Add admin-granted permissions to Enterprise Privacy Settings page

This CL adds information about the number of apps that have been granted particularly sensitive permissions (location, microphone, camera) by the admin. Bug: 32692748 Test: make RunSettingsRoboTests Change-Id: I650d3e1ed3950960c58722b0c035a76daeb36478
2017-01-16 15:48:56 +01:00
parent 859bc9190d
commit 9704a28c7b
27 changed files with 1026 additions and 83 deletions
--- a/src/com/android/settings/applications/AppWithAdminGrantedPermissionsCounter.java
+++ b/src/com/android/settings/applications/AppWithAdminGrantedPermissionsCounter.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package com.android.settings.applications;
+
+import android.app.admin.DevicePolicyManager;
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.IPackageManager;
+import android.content.pm.PackageManager;
+import android.os.Build;
+import android.os.RemoteException;
+import android.os.UserHandle;
+
+import com.android.settings.enterprise.DevicePolicyManagerWrapper;
+
+/**
+ * Counts installed apps across all users that have been granted one or more specific permissions by
+ * the admin.
+ */
+public abstract class AppWithAdminGrantedPermissionsCounter extends AppCounter {
+
+    private final String[] mPermissions;
+    private final PackageManagerWrapper mPackageManager;
+    private final IPackageManager mPackageManagerService;
+    private final DevicePolicyManagerWrapper mDevicePolicyManager;
+
+    public AppWithAdminGrantedPermissionsCounter(Context context, String[] permissions,
+            PackageManagerWrapper packageManager, IPackageManager packageManagerService,
+            DevicePolicyManagerWrapper devicePolicyManager) {
+        super(context, packageManager);
+        mPermissions = permissions;
+        mPackageManager = packageManager;
+        mPackageManagerService = packageManagerService;
+        mDevicePolicyManager = devicePolicyManager;
+    }
+
+    @Override
+    protected boolean includeInCount(ApplicationInfo info) {
+        if (info.targetSdkVersion >= Build.VERSION_CODES.M) {
+            // The app uses run-time permissions. Check whether one or more of the permissions were
+            // granted by enterprise policy.
+            for (final String permission : mPermissions) {
+                if (mDevicePolicyManager.getPermissionGrantState(null /* admin */, info.packageName,
+                        permission) == DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED) {
+                    return true;
+                }
+            }
+            return false;
+        }
+
+        // The app uses install-time permissions. Check whether the app requested one or more of the
+        // permissions and was installed by enterprise policy, implicitly granting permissions.
+        if (mPackageManager.getInstallReason(info.packageName,
+                new UserHandle(UserHandle.getUserId(info.uid)))
+                        != PackageManager.INSTALL_REASON_POLICY) {
+            return false;
+        }
+        try {
+            for (final String permission : mPermissions) {
+                if (mPackageManagerService.checkUidPermission(permission, info.uid)
+                        == PackageManager.PERMISSION_GRANTED) {
+                    return true;
+                }
+            }
+        } catch (RemoteException exception) {
+        }
+        return false;
+    }
+}
--- a/src/com/android/settings/applications/ApplicationFeatureProvider.java
+++ b/src/com/android/settings/applications/ApplicationFeatureProvider.java
@@ -35,17 +35,29 @@ public interface ApplicationFeatureProvider {
     * Asynchronously calculates the total number of apps installed on the device, across all users
     * and managed profiles.
     *
-     * @param installReason Only consider packages with this install reason; may be any install
-     *         reason defined in {@link android.content.pm.PackageManager} or
-     *         {@link #IGNORE_INSTALL_REASON} to count all packages, irrespective of install reason.
+     * @param installReason Only consider apps with this install reason; may be any install reason
+     *         defined in {@link android.content.pm.PackageManager} or
+     *         {@link #IGNORE_INSTALL_REASON} to count all apps, irrespective of install reason.
     * @param callback The callback to invoke with the result
     */
-    void calculateNumberOfInstalledApps(int installReason, NumberOfInstalledAppsCallback callback);
+    void calculateNumberOfInstalledApps(int installReason, NumberOfAppsCallback callback);

