Add getPermissionGrantState method in device policy

This is to have a way to query what permission state was set by the profile owner. Bug: 21356830 Change-Id: Ie396e946b4285267c1d95f82b9d9765b43697d3c
author: Amith Yamasani <yamasani@google.com> 2015-05-22 13:00:51 -0700
committer: Amith Yamasani <yamasani@google.com> 2015-05-22 13:55:57 -0700
commit: 184b3753de54241c67799089f5bc59a1ede4438a (patch)
tree: 974f857c7e0e88ef2236a71c9b2c0bdf688ba402
parent: b0eb08b521d2b76531df3946cece002ed72fa363 (diff)
5 files changed, 60 insertions, 0 deletions
diff --git a/api/current.txt b/api/current.txt
index 5640596d3866..cbb88e42ed34 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -5724,6 +5724,7 @@ package android.app.admin {
     method public int getPasswordMinimumSymbols(android.content.ComponentName);
     method public int getPasswordMinimumUpperCase(android.content.ComponentName);
     method public int getPasswordQuality(android.content.ComponentName);
+    method public int getPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String);
     method public int getPermissionPolicy(android.content.ComponentName);
     method public java.util.List<java.lang.String> getPermittedAccessibilityServices(android.content.ComponentName);
     method public java.util.List<java.lang.String> getPermittedInputMethods(android.content.ComponentName);
diff --git a/api/system-current.txt b/api/system-current.txt
index eda36399a0d7..e4db4a55b852 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -5827,6 +5827,7 @@ package android.app.admin {
     method public int getPasswordMinimumSymbols(android.content.ComponentName);
     method public int getPasswordMinimumUpperCase(android.content.ComponentName);
     method public int getPasswordQuality(android.content.ComponentName);
+    method public int getPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String);
     method public int getPermissionPolicy(android.content.ComponentName);
     method public java.util.List<java.lang.String> getPermittedAccessibilityServices(android.content.ComponentName);
     method public java.util.List<java.lang.String> getPermittedAccessibilityServices(int);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index a8f23118b959..52ccd7b24b6b 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -4448,4 +4448,31 @@ public class DevicePolicyManager {
             return false;
         }
     }
+
+    /**
+     * Returns the current grant state of a runtime permission for a specific application.
+     *
+     * @param admin Which profile or device owner this request is associated with.
+     * @param packageName The application to check the grant state for.
+     * @param permission The permission to check for.
+     * @return the current grant state specified by device policy. If the profile or device owner
+     * has not set a grant state, the return value is {@link #PERMISSION_GRANT_STATE_DEFAULT}.
+     * This does not indicate whether or not the permission is currently granted for the package.
+     *
+     * <p/>If a grant state was set by the profile or device owner, then the return value will
+     * be one of {@link #PERMISSION_GRANT_STATE_DENIED} or {@link #PERMISSION_GRANT_STATE_GRANTED},
+     * which indicates if the permission is currently denied or granted.
+     *
+     * @see #setPermissionGrantState(ComponentName, String, String, int)
+     * @see PackageManager#checkPermission(String, String)
+     */
+    public int getPermissionGrantState(ComponentName admin, String packageName,
+            String permission) {
+        try {
+            return mService.getPermissionGrantState(admin, packageName, permission);
+        } catch (RemoteException re) {
+            Log.w(TAG, "Failed talking with device policy service", re);
+            return PERMISSION_GRANT_STATE_DEFAULT;
+        }
+    }
 }
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 10b09417180a..477a338427e6 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -236,4 +236,5 @@ interface IDevicePolicyManager {
     int  getPermissionPolicy(in ComponentName admin);
     boolean setPermissionGrantState(in ComponentName admin, String packageName,
             String permission, int grantState);
+    int getPermissionGrantState(in ComponentName admin, String packageName, String permission);
 }
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index a9e76d8fee87..fc09db330198 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6429,4 +6429,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             }
         }
     }
+
+    @Override
+    public int getPermissionGrantState(ComponentName admin, String packageName,
+            String permission) throws RemoteException {
+        PackageManager packageManager = mContext.getPackageManager();
+
+        // Do this before clearing the caller's identity
+        int granted = packageManager.checkPermission(permission, packageName);
+
+        UserHandle user = Binder.getCallingUserHandle();
+        synchronized (this) {
+            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+            long ident = Binder.clearCallingIdentity();
+            try {
+                int permFlags = packageManager.getPermissionFlags(permission, packageName, user);
+                if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED)
+                        != PackageManager.FLAG_PERMISSION_POLICY_FIXED) {
+                    // Not controlled by policy
+                    return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT;
+                } else {
+                    // Policy controlled so return result based on permission grant state
+                    return granted == PackageManager.PERMISSION_GRANTED
+                            ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED
+                            : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED;
+                }
+            } finally {
+                Binder.restoreCallingIdentity(ident);
+            }
+        }
+    }
 }
author	Amith Yamasani <yamasani@google.com>	2015-05-22 13:00:51 -0700
committer	Amith Yamasani <yamasani@google.com>	2015-05-22 13:55:57 -0700
commit	184b3753de54241c67799089f5bc59a1ede4438a (patch)
tree	974f857c7e0e88ef2236a71c9b2c0bdf688ba402
parent	b0eb08b521d2b76531df3946cece002ed72fa363 (diff)