Merge changes I7c63d523,Id0ac7d06 into udc-dev (132292ab) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+149 −23

Original line number	Diff line number	Diff line
		@@ -3389,6 +3389,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		if (shouldMigrateToDevicePolicyEngine()) {
		migratePoliciesToDevicePolicyEngine();
		}

		maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked();
		}
		maybeStartSecurityLogMonitorOnActivityManagerReady();
		break;
		@@ -13495,21 +13497,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		CallerIdentity caller, EnforcingAdmin admin, String key, boolean enabled,
		boolean parent) {
		synchronized (getLockObject()) {

		int ownerType;
		if (isDeviceOwner(caller)) {
		ownerType = OWNER_TYPE_DEVICE_OWNER;
		} else if (isProfileOwnerOfOrganizationOwnedDevice(caller)) {
		ownerType = OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE;
		} else if (isProfileOwner(caller)) {
		ownerType = OWNER_TYPE_PROFILE_OWNER;
		} else {
		throw new IllegalStateException("Non-DO/Non-PO cannot set restriction " + key
		+ " while targetSdkVersion is less than UPSIDE_DOWN_CAKE");
		}
		setBackwardCompatibleUserRestrictionLocked(ownerType, admin, caller.getUserId(), key,
		enabled, parent);
		}
		}

		private void setBackwardCompatibleUserRestrictionLocked(
		int ownerType, EnforcingAdmin admin, int userId, String key, boolean enabled,
		boolean parent) {
		if (ownerType == OWNER_TYPE_DEVICE_OWNER) {
		if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_DEVICE_OWNER, key)) {
		setGlobalUserRestrictionInternal(admin, key, enabled);
		} else {
		setLocalUserRestrictionInternal(admin, key, enabled, caller.getUserId());
		setLocalUserRestrictionInternal(admin, key, enabled, userId);
		}
		} else if (isProfileOwner(caller)) {
		} else if (ownerType == OWNER_TYPE_PROFILE_OWNER
		\|\| ownerType == OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE) {
		if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_PROFILE_OWNER, key)
		\|\| (parent && isProfileOwnerOfOrganizationOwnedDevice(caller)
		\|\| (parent && ownerType == OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE
		&& UserRestrictionsUtils.isGlobal(
		OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE, key))) {
		setGlobalUserRestrictionInternal(admin, key, enabled);
		} else {
		int affectedUserId = parent
		? getProfileParentId(caller.getUserId()) : caller.getUserId();
		? getProfileParentId(userId) : userId;
		setLocalUserRestrictionInternal(admin, key, enabled, affectedUserId);
		}
		} else {
		@@ -13517,7 +13540,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		+ " while targetSdkVersion is less than UPSIDE_DOWN_CAKE");
		}
		}
		}

		@Override
		public void setUserRestrictionGlobally(String callerPackage, String key) {
		@@ -24151,11 +24173,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		Preconditions.checkCallAuthorization(
		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));
		return mInjector.binderWithCleanCallingIdentity(() -> {
		synchronized (getLockObject()) {
		boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins();
		if (!canForceMigration && !shouldMigrateToDevicePolicyEngine()) {
		return false;
		}
		return migratePoliciesToDevicePolicyEngine();
		boolean migrated = migratePoliciesToDevicePolicyEngine();
		migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked();
		return migrated;
		}
		});
		}

		@@ -24184,6 +24210,31 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		&& !mOwners.isMigratedToPolicyEngine());
		}

		/**
		* [b/318497672] Migrate policies that weren't migrated properly in the initial migration on
		* update from Android T to Android U
		*/
		private void maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked() {
		if (!mOwners.isMigratedToPolicyEngine() \|\| mOwners.isMigratedPostUpdate()) {
		return;
		}
		migratePoliciesPostUpgradeToDevicePolicyEngineLocked();
		mOwners.markPostUpgradeMigration();
		}

		private boolean migratePoliciesPostUpgradeToDevicePolicyEngineLocked() {
		try {
		migrateScreenCapturePolicyLocked();
		migrateLockTaskPolicyLocked();
		migrateUserRestrictionsLocked();
		return true;
		} catch (Exception e) {
		Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device "
		+ "policy engine.");
		return false;
		}
		}

