Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5844ebbd authored by Jason Parks's avatar Jason Parks
Browse files

Allow setting of the supervision role for CTS 

Bug: 378102594
Flag: android.permission.flags.enable_system_supervision_role_behavior
Test: atest CtsSupervisionTestCases
Change-Id: Ie1bdf36410c366f29ce7a004fa20bfb2d3d48d6a
parent a54d13db

core/api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -2950,6 +2950,7 @@ package android.app.supervision { 
  @FlaggedApi("android.app.supervision.flags.supervision_manager_apis") public class SupervisionManager {

    method @FlaggedApi("android.app.supervision.flags.supervision_manager_apis") @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_USERS}) public android.content.Intent createConfirmSupervisionCredentialsIntent();

    method @FlaggedApi("android.app.supervision.flags.supervision_manager_apis") @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_USERS}) public boolean isSupervisionEnabled();

    method @FlaggedApi("android.permission.flags.enable_system_supervision_role_behavior") @RequiresPermission(android.Manifest.permission.MANAGE_ROLE_HOLDERS) public boolean shouldAllowBypassingSupervisionRoleQualification();

  }















}

























core/java/android/app/supervision/ISupervisionManager.aidl



+2
−0




























Original line number
Diff line number
Diff line








@@ -27,4 +27,6 @@ interface ISupervisionManager {













    boolean isSupervisionEnabledForUser(int userId);















    void setSupervisionEnabledForUser(int userId, boolean enabled);















    String getActiveSupervisionAppPackage(int userId);













    @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.MANAGE_ROLE_HOLDERS)")













    boolean shouldAllowBypassingSupervisionRoleQualification();















}
























core/java/android/app/supervision/SupervisionManager.java



+22
−0




























Original line number
Diff line number
Diff line








@@ -19,6 +19,7 @@ package android.app.supervision;













import static android.Manifest.permission.INTERACT_ACROSS_USERS;















import static android.Manifest.permission.MANAGE_USERS;















import static android.Manifest.permission.QUERY_USERS;













import static android.permission.flags.Flags.FLAG_ENABLE_SYSTEM_SUPERVISION_ROLE_BEHAVIOR;































import android.annotation.FlaggedApi;















import android.annotation.Nullable;










@@ -193,4 +194,25 @@ public class SupervisionManager {













        }















        return null;















    }









































    /**













     * @return {@code true} if bypassing the qualification is allowed for the specified role based













     * on the current state of the device.













     *













     * @hide













     */













    @SystemApi













    @FlaggedApi(FLAG_ENABLE_SYSTEM_SUPERVISION_ROLE_BEHAVIOR)













    @RequiresPermission(android.Manifest.permission.MANAGE_ROLE_HOLDERS)













    public boolean shouldAllowBypassingSupervisionRoleQualification() {













        if (mService != null) {













            try {













                return mService.shouldAllowBypassingSupervisionRoleQualification();













            } catch (RemoteException e) {













                throw e.rethrowFromSystemServer();













            }













        }













        return false;













    }















}
























core/java/android/permission/flags.aconfig



+9
−0




























Original line number
Diff line number
Diff line








@@ -554,3 +554,12 @@ flag {













    description: "This flag is used to add role protection to READ_BLOCKED_NUMBERS for SYSTEM_UI_INTELLIGENCE"















    bug: "354758615"















}



























flag {













    name: "enable_system_supervision_role_behavior"













    is_fixed_read_only: true













    is_exported: true













    namespace: "supervision"













    description: "This flag is used to enable the role behavior for the system supervision role"













    bug: "378102594"













}
























services/supervision/java/com/android/server/supervision/SupervisionService.java



+39
−0




























Original line number
Diff line number
Diff line








@@ -17,6 +17,7 @@













package com.android.server.supervision;































import static android.Manifest.permission.INTERACT_ACROSS_USERS;













import static android.Manifest.permission.MANAGE_ROLE_HOLDERS;















import static android.Manifest.permission.MANAGE_USERS;















import static android.Manifest.permission.QUERY_USERS;















import static android.content.pm.PackageManager.PERMISSION_GRANTED;










@@ -170,6 +171,44 @@ public class SupervisionService extends ISupervisionManager.Stub {













        return intent;















    }





























    @Override













    public boolean shouldAllowBypassingSupervisionRoleQualification() {













        enforcePermission(MANAGE_ROLE_HOLDERS);



























        if (hasNonTestDefaultUsers()) {













            return false;













        }



























        synchronized (getLockObject()) {













            for (int i = 0; i < mUserData.size(); i++) {













                if (mUserData.valueAt(i).supervisionEnabled) {













                    return false;













                }













            }













        }



























        return true;













    }



























    /**













     * Returns true if there are any non-default non-test users.













     *













     * This excludes the system and main user(s) as those users are created by default.













     */













    private boolean hasNonTestDefaultUsers() {













        List<UserInfo> users = mInjector.getUserManagerInternal().getUsers(true);













        for (var user : users) {













            if (!user.isForTesting() && !user.isMain() && !isSystemUser(user)) {













                return true;













            }













        }













        return false;













    }



























    private static boolean isSystemUser(UserInfo userInfo) {













        return (userInfo.flags & UserInfo.FLAG_SYSTEM) == UserInfo.FLAG_SYSTEM;













    }





























    @Override















    public void onShellCommand(















            @Nullable FileDescriptor in,