1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file 5 * except in compliance with the License. You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software distributed under the 10 * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 11 * KIND, either express or implied. See the License for the specific language governing 12 * permissions and limitations under the License. 13 */ 14 15 package com.android.settings.applications; 16 17 import android.app.admin.DevicePolicyManager; 18 import android.content.Context; 19 import android.content.pm.ApplicationInfo; 20 import android.content.pm.PackageManager; 21 import android.os.Build; 22 import android.os.RemoteException; 23 import android.os.UserHandle; 24 25 import com.android.settings.enterprise.DevicePolicyManagerWrapper; 26 27 /** 28 * Counts installed apps across all users that have been granted one or more specific permissions by 29 * the admin. 30 */ 31 public abstract class AppWithAdminGrantedPermissionsCounter extends AppCounter { 32 33 private final String[] mPermissions; 34 private final IPackageManagerWrapper mPackageManagerService; 35 private final DevicePolicyManagerWrapper mDevicePolicyManager; 36 37 public AppWithAdminGrantedPermissionsCounter(Context context, String[] permissions, 38 PackageManagerWrapper packageManager, IPackageManagerWrapper packageManagerService, 39 DevicePolicyManagerWrapper devicePolicyManager) { 40 super(context, packageManager); 41 mPermissions = permissions; 42 mPackageManagerService = packageManagerService; 43 mDevicePolicyManager = devicePolicyManager; 44 } 45 46 @Override 47 protected boolean includeInCount(ApplicationInfo info) { 48 return includeInCount(mPermissions, mDevicePolicyManager, mPm, mPackageManagerService, 49 info); 50 } 51 52 public static boolean includeInCount(String[] permissions, 53 DevicePolicyManagerWrapper devicePolicyManager, PackageManagerWrapper packageManager, 54 IPackageManagerWrapper packageManagerService, ApplicationInfo info) { 55 if (info.targetSdkVersion >= Build.VERSION_CODES.M) { 56 // The app uses run-time permissions. Check whether one or more of the permissions were 57 // granted by enterprise policy. 58 for (final String permission : permissions) { 59 if (devicePolicyManager.getPermissionGrantState(null /* admin */, info.packageName, 60 permission) == DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED) { 61 return true; 62 } 63 } 64 return false; 65 } 66 67 // The app uses install-time permissions. Check whether the app requested one or more of the 68 // permissions and was installed by enterprise policy, implicitly granting permissions. 69 if (packageManager.getInstallReason(info.packageName, 70 new UserHandle(UserHandle.getUserId(info.uid))) 71 != PackageManager.INSTALL_REASON_POLICY) { 72 return false; 73 } 74 try { 75 for (final String permission : permissions) { 76 if (packageManagerService.checkUidPermission(permission, info.uid) 77 == PackageManager.PERMISSION_GRANTED) { 78 return true; 79 } 80 } 81 } catch (RemoteException exception) { 82 } 83 return false; 84 } 85 } 86