Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java +105 −43 Original line number Diff line number Diff line Loading @@ -910,7 +910,7 @@ final class DevicePolicyEngine { mDeviceAdminServiceController.stopServicesForUser( userId, actionForLog); } else { for (EnforcingAdmin admin : getEnforcingAdminsForUser(userId)) { for (EnforcingAdmin admin : getEnforcingAdminsOnUser(userId)) { // DPCs are handled separately in DPMS, no need to reestablish the connection here. if (admin.hasAuthority(EnforcingAdmin.DPC_AUTHORITY)) { continue; Loading @@ -921,6 +921,51 @@ final class DevicePolicyEngine { } } /** * Handles internal state related to a user getting started. */ void handleStartUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ true, /* actionForLog= */ "start-user"); } /** * Handles internal state related to a user getting started. */ void handleUnlockUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ true, /* actionForLog= */ "unlock-user"); } /** * Handles internal state related to a user getting stopped. */ void handleStopUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ false, /* actionForLog= */ "stop-user"); } /** * Handles internal state related to packages getting updated. */ void handlePackageChanged(@Nullable String updatedPackage, int userId) { if (updatedPackage == null) { return; } updateDeviceAdminServiceOnPackageChanged(updatedPackage, userId); } /** * Handles internal state related to a user getting removed. */ void handleUserRemoved(int userId) { removeLocalPoliciesForUser(userId); removePoliciesForAdminsOnUser(userId); } /** * Handles internal state related to a user getting created. */ void handleUserCreated(UserInfo user) { enforcePoliciesOnInheritableProfilesIfApplicable(user); } Loading Loading @@ -962,40 +1007,6 @@ final class DevicePolicyEngine { } } /** * Handles internal state related to a user getting started. */ void handleStartUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ true, /* actionForLog= */ "start-user"); } /** * Handles internal state related to a user getting started. */ void handleUnlockUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ true, /* actionForLog= */ "unlock-user"); } /** * Handles internal state related to a user getting stopped. */ void handleStopUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ false, /* actionForLog= */ "stop-user"); } /** * Handles internal state related to packages getting updated. */ void handlePackageChanged(@Nullable String updatedPackage, int userId) { if (updatedPackage == null) { return; } updateDeviceAdminServiceOnPackageChanged(updatedPackage, userId); } /** * Returns all current enforced policies set on the device, and the individual values set by * each admin. Global policies are returned under {@link UserHandle#ALL}. Loading Loading @@ -1024,6 +1035,63 @@ final class DevicePolicyEngine { return new DevicePolicyState(policies); } /** * Removes all local and global policies set by that admin. */ void removePoliciesForAdmin(EnforcingAdmin admin) { Set<PolicyKey> globalPolicies = new HashSet<>(mGlobalPolicies.keySet()); for (PolicyKey policy : globalPolicies) { PolicyState<?> policyState = mGlobalPolicies.get(policy); if (policyState.getPoliciesSetByAdmins().containsKey(admin)) { removeGlobalPolicy(policyState.getPolicyDefinition(), admin); } } for (int i = 0; i < mLocalPolicies.size(); i++) { Set<PolicyKey> localPolicies = new HashSet<>( mLocalPolicies.get(mLocalPolicies.keyAt(i)).keySet()); for (PolicyKey policy : localPolicies) { PolicyState<?> policyState = mLocalPolicies.get( mLocalPolicies.keyAt(i)).get(policy); if (policyState.getPoliciesSetByAdmins().containsKey(admin)) { removeLocalPolicy( policyState.getPolicyDefinition(), admin, mLocalPolicies.keyAt(i)); } } } } /** * Removes all local policies for the provided {@code userId}. */ private void removeLocalPoliciesForUser(int userId) { Set<PolicyKey> localPolicies = new HashSet<>(mLocalPolicies.get(userId).keySet()); for (PolicyKey policy : localPolicies) { PolicyState<?