Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 557355e4 authored by kholoud mohamed's avatar kholoud mohamed
Browse files

Exposed some testAPIs in DPM 

- Exposed the following as testAPIs:
* markProfileOwnerOnOrganizationOwnedDevice with
MANAGE_PROFILE_AND_DEVICE_OWNERS permission
* forceSecurityLogs with FORCE_DEVICE_POLICY_MANAGER_LOGS permission
* forceNetworkLogs with FORCE_DEVICE_POLICY_MANAGER_LOGS permission
* setDeviceOwner
* setActiveAdmin
* forceRemoveActiveAdmin with MANAGE_PROFILE_AND_DEVICE_OWNERS permission
* clearSystemUpdatePolicyFreezePeriodRecord with CLEAR_FREEZE_PERIOD
permission

- Changed getDeviceOwnerComponentOnAnyUser to accept
MANAGE_PROFILE_AND_DEVICE_OWNERS permission

Bug: 180500227
Test: verified that cts tests can call the APIs
Change-Id: I824980d1f408f1e0bf536c9526f1666dead31d82
parent 5e7b1214

core/api/system-current.txt

+1 −1
Original line number Diff line number Diff line
@@ -884,7 +884,7 @@ package android.app.admin { 
  public class DevicePolicyManager {

    method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS) public boolean getBluetoothContactSharingDisabled(@NonNull android.os.UserHandle);

    method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public String getDeviceOwner();

    method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.content.ComponentName getDeviceOwnerComponentOnAnyUser();

    method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, "android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS"}) public android.content.ComponentName getDeviceOwnerComponentOnAnyUser();

    method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public String getDeviceOwnerNameOnAnyUser();

    method @Nullable public CharSequence getDeviceOwnerOrganizationName();

    method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.os.UserHandle getDeviceOwnerUser();

core/api/test-current.txt

+7 −0
Original line number Diff line number Diff line
@@ -386,7 +386,11 @@ package android.app.admin { 


  public class DevicePolicyManager {

    method public int checkProvisioningPreCondition(@Nullable String, @NonNull String);

    method @RequiresPermission(android.Manifest.permission.CLEAR_FREEZE_PERIOD) public void clearSystemUpdatePolicyFreezePeriodRecord();

    method @Nullable public android.os.UserHandle createAndProvisionManagedProfile(@NonNull android.app.admin.ManagedProfileProvisioningParams) throws android.app.admin.ProvisioningException;

    method @RequiresPermission(android.Manifest.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS) public long forceNetworkLogs();

    method @RequiresPermission("android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS") public void forceRemoveActiveAdmin(@NonNull android.content.ComponentName, int);

    method @RequiresPermission(android.Manifest.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS) public long forceSecurityLogs();

    method public void forceUpdateUserSetupComplete();

    method public long getLastBugReportRequestTime();

    method public long getLastNetworkLogRetrievalTime();
@@ -394,10 +398,13 @@ package android.app.admin { 
    method public java.util.List<java.lang.String> getOwnerInstalledCaCerts(@NonNull android.os.UserHandle);

    method public boolean isCurrentInputMethodSetByOwner();

    method public boolean isFactoryResetProtectionPolicySupported();

    method @RequiresPermission(anyOf={"android.permission.MARK_DEVICE_ORGANIZATION_OWNED", "android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS"}, conditional=true) public void markProfileOwnerOnOrganizationOwnedDevice(@NonNull android.content.ComponentName);

    method @NonNull public static String operationSafetyReasonToString(int);

    method @NonNull public static String operationToString(int);

    method @RequiresPermission("android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS") public void provisionFullyManagedDevice(@NonNull android.app.admin.FullyManagedDeviceProvisioningParams) throws android.app.admin.ProvisioningException;

    method @RequiresPermission("android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS") public void resetDefaultCrossProfileIntentFilters(int);

