Google Git
Sign in
android / platform / packages / apps / PackageInstaller / refs/tags/q_tzdata_aml_295500002^1..refs/tags/q_tzdata_aml_295500002 / .
commit679f0b9d33da7f5cb99b6c8fda7d0c7b839cc89f[log] [tgz]
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Oct 13 07:59:48 2022 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Thu Oct 13 07:59:48 2022 +0000
treeeeaa320350ddeea4aaa340ea12795ce80c287280
parentcda2f5488acda30d769439f0705fa81ae7b9ddd9 [diff]
parent8ab73389b49de44517d3700e8959f768baefcad7 [diff]
Snap for 9170954 from 8ab73389b49de44517d3700e8959f768baefcad7 to qt-aml-tzdata-release

Change-Id: I9ad9399fed3c39037ab0be10d321efa51b46cee7

diff --git a/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java b/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java
index d846ce0..c6d5cd0 100644
--- a/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java
+++ b/src/com/android/packageinstaller/permission/service/PermissionControllerServiceImpl.java

@@ -35,6 +35,7 @@
 import android.content.pm.PackageManager;
 import android.os.AsyncTask;
 import android.os.UserHandle;
+import android.os.UserManager;
 import android.permission.PermissionControllerService;
 import android.permission.PermissionManager;
 import android.permission.RuntimePermissionPresentationInfo;
@@ -49,6 +50,7 @@
 import com.android.packageinstaller.permission.model.AppPermissionGroup;
 import com.android.packageinstaller.permission.model.AppPermissions;
 import com.android.packageinstaller.permission.model.Permission;
+import com.android.packageinstaller.permission.utils.AdminRestrictedPermissionsUtils;
 import com.android.packageinstaller.permission.utils.Utils;
 
 import org.xmlpull.v1.XmlPullParser;
@@ -528,6 +530,8 @@
 
         AppPermissions app = new AppPermissions(this, pkgInfo, false, true, null);
 
+        final boolean isManagedProfile = getSystemService(UserManager.class).isManagedProfile();
+
         int numPerms = expandedPermissions.size();
         for (int i = 0; i < numPerms; i++) {
             String permName = expandedPermissions.get(i);
@@ -543,8 +547,14 @@
 
             switch (grantState) {
                 case PERMISSION_GRANT_STATE_GRANTED:
-                    perm.setPolicyFixed(true);
-                    group.grantRuntimePermissions(false, new String[]{permName});
+                    if (AdminRestrictedPermissionsUtils.mayAdminGrantPermission(perm.getName(),
+                            isManagedProfile)) {
+                        perm.setPolicyFixed(true);
+                        group.grantRuntimePermissions(false, new String[]{permName});
+                    } else {
+                        // similar to PERMISSION_GRANT_STATE_DEFAULT
+                        perm.setPolicyFixed(false);
+                    }
                     break;
                 case PERMISSION_GRANT_STATE_DENIED:
                     perm.setPolicyFixed(true);

diff --git a/src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java b/src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java
index c21bb16..1483d4d 100644
--- a/src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java
+++ b/src/com/android/packageinstaller/permission/ui/ReviewPermissionsActivity.java

@@ -21,6 +21,7 @@
 import android.content.pm.PackageManager;
 import android.os.Bundle;
 import android.text.TextUtils;
+import android.view.WindowManager;
 
 import androidx.fragment.app.Fragment;
 import androidx.fragment.app.FragmentActivity;
@@ -39,6 +40,9 @@
     protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
 
+        getWindow().addSystemFlags(
+                WindowManager.LayoutParams.SYSTEM_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
+
         PackageInfo packageInfo = getTargetPackageInfo();
         if (packageInfo == null) {
             finish();

diff --git a/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java b/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java
new file mode 100644
index 0000000..3379830
--- /dev/null
+++ b/src/com/android/packageinstaller/permission/utils/AdminRestrictedPermissionsUtils.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+package com.android.packageinstaller.permission.utils;
+
+import android.Manifest;
+import android.util.ArraySet;
+
+/**
+ * A class for dealing with permissions that the admin may not grant in certain configurations.
+ */
+public final class AdminRestrictedPermissionsUtils {
+
+    /**
+     * A set of permissions that the managed Profile Owner cannot grant.
+     */
+    private static final ArraySet<String> MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS =
+            new ArraySet<>();
+
+    static {
+        MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS.add(Manifest.permission.READ_SMS);
+    }
+
+    /**
+     * Returns true if the admin may grant this permission, false otherwise.
+     */
+    public static boolean mayAdminGrantPermission(String permission, boolean isManagedProfile) {
+        return !isManagedProfile
+                || !MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS.contains(permission);
+    }
+}
\ No newline at end of file