Merge "Add metrics for the PO and DO provisioning APIs" into sc-dev (d61ce319) · Commits · e / os / android_frameworks_base

core/java/android/app/admin/DevicePolicyManager.java

+3 −2

Original line number	Diff line number	Diff line
		@@ -13198,7 +13198,8 @@ public class DevicePolicyManager {
		return null;
		}
		try {
		return mService.createAndProvisionManagedProfile(provisioningParams);
		return mService.createAndProvisionManagedProfile(
		provisioningParams, mContext.getPackageName());
		} catch (ServiceSpecificException e) {
		throw new ProvisioningException(e, e.errorCode);
		} catch (RemoteException e) {
		@@ -13229,7 +13230,7 @@ public class DevicePolicyManager {
		throws ProvisioningException {
		if (mService != null) {
		try {
		mService.provisionFullyManagedDevice(provisioningParams);
		mService.provisionFullyManagedDevice(provisioningParams, mContext.getPackageName());
		} catch (ServiceSpecificException e) {
		throw new ProvisioningException(e, e.errorCode);
		} catch (RemoteException re) {

core/java/android/app/admin/IDevicePolicyManager.aidl

+2 −2

Original line number	Diff line number	Diff line
		@@ -496,6 +496,6 @@ interface IDevicePolicyManager {
		String getEnrollmentSpecificId(String callerPackage);
		void setOrganizationIdForUser(in String callerPackage, in String enterpriseId, int userId);

		UserHandle createAndProvisionManagedProfile(in ManagedProfileProvisioningParams provisioningParams);
		void provisionFullyManagedDevice(in FullyManagedDeviceProvisioningParams provisioningParams);
		UserHandle createAndProvisionManagedProfile(in ManagedProfileProvisioningParams provisioningParams, in String callerPackage);
		void provisionFullyManagedDevice(in FullyManagedDeviceProvisioningParams provisioningParams, in String callerPackage);
		}

services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -120,11 +120,11 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub {
		@NonNull String callerPackage, @NonNull String enterpriseId, int userId) {}

		public UserHandle createAndProvisionManagedProfile(
		@NonNull ManagedProfileProvisioningParams provisioningParams) {
		@NonNull ManagedProfileProvisioningParams provisioningParams, String callerPackage) {
		return null;
		}

		public void provisionFullyManagedDevice(
		FullyManagedDeviceProvisioningParams provisioningParams) {
		FullyManagedDeviceProvisioningParams provisioningParams, String callerPackage) {
		}
		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+84 −15

Original line number	Diff line number	Diff line
		@@ -128,6 +128,7 @@ import android.accounts.AccountManager;
		import android.accounts.AccountManagerFuture;
		import android.accounts.AuthenticatorException;
		import android.accounts.OperationCanceledException;
		import android.annotation.IntDef;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		@@ -558,6 +559,21 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		@EnabledAfter(targetSdkVersion = Build.VERSION_CODES.Q)
		private static final long USE_SET_LOCATION_ENABLED = 117835097L;

		// Only add to the end of the list. Do not change or rearrange these values, that will break
		// historical data. Do not use negative numbers or zero, logger only handles positive
		// integers.
		private static final int COPY_ACCOUNT_SUCCEEDED = 1;
		private static final int COPY_ACCOUNT_FAILED = 2;
		private static final int COPY_ACCOUNT_TIMED_OUT = 3;
		private static final int COPY_ACCOUNT_EXCEPTION = 4;

		@IntDef({
		COPY_ACCOUNT_SUCCEEDED,
		COPY_ACCOUNT_FAILED,
		COPY_ACCOUNT_TIMED_OUT,
		COPY_ACCOUNT_EXCEPTION})
		private @interface CopyAccountStatus {}

		/**
		* Admin apps targeting Android S+ may not use
		* {@link android.app.admin.DevicePolicyManager#setPasswordQuality} to set password quality
		@@ -15927,11 +15943,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {

		@Override
		public UserHandle createAndProvisionManagedProfile(
		@NonNull ManagedProfileProvisioningParams provisioningParams) {
		@NonNull ManagedProfileProvisioningParams provisioningParams,
		@NonNull String callerPackage) {
		final ComponentName admin = provisioningParams.getProfileAdminComponentName();
		Objects.requireNonNull(admin, "admin is null");

		final CallerIdentity caller = getCallerIdentity();
		final CallerIdentity caller = getCallerIdentity(callerPackage);
		Preconditions.checkCallAuthorization(
		hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));

		@@ -15946,6 +15963,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		"Provisioning preconditions failed with result: " + result);
		}

		final long startTime = SystemClock.elapsedRealtime();
		final Set<String> nonRequiredApps = provisioningParams.isLeaveAllSystemAppsEnabled()
		? Collections.emptySet()
		: mOverlayPackagesProvider.getNonRequiredApps(
		@@ -15962,8 +15980,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		"Error creating profile, createProfileForUserEvenWhenDisallowed "
		+ "returned null.");
		}

		resetInteractAcrossProfilesAppOps();
		logEventDuration(
		DevicePolicyEnums.PLATFORM_PROVISIONING_CREATE_PROFILE_MS,
		startTime,
		callerPackage);

		installExistingAdminPackage(userInfo.id, admin.getPackageName());
		if (!enableAdminAndSetProfileOwner(
		userInfo.id, caller.getUserId(), admin, provisioningParams.getOwnerName())) {
		@@ -15973,10 +15995,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}
		setUserSetupComplete(userInfo.id);

		startUser(userInfo.id);
		startUser(userInfo.id, callerPackage);
		maybeMigrateAccount(
		userInfo.id, caller.getUserId(), provisioningParams.getAccountToMigrate(),
		provisioningParams.isKeepAccountMigrated());
		provisioningParams.isKeepAccountMigrated(), callerPackage);

		if (provisioningParams.isOrganizationOwnedProvisioning()) {
		markIsProfileOwnerOnOrganizationOwnedDevice(admin, userInfo.id);
		@@ -15994,7 +16016,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {

		return userInfo.getUserHandle();
		} catch (Exception e) {
		// in case of any errors during provisioning, remove the newly created profile.
		DevicePolicyEventLogger
		.createEvent(DevicePolicyEnums.PLATFORM_PROVISIONING_ERROR)
		.setStrings(callerPackage)
		.write();
		// In case of any errors during provisioning, remove the newly created profile.
		if (userInfo != null) {
		mUserManager.removeUserEvenWhenDisallowed(userInfo.id);
		}
		@@ -16099,7 +16125,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		mContext.getContentResolver(), USER_SETUP_COMPLETE, 1, userId);
		}

		private void startUser(@UserIdInt int userId) throws IllegalStateException {
		private void startUser(@UserIdInt int userId, String callerPackage)
		throws IllegalStateException {
		final long startTime = SystemClock.elapsedRealtime();
		final UserUnlockedBlockingReceiver unlockedReceiver = new UserUnlockedBlockingReceiver(
		userId);
		mContext.registerReceiverAsUser(
		@@ -16118,6 +16146,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		throw new ServiceSpecificException(PROVISIONING_RESULT_STARTING_PROFILE_FAILED,
		String.format("Timeout whilst waiting for unlock of user %d.", userId));
		}
		logEventDuration(
		DevicePolicyEnums.PLATFORM_PROVISIONING_START_PROFILE_MS,
		startTime,
		callerPackage);
		} catch (RemoteException e) {
		// Shouldn't happen.
		} finally {
		@@ -16125,9 +16157,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}
		}

		void maybeMigrateAccount(
		private void maybeMigrateAccount(
		@UserIdInt int targetUserId, @UserIdInt int sourceUserId, Account accountToMigrate,
		boolean keepAccountMigrated) {
		boolean keepAccountMigrated, String callerPackage) {
		final UserHandle sourceUser = UserHandle.of(sourceUserId);
		final UserHandle targetUser = UserHandle.of(targetUserId);
		if (accountToMigrate == null) {
		@@ -16138,13 +16170,16 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		Slog.w(LOG_TAG, "sourceUser and targetUser are the same, won't migrate account.");
		return;
		}
		copyAccount(targetUser, sourceUser, accountToMigrate);
		copyAccount(targetUser, sourceUser, accountToMigrate, callerPackage);
		if (!keepAccountMigrated) {
		removeAccount(accountToMigrate);
		}
		}

