Loading core/java/android/app/admin/DevicePolicyManager.java +9 −42 Original line number Diff line number Diff line Loading @@ -60,7 +60,6 @@ import android.graphics.drawable.Drawable; import android.net.PrivateDnsConnectivityChecker; import android.net.ProxyInfo; import android.net.Uri; import android.net.wifi.WifiSsid; import android.nfc.NfcAdapter; import android.os.Binder; import android.os.Build; Loading Loading @@ -112,7 +111,6 @@ import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.net.InetSocketAddress; import java.net.Proxy; import java.nio.charset.StandardCharsets; import java.security.KeyFactory; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; Loading Loading @@ -15237,26 +15235,15 @@ public class DevicePolicyManager { */ public void setWifiSsidPolicy(@Nullable WifiSsidPolicy policy) { throwIfParentInstance("setWifiSsidPolicy"); if (mService != null) { try { if (policy == null) { mService.setSsidAllowlist(new ArrayList<>()); } else { int policyType = policy.getPolicyType(); List<String> ssidList = new ArrayList<>(); for (WifiSsid ssid : policy.getSsids()) { ssidList.add(new String(ssid.getBytes(), StandardCharsets.UTF_8)); } if (policyType == WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST) { mService.setSsidAllowlist(ssidList); } else { mService.setSsidDenylist(ssidList); } if (mService == null) { return; } try { mService.setWifiSsidPolicy(policy); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** Loading @@ -15274,30 +15261,10 @@ public class DevicePolicyManager { return null; } try { List<String> allowlist = mService.getSsidAllowlist(); if (!allowlist.isEmpty()) { List<WifiSsid> wifiSsidAllowlist = new ArrayList<>(); for (String ssid : allowlist) { wifiSsidAllowlist.add( WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8))); } return new WifiSsidPolicy(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST, new ArraySet<>(wifiSsidAllowlist)); } List<String> denylist = mService.getSsidDenylist(); if (!denylist.isEmpty()) { List<WifiSsid> wifiSsidDenylist = new ArrayList<>(); for (String ssid : denylist) { wifiSsidDenylist.add( WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8))); } return new WifiSsidPolicy(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST, new ArraySet<>(wifiSsidDenylist)); } return mService.getWifiSsidPolicy(); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } return null; } /** core/java/android/app/admin/IDevicePolicyManager.aidl +3 −4 Original line number Diff line number Diff line Loading @@ -33,6 +33,7 @@ import android.app.admin.PasswordMetrics; import android.app.admin.FactoryResetProtectionPolicy; import android.app.admin.ManagedProfileProvisioningParams; import android.app.admin.FullyManagedDeviceProvisioningParams; import android.app.admin.WifiSsidPolicy; import android.content.ComponentName; import android.content.Intent; import android.content.IntentFilter; Loading Loading @@ -545,10 +546,8 @@ interface IDevicePolicyManager { void setMinimumRequiredWifiSecurityLevel(int level); int getMinimumRequiredWifiSecurityLevel(); void setSsidAllowlist(in List<String> ssids); List<String> getSsidAllowlist(); void setSsidDenylist(in List<String> ssids); List<String> getSsidDenylist(); void setWifiSsidPolicy(in WifiSsidPolicy policy); WifiSsidPolicy getWifiSsidPolicy(); List<UserHandle> listForegroundAffiliatedUsers(); void setDrawables(in List<DevicePolicyDrawableResource> drawables); Loading core/java/android/app/admin/WifiSsidPolicy.java +18 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ import android.util.ArraySet; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.Objects; import java.util.Set; /** Loading Loading @@ -134,6 +135,23 @@ public final class WifiSsidPolicy implements Parcelable { dest.writeArraySet(mSsids); } @Override public boolean equals(Object thatObject) { if (this == thatObject) { return true; } if (!