Fix bug in screen capture and lock task migrations (736462a7) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+77 −8

Original line number	Diff line number	Diff line
		@@ -3389,6 +3389,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		if (shouldMigrateToDevicePolicyEngine()) {
		migratePoliciesToDevicePolicyEngine();
		}

		maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked();
		}
		maybeStartSecurityLogMonitorOnActivityManagerReady();
		break;
		@@ -24151,11 +24153,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		Preconditions.checkCallAuthorization(
		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));
		return mInjector.binderWithCleanCallingIdentity(() -> {
		synchronized (getLockObject()) {
		boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins();
		if (!canForceMigration && !shouldMigrateToDevicePolicyEngine()) {
		return false;
		}
		return migratePoliciesToDevicePolicyEngine();
		boolean migrated = migratePoliciesToDevicePolicyEngine();
		migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked();
		return migrated;
		}
		});
		}

		@@ -24184,6 +24190,30 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		&& !mOwners.isMigratedToPolicyEngine());
		}

		/**
		* [b/318497672] Migrate policies that weren't migrated properly in the initial migration on
		* update from Android T to Android U
		*/
		private void maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked() {
		if (!mOwners.isMigratedToPolicyEngine() \|\| mOwners.isMigratedPostUpdate()) {
		return;
		}
		migratePoliciesPostUpgradeToDevicePolicyEngineLocked();
		mOwners.markPostUpgradeMigration();
		}

		private boolean migratePoliciesPostUpgradeToDevicePolicyEngineLocked() {
		try {
		migrateScreenCapturePolicyLocked();
		migrateLockTaskPolicyLocked();
		return true;
		} catch (Exception e) {
		Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device "
		+ "policy engine.");
		return false;
		}
		}

		/**
		* @return {@code true} if policies were migrated successfully, {@code false} otherwise.
		*/
		@@ -24197,7 +24227,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		migrateAutoTimezonePolicy();
		migratePermissionGrantStatePolicies();
		}
		migrateScreenCapturePolicyLocked();
		migratePermittedInputMethodsPolicyLocked();
		migrateAccountManagementDisabledPolicyLocked();
		migrateUserControlDisabledPackagesLocked();
		@@ -24270,14 +24299,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

		private void migrateScreenCapturePolicyLocked() {
		Binder.withCleanCallingIdentity(() -> {
		if (mPolicyCache.getScreenCaptureDisallowedUser() == UserHandle.USER_NULL) {
		return;
		}
		ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();
		if (admin != null
		&& ((isDeviceOwner(admin) && admin.disableScreenCapture)
		\|\| (admin.getParentActiveAdmin() != null
		&& admin.getParentActiveAdmin().disableScreenCapture))) {

		EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
		admin.info.getComponent(),
		admin.getUserHandle().getIdentifier(),
		@@ -24306,6 +24333,48 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		});
		}

		private void migrateLockTaskPolicyLocked() {
		Binder.withCleanCallingIdentity(() -> {
		ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
		if (deviceOwner != null) {
		int doUserId = deviceOwner.getUserHandle().getIdentifier();
		DevicePolicyData policies = getUserData(doUserId);
		List<String> packages = policies.mLockTaskPackages;
		int features = policies.mLockTaskFeatures;
		// TODO: find out about persistent preferred activities
		if (!packages.isEmpty()) {
		setLockTaskPolicyInPolicyEngine(deviceOwner, doUserId, packages, features);
		}
		}

		for (int userId : mUserManagerInternal.getUserIds()) {
		ActiveAdmin profileOwner = getProfileOwnerLocked(userId);
		if (profileOwner != null && canDPCManagedUserUseLockTaskLocked(userId)) {
		DevicePolicyData policies = getUserData(userId);
		List<String> packages = policies.mLockTaskPackages;
		int features = policies.mLockTaskFeatures;
		if (!packages.isEmpty()) {
		setLockTaskPolicyInPolicyEngine(profileOwner, userId, packages, features);
		}
		}
		}
		});
		}