    method @RequiresPermission(allOf={"android.permission.MANAGE_DEVICE_ADMINS", android.Manifest.permission.INTERACT_ACROSS_USERS_FULL}) public void setActiveAdmin(@NonNull android.content.ComponentName, boolean, int);

    method @RequiresPermission("android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS") public boolean setDeviceOwner(@NonNull android.content.ComponentName, @Nullable String, int);

    method @RequiresPermission("android.permission.MANAGE_DEVICE_ADMINS") public void setNextOperationSafety(int, int);

    field public static final String ACTION_DATA_SHARING_RESTRICTION_APPLIED = "android.app.action.DATA_SHARING_RESTRICTION_APPLIED";

    field public static final int CODE_ACCOUNTS_NOT_EMPTY = 6; // 0x6

core/java/android/app/admin/DevicePolicyManager.java

+30 −9
Original line number Diff line number Diff line
@@ -7276,7 +7276,12 @@ public class DevicePolicyManager { 
    /**

     * @hide

     */

    @TestApi

    @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)

    @RequiresPermission(allOf = {

            android.Manifest.permission.MANAGE_DEVICE_ADMINS,

            android.Manifest.permission.INTERACT_ACROSS_USERS_FULL

    })

    public void setActiveAdmin(@NonNull ComponentName policyReceiver, boolean refreshing,

            int userHandle) {

        if (mService != null) {
@@ -7453,8 +7458,10 @@ public class DevicePolicyManager { 
     * @throws IllegalArgumentException if the package name is null or invalid

     * @throws IllegalStateException If the preconditions mentioned are not met.

     */

    public boolean setDeviceOwner(ComponentName who, String ownerName, int userId)

            throws IllegalArgumentException, IllegalStateException {

    @TestApi

    @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)

    public boolean setDeviceOwner(

            @NonNull ComponentName who, @Nullable String ownerName, @UserIdInt int userId) {

        if (mService != null) {

            try {

                return mService.setDeviceOwner(who, ownerName, userId);
@@ -7521,7 +7528,10 @@ public class DevicePolicyManager { 
     * @hide

     */

    @SystemApi

    @RequiresPermission(android.Manifest.permission.MANAGE_USERS)

    @RequiresPermission(anyOf = {

            android.Manifest.permission.MANAGE_USERS,

            android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS,

    })

    public ComponentName getDeviceOwnerComponentOnAnyUser() {

        return getDeviceOwnerComponentInner(/* callingUserOnly =*/ false);

    }
@@ -10477,9 +10487,10 @@ public class DevicePolicyManager { 














    /**















     * Reset record of previous system update freeze period the device went through.













     * Only callable by ADB.















     * @hide















     */













    @TestApi













    @RequiresPermission(android.Manifest.permission.CLEAR_FREEZE_PERIOD)















    public void clearSystemUpdatePolicyFreezePeriodRecord() {















        throwIfParentInstance("clearSystemUpdatePolicyFreezePeriodRecord");















        if (mService == null) {










@@ -11207,9 +11218,11 @@ public class DevicePolicyManager {



























    /**















     * Makes all accumulated network logs available to DPC in a new batch.













     * Only callable by ADB. If throttled, returns time to wait in milliseconds, otherwise 0.













     * If throttled, returns time to wait in milliseconds, otherwise 0.















     * @hide















     */













    @TestApi













    @RequiresPermission(android.Manifest.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS)















    public long forceNetworkLogs() {















        if (mService == null) {















            return -1;









@@ -11223,9 +11236,11 @@ public class DevicePolicyManager {



























    /**















     * Forces a batch of security logs to be fetched from logd and makes it available for DPC.













     * Only callable by ADB. If throttled, returns time to wait in milliseconds, otherwise 0.













     * If throttled, returns time to wait in milliseconds, otherwise 0.















