Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +46 −49 Original line number Diff line number Diff line Loading @@ -6395,7 +6395,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public void lockNow(int flags, String callerPackageName, boolean parent) { CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.lockNowCoexistence()) { caller = getCallerIdentity(callerPackageName); } else { caller = getCallerIdentity(); Loading @@ -6407,7 +6407,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { ActiveAdmin admin; // Make sure the caller has any active admin with the right policy or // the required permission. if (isUnicornFlagEnabled()) { if (Flags.lockNowCoexistence()) { admin = enforcePermissionsAndGetEnforcingAdmin( /* admin= */ null, /* permissions= */ new String[]{MANAGE_DEVICE_POLICY_LOCK, LOCK_DEVICE}, Loading Loading @@ -9179,13 +9179,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeEnabledCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeEnabledCoexistence()) { // The effect of this policy is device-wide. enforcePermission(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); } else { Loading Loading @@ -9213,13 +9213,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeEnabledCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeEnabledCoexistence()) { enforceCanQuery(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); } else { Objects.requireNonNull(who, "ComponentName is null"); Loading @@ -9242,13 +9242,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeZoneEnabledCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeZoneEnabledCoexistence()) { // The effect of this policy is device-wide. EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, Loading Loading @@ -9288,13 +9288,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeZoneEnabledCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeZoneEnabledCoexistence()) { // The effect of this policy is device-wide. enforceCanQuery(SET_TIME_ZONE, caller.getPackageName(), UserHandle.USER_ALL); } else { Loading Loading @@ -9544,7 +9544,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setKeyguardDisabledFeaturesCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); Loading @@ -9554,7 +9554,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int userHandle = caller.getUserId(); int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; synchronized (getLockObject()) { if (isUnicornFlagEnabled()) { if (Flags.setKeyguardDisabledFeaturesCoexistence()) { // SUPPORT USES_POLICY_DISABLE_KEYGUARD_FEATURES EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_KEYGUARD, caller.getPackageName(), Loading Loading @@ -9633,7 +9633,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { if (who != null) { if (isUnicornFlagEnabled()) { if (Flags.setKeyguardDisabledFeaturesCoexistence()) { EnforcingAdmin admin = getEnforcingAdminForPackage( who, who.getPackageName(), userHandle); Integer features = mDevicePolicyEngine.getLocalPolicySetByAdmin( Loading @@ -9652,7 +9652,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // the different behaviour between a profile with separate challenge vs a profile with // unified challenge, which was part of getActiveAdminsForLockscreenPoliciesLocked() // before the migration. if (isUnicornFlagEnabled()) { if (Flags.setKeyguardDisabledFeaturesCoexistence()) { Integer features = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.KEYGUARD_DISABLED_FEATURES, affectedUserId); Loading Loading @@ -11845,7 +11845,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { throw new IllegalArgumentException("Invalid package name: " + validationResult); } if (isUnicornFlagEnabled()) { if (Flags.setApplicationRestrictionsCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, Loading Loading @@ -13228,7 +13228,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String packageName, boolean parent) { final CallerIdentity caller = getCallerIdentity(who, callerPackage); if (isUnicornFlagEnabled()) { // IMPORTANT: The code behind the if branch is OUTDATED and requires additional work before // enabling the feature flag below. // TODO(b/369141952): Update DPM.getApplicationRestrictions coexistence code if (Flags.setApplicationRestrictionsCoexistence()) { EnforcingAdmin enforcingAdmin = enforceCanQueryAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, Loading Loading @@ -13328,14 +13331,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(who, callerPackage); ActiveAdmin admin; if (isUnicornFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), caller.getUserId()); admin = enforcingAdmin.getActiveAdmin(); } else { Preconditions.checkCallAuthorization((caller.hasAdminComponent() && (isProfileOwner(caller) || isDefaultDeviceOwner(caller))) || (caller.hasPackage() && isCallerDelegate(caller, Loading @@ -13343,7 +13338,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()); } } checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_PACKAGES_SUSPENDED); // Must remove the exempt apps from the input before calling PM, then add them back to Loading Loading @@ -15585,12 +15579,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public boolean setStatusBarDisabled(ComponentName who, String callerPackageName, boolean disabled) { CallerIdentity caller; if (isUnicornFlagEnabled()) { if (isSetStatusBarDisabledCoexistenceEnabled()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (isSetStatusBarDisabledCoexistenceEnabled()) { enforcePermission(MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), UserHandle.USER_ALL); } else { Loading @@ -15601,7 +15595,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); synchronized (getLockObject()) { if (!isUnicornFlagEnabled()) { if (!isSetStatusBarDisabledCoexistenceEnabled()) { Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), "Admin " + who + " is neither the device owner or affiliated " + "user's profile owner."); Loading Loading @@ -15660,7 +15654,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public boolean isStatusBarDisabled(String callerPackage) { final CallerIdentity caller = getCallerIdentity(callerPackage); if (isUnicornFlagEnabled()) { if (isSetStatusBarDisabledCoexistenceEnabled()) { enforceCanQuery( MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), caller.getUserId()); } else { Loading @@ -15670,7 +15664,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); synchronized (getLockObject()) { if (!isUnicornFlagEnabled()) { if (!isSetStatusBarDisabledCoexistenceEnabled()) { Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), "Admin " + callerPackage + " is neither the device owner or affiliated user's profile owner."); Loading Loading @@ -16862,7 +16856,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } EnforcingAdmin enforcingAdmin; if (isUnicornFlagEnabled()) { if (Flags.setPermissionGrantStateCoexistence()) { enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, Loading Loading @@ -17047,7 +17041,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public int getPermissionGrantState(ComponentName admin, String callerPackage, String packageName, String permission) throws RemoteException { final CallerIdentity caller = getCallerIdentity(admin, callerPackage); if (isUnicornFlagEnabled()) { if (Flags.setPermissionGrantStateCoexistence()) { enforceCanQuery(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, caller.getPackageName(), caller.getUserId()); } else { Loading Loading @@ -19331,14 +19325,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { throw new IllegalArgumentException("token must be at least 32-byte long"); } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { caller = getCallerIdentity(admin, callerPackageName); } else { caller = getCallerIdentity(admin); } final int userId = caller.getUserId(); if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19394,7 +19388,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { caller = getCallerIdentity(admin, callerPackageName); } else { caller = getCallerIdentity(admin); Loading @@ -19402,7 +19396,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int userId = caller.getUserId(); boolean result = false; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19441,14 +19435,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { caller = getCallerIdentity(admin, callerPackageName); } else { caller = getCallerIdentity(admin); } int userId = caller.getUserId(); if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19490,7 +19484,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Objects.requireNonNull(token); CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { caller = getCallerIdentity(admin, callerPackageName); } else { caller = getCallerIdentity(admin); Loading @@ -19500,7 +19494,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean result = false; final String password = passwordOrNull != null ? passwordOrNull : ""; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19531,7 +19525,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } if (result) { if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { DevicePolicyEventLogger .createEvent(DevicePolicyEnums.RESET_PASSWORD_WITH_TOKEN) .setAdmin(callerPackageName) Loading Loading @@ -23812,7 +23806,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DEFAULT_VALUE_PERMISSION_BASED_ACCESS_FLAG); } static boolean isUnicornFlagEnabled() { private static boolean isSetStatusBarDisabledCoexistenceEnabled() { return false; } Loading Loading @@ -24255,8 +24249,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { Slogf.i(LOG_TAG, "Started device policies migration to the device policy engine."); if (isUnicornFlagEnabled()) { // TODO(b/359188869): Move this to the current migration method. if (Flags.setAutoTimeZoneEnabledCoexistence()) { migrateAutoTimezonePolicy(); } if (Flags.setPermissionGrantStateCoexistence()) { migratePermissionGrantStatePolicies(); } migratePermittedInputMethodsPolicyLocked(); services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java +2 −2 Original line number Diff line number Diff line Loading @@ -78,7 +78,7 @@ final class PolicyEnforcerCallbacks { } static boolean setAutoTimezoneEnabled(@Nullable Boolean enabled, @NonNull Context context) { if (!DevicePolicyManagerService.isUnicornFlagEnabled()) { if (!Flags.setAutoTimeZoneEnabledCoexistence()) { Slogf.w(LOG_TAG, "Trying to enforce setAutoTimezoneEnabled while flag is off."); return true; } Loading @@ -95,7 +95,7 @@ final class PolicyEnforcerCallbacks { static boolean setPermissionGrantState( @Nullable Integer grantState, @NonNull Context context, int userId, @NonNull PolicyKey policyKey) { if (!DevicePolicyManagerService.isUnicornFlagEnabled()) { if (!Flags.setPermissionGrantStateCoexistence()) { Slogf.w(LOG_TAG, "Trying to enforce setPermissionGrantState while flag is off."); return true; } Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +46 −49 Original line number