Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 65eacc95 authored by Alex Johnston's avatar Alex Johnston
Browse files

Replace enforce permission checks in DPMS 

Replaced
* enforceFullCrossUsersPermission -> hasFullCrossUsersPermission
* enforceCrossUsersPermission -> hasCrossUsersPermission

Removed
* enforceSystemUserOrPermissionIfCrossUser
* enforceSystemUserOrPermission
* enforceAcrossUsersPermissions
* hasMarkProfileOwnerOnOrganizationOwnedDevicePermission

Updated methods
* getCurrentFailedPasswordAttempts
* getAllCrossProfilePackages
* setActiveAdmin
* isAdminActive
* isRemovingAdmin
* hasGrantedPolicy
* getActiveAdmins
* packageHasActiveAdmins
* removeActiveAdmin
* getPasswordQuality
* getPasswordExpirationTimeout
* getPasswordExpiration
* getStrictestPasswordRequirement
* getPasswordMinimumMetrics
* isActivePasswordSufficient
* isProfileActivePasswordSufficientForParent
* isPasswordSufficientAfterProfileUnification
* getCurrentFailedPasswordAttempts
* getMaximumFailedPasswordsForWipe
* getProfileWithMinimumFailedPasswordsForWipe
* getMaximumTimeToLock
* getRequiredStrongAuthTimeout
* wipeDataWithReason
* getRemoveWarning
* reportFailedPasswordAttempt
* reportSuccessfulPasswordAttempt
* reportFailedBiometricAttempt
* reportSuccessfulBiometricAttempt
* reportKeyguardDismissed
* reportKeyguardSecured
* getGlobalProxyAdmin
* getStorageEncryption
* getStorageEncryptionStatus
* getKeyguardDisabledFeatures
* getTrustAgentConfiguration
* getAccountTypesWithManagementDisabledAsUser
* setOrganizationColorForUser
* getOrganizationColorForUser
* getOrganizationNameForUser
* getProfileOwnerAsUser
* getCrossProfileCallerIdDisabledForUser
* getCrossProfileContactsSearchDisabledForUser
* isPackageAllowedToAccessCalendarForUser
* getCrossProfileCalendarPackagesForUser
* getActiveAdminOrCheckPermissionForCallerLocked
* resetPassword
* lockNow
* enforceNetworkStackOrProfileOrDeviceOwner
* getFactoryResetProtectionPolicy

Bug: 165302873
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
      atest com.google.android.cts.deviceowner.DeviceOwnerTest
      atest com.android.cts.devicepolicy.MixedDeviceOwnerTest
      atest com.android.cts.devicepolicy.MixedProfileOwnerTest
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest

Change-Id: Ic3fea2f0483c02623a21bc3a67ff6bd29fbcc792
parent 509f1c79

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+270 −131

File changed.

Preview size limit exceeded, changes collapsed.

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

+2 −0
Original line number Diff line number Diff line
@@ -4465,6 +4465,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 19436);

        addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);

        mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;

        mServiceContext.permissions.add(permission.INTERACT_ACROSS_USERS_FULL);



        // Even if the caller is the managed profile, the current user is the user 0

        when(getServices().iactivityManager.getCurrentUser())
@@ -5694,6 +5695,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { 


        final long ident = mServiceContext.binder.clearCallingIdentity();

        configureContextForAccess(mServiceContext, true);

        mServiceContext.permissions.add(permission.MARK_DEVICE_ORGANIZATION_OWNED);



        mServiceContext.binder.callingUid =

                UserHandle.getUid(CALLER_USER_HANDLE,

services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java

+23 −13
Original line number Diff line number Diff line
@@ -259,18 +259,7 @@ public class DpmMockContext extends MockContext { 


    @Override

    public int checkPermission(String permission, int pid, int uid) {

        if (UserHandle.isSameApp(binder.getCallingUid(), SYSTEM_UID)) {

            return PackageManager.PERMISSION_GRANTED; // Assume system has all permissions.

        }

        List<String> permissions = binder.callingPermissions.get(binder.getCallingUid());

        if (permissions == null) {

            permissions = callerPermissions;

        }

        if (permissions.contains(permission)) {

            return PackageManager.PERMISSION_GRANTED;

        } else {

            return PackageManager.PERMISSION_DENIED;

        }

        return checkPermission(permission);

    }



    @Override
@@ -480,11 +469,32 @@ public class DpmMockContext extends MockContext { 


    @Override

    public int checkCallingPermission(String permission) {

        return spiedContext.checkCallingPermission(permission);

        return checkPermission(permission);

    }



    @Override

    public int checkCallingOrSelfPermission(String permission) {

        return checkPermission(permission);

    }



    @Override

    public void startActivityAsUser(Intent intent, UserHandle userHandle) {

        spiedContext.startActivityAsUser(intent, userHandle);

    }



    private int checkPermission(String permission) {

        if (UserHandle.isSameApp(binder.getCallingUid(), SYSTEM_UID)) {

            return PackageManager.PERMISSION_GRANTED; // Assume system has all permissions.

        }

        List<String> permissions = binder.callingPermissions.get(binder.getCallingUid());

        if (permissions == null) {

            permissions = callerPermissions;

        }

        if (permissions.contains(permission)) {

            return PackageManager.PERMISSION_GRANTED;

        } else {

            return PackageManager.PERMISSION_DENIED;

        }

    }



}