Loading services/core/java/com/android/server/pm/UserManagerInternal.java +0 −15 Original line number Diff line number Diff line Loading @@ -92,21 +92,6 @@ public abstract class UserManagerInternal { public abstract void setDevicePolicyUserRestrictions(int originatingUserId, @Nullable Bundle global, @Nullable RestrictionsSet local, boolean isDeviceOwner); /** * Returns the "base" user restrictions. * * Used by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading * from MNC. */ public abstract Bundle getBaseUserRestrictions(int userId); /** * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading * from MNC. */ public abstract void setBaseUserRestrictionsByDpmsForMigration(int userId, Bundle baseRestrictions); /** Return a user restriction. */ public abstract boolean getUserRestriction(int userId, String key); Loading services/core/java/com/android/server/pm/UserManagerService.java +0 −27 Original line number Diff line number Diff line Loading @@ -5899,33 +5899,6 @@ public class UserManagerService extends IUserManager.Stub { global, local, isDeviceOwner); } @Override public Bundle getBaseUserRestrictions(@UserIdInt int userId) { synchronized (mRestrictionsLock) { return mBaseUserRestrictions.getRestrictions(userId); } } @Override public void setBaseUserRestrictionsByDpmsForMigration( @UserIdInt int userId, Bundle baseRestrictions) { synchronized (mRestrictionsLock) { if (mBaseUserRestrictions.updateRestrictions(userId, new Bundle(baseRestrictions))) { invalidateEffectiveUserRestrictionsLR(userId); } } final UserData userData = getUserDataNoChecks(userId); synchronized (mPackagesLock) { if (userData != null) { writeUserLP(userData); } else { Slog.w(LOG_TAG, "UserInfo not found for " + userId); } } } @Override public boolean getUserRestriction(@UserIdInt int userId, String key) { return getUserRestrictions(userId).getBoolean(key); Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +0 −158 Original line number Diff line number Diff line Loading @@ -382,8 +382,6 @@ import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.utils.Slogf; import com.android.server.wm.ActivityTaskManagerInternal; import com.google.android.collect.Sets; import org.xmlpull.v1.XmlPullParserException; import java.io.ByteArrayInputStream; Loading Loading @@ -2002,7 +2000,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { synchronized (getLockObject()) { mOwners.load(); setDeviceOwnershipSystemPropertyLocked(); findOwnerComponentIfNecessaryLocked(); } } Loading Loading @@ -2387,139 +2384,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } private void findOwnerComponentIfNecessaryLocked() { if (!mOwners.hasDeviceOwner()) { return; } final ComponentName doComponentName = mOwners.getDeviceOwnerComponent(); if (!TextUtils.isEmpty(doComponentName.getClassName())) { return; // Already a full component name. } final ComponentName doComponent = findAdminComponentWithPackageLocked( doComponentName.getPackageName(), mOwners.getDeviceOwnerUserId()); if (doComponent == null) { Slogf.e(LOG_TAG, "Device-owner isn't registered as device-admin"); } else { mOwners.setDeviceOwnerWithRestrictionsMigrated( doComponent, mOwners.getDeviceOwnerName(), mOwners.getDeviceOwnerUserId(), !mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()); mOwners.writeDeviceOwner(); if (VERBOSE_LOG) { Slogf.v(LOG_TAG, "Device owner component filled in"); } } } /** * We didn't use to persist user restrictions for each owners but only persisted in user * manager. */ private void migrateUserRestrictionsIfNecessaryLocked() { boolean migrated = false; // Migrate for the DO. Basically all restrictions should be considered to be set by DO, // except for the "system controlled" ones. if (mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()) { if (VERBOSE_LOG) { Slogf.v(LOG_TAG, "Migrating DO user restrictions"); } migrated = true; // Migrate user 0 restrictions to DO. final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin, /* exceptionList =*/ null, /* isDeviceOwner =*/ true); // Push DO user restrictions to user manager. pushUserRestrictions(UserHandle.USER_SYSTEM); mOwners.setDeviceOwnerUserRestrictionsMigrated(); } // Migrate for POs. // The following restrictions can be set on secondary users by the device owner, so we // assume they're