Added in API level 19

AppOpsManager


open class AppOpsManager
kotlin.Any
   ↳ android.app.AppOpsManager

App-ops are used for two purposes: Access control and tracking.

App-ops cover a wide variety of functionality from helping with runtime permissions access control and tracking to battery consumption tracking.

Access control

App-ops can either be controlled for each uid or for each package. Which one is used depends on the API provider maintaining this app-op. For any security or privacy related app-op the provider needs to control the app-op for per uid as all security and privacy is based on uid in Android.

To control access the app-op can be set to a mode to:

MODE_DEFAULT
Default behavior, might differ from app-op or app-op
MODE_ALLOWED
Allow the access
MODE_IGNORED
Don't allow the access, i.e. don't perform the requested action or return no or placeholder data
MODE_ERRORED
Throw a SecurityException on access. This can be suppressed by using a ...noThrow method to check the mode

API providers need to check the mode returned by #noteOp if they are are allowing access to operations gated by the app-op. unsafeCheckOp should be used to check the mode if no access is granted. E.g. this can be used for displaying app-op state in the UI or when checking the state before later calling #noteOp anyway.

If an operation refers to a time span (e.g. a audio-recording session) the API provider should use #startOp and #finishOp instead of #noteOp.

Runtime permissions and app-ops

Each platform defined runtime permission (beside background modifiers) has an associated app op which is used for tracking but also to allow for silent failures. I.e. if the runtime permission is denied the caller gets a SecurityException, but if the permission is granted and the app-op is MODE_IGNORED then the callers gets placeholder behavior, e.g. location callbacks would not happen.

App-op permissions

App-ops permissions are platform defined permissions that can be overridden. The security check for app-op permissions should by default check the permission grant state. If the app-op state is set to MODE_ALLOWED or MODE_IGNORED the app-op state should be checked instead of the permission grant state.

This functionality allows to grant access by default to apps fulfilling the requirements for a certain permission level. Still the behavior can be overridden when needed.

Tracking

App-ops track many important events, including all accesses to runtime permission protected APIs. This is done by tracking when an app-op was #noteOp or #startOp. The tracked data can only be read by system components.

Only #noteOp/#startOp are tracked; unsafeCheckOp is not tracked. Hence it is important to eventually call #noteOp or #startOp when providing access to protected operations or data.

Some apps are forwarding access to other apps. E.g. an app might get the location from the system's location provider and then send the location further to a 3rd app. In this case the app passing on the data needs to call #noteProxyOp to signal the access proxying. This might also make sense inside of a single app if the access is forwarded between two parts of the tagged with different attribution tags.

An app can register an OnOpNotedCallback to get informed about what accesses the system is tracking for it. As each runtime permission has an associated app-op this API is particularly useful for an app that want to find unexpected private data accesses.

Summary

Nested classes
abstract

Callback for notification of changes to operation active state.

abstract

Callback for notification of changes to operation state.

abstract

Callback an app can set to monitor the app-ops the system has tracked for it.

Constants
static Int

Result from checkOp, #noteOp, #startOp: the given caller is allowed to perform the given operation.

static Int

Result from checkOp, #noteOp, #startOp: the given caller should use its default security check.

static Int

Result from checkOpNoThrow, #noteOpNoThrow, #startOpNoThrow: the given caller is not allowed to perform the given operation, and this attempt should cause it to have a fatal error, typically a SecurityException.

static Int

Special mode that means "allow only when app is in foreground.

static Int

Result from checkOp, #noteOp, #startOp: the given caller is not allowed to perform the given operation, and this attempt should silently fail (it should not cause the app to crash).

static String

Required to access phone state related information.

static String

Answer incoming phone calls

static String

Access to body sensors such as heart rate, etc.

static String

Allows an application to initiate a phone call.

static String

Required to be able to access the camera device.

static String

Access to coarse location information.

static String

Access to fine location information.

static String

Access to android.app.usage.UsageStatsManager.

static String

Inject mock location into the system.

static String

Continually monitoring location data with a relatively high power request.

static String

Continually monitoring location data.

static String

Access to picture-in-picture.

static String

Access APIs for diverting outgoing calls

static String

Allows an application to read the user's calendar data.

static String

Allows an application to read the user's call log.

static String

Read previously received cell broadcast messages.

static String

Allows an application to read the user's contacts data.

static String

Read external storage.

