Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 25b25336 authored by Alex Johnston's avatar Alex Johnston
Browse files

Security logging broadcast work profile 

Changes
On an org-owned device with a managed
profile, the security logs available broadcast
should be sent to the work profile user

Manual testing steps
* Set up org-owned device
  with a managed profile
* Enable security logging in
  the work profile
* Force logs using adb
  adb shell dpm force-security-logs
* Verify DeviceAdminReceiver
  receives broadcast

Bug: 170293810
Test: manual testing
      atest com.android.server.devicepolicy.DevicePolicyManagerTest
      atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingWithSingleUser
      atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingEnabledLogged
      atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingWithTwoUsers
      atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testSecurityLoggingDelegate
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testSecurityLogging
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testSecurityLoggingDelegate
Change-Id: Ia955d6ef6b983fb1ff05dff9e68f8cb8e9b6e9f9
parent 81bd9d9b

services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java

+12 −11
Original line number Diff line number Diff line
@@ -226,7 +226,7 @@ class SecurityLogMonitor implements Runnable { 


        Slog.i(TAG, "Resumed.");

        try {

            notifyDeviceOwnerIfNeeded(false /* force */);

            notifyDeviceOwnerOrProfileOwnerIfNeeded(false /* force */);

        } catch (InterruptedException e) {

            Log.w(TAG, "Thread interrupted.", e);

        }
@@ -439,7 +439,7 @@ class SecurityLogMonitor implements Runnable { 


                saveLastEvents(newLogs);

                newLogs.clear();

                notifyDeviceOwnerIfNeeded(force);

                notifyDeviceOwnerOrProfileOwnerIfNeeded(force);

            } catch (IOException e) {

                Log.e(TAG, "Failed to read security log", e);

            } catch (InterruptedException e) {
@@ -460,8 +460,9 @@ class SecurityLogMonitor implements Runnable { 
        Slog.i(TAG, "MonitorThread exit.");

    }



    private void notifyDeviceOwnerIfNeeded(boolean force) throws InterruptedException {

        boolean allowRetrievalAndNotifyDO = false;

    private void notifyDeviceOwnerOrProfileOwnerIfNeeded(boolean force)

            throws InterruptedException {

        boolean allowRetrievalAndNotifyDOOrPO = false;

        mLock.lockInterruptibly();

        try {

            if (mPaused) {
@@ -471,16 +472,16 @@ class SecurityLogMonitor implements Runnable { 
            if (logSize >= BUFFER_ENTRIES_NOTIFICATION_LEVEL || (force && logSize > 0)) {

                // Allow DO to retrieve logs if too many pending logs or if forced.

                if (!mAllowedToRetrieve) {

                    allowRetrievalAndNotifyDO = true;

                    allowRetrievalAndNotifyDOOrPO = true;

                }

                if (DEBUG) Slog.d(TAG, "Number of log entries over threshold: " + logSize);

            }

            if (logSize > 0 && SystemClock.elapsedRealtime() >= mNextAllowedRetrievalTimeMillis) {

                // Rate limit reset

                allowRetrievalAndNotifyDO = true;

                allowRetrievalAndNotifyDOOrPO = true;

                if (DEBUG) Slog.d(TAG, "Timeout reached");

            }

            if (allowRetrievalAndNotifyDO) {

            if (allowRetrievalAndNotifyDOOrPO) {

                mAllowedToRetrieve = true;

                // Set the timeout to retry the notification if the DO misses it.

                mNextAllowedRetrievalTimeMillis = SystemClock.elapsedRealtime()
@@ -489,10 +490,10 @@ class SecurityLogMonitor implements Runnable { 
        } finally {

            mLock.unlock();

        }

        if (allowRetrievalAndNotifyDO) {

            Slog.i(TAG, "notify DO");

            mService.sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_SECURITY_LOGS_AVAILABLE,

                    null);

        if (allowRetrievalAndNotifyDOOrPO) {

            Slog.i(TAG, "notify DO or PO");

            mService.sendDeviceOwnerOrProfileOwnerCommand(

                    DeviceAdminReceiver.ACTION_SECURITY_LOGS_AVAILABLE, null, mEnabledUser);

        }

    }