Merge "Use MATCH_ANY_USER when checking for system apps" into main (3c25daab) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+11 −15

Original line number	Diff line number	Diff line
		@@ -12215,34 +12215,30 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		* permittedList or are a system app.
		*/
		private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages,
		List<String> permittedList, int userIdToCheck) {
		List<String> permittedList, int userId) {
		long id = mInjector.binderClearCallingIdentity();
		try {
		// If we have an enabled packages list for a managed profile the packages
		// we should check are installed for the parent user.
		UserInfo user = getUserInfo(userIdToCheck);
		if (user.isManagedProfile()) {
		userIdToCheck = user.profileGroupId;
		}

		for (String enabledPackage : enabledPackages) {
		boolean systemService = false;
		if (permittedList.contains(enabledPackage)) {
		continue;
		}
		try {
		ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo(
		enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES,
		userIdToCheck);
		enabledPackage, PackageManager.MATCH_ANY_USER, userId);

		if (applicationInfo == null) {
		Slogf.wtf(LOG_TAG, "Can't find ApplicationInfo for %s", enabledPackage);
		return false;
		}

		systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
		if (!applicationInfo.isSystemApp()) {
		Slogf.w(LOG_TAG,
		"Enabled package neither permitted nor system: %s", enabledPackage);
		return false;
		}
		} catch (RemoteException e) {
		Slogf.i(LOG_TAG, "Can't talk to package managed", e);
		}
		if (!systemService && !permittedList.contains(enabledPackage)) {
		return false;
		}
		}
		} finally {
		mInjector.binderRestoreCallingIdentity(id);

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

+34 −26

Original line number	Diff line number	Diff line
		@@ -70,14 +70,14 @@ import static com.google.common.truth.Truth.assertWithMessage;

		import static org.junit.Assert.fail;
		import static org.junit.Assume.assumeTrue;
		import static org.mockito.Matchers.any;
		import static org.mockito.Matchers.anyBoolean;
		import static org.mockito.Matchers.anyInt;
		import static org.mockito.Matchers.anyLong;
		import static org.mockito.Matchers.anyObject;
		import static org.mockito.Matchers.anyString;
		import static org.mockito.Matchers.eq;
		import static org.mockito.Matchers.isNull;
		import static org.mockito.ArgumentMatchers.any;
		import static org.mockito.ArgumentMatchers.anyBoolean;
		import static org.mockito.ArgumentMatchers.anyInt;
		import static org.mockito.ArgumentMatchers.anyLong;
		import static org.mockito.ArgumentMatchers.anyString;
		import static org.mockito.ArgumentMatchers.eq;
		import static org.mockito.ArgumentMatchers.isNull;
		import static org.mockito.ArgumentMatchers.longThat;
		import static org.mockito.Mockito.clearInvocations;
		import static org.mockito.Mockito.doAnswer;
		import static org.mockito.Mockito.doReturn;
		@@ -1733,12 +1733,20 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		pi.applicationInfo.flags = flags;
		doReturn(pi).when(getServices().ipackageManager).getPackageInfo(
		eq(packageName),
		anyLong(),
		longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) == 0),
		eq(userId));
		doReturn(pi).when(getServices().ipackageManager).getPackageInfo(
		eq(packageName),
		longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) != 0),
		anyInt());
		doReturn(pi.applicationInfo).when(getServices().ipackageManager).getApplicationInfo(
		eq(packageName),
		anyLong(),
		longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) == 0),
		eq(userId));
		doReturn(pi.applicationInfo).when(getServices().ipackageManager).getApplicationInfo(
		eq(packageName),
		longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) != 0),
		anyInt());
		doReturn(true).when(getServices().ipackageManager).isPackageAvailable(packageName, userId);
		// Setup application UID with the PackageManager
		getServices().addTestPackageUid(packageName, uid);
		@@ -1757,7 +1765,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		mServiceContext.packageName = mRealTestContext.getPackageName();
		mServiceContext.applicationInfo = new ApplicationInfo();
		mServiceContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
		when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
		when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);

		StringParceledListSlice oneCert = asSlice(new String[] {"1"});
		StringParceledListSlice fourCerts = asSlice(new String[] {"1", "2", "3", "4"});
		@@ -4551,7 +4559,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {

		mContext.packageName = admin1.getPackageName();
		mContext.applicationInfo = new ApplicationInfo();
		when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
		when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);

		// setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the
		// feature is disabled because there are non-affiliated secondary users.
		@@ -4597,12 +4605,12 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		setupDeviceOwner();
		mContext.packageName = admin1.getPackageName();
		mContext.applicationInfo = new ApplicationInfo();
		when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
		when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);

		// setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the
		// feature is disabled because there are non-affiliated secondary users.
		getServices().removeUser(CALLER_USER_HANDLE);
		when(getServices().iipConnectivityMetrics.addNetdEventCallback(anyInt(), anyObject()))
		when(getServices().iipConnectivityMetrics.addNetdEventCallback(anyInt(), any()))
		.thenReturn(true);

		// No logs were retrieved so far.
		@@ -4667,7 +4675,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		mContext.packageName = admin1.getPackageName();
		addManagedProfile(admin1, managedProfileAdminUid, admin1, VERSION_CODES.S);
		when(getServices().iipConnectivityMetrics
		.addNetdEventCallback(anyInt(), anyObject())).thenReturn(true);
		.addNetdEventCallback(anyInt(), any())).thenReturn(true);

		// Check no logs have been retrieved so far.
		assertThat(dpm.getLastNetworkLogRetrievalTime()).isEqualTo(-1);
		@@ -4699,7 +4707,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		mContext.packageName = admin1.getPackageName();
		mContext.applicationInfo = new ApplicationInfo();
		when(getServices().iipConnectivityMetrics
		.addNetdEventCallback(anyInt(), anyObject())).thenReturn(true);
		.addNetdEventCallback(anyInt(), any())).thenReturn(true);

		// Check no logs have been retrieved so far.
		assertThat(dpm.getLastNetworkLogRetrievalTime()).isEqualTo(-1);
		@@ -6455,7 +6463,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		if (admin1.getPackageName().equals(callerContext.getPackageName())) {
		admin1Context = callerContext;
		}
		when(admin1Context.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
		when(admin1Context.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);

		// caller: device admin or delegated certificate installer
		callerContext.applicationInfo = new ApplicationInfo();
		@@ -6528,7 +6536,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		if (admin1.getPackageName().equals(callerContext.getPackageName())) {
		admin1Context = callerContext;
		}
		when(admin1Context.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
		when(admin1Context.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);

		// caller: device admin or delegated certificate installer
		callerContext.applicationInfo = new ApplicationInfo();