Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4006ae5c authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Consolidate checking of superivsion configs." into tm-dev am: 58bda6d5 am: 79a0d4a8

parents ad91a8d9 79a0d4a8
Loading
Loading
Loading
Loading
+32 −49
Original line number Original line Diff line number Diff line
@@ -9284,22 +9284,39 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                    return poComponent;
                    return poComponent;
                }
                }
            }
            }
            final String supervisor = mContext.getResources().getString(
                    com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
            // Check profile owner first as that is what most likely is set.
            if (supervisor == null) {
            if (isSupervisionComponent(poComponent)) {
                return null;
                return poComponent;
            }
            }
            final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor);
            if (supervisorComponent == null) {
            if (isSupervisionComponent(doComponent)) {
                return null;
                return doComponent;
            }
            }
            if (supervisorComponent.equals(doComponent) || supervisorComponent.equals(
                    poComponent)) {
                return supervisorComponent;
            } else {
            return null;
            return null;
        }
        }
    }
    }
    private boolean isSupervisionComponent(@Nullable ComponentName who) {
        if (who == null) {
            return false;
        }
        final String configComponent = mContext.getResources().getString(
                com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
        if (configComponent != null) {
            final ComponentName componentName = ComponentName.unflattenFromString(configComponent);
            if (who.equals(componentName)) {
                return true;
            }
        }
        // Check the system supervision role.
        final String configPackage = mContext.getResources().getString(
                com.android.internal.R.string.config_systemSupervision);
        return who.getPackageName().equals(configPackage);
    }
    }
    @Override
    @Override
@@ -9485,22 +9502,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                    "Cannot set the profile owner on a user which is already set-up");
                    "Cannot set the profile owner on a user which is already set-up");
            if (!mIsWatch) {
            if (!mIsWatch) {
                final String supervisionRolePackage = mContext.getResources().getString(
                if (!isSupervisionComponent(owner)) {
                        com.android.internal.R.string.config_systemSupervision);
                // Only the default supervision profile owner or supervision role holder
                // can be set as profile owner after SUW
                final String supervisor = mContext.getResources().getString(
                        com.android.internal.R.string
                                .config_defaultSupervisionProfileOwnerComponent);
                if (supervisor == null && supervisionRolePackage == null) {
                    throw new IllegalStateException("Unable to set profile owner post-setup, no"
                            + "default supervisor profile owner defined");
                }
                final ComponentName supervisorComponent = ComponentName.unflattenFromString(
                        supervisor);
                if (!owner.equals(supervisorComponent)
                        && !owner.getPackageName().equals(supervisionRolePackage)) {
                    throw new IllegalStateException("Unable to set non-default profile owner"
                    throw new IllegalStateException("Unable to set non-default profile owner"
                            + " post-setup " + owner);
                            + " post-setup " + owner);
                }
                }
@@ -12087,7 +12089,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
        synchronized (getLockObject()) {
        synchronized (getLockObject()) {
            // Allow testOnly admins to bypass supervision config requirement.
            // Allow testOnly admins to bypass supervision config requirement.
            Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId())
            Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId())
                    || isDefaultSupervisor(caller), "Admin %s is not the "
                    || isSupervisionComponent(caller.getComponentName()), "Admin %s is not the "
                    + "default supervision component", caller.getComponentName());
                    + "default supervision component", caller.getComponentName());
            DevicePolicyData policy = getUserData(caller.getUserId());
            DevicePolicyData policy = getUserData(caller.getUserId());
            policy.mSecondaryLockscreenEnabled = enabled;
            policy.mSecondaryLockscreenEnabled = enabled;
@@ -12106,16 +12108,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
        return isProfileOwner(caller) && isManagedProfile(caller.getUserId());
        return isProfileOwner(caller) && isManagedProfile(caller.getUserId());
    }
    }
    private boolean isDefaultSupervisor(CallerIdentity caller) {
        final String supervisor = mContext.getResources().getString(
                com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
        if (supervisor == null) {
            return false;
        }
        final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor);
        return caller.getComponentName().equals(supervisorComponent);
    }
    @Override
    @Override
    public void setPreferentialNetworkServiceConfigs(
    public void setPreferentialNetworkServiceConfigs(
            List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs) {
            List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs) {
@@ -12999,16 +12991,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                    return false;
                    return false;
                }
                }
                final String supervisionString = mContext.getResources().getString(
                return isSupervisionComponent(admin.info.getComponent());
                        com.android.internal.R.string
                                .config_defaultSupervisionProfileOwnerComponent);
                if (supervisionString == null) {
                    return false;
                }
                final ComponentName supervisorComponent = ComponentName.unflattenFromString(
                        supervisionString);
                return admin.info.getComponent().equals(supervisorComponent);
            }
            }
        }
        }
+38 −9
Original line number Original line Diff line number Diff line
@@ -3322,19 +3322,48 @@ public class DevicePolicyManagerTest extends DpmTestBase {
    }
    }


    @Test
    @Test
    public void testIsActiveSupervisionApp() throws Exception {
    public void testSupervisionConfig() throws Exception {
        when(mServiceContext.resources
        final int uid = UserHandle.getUid(15, 19436);
                .getString(R.string.config_defaultSupervisionProfileOwnerComponent))
        addManagedProfile(admin1, uid, admin1);
                .thenReturn(admin1.flattenToString());
        mContext.binder.callingUid = uid;


        final int PROFILE_USER = 15;
        verifySupervisionConfig(uid, null, null);
        final int PROFILE_ADMIN = UserHandle.getUid(PROFILE_USER, 19436);
        verifySupervisionConfig(uid, "", null);
        addManagedProfile(admin1, PROFILE_ADMIN, admin1);
        verifySupervisionConfig(uid, null, "");
        mContext.binder.callingUid = PROFILE_ADMIN;
        verifySupervisionConfig(uid, "", "");

        verifySupervisionConfig(uid, admin1.flattenToString(), null);
        verifySupervisionConfig(uid, admin1.flattenToString(), "");

        verifySupervisionConfig(uid, null, admin1.getPackageName());
        verifySupervisionConfig(uid, "", admin1.getPackageName());
    }

    private void verifySupervisionConfig(
            int uid , String configComponentName, String configPackageName) {
        final boolean isAdmin = admin1.flattenToString().equals(configComponentName)
                || admin1.getPackageName().equals(configPackageName);


        final UserHandle user = UserHandle.getUserHandleForUid(uid);
        final DevicePolicyManagerInternal dpmi =
        final DevicePolicyManagerInternal dpmi =
                LocalServices.getService(DevicePolicyManagerInternal.class);
                LocalServices.getService(DevicePolicyManagerInternal.class);
        assertThat(dpmi.isActiveSupervisionApp(PROFILE_ADMIN)).isTrue();

        when(mServiceContext.resources
                .getString(R.string.config_defaultSupervisionProfileOwnerComponent))
                .thenReturn(configComponentName);

        when(mServiceContext.resources
                .getString(R.string.config_systemSupervision))
                .thenReturn(configPackageName);

        if (isAdmin) {
            assertThat(dpmi.isActiveSupervisionApp(uid)).isTrue();
            assertThat(dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(user))
                        .isEqualTo(admin1);
        } else {
            assertThat(dpmi.isActiveSupervisionApp(uid)).isFalse();
            assertThat(dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(user)).isNull();
        }
    }
    }


    // Test if lock timeout on managed profile is handled correctly depending on whether profile
    // Test if lock timeout on managed profile is handled correctly depending on whether profile