Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f6d67a27 authored by Joao Victor Mendes Freire's avatar Joao Victor Mendes Freire
Browse files

Add new supervision role packages to ProtectedPackages. 

This commit updates the ProtectedPackages class to also protect
ROLE_SUPERVISION holders from being hidden/disabled/etc.
The previous version only included ROLE_SYSTEM_SUPERVISION holders.

Flag: android.content.pm.protect_supervision_packages
Bug: 408407211
Test: atest FrameworksMockingServicesTests:com.android.server.pm.ProtectedPackagesMockedTest
Change-Id: I04ccc1cbe1201a7b2c0aee2840164dd7b1b4c596
parent c1d8f170

services/core/java/com/android/server/pm/ProtectedPackages.java

+6 −2
Original line number Diff line number Diff line
@@ -197,10 +197,14 @@ public class ProtectedPackages { 
        }

        return Binder.withCleanCallingIdentity(

                () -> {

                    List<String> roleHolders =

                    List<String> systemSupervisionHolders =

                            roleManager.getRoleHoldersAsUser(

                                    RoleManager.ROLE_SYSTEM_SUPERVISION, UserHandle.of(userId));

                    return roleHolders.contains(packageName);

                    List<String> supervisionHolders =

                            roleManager.getRoleHoldersAsUser(

                                    RoleManager.ROLE_SUPERVISION, UserHandle.of(userId));

                    return systemSupervisionHolders.contains(packageName)

                            || supervisionHolders.contains(packageName);

                });

    }

}

services/tests/mockingservicestests/src/com/android/server/pm/ProtectedPackagesMockedTest.kt

+16 −0
Original line number Diff line number Diff line
@@ -56,12 +56,27 @@ open class ProtectedPackagesMockedTest { 
        MockitoAnnotations.openMocks(this)

        rule.system().stageNominalSystemState()

        whenever(roleManager.getRoleHoldersAsUser(eq(RoleManager.ROLE_SYSTEM_SUPERVISION), any()))

            .thenReturn(listOf(SYSTEM_SUPERVISION_PKG))

        whenever(roleManager.getRoleHoldersAsUser(eq(RoleManager.ROLE_SUPERVISION), any()))

            .thenReturn(listOf(SUPERVISION_PKG))

        whenever(rule.mocks().context.getSystemService(RoleManager::class.java))

            .thenReturn(roleManager)

        protectedPackages = ProtectedPackages(rule.mocks().context)

    }



    @Test

    @Throws(Exception::class)

    @EnableFlags(Flags.FLAG_PROTECT_SUPERVISION_PACKAGES)

    fun testIsPackageProtected_systemSupevisionPackage_flagEnabled_returnsTrue() {

        val stateProtected =

            protectedPackages.isPackageStateProtected(TEST_USER_ID, SYSTEM_SUPERVISION_PKG)

        val dataProtected =

            protectedPackages.isPackageDataProtected(TEST_USER_ID, SYSTEM_SUPERVISION_PKG)



        assertThat(stateProtected).isTrue()

        assertThat(dataProtected).isTrue()

    }



    @Test

    @Throws(Exception::class)

    @EnableFlags(Flags.FLAG_PROTECT_SUPERVISION_PACKAGES)
@@ -113,6 +128,7 @@ open class ProtectedPackagesMockedTest { 
    }



    private companion object {

        const val SYSTEM_SUPERVISION_PKG = "com.android.system.supervision"

        const val SUPERVISION_PKG = "com.android.supervision"

        const val TEST_PKG = "com.android.stub"

        const val TEST_USER_ID = 0