(thatObject instanceof WifiSsidPolicy)) { return false; } WifiSsidPolicy that = (WifiSsidPolicy) thatObject; return mPolicyType == that.mPolicyType && Objects.equals(mSsids, that.mSsids); } @Override public int hashCode() { return Objects.hash(mPolicyType, mSsids); } @Override public int describeContents() { return 0; Loading services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java +45 −21 Original line number Diff line number Diff line Loading @@ -19,6 +19,8 @@ package com.android.server.devicepolicy; import static android.app.admin.DevicePolicyManager.NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY; import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE; import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST; import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST; import static com.android.server.devicepolicy.DevicePolicyManagerService.LOG_TAG; Loading @@ -33,7 +35,9 @@ import android.app.admin.DevicePolicyManager; import android.app.admin.FactoryResetProtectionPolicy; import android.app.admin.PasswordPolicy; import android.app.admin.PreferentialNetworkServiceConfig; import android.app.admin.WifiSsidPolicy; import android.graphics.Color; import android.net.wifi.WifiSsid; import android.os.Bundle; import android.os.PersistableBundle; import android.os.UserHandle; Loading @@ -53,6 +57,7 @@ import com.android.server.utils.Slogf; import org.xmlpull.v1.XmlPullParserException; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; Loading @@ -60,6 +65,7 @@ import java.util.List; import java.util.Map; import java.util.Set; import java.util.function.Predicate; import java.util.stream.Collectors; class ActiveAdmin { private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features"; Loading Loading @@ -242,13 +248,8 @@ class ActiveAdmin { // List of package names to keep cached. List<String> keepUninstalledPackages; // The allowlist of SSIDs the device may connect to. // By default, the allowlist restriction is deactivated. List<String> mSsidAllowlist; // The denylist of SSIDs the device may not connect to. // By default, the denylist restriction is deactivated. List<String> mSsidDenylist; // Wi-Fi SSID restriction policy. WifiSsidPolicy mWifiSsidPolicy; // TODO: review implementation decisions with frameworks team boolean specifiesGlobalProxy = false; Loading Loading @@ -594,12 +595,20 @@ class ActiveAdmin { if (mWifiMinimumSecurityLevel != DevicePolicyManager.WIFI_SECURITY_OPEN) { writeAttributeValueToXml(out, TAG_WIFI_MIN_SECURITY, mWifiMinimumSecurityLevel); } if (mSsidAllowlist != null && !mSsidAllowlist.isEmpty()) { writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, mSsidAllowlist); if (mWifiSsidPolicy != null) { List<String> ssids = ssidsToStrings(mWifiSsidPolicy.getSsids()); if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) { writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, ssids); } else if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_DENYLIST) { writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, ssids); } } if (mSsidDenylist != null && !mSsidDenylist.isEmpty()) { writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, mSsidDenylist); } private List<String> ssidsToStrings(Set<WifiSsid> ssids) { return ssids.stream() .map(ssid -> new String(ssid.getBytes(), StandardCharsets.UTF_8)) .collect(Collectors.toList()); } void writeTextToXml(TypedXmlSerializer out, String tag, String text) throws IOException { Loading Loading @@ -855,11 +864,13 @@ class ActiveAdmin { } else if (TAG_WIFI_MIN_SECURITY.equals(tag)) { mWifiMinimumSecurityLevel = parser.getAttributeInt(null, ATTR_VALUE); } else if (TAG_SSID_ALLOWLIST.equals(tag)) { mSsidAllowlist = new ArrayList<>(); readAttributeValues(parser, TAG_SSID, mSsidAllowlist); List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID); mWifiSsidPolicy = new WifiSsidPolicy( WIFI_SSID_POLICY_TYPE_ALLOWLIST, new ArraySet<>(ssids)); } else if (TAG_SSID_DENYLIST.equals(tag)) { mSsidDenylist = new ArrayList<>(); readAttributeValues(parser, TAG_SSID, mSsidDenylist); List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID); mWifiSsidPolicy = new WifiSsidPolicy( WIFI_SSID_POLICY_TYPE_DENYLIST, new ArraySet<>(ssids)); } else { Slogf.w(LOG_TAG, "Unknown admin tag: %s", tag); XmlUtils.skipCurrentTag(parser); Loading @@ -867,6 +878,16 @@ class ActiveAdmin { } } private List<WifiSsid> readWifiSsids(TypedXmlPullParser parser, String tag) throws XmlPullParserException, IOException { List<String> ssidStrings = new ArrayList<>(); readAttributeValues(parser, tag, ssidStrings); List<WifiSsid> ssids = ssidStrings.stream() .map(ssid -> WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8))) .collect(Collectors.toList()); return ssids; } private List<String> readPackageList(TypedXmlPullParser parser, String tag) throws XmlPullParserException, IOException { List<String> result = new ArrayList<String>(); Loading Loading @@ -1222,11 +1243,14 @@ class ActiveAdmin { pw.print("mWifiMinimumSecurityLevel="); pw.println(mWifiMinimumSecurityLevel); if (mWifiSsidPolicy != null) { if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) { pw.print("mSsidAllowlist="); pw.println(mSsidAllowlist); } else { pw.print("mSsidDenylist="); pw.println(mSsidDenylist); } pw.println(ssidsToStrings(mWifiSsidPolicy.getSsids())); } if (mFactoryResetProtectionPolicy != null) { pw.println("mFactoryResetProtectionPolicy:"); Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +11 −59 Original line number Diff line number Diff line Loading @@ -274,7 +274,6 @@ import android.net.Uri; import android.net.VpnManager; import android.net.metrics.IpConnectivityLog; import android.net.wifi.WifiManager; import android.net.wifi.WifiSsid; import android.os.Binder; import android.os.Build; import android.os.Bundle; Loading Loading @@ -395,7 +394,6 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.PrintWriter; import java.lang.reflect.Constructor; import java.nio.charset.StandardCharsets; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; Loading Loading @@ -18570,13 +18568,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { .notifyMinimumRequiredWifiSecurityLevelChanged(level)); } private void notifyWifiSsidPolicyChanged(int policyType, List<String> ssids) { List<WifiSsid> wifiSsidList = new ArrayList<>(); for (String ssid : ssids) { wifiSsidList.add( WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8))); private void notifyWifiSsidPolicyChanged(WifiSsidPolicy policy) { if (policy == null) { // If policy doesn't limit SSIDs, no need to disconnect anything. return; } WifiSsidPolicy policy = new WifiSsidPolicy(policyType, new ArraySet<>(wifiSsidList)); mInjector.binderWithCleanCallingIdentity( () -> mInjector.getWifiManager().notifyWifiSsidPolicyChanged(policy)); } Loading Loading @@ -18612,84 +18608,40 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } @Override public void setSsidAllowlist(List<String> ssids) { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller), "SSID allowlist can only be controlled by a device owner or " + "a profile owner on an organization-owned device."); Collections.sort(ssids); boolean changed = false; synchronized (getLockObject()) { final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller); if (!ssids.equals(admin.mSsidAllowlist)) { admin.mSsidAllowlist = ssids; admin.mSsidDenylist = null; changed = true; } if (changed) saveSettingsLocked(caller.getUserId()); } if (changed && !ssids.isEmpty()) { notifyWifiSsidPolicyChanged(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST, ssids); } } @Override public List<String> getSsidAllowlist() { public WifiSsidPolicy getWifiSsidPolicy() { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller) || canQueryAdminPolicy(caller), "SSID allowlist can only be retrieved by a device owner or " "SSID policy can only be retrieved by a device owner or " + "a profile owner on an organization-owned device or " + "an app with the QUERY_ADMIN_POLICY permission."); synchronized (getLockObject()) { final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked( UserHandle.USER_SYSTEM); return (admin == null || admin.mSsidAllowlist == null) ? new ArrayList<>() : admin.mSsidAllowlist; return admin != null ? admin.mWifiSsidPolicy : null; } } @Override public void setSsidDenylist(List<String> ssids) { public void setWifiSsidPolicy(WifiSsidPolicy policy) { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller), "SSID denylist can only be controlled by a device owner or " + "a profile owner on an organization-owned device."); Collections.sort(ssids); boolean changed = false; synchronized (getLockObject()) { final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller); if (!ssids.equals(admin.mSsidDenylist)) { admin.mSsidDenylist = ssids; admin.mSsidAllowlist = null; if (!Objects.equals(policy, admin.mWifiSsidPolicy)) { admin.mWifiSsidPolicy = policy; changed = true; } if (changed) saveSettingsLocked(caller.getUserId()); } if (changed) { notifyWifiSsidPolicyChanged(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST, ssids); } } @Override public List<String> getSsidDenylist() { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller) || canQueryAdminPolicy(caller), "SSID denylist can only be retrieved by a device owner or " + "a profile owner on an organization-owned device or " + "an app with the QUERY_ADMIN_POLICY permission."); synchronized (getLockObject()) { final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked( UserHandle.USER_SYSTEM); return (admin == null || admin.mSsidDenylist == null) ? new ArrayList<>() : admin.mSsidDenylist; notifyWifiSsidPolicyChanged(policy); } } Loading