    /**
-     * Callback that receives the total number of packages installed on the device.
+     * Asynchronously calculates the total number of apps installed on the device, across all users
+     * and managed profiles, that have been granted one or more of the given permissions by the
+     * admin.
+     *
+     * @param permissions Only consider apps that have been granted one or more of these permissions
+     *        by the admin, either at run-time or install-time
+     * @param callback The callback to invoke with the result
     */
-    interface NumberOfInstalledAppsCallback {
-        void onNumberOfInstalledAppsResult(int num);
+    void calculateNumberOfAppsWithAdminGrantedPermissions(String[] permissions,
+            NumberOfAppsCallback callback);
+
+    /**
+     * Callback that receives the number of packages installed on the device.
+     */
+    interface NumberOfAppsCallback {
+        void onNumberOfAppsResult(int num);
    }
 }
--- a/src/com/android/settings/applications/ApplicationFeatureProviderImpl.java
+++ b/src/com/android/settings/applications/ApplicationFeatureProviderImpl.java
@@ -18,21 +18,29 @@ package com.android.settings.applications;

 import android.app.Fragment;
 import android.content.Context;
+import android.content.pm.IPackageManager;
 import android.content.pm.UserInfo;
 import android.os.UserManager;
 import android.view.View;

+import com.android.settings.enterprise.DevicePolicyManagerWrapper;
+
 import java.util.List;

 public class ApplicationFeatureProviderImpl implements ApplicationFeatureProvider {

    private final Context mContext;
    private final PackageManagerWrapper mPm;
+    private final IPackageManager mPms;
+    private final DevicePolicyManagerWrapper mDpm;
    private final UserManager mUm;

-    public ApplicationFeatureProviderImpl(Context context, PackageManagerWrapper pm) {
+    public ApplicationFeatureProviderImpl(Context context, PackageManagerWrapper pm,
+            IPackageManager pms, DevicePolicyManagerWrapper dpm) {
        mContext = context.getApplicationContext();
        mPm = pm;
+        mPms = pms;
+        mDpm = dpm;
        mUm = UserManager.get(mContext);
    }

@@ -42,22 +50,51 @@ public class ApplicationFeatureProviderImpl implements ApplicationFeatureProvide
    }

    @Override
-    public void calculateNumberOfInstalledApps(int installReason,
-            NumberOfInstalledAppsCallback callback) {
-        new AllUserInstalledAppCounter(installReason, callback).execute();
+    public void calculateNumberOfInstalledApps(int installReason, NumberOfAppsCallback callback) {
+        new AllUserInstalledAppCounter(mContext, installReason, mPm, callback).execute();
    }

-    private class AllUserInstalledAppCounter extends InstalledAppCounter {
-        private NumberOfInstalledAppsCallback mCallback;
+    @Override
+    public void calculateNumberOfAppsWithAdminGrantedPermissions(String[] permissions,
+            NumberOfAppsCallback callback) {
+        new AllUserAppWithAdminGrantedPermissionsCounter(mContext, permissions, mPm, mPms, mDpm,
+                callback).execute();
+    }

-        AllUserInstalledAppCounter(int installReason, NumberOfInstalledAppsCallback callback) {
-            super(mContext, installReason, ApplicationFeatureProviderImpl.this.mPm);
+    private static class AllUserInstalledAppCounter extends InstalledAppCounter {
+        private NumberOfAppsCallback mCallback;
+
+        AllUserInstalledAppCounter(Context context, int installReason,
+                PackageManagerWrapper packageManager, NumberOfAppsCallback callback) {
+            super(context, installReason, packageManager);
            mCallback = callback;
        }

        @Override
        protected void onCountComplete(int num) {
-            mCallback.onNumberOfInstalledAppsResult(num);
+            mCallback.onNumberOfAppsResult(num);
+        }
+
+        @Override
+        protected List<UserInfo> getUsersToCount() {
+            return mUm.getUsers(true /* excludeDying */);
+        }
+    }
+
+    private static class AllUserAppWithAdminGrantedPermissionsCounter extends
+            AppWithAdminGrantedPermissionsCounter {
+        private NumberOfAppsCallback mCallback;
+
+        AllUserAppWithAdminGrantedPermissionsCounter(Context context, String[] permissions,
+                PackageManagerWrapper packageManager, IPackageManager packageManagerService,
+                DevicePolicyManagerWrapper devicePolicyManager, NumberOfAppsCallback callback) {
+            super(context, permissions, packageManager, packageManagerService, devicePolicyManager);
+            mCallback = callback;
+        }
+
+        @Override
+        protected void onCountComplete(int num) {
+            mCallback.onNumberOfAppsResult(num);
        }

        @Override