Loading core/java/android/app/admin/DevicePolicyManagerInternal.java +20 −0 Original line number Original line Diff line number Diff line Loading @@ -87,6 +87,26 @@ public abstract class DevicePolicyManagerInternal { */ */ public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy); public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy); /** * Checks if an app with given uid is an active device owner of its user. * * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. * * @param uid App uid. * @return true if the uid is an active device owner. */ public abstract boolean isActiveDeviceOwner(int uid); /** * Checks if an app with given uid is an active profile owner of its user. * * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. * * @param uid App uid. * @return true if the uid is an active profile owner. */ public abstract boolean isActiveProfileOwner(int uid); /** /** * Checks if an app with given uid is the active supervision admin. * Checks if an app with given uid is the active supervision admin. * * Loading services/core/java/com/android/server/net/NetworkStatsAccess.java +4 −5 Original line number Original line Diff line number Diff line Loading @@ -24,7 +24,6 @@ import static android.net.TrafficStats.UID_TETHERING; import android.Manifest; import android.Manifest; import android.annotation.IntDef; import android.annotation.IntDef; import android.app.AppOpsManager; import android.app.AppOpsManager; import android.app.admin.DeviceAdminInfo; import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.DevicePolicyManagerInternal; import android.content.Context; import android.content.Context; import android.content.pm.PackageManager; import android.content.pm.PackageManager; Loading Loading @@ -112,8 +111,7 @@ public final class NetworkStatsAccess { boolean hasCarrierPrivileges = tm != null && boolean hasCarrierPrivileges = tm != null && tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) == tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS; TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS; boolean isDeviceOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(callingUid, boolean isDeviceOwner = dpmi != null && dpmi.isActiveDeviceOwner(callingUid); DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); final int appId = UserHandle.getAppId(callingUid); final int appId = UserHandle.getAppId(callingUid); if (hasCarrierPrivileges || isDeviceOwner if (hasCarrierPrivileges || isDeviceOwner || appId == Process.SYSTEM_UID || appId == Process.NETWORK_STACK_UID) { || appId == Process.SYSTEM_UID || appId == Process.NETWORK_STACK_UID) { Loading @@ -128,8 +126,9 @@ public final class NetworkStatsAccess { return NetworkStatsAccess.Level.DEVICESUMMARY; return NetworkStatsAccess.Level.DEVICESUMMARY; } } boolean isProfileOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(callingUid, //TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode. DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); boolean isProfileOwner = dpmi != null && (dpmi.isActiveProfileOwner(callingUid) || dpmi.isActiveDeviceOwner(callingUid)); if (isProfileOwner) { if (isProfileOwner) { // Apps with the AppOps permission, profile owners, and apps with the privileged // Apps with the AppOps permission, profile owners, and apps with the privileged // permission can access data usage for all apps in this user/profile. // permission can access data usage for all apps in this user/profile. Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +16 −0 Original line number Original line Diff line number Diff line Loading @@ -12473,6 +12473,22 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } } } @Override public boolean isActiveDeviceOwner(int uid) { synchronized (getLockObject()) { return getActiveAdminWithPolicyForUidLocked( null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, uid) != null; } } @Override public boolean isActiveProfileOwner(int uid) { synchronized (getLockObject()) { return getActiveAdminWithPolicyForUidLocked( null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, uid) != null; } } @Override @Override public boolean isActiveSupervisionApp(int uid) { public boolean isActiveSupervisionApp(int uid) { synchronized (getLockObject()) { synchronized (getLockObject()) { tests/net/java/com/android/server/net/NetworkStatsAccessTest.java +2 −5 Original line number Original line Diff line number Diff line Loading @@ -22,7 +22,6 @@ import static org.mockito.Mockito.when; import android.Manifest; import android.Manifest; import android.Manifest.permission; import android.Manifest.permission; import android.app.AppOpsManager; import android.app.AppOpsManager; import android.app.admin.DeviceAdminInfo; import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.DevicePolicyManagerInternal; import android.content.Context; import android.content.Context; import android.content.pm.PackageManager; import android.content.pm.PackageManager; Loading Loading @@ -167,13 +166,11 @@ public class NetworkStatsAccessTest { } } private void setIsDeviceOwner(boolean isOwner) { private void setIsDeviceOwner(boolean isOwner) { when(mDpmi.isActiveAdminWithPolicy(TEST_UID, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER)) when(mDpmi.isActiveDeviceOwner(TEST_UID)).thenReturn(isOwner); .thenReturn(isOwner); } } private void setIsProfileOwner(boolean isOwner) { private void setIsProfileOwner(boolean isOwner) { when(mDpmi.isActiveAdminWithPolicy(TEST_UID, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER)) when(mDpmi.isActiveProfileOwner(TEST_UID)).thenReturn(isOwner); .thenReturn(isOwner); } } private void setHasAppOpsPermission(int appOpsMode, boolean hasPermission) { private void setHasAppOpsPermission(int appOpsMode, boolean hasPermission) { Loading Loading
