Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d3ecb378 authored by Jason Parks's avatar Jason Parks
Browse files

Rework device policy user restrctions. 

Removed the "global" and "local" restriction sets. All restrictions
set from the DPM are now stored as a single restriction set. "global"
restrictions are stored with the userID ALL_USERS.

Test: btest "android.devicepolicy.cts.UserRestrictionsTest"
Change-Id: I504b16bbbac99ac731580247b57f55a9b213609f
parent cac70c6f

services/core/java/com/android/server/pm/RestrictionsSet.java

+45 −16
Original line number Diff line number Diff line
@@ -20,7 +20,9 @@ import android.annotation.NonNull; 
import android.annotation.Nullable;

import android.annotation.UserIdInt;

import android.os.Bundle;

import android.os.UserHandle;

import android.os.UserManager;

import android.util.IntArray;

import android.util.SparseArray;



import com.android.internal.annotations.VisibleForTesting;
@@ -37,9 +39,7 @@ import java.util.ArrayList; 
import java.util.List;



/**

 * Data structure that contains the mapping of users to user restrictions (either the user

 * restrictions that apply to them, or the user restrictions that they set, depending on the

 * circumstances).

 * Data structure that contains the mapping of users to user restrictions.

 *

 * @hide

 */
@@ -87,6 +87,24 @@ public class RestrictionsSet { 
        return true;

    }



    /**

     * Removes a particular restriction for all users.

     *

     * @return whether the restriction was removed or not.

     */

    public boolean removeRestrictionsForAllUsers(String restriction) {

        boolean removed = false;

        for (int i = 0; i < mUserRestrictions.size(); i++) {

            final Bundle restrictions = mUserRestrictions.valueAt(i);



            if (UserRestrictionsUtils.contains(restrictions, restriction)) {

                restrictions.remove(restriction);

                removed = true;

            }

        }

        return removed;

    }



    /**

     * Moves a particular restriction from one restriction set to another, e.g. for all users.

     */
@@ -139,22 +157,19 @@ public class RestrictionsSet { 
     * @return list of enforcing users that enforce a particular restriction.

     */

    public @NonNull List<UserManager.EnforcingUser> getEnforcingUsers(String restriction,

            @UserIdInt int deviceOwnerUserId) {

            @UserIdInt int userId) {

        final List<UserManager.EnforcingUser> result = new ArrayList<>();

        for (int i = 0; i < mUserRestrictions.size(); i++) {

            if (UserRestrictionsUtils.contains(mUserRestrictions.valueAt(i), restriction)) {

                result.add(getEnforcingUser(mUserRestrictions.keyAt(i), deviceOwnerUserId));

        if (getRestrictionsNonNull(userId).containsKey(restriction)) {

            result.add(new UserManager.EnforcingUser(userId,

                    UserManager.RESTRICTION_SOURCE_PROFILE_OWNER));

        }

        }

        return result;



        if (getRestrictionsNonNull(UserHandle.USER_ALL).containsKey(restriction)) {

            result.add(new UserManager.EnforcingUser(UserHandle.USER_ALL,

                    UserManager.RESTRICTION_SOURCE_DEVICE_OWNER));

        }



    private UserManager.EnforcingUser getEnforcingUser(@UserIdInt int userId,

            @UserIdInt int deviceOwnerUserId) {

        int source = deviceOwnerUserId == userId

                ? UserManager.RESTRICTION_SOURCE_DEVICE_OWNER

                : UserManager.RESTRICTION_SOURCE_PROFILE_OWNER;

        return new UserManager.EnforcingUser(userId, source);

        return result;

    }



    /**
@@ -165,6 +180,11 @@ public class RestrictionsSet { 
        return mUserRestrictions.get(userId);

    }



    /** @return list of user restrictions for a given user that is not null. */

    public @NonNull Bundle getRestrictionsNonNull(@UserIdInt int userId) {

        return UserRestrictionsUtils.nonNull(mUserRestrictions.get(userId));

    }



    /**

     * Removes a given user from the restrictions set, returning true if the user has non-empty

     * restrictions before removal.
@@ -236,6 +256,15 @@ public class RestrictionsSet { 
        }

    }



    /** @return list of users in this restriction set. */

    public IntArray getUserIds() {

        IntArray userIds = new IntArray(mUserRestrictions.size());

        for (int i = 0; i < mUserRestrictions.size(); i++) {

            userIds.add(mUserRestrictions.keyAt(i));

        }

        return userIds;

    }



    public boolean containsKey(@UserIdInt int userId) {

        return mUserRestrictions.contains(userId);

    }

services/core/java/com/android/server/pm/UserManagerInternal.java

+12 −0
Original line number Diff line number Diff line
@@ -141,6 +141,18 @@ public abstract class UserManagerInternal { 
    public abstract void setDevicePolicyUserRestrictions(int originatingUserId,

            @Nullable Bundle global, @Nullable RestrictionsSet local, boolean isDeviceOwner);



    /**

     * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to set a

     * user restriction.

     *

     * @param userId user id to apply the restriction to. {@link com.android.os.UserHandle.USER_ALL}

     *               will apply the restriction to all users globally.

     * @param key    The key of the restriction.

     * @param value  The value of the restriction.

     */

    public abstract void setUserRestriction(@UserIdInt int userId, @NonNull String key,

            boolean value);



    /** Return a user restriction. */

    public abstract boolean getUserRestriction(int userId, String key);

services/core/java/com/android/server/pm/UserManagerService.java

+82 −237

File changed.

Preview size limit exceeded, changes collapsed.

services/tests/PackageManagerServiceTests/server/src/com/android/server/pm/RestrictionsSetTest.java

+3 −0
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ import android.platform.test.annotations.Presubmit; 


import androidx.test.runner.AndroidJUnit4;



import org.junit.Ignore;

import org.junit.Test;

import org.junit.runner.RunWith;
@@ -138,6 +139,7 @@ public class RestrictionsSetTest { 
    }



    @Test

    @Ignore("b/268334580")

    public void testGetEnforcingUsers_hasEnforcingUser() {

        mRestrictionsSet.updateRestrictions(originatingUserId,

                newRestrictions(UserManager.ENSURE_VERIFY_APPS));
@@ -154,6 +156,7 @@ public class RestrictionsSetTest { 
    }



    @Test

    @Ignore("b/268334580")

    public void testGetEnforcingUsers_hasMultipleEnforcingUsers() {

        int originatingUserId2 = 10;

        mRestrictionsSet.updateRestrictions(originatingUserId,

services/tests/servicestests/src/com/android/server/pm/UserManagerServiceUserInfoTest.java

+1 −1
Original line number Diff line number Diff line
@@ -230,7 +230,7 @@ public class UserManagerServiceUserInfoTest { 
        mUserManagerService.putUserInfo(createUser(105, FLAG_SYSTEM | FLAG_FULL, null));

        mUserManagerService.putUserInfo(createUser(106, FLAG_DEMO | FLAG_FULL, null));



        mUserManagerService.upgradeIfNecessaryLP(null, versionToTest - 1, userTypeVersion);

        mUserManagerService.upgradeIfNecessaryLP(versionToTest - 1, userTypeVersion);



        assertTrue(mUserManagerService.isUserOfType(100, USER_TYPE_PROFILE_MANAGED));

        assertTrue((mUserManagerService.getUserInfo(100).flags & FLAG_PROFILE) != 0);