> policyState = mLocalPolicies.get(userId).get(policy); Set<EnforcingAdmin> admins = new HashSet<>( policyState.getPoliciesSetByAdmins().keySet()); for (EnforcingAdmin admin : admins) { removeLocalPolicy( policyState.getPolicyDefinition(), admin, userId); } } mLocalPolicies.remove(userId); } /** * Removes all local and global policies for admins installed in the provided * {@code userId}. */ private void removePoliciesForAdminsOnUser(int userId) { Set<EnforcingAdmin> admins = getEnforcingAdminsOnUser(userId); for (EnforcingAdmin admin : admins) { removePoliciesForAdmin(admin); } } /** * Reestablishes the service that handles * {@link DevicePolicyManager#ACTION_DEVICE_ADMIN_SERVICE} in the enforcing admin if the package Loading @@ -1031,7 +1099,7 @@ final class DevicePolicyEngine { */ private void updateDeviceAdminServiceOnPackageChanged( @NonNull String updatedPackage, int userId) { for (EnforcingAdmin admin : getEnforcingAdminsForUser(userId)) { for (EnforcingAdmin admin : getEnforcingAdminsOnUser(userId)) { // DPCs are handled separately in DPMS, no need to reestablish the connection here. if (admin.hasAuthority(EnforcingAdmin.DPC_AUTHORITY)) { continue; Loading Loading @@ -1120,7 +1188,7 @@ final class DevicePolicyEngine { } @NonNull private Set<EnforcingAdmin> getEnforcingAdminsForUser(int userId) { private Set<EnforcingAdmin> getEnforcingAdminsOnUser(int userId) { return mEnforcingAdmins.contains(userId) ? mEnforcingAdmins.get(userId) : Collections.emptySet(); } Loading Loading @@ -1159,12 +1227,6 @@ final class DevicePolicyEngine { } } // TODO: we need to listen for user removal and package removal and update out internal policy // map and enforcing admins for this is be accurate. boolean hasActivePolicies() { return mEnforcingAdmins.size() > 0; } private <V> boolean checkFor2gFailure(@NonNull PolicyDefinition<V> policyDefinition, @NonNull EnforcingAdmin enforcingAdmin) { if (!policyDefinition.getPolicyKey().getIdentifier().equals( Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +23 −0 Original line number Diff line number Diff line Loading @@ -1178,6 +1178,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Resume logging if all remaining users are affiliated. maybeResumeDeviceWideLoggingLocked(); } if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.handleUserRemoved(userHandle); } } } else if (Intent.ACTION_USER_STARTED.equals(action)) { sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STARTED, userHandle); Loading Loading @@ -3664,6 +3667,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } for (Integer userId : deletedUsers) { removeUserData(userId); if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.handleUserRemoved(userId); } } } Loading Loading @@ -4153,6 +4159,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mInjector.binderWithCleanCallingIdentity(() -> removeActiveAdminLocked(adminReceiver, userHandle)); if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.removePoliciesForAdmin( EnforcingAdmin.createEnterpriseEnforcingAdmin( adminReceiver, userHandle, admin)); } } } Loading Loading @@ -9992,6 +10003,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { toggleBackupServiceActive(UserHandle.USER_SYSTEM, true); pushUserControlDisabledPackagesLocked(userId); setGlobalSettingDeviceOwnerType(DEVICE_OWNER_TYPE_DEFAULT); if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.removePoliciesForAdmin( EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), userId, admin)); } } private void clearApplicationRestrictions(int userId) { Loading Loading @@ -10139,6 +10156,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { toggleBackupServiceActive(userId, true); applyProfileRestrictionsIfDeviceOwnerLocked(); setNetworkLoggingActiveInternal(false); if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.removePoliciesForAdmin( EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), userId, admin)); } } @Override Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java +105 −43 Original line number Diff line number Diff line Loading @@ -910,7 +910,7 @@ final class DevicePolicyEngine { mDeviceAdminServiceController.stopServicesForUser( userId, actionForLog); } else { for (EnforcingAdmin admin : getEnforcingAdminsForUser(userId)) { for (EnforcingAdmin admin : getEnforcingAdminsOnUser(userId)) { // DPCs are handled separately in DPMS, no need to reestablish the connection here. if (admin.hasAuthority(EnforcingAdmin.DPC_AUTHORITY)) { continue; Loading @@ -921,6 +921,51 @@ final class DevicePolicyEngine { } } /** * Handles internal state related to a user getting started. */ void handleStartUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ true, /* actionForLog= */ "start-user"); } /** * Handles internal state related to a user getting started. */ void handleUnlockUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ true, /* actionForLog= */ "unlock-user"); } /** * Handles internal state related to a user getting stopped. */ void handleStopUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ false, /* actionForLog= */ "stop-user"); } /** * Handles internal state related to packages getting updated. */ void handlePackageChanged(@Nullable String updatedPackage, int userId) { if (updatedPackage == null) { return; } updateDeviceAdminServiceOnPackageChanged(updatedPackage, userId); } /** * Handles internal state related to a user getting removed. */ void handleUserRemoved(int userId) { removeLocalPoliciesForUser(userId); removePoliciesForAdminsOnUser(userId); } /** * Handles internal state related to a user getting created. */ void handleUserCreated(UserInfo user) { enforcePoliciesOnInheritableProfilesIfApplicable(user); } Loading Loading @@ -962,40 +1007,6 @@ final class DevicePolicyEngine { } } /** * Handles internal state related to a user getting started. */ void handleStartUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ true, /* actionForLog= */ "start-user"); } /** * Handles internal state related to a user getting started. */ void handleUnlockUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ true, /* actionForLog= */ "unlock-user"); } /** * Handles internal state related to a user getting stopped. */ void handleStopUser(int userId) { updateDeviceAdminsServicesForUser( userId, /* enable= */ false, /* actionForLog= */ "stop-user"); } /** * Handles internal state related to packages getting updated. */ void handlePackageChanged(@Nullable String updatedPackage, int userId) { if (updatedPackage == null) { return; } updateDeviceAdminServiceOnPackageChanged(updatedPackage, userId); } /** * Returns all current enforced policies set on the device, and the individual values set by * each admin. Global policies are returned under {@link UserHandle#ALL}. Loading Loading @@ -1024,6 +1035,63 @@ final class DevicePolicyEngine { return new DevicePolicyState(policies); } /** * Removes all local and global policies set by that admin. */ void removePoliciesForAdmin(EnforcingAdmin admin) { Set<PolicyKey> globalPolicies = new HashSet<>(mGlobalPolicies.keySet()); for (PolicyKey policy : globalPolicies) { PolicyState<?> policyState = mGlobalPolicies.get(policy); if (policyState.getPoliciesSetByAdmins().containsKey(admin)) { removeGlobalPolicy(policyState.getPolicyDefinition(), admin); } } for (int i = 0; i < mLocalPolicies.size(); i++) { Set<PolicyKey> localPolicies = new HashSet<>( mLocalPolicies.get(mLocalPolicies.keyAt(i)).keySet()); for (PolicyKey policy : localPolicies) { PolicyState<?> policyState = mLocalPolicies.get( mLocalPolicies.keyAt(i)).get(policy); if (policyState.getPoliciesSetByAdmins().containsKey(admin)) { removeLocalPolicy( policyState.getPolicyDefinition(), admin, mLocalPolicies.keyAt(i)); } } } } /** * Removes all local policies for the provided {@code userId}. */ private void removeLocalPoliciesForUser(int userId) { Set<PolicyKey> localPolicies = new HashSet<>(mLocalPolicies.get(userId).keySet()); for (PolicyKey policy : localPolicies) { PolicyState<?