Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 470c1eab authored by Wen Zhang's avatar Wen Zhang Committed by Kholoud Mohamed
Browse files

[Bugfix]migrate user restrictions to DevicePolicyEngine 

Migrate user restrictions to DevicePolicyEngine, otherwise user restrictions will not be able to be queried when upgrading from Android 13 OTA to Android 14.

Bug: 323452689
Bug: 318497672
Test: case 1:Android 13 upgrade to Android 14
1.install TestDPC on Android 13
2.set TestDPC as Device Owner
3.set disallow factory reset
4.update Android 14 via OTA
5.The reset to factory settings in the settings app is still unavailable.

case 2:Android 14(bad version) upgrade to Android 14(new version)
1.install TestDPC on Android 13
2.set TestDPC as Device Owner
3.set disallow factory reset
4.update Android 14(bad version) via OTA
5.The reset to factory settings in the settings app is still available.
6.update Android 14(new version) via OTA
7.The reset to factory settings in the settings app is unavailable.

Change-Id: I7c63d52300a1c5aa0678f29c2e4b15195411517c
parent 996050c7

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+80 −22
Original line number Diff line number Diff line
@@ -3397,7 +3397,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                    }

                    maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked();

                    migratePoliciesToPolicyEngineLocked();















                }















                maybeStartSecurityLogMonitorOnActivityManagerReady();















                break;










@@ -13179,21 +13178,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













            CallerIdentity caller, EnforcingAdmin admin, String key, boolean enabled,















            boolean parent) {















        synchronized (getLockObject()) {

























            int ownerType;















            if (isDeviceOwner(caller)) {













                ownerType = OWNER_TYPE_DEVICE_OWNER;













            } else if (isProfileOwnerOfOrganizationOwnedDevice(caller)) {













                ownerType = OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE;













            } else if (isProfileOwner(caller)) {













                ownerType = OWNER_TYPE_PROFILE_OWNER;













            } else {













                throw new IllegalStateException("Non-DO/Non-PO cannot set restriction " + key













                        + " while targetSdkVersion is less than UPSIDE_DOWN_CAKE");













            }













            setBackwardCompatibleUserRestrictionLocked(ownerType, admin, caller.getUserId(), key,













                    enabled, parent);













        }













    }

























    private void setBackwardCompatibleUserRestrictionLocked(













            int ownerType, EnforcingAdmin admin, int userId, String key, boolean enabled,













            boolean parent) {













        if (ownerType == OWNER_TYPE_DEVICE_OWNER) {















            if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_DEVICE_OWNER, key)) {















                setGlobalUserRestrictionInternal(admin, key, enabled);















            } else {













                    setLocalUserRestrictionInternal(admin, key, enabled, caller.getUserId());













                setLocalUserRestrictionInternal(admin, key, enabled, userId);















            }













            } else if (isProfileOwner(caller)) {













        } else if (ownerType == OWNER_TYPE_PROFILE_OWNER













                || ownerType == OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE) {















            if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_PROFILE_OWNER, key)













                        || (parent && isProfileOwnerOfOrganizationOwnedDevice(caller)













                    || (parent && ownerType == OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE















                    && UserRestrictionsUtils.isGlobal(















                    OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE, key))) {















                setGlobalUserRestrictionInternal(admin, key, enabled);















            } else {















                int affectedUserId = parent













                            ? getProfileParentId(caller.getUserId()) : caller.getUserId();













                        ? getProfileParentId(userId) : userId;















                setLocalUserRestrictionInternal(admin, key, enabled, affectedUserId);















            }















        } else {









@@ -13201,7 +13221,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                    + " while targetSdkVersion is less than UPSIDE_DOWN_CAKE");















        }















    }













    }





























    @Override















    public void setUserRestrictionGlobally(String callerPackage, String key) {










@@ -23734,6 +23753,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        Preconditions.checkCallAuthorization(















                hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));















        return mInjector.binderWithCleanCallingIdentity(() -> {













            synchronized (getLockObject()) {















                boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins();















                if (!canForceMigration && !shouldMigrateV1ToDevicePolicyEngine()) {















                    return false;









@@ -23741,6 +23761,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                boolean migrated = migrateV1PoliciesToDevicePolicyEngine();















                migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked();















                return migrated;













            }















        });















    }
























@@ -23784,6 +23805,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        try {















            migrateScreenCapturePolicyLocked();















            migrateLockTaskPolicyLocked();













            migrateUserRestrictionsLocked();















            return true;















        } catch (Exception e) {















            Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device "










@@ -24053,6 +24075,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        });















    }



























    private void migrateUserRestrictionsLocked() {













        Binder.withCleanCallingIdentity(() -> {













            List<UserInfo> users = mUserManager.getUsers();













            for (UserInfo userInfo : users) {













                ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);













                if (admin == null) continue;













                ComponentName adminComponent = admin.info.getComponent();













                int userId = userInfo.id;













                EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(













                        adminComponent,













                        userId,













                        admin);













                int ownerType;













                if (isDeviceOwner(admin)) {













                    ownerType = OWNER_TYPE_DEVICE_OWNER;













                } else if (isProfileOwnerOfOrganizationOwnedDevice(adminComponent, userId)) {













                    ownerType = OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE;













                } else if (isProfileOwner(adminComponent, userId)) {













                    ownerType = OWNER_TYPE_PROFILE_OWNER;













                } else {













                    throw new IllegalStateException("Invalid DO/PO state");













                }

























                for (final String restriction : admin.ensureUserRestrictions().keySet()) {













                    setBackwardCompatibleUserRestrictionLocked(ownerType, enforcingAdmin, userId,













                            restriction, /* enabled */ true, /* parent */ false);













                }













                for (final String restriction : admin.getParentActiveAdmin()













                        .ensureUserRestrictions().keySet()) {













                    setBackwardCompatibleUserRestrictionLocked(ownerType, enforcingAdmin, userId,













                            restriction, /* enabled */ true, /* parent */ true);













                }













            }













        });













    }



























    private List<PackageInfo> getInstalledPackagesOnUser(int userId) {















        return mInjector.binderWithCleanCallingIdentity(() ->















                mContext.getPackageManager().getInstalledPackagesAsUser(