static String

static String

Required to access phone state related information.

static String

Allows an application to read SMS messages.

static String

Allows an application to receive MMS messages.

static String

Allows an application to receive SMS messages.

static String

Allows an application to receive WAP push messages.

static String

Required to be able to access the microphone device.

static String

Allows an application to send SMS messages.

static String

Required to draw on top of other apps.

static String

Use the fingerprint API.

static String

Access APIs for SIP calling over VOIP or WiFi

static String

Allows an application to write to the user's calendar data.

static String

Allows an application to write to the user's call log.

static String

Allows an application to write to the user's contacts data.

static String

Write external storage.

static String

Required to write/modify/update system settings.

static Int

Flag for startWatchingMode(java.lang.String,java.lang.String,int,android.app.AppOpsManager.OnOpChangedListener): Also get reports if the foreground state of an op's uid changes.

Public methods
open Int
checkOp(op: String, uid: Int, packageName: String)

Check whether an application can perform an operation.

open Int
checkOpNoThrow(op: String, uid: Int, packageName: String)

Like checkOp(java.lang.String,int,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

open Unit
checkPackage(uid: Int, packageName: String)

open Unit
finishOp(op: String, uid: Int, packageName: String)

open Unit
finishOp(op: String, uid: Int, packageName: String, attributionTag: String?)

Report that an application is no longer performing an operation that had previously been started with startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String).

open Unit
finishProxyOp(op: String, proxiedUid: Int, proxiedPackageName: String, proxiedAttributionTag: String?)

Report that an application is no longer performing an operation that had previously been started with startProxyOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String).

open Boolean
isOpActive(op: String, uid: Int, packageName: String)

Checks whether the given op for a package is active, i.

open Int
noteOp(op: String, uid: Int, packageName: String)

open Int
noteOp(op: String, uid: Int, packageName: String?, attributionTag: String?, message: String?)

Make note of an application performing an operation and check if the application is allowed to perform it.

open Int
noteOpNoThrow(op: String, uid: Int, packageName: String)

open Int
noteOpNoThrow(op: String, uid: Int, packageName: String, attributionTag: String?, message: String?)

Like noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

open Int
noteProxyOp(op: String, proxiedPackageName: String)

open Int
noteProxyOp(op: String, proxiedPackageName: String?, proxiedUid: Int, proxiedAttributionTag: String?, message: String?)

Make note of an application performing an operation on behalf of another application when handling an IPC.

open Int
noteProxyOpNoThrow(op: String, proxiedPackageName: String)

open Int
noteProxyOpNoThrow(op: String, proxiedPackageName: String?, proxiedUid: Int)

open Int
noteProxyOpNoThrow(op: String, proxiedPackageName: String?, proxiedUid: Int, proxiedAttributionTag: String?, message: String?)

Like noteProxyOp(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

open static String?
permissionToOp(permission: String)

Gets the app-op name associated with a given permission.

open Unit

Set a new OnOpNotedCallback.

open Int
startOp(op: String, uid: Int, packageName: String)

open Int
startOp(op: String, uid: Int, packageName: String?, attributionTag: String?, message: String?)

Report that an application has started executing a long-running operation.

open Int
startOpNoThrow(op: String, uid: Int, packageName: String)

open Int
startOpNoThrow(op: String, uid: Int, packageName: String, attributionTag: String?, message: String?)

Like startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

open Int
startProxyOp(op: String, proxiedUid: Int, proxiedPackageName: String, proxiedAttributionTag: String?, message: String?)

Report that an application has started executing a long-running operation on behalf of another application when handling an IPC.

open Int
startProxyOpNoThrow(op: String, proxiedUid: Int, proxiedPackageName: String, proxiedAttributionTag: String?, message: String?)

Like startProxyOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

open Unit

Start watching for changes to the active state of app-ops.

open Unit

Monitor for changes to the operating mode for the given op in the given app package.

open Unit
startWatchingMode(op: String, packageName: String?, flags: Int, callback: AppOpsManager.OnOpChangedListener)

Monitor for changes to the operating mode for the given op in the given app package.

open Unit

Stop watching for changes to the active state of an app-op.

open Unit

Stop monitoring that was previously started with #startWatchingMode.

open Int
unsafeCheckOp(op: String, uid: Int, packageName: String)

Check whether an application might be able to perform an operation.

open Int
unsafeCheckOpNoThrow(op: String, uid: Int, packageName: String)

Like unsafeCheckOp(java.lang.String,int,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

open Int
unsafeCheckOpRaw(op: String, uid: Int, packageName: String)

Like checkOp but returns the raw mode associated with the op.

open Int
unsafeCheckOpRawNoThrow(op: String, uid: Int, packageName: String)

Like checkOp but returns the raw mode associated with the op.

