Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +58 −45 Original line number Diff line number Diff line Loading @@ -24335,10 +24335,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { Slogf.i(LOG_TAG, "Started device policies migration to the device policy engine."); // TODO(b/359188869): Move this to the current migration method. if (Flags.setPermissionGrantStateCoexistence()) { migratePermissionGrantStatePolicies(); } migratePermittedInputMethodsPolicyLocked(); migrateAccountManagementDisabledPolicyLocked(); migrateUserControlDisabledPackagesLocked(); Loading Loading @@ -24382,6 +24378,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Slogf.i(LOG_TAG, "Backup made: " + memoryTaggingBackupId); } String permissionBackupId = "37.1.permission-support"; boolean permissionMigrated = maybeMigratePermissionGrantStatePoliciesLocked(permissionBackupId); if (permissionMigrated) { Slogf.i(LOG_TAG, "Backup made: " + permissionBackupId); } // Additional migration steps should repeat the pattern above with a new backupId. } Loading Loading @@ -24417,16 +24420,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return true; } private void migratePermissionGrantStatePolicies() { private boolean maybeMigratePermissionGrantStatePoliciesLocked(String backupId) { Slogf.i(LOG_TAG, "Migrating PERMISSION_GRANT policy to device policy engine."); for (UserInfo userInfo : mUserManager.getUsers()) { ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userInfo.id); if (admin == null) { Slogf.i(LOG_TAG, "No admin found that can set permission grant state on user " + userInfo.id); continue; if (!Flags.setPermissionGrantStateCoexistence() || !Flags.dpeBasedOnAsyncApisEnabled()) { return false; } if (mOwners.isPermissionGrantStateMigrated()) { return false; } for (PackageInfo packageInfo : getInstalledPackagesOnUser(userInfo.id)) { // Create backup if none exists mDevicePolicyEngine.createBackup(backupId); try { iterateThroughDpcAdminsLocked((admin, enforcingAdmin) -> { int userId = enforcingAdmin.getUserId(); for (PackageInfo packageInfo : getInstalledPackagesOnUser(userId)) { if (packageInfo.requestedPermissions == null) { continue; } Loading @@ -24439,10 +24447,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { grantState = getPermissionGrantStateForUser( packageInfo.packageName, permission, new CallerIdentity( mInjector.binderGetCallingUid(), admin.getUid(), admin.info.getComponent().getPackageName(), admin.info.getComponent()), userInfo.id); userId); } catch (RemoteException e) { Slogf.e(LOG_TAG, e, "Error retrieving permission grant state for %s " + "and %s", packageInfo.packageName, permission); Loading @@ -24452,18 +24460,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { continue; } mDevicePolicyEngine.setLocalPolicy( var unused = mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageInfo.packageName, permission), EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), admin.getUserHandle().getIdentifier()), enforcingAdmin, new IntegerPolicyValue(grantState), userInfo.id, userId, /* skipEnforcePolicy= */ true); } } }); } catch (Exception e) { Slog.wtf(LOG_TAG, "Failed to migrate Permission Grant State to policy engine", e); } Slog.i(LOG_TAG, "Marking Permission Grant State migration complete"); mOwners.markPermissionGrantStateMigrated(); return true; } private void migrateScreenCapturePolicyLocked() { services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +13 −0 Original line number Diff line number Diff line Loading @@ -650,6 +650,19 @@ class Owners { } } void markPermissionGrantStateMigrated() { synchronized (mData) { mData.mPermissionGrantStateMigrated = true; mData.writeDeviceOwner(); } } boolean isPermissionGrantStateMigrated() { synchronized (mData) { return