Add push mechanism in DPM for ConnecitivityService

Remove DPM.isNetworkSlicingEnabledForUser Test: Unit test added but commented; atest DevicePolicyManagerTest Bug: 178655595 Change-Id: I77d1996f33b017221a14799e71f2df2123f99b32 Merged-In: I77d1996f33b017221a14799e71f2df2123f99b32
author: Shuo Qian <shuoq@google.com> 2021-03-10 17:36:58 -0800
committer: Shuo Qian <shuoq@google.com> 2021-03-18 22:15:00 +0000
commit: 0c3d39fea6209202f87d30e803abe499142c6aa0 (patch)
tree: e33e5faadd83e4e526fc4610a1f11508d797ffb6
parent: e9a7e0acc35fdeedde0a1a56560109249f7ce878 (diff)
7 files changed, 74 insertions, 58 deletions
diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index 39e259d7db9a..7f4422612537 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -201,7 +201,6 @@ package android {
     field public static final String READ_DEVICE_CONFIG = "android.permission.READ_DEVICE_CONFIG";
     field public static final String READ_DREAM_STATE = "android.permission.READ_DREAM_STATE";
     field public static final String READ_INSTALL_SESSIONS = "android.permission.READ_INSTALL_SESSIONS";
-    field public static final String READ_NETWORK_DEVICE_CONFIG = "android.permission.READ_NETWORK_DEVICE_CONFIG";
     field public static final String READ_NETWORK_USAGE_HISTORY = "android.permission.READ_NETWORK_USAGE_HISTORY";
     field public static final String READ_OEM_UNLOCK_STATE = "android.permission.READ_OEM_UNLOCK_STATE";
     field public static final String READ_PEOPLE_DATA = "android.permission.READ_PEOPLE_DATA";
@@ -910,7 +909,6 @@ package android.app.admin {
     method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isDeviceProvisioned();
     method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isDeviceProvisioningConfigApplied();
     method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isManagedKiosk();
-    method public boolean isNetworkSlicingEnabledForUser(@NonNull android.os.UserHandle);
     method public boolean isSecondaryLockscreenEnabled(@NonNull android.os.UserHandle);
     method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isUnattendedManagedKiosk();
     method @RequiresPermission("android.permission.NOTIFY_PENDING_SYSTEM_UPDATE") public void notifyPendingSystemUpdate(long);
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 930717b97555..d2e9622f0a92 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -10004,37 +10004,6 @@ public class DevicePolicyManager {
     }
 
     /**
-     * Indicates whether 5g slicing is enabled for specific user.
-     *
-     * This method can be called with permission
-     * {@link android.Manifest.permission#READ_NETWORK_DEVICE_CONFIG} by the profile owner of
-     * a managed profile. And the caller must hold the
-     * {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} permission if query for
-     * other users.
-     *
-     * @param userHandle indicates the user to query the state
-     * @return indicates whether 5g Slice is enabled.
-     * @throws SecurityException if the caller is not granted the permission
-     *         {@link android.Manifest.permission#READ_NETWORK_DEVICE_CONFIG}
-     *         and not profile owner of a managed profile, and not granted the permission
-     *         {@link android.Manifest.permission#INTERACT_ACROSS_USERS_FULL} if query for
-     *         other users.
-     * @hide
-     */
-    @SystemApi
-    public boolean isNetworkSlicingEnabledForUser(@NonNull UserHandle userHandle) {
-        throwIfParentInstance("isNetworkSlicingEnabledForUser");
-        if (mService == null) {
-            return false;
-        }
-        try {
-            return mService.isNetworkSlicingEnabled(userHandle.getIdentifier());
-        } catch (RemoteException e) {
-            throw e.rethrowFromSystemServer();
-        }
-    }
-
-    /**
      * This method is mostly deprecated.
      * Most of the settings that still have an effect have dedicated setter methods or user
      * restrictions. See individual settings for details.
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index d783b445515d..23629452ab8f 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -2292,11 +2292,6 @@
     <permission android:name="android.permission.READ_PRIVILEGED_PHONE_STATE"
         android:protectionLevel="signature|privileged" />
 
-    <!-- @SystemApi Allows read access to privileged network state in the device config.
-         @hide Used internally. -->
-    <permission android:name="android.permission.READ_NETWORK_DEVICE_CONFIG"
-        android:protectionLevel="signature|privileged" />
-
     <!-- Allows to read device identifiers and use ICC based authentication like EAP-AKA.
          Often required in authentication to access the carrier's server and manage services
          of the subscriber.
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index ac2281a2dbaa..e4ba0ace04fe 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -101,6 +101,8 @@ import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK;
 import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_AWARE;
 import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_UNAWARE;
 import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES;
+// TODO (b/178655595) import static android.net.ConnectivityManager.USER_PREFERENCE_ENTERPRISE;
+// TODO (b/178655595) import static android.net.ConnectivityManager.USER_PREFERENCE_SYSTEM_DEFAULT;
 import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
 import static android.provider.Settings.Global.PRIVATE_DNS_MODE;
 import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;
@@ -3082,6 +3084,13 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         updatePermissionPolicyCache(userId);
         updateAdminCanGrantSensorsPermissionCache(userId);
 
