Loading core/java/android/os/IUserManager.aidl +3 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package android.os; import android.os.Bundle; import android.os.IUserRestrictionsListener; import android.os.PersistableBundle; import android.os.UserManager; import android.content.pm.UserInfo; Loading Loading @@ -75,6 +76,8 @@ interface IUserManager { boolean hasBaseUserRestriction(String restrictionKey, int userHandle); boolean hasUserRestriction(in String restrictionKey, int userHandle); boolean hasUserRestrictionOnAnyUser(in String restrictionKey); boolean isSettingRestrictedForUser(in String setting, int userId, in String value, int callingUid); void addUserRestrictionsListener(IUserRestrictionsListener listener); void setUserRestriction(String key, boolean value, int userHandle); void setApplicationRestrictions(in String packageName, in Bundle restrictions, int userHandle); Loading core/java/android/os/IUserRestrictionsListener.aidl 0 → 100644 +26 −0 Original line number Diff line number Diff line /* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.os; import android.os.Bundle; /** * @hide */ oneway interface IUserRestrictionsListener { void onUserRestrictionsChanged(int userId, in Bundle newRestrictions, in Bundle prevRestrictions); } core/java/android/os/UserManager.java +32 −0 Original line number Diff line number Diff line Loading @@ -1985,6 +1985,38 @@ public class UserManager { } } /** * @hide * * Checks whether changing the given setting to the given value is prohibited * by the corresponding user restriction in the given user. * * May only be called by the OS itself. * * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. */ public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId, String value, int callingUid) { try { return mService.isSettingRestrictedForUser(setting, userId, value, callingUid); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } /** * @hide * Register a binder callback for user restrictions changes. * May only be called by the OS itself. */ public void addUserRestrictionsListener(final IUserRestrictionsListener listener) { try { mService.addUserRestrictionsListener(listener); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } /** * Return the serial number for a user. This is a device-unique * number assigned to that user; if the user is deleted and then a new Loading packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +98 −89 Original line number Diff line number Diff line Loading @@ -56,6 +56,7 @@ import android.os.DropBoxManager; import android.os.Environment; import android.os.Handler; import android.os.HandlerThread; import android.os.IUserRestrictionsListener; import android.os.Looper; import android.os.Message; import android.os.ParcelFileDescriptor; Loading @@ -65,7 +66,6 @@ import android.os.SELinux; import android.os.ServiceManager; import android.os.UserHandle; import android.os.UserManager; import android.os.UserManagerInternal; import android.provider.DeviceConfig; import android.provider.Settings; import android.provider.Settings.Global; Loading @@ -84,7 +84,6 @@ import com.android.internal.annotations.GuardedBy; import com.android.internal.content.PackageMonitor; import com.android.internal.os.BackgroundThread; import com.android.providers.settings.SettingsState.Setting; import com.android.server.LocalServices; import com.android.server.SystemConfig; import com.google.android.collect.Sets; Loading Loading @@ -286,8 +285,6 @@ public class SettingsProvider extends ContentProvider { // We have to call in the user manager with no lock held, private volatile UserManager mUserManager; private UserManagerInternal mUserManagerInternal; // We have to call in the package manager with no lock held, private volatile IPackageManager mPackageManager; Loading Loading @@ -317,7 +314,6 @@ public class SettingsProvider extends ContentProvider { synchronized (mLock) { mUserManager = UserManager.get(getContext()); mUserManagerInternal = LocalServices.getService(UserManagerInternal.class); mPackageManager = AppGlobals.getPackageManager(); mHandlerThread = new HandlerThread(LOG_TAG, Process.THREAD_PRIORITY_BACKGROUND); Loading Loading @@ -902,10 +898,12 @@ public class SettingsProvider extends ContentProvider { // TODO: The current design of settings looking different based on user restrictions // should be reworked to keep them separate and system code should check the setting // first followed by checking the user restriction before performing an operation. UserManagerInternal userManager = LocalServices.getService(UserManagerInternal.class); userManager.addUserRestrictionsListener((int userId, Bundle newRestrictions, Bundle prevRestrictions) -> { Set<String> changedRestrictions = getRestrictionDiff(prevRestrictions, newRestrictions); IUserRestrictionsListener listener = new IUserRestrictionsListener.Stub() { @Override public void onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions) { Set<String> changedRestrictions = getRestrictionDiff(prevRestrictions, newRestrictions); // We are changing the settings affected by restrictions to their current // value with a forced update to ensure that all cross profile dependencies // are taken into account. Also make sure the settings update to.. the same Loading Loading @@ -935,7 +933,8 @@ public class SettingsProvider extends ContentProvider { final long identity = Binder.clearCallingIdentity(); try { synchronized (mLock) { Setting setting = getGlobalSetting(Settings.Global.INSTALL_NON_MARKET_APPS); Setting