Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +72 −5 Original line number Diff line number Diff line Loading @@ -3395,7 +3395,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (shouldMigrateV1ToDevicePolicyEngine()) { migrateV1PoliciesToDevicePolicyEngine(); } maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked(); migratePoliciesToPolicyEngineLocked(); } maybeStartSecurityLogMonitorOnActivityManagerReady(); break; Loading Loading @@ -23736,7 +23738,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (!canForceMigration && !shouldMigrateV1ToDevicePolicyEngine()) { return false; } return migrateV1PoliciesToDevicePolicyEngine(); boolean migrated = migrateV1PoliciesToDevicePolicyEngine(); migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked(); return migrated; }); } Loading Loading @@ -23765,6 +23769,30 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { /** * Migrates the initial set of policies to use policy engine. * [b/318497672] Migrate policies that weren't migrated properly in the initial migration on * update from Android T to Android U */ private void maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked() { if (!mOwners.isMigratedToPolicyEngine() || mOwners.isMigratedPostUpdate()) { return; } migratePoliciesPostUpgradeToDevicePolicyEngineLocked(); mOwners.markPostUpgradeMigration(); } private boolean migratePoliciesPostUpgradeToDevicePolicyEngineLocked() { try { migrateScreenCapturePolicyLocked(); migrateLockTaskPolicyLocked(); return true; } catch (Exception e) { Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device " + "policy engine."); return false; } } /** * @return {@code true} if policies were migrated successfully, {@code false} otherwise. */ private boolean migrateV1PoliciesToDevicePolicyEngine() { Loading @@ -23777,7 +23805,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { migrateAutoTimezonePolicy(); migratePermissionGrantStatePolicies(); } migrateScreenCapturePolicyLocked(); migratePermittedInputMethodsPolicyLocked(); migrateAccountManagementDisabledPolicyLocked(); migrateUserControlDisabledPackagesLocked(); Loading Loading @@ -23858,14 +23885,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private void migrateScreenCapturePolicyLocked() { Binder.withCleanCallingIdentity(() -> { if (mPolicyCache.getScreenCaptureDisallowedUser() == UserHandle.USER_NULL) { return; } ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(); if (admin != null && ((isDeviceOwner(admin) && admin.disableScreenCapture) || (admin.getParentActiveAdmin() != null && admin.getParentActiveAdmin().disableScreenCapture))) { EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), admin.getUserHandle().getIdentifier(), Loading Loading @@ -23894,6 +23919,48 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { }); } private void migrateLockTaskPolicyLocked() { Binder.withCleanCallingIdentity(() -> { ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); if (deviceOwner != null) { int doUserId = deviceOwner.getUserHandle().getIdentifier(); DevicePolicyData policies = getUserData(doUserId); List<String> packages = policies.mLockTaskPackages; int features = policies.mLockTaskFeatures; // TODO: find out about persistent preferred activities if (!packages.isEmpty()) { setLockTaskPolicyInPolicyEngine(deviceOwner, doUserId, packages, features); } } for (int userId : mUserManagerInternal.getUserIds()) { ActiveAdmin profileOwner = getProfileOwnerLocked(userId); if (profileOwner != null && canDPCManagedUserUseLockTaskLocked(userId)) { DevicePolicyData policies = getUserData(userId); List<String> packages = policies.mLockTaskPackages; int features = policies.mLockTaskFeatures; if (!packages.isEmpty()) { setLockTaskPolicyInPolicyEngine(profileOwner, userId, packages, features); } } } }); } private void setLockTaskPolicyInPolicyEngine( ActiveAdmin admin, int userId, List<String> packages, int features) { EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), userId, admin); mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.LOCK_TASK, enforcingAdmin, new LockTaskPolicy(new HashSet<>(packages), features), userId); } private void migratePermittedInputMethodsPolicyLocked() { Binder.withCleanCallingIdentity(() -> { List<UserInfo> users = mUserManager.getUsers(); services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +13 −0 Original line number Diff line number Diff line Loading @@ -623,12 +623,25 @@ class Owners { } } void markPostUpgradeMigration() { synchronized (mData) { mData.mPoliciesMigratedPostUpdate = true; mData.writeDeviceOwner(); } } boolean isSecurityLoggingMigrated() { synchronized (mData) { return mData.mSecurityLoggingMigrated; } } boolean isMigratedPostUpdate() { synchronized (mData) { return mData.mPoliciesMigratedPostUpdate; } } @GuardedBy("mData") void pushToAppOpsLocked() { if (!mSystemReady) { Loading services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java +8 −0 Original line number Diff line number Diff line Loading @@ -89,6 +89,8 @@ class OwnersData { private static final String ATTR_MIGRATED_TO_POLICY_ENGINE = "migratedToPolicyEngine"; private static final String ATTR_SECURITY_LOG_MIGRATED = "securityLogMigrated"; private static final String ATTR_MIGRATED_POST_UPGRADE = "migratedPostUpgrade"; // Internal state for the device owner package. OwnerInfo mDeviceOwner; int mDeviceOwnerUserId = UserHandle.USER_NULL; Loading Loading @@ -117,6 +119,8 @@ class OwnersData { boolean mMigratedToPolicyEngine = false; boolean mSecurityLoggingMigrated = false; boolean mPoliciesMigratedPostUpdate = false; OwnersData(PolicyPathProvider pathProvider) { mPathProvider = pathProvider; } Loading Loading @@ -400,6 +404,7 @@ class OwnersData { out.startTag(null, TAG_POLICY_ENGINE_MIGRATION); out.attributeBoolean(null, ATTR_MIGRATED_TO_POLICY_ENGINE, mMigratedToPolicyEngine); out.attributeBoolean(null, ATTR_MIGRATED_POST_UPGRADE, mPoliciesMigratedPostUpdate); if (Flags.securityLogV2Enabled()) { out.attributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, mSecurityLoggingMigrated); } Loading Loading @@ -463,8 +468,11 @@ class OwnersData { case TAG_POLICY_ENGINE_MIGRATION: mMigratedToPolicyEngine = parser.getAttributeBoolean( null, ATTR_MIGRATED_TO_POLICY_ENGINE, false); mPoliciesMigratedPostUpdate = parser.getAttributeBoolean( null, ATTR_MIGRATED_POST_UPGRADE, false); mSecurityLoggingMigrated = Flags.securityLogV2Enabled() && parser.getAttributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, false); break; default: Slog.e(TAG, "Unexpected tag: " + tag); Loading services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java +3 −0 Original line number Diff line number Diff line Loading @@ -145,6 +145,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { @SmallTest @Test @Ignore("b/277916462") public void testCompMigrationUnAffiliated_skipped() throws Exception { prepareAdmin1AsDo(); prepareAdminAnotherPackageAsPo(COPE_PROFILE_USER_ID); Loading Loading @@ -216,6 +217,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { @SmallTest @Test @Ignore("b/277916462") public void testCompMigration_keepSuspendedAppsWhenDpcIsRPlus() throws Exception { prepareAdmin1AsDo(); prepareAdmin1AsPo(COPE_PROFILE_USER_ID, Build.VERSION_CODES.R); Loading Loading @@ -249,6 +251,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { @SmallTest @Test @Ignore("b/277916462") public void testCompMigration_unsuspendAppsWhenDpcNotRPlus() throws Exception { prepareAdmin1AsDo(); prepareAdmin1AsPo(COPE_PROFILE_USER_ID, Build.VERSION_CODES.Q); Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +72 −5 Original line number Diff line number Diff line Loading @@ -3395,7 +3395,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (shouldMigrateV1ToDevicePolicyEngine()) { migrateV1PoliciesToDevicePolicyEngine(); } maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked(); migratePoliciesToPolicyEngineLocked(); } maybeStartSecurityLogMonitorOnActivityManagerReady(); break; Loading Loading @@ -23736,7 +23738,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (!canForceMigration && !shouldMigrateV1ToDevicePolicyEngine()) { return false; } return migrateV1PoliciesToDevicePolicyEngine(); boolean migrated = migrateV1PoliciesToDevicePolicyEngine(); migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked(); return migrated; }); } Loading Loading @@ -23765,6 +23769,30 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { /** * Migrates the initial set of policies to use policy engine. * [b/318497672] Migrate policies that weren't migrated properly in the initial migration on * update from Android T to Android U */ private void maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked() { if (!mOwners.isMigratedToPolicyEngine() || mOwners.isMigratedPostUpdate()) { return; } migratePoliciesPostUpgradeToDevicePolicyEngineLocked(); mOwners.markPostUpgradeMigration(); } private boolean migratePoliciesPostUpgradeToDevicePolicyEngineLocked() { try { migrateScreenCapturePolicyLocked(); migrateLockTaskPolicyLocked(); return true; } catch (Exception e) { Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device " + "policy engine."); return false; } } /** * @return {@code true} if policies were migrated successfully, {@code false} otherwise. */ private boolean migrateV1PoliciesToDevicePolicyEngine() { Loading @@ -23777,7 +23805,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { migrateAutoTimezonePolicy(); migratePermissionGrantStatePolicies(); } migrateScreenCapturePolicyLocked(); migratePermittedInputMethodsPolicyLocked(); migrateAccountManagementDisabledPolicyLocked(); migrateUserControlDisabledPackagesLocked(); Loading Loading @@ -23858,14 +23885,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private void migrateScreenCapturePolicyLocked() { Binder.withCleanCallingIdentity(() -> { if (mPolicyCache.getScreenCaptureDisallowedUser() == UserHandle.USER_NULL) { return; } ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(); if (admin != null && ((isDeviceOwner(admin) && admin.disableScreenCapture) || (admin.getParentActiveAdmin() != null && admin.getParentActiveAdmin().disableScreenCapture))) { EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), admin.getUserHandle().getIdentifier(), Loading Loading @@ -23894,6 +23919,48 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { }); } private void migrateLockTaskPolicyLocked() { Binder.withCleanCallingIdentity(() -> { ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); if (deviceOwner != null) { int doUserId = deviceOwner.getUserHandle().getIdentifier(); DevicePolicyData policies = getUserData(doUserId); List<String> packages = policies.mLockTaskPackages; int features = policies.mLockTaskFeatures; // TODO: find out about persistent preferred activities if (!packages.isEmpty()) { setLockTaskPolicyInPolicyEngine(deviceOwner, doUserId, packages, features); } } for (int userId : mUserManagerInternal.getUserIds()) { ActiveAdmin profileOwner = getProfileOwnerLocked(userId); if (profileOwner != null && canDPCManagedUserUseLockTaskLocked(userId)) { DevicePolicyData policies = getUserData(userId); List<String> packages = policies.mLockTaskPackages; int features = policies.mLockTaskFeatures; if (!packages.isEmpty()) { setLockTaskPolicyInPolicyEngine(profileOwner, userId, packages, features); } } } }); } private void setLockTaskPolicyInPolicyEngine( ActiveAdmin admin, int userId, List<String> packages, int features) { EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), userId, admin); mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.LOCK_TASK, enforcingAdmin, new LockTaskPolicy(new HashSet<>(packages), features), userId); } private void migratePermittedInputMethodsPolicyLocked() { Binder.withCleanCallingIdentity(() -> { List<UserInfo> users = mUserManager.getUsers();
services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +13 −0 Original line number Diff line number Diff line Loading @@ -623,12 +623,25 @@ class Owners { } } void markPostUpgradeMigration() { synchronized (mData) { mData.mPoliciesMigratedPostUpdate = true; mData.writeDeviceOwner(); } } boolean isSecurityLoggingMigrated() { synchronized (mData) { return mData.mSecurityLoggingMigrated; } } boolean isMigratedPostUpdate() { synchronized (mData) { return mData.mPoliciesMigratedPostUpdate; } } @GuardedBy("mData") void pushToAppOpsLocked() { if (!mSystemReady) { Loading
services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java +8 −0 Original line number Diff line number Diff line Loading @@ -89,6 +89,8 @@ class OwnersData { private static final String ATTR_MIGRATED_TO_POLICY_ENGINE = "migratedToPolicyEngine"; private static final String ATTR_SECURITY_LOG_MIGRATED = "securityLogMigrated"; private static final String ATTR_MIGRATED_POST_UPGRADE = "migratedPostUpgrade"; // Internal state for the device owner package. OwnerInfo mDeviceOwner; int mDeviceOwnerUserId = UserHandle.USER_NULL; Loading Loading @@ -117,6 +119,8 @@ class OwnersData { boolean mMigratedToPolicyEngine = false; boolean mSecurityLoggingMigrated = false; boolean mPoliciesMigratedPostUpdate = false; OwnersData(PolicyPathProvider pathProvider) { mPathProvider = pathProvider; } Loading Loading @@ -400,6 +404,7 @@ class OwnersData { out.startTag(null, TAG_POLICY_ENGINE_MIGRATION); out.attributeBoolean(null, ATTR_MIGRATED_TO_POLICY_ENGINE, mMigratedToPolicyEngine); out.attributeBoolean(null, ATTR_MIGRATED_POST_UPGRADE, mPoliciesMigratedPostUpdate); if (Flags.securityLogV2Enabled()) { out.attributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, mSecurityLoggingMigrated); } Loading Loading @@ -463,8 +468,11 @@ class OwnersData { case TAG_POLICY_ENGINE_MIGRATION: mMigratedToPolicyEngine = parser.getAttributeBoolean( null, ATTR_MIGRATED_TO_POLICY_ENGINE, false); mPoliciesMigratedPostUpdate = parser.getAttributeBoolean( null, ATTR_MIGRATED_POST_UPGRADE, false); mSecurityLoggingMigrated = Flags.securityLogV2Enabled() && parser.getAttributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, false); break; default: Slog.e(TAG, "Unexpected tag: " + tag); Loading
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java +3 −0 Original line number Diff line number Diff line Loading @@ -145,6 +145,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { @SmallTest @Test @Ignore("b/277916462") public void testCompMigrationUnAffiliated_skipped() throws Exception { prepareAdmin1AsDo(); prepareAdminAnotherPackageAsPo(COPE_PROFILE_USER_ID); Loading Loading @@ -216,6 +217,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { @SmallTest @Test @Ignore("b/277916462") public void testCompMigration_keepSuspendedAppsWhenDpcIsRPlus() throws Exception { prepareAdmin1AsDo(); prepareAdmin1AsPo(COPE_PROFILE_USER_ID, Build.VERSION_CODES.R); Loading Loading @@ -249,6 +251,7 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { @SmallTest @Test @Ignore("b/277916462") public void testCompMigration_unsuspendAppsWhenDpcNotRPlus() throws Exception { prepareAdmin1AsDo(); prepareAdmin1AsPo(COPE_PROFILE_USER_ID, Build.VERSION_CODES.Q); Loading
