Loading core/java/android/app/admin/DevicePolicyManager.java +31 −0 Original line number Diff line number Diff line Loading @@ -6493,4 +6493,35 @@ public class DevicePolicyManager { throw new SecurityException(functionName + " cannot be called on the parent instance"); } } /** * @hide * Enable backup service. * <p>This includes all backup and restore mechanisms. * Setting this to {@code false} will make backup service no-op or return empty results. * * <p>There must be only one user on the device, managed by the device owner. * Otherwise a {@link SecurityException} will be thrown. * * <p>Backup service is off by default when device owner is present. */ public void setBackupServiceEnabled(@NonNull ComponentName admin, boolean enabled) { try { mService.setBackupServiceEnabled(admin, enabled); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } /** * @hide * @return {@code true} if backup service is enabled, {@code false} otherwise. */ public boolean isBackupServiceEnabled(@NonNull ComponentName admin) { try { return mService.isBackupServiceEnabled(admin); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } } core/java/android/app/admin/IDevicePolicyManager.aidl +3 −0 Original line number Diff line number Diff line Loading @@ -305,4 +305,7 @@ interface IDevicePolicyManager { boolean isDeviceProvisioned(); boolean isDeviceProvisioningConfigApplied(); void setDeviceProvisioningConfigApplied(); void setBackupServiceEnabled(in ComponentName admin, boolean enabled); boolean isBackupServiceEnabled(in ComponentName admin); } services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +49 −5 Original line number Diff line number Diff line Loading @@ -497,9 +497,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { new MonitoringCertNotificationTask().execute(userId); } if (Intent.ACTION_USER_ADDED.equals(action)) { disableSecurityLoggingIfNotCompliant(); disableDeviceOwnerManagedSingleUserFeaturesIfNeeded(); } else if (Intent.ACTION_USER_REMOVED.equals(action)) { disableSecurityLoggingIfNotCompliant(); disableDeviceOwnerManagedSingleUserFeaturesIfNeeded(); removeUserData(userHandle); } else if (Intent.ACTION_USER_STARTED.equals(action)) { synchronized (DevicePolicyManagerService.this) { Loading Loading @@ -1712,7 +1712,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (mOwners.hasDeviceOwner()) { mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, "true"); Slog.i(LOG_TAG, "Set ro.device_owner property to true"); disableSecurityLoggingIfNotCompliant(); disableDeviceOwnerManagedSingleUserFeaturesIfNeeded(); if (mInjector.securityLogGetLoggingEnabledProperty()) { mSecurityLogMonitor.start(); } Loading Loading @@ -5930,7 +5930,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mOwners.clearDeviceOwner(); mOwners.writeDeviceOwner(); updateDeviceOwnerLocked(); disableSecurityLoggingIfNotCompliant(); disableDeviceOwnerManagedSingleUserFeaturesIfNeeded(); try { // Reactivate backup service. mInjector.getIBackupManager().setBackupServiceActive(UserHandle.USER_SYSTEM, true); Loading Loading @@ -8904,10 +8904,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } private synchronized void disableSecurityLoggingIfNotCompliant() { private synchronized void disableDeviceOwnerManagedSingleUserFeaturesIfNeeded() { if (!isDeviceOwnerManagedSingleUserDevice()) { mInjector.securityLogSetLoggingEnabledProperty(false); Slog.w(LOG_TAG, "Security logging turned off as it's no longer a single user device."); setBackupServiceEnabledInternal(false); Slog.w(LOG_TAG, "Backup is off as it's a managed device that has more that one user."); } } Loading Loading @@ -9208,4 +9210,46 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } } @Override public void setBackupServiceEnabled(ComponentName admin, boolean enabled) { Preconditions.checkNotNull(admin); if (!mHasFeature) { return; } ensureDeviceOwnerManagingSingleUser(admin); setBackupServiceEnabledInternal(enabled); } private synchronized void setBackupServiceEnabledInternal(boolean enabled) { long ident = mInjector.binderClearCallingIdentity(); try { IBackupManager ibm = mInjector.getIBackupManager(); if (ibm != null) { ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, enabled); } } catch (RemoteException e) { throw new IllegalStateException( "Failed " + (enabled ? "" : "de") + "activating backup service.", e); } finally { mInjector.binderRestoreCallingIdentity(ident); } } @Override public boolean isBackupServiceEnabled(ComponentName admin) { Preconditions.checkNotNull(admin); if (!mHasFeature) { return true; } synchronized (this) { getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); try { IBackupManager ibm = mInjector.getIBackupManager(); return ibm != null && ibm.isBackupServiceActive(UserHandle.USER_SYSTEM); } catch (RemoteException e) { throw new IllegalStateException("Failed requesting backup service state.", e); } } } } Loading
