diff options
author | Svet Ganov <svetoslavganov@google.com> | 2015-05-20 20:09:36 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-05-20 20:09:38 +0000 |
commit | 084110bd394b72b42451a266f7e4c5b1348b86de (patch) | |
tree | a1a334bff933f3f2ba2a98a7003b529892e4316d | |
parent | d6bd9da8efaae7bdf806dbe32bc711b0aed7f500 (diff) | |
parent | d8ecc5aee49874ac1f100f69be94906a3e99b951 (diff) | |
download | frameworks_base-084110bd394b72b42451a266f7e4c5b1348b86de.zip frameworks_base-084110bd394b72b42451a266f7e4c5b1348b86de.tar.gz frameworks_base-084110bd394b72b42451a266f7e4c5b1348b86de.tar.bz2 |
Merge "Allow DO/PO to go back to normal permission state." into mnc-dev
-rw-r--r-- | api/current.txt | 5 | ||||
-rw-r--r-- | api/system-current.txt | 5 | ||||
-rw-r--r-- | core/java/android/app/admin/DevicePolicyManager.java | 47 | ||||
-rw-r--r-- | core/java/android/app/admin/IDevicePolicyManager.aidl | 4 | ||||
-rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 35 |
5 files changed, 69 insertions, 27 deletions
diff --git a/api/current.txt b/api/current.txt index 2a2d9fc..e1d7c2b 100644 --- a/api/current.txt +++ b/api/current.txt @@ -5773,7 +5773,7 @@ package android.app.admin { method public void setPasswordMinimumSymbols(android.content.ComponentName, int); method public void setPasswordMinimumUpperCase(android.content.ComponentName, int); method public void setPasswordQuality(android.content.ComponentName, int); - method public boolean setPermissionGranted(android.content.ComponentName, java.lang.String, java.lang.String, boolean); + method public boolean setPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String, int); method public void setPermissionPolicy(android.content.ComponentName, int); method public boolean setPermittedAccessibilityServices(android.content.ComponentName, java.util.List<java.lang.String>); method public boolean setPermittedInputMethods(android.content.ComponentName, java.util.List<java.lang.String>); @@ -5862,6 +5862,9 @@ package android.app.admin { field public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX = 196608; // 0x30000 field public static final int PASSWORD_QUALITY_SOMETHING = 65536; // 0x10000 field public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; // 0x0 + field public static final int PERMISSION_GRANT_STATE_DEFAULT = 0; // 0x0 + field public static final int PERMISSION_GRANT_STATE_DENIED = 2; // 0x2 + field public static final int PERMISSION_GRANT_STATE_GRANTED = 1; // 0x1 field public static final int PERMISSION_POLICY_AUTO_DENY = 2; // 0x2 field public static final int PERMISSION_POLICY_AUTO_GRANT = 1; // 0x1 field public static final int PERMISSION_POLICY_PROMPT = 0; // 0x0 diff --git a/api/system-current.txt b/api/system-current.txt index 2f30e4d..5772f6d 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -5882,7 +5882,7 @@ package android.app.admin { method public void setPasswordMinimumSymbols(android.content.ComponentName, int); method public void setPasswordMinimumUpperCase(android.content.ComponentName, int); method public void setPasswordQuality(android.content.ComponentName, int); - method public boolean setPermissionGranted(android.content.ComponentName, java.lang.String, java.lang.String, boolean); + method public boolean setPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String, int); method public void setPermissionPolicy(android.content.ComponentName, int); method public boolean setPermittedAccessibilityServices(android.content.ComponentName, java.util.List<java.lang.String>); method public boolean setPermittedInputMethods(android.content.ComponentName, java.util.List<java.lang.String>); @@ -5976,6 +5976,9 @@ package android.app.admin { field public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX = 196608; // 0x30000 field public static final int PASSWORD_QUALITY_SOMETHING = 65536; // 0x10000 field public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; // 0x0 + field public static final int PERMISSION_GRANT_STATE_DEFAULT = 0; // 0x0 + field public static final int PERMISSION_GRANT_STATE_DENIED = 2; // 0x2 + field public static final int PERMISSION_GRANT_STATE_GRANTED = 1; // 0x1 field public static final int PERMISSION_POLICY_AUTO_DENY = 2; // 0x2 field public static final int PERMISSION_POLICY_AUTO_GRANT = 1; // 0x1 field public static final int PERMISSION_POLICY_PROMPT = 0; // 0x0 diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 55ff85a..a8f2311 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -825,6 +825,23 @@ public class DevicePolicyManager { */ public static final int PERMISSION_POLICY_AUTO_DENY = 2; + /** + * Runtime permission state: The user can manage the permission + * through the UI. + */ + public static final int PERMISSION_GRANT_STATE_DEFAULT = 0; + + /** + * Runtime permission state: The permission is granted to the app + * and the user cannot manage the permission through the UI. + */ + public static final int PERMISSION_GRANT_STATE_GRANTED = 1; + + /** + * Runtime permission state: The permission is denied to the app + * and the user