Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4634589e authored by Eran Messeri's avatar Eran Messeri
Browse files

Refactoring: Use explicit methods for checking DO/PO 

Do not use USES_POLICY_PROFILE_OWNER / USES_POLICY_DEVICE_OWNER.
Instead, use explicit methods for checking if the caller is
the Device Owner or Profile Owner.

USES_POLICY_PROFILE_OWNER is confusing since internally in the
DevicePolicyManagerService, it implied a Device Owner is also a
Profile Owner, which is not always what the caller expected.

This is the first phase of the refactoring, removing external calles'
dependency on these constants. The next phase will remove them
internally completely in favour of an implementation that
accesses mOwners directly.

There are no functional changes in this CL.

Bug: 163028934
Test: atest FrameworksServicesTests:DevicePolicyManagerTest
Change-Id: I57c8465d190a3b4b130d57fd622cc93eaeb9c717
parent b522c02e

core/java/android/app/admin/DevicePolicyManagerInternal.java

+13 −5
Original line number Diff line number Diff line
@@ -76,16 +76,24 @@ public abstract class DevicePolicyManagerInternal { 
            OnCrossProfileWidgetProvidersChangeListener listener);



    /**

     * Checks if an app with given uid is an active device admin of its user and has the policy

     * specified.

     * Checks if an app with given uid is an active device owner of its user.

     *

     * <p>This takes the DPMS lock.  DO NOT call from PM/UM/AM with their lock held.

     *

     * @param uid App uid.

     * @param reqPolicy Required policy, for policies see {@link DevicePolicyManager}.

     * @return true if the uid is an active admin with the given policy.

     * @return true if the uid is an active device owner.

     */

    public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy);

    public abstract boolean isActiveDeviceOwner(int uid);



    /**

     * Checks if an app with given uid is an active profile owner of its user.

     *

     * <p>This takes the DPMS lock.  DO NOT call from PM/UM/AM with their lock held.

     *

     * @param uid App uid.

     * @return true if the uid is an active profile owner.

     */

    public abstract boolean isActiveProfileOwner(int uid);



    /**

     * Checks if an app with given uid is the active supervision admin.

services/core/java/com/android/server/accounts/AccountManagerService.java

+2 −3
Original line number Diff line number Diff line
@@ -42,7 +42,6 @@ import android.app.INotificationManager; 
import android.app.Notification;

import android.app.NotificationManager;

import android.app.PendingIntent;

import android.app.admin.DeviceAdminInfo;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyManagerInternal;

import android.content.BroadcastReceiver;
@@ -5736,8 +5735,8 @@ public class AccountManagerService 
    private boolean isProfileOwner(int uid) {

        final DevicePolicyManagerInternal dpmi =

                LocalServices.getService(DevicePolicyManagerInternal.class);

        return (dpmi != null)

                && dpmi.isActiveAdminWithPolicy(uid, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

        //TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode.

        return (dpmi != null) && (dpmi.isActiveProfileOwner(uid) || dpmi.isActiveDeviceOwner(uid));

    }



    @Override

services/core/java/com/android/server/net/NetworkStatsAccess.java

+4 −5
Original line number Diff line number Diff line
@@ -24,7 +24,6 @@ import static android.net.TrafficStats.UID_TETHERING; 
import android.Manifest;

import android.annotation.IntDef;

import android.app.AppOpsManager;

import android.app.admin.DeviceAdminInfo;

import android.app.admin.DevicePolicyManagerInternal;

import android.content.Context;

import android.content.pm.PackageManager;
@@ -111,8 +110,7 @@ public final class NetworkStatsAccess { 
        boolean hasCarrierPrivileges = tm != null &&

                tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) ==

                        TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS;

        boolean isDeviceOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(callingUid,

                DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);

        boolean isDeviceOwner = dpmi != null && dpmi.isActiveDeviceOwner(callingUid);

        if (hasCarrierPrivileges || isDeviceOwner

                || UserHandle.getAppId(callingUid) == android.os.Process.SYSTEM_UID) {

            // Carrier-privileged apps and device owners, and the system can access data usage for
@@ -126,8 +124,9 @@ public final class NetworkStatsAccess { 
            return NetworkStatsAccess.Level.DEVICESUMMARY;

        }



        boolean isProfileOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(callingUid,

                DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

        //TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode.

        boolean isProfileOwner = dpmi != null && (dpmi.isActiveProfileOwner(callingUid)

                || dpmi.isActiveDeviceOwner(callingUid));

        if (isProfileOwner) {

            // Apps with the AppOps permission, profile owners, and apps with the privileged

            // permission can access data usage for all apps in this user/profile.

services/core/java/com/android/server/notification/NotificationManagerService.java

+3 −4
Original line number Diff line number Diff line
@@ -137,7 +137,6 @@ import android.app.PendingIntent; 
import android.app.StatsManager;

import android.app.StatusBarManager;

import android.app.UriGrantsManager;

import android.app.admin.DeviceAdminInfo;

import android.app.admin.DevicePolicyManagerInternal;

import android.app.backup.BackupManager;

import android.app.role.OnRoleHoldersChangedListener;
@@ -4543,11 +4542,11 @@ public class NotificationManagerService extends SystemService { 
            } catch (NameNotFoundException e) {

                return false;

            }

            //TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode.

            return checkPackagePolicyAccess(pkg)

                    || mListeners.isComponentEnabledForPackage(pkg)

                    || (mDpm != null &&

                            mDpm.isActiveAdminWithPolicy(Binder.getCallingUid(),

                                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER));

                    || (mDpm != null && (mDpm.isActiveProfileOwner(Binder.getCallingUid())

                                || mDpm.isActiveDeviceOwner(Binder.getCallingUid())));

        }



        @Override

services/core/java/com/android/server/pm/permission/PermissionManagerService.java

+2 −3
Original line number Diff line number Diff line
@@ -68,7 +68,6 @@ import android.app.ActivityManager; 
import android.app.AppOpsManager;

import android.app.ApplicationPackageManager;

import android.app.IActivityManager;

import android.app.admin.DeviceAdminInfo;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyManagerInternal;

import android.compat.annotation.ChangeId;
@@ -3532,9 +3531,9 @@ public class PermissionManagerService extends IPermissionManager.Stub { 
    private static boolean isProfileOwner(int uid) {

        DevicePolicyManagerInternal dpmInternal =

                LocalServices.getService(DevicePolicyManagerInternal.class);

        //TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode.

        if (dpmInternal != null) {

            return dpmInternal

                    .isActiveAdminWithPolicy(uid, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

            return dpmInternal.isActiveProfileOwner(uid) || dpmInternal.isActiveDeviceOwner(uid);

        }

        return false;

    }