am 7870550a: Merge "Add getPermissionGrantState method in device policy" into mnc-dev

* commit '7870550a1b6e1110bf461633970e439d0243a868':
  Add getPermissionGrantState method in device policy

api/current.txt

@@ -5724,6 +5724,7 @@ package android.app.admin {
     method public int getPasswordMinimumSymbols(android.content.ComponentName);
     method public int getPasswordMinimumUpperCase(android.content.ComponentName);
     method public int getPasswordQuality(android.content.ComponentName);
+    method public int getPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String);
     method public int getPermissionPolicy(android.content.ComponentName);
     method public java.util.List<java.lang.String> getPermittedAccessibilityServices(android.content.ComponentName);
     method public java.util.List<java.lang.String> getPermittedInputMethods(android.content.ComponentName);

api/system-current.txt

@@ -5827,6 +5827,7 @@ package android.app.admin {
     method public int getPasswordMinimumSymbols(android.content.ComponentName);
     method public int getPasswordMinimumUpperCase(android.content.ComponentName);
     method public int getPasswordQuality(android.content.ComponentName);
+    method public int getPermissionGrantState(android.content.ComponentName, java.lang.String, java.lang.String);
     method public int getPermissionPolicy(android.content.ComponentName);
     method public java.util.List<java.lang.String> getPermittedAccessibilityServices(android.content.ComponentName);
     method public java.util.List<java.lang.String> getPermittedAccessibilityServices(int);

core/java/android/app/admin/DevicePolicyManager.java

@@ -4448,4 +4448,31 @@ public class DevicePolicyManager {
             return false;
         }
     }
+
+    /**
+     * Returns the current grant state of a runtime permission for a specific application.
+     *
+     * @param admin Which profile or device owner this request is associated with.
+     * @param packageName The application to check the grant state for.
+     * @param permission The permission to check for.
+     * @return the current grant state specified by device policy. If the profile or device owner
+     * has not set a grant state, the return value is {@link #PERMISSION_GRANT_STATE_DEFAULT}.
+     * This does not indicate whether or not the permission is currently granted for the package.
+     *
+     * <p/>If a grant state was set by the profile or device owner, then the return value will
+     * be one of {@link #PERMISSION_GRANT_STATE_DENIED} or {@link #PERMISSION_GRANT_STATE_GRANTED},
+     * which indicates if the permission is currently denied or granted.
+     *
+     * @see #setPermissionGrantState(ComponentName, String, String, int)
+     * @see PackageManager#checkPermission(String, String)
+     */
+    public int getPermissionGrantState(ComponentName admin, String packageName,
+            String permission) {
+        try {
+            return mService.getPermissionGrantState(admin, packageName, permission);
+        } catch (RemoteException re) {
+            Log.w(TAG, "Failed talking with device policy service", re);
+            return PERMISSION_GRANT_STATE_DEFAULT;
+        }
+    }
 }

core/java/android/app/admin/IDevicePolicyManager.aidl

@@ -236,4 +236,5 @@ interface IDevicePolicyManager {
     int  getPermissionPolicy(in ComponentName admin);
     boolean setPermissionGrantState(in ComponentName admin, String packageName,
             String permission, int grantState);
+    int getPermissionGrantState(in ComponentName admin, String packageName, String permission);
 }

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

@@ -6429,4 +6429,34 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             }
         }
     }
+
+    @Override
+    public int getPermissionGrantState(ComponentName admin, String packageName,
+            String permission) throws RemoteException {
+        PackageManager packageManager = mContext.getPackageManager();
+
+        // Do this before clearing the caller's identity
+        int granted = packageManager.checkPermission(permission, packageName);
+
+        UserHandle user = Binder.getCallingUserHandle();
+        synchronized (this) {
+            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+            long ident = Binder.clearCallingIdentity();
+            try {
+                int permFlags = packageManager.getPermissionFlags(permission, packageName, user);
+                if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED)
+                        != PackageManager.FLAG_PERMISSION_POLICY_FIXED) {
+                    // Not controlled by policy
+                    return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT;
+                } else {
+                    // Policy controlled so return result based on permission grant state
+                    return granted == PackageManager.PERMISSION_GRANTED
+                            ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED
+                            : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED;
+                }
+            } finally {
+                Binder.restoreCallingIdentity(ident);
+            }
+        }
+    }
 }