Remove permission based active admin. (10a7d335) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -371,6 +371,9 @@ class ActiveAdmin {
	}		}

	ActiveAdmin(int userId, boolean permissionBased) {		ActiveAdmin(int userId, boolean permissionBased) {
			if (Flags.activeAdminCleanup()) {
			throw new UnsupportedOperationException("permission based admin no longer supported");
			}
	if (permissionBased == false) {		if (permissionBased == false) {
	throw new IllegalArgumentException("Can only pass true for permissionBased admin");		throw new IllegalArgumentException("Can only pass true for permissionBased admin");
	}		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java

+12 −9

Original line number	Original line	Diff line number	Diff line
	@@ -21,6 +21,7 @@ import android.annotation.Nullable;
	import android.annotation.UserIdInt;		import android.annotation.UserIdInt;
	import android.app.admin.DeviceAdminInfo;		import android.app.admin.DeviceAdminInfo;
	import android.app.admin.DevicePolicyManager;		import android.app.admin.DevicePolicyManager;
			import android.app.admin.flags.Flags;
	import android.content.ComponentName;		import android.content.ComponentName;
	import android.os.FileUtils;		import android.os.FileUtils;
	import android.os.PersistableBundle;		import android.os.PersistableBundle;
	@@ -124,17 +125,18 @@ class DevicePolicyData {
	final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>();		final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>();
	final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>();		final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>();

	// Some DevicePolicyManager APIs can be called by (1) a DPC or (2) an app with permissions that		/**
	// isn't a DPC. For the latter, the caller won't have to provide a ComponentName and won't be		* @deprecated Do not use. Policies set by permission holders must go into DevicePolicyEngine.
	// mapped to an ActiveAdmin. This permission-based admin should be used to persist policies		*/
	// set by the permission-based caller. This admin should not be added to mAdminMap or mAdminList		@Deprecated
	// since a lot of methods in DPMS assume the ActiveAdmins here have a valid ComponentName.
	// Instead, use variants of DPMS active admin getters to include the permission-based admin.
	ActiveAdmin mPermissionBasedAdmin;		ActiveAdmin mPermissionBasedAdmin;

	// Create or get the permission-based admin. The permission-based admin will not have a		// Create or get the permission-based admin. The permission-based admin will not have a
	// DeviceAdminInfo or ComponentName.		// DeviceAdminInfo or ComponentName.
	ActiveAdmin createOrGetPermissionBasedAdmin(int userId) {		ActiveAdmin createOrGetPermissionBasedAdmin(int userId) {
			if (Flags.activeAdminCleanup()) {
			throw new UnsupportedOperationException("permission based admin no longer supported");
			}
	if (mPermissionBasedAdmin == null) {		if (mPermissionBasedAdmin == null) {
	mPermissionBasedAdmin = new ActiveAdmin(userId, /* permissionBased= */ true);		mPermissionBasedAdmin = new ActiveAdmin(userId, /* permissionBased= */ true);
	}		}
	@@ -147,7 +149,7 @@ class DevicePolicyData {
	// This is the list of component allowed to start lock task mode.		// This is the list of component allowed to start lock task mode.
	List<String> mLockTaskPackages = new ArrayList<>();		List<String> mLockTaskPackages = new ArrayList<>();

	/** @deprecated moved to {@link ActiveAdmin#protectedPackages}. */		/** @deprecated moved to DevicePolicyEngine. */
	@Deprecated		@Deprecated
	@Nullable		@Nullable
	List<String> mUserControlDisabledPackages;		List<String> mUserControlDisabledPackages;
	@@ -280,7 +282,7 @@ class DevicePolicyData {
	}		}
	}		}

	if (policyData.mPermissionBasedAdmin != null) {		if (!Flags.activeAdminCleanup() && policyData.mPermissionBasedAdmin != null) {
	out.startTag(null, "permission-based-admin");		out.startTag(null, "permission-based-admin");
	policyData.mPermissionBasedAdmin.writeToXml(out);		policyData.mPermissionBasedAdmin.writeToXml(out);
	out.endTag(null, "permission-based-admin");		out.endTag(null, "permission-based-admin");
	@@ -521,7 +523,8 @@ class DevicePolicyData {
	} catch (RuntimeException e) {		} catch (RuntimeException e) {
	Slogf.w(TAG, e, "Failed loading admin %s", name);		Slogf.w(TAG, e, "Failed loading admin %s", name);
	}		}
	} else if ("permission-based-admin".equals(tag)) {		} else if (!Flags.activeAdminCleanup() && "permission-based-admin".equals(tag)) {

