Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +38 −38 Original line number Original line Diff line number Diff line Loading @@ -6041,7 +6041,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override @Override public void lockNow(int flags, String callerPackageName, boolean parent) { public void lockNow(int flags, String callerPackageName, boolean parent) { CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(callerPackageName); caller = getCallerIdentity(callerPackageName); } else { } else { caller = getCallerIdentity(); caller = getCallerIdentity(); Loading @@ -6053,7 +6053,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { ActiveAdmin admin; ActiveAdmin admin; // Make sure the caller has any active admin with the right policy or // Make sure the caller has any active admin with the right policy or // the required permission. // the required permission. if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { admin = enforcePermissionAndGetEnforcingAdmin( admin = enforcePermissionAndGetEnforcingAdmin( /* admin= */ null, /* admin= */ null, /* permission= */ MANAGE_DEVICE_POLICY_LOCK, /* permission= */ MANAGE_DEVICE_POLICY_LOCK, Loading Loading @@ -8907,13 +8907,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // The effect of this policy is device-wide. // The effect of this policy is device-wide. enforcePermission(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); enforcePermission(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); } else { } else { Loading Loading @@ -8941,13 +8941,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; return false; } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforceCanQuery(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); enforceCanQuery(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); } else { } else { Objects.requireNonNull(who, "ComponentName is null"); Objects.requireNonNull(who, "ComponentName is null"); Loading Loading @@ -8976,7 +8976,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // The effect of this policy is device-wide. // The effect of this policy is device-wide. EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, who, Loading Loading @@ -9016,13 +9016,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // The effect of this policy is device-wide. // The effect of this policy is device-wide. enforceCanQuery(SET_TIME_ZONE, caller.getPackageName(), UserHandle.USER_ALL); enforceCanQuery(SET_TIME_ZONE, caller.getPackageName(), UserHandle.USER_ALL); } else { } else { Loading Loading @@ -9325,7 +9325,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); Loading @@ -9335,7 +9335,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int userHandle = caller.getUserId(); final int userHandle = caller.getUserId(); int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; synchronized (getLockObject()) { synchronized (getLockObject()) { if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // SUPPORT USES_POLICY_DISABLE_KEYGUARD_FEATURES // SUPPORT USES_POLICY_DISABLE_KEYGUARD_FEATURES EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_KEYGUARD, caller.getPackageName(), who, MANAGE_DEVICE_POLICY_KEYGUARD, caller.getPackageName(), Loading Loading @@ -9414,7 +9414,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { synchronized (getLockObject()) { if (who != null) { if (who != null) { if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin admin = getEnforcingAdminForCaller( EnforcingAdmin admin = getEnforcingAdminForCaller( who, who.getPackageName()); who, who.getPackageName()); Integer features = mDevicePolicyEngine.getLocalPolicySetByAdmin( Integer features = mDevicePolicyEngine.getLocalPolicySetByAdmin( Loading @@ -9428,7 +9428,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { Integer features = mDevicePolicyEngine.getResolvedPolicy( Integer features = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.KEYGUARD_DISABLED_FEATURES, PolicyDefinition.KEYGUARD_DISABLED_FEATURES, affectedUserId); affectedUserId); Loading Loading @@ -11625,7 +11625,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(who, callerPackage); final CallerIdentity caller = getCallerIdentity(who, callerPackage); checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_APPLICATION_RESTRICTIONS); checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_APPLICATION_RESTRICTIONS); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, Loading Loading @@ -13034,7 +13034,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String packageName) { String packageName) { final CallerIdentity caller = getCallerIdentity(who, callerPackage); final CallerIdentity caller = getCallerIdentity(who, callerPackage); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforceCanQueryAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforceCanQueryAndGetEnforcingAdmin( who, who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, Loading Loading @@ -13104,7 +13104,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(who, callerPackage); final