Add push mechanism in DPM for ConnecitivityService (6ae48e31) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+0 −2

Original line number	Diff line number	Diff line
		@@ -201,7 +201,6 @@ package android {
		field public static final String READ_DEVICE_CONFIG = "android.permission.READ_DEVICE_CONFIG";
		field public static final String READ_DREAM_STATE = "android.permission.READ_DREAM_STATE";
		field public static final String READ_INSTALL_SESSIONS = "android.permission.READ_INSTALL_SESSIONS";
		field public static final String READ_NETWORK_DEVICE_CONFIG = "android.permission.READ_NETWORK_DEVICE_CONFIG";
		field public static final String READ_NETWORK_USAGE_HISTORY = "android.permission.READ_NETWORK_USAGE_HISTORY";
		field public static final String READ_OEM_UNLOCK_STATE = "android.permission.READ_OEM_UNLOCK_STATE";
		field public static final String READ_PEOPLE_DATA = "android.permission.READ_PEOPLE_DATA";
		@@ -910,7 +909,6 @@ package android.app.admin {
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isDeviceProvisioned();
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isDeviceProvisioningConfigApplied();
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isManagedKiosk();
		method public boolean isNetworkSlicingEnabledForUser(@NonNull android.os.UserHandle);
		method public boolean isSecondaryLockscreenEnabled(@NonNull android.os.UserHandle);
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isUnattendedManagedKiosk();
		method @RequiresPermission("android.permission.NOTIFY_PENDING_SYSTEM_UPDATE") public void notifyPendingSystemUpdate(long);

core/java/android/app/admin/DevicePolicyManager.java

+0 −31

Original line number	Diff line number	Diff line
		@@ -10003,37 +10003,6 @@ public class DevicePolicyManager {
		}
		}

		/**
		* Indicates whether 5g slicing is enabled for specific user.
		*
		* This method can be called with permission
		* {@link android.Manifest.permission#READ_NETWORK_DEVICE_CONFIG} by the profile owner of
		* a managed profile. And the caller must hold the
		* {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} permission if query for
		* other users.
		*
		* @param userHandle indicates the user to query the state
		* @return indicates whether 5g Slice is enabled.
		* @throws SecurityException if the caller is not granted the permission
		* {@link android.Manifest.permission#READ_NETWORK_DEVICE_CONFIG}
		* and not profile owner of a managed profile, and not granted the permission
		* {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} if query for
		* other users.
		* @hide
		*/
		@SystemApi
		public boolean isNetworkSlicingEnabledForUser(@NonNull UserHandle userHandle) {
		throwIfParentInstance("isNetworkSlicingEnabledForUser");
		if (mService == null) {
		return false;
		}
		try {
		return mService.isNetworkSlicingEnabled(userHandle.getIdentifier());
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}

		/**
		* This method is mostly deprecated.
		* Most of the settings that still have an effect have dedicated setter methods or user

core/res/AndroidManifest.xml

+0 −5

Original line number	Diff line number	Diff line
		@@ -2292,11 +2292,6 @@
		<permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE"
		android:protectionLevel="signature\|privileged" />

		<!-- @SystemApi Allows read access to privileged network state in the device config.
		@hide Used internally. -->
		<permission android:name="android.permission.READ_NETWORK_DEVICE_CONFIG"
		android:protectionLevel="signature\|privileged" />

		<!-- Allows to read device identifiers and use ICC based authentication like EAP-AKA.
		Often required in authentication to access the carrier's server and manage services
		of the subscriber.

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+31 −9

Original line number	Diff line number	Diff line
		@@ -101,6 +101,8 @@ import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK;
		import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_AWARE;
		import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_UNAWARE;
		import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES;
		// TODO (b/178655595) import static android.net.ConnectivityManager.USER_PREFERENCE_ENTERPRISE;
		// TODO (b/178655595) import static android.net.ConnectivityManager.USER_PREFERENCE_SYSTEM_DEFAULT;
		import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
		import static android.provider.Settings.Global.PRIVATE_DNS_MODE;
		import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;
		@@ -3082,6 +3084,13 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		updatePermissionPolicyCache(userId);
		updateAdminCanGrantSensorsPermissionCache(userId);

		boolean enableEnterpriseNetworkSlice = true;
		synchronized (getLockObject()) {
		ActiveAdmin owner = getDeviceOrProfileOwnerAdminLocked(userId);
		enableEnterpriseNetworkSlice = owner != null ? owner.mNetworkSlicingEnabled : true;
		}
		updateNetworkPreferenceForUser(userId, enableEnterpriseNetworkSlice);

		startOwnerService(userId, "start-user");
		}

		@@ -3097,6 +3106,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {

		@Override
		void handleStopUser(int userId) {
		updateNetworkPreferenceForUser(userId, false);
		stopOwnerService(userId, "stop-user");
		}

