Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7e6bc8ad authored by Philip P. Moltmann's avatar Philip P. Moltmann Committed by Android (Google) Code Review
Browse files

Merge changes from topic "GroupWithGrantedAndDeniedPerm" into qt-dev

* changes:
  Only set perm that is changed to policy-fixed
  Don't grant policy fixed permission on request
parents b53bbab7 6a500c73
Loading
Loading
Loading
Loading
+12 −5
Original line number Diff line number Diff line
@@ -1020,12 +1020,19 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
        return wasAllRevoked;
    }

    public void setPolicyFixed() {
        final int permissionCount = mPermissions.size();
        for (int i = 0; i < permissionCount; i++) {
            Permission permission = mPermissions.valueAt(i);
    /**
     * Mark permissions in this group as policy fixed.
     *
     * @param filterPermissions The permissions to mark
     */
    public void setPolicyFixed(@NonNull String[] filterPermissions) {
        for (String permissionName : filterPermissions) {
            Permission permission = mPermissions.get(permissionName);

            if (permission != null) {
                permission.setPolicyFixed(true);
            }
        }

        if (!mDelayChanges) {
            persistChanges(false);
+22 −17
Original line number Diff line number Diff line
@@ -133,33 +133,36 @@ public class GrantPermissionsActivity extends Activity
     * affected permissions}.
     *
     * @param group The group the permission belongs to (might be a background permission group)
     * @param permission The permission to add
     * @param permName The name of the permission to add
     * @param isFirstInstance Is this the first time the groupStates get created
     */
    private void addRequestedPermissions(AppPermissionGroup group, String permission,
    private void addRequestedPermissions(AppPermissionGroup group, String permName,
            boolean isFirstInstance) {
        if (!group.isGrantingAllowed()) {
            reportRequestResult(permission,
            reportRequestResult(permName,
                    PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__IGNORED);
            // Skip showing groups that we know cannot be granted.
            return;
        }

        Permission permission = group.getPermission(permName);

        // If the permission is restricted it does not show in the UI and
        // is not added to the group at all, so check that first.
        if (group.getPermission(permission) == null && ArrayUtils.contains(mAppPermissions
                .getPackageInfo().requestedPermissions, permission)) {
            reportRequestResult(permission,
        if (permission == null && ArrayUtils.contains(
                mAppPermissions.getPackageInfo().requestedPermissions, permName)) {
            reportRequestResult(permName,
                  PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__IGNORED_RESTRICTED_PERMISSION);
            return;
        // We allow the user to choose only non-fixed permissions. A permission
        // is fixed either by device policy or the user denying with prejudice.
        } else if (group.isUserFixed()) {
            reportRequestResult(permission,
            reportRequestResult(permName,
                    PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__IGNORED_USER_FIXED);
            return;
        } else if (group.isPolicyFixed() && !group.areRuntimePermissionsGranted()) {
            reportRequestResult(permission,
        } else if (group.isPolicyFixed() && !group.areRuntimePermissionsGranted()
                || permission.isPolicyFixed()) {
            reportRequestResult(permName,
                    PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__IGNORED_POLICY_FIXED);
            return;
        }
@@ -173,36 +176,38 @@ public class GrantPermissionsActivity extends Activity
            mRequestGrantPermissionGroups.put(groupKey, state);
        }
        state.affectedPermissions = ArrayUtils.appendString(
                state.affectedPermissions, permission);
                state.affectedPermissions, permName);

        boolean skipGroup = false;
        switch (getPermissionPolicy()) {
            case DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT: {
                group.grantRuntimePermissions(false, new String[]{permission});
                final String[] filterPermissions = new String[]{permName};
                group.grantRuntimePermissions(false, filterPermissions);
                group.setPolicyFixed(filterPermissions);
                state.mState = GroupState.STATE_ALLOWED;
                group.setPolicyFixed();
                skipGroup = true;

                reportRequestResult(permission,
                reportRequestResult(permName,
                        PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__AUTO_GRANTED);
            } break;

            case DevicePolicyManager.PERMISSION_POLICY_AUTO_DENY: {
                final String[] filterPermissions = new String[]{permName};
                group.setPolicyFixed(filterPermissions);
                state.mState = GroupState.STATE_DENIED;
                group.setPolicyFixed();
                skipGroup = true;

                reportRequestResult(permission,
                reportRequestResult(permName,
                        PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__AUTO_DENIED);
            } break;

            default: {
                if (group.areRuntimePermissionsGranted()) {
                    group.grantRuntimePermissions(false, new String[]{permission});
                    group.grantRuntimePermissions(false, new String[]{permName});
                    state.mState = GroupState.STATE_ALLOWED;
                    skipGroup = true;

                    reportRequestResult(permission,
                    reportRequestResult(permName,
                            PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__AUTO_GRANTED);
                }
            } break;
+26 −0
Original line number Diff line number Diff line
@@ -7,6 +7,32 @@
                    "include-filter": "android.appsecurity.cts.PermissionsHostTest"
                }
            ]
        },
        {
            "name": "CtsDevicePolicyManagerTestCases",
            "options": [
                {
                    "include-filter": "com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPermissionGrantOfDisallowedPermissionWhileOtherPermIsGranted"
                },
                {
                    "include-filter": "com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPermissionGrant"
                },
                {
                    "include-filter": "com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPermissionPolicy"
                },
                {
                    "include-filter": "com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPermissionMixedPolicies"
                },
                {
                    "include-filter": "com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPermissionAppUpdate"
                },
                {
                    "include-filter": "com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testPermissionGrantPreMApp"
                },
                {
                    "include-filter": "com.android.cts.devicepolicy.MixedManagedProfileOwnerTestApi25#testPermissionGrantPreMApp"
                }
            ]
        }
    ]
}
 No newline at end of file