Merge "Add admin-granted permissions to Enterprise Privacy Settings page"

2017-01-18 18:10:34 +00:00
parent 5b62261abd 9704a28c7b
commit 428c3247c9
27 changed files with 1026 additions and 83 deletions
--- a/src/com/android/settings/applications/AppWithAdminGrantedPermissionsCounter.java
+++ b/src/com/android/settings/applications/AppWithAdminGrantedPermissionsCounter.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package com.android.settings.applications;
+
+import android.app.admin.DevicePolicyManager;
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.IPackageManager;
+import android.content.pm.PackageManager;
+import android.os.Build;
+import android.os.RemoteException;
+import android.os.UserHandle;
+
+import com.android.settings.enterprise.DevicePolicyManagerWrapper;
+
+/**
+ * Counts installed apps across all users that have been granted one or more specific permissions by
+ * the admin.
+ */
+public abstract class AppWithAdminGrantedPermissionsCounter extends AppCounter {
+
+    private final String[] mPermissions;
+    private final PackageManagerWrapper mPackageManager;
+    private final IPackageManager mPackageManagerService;
+    private final DevicePolicyManagerWrapper mDevicePolicyManager;
+
+    public AppWithAdminGrantedPermissionsCounter(Context context, String[] permissions,
+            PackageManagerWrapper packageManager, IPackageManager packageManagerService,
+            DevicePolicyManagerWrapper devicePolicyManager) {
+        super(context, packageManager);
+        mPermissions = permissions;
+        mPackageManager = packageManager;
+        mPackageManagerService = packageManagerService;
+        mDevicePolicyManager = devicePolicyManager;
+    }
+
+    @Override
+    protected boolean includeInCount(ApplicationInfo info) {
+        if (info.targetSdkVersion >= Build.VERSION_CODES.M) {
+            // The app uses run-time permissions. Check whether one or more of the permissions were
+            // granted by enterprise policy.
+            for (final String permission : mPermissions) {
+                if (mDevicePolicyManager.getPermissionGrantState(null /* admin */, info.packageName,
+                        permission) == DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED) {
+                    return true;
+                }
+            }
+            return false;
+        }
+
+        // The app uses install-time permissions. Check whether the app requested one or more of the
+        // permissions and was installed by enterprise policy, implicitly granting permissions.
+        if (mPackageManager.getInstallReason(info.packageName,
+                new UserHandle(UserHandle.getUserId(info.uid)))
+                        != PackageManager.INSTALL_REASON_POLICY) {
+            return false;
+        }
+        try {
+            for (final String permission : mPermissions) {
+                if (mPackageManagerService.checkUidPermission(permission, info.uid)
+                        == PackageManager.PERMISSION_GRANTED) {
+                    return true;
+                }
+            }
+        } catch (RemoteException exception) {
+        }
+        return false;
+    }
+}
--- a/src/com/android/settings/applications/ApplicationFeatureProvider.java
+++ b/src/com/android/settings/applications/ApplicationFeatureProvider.java
@@ -35,17 +35,29 @@ public interface ApplicationFeatureProvider {
     * Asynchronously calculates the total number of apps installed on the device, across all users
     * and managed profiles.
     *
-     * @param installReason Only consider packages with this install reason; may be any install
-     *         reason defined in {@link android.content.pm.PackageManager} or
-     *         {@link #IGNORE_INSTALL_REASON} to count all packages, irrespective of install reason.
+     * @param installReason Only consider apps with this install reason; may be any install reason
+     *         defined in {@link android.content.pm.PackageManager} or
+     *         {@link #IGNORE_INSTALL_REASON} to count all apps, irrespective of install reason.
     * @param callback The callback to invoke with the result
     */
-    void calculateNumberOfInstalledApps(int installReason, NumberOfInstalledAppsCallback callback);
+    void calculateNumberOfInstalledApps(int installReason, NumberOfAppsCallback callback);

    /**
-     * Callback that receives the total number of packages installed on the device.
+     * Asynchronously calculates the total number of apps installed on the device, across all users
+     * and managed profiles, that have been granted one or more of the given permissions by the
+     * admin.
+     *
+     * @param permissions Only consider apps that have been granted one or more of these permissions
+     *        by the admin, either at run-time or install-time
+     * @param callback The callback to invoke with the result
     */
-    interface NumberOfInstalledAppsCallback {
-        void onNumberOfInstalledAppsResult(int num);
+    void calculateNumberOfAppsWithAdminGrantedPermissions(String[] permissions,
+            NumberOfAppsCallback callback);
+
+    /**
+     * Callback that receives the number of packages installed on the device.
+     */
+    interface NumberOfAppsCallback {
+        void onNumberOfAppsResult(int num);
    }
 }
--- a/src/com/android/settings/applications/ApplicationFeatureProviderImpl.java
+++ b/src/com/android/settings/applications/ApplicationFeatureProviderImpl.java
@@ -18,21 +18,29 @@ package com.android.settings.applications;

 import android.app.Fragment;
 import android.content.Context;
+import android.content.pm.IPackageManager;
 import android.content.pm.UserInfo;
 import android.os.UserManager;
 import android.view.View;

