From 943c2686c5e8595c286f2bb8a926d6798c563657 Mon Sep 17 00:00:00 2001
From: Lars Greiss <kufikugel@googlemail.com>
Date: Wed, 3 Jul 2013 22:44:11 +0200
Subject: Settings: privacy Guard enhance app logic

This commit changes the following

- do not show apps signed with the plaform certificate at all
  (like settings, systemUI, android system etc)
  IMO the user should trust the android signed apps to be save and this will
  prevent weird behaviours user can get when they activate it on this packages
  all other system apps (like calculator, browser) and all which are not signed with
  android key are not effected.

- to go inline with AOSP disable the checkbox in detail app screen
  for built in apps

cheers

SlimRoms

Change-Id: I12b5522f6e58047173778381fb7290bb1c71bab3
---
 .../settings/applications/InstalledAppDetails.java | 28 +++++++++++++++++-----
 .../privacyguard/PrivacyGuardManager.java          | 21 ++++++++++++++--
 2 files changed, 41 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/com/android/settings/applications/InstalledAppDetails.java b/src/com/android/settings/applications/InstalledAppDetails.java
index 778ef44..4091b13 100644
--- a/src/com/android/settings/applications/InstalledAppDetails.java
+++ b/src/com/android/settings/applications/InstalledAppDetails.java
@@ -401,10 +401,19 @@ public class InstalledAppDetails extends Fragment
     }
 
     private void initPrivacyGuardButton() {
-        // TODO: We probably want to disable this optional for the built-in apps
-        boolean enabled = mPm.getPrivacyGuardSetting(mAppEntry.info.packageName);
-        mPrivacyGuardSwitch.setChecked(enabled);
-        mPrivacyGuardSwitch.setOnCheckedChangeListener(this);
+        if (mPrivacyGuardSwitch == null) {
+            return;
+        }
+
+        mPrivacyGuardSwitch.setChecked(mPm.getPrivacyGuardSetting(mAppEntry.info.packageName));
+
+        // disable privacy guard switch if the app is signed with the platform certificate
+        // to avoid the user shooting himself in the foot
+        if (isThisASystemPackage()) {
+            mPrivacyGuardSwitch.setEnabled(false);
+        } else {
+            mPrivacyGuardSwitch.setOnCheckedChangeListener(this);
+        }
     }
 
     /** Called when the activity is first created. */
@@ -1201,10 +1210,17 @@ public class InstalledAppDetails extends Fragment
                     .setNegativeButton(R.string.dlg_cancel, null)
                     .create();
                 case DLG_PRIVACY_GUARD:
+                    final int messageResId;
+                    if ((getOwner().mAppEntry.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
+                        messageResId = R.string.privacy_guard_dlg_system_app_text;
+                    } else {
+                        messageResId = R.string.privacy_guard_dlg_text;
+                    }
+
                     return new AlertDialog.Builder(getActivity())
-                    .setTitle(getActivity().getText(R.string.privacy_guard_dlg_title))
+                    .setTitle(R.string.privacy_guard_dlg_title)
                     .setIconAttribute(android.R.attr.alertDialogIcon)
-                    .setMessage(getActivity().getText(R.string.privacy_guard_dlg_text))
+                    .setMessage(messageResId)
                     .setPositiveButton(R.string.dlg_ok,
                         new DialogInterface.OnClickListener() {
                         public void onClick(DialogInterface dialog, int which) {
diff --git a/src/com/android/settings/cyanogenmod/privacyguard/PrivacyGuardManager.java b/src/com/android/settings/cyanogenmod/privacyguard/PrivacyGuardManager.java
index efb05a4..9e27147 100644
--- a/src/com/android/settings/cyanogenmod/privacyguard/PrivacyGuardManager.java
+++ b/src/com/android/settings/cyanogenmod/privacyguard/PrivacyGuardManager.java
@@ -27,6 +27,7 @@ import android.content.Intent;
 import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
+import android.content.pm.Signature;
 import android.content.SharedPreferences;
 import android.net.Uri;
 import android.os.Bundle;
@@ -195,14 +196,30 @@ public class PrivacyGuardManager extends Fragment
     */
     private List<AppInfo> loadInstalledApps() {
         List<AppInfo> apps = new ArrayList<AppInfo>();
-        List<PackageInfo> packages = mPm.getInstalledPackages(PackageManager.GET_PERMISSIONS);
+        List<PackageInfo> packages = mPm.getInstalledPackages(
+            PackageManager.GET_PERMISSIONS | PackageManager.GET_SIGNATURES);
         boolean showSystemApps = shouldShowSystemApps();
         boolean filterByPermission = shouldFilterByPermission();
+        Signature platformCert;
+
+        try {
+            PackageInfo sysInfo = mPm.getPackageInfo("android", PackageManager.GET_SIGNATURES);
+            platformCert = sysInfo.signatures[0];
+        } catch (PackageManager.NameNotFoundException e) {
+            platformCert = null;
+        }
 
         for (PackageInfo info : packages) {
             final ApplicationInfo appInfo = info.applicationInfo;
 
-            // skip system apps if they shall not be included
+            // hide apps signed with the platform certificate to avoid the user
+            // shooting himself in the foot
+            if (platformCert != null && info.signatures != null
+                    && platformCert.equals(info.signatures[0])) {
+                continue;
+            }
+
+            // skip all system apps if they shall not be included
             if (!showSystemApps && (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
                 continue;
             }
-- 
cgit v1.1