Diff line number Diff line Loading @@ -6395,7 +6395,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public void lockNow(int flags, String callerPackageName, boolean parent) { CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.lockNowCoexistence()) { caller = getCallerIdentity(callerPackageName); } else { caller = getCallerIdentity(); Loading @@ -6407,7 +6407,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { ActiveAdmin admin; // Make sure the caller has any active admin with the right policy or // the required permission. if (isUnicornFlagEnabled()) { if (Flags.lockNowCoexistence()) { admin = enforcePermissionsAndGetEnforcingAdmin( /* admin= */ null, /* permissions= */ new String[]{MANAGE_DEVICE_POLICY_LOCK, LOCK_DEVICE}, Loading Loading @@ -9179,13 +9179,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeEnabledCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeEnabledCoexistence()) { // The effect of this policy is device-wide. enforcePermission(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); } else { Loading Loading @@ -9213,13 +9213,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeEnabledCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeEnabledCoexistence()) { enforceCanQuery(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); } else { Objects.requireNonNull(who, "ComponentName is null"); Loading @@ -9242,13 +9242,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeZoneEnabledCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeZoneEnabledCoexistence()) { // The effect of this policy is device-wide. EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, Loading Loading @@ -9288,13 +9288,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeZoneEnabledCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (Flags.setAutoTimeZoneEnabledCoexistence()) { // The effect of this policy is device-wide. enforceCanQuery(SET_TIME_ZONE, caller.getPackageName(), UserHandle.USER_ALL); } else { Loading Loading @@ -9544,7 +9544,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.setKeyguardDisabledFeaturesCoexistence()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); Loading @@ -9554,7 +9554,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int userHandle = caller.getUserId(); int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; synchronized (getLockObject()) { if (isUnicornFlagEnabled()) { if (Flags.setKeyguardDisabledFeaturesCoexistence()) { // SUPPORT USES_POLICY_DISABLE_KEYGUARD_FEATURES EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_KEYGUARD, caller.getPackageName(), Loading Loading @@ -9633,7 +9633,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { if (who != null) { if (isUnicornFlagEnabled()) { if (Flags.setKeyguardDisabledFeaturesCoexistence()) { EnforcingAdmin admin = getEnforcingAdminForPackage( who, who.getPackageName(), userHandle); Integer features = mDevicePolicyEngine.getLocalPolicySetByAdmin( Loading @@ -9652,7 +9652,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // the different behaviour between a profile with separate challenge vs a profile with // unified challenge, which was part of getActiveAdminsForLockscreenPoliciesLocked() // before the migration. if (isUnicornFlagEnabled()) { if (Flags.setKeyguardDisabledFeaturesCoexistence()) { Integer features = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.KEYGUARD_DISABLED_FEATURES, affectedUserId); Loading Loading @@ -11845,7 +11845,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { throw new IllegalArgumentException("Invalid package name: " + validationResult); } if (isUnicornFlagEnabled()) { if (Flags.setApplicationRestrictionsCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, Loading Loading @@ -13228,7 +13228,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String packageName, boolean parent) { final CallerIdentity caller = getCallerIdentity(who, callerPackage); if (isUnicornFlagEnabled()) { // IMPORTANT: The code behind the if branch is OUTDATED and requires additional work before // enabling the feature flag below. // TODO(b/369141952): Update DPM.getApplicationRestrictions coexistence code if (Flags.setApplicationRestrictionsCoexistence()) { EnforcingAdmin enforcingAdmin = enforceCanQueryAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, Loading Loading @@ -13328,14 +13331,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(who, callerPackage); ActiveAdmin admin; if (isUnicornFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), caller.getUserId()); admin = enforcingAdmin.getActiveAdmin(); } else { Preconditions.checkCallAuthorization((caller.hasAdminComponent() && (isProfileOwner(caller) || isDefaultDeviceOwner(caller))) || (caller.hasPackage() && isCallerDelegate(caller, Loading @@ -13343,7 +13338,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()); } } checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_PACKAGES_SUSPENDED); // Must remove the exempt apps from the input before calling PM, then add them back to Loading Loading @@ -15585,12 +15579,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public boolean setStatusBarDisabled(ComponentName who, String callerPackageName, boolean disabled) { CallerIdentity caller; if (isUnicornFlagEnabled()) { if (isSetStatusBarDisabledCoexistenceEnabled()) { caller = getCallerIdentity(who, callerPackageName); } else { caller = getCallerIdentity(who); } if (isUnicornFlagEnabled()) { if (isSetStatusBarDisabledCoexistenceEnabled()) { enforcePermission(MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), UserHandle.USER_ALL); } else { Loading @@ -15601,7 +15595,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); synchronized (getLockObject()) { if (!isUnicornFlagEnabled()) { if (!isSetStatusBarDisabledCoexistenceEnabled()) { Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), "Admin " + who + " is neither the device owner or affiliated " + "user's profile owner."); Loading Loading @@ -15660,7 +15654,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public boolean isStatusBarDisabled(String callerPackage) { final CallerIdentity caller = getCallerIdentity(callerPackage); if (isUnicornFlagEnabled()) { if (isSetStatusBarDisabledCoexistenceEnabled()) { enforceCanQuery( MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), caller.getUserId()); } else { Loading @@ -15670,7 +15664,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); synchronized (getLockObject()) { if (!isUnicornFlagEnabled()) { if (!isSetStatusBarDisabledCoexistenceEnabled()) { Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), "Admin " + callerPackage + " is neither the device owner or affiliated user's profile owner."); Loading Loading @@ -16862,7 +16856,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } EnforcingAdmin enforcingAdmin; if (isUnicornFlagEnabled()) { if (Flags.setPermissionGrantStateCoexistence()) { enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, Loading Loading @@ -17047,7 +17041,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public int getPermissionGrantState(ComponentName admin, String callerPackage, String packageName, String permission) throws RemoteException { final CallerIdentity caller = getCallerIdentity(admin, callerPackage); if (isUnicornFlagEnabled()) { if (Flags.setPermissionGrantStateCoexistence()) { enforceCanQuery(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, caller.getPackageName(), caller.getUserId()); } else { Loading Loading @@ -19331,14 +19325,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { throw new IllegalArgumentException("token must be at least 32-byte long"); } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { caller = getCallerIdentity(admin, callerPackageName); } else { caller = getCallerIdentity(admin); } final int userId = caller.getUserId(); if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19394,7 +19388,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { caller = getCallerIdentity(admin, callerPackageName); } else { caller = getCallerIdentity(admin); Loading @@ -19402,7 +19396,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int userId = caller.getUserId(); boolean result = false; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19441,14 +19435,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { caller = getCallerIdentity(admin, callerPackageName); } else { caller = getCallerIdentity(admin); } int userId = caller.getUserId(); if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19490,7 +19484,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Objects.requireNonNull(token); CallerIdentity caller; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { caller = getCallerIdentity(admin, callerPackageName); } else { caller = getCallerIdentity(admin); Loading @@ -19500,7 +19494,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean result = false; final String password = passwordOrNull != null ? passwordOrNull : ""; if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19531,7 +19525,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } if (result) { if (isUnicornFlagEnabled()) { if (Flags.resetPasswordWithTokenCoexistence()) { DevicePolicyEventLogger .createEvent(DevicePolicyEnums.RESET_PASSWORD_WITH_TOKEN) .setAdmin(callerPackageName) Loading Loading @@ -23812,7 +23806,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DEFAULT_VALUE_PERMISSION_BASED_ACCESS_FLAG); } static boolean isUnicornFlagEnabled() { private static boolean isSetStatusBarDisabledCoexistenceEnabled() { return false; } Loading Loading @@ -24255,8 +24249,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { Slogf.i(LOG_TAG, "Started device policies migration to the device policy engine."); if (isUnicornFlagEnabled()) { // TODO(b/359188869): Move this to the current migration method. if (Flags.setAutoTimeZoneEnabledCoexistence()) { migrateAutoTimezonePolicy(); } if (Flags.setPermissionGrantStateCoexistence()) { migratePermissionGrantStatePolicies(); } migratePermittedInputMethodsPolicyLocked();
services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java +2 −2 Original line number Diff line number Diff line Loading @@ -78,7 +78,7 @@ final class PolicyEnforcerCallbacks { } static boolean setAutoTimezoneEnabled(@Nullable Boolean enabled, @NonNull Context context) { if (!DevicePolicyManagerService.isUnicornFlagEnabled()) { if (!Flags.setAutoTimeZoneEnabledCoexistence()) { Slogf.w(LOG_TAG, "Trying to enforce setAutoTimezoneEnabled while flag is off."); return true; } Loading @@ -95,7 +95,7 @@ final class PolicyEnforcerCallbacks { static boolean setPermissionGrantState( @Nullable Integer grantState, @NonNull Context context, int userId, @NonNull PolicyKey policyKey) { if (!DevicePolicyManagerService.isUnicornFlagEnabled()) { if (!Flags.setPermissionGrantStateCoexistence()) { Slogf.w(LOG_TAG, "Trying to enforce setPermissionGrantState while flag is off."); return true; } Loading
