Allow uninstalling DMRH when not used for management (da522df8) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/PackageManagerService.java

+24 −7

Original line number	Original line	Diff line number	Diff line
	@@ -60,6 +60,7 @@ import android.app.ApplicationExitInfo;
	import android.app.ApplicationPackageManager;		import android.app.ApplicationPackageManager;
	import android.app.BroadcastOptions;		import android.app.BroadcastOptions;
	import android.app.IActivityManager;		import android.app.IActivityManager;
			import android.app.admin.DevicePolicyManagerInternal;
	import android.app.admin.IDevicePolicyManager;		import android.app.admin.IDevicePolicyManager;
	import android.app.admin.SecurityLog;		import android.app.admin.SecurityLog;
	import android.app.backup.IBackupManager;		import android.app.backup.IBackupManager;
	@@ -3371,8 +3372,10 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	// TODO(b/261957226): centralise this logic in DPM		// TODO(b/261957226): centralise this logic in DPM
	boolean isPackageDeviceAdmin(String packageName, int userId) {		boolean isPackageDeviceAdmin(String packageName, int userId) {
	final IDevicePolicyManager dpm = getDevicePolicyManager();		final IDevicePolicyManager dpm = getDevicePolicyManager();
			final DevicePolicyManagerInternal dpmi =
			mInjector.getLocalService(DevicePolicyManagerInternal.class);
	try {		try {
	if (dpm != null) {		if (dpm != null && dpmi != null) {
	final ComponentName deviceOwnerComponentName = dpm.getDeviceOwnerComponent(		final ComponentName deviceOwnerComponentName = dpm.getDeviceOwnerComponent(
	/* callingUserOnly =*/ false);		/* callingUserOnly =*/ false);
	final String deviceOwnerPackageName = deviceOwnerComponentName == null ? null		final String deviceOwnerPackageName = deviceOwnerComponentName == null ? null
	@@ -3385,17 +3388,31 @@ public class PackageManagerService implements PackageSender, TestUtilityService
	return true;		return true;
	}		}
	// Does it contain a device admin for any user?		// Does it contain a device admin for any user?
	int[] users;		int[] allUsers = mUserManager.getUserIds();
			int[] targetUsers;
	if (userId == UserHandle.USER_ALL) {		if (userId == UserHandle.USER_ALL) {
	users = mUserManager.getUserIds();		targetUsers = allUsers;
	} else {		} else {
	users = new int[]{userId};		targetUsers = new int[]{userId};
	}		}
	for (int i = 0; i < users.length; ++i) {
	if (dpm.packageHasActiveAdmins(packageName, users[i])) {		for (int i = 0; i < targetUsers.length; ++i) {
			if (dpm.packageHasActiveAdmins(packageName, targetUsers[i])) {
	return true;		return true;
	}		}
	if (isDeviceManagementRoleHolder(packageName, users[i])) {		}

			// If a package is DMRH on a managed user, it should also be treated as an admin on
			// that user. If that package is also a system package, it should also be protected
			// on other users otherwise "uninstall updates" on an unmanaged user may break
			// management on other users because apk version is shared between all users.
			var packageState = snapshotComputer().getPackageStateInternal(packageName);
			if (packageState == null) {
			return false;
			}
			for (int user : packageState.isSystem() ? allUsers : targetUsers) {
			if (isDeviceManagementRoleHolder(packageName, user)
			&& dpmi.isUserOrganizationManaged(user)) {
	return true;		return true;
	}		}
	}		}