Loading core/java/android/app/admin/DevicePolicyManager.java +4 −8 Original line number Diff line number Diff line Loading @@ -7608,8 +7608,8 @@ public class DevicePolicyManager { } /** * Called by a device owner to bind to a service from a profile owner of a managed profile or * vice versa. See {@link #getBindDeviceAdminTargetUsers} for a definition of which * Called by a device owner to bind to a service from a profile owner or vice versa. * See {@link #getBindDeviceAdminTargetUsers} for a definition of which * device/profile owners are allowed to bind to services of another profile/device owner. * <p> * The service must be unexported. Note that the {@link Context} used to obtain this Loading Loading @@ -7655,14 +7655,10 @@ public class DevicePolicyManager { * Returns the list of target users that the calling device or profile owner can use when * calling {@link #bindDeviceAdminServiceAsUser}. * <p> * A device owner can bind to a service from a profile owner of a managed profile and * vice versa, provided that: * A device owner can bind to a service from a profile owner and vice versa, provided that: * <ul> * <li>Both belong to the same package name. * <li>The managed profile is a profile of the user where the device owner is set. * See {@link UserManager#getUserProfiles()} * <li>Both users are affiliated. * See {@link #setAffiliationIds}. * <li>Both users are affiliated. See {@link #setAffiliationIds}. * </ul> */ public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) { Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +30 −26 Original line number Diff line number Diff line Loading @@ -9907,7 +9907,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private boolean areAllUsersAffiliatedWithDeviceLocked() { final long ident = mInjector.binderClearCallingIdentity(); try { final List<UserInfo> userInfos = mUserManager.getUsers(); final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); for (int i = 0; i < userInfos.size(); i++) { int userId = userInfos.get(i).id; if (!isUserAffiliatedWithDeviceLocked(userId)) { Loading Loading @@ -10315,47 +10315,51 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return Collections.emptyList(); } Preconditions.checkNotNull(admin); ArrayList<UserHandle> targetUsers = new ArrayList<>(); synchronized (this) { ActiveAdmin callingOwner = getActiveAdminForCallerLocked( admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); final int callingUserId = mInjector.userHandleGetCallingUserId(); final boolean isCallerDeviceOwner = isDeviceOwner(callingOwner); final boolean isCallerManagedProfile = isManagedProfile(callingUserId); if ((!isCallerDeviceOwner && !isCallerManagedProfile) || !isUserAffiliatedWithDeviceLocked(callingUserId)) { return targetUsers; } final long callingIdentity = mInjector.binderClearCallingIdentity(); try { String callingOwnerPackage = callingOwner.info.getComponent().getPackageName(); for (int userId : mUserManager.getProfileIdsWithDisabled(callingUserId)) { if (userId == callingUserId) { continue; ArrayList<UserHandle> targetUsers = new ArrayList<>(); if (!isDeviceOwner(admin, callingUserId)) { // Profile owners can only bind to the device owner. if (canUserBindToDeviceOwnerLocked(callingUserId)) { targetUsers.add(UserHandle.of(mOwners.getDeviceOwnerUserId())); } // We only allow the device owner and a managed profile owner to bind to each // other. if ((isCallerManagedProfile && userId == mOwners.getDeviceOwnerUserId()) || (isCallerDeviceOwner && isManagedProfile(userId))) { String targetOwnerPackage = getOwnerPackageNameForUserLocked(userId); // Both must be the same package and be affiliated in order to bind. if (callingOwnerPackage.equals(targetOwnerPackage) && isUserAffiliatedWithDeviceLocked(userId)) { } else { // Caller is the device owner: Look for profile owners that it can bind to. final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); for (int i = 0; i < userInfos.size(); i++) { final int userId = userInfos.get(i).id; if (userId != callingUserId && canUserBindToDeviceOwnerLocked(userId)) { targetUsers.add(UserHandle.of(userId)); } } } return targetUsers; } finally { mInjector.binderRestoreCallingIdentity(callingIdentity); } } } return targetUsers; private boolean canUserBindToDeviceOwnerLocked(int userId) { // There has to be a device owner, under another user id. if (!mOwners.hasDeviceOwner() || userId == mOwners.getDeviceOwnerUserId()) { return false; } // The user must have a profile owner that belongs to the same package as the device owner. if (!mOwners.hasProfileOwner(userId) || !TextUtils.equals( mOwners.getDeviceOwnerPackageName(), mOwners.getProfileOwnerPackage(userId))) { return false; } // The user must be affiliated. return