CallerIdentity caller = getCallerIdentity(who, callerPackage); ActiveAdmin admin; ActiveAdmin admin; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, who, MANAGE_DEVICE_POLICY_PACKAGE_STATE, MANAGE_DEVICE_POLICY_PACKAGE_STATE, Loading Loading @@ -13201,7 +13201,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) { public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) { final CallerIdentity caller = getCallerIdentity(who, callerPackage); final CallerIdentity caller = getCallerIdentity(who, callerPackage); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforcePermission( enforcePermission( MANAGE_DEVICE_POLICY_PACKAGE_STATE, MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), caller.getPackageName(), Loading Loading @@ -13807,7 +13807,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean hidden, boolean parent) { boolean hidden, boolean parent) { CallerIdentity caller = getCallerIdentity(who, callerPackage); CallerIdentity caller = getCallerIdentity(who, callerPackage); final int userId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); final int userId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // TODO: We need to ensure the delegate with DELEGATION_PACKAGE_ACCESS can do this // TODO: We need to ensure the delegate with DELEGATION_PACKAGE_ACCESS can do this enforcePermission(MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), userId); enforcePermission(MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), userId); } else { } else { Loading @@ -13826,7 +13826,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean result; boolean result; synchronized (getLockObject()) { synchronized (getLockObject()) { if (parent) { if (parent) { if (!isPolicyEngineForFinanceFlagEnabled()) { if (!isPermissionCheckFlagEnabled()) { Preconditions.checkCallAuthorization( Preconditions.checkCallAuthorization( isProfileOwnerOfOrganizationOwnedDevice( isProfileOwnerOfOrganizationOwnedDevice( caller.getUserId()) && isManagedProfile(caller.getUserId())); caller.getUserId()) && isManagedProfile(caller.getUserId())); Loading @@ -13843,7 +13843,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Slogf.v(LOG_TAG, "calling pm.setApplicationHiddenSettingAsUser(%s, %b, %d)", Slogf.v(LOG_TAG, "calling pm.setApplicationHiddenSettingAsUser(%s, %b, %d)", packageName, hidden, userId); packageName, hidden, userId); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackage); EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackage); mDevicePolicyEngine.setLocalPolicy( mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.APPLICATION_HIDDEN(packageName), PolicyDefinition.APPLICATION_HIDDEN(packageName), Loading Loading @@ -13882,7 +13882,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String packageName, boolean parent) { String packageName, boolean parent) { CallerIdentity caller = getCallerIdentity(who, callerPackage); CallerIdentity caller = getCallerIdentity(who, callerPackage); int userId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); int userId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // TODO: Also support DELEGATION_PACKAGE_ACCESS // TODO: Also support DELEGATION_PACKAGE_ACCESS enforcePermission(MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), userId); enforcePermission(MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), userId); } else { } else { Loading @@ -13894,7 +13894,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { synchronized (getLockObject()) { if (parent) { if (parent) { if (!isPolicyEngineForFinanceFlagEnabled()) { if (!isPermissionCheckFlagEnabled()) { Preconditions.checkCallAuthorization( Preconditions.checkCallAuthorization( isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId()) isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId()) && isManagedProfile(caller.getUserId())); && isManagedProfile(caller.getUserId())); Loading Loading @@ -14083,13 +14083,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return; return; } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } synchronized (getLockObject()) { synchronized (getLockObject()) { if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { int affectedUser = getAffectedUser(parent); int affectedUser = getAffectedUser(parent); EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, who, Loading Loading @@ -14152,7 +14152,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { CallerIdentity caller; CallerIdentity caller; Preconditions.checkArgumentNonnegative(userId, "Invalid userId"); Preconditions.checkArgumentNonnegative(userId, "Invalid userId"); final ArraySet<String> resultSet = new ArraySet<>(); final ArraySet<String> resultSet = new ArraySet<>(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { int affectedUser = parent ? getProfileParentId(userId) : userId; int affectedUser = parent ? getProfileParentId(userId) : userId; caller = getCallerIdentity(callerPackageName); caller = getCallerIdentity(callerPackageName); if (!hasPermission(MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT, if (!hasPermission(MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT, Loading Loading @@ -15519,12 +15519,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public boolean setStatusBarDisabled(ComponentName who, String callerPackageName, public boolean setStatusBarDisabled(ComponentName who, String callerPackageName, boolean disabled) { boolean disabled) { CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforcePermission(MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), enforcePermission(MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), UserHandle.USER_ALL); UserHandle.USER_ALL); } else { } else { Loading @@ -15535,7 +15535,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); int userId = caller.getUserId(); synchronized (getLockObject()) { synchronized (getLockObject()) { if (!isPolicyEngineForFinanceFlagEnabled()) { if (!isPermissionCheckFlagEnabled()) { Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), "Admin " + who + " is neither the device owner or affiliated " "Admin " + who + " is neither the device owner or affiliated " + "user's profile owner."); + "user's profile owner."); Loading Loading @@ -15594,7 +15594,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override @Override public boolean isStatusBarDisabled(String callerPackage) { public boolean isStatusBarDisabled(String callerPackage) { final CallerIdentity caller = getCallerIdentity(callerPackage); final CallerIdentity caller = getCallerIdentity(callerPackage); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforceCanQuery( enforceCanQuery( MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), caller.getUserId()); MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), caller.getUserId()); } else { } else { Loading @@ -15604,7 +15604,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); int userId = caller.getUserId(); synchronized (getLockObject()) { synchronized (getLockObject()) { if (!isPolicyEngineForFinanceFlagEnabled()) { if (!isPermissionCheckFlagEnabled()) { Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), "Admin " + callerPackage "Admin " + callerPackage + " is neither the device owner or affiliated user's profile owner."); + " is neither the device owner or affiliated user's profile owner."); Loading Loading @@ -16764,7 +16764,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } } EnforcingAdmin enforcingAdmin; EnforcingAdmin enforcingAdmin; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, admin, MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, Loading Loading @@ -16935,7 +16935,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public int getPermissionGrantState(ComponentName admin, String callerPackage, public int getPermissionGrantState(ComponentName admin, String callerPackage, String packageName, String permission) throws RemoteException { String packageName, String permission) throws RemoteException { final CallerIdentity caller = getCallerIdentity(admin, callerPackage); final CallerIdentity caller = getCallerIdentity(admin, callerPackage); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforceCanQuery(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, caller.getPackageName(), enforceCanQuery(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, caller.getPackageName(), caller.getUserId()); caller.getUserId()); } else { } else { Loading Loading @@ -19067,14 +19067,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { throw new IllegalArgumentException("token must be at least 32-byte long"); throw new IllegalArgumentException("token must be at least 32-byte long"); } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(admin, callerPackageName); caller = getCallerIdentity(admin, callerPackageName); } else { } else { caller = getCallerIdentity(admin); caller = getCallerIdentity(admin); } } final int userId = caller.getUserId(); final int userId = caller.getUserId(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19130,7 +19130,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; return false; } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(admin, callerPackageName); caller = getCallerIdentity(admin, callerPackageName); } else { } else { caller = getCallerIdentity(admin); caller = getCallerIdentity(admin); Loading @@ -19138,7 +19138,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int userId = caller.getUserId(); final int userId = caller.getUserId(); boolean result = false; boolean result = false; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19177,14 +19177,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; return false; } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(admin, callerPackageName); caller = getCallerIdentity(admin, callerPackageName); } else { } else { caller = getCallerIdentity(admin); caller = getCallerIdentity(admin); } } int userId = caller.getUserId(); int