Merge cherrypicks of ['googleplex-android-review.googlesource.com/24112149',... (f10085bf) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/accounts/AccountManagerService.java

+10 −0

Original line number	Diff line number	Diff line
		@@ -189,6 +189,7 @@ public class AccountManagerService

		final MessageHandler mHandler;

		private static final int TIMEOUT_DELAY_MS = 1000 * 60 * 15;
		// Messages that can be sent on mHandler
		private static final int MESSAGE_TIMED_OUT = 3;
		private static final int MESSAGE_COPY_SHARED_ACCOUNT = 4;
		@@ -4903,6 +4904,7 @@ public class AccountManagerService
		synchronized (mSessions) {
		mSessions.put(toString(), this);
		}
		scheduleTimeout();
		if (response != null) {
		try {
		response.asBinder().linkToDeath(this, 0 /* flags */);
		@@ -5070,6 +5072,11 @@ public class AccountManagerService
		}
		}

		private void scheduleTimeout() {
		mHandler.sendMessageDelayed(
		mHandler.obtainMessage(MESSAGE_TIMED_OUT, this), TIMEOUT_DELAY_MS);
		}

		public void cancelTimeout() {
		mHandler.removeMessages(MESSAGE_TIMED_OUT, this);
		}
		@@ -5107,6 +5114,9 @@ public class AccountManagerService

		public void onTimedOut() {
		IAccountManagerResponse response = getResponseAndClose();
		if (Log.isLoggable(TAG, Log.VERBOSE)) {
		Log.v(TAG, "Session.onTimedOut");
		}
		if (response != null) {
		try {
		response.onError(AccountManager.ERROR_CODE_REMOTE_EXCEPTION,

services/core/java/com/android/server/pm/InstallPackageHelper.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -668,6 +668,9 @@ final class InstallPackageHelper {
		if (pkgSetting == null \|\| pkgSetting.getPkg() == null) {
		return Pair.create(PackageManager.INSTALL_FAILED_INVALID_URI, intentSender);
		}
		if (instantApp && (pkgSetting.isSystem() \|\| pkgSetting.isUpdatedSystemApp())) {
		return Pair.create(PackageManager.INSTALL_FAILED_INVALID_URI, intentSender);
		}
		if (!snapshot.canViewInstantApps(callingUid, UserHandle.getUserId(callingUid))) {
		// only allow the existing package to be used if it's installed as a full
		// application for at least one user

services/core/java/com/android/server/pm/PackageInstallerService.java

+24 −5

Original line number	Diff line number	Diff line
		@@ -55,6 +55,7 @@ import android.content.pm.PackageItemInfo;
		import android.content.pm.PackageManager;
		import android.content.pm.ParceledListSlice;
		import android.content.pm.VersionedPackage;
		import android.content.pm.parsing.FrameworkParsingPackageUtils;
		import android.graphics.Bitmap;
		import android.net.Uri;
		import android.os.Binder;
		@@ -665,17 +666,22 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements

		// App package name and label length is restricted so that really long strings aren't
		// written to disk.
		if (params.appPackageName != null
		&& params.appPackageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) {
		if (params.appPackageName != null && !isValidPackageName(params.appPackageName)) {
		params.appPackageName = null;
		}

		params.appLabel = TextUtils.trimToSize(params.appLabel,
		PackageItemInfo.MAX_SAFE_LABEL_LENGTH);

		String requestedInstallerPackageName = (params.installerPackageName != null
		&& params.installerPackageName.length() < SessionParams.MAX_PACKAGE_NAME_LENGTH)
		? params.installerPackageName : installerPackageName;
		// Validate installer package name.
		if (params.installerPackageName != null && !isValidPackageName(
		params.installerPackageName)) {
		params.installerPackageName = null;
		}

		var requestedInstallerPackageName =
		params.installerPackageName != null ? params.installerPackageName
		: installerPackageName;

		if (PackageManagerServiceUtils.isRootOrShell(callingUid)
		\|\| PackageInstallerSession.isSystemDataLoaderInstallation(params)
		@@ -1085,6 +1091,19 @@ public class PackageInstallerService extends IPackageInstaller.Stub implements
		return Integer.parseInt(sessionId);
		}

		private static boolean isValidPackageName(@NonNull String packageName) {
		if (packageName.length() > SessionParams.MAX_PACKAGE_NAME_LENGTH) {
		return false;
		}
		// "android" is a valid package name
		var errorMessage = FrameworkParsingPackageUtils.validateName(
		packageName, /* requireSeparator= / false, / requireFilename */ true);
		if (errorMessage != null) {
		return false;
		}
		return true;
		}

