Add admin-granted permissions to Enterprise Privacy Settings page

This CL adds information about the number of apps that have been granted particularly sensitive permissions (location, microphone, camera) by the admin. Bug: 32692748 Test: make RunSettingsRoboTests Change-Id: I650d3e1ed3950960c58722b0c035a76daeb36478
2017-01-16 15:48:56 +01:00
parent 859bc9190d
commit 9704a28c7b
27 changed files with 1026 additions and 83 deletions
--- a/src/com/android/settings/applications/AppWithAdminGrantedPermissionsCounter.java
+++ b/src/com/android/settings/applications/AppWithAdminGrantedPermissionsCounter.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package com.android.settings.applications;
+
+import android.app.admin.DevicePolicyManager;
+import android.content.Context;
+import android.content.pm.ApplicationInfo;
+import android.content.pm.IPackageManager;
+import android.content.pm.PackageManager;
+import android.os.Build;
+import android.os.RemoteException;
+import android.os.UserHandle;
+
+import com.android.settings.enterprise.DevicePolicyManagerWrapper;
+
+/**
+ * Counts installed apps across all users that have been granted one or more specific permissions by
+ * the admin.
+ */
+public abstract class AppWithAdminGrantedPermissionsCounter extends AppCounter {
+
+    private final String[] mPermissions;
+    private final PackageManagerWrapper mPackageManager;
+    private final IPackageManager mPackageManagerService;
+    private final DevicePolicyManagerWrapper mDevicePolicyManager;
+
+    public AppWithAdminGrantedPermissionsCounter(Context context, String[] permissions,
+            PackageManagerWrapper packageManager, IPackageManager packageManagerService,
+            DevicePolicyManagerWrapper devicePolicyManager) {
+        super(context, packageManager);
+        mPermissions = permissions;
+        mPackageManager = packageManager;
+        mPackageManagerService = packageManagerService;
+        mDevicePolicyManager = devicePolicyManager;
+    }
+
+    @Override
+    protected boolean includeInCount(ApplicationInfo info) {
+        if (info.targetSdkVersion >= Build.VERSION_CODES.M) {
+            // The app uses run-time permissions. Check whether one or more of the permissions were
+            // granted by enterprise policy.
+            for (final String permission : mPermissions) {
+                if (mDevicePolicyManager.getPermissionGrantState(null /* admin */, info.packageName,
+                        permission) == DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED) {
+                    return true;
+                }
+            }
+            return false;
+        }
+
+        // The app uses install-time permissions. Check whether the app requested one or more of the
+        // permissions and was installed by enterprise policy, implicitly granting permissions.
+        if (mPackageManager.getInstallReason(info.packageName,
+                new UserHandle(UserHandle.getUserId(info.uid)))
+                        != PackageManager.INSTALL_REASON_POLICY) {
+            return false;
+        }
+        try {
+            for (final String permission : mPermissions) {
+                if (mPackageManagerService.checkUidPermission(permission, info.uid)
+                        == PackageManager.PERMISSION_GRANTED) {
+                    return true;
+                }
+            }
+        } catch (RemoteException exception) {
+        }
+        return false;
+    }
+}