Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java +38 −1 Original line number Original line Diff line number Diff line Loading @@ -56,7 +56,6 @@ import android.content.pm.UserInfo; import android.content.pm.UserProperties; import android.content.pm.UserProperties; import android.os.Binder; import android.os.Binder; import android.os.Bundle; import android.os.Bundle; import android.os.Environment; import android.os.Parcel; import android.os.Parcel; import android.os.RemoteException; import android.os.RemoteException; import android.os.UserHandle; import android.os.UserHandle; Loading Loading @@ -2377,6 +2376,44 @@ final class DevicePolicyEngine { return 0; return 0; } } /* * Returns the admins who has contributed to the resolved policy value for the given policy * definition. Doesn't return the admin if the policy value set by the admin is not included * in the resolved policy. */ @NonNull <V> Set<EnforcingAdmin> getEnforcingAdminsForResolvedPolicy( @NonNull PolicyDefinition<V> definition, int userId) { // If the policy is not set, there's no enforcing admin. if (getResolvedPolicyValue(definition, userId) == null) { return Collections.emptySet(); } synchronized (mLock) { // Since there's a policy value set in the resolved policy, we know it's either set // locally or globally. Gather all values admins has set. LinkedHashMap<EnforcingAdmin, PolicyValue<V>> policiesSetByAdmins = new LinkedHashMap<>(); // Note that this logic for local and global policy application is duplicated on // DevicePolicyEngine#setGlobalPolicy and DevicePolicyEngine#setLocalPolicy as well // as PolicyState#resolve method. In future, this can be refactored together with the // listed methods. if (hasGlobalPolicyLocked(definition)) { policiesSetByAdmins.putAll( getGlobalPolicyStateLocked(definition).getPoliciesSetByAdmins()); } // Put local policy values later as the local policy set by one admin, overrides the // value for global policy for the same admin. This ordering is important to provide // the correct logic. if (hasLocalPolicyLocked(definition, userId)) { policiesSetByAdmins.putAll(getLocalPolicyStateLocked(definition, userId).getPoliciesSetByAdmins()); } // We know that resolved policy is not null as we have checked for it before. return Objects.requireNonNull( definition.resolvePolicy(policiesSetByAdmins)).getContributingAdmins(); } } public void dump(IndentingPrintWriter pw) { public void dump(IndentingPrintWriter pw) { synchronized (mLock) { synchronized (mLock) { pw.println("Local Policies: "); pw.println("Local Policies: "); Loading services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyEngineTest.kt +132 −0 Original line number Original line Diff line number Diff line Loading @@ -291,6 +291,136 @@ class DevicePolicyEngineTest { assertThat(resolvedPolicy).isNull() assertThat(resolvedPolicy).isNull() } } @Test fun getEnforcingAdminsForResolvedPolicy_oneAdminSetsPolicy_singleEnforcingAdmin() { ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, HIGH_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( PASSWORD_COMPLEXITY_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicy_singleEnforcingAdminForResolvedValue() { ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, LOW_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, SYSTEM_ADMIN ) // Only this policy value set by this admin will take effect because of the resolution mechanism. ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, HIGH_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( PASSWORD_COMPLEXITY_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicy_multipleEnforcingAdminsForResolvedValue() { ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, HIGH_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, HIGH_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, SYSTEM_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( PASSWORD_COMPLEXITY_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicyLocallyAndGlobally_multipleEnforcingAdminsForResolvedValue() { ensurePolicyIsSetLocally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_1, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) ensurePolicyIsSetGlobally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_2, SYSTEM_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicyLocallyTwiceAndGlobally_multipleEnforcingAdminsForResolvedValue() { ensurePolicyIsSetLocally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_1, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) ensurePolicyIsSetLocally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_1_SUBSET, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) ensurePolicyIsSetGlobally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_2, SYSTEM_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_unsetPolicy_emptySet() { val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( PASSWORD_COMPLEXITY_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).isEmpty() } companion object { companion object { private const val POLICY_SET = PolicyUpdateResult.RESULT_POLICY_SET private const val POLICY_SET = PolicyUpdateResult.RESULT_POLICY_SET private const val FAILURE_UNKNOWN = PolicyUpdateResult.RESULT_FAILURE_UNKNOWN private const val FAILURE_UNKNOWN = PolicyUpdateResult.RESULT_FAILURE_UNKNOWN Loading @@ -305,6 +435,8 @@ class DevicePolicyEngineTest { private val HIGH_PASSWORD_COMPLEXITY = private val HIGH_PASSWORD_COMPLEXITY = IntegerPolicyValue(DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH) IntegerPolicyValue(DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH) private val LOW_PASSWORD_COMPLEXITY = IntegerPolicyValue(DevicePolicyManager.PASSWORD_COMPLEXITY_LOW) private val AUTO_TIME_ZONE_ENABLED = private val AUTO_TIME_ZONE_ENABLED = IntegerPolicyValue(DevicePolicyManager.AUTO_TIME_ZONE_ENABLED) IntegerPolicyValue(DevicePolicyManager.AUTO_TIME_ZONE_ENABLED) private val PACKAGE_SET_POLICY_VALUE_1 = private val PACKAGE_SET_POLICY_VALUE_1 = Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java +38 −1 Original line number Original line Diff