Loading core/java/android/app/admin/DevicePolicyCache.java +14 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,9 @@ */ package android.app.admin; import static android.app.admin.DevicePolicyManager.CONTENT_PROTECTION_DISABLED; import static android.app.admin.DevicePolicyManager.ContentProtectionPolicy; import android.annotation.UserIdInt; import com.android.server.LocalServices; Loading Loading @@ -58,6 +61,12 @@ public abstract class DevicePolicyCache { */ public abstract int getPermissionPolicy(@UserIdInt int userHandle); /** * Caches {@link DevicePolicyManager#getContentProtectionPolicy(android.content.ComponentName)} * of the given user. */ public abstract @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId); /** * True if there is an admin on the device who can grant sensor permissions. */ Loading Loading @@ -91,6 +100,11 @@ public abstract class DevicePolicyCache { return DevicePolicyManager.PERMISSION_POLICY_PROMPT; } @Override public @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId) { return CONTENT_PROTECTION_DISABLED; } @Override public boolean canAdminGrantSensorsPermissions() { return false; Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java +27 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,10 @@ */ package com.android.server.devicepolicy; import static android.app.admin.DevicePolicyManager.CONTENT_PROTECTION_DISABLED; import static android.app.admin.DevicePolicyManager.ContentProtectionPolicy; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.admin.DevicePolicyCache; import android.app.admin.DevicePolicyManager; Loading Loading @@ -70,10 +74,14 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache { /** Maps to {@code ActiveAdmin.mAdminCanGrantSensorsPermissions}. */ private final AtomicBoolean mCanGrantSensorsPermissions = new AtomicBoolean(false); @GuardedBy("mLock") private final SparseIntArray mContentProtectionPolicy = new SparseIntArray(); public void onUserRemoved(int userHandle) { synchronized (mLock) { mPasswordQuality.delete(userHandle); mPermissionPolicy.delete(userHandle); mContentProtectionPolicy.delete(userHandle); } } Loading Loading @@ -142,6 +150,24 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache { } } @Override public @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId) { synchronized (mLock) { return mContentProtectionPolicy.get(userId, CONTENT_PROTECTION_DISABLED); } } /** Update the content protection policy for the given user. */ public void setContentProtectionPolicy(@UserIdInt int userId, @Nullable Integer value) { synchronized (mLock) { if (value == null) { mContentProtectionPolicy.delete(userId); } else { mContentProtectionPolicy.put(userId, value); } } } @Override public boolean canAdminGrantSensorsPermissions() { return mCanGrantSensorsPermissions.get(); Loading Loading @@ -178,6 +204,7 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache { pw.println("Screen capture disallowed users: " + mScreenCaptureDisallowedUsers); pw.println("Password quality: " + mPasswordQuality); pw.println("Permission policy: " + mPermissionPolicy); pw.println("Content protection policy: " + mContentProtectionPolicy); pw.println("Admin can grant sensors permission: " + mCanGrantSensorsPermissions.get()); pw.print("Shortcuts overrides: "); pw.println(mLauncherShortcutOverrides); Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +7 −0 Original line number Diff line number Diff line Loading @@ -3633,6 +3633,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { userId == UserHandle.USER_SYSTEM ? UserHandle.USER_ALL : userId); updatePermissionPolicyCache(userId); updateAdminCanGrantSensorsPermissionCache(userId); updateContentProtectionPolicyCache(userId); final List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs; synchronized (getLockObject()) { Loading Loading @@ -23534,6 +23535,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } private void updateContentProtectionPolicyCache(@UserIdInt int userId) { mPolicyCache.setContentProtectionPolicy( userId, mDevicePolicyEngine.getResolvedPolicy(PolicyDefinition.CONTENT_PROTECTION, userId)); } @Override public ManagedSubscriptionsPolicy getManagedSubscriptionsPolicy() { synchronized (getLockObject()) { services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java +1 −1 Original line number Diff line number Diff line Loading @@ -359,7 +359,7 @@ final class PolicyDefinition<V> { new NoArgsPolicyKey(DevicePolicyIdentifiers.CONTENT_PROTECTION_POLICY), new MostRecent<>(), POLICY_FLAG_LOCAL_ONLY_POLICY, (Integer value, Context context, Integer userId, PolicyKey policyKey) -> true, PolicyEnforcerCallbacks::setContentProtectionPolicy, new IntegerPolicySerializer()); private static final Map<String, PolicyDefinition<?>> POLICY_DEFINITIONS = new HashMap<>(); Loading services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java +16 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server.devicepolicy; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.AppGlobals; import android.app.admin.DevicePolicyCache; import android.app.admin.DevicePolicyManager; Loading Loading @@ -282,6 +283,21 @@ final class PolicyEnforcerCallbacks { return true; } static boolean setContentProtectionPolicy( @Nullable Integer value, @NonNull Context context, @UserIdInt Integer userId, @NonNull PolicyKey policyKey) { Binder.withCleanCallingIdentity( () -> { DevicePolicyCache cache = DevicePolicyCache.getInstance(); if (cache instanceof DevicePolicyCacheImpl cacheImpl) { cacheImpl.setContentProtectionPolicy(userId, value); } }); return true; } private static void updateScreenCaptureDisabled() { BackgroundThread.getHandler().post(() -> { try { Loading Loading
