Add admin-granted permissions to Enterprise Privacy Settings page

    <string name="enterprise_privacy_security_logs">Your most recent security log</string>

    <!-- Label indicating that the date at which the admin last took a particular action was "never" (i.e. the admin never took the action so far). -->

    <string name="enterprise_privacy_never">Never</string>

    <!-- Label indicating how many apps were installed on the device by the admin. [CHAR LIMIT=NONE] -->

    <plurals name="enterprise_privacy_number_enterprise_installed_packages">

        <item quantity="one"><xliff:g id="count">%d</xliff:g> app installed by your admin</item>

        <item quantity="other"><xliff:g id="count">%d</xliff:g> apps installed by your admin</item>

    </plurals>

    <!-- Label indicating how many apps were granted permission to access the device's location by the admin. [CHAR LIMIT=NONE] -->

    <plurals name="enterprise_privacy_number_location_access_packages">

        <item quantity="one"><xliff:g id="count">%d</xliff:g> app allowed access to your location by your admin</item>

        <item quantity="other"><xliff:g id="count">%d</xliff:g> apps allowed access to your location by your admin</item>

    </plurals>

    <!-- Label indicating how many apps were granted permission to access the microphone by the admin. [CHAR LIMIT=NONE] -->

    <plurals name="enterprise_privacy_number_microphone_access_packages">

        <item quantity="one"><xliff:g id="count">%d</xliff:g> app allowed access to your microphone by your admin</item>

        <item quantity="other"><xliff:g id="count">%d</xliff:g> apps allowed access to your microphone by your admin</item>

    </plurals>

    <!-- Label indicating how many apps were granted permission to access the camera by the admin. [CHAR LIMIT=NONE] -->

    <plurals name="enterprise_privacy_number_camera_access_packages">

        <item quantity="one"><xliff:g id="count">%d</xliff:g> app allowed access to your camera by your admin</item>

        <item quantity="other"><xliff:g id="count">%d</xliff:g> apps allowed access to your camera by your admin</item>

    </plurals>

    <!-- Label explaining that an always-on VPN was set by the admin for the entire device. [CHAR LIMIT=NONE] -->

    <string name="enterprise_privacy_always_on_vpn_device">Always-on VPN turned on</string>

    <!-- Label explaining that an always-on VPN was set by the admin in the personal profile. [CHAR LIMIT=NONE] -->

    <string name="enterprise_privacy_always_on_vpn_work">Always-on VPN turned on in your work profile</string>

    <!-- Label explaining that a global HTTP proxy was set by the admin. [CHAR LIMIT=NONE] -->

    <string name="enterprise_privacy_global_http_proxy">Global HTTP proxy set</string>

    <!-- Label indicating how many apps were installed on the device by the admin. [CHAR LIMIT=NONE] -->

    <plurals name="enterprise_privacy_number_enterprise_installed_packages">

        <item quantity="one"><xliff:g id="count">%d</xliff:g> app installed by your admin</item>

        <item quantity="other"><xliff:g id="count">%d</xliff:g> apps installed by your admin</item>

    </plurals>

    <!-- Preference label for the Photos & Videos storage section. [CHAR LIMIT=50] -->

    <string name="storage_photos_videos">Photos &amp; Videos</string>

    </PreferenceCategory>

    <PreferenceCategory android:title="@string/enterprise_privacy_exposure_changes_category">

        <com.android.settings.DividerPreference

                android:key="number_enterprise_installed_packages"

                settings:allowDividerBelow="true"

                settings:multiLine="true"/>

        <com.android.settings.DividerPreference

                android:key="enterprise_privacy_number_location_access_packages"

                settings:allowDividerBelow="true"

                settings:multiLine="true"/>

        <com.android.settings.DividerPreference

                android:key="enterprise_privacy_number_microphone_access_packages"

                settings:allowDividerBelow="true"

                settings:multiLine="true"/>

        <com.android.settings.DividerPreference

                android:key="enterprise_privacy_number_camera_access_packages"

                settings:allowDividerBelow="true"

