Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4b1d9dc1 authored by Irem Uguz's avatar Irem Uguz
Browse files

Add DevicePolicyEngine::getEnforcingAdminsForPolicy 

The new method gets the EnforcingAdmins for the given policy definition.

Test: atest FrameworksServicesTests_devicepolicy:com.android.server.devicepolicy.DevicePolicyEngineTest
Bug: 414733570
Flag: EXEMPT code not used yet

Change-Id: I848f0ac9d8fc1949e1e502f520baf7a06d77cadb
parent 4cc42828

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java

+38 −1
Original line number Diff line number Diff line
@@ -56,7 +56,6 @@ import android.content.pm.UserInfo; 
import android.content.pm.UserProperties;

import android.os.Binder;

import android.os.Bundle;

import android.os.Environment;

import android.os.Parcel;

import android.os.RemoteException;

import android.os.UserHandle;
@@ -2377,6 +2376,44 @@ final class DevicePolicyEngine { 
        return 0;

    }



    /*

     * Returns the admins who has contributed to the resolved policy value for the given policy

     * definition. Doesn't return the admin if the policy value set by the admin is not included

     * in the resolved policy.

     */

    @NonNull

    <V> Set<EnforcingAdmin> getEnforcingAdminsForResolvedPolicy(

            @NonNull PolicyDefinition<V> definition, int userId) {

        // If the policy is not set, there's no enforcing admin.

        if (getResolvedPolicyValue(definition, userId) == null) {

            return Collections.emptySet();

        }

        synchronized (mLock) {

            // Since there's a policy value set in the resolved policy, we know it's either set

            // locally or globally. Gather all values admins has set.

            LinkedHashMap<EnforcingAdmin, PolicyValue<V>> policiesSetByAdmins =

                    new LinkedHashMap<>();

            // Note that this logic for local and global policy application is duplicated on

            // DevicePolicyEngine#setGlobalPolicy and DevicePolicyEngine#setLocalPolicy as well

            // as PolicyState#resolve method. In future, this can be refactored together with the

            // listed methods.

            if (hasGlobalPolicyLocked(definition)) {

                policiesSetByAdmins.putAll(

                        getGlobalPolicyStateLocked(definition).getPoliciesSetByAdmins());

            }

            // Put local policy values later as the local policy set by one admin, overrides the

            // value for global policy for the same admin. This ordering is important to provide

            // the correct logic.

            if (hasLocalPolicyLocked(definition, userId)) {

                policiesSetByAdmins.putAll(getLocalPolicyStateLocked(definition,

                        userId).getPoliciesSetByAdmins());

            }

            // We know that resolved policy is not null as we have checked for it before.

            return Objects.requireNonNull(

                    definition.resolvePolicy(policiesSetByAdmins)).getContributingAdmins();

        }

    }



    public void dump(IndentingPrintWriter pw) {

        synchronized (mLock) {

            pw.println("Local Policies: ");

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyEngineTest.kt

+132 −0
Original line number Diff line number Diff line
@@ -291,6 +291,136 @@ class DevicePolicyEngineTest { 
        assertThat(resolvedPolicy).isNull()

    }



    @Test

    fun getEnforcingAdminsForResolvedPolicy_oneAdminSetsPolicy_singleEnforcingAdmin() {

        ensurePolicyIsSetLocally(

            PASSWORD_COMPLEXITY_POLICY,

            HIGH_PASSWORD_COMPLEXITY,

            SYSTEM_USER_ID,

            DEVICE_OWNER_ADMIN

        )



        val enforcingAdmins =

            devicePolicyEngine.getEnforcingAdminsForResolvedPolicy(

                PASSWORD_COMPLEXITY_POLICY,

                SYSTEM_USER_ID

            )



        assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN)

    }



    @Test

    fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicy_singleEnforcingAdminForResolvedValue() {

        ensurePolicyIsSetLocally(

            PASSWORD_COMPLEXITY_POLICY,

            LOW_PASSWORD_COMPLEXITY,

            SYSTEM_USER_ID,

            SYSTEM_ADMIN

        )

        // Only this policy value set by this admin will take effect because of the resolution mechanism.

        ensurePolicyIsSetLocally(

            PASSWORD_COMPLEXITY_POLICY,

            HIGH_PASSWORD_COMPLEXITY,

            SYSTEM_USER_ID,

            DEVICE_OWNER_ADMIN

        )



        val enforcingAdmins =

            devicePolicyEngine.getEnforcingAdminsForResolvedPolicy(

                PASSWORD_COMPLEXITY_POLICY,

                SYSTEM_USER_ID

            )



        assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN)

