Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 52de1397 authored by Felipe Leme's avatar Felipe Leme
Browse files

Allow affiliated profile owner to grant sensor permissions. 

Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testLocationPermissionGrantNotifies # on automotived and phone
Test: manual verification using TestDpc

Bug: 185855799
Fixes: 196460975

Change-Id: I82e9539244b310a59d53f32b8618587042d20b50
parent fb894242

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java

+10 −5
Original line number Diff line number Diff line
@@ -46,6 +46,12 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache { 
    @GuardedBy("mLock")

    private final SparseIntArray mPermissionPolicy = new SparseIntArray();



    /** Maps to {@code ActiveAdmin.mAdminCanGrantSensorsPermissions}.

     *

     * <p>For users affiliated with the device, they inherit the policy from {@code DO} so

     * it will map to the {@code DO}'s policy. Otherwise it will map to the admin of the requesting

     * user.

     */

    @GuardedBy("mLock")

    private final SparseBooleanArray mCanGrantSensorsPermissions = new SparseBooleanArray();
@@ -102,17 +108,16 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache { 
    }



    @Override

    public boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userHandle) {

    public boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userId) {

        synchronized (mLock) {

            return mCanGrantSensorsPermissions.get(userHandle, false);

            return mCanGrantSensorsPermissions.get(userId, false);

        }

    }



    /** Sets ahmin control over permission grants for user. */

    public void setAdminCanGrantSensorsPermissions(@UserIdInt int userHandle,

            boolean canGrant) {

    public void setAdminCanGrantSensorsPermissions(@UserIdInt int userId, boolean canGrant) {

        synchronized (mLock) {

            mCanGrantSensorsPermissions.put(userHandle, canGrant);

            mCanGrantSensorsPermissions.put(userId, canGrant);

        }

    }

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+17 −7
Original line number Diff line number Diff line
@@ -9144,9 +9144,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
    }















    /**













     * Returns the ActiveAdmin associated wit the PO or DO on the given user.













     * @param userHandle













     * @return













     * Returns the ActiveAdmin associated with the PO or DO on the given user.















     */















    private @Nullable ActiveAdmin getDeviceOrProfileOwnerAdminLocked(int userHandle) {















        ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle);










@@ -14305,6 +14303,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













            maybePauseDeviceWideLoggingLocked();















            maybeResumeDeviceWideLoggingLocked();















            maybeClearLockTaskPolicyLocked();













            updateAdminCanGrantSensorsPermissionCache(callingUserId);















        }















    }
























@@ -17469,7 +17468,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













        });















    }



























    private void setAdminCanGrantSensorsPermissionForUserUnchecked(int userId, boolean canGrant) {













    private void setAdminCanGrantSensorsPermissionForUserUnchecked(@UserIdInt int userId,













            boolean canGrant) {













        Slogf.d(LOG_TAG, "setAdminCanGrantSensorsPermissionForUserUnchecked(%d, %b)",













                userId, canGrant);















        synchronized (getLockObject()) {















            ActiveAdmin owner = getDeviceOrProfileOwnerAdminLocked(userId);























@@ -17483,10 +17485,18 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













        }















    }



























    private void updateAdminCanGrantSensorsPermissionCache(int userId) {













    private void updateAdminCanGrantSensorsPermissionCache(@UserIdInt int userId) {















        synchronized (getLockObject()) {













            ActiveAdmin owner = getDeviceOrProfileOwnerAdminLocked(userId);













            final boolean canGrant = owner != null ? owner.mAdminCanGrantSensorsPermissions : false;

























            ActiveAdmin owner;













            // If the user is affiliated the device (either a DO itself, or an affiliated PO),













            // use mAdminCanGrantSensorsPermissions from the DO













            if (isUserAffiliatedWithDeviceLocked(userId)) {













                owner = getDeviceOwnerAdminLocked();













            } else {













                owner = getDeviceOrProfileOwnerAdminLocked(userId);













            }













            boolean canGrant = owner != null ? owner.mAdminCanGrantSensorsPermissions : false;















            mPolicyCache.setAdminCanGrantSensorsPermissions(userId, canGrant);















        }















    }