Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c1e9454a authored by Alex Johnston's avatar Alex Johnston
Browse files

Allow PO to set network logging delegate 

Changes
* The profile owner on the managed profile can
  set the network logging delegate.
* If delegated by a profile owner, network logs will
  only be collected on the work profile.

Bug: 170460270
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testNetworkLogging
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testNetworkLoggingDelegate
      atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testNetworkLogging
      atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testNetworkLoggingDelegate
      atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegate
      atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegate
      atest com.android.cts.devicepolicy.MixedProfileOwnerTest#testDelegate
Change-Id: I95009ff67716ba259b5e0a8f61d8908cb1c6da4a
Merged-In: I95009ff67716ba259b5e0a8f61d8908cb1c6da4a
parent 66e3908e

core/java/android/app/admin/DevicePolicyManager.java

+3 −3
Original line number Diff line number Diff line
@@ -1869,13 +1869,13 @@ public class DevicePolicyManager { 
    /**

     * Grants access to {@link #setNetworkLoggingEnabled}, {@link #isNetworkLoggingEnabled} and

     * {@link #retrieveNetworkLogs}. Once granted the delegated app will start receiving

     * DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner will no longer

     * receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback.

     * DelegatedAdminReceiver.onNetworkLogsAvailable() callback, and Device owner or Profile Owner

     * will no longer receive the DeviceAdminReceiver.onNetworkLogsAvailable() callback.

     * There can be at most one app that has this delegation.

     * If another app already had delegated network logging access,

     * it will lose the delegation when a new app is delegated.

     *

     * <p> Can only be granted by Device Owner.

     * <p> Can only be granted by Device Owner or Profile Owner of a managed profile.

     */

    public static final String DELEGATION_NETWORK_LOGGING = "delegation-network-logging";

































services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java



+9
−7




























Original line number
Diff line number
Diff line








@@ -421,8 +421,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













        DELEGATION_CERT_SELECTION,















    };



























    // Subset of delegations that can only be delegated by Device Owner.













    private static final List<String> DEVICE_OWNER_DELEGATIONS = Arrays.asList(new String[] {













    // Subset of delegations that can only be delegated by Device Owner or Profile Owner of a













    // managed profile.













    private static final List<String> DEVICE_OWNER_OR_MANAGED_PROFILE_OWNER_DELEGATIONS =













            Arrays.asList(new String[]{















                    DELEGATION_NETWORK_LOGGING,















            });
























@@ -5878,10 +5880,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













        }















        // Retrieve the user ID of the calling process.















        final int userId = caller.getUserId();













        final boolean hasDoDelegation = !Collections.disjoint(scopes, DEVICE_OWNER_DELEGATIONS);















        // Ensure calling process is device/profile owner.













        if (hasDoDelegation) {













            Preconditions.checkCallAuthorization(isDeviceOwner(caller));













        if (!Collections.disjoint(scopes, DEVICE_OWNER_OR_MANAGED_PROFILE_OWNER_DELEGATIONS)) {













            Preconditions.checkCallAuthorization(isDeviceOwner(caller)













                    || (isProfileOwner(caller) && isManagedProfile(caller.getUserId())));















        } else {















            Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller));















        }