Log to SecurityLog if camera is disabled by admin (3ea0f6f3) · Commits · e / os / android_frameworks_base

api/current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -7121,6 +7121,7 @@ package android.app.admin {
		field public static final int TAG_ADB_SHELL_CMD = 210002; // 0x33452
		field public static final int TAG_ADB_SHELL_INTERACTIVE = 210001; // 0x33451
		field public static final int TAG_APP_PROCESS_START = 210005; // 0x33455
		field public static final int TAG_CAMERA_POLICY_SET = 210034; // 0x33472
		field public static final int TAG_CERT_AUTHORITY_INSTALLED = 210029; // 0x3346d
		field public static final int TAG_CERT_AUTHORITY_REMOVED = 210030; // 0x3346e
		field public static final int TAG_CERT_VALIDATION_FAILURE = 210033; // 0x33471

+15 −0

Original line number	Diff line number	Diff line
		@@ -81,6 +81,7 @@ public class SecurityLog {
		TAG_CRYPTO_SELF_TEST_COMPLETED,
		TAG_KEY_INTEGRITY_VIOLATION,
		TAG_CERT_VALIDATION_FAILURE,
		TAG_CAMERA_POLICY_SET
		})
		public @interface SecurityLogTag {}

		@@ -432,6 +433,19 @@ public class SecurityLog {
		public static final int TAG_CERT_VALIDATION_FAILURE =
		SecurityLogTags.SECURITY_CERT_VALIDATION_FAILURE;

		/**
		* Indicates that the admin has set policy to disable camera.
		* The log entry contains the following information about the event, encapsulated in an
		* {@link Object} array and accessible via {@link SecurityEvent#getData()}:
		* <li> [0] admin package name ({@code String})
		* <li> [1] admin user ID ({@code Integer})
		* <li> [2] target user ID ({@code Integer})
		* <li> [3] whether the camera is disabled or not ({@code Integer}, 1 if it's disabled,
		* 0 if enabled)
		*/
		public static final int TAG_CAMERA_POLICY_SET =
		SecurityLogTags.SECURITY_CAMERA_POLICY_SET;

		/**
		* Event severity level indicating that the event corresponds to normal workflow.
		*/
		@@ -561,6 +575,7 @@ public class SecurityLog {
		case TAG_MAX_PASSWORD_ATTEMPTS_SET:
		case TAG_USER_RESTRICTION_ADDED:
		case TAG_USER_RESTRICTION_REMOVED:
		case TAG_CAMERA_POLICY_SET:
		return LEVEL_INFO;
		case TAG_CERT_AUTHORITY_REMOVED:
		case TAG_CRYPTO_SELF_TEST_COMPLETED:

+1 −0

Original line number	Diff line number	Diff line
		@@ -38,3 +38,4 @@ option java_package android.app.admin
		210031 security_crypto_self_test_completed (success\|1)
		210032 security_key_integrity_violation (key_id\|3),(uid\|1)
		210033 security_cert_validation_failure (reason\|3)
		210034 security_camera_policy_set (package\|3),(admin_user\|1),(target_user\|1),(disabled\|1)

+7 −1

Original line number	Diff line number	Diff line
		@@ -7710,7 +7710,13 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}
		}
		// Tell the user manager that the restrictions have changed.
		pushUserRestrictions(parent ? getProfileParentId(userHandle) : userHandle);
		final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle;
		pushUserRestrictions(affectedUserId);

		if (SecurityLog.isLoggingEnabled()) {
		SecurityLog.writeEvent(SecurityLog.TAG_CAMERA_POLICY_SET,
		who.getPackageName(), userHandle, affectedUserId, disabled ? 1 : 0);
		}
		DevicePolicyEventLogger
		.createEvent(DevicePolicyEnums.SET_CAMERA_DISABLED)
		.setAdmin(who)