Remove permission based active admin. (10a7d335) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -371,6 +371,9 @@ class ActiveAdmin {
		}

		ActiveAdmin(int userId, boolean permissionBased) {
		if (Flags.activeAdminCleanup()) {
		throw new UnsupportedOperationException("permission based admin no longer supported");
		}
		if (permissionBased == false) {
		throw new IllegalArgumentException("Can only pass true for permissionBased admin");
		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java

+12 −9

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@ import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.app.admin.DeviceAdminInfo;
		import android.app.admin.DevicePolicyManager;
		import android.app.admin.flags.Flags;
		import android.content.ComponentName;
		import android.os.FileUtils;
		import android.os.PersistableBundle;
		@@ -124,17 +125,18 @@ class DevicePolicyData {
		final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>();
		final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>();

		// Some DevicePolicyManager APIs can be called by (1) a DPC or (2) an app with permissions that
		// isn't a DPC. For the latter, the caller won't have to provide a ComponentName and won't be
		// mapped to an ActiveAdmin. This permission-based admin should be used to persist policies
		// set by the permission-based caller. This admin should not be added to mAdminMap or mAdminList
		// since a lot of methods in DPMS assume the ActiveAdmins here have a valid ComponentName.
		// Instead, use variants of DPMS active admin getters to include the permission-based admin.
		/**
		* @deprecated Do not use. Policies set by permission holders must go into DevicePolicyEngine.
		*/
		@Deprecated
		ActiveAdmin mPermissionBasedAdmin;

		// Create or get the permission-based admin. The permission-based admin will not have a
		// DeviceAdminInfo or ComponentName.
		ActiveAdmin createOrGetPermissionBasedAdmin(int userId) {
		if (Flags.activeAdminCleanup()) {
		throw new UnsupportedOperationException("permission based admin no longer supported");
		}
		if (mPermissionBasedAdmin == null) {
		mPermissionBasedAdmin = new ActiveAdmin(userId, /* permissionBased= */ true);
		}
		@@ -147,7 +149,7 @@ class DevicePolicyData {
		// This is the list of component allowed to start lock task mode.
		List<String> mLockTaskPackages = new ArrayList<>();

		/** @deprecated moved to {@link ActiveAdmin#protectedPackages}. */
		/** @deprecated moved to DevicePolicyEngine. */
		@Deprecated
		@Nullable
		List<String> mUserControlDisabledPackages;
		@@ -280,7 +282,7 @@ class DevicePolicyData {
		}
		}

		if (policyData.mPermissionBasedAdmin != null) {
		if (!Flags.activeAdminCleanup() && policyData.mPermissionBasedAdmin != null) {
		out.startTag(null, "permission-based-admin");
		policyData.mPermissionBasedAdmin.writeToXml(out);
		out.endTag(null, "permission-based-admin");
		@@ -521,7 +523,8 @@ class DevicePolicyData {
		} catch (RuntimeException e) {
		Slogf.w(TAG, e, "Failed loading admin %s", name);
		}
		} else if ("permission-based-admin".equals(tag)) {
		} else if (!Flags.activeAdminCleanup() && "permission-based-admin".equals(tag)) {

		ActiveAdmin ap = new ActiveAdmin(policy.mUserId, /* permissionBased= */ true);
		ap.readFromXml(parser, /* overwritePolicies= */ false);
		policy.mPermissionBasedAdmin = ap;

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+11 −7

Original line number	Diff line number	Diff line
		@@ -3966,7 +3966,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		final int N = admins.size();
		for (int i = 0; i < N; i++) {
		ActiveAdmin admin = admins.get(i);
		if ((admin.isPermissionBased \|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD))
		if (((!Flags.activeAdminCleanup() && admin.isPermissionBased)
		\|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD))
		&& admin.passwordExpirationTimeout > 0L
		&& now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS
		&& admin.passwordExpirationDate > 0L) {
		@@ -8355,7 +8356,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle);
		for (int i = 0; i < admins.size(); i++) {
		ActiveAdmin admin = admins.get(i);
		if (admin.isPermissionBased \|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {
		if ((!Flags.activeAdminCleanup() && admin.isPermissionBased)
		\|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {
		affectedUserIds.add(admin.getUserHandle().getIdentifier());
		long timeout = admin.passwordExpirationTimeout;
		admin.passwordExpirationDate =
		@@ -8449,7 +8451,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		*/
		private int getUserIdToWipeForFailedPasswords(ActiveAdmin admin) {
		final int userId = admin.getUserHandle().getIdentifier();
		if (admin.isPermissionBased) {
		if (!Flags.activeAdminCleanup() && admin.isPermissionBased) {
		return userId;
		}
		final ComponentName component = admin.info.getComponent();
		@@ -16244,7 +16246,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		if (admin.mPasswordPolicy.quality < minPasswordQuality) {
		return false;
		}
		return admin.isPermissionBased \|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
		return (!Flags.activeAdminCleanup() && admin.isPermissionBased)
		\|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
		}

		@Override
		@@ -23317,7 +23320,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return EnforcingAdmin.createDeviceAdminEnforcingAdmin(admin.info.getComponent(), userId,
		admin);
		}
		admin = getUserData(userId).createOrGetPermissionBasedAdmin(userId);
		admin = Flags.activeAdminCleanup()
		? null : getUserData(userId).createOrGetPermissionBasedAdmin(userId);
		return EnforcingAdmin.createEnforcingAdmin(caller.getPackageName(), userId, admin);
		}

		@@ -23340,8 +23344,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}
		}
		}

		admin = getUserData(userId).createOrGetPermissionBasedAdmin(userId);
		admin = Flags.activeAdminCleanup()
		? null : getUserData(userId).createOrGetPermissionBasedAdmin(userId);
		return EnforcingAdmin.createEnforcingAdmin(packageName, userId, admin);
		}