Loading core/java/android/app/supervision/ISupervisionManager.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -32,4 +32,5 @@ interface ISupervisionManager { boolean shouldAllowBypassingSupervisionRoleQualification(); oneway void setSupervisionRecoveryInfo(in SupervisionRecoveryInfo recoveryInfo); SupervisionRecoveryInfo getSupervisionRecoveryInfo(); boolean hasSupervisionCredentials(); } core/java/android/app/supervision/SupervisionManager.java +17 −0 Original line number Diff line number Diff line Loading @@ -246,4 +246,21 @@ public class SupervisionManager { } return null; } /** * Returns whether supervision credentials are set up. * * @hide */ @RequiresPermission(anyOf = {MANAGE_USERS, QUERY_USERS}) public boolean hasSupervisionCredentials() { if (mService != null) { try { return mService.hasSupervisionCredentials(); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return false; } } services/supervision/java/com/android/server/supervision/SupervisionService.java +19 −12 Original line number Diff line number Diff line Loading @@ -198,20 +198,9 @@ public class SupervisionService extends ISupervisionManager.Stub { if (UserHandle.getUserId(Binder.getCallingUid()) != userId) { enforcePermission(INTERACT_ACROSS_USERS); } if (!isSupervisionEnabledForUser(userId)) { if (!isSupervisionEnabledForUser(userId) || !hasSupervisionCredentials()) { return null; } // Verify the supervising user profile exists and has a secure credential set. final int supervisingUserId = mInjector.getUserManagerInternal().getSupervisingProfileId(); final long token = Binder.clearCallingIdentity(); try { if (supervisingUserId == UserHandle.USER_NULL || !mInjector.getKeyguardManager().isDeviceSecure(supervisingUserId)) { return null; } } finally { Binder.restoreCallingIdentity(token); } final Intent intent = new Intent(ACTION_CONFIRM_SUPERVISION_CREDENTIALS); // explicitly set the package for security intent.setPackage("com.android.settings"); Loading Loading @@ -250,6 +239,24 @@ public class SupervisionService extends ISupervisionManager.Stub { return true; } @Override public boolean hasSupervisionCredentials() { enforceAnyPermission(QUERY_USERS, MANAGE_USERS); // Verify the supervising user profile exists and has a secure credential set. final int supervisingUserId = mInjector.getUserManagerInternal().getSupervisingProfileId(); final long token = Binder.clearCallingIdentity(); try { if (supervisingUserId == UserHandle.USER_NULL || !mInjector.getKeyguardManager().isDeviceSecure(supervisingUserId)) { return false; } } finally { Binder.restoreCallingIdentity(token); } return true; } /** * Returns true if there are any non-default non-test users. * Loading services/tests/servicestests/src/com/android/server/supervision/SupervisionServiceTest.kt +23 −0 Original line number Diff line number Diff line Loading @@ -420,6 +420,29 @@ class SupervisionServiceTest { assertThat(service.supervisionRecoveryInfo.state).isEqualTo(recoveryInfo.state) } @Test fun hasSupervisionCredentials() { whenever(mockUserManagerInternal.getSupervisingProfileId()).thenReturn(SUPERVISING_USER_ID) whenever(mockKeyguardManager.isDeviceSecure(SUPERVISING_USER_ID)).thenReturn(true) assertThat(service.hasSupervisionCredentials()).isTrue() } @Test fun hasSupervisionCredentials_noSupervisingUser_returnsFalse() { whenever(mockUserManagerInternal.getSupervisingProfileId()).thenReturn(UserHandle.USER_NULL) assertThat(service.hasSupervisionCredentials()).isFalse() } @Test fun hasSupervisionCredentials_supervisingUserMissingSecureLock_returnsFalse() { whenever(mockUserManagerInternal.getSupervisingProfileId()).thenReturn(SUPERVISING_USER_ID) whenever(mockKeyguardManager.isDeviceSecure(SUPERVISING_USER_ID)).thenReturn(false) assertThat(service.hasSupervisionCredentials()).isFalse() } private val systemSupervisionPackage: String get() = context.getResources().getString(R.string.config_systemSupervision) Loading Loading
