Loading core/java/android/app/admin/DevicePolicyManager.java +14 −0 Original line number Diff line number Diff line Loading @@ -5513,6 +5513,10 @@ public class DevicePolicyManager { * This method requires the caller to be the device owner. * <p> * This proxy is only a recommendation and it is possible that some apps will ignore it. * <p> * Note: The device owner won't be able to set a global HTTP proxy if there are unaffiliated * secondary users or profiles on the device. It's recommended that affiliation ids are set for * new users as soon as possible after provisioning via {@link #setAffiliationIds}. * * @see ProxyInfo * @param admin Which {@link DeviceAdminReceiver} this request is associated with. Loading Loading @@ -12791,6 +12795,11 @@ public class DevicePolicyManager { * <p>In this mode, the DNS subsystem will attempt a TLS handshake to the network-supplied * resolver prior to attempting name resolution in cleartext. * * <p>Note: The device owner won't be able to set the global private DNS mode if there are * unaffiliated secondary users or profiles on the device. It's recommended that affiliation * ids are set for new users as soon as possible after provisioning via * {@link #setAffiliationIds}. * * @param admin which {@link DeviceAdminReceiver} this request is associated with. * * @return {@code PRIVATE_DNS_SET_NO_ERROR} if the mode was set successfully, or Loading Loading @@ -12826,6 +12835,11 @@ public class DevicePolicyManager { * the ability to resolve hostnames as system traffic to the resolver may not go through the * VPN. * * <p>Note: The device owner won't be able to set the global private DNS mode if there are * unaffiliated secondary users or profiles on the device. It's recommended that affiliation * ids are set for new users as soon as possible after provisioning via * {@link #setAffiliationIds}. * * @param admin which {@link DeviceAdminReceiver} this request is associated with. * @param privateDnsHost The hostname of a server that implements DNS over TLS (RFC7858). * services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +2 −0 Original line number Diff line number Diff line Loading @@ -7244,6 +7244,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { Objects.requireNonNull(who, "ComponentName is null"); final CallerIdentity caller = getCallerIdentity(who); Preconditions.checkCallAuthorization(isDeviceOwner(caller)); checkAllUsersAreAffiliatedWithDevice(); mInjector.binderWithCleanCallingIdentity( () -> mInjector.getConnectivityManager().setGlobalProxy(proxyInfo)); } Loading Loading @@ -15736,6 +15737,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { Objects.requireNonNull(who, "ComponentName is null"); final CallerIdentity caller = getCallerIdentity(who); Preconditions.checkCallAuthorization(isDeviceOwner(caller)); checkAllUsersAreAffiliatedWithDevice(); checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_GLOBAL_PRIVATE_DNS); switch (mode) { services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +43 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,7 @@ import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH; import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_LOW; import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_MEDIUM; import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE; import static android.app.admin.DevicePolicyManager.PRIVATE_DNS_SET_NO_ERROR; import static android.app.admin.DevicePolicyManager.WIPE_EUICC; import static android.app.admin.PasswordMetrics.computeForPasswordOrPin; import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_DIRECT_BOOT_AWARE; Loading Loading @@ -7333,6 +7334,48 @@ public class DevicePolicyManagerTest extends DpmTestBase { assertThat(dpm.getPolicyExemptApps()).containsExactly("4", "8", "15", "16", "23", "42"); } @Test public void testSetGlobalPrivateDnsModeOpportunistic_asDeviceOwner() throws Exception { setDeviceOwner(); // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the // feature is disabled because there are non-affiliated secondary users. getServices().removeUser(CALLER_USER_HANDLE); clearInvocations(getServices().settings); int result = dpm.setGlobalPrivateDnsModeOpportunistic(admin1); assertThat(result).isEqualTo(PRIVATE_DNS_SET_NO_ERROR); } @Test public void testSetGlobalPrivateDnsModeOpportunistic_hasUnaffiliatedUsers() throws Exception { setDeviceOwner(); setAsProfileOwner(admin2); assertThrows(SecurityException.class, () -> dpm.setGlobalPrivateDnsModeOpportunistic(admin1)); } @Test public void testSetRecommendedGlobalProxy_asDeviceOwner() throws Exception { setDeviceOwner(); // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the // feature is disabled because there are non-affiliated secondary users. getServices().removeUser(CALLER_USER_HANDLE); dpm.setRecommendedGlobalProxy(admin1, null); verify(getServices().connectivityManager).setGlobalProxy(null); } @Test public void testSetRecommendedGlobalProxy_hasUnaffiliatedUsers() throws Exception { setDeviceOwner(); setAsProfileOwner(admin2); assertThrows(SecurityException.class, () -> dpm.setRecommendedGlobalProxy(admin1, null)); } private void setUserUnlocked(int userHandle, boolean unlocked) { when(getServices().userManager.isUserUnlocked(eq(userHandle))).thenReturn(unlocked); } Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +14 −0 Original line number Diff line number Diff line Loading @@ -5513,6 +5513,10 @@ public class DevicePolicyManager { * This method requires the caller to be the device owner. * <p> * This proxy is only a recommendation and it is possible that some apps will ignore it. * <p> * Note: The device owner won't be able to set a global HTTP proxy if there are unaffiliated * secondary users or profiles on the device. It's recommended that affiliation ids are set for * new users as soon as possible after provisioning via {@link #setAffiliationIds}. * * @see ProxyInfo * @param admin Which {@link DeviceAdminReceiver} this request is associated with. Loading Loading @@ -12791,6 +12795,11 @@ public class DevicePolicyManager { * <p>In this mode, the DNS subsystem will attempt a TLS handshake to the network-supplied * resolver prior to attempting name resolution in cleartext. * * <p>Note: The device owner won't be able to set the global private DNS mode if there are * unaffiliated secondary users or profiles on the device. It's recommended that affiliation * ids are set for new users as soon as possible after provisioning via * {@link #setAffiliationIds}. * * @param admin which {@link DeviceAdminReceiver} this request is associated with. * * @return {@code PRIVATE_DNS_SET_NO_ERROR} if the mode was set successfully, or Loading Loading @@ -12826,6 +12835,11 @@ public class DevicePolicyManager { * the ability to resolve hostnames as system traffic to the resolver may not go through the * VPN. * * <p>Note: The device owner won't be able to set the global private DNS mode if there are * unaffiliated secondary users or profiles on the device. It's recommended that affiliation * ids are set for new users as soon as possible after provisioning via * {@link #setAffiliationIds}. * * @param admin which {@link DeviceAdminReceiver} this request is associated with. * @param privateDnsHost The hostname of a server that implements DNS over TLS (RFC7858). *
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +2 −0 Original line number Diff line number Diff line Loading @@ -7244,6 +7244,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { Objects.requireNonNull(who, "ComponentName is null"); final CallerIdentity caller = getCallerIdentity(who); Preconditions.checkCallAuthorization(isDeviceOwner(caller)); checkAllUsersAreAffiliatedWithDevice(); mInjector.binderWithCleanCallingIdentity( () -> mInjector.getConnectivityManager().setGlobalProxy(proxyInfo)); } Loading Loading @@ -15736,6 +15737,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { Objects.requireNonNull(who, "ComponentName is null"); final CallerIdentity caller = getCallerIdentity(who); Preconditions.checkCallAuthorization(isDeviceOwner(caller)); checkAllUsersAreAffiliatedWithDevice(); checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_GLOBAL_PRIVATE_DNS); switch (mode) {
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +43 −0 Original line number Diff line number Diff line Loading @@ -30,6 +30,7 @@ import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH; import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_LOW; import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_MEDIUM; import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE; import static android.app.admin.DevicePolicyManager.PRIVATE_DNS_SET_NO_ERROR; import static android.app.admin.DevicePolicyManager.WIPE_EUICC; import static android.app.admin.PasswordMetrics.computeForPasswordOrPin; import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_DIRECT_BOOT_AWARE; Loading Loading @@ -7333,6 +7334,48 @@ public class DevicePolicyManagerTest extends DpmTestBase { assertThat(dpm.getPolicyExemptApps()).containsExactly("4", "8", "15", "16", "23", "42"); } @Test public void testSetGlobalPrivateDnsModeOpportunistic_asDeviceOwner() throws Exception { setDeviceOwner(); // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the // feature is disabled because there are non-affiliated secondary users. getServices().removeUser(CALLER_USER_HANDLE); clearInvocations(getServices().settings); int result = dpm.setGlobalPrivateDnsModeOpportunistic(admin1); assertThat(result).isEqualTo(PRIVATE_DNS_SET_NO_ERROR); } @Test public void testSetGlobalPrivateDnsModeOpportunistic_hasUnaffiliatedUsers() throws Exception { setDeviceOwner(); setAsProfileOwner(admin2); assertThrows(SecurityException.class, () -> dpm.setGlobalPrivateDnsModeOpportunistic(admin1)); } @Test public void testSetRecommendedGlobalProxy_asDeviceOwner() throws Exception { setDeviceOwner(); // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the // feature is disabled because there are non-affiliated secondary users. getServices().removeUser(CALLER_USER_HANDLE); dpm.setRecommendedGlobalProxy(admin1, null); verify(getServices().connectivityManager).setGlobalProxy(null); } @Test public void testSetRecommendedGlobalProxy_hasUnaffiliatedUsers() throws Exception { setDeviceOwner(); setAsProfileOwner(admin2); assertThrows(SecurityException.class, () -> dpm.setRecommendedGlobalProxy(admin1, null)); } private void setUserUnlocked(int userHandle, boolean unlocked) { when(getServices().userManager.isUserUnlocked(eq(userHandle))).thenReturn(unlocked); } Loading