core/java/android/app/admin/DevicePolicyManager.java +31 −0 Original line number Diff line number Diff line Loading @@ -6493,4 +6493,35 @@ public class DevicePolicyManager { throw new SecurityException(functionName + " cannot be called on the parent instance"); } } /** * @hide * Enable backup service. * <p>This includes all backup and restore mechanisms. * Setting this to {@code false} will make backup service no-op or return empty results. * * <p>There must be only one user on the device, managed by the device owner. * Otherwise a {@link SecurityException} will be thrown. * * <p>Backup service is off by default when device owner is present. */ public void setBackupServiceEnabled(@NonNull ComponentName admin, boolean enabled) { try { mService.setBackupServiceEnabled(admin, enabled); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } /** * @hide * @return {@code true} if backup service is enabled, {@code false} otherwise. */ public boolean isBackupServiceEnabled(@NonNull ComponentName admin) { try { return mService.isBackupServiceEnabled(admin); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } }
core/java/android/app/admin/IDevicePolicyManager.aidl +3 −0 Original line number Diff line number Diff line Loading @@ -305,4 +305,7 @@ interface IDevicePolicyManager { boolean isDeviceProvisioned(); boolean isDeviceProvisioningConfigApplied(); void setDeviceProvisioningConfigApplied(); void setBackupServiceEnabled(in ComponentName admin, boolean enabled); boolean isBackupServiceEnabled(in ComponentName admin); }
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +49 −5 Original line number Diff line number Diff line Loading @@ -497,9 +497,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { new MonitoringCertNotificationTask().execute(userId); } if (Intent.ACTION_USER_ADDED.equals(action)) { disableSecurityLoggingIfNotCompliant(); disableDeviceOwnerManagedSingleUserFeaturesIfNeeded(); } else if (Intent.ACTION_USER_REMOVED.equals(action)) { disableSecurityLoggingIfNotCompliant(); disableDeviceOwnerManagedSingleUserFeaturesIfNeeded(); removeUserData(userHandle); } else if (Intent.ACTION_USER_STARTED.equals(action)) { synchronized (DevicePolicyManagerService.this) { Loading Loading @@ -1712,7 +1712,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (mOwners.hasDeviceOwner()) { mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, "true"); Slog.i(LOG_TAG, "Set ro.device_owner property to true"); disableSecurityLoggingIfNotCompliant(); disableDeviceOwnerManagedSingleUserFeaturesIfNeeded(); if (mInjector.securityLogGetLoggingEnabledProperty()) { mSecurityLogMonitor.start(); } Loading Loading @@ -5930,7 +5930,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mOwners.clearDeviceOwner(); mOwners.writeDeviceOwner(); updateDeviceOwnerLocked(); disableSecurityLoggingIfNotCompliant(); disableDeviceOwnerManagedSingleUserFeaturesIfNeeded(); try { // Reactivate backup service. mInjector.getIBackupManager().setBackupServiceActive(UserHandle.USER_SYSTEM, true); Loading Loading @@ -8904,10 +8904,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } private synchronized void disableSecurityLoggingIfNotCompliant() { private synchronized void disableDeviceOwnerManagedSingleUserFeaturesIfNeeded() { if (!isDeviceOwnerManagedSingleUserDevice()) { mInjector.securityLogSetLoggingEnabledProperty(false); Slog.w(LOG_TAG, "Security logging turned off as it's no longer a single user device."); setBackupServiceEnabledInternal(false); Slog.w(LOG_TAG, "Backup is off as it's a managed device that has more that one user."); } } Loading Loading @@ -9208,4 +9210,46 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } } @Override public void setBackupServiceEnabled(ComponentName admin, boolean enabled) { Preconditions.checkNotNull(admin); if (!mHasFeature) { return; } ensureDeviceOwnerManagingSingleUser(admin); setBackupServiceEnabledInternal(enabled); } private synchronized void setBackupServiceEnabledInternal(boolean enabled) { long ident = mInjector.binderClearCallingIdentity(); try { IBackupManager ibm = mInjector.getIBackupManager(); if (ibm != null) { ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, enabled); } } catch (RemoteException e) { throw new IllegalStateException( "Failed " + (enabled ? "" : "de") + "activating backup service.", e); } finally { mInjector.binderRestoreCallingIdentity(ident); } } @Override public boolean isBackupServiceEnabled(ComponentName admin) { Preconditions.checkNotNull(admin); if (!mHasFeature) { return true; } synchronized (this) { getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); try { IBackupManager ibm = mInjector.getIBackupManager(); return ibm != null && ibm.isBackupServiceActive(UserHandle.USER_SYSTEM); } catch (RemoteException e) { throw new IllegalStateException("Failed requesting backup service state.", e); } } } }