not from the PO. final Set<String> secondaryUserExceptionList = Sets.newArraySet( UserManager.DISALLOW_OUTGOING_CALLS, UserManager.DISALLOW_SMS); for (UserInfo ui : mUserManager.getUsers()) { final int userId = ui.id; if (mOwners.getProfileOwnerUserRestrictionsNeedsMigration(userId)) { if (VERBOSE_LOG) { Slogf.v(LOG_TAG, "Migrating PO user restrictions for user %d", userId); } migrated = true; final ActiveAdmin profileOwnerAdmin = getProfileOwnerAdminLocked(userId); final Set<String> exceptionList = (userId == UserHandle.USER_SYSTEM) ? null : secondaryUserExceptionList; migrateUserRestrictionsForUser(ui.getUserHandle(), profileOwnerAdmin, exceptionList, /* isDeviceOwner =*/ false); // Note if a secondary user has no PO but has a DA that disables camera, we // don't get here and won't push the camera user restriction to UserManager // here. That's okay because we'll push user restrictions anyway when a user // starts. But we still do it because we want to let user manager persist // upon migration. pushUserRestrictions(userId); mOwners.setProfileOwnerUserRestrictionsMigrated(userId); } } if (VERBOSE_LOG && migrated) { Slogf.v(LOG_TAG, "User restrictions migrated."); } } private void migrateUserRestrictionsForUser(UserHandle user, ActiveAdmin admin, Set<String> exceptionList, boolean isDeviceOwner) { final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions( user.getIdentifier()); final Bundle newBaseRestrictions = new Bundle(); final Bundle newOwnerRestrictions = new Bundle(); for (String key : origRestrictions.keySet()) { if (!origRestrictions.getBoolean(key)) { continue; } final boolean canOwnerChange = isDeviceOwner ? UserRestrictionsUtils.canDeviceOwnerChange(key) : UserRestrictionsUtils.canProfileOwnerChange(key, user.getIdentifier()); if (!canOwnerChange || (exceptionList!= null && exceptionList.contains(key))) { newBaseRestrictions.putBoolean(key, true); } else { newOwnerRestrictions.putBoolean(key, true); } } if (VERBOSE_LOG) { Slogf.v(LOG_TAG, "origRestrictions=%s", origRestrictions); Slogf.v(LOG_TAG, "newBaseRestrictions=%s", newBaseRestrictions); Slogf.v(LOG_TAG, "newOwnerRestrictions=%s", newOwnerRestrictions); } mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(), newBaseRestrictions); if (admin != null) { admin.ensureUserRestrictions().clear(); admin.ensureUserRestrictions().putAll(newOwnerRestrictions); } else { Slogf.w(LOG_TAG, "ActiveAdmin for DO/PO not found. user=" + user.getIdentifier()); } saveSettingsLocked(user.getIdentifier()); } /** * Fix left-over restrictions and auto-time policy during COMP -> COPE migration. * Loading Loading @@ -2555,27 +2419,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) { final DevicePolicyData policy = getUserData(userId); final int n = policy.mAdminList.size(); ComponentName found = null; int nFound = 0; for (int i = 0; i < n; i++) { final ActiveAdmin admin = policy.mAdminList.get(i); if (packageName.equals(admin.info.getPackageName())) { // Found! if (nFound == 0) { found = admin.info.getComponent(); } nFound++; } } if (nFound > 1) { Slogf.w(LOG_TAG, "Multiple DA found; assume the first one is DO."); } return found; } /** * Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration * reminders. Clears alarm if no expirations are configured. Loading Loading @@ -3197,7 +3040,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { private void onLockSettingsReady() { synchronized (getLockObject()) { migrateUserRestrictionsIfNecessaryLocked(); fixupAutoTimeRestrictionDuringOrganizationOwnedDeviceMigration(); } getUserData(UserHandle.USER_SYSTEM); Loading services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +22 −203 File changed.Preview size limit exceeded, changes collapsed. Show changes services/tests/servicestests/assets/OwnersTest/device_owner_1.xml 0 → 100644 +6 −0 Original line number Diff line number Diff line <?xml version='1.0' encoding='UTF-8' standalone='yes' ?> <root> <device-owner package="com.afwsamples.testdpc" name="" component="com.afwsamples.testdpc/com.afwsamples.testdpc.DeviceAdminReceiver" isPoOrganizationOwnedDevice="true" /> <device-owner-context userId="0" /> <system-update-policy policy_type="2" install_window_start="0" install_window_end="540" /> </root> No newline at end of file Loading