		private void setLockTaskPolicyInPolicyEngine(
		ActiveAdmin admin, int userId, List<String> packages, int features) {
		EnforcingAdmin enforcingAdmin =
		EnforcingAdmin.createEnterpriseEnforcingAdmin(
		admin.info.getComponent(),
		userId,
		admin);
		mDevicePolicyEngine.setLocalPolicy(
		PolicyDefinition.LOCK_TASK,
		enforcingAdmin,
		new LockTaskPolicy(new HashSet<>(packages), features),
		userId);
		}

		private void migratePermittedInputMethodsPolicyLocked() {
		Binder.withCleanCallingIdentity(() -> {
		List<UserInfo> users = mUserManager.getUsers();

services/devicepolicy/java/com/android/server/devicepolicy/Owners.java

+13 −0

Original line number	Diff line number	Diff line
		@@ -616,6 +616,19 @@ class Owners {
		}
		}

		void markPostUpgradeMigration() {
		synchronized (mData) {
		mData.mPoliciesMigratedPostUpdate = true;
		mData.writeDeviceOwner();
		}
		}

		boolean isMigratedPostUpdate() {
		synchronized (mData) {
		return mData.mPoliciesMigratedPostUpdate;
		}
		}

		@GuardedBy("mData")
		void pushToAppOpsLocked() {
		if (!mSystemReady) {

services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java

+7 −0

Original line number	Diff line number	Diff line
		@@ -87,6 +87,8 @@ class OwnersData {

		private static final String ATTR_MIGRATED_TO_POLICY_ENGINE = "migratedToPolicyEngine";

		private static final String ATTR_MIGRATED_POST_UPGRADE = "migratedPostUpgrade";

		// Internal state for the device owner package.
		OwnerInfo mDeviceOwner;
		int mDeviceOwnerUserId = UserHandle.USER_NULL;
		@@ -114,6 +116,8 @@ class OwnersData {

		boolean mMigratedToPolicyEngine = false;

		boolean mPoliciesMigratedPostUpdate = false;

		OwnersData(PolicyPathProvider pathProvider) {
		mPathProvider = pathProvider;
		}
		@@ -397,6 +401,7 @@ class OwnersData {

		out.startTag(null, TAG_POLICY_ENGINE_MIGRATION);
		out.attributeBoolean(null, ATTR_MIGRATED_TO_POLICY_ENGINE, mMigratedToPolicyEngine);
		out.attributeBoolean(null, ATTR_MIGRATED_POST_UPGRADE, mPoliciesMigratedPostUpdate);
		out.endTag(null, TAG_POLICY_ENGINE_MIGRATION);

		}
		@@ -457,6 +462,8 @@ class OwnersData {
		case TAG_POLICY_ENGINE_MIGRATION:
		mMigratedToPolicyEngine = parser.getAttributeBoolean(
		null, ATTR_MIGRATED_TO_POLICY_ENGINE, false);
		mPoliciesMigratedPostUpdate = parser.getAttributeBoolean(
		null, ATTR_MIGRATED_POST_UPGRADE, false);
		break;
		default:
		Slog.e(TAG, "Unexpected tag: " + tag);

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -146,6 +146,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase {

		@SmallTest
		@Test
		@Ignore("b/277916462")
		public void testCompMigrationUnAffiliated_skipped() throws Exception {
		prepareAdmin1AsDo();
		prepareAdminAnotherPackageAsPo(COPE_PROFILE_USER_ID);
		@@ -217,6 +218,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase {

		@SmallTest
		@Test
		@Ignore("b/277916462")
		public void testCompMigration_keepSuspendedAppsWhenDpcIsRPlus() throws Exception {
		prepareAdmin1AsDo();
		prepareAdmin1AsPo(COPE_PROFILE_USER_ID, Build.VERSION_CODES.R);
		@@ -250,6 +252,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase {

		@SmallTest
		@Test
		@Ignore("b/277916462")
		public void testCompMigration_unsuspendAppsWhenDpcNotRPlus() throws Exception {
		prepareAdmin1AsDo();
		prepareAdmin1AsPo(COPE_PROFILE_USER_ID, Build.VERSION_CODES.Q);