     * @hide















     */













    @TestApi













    @RequiresPermission(android.Manifest.permission.FORCE_DEVICE_POLICY_MANAGER_LOGS)















    public long forceSecurityLogs() {















        if (mService == null) {















            return 0;










@@ -11657,7 +11672,10 @@ public class DevicePolicyManager {













     * @throws SecurityException if the caller is not shell / root or the admin package















     *         isn't a test application see {@link ApplicationInfo#FLAG_TEST_APP}.















     */













    public void forceRemoveActiveAdmin(ComponentName adminReceiver, int userHandle) {













    @TestApi













    @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)













    public void forceRemoveActiveAdmin(













            @NonNull ComponentName adminReceiver, @UserIdInt int userHandle) {















        try {















            mService.forceRemoveActiveAdmin(adminReceiver, userHandle);















        } catch (RemoteException re) {










@@ -12727,8 +12745,11 @@ public class DevicePolicyManager {













     *















     * @hide















     */













    @RequiresPermission(value = android.Manifest.permission.MARK_DEVICE_ORGANIZATION_OWNED,













            conditional = true)













    @TestApi













    @RequiresPermission(anyOf = {













            android.Manifest.permission.MARK_DEVICE_ORGANIZATION_OWNED,













            android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS













    }, conditional = true)















    public void markProfileOwnerOnOrganizationOwnedDevice(@NonNull ComponentName who) {















        if (mService == null) {















            return;

























services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java



+20
−10




























Original line number
Diff line number
Diff line








@@ -3399,8 +3399,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













            return;















        }















        Objects.requireNonNull(adminReceiver, "ComponentName is null");













        Preconditions.checkCallAuthorization(isAdb(getCallerIdentity()),













                "Non-shell user attempted to call forceRemoveActiveAdmin");













        Preconditions.checkCallAuthorization(isAdb(getCallerIdentity())













                        || hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS),













                "Caller must be shell or hold MANAGE_PROFILE_AND_DEVICE_OWNERS to call "













                        + "forceRemoveActiveAdmin");















        mInjector.binderWithCleanCallingIdentity(() -> {















            synchronized (getLockObject()) {















                if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) {










@@ -8089,7 +8091,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













            return null;















        }















        if (!callingUserOnly) {













            Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity()));













            Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())













                    || hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));















        }















        synchronized (getLockObject()) {















            if (!mOwners.hasDeviceOwner()) {










@@ -12543,8 +12546,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {



























    @Override















    public void clearSystemUpdatePolicyFreezePeriodRecord() {













        Preconditions.checkCallAuthorization(isAdb(getCallerIdentity()),













                "Non-shell user attempted to call clearSystemUpdatePolicyFreezePeriodRecord");













        Preconditions.checkCallAuthorization(isAdb(getCallerIdentity())













                        || hasCallingOrSelfPermission(permission.CLEAR_FREEZE_PERIOD),













                "Caller must be shell, or hold CLEAR_FREEZE_PERIOD permission to call "













                        + "clearSystemUpdatePolicyFreezePeriodRecord");















        synchronized (getLockObject()) {















            // Print out current record to help diagnosed CTS failures















            Slog.i(LOG_TAG, "Clear freeze period record: "










@@ -13487,7 +13492,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













        final CallerIdentity caller = getCallerIdentity();















        // Only adb or system apps with the right permission can mark a profile owner on















        // organization-owned device.













        if (!(isAdb(caller) || hasCallingPermission(permission.MARK_DEVICE_ORGANIZATION_OWNED))) {













        if (!(isAdb(caller) || hasCallingPermission(permission.MARK_DEVICE_ORGANIZATION_OWNED)













                || hasCallingPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS))) {















            throw new SecurityException(















                    "Only the system can mark a profile owner of organization-owned device.");















        }










@@ -13806,8 +13812,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {



























    @Override















    public long forceSecurityLogs() {













        Preconditions.checkCallAuthorization(isAdb(getCallerIdentity()),













                "Non-shell user attempted to call forceSecurityLogs");













        Preconditions.checkCallAuthorization(isAdb(getCallerIdentity())