+import com.android.settings.enterprise.DevicePolicyManagerWrapper;
+
 import java.util.List;

 public class ApplicationFeatureProviderImpl implements ApplicationFeatureProvider {

    private final Context mContext;
    private final PackageManagerWrapper mPm;
+    private final IPackageManager mPms;
+    private final DevicePolicyManagerWrapper mDpm;
    private final UserManager mUm;

-    public ApplicationFeatureProviderImpl(Context context, PackageManagerWrapper pm) {
+    public ApplicationFeatureProviderImpl(Context context, PackageManagerWrapper pm,
+            IPackageManager pms, DevicePolicyManagerWrapper dpm) {
        mContext = context.getApplicationContext();
        mPm = pm;
+        mPms = pms;
+        mDpm = dpm;
        mUm = UserManager.get(mContext);
    }

@@ -42,22 +50,51 @@ public class ApplicationFeatureProviderImpl implements ApplicationFeatureProvide
    }

    @Override
-    public void calculateNumberOfInstalledApps(int installReason,
-            NumberOfInstalledAppsCallback callback) {
-        new AllUserInstalledAppCounter(installReason, callback).execute();
+    public void calculateNumberOfInstalledApps(int installReason, NumberOfAppsCallback callback) {
+        new AllUserInstalledAppCounter(mContext, installReason, mPm, callback).execute();
    }

-    private class AllUserInstalledAppCounter extends InstalledAppCounter {
-        private NumberOfInstalledAppsCallback mCallback;
+    @Override
+    public void calculateNumberOfAppsWithAdminGrantedPermissions(String[] permissions,
+            NumberOfAppsCallback callback) {
+        new AllUserAppWithAdminGrantedPermissionsCounter(mContext, permissions, mPm, mPms, mDpm,
+                callback).execute();
+    }

-        AllUserInstalledAppCounter(int installReason, NumberOfInstalledAppsCallback callback) {
-            super(mContext, installReason, ApplicationFeatureProviderImpl.this.mPm);
+    private static class AllUserInstalledAppCounter extends InstalledAppCounter {
+        private NumberOfAppsCallback mCallback;
+
+        AllUserInstalledAppCounter(Context context, int installReason,
+                PackageManagerWrapper packageManager, NumberOfAppsCallback callback) {
+            super(context, installReason, packageManager);
            mCallback = callback;
        }

        @Override
        protected void onCountComplete(int num) {
-            mCallback.onNumberOfInstalledAppsResult(num);
+            mCallback.onNumberOfAppsResult(num);
+        }
+
+        @Override
+        protected List<UserInfo> getUsersToCount() {
+            return mUm.getUsers(true /* excludeDying */);
+        }
+    }
+
+    private static class AllUserAppWithAdminGrantedPermissionsCounter extends
+            AppWithAdminGrantedPermissionsCounter {
+        private NumberOfAppsCallback mCallback;
+
+        AllUserAppWithAdminGrantedPermissionsCounter(Context context, String[] permissions,
+                PackageManagerWrapper packageManager, IPackageManager packageManagerService,
+                DevicePolicyManagerWrapper devicePolicyManager, NumberOfAppsCallback callback) {
+            super(context, permissions, packageManager, packageManagerService, devicePolicyManager);
+            mCallback = callback;
+        }
+
+        @Override
+        protected void onCountComplete(int num) {
+            mCallback.onNumberOfAppsResult(num);
        }

        @Override
--- a/src/com/android/settings/enterprise/AdminActionPreferenceControllerBase.java
+++ b/src/com/android/settings/enterprise/AdminActionPreferenceControllerBase.java
@@ -11,6 +11,7 @@
 * KIND, either express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */
+
 package com.android.settings.enterprise;