> policyState = mLocalPolicies.get(userId).get(policy); Set<EnforcingAdmin> admins = new HashSet<>( policyState.getPoliciesSetByAdmins().keySet()); for (EnforcingAdmin admin : admins) { removeLocalPolicy( policyState.getPolicyDefinition(), admin, userId); } } mLocalPolicies.remove(userId); } /** * Removes all local and global policies for admins installed in the provided * {@code userId}. */ private void removePoliciesForAdminsOnUser(int userId) { Set<EnforcingAdmin> admins = getEnforcingAdminsOnUser(userId); for (EnforcingAdmin admin : admins) { removePoliciesForAdmin(admin); } } /** * Reestablishes the service that handles * {@link DevicePolicyManager#ACTION_DEVICE_ADMIN_SERVICE} in the enforcing admin if the package Loading @@ -1031,7 +1099,7 @@ final class DevicePolicyEngine { */ private void updateDeviceAdminServiceOnPackageChanged( @NonNull String updatedPackage, int userId) { for (EnforcingAdmin admin : getEnforcingAdminsForUser(userId)) { for (EnforcingAdmin admin : getEnforcingAdminsOnUser(userId)) { // DPCs are handled separately in DPMS, no need to reestablish the connection here. if (admin.hasAuthority(EnforcingAdmin.DPC_AUTHORITY)) { continue; Loading Loading @@ -1120,7 +1188,7 @@ final class DevicePolicyEngine { } @NonNull private Set<EnforcingAdmin> getEnforcingAdminsForUser(int userId) { private Set<EnforcingAdmin> getEnforcingAdminsOnUser(int userId) { return mEnforcingAdmins.contains(userId) ? mEnforcingAdmins.get(userId) : Collections.emptySet(); } Loading Loading @@ -1159,12 +1227,6 @@ final class DevicePolicyEngine { } } // TODO: we need to listen for user removal and package removal and update out internal policy // map and enforcing admins for this is be accurate. boolean hasActivePolicies() { return mEnforcingAdmins.size() > 0; } private <V> boolean checkFor2gFailure(@NonNull PolicyDefinition<V> policyDefinition, @NonNull EnforcingAdmin enforcingAdmin) { if (!policyDefinition.getPolicyKey().getIdentifier().equals( Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +23 −0 Original line number Diff line number Diff line Loading @@ -1178,6 +1178,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Resume logging if all remaining users are affiliated. maybeResumeDeviceWideLoggingLocked(); } if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.handleUserRemoved(userHandle); } } } else if (Intent.ACTION_USER_STARTED.equals(action)) { sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STARTED, userHandle); Loading Loading @@ -3664,6 +3667,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } for (Integer userId : deletedUsers) { removeUserData(userId); if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.handleUserRemoved(userId); } } } Loading Loading @@ -4153,6 +4159,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mInjector.binderWithCleanCallingIdentity(() -> removeActiveAdminLocked(adminReceiver, userHandle)); if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.removePoliciesForAdmin( EnforcingAdmin.createEnterpriseEnforcingAdmin( adminReceiver, userHandle, admin)); } } } Loading Loading @@ -9992,6 +10003,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { toggleBackupServiceActive(UserHandle.USER_SYSTEM, true); pushUserControlDisabledPackagesLocked(userId); setGlobalSettingDeviceOwnerType(DEVICE_OWNER_TYPE_DEFAULT); if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.removePoliciesForAdmin( EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), userId, admin)); } } private void clearApplicationRestrictions(int userId) { Loading Loading @@ -10139,6 +10156,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { toggleBackupServiceActive(userId, true); applyProfileRestrictionsIfDeviceOwnerLocked(); setNetworkLoggingActiveInternal(false); if (isPolicyEngineForFinanceFlagEnabled() || isPermissionCheckFlagEnabled()) { mDevicePolicyEngine.removePoliciesForAdmin( EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), userId, admin)); } } @Override