Transfer policies on admin ownership transfer (d71408a8) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java

+32 −0

Original line number	Diff line number	Diff line
		@@ -684,6 +684,38 @@ final class DevicePolicyEngine {
		}
		}

		<V> void transferPolicies(EnforcingAdmin oldAdmin, EnforcingAdmin newAdmin) {
		Set<PolicyKey> globalPolicies = new HashSet<>(mGlobalPolicies.keySet());
		for (PolicyKey policy : globalPolicies) {
		PolicyState<?> policyState = mGlobalPolicies.get(policy);
		if (policyState.getPoliciesSetByAdmins().containsKey(oldAdmin)) {
		PolicyDefinition<V> policyDefinition =
		(PolicyDefinition<V>) policyState.getPolicyDefinition();
		PolicyValue<V> policyValue =
		(PolicyValue<V>) policyState.getPoliciesSetByAdmins().get(oldAdmin);
		setGlobalPolicy(policyDefinition, newAdmin, policyValue);
		}
		}

		for (int i = 0; i < mLocalPolicies.size(); i++) {
		int userId = mLocalPolicies.keyAt(i);
		Set<PolicyKey> localPolicies = new HashSet<>(
		mLocalPolicies.get(userId).keySet());
		for (PolicyKey policy : localPolicies) {
		PolicyState<?> policyState = mLocalPolicies.get(userId).get(policy);
		if (policyState.getPoliciesSetByAdmins().containsKey(oldAdmin)) {
		PolicyDefinition<V> policyDefinition =
		(PolicyDefinition<V>) policyState.getPolicyDefinition();
		PolicyValue<V> policyValue =
		(PolicyValue<V>) policyState.getPoliciesSetByAdmins().get(oldAdmin);
		setLocalPolicy(policyDefinition, newAdmin, policyValue, userId);
		}
		}
		}

		removePoliciesForAdmin(oldAdmin);
		}

		private Set<UserRestrictionPolicyKey> getUserRestrictionPolicyKeysForAdminLocked(
		Map<PolicyKey, PolicyState<?>> policies,
		EnforcingAdmin admin) {

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+14 −3

Original line number	Diff line number	Diff line
		@@ -3882,6 +3882,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		final ActiveAdmin adminToTransfer = policy.mAdminMap.get(outgoingReceiver);
		final int oldAdminUid = adminToTransfer.getUid();

		if (isPolicyEngineForFinanceFlagEnabled() \|\| isPermissionCheckFlagEnabled()) {
		EnforcingAdmin oldAdmin =
		EnforcingAdmin.createEnterpriseEnforcingAdmin(
		outgoingReceiver, userHandle, adminToTransfer);
		EnforcingAdmin newAdmin =
		EnforcingAdmin.createEnterpriseEnforcingAdmin(
		incomingReceiver, userHandle, adminToTransfer);

		mDevicePolicyEngine.transferPolicies(oldAdmin, newAdmin);
		}

		adminToTransfer.transfer(incomingDeviceInfo);
		policy.mAdminMap.remove(outgoingReceiver);
		policy.mAdminMap.put(incomingReceiver, adminToTransfer);
		@@ -19269,7 +19280,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		Objects.requireNonNull(token);

		CallerIdentity caller;
		if (isPermissionCheckFlagEnabled()) {
		if (isPolicyEngineForFinanceFlagEnabled()) {
		caller = getCallerIdentity(admin, callerPackageName);
		} else {
		caller = getCallerIdentity(admin);
		@@ -19279,7 +19290,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		boolean result = false;
		final String password = passwordOrNull != null ? passwordOrNull : "";

		if (isPermissionCheckFlagEnabled()) {
		if (isPolicyEngineForFinanceFlagEnabled()) {
		EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin(
		admin,
		MANAGE_DEVICE_POLICY_RESET_PASSWORD,
		@@ -19310,7 +19321,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}

		if (result) {
		if (isPermissionCheckFlagEnabled()) {
		if (isPolicyEngineForFinanceFlagEnabled()) {
		DevicePolicyEventLogger
		.createEvent(DevicePolicyEnums.RESET_PASSWORD_WITH_TOKEN)
		.setAdmin(callerPackageName)