cannot manage the permission through the UI. + */ + public static final int PERMISSION_GRANT_STATE_DENIED = 2; /** * Return true if the given administrator component is currently @@ -4401,21 +4418,31 @@ public class DevicePolicyManager { } /** - * Grants or revokes a runtime permission to a specific application so that the user - * does not have to be prompted. This might affect all permissions in a group that the - * runtime permission belongs to. This method can only be called by a profile or device - * owner. + * Sets the grant state of a runtime permission for a specific application. The state + * can be {@link #PERMISSION_GRANT_STATE_DEFAULT default} in which a user can manage it + * through the UI, {@link #PERMISSION_GRANT_STATE_DENIED denied}, in which the permission + * is denied and the user cannot manage it through the UI, and {@link + * #PERMISSION_GRANT_STATE_GRANTED granted} in which the permission is granted and the + * user cannot manage it through the UI. This might affect all permissions in a + * group that the runtime permission belongs to. This method can only be called + * by a profile or device owner. + * * @param admin Which profile or device owner this request is associated with. * @param packageName The application to grant or revoke a permission to. * @param permission The permission to grant or revoke. - * @param granted Whether or not to grant the permission. If false, all permissions in the - * associated permission group will be denied. - * @return whether the permission was successfully granted or revoked + * @param grantState The permission grant state which is one of {@link + * #PERMISSION_GRANT_STATE_DENIED}, {@link #PERMISSION_GRANT_STATE_DEFAULT}, + * {@link #PERMISSION_GRANT_STATE_GRANTED}, + * @return whether the permission was successfully granted or revoked. + * + * @see #PERMISSION_GRANT_STATE_DENIED + * @see #PERMISSION_GRANT_STATE_DEFAULT + * @see #PERMISSION_GRANT_STATE_GRANTED */ - public boolean setPermissionGranted(ComponentName admin, String packageName, - String permission, boolean granted) { + public boolean setPermissionGrantState(ComponentName admin, String packageName, + String permission, int grantState) { try { - return mService.setPermissionGranted(admin, packageName, permission, granted); + return mService.setPermissionGrantState(admin, packageName, permission, grantState); } catch (RemoteException re) { Log.w(TAG, "Failed talking with device policy service", re); return false; diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 24ef604..10b0941 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -234,6 +234,6 @@ interface IDevicePolicyManager { void setPermissionPolicy(in ComponentName admin, int policy); int getPermissionPolicy(in ComponentName admin); - boolean setPermissionGranted(in ComponentName admin, String packageName, String permission, - boolean granted); + boolean setPermissionGrantState(in ComponentName admin, String packageName, + String permission, int grantState); } diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 9ad7e11..a9e76d8 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -6392,25 +6392,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override - public boolean setPermissionGranted(ComponentName admin, String packageName, - String permission, boolean granted) throws RemoteException { + public boolean setPermissionGrantState(ComponentName admin, String packageName, + String permission, int grantState) throws RemoteException { UserHandle user = Binder.getCallingUserHandle(); synchronized (this) { getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); long ident = Binder.clearCallingIdentity(); try { PackageManager packageManager = mContext.getPackageManager(); - if (granted) { - packageManager.grantRuntimePermission(packageName, permission, user); - packageManager.updatePermissionFlags(permission, packageName, - PackageManager.FLAG_PERMISSION_POLICY_FIXED, - PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); - } else { - packageManager.revokeRuntimePermission(packageName, - permission, user); - packageManager.updatePermissionFlags(permission, packageName, - PackageManager.FLAG_PERMISSION_POLICY_FIXED, - PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); + switch (grantState) { + case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: { + packageManager.grantRuntimePermission(packageName, permission, user); + packageManager.updatePermissionFlags(permission, packageName, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); + } break; + + case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: { + packageManager.revokeRuntimePermission(packageName, + permission, user); + packageManager.updatePermissionFlags(permission, packageName, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); + } break; + + case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: { + packageManager.updatePermissionFlags(permission, packageName, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user); + } break; } return true; } catch (SecurityException se) { |