Settings: privacy Guard enhance app logic

This commit changes the following

- do not show apps signed with the plaform certificate at all
  (like settings, systemUI, android system etc)
  IMO the user should trust the android signed apps to be save and this will
  prevent weird behaviours user can get when they activate it on this packages
  all other system apps (like calculator, browser) and all which are not signed with
  android key are not effected.

- to go inline with AOSP disable the checkbox in detail app screen
  for built in apps

cheers

SlimRoms

Change-Id: I12b5522f6e58047173778381fb7290bb1c71bab3

3 files changed, 44 insertions, 10 deletions

diff --git a/res/values/cm_strings.xml b/res/values/cm_strings.xml
index 0aa84be..8b2629a 100644
--- a/res/values/cm_strings.xml
+++ b/res/values/cm_strings.xml
@@ -982,6 +982,7 @@ two in order to insert additional control points. \'Remove\' deletes the selecte
     <string name="privacy_guard_switch_label">Enable Privacy Guard</string>
     <string name="privacy_guard_dlg_title">Enable Privacy Guard?</string>
     <string name="privacy_guard_dlg_text">When Privacy Guard is enabled, the app will not be able to access personal data such as contacts, messages or call logs.</string>
+    <string name="privacy_guard_dlg_system_app_text">When enabling Privacy Guard for a built-in app, the app will not be able to access or provide personal data. This may cause other apps to misbehave.</string>
     <string name="privacy_guard_default_title">Enabled by default</string>
     <string name="privacy_guard_default_summary">Enable by default for newly-installed apps</string>
     <string name="privacy_guard_manager_title">Privacy Guard</string>
@@ -990,8 +991,8 @@ two in order to insert additional control points. \'Remove\' deletes the selecte
     <string name="privacy_guard_filter_does_not_match">No apps with relevant permissions are installed</string>
     <string name="privacy_guard_help_title">Help</string>
     <string name="privacy_guard_reset_title">Reset</string>
-    <string name="privacy_guard_help_text">In this screen you can choose for which apps Privacy Guard should be active by simply tapping on them. Selected apps will not be able to access your personal data, such as contacts, messages or call logs. Long pressing on an entry opens the app details screen for that app.\n\nBy default system apps are not shown. If you want to show them or filter apps to show only the ones requesting access to personal data by their permissions, select the respective options in the menu.</string>
-    <string name="privacy_guard_manager_show_system_apps">Show system apps</string>
+    <string name="privacy_guard_help_text">In this screen you can choose for which apps Privacy Guard should be active by simply tapping on them. Selected apps will not be able to access your personal data, such as contacts, messages or call logs. Long pressing on an entry opens the app details screen for that app.\n\nBy default built-in apps are not shown. If you want to show them or filter apps to show only the ones requesting access to personal data by their permissions, select the respective options in the menu.</string>
+    <string name="privacy_guard_manager_show_system_apps">Show built-in apps</string>
     <string name="privacy_guard_manager_filter_permissions">Permission filter</string>
 
 </resources>
diff --git a/src/com/android/settings/applications/InstalledAppDetails.java b/src/com/android/settings/applications/InstalledAppDetails.java
index 778ef44..4091b13 100644
--- a/src/com/android/settings/applications/InstalledAppDetails.java
+++ b/src/com/android/settings/applications/InstalledAppDetails.java
@@ -401,10 +401,19 @@ public class InstalledAppDetails extends Fragment
     }
 
     private void initPrivacyGuardButton() {
-        // TODO: We probably want to disable this optional for the built-in apps
-        boolean enabled = mPm.getPrivacyGuardSetting(mAppEntry.info.packageName);
-        mPrivacyGuardSwitch.setChecked(enabled);
-        mPrivacyGuardSwitch.setOnCheckedChangeListener(this);
+        if (mPrivacyGuardSwitch == null) {
+            return;
+        }
+
+        mPrivacyGuardSwitch.setChecked(mPm.getPrivacyGuardSetting(mAppEntry.info.packageName));
+
+        // disable privacy guard switch if the app is signed with the platform certificate
+        // to avoid the user shooting himself in the foot
+        if (isThisASystemPackage()) {
+            mPrivacyGuardSwitch.setEnabled(false);
+        } else {
+            mPrivacyGuardSwitch.setOnCheckedChangeListener(this);
+        }
     }
 
     /** Called when the activity is first created. */
@@ -1201,10 +1210,17 @@ public class InstalledAppDetails extends Fragment
                     .setNegativeButton(R.string.dlg_cancel, null)
                     .create();
                 case DLG_PRIVACY_GUARD:
+                    final int messageResId;
+                    if ((getOwner().mAppEntry.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
+                        messageResId = R.string.privacy_guard_dlg_system_app_text;
+                    } else {
+                        messageResId = R.string.privacy_guard_dlg_text;
+                    }
+
                     return new AlertDialog.Builder(getActivity())
-                    .setTitle(getActivity().getText(R.string.privacy_guard_dlg_title))
+                    .setTitle(R.string.privacy_guard_dlg_title)
                     .setIconAttribute(android.R.attr.alertDialogIcon)
-                    .setMessage(getActivity().getText(R.string.privacy_guard_dlg_text))
+                    .setMessage(messageResId)
                     .setPositiveButton(R.string.dlg_ok,
                         new DialogInterface.OnClickListener() {
                         public void onClick(DialogInterface dialog, int which) {
diff --git a/src/com/android/settings/cyanogenmod/privacyguard/PrivacyGuardManager.java b/src/com/android/settings/cyanogenmod/privacyguard/PrivacyGuardManager.java
index efb05a4..9e27147 100644
--- a/src/com/android/settings/cyanogenmod/privacyguard/PrivacyGuardManager.java
+++ b/src/com/android/settings/cyanogenmod/privacyguard/PrivacyGuardManager.java
@@ -27,6 +27,7 @@ import android.content.Intent;
 import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
+import android.content.pm.Signature;
 import android.content.SharedPreferences;
 import android.net.Uri;
 import android.os.Bundle;
@@ -195,14 +196,30 @@ public class PrivacyGuardManager extends Fragment
     */
     private List<AppInfo> loadInstalledApps() {
         List<AppInfo> apps = new ArrayList<AppInfo>();
-        List<PackageInfo> packages = mPm.getInstalledPackages(PackageManager.GET_PERMISSIONS);
+        List<PackageInfo> packages = mPm.getInstalledPackages(
+            PackageManager.GET_PERMISSIONS | PackageManager.GET_SIGNATURES);
         boolean showSystemApps = shouldShowSystemApps();
         boolean filterByPermission = shouldFilterByPermission();
+        Signature platformCert;
+
+        try {
+            PackageInfo sysInfo = mPm.getPackageInfo("android", PackageManager.GET_SIGNATURES);
+            platformCert = sysInfo.signatures[0];
+        } catch (PackageManager.NameNotFoundException e) {
+            platformCert = null;
+        }
 
         for (PackageInfo info : packages) {
             final ApplicationInfo appInfo = info.applicationInfo;
 
-            // skip system apps if they shall not be included
+            // hide apps signed with the platform certificate to avoid the user
+            // shooting himself in the foot
+            if (platformCert != null && info.signatures != null
+                    && platformCert.equals(info.signatures[0])) {
+                continue;
+            }
+
+            // skip all system apps if they shall not be included
             if (!showSystemApps && (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
                 continue;
             }