core/java/android/app/supervision/ISupervisionManager.aidl +1 −0 Original line number Diff line number Diff line Loading @@ -32,4 +32,5 @@ interface ISupervisionManager { boolean shouldAllowBypassingSupervisionRoleQualification(); oneway void setSupervisionRecoveryInfo(in SupervisionRecoveryInfo recoveryInfo); SupervisionRecoveryInfo getSupervisionRecoveryInfo(); boolean hasSupervisionCredentials(); }
core/java/android/app/supervision/SupervisionManager.java +17 −0 Original line number Diff line number Diff line Loading @@ -246,4 +246,21 @@ public class SupervisionManager { } return null; } /** * Returns whether supervision credentials are set up. * * @hide */ @RequiresPermission(anyOf = {MANAGE_USERS, QUERY_USERS}) public boolean hasSupervisionCredentials() { if (mService != null) { try { return mService.hasSupervisionCredentials(); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return false; } }
services/supervision/java/com/android/server/supervision/SupervisionService.java +19 −12 Original line number Diff line number Diff line Loading @@ -198,20 +198,9 @@ public class SupervisionService extends ISupervisionManager.Stub { if (UserHandle.getUserId(Binder.getCallingUid()) != userId) { enforcePermission(INTERACT_ACROSS_USERS); } if (!isSupervisionEnabledForUser(userId)) { if (!isSupervisionEnabledForUser(userId) || !hasSupervisionCredentials()) { return null; } // Verify the supervising user profile exists and has a secure credential set. final int supervisingUserId = mInjector.getUserManagerInternal().getSupervisingProfileId(); final long token = Binder.clearCallingIdentity(); try { if (supervisingUserId == UserHandle.USER_NULL || !mInjector.getKeyguardManager().isDeviceSecure(supervisingUserId)) { return null; } } finally { Binder.restoreCallingIdentity(token); } final Intent intent = new Intent(ACTION_CONFIRM_SUPERVISION_CREDENTIALS); // explicitly set the package for security intent.setPackage("com.android.settings"); Loading Loading @@ -250,6 +239,24 @@ public class SupervisionService extends ISupervisionManager.Stub { return true; } @Override public boolean hasSupervisionCredentials() { enforceAnyPermission(QUERY_USERS, MANAGE_USERS); // Verify the supervising user profile exists and has a secure credential set. final int supervisingUserId = mInjector.getUserManagerInternal().getSupervisingProfileId(); final long token = Binder.clearCallingIdentity(); try { if (supervisingUserId == UserHandle.USER_NULL || !mInjector.getKeyguardManager().isDeviceSecure(supervisingUserId)) { return false; } } finally { Binder.restoreCallingIdentity(token); } return true; } /** * Returns true if there are any non-default non-test users. * Loading
services/tests/servicestests/src/com/android/server/supervision/SupervisionServiceTest.kt +23 −0 Original line number Diff line number Diff line Loading @@ -420,6 +420,29 @@ class SupervisionServiceTest { assertThat(service.supervisionRecoveryInfo.state).isEqualTo(recoveryInfo.state) } @Test fun hasSupervisionCredentials() { whenever(mockUserManagerInternal.getSupervisingProfileId()).thenReturn(SUPERVISING_USER_ID) whenever(mockKeyguardManager.isDeviceSecure(SUPERVISING_USER_ID)).thenReturn(true) assertThat(service.hasSupervisionCredentials()).isTrue() } @Test fun hasSupervisionCredentials_noSupervisingUser_returnsFalse() { whenever(mockUserManagerInternal.getSupervisingProfileId()).thenReturn(UserHandle.USER_NULL) assertThat(service.hasSupervisionCredentials()).isFalse() } @Test fun hasSupervisionCredentials_supervisingUserMissingSecureLock_returnsFalse() { whenever(mockUserManagerInternal.getSupervisingProfileId()).thenReturn(SUPERVISING_USER_ID) whenever(mockKeyguardManager.isDeviceSecure(SUPERVISING_USER_ID)).thenReturn(false) assertThat(service.hasSupervisionCredentials()).isFalse() } private val systemSupervisionPackage: String get() = context.getResources().getString(R.string.config_systemSupervision) Loading