    }



    @Test

    fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicy_multipleEnforcingAdminsForResolvedValue() {

        ensurePolicyIsSetLocally(

            PASSWORD_COMPLEXITY_POLICY,

            HIGH_PASSWORD_COMPLEXITY,

            SYSTEM_USER_ID,

            DEVICE_OWNER_ADMIN

        )

        ensurePolicyIsSetLocally(

            PASSWORD_COMPLEXITY_POLICY,

            HIGH_PASSWORD_COMPLEXITY,

            SYSTEM_USER_ID,

            SYSTEM_ADMIN

        )



        val enforcingAdmins =

            devicePolicyEngine.getEnforcingAdminsForResolvedPolicy(

                PASSWORD_COMPLEXITY_POLICY,

                SYSTEM_USER_ID

            )



        assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN)

    }



    @Test

    fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicyLocallyAndGlobally_multipleEnforcingAdminsForResolvedValue() {

        ensurePolicyIsSetLocally(

            USER_CONTROLLED_DISABLED_PACKAGES_POLICY,

            PACKAGE_SET_POLICY_VALUE_1,

            SYSTEM_USER_ID,

            DEVICE_OWNER_ADMIN

        )

        ensurePolicyIsSetGlobally(

            USER_CONTROLLED_DISABLED_PACKAGES_POLICY,

            PACKAGE_SET_POLICY_VALUE_2,

            SYSTEM_ADMIN

        )



        val enforcingAdmins =

            devicePolicyEngine.getEnforcingAdminsForResolvedPolicy(

                USER_CONTROLLED_DISABLED_PACKAGES_POLICY,

                SYSTEM_USER_ID

            )



        assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN)

    }



    @Test

    fun getEnforcingAdminsForResolvedPolicy_multipleAdminsSetPolicyLocallyTwiceAndGlobally_multipleEnforcingAdminsForResolvedValue() {

        ensurePolicyIsSetLocally(

            USER_CONTROLLED_DISABLED_PACKAGES_POLICY,

            PACKAGE_SET_POLICY_VALUE_1,

            SYSTEM_USER_ID,

            DEVICE_OWNER_ADMIN

        )

        ensurePolicyIsSetLocally(

            USER_CONTROLLED_DISABLED_PACKAGES_POLICY,

            PACKAGE_SET_POLICY_VALUE_1_SUBSET,

            SYSTEM_USER_ID,

            DEVICE_OWNER_ADMIN

        )

        ensurePolicyIsSetGlobally(

            USER_CONTROLLED_DISABLED_PACKAGES_POLICY,

            PACKAGE_SET_POLICY_VALUE_2,

            SYSTEM_ADMIN

        )



        val enforcingAdmins =

            devicePolicyEngine.getEnforcingAdminsForResolvedPolicy(

                USER_CONTROLLED_DISABLED_PACKAGES_POLICY,

                SYSTEM_USER_ID

            )



        assertThat(enforcingAdmins).containsExactly(DEVICE_OWNER_ADMIN, SYSTEM_ADMIN)

    }



    @Test

    fun getEnforcingAdminsForResolvedPolicy_unsetPolicy_emptySet() {

        val enforcingAdmins =

            devicePolicyEngine.getEnforcingAdminsForResolvedPolicy(

                PASSWORD_COMPLEXITY_POLICY,

                SYSTEM_USER_ID

            )



        assertThat(enforcingAdmins).isEmpty()

    }



    companion object {

        private const val POLICY_SET = PolicyUpdateResult.RESULT_POLICY_SET

        private const val FAILURE_UNKNOWN = PolicyUpdateResult.RESULT_FAILURE_UNKNOWN
@@ -305,6 +435,8 @@ class DevicePolicyEngineTest { 


        private val HIGH_PASSWORD_COMPLEXITY =

            IntegerPolicyValue(DevicePolicyManager.PASSWORD_COMPLEXITY_HIGH)

        private val LOW_PASSWORD_COMPLEXITY =

            IntegerPolicyValue(DevicePolicyManager.PASSWORD_COMPLEXITY_LOW)

        private val AUTO_TIME_ZONE_ENABLED =

            IntegerPolicyValue(DevicePolicyManager.AUTO_TIME_ZONE_ENABLED)

        private val PACKAGE_SET_POLICY_VALUE_1 =