                settings:multiLine="true"/>

        <com.android.settings.DividerPreference

                android:key="always_on_vpn_primary_user"

                settings:allowDividerBelow="true"

                android:title="@string/enterprise_privacy_global_http_proxy"

                settings:allowDividerBelow="true"

                settings:multiLine="true"/>

        <com.android.settings.DividerPreference

                android:key="number_enterprise_installed_packages"

                settings:allowDividerBelow="true"

                settings:multiLine="true"/>

    </PreferenceCategory>

    <PreferenceCategory android:title="@string/enterprise_privacy_device_access_category">

/*

 * Copyright (C) 2017 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file

 * except in compliance with the License. You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software distributed under the

 * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

 * KIND, either express or implied. See the License for the specific language governing

 * permissions and limitations under the License.

 */

package com.android.settings.applications;

import android.app.admin.DevicePolicyManager;

import android.content.Context;

import android.content.pm.ApplicationInfo;

import android.content.pm.IPackageManager;

import android.content.pm.PackageManager;

import android.os.Build;

import android.os.RemoteException;

import android.os.UserHandle;

import com.android.settings.enterprise.DevicePolicyManagerWrapper;

/**

 * Counts installed apps across all users that have been granted one or more specific permissions by

 * the admin.

 */

public abstract class AppWithAdminGrantedPermissionsCounter extends AppCounter {

    private final String[] mPermissions;

    private final PackageManagerWrapper mPackageManager;

    private final IPackageManager mPackageManagerService;

    private final DevicePolicyManagerWrapper mDevicePolicyManager;

    public AppWithAdminGrantedPermissionsCounter(Context context, String[] permissions,

            PackageManagerWrapper packageManager, IPackageManager packageManagerService,

            DevicePolicyManagerWrapper devicePolicyManager) {

        super(context, packageManager);

        mPermissions = permissions;

        mPackageManager = packageManager;

        mPackageManagerService = packageManagerService;

        mDevicePolicyManager = devicePolicyManager;

    }

    @Override

    protected boolean includeInCount(ApplicationInfo info) {

        if (info.targetSdkVersion >= Build.VERSION_CODES.M) {

            // The app uses run-time permissions. Check whether one or more of the permissions were

            // granted by enterprise policy.

            for (final String permission : mPermissions) {

                if (mDevicePolicyManager.getPermissionGrantState(null /* admin */, info.packageName,

                        permission) == DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED) {

                    return true;

                }

            }

            return false;

        }

        // The app uses install-time permissions. Check whether the app requested one or more of the

        // permissions and was installed by enterprise policy, implicitly granting permissions.

        if (mPackageManager.getInstallReason(info.packageName,

                new UserHandle(UserHandle.getUserId(info.uid)))

                        != PackageManager.INSTALL_REASON_POLICY) {

            return false;

        }

        try {

            for (final String permission : mPermissions) {

                if (mPackageManagerService.checkUidPermission(permission, info.uid)

                        == PackageManager.PERMISSION_GRANTED) {

                    return true;

                }

            }

        } catch (RemoteException exception) {

        }

        return false;

    }

}

     * Asynchronously calculates the total number of apps installed on the device, across all users

     * and managed profiles.

     *

     * @param installReason Only consider packages with this install reason; may be any install

     *         reason defined in {@link android.content.pm.PackageManager} or

     *         {@link #IGNORE_INSTALL_REASON} to count all packages, irrespective of install reason.

     * @param installReason Only consider apps with this install reason; may be any install reason

     *         defined in {@link android.content.pm.PackageManager} or

     *         {@link #IGNORE_INSTALL_REASON} to count all apps, irrespective of install reason.

     * @param callback The callback to invoke with the result

     */

    void calculateNumberOfInstalledApps(int installReason, NumberOfInstalledAppsCallback callback);

    void calculateNumberOfInstalledApps(int installReason, NumberOfAppsCallback callback);

    /**

     * Callback that receives the total number of packages installed on the device.