		/**
		* @return {@code true} if policies were migrated successfully, {@code false} otherwise.
		*/
		@@ -24197,7 +24248,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		migrateAutoTimezonePolicy();
		migratePermissionGrantStatePolicies();
		}
		migrateScreenCapturePolicyLocked();
		migratePermittedInputMethodsPolicyLocked();
		migrateAccountManagementDisabledPolicyLocked();
		migrateUserControlDisabledPackagesLocked();
		@@ -24270,14 +24320,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

		private void migrateScreenCapturePolicyLocked() {
		Binder.withCleanCallingIdentity(() -> {
		if (mPolicyCache.getScreenCaptureDisallowedUser() == UserHandle.USER_NULL) {
		return;
		}
		ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();
		if (admin != null
		&& ((isDeviceOwner(admin) && admin.disableScreenCapture)
		\|\| (admin.getParentActiveAdmin() != null
		&& admin.getParentActiveAdmin().disableScreenCapture))) {

		EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
		admin.info.getComponent(),
		admin.getUserHandle().getIdentifier(),
		@@ -24306,6 +24354,48 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		});
		}

		private void migrateLockTaskPolicyLocked() {
		Binder.withCleanCallingIdentity(() -> {
		ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
		if (deviceOwner != null) {
		int doUserId = deviceOwner.getUserHandle().getIdentifier();
		DevicePolicyData policies = getUserData(doUserId);
		List<String> packages = policies.mLockTaskPackages;
		int features = policies.mLockTaskFeatures;
		// TODO: find out about persistent preferred activities
		if (!packages.isEmpty()) {
		setLockTaskPolicyInPolicyEngine(deviceOwner, doUserId, packages, features);
		}
		}

		for (int userId : mUserManagerInternal.getUserIds()) {
		ActiveAdmin profileOwner = getProfileOwnerLocked(userId);
		if (profileOwner != null && canDPCManagedUserUseLockTaskLocked(userId)) {
		DevicePolicyData policies = getUserData(userId);
		List<String> packages = policies.mLockTaskPackages;
		int features = policies.mLockTaskFeatures;
		if (!packages.isEmpty()) {
		setLockTaskPolicyInPolicyEngine(profileOwner, userId, packages, features);
		}
		}
		}
		});
		}

		private void setLockTaskPolicyInPolicyEngine(
		ActiveAdmin admin, int userId, List<String> packages, int features) {
		EnforcingAdmin enforcingAdmin =
		EnforcingAdmin.createEnterpriseEnforcingAdmin(
		admin.info.getComponent(),
		userId,
		admin);
		mDevicePolicyEngine.setLocalPolicy(
		PolicyDefinition.LOCK_TASK,
		enforcingAdmin,
		new LockTaskPolicy(new HashSet<>(packages), features),
		userId);
		}

		private void migratePermittedInputMethodsPolicyLocked() {
		Binder.withCleanCallingIdentity(() -> {
		List<UserInfo> users = mUserManager.getUsers();
		@@ -24398,6 +24488,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		});
		}

		private void migrateUserRestrictionsLocked() {
		Binder.withCleanCallingIdentity(() -> {
		List<UserInfo> users = mUserManager.getUsers();
		for (UserInfo userInfo : users) {
		ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);
		if (admin == null) continue;
		ComponentName adminComponent = admin.info.getComponent();
		int userId = userInfo.id;
		EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
		adminComponent,
		userId,
		admin);
		int ownerType;
		if (isDeviceOwner(admin)) {
		ownerType = OWNER_TYPE_DEVICE_OWNER;
		} else if (isProfileOwnerOfOrganizationOwnedDevice(adminComponent, userId)) {
		ownerType = OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE;
		} else if (isProfileOwner(adminComponent, userId)) {
		ownerType = OWNER_TYPE_PROFILE_OWNER;
		} else {
		throw new IllegalStateException("Invalid DO/PO state");
		}

