AppOpsManager Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
App-ops are used for two purposes: Access control and tracking.
[Android.Runtime.Register("android/app/AppOpsManager", DoNotGenerateAcw=true)]
public class AppOpsManager : Java.Lang.Object
[<Android.Runtime.Register("android/app/AppOpsManager", DoNotGenerateAcw=true)>]
type AppOpsManager = class
inherit Object
- Inheritance
- Attributes
Remarks
App-ops are used for two purposes: Access control and tracking.
App-ops cover a wide variety of functionality from helping with runtime permissions access control and tracking to battery consumption tracking.
<h2>Access control</h2>
App-ops can either be controlled for each uid or for each package. Which one is used depends on the API provider maintaining this app-op. For any security or privacy related app-op the provider needs to control the app-op for per uid as all security and privacy is based on uid in Android.
To control access the app-op can be set to a mode to: <dl> <dt>#MODE_DEFAULT
<dd>Default behavior, might differ from app-op or app-op <dt>#MODE_ALLOWED
<dd>Allow the access <dt>#MODE_IGNORED
<dd>Don't allow the access, i.e. don't perform the requested action or return no or placeholder data <dt>#MODE_ERRORED
<dd>Throw a SecurityException
on access. This can be suppressed by using a ...noThrow
method to check the mode </dl>
API providers need to check the mode returned by #noteOp
if they are are allowing access to operations gated by the app-op. #unsafeCheckOp
should be used to check the mode if no access is granted. E.g. this can be used for displaying app-op state in the UI or when checking the state before later calling #noteOp
anyway.
If an operation refers to a time span (e.g. a audio-recording session) the API provider should use #startOp
and #finishOp
instead of #noteOp
.
<h3>Runtime permissions and app-ops</h3>
Each platform defined runtime permission (beside background modifiers) has an associated app op which is used for tracking but also to allow for silent failures. I.e. if the runtime permission is denied the caller gets a SecurityException
, but if the permission is granted and the app-op is #MODE_IGNORED
then the callers gets placeholder behavior, e.g. location callbacks would not happen.
<h3>App-op permissions</h3>
App-ops permissions are platform defined permissions that can be overridden. The security check for app-op permissions should by #MODE_DEFAULT default
check the permission grant state. If the app-op state is set to #MODE_ALLOWED
or #MODE_IGNORED
the app-op state should be checked instead of the permission grant state.
This functionality allows to grant access by default to apps fulfilling the requirements for a certain permission level. Still the behavior can be overridden when needed.
<h2>Tracking</h2>
App-ops track many important events, including all accesses to runtime permission protected APIs. This is done by tracking when an app-op was #noteOp noted
or #startOp started
. The tracked data can only be read by system components.
<b>Only #noteOp
/#startOp
are tracked; #unsafeCheckOp
is not tracked. Hence it is important to eventually call #noteOp
or #startOp
when providing access to protected operations or data.</b>
Some apps are forwarding access to other apps. E.g. an app might get the location from the system's location provider and then send the location further to a 3rd app. In this case the app passing on the data needs to call #noteProxyOp
to signal the access proxying. This might also make sense inside of a single app if the access is forwarded between two parts of the tagged with different attribution tags.
An app can register an OnOpNotedCallback
to get informed about what accesses the system is tracking for it. As each runtime permission has an associated app-op this API is particularly useful for an app that want to find unexpected private data accesses.
Java documentation for android.app.AppOpsManager
.
Portions of this page are modifications based on work created and shared by the Android Open Source Project and used according to terms described in the Creative Commons 2.5 Attribution License.
Constructors
AppOpsManager(IntPtr, JniHandleOwnership) |
A constructor used when creating managed representations of JNI objects; called by the runtime. |
Fields
ModeAllowed |
Obsolete.
Result from |
ModeDefault |
Obsolete.
Result from |
ModeErrored |
Obsolete.
Result from |
ModeForeground |
Obsolete.
Special mode that means "allow only when app is in foreground. |
ModeIgnored |
Obsolete.