     * Asynchronously calculates the total number of apps installed on the device, across all users

     * and managed profiles, that have been granted one or more of the given permissions by the

     * admin.

     *

     * @param permissions Only consider apps that have been granted one or more of these permissions

     *        by the admin, either at run-time or install-time

     * @param callback The callback to invoke with the result

     */

    void calculateNumberOfAppsWithAdminGrantedPermissions(String[] permissions,

            NumberOfAppsCallback callback);

    /**

     * Callback that receives the number of packages installed on the device.

     */

    interface NumberOfInstalledAppsCallback {

        void onNumberOfInstalledAppsResult(int num);

    interface NumberOfAppsCallback {

        void onNumberOfAppsResult(int num);

    }

}

import android.app.Fragment;

import android.content.Context;

import android.content.pm.IPackageManager;

import android.content.pm.UserInfo;

import android.os.UserManager;

import android.view.View;

import com.android.settings.enterprise.DevicePolicyManagerWrapper;

import java.util.List;

public class ApplicationFeatureProviderImpl implements ApplicationFeatureProvider {

    private final Context mContext;

    private final PackageManagerWrapper mPm;

    private final IPackageManager mPms;

    private final DevicePolicyManagerWrapper mDpm;

    private final UserManager mUm;

    public ApplicationFeatureProviderImpl(Context context, PackageManagerWrapper pm) {

    public ApplicationFeatureProviderImpl(Context context, PackageManagerWrapper pm,

            IPackageManager pms, DevicePolicyManagerWrapper dpm) {

        mContext = context.getApplicationContext();

        mPm = pm;

        mPms = pms;

        mDpm = dpm;

        mUm = UserManager.get(mContext);

    }

    }

    @Override

    public void calculateNumberOfInstalledApps(int installReason,

            NumberOfInstalledAppsCallback callback) {

        new AllUserInstalledAppCounter(installReason, callback).execute();

    public void calculateNumberOfInstalledApps(int installReason, NumberOfAppsCallback callback) {

        new AllUserInstalledAppCounter(mContext, installReason, mPm, callback).execute();

    }

    @Override

    public void calculateNumberOfAppsWithAdminGrantedPermissions(String[] permissions,

            NumberOfAppsCallback callback) {

        new AllUserAppWithAdminGrantedPermissionsCounter(mContext, permissions, mPm, mPms, mDpm,

                callback).execute();

    }

    private static class AllUserInstalledAppCounter extends InstalledAppCounter {

        private NumberOfAppsCallback mCallback;

        AllUserInstalledAppCounter(Context context, int installReason,

                PackageManagerWrapper packageManager, NumberOfAppsCallback callback) {

            super(context, installReason, packageManager);

            mCallback = callback;

        }

        @Override

        protected void onCountComplete(int num) {

            mCallback.onNumberOfAppsResult(num);

        }

        @Override

        protected List<UserInfo> getUsersToCount() {

            return mUm.getUsers(true /* excludeDying */);

        }

    }

    private class AllUserInstalledAppCounter extends InstalledAppCounter {

        private NumberOfInstalledAppsCallback mCallback;

    private static class AllUserAppWithAdminGrantedPermissionsCounter extends

            AppWithAdminGrantedPermissionsCounter {

        private NumberOfAppsCallback mCallback;

        AllUserInstalledAppCounter(int installReason, NumberOfInstalledAppsCallback callback) {

            super(mContext, installReason, ApplicationFeatureProviderImpl.this.mPm);

        AllUserAppWithAdminGrantedPermissionsCounter(Context context, String[] permissions,

                PackageManagerWrapper packageManager, IPackageManager packageManagerService,

                DevicePolicyManagerWrapper devicePolicyManager, NumberOfAppsCallback callback) {

            super(context, permissions, packageManager, packageManagerService, devicePolicyManager);

            mCallback = callback;

        }

        @Override

        protected void onCountComplete(int num) {

            mCallback.onNumberOfInstalledAppsResult(num);

            mCallback.onNumberOfAppsResult(num);

        }

        @Override