Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fe8a834a authored by Kholoud Mohamed's avatar Kholoud Mohamed
Browse files

Migrate personal apps suspension to policy engine 

Bug: 273494642
Bug: 251401809
Test: atest OrgOwnedProfileOwnerTest
Test: btest android.devicepolicy.cts.DeviceManagementCoexistenceTest
Change-Id: I75f49a6046f1dd8e329f54abb8d872ab001f9f4a
parent 3b2c9426

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+29 −12
Original line number Diff line number Diff line
@@ -3435,7 +3435,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
            // Given that the parent user has just started, profile should be locked.

            updatePersonalAppsSuspension(profileUserHandle, false /* unlocked */);

        } else {

            suspendPersonalAppsInternal(userHandle, false);

            suspendPersonalAppsInternal(userHandle, profileUserHandle, false);

        }

    }










@@ -7714,7 +7714,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        }





























        // Unsuspend personal apps if needed.













        suspendPersonalAppsInternal(parentId, false);













        suspendPersonalAppsInternal(parentId, getManagedUserId(parentId), false);





























        // Notify FRP agent, LSS and WindowManager to ensure they don't hold on to stale policies.















        final int frpAgentUid = getFrpManagementAgentUid();










@@ -20845,7 +20845,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        }





























        final int parentUserId = getProfileParentId(profileUserId);













        suspendPersonalAppsInternal(parentUserId, shouldSuspend);













        suspendPersonalAppsInternal(parentUserId, profileUserId, shouldSuspend);















        return shouldSuspend;















    }
























@@ -20929,23 +20929,40 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        return notificationState;















    }



























    private void suspendPersonalAppsInternal(int userId, boolean suspended) {













        if (getUserData(userId).mAppsSuspended == suspended) {













    private void suspendPersonalAppsInternal(













            int parentUserId, int profileUserId, boolean suspended) {













        if (getUserData(parentUserId).mAppsSuspended == suspended) {















            return;















        }















        Slogf.i(LOG_TAG, "%s personal apps for user %d", suspended ? "Suspending" : "Unsuspending",













                userId);













                parentUserId);



























        if (isPolicyEngineForFinanceFlagEnabled()) {













            // TODO(b/280602237): migrate properly













            ActiveAdmin profileOwner = getProfileOwnerAdminLocked(profileUserId);













            if (profileOwner != null) {













                EnforcingAdmin admin = EnforcingAdmin.createEnterpriseEnforcingAdmin(













                        profileOwner.info.getComponent(),













                        profileUserId,













                        profileOwner);













                mDevicePolicyEngine.setLocalPolicy(













                        PolicyDefinition.PERSONAL_APPS_SUSPENDED,













                        admin,













                        new BooleanPolicyValue(suspended),













                        parentUserId);













            }













        } else {















            if (suspended) {













            suspendPersonalAppsInPackageManager(userId);













                suspendPersonalAppsInPackageManager(parentUserId);















            } else {















                mInjector.getPackageManagerInternal().unsuspendForSuspendingPackage(













                    PLATFORM_PACKAGE_NAME, userId);













                        PLATFORM_PACKAGE_NAME, parentUserId);













            }















        }





























        synchronized (getLockObject()) {













            getUserData(userId).mAppsSuspended = suspended;













            saveSettingsLocked(userId);













            getUserData(parentUserId).mAppsSuspended = suspended;













            saveSettingsLocked(parentUserId);















        }















    }







































services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java



+10
−0




























Original line number
Diff line number
Diff line








@@ -323,6 +323,14 @@ final class PolicyDefinition<V> {













            PolicyEnforcerCallbacks::setScreenCaptureDisabled,















            new BooleanPolicySerializer());





























    static PolicyDefinition<Boolean> PERSONAL_APPS_SUSPENDED = new PolicyDefinition<>(













            new NoArgsPolicyKey(DevicePolicyIdentifiers.PERSONAL_APPS_SUSPENDED_POLICY),













            new MostRecent<>(),













            POLICY_FLAG_LOCAL_ONLY_POLICY,













            PolicyEnforcerCallbacks::setPersonalAppsSuspended,













            new BooleanPolicySerializer());











































    private static final Map<String, PolicyDefinition<?>> POLICY_DEFINITIONS = new HashMap<>();















    private static Map<String, Integer> USER_RESTRICTION_FLAGS = new HashMap<>();


























@@ -352,6 +360,8 @@ final class PolicyDefinition<V> {













                PERMITTED_INPUT_METHODS);















        POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.SCREEN_CAPTURE_DISABLED_POLICY,















                SCREEN_CAPTURE_DISABLED);













        POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.PERSONAL_APPS_SUSPENDED_POLICY,













                PERSONAL_APPS_SUSPENDED);































        // User Restriction Policies















        USER_RESTRICTION_FLAGS.put(UserManager.DISALLOW_MODIFY_ACCOUNTS, /* flags= */ 0);

































services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java



+27
−0




























Original line number
Diff line number
Diff line








@@ -16,6 +16,8 @@





























package com.android.server.devicepolicy;





























import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME;





























import android.annotation.NonNull;















import android.annotation.Nullable;















import android.app.AppGlobals;










@@ -46,6 +48,7 @@ import android.util.Slog;













import android.view.IWindowManager;































import com.android.internal.os.BackgroundThread;













import com.android.internal.util.ArrayUtils;















import com.android.server.LocalServices;















import com.android.server.pm.UserManagerInternal;















import com.android.server.utils.Slogf;










@@ -275,4 +278,28 @@ final class PolicyEnforcerCallbacks {













            }















        });















    }



























    static boolean setPersonalAppsSuspended(













            @Nullable Boolean suspended, @NonNull Context context, int userId,













            @NonNull PolicyKey policyKey) {













        Binder.withCleanCallingIdentity(() -> {













            if (suspended != null && suspended) {













                suspendPersonalAppsInPackageManager(context, userId);













            } else {













                LocalServices.getService(PackageManagerInternal.class)













                        .unsuspendForSuspendingPackage(PLATFORM_PACKAGE_NAME, userId);













            }













        });













        return true;













    }



























    private static void suspendPersonalAppsInPackageManager(Context context, int userId) {













        final String[] appsToSuspend = PersonalAppsSuspensionHelper.forUser(context, userId)













                .getPersonalAppsForSuspension();













        final String[] failedApps = LocalServices.getService(PackageManagerInternal.class)













                .setPackagesSuspendedByAdmin(userId, appsToSuspend, true);













        if (!ArrayUtils.isEmpty(failedApps)) {













            Slogf.wtf(LOG_TAG, "Failed to suspend apps: " + String.join(",", failedApps));













        }













    }















}
























services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -7497,6 +7497,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {













     * Tests the case when the user turns the profile back on when the apps are already suspended.















     */















    @Test













    @Ignore("b/277916462")















    public void testMaximumProfileTimeOff_turnOnAfterDeadline() throws Exception {















        prepareMocksForSetMaximumProfileTimeOff();