Merge "Add ResetPasswordWithToken migration code." into main (44d0b5dd) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+57 −4

Original line number	Diff line number	Diff line
		@@ -3515,6 +3515,48 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return true;
		}

		@GuardedBy("getLockObject()")
		private boolean maybeMigrateResetPasswordTokenLocked(String backupId) {
		if (!Flags.resetPasswordWithTokenCoexistence()) {
		Slog.i(LOG_TAG, "ResetPasswordWithToken not migrated because coexistence "
		+ "support is not enabled.");
		return false;
		}
		if (mOwners.isResetPasswordWithTokenMigrated()) {
		// TODO(b/359187209): Remove log after Flags.resetPasswordWithTokenCoexistence full
		// rollout.
		Slog.v(LOG_TAG, "ResetPasswordWithToken was previously migrated to "
		+ "policy engine.");
		return false;
		}

		Slog.i(LOG_TAG, "Migrating ResetPasswordWithToken to policy engine");

		// Create backup if none exists
		mDevicePolicyEngine.createBackup(backupId);
		try {
		iterateThroughDpcAdminsLocked((admin, enforcingAdmin) -> {
		int userId = enforcingAdmin.getUserId();
		DevicePolicyData policy = getUserData(userId);
		if (policy.mPasswordTokenHandle != 0) {
		Slog.i(LOG_TAG, "Setting RESET_PASSWORD_TOKEN policy");
		mDevicePolicyEngine.setLocalPolicy(
		PolicyDefinition.RESET_PASSWORD_TOKEN,
		enforcingAdmin,
		new LongPolicyValue(policy.mPasswordTokenHandle),
		userId);
		}
		});
		} catch (Exception e) {
		Slog.wtf(LOG_TAG,
		"Failed to migrate ResetPasswordWithToken to policy engine", e);
		}

		Slog.i(LOG_TAG, "Marking ResetPasswordWithToken migration complete");
		mOwners.markResetPasswordWithTokenMigrated();
		return true;
		}

		/** Register callbacks for statsd pulled atoms. */
		private void registerStatsCallbacks() {
		final StatsManager statsManager = mContext.getSystemService(StatsManager.class);
		@@ -19342,6 +19384,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		PolicyDefinition.RESET_PASSWORD_TOKEN,
		enforcingAdmin,
		userId);
		// TODO(b/369152176): Address difference in behavior regarding addEscrowToken when
		// compared with the else branch.
		long tokenHandle = addEscrowToken(
		token, currentTokenHandle == null ? 0 : currentTokenHandle, userId);
		if (tokenHandle == 0) {
		@@ -24280,12 +24324,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		maybeMigrateSecurityLoggingPolicyLocked();
		// ID format: <sdk-int>.<auto_increment_id>.<descriptions>'
		String unmanagedBackupId = "35.1.unmanaged-mode";
		boolean migrated = false;
		migrated = migrated \| maybeMigrateRequiredPasswordComplexityLocked(unmanagedBackupId);
		migrated = migrated \| maybeMigrateSuspendedPackagesLocked(unmanagedBackupId);
		if (migrated) {
		boolean unmanagedMigrated = false;
		unmanagedMigrated =
		unmanagedMigrated \| maybeMigrateRequiredPasswordComplexityLocked(unmanagedBackupId);
		unmanagedMigrated =
		unmanagedMigrated \| maybeMigrateSuspendedPackagesLocked(unmanagedBackupId);
		if (unmanagedMigrated) {
		Slogf.i(LOG_TAG, "Backup made: " + unmanagedBackupId);
		}

		String supervisionBackupId = "36.2.supervision-support";
		boolean supervisionMigrated = maybeMigrateResetPasswordTokenLocked(supervisionBackupId);
		if (supervisionMigrated) {
		Slogf.i(LOG_TAG, "Backup made: " + supervisionBackupId);
		}

		// Additional migration steps should repeat the pattern above with a new backupId.
		}

services/devicepolicy/java/com/android/server/devicepolicy/Owners.java

+13 −0

Original line number	Diff line number	Diff line
		@@ -669,6 +669,19 @@ class Owners {
		}
		}

		void markResetPasswordWithTokenMigrated() {
		synchronized (mData) {
		mData.mResetPasswordWithTokenMigrated = true;
		mData.writeDeviceOwner();
		}
		}

		boolean isResetPasswordWithTokenMigrated() {
		synchronized (mData) {
		return mData.mResetPasswordWithTokenMigrated;
		}
		}

		@GuardedBy("mData")
		void pushToAppOpsLocked() {
		if (!mSystemReady) {

services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java

+10 −1

Original line number	Diff line number	Diff line
		@@ -91,6 +91,8 @@ class OwnersData {
		private static final String ATTR_REQUIRED_PASSWORD_COMPLEXITY_MIGRATED =
		"passwordComplexityMigrated";
		private static final String ATTR_SUSPENDED_PACKAGES_MIGRATED = "suspendedPackagesMigrated";
		private static final String ATTR_RESET_PASSWORD_WITH_TOKEN_MIGRATED =
		"resetPasswordWithTokenMigrated";
		private static final String ATTR_MIGRATED_POST_UPGRADE = "migratedPostUpgrade";

		// Internal state for the device owner package.
		@@ -122,6 +124,7 @@ class OwnersData {
		boolean mSecurityLoggingMigrated = false;
		boolean mRequiredPasswordComplexityMigrated = false;
		boolean mSuspendedPackagesMigrated = false;
		boolean mResetPasswordWithTokenMigrated = false;

		boolean mPoliciesMigratedPostUpdate = false;

		@@ -417,7 +420,10 @@ class OwnersData {
		mSuspendedPackagesMigrated);

		}

		if (Flags.resetPasswordWithTokenCoexistence()) {
		out.attributeBoolean(null, ATTR_RESET_PASSWORD_WITH_TOKEN_MIGRATED,
		mResetPasswordWithTokenMigrated);
		}
		out.endTag(null, TAG_POLICY_ENGINE_MIGRATION);

		}
		@@ -488,6 +494,9 @@ class OwnersData {
		mSuspendedPackagesMigrated = Flags.unmanagedModeMigration()
		&& parser.getAttributeBoolean(null,
		ATTR_SUSPENDED_PACKAGES_MIGRATED, false);
		mResetPasswordWithTokenMigrated = Flags.resetPasswordWithTokenCoexistence()
		&& parser.getAttributeBoolean(null,
		ATTR_RESET_PASSWORD_WITH_TOKEN_MIGRATED, false);

		break;
		default: