an app-op. An app-op may be long running and it has a clear start and stop delimiters. Unregistering a non-registered callback has no effect.

Parameters
callback AppOpsManager.OnOpActiveChangedListener: This value cannot be null.

stopWatchingMode

Added in API level 19
public void stopWatchingMode (AppOpsManager.OnOpChangedListener callback)

Stop monitoring that was previously started with startWatchingMode(String, String, OnOpChangedListener). All monitoring associated with this callback will be removed.

Parameters
callback AppOpsManager.OnOpChangedListener: This value cannot be null.

unsafeCheckOp

Added in API level 29
public int unsafeCheckOp (String op, 
                int uid, 
                String packageName)

Do a quick check for whether an application might be able to perform an operation. This is not a security check; you must use noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) or startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) for your actual security checks, which also ensure that the given uid and package name are consistent. This function can just be used for a quick check to see if an operation has been disabled for the application, as an early reject of some work. This does not modify the time stamp or other data about the operation.

Important things this will not do (which you need to ultimate use noteOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) or startOp(java.lang.String, int, java.lang.String, java.lang.String, java.lang.String) to cover):

  • Verifying the uid and package are consistent, so callers can't spoof their identity.
  • Taking into account the current foreground/background state of the app; apps whose mode varies by this state will always be reported as MODE_ALLOWED.

Parameters
op String: The operation to check. One of the OPSTR_* constants. This value cannot be null.

uid int: The user id of the application attempting to perform the operation.

packageName String: The name of the application attempting to perform the operation. This value cannot be null.

Returns
int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).

Throws
SecurityException If the app has been configured to crash on this op.

unsafeCheckOpNoThrow

Added in API level 29
public int unsafeCheckOpNoThrow (String op, 
                int uid, 
                String packageName)

Like checkOp(String, int, String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int

unsafeCheckOpRaw

Added in API level 29
public int unsafeCheckOpRaw (String op, 
                int uid, 
                String packageName)

Like checkOp(String, int, String) but returns the raw mode associated with the op. Does not throw a security exception, does not translate MODE_FOREGROUND.

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int

unsafeCheckOpRawNoThrow

Added in API level 29
public int unsafeCheckOpRawNoThrow (String op, 
                int uid, 
                String packageName)

Like unsafeCheckOpNoThrow(java.lang.String, int, java.lang.String) but returns the raw mode associated with the op. Does not throw a security exception, does not translate MODE_FOREGROUND.

Parameters
op String: This value cannot be null.

uid int

packageName String: This value cannot be null.

Returns
int