Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 549b9692 authored by Sudheer Shanka's avatar Sudheer Shanka
Browse files

Return null value if getActiveAdminUncheckedLocked returns null. 

- Split per user version of getUserRestrictions into a separate method
  in DPMS and make the per-user version return null if the admin
  parameter is not a valid one.
- Update isAccessibilityServicePermittedByAdmin and
  isInputMethodPermittedByAdmin to return false if the admin parameter
  is not a valid one.

Bug: 27909087
Change-Id: I6f4cae6552cbfe02dc4a92b04eeeddf0314e0974
parent bc5aa7a7

core/java/android/app/admin/DevicePolicyManager.java

+19 −4
Original line number Diff line number Diff line
@@ -4881,15 +4881,30 @@ public class DevicePolicyManager { 
     * @throws SecurityException if {@code admin} is not a device or profile owner.

     */

    public Bundle getUserRestrictions(@NonNull ComponentName admin) {

        return getUserRestrictions(admin, myUserId());

        Bundle ret = null;

        if (mService != null) {

            try {

                ret = mService.getUserRestrictions(admin);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

        return ret == null ? new Bundle() : ret;

    }



    /** @hide per-user version */

    public Bundle getUserRestrictions(@NonNull ComponentName admin, int userHandle) {

    /**

     * Called by the system to get the user restrictions for a user.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param userHandle user id the admin is running as.

     *

     * @hide

     */

    public Bundle getUserRestrictionsForUser(@NonNull ComponentName admin, int userHandle) {

        Bundle ret = null;

        if (mService != null) {

            try {

                ret = mService.getUserRestrictions(admin, userHandle);

                ret = mService.getUserRestrictionsForUser(admin, userHandle);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

core/java/android/app/admin/IDevicePolicyManager.aidl

+2 −1
Original line number Diff line number Diff line
@@ -169,7 +169,8 @@ interface IDevicePolicyManager { 
    ComponentName getRestrictionsProvider(int userHandle);



    void setUserRestriction(in ComponentName who, in String key, boolean enable);

    Bundle getUserRestrictions(in ComponentName who, int userId);

    Bundle getUserRestrictions(in ComponentName who);

    Bundle getUserRestrictionsForUser(in ComponentName who, int userId);

    void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags);

    void clearCrossProfileIntentFilters(in ComponentName admin);

packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java

+4 −2
Original line number Diff line number Diff line
@@ -78,7 +78,8 @@ public class RestrictedLockUtils { 
        int deviceOwnerUserId = dpm.getDeviceOwnerUserId();

        boolean enforcedByDeviceOwner = false;

        if (deviceOwner != null && deviceOwnerUserId != UserHandle.USER_NULL) {

            Bundle enforcedRestrictions = dpm.getUserRestrictions(deviceOwner, deviceOwnerUserId);

            Bundle enforcedRestrictions =

                    dpm.getUserRestrictionsForUser(deviceOwner, deviceOwnerUserId);

            if (enforcedRestrictions != null

                    && enforcedRestrictions.getBoolean(userRestriction, false)) {

                enforcedByDeviceOwner = true;
@@ -90,7 +91,8 @@ public class RestrictedLockUtils { 
        if (userId != UserHandle.USER_NULL) {

            profileOwner = dpm.getProfileOwnerAsUser(userId);

            if (profileOwner != null) {

                Bundle enforcedRestrictions = dpm.getUserRestrictions(profileOwner, userId);

                Bundle enforcedRestrictions =

                        dpm.getUserRestrictionsForUser(profileOwner, userId);

                if (enforcedRestrictions != null

                        && enforcedRestrictions.getBoolean(userRestriction, false)) {

                    enforcedByProfileOwner = true;

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+33 −14
Original line number Diff line number Diff line
@@ -5797,8 +5797,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                transitionCheckNeeded = false;

            } else {

                // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS.

                mContext.enforceCallingOrSelfPermission(

                        android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);

                enforceCanManageProfileAndDeviceOwners();

            }



            final DevicePolicyData policyData = getUserData(userHandle);
@@ -5991,8 +5990,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
            }

            return;

        }

        mContext.enforceCallingOrSelfPermission(

                android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);

        enforceCanManageProfileAndDeviceOwners();

        if (hasUserSetupCompleted(userHandle) && !isCallerWithSystemUid()) {

            throw new IllegalStateException("Cannot set the profile owner on a user which is "

                    + "already set-up");
@@ -6007,8 +6005,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        int callingUid = mInjector.binderGetCallingUid();

        boolean isAdb = callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;

        if (!isAdb) {

            mContext.enforceCallingOrSelfPermission(

                    android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);

            enforceCanManageProfileAndDeviceOwners();

        }



        final int code = checkSetDeviceOwnerPreCondition(userId, isAdb);
@@ -6664,6 +6661,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

        synchronized (this) {

            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);

            if (admin == null) {

                return false;

            }

            if (admin.permittedAccessiblityServices == null) {

                return true;

            }
@@ -6834,6 +6834,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

        synchronized (this) {

            ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);

            if (admin == null) {

                return false;

            }

            if (admin.permittedInputMethods == null) {

                return true;

            }
@@ -7104,19 +7107,30 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
    }



    @Override

    public Bundle getUserRestrictions(ComponentName who, int userHandle) {

    public Bundle getUserRestrictions(ComponentName who) {

        if (!mHasFeature) {

            return null;

        }

        Preconditions.checkNotNull(who, "ComponentName is null");

        synchronized (this) {

            final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who,

                    DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

            return activeAdmin.userRestrictions;

        }

    }



    @Override

    public Bundle getUserRestrictionsForUser(ComponentName who, int userHandle) {

        if (!mHasFeature) {

            return null;

        }

        Preconditions.checkNotNull(who, "ComponentName is null");

        enforceFullCrossUsersPermission(userHandle);

        enforceCanManageProfileAndDeviceOwners();

        synchronized (this) {

            ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(who, userHandle);

            if (activeAdmin == null) {

                throw new SecurityException("No active admin: " + activeAdmin);

            }

            if (activeAdmin.getUid() != mInjector.binderGetCallingUid()) {

                mContext.enforceCallingOrSelfPermission(

                        android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS,

                        "Calling uid " + mInjector.binderGetCallingUid() + " neither owns the admin"

                        + " " + who + " nor has MANAGE_PROFILE_AND_DEVICE_OWNERS permission");

                return null;

            }

            return activeAdmin.userRestrictions;

        }
@@ -8690,6 +8704,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                null);

    }



    private void enforceCanManageProfileAndDeviceOwners() {

        mContext.enforceCallingOrSelfPermission(

                android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null);

    }



    @Override

    public boolean isUninstallInQueue(final String packageName) {

        enforceCanManageDeviceAdmin();