		for (final String restriction : admin.ensureUserRestrictions().keySet()) {
		setBackwardCompatibleUserRestrictionLocked(ownerType, enforcingAdmin, userId,
		restriction, /* enabled / true, / parent */ false);
		}
		for (final String restriction : admin.getParentActiveAdmin()
		.ensureUserRestrictions().keySet()) {
		setBackwardCompatibleUserRestrictionLocked(ownerType, enforcingAdmin, userId,
		restriction, /* enabled / true, / parent */ true);
		}
		}
		});
		}

		private List<PackageInfo> getInstalledPackagesOnUser(int userId) {
		return mInjector.binderWithCleanCallingIdentity(() ->
		mContext.getPackageManager().getInstalledPackagesAsUser(

services/devicepolicy/java/com/android/server/devicepolicy/Owners.java

+13 −0

Original line number	Diff line number	Diff line
		@@ -616,6 +616,19 @@ class Owners {
		}
		}

		void markPostUpgradeMigration() {
		synchronized (mData) {
		mData.mPoliciesMigratedPostUpdate = true;
		mData.writeDeviceOwner();
		}
		}

		boolean isMigratedPostUpdate() {
		synchronized (mData) {
		return mData.mPoliciesMigratedPostUpdate;
		}
		}

		@GuardedBy("mData")
		void pushToAppOpsLocked() {
		if (!mSystemReady) {

services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java

+7 −0

Original line number	Diff line number	Diff line
		@@ -87,6 +87,8 @@ class OwnersData {

		private static final String ATTR_MIGRATED_TO_POLICY_ENGINE = "migratedToPolicyEngine";

		private static final String ATTR_MIGRATED_POST_UPGRADE = "migratedPostUpgrade";

		// Internal state for the device owner package.
		OwnerInfo mDeviceOwner;
		int mDeviceOwnerUserId = UserHandle.USER_NULL;
		@@ -114,6 +116,8 @@ class OwnersData {

		boolean mMigratedToPolicyEngine = false;

		boolean mPoliciesMigratedPostUpdate = false;

		OwnersData(PolicyPathProvider pathProvider) {
		mPathProvider = pathProvider;
		}
		@@ -397,6 +401,7 @@ class OwnersData {

		out.startTag(null, TAG_POLICY_ENGINE_MIGRATION);
		out.attributeBoolean(null, ATTR_MIGRATED_TO_POLICY_ENGINE, mMigratedToPolicyEngine);
		out.attributeBoolean(null, ATTR_MIGRATED_POST_UPGRADE, mPoliciesMigratedPostUpdate);
		out.endTag(null, TAG_POLICY_ENGINE_MIGRATION);

		}
		@@ -457,6 +462,8 @@ class OwnersData {
		case TAG_POLICY_ENGINE_MIGRATION:
		mMigratedToPolicyEngine = parser.getAttributeBoolean(
		null, ATTR_MIGRATED_TO_POLICY_ENGINE, false);
		mPoliciesMigratedPostUpdate = parser.getAttributeBoolean(
		null, ATTR_MIGRATED_POST_UPGRADE, false);
		break;
		default:
		Slog.e(TAG, "Unexpected tag: " + tag);

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -146,6 +146,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase {

		@SmallTest
		@Test
		@Ignore("b/277916462")
		public void testCompMigrationUnAffiliated_skipped() throws Exception {
		prepareAdmin1AsDo();
		prepareAdminAnotherPackageAsPo(COPE_PROFILE_USER_ID);
		@@ -217,6 +218,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase {

		@SmallTest
		@Test
		@Ignore("b/277916462")
		public void testCompMigration_keepSuspendedAppsWhenDpcIsRPlus() throws Exception {
		prepareAdmin1AsDo();
		prepareAdmin1AsPo(COPE_PROFILE_USER_ID, Build.VERSION_CODES.R);
		@@ -250,6 +252,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase {

		@SmallTest
		@Test
		@Ignore("b/277916462")
		public void testCompMigration_unsuspendAppsWhenDpcNotRPlus() throws Exception {
		prepareAdmin1AsDo();
		prepareAdmin1AsPo(COPE_PROFILE_USER_ID, Build.VERSION_CODES.Q);