mData.mPermissionGrantStateMigrated; } } void markSetKeyguardDisabledFeaturesMigrated() { synchronized (mData) { mData.mSetKeyguardDisabledFeaturesMigrated = true; Loading services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java +12 −0 Original line number Diff line number Diff line Loading @@ -97,6 +97,8 @@ class OwnersData { "memoryTaggingMigrated"; private static final String ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED = "setKeyguardDisabledFeaturesMigrated"; private static final String ATTR_PERMISSION_GRANT_STATE_MIGRATED = "permissionGrantStateMigrated"; private static final String ATTR_MIGRATED_POST_UPGRADE = "migratedPostUpgrade"; Loading Loading @@ -132,6 +134,7 @@ class OwnersData { boolean mResetPasswordWithTokenMigrated = false; boolean mMemoryTaggingMigrated = false; boolean mSetKeyguardDisabledFeaturesMigrated = false; boolean mPermissionGrantStateMigrated = false; boolean mPoliciesMigratedPostUpdate = false; Loading Loading @@ -439,6 +442,10 @@ class OwnersData { out.attributeBoolean(null, ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED, mSetKeyguardDisabledFeaturesMigrated); } if (Flags.setPermissionGrantStateCoexistence() && Flags.dpeBasedOnAsyncApisEnabled()) { out.attributeBoolean(null, ATTR_PERMISSION_GRANT_STATE_MIGRATED, mPermissionGrantStateMigrated); } out.endTag(null, TAG_POLICY_ENGINE_MIGRATION); } Loading Loading @@ -518,6 +525,11 @@ class OwnersData { Flags.setKeyguardDisabledFeaturesCoexistence() && parser.getAttributeBoolean(null, ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED, false); mPermissionGrantStateMigrated = Flags.setPermissionGrantStateCoexistence() && Flags.dpeBasedOnAsyncApisEnabled() && parser.getAttributeBoolean(null, ATTR_PERMISSION_GRANT_STATE_MIGRATED, false); break; default: Slog.e(TAG, "Unexpected tag: " + tag); Loading Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +58 −45 Original line number Diff line number Diff line Loading @@ -24335,10 +24335,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { synchronized (getLockObject()) { Slogf.i(LOG_TAG, "Started device policies migration to the device policy engine."); // TODO(b/359188869): Move this to the current migration method. if (Flags.setPermissionGrantStateCoexistence()) { migratePermissionGrantStatePolicies(); } migratePermittedInputMethodsPolicyLocked(); migrateAccountManagementDisabledPolicyLocked(); migrateUserControlDisabledPackagesLocked(); Loading Loading @@ -24382,6 +24378,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Slogf.i(LOG_TAG, "Backup made: " + memoryTaggingBackupId); } String permissionBackupId = "37.1.permission-support"; boolean permissionMigrated = maybeMigratePermissionGrantStatePoliciesLocked(permissionBackupId); if (permissionMigrated) { Slogf.i(LOG_TAG, "Backup made: " + permissionBackupId); } // Additional migration steps should repeat the pattern above with a new backupId. } Loading Loading @@ -24417,16 +24420,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return true; } private void migratePermissionGrantStatePolicies() { private boolean maybeMigratePermissionGrantStatePoliciesLocked(String backupId) { Slogf.i(LOG_TAG, "Migrating PERMISSION_GRANT policy to device policy engine."); for (UserInfo userInfo : mUserManager.getUsers()) { ActiveAdmin admin = getMostProbableDPCAdminForLocalPolicy(userInfo.id); if (admin == null) { Slogf.i(LOG_TAG, "No admin found that can set permission grant state on user " + userInfo.id); continue; if (!Flags.setPermissionGrantStateCoexistence() || !Flags.dpeBasedOnAsyncApisEnabled()) { return false; } if (mOwners.isPermissionGrantStateMigrated()) { return false; } for (PackageInfo packageInfo : getInstalledPackagesOnUser(userInfo.id)) { // Create backup if