Redirect calls to the secondary lockscreen methods to the SupervisionService (7a34cd28) · Commits · e / os / android_frameworks_base

services/supervision/java/com/android/server/supervision/SupervisionManagerInternal.java→core/java/android/app/supervision/SupervisionManagerInternal.java

+8 −3

Original line number	Diff line number	Diff line
		@@ -14,11 +14,11 @@
		* limitations under the License.
		*/

		package com.android.server.supervision;
		package android.app.supervision;

		import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.os.Bundle;
		import android.os.PersistableBundle;

		/**
		* Local system service interface for {@link SupervisionService}.
		@@ -34,6 +34,11 @@ public abstract class SupervisionManagerInternal {
		*/
		public abstract boolean isSupervisionEnabledForUser(@UserIdInt int userId);

		/**
		* Returns whether the supervision lock screen needs to be shown.
		*/
		public abstract boolean isSupervisionLockscreenEnabledForUser(@UserIdInt int userId);

		/**
		* Set whether supervision is enabled for the specified user.
		*
		@@ -50,5 +55,5 @@ public abstract class SupervisionManagerInternal {
		* @param options Optional configuration parameters for the supervision lock screen
		*/
		public abstract void setSupervisionLockscreenEnabledForUser(
		@UserIdInt int userId, boolean enabled, @Nullable Bundle options);
		@UserIdInt int userId, boolean enabled, @Nullable PersistableBundle options);
		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+73 −19

Original line number	Diff line number	Diff line
		@@ -376,6 +376,7 @@ import android.app.backup.IBackupManager;
		import android.app.compat.CompatChanges;
		import android.app.role.OnRoleHoldersChangedListener;
		import android.app.role.RoleManager;
		import android.app.supervision.SupervisionManagerInternal;
		import android.app.trust.TrustManager;
		import android.app.usage.UsageStatsManagerInternal;
		import android.compat.annotation.ChangeId;
		@@ -926,6 +927,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		final UsageStatsManagerInternal mUsageStatsManagerInternal;
		final TelephonyManager mTelephonyManager;
		final RoleManager mRoleManager;
		final SupervisionManagerInternal mSupervisionManagerInternal;

		private final LockPatternUtils mLockPatternUtils;
		private final LockSettingsInternal mLockSettingsInternal;
		private final DeviceAdminServiceController mDeviceAdminServiceController;
		@@ -2082,6 +2085,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		boolean isAdminInstalledCaCertAutoApproved() {
		return false;
		}

		@Nullable
		SupervisionManagerInternal getSupervisionManager() {
		return LocalServices.getService(SupervisionManagerInternal.class);
		}
		}

		/**
		@@ -2113,6 +2121,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		mIPermissionManager = Objects.requireNonNull(injector.getIPermissionManager());
		mTelephonyManager = Objects.requireNonNull(injector.getTelephonyManager());
		mRoleManager = Objects.requireNonNull(injector.getRoleManager());
		if (Flags.secondaryLockscreenApiEnabled()) {
		mSupervisionManagerInternal = injector.getSupervisionManager();
		} else {
		mSupervisionManagerInternal = null;
		}

		mLocalService = new LocalService();
		mLockPatternUtils = injector.newLockPatternUtils();
		@@ -2234,7 +2247,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return Collections.unmodifiableSet(packageNames);
		}


		private @Nullable String getDefaultRoleHolderPackageName(int resId) {
		String packageNameAndSignature = mContext.getString(resId);

		@@ -14585,9 +14597,44 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}
		}

		private boolean hasActiveSupervisionTestAdminLocked(@UserIdInt int userId) {
		ensureLocked();
		if (mConstants.USE_TEST_ADMIN_AS_SUPERVISION_COMPONENT) {
		final DevicePolicyData policy = getUserData(userId);
		for (ActiveAdmin admin : policy.mAdminMap.values()) {
		if (admin != null && admin.testOnlyAdmin) {
		return true;
		}
		}
		}
		return false;
		}

		@Override
		public void setSecondaryLockscreenEnabled(ComponentName who, boolean enabled,
		PersistableBundle options) {
		if (Flags.secondaryLockscreenApiEnabled()) {
		final CallerIdentity caller = getCallerIdentity();
		final boolean isRoleHolder = isCallerSystemSupervisionRoleHolder(caller);
		synchronized (getLockObject()) {
		// TODO(b/378102594): Remove access for test admins.
		final boolean isTestAdmin = hasActiveSupervisionTestAdminLocked(caller.getUserId());
		Preconditions.checkCallAuthorization(isRoleHolder \|\| isTestAdmin,
		"Caller (%d) is not the SYSTEM_SUPERVISION role holder",
		caller.getUserId());
		}

		if (mSupervisionManagerInternal != null) {
		mSupervisionManagerInternal.setSupervisionLockscreenEnabledForUser(
		caller.getUserId(), enabled, options);
		} else {
		synchronized (getLockObject()) {
		DevicePolicyData policy = getUserData(caller.getUserId());
		policy.mSecondaryLockscreenEnabled = enabled;
		saveSettingsLocked(caller.getUserId());
		}
		}
		} else {
		Objects.requireNonNull(who, "ComponentName is null");