userId = caller.getUserId(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, MANAGE_DEVICE_POLICY_RESET_PASSWORD, services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +0 −13 Original line number Original line Diff line number Diff line Loading @@ -1511,7 +1511,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { * Validates that when the device owner is removed, the reset password token is cleared * Validates that when the device owner is removed, the reset password token is cleared */ */ @Test @Test @Ignore("b/277916462") public void testClearDeviceOwner_clearResetPasswordToken() throws Exception { public void testClearDeviceOwner_clearResetPasswordToken() throws Exception { mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS); mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS); mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS); mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS); Loading Loading @@ -2602,7 +2601,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetApplicationHiddenWithDO() throws Exception { public void testSetApplicationHiddenWithDO() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading @@ -2628,7 +2626,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetApplicationHiddenWithPOOfOrganizationOwnedDevice() throws Exception { public void testSetApplicationHiddenWithPOOfOrganizationOwnedDevice() throws Exception { final int MANAGED_PROFILE_USER_ID = CALLER_USER_HANDLE; final int MANAGED_PROFILE_USER_ID = CALLER_USER_HANDLE; final int MANAGED_PROFILE_ADMIN_UID = final int MANAGED_PROFILE_ADMIN_UID = Loading Loading @@ -4375,7 +4372,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAutoTimeZoneEnabledModifiesSetting() throws Exception { public void testSetAutoTimeZoneEnabledModifiesSetting() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading @@ -4387,7 +4383,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAutoTimeZoneEnabledWithPOOnUser0() throws Exception { public void testSetAutoTimeZoneEnabledWithPOOnUser0() throws Exception { mContext.binder.callingUid = DpmMockContext.SYSTEM_UID; mContext.binder.callingUid = DpmMockContext.SYSTEM_UID; setupProfileOwnerOnUser0(); setupProfileOwnerOnUser0(); Loading @@ -4399,7 +4394,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAutoTimeZoneEnabledFailWithPONotOnUser0() throws Exception { public void testSetAutoTimeZoneEnabledFailWithPONotOnUser0() throws Exception { setupProfileOwner(); setupProfileOwner(); assertExpectException(SecurityException.class, null, assertExpectException(SecurityException.class, null, Loading @@ -4409,7 +4403,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAutoTimeZoneEnabledWithPOOfOrganizationOwnedDevice() throws Exception { public void testSetAutoTimeZoneEnabledWithPOOfOrganizationOwnedDevice() throws Exception { setupProfileOwner(); setupProfileOwner(); configureProfileOwnerOfOrgOwnedDevice(admin1, CALLER_USER_HANDLE); configureProfileOwnerOfOrgOwnedDevice(admin1, CALLER_USER_HANDLE); Loading Loading @@ -5383,7 +5376,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testResetPasswordWithToken() throws Exception { public void testResetPasswordWithToken() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading Loading @@ -5418,7 +5410,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void resetPasswordWithToken_NumericPin() throws Exception { public void resetPasswordWithToken_NumericPin() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading @@ -5439,7 +5430,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void resetPasswordWithToken_EmptyPassword() throws Exception { public void resetPasswordWithToken_EmptyPassword() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading Loading @@ -7260,7 +7250,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testCanProfileOwnerResetPasswordWhenLocked() throws Exception { public void testCanProfileOwnerResetPasswordWhenLocked() throws Exception { setDeviceEncryptionPerUser(); setDeviceEncryptionPerUser(); setupProfileOwner(); setupProfileOwner(); Loading Loading @@ -7324,7 +7313,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAccountTypesWithManagementDisabledOnManagedProfile() throws Exception { public void testSetAccountTypesWithManagementDisabledOnManagedProfile() throws Exception { setupProfileOwner(); setupProfileOwner(); Loading @@ -7344,7 +7332,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAccountTypesWithManagementDisabledOnOrgOwnedManagedProfile() public void testSetAccountTypesWithManagementDisabledOnOrgOwnedManagedProfile() throws Exception { throws Exception { mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +38 −38 Original line number Original line Diff line number Diff line Loading @@ -6041,7 +6041,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override @Override public void lockNow(int flags, String callerPackageName, boolean parent) { public void lockNow(int flags, String callerPackageName, boolean