Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 184b3753 authored by Amith Yamasani's avatar Amith Yamasani
Browse files

Add getPermissionGrantState method in device policy

This is to have a way to query what permission state was set by
the profile owner.

Bug: 21356830
Change-Id: Ie396e946b4285267c1d95f82b9d9765b43697d3c
parent b0eb08b5
Loading
Loading
Loading
Loading
+1 −0
Original line number Diff line number Diff line
@@ -5724,6 +5724,7 @@ package android.app.admin {
    method public int getPasswordMinimumSymbols(android.content.ComponentName);
    method public int getPasswordMinimumUpperCase(android.content.ComponentName);
    method public int getPasswordQuality(android.content.ComponentName);
    method public int getPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String);
    method public int getPermissionPolicy(android.content.ComponentName);
    method public java.util.List<java.lang.String> getPermittedAccessibilityServices(android.content.ComponentName);
    method public java.util.List<java.lang.String> getPermittedInputMethods(android.content.ComponentName);
+1 −0
Original line number Diff line number Diff line
@@ -5827,6 +5827,7 @@ package android.app.admin {
    method public int getPasswordMinimumSymbols(android.content.ComponentName);
    method public int getPasswordMinimumUpperCase(android.content.ComponentName);
    method public int getPasswordQuality(android.content.ComponentName);
    method public int getPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String);
    method public int getPermissionPolicy(android.content.ComponentName);
    method public java.util.List<java.lang.String> getPermittedAccessibilityServices(android.content.ComponentName);
    method public java.util.List<java.lang.String> getPermittedAccessibilityServices(int);
+27 −0
Original line number Diff line number Diff line
@@ -4448,4 +4448,31 @@ public class DevicePolicyManager {
            return false;
        }
    }

    /**
     * Returns the current grant state of a runtime permission for a specific application.
     *
     * @param admin Which profile or device owner this request is associated with.
     * @param packageName The application to check the grant state for.
     * @param permission The permission to check for.
     * @return the current grant state specified by device policy. If the profile or device owner
     * has not set a grant state, the return value is {@link #PERMISSION_GRANT_STATE_DEFAULT}.
     * This does not indicate whether or not the permission is currently granted for the package.
     *
     * <p/>If a grant state was set by the profile or device owner, then the return value will
     * be one of {@link #PERMISSION_GRANT_STATE_DENIED} or {@link #PERMISSION_GRANT_STATE_GRANTED},
     * which indicates if the permission is currently denied or granted.
     *
     * @see #setPermissionGrantState(ComponentName, String, String, int)
     * @see PackageManager#checkPermission(String, String)
     */
    public int getPermissionGrantState(ComponentName admin, String packageName,
            String permission) {
        try {
            return mService.getPermissionGrantState(admin, packageName, permission);
        } catch (RemoteException re) {
            Log.w(TAG, "Failed talking with device policy service", re);
            return PERMISSION_GRANT_STATE_DEFAULT;
        }
    }
}
+1 −0
Original line number Diff line number Diff line
@@ -236,4 +236,5 @@ interface IDevicePolicyManager {
    int  getPermissionPolicy(in ComponentName admin);
    boolean setPermissionGrantState(in ComponentName admin, String packageName,
            String permission, int grantState);
    int getPermissionGrantState(in ComponentName admin, String packageName, String permission);
}
+30 −0
Original line number Diff line number Diff line
@@ -6429,4 +6429,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
            }
        }
    }

    @Override
    public int getPermissionGrantState(ComponentName admin, String packageName,
            String permission) throws RemoteException {
        PackageManager packageManager = mContext.getPackageManager();

        // Do this before clearing the caller's identity
        int granted = packageManager.checkPermission(permission, packageName);

        UserHandle user = Binder.getCallingUserHandle();
        synchronized (this) {
            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
            long ident = Binder.clearCallingIdentity();
            try {
                int permFlags = packageManager.getPermissionFlags(permission, packageName, user);
                if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED)
                        != PackageManager.FLAG_PERMISSION_POLICY_FIXED) {
                    // Not controlled by policy
                    return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT;
                } else {
                    // Policy controlled so return result based on permission grant state
                    return granted == PackageManager.PERMISSION_GRANTED
                            ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED
                            : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED;
                }
            } finally {
                Binder.restoreCallingIdentity(ident);
            }
        }
    }
}