Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c47313d1 authored by Irem Uguz's avatar Irem Uguz
Browse files

Introduce SystemAuthority API for EnforcingAdmin 

This new SystemAuthority API will be used by DPM to represent system
authorities that enforce policies or user restrictions.

Add unit tests to verify the functionality for EnforcingAdmin. Fix the
bug related to RoleAuthority where the roles are not parced to internal
EnforcingAdmin from parcelable one.

Update checks for advanced protection with SystemAuthority.

Bug: 414733570
Test: atest FrameworksServicesTests:com.android.server.devicepolicy.EnforcingAdminTest
Flag: EXEMPT refactor and bugfix

Change-Id: Ia7f51241719d56f67b8d9606b67b53c9ac872fb6
parent fe0d7128

core/java/android/app/admin/SystemAuthority.java

0 → 100644
+97 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2025 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.app.admin;



import android.annotation.NonNull;

import android.annotation.Nullable;

import android.os.Parcel;



import java.util.Objects;



/**

 * Class used to identify the authority of the {@link EnforcingAdmin} for system.

 *

 * @hide

 */

public final class SystemAuthority extends Authority {



    private final String mSystemEntity;



    /**

     * Creates an authority that represents a system entity.

     *

     * @param systemEntity String that uniquely identifies the system entity. Package name is a

     *                     standard choice, if you need finer granularity, include a class name or

     *                     some other suffix.

     */

    public SystemAuthority(@NonNull String systemEntity) {

        Objects.requireNonNull(systemEntity, "systemEntity must not be null");

        mSystemEntity = systemEntity;

    }



    private SystemAuthority(@NonNull Parcel source) {

        Objects.requireNonNull(source);

        mSystemEntity = Objects.requireNonNull(source.readString8());

    }



    @NonNull

    public String getSystemEntity() {

        return mSystemEntity;

    }



    @Override

    public String toString() {

        return "SystemAuthority { mSystemEntity=" + mSystemEntity + " }";

    }



    @Override

    public boolean equals(@Nullable Object o) {

        if (this == o) return true;

        if (o == null || getClass() != o.getClass()) return false;

        SystemAuthority other = (SystemAuthority) o;

        return Objects.equals(mSystemEntity, other.mSystemEntity);

    }



    @Override

    public int hashCode() {

        return Objects.hashCode(mSystemEntity);

    }



    @Override

    public int describeContents() {

        return 0;

    }



    @Override

    public void writeToParcel(@NonNull Parcel dest, int flags) {

        dest.writeString8(mSystemEntity);

    }



    @NonNull

    public static final Creator<SystemAuthority> CREATOR =

            new Creator<SystemAuthority>() {

                @Override

                public SystemAuthority createFromParcel(Parcel source) {

                    return new SystemAuthority(source);

                }



                @Override

                public SystemAuthority[] newArray(int size) {

                    return new SystemAuthority[size];

                }

            };

}

packages/SettingsLib/SpaPrivileged/tests/unit/src/com/android/settingslib/spaprivileged/tests/testutils/RestrictedTestUtils.kt

+5 −2
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ package com.android.settingslib.spaprivileged.tests.testutils 


import android.app.admin.EnforcingAdmin

import android.app.admin.UnknownAuthority

import android.app.admin.SystemAuthority

import android.os.UserHandle

import android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY

import androidx.compose.runtime.Composable
@@ -61,8 +62,10 @@ class FakeRestrictionsProvider : RestrictionsProvider { 
}



fun getEnforcingAdminAdvancedProtection(packageName: String, userId: Int): EnforcingAdmin =

    EnforcingAdmin(packageName, UnknownAuthority(ADVANCED_PROTECTION_SYSTEM_ENTITY),

        UserHandle.of(userId))

    EnforcingAdmin(

        packageName, SystemAuthority(ADVANCED_PROTECTION_SYSTEM_ENTITY),

        UserHandle.of(userId)

    )



fun getEnforcingAdminNotAdvancedProtection(packageName: String, userId: Int): EnforcingAdmin =

    EnforcingAdmin(packageName, UnknownAuthority.UNKNOWN_AUTHORITY, UserHandle.of(userId))

packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtilsInternal.java

+3 −3
Original line number Diff line number Diff line
@@ -29,7 +29,7 @@ import android.app.AppOpsManager; 
import android.app.admin.DevicePolicyManager;

import android.app.admin.EnforcingAdmin;

import android.app.admin.PackagePolicy;

import android.app.admin.UnknownAuthority;

import android.app.admin.SystemAuthority;

import android.app.ecm.EnhancedConfirmationManager;

import android.app.role.RoleManager;

import android.content.ComponentName;
@@ -871,9 +871,9 @@ public class RestrictedLockUtilsInternal extends RestrictedLockUtils { 
        EnforcingAdmin admin = context.getSystemService(DevicePolicyManager.class)

                .getEnforcingAdmin(userId, identifier);

        if (admin == null) return false;

        return admin.getAuthority() instanceof UnknownAuthority authority

        return admin.getAuthority() instanceof SystemAuthority authority

                && AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY.equals(

                        authority.getName());

                        authority.getSystemEntity());

    }



    /**

packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java

+2 −1
Original line number Diff line number Diff line
@@ -40,6 +40,7 @@ import android.app.admin.DevicePolicyManager; 
import android.app.admin.DpcAuthority;

import android.app.admin.EnforcingAdmin;

import android.app.admin.RoleAuthority;

import android.app.admin.SystemAuthority;

import android.app.admin.UnknownAuthority;

import android.content.ComponentName;

import android.content.Context;
@@ -260,7 +261,7 @@ public class RestrictedLockUtilsTest { 
    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void isPolicyEnforcedByAdvancedProtection_enforced_returnsTrue() {

        final Authority advancedProtectionAuthority = new UnknownAuthority(

        final Authority advancedProtectionAuthority = new SystemAuthority(

                ADVANCED_PROTECTION_SYSTEM_ENTITY);

        final EnforcingAdmin advancedProtectionEnforcingAdmin = new EnforcingAdmin(mPackage,

                advancedProtectionAuthority, UserHandle.of(mUserId), mAdmin1);

packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedPreferenceHelperTest.java

+2 −1
Original line number Diff line number Diff line
@@ -37,6 +37,7 @@ import android.app.admin.DevicePolicyResourcesManager; 
import android.app.admin.DpcAuthority;

import android.app.admin.EnforcingAdmin;

import android.app.admin.RoleAuthority;

import android.app.admin.SystemAuthority;

import android.app.admin.UnknownAuthority;

import android.content.ComponentName;

import android.content.Context;
@@ -81,7 +82,7 @@ public class RestrictedPreferenceHelperTest { 


    private final String mPackage = "test.pkg";

    private final ComponentName mAdmin = new ComponentName("admin", "adminclass");

    private final Authority mAdvancedProtectionAuthority = new UnknownAuthority(

    private final Authority mAdvancedProtectionAuthority = new SystemAuthority(

            ADVANCED_PROTECTION_SYSTEM_ENTITY);



    private PreferenceViewHolder mViewHolder;