Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a42e8e4b authored by Kholoud Mohamed's avatar Kholoud Mohamed
Browse files

Migrate existing policies to the policy engine 

Migrated policies that are stored in DPMS only

Fixes: 258811766
Bug: 273494642
Test: btest a.d.c.UserControlDisabledPackagesTest#setUserControlDisabledPackages_policyMigration_works*
Test: btest a.d.c.PermitInputMethodsTest#setPermittedInputMethods_policyMigration_works*
Test: btest a.d.c.AccountManagementTest#setAccountManagementDisabled_policyMigration_works*
Test: btest a.d.c.ScreenCaptureDisabledTest#setScreenCaptureDisabled_policyMigration_works*
Change-Id: I320ba9a56e66ce2bf1833ff6e33b1c3d9e36013e
Merged-In: I320ba9a56e66ce2bf1833ff6e33b1c3d9e36013e
parent d38421d0

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+169 −24
Original line number Diff line number Diff line
@@ -12294,13 +12294,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(

                        who, MANAGE_DEVICE_POLICY_INPUT_METHODS,

                        caller.getPackageName(), userId);

                if (packageList == null) {

                    mDevicePolicyEngine.removeLocalPolicy(

                            PolicyDefinition.PERMITTED_INPUT_METHODS,

                            admin,

                            userId);

                } else {

                    mDevicePolicyEngine.setLocalPolicy(

                            PolicyDefinition.PERMITTED_INPUT_METHODS,

                            admin,

                        packageList == null

                                ? null

                                : new StringSetPolicyValue(new HashSet<>(packageList)),

                            new StringSetPolicyValue(new HashSet<>(packageList)),

                            userId);

                }

            } else {

                ActiveAdmin admin = getParentOfAdminIfRequired(

                        getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()),
@@ -12337,14 +12342,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }















        CallerIdentity caller;













        if (isPermissionCheckFlagEnabled()) {













        if (isPolicyEngineForFinanceFlagEnabled()) {















            caller = getCallerIdentity(who, callerPackageName);















        } else {















            caller = getCallerIdentity(who);















            Objects.requireNonNull(who, "ComponentName is null");















        }



























        if (!isPermissionCheckFlagEnabled()) {













        if (!isPolicyEngineForFinanceFlagEnabled()) {















            if (calledOnParentInstance) {















                Preconditions.checkCallAuthorization(















                        isProfileOwnerOfOrganizationOwnedDevice(caller));










@@ -14268,7 +14273,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                    resultSet.add(accountType);















                }















            }



























        } else {















            caller = getCallerIdentity();















            Preconditions.checkCallAuthorization(hasFullCrossUsersPermission(caller, userId));










@@ -24065,6 +24069,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













    private boolean hasNonTestOnlyActiveAdmins() {















        return mInjector.binderWithCleanCallingIdentity(() -> {















            for (UserInfo userInfo : mUserManager.getUsers()) {













                synchronized (getLockObject()) {















                    List<ComponentName> activeAdmins = getActiveAdmins(userInfo.id);















                    if (activeAdmins == null) {















                        continue;









@@ -24075,13 +24080,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                        }















                    }















                }













            }















            return false;















        });















    }





























    private boolean shouldMigrateToDevicePolicyEngine() {















        return mInjector.binderWithCleanCallingIdentity(() ->













                isPermissionCheckFlagEnabled() && !mOwners.isMigratedToPolicyEngine());













                (isPermissionCheckFlagEnabled() || isPolicyEngineForFinanceFlagEnabled())













                        && !mOwners.isMigratedToPolicyEngine());















    }





























    /**









@@ -24090,13 +24097,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













    private boolean migratePoliciesToDevicePolicyEngine() {















        return mInjector.binderWithCleanCallingIdentity(() -> {















            try {













                Slogf.i(LOG_TAG, "Started device policies migration to the device policy engine.");













                synchronized (getLockObject()) {













                    Slogf.i(LOG_TAG,













                            "Started device policies migration to the device policy engine.");













                    if (isUnicornFlagEnabled()) {















                        migrateAutoTimezonePolicy();















                        migratePermissionGrantStatePolicies();













                // TODO(b/258811766): add migration logic for all policies













                    }













                    migrateScreenCapturePolicyLocked();













                    migratePermittedInputMethodsPolicyLocked();













                    migrateAccountManagementDisabledPolicyLocked();













                    migrateUserControlDisabledPackagesLocked();





























                    mOwners.markMigrationToPolicyEngine();















                    return true;













                }















            } catch (Exception e) {















                mDevicePolicyEngine.clearAllPolicies();















                Slogf.e(LOG_TAG, e, "Error occurred during device policy migration, will "










@@ -24160,6 +24175,136 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        }















    }



























    private void migrateScreenCapturePolicyLocked() {













        Binder.withCleanCallingIdentity(() -> {













            if (mPolicyCache.getScreenCaptureDisallowedUser() == UserHandle.USER_NULL) {













                return;