+        boolean enableEnterpriseNetworkSlice = true;
+        synchronized (getLockObject()) {
+            ActiveAdmin owner = getDeviceOrProfileOwnerAdminLocked(userId);
+            enableEnterpriseNetworkSlice = owner != null ? owner.mNetworkSlicingEnabled : true;
+        }
+        updateNetworkPreferenceForUser(userId, enableEnterpriseNetworkSlice);
+
         startOwnerService(userId, "start-user");
     }
 
@@ -3097,6 +3106,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
     @Override
     void handleStopUser(int userId) {
+        updateNetworkPreferenceForUser(userId, false);
         stopOwnerService(userId, "stop-user");
     }
 
@@ -11402,21 +11412,22 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         if (!mHasFeature) {
             return;
         }
-
         final CallerIdentity caller = getCallerIdentity();
         Preconditions.checkCallAuthorization(isProfileOwner(caller),
                 "Caller is not profile owner; only profile owner may control the network slicing");
-
         synchronized (getLockObject()) {
             final ActiveAdmin requiredAdmin = getProfileOwnerAdminLocked(
                     caller.getUserId());
             if (requiredAdmin != null && requiredAdmin.mNetworkSlicingEnabled != enabled) {
                 requiredAdmin.mNetworkSlicingEnabled = enabled;
                 saveSettingsLocked(caller.getUserId());
-                // TODO(b/178655595) notify CS the change.
-                // TODO(b/178655595) DevicePolicyEventLogger metrics
             }
         }
+        updateNetworkPreferenceForUser(caller.getUserId(), enabled);
+        DevicePolicyEventLogger
+                .createEvent(DevicePolicyEnums.SET_NETWORK_SLICING_ENABLED)
+                .setBoolean(enabled)
+                .write();
     }
 
     @Override
@@ -11426,11 +11437,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         }
 
         final CallerIdentity caller = getCallerIdentity();
-        Preconditions.checkCallAuthorization(hasFullCrossUsersPermission(caller, userHandle));
-        Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
-                permission.READ_NETWORK_DEVICE_CONFIG) || isProfileOwner(caller),
-                        "Caller is not profile owner and not granted"
-                                + " READ_NETWORK_DEVICE_CONFIG permission");
+        Preconditions.checkCallAuthorization(isProfileOwner(caller),
+                "Caller is not profile owner");
         synchronized (getLockObject()) {
             final ActiveAdmin requiredAdmin = getProfileOwnerAdminLocked(userHandle);
             if (requiredAdmin != null) {
@@ -16957,6 +16965,20 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         }
     }
 
+    private void updateNetworkPreferenceForUser(int userId, boolean enableEnterprise) {
+        if (!isManagedProfile(userId)) {
+            return;
+        }
+        // TODO(b/178655595)
+        // int networkPreference = enable ? ConnectivityManager.USER_PREFERENCE_ENTERPRISE :
+        //        ConnectivityManager.USER_PREFERENCE_SYSTEM_DEFAULT;
+        // mInjector.binderWithCleanCallingIdentity(() ->
+        //         mInjector.getConnectivityManager().setNetworkPreferenceForUser(
+        //                 UserHandle.of(userId),
+        //                 networkPreference,
+        //                 null /* executor */, null /* listener */));
+    }
+
     @Override
     public boolean canAdminGrantSensorsPermissionsForUser(int userId) {
         if (!mHasFeature) {
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 77a39d8ac762..576f9c23e350 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -4016,6 +4016,27 @@ public class DevicePolicyManagerTest extends DpmTestBase {
     }
 