		void copyAccount(UserHandle targetUser, UserHandle sourceUser, Account accountToMigrate) {
		private void copyAccount(
		UserHandle targetUser, UserHandle sourceUser, Account accountToMigrate,
		String callerPackage) {
		final long startTime = SystemClock.elapsedRealtime();
		try {
		final AccountManager accountManager = mContext.getSystemService(AccountManager.class);
		final boolean copySucceeded = accountManager.copyAccountToUser(
		@@ -16153,16 +16188,35 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		targetUser,
		/* callback= / null, / handler= */ null)
		.getResult(60 * 3, TimeUnit.SECONDS);
		if (!copySucceeded) {
		if (copySucceeded) {
		logCopyAccountStatus(COPY_ACCOUNT_SUCCEEDED, callerPackage);
		logEventDuration(
		DevicePolicyEnums.PLATFORM_PROVISIONING_COPY_ACCOUNT_MS,
		startTime,
		callerPackage);
		} else {
		logCopyAccountStatus(COPY_ACCOUNT_FAILED, callerPackage);
		Slog.e(LOG_TAG, "Failed to copy account to " + targetUser);
		}
		} catch (OperationCanceledException \| AuthenticatorException \| IOException e) {
		} catch (OperationCanceledException e) {
		// Account migration is not considered a critical operation.
		logCopyAccountStatus(COPY_ACCOUNT_TIMED_OUT, callerPackage);
		Slog.e(LOG_TAG, "Exception copying account to " + targetUser, e);
		} catch (AuthenticatorException \| IOException e) {
		logCopyAccountStatus(COPY_ACCOUNT_EXCEPTION, callerPackage);
		Slog.e(LOG_TAG, "Exception copying account to " + targetUser, e);
		}
		}

		void removeAccount(Account account) {
		private static void logCopyAccountStatus(@CopyAccountStatus int status, String callerPackage) {
		DevicePolicyEventLogger
		.createEvent(DevicePolicyEnums.PLATFORM_PROVISIONING_COPY_ACCOUNT_STATUS)
		.setInt(status)
		.setStrings(callerPackage)
		.write();
		}

		private void removeAccount(Account account) {
		final AccountManager accountManager =
		mContext.getSystemService(AccountManager.class);
		final AccountManagerFuture<Bundle> bundle = accountManager.removeAccount(account,
		@@ -16208,7 +16262,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {

		@Override
		public void provisionFullyManagedDevice(
		FullyManagedDeviceProvisioningParams provisioningParams) {
		FullyManagedDeviceProvisioningParams provisioningParams, String callerPackage) {
		ComponentName deviceAdmin = provisioningParams.getDeviceAdminComponentName();

		Objects.requireNonNull(deviceAdmin, "admin is null.");
		@@ -16261,6 +16315,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		.setPackage(getManagedProvisioningPackage(mContext))
		.addFlags(Intent.FLAG_RECEIVER_FOREGROUND);
		mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM);
		} catch (Exception e) {
		DevicePolicyEventLogger
		.createEvent(DevicePolicyEnums.PLATFORM_PROVISIONING_ERROR)
		.setStrings(callerPackage)
		.write();
		throw e;
		} finally {
		Binder.restoreCallingIdentity(identity);
		}
		@@ -16344,4 +16404,13 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		}
		return true;
		}

		private static void logEventDuration(int eventId, long startTime, String callerPackage) {
		final long duration = SystemClock.elapsedRealtime() - startTime;
		DevicePolicyEventLogger
		.createEvent(eventId)
		.setTimePeriod(duration)
		.setStrings(callerPackage)
		.write();
		}
		}