Constants

MODE_ALLOWED

Added in API level 19
static val MODE_ALLOWED: Int

Result from checkOp, #noteOp, #startOp: the given caller is allowed to perform the given operation.

Value: 0

MODE_DEFAULT

Added in API level 21
static val MODE_DEFAULT: Int

Result from checkOp, #noteOp, #startOp: the given caller should use its default security check. This mode is not normally used; it should only be used with appop permissions, and callers must explicitly check for it and deal with it.

Value: 3

MODE_ERRORED

Added in API level 19
static val MODE_ERRORED: Int

Result from checkOpNoThrow, #noteOpNoThrow, #startOpNoThrow: the given caller is not allowed to perform the given operation, and this attempt should cause it to have a fatal error, typically a SecurityException.

Value: 2

MODE_FOREGROUND

Added in API level 29
static val MODE_FOREGROUND: Int

Special mode that means "allow only when app is in foreground." This is not returned from unsafeCheckOp, #noteOp, #startOp. Rather, unsafeCheckOp will always return MODE_ALLOWED (because it is always possible for it to be ultimately allowed, depending on the app's background state), and #noteOp and #startOp will return MODE_ALLOWED when the app being checked is currently in the foreground, otherwise MODE_IGNORED.

The only place you will this normally see this value is through unsafeCheckOpRaw, which returns the actual raw mode of the op. Note that because you can't know the current state of the app being checked (and it can change at any point), you can only treat the result here as an indication that it will vary between MODE_ALLOWED and MODE_IGNORED depending on changes in the background state of the app. You thus must always use #noteOp or #startOp to do the actual check for access to the op.

Value: 4

MODE_IGNORED

Added in API level 19
static val MODE_IGNORED: Int

Result from checkOp, #noteOp, #startOp: the given caller is not allowed to perform the given operation, and this attempt should silently fail (it should not cause the app to crash).

Value: 1

OPSTR_ADD_VOICEMAIL

Added in API level 23
static val OPSTR_ADD_VOICEMAIL: String

Required to access phone state related information.

Value: "android:add_voicemail"

OPSTR_ANSWER_PHONE_CALLS

Added in API level 26
static val OPSTR_ANSWER_PHONE_CALLS: String

Answer incoming phone calls

Value: "android:answer_phone_calls"

OPSTR_BODY_SENSORS

Added in API level 23
static val OPSTR_BODY_SENSORS: String

Access to body sensors such as heart rate, etc.

Value: "android:body_sensors"

OPSTR_CALL_PHONE

Added in API level 23
static val OPSTR_CALL_PHONE: String

Allows an application to initiate a phone call.

Value: "android:call_phone"

OPSTR_CAMERA

Added in API level 23
static val OPSTR_CAMERA: String

Required to be able to access the camera device.

Value: "android:camera"

OPSTR_COARSE_LOCATION

Added in API level 19
static val OPSTR_COARSE_LOCATION: String

Access to coarse location information.

Value: "android:coarse_location"

OPSTR_FINE_LOCATION

Added in API level 19
static val OPSTR_FINE_LOCATION: String

Access to fine location information.

Value: "android:fine_location"

OPSTR_GET_USAGE_STATS

Added in API level 21
static val OPSTR_GET_USAGE_STATS: String

Access to android.app.usage.UsageStatsManager.

Value: "android:get_usage_stats"

OPSTR_MOCK_LOCATION

Added in API level 23
static val OPSTR_MOCK_LOCATION: String

Inject mock location into the system.

Value: "android:mock_location"

OPSTR_MONITOR_HIGH_POWER_LOCATION

Added in API level 19
static val OPSTR_MONITOR_HIGH_POWER_LOCATION: String

Continually monitoring location data with a relatively high power request.

Value: "android:monitor_location_high_power"

OPSTR_MONITOR_LOCATION

Added in API level 19
static val OPSTR_MONITOR_LOCATION: String

Continually monitoring location data.

