Loading core/java/android/app/admin/DevicePolicyManager.java +1 −1 Original line number Diff line number Diff line Loading @@ -7058,7 +7058,7 @@ public class DevicePolicyManager { * <li>The managed profile is a profile of the user where the device owner is set. * See {@link UserManager#getUserProfiles()} * <li>Both users are affiliated. * STOPSHIP(b/32326223) Add reference to setAffiliationIds here once public. * See {@link #setAffiliationIds}. * </ul> */ public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) { Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +3 −5 Original line number Diff line number Diff line Loading @@ -9749,9 +9749,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int callingUserId = mInjector.userHandleGetCallingUserId(); final boolean isCallerDeviceOwner = isDeviceOwner(callingOwner); final boolean isCallerManagedProfile = isManagedProfile(callingUserId); if (!isCallerDeviceOwner && !isCallerManagedProfile /* STOPSHIP(b/32326223) Reinstate when setAffiliationIds is public || !isAffiliatedUser(callingUserId) */) { if ((!isCallerDeviceOwner && !isCallerManagedProfile) || !isUserAffiliatedWithDevice(callingUserId)) { return targetUsers; } Loading @@ -9771,8 +9770,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Both must be the same package and be affiliated in order to bind. if (callingOwnerPackage.equals(targetOwnerPackage) /* STOPSHIP(b/32326223) Reinstate when setAffiliationIds is public && isAffiliatedUser(userId)*/) { && isUserAffiliatedWithDevice(userId)) { targetUsers.add(UserHandle.of(userId)); } } Loading services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +38 −0 Original line number Diff line number Diff line Loading @@ -2683,8 +2683,26 @@ public class DevicePolicyManagerTest extends DpmTestBase { final int ANOTHER_USER_ID = 36; mContext.addUser(ANOTHER_USER_ID, 0); // Since the managed profile is not affiliated, they should not be allowed to talk to each // other. targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID; targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); // Setting affiliation ids final List<String> userAffiliationIds = Arrays.asList("some.affiliation-id"); mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; dpm.setAffiliationIds(admin1, userAffiliationIds); mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID; dpm.setAffiliationIds(admin1, userAffiliationIds); // Calling from device owner admin, the result list should just contain the managed // profile user id. mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertContentsInAnyOrder(targetUsers, UserHandle.of(MANAGED_PROFILE_USER_ID)); Loading @@ -2693,6 +2711,18 @@ public class DevicePolicyManagerTest extends DpmTestBase { mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID; targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertContentsInAnyOrder(targetUsers, UserHandle.SYSTEM); // Changing affiliation ids in one dpm.setAffiliationIds(admin1, Arrays.asList("some-different-affiliation-id")); // Since the managed profile is not affiliated any more, they should not be allowed to talk // to each other. targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); } public void testGetBindDeviceAdminTargetUsers_differentPackage() throws Exception { Loading @@ -2707,8 +2737,16 @@ public class DevicePolicyManagerTest extends DpmTestBase { new ComponentName("another.package", "whatever.class"); addManagedProfile(adminDifferentPackage, MANAGED_PROFILE_ADMIN_UID, admin2); // Setting affiliation ids final List<String> userAffiliationIds = Arrays.asList("some-affiliation-id"); dpm.setAffiliationIds(admin1, userAffiliationIds); mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID; dpm.setAffiliationIds(adminDifferentPackage, userAffiliationIds); // Calling from device owner admin, we should get zero bind device admin target users as // their packages are different. mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; List<UserHandle> targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +1 −1 Original line number Diff line number Diff line Loading @@ -7058,7 +7058,7 @@ public class DevicePolicyManager { * <li>The managed profile is a profile of the user where the device owner is set. * See {@link UserManager#getUserProfiles()} * <li>Both users are affiliated. * STOPSHIP(b/32326223) Add reference to setAffiliationIds here once public. * See {@link #setAffiliationIds}. * </ul> */ public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) { Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +3 −5 Original line number Diff line number Diff line Loading @@ -9749,9 +9749,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int callingUserId = mInjector.userHandleGetCallingUserId(); final boolean isCallerDeviceOwner = isDeviceOwner(callingOwner); final boolean isCallerManagedProfile = isManagedProfile(callingUserId); if (!isCallerDeviceOwner && !isCallerManagedProfile /* STOPSHIP(b/32326223) Reinstate when setAffiliationIds is public || !isAffiliatedUser(callingUserId) */) { if ((!isCallerDeviceOwner && !isCallerManagedProfile) || !isUserAffiliatedWithDevice(callingUserId)) { return targetUsers; } Loading @@ -9771,8 +9770,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Both must be the same package and be affiliated in order to bind. if (callingOwnerPackage.equals(targetOwnerPackage) /* STOPSHIP(b/32326223) Reinstate when setAffiliationIds is public && isAffiliatedUser(userId)*/) { && isUserAffiliatedWithDevice(userId)) { targetUsers.add(UserHandle.of(userId)); } } Loading
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +38 −0 Original line number Diff line number Diff line Loading @@ -2683,8 +2683,26 @@ public class DevicePolicyManagerTest extends DpmTestBase { final int ANOTHER_USER_ID = 36; mContext.addUser(ANOTHER_USER_ID, 0); // Since the managed profile is not affiliated, they should not be allowed to talk to each // other. targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID; targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); // Setting affiliation ids final List<String> userAffiliationIds = Arrays.asList("some.affiliation-id"); mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; dpm.setAffiliationIds(admin1, userAffiliationIds); mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID; dpm.setAffiliationIds(admin1, userAffiliationIds); // Calling from device owner admin, the result list should just contain the managed // profile user id. mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertContentsInAnyOrder(targetUsers, UserHandle.of(MANAGED_PROFILE_USER_ID)); Loading @@ -2693,6 +2711,18 @@ public class DevicePolicyManagerTest extends DpmTestBase { mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID; targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertContentsInAnyOrder(targetUsers, UserHandle.SYSTEM); // Changing affiliation ids in one dpm.setAffiliationIds(admin1, Arrays.asList("some-different-affiliation-id")); // Since the managed profile is not affiliated any more, they should not be allowed to talk // to each other. targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); } public void testGetBindDeviceAdminTargetUsers_differentPackage() throws Exception { Loading @@ -2707,8 +2737,16 @@ public class DevicePolicyManagerTest extends DpmTestBase { new ComponentName("another.package", "whatever.class"); addManagedProfile(adminDifferentPackage, MANAGED_PROFILE_ADMIN_UID, admin2); // Setting affiliation ids final List<String> userAffiliationIds = Arrays.asList("some-affiliation-id"); dpm.setAffiliationIds(admin1, userAffiliationIds); mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID; dpm.setAffiliationIds(adminDifferentPackage, userAffiliationIds); // Calling from device owner admin, we should get zero bind device admin target users as // their packages are different. mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; List<UserHandle> targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1); MoreAsserts.assertEmpty(targetUsers); Loading
