Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 41bdd971 authored by Rubin Xu's avatar Rubin Xu
Browse files

Add device policy API to toggle Common Criteria mode 

Common Criteria mode puts device into a state where certain
funtionalities are tuned or turned on to meet the higher security
requirement from Common Criteria certification. Device Owner
can use the new device policy API to toggle Common Criteria mode.

Bug: 137937540
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Test: atest SettingsProviderTest
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testCommonCriteriaMode
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testCommonCriteriaMode
Change-Id: If07c053437e980ed3317d3838cc74e5bfd44efce
parent 38e8482f

api/current.txt

+2 −0
Original line number Diff line number Diff line
@@ -6831,6 +6831,7 @@ package android.app.admin { 
    method public boolean isApplicationHidden(@NonNull android.content.ComponentName, String);

    method public boolean isBackupServiceEnabled(@NonNull android.content.ComponentName);

    method @Deprecated public boolean isCallerApplicationRestrictionsManagingPackage();

    method public boolean isCommonCriteriaModeEnabled(@NonNull android.content.ComponentName);

    method public boolean isDeviceIdAttestationSupported();

    method public boolean isDeviceOwnerApp(String);

    method public boolean isEphemeralUser(@NonNull android.content.ComponentName);
@@ -6879,6 +6880,7 @@ package android.app.admin { 
    method public void setBluetoothContactSharingDisabled(@NonNull android.content.ComponentName, boolean);

    method public void setCameraDisabled(@NonNull android.content.ComponentName, boolean);

    method @Deprecated public void setCertInstallerPackage(@NonNull android.content.ComponentName, @Nullable String) throws java.lang.SecurityException;

    method public void setCommonCriteriaModeEnabled(@NonNull android.content.ComponentName, boolean);

    method public void setCrossProfileCalendarPackages(@NonNull android.content.ComponentName, @Nullable java.util.Set<java.lang.String>);

    method public void setCrossProfileCallerIdDisabled(@NonNull android.content.ComponentName, boolean);

    method public void setCrossProfileContactsSearchDisabled(@NonNull android.content.ComponentName, boolean);

api/module-app-current.txt

+8 −0
Original line number Diff line number Diff line
@@ -7,3 +7,11 @@ package android.app { 


}



package android.provider {



  public static final class Settings.Global extends android.provider.Settings.NameValueTable {

    field public static final String COMMON_CRITERIA_MODE = "common_criteria_mode";

  }



}

core/java/android/app/admin/DevicePolicyManager.java

+44 −0
Original line number Diff line number Diff line
@@ -11493,4 +11493,48 @@ public class DevicePolicyManager { 
        }

        return Collections.emptyList();

    }













    /**













     * Called by device owner or profile owner of an organization-owned managed profile to toggle













     * Common Criteria mode for the device. When the device is in Common Criteria mode,













     * certain device functionalities are tuned to meet the higher













     * security level required by Common Criteria certification. For example:













     * <ul>













     * <li> Bluetooth long term key material is additionally integrity-protected with AES-GCM. </li>













     * <li> WiFi configuration store is additionally integrity-protected with AES-GCM. </li>













     * </ul>













     * Common Criteria mode is disabled by default.













     *













     * @param admin which {@link DeviceAdminReceiver} this request is associated with.













     * @param enabled whether Common Criteria mode should be enabled or not.













     */













    public void setCommonCriteriaModeEnabled(@NonNull ComponentName admin, boolean enabled) {













        throwIfParentInstance("setCommonCriteriaModeEnabled");













        if (mService != null) {













            try {













                mService.setCommonCriteriaModeEnabled(admin, enabled);













            } catch (RemoteException e) {













                throw e.rethrowFromSystemServer();













            }













        }













    }

























    /**













     * Called by device owner or profile owner of an organization-owned managed profile to return













     * whether Common Criteria mode is currently enabled for the device.













     *













     * @param admin which {@link DeviceAdminReceiver} this request is associated with.













     * @return {@code true} if Common Criteria mode is enabled, {@code false} otherwise.













     */













    public boolean isCommonCriteriaModeEnabled(@NonNull ComponentName admin) {













        throwIfParentInstance("isCommonCriteriaModeEnabled");













        if (mService != null) {













            try {













                return mService.isCommonCriteriaModeEnabled(admin);













            } catch (RemoteException e) {













                throw e.rethrowFromSystemServer();













            }













        }













        return false;













    }















}

























core/java/android/app/admin/IDevicePolicyManager.aidl



+3
−0




























Original line number
Diff line number
Diff line








@@ -461,4 +461,7 @@ interface IDevicePolicyManager {













    void setProtectedPackages(in ComponentName admin, in List<String> packages);































    List<String> getProtectedPackages(in ComponentName admin);



























    void setCommonCriteriaModeEnabled(in ComponentName admin, boolean enabled);













    boolean isCommonCriteriaModeEnabled(in ComponentName admin);















}
























core/java/android/provider/Settings.java



+13
−0




























Original line number
Diff line number
Diff line








@@ -13929,6 +13929,19 @@ public final class Settings {













         */















        public static final String POWER_BUTTON_SUPPRESSION_DELAY_AFTER_GESTURE_WAKE =















                "power_button_suppression_delay_after_gesture_wake";

























        /**













         * An integer indicating whether the device is in Common Criteria mode. When enabled,













         * certain device functionalities are tuned to meet the higher security level required













         * by Common Criteria certification. Examples include:













         *   Bluetooth long term key material is additionally integrity-protected with AES-GCM.













         *   WiFi configuration store is additionally integrity-protected with AES-GCM.













         * A value of 0 means Common Criteria mode is not enabled (default), a value of non-zero













         * means Common Criteria mode is enabled.













         * @hide













         */













        @SystemApi(client = SystemApi.Client.MODULE_APPS)













        public static final String COMMON_CRITERIA_MODE = "common_criteria_mode";















    }





























    /**