parent) { CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(callerPackageName); caller = getCallerIdentity(callerPackageName); } else { } else { caller = getCallerIdentity(); caller = getCallerIdentity(); Loading @@ -6053,7 +6053,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { ActiveAdmin admin; ActiveAdmin admin; // Make sure the caller has any active admin with the right policy or // Make sure the caller has any active admin with the right policy or // the required permission. // the required permission. if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { admin = enforcePermissionAndGetEnforcingAdmin( admin = enforcePermissionAndGetEnforcingAdmin( /* admin= */ null, /* admin= */ null, /* permission= */ MANAGE_DEVICE_POLICY_LOCK, /* permission= */ MANAGE_DEVICE_POLICY_LOCK, Loading Loading @@ -8907,13 +8907,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // The effect of this policy is device-wide. // The effect of this policy is device-wide. enforcePermission(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); enforcePermission(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); } else { } else { Loading Loading @@ -8941,13 +8941,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; return false; } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforceCanQuery(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); enforceCanQuery(SET_TIME, caller.getPackageName(), UserHandle.USER_ALL); } else { } else { Objects.requireNonNull(who, "ComponentName is null"); Objects.requireNonNull(who, "ComponentName is null"); Loading Loading @@ -8976,7 +8976,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // The effect of this policy is device-wide. // The effect of this policy is device-wide. EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, who, Loading Loading @@ -9016,13 +9016,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // The effect of this policy is device-wide. // The effect of this policy is device-wide. enforceCanQuery(SET_TIME_ZONE, caller.getPackageName(), UserHandle.USER_ALL); enforceCanQuery(SET_TIME_ZONE, caller.getPackageName(), UserHandle.USER_ALL); } else { } else { Loading Loading @@ -9325,7 +9325,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); Loading @@ -9335,7 +9335,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int userHandle = caller.getUserId(); final int userHandle = caller.getUserId(); int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; synchronized (getLockObject()) { synchronized (getLockObject()) { if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // SUPPORT USES_POLICY_DISABLE_KEYGUARD_FEATURES // SUPPORT USES_POLICY_DISABLE_KEYGUARD_FEATURES EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_KEYGUARD, caller.getPackageName(), who, MANAGE_DEVICE_POLICY_KEYGUARD, caller.getPackageName(), Loading Loading @@ -9414,7 +9414,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { synchronized (getLockObject()) { if (who != null) { if (who != null) { if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin admin = getEnforcingAdminForCaller( EnforcingAdmin admin = getEnforcingAdminForCaller( who, who.getPackageName()); who, who.getPackageName()); Integer features = mDevicePolicyEngine.getLocalPolicySetByAdmin( Integer features = mDevicePolicyEngine.getLocalPolicySetByAdmin( Loading @@ -9428,7 +9428,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { Integer features = mDevicePolicyEngine.getResolvedPolicy( Integer features = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.KEYGUARD_DISABLED_FEATURES, PolicyDefinition.KEYGUARD_DISABLED_FEATURES, affectedUserId); affectedUserId); Loading Loading @@ -11625,7 +11625,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(who, callerPackage); final CallerIdentity caller = getCallerIdentity(who, callerPackage); checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_APPLICATION_RESTRICTIONS); checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_APPLICATION_RESTRICTIONS); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, Loading Loading @@ -13034,7 +13034,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String packageName) { String packageName) { final CallerIdentity caller = getCallerIdentity(who, callerPackage); final CallerIdentity caller = getCallerIdentity(who, callerPackage); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforceCanQueryAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforceCanQueryAndGetEnforcingAdmin( who, who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, Loading Loading @@ -13104,7 +13104,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(who, callerPackage); final CallerIdentity caller = getCallerIdentity(who, callerPackage); ActiveAdmin admin; ActiveAdmin admin; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, who, MANAGE_DEVICE_POLICY_PACKAGE_STATE, MANAGE_DEVICE_POLICY_PACKAGE_STATE, Loading Loading @@ -13201,7 +13201,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) { public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) { final