fw: Fix protected apps implementation.

 Currently a protected component could be accessed
 from any other means other than the launcher, entirely
 defeating its purpose. Instead, hook into the activity
 stack supervisor and quelch attempts at invocation
 of protected components.

 This implementation also provides feedback to the user
 on any attempt to start the component when its in a
 protected state.

TICKET: CYNGNOS-84
Change-Id: Ib0165e7504adb08e21e9566c7394b37dffd280d4

7 files changed, 75 insertions, 0 deletions

diff --git a/core/java/android/app/ApplicationPackageManager.java b/core/java/android/app/ApplicationPackageManager.java
index c0cd9ec..db4e123 100644
--- a/core/java/android/app/ApplicationPackageManager.java
+++ b/core/java/android/app/ApplicationPackageManager.java
@@ -2046,6 +2046,17 @@ final class ApplicationPackageManager extends PackageManager {
         }
     }
 
+    /** @hide */
+    @Override
+    public boolean isComponentProtected(String callingPackage, ComponentName componentName) {
+        try {
+            return mPM.isComponentProtected(callingPackage, componentName, mContext.getUserId());
+        } catch (RemoteException re) {
+            Log.e(TAG, "Failed to get component protected setting", re);
+            return false;
+        }
+    }
+
     @Override
     public PackageInstaller getPackageInstaller() {
         synchronized (mLock) {
diff --git a/core/java/android/content/pm/IPackageManager.aidl b/core/java/android/content/pm/IPackageManager.aidl
index 7c77f54..6d8b5cb 100644
--- a/core/java/android/content/pm/IPackageManager.aidl
+++ b/core/java/android/content/pm/IPackageManager.aidl
@@ -519,4 +519,8 @@ interface IPackageManager {
     void updateIconMapping(String pkgName);
     ComposedIconInfo getComposedIconInfo();
     int processThemeResources(String themePkgName);
+
+    /** Protected Apps */
+    boolean isComponentProtected(in String callingPackage, in ComponentName componentName,
+            int userId);
 }
diff --git a/core/java/android/content/pm/PackageManager.java b/core/java/android/content/pm/PackageManager.java
index 8928ad3..529d641 100644
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -4561,6 +4561,13 @@ public abstract class PackageManager {
     public abstract void setComponentProtectedSetting(ComponentName componentName, boolean newState);
 
     /**
+     * Return whether or not a specific component is protected
+     * @hide
+     */
+    public abstract boolean isComponentProtected(String callingPackage,
+            ComponentName componentName);
+
+    /**
      * Adds a {@link CrossProfileIntentFilter}. After calling this method all intents sent from the
      * user with id sourceUserId can also be be resolved by activities in the user with id
      * targetUserId if they match the specified intent filter.
diff --git a/core/res/res/drawable/stat_notify_protected.xml b/core/res/res/drawable/stat_notify_protected.xml
new file mode 100644
index 0000000..d67a348
--- /dev/null
+++ b/core/res/res/drawable/stat_notify_protected.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Copyright (C) 2016 The CyanogenMod Project
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+         http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+        android:width="26dp"
+        android:height="24dp"
+        android:viewportWidth="26"
+        android:viewportHeight="24">
+
+    <path
+            android:pathData="M0 0h24v24H0z" />
+    <path
+            android:fillColor="#000000"
+            android:pathData="M1 21h22L12 2 1 21zm12-3h-2v-2h2v2zm0-4h-2v-4h2v4z" />
+</vector>
\ No newline at end of file
diff --git a/core/res/res/values/cm_strings.xml b/core/res/res/values/cm_strings.xml
index 38b98c6..f9bfff1 100644
--- a/core/res/res/values/cm_strings.xml
+++ b/core/res/res/values/cm_strings.xml
@@ -246,4 +246,7 @@
          with spaces on either side. [CHAR LIMIT=3] -->
     <string name="kg_sub_separator" translatable="false">" | "</string>
 
+    <!-- Protected Apps Notification -->
+    <string name="notify_package_component_protected_title">Activity launch blocked</string>
+    <string name="notify_package_component_protected_text"><xliff:g id="app_name">%1$s</xliff:g> is protected from being launched. Click to authenticate and launch the application.</string>
 </resources>
diff --git a/core/res/res/values/cm_symbols.xml b/core/res/res/values/cm_symbols.xml
index b0a1105..3afb3e7 100644
--- a/core/res/res/values/cm_symbols.xml
+++ b/core/res/res/values/cm_symbols.xml
@@ -149,4 +149,8 @@
     <!-- KeyGuard -->
     <java-symbol type="string" name="kg_sub_separator" />
 
+    <!-- Protected Apps -->
+    <java-symbol type="drawable" name="stat_notify_protected" />
+    <java-symbol type="string" name="notify_package_component_protected_title" />
+    <java-symbol type="string" name="notify_package_component_protected_text" />
 </resources>
diff --git a/core/tests/coretests/src/android/content/pm/PackageManagerTests.java b/core/tests/coretests/src/android/content/pm/PackageManagerTests.java
index a4214cf..8b4030a 100644
--- a/core/tests/coretests/src/android/content/pm/PackageManagerTests.java
+++ b/core/tests/coretests/src/android/content/pm/PackageManagerTests.java
@@ -27,6 +27,7 @@ import static android.system.OsConstants.S_IXOTH;
 
 import android.app.PackageInstallObserver;
 import android.content.BroadcastReceiver;
+import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
@@ -3847,4 +3848,21 @@ public class PackageManagerTests extends AndroidTestCase {
      * how to do tests on updated system apps?
      * verify updates to system apps cannot be installed on the sdcard.
      */
+
+    //CM Tests
+    public void testIsComponentProtectedFromSamePackage() {
+        ComponentName testComponentName = new ComponentName("com.android.test",
+                "com.android.test.component.protected");
+        getPm().setComponentProtectedSetting(testComponentName, true);
+        assertFalse(getPm().isComponentProtected(testComponentName.getPackageName(),
+                testComponentName));
+    }
+
+    public void testIsComponentProtectedFromManagers() {
+        ComponentName testComponentName = new ComponentName("com.android.test",
+                "com.android.test.component.protected");
+        getPm().setComponentProtectedSetting(testComponentName, true);
+        assertFalse(getPm().isComponentProtected(testComponentName.getPackageName(),
+                testComponentName));
+    }
 }