Value: "android:monitor_location"

OPSTR_PICTURE_IN_PICTURE

Added in API level 26
static val OPSTR_PICTURE_IN_PICTURE: String

Access to picture-in-picture.

Value: "android:picture_in_picture"

OPSTR_PROCESS_OUTGOING_CALLS

Added in API level 26
static val OPSTR_PROCESS_OUTGOING_CALLS: String

Access APIs for diverting outgoing calls

Value: "android:process_outgoing_calls"

OPSTR_READ_CALENDAR

Added in API level 23
static val OPSTR_READ_CALENDAR: String

Allows an application to read the user's calendar data.

Value: "android:read_calendar"

OPSTR_READ_CALL_LOG

Added in API level 23
static val OPSTR_READ_CALL_LOG: String

Allows an application to read the user's call log.

Value: "android:read_call_log"

OPSTR_READ_CELL_BROADCASTS

Added in API level 23
static val OPSTR_READ_CELL_BROADCASTS: String

Read previously received cell broadcast messages.

Value: "android:read_cell_broadcasts"

OPSTR_READ_CONTACTS

Added in API level 23
static val OPSTR_READ_CONTACTS: String

Allows an application to read the user's contacts data.

Value: "android:read_contacts"

OPSTR_READ_EXTERNAL_STORAGE

Added in API level 23
static val OPSTR_READ_EXTERNAL_STORAGE: String

Read external storage.

Value: "android:read_external_storage"

OPSTR_READ_PHONE_NUMBERS

Added in API level 26
static val OPSTR_READ_PHONE_NUMBERS: String
Value: "android:read_phone_numbers"

OPSTR_READ_PHONE_STATE

Added in API level 23
static val OPSTR_READ_PHONE_STATE: String

Required to access phone state related information.

Value: "android:read_phone_state"

OPSTR_READ_SMS

Added in API level 23
static val OPSTR_READ_SMS: String

Allows an application to read SMS messages.

Value: "android:read_sms"

OPSTR_RECEIVE_MMS

Added in API level 23
static val OPSTR_RECEIVE_MMS: String

Allows an application to receive MMS messages.

Value: "android:receive_mms"

OPSTR_RECEIVE_SMS

Added in API level 23
static val OPSTR_RECEIVE_SMS: String

Allows an application to receive SMS messages.

Value: "android:receive_sms"

OPSTR_RECEIVE_WAP_PUSH

Added in API level 23
static val OPSTR_RECEIVE_WAP_PUSH: String

Allows an application to receive WAP push messages.

Value: "android:receive_wap_push"

OPSTR_RECORD_AUDIO

Added in API level 23
static val OPSTR_RECORD_AUDIO: String

Required to be able to access the microphone device.

Value: "android:record_audio"

OPSTR_SEND_SMS

Added in API level 23
static val OPSTR_SEND_SMS: String

Allows an application to send SMS messages.

Value: "android:send_sms"

OPSTR_SYSTEM_ALERT_WINDOW

Added in API level 23
static val OPSTR_SYSTEM_ALERT_WINDOW: String

Required to draw on top of other apps.

Value: "android:system_alert_window"

OPSTR_USE_FINGERPRINT

Added in API level 23
static val OPSTR_USE_FINGERPRINT: String

Use the fingerprint API.

Value: "android:use_fingerprint"

OPSTR_USE_SIP

Added in API level 23
static val OPSTR_USE_SIP: String

Access APIs for SIP calling over VOIP or WiFi

Value: "android:use_sip"

OPSTR_WRITE_CALENDAR

Added in API level 23
static val OPSTR_WRITE_CALENDAR: String

Allows an application to write to the user's calendar data.

Value: "android:write_calendar"

OPSTR_WRITE_CALL_LOG

Added in API level 23
static val OPSTR_WRITE_CALL_LOG: String

Allows an application to write to the user's call log.

Value: "android:write_call_log"

OPSTR_WRITE_CONTACTS

Added in API level 23
static val OPSTR_WRITE_CONTACTS: String

Allows an application to write to the user's contacts data.

Value: "android:write_contacts"

OPSTR_WRITE_EXTERNAL_STORAGE

Added in API level 23
static val OPSTR_WRITE_EXTERNAL_STORAGE: String

Write external storage.

Value: "android:write_external_storage"

OPSTR_WRITE_SETTINGS

Added in API level 23
static val OPSTR_WRITE_SETTINGS: String

Required to write/modify/update system settings.

