Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +80 −22 Original line number Original line Diff line number Diff line Loading @@ -3397,7 +3397,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked(); maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked(); migratePoliciesToPolicyEngineLocked(); migratePoliciesToPolicyEngineLocked(); } } maybeStartSecurityLogMonitorOnActivityManagerReady(); maybeStartSecurityLogMonitorOnActivityManagerReady(); break; break; Loading Loading @@ -13180,21 +13179,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { CallerIdentity caller, EnforcingAdmin admin, String key, boolean enabled, CallerIdentity caller, EnforcingAdmin admin, String key, boolean enabled, boolean parent) { boolean parent) { synchronized (getLockObject()) { synchronized (getLockObject()) { int ownerType; if (isDeviceOwner(caller)) { if (isDeviceOwner(caller)) { ownerType = OWNER_TYPE_DEVICE_OWNER; } else if (isProfileOwnerOfOrganizationOwnedDevice(caller)) { ownerType = OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE; } else if (isProfileOwner(caller)) { ownerType = OWNER_TYPE_PROFILE_OWNER; } else { throw new IllegalStateException("Non-DO/Non-PO cannot set restriction " + key + " while targetSdkVersion is less than UPSIDE_DOWN_CAKE"); } setBackwardCompatibleUserRestrictionLocked(ownerType, admin, caller.getUserId(), key, enabled, parent); } } private void setBackwardCompatibleUserRestrictionLocked( int ownerType, EnforcingAdmin admin, int userId, String key, boolean enabled, boolean parent) { if (ownerType == OWNER_TYPE_DEVICE_OWNER) { if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_DEVICE_OWNER, key)) { if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_DEVICE_OWNER, key)) { setGlobalUserRestrictionInternal(admin, key, enabled); setGlobalUserRestrictionInternal(admin, key, enabled); } else { } else { setLocalUserRestrictionInternal(admin, key, enabled, caller.getUserId()); setLocalUserRestrictionInternal(admin, key, enabled, userId); } } } else if (isProfileOwner(caller)) { } else if (ownerType == OWNER_TYPE_PROFILE_OWNER || ownerType == OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE) { if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_PROFILE_OWNER, key) if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_PROFILE_OWNER, key) || (parent && isProfileOwnerOfOrganizationOwnedDevice(caller) || (parent && ownerType == OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE && UserRestrictionsUtils.isGlobal( && UserRestrictionsUtils.isGlobal( OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE, key))) { OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE, key))) { setGlobalUserRestrictionInternal(admin, key, enabled); setGlobalUserRestrictionInternal(admin, key, enabled); } else { } else { int affectedUserId = parent int affectedUserId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); ? getProfileParentId(userId) : userId; setLocalUserRestrictionInternal(admin, key, enabled, affectedUserId); setLocalUserRestrictionInternal(admin, key, enabled, affectedUserId); } } } else { } else { Loading @@ -13202,7 +13222,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { + " while targetSdkVersion is less than UPSIDE_DOWN_CAKE"); + " while targetSdkVersion is less than UPSIDE_DOWN_CAKE"); } } } } } @Override @Override public void setUserRestrictionGlobally(String callerPackage, String key) { public void setUserRestrictionGlobally(String callerPackage, String key) { Loading Loading @@ -23748,6 +23767,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Preconditions.checkCallAuthorization( Preconditions.checkCallAuthorization( hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)); hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)); return mInjector.binderWithCleanCallingIdentity(() -> { return mInjector.binderWithCleanCallingIdentity(() -> { synchronized (getLockObject()) { boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins(); boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins(); if (!canForceMigration && !shouldMigrateV1ToDevicePolicyEngine()) { if (!canForceMigration && !shouldMigrateV1ToDevicePolicyEngine()) { return false; return false; Loading @@ -23755,6 +23775,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean migrated = migrateV1PoliciesToDevicePolicyEngine(); boolean migrated = migrateV1PoliciesToDevicePolicyEngine(); migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked(); migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked(); return