Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dded98f7 authored by yuemingw's avatar yuemingw Committed by Yueming Wang
Browse files

Enforce cross profile calendar policies in one place. 

Instead of checking dpm policy in primary user and settings value
in managed profile user, we'd better check them all in primary user.

Calendar provider will need INTERACT_ACROSS_USER_FULL to access
settings provider and this permission is not granted to any app
in privapp-permissions-platform.xml. So I think it's safer to
change isPackageAllowedToAccessCalendar to check both
admin policy & settings value.

Bug: 123629973
Test: atest CalendarProvider2Test
Change-Id: I01bff1317916bac6de72a71a029a2f99dc8e9a0b
parent 2348248e

core/java/android/app/admin/DevicePolicyManager.java

+7 −2
Original line number Diff line number Diff line
@@ -10590,14 +10590,19 @@ public class DevicePolicyManager { 
    }



    /**

     * Returns if a package is whitelisted to access cross-profile calendar APIs.

     * Returns if a package is allowed to access cross-profile calendar APIs.

     *

     * <p>A package is allowed to access cross-profile calendar APIs if it's allowed by

     * admins via {@link #setCrossProfileCalendarPackages(ComponentName, Set)} and

     * {@link android.provider.Settings.Secure#CROSS_PROFILE_CALENDAR_ENABLED}

     * is turned on in the managed profile.

     *

     * <p>To query for a specific user, use

     * {@link Context#createPackageContextAsUser(String, int, UserHandle)} to create a context for

     * that user, and get a {@link DevicePolicyManager} from this context.

     *

     * @param packageName the name of the package

     * @return {@code true} if the package is whitelisted to access cross-profile calendar APIs.

     * @return {@code true} if the package is allowed to access cross-profile calendar APIs.

     * {@code false} otherwise.

     *

     * @see #setCrossProfileCalendarPackages(ComponentName, Set)

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+4 −0
Original line number Diff line number Diff line
@@ -14072,6 +14072,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 














        enforceCrossUsersPermission(userHandle);















        synchronized (getLockObject()) {













            if (mInjector.settingsSecureGetIntForUser(













                    Settings.Secure.CROSS_PROFILE_CALENDAR_ENABLED, 0, userHandle) == 0) {













                return false;













            }















            final ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle);















            if (admin != null) {















                if (admin.mCrossProfileCalendarPackages == null) {

























services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java



+29
−0




























Original line number
Diff line number
Diff line








@@ -5278,6 +5278,35 @@ public class DevicePolicyManagerTest extends DpmTestBase {













        assertTrue(actual.containsAll(expected));















    }





























    public void testIsPackageAllowedToAccessCalendar_adminNotAllowed() {













        setAsProfileOwner(admin1);













        dpm.setCrossProfileCalendarPackages(admin1, Collections.emptySet());













        when(getServices().settings.settingsSecureGetIntForUser(













                Settings.Secure.CROSS_PROFILE_CALENDAR_ENABLED,













                0, DpmMockContext.CALLER_USER_HANDLE)).thenReturn(1);













        assertFalse(dpm.isPackageAllowedToAccessCalendar("TEST_PACKAGE"));













    }



























    public void testIsPackageAllowedToAccessCalendar_settingOff() {













        final String testPackage = "TEST_PACKAGE";













        setAsProfileOwner(admin1);













        dpm.setCrossProfileCalendarPackages(admin1, Collections.singleton(testPackage));













        when(getServices().settings.settingsSecureGetIntForUser(













                Settings.Secure.CROSS_PROFILE_CALENDAR_ENABLED,













                0, DpmMockContext.CALLER_USER_HANDLE)).thenReturn(0);













        assertFalse(dpm.isPackageAllowedToAccessCalendar(testPackage));













    }



























    public void testIsPackageAllowedToAccessCalendar_bothAllowed() {













        final String testPackage = "TEST_PACKAGE";













        setAsProfileOwner(admin1);













        dpm.setCrossProfileCalendarPackages(admin1, null);













        when(getServices().settings.settingsSecureGetIntForUser(













                Settings.Secure.CROSS_PROFILE_CALENDAR_ENABLED,













                0, DpmMockContext.CALLER_USER_HANDLE)).thenReturn(1);













        assertTrue(dpm.isPackageAllowedToAccessCalendar(testPackage));













    }





























    private void configureProfileOwnerForDeviceIdAccess(ComponentName who, int userId) {















        final long ident = mServiceContext.binder.clearCallingIdentity();















        mServiceContext.binder.callingUid =