core/java/android/app/admin/DevicePolicyManager.java +9 −42 Original line number Diff line number Diff line Loading @@ -60,7 +60,6 @@ import android.graphics.drawable.Drawable; import android.net.PrivateDnsConnectivityChecker; import android.net.ProxyInfo; import android.net.Uri; import android.net.wifi.WifiSsid; import android.nfc.NfcAdapter; import android.os.Binder; import android.os.Build; Loading Loading @@ -112,7 +111,6 @@ import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.net.InetSocketAddress; import java.net.Proxy; import java.nio.charset.StandardCharsets; import java.security.KeyFactory; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; Loading Loading @@ -15237,26 +15235,15 @@ public class DevicePolicyManager { */ public void setWifiSsidPolicy(@Nullable WifiSsidPolicy policy) { throwIfParentInstance("setWifiSsidPolicy"); if (mService != null) { try { if (policy == null) { mService.setSsidAllowlist(new ArrayList<>()); } else { int policyType = policy.getPolicyType(); List<String> ssidList = new ArrayList<>(); for (WifiSsid ssid : policy.getSsids()) { ssidList.add(new String(ssid.getBytes(), StandardCharsets.UTF_8)); } if (policyType == WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST) { mService.setSsidAllowlist(ssidList); } else { mService.setSsidDenylist(ssidList); } if (mService == null) { return; } try { mService.setWifiSsidPolicy(policy); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** Loading @@ -15274,30 +15261,10 @@ public class DevicePolicyManager { return null; } try { List<String> allowlist = mService.getSsidAllowlist(); if (!allowlist.isEmpty()) { List<WifiSsid> wifiSsidAllowlist = new ArrayList<>(); for (String ssid : allowlist) { wifiSsidAllowlist.add( WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8))); } return new WifiSsidPolicy(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST, new ArraySet<>(wifiSsidAllowlist)); } List<String> denylist = mService.getSsidDenylist(); if (!denylist.isEmpty()) { List<WifiSsid> wifiSsidDenylist = new ArrayList<>(); for (String ssid : denylist) { wifiSsidDenylist.add( WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8))); } return new WifiSsidPolicy(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST, new ArraySet<>(wifiSsidDenylist)); } return mService.getWifiSsidPolicy(); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } return null; } /**
core/java/android/app/admin/IDevicePolicyManager.aidl +3 −4 Original line number Diff line number Diff line Loading @@ -33,6 +33,7 @@ import android.app.admin.PasswordMetrics; import android.app.admin.FactoryResetProtectionPolicy; import android.app.admin.ManagedProfileProvisioningParams; import android.app.admin.FullyManagedDeviceProvisioningParams; import android.app.admin.WifiSsidPolicy; import android.content.ComponentName; import android.content.Intent; import android.content.IntentFilter; Loading Loading @@ -545,10 +546,8 @@ interface IDevicePolicyManager { void setMinimumRequiredWifiSecurityLevel(int level); int getMinimumRequiredWifiSecurityLevel(); void setSsidAllowlist(in List<String> ssids); List<String> getSsidAllowlist(); void setSsidDenylist(in List<String> ssids); List<String> getSsidDenylist(); void setWifiSsidPolicy(in WifiSsidPolicy policy); WifiSsidPolicy getWifiSsidPolicy(); List<UserHandle> listForegroundAffiliatedUsers(); void setDrawables(in List<DevicePolicyDrawableResource> drawables); Loading
core/java/android/app/admin/WifiSsidPolicy.java +18 −0 Original line number Diff line number Diff line Loading @@ -25,6 +25,7 @@ import android.util.ArraySet; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.Objects; import java.util.Set; /** Loading Loading @@ -134,6 +135,23 @@ public final class WifiSsidPolicy implements Parcelable { dest.writeArraySet(mSsids); } @Override public boolean equals(Object thatObject) { if (this == thatObject) { return true; } if (!(thatObject instanceof WifiSsidPolicy)) { return false; } WifiSsidPolicy that = (WifiSsidPolicy) thatObject; return mPolicyType == that.mPolicyType && Objects.equals(mSsids, that.mSsids); } @Override public int hashCode() { return Objects.hash(mPolicyType, mSsids); } @Override public int describeContents() { return 0; Loading
