diff options
Diffstat (limited to 'services/devicepolicy/java/com')
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 65 |
1 files changed, 52 insertions, 13 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index b057dd1..d807b0b 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -6384,25 +6384,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override - public boolean setPermissionGranted(ComponentName admin, String packageName, - String permission, boolean granted) throws RemoteException { + public boolean setPermissionGrantState(ComponentName admin, String packageName, + String permission, int grantState) throws RemoteException { UserHandle user = Binder.getCallingUserHandle(); synchronized (this) { getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); long ident = Binder.clearCallingIdentity(); try { PackageManager packageManager = mContext.getPackageManager(); - if (granted) { - packageManager.grantRuntimePermission(packageName, permission, user); - packageManager.updatePermissionFlags(permission, packageName, - PackageManager.FLAG_PERMISSION_POLICY_FIXED, - PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); - } else { - packageManager.revokeRuntimePermission(packageName, - permission, user); - packageManager.updatePermissionFlags(permission, packageName, - PackageManager.FLAG_PERMISSION_POLICY_FIXED, - PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); + switch (grantState) { + case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: { + packageManager.grantRuntimePermission(packageName, permission, user); + packageManager.updatePermissionFlags(permission, packageName, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); + } break; + + case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: { + packageManager.revokeRuntimePermission(packageName, + permission, user); + packageManager.updatePermissionFlags(permission, packageName, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); + } break; + + case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: { + packageManager.updatePermissionFlags(permission, packageName, + PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user); + } break; } return true; } catch (SecurityException se) { @@ -6412,4 +6421,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } + + @Override + public int getPermissionGrantState(ComponentName admin, String packageName, + String permission) throws RemoteException { + PackageManager packageManager = mContext.getPackageManager(); + + // Do this before clearing the caller's identity + int granted = packageManager.checkPermission(permission, packageName); + + UserHandle user = Binder.getCallingUserHandle(); + synchronized (this) { + getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); + long ident = Binder.clearCallingIdentity(); + try { + int permFlags = packageManager.getPermissionFlags(permission, packageName, user); + if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) + != PackageManager.FLAG_PERMISSION_POLICY_FIXED) { + // Not controlled by policy + return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT; + } else { + // Policy controlled so return result based on permission grant state + return granted == PackageManager.PERMISSION_GRANTED + ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED + : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED; + } + } finally { + Binder.restoreCallingIdentity(ident); + } + } + } } |