Loading services/supervision/java/com/android/server/supervision/SupervisionManagerInternal.java→core/java/android/app/supervision/SupervisionManagerInternal.java +8 −3 Original line number Diff line number Diff line Loading @@ -14,11 +14,11 @@ * limitations under the License. */ package com.android.server.supervision; package android.app.supervision; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.os.Bundle; import android.os.PersistableBundle; /** * Local system service interface for {@link SupervisionService}. Loading @@ -34,6 +34,11 @@ public abstract class SupervisionManagerInternal { */ public abstract boolean isSupervisionEnabledForUser(@UserIdInt int userId); /** * Returns whether the supervision lock screen needs to be shown. */ public abstract boolean isSupervisionLockscreenEnabledForUser(@UserIdInt int userId); /** * Set whether supervision is enabled for the specified user. * Loading @@ -50,5 +55,5 @@ public abstract class SupervisionManagerInternal { * @param options Optional configuration parameters for the supervision lock screen */ public abstract void setSupervisionLockscreenEnabledForUser( @UserIdInt int userId, boolean enabled, @Nullable Bundle options); @UserIdInt int userId, boolean enabled, @Nullable PersistableBundle options); } services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +73 −19 Original line number Diff line number Diff line Loading @@ -376,6 +376,7 @@ import android.app.backup.IBackupManager; import android.app.compat.CompatChanges; import android.app.role.OnRoleHoldersChangedListener; import android.app.role.RoleManager; import android.app.supervision.SupervisionManagerInternal; import android.app.trust.TrustManager; import android.app.usage.UsageStatsManagerInternal; import android.compat.annotation.ChangeId; Loading Loading @@ -926,6 +927,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final UsageStatsManagerInternal mUsageStatsManagerInternal; final TelephonyManager mTelephonyManager; final RoleManager mRoleManager; final SupervisionManagerInternal mSupervisionManagerInternal; private final LockPatternUtils mLockPatternUtils; private final LockSettingsInternal mLockSettingsInternal; private final DeviceAdminServiceController mDeviceAdminServiceController; Loading Loading @@ -2082,6 +2085,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean isAdminInstalledCaCertAutoApproved() { return false; } @Nullable SupervisionManagerInternal getSupervisionManager() { return LocalServices.getService(SupervisionManagerInternal.class); } } /** Loading Loading @@ -2113,6 +2121,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mIPermissionManager = Objects.requireNonNull(injector.getIPermissionManager()); mTelephonyManager = Objects.requireNonNull(injector.getTelephonyManager()); mRoleManager = Objects.requireNonNull(injector.getRoleManager()); if (Flags.secondaryLockscreenApiEnabled()) { mSupervisionManagerInternal = injector.getSupervisionManager(); } else { mSupervisionManagerInternal = null; } mLocalService = new LocalService(); mLockPatternUtils = injector.newLockPatternUtils(); Loading Loading @@ -2234,7 +2247,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return Collections.unmodifiableSet(packageNames); } private @Nullable String getDefaultRoleHolderPackageName(int resId) { String packageNameAndSignature = mContext.getString(resId); Loading Loading @@ -14585,9 +14597,44 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } private boolean hasActiveSupervisionTestAdminLocked(@UserIdInt int userId) { ensureLocked(); if (mConstants.USE_TEST_ADMIN_AS_SUPERVISION_COMPONENT) { final DevicePolicyData policy = getUserData(userId); for (ActiveAdmin admin : policy.mAdminMap.values()) { if (admin != null && admin.testOnlyAdmin) { return true; } } } return false; } @Override public void setSecondaryLockscreenEnabled(ComponentName who, boolean enabled, PersistableBundle options) { if (Flags.secondaryLockscreenApiEnabled()) { final CallerIdentity caller = getCallerIdentity(); final boolean isRoleHolder = isCallerSystemSupervisionRoleHolder(caller); synchronized (getLockObject()) { // TODO(b/378102594): Remove access for test admins. final boolean isTestAdmin = hasActiveSupervisionTestAdminLocked(caller.getUserId()); Preconditions.checkCallAuthorization(isRoleHolder || isTestAdmin, "Caller (%d) is not the SYSTEM_SUPERVISION role holder", caller.getUserId()); } if (mSupervisionManagerInternal != null) { mSupervisionManagerInternal.setSupervisionLockscreenEnabledForUser( caller.getUserId(), enabled, options); } else { synchronized (getLockObject()) { DevicePolicyData policy = getUserData(caller.getUserId()); policy.mSecondaryLockscreenEnabled = enabled; saveSettingsLocked(caller.getUserId()); } } } else { Objects.requireNonNull(who, "ComponentName is null"); // Check can set secondary lockscreen enabled Loading @@ -14601,20 +14648,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { // Allow testOnly admins to bypass supervision config requirement. Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId()) || isSupervisionComponentLocked(caller.getComponentName()), "Admin %s is not " + "the default supervision component", caller.getComponentName()); || isSupervisionComponentLocked(caller.getComponentName()), "Admin %s is not the default supervision component", caller.getComponentName()); DevicePolicyData policy = getUserData(caller.getUserId()); policy.mSecondaryLockscreenEnabled = enabled; saveSettingsLocked(caller.getUserId()); } } } @Override public boolean isSecondaryLockscreenEnabled(@NonNull UserHandle userHandle) { if (Flags.secondaryLockscreenApiEnabled() && mSupervisionManagerInternal != null) { return mSupervisionManagerInternal.isSupervisionLockscreenEnabledForUser( userHandle.getIdentifier()); } else { synchronized (getLockObject()) { return getUserData(userHandle.getIdentifier()).mSecondaryLockscreenEnabled; } } } private boolean isManagedProfileOwner(CallerIdentity caller) { return isProfileOwner(caller) && isManagedProfile(caller.getUserId()); services/supervision/java/com/android/server/supervision/SupervisionService.java +10 −2 Original line number Diff line number Diff line Loading @@ -21,10 +21,11 @@ import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.admin.DevicePolicyManagerInternal; import android.app.supervision.ISupervisionManager; import android.app.supervision.SupervisionManagerInternal; import android.content.ComponentName; import android.content.Context; import android.content.pm.UserInfo; import android.os.Bundle; import android.os.PersistableBundle; import android.os.RemoteException; import android.os.ResultReceiver; import android.os.ShellCallback; Loading Loading @@ -178,9 +179,16 @@ public class SupervisionService extends ISupervisionManager.Stub { SupervisionService.this.setSupervisionEnabledForUser(userId, enabled); } @Override public boolean isSupervisionLockscreenEnabledForUser(@UserIdInt int userId) { synchronized (getLockObject()) { return getUserDataLocked(userId).supervisionLockScreenEnabled; } } @Override public void setSupervisionLockscreenEnabledForUser( @UserIdInt int userId, boolean enabled, @Nullable Bundle options) { @UserIdInt int userId, boolean enabled, @Nullable PersistableBundle options) { synchronized (getLockObject()) { SupervisionUserData data = getUserDataLocked(userId); data.supervisionLockScreenEnabled = enabled; Loading services/supervision/java/com/android/server/supervision/SupervisionUserData.java +2 −2 Original line number Diff line number Diff line Loading @@ -19,7 +19,7 @@ package com.android.server.supervision; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.os.Bundle; import android.os.PersistableBundle; import android.util.IndentingPrintWriter; /** User specific data, used internally by the {@link SupervisionService}. */ Loading @@ -27,7 +27,7 @@ public class SupervisionUserData { public final @UserIdInt int userId; public boolean supervisionEnabled; public boolean supervisionLockScreenEnabled; @Nullable public Bundle supervisionLockScreenOptions; @Nullable public PersistableBundle supervisionLockScreenOptions; public SupervisionUserData(@UserIdInt int userId) { this.userId = userId; Loading services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java +6 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ import android.app.PendingIntent; import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.DevicePolicyManagerLiteInternal; import android.app.backup.IBackupManager; import android.app.supervision.SupervisionManagerInternal; import android.app.usage.UsageStatsManagerInternal; import android.content.Context; import android.content.Intent; Loading Loading @@ -488,6 +489,11 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi public Context createContextAsUser(UserHandle user) { return context; } @Override SupervisionManagerInternal getSupervisionManager() { return services.supervisionManagerInternal; } } static class TransferOwnershipMetadataManagerMockInjector extends Loading Loading
