Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 47c1efbd authored by Pavel Grafov's avatar Pavel Grafov
Browse files

Ensure user can't block bg usage for protected pkg 

Also ensure that standby buckets are refreshed after changing protected
packages, so that the apps are put into exempt bucket promptly.

Bug: 326031059
Test: manual
Test: atest CtsDevicePolicyTestCases:android.devicepolicy.cts.UserControlDisabledPackagesTest
Change-Id: I5951b7c3e8fbc9ec81e8df1cd6e0d017bb4b452f
parent cd75e6ae

apex/jobscheduler/service/java/com/android/server/usage/AppStandbyController.java

+3 −0
Original line number Diff line number Diff line
@@ -1989,6 +1989,9 @@ public class AppStandbyController 
                mAdminProtectedPackages.put(userId, packageNames);

            }

        }

        if (android.app.admin.flags.Flags.disallowUserControlBgUsageFix()) {

            postCheckIdleStates(userId);

        }

    }



    @Override

core/java/android/app/admin/flags/flags.aconfig

+10 −0
Original line number Diff line number Diff line
@@ -205,6 +205,16 @@ flag { 
  }

}



flag {

  name: "disallow_user_control_bg_usage_fix"

  namespace: "enterprise"

  description: "Make DPM.setUserControlDisabledPackages() ensure background usage is allowed"

  bug: "326031059"

  metadata {

    purpose: PURPOSE_BUGFIX

  }

}



flag {

  name: "esim_management_ux_enabled"

  namespace: "enterprise"

packages/SettingsLib/src/com/android/settingslib/fuelgauge/PowerAllowlistBackend.java

+9 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ import android.content.pm.PackageManager; 
import android.os.IDeviceIdleController;

import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.UserHandle;

import android.provider.DeviceConfig;

import android.telecom.DefaultDialerManager;

import android.text.TextUtils;
@@ -121,6 +122,14 @@ public class PowerAllowlistBackend { 
            return true;

        }



        if (android.app.admin.flags.Flags.disallowUserControlBgUsageFix()) {

            // App is subject to DevicePolicyManager.setUserControlDisabledPackages() policy.

            final int userId = UserHandle.getUserId(uid);

            if (mAppContext.getPackageManager().isPackageStateProtected(pkg, userId)) {

                return true;

            }

        }



        return false;

    }

services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java

+1 −2
Original line number Diff line number Diff line
@@ -163,8 +163,7 @@ final class PolicyDefinition<V> { 
                    new NoArgsPolicyKey(

                            DevicePolicyIdentifiers.USER_CONTROL_DISABLED_PACKAGES_POLICY),

                    new StringSetUnion(),

                    (Set<String> value, Context context, Integer userId, PolicyKey policyKey) ->

                            PolicyEnforcerCallbacks.setUserControlDisabledPackages(value, userId),

                    PolicyEnforcerCallbacks::setUserControlDisabledPackages,

                    new StringSetPolicySerializer());



    // This is saved in the static map sPolicyDefinitions so that we're able to reconstruct the

services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java

+25 −6
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ import android.annotation.NonNull; 
import android.annotation.Nullable;

import android.annotation.UserIdInt;

import android.app.AppGlobals;

import android.app.AppOpsManager;

import android.app.admin.DevicePolicyCache;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyManagerInternal;
@@ -29,6 +30,7 @@ import android.app.admin.PackagePermissionPolicyKey; 
import android.app.admin.PackagePolicyKey;

import android.app.admin.PolicyKey;

import android.app.admin.UserRestrictionPolicyKey;

import android.app.admin.flags.Flags;

import android.app.usage.UsageStatsManagerInternal;

import android.content.ComponentName;

import android.content.Context;
@@ -37,6 +39,7 @@ import android.content.pm.IPackageManager; 
import android.content.pm.PackageManager;

import android.content.pm.PackageManagerInternal;

import android.os.Binder;

import android.os.Process;

import android.os.RemoteException;

import android.os.ServiceManager;

import android.os.UserHandle;
@@ -183,15 +186,31 @@ final class PolicyEnforcerCallbacks { 
    }



    static boolean setUserControlDisabledPackages(

            @Nullable Set<String> packages, int userId) {

            @Nullable Set<String> packages, Context context, int userId, PolicyKey policyKey) {

        Binder.withCleanCallingIdentity(() -> {

            LocalServices.getService(PackageManagerInternal.class)

                    .setOwnerProtectedPackages(

                            userId,

            PackageManagerInternal pmi =

                    LocalServices.getService(PackageManagerInternal.class);

            pmi.setOwnerProtectedPackages(userId,

                    packages == null ? null : packages.stream().toList());

            LocalServices.getService(UsageStatsManagerInternal.class)

                    .setAdminProtectedPackages(

                            packages == null ? null : new ArraySet<>(packages), userId);



            if (Flags.disallowUserControlBgUsageFix()) {

                if (packages == null) {

                    return;

                }

                final AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class);

                for (var pkg : packages) {

                    final var appInfo = pmi.getApplicationInfo(pkg,

                            PackageManager.MATCH_DIRECT_BOOT_AWARE

                                    | PackageManager.MATCH_DIRECT_BOOT_UNAWARE,

                            Process.myUid(), userId);

                    if (appInfo != null) {

                        DevicePolicyManagerService.setBgUsageAppOp(appOpsManager, appInfo);

                    }

                }

            }

        });

        return true;

    }