Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dea0c3b6 authored by Charles He's avatar Charles He
Browse files

DPM: Notify DO/PO of security updates. 

We add a variant of notifyPendingSystemUpdate method which takes an
additional isSecurityPatch boolean flag. This information, if available,
will be persisted and available to device and profile owners when they
call getPendingSystemUpdate method.

Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.DeviceOwnerTest#testPendingSystemUpdate
Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest#testPendingSystemUpdate
Bug: 33102479
Bug: 30961046
Change-Id: If3f1b765bb18a359836ac43ac9a0a9f29e9f8428
parent 1628b97e

api/current.txt

+4 −0
Original line number Diff line number Diff line
@@ -6366,8 +6366,12 @@ package android.app.admin { 
  public final class SystemUpdateInfo implements android.os.Parcelable {

    method public int describeContents();

    method public long getReceivedTime();

    method public int getSecurityPatchState();

    method public void writeToParcel(android.os.Parcel, int);

    field public static final android.os.Parcelable.Creator<android.app.admin.SystemUpdateInfo> CREATOR;

    field public static final int SECURITY_PATCH_STATE_FALSE = 1; // 0x1

    field public static final int SECURITY_PATCH_STATE_TRUE = 2; // 0x2

    field public static final int SECURITY_PATCH_STATE_UNKNOWN = 0; // 0x0

  }















  public class SystemUpdatePolicy implements android.os.Parcelable {

























api/system-current.txt



+5
−0




























Original line number
Diff line number
Diff line








@@ -6382,6 +6382,7 @@ package android.app.admin {













    method public void lockNow();















    method public void lockNow(int);















    method public void notifyPendingSystemUpdate(long);













    method public void notifyPendingSystemUpdate(long, boolean);















    method public boolean packageHasActiveAdmins(java.lang.String);















    method public void reboot(android.content.ComponentName);















    method public void removeActiveAdmin(android.content.ComponentName);










@@ -6589,8 +6590,12 @@ package android.app.admin {













  public final class SystemUpdateInfo implements android.os.Parcelable {















    method public int describeContents();















    method public long getReceivedTime();













    method public int getSecurityPatchState();















    method public void writeToParcel(android.os.Parcel, int);















    field public static final android.os.Parcelable.Creator<android.app.admin.SystemUpdateInfo> CREATOR;













    field public static final int SECURITY_PATCH_STATE_FALSE = 1; // 0x1













    field public static final int SECURITY_PATCH_STATE_TRUE = 2; // 0x2













    field public static final int SECURITY_PATCH_STATE_UNKNOWN = 0; // 0x0















  }





























  public class SystemUpdatePolicy implements android.os.Parcelable {

























api/test-current.txt



+4
−0




























Original line number
Diff line number
Diff line








@@ -6388,8 +6388,12 @@ package android.app.admin {













  public final class SystemUpdateInfo implements android.os.Parcelable {















    method public int describeContents();















    method public long getReceivedTime();













    method public int getSecurityPatchState();















    method public void writeToParcel(android.os.Parcel, int);















    field public static final android.os.Parcelable.Creator<android.app.admin.SystemUpdateInfo> CREATOR;













    field public static final int SECURITY_PATCH_STATE_FALSE = 1; // 0x1













    field public static final int SECURITY_PATCH_STATE_TRUE = 2; // 0x2













    field public static final int SECURITY_PATCH_STATE_UNKNOWN = 0; // 0x0















  }





























  public class SystemUpdatePolicy implements android.os.Parcelable {

























core/java/android/app/admin/DeviceAdminReceiver.java



+10
−3




























Original line number
Diff line number
Diff line








@@ -707,17 +707,24 @@ public class DeviceAdminReceiver extends BroadcastReceiver {













    }































    /**













     * Allows the receiver to be notified when information about a pending system update is













     * Called when the information about a pending system update is available.













     *













     * <p>Allows the receiver to be notified when information about a pending system update is















     * available from the system update service. The same pending system update can trigger multiple















     * calls to this method, so it is necessary to examine the incoming parameters for details about















     * the update.













