Allow DO/PO to go back to normal permission state. (d8ecc5ae) · Commits · e / os / android_frameworks_base

api/current.txt

+4 −1

Original line number	Diff line number	Diff line
		@@ -5773,7 +5773,7 @@ package android.app.admin {
		method public void setPasswordMinimumSymbols(android.content.ComponentName, int);
		method public void setPasswordMinimumUpperCase(android.content.ComponentName, int);
		method public void setPasswordQuality(android.content.ComponentName, int);
		method public boolean setPermissionGranted(android.content.ComponentName, java.lang.String, java.lang.String, boolean);
		method public boolean setPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String, int);
		method public void setPermissionPolicy(android.content.ComponentName, int);
		method public boolean setPermittedAccessibilityServices(android.content.ComponentName, java.util.List<java.lang.String>);
		method public boolean setPermittedInputMethods(android.content.ComponentName, java.util.List<java.lang.String>);
		@@ -5862,6 +5862,9 @@ package android.app.admin {
		field public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX = 196608; // 0x30000
		field public static final int PASSWORD_QUALITY_SOMETHING = 65536; // 0x10000
		field public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; // 0x0
		field public static final int PERMISSION_GRANT_STATE_DEFAULT = 0; // 0x0
		field public static final int PERMISSION_GRANT_STATE_DENIED = 2; // 0x2
		field public static final int PERMISSION_GRANT_STATE_GRANTED = 1; // 0x1
		field public static final int PERMISSION_POLICY_AUTO_DENY = 2; // 0x2
		field public static final int PERMISSION_POLICY_AUTO_GRANT = 1; // 0x1
		field public static final int PERMISSION_POLICY_PROMPT = 0; // 0x0

api/system-current.txt

+4 −1

Original line number	Diff line number	Diff line
		@@ -5882,7 +5882,7 @@ package android.app.admin {
		method public void setPasswordMinimumSymbols(android.content.ComponentName, int);
		method public void setPasswordMinimumUpperCase(android.content.ComponentName, int);
		method public void setPasswordQuality(android.content.ComponentName, int);
		method public boolean setPermissionGranted(android.content.ComponentName, java.lang.String, java.lang.String, boolean);
		method public boolean setPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String, int);
		method public void setPermissionPolicy(android.content.ComponentName, int);
		method public boolean setPermittedAccessibilityServices(android.content.ComponentName, java.util.List<java.lang.String>);
		method public boolean setPermittedInputMethods(android.content.ComponentName, java.util.List<java.lang.String>);
		@@ -5976,6 +5976,9 @@ package android.app.admin {
		field public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX = 196608; // 0x30000
		field public static final int PASSWORD_QUALITY_SOMETHING = 65536; // 0x10000
		field public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; // 0x0
		field public static final int PERMISSION_GRANT_STATE_DEFAULT = 0; // 0x0
		field public static final int PERMISSION_GRANT_STATE_DENIED = 2; // 0x2
		field public static final int PERMISSION_GRANT_STATE_GRANTED = 1; // 0x1
		field public static final int PERMISSION_POLICY_AUTO_DENY = 2; // 0x2
		field public static final int PERMISSION_POLICY_AUTO_GRANT = 1; // 0x1
		field public static final int PERMISSION_POLICY_PROMPT = 0; // 0x0

core/java/android/app/admin/DevicePolicyManager.java

+37 −10

Original line number	Diff line number	Diff line
		@@ -825,6 +825,23 @@ public class DevicePolicyManager {
		*/
		public static final int PERMISSION_POLICY_AUTO_DENY = 2;

		/**
		* Runtime permission state: The user can manage the permission
		* through the UI.
		*/
		public static final int PERMISSION_GRANT_STATE_DEFAULT = 0;

		/**
		* Runtime permission state: The permission is granted to the app
		* and the user cannot manage the permission through the UI.
		*/
		public static final int PERMISSION_GRANT_STATE_GRANTED = 1;

		/**
		* Runtime permission state: The permission is denied to the app
		* and the user cannot manage the permission through the UI.
		*/
		public static final int PERMISSION_GRANT_STATE_DENIED = 2;

