diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-13 07:59:48 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-10-13 07:59:48 +0000 |
commit | 679f0b9d33da7f5cb99b6c8fda7d0c7b839cc89f (patch) | |
tree | eeaa320350ddeea4aaa340ea12795ce80c287280 | |
parent | cda2f5488acda30d769439f0705fa81ae7b9ddd9 (diff) | |
parent | 8ab73389b49de44517d3700e8959f768baefcad7 (diff) | |
download | PackageInstaller-android10-mainline-tzdata-release.tar.gz |
Snap for 9170954 from 8ab73389b49de44517d3700e8959f768baefcad7 to qt-aml-tzdata-releaseq_tzdata_aml_297100400q_tzdata_aml_297100300q_tzdata_aml_297100000q_tzdata_aml_296200000q_tzdata_aml_295600118q_tzdata_aml_295600110q_tzdata_aml_295500002q_tzdata_aml_295500001q_tzdata_aml_297100000android10-mainline-tzdata-releaseandroid10-android13-mainline-tzdata-release
Change-Id: I9ad9399fed3c39037ab0be10d321efa51b46cee7
3 files changed, 60 insertions, 2 deletions
diff --git a/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java b/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java index d846ce092..c6d5cd021 100644 --- a/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java +++ b/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java @@ -35,6 +35,7 @@ import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.os.AsyncTask; import android.os.UserHandle; +import android.os.UserManager; import android.permission.PermissionControllerService; import android.permission.PermissionManager; import android.permission.RuntimePermissionPresentationInfo; @@ -49,6 +50,7 @@ import androidx.annotation.Nullable; import com.android.packageinstaller.permission.model.AppPermissionGroup; import com.android.packageinstaller.permission.model.AppPermissions; import com.android.packageinstaller.permission.model.Permission; +import com.android.packageinstaller.permission.utils.AdminRestrictedPermissionsUtils; import com.android.packageinstaller.permission.utils.Utils; import org.xmlpull.v1.XmlPullParser; @@ -528,6 +530,8 @@ public final class PermissionControllerServiceImpl extends PermissionControllerS AppPermissions app = new AppPermissions(this, pkgInfo, false, true, null); + final boolean isManagedProfile = getSystemService(UserManager.class).isManagedProfile(); + int numPerms = expandedPermissions.size(); for (int i = 0; i < numPerms; i++) { String permName = expandedPermissions.get(i); @@ -543,8 +547,14 @@ public final class PermissionControllerServiceImpl extends PermissionControllerS switch (grantState) { case PERMISSION_GRANT_STATE_GRANTED: - perm.setPolicyFixed(true); - group.grantRuntimePermissions(false, new String[]{permName}); + if (AdminRestrictedPermissionsUtils.mayAdminGrantPermission(perm.getName(), + isManagedProfile)) { + perm.setPolicyFixed(true); + group.grantRuntimePermissions(false, new String[]{permName}); + } else { + // similar to PERMISSION_GRANT_STATE_DEFAULT + perm.setPolicyFixed(false); + } break; case PERMISSION_GRANT_STATE_DENIED: perm.setPolicyFixed(true); diff --git a/src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java b/src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java index c21bb169c..1483d4df5 100644 --- a/src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java +++ b/src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java @@ -21,6 +21,7 @@ import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.os.Bundle; import android.text.TextUtils; +import android.view.WindowManager; import androidx.fragment.app.Fragment; import androidx.fragment.app.FragmentActivity; @@ -39,6 +40,9 @@ public final class ReviewPermissionsActivity extends FragmentActivity protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + getWindow().addSystemFlags( + WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS); + PackageInfo packageInfo = getTargetPackageInfo(); if (packageInfo == null) { finish(); diff --git a/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java b/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java new file mode 100644 index 000000000..337983076 --- /dev/null +++ b/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +package com.android.packageinstaller.permission.utils; + +import android.Manifest; +import android.util.ArraySet; + +/** + * A class for dealing with permissions that the admin may not grant in certain configurations. + */ +public final class AdminRestrictedPermissionsUtils { + + /** + * A set of permissions that the managed Profile Owner cannot grant. + */ + private static final ArraySet<String> MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS = + new ArraySet<>(); + + static { + MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS.add(Manifest.permission.READ_SMS); + } + + /** + * Returns true if the admin may grant this permission, false otherwise. + */ + public static boolean mayAdminGrantPermission(String permission, boolean isManagedProfile) { + return !isManagedProfile + || !MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS.contains(permission); + } +}
\ No newline at end of file |