Value: "android:write_settings"

WATCH_FOREGROUND_CHANGES

Added in API level 29
static val WATCH_FOREGROUND_CHANGES: Int

Flag for startWatchingMode(java.lang.String,java.lang.String,int,android.app.AppOpsManager.OnOpChangedListener): Also get reports if the foreground state of an op's uid changes. This only works when watching a particular op, not when watching a package.

Value: 1

Public methods

checkOp

open fun checkOp(
    op: String,
    uid: Int,
    packageName: String
): Int

Deprecated: Deprecated in Java.

Check whether an application can perform an operation.

For platform versions before android.os.Build.VERSION_CODES#BAKLAVA, this is not a security check; you must use noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) or startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) for your actual security checks. This function can just be used for a quick check to see if an operation has been disabled for the application, as an early reject of some work.

For platform versions equal to or after android.os.Build.VERSION_CODES#BAKLAVA, it does the same security check as noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) and startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String), and should be preferred to use.

This API does not modify the time stamp or other data about the operation.

Parameters
op String: The operation to check. One of the OPSTR_* constants. This value cannot be null.
uid Int: The uid of the application attempting to perform the operation.
packageName String: The name of the application attempting to perform the operation. This value cannot be null.
Return
Int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).
Exceptions
java.lang.SecurityException If the app has been configured to crash on this op.

checkOpNoThrow

open fun checkOpNoThrow(
    op: String,
    uid: Int,
    packageName: String
): Int

Deprecated: Deprecated in Java.

Like checkOp(java.lang.String,int,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

checkPackage

Added in API level 19
Deprecated in API level 30
open fun checkPackage(
    uid: Int,
    packageName: String
): Unit

Deprecated: Use android.content.pm.PackageManager#getPackageUid instead

Parameters
packageName String: This value cannot be null.

finishOp

Added in API level 19
Deprecated in API level 30
open fun finishOp(
    op: String,
    uid: Int,
    packageName: String
): Unit

Deprecated: Use finishOp(java.lang.String,int,java.lang.String,java.lang.String) instead

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

finishOp

Added in API level 30
open fun finishOp(
    op: String,
    uid: Int,
    packageName: String,
    attributionTag: String?
): Unit

Report that an application is no longer performing an operation that had previously been started with startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String). There is no validation of input or result; the parameters supplied here must be the exact same ones previously passed in when starting the operation.

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.
attributionTag String?: This value may be null.

finishProxyOp

Added in API level 31
open fun finishProxyOp(
    op: String,
    proxiedUid: Int,
    proxiedPackageName: String,
    proxiedAttributionTag: String?
): Unit

Report that an application is no longer performing an operation that had previously been started with startProxyOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String). There is no validation of input or result; the parameters supplied here must be the exact same ones previously passed in when starting the operation.

Parameters
op String: The operation which was started This value cannot be null.
proxiedUid Int: The proxied appp's UID
proxiedPackageName String: The proxied appp's package name This value cannot be null.
proxiedAttributionTag String?: The proxied appp's attribution tag or null for default attribution

isOpActive

Added in API level 30
open fun isOpActive(
    op: String,
    uid: Int,
    packageName: String
): Boolean

Checks whether the given op for a package is active, i.e. did someone call #startOp without #finishOp yet.

If you don't hold the android.Manifest.permission#WATCH_APPOPS permission you can query only for your UID.

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

noteOp

Added in API level 19
Deprecated in API level 30
open fun noteOp(
    op: String,
    uid: Int,
    packageName: String
): Int

Deprecated: Use noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) instead

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

noteOp

Added in API level 30
open fun noteOp(
    op: String,
    uid: Int,
    packageName: String?,
    attributionTag: String?,
    message: String?
): Int

Make note of an application performing an operation and check if the application is allowed to perform it.

If this is a check that is not preceding the protected operation, use unsafeCheckOp instead.

The identity of the package the app-op is noted for is specified by the uid and packageName parameters. If this is noted for a regular app both should be set and the package needs to be part of the uid. In the very rare case that an app-op is noted for an entity that does not have a package name, the package can be null. As it is possible that a single process contains more than one package the packageName should be read from the context of the caller of the API (in the app process) that eventually triggers this check. If this op is not noted for a running process the packageName cannot be read from the context, but it should be clear which package the note is for.

If the uid and packageName do not match this return MODE_IGNORED.

