Merge "Reaaply policies on reboot" into udc-dev (dfc317e1) · Commits · e / os / android_frameworks_base

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java

+31 −2

Original line number	Diff line number	Diff line
		@@ -1017,8 +1017,12 @@ final class DevicePolicyEngine {
		int userId = user.id;
		// Apply local policies present on parent to newly created child profile.
		UserInfo parentInfo = mUserManager.getProfileParent(userId);
		if (parentInfo == null \|\| parentInfo.getUserHandle().getIdentifier() == userId) return;

		if (parentInfo == null \|\| parentInfo.getUserHandle().getIdentifier() == userId) {
		return;
		}
		if (!mLocalPolicies.contains(parentInfo.getUserHandle().getIdentifier())) {
		return;
		}
		for (Map.Entry<PolicyKey, PolicyState<?>> entry : mLocalPolicies.get(
		parentInfo.getUserHandle().getIdentifier()).entrySet()) {
		enforcePolicyOnUser(userId, entry.getValue());
		@@ -1242,6 +1246,31 @@ final class DevicePolicyEngine {
		synchronized (mLock) {
		clear();
		new DevicePoliciesReaderWriter().readFromFileLocked();
		reapplyAllPolicies();
		}
		}

		private <V> void reapplyAllPolicies() {
		for (PolicyKey policy : mGlobalPolicies.keySet()) {
		PolicyState<?> policyState = mGlobalPolicies.get(policy);
		// Policy definition and value will always be of the same type
		PolicyDefinition<V> policyDefinition =
		(PolicyDefinition<V>) policyState.getPolicyDefinition();
		PolicyValue<V> policyValue = (PolicyValue<V>) policyState.getCurrentResolvedPolicy();
		enforcePolicy(policyDefinition, policyValue, UserHandle.USER_ALL);
		}
		for (int i = 0; i < mLocalPolicies.size(); i++) {
		int userId = mLocalPolicies.keyAt(i);
		for (PolicyKey policy : mLocalPolicies.get(userId).keySet()) {
		PolicyState<?> policyState = mLocalPolicies.get(userId).get(policy);
		// Policy definition and value will always be of the same type
		PolicyDefinition<V> policyDefinition =
		(PolicyDefinition<V>) policyState.getPolicyDefinition();
		PolicyValue<V> policyValue =
		(PolicyValue<V>) policyState.getCurrentResolvedPolicy();
		enforcePolicy(policyDefinition, policyValue, userId);

		}
		}
		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+13 −8

Original line number	Diff line number	Diff line
		@@ -2131,7 +2131,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		mUserManagerInternal.addUserLifecycleListener(new UserLifecycleListener());

		mDeviceManagementResourcesProvider.load();
		if (isPermissionCheckFlagEnabled()) {
		if (isPermissionCheckFlagEnabled() \|\| isPolicyEngineForFinanceFlagEnabled()) {
		mDevicePolicyEngine.load();
		}

		@@ -3280,8 +3280,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

		policy.validatePasswordOwner();
		updateMaximumTimeToLockLocked(userHandle);
		if (!isPolicyEngineForFinanceFlagEnabled()) {
		updateLockTaskPackagesLocked(mContext, policy.mLockTaskPackages, userHandle);
		updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle);
		}
		if (policy.mStatusBarDisabled) {
		setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle);
		}
		@@ -3593,7 +3595,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}

		startOwnerService(userId, "start-user");
		if (isPermissionCheckFlagEnabled()) {
		if (isPermissionCheckFlagEnabled() \|\| isPolicyEngineForFinanceFlagEnabled()) {
		mDevicePolicyEngine.handleStartUser(userId);
		}
		}
		@@ -3620,7 +3622,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

		void handleUnlockUser(int userId) {
		startOwnerService(userId, "unlock-user");
		if (isPermissionCheckFlagEnabled()) {
		if (isPermissionCheckFlagEnabled() \|\| isPolicyEngineForFinanceFlagEnabled()) {
		mDevicePolicyEngine.handleUnlockUser(userId);
		}
		}
		@@ -3632,7 +3634,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		void handleStopUser(int userId) {
		updateNetworkPreferenceForUser(userId, List.of(PreferentialNetworkServiceConfig.DEFAULT));
		mDeviceAdminServiceController.stopServicesForUser(userId, /* actionForLog= */ "stop-user");
		if (isPermissionCheckFlagEnabled()) {
		if (isPermissionCheckFlagEnabled() \|\| isPolicyEngineForFinanceFlagEnabled()) {
		mDevicePolicyEngine.handleStopUser(userId);
		}
		}
		@@ -10247,7 +10249,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		policy.mUserProvisioningState = DevicePolicyManager.STATE_USER_UNMANAGED;
		policy.mAffiliationIds.clear();
		policy.mLockTaskPackages.clear();
		if (!isPolicyEngineForFinanceFlagEnabled()) {
		updateLockTaskPackagesLocked(mContext, policy.mLockTaskPackages, userId);
		}
		policy.mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE;
		saveSettingsLocked(userId);

		@@ -11037,7 +11041,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return false;
		}

		if (!isPermissionCheckFlagEnabled()) {
		if (!isPermissionCheckFlagEnabled() && !isPolicyEngineForFinanceFlagEnabled()) {
		// TODO: Figure out if something like this needs to be restored for policy engine
		final ComponentName profileOwner = getProfileOwnerAsUser(userId);
		if (profileOwner == null) {
		@@ -14918,6 +14922,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}

		final List<String> lockTaskPackages = getUserData(userId).mLockTaskPackages;
		// TODO(b/278438525): handle in the policy engine
		if (!lockTaskPackages.isEmpty()) {
		Slogf.d(LOG_TAG,
		"User id " + userId + " not affiliated. Clearing lock task packages");