                        || hasCallingOrSelfPermission(permission.FORCE_DEVICE_POLICY_MANAGER_LOGS),













                "Caller must be shell or hold FORCE_DEVICE_POLICY_MANAGER_LOGS to call "













                        + "forceSecurityLogs");















        if (!mInjector.securityLogGetLoggingEnabledProperty()) {















            throw new IllegalStateException("logging is not available");















        }










@@ -14327,8 +14335,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {



























    @Override















    public long forceNetworkLogs() {













        Preconditions.checkCallAuthorization(isAdb(getCallerIdentity()),













                "Non-shell user attempted to call forceNetworkLogs");













        Preconditions.checkCallAuthorization(isAdb(getCallerIdentity())













                || hasCallingOrSelfPermission(permission.FORCE_DEVICE_POLICY_MANAGER_LOGS),













                "Caller must be shell or hold FORCE_DEVICE_POLICY_MANAGER_LOGS to call "













                        + "forceNetworkLogs");















        synchronized (getLockObject()) {















            if (!isNetworkLoggingEnabledInternalLocked()) {















                throw new IllegalStateException("logging is not available");

























services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java



+47
−2




























Original line number
Diff line number
Diff line








@@ -826,7 +826,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {













     * {@link DevicePolicyManager#forceRemoveActiveAdmin(ComponentName, int)}















     */















    @Test













    public void testForceRemoveActiveAdmin() throws Exception {













    public void testForceRemoveActiveAdmin_nonShellCaller() throws Exception {















        mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);































        // Add admin.









@@ -840,8 +840,53 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        // Calling from a non-shell uid should fail with a SecurityException















        mContext.binder.callingUid = 123456;















        assertExpectException(SecurityException.class,













                /* messageRegex =*/ "Non-shell user attempted to call",













                /* messageRegex = */ null,















                () -> dpms.forceRemoveActiveAdmin(admin1, CALLER_USER_HANDLE));













    }



























    /**













     * Test for:













     * {@link DevicePolicyManager#forceRemoveActiveAdmin(ComponentName, int)}













     */













    @Test













    public void testForceRemoveActiveAdmin_nonShellCallerWithPermission() throws Exception {













        mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);



























        // Add admin.













        setupPackageInPackageManager(admin1.getPackageName(),













                /* userId= */ CALLER_USER_HANDLE,













                /* appId= */ 10138,













                /* flags= */ ApplicationInfo.FLAG_TEST_ONLY);













        dpm.setActiveAdmin(admin1, /* replace =*/ false);













        assertThat(dpm.isAdminActive(admin1)).isTrue();



























        mContext.binder.callingUid = 123456;













        mContext.callerPermissions.add(













                android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);













        dpms.forceRemoveActiveAdmin(admin1, CALLER_USER_HANDLE);



























        mContext.callerPermissions.add(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL);













        // Verify













        assertThat(dpm.isAdminActiveAsUser(admin1, CALLER_USER_HANDLE)).isFalse();













        verify(getServices().usageStatsManagerInternal).setActiveAdminApps(













                null, CALLER_USER_HANDLE);













    }



























    /**













     * Test for:













     * {@link DevicePolicyManager#forceRemoveActiveAdmin(ComponentName, int)}













     */













    @Test













    public void testForceRemoveActiveAdmin_ShellCaller() throws Exception {













        mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);



























        // Add admin.













        setupPackageInPackageManager(admin1.getPackageName(),













                /* userId= */ CALLER_USER_HANDLE,













                /* appId= */ 10138,













                /* flags= */ ApplicationInfo.FLAG_TEST_ONLY);













        dpm.setActiveAdmin(admin1, /* replace =*/ false);













        assertThat(dpm.isAdminActive(admin1)).isTrue();































        mContext.binder.callingUid = Process.SHELL_UID;















        dpms.forceRemoveActiveAdmin(admin1, CALLER_USER_HANDLE);