Simplyfy DPM binder by using WifiSsidPolicy.

WifiSsidPolicy is parcelable, so there is no need to marshall it explicitly as a deny- or allow-list using separate getters and setters. Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest test: atest WifiSsidRestrictionTest Bug: 218495535 Change-Id: Iee06acb6b136766fb16cef2d60a46bd7373b5c56
author: Pavel Grafov <pgrafov@google.com> 2022-03-23 18:41:38 +0000
committer: Pavel Grafov <pgrafov@google.com> 2022-03-25 12:59:11 +0000
commit: 8d2caa2b019b7650d0447fc36d37b03ed06b51b4 (patch)
tree: 5b044a40e31275457e520d0e13991ea6871edd91
parent: 1d9203b4e0af5cad1e0d6f1666342f85f3835472 (diff)
5 files changed, 86 insertions, 126 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index 82e5ebf755c2..471f460433b9 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -60,7 +60,6 @@ import android.graphics.drawable.Drawable;
 import android.net.PrivateDnsConnectivityChecker;
 import android.net.ProxyInfo;
 import android.net.Uri;
-import android.net.wifi.WifiSsid;
 import android.nfc.NfcAdapter;
 import android.os.Binder;
 import android.os.Build;
@@ -112,7 +111,6 @@ import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.net.InetSocketAddress;
 import java.net.Proxy;
-import java.nio.charset.StandardCharsets;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
@@ -15237,26 +15235,15 @@ public class DevicePolicyManager {
      */
     public void setWifiSsidPolicy(@Nullable WifiSsidPolicy policy) {
         throwIfParentInstance("setWifiSsidPolicy");
-        if (mService != null) {
-            try {
-                if (policy == null) {
-                    mService.setSsidAllowlist(new ArrayList<>());
-                } else {
-                    int policyType = policy.getPolicyType();
-                    List<String> ssidList = new ArrayList<>();
-                    for (WifiSsid ssid : policy.getSsids()) {
-                        ssidList.add(new String(ssid.getBytes(), StandardCharsets.UTF_8));
-                    }
-                    if (policyType == WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST) {
-                        mService.setSsidAllowlist(ssidList);
-                    } else {
-                        mService.setSsidDenylist(ssidList);
-                    }
-                }
-            } catch (RemoteException e) {
-                throw e.rethrowFromSystemServer();
-            }
+        if (mService == null) {
+            return;
+        }
+        try {
+            mService.setWifiSsidPolicy(policy);
+        } catch (RemoteException e) {
+            throw e.rethrowFromSystemServer();
         }
+
     }
 
     /**
@@ -15274,30 +15261,10 @@ public class DevicePolicyManager {
             return null;
         }
         try {
-            List<String> allowlist = mService.getSsidAllowlist();
-            if (!allowlist.isEmpty()) {
-                List<WifiSsid> wifiSsidAllowlist = new ArrayList<>();
-                for (String ssid : allowlist) {
-                    wifiSsidAllowlist.add(
-                            WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)));
-                }
-                return new WifiSsidPolicy(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST,
-                        new ArraySet<>(wifiSsidAllowlist));
-            }
-            List<String> denylist = mService.getSsidDenylist();
-            if (!denylist.isEmpty()) {
-                List<WifiSsid> wifiSsidDenylist = new ArrayList<>();
-                for (String ssid : denylist) {
-                    wifiSsidDenylist.add(
-                            WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)));
-                }
-                return new WifiSsidPolicy(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST,
-                        new ArraySet<>(wifiSsidDenylist));
-            }
+            return mService.getWifiSsidPolicy();
         } catch (RemoteException e) {
             throw e.rethrowFromSystemServer();
         }
-        return null;
     }
 
     /**
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 8a9ef4bf9e0e..6c6a7ca70837 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -33,6 +33,7 @@ import android.app.admin.PasswordMetrics;
 import android.app.admin.FactoryResetProtectionPolicy;
 import android.app.admin.ManagedProfileProvisioningParams;
 import android.app.admin.FullyManagedDeviceProvisioningParams;
+import android.app.admin.WifiSsidPolicy;
 import android.content.ComponentName;
 import android.content.Intent;
 import android.content.IntentFilter;
@@ -545,10 +546,8 @@ interface IDevicePolicyManager {
     void setMinimumRequiredWifiSecurityLevel(int level);
     int getMinimumRequiredWifiSecurityLevel();
 
-    void setSsidAllowlist(in List<String> ssids);
-    List<String> getSsidAllowlist();
-    void setSsidDenylist(in List<String> ssids);
-    List<String> getSsidDenylist();
+    void setWifiSsidPolicy(in WifiSsidPolicy policy);
+    WifiSsidPolicy getWifiSsidPolicy();
 
