Merge \\"Disallow disable / hide device provision app\\" into nyc-mr1-dev am: dc52eaaa98 (4eefd680) · Commits · e / os / android_frameworks_base

core/java/android/content/pm/PackageManagerInternal.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -157,7 +157,7 @@ public abstract class PackageManagerInternal {
		int deviceOwnerUserId, String deviceOwner, SparseArray<String> profileOwners);

		/**
		* Whether a package's data be cleared.
		* Returns {@code true} if a given package can't be wiped. Otherwise, returns {@code false}.
		*/
		public abstract boolean canPackageBeWiped(int userId, String packageName);
		public abstract boolean isPackageDataProtected(int userId, String packageName);
		}

core/res/res/values/config.xml

+2 −0

Original line number	Diff line number	Diff line
		@@ -2513,4 +2513,6 @@
		<!-- True if the device supports system navigation keys. -->
		<bool name="config_supportSystemNavigationKeys">false</bool>

		<!-- Package name for the device provisioning package. -->
		<string name="config_deviceProvisioningPackage"></string>
		</resources>

core/res/res/values/symbols.xml

+3 −0

Original line number	Diff line number	Diff line
		@@ -2635,4 +2635,7 @@

		<java-symbol type="layout" name="unsupported_display_size_dialog_content" />
		<java-symbol type="string" name="unsupported_display_size_message" />

		<!-- Package name for the device provisioning package -->
		<java-symbol type="string" name="config_deviceProvisioningPackage" />
		</resources>

services/core/java/com/android/server/am/ActivityManagerService.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -5423,10 +5423,10 @@ public final class ActivityManagerService extends ActivityManagerNative
		IPackageManager pm = AppGlobals.getPackageManager();
		int pkgUid = -1;
		synchronized(this) {
		if (getPackageManagerInternalLocked().canPackageBeWiped(
		if (getPackageManagerInternalLocked().isPackageDataProtected(
		userId, packageName)) {
		throw new SecurityException(
		"Cannot clear data for a device owner or a profile owner");
		"Cannot clear data for a protected package: " + packageName);
		}

		try {

services/core/java/com/android/server/pm/PackageManagerService.java

+17 −9

Original line number	Diff line number	Diff line
		@@ -627,7 +627,7 @@ public class PackageManagerService extends IPackageManager.Stub {
		@GuardedBy("mPackages")
		final ArraySet<String> mFrozenPackages = new ArraySet<>();

		final ProtectedPackages mProtectedPackages = new ProtectedPackages();
		final ProtectedPackages mProtectedPackages;

		boolean mRestoredSettings;

		@@ -2281,6 +2281,8 @@ public class PackageManagerService extends IPackageManager.Stub {
		mSystemPermissions = systemConfig.getSystemPermissions();
		mAvailableFeatures = systemConfig.getAvailableFeatures();

		mProtectedPackages = new ProtectedPackages(mContext);

		synchronized (mInstallLock) {
		// writer
		synchronized (mPackages) {
		@@ -11661,6 +11663,12 @@ public class PackageManagerService extends IPackageManager.Stub {
		if (pkgSetting == null) {
		return false;
		}
		// Only allow protected packages to hide themselves.
		if (hidden && !UserHandle.isSameApp(uid, pkgSetting.appId)
		&& mProtectedPackages.isPackageStateProtected(userId, packageName)) {
		Slog.w(TAG, "Not hiding protected package: " + packageName);
		return false;
		}
		if (pkgSetting.getHidden(userId) != hidden) {
		pkgSetting.setHidden(hidden, userId);
		mSettings.writePackageRestrictionsLPr(userId);
		@@ -16431,8 +16439,9 @@ public class PackageManagerService extends IPackageManager.Stub {
		enforceCrossUserPermission(Binder.getCallingUid(), userId,
		true /* requireFullPermission /, false / checkShell */, "clear application data");

		if (mProtectedPackages.canPackageBeWiped(userId, packageName)) {
		throw new SecurityException("Cannot clear data for a device owner or a profile owner");
		if (mProtectedPackages.isPackageDataProtected(userId, packageName)) {
		throw new SecurityException("Cannot clear data for a protected package: "
		+ packageName);
		}
		// Queue up an async operation since the package deletion may take a little while.
		mHandler.post(new Runnable() {
		@@ -17758,9 +17767,9 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
		+ Binder.getCallingPid()
		+ ", uid=" + uid + ", package uid=" + pkgSetting.appId);
		}
		// Don't allow changing profile and device owners.
		if (mProtectedPackages.canPackageStateBeChanged(userId, packageName)) {
		throw new SecurityException("Cannot disable a device owner or a profile owner");
		// Don't allow changing protected packages.
		if (mProtectedPackages.isPackageStateProtected(userId, packageName)) {
		throw new SecurityException("Cannot disable a protected package: " + packageName);
		}
		}

		@@ -20892,9 +20901,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());
		}

		@Override
		public boolean canPackageBeWiped(int userId, String packageName) {
		return mProtectedPackages.canPackageBeWiped(userId,
		packageName);
		public boolean isPackageDataProtected(int userId, String packageName) {
		return mProtectedPackages.isPackageDataProtected(userId, packageName);
		}
		}