Merge "Add an API for apps to query if a permisison is denied by policy." into mnc-dev

2015-07-10 00:32:11 +00:00
parent 4ee9b23a6f ad3b297557
commit 171fe6ac0a
7 changed files with 58 additions and 1 deletions
--- a/api/current.txt
+++ b/api/current.txt
@@ -9256,6 +9256,7 @@ package android.content.pm {
    method public abstract java.lang.CharSequence getUserBadgedLabel(java.lang.CharSequence, android.os.UserHandle);
    method public abstract android.content.res.XmlResourceParser getXml(java.lang.String, int, android.content.pm.ApplicationInfo);
    method public abstract boolean hasSystemFeature(java.lang.String);
+    method public abstract boolean isPermissionRevokedByPolicy(java.lang.String, java.lang.String);
    method public abstract boolean isSafeMode();
    method public abstract java.util.List<android.content.pm.ResolveInfo> queryBroadcastReceivers(android.content.Intent, int);
    method public abstract java.util.List<android.content.pm.ProviderInfo> queryContentProviders(java.lang.String, int, int);
@@ -31806,6 +31807,7 @@ package android.test.mock {
    method public java.lang.CharSequence getUserBadgedLabel(java.lang.CharSequence, android.os.UserHandle);
    method public android.content.res.XmlResourceParser getXml(java.lang.String, int, android.content.pm.ApplicationInfo);
    method public boolean hasSystemFeature(java.lang.String);
+    method public boolean isPermissionRevokedByPolicy(java.lang.String, java.lang.String);
    method public boolean isSafeMode();
    method public java.util.List<android.content.pm.ResolveInfo> queryBroadcastReceivers(android.content.Intent, int);
    method public java.util.List<android.content.pm.ProviderInfo> queryContentProviders(java.lang.String, int, int);
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -9540,6 +9540,7 @@ package android.content.pm {
    method public abstract android.content.res.XmlResourceParser getXml(java.lang.String, int, android.content.pm.ApplicationInfo);
    method public abstract void grantRuntimePermission(java.lang.String, java.lang.String, android.os.UserHandle);
    method public abstract boolean hasSystemFeature(java.lang.String);
+    method public abstract boolean isPermissionRevokedByPolicy(java.lang.String, java.lang.String);
    method public abstract boolean isSafeMode();
    method public abstract java.util.List<android.content.pm.ResolveInfo> queryBroadcastReceivers(android.content.Intent, int);
    method public abstract java.util.List<android.content.pm.ProviderInfo> queryContentProviders(java.lang.String, int, int);
@@ -34092,6 +34093,7 @@ package android.test.mock {
    method public android.content.res.XmlResourceParser getXml(java.lang.String, int, android.content.pm.ApplicationInfo);
    method public void grantRuntimePermission(java.lang.String, java.lang.String, android.os.UserHandle);
    method public boolean hasSystemFeature(java.lang.String);
+    method public boolean isPermissionRevokedByPolicy(java.lang.String, java.lang.String);
    method public boolean isSafeMode();
    method public java.util.List<android.content.pm.ResolveInfo> queryBroadcastReceivers(android.content.Intent, int);
    method public java.util.List<android.content.pm.ProviderInfo> queryContentProviders(java.lang.String, int, int);
--- a/core/java/android/app/ApplicationPackageManager.java
+++ b/core/java/android/app/ApplicationPackageManager.java
@@ -420,6 +420,15 @@ final class ApplicationPackageManager extends PackageManager {
        }
    }

+    @Override
+    public boolean isPermissionRevokedByPolicy(String permName, String pkgName) {
+        try {
+            return mPM.isPermissionRevokedByPolicy(permName, pkgName, mContext.getUserId());
+        } catch (RemoteException e) {
+            throw new RuntimeException("Package manager has died", e);
+        }
+    }
+
    @Override
    public boolean addPermission(PermissionInfo info) {
        try {
--- a/core/java/android/content/pm/IPackageManager.aidl
+++ b/core/java/android/content/pm/IPackageManager.aidl
@@ -506,4 +506,6 @@ interface IPackageManager {
    int getMountExternalMode(int uid);

    void grantDefaultPermissionsToEnabledCarrierApps(in String[] packageNames, int userId);
+
+    boolean isPermissionRevokedByPolicy(String permission, String packageName, int userId);
 }
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -2398,7 +2398,7 @@ public abstract class PackageManager {
     * Check whether a particular package has been granted a particular
     * permission.
     *
-     * @param permName The name of the permission you are checking for,
+     * @param permName The name of the permission you are checking for.
     * @param pkgName The name of the package you are checking against.
     *
     * @return If the package has the permission, PERMISSION_GRANTED is
@@ -2411,6 +2411,21 @@ public abstract class PackageManager {
    @CheckResult
    public abstract int checkPermission(String permName, String pkgName);

+    /**
+     * Checks whether a particular permissions has been revoked for a
+     * package by policy. Typically the device owner or the profile owner
+     * may apply such a policy. The user cannot grant policy revoked
+     * permissions, hence the only way for an app to get such a permission
+     * is by a policy change.
+     *
+     * @param permName The name of the permission you are checking for.
+     * @param pkgName The name of the package you are checking against.
+     *
+     * @return Whether the permission is restricted by policy.
+     */
+    @CheckResult
+    public abstract boolean isPermissionRevokedByPolicy(String permName, String pkgName);
+
    /**
     * Add a new dynamic permission to the system.  For this to work, your
     * package must have defined a permission tree through the
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -3154,6 +3154,28 @@ public class PackageManagerService extends IPackageManager.Stub {
        return PackageManager.PERMISSION_DENIED;
    }

+    @Override
+    public boolean isPermissionRevokedByPolicy(String permission, String packageName, int userId) {
+        if (UserHandle.getCallingUserId() != userId) {
+            mContext.enforceCallingPermission(
+                    android.Manifest.permission.INTERACT_ACROSS_USERS_FULL,
+                    "isPermissionRevokedByPolicy for user " + userId);
+        }
+
+        if (checkPermission(permission, packageName, userId)
+                == PackageManager.PERMISSION_GRANTED) {
+            return false;
+        }
+
+        final long identity = Binder.clearCallingIdentity();
+        try {
+            final int flags = getPermissionFlags(permission, packageName, userId);
+            return (flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0;
+        } finally {
+            Binder.restoreCallingIdentity(identity);
+        }
+    }
+
    /**
     * Checks if the request is from the system or an app that has INTERACT_ACROSS_USERS
     * or INTERACT_ACROSS_USERS_FULL permissions, if the userid is not for the caller.
--- a/test-runner/src/android/test/mock/MockPackageManager.java
+++ b/test-runner/src/android/test/mock/MockPackageManager.java
@@ -176,6 +176,11 @@ public class MockPackageManager extends PackageManager {
        throw new UnsupportedOperationException();
    }

+    @Override
+    public boolean isPermissionRevokedByPolicy(String permName, String pkgName) {
+        throw new UnsupportedOperationException();
+    }
+
    @Override
    public boolean addPermission(PermissionInfo info) {
        throw new UnsupportedOperationException();