Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4da6ddc2 authored by Alex Johnston's avatar Alex Johnston Committed by Automerger Merge Worker
Browse files

Merge "Allow PO to set network logging delegate" into sc-dev am: e5cb0d2d 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/13582329

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I6e380d25ef7bee9cbf622e2f06ca656b57e45156
parents b6cc44a1 e5cb0d2d

core/java/android/app/admin/DevicePolicyManager.java

+3 −3
Original line number Diff line number Diff line
@@ -1869,13 +1869,13 @@ public class DevicePolicyManager { 
    /**

     * Grants access to {@link #setNetworkLoggingEnabled}, {@link #isNetworkLoggingEnabled} and

     * {@link #retrieveNetworkLogs}. Once granted the delegated app will start receiving

     * DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner will no longer

     * receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback.

     * DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner or Profile Owner

     * will no longer receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback.

     * There can be at most one app that has this delegation.

     * If another app already had delegated network logging access,

     * it will lose the delegation when a new app is delegated.

     *

     * <p> Can only be granted by Device Owner.

     * <p> Can only be granted by Device Owner or Profile Owner of a managed profile.

     */

    public static final String DELEGATION_NETWORK_LOGGING = "delegation-network-logging";
































services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java



+9
−7






























Original line number
Diff line number
Diff line







@@ -422,8 +422,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {







        DELEGATION_CERT_SELECTION,









    };

















    // Subset of delegations that can only be delegated by Device Owner.









    private static final List<String> DEVICE_OWNER_DELEGATIONS = Arrays.asList(new String[] {









    // Subset of delegations that can only be delegated by Device Owner or Profile Owner of a









    // managed profile.









    private static final List<String> DEVICE_OWNER_OR_MANAGED_PROFILE_OWNER_DELEGATIONS =









            Arrays.asList(new String[]{









                    DELEGATION_NETWORK_LOGGING,









            });
















@@ -5884,10 +5886,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {







        }









        // Retrieve the user ID of the calling process.









        final int userId = caller.getUserId();









        final boolean hasDoDelegation = !Collections.disjoint(scopes, DEVICE_OWNER_DELEGATIONS);









        // Ensure calling process is device/profile owner.









        if (hasDoDelegation) {









            Preconditions.checkCallAuthorization(isDeviceOwner(caller));









        if (!Collections.disjoint(scopes, DEVICE_OWNER_OR_MANAGED_PROFILE_OWNER_DELEGATIONS)) {









            Preconditions.checkCallAuthorization(isDeviceOwner(caller)









                    || (isProfileOwner(caller) && isManagedProfile(caller.getUserId())));









        } else {









            Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller));









        }