		private File getTmpSessionDir(String volumeUuid) {
		return Environment.getDataAppDirectory(volumeUuid);
		}

services/core/java/com/android/server/pm/UserManagerService.java

+21 −9

Original line number	Diff line number	Diff line
		@@ -2667,7 +2667,8 @@ public class UserManagerService extends IUserManager.Stub {
		}
		}

		private void setUserRestrictionInner(int userId, @NonNull String key, boolean value) {
		@VisibleForTesting
		void setUserRestrictionInner(int userId, @NonNull String key, boolean value) {
		if (!UserRestrictionsUtils.isValidRestriction(key)) {
		Slog.e(LOG_TAG, "Setting invalid restriction " + key);
		return;
		@@ -3704,7 +3705,8 @@ public class UserManagerService extends IUserManager.Stub {
		if (type == XmlPullParser.START_TAG) {
		final String name = parser.getName();
		if (name.equals(TAG_USER)) {
		UserData userData = readUserLP(parser.getAttributeInt(null, ATTR_ID));
		UserData userData = readUserLP(parser.getAttributeInt(null, ATTR_ID),
		mUserVersion);

		if (userData != null) {
		synchronized (mUsersLock) {
		@@ -4277,11 +4279,11 @@ public class UserManagerService extends IUserManager.Stub {

		UserRestrictionsUtils.writeRestrictions(serializer,
		mDevicePolicyUserRestrictions.getRestrictions(UserHandle.USER_ALL),
		TAG_DEVICE_POLICY_RESTRICTIONS);
		TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS);

		UserRestrictionsUtils.writeRestrictions(serializer,
		mDevicePolicyUserRestrictions.getRestrictions(userInfo.id),
		TAG_DEVICE_POLICY_RESTRICTIONS);
		TAG_DEVICE_POLICY_LOCAL_RESTRICTIONS);
		}

		if (userData.account != null) {
		@@ -4385,7 +4387,7 @@ public class UserManagerService extends IUserManager.Stub {
		}

		@GuardedBy({"mPackagesLock"})
		private UserData readUserLP(int id) {
		private UserData readUserLP(int id, int userVersion) {
		try (ResilientAtomicFile file = getUserFile(id)) {
		FileInputStream fis = null;
		try {
		@@ -4394,19 +4396,19 @@ public class UserManagerService extends IUserManager.Stub {
		Slog.e(LOG_TAG, "User info not found, returning null, user id: " + id);
		return null;
		}
		return readUserLP(id, fis);
		return readUserLP(id, fis, userVersion);
		} catch (Exception e) {
		// Remove corrupted file and retry.
		Slog.e(LOG_TAG, "Error reading user info, user id: " + id);
		file.failRead(fis, e);
		return readUserLP(id);
		return readUserLP(id, userVersion);
		}
		}
		}

		@GuardedBy({"mPackagesLock"})
		@VisibleForTesting
		UserData readUserLP(int id, InputStream is) throws IOException,
		UserData readUserLP(int id, InputStream is, int userVersion) throws IOException,
		XmlPullParserException {
		int flags = 0;
		String userType = null;
		@@ -4499,7 +4501,17 @@ public class UserManagerService extends IUserManager.Stub {
		} else if (TAG_DEVICE_POLICY_RESTRICTIONS.equals(tag)) {
		legacyLocalRestrictions = UserRestrictionsUtils.readRestrictions(parser);
		} else if (TAG_DEVICE_POLICY_LOCAL_RESTRICTIONS.equals(tag)) {
		if (userVersion < 10) {
		// Prior to version 10, the local user restrictions were stored as sub tags
		// grouped by the user id of the source user. The source is no longer stored
		// on versions 10+ as this is now stored in the DevicePolicyEngine.
		RestrictionsSet oldLocalRestrictions =
		RestrictionsSet.readRestrictions(
		parser, TAG_DEVICE_POLICY_LOCAL_RESTRICTIONS);
		localRestrictions = oldLocalRestrictions.mergeAll();
		} else {
		localRestrictions = UserRestrictionsUtils.readRestrictions(parser);
		}
		} else if (TAG_DEVICE_POLICY_GLOBAL_RESTRICTIONS.equals(tag)) {
		globalRestrictions = UserRestrictionsUtils.readRestrictions(parser);
		} else if (TAG_ACCOUNT.equals(tag)) {