CallerIdentity caller = getCallerIdentity(who, callerPackage); final CallerIdentity caller = getCallerIdentity(who, callerPackage); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforcePermission( enforcePermission( MANAGE_DEVICE_POLICY_PACKAGE_STATE, MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), caller.getPackageName(), Loading Loading @@ -13807,7 +13807,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean hidden, boolean parent) { boolean hidden, boolean parent) { CallerIdentity caller = getCallerIdentity(who, callerPackage); CallerIdentity caller = getCallerIdentity(who, callerPackage); final int userId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); final int userId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // TODO: We need to ensure the delegate with DELEGATION_PACKAGE_ACCESS can do this // TODO: We need to ensure the delegate with DELEGATION_PACKAGE_ACCESS can do this enforcePermission(MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), userId); enforcePermission(MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), userId); } else { } else { Loading @@ -13826,7 +13826,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean result; boolean result; synchronized (getLockObject()) { synchronized (getLockObject()) { if (parent) { if (parent) { if (!isPolicyEngineForFinanceFlagEnabled()) { if (!isPermissionCheckFlagEnabled()) { Preconditions.checkCallAuthorization( Preconditions.checkCallAuthorization( isProfileOwnerOfOrganizationOwnedDevice( isProfileOwnerOfOrganizationOwnedDevice( caller.getUserId()) && isManagedProfile(caller.getUserId())); caller.getUserId()) && isManagedProfile(caller.getUserId())); Loading @@ -13843,7 +13843,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Slogf.v(LOG_TAG, "calling pm.setApplicationHiddenSettingAsUser(%s, %b, %d)", Slogf.v(LOG_TAG, "calling pm.setApplicationHiddenSettingAsUser(%s, %b, %d)", packageName, hidden, userId); packageName, hidden, userId); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackage); EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackage); mDevicePolicyEngine.setLocalPolicy( mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.APPLICATION_HIDDEN(packageName), PolicyDefinition.APPLICATION_HIDDEN(packageName), Loading Loading @@ -13882,7 +13882,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String packageName, boolean parent) { String packageName, boolean parent) { CallerIdentity caller = getCallerIdentity(who, callerPackage); CallerIdentity caller = getCallerIdentity(who, callerPackage); int userId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); int userId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { // TODO: Also support DELEGATION_PACKAGE_ACCESS // TODO: Also support DELEGATION_PACKAGE_ACCESS enforcePermission(MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), userId); enforcePermission(MANAGE_DEVICE_POLICY_PACKAGE_STATE, caller.getPackageName(), userId); } else { } else { Loading @@ -13894,7 +13894,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { synchronized (getLockObject()) { if (parent) { if (parent) { if (!isPolicyEngineForFinanceFlagEnabled()) { if (!isPermissionCheckFlagEnabled()) { Preconditions.checkCallAuthorization( Preconditions.checkCallAuthorization( isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId()) isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId()) && isManagedProfile(caller.getUserId())); && isManagedProfile(caller.getUserId())); Loading Loading @@ -14083,13 +14083,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return; return; } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } synchronized (getLockObject()) { synchronized (getLockObject()) { if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { int affectedUser = getAffectedUser(parent); int affectedUser = getAffectedUser(parent); EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, who, Loading Loading @@ -14152,7 +14152,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { CallerIdentity caller; CallerIdentity caller; Preconditions.checkArgumentNonnegative(userId, "Invalid userId"); Preconditions.checkArgumentNonnegative(userId, "Invalid userId"); final ArraySet<String> resultSet = new ArraySet<>(); final ArraySet<String> resultSet = new ArraySet<>(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { int affectedUser = parent ? getProfileParentId(userId) : userId; int affectedUser = parent ? getProfileParentId(userId) : userId; caller = getCallerIdentity(callerPackageName); caller = getCallerIdentity(callerPackageName); if (!hasPermission(MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT, if (!hasPermission(MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT, Loading Loading @@ -15519,12 +15519,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public boolean setStatusBarDisabled(ComponentName who, String callerPackageName, public boolean