 import android.content.Context;
--- a/src/com/android/settings/enterprise/AdminGrantedCameraPermissionPreferenceController.java
+++ b/src/com/android/settings/enterprise/AdminGrantedCameraPermissionPreferenceController.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package com.android.settings.enterprise;
+
+import android.Manifest;
+import android.content.Context;
+
+import com.android.settings.R;
+
+public class AdminGrantedCameraPermissionPreferenceController extends
+        AdminGrantedPermissionsPreferenceControllerBase {
+
+    private static final String KEY_ENTERPRISE_PRIVACY_NUMBER_CAMERA_ACCESS_PACKAGES
+            = "enterprise_privacy_number_camera_access_packages";
+
+    public AdminGrantedCameraPermissionPreferenceController(Context context) {
+        super(context, new String[] {Manifest.permission.CAMERA},
+                R.plurals.enterprise_privacy_number_camera_access_packages);
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_ENTERPRISE_PRIVACY_NUMBER_CAMERA_ACCESS_PACKAGES;
+    }
+}
--- a/src/com/android/settings/enterprise/AdminGrantedLocationPermissionsPreferenceController.java
+++ b/src/com/android/settings/enterprise/AdminGrantedLocationPermissionsPreferenceController.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package com.android.settings.enterprise;
+
+import android.Manifest;
+import android.content.Context;
+
+import com.android.settings.R;
+
+public class AdminGrantedLocationPermissionsPreferenceController extends
+        AdminGrantedPermissionsPreferenceControllerBase {
+
+    private static final String KEY_ENTERPRISE_PRIVACY_NUMBER_LOCATION_ACCESS_PACKAGES
+            = "enterprise_privacy_number_location_access_packages";
+
+    public AdminGrantedLocationPermissionsPreferenceController(Context context) {
+        super(context, new String[] {Manifest.permission.ACCESS_COARSE_LOCATION,
+                Manifest.permission.ACCESS_FINE_LOCATION},
+                R.plurals.enterprise_privacy_number_location_access_packages);
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_ENTERPRISE_PRIVACY_NUMBER_LOCATION_ACCESS_PACKAGES;
+    }
+}
--- a/src/com/android/settings/enterprise/AdminGrantedMicrophonePermissionPreferenceController.java
+++ b/src/com/android/settings/enterprise/AdminGrantedMicrophonePermissionPreferenceController.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package com.android.settings.enterprise;
+
+import android.Manifest;
+import android.content.Context;
+
+import com.android.settings.R;
+
+public class AdminGrantedMicrophonePermissionPreferenceController extends
+        AdminGrantedPermissionsPreferenceControllerBase {
+
+    private static final String KEY_ENTERPRISE_PRIVACY_NUMBER_MICROPHONE_ACCESS_PACKAGES
+            = "enterprise_privacy_number_microphone_access_packages";
+
+    public AdminGrantedMicrophonePermissionPreferenceController(Context context) {
+        super(context, new String[] {Manifest.permission.RECORD_AUDIO},
+                R.plurals.enterprise_privacy_number_microphone_access_packages);
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_ENTERPRISE_PRIVACY_NUMBER_MICROPHONE_ACCESS_PACKAGES;
+    }
+}
--- a/src/com/android/settings/enterprise/AdminGrantedPermissionsPreferenceControllerBase.java
+++ b/src/com/android/settings/enterprise/AdminGrantedPermissionsPreferenceControllerBase.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package com.android.settings.enterprise;
+
+import android.content.Context;
+import android.content.res.Resources;
+import android.support.v7.preference.Preference;
+
+import com.android.settings.applications.ApplicationFeatureProvider;
+import com.android.settings.core.PreferenceController;
+import com.android.settings.overlay.FeatureFactory;
+
+public abstract class AdminGrantedPermissionsPreferenceControllerBase extends PreferenceController {
+
+    private final String[] mPermissions;
+    private final int mStringResourceId;
+    private final ApplicationFeatureProvider mFeatureProvider;
+
+    public AdminGrantedPermissionsPreferenceControllerBase(Context context, String[] permissions,
+            int stringResourceId) {
+        super(context);
+        mPermissions = permissions;
+        mStringResourceId = stringResourceId;
+        mFeatureProvider = FeatureFactory.getFactory(context)
+                .getApplicationFeatureProvider(context);
+    }
+
+    @Override
+    public void updateState(Preference preference) {
+        mFeatureProvider.calculateNumberOfAppsWithAdminGrantedPermissions(mPermissions,
+                (num) -> {
+                    if (num == 0) {
+                        preference.setVisible(false);
+                    } else {
+                        preference.setVisible(true);
+                        preference.setTitle(mContext.getResources().getQuantityString(
+                                mStringResourceId, num, num));
+                    }
+                });
+    }
+
+    @Override
+    public boolean isAvailable() {
+        return true;
+    }
+}
--- a/src/com/android/settings/enterprise/DevicePolicyManagerWrapper.java
+++ b/src/com/android/settings/enterprise/DevicePolicyManagerWrapper.java
@@ -17,6 +17,7 @@
 package com.android.settings.enterprise;

 import android.content.ComponentName;
+import android.support.annotation.Nullable;

