Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +32 −49 Original line number Original line Diff line number Diff line Loading @@ -9284,22 +9284,39 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return poComponent; return poComponent; } } } } final String supervisor = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); // Check profile owner first as that is what most likely is set. if (supervisor == null) { if (isSupervisionComponent(poComponent)) { return null; return poComponent; } } final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor); if (supervisorComponent == null) { if (isSupervisionComponent(doComponent)) { return null; return doComponent; } } if (supervisorComponent.equals(doComponent) || supervisorComponent.equals( poComponent)) { return supervisorComponent; } else { return null; return null; } } } } private boolean isSupervisionComponent(@Nullable ComponentName who) { if (who == null) { return false; } final String configComponent = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); if (configComponent != null) { final ComponentName componentName = ComponentName.unflattenFromString(configComponent); if (who.equals(componentName)) { return true; } } // Check the system supervision role. final String configPackage = mContext.getResources().getString( com.android.internal.R.string.config_systemSupervision); return who.getPackageName().equals(configPackage); } } @Override @Override Loading Loading @@ -9485,22 +9502,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { "Cannot set the profile owner on a user which is already set-up"); "Cannot set the profile owner on a user which is already set-up"); if (!mIsWatch) { if (!mIsWatch) { final String supervisionRolePackage = mContext.getResources().getString( if (!isSupervisionComponent(owner)) { com.android.internal.R.string.config_systemSupervision); // Only the default supervision profile owner or supervision role holder // can be set as profile owner after SUW final String supervisor = mContext.getResources().getString( com.android.internal.R.string .config_defaultSupervisionProfileOwnerComponent); if (supervisor == null && supervisionRolePackage == null) { throw new IllegalStateException("Unable to set profile owner post-setup, no" + "default supervisor profile owner defined"); } final ComponentName supervisorComponent = ComponentName.unflattenFromString( supervisor); if (!owner.equals(supervisorComponent) && !owner.getPackageName().equals(supervisionRolePackage)) { throw new IllegalStateException("Unable to set non-default profile owner" throw new IllegalStateException("Unable to set non-default profile owner" + " post-setup " + owner); + " post-setup " + owner); } } Loading Loading @@ -12087,7 +12089,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { synchronized (getLockObject()) { synchronized (getLockObject()) { // Allow testOnly admins to bypass supervision config requirement. // Allow testOnly admins to bypass supervision config requirement. Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId()) Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId()) || isDefaultSupervisor(caller), "Admin %s is not the " || isSupervisionComponent(caller.getComponentName()), "Admin %s is not the " + "default supervision component", caller.getComponentName()); + "default supervision component", caller.getComponentName()); DevicePolicyData policy = getUserData(caller.getUserId()); DevicePolicyData policy = getUserData(caller.getUserId()); policy.mSecondaryLockscreenEnabled = enabled; policy.mSecondaryLockscreenEnabled = enabled; Loading @@ -12106,16 +12108,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return isProfileOwner(caller) && isManagedProfile(caller.getUserId()); return isProfileOwner(caller) && isManagedProfile(caller.getUserId()); } } private boolean isDefaultSupervisor(CallerIdentity caller) { final String supervisor = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); if (supervisor == null) { return false; } final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor); return caller.getComponentName().equals(supervisorComponent); } @Override @Override public void setPreferentialNetworkServiceConfigs( public void setPreferentialNetworkServiceConfigs( List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs) { List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs) { Loading Loading @@ -12999,16 +12991,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return false; return false; } } final String supervisionString = mContext.getResources().getString( return isSupervisionComponent(admin.info.getComponent()); com.android.internal.R.string .config_defaultSupervisionProfileOwnerComponent); if (supervisionString == null) { return false; } final ComponentName supervisorComponent = ComponentName.unflattenFromString( supervisionString); return admin.info.getComponent().equals(supervisorComponent); } } } } services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +38 −9 Original line number Original line Diff line number Diff line Loading @@ -3322,19 +3322,48 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test public void testIsActiveSupervisionApp() throws Exception { public void testSupervisionConfig() throws Exception { when(mServiceContext.resources final int uid = UserHandle.getUid(15, 19436); .getString(R.string.config_defaultSupervisionProfileOwnerComponent)) addManagedProfile(admin1, uid, admin1); .thenReturn(admin1.flattenToString()); mContext.binder.callingUid = uid; final int PROFILE_USER = 15; verifySupervisionConfig(uid, null, null); final int PROFILE_ADMIN = UserHandle.getUid(PROFILE_USER, 19436); verifySupervisionConfig(uid, "", null); addManagedProfile(admin1, PROFILE_ADMIN, admin1); verifySupervisionConfig(uid, null, ""); mContext.binder.callingUid = PROFILE_ADMIN; verifySupervisionConfig(uid, "", ""); verifySupervisionConfig(uid, admin1.flattenToString(), null); verifySupervisionConfig(uid, admin1.flattenToString(), ""); verifySupervisionConfig(uid, null, admin1.getPackageName()); verifySupervisionConfig(uid, "", admin1.getPackageName()); } private void verifySupervisionConfig( int uid , String configComponentName, String configPackageName) { final boolean isAdmin = admin1.flattenToString().equals(configComponentName) || admin1.getPackageName().equals(configPackageName); final UserHandle user = UserHandle.getUserHandleForUid(uid); final DevicePolicyManagerInternal dpmi = final DevicePolicyManagerInternal dpmi = LocalServices.getService(DevicePolicyManagerInternal.class); LocalServices.getService(DevicePolicyManagerInternal.class); assertThat(dpmi.isActiveSupervisionApp(PROFILE_ADMIN)).isTrue(); when(mServiceContext.resources .getString(R.string.config_defaultSupervisionProfileOwnerComponent)) .thenReturn(configComponentName); when(mServiceContext.resources .getString(R.string.config_systemSupervision)) .thenReturn(configPackageName); if (isAdmin) { assertThat(dpmi.isActiveSupervisionApp(uid)).isTrue(); assertThat(dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(user)) .isEqualTo(admin1); } else { assertThat(dpmi.isActiveSupervisionApp(uid)).isFalse(); assertThat(dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(user)).isNull(); } } } // Test if lock timeout on managed profile is handled correctly depending on whether profile // Test if lock timeout on managed profile is handled correctly depending on whether profile Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +32 −49 Original line number Original line Diff line number Diff line Loading @@ -9284,22 +9284,39 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return poComponent; return poComponent; } } } } final String supervisor = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); // Check profile owner first as that is what most likely is set. if (supervisor == null) { if (isSupervisionComponent(poComponent)) { return null; return poComponent; } } final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor); if (supervisorComponent == null) { if (isSupervisionComponent(doComponent)) { return null; return doComponent; } } if (supervisorComponent.equals(doComponent) || supervisorComponent.equals( poComponent)) { return supervisorComponent; } else { return null; return null; } } } } private boolean isSupervisionComponent(@Nullable ComponentName who) { if (who == null) { return false; } final String configComponent = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); if (configComponent != null) { final ComponentName componentName = ComponentName.unflattenFromString(configComponent); if (who.equals(componentName)) { return true; } } // Check the system supervision role. final String configPackage = mContext.getResources().getString( com.android.internal.R.string.config_systemSupervision); return who.getPackageName().equals(configPackage); } } @Override @Override Loading Loading @@ -9485,22 +9502,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { "Cannot set the profile owner on a user which is already set-up"); "Cannot set the profile owner on a user which is already set-up"); if (!mIsWatch) { if (!mIsWatch) { final String supervisionRolePackage = mContext.getResources().getString( if (!isSupervisionComponent(owner)) { com.android.internal.R.string.config_systemSupervision); // Only the default supervision profile owner or supervision role holder // can be set as profile owner after SUW final String supervisor = mContext.getResources().getString( com.android.internal.R.string .config_defaultSupervisionProfileOwnerComponent); if (supervisor == null && supervisionRolePackage == null) { throw new IllegalStateException("Unable to set profile owner post-setup, no" + "default supervisor profile owner defined"); } final ComponentName supervisorComponent = ComponentName.unflattenFromString( supervisor); if (!owner.equals(supervisorComponent) && !owner.getPackageName().equals(supervisionRolePackage)) { throw new IllegalStateException("Unable to set non-default profile owner" throw new IllegalStateException("Unable to set non-default profile owner" + " post-setup " + owner); + " post-setup " + owner); } } Loading Loading @@ -12087,7 +12089,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { synchronized (getLockObject()) { synchronized (getLockObject()) { // Allow testOnly admins to bypass supervision config requirement. // Allow testOnly admins to bypass supervision config requirement. Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId()) Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId()) || isDefaultSupervisor(caller), "Admin %s is not the " || isSupervisionComponent(caller.getComponentName()), "Admin %s is not the " + "default supervision component", caller.getComponentName()); + "default supervision component", caller.getComponentName()); DevicePolicyData policy = getUserData(caller.getUserId()); DevicePolicyData policy = getUserData(caller.getUserId()); policy.mSecondaryLockscreenEnabled = enabled; policy.mSecondaryLockscreenEnabled = enabled; Loading @@ -12106,16 +12108,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return isProfileOwner(caller) && isManagedProfile(caller.getUserId()); return isProfileOwner(caller) && isManagedProfile(caller.getUserId()); } } private boolean isDefaultSupervisor(CallerIdentity caller) { final String supervisor = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); if (supervisor == null) { return false; } final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor); return caller.getComponentName().equals(supervisorComponent); } @Override @Override public void setPreferentialNetworkServiceConfigs( public void setPreferentialNetworkServiceConfigs( List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs) { List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs) { Loading Loading @@ -12999,16 +12991,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return false; return false; } } final String supervisionString = mContext.getResources().getString( return isSupervisionComponent(admin.info.getComponent()); com.android.internal.R.string .config_defaultSupervisionProfileOwnerComponent); if (supervisionString == null) { return false; } final ComponentName supervisorComponent = ComponentName.unflattenFromString( supervisionString); return admin.info.getComponent().equals(supervisorComponent); } } } }
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +38 −9 Original line number Original line Diff line number Diff line Loading @@ -3322,19 +3322,48 @@ public class DevicePolicyManagerTest extends DpmTestBase { } } @Test @Test public void testIsActiveSupervisionApp() throws Exception { public void testSupervisionConfig() throws Exception { when(mServiceContext.resources final int uid = UserHandle.getUid(15, 19436); .getString(R.string.config_defaultSupervisionProfileOwnerComponent)) addManagedProfile(admin1, uid, admin1); .thenReturn(admin1.flattenToString()); mContext.binder.callingUid = uid; final int PROFILE_USER = 15; verifySupervisionConfig(uid, null, null); final int PROFILE_ADMIN = UserHandle.getUid(PROFILE_USER, 19436); verifySupervisionConfig(uid, "", null); addManagedProfile(admin1, PROFILE_ADMIN, admin1); verifySupervisionConfig(uid, null, ""); mContext.binder.callingUid = PROFILE_ADMIN; verifySupervisionConfig(uid, "", ""); verifySupervisionConfig(uid, admin1.flattenToString(), null); verifySupervisionConfig(uid, admin1.flattenToString(), ""); verifySupervisionConfig(uid, null, admin1.getPackageName()); verifySupervisionConfig(uid, "", admin1.getPackageName()); } private void verifySupervisionConfig( int uid , String configComponentName, String configPackageName) { final boolean isAdmin = admin1.flattenToString().equals(configComponentName) || admin1.getPackageName().equals(configPackageName); final UserHandle user = UserHandle.getUserHandleForUid(uid); final DevicePolicyManagerInternal dpmi = final DevicePolicyManagerInternal dpmi = LocalServices.getService(DevicePolicyManagerInternal.class); LocalServices.getService(DevicePolicyManagerInternal.class); assertThat(dpmi.isActiveSupervisionApp(PROFILE_ADMIN)).isTrue(); when(mServiceContext.resources .getString(R.string.config_defaultSupervisionProfileOwnerComponent)) .thenReturn(configComponentName); when(mServiceContext.resources .getString(R.string.config_systemSupervision)) .thenReturn(configPackageName); if (isAdmin) { assertThat(dpmi.isActiveSupervisionApp(uid)).isTrue(); assertThat(dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(user)) .isEqualTo(admin1); } else { assertThat(dpmi.isActiveSupervisionApp(uid)).isFalse(); assertThat(dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(user)).isNull(); } } } // Test if lock timeout on managed profile is handled correctly depending on whether profile // Test if lock timeout on managed profile is handled correctly depending on whether profile Loading