migrated; return migrated; } }); }); } } Loading Loading @@ -23798,6 +23819,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { try { try { migrateScreenCapturePolicyLocked(); migrateScreenCapturePolicyLocked(); migrateLockTaskPolicyLocked(); migrateLockTaskPolicyLocked(); migrateUserRestrictionsLocked(); return true; return true; } catch (Exception e) { } catch (Exception e) { Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device " Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device " Loading Loading @@ -24067,6 +24089,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { }); }); } } private void migrateUserRestrictionsLocked() { Binder.withCleanCallingIdentity(() -> { List<UserInfo> users = mUserManager.getUsers(); for (UserInfo userInfo : users) { ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id); if (admin == null) continue; ComponentName adminComponent = admin.info.getComponent(); int userId = userInfo.id; EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin( adminComponent, userId, admin); int ownerType; if (isDeviceOwner(admin)) { ownerType = OWNER_TYPE_DEVICE_OWNER; } else if (isProfileOwnerOfOrganizationOwnedDevice(adminComponent, userId)) { ownerType = OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE; } else if (isProfileOwner(adminComponent, userId)) { ownerType = OWNER_TYPE_PROFILE_OWNER; } else { throw new IllegalStateException("Invalid DO/PO state"); } for (final String restriction : admin.ensureUserRestrictions().keySet()) { setBackwardCompatibleUserRestrictionLocked(ownerType, enforcingAdmin, userId, restriction, /* enabled */ true, /* parent */ false); } for (final String restriction : admin.getParentActiveAdmin() .ensureUserRestrictions().keySet()) { setBackwardCompatibleUserRestrictionLocked(ownerType, enforcingAdmin, userId, restriction, /* enabled */ true, /* parent */ true); } } }); } private List<PackageInfo> getInstalledPackagesOnUser(int userId) { private List<PackageInfo> getInstalledPackagesOnUser(int userId) { return mInjector.binderWithCleanCallingIdentity(() -> return mInjector.binderWithCleanCallingIdentity(() -> mContext.getPackageManager().getInstalledPackagesAsUser( mContext.getPackageManager().getInstalledPackagesAsUser( Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +80 −22 Original line number Original line Diff line number Diff line Loading @@ -3397,7 +3397,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked(); maybeMigratePoliciesPostUpgradeToDevicePolicyEngineLocked(); migratePoliciesToPolicyEngineLocked(); migratePoliciesToPolicyEngineLocked(); } } maybeStartSecurityLogMonitorOnActivityManagerReady(); maybeStartSecurityLogMonitorOnActivityManagerReady(); break; break; Loading Loading @@ -13180,21 +13179,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { CallerIdentity caller, EnforcingAdmin admin, String key, boolean enabled, CallerIdentity caller, EnforcingAdmin admin, String key, boolean enabled, boolean parent) { boolean parent) { synchronized (getLockObject()) { synchronized (getLockObject()) { int ownerType; if (isDeviceOwner(caller)) { if (isDeviceOwner(caller)) { ownerType = OWNER_TYPE_DEVICE_OWNER; } else if (isProfileOwnerOfOrganizationOwnedDevice(caller)) { ownerType = OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE; } else if (isProfileOwner(caller)) { ownerType = OWNER_TYPE_PROFILE_OWNER; } else { throw new IllegalStateException("Non-DO/Non-PO cannot set restriction " + key + " while targetSdkVersion is less than UPSIDE_DOWN_CAKE"); } setBackwardCompatibleUserRestrictionLocked(ownerType, admin, caller.getUserId(), key, enabled, parent); } } private void setBackwardCompatibleUserRestrictionLocked( int ownerType, EnforcingAdmin admin, int userId, String key, boolean enabled, boolean parent) { if (ownerType == OWNER_TYPE_DEVICE_OWNER) { if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_DEVICE_OWNER, key)) { if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_DEVICE_OWNER, key)) { setGlobalUserRestrictionInternal(admin, key, enabled); setGlobalUserRestrictionInternal(admin, key, enabled); } else { } else { setLocalUserRestrictionInternal(admin, key, enabled, caller.getUserId()); setLocalUserRestrictionInternal(admin, key, enabled, userId); } } } else if (isProfileOwner(caller)) { } else if (ownerType == OWNER_TYPE_PROFILE_OWNER || ownerType == OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE) { if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_PROFILE_OWNER, key) if (UserRestrictionsUtils.isGlobal(OWNER_TYPE_PROFILE_OWNER, key) || (parent && isProfileOwnerOfOrganizationOwnedDevice(caller) || (parent && ownerType == OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE && UserRestrictionsUtils.isGlobal( && UserRestrictionsUtils.isGlobal( OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE, key))) { OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE, key))) { setGlobalUserRestrictionInternal(admin, key, enabled); setGlobalUserRestrictionInternal(admin, key, enabled); } else { } else { int affectedUserId = parent int affectedUserId = parent ? getProfileParentId(caller.getUserId()) : caller.getUserId(); ? getProfileParentId(userId) : userId; setLocalUserRestrictionInternal(admin, key, enabled, affectedUserId); setLocalUserRestrictionInternal(admin, key, enabled, affectedUserId); } } } else { } else { Loading @@ -13202,7 +13222,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { + " while targetSdkVersion is less than UPSIDE_DOWN_CAKE"); + " while targetSdkVersion is less than UPSIDE_DOWN_CAKE"); } } } } } @Override @Override public void setUserRestrictionGlobally(String callerPackage, String key) { public void setUserRestrictionGlobally(String callerPackage, String key) { Loading Loading @@ -23748,6 +23767,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Preconditions.checkCallAuthorization( Preconditions.checkCallAuthorization( hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)); hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)); return mInjector.binderWithCleanCallingIdentity(() -> { return mInjector.binderWithCleanCallingIdentity(() -> { synchronized (getLockObject()) { boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins(); boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins(); if (!canForceMigration && !shouldMigrateV1ToDevicePolicyEngine()) { if (!canForceMigration && !shouldMigrateV1ToDevicePolicyEngine()) { return false; return false; Loading @@ -23755,6 +23775,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean migrated = migrateV1PoliciesToDevicePolicyEngine(); boolean migrated = migrateV1PoliciesToDevicePolicyEngine(); migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked(); migrated &= migratePoliciesPostUpgradeToDevicePolicyEngineLocked(); return migrated; return migrated; } }); }); } } Loading Loading @@ -23798,6 +23819,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { try { try { migrateScreenCapturePolicyLocked(); migrateScreenCapturePolicyLocked(); migrateLockTaskPolicyLocked(); migrateLockTaskPolicyLocked(); migrateUserRestrictionsLocked(); return true; return true; } catch (Exception e) { } catch (Exception e) { Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device " Slogf.e(LOG_TAG, e, "Error occurred during post upgrade migration to the device " Loading Loading @@ -24067,6 +24089,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { }); }); } } private void migrateUserRestrictionsLocked() { Binder.withCleanCallingIdentity(() -> { List<UserInfo> users = mUserManager.getUsers(); for (UserInfo userInfo : users) { ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id); if (admin == null) continue; ComponentName adminComponent = admin.info.getComponent(); int userId = userInfo.id; EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin( adminComponent, userId, admin); int ownerType; if (isDeviceOwner(admin)) { ownerType = OWNER_TYPE_DEVICE_OWNER; } else if (isProfileOwnerOfOrganizationOwnedDevice(adminComponent, userId)) { ownerType = OWNER_TYPE_PROFILE_OWNER_OF_ORGANIZATION_OWNED_DEVICE; } else if (isProfileOwner(adminComponent, userId)) { ownerType = OWNER_TYPE_PROFILE_OWNER; } else { throw new IllegalStateException("Invalid DO/PO state"); } for (final String restriction : admin.ensureUserRestrictions().keySet()) { setBackwardCompatibleUserRestrictionLocked(ownerType, enforcingAdmin, userId, restriction, /* enabled */ true, /* parent */ false); } for (final String restriction : admin.getParentActiveAdmin() .ensureUserRestrictions().keySet()) { setBackwardCompatibleUserRestrictionLocked(ownerType, enforcingAdmin, userId, restriction, /* enabled */ true, /* parent */ true); } } }); } private List<PackageInfo> getInstalledPackagesOnUser(int userId) { private List<PackageInfo> getInstalledPackagesOnUser(int userId) { return mInjector.binderWithCleanCallingIdentity(() -> return mInjector.binderWithCleanCallingIdentity(() -> mContext.getPackageManager().getInstalledPackagesAsUser( mContext.getPackageManager().getInstalledPackagesAsUser(