services/supervision/java/com/android/server/supervision/SupervisionManagerInternal.java→core/java/android/app/supervision/SupervisionManagerInternal.java +8 −3 Original line number Diff line number Diff line Loading @@ -14,11 +14,11 @@ * limitations under the License. */ package com.android.server.supervision; package android.app.supervision; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.os.Bundle; import android.os.PersistableBundle; /** * Local system service interface for {@link SupervisionService}. Loading @@ -34,6 +34,11 @@ public abstract class SupervisionManagerInternal { */ public abstract boolean isSupervisionEnabledForUser(@UserIdInt int userId); /** * Returns whether the supervision lock screen needs to be shown. */ public abstract boolean isSupervisionLockscreenEnabledForUser(@UserIdInt int userId); /** * Set whether supervision is enabled for the specified user. * Loading @@ -50,5 +55,5 @@ public abstract class SupervisionManagerInternal { * @param options Optional configuration parameters for the supervision lock screen */ public abstract void setSupervisionLockscreenEnabledForUser( @UserIdInt int userId, boolean enabled, @Nullable Bundle options); @UserIdInt int userId, boolean enabled, @Nullable PersistableBundle options); }
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +73 −19 Original line number Diff line number Diff line Loading @@ -376,6 +376,7 @@ import android.app.backup.IBackupManager; import android.app.compat.CompatChanges; import android.app.role.OnRoleHoldersChangedListener; import android.app.role.RoleManager; import android.app.supervision.SupervisionManagerInternal; import android.app.trust.TrustManager; import android.app.usage.UsageStatsManagerInternal; import android.compat.annotation.ChangeId; Loading Loading @@ -926,6 +927,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final UsageStatsManagerInternal mUsageStatsManagerInternal; final TelephonyManager mTelephonyManager; final RoleManager mRoleManager; final SupervisionManagerInternal mSupervisionManagerInternal; private final LockPatternUtils mLockPatternUtils; private final LockSettingsInternal mLockSettingsInternal; private final DeviceAdminServiceController mDeviceAdminServiceController; Loading Loading @@ -2082,6 +2085,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean isAdminInstalledCaCertAutoApproved() { return false; } @Nullable SupervisionManagerInternal getSupervisionManager() { return LocalServices.getService(SupervisionManagerInternal.class); } } /** Loading Loading @@ -2113,6 +2121,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mIPermissionManager = Objects.requireNonNull(injector.getIPermissionManager()); mTelephonyManager = Objects.requireNonNull(injector.getTelephonyManager()); mRoleManager = Objects.requireNonNull(injector.getRoleManager()); if (Flags.secondaryLockscreenApiEnabled()) { mSupervisionManagerInternal = injector.getSupervisionManager(); } else { mSupervisionManagerInternal = null; } mLocalService = new LocalService(); mLockPatternUtils = injector.newLockPatternUtils(); Loading Loading @@ -2234,7 +2247,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return Collections.unmodifiableSet(packageNames); } private @Nullable String getDefaultRoleHolderPackageName(int resId) { String packageNameAndSignature = mContext.getString(resId); Loading Loading @@ -14585,9 +14597,44 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } private boolean hasActiveSupervisionTestAdminLocked(@UserIdInt int userId) { ensureLocked(); if (mConstants.USE_TEST_ADMIN_AS_SUPERVISION_COMPONENT) { final DevicePolicyData policy = getUserData(userId); for (ActiveAdmin admin : policy.mAdminMap.values()) { if (admin != null && admin.testOnlyAdmin) { return true; } } } return false; } @Override public void setSecondaryLockscreenEnabled(ComponentName who, boolean enabled, PersistableBundle options) { if (Flags.secondaryLockscreenApiEnabled()) { final CallerIdentity caller = getCallerIdentity(); final boolean isRoleHolder = isCallerSystemSupervisionRoleHolder(caller); synchronized (getLockObject()) { // TODO(b/378102594): Remove access for test admins. final boolean isTestAdmin = hasActiveSupervisionTestAdminLocked(caller.getUserId()); Preconditions.checkCallAuthorization(isRoleHolder || isTestAdmin, "Caller (%d) is not the SYSTEM_SUPERVISION role holder", caller.getUserId()); } if (mSupervisionManagerInternal != null) { mSupervisionManagerInternal.setSupervisionLockscreenEnabledForUser( caller.getUserId(), enabled, options); } else { synchronized (getLockObject()) { DevicePolicyData policy = getUserData(caller.getUserId()); policy.mSecondaryLockscreenEnabled = enabled; saveSettingsLocked(caller.getUserId()); } } } else { Objects.requireNonNull(who, "ComponentName is null"); // Check can set secondary lockscreen enabled Loading @@ -14601,20 +14648,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { // Allow testOnly admins to bypass supervision config requirement. Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId()) || isSupervisionComponentLocked(caller.getComponentName()), "Admin %s is not " + "the default supervision component", caller.getComponentName()); || isSupervisionComponentLocked(caller.getComponentName()), "Admin %s is not the default supervision component", caller.getComponentName()); DevicePolicyData policy = getUserData(caller.getUserId()); policy.mSecondaryLockscreenEnabled = enabled; saveSettingsLocked(caller.getUserId()); } } } @Override public boolean isSecondaryLockscreenEnabled(@NonNull UserHandle userHandle) { if (Flags.secondaryLockscreenApiEnabled() && mSupervisionManagerInternal != null) { return mSupervisionManagerInternal.isSupervisionLockscreenEnabledForUser( userHandle.getIdentifier()); } else { synchronized (getLockObject()) { return getUserData(userHandle.getIdentifier()).mSecondaryLockscreenEnabled; } } } private boolean isManagedProfileOwner(CallerIdentity caller) { return isProfileOwner(caller) && isManagedProfile(caller.getUserId());
services/supervision/java/com/android/server/supervision/SupervisionService.java +10 −2 Original line number Diff line number Diff line Loading @@ -21,10 +21,11 @@ import android.annotation.Nullable; import android.annotation.UserIdInt; import android.app.admin.DevicePolicyManagerInternal; import android.app.supervision.ISupervisionManager; import android.app.supervision.SupervisionManagerInternal; import android.content.ComponentName; import android.content.Context; import android.content.pm.UserInfo; import android.os.Bundle; import android.os.PersistableBundle; import android.os.RemoteException; import android.os.ResultReceiver; import android.os.ShellCallback; Loading Loading @@ -178,9 +179,16 @@ public class SupervisionService extends ISupervisionManager.Stub { SupervisionService.this.setSupervisionEnabledForUser(userId, enabled); } @Override public boolean isSupervisionLockscreenEnabledForUser(@UserIdInt int userId) { synchronized (getLockObject()) { return getUserDataLocked(userId).supervisionLockScreenEnabled; } } @Override public void setSupervisionLockscreenEnabledForUser( @UserIdInt int userId, boolean enabled, @Nullable Bundle options) { @UserIdInt int userId, boolean enabled, @Nullable PersistableBundle options) { synchronized (getLockObject()) { SupervisionUserData data = getUserDataLocked(userId); data.supervisionLockScreenEnabled = enabled; Loading
services/supervision/java/com/android/server/supervision/SupervisionUserData.java +2 −2 Original line number Diff line number Diff line Loading @@ -19,7 +19,7 @@ package com.android.server.supervision; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; import android.os.Bundle; import android.os.PersistableBundle; import android.util.IndentingPrintWriter; /** User specific data, used internally by the {@link SupervisionService}. */ Loading @@ -27,7 +27,7 @@ public class SupervisionUserData { public final @UserIdInt int userId; public boolean supervisionEnabled; public boolean supervisionLockScreenEnabled; @Nullable public Bundle supervisionLockScreenOptions; @Nullable public PersistableBundle supervisionLockScreenOptions; public SupervisionUserData(@UserIdInt int userId) { this.userId = userId; Loading
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java +6 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ import android.app.PendingIntent; import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.DevicePolicyManagerLiteInternal; import android.app.backup.IBackupManager; import android.app.supervision.SupervisionManagerInternal; import android.app.usage.UsageStatsManagerInternal; import android.content.Context; import android.content.Intent; Loading Loading @@ -488,6 +489,11 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi public Context createContextAsUser(UserHandle user) { return context; } @Override SupervisionManagerInternal getSupervisionManager() { return services.supervisionManagerInternal; } } static class TransferOwnershipMetadataManagerMockInjector extends Loading