     * <p>













     * This callback is only applicable to device owners.













     *













     * <p>This callback is only applicable to device owners and profile owners.













     *













     * <p>To get further information about a pending system update (for example, whether or not the













     * update is a security patch), the device owner or profile owner can call













     * {@link DevicePolicyManager#getPendingSystemUpdate}.















     *















     * @param context The running context as per {@link #onReceive}.















     * @param intent The received intent as per {@link #onReceive}.















     * @param receivedTime The time as given by {@link System#currentTimeMillis()} indicating when















     *        the current pending update was first available. -1 if no pending update is available.













     * @see DevicePolicyManager#getPendingSystemUpdate















     */















    public void onSystemUpdatePending(Context context, Intent intent, long receivedTime) {















    }

































core/java/android/app/admin/DevicePolicyManager.java



+41
−6




























Original line number
Diff line number
Diff line








@@ -1438,6 +1438,7 @@ public class DevicePolicyManager {













        }















        return false;















    }





























    /**















     * Return true if the given administrator component is currently being removed















     * for the user.









@@ -1454,7 +1455,6 @@ public class DevicePolicyManager {













        return false;















    }













































    /**















     * Return a list of all currently active device administrators' component















     * names.  If there are no administrators {@code null} may be










@@ -6199,12 +6199,18 @@ public class DevicePolicyManager {













    }































    /**













     * Callable by the system update service to notify device owners about pending updates.













     * Called by the system update service to notify device and profile owners of pending system













     * updates.













     *















     * The caller must hold {@link android.Manifest.permission#NOTIFY_PENDING_SYSTEM_UPDATE}













     * permission.













     * permission. This method should only be used when it is unknown whether the pending system













     * update is a security patch. Otherwise, use













     * {@link #notifyPendingSystemUpdate(long, boolean)}.















     *













     * @param updateReceivedTime The time as given by {@link System#currentTimeMillis()} indicating













     *        when the current pending update was first available. -1 if no update is available.













     * @param updateReceivedTime The time as given by {@link System#currentTimeMillis()}













     *         indicating when the current pending update was first available. {@code -1} if no













     *         update is available.













     * @see #notifyPendingSystemUpdate(long, boolean)















     * @hide















     */















    @SystemApi









@@ -6212,7 +6218,36 @@ public class DevicePolicyManager {













        throwIfParentInstance("notifyPendingSystemUpdate");















        if (mService != null) {















            try {













                mService.notifyPendingSystemUpdate(updateReceivedTime);













                mService.notifyPendingSystemUpdate(SystemUpdateInfo.of(updateReceivedTime));













            } catch (RemoteException re) {













                throw re.rethrowFromSystemServer();













            }













        }













    }



























    /**













     * Called by the system update service to notify device and profile owners of pending system













     * updates.













     *













     * The caller must hold {@link android.Manifest.permission#NOTIFY_PENDING_SYSTEM_UPDATE}













     * permission. This method should be used instead of {@link #notifyPendingSystemUpdate(long)}













     * when it is known whether the pending system update is a security patch.













     *













     * @param updateReceivedTime The time as given by {@link System#currentTimeMillis()}













     *         indicating when the current pending update was first available. {@code -1} if no













     *         update is available.













     * @param isSecurityPatch {@code true} if this system update is purely a security patch;













     *         {@code false} if not.













     * @see #notifyPendingSystemUpdate(long)













     * @hide













     */













    @SystemApi













    public void notifyPendingSystemUpdate(long updateReceivedTime, boolean isSecurityPatch) {













        throwIfParentInstance("notifyPendingSystemUpdate");













        if (mService != null) {













            try {













                mService.notifyPendingSystemUpdate(SystemUpdateInfo.of(updateReceivedTime,













                        isSecurityPatch));















            } catch (RemoteException re) {















                throw re.rethrowFromSystemServer();















            }