Beside the access check this method also records the access. While the access check is based on uid and/or packageName the access recording is done based on the packageName and attributionTag. The attributionTag should be read from the same context the package name is read from. In the case the check is not related to an API call, the attributionTag should be null. Please note that e.g. registering a callback for later is still an API call and the code should store the attribution tag along the package name for being used in this method later.

The message parameter only needs to be set when this method is

    not
called in a two-way binder call from the client. In this case the message is a free form text that is meant help the app developer determine what part of the app's code triggered the note. This message is passed back to the app in the OnOpNotedCallback.onAsyncNoted(AsyncNotedAppOp) callback. A good example of a useful message is including the System.identityHashCode(Object) of the listener that will receive data or the name of the manifest-receiver.
Parameters
op String: The operation to note. One of the OPSTR_* constants. This value cannot be null.
uid Int: The uid of the application attempting to perform the operation.
packageName String?: The name of the application attempting to perform the operation. This value may be null.
attributionTag String?: The attribution tag of the calling context or null for default attribution
message String?: A message describing why the op was noted This value may be null.
Return
Int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).
Exceptions
java.lang.SecurityException If the app has been configured to crash on this op.

noteOpNoThrow

Added in API level 19
Deprecated in API level 30
open fun noteOpNoThrow(
    op: String,
    uid: Int,
    packageName: String
): Int

Deprecated: Use noteOpNoThrow(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) instead

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

noteOpNoThrow

Added in API level 30
open fun noteOpNoThrow(
    op: String,
    uid: Int,
    packageName: String,
    attributionTag: String?,
    message: String?
): Int

Like noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.
attributionTag String?: This value may be null.
message String?: This value may be null.

noteProxyOp

Added in API level 23
Deprecated in API level 30
open fun noteProxyOp(
    op: String,
    proxiedPackageName: String
): Int

Deprecated: Use noteProxyOp(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String) instead

Parameters
op String: This value cannot be null.
proxiedPackageName String: This value cannot be null.

noteProxyOp

Added in API level 30
open fun noteProxyOp(
    op: String,
    proxiedPackageName: String?,
    proxiedUid: Int,
    proxiedAttributionTag: String?,
    message: String?
): Int

Make note of an application performing an operation on behalf of another application when handling an IPC. This function will verify that the calling uid and proxied package name match, and if not, return MODE_IGNORED. If this call succeeds, the last execution time of the operation for the proxied app and your app will be updated to the current time.

Parameters
op String: The operation to note. One of the OPSTR_* constants. This value cannot be null.
proxiedPackageName String?: The name of the application calling into the proxy application. This value may be null.
proxiedUid Int: The uid of the proxied application
proxiedAttributionTag String?: The proxied attribution tag or null for default attribution
message String?: A message describing the reason the op was noted This value may be null.
Return
Int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).
Exceptions
java.lang.SecurityException If the proxy or proxied app has been configured to crash on this op.

noteProxyOpNoThrow

Added in API level 23
Deprecated in API level 30
open fun noteProxyOpNoThrow(
    op: String,
    proxiedPackageName: String
): Int

Deprecated: Use noteProxyOpNoThrow(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String) instead

Parameters
op String: This value cannot be null.
proxiedPackageName String: This value cannot be null.

noteProxyOpNoThrow

Added in API level 29
Deprecated in API level 30
open fun noteProxyOpNoThrow(
    op: String,
    proxiedPackageName: String?,
    proxiedUid: Int
): Int

Deprecated: Use noteProxyOpNoThrow(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String) instead

Parameters
op String: This value cannot be null.
proxiedPackageName String?: This value may be null.

noteProxyOpNoThrow

Added in API level 30
open fun noteProxyOpNoThrow(
    op: String,
    proxiedPackageName: String?,
    proxiedUid: Int,
    proxiedAttributionTag: String?,
    message: String?
): Int

Like noteProxyOp(java.lang.String,java.lang.String,int,java.lang.String,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.
proxiedPackageName String?: This value may be null.
proxiedAttributionTag String?: This value may be null.
message String?: This value may be null.

permissionToOp

Added in API level 23
open static fun permissionToOp(permission: String): String?

Gets the app-op name associated with a given permission.

The app-op name is one of the public constants defined in this class such as OPSTR_COARSE_LOCATION. This API is intended to be used for mapping runtime permissions to the corresponding app-op.