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java

+66 −0

Original line number	Diff line number	Diff line
		@@ -30,6 +30,7 @@ import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.app.AppGlobals;
		import android.app.BroadcastOptions;
		import android.app.admin.BooleanPolicyValue;
		import android.app.admin.DevicePolicyIdentifiers;
		import android.app.admin.DevicePolicyManager;
		import android.app.admin.DevicePolicyState;
		@@ -133,6 +134,67 @@ final class DevicePolicyEngine {
		mEnforcingAdmins = new SparseArray<>();
		}

		private void maybeForceEnforcementRefreshLocked(@NonNull PolicyDefinition<?> policyDefinition) {
		try {
		if (shouldForceEnforcementRefresh(policyDefinition)) {
		// This is okay because it's only true for user restrictions which are all <Boolean>
		forceEnforcementRefreshLocked((PolicyDefinition<Boolean>) policyDefinition);
		}
		} catch (Throwable e) {
		// Catch any possible exceptions just to be on the safe side
		Log.e(TAG, "Exception throw during maybeForceEnforcementRefreshLocked", e);
		}
		}

		private boolean shouldForceEnforcementRefresh(@NonNull PolicyDefinition<?> policyDefinition) {
		// These are all "not nullable" but for the purposes of maximum safety for a lightly tested
		// change we check here
		if (policyDefinition == null) {
		return false;
		}
		PolicyKey policyKey = policyDefinition.getPolicyKey();
		if (policyKey == null) {
		return false;
		}

		if (policyKey instanceof UserRestrictionPolicyKey) {
		// b/307481299 We must force all user restrictions to re-sync local
		// + global on each set/clear
		return true;
		}

		return false;
		}

		private void forceEnforcementRefreshLocked(PolicyDefinition<Boolean> policyDefinition) {
		Binder.withCleanCallingIdentity(() -> {
		// Sync global state
		PolicyValue<Boolean> globalValue = new BooleanPolicyValue(false);
		try {
		PolicyState<Boolean> policyState = getGlobalPolicyStateLocked(policyDefinition);
		globalValue = policyState.getCurrentResolvedPolicy();
		} catch (IllegalArgumentException e) {
		// Expected for local-only policies
		}

		enforcePolicy(policyDefinition, globalValue, UserHandle.USER_ALL);

		// Loop through each user and sync that user's state
		for (UserInfo user : mUserManager.getUsers()) {
		PolicyValue<Boolean> localValue = new BooleanPolicyValue(false);
		try {
		PolicyState<Boolean> localPolicyState = getLocalPolicyStateLocked(
		policyDefinition, user.id);
		localValue = localPolicyState.getCurrentResolvedPolicy();
		} catch (IllegalArgumentException e) {
		// Expected for global-only policies
		}

		enforcePolicy(policyDefinition, localValue, user.id);
		}
		});
		}

		/**
		* Set the policy for the provided {@code policyDefinition} (see {@link PolicyDefinition}) and
		* {@code enforcingAdmin} to the provided {@code value}.
		@@ -174,6 +236,7 @@ final class DevicePolicyEngine {
		// No need to notify admins as no new policy is actually enforced, we're just filling in
		// the data structures.
		if (!skipEnforcePolicy) {
		maybeForceEnforcementRefreshLocked(policyDefinition);
		if (policyChanged) {
		onLocalPolicyChangedLocked(policyDefinition, enforcingAdmin, userId);
		}
		@@ -262,6 +325,7 @@ final class DevicePolicyEngine {
		Objects.requireNonNull(enforcingAdmin);

		synchronized (mLock) {
		maybeForceEnforcementRefreshLocked(policyDefinition);
		if (!hasLocalPolicyLocked(policyDefinition, userId)) {
		return;
		}
		@@ -425,6 +489,7 @@ final class DevicePolicyEngine {
		// No need to notify admins as no new policy is actually enforced, we're just filling in
		// the data structures.
		if (!skipEnforcePolicy) {
		maybeForceEnforcementRefreshLocked(policyDefinition);
		if (policyChanged) {
		onGlobalPolicyChangedLocked(policyDefinition, enforcingAdmin);
		}
		@@ -474,6 +539,7 @@ final class DevicePolicyEngine {
		PolicyState<V> policyState = getGlobalPolicyStateLocked(policyDefinition);
		boolean policyChanged = policyState.removePolicy(enforcingAdmin);

		maybeForceEnforcementRefreshLocked(policyDefinition);
		if (policyChanged) {
		onGlobalPolicyChangedLocked(policyDefinition, enforcingAdmin);
		}