		/**
		* Return true if the given administrator component is currently
		@@ -4401,21 +4418,31 @@ public class DevicePolicyManager {
		}

		/**
		* Grants or revokes a runtime permission to a specific application so that the user
		* does not have to be prompted. This might affect all permissions in a group that the
		* runtime permission belongs to. This method can only be called by a profile or device
		* owner.
		* Sets the grant state of a runtime permission for a specific application. The state
		* can be {@link #PERMISSION_GRANT_STATE_DEFAULT default} in which a user can manage it
		* through the UI, {@link #PERMISSION_GRANT_STATE_DENIED denied}, in which the permission
		* is denied and the user cannot manage it through the UI, and {@link
		* #PERMISSION_GRANT_STATE_GRANTED granted} in which the permission is granted and the
		* user cannot manage it through the UI. This might affect all permissions in a
		* group that the runtime permission belongs to. This method can only be called
		* by a profile or device owner.
		*
		* @param admin Which profile or device owner this request is associated with.
		* @param packageName The application to grant or revoke a permission to.
		* @param permission The permission to grant or revoke.
		* @param granted Whether or not to grant the permission. If false, all permissions in the
		* associated permission group will be denied.
		* @return whether the permission was successfully granted or revoked
		* @param grantState The permission grant state which is one of {@link
		* #PERMISSION_GRANT_STATE_DENIED}, {@link #PERMISSION_GRANT_STATE_DEFAULT},
		* {@link #PERMISSION_GRANT_STATE_GRANTED},
		* @return whether the permission was successfully granted or revoked.
		*
		* @see #PERMISSION_GRANT_STATE_DENIED
		* @see #PERMISSION_GRANT_STATE_DEFAULT
		* @see #PERMISSION_GRANT_STATE_GRANTED
		*/
		public boolean setPermissionGranted(ComponentName admin, String packageName,
		String permission, boolean granted) {
		public boolean setPermissionGrantState(ComponentName admin, String packageName,
		String permission, int grantState) {
		try {
		return mService.setPermissionGranted(admin, packageName, permission, granted);
		return mService.setPermissionGrantState(admin, packageName, permission, grantState);
		} catch (RemoteException re) {
		Log.w(TAG, "Failed talking with device policy service", re);
		return false;

core/java/android/app/admin/IDevicePolicyManager.aidl

+2 −2

Original line number	Diff line number	Diff line
		@@ -234,6 +234,6 @@ interface IDevicePolicyManager {

		void setPermissionPolicy(in ComponentName admin, int policy);
		int getPermissionPolicy(in ComponentName admin);
		boolean setPermissionGranted(in ComponentName admin, String packageName, String permission,
		boolean granted);
		boolean setPermissionGrantState(in ComponentName admin, String packageName,
		String permission, int grantState);
		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+22 −13

Original line number	Diff line number	Diff line
		@@ -6392,25 +6392,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}

		@Override
		public boolean setPermissionGranted(ComponentName admin, String packageName,
		String permission, boolean granted) throws RemoteException {
		public boolean setPermissionGrantState(ComponentName admin, String packageName,
		String permission, int grantState) throws RemoteException {
		UserHandle user = Binder.getCallingUserHandle();
		synchronized (this) {
		getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
		long ident = Binder.clearCallingIdentity();
		try {
		PackageManager packageManager = mContext.getPackageManager();
		if (granted) {
		switch (grantState) {
		case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
		packageManager.grantRuntimePermission(packageName, permission, user);
		packageManager.updatePermissionFlags(permission, packageName,
		PackageManager.FLAG_PERMISSION_POLICY_FIXED,
		PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
		} else {
		} break;

		case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: {
		packageManager.revokeRuntimePermission(packageName,
		permission, user);
		packageManager.updatePermissionFlags(permission, packageName,
		PackageManager.FLAG_PERMISSION_POLICY_FIXED,
		PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
		} break;

		case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: {
		packageManager.updatePermissionFlags(permission, packageName,
		PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user);
		} break;
		}
		return true;
		} catch (SecurityException se) {