setStatusBarDisabled(ComponentName who, String callerPackageName, boolean disabled) { boolean disabled) { CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(who, callerPackageName); caller = getCallerIdentity(who, callerPackageName); } else { } else { caller = getCallerIdentity(who); caller = getCallerIdentity(who); } } if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforcePermission(MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), enforcePermission(MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), UserHandle.USER_ALL); UserHandle.USER_ALL); } else { } else { Loading @@ -15535,7 +15535,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); int userId = caller.getUserId(); synchronized (getLockObject()) { synchronized (getLockObject()) { if (!isPolicyEngineForFinanceFlagEnabled()) { if (!isPermissionCheckFlagEnabled()) { Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), "Admin " + who + " is neither the device owner or affiliated " "Admin " + who + " is neither the device owner or affiliated " + "user's profile owner."); + "user's profile owner."); Loading Loading @@ -15594,7 +15594,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override @Override public boolean isStatusBarDisabled(String callerPackage) { public boolean isStatusBarDisabled(String callerPackage) { final CallerIdentity caller = getCallerIdentity(callerPackage); final CallerIdentity caller = getCallerIdentity(callerPackage); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforceCanQuery( enforceCanQuery( MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), caller.getUserId()); MANAGE_DEVICE_POLICY_STATUS_BAR, caller.getPackageName(), caller.getUserId()); } else { } else { Loading @@ -15604,7 +15604,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int userId = caller.getUserId(); int userId = caller.getUserId(); synchronized (getLockObject()) { synchronized (getLockObject()) { if (!isPolicyEngineForFinanceFlagEnabled()) { if (!isPermissionCheckFlagEnabled()) { Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), Preconditions.checkCallAuthorization(isUserAffiliatedWithDeviceLocked(userId), "Admin " + callerPackage "Admin " + callerPackage + " is neither the device owner or affiliated user's profile owner."); + " is neither the device owner or affiliated user's profile owner."); Loading Loading @@ -16764,7 +16764,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } } EnforcingAdmin enforcingAdmin; EnforcingAdmin enforcingAdmin; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, admin, MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, Loading Loading @@ -16935,7 +16935,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public int getPermissionGrantState(ComponentName admin, String callerPackage, public int getPermissionGrantState(ComponentName admin, String callerPackage, String packageName, String permission) throws RemoteException { String packageName, String permission) throws RemoteException { final CallerIdentity caller = getCallerIdentity(admin, callerPackage); final CallerIdentity caller = getCallerIdentity(admin, callerPackage); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { enforceCanQuery(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, caller.getPackageName(), enforceCanQuery(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, caller.getPackageName(), caller.getUserId()); caller.getUserId()); } else { } else { Loading Loading @@ -19067,14 +19067,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { throw new IllegalArgumentException("token must be at least 32-byte long"); throw new IllegalArgumentException("token must be at least 32-byte long"); } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(admin, callerPackageName); caller = getCallerIdentity(admin, callerPackageName); } else { } else { caller = getCallerIdentity(admin); caller = getCallerIdentity(admin); } } final int userId = caller.getUserId(); final int userId = caller.getUserId(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19130,7 +19130,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; return false; } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(admin, callerPackageName); caller = getCallerIdentity(admin, callerPackageName); } else { } else { caller = getCallerIdentity(admin); caller = getCallerIdentity(admin); Loading @@ -19138,7 +19138,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final int userId = caller.getUserId(); final int userId = caller.getUserId(); boolean result = false; boolean result = false; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, MANAGE_DEVICE_POLICY_RESET_PASSWORD, Loading Loading @@ -19177,14 +19177,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; return false; } } CallerIdentity caller; CallerIdentity caller; if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { caller = getCallerIdentity(admin, callerPackageName); caller = getCallerIdentity(admin, callerPackageName); } else { } else { caller = getCallerIdentity(admin); caller = getCallerIdentity(admin); } } int userId = caller.getUserId(); int userId = caller.getUserId(); if (isPolicyEngineForFinanceFlagEnabled()) { if (isPermissionCheckFlagEnabled()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, admin, MANAGE_DEVICE_POLICY_RESET_PASSWORD, MANAGE_DEVICE_POLICY_RESET_PASSWORD,