services/core/java/com/android/server/pm/UserManagerInternal.java +0 −15 Original line number Diff line number Diff line Loading @@ -92,21 +92,6 @@ public abstract class UserManagerInternal { public abstract void setDevicePolicyUserRestrictions(int originatingUserId, @Nullable Bundle global, @Nullable RestrictionsSet local, boolean isDeviceOwner); /** * Returns the "base" user restrictions. * * Used by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading * from MNC. */ public abstract Bundle getBaseUserRestrictions(int userId); /** * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} for upgrading * from MNC. */ public abstract void setBaseUserRestrictionsByDpmsForMigration(int userId, Bundle baseRestrictions); /** Return a user restriction. */ public abstract boolean getUserRestriction(int userId, String key); Loading
services/core/java/com/android/server/pm/UserManagerService.java +0 −27 Original line number Diff line number Diff line Loading @@ -5899,33 +5899,6 @@ public class UserManagerService extends IUserManager.Stub { global, local, isDeviceOwner); } @Override public Bundle getBaseUserRestrictions(@UserIdInt int userId) { synchronized (mRestrictionsLock) { return mBaseUserRestrictions.getRestrictions(userId); } } @Override public void setBaseUserRestrictionsByDpmsForMigration( @UserIdInt int userId, Bundle baseRestrictions) { synchronized (mRestrictionsLock) { if (mBaseUserRestrictions.updateRestrictions(userId, new Bundle(baseRestrictions))) { invalidateEffectiveUserRestrictionsLR(userId); } } final UserData userData = getUserDataNoChecks(userId); synchronized (mPackagesLock) { if (userData != null) { writeUserLP(userData); } else { Slog.w(LOG_TAG, "UserInfo not found for " + userId); } } } @Override public boolean getUserRestriction(@UserIdInt int userId, String key) { return getUserRestrictions(userId).getBoolean(key); Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +0 −158 Original line number Diff line number Diff line Loading @@ -382,8 +382,6 @@ import com.android.server.uri.UriGrantsManagerInternal; import com.android.server.utils.Slogf; import com.android.server.wm.ActivityTaskManagerInternal; import com.google.android.collect.Sets; import org.xmlpull.v1.XmlPullParserException; import java.io.ByteArrayInputStream; Loading Loading @@ -2002,7 +2000,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { synchronized (getLockObject()) { mOwners.load(); setDeviceOwnershipSystemPropertyLocked(); findOwnerComponentIfNecessaryLocked(); } } Loading Loading @@ -2387,139 +2384,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } private void findOwnerComponentIfNecessaryLocked() { if (!mOwners.hasDeviceOwner()) { return; } final ComponentName doComponentName = mOwners.getDeviceOwnerComponent(); if (!TextUtils.isEmpty(doComponentName.getClassName())) { return; // Already a full component name. } final ComponentName doComponent = findAdminComponentWithPackageLocked( doComponentName.getPackageName(), mOwners.getDeviceOwnerUserId()); if (doComponent == null) { Slogf.e(LOG_TAG, "Device-owner isn't registered as device-admin"); } else { mOwners.setDeviceOwnerWithRestrictionsMigrated( doComponent, mOwners.getDeviceOwnerName(), mOwners.getDeviceOwnerUserId(), !mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()); mOwners.writeDeviceOwner(); if (VERBOSE_LOG) { Slogf.v(LOG_TAG, "Device owner component filled in"); } } } /** * We didn't use to persist user restrictions for each owners but only persisted in user * manager. */ private void migrateUserRestrictionsIfNecessaryLocked() { boolean migrated = false; // Migrate for the DO. Basically all restrictions should be considered to be set by DO, // except for the "system controlled" ones. if (mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()) { if (VERBOSE_LOG) { Slogf.v(LOG_TAG, "Migrating DO user restrictions"); } migrated = true; // Migrate user 0 restrictions to DO. final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin, /* exceptionList =*/ null, /* isDeviceOwner =*/ true); // Push DO user restrictions to user manager. pushUserRestrictions(UserHandle.USER_SYSTEM); mOwners.setDeviceOwnerUserRestrictionsMigrated(); } // Migrate for POs. // The following restrictions can be set on secondary users by the device owner, so we // assume they're not from the PO. final Set<String> secondaryUserExceptionList = Sets.newArraySet( UserManager.DISALLOW_OUTGOING_CALLS, UserManager.DISALLOW_SMS); for (UserInfo ui : mUserManager.getUsers()) { final int userId = ui.id; if (mOwners.getProfileOwnerUserRestrictionsNeedsMigration(userId)) { if (VERBOSE_LOG) { Slogf.v(LOG_TAG, "Migrating PO user restrictions for user %d", userId); } migrated = true; final ActiveAdmin profileOwnerAdmin = getProfileOwnerAdminLocked(userId); final Set<String> exceptionList = (userId == UserHandle.USER_SYSTEM) ? null : secondaryUserExceptionList; migrateUserRestrictionsForUser(ui.getUserHandle(), profileOwnerAdmin, exceptionList, /* isDeviceOwner =*/ false); // Note if a secondary user has no PO but has a DA that disables camera, we // don't get here and won't push the camera user restriction to UserManager // here. That's okay because we'll push user restrictions anyway when a user // starts. But we still do it because we want to let user manager persist // upon migration. pushUserRestrictions(userId); mOwners.setProfileOwnerUserRestrictionsMigrated(userId); } } if (VERBOSE_LOG && migrated) { Slogf.v(LOG_TAG, "User restrictions migrated."); } } private void migrateUserRestrictionsForUser(UserHandle user, ActiveAdmin admin, Set<String> exceptionList, boolean isDeviceOwner) { final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions( user.getIdentifier()); final Bundle newBaseRestrictions = new Bundle(); final Bundle newOwnerRestrictions = new Bundle(); for (String key : origRestrictions.keySet()) { if (!origRestrictions.getBoolean(key)) { continue; } final boolean canOwnerChange = isDeviceOwner ? UserRestrictionsUtils.canDeviceOwnerChange(key) : UserRestrictionsUtils.canProfileOwnerChange(key, user.getIdentifier()); if (!canOwnerChange || (exceptionList!= null && exceptionList.contains(key))) { newBaseRestrictions.putBoolean(key, true); } else { newOwnerRestrictions.putBoolean(key, true); } } if (VERBOSE_LOG) { Slogf.v(LOG_TAG, "origRestrictions=%s", origRestrictions); Slogf.v(LOG_TAG, "newBaseRestrictions=%s", newBaseRestrictions); Slogf.v(LOG_TAG, "newOwnerRestrictions=%s", newOwnerRestrictions); } mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(), newBaseRestrictions); if (admin != null) { admin.ensureUserRestrictions().clear(); admin.ensureUserRestrictions().putAll(newOwnerRestrictions); } else { Slogf.w(LOG_TAG, "ActiveAdmin for DO/PO not found. user=" + user.getIdentifier()); } saveSettingsLocked(user.getIdentifier()); } /** * Fix left-over restrictions and auto-time policy during COMP -> COPE migration. * Loading Loading @@ -2555,27 +2419,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) { final DevicePolicyData policy = getUserData(userId); final int n = policy.mAdminList.size(); ComponentName found = null; int nFound = 0; for (int i = 0; i < n; i++) { final ActiveAdmin admin = policy.mAdminList.get(i); if (packageName.equals(admin.info.getPackageName())) { // Found! if (nFound == 0) { found = admin.info.getComponent(); } nFound++; } } if (nFound > 1) { Slogf.w(LOG_TAG, "Multiple DA found; assume the first one is DO."); } return found; } /** * Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration * reminders. Clears alarm if no expirations are configured. Loading Loading @@ -3197,7 +3040,6 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { private void onLockSettingsReady() { synchronized (getLockObject()) { migrateUserRestrictionsIfNecessaryLocked(); fixupAutoTimeRestrictionDuringOrganizationOwnedDeviceMigration(); } getUserData(UserHandle.USER_SYSTEM); Loading
services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +22 −203 File changed.Preview size limit exceeded, changes collapsed. Show changes
services/tests/servicestests/assets/OwnersTest/device_owner_1.xml 0 → 100644 +6 −0 Original line number Diff line number Diff line <?xml version='1.0' encoding='UTF-8' standalone='yes' ?> <root> <device-owner package="com.afwsamples.testdpc" name="" component="com.afwsamples.testdpc/com.afwsamples.testdpc.DeviceAdminReceiver" isPoOrganizationOwnedDevice="true" /> <device-owner-context userId="0" /> <system-update-policy policy_type="2" install_window_start="0" install_window_end="540" /> </root> No newline at end of file