none exists mDevicePolicyEngine.createBackup(backupId); try { iterateThroughDpcAdminsLocked((admin, enforcingAdmin) -> { int userId = enforcingAdmin.getUserId(); for (PackageInfo packageInfo : getInstalledPackagesOnUser(userId)) { if (packageInfo.requestedPermissions == null) { continue; } Loading @@ -24439,10 +24447,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { grantState = getPermissionGrantStateForUser( packageInfo.packageName, permission, new CallerIdentity( mInjector.binderGetCallingUid(), admin.getUid(), admin.info.getComponent().getPackageName(), admin.info.getComponent()), userInfo.id); userId); } catch (RemoteException e) { Slogf.e(LOG_TAG, e, "Error retrieving permission grant state for %s " + "and %s", packageInfo.packageName, permission); Loading @@ -24452,18 +24460,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { continue; } mDevicePolicyEngine.setLocalPolicy( var unused = mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.PERMISSION_GRANT(packageInfo.packageName, permission), EnforcingAdmin.createEnterpriseEnforcingAdmin( admin.info.getComponent(), admin.getUserHandle().getIdentifier()), enforcingAdmin, new IntegerPolicyValue(grantState), userInfo.id, userId, /* skipEnforcePolicy= */ true); } } }); } catch (Exception e) { Slog.wtf(LOG_TAG, "Failed to migrate Permission Grant State to policy engine", e); } Slog.i(LOG_TAG, "Marking Permission Grant State migration complete"); mOwners.markPermissionGrantStateMigrated(); return true; } private void migrateScreenCapturePolicyLocked() {
services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +13 −0 Original line number Diff line number Diff line Loading @@ -650,6 +650,19 @@ class Owners { } } void markPermissionGrantStateMigrated() { synchronized (mData) { mData.mPermissionGrantStateMigrated = true; mData.writeDeviceOwner(); } } boolean isPermissionGrantStateMigrated() { synchronized (mData) { return mData.mPermissionGrantStateMigrated; } } void markSetKeyguardDisabledFeaturesMigrated() { synchronized (mData) { mData.mSetKeyguardDisabledFeaturesMigrated = true; Loading
services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java +12 −0 Original line number Diff line number Diff line Loading @@ -97,6 +97,8 @@ class OwnersData { "memoryTaggingMigrated"; private static final String ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED = "setKeyguardDisabledFeaturesMigrated"; private static final String ATTR_PERMISSION_GRANT_STATE_MIGRATED = "permissionGrantStateMigrated"; private static final String ATTR_MIGRATED_POST_UPGRADE = "migratedPostUpgrade"; Loading Loading @@ -132,6 +134,7 @@ class OwnersData { boolean mResetPasswordWithTokenMigrated = false; boolean mMemoryTaggingMigrated = false; boolean mSetKeyguardDisabledFeaturesMigrated = false; boolean mPermissionGrantStateMigrated = false; boolean mPoliciesMigratedPostUpdate = false; Loading Loading @@ -439,6 +442,10 @@ class OwnersData { out.attributeBoolean(null, ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED, mSetKeyguardDisabledFeaturesMigrated); } if (Flags.setPermissionGrantStateCoexistence() && Flags.dpeBasedOnAsyncApisEnabled()) { out.attributeBoolean(null, ATTR_PERMISSION_GRANT_STATE_MIGRATED, mPermissionGrantStateMigrated); } out.endTag(null, TAG_POLICY_ENGINE_MIGRATION); } Loading Loading @@ -518,6 +525,11 @@ class OwnersData { Flags.setKeyguardDisabledFeaturesCoexistence() && parser.getAttributeBoolean(null, ATTR_SET_KEYGUARD_DISABLED_FEATURES_MIGRATED, false); mPermissionGrantStateMigrated = Flags.setPermissionGrantStateCoexistence() && Flags.dpeBasedOnAsyncApisEnabled() && parser.getAttributeBoolean(null, ATTR_PERMISSION_GRANT_STATE_MIGRATED, false); break; default: Slog.e(TAG, "Unexpected tag: " + tag); Loading