isUserAffiliatedWithDeviceLocked(userId); } /** Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +4 −8 Original line number Diff line number Diff line Loading @@ -7608,8 +7608,8 @@ public class DevicePolicyManager { } /** * Called by a device owner to bind to a service from a profile owner of a managed profile or * vice versa. See {@link #getBindDeviceAdminTargetUsers} for a definition of which * Called by a device owner to bind to a service from a profile owner or vice versa. * See {@link #getBindDeviceAdminTargetUsers} for a definition of which * device/profile owners are allowed to bind to services of another profile/device owner. * <p> * The service must be unexported. Note that the {@link Context} used to obtain this Loading Loading @@ -7655,14 +7655,10 @@ public class DevicePolicyManager { * Returns the list of target users that the calling device or profile owner can use when * calling {@link #bindDeviceAdminServiceAsUser}. * <p> * A device owner can bind to a service from a profile owner of a managed profile and * vice versa, provided that: * A device owner can bind to a service from a profile owner and vice versa, provided that: * <ul> * <li>Both belong to the same package name. * <li>The managed profile is a profile of the user where the device owner is set. * See {@link UserManager#getUserProfiles()} * <li>Both users are affiliated. * See {@link #setAffiliationIds}. * <li>Both users are affiliated. See {@link #setAffiliationIds}. * </ul> */ public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) { Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +30 −26 Original line number Diff line number Diff line Loading @@ -9907,7 +9907,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private boolean areAllUsersAffiliatedWithDeviceLocked() { final long ident = mInjector.binderClearCallingIdentity(); try { final List<UserInfo> userInfos = mUserManager.getUsers(); final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); for (int i = 0; i < userInfos.size(); i++) { int userId = userInfos.get(i).id; if (!isUserAffiliatedWithDeviceLocked(userId)) { Loading Loading @@ -10315,47 +10315,51 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return Collections.emptyList(); } Preconditions.checkNotNull(admin); ArrayList<UserHandle> targetUsers = new ArrayList<>(); synchronized (this) { ActiveAdmin callingOwner = getActiveAdminForCallerLocked( admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); final int callingUserId = mInjector.userHandleGetCallingUserId(); final boolean isCallerDeviceOwner = isDeviceOwner(callingOwner); final boolean isCallerManagedProfile = isManagedProfile(callingUserId); if ((!isCallerDeviceOwner && !isCallerManagedProfile) || !isUserAffiliatedWithDeviceLocked(callingUserId)) { return targetUsers; } final long callingIdentity = mInjector.binderClearCallingIdentity(); try { String callingOwnerPackage = callingOwner.info.getComponent().getPackageName(); for (int userId : mUserManager.getProfileIdsWithDisabled(callingUserId)) { if (userId == callingUserId) { continue; ArrayList<UserHandle> targetUsers = new ArrayList<>(); if (!isDeviceOwner(admin, callingUserId)) { // Profile owners can only bind to the device owner. if (canUserBindToDeviceOwnerLocked(callingUserId)) { targetUsers.add(UserHandle.of(mOwners.getDeviceOwnerUserId())); } // We only allow the device owner and a managed profile owner to bind to each // other. if ((isCallerManagedProfile && userId == mOwners.getDeviceOwnerUserId()) || (isCallerDeviceOwner && isManagedProfile(userId))) { String targetOwnerPackage = getOwnerPackageNameForUserLocked(userId); // Both must be the same package and be affiliated in order to bind. if (callingOwnerPackage.equals(targetOwnerPackage) && isUserAffiliatedWithDeviceLocked(userId)) { } else { // Caller is the device owner: Look for profile owners that it can bind to. final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); for (int i = 0; i < userInfos.size(); i++) { final int userId = userInfos.get(i).id; if (userId != callingUserId && canUserBindToDeviceOwnerLocked(userId)) { targetUsers.add(UserHandle.of(userId)); } } } return targetUsers; } finally { mInjector.binderRestoreCallingIdentity(callingIdentity); } } } return targetUsers; private boolean canUserBindToDeviceOwnerLocked(int userId) { // There has to be a device owner, under another user id. if (!mOwners.hasDeviceOwner() || userId == mOwners.getDeviceOwnerUserId()) { return false; } // The user must have a profile owner that belongs to the same package as the device owner. if (!mOwners.hasProfileOwner(userId) || !TextUtils.equals( mOwners.getDeviceOwnerPackageName(), mOwners.getProfileOwnerPackage(userId))) { return false; } // The user must be affiliated. return isUserAffiliatedWithDeviceLocked(userId); } /** Loading
