Update canAdminGrantSensorsPermissions to always check system user. (ae1e35bf) · Commits · e / os / android_frameworks_base

core/java/android/app/admin/DevicePolicyCache.java

+3 −4

Original line number	Diff line number	Diff line
		@@ -56,10 +56,9 @@ public abstract class DevicePolicyCache {
		public abstract int getPermissionPolicy(@UserIdInt int userHandle);

		/**
		* Caches {@link DevicePolicyManager#canAdminGrantSensorsPermissionsForUser(int)} for the
		* given user.
		* True if there is an admin on the device who can grant sensor permissions.
		*/
		public abstract boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userHandle);
		public abstract boolean canAdminGrantSensorsPermissions();

		/**
		* Empty implementation.
		@@ -83,7 +82,7 @@ public abstract class DevicePolicyCache {
		}

		@Override
		public boolean canAdminGrantSensorsPermissionsForUser(int userHandle) {
		public boolean canAdminGrantSensorsPermissions() {
		return false;
		}
		}

core/java/android/app/admin/DevicePolicyManager.java

+3 −3

Original line number	Diff line number	Diff line
		@@ -15776,7 +15776,7 @@ public class DevicePolicyManager {
		}

		/**
		* Returns true if the caller is running on a device where the admin can grant
		* Returns true if the caller is running on a device where an admin can grant
		* permissions related to device sensors.
		* This is a signal that the device is a fully-managed device where personal usage is
		* discouraged.
		@@ -15784,7 +15784,7 @@ public class DevicePolicyManager {
		* {@link #setPermissionGrantState(ComponentName, String, String, int)}.
		*
		* May be called by any app.
		* @return true if the app can grant device sensors-related permissions, false otherwise.
		* @return true if an admin can grant device sensors-related permissions, false otherwise.
		*/
		public boolean canAdminGrantSensorsPermissions() {
		throwIfParentInstance("canAdminGrantSensorsPermissions");
		@@ -15792,7 +15792,7 @@ public class DevicePolicyManager {
		return false;
		}
		try {
		return mService.canAdminGrantSensorsPermissionsForUser(myUserId());
		return mService.canAdminGrantSensorsPermissions();
		} catch (RemoteException re) {
		throw re.rethrowFromSystemServer();
		}

core/java/android/app/admin/IDevicePolicyManager.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -553,7 +553,7 @@ interface IDevicePolicyManager {
		int getDeviceOwnerType(in ComponentName admin);

		void resetDefaultCrossProfileIntentFilters(int userId);
		boolean canAdminGrantSensorsPermissionsForUser(int userId);
		boolean canAdminGrantSensorsPermissions();

		void setUsbDataSignalingEnabled(String callerPackage, boolean enabled);
		boolean isUsbDataSignalingEnabled(String callerPackage);

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java

+18 −27

Original line number	Diff line number	Diff line
		@@ -20,11 +20,12 @@ import android.app.admin.DevicePolicyCache;
		import android.app.admin.DevicePolicyManager;
		import android.os.UserHandle;
		import android.util.IndentingPrintWriter;
		import android.util.SparseBooleanArray;
		import android.util.SparseIntArray;

		import com.android.internal.annotations.GuardedBy;

		import java.util.concurrent.atomic.AtomicBoolean;

		/**
		* Implementation of {@link DevicePolicyCache}, to which {@link DevicePolicyManagerService} pushes
		* policies.
		@@ -51,20 +52,13 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache {
		@GuardedBy("mLock")
		private final SparseIntArray mPermissionPolicy = new SparseIntArray();

		/** Maps to {@code ActiveAdmin.mAdminCanGrantSensorsPermissions}.
		*
		* <p>For users affiliated with the device, they inherit the policy from {@code DO} so
		* it will map to the {@code DO}'s policy. Otherwise it will map to the admin of the requesting
		* user.
		*/
		@GuardedBy("mLock")
		private final SparseBooleanArray mCanGrantSensorsPermissions = new SparseBooleanArray();
		/** Maps to {@code ActiveAdmin.mAdminCanGrantSensorsPermissions}. */
		private final AtomicBoolean mCanGrantSensorsPermissions = new AtomicBoolean(false);

		public void onUserRemoved(int userHandle) {
		synchronized (mLock) {
		mPasswordQuality.delete(userHandle);
		mPermissionPolicy.delete(userHandle);
		mCanGrantSensorsPermissions.delete(userHandle);
		}
		}

