Merge "Emit security log when backup service is toggled" into main

    field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452

    field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451

    field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455

    field @FlaggedApi("android.app.admin.flags.backup_service_security_log_event_enabled") public static final int TAG_BACKUP_SERVICE_TOGGLED = 210044; // 0x3347c

    field public static final int TAG_BLUETOOTH_CONNECTION = 210039; // 0x33477

    field public static final int TAG_BLUETOOTH_DISCONNECTION = 210040; // 0x33478

    field public static final int TAG_CAMERA_POLICY_SET = 210034; // 0x33472

package android.app.admin;

import android.Manifest;

import android.annotation.FlaggedApi;

import android.annotation.IntDef;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.RequiresPermission;

import android.annotation.SystemApi;

import android.annotation.TestApi;

import android.app.admin.flags.Flags;

import android.compat.annotation.UnsupportedAppUsage;

import android.content.ComponentName;

import android.os.Build;

            TAG_PACKAGE_INSTALLED,

            TAG_PACKAGE_UPDATED,

            TAG_PACKAGE_UNINSTALLED,

            TAG_BACKUP_SERVICE_TOGGLED,

    })

    public @interface SecurityLogTag {}

     */

    public static final int TAG_PACKAGE_UNINSTALLED = SecurityLogTags.SECURITY_PACKAGE_UNINSTALLED;

    /**

     * Indicates that an admin has enabled or disabled backup service. The log entry contains the

     * following information about the event encapsulated in an {@link Object} array, accessible

     * via {@link SecurityEvent#getData()}:

     * <li> [0] admin package name ({@code String})

     * <li> [1] admin user ID ({@code Integer})

     * <li> [2] backup service state ({@code Integer}, 1 for enabled, 0 for disabled)

     * @see DevicePolicyManager#setBackupServiceEnabled(ComponentName, boolean)

     */

    @FlaggedApi(Flags.FLAG_BACKUP_SERVICE_SECURITY_LOG_EVENT_ENABLED)

    public static final int TAG_BACKUP_SERVICE_TOGGLED =

            SecurityLogTags.SECURITY_BACKUP_SERVICE_TOGGLED;

    /**

     * Event severity level indicating that the event corresponds to normal workflow.

     */

210041 security_package_installed               (package_name|3),(version_code|1),(user_id|1)

210042 security_package_updated                 (package_name|3),(version_code|1),(user_id|1)

210043 security_package_uninstalled             (package_name|3),(version_code|1),(user_id|1)

210044 security_backup_service_toggled          (package|3),(admin_user|1),(enabled|1)

 No newline at end of file

    description: "Exempt the default sms app of the context user for suspension when calling setPersonalAppsSuspended"

    bug: "309183330"

}

flag {

  name: "backup_service_security_log_event_enabled"

  namespace: "enterprise"

  description: "Emit a security log event when DPM.setBackupServiceEnabled is called"

  bug: "304999634"

}

import static android.app.admin.ProvisioningException.ERROR_SETTING_PROFILE_OWNER_FAILED;

import static android.app.admin.ProvisioningException.ERROR_SET_DEVICE_OWNER_FAILED;

import static android.app.admin.ProvisioningException.ERROR_STARTING_PROFILE_FAILED;

import static android.app.admin.flags.Flags.backupServiceSecurityLogEventEnabled;

import static android.app.admin.flags.Flags.dumpsysPolicyEngineMigrationEnabled;

import static android.app.admin.flags.Flags.policyEngineMigrationV2Enabled;

import static android.content.Intent.ACTION_MANAGED_PROFILE_AVAILABLE;

                || isProfileOwner(caller) || isFinancedDeviceOwner(caller));

        toggleBackupServiceActive(caller.getUserId(), enabled);

        if (backupServiceSecurityLogEventEnabled()) {

            if (SecurityLog.isLoggingEnabled()) {

                SecurityLog.writeEvent(SecurityLog.TAG_BACKUP_SERVICE_TOGGLED,

                        caller.getPackageName(), caller.getUserId(), enabled ? 1 : 0);

            }

        }

    }

    @Override