     List<UserHandle> listForegroundAffiliatedUsers();
     void setDrawables(in List<DevicePolicyDrawableResource> drawables);
diff --git a/core/java/android/app/admin/WifiSsidPolicy.java b/core/java/android/app/admin/WifiSsidPolicy.java
index e91807535c6e..3fefe4bda331 100644
--- a/core/java/android/app/admin/WifiSsidPolicy.java
+++ b/core/java/android/app/admin/WifiSsidPolicy.java
@@ -25,6 +25,7 @@ import android.util.ArraySet;
 
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
+import java.util.Objects;
 import java.util.Set;
 
 /**
@@ -135,6 +136,23 @@ public final class WifiSsidPolicy implements Parcelable {
     }
 
     @Override
+    public boolean equals(Object thatObject) {
+        if (this == thatObject) {
+            return true;
+        }
+        if (!(thatObject instanceof WifiSsidPolicy)) {
+            return false;
+        }
+        WifiSsidPolicy that = (WifiSsidPolicy) thatObject;
+        return mPolicyType == that.mPolicyType && Objects.equals(mSsids, that.mSsids);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(mPolicyType, mSsids);
+    }
+
+    @Override
     public int describeContents() {
         return 0;
     }
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java b/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
index 48c40523e9c2..aca138935491 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
@@ -19,6 +19,8 @@ package com.android.server.devicepolicy;
 import static android.app.admin.DevicePolicyManager.NEARBY_STREAMING_SAME_MANAGED_ACCOUNT_ONLY;
 import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE;
 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
+import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST;
+import static android.app.admin.WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST;
 
 import static com.android.server.devicepolicy.DevicePolicyManagerService.LOG_TAG;
 
@@ -33,7 +35,9 @@ import android.app.admin.DevicePolicyManager;
 import android.app.admin.FactoryResetProtectionPolicy;
 import android.app.admin.PasswordPolicy;
 import android.app.admin.PreferentialNetworkServiceConfig;
+import android.app.admin.WifiSsidPolicy;
 import android.graphics.Color;
+import android.net.wifi.WifiSsid;
 import android.os.Bundle;
 import android.os.PersistableBundle;
 import android.os.UserHandle;
@@ -53,6 +57,7 @@ import com.android.server.utils.Slogf;
 import org.xmlpull.v1.XmlPullParserException;
 
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -60,6 +65,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.function.Predicate;
+import java.util.stream.Collectors;
 
 class ActiveAdmin {
     private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features";
@@ -242,13 +248,8 @@ class ActiveAdmin {
     // List of package names to keep cached.
     List<String> keepUninstalledPackages;
 
-    // The allowlist of SSIDs the device may connect to.
-    // By default, the allowlist restriction is deactivated.
-    List<String> mSsidAllowlist;
-
-    // The denylist of SSIDs the device may not connect to.
-    // By default, the denylist restriction is deactivated.
-    List<String> mSsidDenylist;
+    // Wi-Fi SSID restriction policy.
+    WifiSsidPolicy mWifiSsidPolicy;
 
     // TODO: review implementation decisions with frameworks team
     boolean specifiesGlobalProxy = false;
@@ -594,14 +595,22 @@ class ActiveAdmin {
         if (mWifiMinimumSecurityLevel != DevicePolicyManager.WIFI_SECURITY_OPEN) {
             writeAttributeValueToXml(out, TAG_WIFI_MIN_SECURITY, mWifiMinimumSecurityLevel);
         }
-        if (mSsidAllowlist != null && !mSsidAllowlist.isEmpty()) {
-            writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, mSsidAllowlist);
-        }
-        if (mSsidDenylist != null && !mSsidDenylist.isEmpty()) {
-            writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, mSsidDenylist);
+        if (mWifiSsidPolicy != null) {
+            List<String> ssids = ssidsToStrings(mWifiSsidPolicy.getSsids());
+            if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) {
+                writeAttributeValuesToXml(out, TAG_SSID_ALLOWLIST, TAG_SSID, ssids);
+            } else if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_DENYLIST) {
+                writeAttributeValuesToXml(out, TAG_SSID_DENYLIST, TAG_SSID, ssids);
+            }
         }
     }
 