Parameters
permission String: The permission. This value cannot be null.
Return
String? The app-op associated with the permission or null.

setOnOpNotedCallback

Added in API level 30
open fun setOnOpNotedCallback(
    asyncExecutor: Executor?,
    callback: AppOpsManager.OnOpNotedCallback?
): Unit

Set a new OnOpNotedCallback.

There can only ever be one collector per process. If there currently is another callback set, this will fail.

Note that if an app has multiple processes registering for this callback, the system would fan out async op noted callbacks to each of the processes, resulting in the same data being delivered multiple times to an app, which is usually undesired. To avoid this, consider listening to async ops only in one process. See #setOnOpNotedCallback(java.util.concurrent.Executor,android.app.AppOpsManager.OnOpNotedCallback,int) for how to do this.

Parameters
asyncExecutor Executor?: executor to execute OnOpNotedCallback.onAsyncNoted on, null to unset Callback and listener events are dispatched through this Executor, providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor(). Otherwise, provide an Executor that dispatches to an appropriate thread.
callback AppOpsManager.OnOpNotedCallback?: listener to set, null to unset
Exceptions
java.lang.IllegalStateException If another callback is already registered

startOp

Added in API level 19
Deprecated in API level 30
open fun startOp(
    op: String,
    uid: Int,
    packageName: String
): Int

Deprecated: use startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) instead

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

startOp

Added in API level 30
open fun startOp(
    op: String,
    uid: Int,
    packageName: String?,
    attributionTag: String?,
    message: String?
): Int

Report that an application has started executing a long-running operation.

For more details how to determine the callingPackageName, callingAttributionTag, and message, please check the description in noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String)

Parameters
op String: The operation to start. One of the OPSTR_* constants. This value cannot be null.
uid Int: The user id of the application attempting to perform the operation.
packageName String?: The name of the application attempting to perform the operation. This value may be null.
attributionTag String?: The attribution tag or null for default attribution
message String?: Description why op was started This value may be null.
Return
Int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).
Exceptions
java.lang.SecurityException If the app has been configured to crash on this op or the package is not in the passed in UID.

startOpNoThrow

Added in API level 19
Deprecated in API level 30
open fun startOpNoThrow(
    op: String,
    uid: Int,
    packageName: String
): Int

Deprecated: use startOpNoThrow(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) instead

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

startOpNoThrow

Added in API level 30
open fun startOpNoThrow(
    op: String,
    uid: Int,
    packageName: String,
    attributionTag: String?,
    message: String?
): Int

Like startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.
attributionTag String?: This value may be null.
message String?: This value may be null.

startProxyOp

Added in API level 31
open fun startProxyOp(
    op: String,
    proxiedUid: Int,
    proxiedPackageName: String,
    proxiedAttributionTag: String?,
    message: String?
): Int

Report that an application has started executing a long-running operation on behalf of another application when handling an IPC. This function will verify that the calling uid and proxied package name match, and if not, return MODE_IGNORED.

Parameters
op String: The op to note This value cannot be null.
proxiedUid Int: The uid to note the op for null
proxiedPackageName String: The package name the uid belongs to This value cannot be null.
proxiedAttributionTag String?: The proxied attribution tag or null for default attribution
message String?: A message describing the reason the op was noted This value may be null.
Return
Int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).
Exceptions
java.lang.SecurityException If the proxy or proxied app has been configured to crash on this op.

startProxyOpNoThrow

Added in API level 31
open fun startProxyOpNoThrow(
    op: String,
    proxiedUid: Int,
    proxiedPackageName: String,
    proxiedAttributionTag: String?,
    message: String?
): Int

Like startProxyOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.
proxiedPackageName String: This value cannot be null.
proxiedAttributionTag String?: This value may be null.
message String?: This value may be null.

startWatchingActive

Added in API level 30
open fun startWatchingActive(
    ops: Array<String!>,
    executor: Executor,
    callback: AppOpsManager.OnOpActiveChangedListener
): Unit

Start watching for changes to the active state of app-ops. An app-op may be long running and it has a clear start and stop delimiters. If an op is being started or stopped by any package you will get a callback. To change the watched ops for a registered callback you need to unregister and register it again.

If you don't hold the android.Manifest.permission#WATCH_APPOPS permission you can watch changes only for your UID.