setting = getGlobalSetting( Settings.Global.INSTALL_NON_MARKET_APPS); String value = setting != null ? setting.getValue() : null; updateGlobalSetting(Settings.Global.INSTALL_NON_MARKET_APPS, value, null, true, userId, true); Loading Loading @@ -990,7 +989,9 @@ public class SettingsProvider extends ContentProvider { Binder.restoreCallingIdentity(identity); } } }); } }; mUserManager.addUserRestrictionsListener(listener); } private static Set<String> getRestrictionDiff(Bundle prevRestrictions, Bundle newRestrictions) { Loading Loading @@ -1185,6 +1186,17 @@ public class SettingsProvider extends ContentProvider { MUTATION_OPERATION_RESET, false, mode); } private boolean isSettingRestrictedForUser(String name, int userId, String value, int callerUid) { final long oldId = Binder.clearCallingIdentity(); try { return (name != null && mUserManager.isSettingRestrictedForUser(name, userId, value, callerUid)); } finally { Binder.restoreCallingIdentity(oldId); } } private boolean mutateGlobalSetting(String name, String value, String tag, boolean makeDefault, int requestingUserId, int operation, boolean forceNotify, int mode) { Loading @@ -1196,8 +1208,7 @@ public class SettingsProvider extends ContentProvider { // If this is a setting that is currently restricted for this user, do not allow // unrestricting changes. if (name != null && mUserManagerInternal.isSettingRestrictedForUser( name, callingUserId, value, Binder.getCallingUid())) { if (isSettingRestrictedForUser(name, callingUserId, value, Binder.getCallingUid())) { return false; } Loading Loading @@ -1505,8 +1516,7 @@ public class SettingsProvider extends ContentProvider { // If this is a setting that is currently restricted for this user, do not allow // unrestricting changes. if (name != null && mUserManagerInternal.isSettingRestrictedForUser( name, callingUserId, value, Binder.getCallingUid())) { if (isSettingRestrictedForUser(name, callingUserId, value, Binder.getCallingUid())) { return false; } Loading Loading @@ -1646,8 +1656,7 @@ public class SettingsProvider extends ContentProvider { // Resolve the userId on whose behalf the call is made. final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(runAsUserId); if (name != null && mUserManagerInternal.isSettingRestrictedForUser( name, callingUserId, value, Binder.getCallingUid())) { if (isSettingRestrictedForUser(name, callingUserId, value, Binder.getCallingUid())) { return false; } Loading core/java/android/os/UserManagerInternal.java→services/core/java/android/os/UserManagerInternal.java +1 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License * limitations under the License. */ package android.os; Loading Loading
core/java/android/os/IUserManager.aidl +3 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package android.os; import android.os.Bundle; import android.os.IUserRestrictionsListener; import android.os.PersistableBundle; import android.os.UserManager; import android.content.pm.UserInfo; Loading Loading @@ -75,6 +76,8 @@ interface IUserManager { boolean hasBaseUserRestriction(String restrictionKey, int userHandle); boolean hasUserRestriction(in String restrictionKey, int userHandle); boolean hasUserRestrictionOnAnyUser(in String restrictionKey); boolean isSettingRestrictedForUser(in String setting, int userId, in String value, int callingUid); void addUserRestrictionsListener(IUserRestrictionsListener listener); void setUserRestriction(String key, boolean value, int userHandle); void setApplicationRestrictions(in String packageName, in Bundle restrictions, int userHandle); Loading
core/java/android/os/IUserRestrictionsListener.aidl 0 → 100644 +26 −0 Original line number Diff line number Diff line /* * Copyright (C) 2019 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.os; import android.os.Bundle; /** * @hide */ oneway interface IUserRestrictionsListener { void onUserRestrictionsChanged(int userId, in Bundle newRestrictions, in Bundle prevRestrictions); }
core/java/android/os/UserManager.java +32 −0 Original line number Diff line number Diff line Loading @@ -1985,6 +1985,38 @@ public class UserManager { } } /** * @hide * * Checks whether changing the given setting to the given value is prohibited * by the corresponding user restriction in the given user. * * May only be called by the OS itself. * * @return {@code true} if the change is prohibited, {@code false} if the change is allowed. */ public boolean isSettingRestrictedForUser(String setting, @UserIdInt int userId, String value, int callingUid) { try { return mService.isSettingRestrictedForUser(setting, userId, value, callingUid); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } /** * @hide * Register a binder callback for user restrictions changes. * May only be called by the OS itself. */ public void addUserRestrictionsListener(final IUserRestrictionsListener listener) { try { mService.addUserRestrictionsListener(listener); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } /** * Return the serial number for a user. This is a device-unique * number assigned to that user; if the user is deleted and then a new Loading
packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +98 −89 Original line number Diff line number Diff line Loading @@ -56,6 +56,7 @@ import android.os.DropBoxManager; import android.os.Environment; import android.os.Handler; import android.os.HandlerThread; import android.os.IUserRestrictionsListener; import android.os.Looper; import android.os.Message; import android.os.ParcelFileDescriptor; Loading @@ -65,7 +66,6 @@ import android.os.SELinux; import android.os.ServiceManager; import android.os.UserHandle; import android.os.UserManager; import android.os.UserManagerInternal; import android.provider.DeviceConfig; import android.provider.Settings; import android.provider.Settings.Global; Loading @@ -84,7 +84,6 @@ import com.android.internal.annotations.GuardedBy; import com.android.internal.content.PackageMonitor; import com.android.internal.os.BackgroundThread; import com.android.providers.settings.SettingsState.Setting; import com.android.server.LocalServices; import com.android.server.SystemConfig; import com.google.android.collect.Sets; Loading Loading @@ -286,8 +285,6 @@ public class SettingsProvider extends ContentProvider { // We have to call in the user manager with no lock held, private volatile UserManager mUserManager; private UserManagerInternal mUserManagerInternal; // We have to call in the package manager with no lock held, private volatile IPackageManager mPackageManager; Loading Loading @@ -317,7 +314,6 @@ public class SettingsProvider extends ContentProvider { synchronized (mLock) { mUserManager = UserManager.get(getContext()); mUserManagerInternal = LocalServices.getService(UserManagerInternal.class); mPackageManager = AppGlobals.getPackageManager(); mHandlerThread = new HandlerThread(LOG_TAG, Process.THREAD_PRIORITY_BACKGROUND); Loading Loading @@ -902,10 +898,12 @@ public class SettingsProvider extends ContentProvider { // TODO: The current design of settings looking different based on user restrictions // should be reworked to keep them separate and system code should check the setting // first followed by checking the user restriction before performing an operation. UserManagerInternal userManager = LocalServices.getService(UserManagerInternal.class); userManager.addUserRestrictionsListener((int userId, Bundle newRestrictions, Bundle prevRestrictions) -> { Set<String> changedRestrictions = getRestrictionDiff(prevRestrictions, newRestrictions); IUserRestrictionsListener listener = new IUserRestrictionsListener.Stub() { @Override public void onUserRestrictionsChanged(int userId, Bundle newRestrictions, Bundle prevRestrictions) { Set<String> changedRestrictions = getRestrictionDiff(prevRestrictions, newRestrictions); // We are changing the settings affected by restrictions to their current // value with a forced update to ensure that all cross profile dependencies // are taken into account. Also make sure the settings update to.. the same Loading Loading @@ -935,7 +933,8 @@ public class SettingsProvider extends ContentProvider { final long identity = Binder.clearCallingIdentity(); try { synchronized (mLock) { Setting setting = getGlobalSetting(Settings.Global.INSTALL_NON_MARKET_APPS); Setting setting = getGlobalSetting( Settings.Global.INSTALL_NON_MARKET_APPS); String value = setting != null ? setting.getValue() : null; updateGlobalSetting(Settings.Global.INSTALL_NON_MARKET_APPS, value, null, true, userId, true); Loading Loading @@ -990,7 +989,9 @@ public class SettingsProvider extends ContentProvider { Binder.restoreCallingIdentity(identity); } } }); } }; mUserManager.addUserRestrictionsListener(listener); } private static Set<String> getRestrictionDiff(Bundle prevRestrictions, Bundle newRestrictions) { Loading Loading @@ -1185,6 +1186,17 @@ public class SettingsProvider extends ContentProvider { MUTATION_OPERATION_RESET, false, mode); } private boolean isSettingRestrictedForUser(String name, int userId, String value, int callerUid) { final long oldId = Binder.clearCallingIdentity(); try { return (name != null && mUserManager.isSettingRestrictedForUser(name, userId, value, callerUid)); } finally { Binder.restoreCallingIdentity(oldId); } } private boolean mutateGlobalSetting(String name, String value, String tag, boolean makeDefault, int requestingUserId, int operation, boolean forceNotify, int mode) { Loading @@ -1196,8 +1208,7 @@ public class SettingsProvider extends ContentProvider { // If this is a setting that is currently restricted for this user, do not allow // unrestricting changes. if (name != null && mUserManagerInternal.isSettingRestrictedForUser( name, callingUserId, value, Binder.getCallingUid())) { if (isSettingRestrictedForUser(name, callingUserId, value, Binder.getCallingUid())) { return false; } Loading Loading @@ -1505,8 +1516,7 @@ public class SettingsProvider extends ContentProvider { // If this is a setting that is currently restricted for this user, do not allow // unrestricting changes. if (name != null && mUserManagerInternal.isSettingRestrictedForUser( name, callingUserId, value, Binder.getCallingUid())) { if (isSettingRestrictedForUser(name, callingUserId, value, Binder.getCallingUid())) { return false; } Loading Loading @@ -1646,8 +1656,7 @@ public class SettingsProvider extends ContentProvider { // Resolve the userId on whose behalf the call is made. final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(runAsUserId); if (name != null && mUserManagerInternal.isSettingRestrictedForUser( name, callingUserId, value, Binder.getCallingUid())) { if (isSettingRestrictedForUser(name, callingUserId, value, Binder.getCallingUid())) { return false; } Loading
core/java/android/os/UserManagerInternal.java→services/core/java/android/os/UserManagerInternal.java +1 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License * limitations under the License. */ package android.os; Loading