Result from |
OpstrAddVoicemail |
Required to access phone state related information. |
OpstrAnswerPhoneCalls |
Answer incoming phone calls |
OpstrBodySensors |
Access to body sensors such as heart rate, etc. |
OpstrCallPhone |
Allows an application to initiate a phone call. |
OpstrCamera |
Required to be able to access the camera device. |
OpstrCoarseLocation |
Access to coarse location information. |
OpstrFineLocation |
Access to fine location information. |
OpstrGetUsageStats |
Access to |
OpstrMockLocation |
Inject mock location into the system. |
OpstrMonitorHighPowerLocation |
Continually monitoring location data with a relatively high power request. |
OpstrMonitorLocation |
Continually monitoring location data. |
OpstrPictureInPicture |
Access to picture-in-picture. |
OpstrProcessOutgoingCalls |
Access APIs for diverting outgoing calls |
OpstrReadCalendar |
Allows an application to read the user's calendar data. |
OpstrReadCallLog |
Allows an application to read the user's call log. |
OpstrReadCellBroadcasts |
Read previously received cell broadcast messages. |
OpstrReadContacts |
Allows an application to read the user's contacts data. |
OpstrReadExternalStorage |
Read external storage. |
OpstrReadPhoneNumbers | |
OpstrReadPhoneState |
Required to access phone state related information. |
OpstrReadSms |
Allows an application to read SMS messages. |
OpstrReceiveMms |
Allows an application to receive MMS messages. |
OpstrReceiveSms |
Allows an application to receive SMS messages. |
OpstrReceiveWapPush |
Allows an application to receive WAP push messages. |
OpstrRecordAudio |
Required to be able to access the microphone device. |
OpstrSendSms |
Allows an application to send SMS messages. |
OpstrSystemAlertWindow |
Required to draw on top of other apps. |
OpstrUseFingerprint |
Use the fingerprint API. |
OpstrUseSip |
Access APIs for SIP calling over VOIP or WiFi |
OpstrWriteCalendar |
Allows an application to write to the user's calendar data. |
OpstrWriteCallLog |
Allows an application to write to the user's call log. |
OpstrWriteContacts |
Allows an application to write to the user's contacts data. |
OpstrWriteExternalStorage |
Write external storage. |
OpstrWriteSettings |
Required to write/modify/update system settings. |
WatchForegroundChanges |
Obsolete.
Flag for |
Properties
Class |
Returns the runtime class of this |
Handle |
The handle to the underlying Android instance. (Inherited from Object) |
JniIdentityHashCode | (Inherited from Object) |
JniPeerMembers | |
PeerReference | (Inherited from Object) |
ThresholdClass |
This API supports the Mono for Android infrastructure and is not intended to be used directly from your code. |
ThresholdType |
This API supports the Mono for Android infrastructure and is not intended to be used directly from your code. |
Methods
CheckOp(String, Int32, String) |
This member is deprecated. |
CheckOpNoThrow(String, Int32, String) |
This member is deprecated. |
CheckPackage(Int32, String) |
This member is deprecated. |
Clone() |
Creates and returns a copy of this object. (Inherited from Object) |
Dispose() | (Inherited from Object) |
Dispose(Boolean) | (Inherited from Object) |
Equals(Object) |
Indicates whether some other object is "equal to" this one. (Inherited from Object) |
FinishOp(String, Int32, String, String) |
Report that an application is no longer performing an operation that had previously
been started with |
FinishOp(String, Int32, String) |
This member is deprecated. |
FinishProxyOp(String, Int32, String, String) |
Report that an application is no longer performing an operation that had previously
been started with |
GetHashCode() |
Returns a hash code value for the object. (Inherited from Object) |
IsOpActive(String, Int32, String) |
Checks whether the given op for a package is active, i. |
JavaFinalize() |
Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. (Inherited from Object) |
NoteOp(String, Int32, String, String, String) |
Make note of an application performing an operation and check if the application is allowed to perform it. |