     @Test
+    public void testUpdateNetworkPreferenceOnStartOnStopUser() throws Exception {
+        dpms.handleStartUser(CALLER_USER_HANDLE);
+        // TODO(b/178655595)
+        // verify(getServices().connectivityManager, times(1)).setNetworkPreferenceForUser(
+        //         any(UserHandle.class),
+        //         anyInt(),
+        //         any(Executor.class),
+        //         any(Runnable.class)
+        //);
+
+        dpms.handleStopUser(CALLER_USER_HANDLE);
+        // TODO(b/178655595)
+        // verify(getServices().connectivityManager, times(1)).setNetworkPreferenceForUser(
+        //         any(UserHandle.class),
+        //         eq(ConnectivityManager.USER_PREFERENCE_SYSTEM_DEFAULT),
+        //         any(Executor.class),
+        //         any(Runnable.class)
+        //);
+    }
+
+    @Test
     public void testGetSetNetworkSlicing() throws Exception {
         assertExpectException(SecurityException.class, null,
                 () -> dpm.setNetworkSlicingEnabled(false));
@@ -4023,20 +4044,26 @@ public class DevicePolicyManagerTest extends DpmTestBase {
         assertExpectException(SecurityException.class, null,
                 () -> dpm.isNetworkSlicingEnabled());
 
-        assertExpectException(SecurityException.class, null,
-                () -> dpm.isNetworkSlicingEnabledForUser(UserHandle.of(CALLER_USER_HANDLE)));
-
-        mContext.callerPermissions.add(permission.READ_NETWORK_DEVICE_CONFIG);
-        mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
-        try {
-            dpm.isNetworkSlicingEnabledForUser(UserHandle.of(CALLER_USER_HANDLE));
-        } catch (SecurityException se) {
-            fail("Threw SecurityException with right permission");
-        }
-
         setupProfileOwner();
         dpm.setNetworkSlicingEnabled(false);
         assertThat(dpm.isNetworkSlicingEnabled()).isFalse();
+        // TODO(b/178655595)
+        // verify(getServices().connectivityManager, times(1)).setNetworkPreferenceForUser(
+        //         any(UserHandle.class),
+        //         eq(ConnectivityManager.USER_PREFERENCE_SYSTEM_DEFAULT),
+        //         any(Executor.class),
+        //         any(Runnable.class)
+        //);
+
+        dpm.setNetworkSlicingEnabled(true);
+        assertThat(dpm.isNetworkSlicingEnabled()).isTrue();
+        // TODO(b/178655595)
+        // verify(getServices().connectivityManager, times(1)).setNetworkPreferenceForUser(
+        //         any(UserHandle.class),
+        //         eq(ConnectivityManager.USER_PREFERENCE_ENTERPRISE),
+        //         any(Executor.class),
+        //         any(Runnable.class)
+        //);
     }
 
     @Test
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
index 6068fdf9b5b5..2fcc021575b1 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
@@ -224,6 +224,8 @@ public class DpmMockContext extends MockContext {
                 return mMockSystemServices.accountManager;
             case Context.TELEPHONY_SERVICE:
                 return mMockSystemServices.telephonyManager;
+            case Context.CONNECTIVITY_SERVICE:
+                return mMockSystemServices.connectivityManager;
             case Context.APP_OPS_SERVICE:
                 return mMockSystemServices.appOpsManager;
             case Context.CROSS_PROFILE_APPS_SERVICE:
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/MockSystemServices.java b/services/tests/servicestests/src/com/android/server/devicepolicy/MockSystemServices.java
index f6dee385ca07..9cc057252a4c 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/MockSystemServices.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/MockSystemServices.java
@@ -47,6 +47,7 @@ import android.content.pm.UserInfo;
 import android.database.Cursor;
 import android.hardware.usb.UsbManager;
 import android.media.IAudioService;
+import android.net.ConnectivityManager;
 import android.net.IIpConnectivityMetrics;
 import android.net.Uri;
 import android.net.wifi.WifiManager;
@@ -114,6 +115,7 @@ public class MockSystemServices {
     public final SettingsForMock settings;
     public final MockContentResolver contentResolver;
     public final TelephonyManager telephonyManager;
+    public final ConnectivityManager connectivityManager;
     public final AccountManager accountManager;
     public final AlarmManager alarmManager;
     public final KeyChain.KeyChainConnection keyChainConnection;
@@ -159,6 +161,7 @@ public class MockSystemServices {
         wifiManager = mock(WifiManager.class);
         settings = mock(SettingsForMock.class);
         telephonyManager = mock(TelephonyManager.class);
+        connectivityManager = mock(ConnectivityManager.class);
         accountManager = mock(AccountManager.class);
         alarmManager = mock(AlarmManager.class);
         keyChainConnection = mock(KeyChain.KeyChainConnection.class, RETURNS_DEEP_STUBS);
author	Shuo Qian <shuoq@google.com>	2021-03-10 17:36:58 -0800
committer	Shuo Qian <shuoq@google.com>	2021-03-18 22:15:00 +0000
commit	0c3d39fea6209202f87d30e803abe499142c6aa0 (patch)
tree	e33e5faadd83e4e526fc4610a1f11508d797ffb6
parent	e9a7e0acc35fdeedde0a1a56560109249f7ce878 (diff)