		@@ -119,28 +113,25 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache {
		}

		@Override
		public boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userId) {
		synchronized (mLock) {
		return mCanGrantSensorsPermissions.get(userId, false);
		}
		public boolean canAdminGrantSensorsPermissions() {
		return mCanGrantSensorsPermissions.get();
		}

		/** Sets ahmin control over permission grants for user. */
		public void setAdminCanGrantSensorsPermissions(@UserIdInt int userId, boolean canGrant) {
		synchronized (mLock) {
		mCanGrantSensorsPermissions.put(userId, canGrant);
		}
		/** Sets admin control over permission grants. */
		public void setAdminCanGrantSensorsPermissions(boolean canGrant) {
		mCanGrantSensorsPermissions.set(canGrant);
		}

		/** Dump content */
		public void dump(IndentingPrintWriter pw) {
		synchronized (mLock) {
		pw.println("Device policy cache:");
		pw.increaseIndent();
		pw.println("Screen capture disallowed user: " + mScreenCaptureDisallowedUser);
		pw.println("Password quality: " + mPasswordQuality.toString());
		pw.println("Permission policy: " + mPermissionPolicy.toString());
		pw.println("Admin can grant sensors permission: "
		+ mCanGrantSensorsPermissions.toString());
		pw.println("Password quality: " + mPasswordQuality);
		pw.println("Permission policy: " + mPermissionPolicy);
		pw.println("Admin can grant sensors permission: " + mCanGrantSensorsPermissions.get());
		pw.decreaseIndent();
		}
		}
		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+6 −6

Original line number	Diff line number	Diff line
		@@ -8642,7 +8642,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		// hard-coded default value setting.
		if (isAdb(caller)) {
		activeAdmin.mAdminCanGrantSensorsPermissions = true;
		mPolicyCache.setAdminCanGrantSensorsPermissions(userId, true);
		mPolicyCache.setAdminCanGrantSensorsPermissions(true);
		saveSettingsLocked(userId);
		}

		@@ -14667,7 +14667,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		AdminPermissionControlParams permissionParams =
		new AdminPermissionControlParams(packageName, permission,
		grantState,
		canAdminGrantSensorsPermissionsForUser(caller.getUserId()));
		canAdminGrantSensorsPermissions());
		mInjector.getPermissionControllerManager(caller.getUserHandle())
		.setRuntimePermissionGrantStateByDeviceAdmin(
		caller.getPackageName(),
		@@ -19263,7 +19263,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		"May only be set on a the user of a device owner.");

		owner.mAdminCanGrantSensorsPermissions = canGrant;
		mPolicyCache.setAdminCanGrantSensorsPermissions(userId, canGrant);
		mPolicyCache.setAdminCanGrantSensorsPermissions(canGrant);
		saveSettingsLocked(userId);
		}
		}
		@@ -19293,7 +19293,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		owner = getDeviceOrProfileOwnerAdminLocked(userId);
		}
		boolean canGrant = owner != null ? owner.mAdminCanGrantSensorsPermissions : false;
		mPolicyCache.setAdminCanGrantSensorsPermissions(userId, canGrant);
		mPolicyCache.setAdminCanGrantSensorsPermissions(canGrant);
		}
		}

		@@ -19338,12 +19338,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}

		@Override
		public boolean canAdminGrantSensorsPermissionsForUser(int userId) {
		public boolean canAdminGrantSensorsPermissions() {
		if (!mHasFeature) {
		return false;
		}

		return mPolicyCache.canAdminGrantSensorsPermissionsForUser(userId);
		return mPolicyCache.canAdminGrantSensorsPermissions();
		}

		@Override