Merge "Allow affiliated profile owner to grant sensor permissions." into... (ad980c4b) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java

+10 −5

Original line number	Diff line number	Diff line
		@@ -46,6 +46,12 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache {
		@GuardedBy("mLock")
		private final SparseIntArray mPermissionPolicy = new SparseIntArray();

		/** Maps to {@code ActiveAdmin.mAdminCanGrantSensorsPermissions}.
		*
		* <p>For users affiliated with the device, they inherit the policy from {@code DO} so
		* it will map to the {@code DO}'s policy. Otherwise it will map to the admin of the requesting
		* user.
		*/
		@GuardedBy("mLock")
		private final SparseBooleanArray mCanGrantSensorsPermissions = new SparseBooleanArray();

		@@ -102,17 +108,16 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache {
		}

		@Override
		public boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userHandle) {
		public boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userId) {
		synchronized (mLock) {
		return mCanGrantSensorsPermissions.get(userHandle, false);
		return mCanGrantSensorsPermissions.get(userId, false);
		}
		}

		/** Sets ahmin control over permission grants for user. */
		public void setAdminCanGrantSensorsPermissions(@UserIdInt int userHandle,
		boolean canGrant) {
		public void setAdminCanGrantSensorsPermissions(@UserIdInt int userId, boolean canGrant) {
		synchronized (mLock) {
		mCanGrantSensorsPermissions.put(userHandle, canGrant);
		mCanGrantSensorsPermissions.put(userId, canGrant);
		}
		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+17 −7

Original line number	Diff line number	Diff line
		@@ -9141,9 +9141,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}

		/**
		* Returns the ActiveAdmin associated wit the PO or DO on the given user.
		* @param userHandle
		* @return
		* Returns the ActiveAdmin associated with the PO or DO on the given user.
		*/
		private @Nullable ActiveAdmin getDeviceOrProfileOwnerAdminLocked(int userHandle) {
		ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle);
		@@ -14300,6 +14298,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		maybePauseDeviceWideLoggingLocked();
		maybeResumeDeviceWideLoggingLocked();
		maybeClearLockTaskPolicyLocked();
		updateAdminCanGrantSensorsPermissionCache(callingUserId);
		}
		}

		@@ -17480,7 +17479,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		});
		}

		private void setAdminCanGrantSensorsPermissionForUserUnchecked(int userId, boolean canGrant) {
		private void setAdminCanGrantSensorsPermissionForUserUnchecked(@UserIdInt int userId,
		boolean canGrant) {
		Slogf.d(LOG_TAG, "setAdminCanGrantSensorsPermissionForUserUnchecked(%d, %b)",
		userId, canGrant);
		synchronized (getLockObject()) {
		ActiveAdmin owner = getDeviceOrProfileOwnerAdminLocked(userId);

		@@ -17494,10 +17496,18 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}
		}

		private void updateAdminCanGrantSensorsPermissionCache(int userId) {
		private void updateAdminCanGrantSensorsPermissionCache(@UserIdInt int userId) {
		synchronized (getLockObject()) {
		ActiveAdmin owner = getDeviceOrProfileOwnerAdminLocked(userId);
		final boolean canGrant = owner != null ? owner.mAdminCanGrantSensorsPermissions : false;

		ActiveAdmin owner;
		// If the user is affiliated the device (either a DO itself, or an affiliated PO),
		// use mAdminCanGrantSensorsPermissions from the DO
		if (isUserAffiliatedWithDeviceLocked(userId)) {
		owner = getDeviceOwnerAdminLocked();
		} else {
		owner = getDeviceOrProfileOwnerAdminLocked(userId);
		}
		boolean canGrant = owner != null ? owner.mAdminCanGrantSensorsPermissions : false;
		mPolicyCache.setAdminCanGrantSensorsPermissions(userId, canGrant);
		}
		}