	ActiveAdmin ap = new ActiveAdmin(policy.mUserId, /* permissionBased= */ true);		ActiveAdmin ap = new ActiveAdmin(policy.mUserId, /* permissionBased= */ true);
	ap.readFromXml(parser, /* overwritePolicies= */ false);		ap.readFromXml(parser, /* overwritePolicies= */ false);
	policy.mPermissionBasedAdmin = ap;		policy.mPermissionBasedAdmin = ap;

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+11 −7

Original line number	Original line	Diff line number	Diff line
	@@ -3966,7 +3966,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	final int N = admins.size();		final int N = admins.size();
	for (int i = 0; i < N; i++) {		for (int i = 0; i < N; i++) {
	ActiveAdmin admin = admins.get(i);		ActiveAdmin admin = admins.get(i);
	if ((admin.isPermissionBased \|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD))		if (((!Flags.activeAdminCleanup() && admin.isPermissionBased)
			\|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD))
	&& admin.passwordExpirationTimeout > 0L		&& admin.passwordExpirationTimeout > 0L
	&& now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS		&& now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS
	&& admin.passwordExpirationDate > 0L) {		&& admin.passwordExpirationDate > 0L) {
	@@ -8355,7 +8356,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle);		List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle);
	for (int i = 0; i < admins.size(); i++) {		for (int i = 0; i < admins.size(); i++) {
	ActiveAdmin admin = admins.get(i);		ActiveAdmin admin = admins.get(i);
	if (admin.isPermissionBased \|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {		if ((!Flags.activeAdminCleanup() && admin.isPermissionBased)
			\|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {
	affectedUserIds.add(admin.getUserHandle().getIdentifier());		affectedUserIds.add(admin.getUserHandle().getIdentifier());
	long timeout = admin.passwordExpirationTimeout;		long timeout = admin.passwordExpirationTimeout;
	admin.passwordExpirationDate =		admin.passwordExpirationDate =
	@@ -8449,7 +8451,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	*/		*/
	private int getUserIdToWipeForFailedPasswords(ActiveAdmin admin) {		private int getUserIdToWipeForFailedPasswords(ActiveAdmin admin) {
	final int userId = admin.getUserHandle().getIdentifier();		final int userId = admin.getUserHandle().getIdentifier();
	if (admin.isPermissionBased) {		if (!Flags.activeAdminCleanup() && admin.isPermissionBased) {
	return userId;		return userId;
	}		}
	final ComponentName component = admin.info.getComponent();		final ComponentName component = admin.info.getComponent();
	@@ -16244,7 +16246,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	if (admin.mPasswordPolicy.quality < minPasswordQuality) {		if (admin.mPasswordPolicy.quality < minPasswordQuality) {
	return false;		return false;
	}		}
	return admin.isPermissionBased \|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);		return (!Flags.activeAdminCleanup() && admin.isPermissionBased)
			\|\| admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
	}		}

	@Override		@Override
	@@ -23317,7 +23320,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	return EnforcingAdmin.createDeviceAdminEnforcingAdmin(admin.info.getComponent(), userId,		return EnforcingAdmin.createDeviceAdminEnforcingAdmin(admin.info.getComponent(), userId,
	admin);		admin);
	}		}
	admin = getUserData(userId).createOrGetPermissionBasedAdmin(userId);		admin = Flags.activeAdminCleanup()
			? null : getUserData(userId).createOrGetPermissionBasedAdmin(userId);
	return EnforcingAdmin.createEnforcingAdmin(caller.getPackageName(), userId, admin);		return EnforcingAdmin.createEnforcingAdmin(caller.getPackageName(), userId, admin);
	}		}

	@@ -23340,8 +23344,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	}		}
	}		}
	}		}
			admin = Flags.activeAdminCleanup()
	admin = getUserData(userId).createOrGetPermissionBasedAdmin(userId);		? null : getUserData(userId).createOrGetPermissionBasedAdmin(userId);
	return EnforcingAdmin.createEnforcingAdmin(packageName, userId, admin);		return EnforcingAdmin.createEnforcingAdmin(packageName, userId, admin);
	}		}