		// Check can set secondary lockscreen enabled
		@@ -14601,20 +14648,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		synchronized (getLockObject()) {
		// Allow testOnly admins to bypass supervision config requirement.
		Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId())
		\|\| isSupervisionComponentLocked(caller.getComponentName()), "Admin %s is not "
		+ "the default supervision component", caller.getComponentName());
		\|\| isSupervisionComponentLocked(caller.getComponentName()),
		"Admin %s is not the default supervision component",
		caller.getComponentName());
		DevicePolicyData policy = getUserData(caller.getUserId());
		policy.mSecondaryLockscreenEnabled = enabled;
		saveSettingsLocked(caller.getUserId());
		}
		}
		}

		@Override
		public boolean isSecondaryLockscreenEnabled(@NonNull UserHandle userHandle) {
		if (Flags.secondaryLockscreenApiEnabled() && mSupervisionManagerInternal != null) {
		return mSupervisionManagerInternal.isSupervisionLockscreenEnabledForUser(
		userHandle.getIdentifier());
		} else {
		synchronized (getLockObject()) {
		return getUserData(userHandle.getIdentifier()).mSecondaryLockscreenEnabled;
		}
		}
		}

		private boolean isManagedProfileOwner(CallerIdentity caller) {
		return isProfileOwner(caller) && isManagedProfile(caller.getUserId());

services/supervision/java/com/android/server/supervision/SupervisionService.java

+10 −2

Original line number	Diff line number	Diff line
		@@ -21,10 +21,11 @@ import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.app.admin.DevicePolicyManagerInternal;
		import android.app.supervision.ISupervisionManager;
		import android.app.supervision.SupervisionManagerInternal;
		import android.content.ComponentName;
		import android.content.Context;
		import android.content.pm.UserInfo;
		import android.os.Bundle;
		import android.os.PersistableBundle;
		import android.os.RemoteException;
		import android.os.ResultReceiver;
		import android.os.ShellCallback;
		@@ -178,9 +179,16 @@ public class SupervisionService extends ISupervisionManager.Stub {
		SupervisionService.this.setSupervisionEnabledForUser(userId, enabled);
		}

		@Override
		public boolean isSupervisionLockscreenEnabledForUser(@UserIdInt int userId) {
		synchronized (getLockObject()) {
		return getUserDataLocked(userId).supervisionLockScreenEnabled;
		}
		}

		@Override
		public void setSupervisionLockscreenEnabledForUser(
		@UserIdInt int userId, boolean enabled, @Nullable Bundle options) {
		@UserIdInt int userId, boolean enabled, @Nullable PersistableBundle options) {
		synchronized (getLockObject()) {
		SupervisionUserData data = getUserDataLocked(userId);
		data.supervisionLockScreenEnabled = enabled;

services/supervision/java/com/android/server/supervision/SupervisionUserData.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -19,7 +19,7 @@ package com.android.server.supervision;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.os.Bundle;
		import android.os.PersistableBundle;
		import android.util.IndentingPrintWriter;

		/** User specific data, used internally by the {@link SupervisionService}. */
		@@ -27,7 +27,7 @@ public class SupervisionUserData {
		public final @UserIdInt int userId;
		public boolean supervisionEnabled;
		public boolean supervisionLockScreenEnabled;
		@Nullable public Bundle supervisionLockScreenOptions;
		@Nullable public PersistableBundle supervisionLockScreenOptions;

		public SupervisionUserData(@UserIdInt int userId) {
		this.userId = userId;

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java

+6 −0

Original line number	Diff line number	Diff line
		@@ -24,6 +24,7 @@ import android.app.PendingIntent;
		import android.app.admin.DevicePolicyManagerInternal;
		import android.app.admin.DevicePolicyManagerLiteInternal;
		import android.app.backup.IBackupManager;
		import android.app.supervision.SupervisionManagerInternal;
		import android.app.usage.UsageStatsManagerInternal;
		import android.content.Context;
		import android.content.Intent;
		@@ -488,6 +489,11 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi
		public Context createContextAsUser(UserHandle user) {
		return context;
		}

		@Override
		SupervisionManagerInternal getSupervisionManager() {
		return services.supervisionManagerInternal;
		}
		}

		static class TransferOwnershipMetadataManagerMockInjector extends