Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 0bf8f7cc3982164a9e11ea4a25ed930e466f1dd8^! / . / core / java / android / app / admin / DevicePolicyManager.java
commit0bf8f7cc3982164a9e11ea4a25ed930e466f1dd8[log] [tgz]
authorAmith Yamasani <yamasani@google.com>Mon Jun 22 13:00:32 2015 -0700
committerAmith Yamasani <yamasani@google.com>Tue Jun 23 12:01:36 2015 -0700
treed609c7539fadf8421397533a79ef7f224bdd6e8a
parentdd7705bbf26dc940ba314807f58dc9a81de452af [diff] [blame]
Runtime permissions cannot be set on legacy apps by device policy

Clarify docs that runtime permissions can be granted or revoked by
a profile owner/device owner only for MNC apps and not legacy apps.

Check the targetSdkVersion and return false if legacy app.

Remove all policy flags from permissions when cleaning up
a device or profile owner.

Bug: 21835304
Bug: 21889278
Change-Id: I4271394737990983449048d112a1830f9d0f2d78

diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index b859dca..4d1cff5 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java

@@ -4350,6 +4350,12 @@
      * group that the runtime permission belongs to. This method can only be called
      * by a profile or device owner.
      *
+     * <p/>Setting the grant state to {@link #PERMISSION_GRANT_STATE_DEFAULT default} does not
+     * revoke the permission. It retains the previous grant, if any.
+     *
+     * <p/>Permissions can be granted or revoked only for applications built with a
+     * {@code targetSdkVersion} of {@link android.os.Build.VERSION_CODES#MNC} or later.
+     *
      * @param admin Which profile or device owner this request is associated with.
      * @param packageName The application to grant or revoke a permission to.
      * @param permission The permission to grant or revoke.