PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DO Disclosure: add UI that lists apps that were managed by owner:

Browse Source 
- had permissions granted by admin
- were installed by owner via policy

Bug: 32692748
Test: m RunSettingsRoboTests
Change-Id: I365e2f8f351671e68f83cceb7c0ca241d7a5a588
This commit is contained in:
Denis Kuznetsov
2017-04-12 15:15:53 +02:00
parent 10ad029318
commit 60b2960cbb
22 changed files with 1544 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/com/android/settings/applications/AppWithAdminGrantedPermissionsCounter.java
View File

@@ -31,7 +31,6 @@ import com.android.settings.enterprise.DevicePolicyManagerWrapper;
public abstract class AppWithAdminGrantedPermissionsCounter extends AppCounter {
private final String[] mPermissions;
private final PackageManagerWrapper mPackageManager;
private final IPackageManagerWrapper mPackageManagerService;
private final DevicePolicyManagerWrapper mDevicePolicyManager;
@@ -40,18 +39,24 @@ public abstract class AppWithAdminGrantedPermissionsCounter extends AppCounter {
DevicePolicyManagerWrapper devicePolicyManager) {
super(context, packageManager);
mPermissions = permissions;
mPackageManager = packageManager;
mPackageManagerService = packageManagerService;
mDevicePolicyManager = devicePolicyManager;
}
@Override
protected boolean includeInCount(ApplicationInfo info) {
return includeInCount(mPermissions, mDevicePolicyManager, mPm, mPackageManagerService,
info);
}
public static boolean includeInCount(String[] permissions,
DevicePolicyManagerWrapper devicePolicyManager, PackageManagerWrapper packageManager,
IPackageManagerWrapper packageManagerService, ApplicationInfo info) {
if (info.targetSdkVersion >= Build.VERSION_CODES.M) {
// The app uses run-time permissions. Check whether one or more of the permissions were
// granted by enterprise policy.
for (final String permission : mPermissions) {
if (mDevicePolicyManager.getPermissionGrantState(null /* admin */, info.packageName,
for (final String permission : permissions) {
if (devicePolicyManager.getPermissionGrantState(null /* admin */, info.packageName,
permission) == DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED) {
return true;
}
@@ -61,14 +66,14 @@ public abstract class AppWithAdminGrantedPermissionsCounter extends AppCounter {
// The app uses install-time permissions. Check whether the app requested one or more of the
// permissions and was installed by enterprise policy, implicitly granting permissions.
if (mPackageManager.getInstallReason(info.packageName,
if (packageManager.getInstallReason(info.packageName,
new UserHandle(UserHandle.getUserId(info.uid)))
!= PackageManager.INSTALL_REASON_POLICY) {
return false;
}
try {
for (final String permission : mPermissions) {
if (mPackageManagerService.checkUidPermission(permission, info.uid)
for (final String permission : permissions) {
if (packageManagerService.checkUidPermission(permission, info.uid)
== PackageManager.PERMISSION_GRANTED) {
return true;
}