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +0 −13 Original line number Original line Diff line number Diff line Loading @@ -1511,7 +1511,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { * Validates that when the device owner is removed, the reset password token is cleared * Validates that when the device owner is removed, the reset password token is cleared */ */ @Test @Test @Ignore("b/277916462") public void testClearDeviceOwner_clearResetPasswordToken() throws Exception { public void testClearDeviceOwner_clearResetPasswordToken() throws Exception { mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS); mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS); mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS); mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS); Loading Loading @@ -2602,7 +2601,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetApplicationHiddenWithDO() throws Exception { public void testSetApplicationHiddenWithDO() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading @@ -2628,7 +2626,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetApplicationHiddenWithPOOfOrganizationOwnedDevice() throws Exception { public void testSetApplicationHiddenWithPOOfOrganizationOwnedDevice() throws Exception { final int MANAGED_PROFILE_USER_ID = CALLER_USER_HANDLE; final int MANAGED_PROFILE_USER_ID = CALLER_USER_HANDLE; final int MANAGED_PROFILE_ADMIN_UID = final int MANAGED_PROFILE_ADMIN_UID = Loading Loading @@ -4375,7 +4372,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAutoTimeZoneEnabledModifiesSetting() throws Exception { public void testSetAutoTimeZoneEnabledModifiesSetting() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading @@ -4387,7 +4383,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAutoTimeZoneEnabledWithPOOnUser0() throws Exception { public void testSetAutoTimeZoneEnabledWithPOOnUser0() throws Exception { mContext.binder.callingUid = DpmMockContext.SYSTEM_UID; mContext.binder.callingUid = DpmMockContext.SYSTEM_UID; setupProfileOwnerOnUser0(); setupProfileOwnerOnUser0(); Loading @@ -4399,7 +4394,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAutoTimeZoneEnabledFailWithPONotOnUser0() throws Exception { public void testSetAutoTimeZoneEnabledFailWithPONotOnUser0() throws Exception { setupProfileOwner(); setupProfileOwner(); assertExpectException(SecurityException.class, null, assertExpectException(SecurityException.class, null, Loading @@ -4409,7 +4403,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAutoTimeZoneEnabledWithPOOfOrganizationOwnedDevice() throws Exception { public void testSetAutoTimeZoneEnabledWithPOOfOrganizationOwnedDevice() throws Exception { setupProfileOwner(); setupProfileOwner(); configureProfileOwnerOfOrgOwnedDevice(admin1, CALLER_USER_HANDLE); configureProfileOwnerOfOrgOwnedDevice(admin1, CALLER_USER_HANDLE); Loading Loading @@ -5383,7 +5376,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testResetPasswordWithToken() throws Exception { public void testResetPasswordWithToken() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading Loading @@ -5418,7 +5410,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void resetPasswordWithToken_NumericPin() throws Exception { public void resetPasswordWithToken_NumericPin() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading @@ -5439,7 +5430,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void resetPasswordWithToken_EmptyPassword() throws Exception { public void resetPasswordWithToken_EmptyPassword() throws Exception { mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); setupDeviceOwner(); Loading Loading @@ -7260,7 +7250,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testCanProfileOwnerResetPasswordWhenLocked() throws Exception { public void testCanProfileOwnerResetPasswordWhenLocked() throws Exception { setDeviceEncryptionPerUser(); setDeviceEncryptionPerUser(); setupProfileOwner(); setupProfileOwner(); Loading Loading @@ -7324,7 +7313,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAccountTypesWithManagementDisabledOnManagedProfile() throws Exception { public void testSetAccountTypesWithManagementDisabledOnManagedProfile() throws Exception { setupProfileOwner(); setupProfileOwner(); Loading @@ -7344,7 +7332,6 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test @Ignore("b/277916462") public void testSetAccountTypesWithManagementDisabledOnOrgOwnedManagedProfile() public void testSetAccountTypesWithManagementDisabledOnOrgOwnedManagedProfile() throws Exception { throws Exception { mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); Loading
