Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit af6b08b0 authored by Alex Johnston's avatar Alex Johnston
Browse files

Make screen capture per-device DO and COPE 

Test cases:
- DO
  - Verify disabled for entire device
  - Verify still disabled after restart
  - Verify no longer disabled when DO is removed
- COPE
  - parent
     - Verify disabled for entire device
     - Verify still disabled after restart
     - Verify no longer disabled when COPE PO is removed
  - not-parent
     - Verify disabled for user
     - Verify disabled after restart
     - Verify disabled when PO is removed

Bug: 217558483
Test: DevicePolicyManagerTest
      OrgOwnedProfileOwnerTest#testScreenCaptureDisabled
      ScreenCaptureDisabledTest
Change-Id: I977eb18619da46e1cfc5d0a8d351ea80d3ea7205
parent 6d7970c9

core/java/android/app/admin/DevicePolicyCache.java

+2 −4
Original line number Diff line number Diff line
@@ -41,8 +41,7 @@ public abstract class DevicePolicyCache { 
    /**

     * See {@link DevicePolicyManager#getScreenCaptureDisabled}

     */

    public abstract boolean isScreenCaptureAllowed(@UserIdInt int userHandle,

            boolean ownerCanAddInternalSystemWindow);

    public abstract boolean isScreenCaptureAllowed(@UserIdInt int userHandle);



    /**

     * Caches {@link DevicePolicyManager#getPasswordQuality(android.content.ComponentName)} of the
@@ -70,8 +69,7 @@ public abstract class DevicePolicyCache { 
        private static final EmptyDevicePolicyCache INSTANCE = new EmptyDevicePolicyCache();



        @Override

        public boolean isScreenCaptureAllowed(int userHandle,

                boolean ownerCanAddInternalSystemWindow) {

        public boolean isScreenCaptureAllowed(int userHandle) {

            return true;

        }

core/java/android/view/IWindowManager.aidl

+1 −1
Original line number Diff line number Diff line
@@ -249,7 +249,7 @@ interface IWindowManager 
     * Set whether screen capture is disabled for all windows of a specific user from

     * the device policy cache.

     */

    void refreshScreenCaptureDisabled(int userId);

    void refreshScreenCaptureDisabled();



    // These can only be called with the SET_ORIENTATION permission.

    /**

services/core/java/com/android/server/wm/ActivityTaskManagerService.java

+1 −1
Original line number Diff line number Diff line
@@ -3331,7 +3331,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub { 
            }

            userId = activity.mUserId;

        }

        return DevicePolicyCache.getInstance().isScreenCaptureAllowed(userId, false);

        return DevicePolicyCache.getInstance().isScreenCaptureAllowed(userId);

    }



    private void onLocalVoiceInteractionStartedLocked(IBinder activity,

services/core/java/com/android/server/wm/RootWindowContainer.java

+2 −2
Original line number Diff line number Diff line
@@ -643,9 +643,9 @@ class RootWindowContainer extends WindowContainer<DisplayContent> 
        }

    }



    void setSecureSurfaceState(int userId) {

    void refreshSecureSurfaceState() {

        forAllWindows((w) -> {

            if (w.mHasSurface && userId == w.mShowUserId) {

            if (w.mHasSurface) {

                w.mWinAnimator.setSecureLocked(w.isSecureLocked());

            }

        }, true /* traverseTopToBottom */);

services/core/java/com/android/server/wm/WindowManagerService.java

+3 −3
Original line number Diff line number Diff line
@@ -2009,15 +2009,15 @@ public class WindowManagerService extends IWindowManager.Stub 
     * the device policy cache.

     */

    @Override

    public void refreshScreenCaptureDisabled(int userId) {

    public void refreshScreenCaptureDisabled() {

        int callingUid = Binder.getCallingUid();

        if (callingUid != SYSTEM_UID) {

            throw new SecurityException("Only system can call refreshScreenCaptureDisabled.");

        }



        synchronized (mGlobalLock) {

            // Update secure surface for all windows belonging to this user.

            mRoot.setSecureSurfaceState(userId);

            // Refresh secure surface for all windows.

            mRoot.refreshSecureSurfaceState();

        }

    }