Allow DO/PO to go back to normal permission state.

We have APIs for a DO/PO to fix a permission in a granted or denied state in which the user cannot manage this permission through the UI. However, there is no way to go back to the default state in which the user gets to choose the permission grant state. Change-Id: I2562a1d8b1385cd740b44812844ef14c895c2902
author: Svet Ganov <svetoslavganov@google.com> 2015-05-20 10:45:43 -0700
committer: Svetoslav <svetoslavganov@google.com> 2015-05-20 13:08:58 -0700
commit: d8ecc5aee49874ac1f100f69be94906a3e99b951 (patch)
tree: 65d7f90e7a5f449528b60487be9318763790b8a1
parent: 7d383b9271863d0799889374329a08731fe47550 (diff)
download: frameworks_base-d8ecc5aee49874ac1f100f69be94906a3e99b951.zip
frameworks_base-d8ecc5aee49874ac1f100f69be94906a3e99b951.tar.gz
frameworks_base-d8ecc5aee49874ac1f100f69be94906a3e99b951.tar.bz2
5 files changed, 69 insertions, 27 deletions
diff --git a/api/current.txt b/api/current.txt
index 2a2d9fc..e1d7c2b 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -5773,7 +5773,7 @@ package android.app.admin {
     method public void setPasswordMinimumSymbols(android.content.ComponentName, int);
     method public void setPasswordMinimumUpperCase(android.content.ComponentName, int);
     method public void setPasswordQuality(android.content.ComponentName, int);
-    method public boolean setPermissionGranted(android.content.ComponentName, java.lang.String, java.lang.String, boolean);
+    method public boolean setPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String, int);
     method public void setPermissionPolicy(android.content.ComponentName, int);
     method public boolean setPermittedAccessibilityServices(android.content.ComponentName, java.util.List<java.lang.String>);
     method public boolean setPermittedInputMethods(android.content.ComponentName, java.util.List<java.lang.String>);
@@ -5862,6 +5862,9 @@ package android.app.admin {
     field public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX = 196608; // 0x30000
     field public static final int PASSWORD_QUALITY_SOMETHING = 65536; // 0x10000
     field public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; // 0x0
+    field public static final int PERMISSION_GRANT_STATE_DEFAULT = 0; // 0x0
+    field public static final int PERMISSION_GRANT_STATE_DENIED = 2; // 0x2
+    field public static final int PERMISSION_GRANT_STATE_GRANTED = 1; // 0x1
     field public static final int PERMISSION_POLICY_AUTO_DENY = 2; // 0x2
     field public static final int PERMISSION_POLICY_AUTO_GRANT = 1; // 0x1
     field public static final int PERMISSION_POLICY_PROMPT = 0; // 0x0
diff --git a/api/system-current.txt b/api/system-current.txt
index 2f30e4d..5772f6d 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -5882,7 +5882,7 @@ package android.app.admin {
     method public void setPasswordMinimumSymbols(android.content.ComponentName, int);
     method public void setPasswordMinimumUpperCase(android.content.ComponentName, int);
     method public void setPasswordQuality(android.content.ComponentName, int);
-    method public boolean setPermissionGranted(android.content.ComponentName, java.lang.String, java.lang.String, boolean);
+    method public boolean setPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String, int);
     method public void setPermissionPolicy(android.content.ComponentName, int);
     method public boolean setPermittedAccessibilityServices(android.content.ComponentName, java.util.List<java.lang.String>);
     method public boolean setPermittedInputMethods(android.content.ComponentName, java.util.List<java.lang.String>);
@@ -5976,6 +5976,9 @@ package android.app.admin {
     field public static final int PASSWORD_QUALITY_NUMERIC_COMPLEX = 196608; // 0x30000
     field public static final int PASSWORD_QUALITY_SOMETHING = 65536; // 0x10000
     field public static final int PASSWORD_QUALITY_UNSPECIFIED = 0; // 0x0
+    field public static final int PERMISSION_GRANT_STATE_DEFAULT = 0; // 0x0
+    field public static final int PERMISSION_GRANT_STATE_DENIED = 2; // 0x2
+    field public static final int PERMISSION_GRANT_STATE_GRANTED = 1; // 0x1
     field public static final int PERMISSION_POLICY_AUTO_DENY = 2; // 0x2
     field public static final int PERMISSION_POLICY_AUTO_GRANT = 1; // 0x1
     field public static final int PERMISSION_POLICY_PROMPT = 0; // 0x0
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 55ff85a..a8f2311 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -825,6 +825,23 @@ public class DevicePolicyManager {
      */
     public static final int PERMISSION_POLICY_AUTO_DENY = 2;
 
+    /**
+     * Runtime permission state: The user can manage the permission
+     * through the UI.
+     */
+    public static final int PERMISSION_GRANT_STATE_DEFAULT = 0;
+
+    /**
+     * Runtime permission state: The permission is granted to the app
+     * and the user cannot manage the permission through the UI.
+     */
+    public static final int PERMISSION_GRANT_STATE_GRANTED = 1;
+
+    /**
+     * Runtime permission state: The permission is denied to the app
+     * and the user cannot manage the permission through the UI.
+     */
+    public static final int PERMISSION_GRANT_STATE_DENIED = 2;
 
