Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +31 −44 Original line number Diff line number Diff line Loading @@ -16815,6 +16815,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } EnforcingAdmin enforcingAdmin; // TODO(b/370472975): enable when we stop policy enforecer callback from blocking the main // thread if (Flags.setPermissionGrantStateCoexistence()) { enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, Loading @@ -16840,6 +16843,31 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { callback.sendResult(null); return; } // TODO(b/266924257): decide how to handle the internal state if the package doesn't // exist, or the permission isn't requested by the app, because we could end up with // inconsistent state between the policy engine and package manager. Also a package // might get removed or has it's permission updated after we've set the policy. if (grantState == PERMISSION_GRANT_STATE_DEFAULT) { mDevicePolicyEngine.removeLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageName, permission), enforcingAdmin, caller.getUserId()); } else { mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageName, permission), enforcingAdmin, new IntegerPolicyValue(grantState), caller.getUserId()); } int newState = mInjector.binderWithCleanCallingIdentity(() -> getPermissionGrantStateForUser( packageName, permission, caller, caller.getUserId())); if (newState == grantState) { callback.sendResult(Bundle.EMPTY); } else { callback.sendResult(null); } } else { Preconditions.checkCallAuthorization((caller.hasAdminComponent() && (isProfileOwner(caller) || isDefaultDeviceOwner(caller) Loading @@ -16862,9 +16890,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (getLockObject()) { long ident = mInjector.binderClearCallingIdentity(); try { boolean isPostQAdmin = getTargetSdk(caller.getPackageName(), caller.getUserId()) >= android.os.Build.VERSION_CODES.Q; try { if (!isPostQAdmin) { // Legacy admins assume that they cannot control pre-M apps if (getTargetSdk(packageName, caller.getUserId()) Loading @@ -16877,47 +16906,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { callback.sendResult(null); return; } } catch (SecurityException e) { Slogf.e(LOG_TAG, "Could not set permission grant state", e); callback.sendResult(null); } finally { mInjector.binderRestoreCallingIdentity(ident); } } } // TODO(b/278710449): enable when we stop policy enforecer callback from blocking the main // thread if (false) { // TODO(b/266924257): decide how to handle the internal state if the package doesn't // exist, or the permission isn't requested by the app, because we could end up with // inconsistent state between the policy engine and package manager. Also a package // might get removed or has it's permission updated after we've set the policy. if (grantState == PERMISSION_GRANT_STATE_DEFAULT) { mDevicePolicyEngine.removeLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageName, permission), enforcingAdmin, caller.getUserId()); } else { mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageName, permission), enforcingAdmin, new IntegerPolicyValue(grantState), caller.getUserId()); } int newState = mInjector.binderWithCleanCallingIdentity(() -> getPermissionGrantStateForUser( packageName, permission, caller, caller.getUserId())); if (newState == grantState) { callback.sendResult(Bundle.EMPTY); } else { callback.sendResult(null); } } else { synchronized (getLockObject()) { long ident = mInjector.binderClearCallingIdentity(); try { boolean isPostQAdmin = getTargetSdk(caller.getPackageName(), caller.getUserId()) >= android.os.Build.VERSION_CODES.Q; if (grantState == PERMISSION_GRANT_STATE_GRANTED || grantState == DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED || grantState == DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT) { Loading @@ -16939,7 +16927,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } catch (SecurityException e) { Slogf.e(LOG_TAG, "Could not set permission grant state", e); callback.sendResult(null); } finally { mInjector.binderRestoreCallingIdentity(ident); Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +31 −44 Original line number Diff line number Diff line Loading @@ -16815,6 +16815,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } EnforcingAdmin enforcingAdmin; // TODO(b/370472975): enable when we stop policy enforecer callback from blocking the main // thread if (Flags.setPermissionGrantStateCoexistence()) { enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( admin, Loading @@ -16840,6 +16843,31 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { callback.sendResult(null); return; } // TODO(b/266924257): decide how to handle the internal state if the package doesn't // exist, or the permission isn't requested by the app, because we could end up with // inconsistent state between the policy engine and package manager. Also a package // might get removed or has it's permission updated after we've set the policy. if (grantState == PERMISSION_GRANT_STATE_DEFAULT) { mDevicePolicyEngine.removeLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageName, permission), enforcingAdmin, caller.getUserId()); } else { mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageName, permission), enforcingAdmin, new IntegerPolicyValue(grantState), caller.getUserId()); } int newState = mInjector.binderWithCleanCallingIdentity(() -> getPermissionGrantStateForUser( packageName, permission, caller, caller.getUserId())); if (newState == grantState) { callback.sendResult(Bundle.EMPTY); } else { callback.sendResult(null); } } else { Preconditions.checkCallAuthorization((caller.hasAdminComponent() && (isProfileOwner(caller) || isDefaultDeviceOwner(caller) Loading @@ -16862,9 +16890,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (getLockObject()) { long ident = mInjector.binderClearCallingIdentity(); try { boolean isPostQAdmin = getTargetSdk(caller.getPackageName(), caller.getUserId()) >= android.os.Build.VERSION_CODES.Q; try { if (!isPostQAdmin) { // Legacy admins assume that they cannot control pre-M apps if (getTargetSdk(packageName, caller.getUserId()) Loading @@ -16877,47 +16906,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { callback.sendResult(null); return; } } catch (SecurityException e) { Slogf.e(LOG_TAG, "Could not set permission grant state", e); callback.sendResult(null); } finally { mInjector.binderRestoreCallingIdentity(ident); } } } // TODO(b/278710449): enable when we stop policy enforecer callback from blocking the main // thread if (false) { // TODO(b/266924257): decide how to handle the internal state if the package doesn't // exist, or the permission isn't requested by the app, because we could end up with // inconsistent state between the policy engine and package manager. Also a package // might get removed or has it's permission updated after we've set the policy. if (grantState == PERMISSION_GRANT_STATE_DEFAULT) { mDevicePolicyEngine.removeLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageName, permission), enforcingAdmin, caller.getUserId()); } else { mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageName, permission), enforcingAdmin, new IntegerPolicyValue(grantState), caller.getUserId()); } int newState = mInjector.binderWithCleanCallingIdentity(() -> getPermissionGrantStateForUser( packageName, permission, caller, caller.getUserId())); if (newState == grantState) { callback.sendResult(Bundle.EMPTY); } else { callback.sendResult(null); } } else { synchronized (getLockObject()) { long ident = mInjector.binderClearCallingIdentity(); try { boolean isPostQAdmin = getTargetSdk(caller.getPackageName(), caller.getUserId()) >= android.os.Build.VERSION_CODES.Q; if (grantState == PERMISSION_GRANT_STATE_GRANTED || grantState == DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED || grantState == DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT) { Loading @@ -16939,7 +16927,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } catch (SecurityException e) { Slogf.e(LOG_TAG, "Could not set permission grant state", e); callback.sendResult(null); } finally { mInjector.binderRestoreCallingIdentity(ident);