Parameters
ops Array<String!>: The operations to watch. This value cannot be null.
callback AppOpsManager.OnOpActiveChangedListener: Where to report changes. This value cannot be null.
executor Executor: Callback and listener events are dispatched through this Executor, providing an easy way to control which thread is used. To dispatch events through the main thread of your application, you can use Context.getMainExecutor(). Otherwise, provide an Executor that dispatches to an appropriate thread. This value cannot be null.

startWatchingMode

Added in API level 19
open fun startWatchingMode(
    op: String,
    packageName: String?,
    callback: AppOpsManager.OnOpChangedListener
): Unit

Monitor for changes to the operating mode for the given op in the given app package. You can watch op changes only for your UID.

Parameters
op String: The operation to monitor, one of OPSTR_*. This value cannot be null.
packageName String?: The name of the application to monitor. This value may be null.
callback AppOpsManager.OnOpChangedListener: Where to report changes. This value cannot be null.

startWatchingMode

Added in API level 29
open fun startWatchingMode(
    op: String,
    packageName: String?,
    flags: Int,
    callback: AppOpsManager.OnOpChangedListener
): Unit

Monitor for changes to the operating mode for the given op in the given app package. You can watch op changes only for your UID.

Parameters
op String: The operation to monitor, one of OPSTR_*. This value cannot be null.
packageName String?: The name of the application to monitor. This value may be null.
flags Int: Option flags: any combination of WATCH_FOREGROUND_CHANGES or 0.
callback AppOpsManager.OnOpChangedListener: Where to report changes. This value cannot be null.

stopWatchingActive

Added in API level 30
open fun stopWatchingActive(callback: AppOpsManager.OnOpActiveChangedListener): Unit

Stop watching for changes to the active state of an app-op. An app-op may be long running and it has a clear start and stop delimiters. Unregistering a non-registered callback has no effect.

Parameters
callback AppOpsManager.OnOpActiveChangedListener: This value cannot be null.

stopWatchingMode

Added in API level 19
open fun stopWatchingMode(callback: AppOpsManager.OnOpChangedListener): Unit

Stop monitoring that was previously started with #startWatchingMode. All monitoring associated with this callback will be removed.

Parameters
callback AppOpsManager.OnOpChangedListener: This value cannot be null.

unsafeCheckOp

open fun unsafeCheckOp(
    op: String,
    uid: Int,
    packageName: String
): Int

Check whether an application might be able to perform an operation.

For platform versions before android.os.Build.VERSION_CODES#BAKLAVA, this is not a security check; you must use noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) or startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) for your actual security checks. This function can just be used for a quick check to see if an operation has been disabled for the application, as an early reject of some work.

For platform versions equal to or after android.os.Build.VERSION_CODES#BAKLAVA, this is no longer an unsafe check, and it does the same security check as noteOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String) and startOp(java.lang.String,int,java.lang.String,java.lang.String,java.lang.String). However, it's preferred to use checkOp(java.lang.String,int,java.lang.String), since the word "unsafe" in the name of this API is no longer accurate.

This API does not modify the time stamp or other data about the operation.

Parameters
op String: The operation to check. One of the OPSTR_* constants. This value cannot be null.
uid Int: The user id of the application attempting to perform the operation.
packageName String: The name of the application attempting to perform the operation. This value cannot be null.
Return
Int Returns MODE_ALLOWED if the operation is allowed, or MODE_IGNORED if it is not allowed and should be silently ignored (without causing the app to crash).
Exceptions
java.lang.SecurityException If the app has been configured to crash on this op.

unsafeCheckOpNoThrow

open fun unsafeCheckOpNoThrow(
    op: String,
    uid: Int,
    packageName: String
): Int

Like unsafeCheckOp(java.lang.String,int,java.lang.String) but instead of throwing a SecurityException it returns MODE_ERRORED.

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

unsafeCheckOpRaw

open fun unsafeCheckOpRaw(
    op: String,
    uid: Int,
    packageName: String
): Int

Like checkOp but returns the raw mode associated with the op. Does not throw a security exception, does not translate MODE_FOREGROUND.

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.

unsafeCheckOpRawNoThrow

open fun unsafeCheckOpRawNoThrow(
    op: String,
    uid: Int,
    packageName: String
): Int

Like checkOp but returns the raw mode associated with the op. Does not throw a security exception, does not translate MODE_FOREGROUND.

Parameters
op String: This value cannot be null.
packageName String: This value cannot be null.