 /**
 * This interface replicates a subset of the android.app.admin.DevicePolicyManager (DPM). The
@@ -32,6 +33,14 @@ public interface DevicePolicyManagerWrapper {
     */
    ComponentName getDeviceOwnerComponentOnAnyUser();

+    /**
+     * Calls {@code DevicePolicyManager.getPermissionGrantState()}.
+     *
+     * @see android.app.admin.DevicePolicyManager#getPermissionGrantState
+     */
+    int getPermissionGrantState(@Nullable ComponentName admin, String packageName,
+            String permission);
+
    /**
     * Calls {@code DevicePolicyManager.getLastSecurityLogRetrievalTime()}.
     *
--- a/src/com/android/settings/enterprise/DevicePolicyManagerWrapperImpl.java
+++ b/src/com/android/settings/enterprise/DevicePolicyManagerWrapperImpl.java
@@ -18,6 +18,7 @@ package com.android.settings.enterprise;

 import android.app.admin.DevicePolicyManager;
 import android.content.ComponentName;
+import android.support.annotation.Nullable;

 public class DevicePolicyManagerWrapperImpl implements DevicePolicyManagerWrapper {
    private final DevicePolicyManager mDpm;
@@ -31,6 +32,12 @@ public class DevicePolicyManagerWrapperImpl implements DevicePolicyManagerWrappe
        return mDpm.getDeviceOwnerComponentOnAnyUser();
    }

+    @Override
+    public int getPermissionGrantState(@Nullable ComponentName admin, String packageName,
+            String permission) {
+        return mDpm.getPermissionGrantState(admin, packageName, permission);
+    }
+
    @Override
    public long getLastSecurityLogRetrievalTime() {
        return mDpm.getLastSecurityLogRetrievalTime();
--- a/src/com/android/settings/enterprise/EnterprisePrivacySettings.java
+++ b/src/com/android/settings/enterprise/EnterprisePrivacySettings.java
@@ -19,8 +19,8 @@ package com.android.settings.enterprise;
 import android.content.Context;
 import android.provider.SearchIndexableResource;

-import com.android.settings.R;
 import com.android.internal.logging.nano.MetricsProto.MetricsEvent;
+import com.android.settings.R;
 import com.android.settings.core.PreferenceController;
 import com.android.settings.dashboard.DashboardFragment;
 import com.android.settings.search.BaseSearchIndexProvider;
@@ -61,10 +61,13 @@ public class EnterprisePrivacySettings extends DashboardFragment {
        controllers.add(new NetworkLogsPreferenceController(context));
        controllers.add(new BugReportsPreferenceController(context));
        controllers.add(new SecurityLogsPreferenceController(context));
+        controllers.add(new EnterpriseInstalledPackagesPreferenceController(context));
+        controllers.add(new AdminGrantedLocationPermissionsPreferenceController(context));
+        controllers.add(new AdminGrantedMicrophonePermissionPreferenceController(context));
+        controllers.add(new AdminGrantedCameraPermissionPreferenceController(context));
        controllers.add(new AlwaysOnVpnPrimaryUserPreferenceController(context));
        controllers.add(new AlwaysOnVpnManagedProfilePreferenceController(context));
        controllers.add(new GlobalHttpProxyPreferenceController(context));
-        controllers.add(new EnterpriseInstalledPackagesPreferenceController(context));
        return controllers;
    }

--- a/src/com/android/settings/overlay/FeatureFactoryImpl.java
+++ b/src/com/android/settings/overlay/FeatureFactoryImpl.java
@@ -16,6 +16,7 @@

 package com.android.settings.overlay;

+import android.app.AppGlobals;
 import android.app.admin.DevicePolicyManager;
 import android.content.Context;
 import android.net.ConnectivityManager;
@@ -85,7 +86,10 @@ public class FeatureFactoryImpl extends FeatureFactory {
    public ApplicationFeatureProvider getApplicationFeatureProvider(Context context) {
        if (mApplicationFeatureProvider == null) {
            mApplicationFeatureProvider = new ApplicationFeatureProviderImpl(context,
-                    new PackageManagerWrapperImpl(context.getPackageManager()));
+                    new PackageManagerWrapperImpl(context.getPackageManager()),
+                    AppGlobals.getPackageManager(),
+                    new DevicePolicyManagerWrapperImpl((DevicePolicyManager) context
+                            .getSystemService(Context.DEVICE_POLICY_SERVICE)));
        }
        return mApplicationFeatureProvider;
    }