core/java/android/app/admin/DevicePolicyCache.java +14 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,9 @@ */ package android.app.admin; import static android.app.admin.DevicePolicyManager.CONTENT_PROTECTION_DISABLED; import static android.app.admin.DevicePolicyManager.ContentProtectionPolicy; import android.annotation.UserIdInt; import com.android.server.LocalServices; Loading Loading @@ -58,6 +61,12 @@ public abstract class DevicePolicyCache { */ public abstract int getPermissionPolicy(@UserIdInt int userHandle); /** * Caches {@link DevicePolicyManager#getContentProtectionPolicy(android.content.ComponentName)} * of the given user. */ public abstract @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId); /** * True if there is an admin on the device who can grant sensor permissions. */ Loading Loading @@ -91,6 +100,11 @@ public abstract class DevicePolicyCache { return DevicePolicyManager.PERMISSION_POLICY_PROMPT; } @Override public @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId) { return CONTENT_PROTECTION_DISABLED; } @Override public boolean canAdminGrantSensorsPermissions() { return false; Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java +27 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,10 @@ */ package com.android.server.devicepolicy; import static android.app.admin.DevicePolicyManager.CONTENT_PROTECTION_DISABLED; import static android.app.admin.DevicePolicyManager.ContentProtectionPolicy; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.admin.DevicePolicyCache; import android.app.admin.DevicePolicyManager; Loading Loading @@ -70,10 +74,14 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache { /** Maps to {@code ActiveAdmin.mAdminCanGrantSensorsPermissions}. */ private final AtomicBoolean mCanGrantSensorsPermissions = new AtomicBoolean(false); @GuardedBy("mLock") private final SparseIntArray mContentProtectionPolicy = new SparseIntArray(); public void onUserRemoved(int userHandle) { synchronized (mLock) { mPasswordQuality.delete(userHandle); mPermissionPolicy.delete(userHandle); mContentProtectionPolicy.delete(userHandle); } } Loading Loading @@ -142,6 +150,24 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache { } } @Override public @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId) { synchronized (mLock) { return mContentProtectionPolicy.get(userId, CONTENT_PROTECTION_DISABLED); } } /** Update the content protection policy for the given user. */ public void setContentProtectionPolicy(@UserIdInt int userId, @Nullable Integer value) { synchronized (mLock) { if (value == null) { mContentProtectionPolicy.delete(userId); } else { mContentProtectionPolicy.put(userId, value); } } } @Override public boolean canAdminGrantSensorsPermissions() { return mCanGrantSensorsPermissions.get(); Loading Loading @@ -178,6 +204,7 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache { pw.println("Screen capture disallowed users: " + mScreenCaptureDisallowedUsers); pw.println("Password quality: " + mPasswordQuality); pw.println("Permission policy: " + mPermissionPolicy); pw.println("Content protection policy: " + mContentProtectionPolicy); pw.println("Admin can grant sensors permission: " + mCanGrantSensorsPermissions.get()); pw.print("Shortcuts overrides: "); pw.println(mLauncherShortcutOverrides); Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +7 −0 Original line number Diff line number Diff line Loading @@ -3633,6 +3633,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { userId == UserHandle.USER_SYSTEM ? UserHandle.USER_ALL : userId); updatePermissionPolicyCache(userId); updateAdminCanGrantSensorsPermissionCache(userId); updateContentProtectionPolicyCache(userId); final List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs; synchronized (getLockObject()) { Loading Loading @@ -23534,6 +23535,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } private void updateContentProtectionPolicyCache(@UserIdInt int userId) { mPolicyCache.setContentProtectionPolicy( userId, mDevicePolicyEngine.getResolvedPolicy(PolicyDefinition.CONTENT_PROTECTION, userId)); } @Override public ManagedSubscriptionsPolicy getManagedSubscriptionsPolicy() { synchronized (getLockObject()) {
services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java +1 −1 Original line number Diff line number Diff line Loading @@ -359,7 +359,7 @@ final class PolicyDefinition<V> { new NoArgsPolicyKey(DevicePolicyIdentifiers.CONTENT_PROTECTION_POLICY), new MostRecent<>(), POLICY_FLAG_LOCAL_ONLY_POLICY, (Integer value, Context context, Integer userId, PolicyKey policyKey) -> true, PolicyEnforcerCallbacks::setContentProtectionPolicy, new IntegerPolicySerializer()); private static final Map<String, PolicyDefinition<?>> POLICY_DEFINITIONS = new HashMap<>(); Loading
services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java +16 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server.devicepolicy; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.AppGlobals; import android.app.admin.DevicePolicyCache; import android.app.admin.DevicePolicyManager; Loading Loading @@ -282,6 +283,21 @@ final class PolicyEnforcerCallbacks { return true; } static boolean setContentProtectionPolicy( @Nullable Integer value, @NonNull Context context, @UserIdInt Integer userId, @NonNull PolicyKey policyKey) { Binder.withCleanCallingIdentity( () -> { DevicePolicyCache cache = DevicePolicyCache.getInstance(); if (cache instanceof DevicePolicyCacheImpl cacheImpl) { cacheImpl.setContentProtectionPolicy(userId, value); } }); return true; } private static void updateScreenCaptureDisabled() { BackgroundThread.getHandler().post(() -> { try { Loading
