Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d6cb8f00 authored by Alex Johnston's avatar Alex Johnston
Browse files

Replace profile owner of org owned device enforce methods 

* Replace enforce methods with precondition checks

Removed methods
enforceDeviceOwnerOrProfileOwnerOnOrganizationOwnedDevice
enforceProfileOwnerOfOrganizationOwnedDevice
enforceProfileOwnerOnUser0OrProfileOwnerOrganizationOwned
enforceHandlesCheckPolicyComplianceIntent
isProfileOwnerOfOrganizationOwnedDevice(admin)

Updated methods
* setConfiguredNetworksLockdownState
* hasLockdownAdminConfiguredNetworks
* setTime
* setTimeZone
* getWifiMacAddress
* retrievePreRebootSecurityLogs **
* retrieveSecurityLogs
* installUpdateFromFile
* setScreenCaptureDisabled
* getScreenCaptureDisabled
* setCameraDisabled
* getCameraDisabled
* setDefaultSmsApplication
* getUserRestrictions
* getPersonalAppsSuspendedReasons
* setPersonalAppsSuspended
* setManagedProfileMaximumTimeOff
* getManagedProfileMaximumTimeOff
* setAutoTimeEnabled
* getAutoTimeEnabled
* setAutoTimeZoneEnabled
* getAutoTimeZoneEnabled
* wipeDataWithReason
* setKeyguardDisabledFeatures
* setDeviceOwnerLockScreenInfo
* setUserRestriction

Bug: 166633516
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
Change-Id: I5444d24f0d2c0236cfbd2836171442a99f0450a7
parent e466e19e

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+8 −7
Original line number Diff line number Diff line
@@ -5745,14 +5745,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
    }















    @Override













    public void wipeDataWithReason(int flags, String wipeReasonForUser, boolean parent) {













    public void wipeDataWithReason(int flags, String wipeReasonForUser,













            boolean calledOnParentInstance) {















        if (!mHasFeature) {















            return;















        }















        final CallerIdentity caller = getCallerIdentity();















        boolean calledByProfileOwnerOnOrgOwnedDevice =















                isProfileOwnerOfOrganizationOwnedDevice(caller);













        if (parent) {













        if (calledOnParentInstance) {















            Preconditions.checkCallAuthorization(calledByProfileOwnerOnOrgOwnedDevice,















                    "Wiping the entire device can only be done by a profile owner on "















                            + "organization-owned device.");









@@ -5772,7 +5773,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













                String.format("No active admin for user %d", caller.getUserId()));





























        if (TextUtils.isEmpty(wipeReasonForUser)) {













            if (calledByProfileOwnerOnOrgOwnedDevice && !parent) {













            if (calledByProfileOwnerOnOrgOwnedDevice && !calledOnParentInstance) {















                wipeReasonForUser = mContext.getString(R.string.device_ownership_relinquished);















            } else {















                wipeReasonForUser = mContext.getString(









@@ -5783,7 +5784,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













        int userId = admin.getUserHandle().getIdentifier();















        if (calledByProfileOwnerOnOrgOwnedDevice) {















            // When wipeData is called on the parent instance, it implies wiping the entire device.













            if (parent) {













            if (calledOnParentInstance) {















                userId = UserHandle.USER_SYSTEM;















            } else {















                // when wipeData is _not_ called on the parent instance, it implies relinquishing









@@ -5808,7 +5809,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













                .createEvent(DevicePolicyEnums.WIPE_DATA_WITH_REASON)















                .setAdmin(admin.info.getComponent())















                .setInt(flags)













                .setStrings(parent ? CALLED_FROM_PARENT : NOT_CALLED_FROM_PARENT)













                .setStrings(calledOnParentInstance ? CALLED_FROM_PARENT : NOT_CALLED_FROM_PARENT)















                .write();















        String internalReason = String.format(















                "DevicePolicyManager.wipeDataWithReason() from %s, organization-owned? %s",










@@ -9527,8 +9528,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













                        && UserRestrictionsUtils.canProfileOwnerChange(key, userHandle);















                boolean orgOwnedProfileOwnerCanChangesGlobally = parent















                        && isProfileOwnerOfOrganizationOwnedDevice(caller)













                        && UserRestrictionsUtils













                        .canProfileOwnerOfOrganizationOwnedDeviceChange(key);













                        && UserRestrictionsUtils.canProfileOwnerOfOrganizationOwnedDeviceChange(













                        key);





























                if (!profileOwnerCanChangeOnItself && !orgOwnedProfileOwnerCanChangesGlobally) {















                    throw new SecurityException("Profile owner cannot set user restriction " + key);