Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1a2cd745 authored by Makoto Onuki's avatar Makoto Onuki
Browse files

More work on layered user restrictions. 

- Now when DO/PO sets a user restriction, DPMS pushes it to UMS and
then UMS persists it, in order for UserManager.hasUserRestriction()
to never have to talk with DPMS, which would cause lock inversion.

- Also apply user restrictions when a user start.

- This is an updated version of the abandoned CL -- the difference
is, ActivityManager no longer has to call DPMS.

- Also removed an unnecessary write to userlist.xml in UMS.
upgradeIfNecessaryLP().

Bug 23902097
Bug 25388912
Bug 25354031
Bug 25641040

Change-Id: I0948aea06ad7d0f45fe612a431d765faddfe3c58
parent 9920e0f1

core/java/android/app/admin/DevicePolicyManagerInternal.java

+0 −11
Original line number Diff line number Diff line
@@ -16,8 +16,6 @@ 


package android.app.admin;



import android.os.Bundle;



import java.util.List;



/**
@@ -71,13 +69,4 @@ public abstract class DevicePolicyManagerInternal { 
     * @return true if the uid is an active admin with the given policy.

     */

    public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy);



    /**

     * Takes a {@link Bundle} containing "base" user restrictions stored in

     * {@link com.android.server.pm.UserManagerService}, mixes restrictions set by the device owner

     * and the profile owner and returns the merged restrictions.

     *

     * This method always returns a new {@link Bundle}.

     */

    public abstract Bundle getComposedUserRestrictions(int userId, Bundle inBundle);

}

core/java/android/os/UserManagerInternal.java

+13 −24
Original line number Diff line number Diff line
@@ -15,6 +15,9 @@ 
 */

package android.os;



import android.annotation.NonNull;

import android.annotation.Nullable;



/**

 * @hide Only for use within the system server.

 */
@@ -31,32 +34,18 @@ public abstract class UserManagerInternal { 
    }



    /**

     * Lock that must be held when calling certain methods in this class.

     *

     * This is used to avoid dead lock between

     * {@link com.android.server.pm.UserManagerService} and

     * {@link com.android.server.devicepolicy.DevicePolicyManagerService}.  This lock should not

     * be newly taken while holding the DPMS lock, which would cause a dead lock.  Take this

     * lock first before taking the DPMS lock to avoid that.

     */

    public abstract Object getUserRestrictionsLock();



    /**

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to get

     * {@link com.android.server.pm.UserManagerService} to update effective user restrictions.

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService}

     * to set per-user as well as global user restrictions.

     *

     * Must be called while taking the {@link #getUserRestrictionsLock()} lock.

     * @param userId target user id for the local restrictions.

     * @param localRestrictions per-user restrictions.

     *     Caller must not change it once passed to this method.

     * @param globalRestrictions global restrictions set by DO.  Must be null when PO changed user

     *     restrictions, in which case global restrictions won't change.

     *     Caller must not change it once passed to this method.

     */

    public abstract void updateEffectiveUserRestrictionsLR(int userId);



    /**

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to get

     * {@link com.android.server.pm.UserManagerService} to update effective user restrictions.

     *

     * Must be called while taking the {@link #getUserRestrictionsLock()} lock.

     */

    public abstract void updateEffectiveUserRestrictionsForAllUsersLR();



    public abstract void setDevicePolicyUserRestrictions(int userId,

            @NonNull Bundle localRestrictions, @Nullable Bundle globalRestrictions);

    /**

     * Returns the "base" user restrictions.

     *

services/core/java/com/android/server/am/UserController.java

+3 −0
Original line number Diff line number Diff line
@@ -519,6 +519,9 @@ final class UserController { 
                }



                if (uss.mState == UserState.STATE_BOOTING) {

                    // Let user manager propagate user restrictions to other services.

                    getUserManager().onBeforeStartUser(userId);



                    // Booting up a new user, need to tell system services about it.

                    // Note that this is on the same handler as scheduling of broadcasts,

                    // which is important because it needs to go first.