core/java/android/app/admin/DevicePolicyManagerInternal.java +20 −0 Original line number Original line Diff line number Diff line Loading @@ -87,6 +87,26 @@ public abstract class DevicePolicyManagerInternal { */ */ public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy); public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy); /** * Checks if an app with given uid is an active device owner of its user. * * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. * * @param uid App uid. * @return true if the uid is an active device owner. */ public abstract boolean isActiveDeviceOwner(int uid); /** * Checks if an app with given uid is an active profile owner of its user. * * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. * * @param uid App uid. * @return true if the uid is an active profile owner. */ public abstract boolean isActiveProfileOwner(int uid); /** /** * Checks if an app with given uid is the active supervision admin. * Checks if an app with given uid is the active supervision admin. * * Loading
services/core/java/com/android/server/net/NetworkStatsAccess.java +4 −5 Original line number Original line Diff line number Diff line Loading @@ -24,7 +24,6 @@ import static android.net.TrafficStats.UID_TETHERING; import android.Manifest; import android.Manifest; import android.annotation.IntDef; import android.annotation.IntDef; import android.app.AppOpsManager; import android.app.AppOpsManager; import android.app.admin.DeviceAdminInfo; import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.DevicePolicyManagerInternal; import android.content.Context; import android.content.Context; import android.content.pm.PackageManager; import android.content.pm.PackageManager; Loading Loading @@ -112,8 +111,7 @@ public final class NetworkStatsAccess { boolean hasCarrierPrivileges = tm != null && boolean hasCarrierPrivileges = tm != null && tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) == tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS; TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS; boolean isDeviceOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(callingUid, boolean isDeviceOwner = dpmi != null && dpmi.isActiveDeviceOwner(callingUid); DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); final int appId = UserHandle.getAppId(callingUid); final int appId = UserHandle.getAppId(callingUid); if (hasCarrierPrivileges || isDeviceOwner if (hasCarrierPrivileges || isDeviceOwner || appId == Process.SYSTEM_UID || appId == Process.NETWORK_STACK_UID) { || appId == Process.SYSTEM_UID || appId == Process.NETWORK_STACK_UID) { Loading @@ -128,8 +126,9 @@ public final class NetworkStatsAccess { return NetworkStatsAccess.Level.DEVICESUMMARY; return NetworkStatsAccess.Level.DEVICESUMMARY; } } boolean isProfileOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(callingUid, //TODO(b/169395065) Figure out if this flow makes sense in Device Owner mode. DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); boolean isProfileOwner = dpmi != null && (dpmi.isActiveProfileOwner(callingUid) || dpmi.isActiveDeviceOwner(callingUid)); if (isProfileOwner) { if (isProfileOwner) { // Apps with the AppOps permission, profile owners, and apps with the privileged // Apps with the AppOps permission, profile owners, and apps with the privileged // permission can access data usage for all apps in this user/profile. // permission can access data usage for all apps in this user/profile. Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +16 −0 Original line number Original line Diff line number Diff line Loading @@ -12473,6 +12473,22 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } } } @Override public boolean isActiveDeviceOwner(int uid) { synchronized (getLockObject()) { return getActiveAdminWithPolicyForUidLocked( null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, uid) != null; } } @Override public boolean isActiveProfileOwner(int uid) { synchronized (getLockObject()) { return getActiveAdminWithPolicyForUidLocked( null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, uid) != null; } } @Override @Override public boolean isActiveSupervisionApp(int uid) { public boolean isActiveSupervisionApp(int uid) { synchronized (getLockObject()) { synchronized (getLockObject()) {
tests/net/java/com/android/server/net/NetworkStatsAccessTest.java +2 −5 Original line number Original line Diff line number Diff line Loading @@ -22,7 +22,6 @@ import static org.mockito.Mockito.when; import android.Manifest; import android.Manifest; import android.Manifest.permission; import android.Manifest.permission; import android.app.AppOpsManager; import android.app.AppOpsManager; import android.app.admin.DeviceAdminInfo; import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.DevicePolicyManagerInternal; import android.content.Context; import android.content.Context; import android.content.pm.PackageManager; import android.content.pm.PackageManager; Loading Loading @@ -167,13 +166,11 @@ public class NetworkStatsAccessTest { } } private void setIsDeviceOwner(boolean isOwner) { private void setIsDeviceOwner(boolean isOwner) { when(mDpmi.isActiveAdminWithPolicy(TEST_UID, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER)) when(mDpmi.isActiveDeviceOwner(TEST_UID)).thenReturn(isOwner); .thenReturn(isOwner); } } private void setIsProfileOwner(boolean isOwner) { private void setIsProfileOwner(boolean isOwner) { when(mDpmi.isActiveAdminWithPolicy(TEST_UID, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER)) when(mDpmi.isActiveProfileOwner(TEST_UID)).thenReturn(isOwner); .thenReturn(isOwner); } } private void setHasAppOpsPermission(int appOpsMode, boolean hasPermission) { private void setHasAppOpsPermission(int appOpsMode, boolean hasPermission) { Loading
