diff options
| author | 2019-04-25 18:40:11 +0000 | |
|---|---|---|
| committer | 2019-04-25 18:40:11 +0000 | |
| commit | 07806b3d78feed97f6631b151fe4ae03f57a497f (patch) | |
| tree | 4ef026b279ae28730ac784618642bc80bff9a2e7 | |
| parent | dcc2255eb1b8958008ab1dcf5bdc13b6562fea00 (diff) | |
| parent | e4d398c917986cf57d6d31219649a059e1f09145 (diff) | |
Merge "Don't ignore updated policies on PO/DO." into qt-dev
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 9497f7978541..c5a206882695 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -1377,7 +1377,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } - void readFromXml(XmlPullParser parser) + void readFromXml(XmlPullParser parser, boolean shouldOverridePolicies) throws XmlPullParserException, IOException { int outerDepth = parser.getDepth(); int type; @@ -1388,7 +1388,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } String tag = parser.getName(); if (TAG_POLICIES.equals(tag)) { - info.readPoliciesFromXml(parser); + if (shouldOverridePolicies) { + Log.d(LOG_TAG, "Overriding device admin policies from XML."); + info.readPoliciesFromXml(parser); + } } else if (TAG_PASSWORD_QUALITY.equals(tag)) { minimumPasswordMetrics.quality = Integer.parseInt( parser.getAttributeValue(null, ATTR_VALUE)); @@ -1516,9 +1519,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } else if (TAG_PARENT_ADMIN.equals(tag)) { Preconditions.checkState(!isParent); - parentAdmin = new ActiveAdmin(info, /* parent */ true); - parentAdmin.readFromXml(parser); + parentAdmin.readFromXml(parser, shouldOverridePolicies); } else if (TAG_ORGANIZATION_COLOR.equals(tag)) { organizationColor = Integer.parseInt( parser.getAttributeValue(null, ATTR_VALUE)); @@ -3324,8 +3326,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { + userHandle); } if (dai != null) { + boolean shouldOverwritePolicies = + shouldOverwritePoliciesFromXml(dai.getComponent(), userHandle); ActiveAdmin ap = new ActiveAdmin(dai, /* parent */ false); - ap.readFromXml(parser); + ap.readFromXml(parser, shouldOverwritePolicies); policy.mAdminMap.put(ap.info.getComponent(), ap); } } catch (RuntimeException e) { @@ -3435,6 +3439,14 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } + private boolean shouldOverwritePoliciesFromXml( + ComponentName deviceAdminComponent, int userHandle) { + // http://b/123415062: If DA, overwrite with the stored policies that were agreed by the + // user to prevent apps from sneaking additional policies into updates. + return !isProfileOwner(deviceAdminComponent, userHandle) + && !isDeviceOwner(deviceAdminComponent, userHandle); + } + private void updateLockTaskPackagesLocked(List<String> packages, int userId) { long ident = mInjector.binderClearCallingIdentity(); try { |