     /**
      * Return true if the given administrator component is currently
@@ -4401,21 +4418,31 @@ public class DevicePolicyManager {
     }
 
     /**
-     * Grants or revokes a runtime permission to a specific application so that the user
-     * does not have to be prompted. This might affect all permissions in a group that the
-     * runtime permission belongs to. This method can only be called by a profile or device
-     * owner.
+     * Sets the grant state of a runtime permission for a specific application. The state
+     * can be {@link #PERMISSION_GRANT_STATE_DEFAULT default} in which a user can manage it
+     * through the UI, {@link #PERMISSION_GRANT_STATE_DENIED denied}, in which the permission
+     * is denied and the user cannot manage it through the UI, and {@link
+     * #PERMISSION_GRANT_STATE_GRANTED granted} in which the permission is granted and the
+     * user cannot manage it through the UI. This might affect all permissions in a
+     * group that the runtime permission belongs to. This method can only be called
+     * by a profile or device owner.
+     *
      * @param admin Which profile or device owner this request is associated with.
      * @param packageName The application to grant or revoke a permission to.
      * @param permission The permission to grant or revoke.
-     * @param granted Whether or not to grant the permission. If false, all permissions in the
-     * associated permission group will be denied.
-     * @return whether the permission was successfully granted or revoked
+     * @param grantState The permission grant state which is one of {@link
+     *         #PERMISSION_GRANT_STATE_DENIED}, {@link #PERMISSION_GRANT_STATE_DEFAULT},
+     *         {@link #PERMISSION_GRANT_STATE_GRANTED},
+     * @return whether the permission was successfully granted or revoked.
+     *
+     * @see #PERMISSION_GRANT_STATE_DENIED
+     * @see #PERMISSION_GRANT_STATE_DEFAULT
+     * @see #PERMISSION_GRANT_STATE_GRANTED
      */
-    public boolean setPermissionGranted(ComponentName admin, String packageName,
-            String permission, boolean granted) {
+    public boolean setPermissionGrantState(ComponentName admin, String packageName,
+            String permission, int grantState) {
         try {
-            return mService.setPermissionGranted(admin, packageName, permission, granted);
+            return mService.setPermissionGrantState(admin, packageName, permission, grantState);
         } catch (RemoteException re) {
             Log.w(TAG, "Failed talking with device policy service", re);
             return false;
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 24ef604..10b0941 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -234,6 +234,6 @@ interface IDevicePolicyManager {
 
     void setPermissionPolicy(in ComponentName admin, int policy);
     int  getPermissionPolicy(in ComponentName admin);
-    boolean setPermissionGranted(in ComponentName admin, String packageName, String permission,
-            boolean granted);
+    boolean setPermissionGrantState(in ComponentName admin, String packageName,
+            String permission, int grantState);
 }
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 9ad7e11..a9e76d8 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -6392,25 +6392,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     @Override
-    public boolean setPermissionGranted(ComponentName admin, String packageName,
-            String permission, boolean granted) throws RemoteException {
+    public boolean setPermissionGrantState(ComponentName admin, String packageName,
+            String permission, int grantState) throws RemoteException {
         UserHandle user = Binder.getCallingUserHandle();
         synchronized (this) {
             getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
             long ident = Binder.clearCallingIdentity();
             try {
                 PackageManager packageManager = mContext.getPackageManager();
-                if (granted) {
-                    packageManager.grantRuntimePermission(packageName, permission, user);
-                    packageManager.updatePermissionFlags(permission, packageName,
-                            PackageManager.FLAG_PERMISSION_POLICY_FIXED,
-                            PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
-                } else {
-                    packageManager.revokeRuntimePermission(packageName,
-                            permission, user);
-                    packageManager.updatePermissionFlags(permission, packageName,
-                            PackageManager.FLAG_PERMISSION_POLICY_FIXED,
-                            PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
+                switch (grantState) {
+                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
+                        packageManager.grantRuntimePermission(packageName, permission, user);
+                        packageManager.updatePermissionFlags(permission, packageName,
+                                PackageManager.FLAG_PERMISSION_POLICY_FIXED,
+                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
+                    } break;
+
+                    case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: {
+                        packageManager.revokeRuntimePermission(packageName,
+                                permission, user);
+                        packageManager.updatePermissionFlags(permission, packageName,
+                                PackageManager.FLAG_PERMISSION_POLICY_FIXED,
+                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
+                    } break;
+
+                    case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: {
+                        packageManager.updatePermissionFlags(permission, packageName,
+                                PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user);
+                    } break;
                 }
                 return true;
             } catch (SecurityException se) {
author	Svet Ganov <svetoslavganov@google.com>	2015-05-20 10:45:43 -0700
committer	Svetoslav <svetoslavganov@google.com>	2015-05-20 13:08:58 -0700
commit	d8ecc5aee49874ac1f100f69be94906a3e99b951 (patch)
tree	65d7f90e7a5f449528b60487be9318763790b8a1
parent	7d383b9271863d0799889374329a08731fe47550 (diff)
download	frameworks_base-d8ecc5aee49874ac1f100f69be94906a3e99b951.zip frameworks_base-d8ecc5aee49874ac1f100f69be94906a3e99b951.tar.gz frameworks_base-d8ecc5aee49874ac1f100f69be94906a3e99b951.tar.bz2