NoteOp(String, Int32, String) |
This member is deprecated. |
NoteOpNoThrow(String, Int32, String, String, String) |
Like |
NoteOpNoThrow(String, Int32, String) |
This member is deprecated. |
NoteProxyOp(String, String, Int32, String, String) |
Make note of an application performing an operation on behalf of another application when handling an IPC. |
NoteProxyOp(String, String) |
This member is deprecated. |
NoteProxyOpNoThrow(String, String, Int32, String, String) |
Like |
NoteProxyOpNoThrow(String, String, Int32) |
This member is deprecated. |
NoteProxyOpNoThrow(String, String) |
This member is deprecated. |
Notify() |
Wakes up a single thread that is waiting on this object's monitor. (Inherited from Object) |
NotifyAll() |
Wakes up all threads that are waiting on this object's monitor. (Inherited from Object) |
PermissionToOp(String) |
Gets the app-op name associated with a given permission. |
SetHandle(IntPtr, JniHandleOwnership) |
Sets the Handle property. (Inherited from Object) |
SetOnOpNotedCallback(IExecutor, AppOpsManager+OnOpNotedCallback) |
Set a new |
StartOp(String, Int32, String, String, String) |
Report that an application has started executing a long-running operation. |
StartOp(String, Int32, String) |
This member is deprecated. |
StartOpNoThrow(String, Int32, String, String, String) |
Like |
StartOpNoThrow(String, Int32, String) |
This member is deprecated. |
StartProxyOp(String, Int32, String, String, String) |
Report that an application has started executing a long-running operation on behalf of another application when handling an IPC. |
StartProxyOpNoThrow(String, Int32, String, String, String) |
Like |
StartWatchingActive(String[], IExecutor, AppOpsManager+IOnOpActiveChangedListener) | |
StartWatchingMode(String, String, AppOpsManager+IOnOpChangedListener) |
Monitor for changes to the operating mode for the given op in the given app package. |
StartWatchingMode(String, String, WatchForeground, AppOpsManager+IOnOpChangedListener) | |
StopWatchingActive(AppOpsManager+IOnOpActiveChangedListener) |
Stop watching for changes to the active state of an app-op. |
StopWatchingMode(AppOpsManager+IOnOpChangedListener) |
Stop monitoring that was previously started with |
ToArray<T>() | (Inherited from Object) |
ToString() |
Returns a string representation of the object. (Inherited from Object) |
UnregisterFromRuntime() | (Inherited from Object) |
UnsafeCheckOp(String, Int32, String) |
Do a quick check for whether an application might be able to perform an operation. |
UnsafeCheckOpNoThrow(String, Int32, String) |
Like |
UnsafeCheckOpRaw(String, Int32, String) |
Like |
UnsafeCheckOpRawNoThrow(String, Int32, String) |
Like |
Wait() |
Causes the current thread to wait until it is awakened, typically by being <em>notified</em> or <em>interrupted</em>. (Inherited from Object) |
Wait(Int64, Int32) |
Causes the current thread to wait until it is awakened, typically by being <em>notified</em> or <em>interrupted</em>, or until a certain amount of real time has elapsed. (Inherited from Object) |
Wait(Int64) |
Causes the current thread to wait until it is awakened, typically by being <em>notified</em> or <em>interrupted</em>, or until a certain amount of real time has elapsed. (Inherited from Object) |
Explicit Interface Implementations
IJavaPeerable.Disposed() | (Inherited from Object) |
IJavaPeerable.DisposeUnlessReferenced() | (Inherited from Object) |
IJavaPeerable.Finalized() | (Inherited from Object) |
IJavaPeerable.JniManagedPeerState | (Inherited from Object) |
IJavaPeerable.SetJniIdentityHashCode(Int32) | (Inherited from Object) |
IJavaPeerable.SetJniManagedPeerState(JniManagedPeerStates) | (Inherited from Object) |
IJavaPeerable.SetPeerReference(JniObjectReference) | (Inherited from Object) |
Extension Methods
JavaCast<TResult>(IJavaObject) |
Performs an Android runtime-checked type conversion. |
JavaCast<TResult>(IJavaObject) | |
GetJniTypeName(IJavaPeerable) |
Gets the JNI name of the type of the instance |
JavaAs<TResult>(IJavaPeerable) |
Try to coerce |
TryJavaCast<TResult>(IJavaPeerable, TResult) |
Try to coerce |