		@@ -11402,21 +11412,22 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		if (!mHasFeature) {
		return;
		}

		final CallerIdentity caller = getCallerIdentity();
		Preconditions.checkCallAuthorization(isProfileOwner(caller),
		"Caller is not profile owner; only profile owner may control the network slicing");

		synchronized (getLockObject()) {
		final ActiveAdmin requiredAdmin = getProfileOwnerAdminLocked(
		caller.getUserId());
		if (requiredAdmin != null && requiredAdmin.mNetworkSlicingEnabled != enabled) {
		requiredAdmin.mNetworkSlicingEnabled = enabled;
		saveSettingsLocked(caller.getUserId());
		// TODO(b/178655595) notify CS the change.
		// TODO(b/178655595) DevicePolicyEventLogger metrics
		}
		}
		updateNetworkPreferenceForUser(caller.getUserId(), enabled);
		DevicePolicyEventLogger
		.createEvent(DevicePolicyEnums.SET_NETWORK_SLICING_ENABLED)
		.setBoolean(enabled)
		.write();
		}

		@Override
		@@ -11426,11 +11437,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}

		final CallerIdentity caller = getCallerIdentity();
		Preconditions.checkCallAuthorization(hasFullCrossUsersPermission(caller, userHandle));
		Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
		permission.READ_NETWORK_DEVICE_CONFIG) \|\| isProfileOwner(caller),
		"Caller is not profile owner and not granted"
		+ " READ_NETWORK_DEVICE_CONFIG permission");
		Preconditions.checkCallAuthorization(isProfileOwner(caller),
		"Caller is not profile owner");
		synchronized (getLockObject()) {
		final ActiveAdmin requiredAdmin = getProfileOwnerAdminLocked(userHandle);
		if (requiredAdmin != null) {
		@@ -16959,6 +16967,20 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}
		}

		private void updateNetworkPreferenceForUser(int userId, boolean enableEnterprise) {
		if (!isManagedProfile(userId)) {
		return;
		}
		// TODO(b/178655595)
		// int networkPreference = enable ? ConnectivityManager.USER_PREFERENCE_ENTERPRISE :
		// ConnectivityManager.USER_PREFERENCE_SYSTEM_DEFAULT;
		// mInjector.binderWithCleanCallingIdentity(() ->
		// mInjector.getConnectivityManager().setNetworkPreferenceForUser(
		// UserHandle.of(userId),
		// networkPreference,
		// null /* executor /, null / listener */));
		}

		@Override
		public boolean canAdminGrantSensorsPermissionsForUser(int userId) {
		if (!mHasFeature) {

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

+38 −11

Original line number	Diff line number	Diff line
		@@ -4015,6 +4015,27 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN, 0);
		}

		@Test
		public void testUpdateNetworkPreferenceOnStartOnStopUser() throws Exception {
		dpms.handleStartUser(CALLER_USER_HANDLE);
		// TODO(b/178655595)
		// verify(getServices().connectivityManager, times(1)).setNetworkPreferenceForUser(
		// any(UserHandle.class),
		// anyInt(),
		// any(Executor.class),
		// any(Runnable.class)
		//);

		dpms.handleStopUser(CALLER_USER_HANDLE);
		// TODO(b/178655595)
		// verify(getServices().connectivityManager, times(1)).setNetworkPreferenceForUser(
		// any(UserHandle.class),
		// eq(ConnectivityManager.USER_PREFERENCE_SYSTEM_DEFAULT),
		// any(Executor.class),
		// any(Runnable.class)
		//);
		}

		@Test
		public void testGetSetNetworkSlicing() throws Exception {
		assertExpectException(SecurityException.class, null,
		@@ -4023,20 +4044,26 @@ public class DevicePolicyManagerTest extends DpmTestBase {
		assertExpectException(SecurityException.class, null,
		() -> dpm.isNetworkSlicingEnabled());

		assertExpectException(SecurityException.class, null,
		() -> dpm.isNetworkSlicingEnabledForUser(UserHandle.of(CALLER_USER_HANDLE)));

		mContext.callerPermissions.add(permission.READ_NETWORK_DEVICE_CONFIG);
		mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
		try {
		dpm.isNetworkSlicingEnabledForUser(UserHandle.of(CALLER_USER_HANDLE));
		} catch (SecurityException se) {
		fail("Threw SecurityException with right permission");
		}

		setupProfileOwner();
		dpm.setNetworkSlicingEnabled(false);
		assertThat(dpm.isNetworkSlicingEnabled()).isFalse();
		// TODO(b/178655595)
		// verify(getServices().connectivityManager, times(1)).setNetworkPreferenceForUser(
		// any(UserHandle.class),
		// eq(ConnectivityManager.USER_PREFERENCE_SYSTEM_DEFAULT),
		// any(Executor.class),
		// any(Runnable.class)
		//);

		dpm.setNetworkSlicingEnabled(true);
		assertThat(dpm.isNetworkSlicingEnabled()).isTrue();
		// TODO(b/178655595)
		// verify(getServices().connectivityManager, times(1)).setNetworkPreferenceForUser(
		// any(UserHandle.class),
		// eq(ConnectivityManager.USER_PREFERENCE_ENTERPRISE),
		// any(Executor.class),
		// any(Runnable.class)
		//);
		}

		@Test