line number Diff line Loading @@ -56,7 +56,6 @@ import android.content.pm.UserInfo; import android.content.pm.UserProperties; import android.content.pm.UserProperties; import android.os.Binder; import android.os.Binder; import android.os.Bundle; import android.os.Bundle; import android.os.Environment; import android.os.Parcel; import android.os.Parcel; import android.os.RemoteException; import android.os.RemoteException; import android.os.UserHandle; import android.os.UserHandle; Loading Loading @@ -2377,6 +2376,44 @@ final class DevicePolicyEngine { return 0; return 0; } } /* * Returns the admins who has contributed to the resolved policy value for the given policy * definition. Doesn't return the admin if the policy value set by the admin is not included * in the resolved policy. */ @NonNull <V> Set<EnforcingAdmin> getEnforcingAdminsForResolvedPolicy( @NonNull PolicyDefinition<V> definition, int userId) { // If the policy is not set, there's no enforcing admin. if (getResolvedPolicyValue(definition, userId) == null) { return Collections.emptySet(); } synchronized (mLock) { // Since there's a policy value set in the resolved policy, we know it's either set // locally or globally. Gather all values admins has set. LinkedHashMap<EnforcingAdmin, PolicyValue<V>> policiesSetByAdmins = new LinkedHashMap<>(); // Note that this logic for local and global policy application is duplicated on // DevicePolicyEngine#setGlobalPolicy and DevicePolicyEngine#setLocalPolicy as well // as PolicyState#resolve method. In future, this can be refactored together with the // listed methods. if (hasGlobalPolicyLocked(definition)) { policiesSetByAdmins.putAll( getGlobalPolicyStateLocked(definition).getPoliciesSetByAdmins()); } // Put local policy values later as the local policy set by one admin, overrides the // value for global policy for the same admin. This ordering is important to provide // the correct logic. if (hasLocalPolicyLocked(definition, userId)) { policiesSetByAdmins.putAll(getLocalPolicyStateLocked(definition, userId).getPoliciesSetByAdmins()); } // We know that resolved policy is not null as we have checked for it before. return Objects.requireNonNull( definition.resolvePolicy(policiesSetByAdmins)).getContributingAdmins(); } } public void dump(IndentingPrintWriter pw) { public void dump(IndentingPrintWriter pw) { synchronized (mLock) { synchronized (mLock) { pw.println("Local Policies: "); pw.println("Local Policies: "); Loading
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyEngineTest.kt +132 −0 Original line number Original line Diff line number Diff line Loading @@ -291,6 +291,136 @@ class DevicePolicyEngineTest { assertThat(resolvedPolicy).isNull() assertThat(resolvedPolicy).isNull() } } @Test fun getEnforcingAdminsForResolvedPolicy_oneAdminSetsPolicy_singleEnforcingAdmin() { ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, HIGH_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( PASSWORD_COMPLEXITY_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicy_singleEnforcingAdminForResolvedValue() { ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, LOW_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, SYSTEM_ADMIN ) // Only this policy value set by this admin will take effect because of the resolution mechanism. ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, HIGH_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( PASSWORD_COMPLEXITY_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicy_multipleEnforcingAdminsForResolvedValue() { ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, HIGH_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) ensurePolicyIsSetLocally( PASSWORD_COMPLEXITY_POLICY, HIGH_PASSWORD_COMPLEXITY, SYSTEM_USER_ID, SYSTEM_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( PASSWORD_COMPLEXITY_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicyLocallyAndGlobally_multipleEnforcingAdminsForResolvedValue() { ensurePolicyIsSetLocally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_1, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) ensurePolicyIsSetGlobally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_2, SYSTEM_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicyLocallyTwiceAndGlobally_multipleEnforcingAdminsForResolvedValue() { ensurePolicyIsSetLocally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_1, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) ensurePolicyIsSetLocally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_1_SUBSET, SYSTEM_USER_ID, DEVICE_OWNER_ADMIN ) ensurePolicyIsSetGlobally( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, PACKAGE_SET_POLICY_VALUE_2, SYSTEM_ADMIN ) val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( USER_CONTROLLED_DISABLED_PACKAGES_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN) } @Test fun getEnforcingAdminsForResolvedPolicy_unsetPolicy_emptySet() { val enforcingAdmins = devicePolicyEngine.getEnforcingAdminsForResolvedPolicy( PASSWORD_COMPLEXITY_POLICY, SYSTEM_USER_ID ) assertThat(enforcingAdmins).isEmpty() } companion object { companion object { private const val POLICY_SET = PolicyUpdateResult.RESULT_POLICY_SET private const val POLICY_SET = PolicyUpdateResult.RESULT_POLICY_SET private const val FAILURE_UNKNOWN = PolicyUpdateResult.RESULT_FAILURE_UNKNOWN private const val FAILURE_UNKNOWN = PolicyUpdateResult.RESULT_FAILURE_UNKNOWN Loading @@ -305,6 +435,8 @@ class DevicePolicyEngineTest { private val HIGH_PASSWORD_COMPLEXITY = private val HIGH_PASSWORD_COMPLEXITY = IntegerPolicyValue(DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH) IntegerPolicyValue(DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH) private val LOW_PASSWORD_COMPLEXITY = IntegerPolicyValue(DevicePolicyManager.PASSWORD_COMPLEXITY_LOW) private val AUTO_TIME_ZONE_ENABLED = private val AUTO_TIME_ZONE_ENABLED = IntegerPolicyValue(DevicePolicyManager.AUTO_TIME_ZONE_ENABLED) IntegerPolicyValue(DevicePolicyManager.AUTO_TIME_ZONE_ENABLED) private val PACKAGE_SET_POLICY_VALUE_1 = private val PACKAGE_SET_POLICY_VALUE_1 = Loading