            }













            ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();













            if (admin != null













                    && ((isDeviceOwner(admin) && admin.disableScreenCapture)













                    || (admin.getParentActiveAdmin() != null













                    && admin.getParentActiveAdmin().disableScreenCapture))) {













                EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(













                        admin.info.getComponent(),













                        admin.getUserHandle().getIdentifier(),













                        admin);













                mDevicePolicyEngine.setGlobalPolicy(













                        PolicyDefinition.SCREEN_CAPTURE_DISABLED,













                        enforcingAdmin,













                        new BooleanPolicyValue(true));













            }

























            List<UserInfo> users = mUserManager.getUsers();













            for (UserInfo userInfo : users) {













                ActiveAdmin profileOwner = getProfileOwnerLocked(userInfo.id);













                if (profileOwner != null && profileOwner.disableScreenCapture) {













                    EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(













                            profileOwner.info.getComponent(),













                            profileOwner.getUserHandle().getIdentifier(),













                            profileOwner);













                    mDevicePolicyEngine.setLocalPolicy(













                            PolicyDefinition.SCREEN_CAPTURE_DISABLED,













                            enforcingAdmin,













                            new BooleanPolicyValue(true),













                            profileOwner.getUserHandle().getIdentifier());













                }













            }













        });













    }

























    private void migratePermittedInputMethodsPolicyLocked() {













        Binder.withCleanCallingIdentity(() -> {













            List<UserInfo> users = mUserManager.getUsers();













            for (UserInfo userInfo : users) {













                ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);













                if (admin != null) {













                    EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(













                            admin.info.getComponent(),













                            admin.getUserHandle().getIdentifier(),













                            admin);













                    if (admin.permittedInputMethods != null) {













                        mDevicePolicyEngine.setLocalPolicy(













                                PolicyDefinition.PERMITTED_INPUT_METHODS,













                                enforcingAdmin,













                                new StringSetPolicyValue(













                                        new HashSet<>(admin.permittedInputMethods)),













                                admin.getUserHandle().getIdentifier());













                    }













                    if (admin.getParentActiveAdmin() != null













                            && admin.getParentActiveAdmin().permittedInputMethods != null) {













                        mDevicePolicyEngine.setLocalPolicy(













                                PolicyDefinition.PERMITTED_INPUT_METHODS,













                                enforcingAdmin,













                                new StringSetPolicyValue(













                                        new HashSet<>(admin.getParentActiveAdmin()













                                                .permittedInputMethods)),













                                getProfileParentId(admin.getUserHandle().getIdentifier()));













                    }













                }













            }













        });













    }

























    private void migrateAccountManagementDisabledPolicyLocked() {













        Binder.withCleanCallingIdentity(() -> {













            List<UserInfo> users = mUserManager.getUsers();













            for (UserInfo userInfo : users) {













                ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);













                if (admin != null) {













                    EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(













                            admin.info.getComponent(),













                            admin.getUserHandle().getIdentifier(),













                            admin);













                    for (String accountType : admin.accountTypesWithManagementDisabled) {













                        mDevicePolicyEngine.setLocalPolicy(













                                PolicyDefinition.ACCOUNT_MANAGEMENT_DISABLED(accountType),













                                enforcingAdmin,













                                new BooleanPolicyValue(true),













                                admin.getUserHandle().getIdentifier());













                    }













                    if (admin.getParentActiveAdmin() != null) {













                        for (String accountType : admin.getParentActiveAdmin()













                                .accountTypesWithManagementDisabled) {













                            mDevicePolicyEngine.setLocalPolicy(













                                    PolicyDefinition.ACCOUNT_MANAGEMENT_DISABLED(accountType),













                                    enforcingAdmin,













                                    new BooleanPolicyValue(true),













                                    getProfileParentId(admin.getUserHandle().getIdentifier()));













                        }













                    }













                }













            }













        });













    }













    













    private void migrateUserControlDisabledPackagesLocked() {













        Binder.withCleanCallingIdentity(() -> {













            List<UserInfo> users = mUserManager.getUsers();













            for (UserInfo userInfo : users) {













                ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);













                if (admin != null && admin.protectedPackages != null) {













                    EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(













                            admin.info.getComponent(),













                            admin.getUserHandle().getIdentifier(),













                            admin);













                    if (isDeviceOwner(admin)) {













                        mDevicePolicyEngine.setGlobalPolicy(













                                PolicyDefinition.USER_CONTROLLED_DISABLED_PACKAGES,













                                enforcingAdmin,













                                new StringSetPolicyValue(new HashSet<>(admin.protectedPackages)));













                    } else {













                        mDevicePolicyEngine.setLocalPolicy(













                                PolicyDefinition.USER_CONTROLLED_DISABLED_PACKAGES,













                                enforcingAdmin,













                                new StringSetPolicyValue(new HashSet<>(admin.protectedPackages)),













                                admin.getUserHandle().getIdentifier());













                    }













                }













            }













        });













    }



























    private List<PackageInfo> getInstalledPackagesOnUser(int userId) {















        return mInjector.binderWithCleanCallingIdentity(() ->















                mContext.getPackageManager().getInstalledPackagesAsUser(