Update permission grant state DPE migration code. (b9994c44) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+58 −45

Original line number	Diff line number	Diff line
		@@ -24335,10 +24335,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		synchronized (getLockObject()) {
		Slogf.i(LOG_TAG,
		"Started device policies migration to the device policy engine.");
		// TODO(b/359188869): Move this to the current migration method.
		if (Flags.setPermissionGrantStateCoexistence()) {
		migratePermissionGrantStatePolicies();
		}
		migratePermittedInputMethodsPolicyLocked();
		migrateAccountManagementDisabledPolicyLocked();
		migrateUserControlDisabledPackagesLocked();
		@@ -24382,6 +24378,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		Slogf.i(LOG_TAG, "Backup made: " + memoryTaggingBackupId);
		}

		String permissionBackupId = "37.1.permission-support";
		boolean permissionMigrated =
		maybeMigratePermissionGrantStatePoliciesLocked(permissionBackupId);
		if (permissionMigrated) {
		Slogf.i(LOG_TAG, "Backup made: " + permissionBackupId);
		}

		// Additional migration steps should repeat the pattern above with a new backupId.
		}

		@@ -24417,16 +24420,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return true;
		}

		private void migratePermissionGrantStatePolicies() {
		private boolean maybeMigratePermissionGrantStatePoliciesLocked(String backupId) {
		Slogf.i(LOG_TAG, "Migrating PERMISSION_GRANT policy to device policy engine.");
		for (UserInfo userInfo : mUserManager.getUsers()) {
		ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userInfo.id);
		if (admin == null) {
		Slogf.i(LOG_TAG, "No admin found that can set permission grant state on user "
		+ userInfo.id);
		continue;
		if (!Flags.setPermissionGrantStateCoexistence() \|\| !Flags.dpeBasedOnAsyncApisEnabled()) {
		return false;
		}
		if (mOwners.isPermissionGrantStateMigrated()) {
		return false;
		}
		for (PackageInfo packageInfo : getInstalledPackagesOnUser(userInfo.id)) {
		// Create backup if none exists
		mDevicePolicyEngine.createBackup(backupId);
		try {
		iterateThroughDpcAdminsLocked((admin, enforcingAdmin) -> {
		int userId = enforcingAdmin.getUserId();

		for (PackageInfo packageInfo : getInstalledPackagesOnUser(userId)) {
		if (packageInfo.requestedPermissions == null) {
		continue;
		}
		@@ -24439,10 +24447,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		grantState = getPermissionGrantStateForUser(
		packageInfo.packageName, permission,
		new CallerIdentity(
		mInjector.binderGetCallingUid(),
		admin.getUid(),
		admin.info.getComponent().getPackageName(),
		admin.info.getComponent()),
		userInfo.id);
		userId);
		} catch (RemoteException e) {
		Slogf.e(LOG_TAG, e, "Error retrieving permission grant state for %s "
		+ "and %s", packageInfo.packageName, permission);
		@@ -24452,18 +24460,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		continue;
		}

		mDevicePolicyEngine.setLocalPolicy(
		var unused = mDevicePolicyEngine.setLocalPolicy(
		PolicyDefinition.PERMISSION_GRANT(packageInfo.packageName,
		permission),
		EnforcingAdmin.createEnterpriseEnforcingAdmin(
		admin.info.getComponent(),
		admin.getUserHandle().getIdentifier()),
		enforcingAdmin,
		new IntegerPolicyValue(grantState),
		userInfo.id,
		userId,
		/* skipEnforcePolicy= */ true);
		}
		}
		});
		} catch (Exception e) {
		Slog.wtf(LOG_TAG, "Failed to migrate Permission Grant State to policy engine", e);
		}

		Slog.i(LOG_TAG, "Marking Permission Grant State migration complete");
		mOwners.markPermissionGrantStateMigrated();
		return true;
		}

		private void migrateScreenCapturePolicyLocked() {

services/devicepolicy/java/com/android/server/devicepolicy/Owners.java

+13 −0

Original line number	Diff line number	Diff line
		@@ -650,6 +650,19 @@ class Owners {
		}
		}

		void markPermissionGrantStateMigrated() {
		synchronized (mData) {
		mData.mPermissionGrantStateMigrated = true;
		mData.writeDeviceOwner();
		}
		}

		boolean isPermissionGrantStateMigrated() {
		synchronized (mData) {
		return mData.mPermissionGrantStateMigrated;
		}
		}

		void markSetKeyguardDisabledFeaturesMigrated() {
		synchronized (mData) {
		mData.mSetKeyguardDisabledFeaturesMigrated = true;

services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java

+12 −0

Original line number	Diff line number	Diff line
		@@ -97,6 +97,8 @@ class OwnersData {
		"memoryTaggingMigrated";
		private static final String ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED =
		"setKeyguardDisabledFeaturesMigrated";
		private static final String ATTR_PERMISSION_GRANT_STATE_MIGRATED =
		"permissionGrantStateMigrated";

		private static final String ATTR_MIGRATED_POST_UPGRADE = "migratedPostUpgrade";

		@@ -132,6 +134,7 @@ class OwnersData {
		boolean mResetPasswordWithTokenMigrated = false;
		boolean mMemoryTaggingMigrated = false;
		boolean mSetKeyguardDisabledFeaturesMigrated = false;
		boolean mPermissionGrantStateMigrated = false;

		boolean mPoliciesMigratedPostUpdate = false;

		@@ -439,6 +442,10 @@ class OwnersData {
		out.attributeBoolean(null, ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED,
		mSetKeyguardDisabledFeaturesMigrated);
		}
		if (Flags.setPermissionGrantStateCoexistence() && Flags.dpeBasedOnAsyncApisEnabled()) {
		out.attributeBoolean(null, ATTR_PERMISSION_GRANT_STATE_MIGRATED,
		mPermissionGrantStateMigrated);
		}
		out.endTag(null, TAG_POLICY_ENGINE_MIGRATION);

		}
		@@ -518,6 +525,11 @@ class OwnersData {
		Flags.setKeyguardDisabledFeaturesCoexistence()
		&& parser.getAttributeBoolean(null,
		ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED, false);
		mPermissionGrantStateMigrated =
		Flags.setPermissionGrantStateCoexistence()
		&& Flags.dpeBasedOnAsyncApisEnabled()
		&& parser.getAttributeBoolean(null,
		ATTR_PERMISSION_GRANT_STATE_MIGRATED, false);
		break;
		default:
		Slog.e(TAG, "Unexpected tag: " + tag);