services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java +45 −21 Original line number Diff line number Diff line Loading @@ -19,6 +19,8 @@ package com.android.server.devicepolicy; import static android.app.admin.DevicePolicyManager.NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY; import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE; import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST; import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST; import static com.android.server.devicepolicy.DevicePolicyManagerService.LOG_TAG; Loading @@ -33,7 +35,9 @@ import android.app.admin.DevicePolicyManager; import android.app.admin.FactoryResetProtectionPolicy; import android.app.admin.PasswordPolicy; import android.app.admin.PreferentialNetworkServiceConfig; import android.app.admin.WifiSsidPolicy; import android.graphics.Color; import android.net.wifi.WifiSsid; import android.os.Bundle; import android.os.PersistableBundle; import android.os.UserHandle; Loading @@ -53,6 +57,7 @@ import com.android.server.utils.Slogf; import org.xmlpull.v1.XmlPullParserException; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; Loading @@ -60,6 +65,7 @@ import java.util.List; import java.util.Map; import java.util.Set; import java.util.function.Predicate; import java.util.stream.Collectors; class ActiveAdmin { private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features"; Loading Loading @@ -242,13 +248,8 @@ class ActiveAdmin { // List of package names to keep cached. List<String> keepUninstalledPackages; // The allowlist of SSIDs the device may connect to. // By default, the allowlist restriction is deactivated. List<String> mSsidAllowlist; // The denylist of SSIDs the device may not connect to. // By default, the denylist restriction is deactivated. List<String> mSsidDenylist; // Wi-Fi SSID restriction policy. WifiSsidPolicy mWifiSsidPolicy; // TODO: review implementation decisions with frameworks team boolean specifiesGlobalProxy = false; Loading Loading @@ -594,12 +595,20 @@ class ActiveAdmin { if (mWifiMinimumSecurityLevel != DevicePolicyManager.WIFI_SECURITY_OPEN) { writeAttributeValueToXml(out, TAG_WIFI_MIN_SECURITY, mWifiMinimumSecurityLevel); } if (mSsidAllowlist != null && !mSsidAllowlist.isEmpty()) { writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, mSsidAllowlist); if (mWifiSsidPolicy != null) { List<String> ssids = ssidsToStrings(mWifiSsidPolicy.getSsids()); if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) { writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, ssids); } else if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_DENYLIST) { writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, ssids); } } if (mSsidDenylist != null && !mSsidDenylist.isEmpty()) { writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, mSsidDenylist); } private List<String> ssidsToStrings(Set<WifiSsid> ssids) { return ssids.stream() .map(ssid -> new String(ssid.getBytes(), StandardCharsets.UTF_8)) .collect(Collectors.toList()); } void writeTextToXml(TypedXmlSerializer out, String tag, String text) throws IOException { Loading Loading @@ -855,11 +864,13 @@ class ActiveAdmin { } else if (TAG_WIFI_MIN_SECURITY.equals(tag)) { mWifiMinimumSecurityLevel = parser.getAttributeInt(null, ATTR_VALUE); } else if (TAG_SSID_ALLOWLIST.equals(tag)) { mSsidAllowlist = new ArrayList<>(); readAttributeValues(parser, TAG_SSID, mSsidAllowlist); List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID); mWifiSsidPolicy = new WifiSsidPolicy( WIFI_SSID_POLICY_TYPE_ALLOWLIST, new ArraySet<>(ssids)); } else if (TAG_SSID_DENYLIST.equals(tag)) { mSsidDenylist = new ArrayList<>(); readAttributeValues(parser, TAG_SSID, mSsidDenylist); List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID); mWifiSsidPolicy = new WifiSsidPolicy( WIFI_SSID_POLICY_TYPE_DENYLIST, new ArraySet<>(ssids)); } else { Slogf.w(LOG_TAG, "Unknown admin tag: %s", tag); XmlUtils.skipCurrentTag(parser); Loading @@ -867,6 +878,16 @@ class ActiveAdmin { } } private List<WifiSsid> readWifiSsids(TypedXmlPullParser parser, String tag) throws XmlPullParserException, IOException { List<String> ssidStrings = new ArrayList<>(); readAttributeValues(parser, tag, ssidStrings); List<WifiSsid> ssids = ssidStrings.stream() .map(ssid -> WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8))) .collect(Collectors.toList()); return ssids; } private List<String> readPackageList(TypedXmlPullParser parser, String tag) throws XmlPullParserException, IOException { List<String> result = new ArrayList<String>(); Loading Loading @@ -1222,11 +1243,14 @@ class ActiveAdmin { pw.print("mWifiMinimumSecurityLevel="); pw.println(mWifiMinimumSecurityLevel); if (mWifiSsidPolicy != null) { if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) { pw.print("mSsidAllowlist="); pw.println(mSsidAllowlist); } else { pw.print("mSsidDenylist="); pw.println(mSsidDenylist); } pw.println(ssidsToStrings(mWifiSsidPolicy.getSsids())); } if (mFactoryResetProtectionPolicy != null) { pw.println("mFactoryResetProtectionPolicy:"); Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +11 −59 Original line number Diff line number Diff line Loading @@ -274,7 +274,6 @@ import android.net.Uri; import android.net.VpnManager; import android.net.metrics.IpConnectivityLog; import android.net.wifi.WifiManager; import android.net.wifi.WifiSsid; import android.os.Binder; import android.os.Build; import android.os.Bundle; Loading Loading @@ -395,7 +394,6 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.PrintWriter; import java.lang.reflect.Constructor; import java.nio.charset.StandardCharsets; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; Loading Loading @@ -18570,13 +18568,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { .notifyMinimumRequiredWifiSecurityLevelChanged(level)); } private void notifyWifiSsidPolicyChanged(int policyType, List<String> ssids) { List<WifiSsid> wifiSsidList = new ArrayList<>(); for (String ssid : ssids) { wifiSsidList.add( WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8))); private void notifyWifiSsidPolicyChanged(WifiSsidPolicy policy) { if (policy == null) { // If policy doesn't limit SSIDs, no need to disconnect anything. return; } WifiSsidPolicy policy = new WifiSsidPolicy(policyType, new ArraySet<>(wifiSsidList)); mInjector.binderWithCleanCallingIdentity( () -> mInjector.getWifiManager().notifyWifiSsidPolicyChanged(policy)); } Loading Loading @@ -18612,84 +18608,40 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } @Override public void setSsidAllowlist(List<String> ssids) { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller), "SSID allowlist can only be controlled by a device owner or " + "a profile owner on an organization-owned device."); Collections.sort(ssids); boolean changed = false; synchronized (getLockObject()) { final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller); if (!ssids.equals(admin.mSsidAllowlist)) { admin.mSsidAllowlist = ssids; admin.mSsidDenylist = null; changed = true; } if (changed) saveSettingsLocked(caller.getUserId()); } if (changed && !ssids.isEmpty()) { notifyWifiSsidPolicyChanged(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST, ssids); } } @Override public List<String> getSsidAllowlist() { public WifiSsidPolicy getWifiSsidPolicy() { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller) || canQueryAdminPolicy(caller), "SSID allowlist can only be retrieved by a device owner or " "SSID policy can only be retrieved by a device owner or " + "a profile owner on an organization-owned device or " + "an app with the QUERY_ADMIN_POLICY permission."); synchronized (getLockObject()) { final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked( UserHandle.USER_SYSTEM); return (admin == null || admin.mSsidAllowlist == null) ? new ArrayList<>() : admin.mSsidAllowlist; return admin != null ? admin.mWifiSsidPolicy : null; } } @Override public void setSsidDenylist(List<String> ssids) { public void setWifiSsidPolicy(WifiSsidPolicy policy) { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller), "SSID denylist can only be controlled by a device owner or " + "a profile owner on an organization-owned device."); Collections.sort(ssids); boolean changed = false; synchronized (getLockObject()) { final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller); if (!ssids.equals(admin.mSsidDenylist)) { admin.mSsidDenylist = ssids; admin.mSsidAllowlist = null; if (!Objects.equals(policy, admin.mWifiSsidPolicy)) { admin.mWifiSsidPolicy = policy; changed = true; } if (changed) saveSettingsLocked(caller.getUserId()); } if (changed) { notifyWifiSsidPolicyChanged(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST, ssids); } } @Override public List<String> getSsidDenylist() { final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization( isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller) || canQueryAdminPolicy(caller), "SSID denylist can only be retrieved by a device owner or " + "a profile owner on an organization-owned device or " + "an app with the QUERY_ADMIN_POLICY permission."); synchronized (getLockObject()) { final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked( UserHandle.USER_SYSTEM); return (admin == null || admin.mSsidDenylist == null) ? new ArrayList<>() : admin.mSsidDenylist; notifyWifiSsidPolicyChanged(policy); } }