+    private List<String> ssidsToStrings(Set<WifiSsid> ssids) {
+        return ssids.stream()
+                .map(ssid -> new String(ssid.getBytes(), StandardCharsets.UTF_8))
+                .collect(Collectors.toList());
+    }
+
     void writeTextToXml(TypedXmlSerializer out, String tag, String text) throws IOException {
         out.startTag(null, tag);
         out.text(text);
@@ -855,11 +864,13 @@ class ActiveAdmin {
             } else if (TAG_WIFI_MIN_SECURITY.equals(tag)) {
                 mWifiMinimumSecurityLevel = parser.getAttributeInt(null, ATTR_VALUE);
             } else if (TAG_SSID_ALLOWLIST.equals(tag)) {
-                mSsidAllowlist = new ArrayList<>();
-                readAttributeValues(parser, TAG_SSID, mSsidAllowlist);
+                List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID);
+                mWifiSsidPolicy = new WifiSsidPolicy(
+                        WIFI_SSID_POLICY_TYPE_ALLOWLIST, new ArraySet<>(ssids));
             } else if (TAG_SSID_DENYLIST.equals(tag)) {
-                mSsidDenylist = new ArrayList<>();
-                readAttributeValues(parser, TAG_SSID, mSsidDenylist);
+                List<WifiSsid> ssids = readWifiSsids(parser, TAG_SSID);
+                mWifiSsidPolicy = new WifiSsidPolicy(
+                        WIFI_SSID_POLICY_TYPE_DENYLIST, new ArraySet<>(ssids));
             } else {
                 Slogf.w(LOG_TAG, "Unknown admin tag: %s", tag);
                 XmlUtils.skipCurrentTag(parser);
@@ -867,6 +878,16 @@ class ActiveAdmin {
         }
     }
 
+    private List<WifiSsid> readWifiSsids(TypedXmlPullParser parser, String tag)
+            throws XmlPullParserException, IOException {
+        List<String> ssidStrings = new ArrayList<>();
+        readAttributeValues(parser, tag, ssidStrings);
+        List<WifiSsid> ssids = ssidStrings.stream()
+                .map(ssid -> WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)))
+                .collect(Collectors.toList());
+        return ssids;
+    }
+
     private List<String> readPackageList(TypedXmlPullParser parser,
             String tag) throws XmlPullParserException, IOException {
         List<String> result = new ArrayList<String>();
@@ -1222,11 +1243,14 @@ class ActiveAdmin {
         pw.print("mWifiMinimumSecurityLevel=");
         pw.println(mWifiMinimumSecurityLevel);
 
-        pw.print("mSsidAllowlist=");
-        pw.println(mSsidAllowlist);
-
-        pw.print("mSsidDenylist=");
-        pw.println(mSsidDenylist);
+        if (mWifiSsidPolicy != null) {
+            if (mWifiSsidPolicy.getPolicyType() == WIFI_SSID_POLICY_TYPE_ALLOWLIST) {
+                pw.print("mSsidAllowlist=");
+            } else {
+                pw.print("mSsidDenylist=");
+            }
+            pw.println(ssidsToStrings(mWifiSsidPolicy.getSsids()));
+        }
 
         if (mFactoryResetProtectionPolicy != null) {
             pw.println("mFactoryResetProtectionPolicy:");
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 55e504a3b611..69fd0ecbff78 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -274,7 +274,6 @@ import android.net.Uri;
 import android.net.VpnManager;
 import android.net.metrics.IpConnectivityLog;
 import android.net.wifi.WifiManager;
-import android.net.wifi.WifiSsid;
 import android.os.Binder;
 import android.os.Build;
 import android.os.Bundle;
@@ -395,7 +394,6 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.lang.reflect.Constructor;
-import java.nio.charset.StandardCharsets;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
@@ -18572,13 +18570,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
                         .notifyMinimumRequiredWifiSecurityLevelChanged(level));
     }
 
-    private void notifyWifiSsidPolicyChanged(int policyType, List<String> ssids) {
-        List<WifiSsid> wifiSsidList = new ArrayList<>();
-        for (String ssid : ssids) {
-            wifiSsidList.add(
-                    WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)));
+    private void notifyWifiSsidPolicyChanged(WifiSsidPolicy policy) {
+        if (policy == null) {
+            // If policy doesn't limit SSIDs, no need to disconnect anything.
+            return;
         }
-        WifiSsidPolicy policy = new WifiSsidPolicy(policyType, new ArraySet<>(wifiSsidList));
         mInjector.binderWithCleanCallingIdentity(
                 () -> mInjector.getWifiManager().notifyWifiSsidPolicyChanged(policy));
     }
@@ -18614,84 +18610,40 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
     }
 
     @Override
-    public void setSsidAllowlist(List<String> ssids) {
-        final CallerIdentity caller = getCallerIdentity();
-        Preconditions.checkCallAuthorization(
-                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller),
-                "SSID allowlist can only be controlled by a device owner or "
-                        + "a profile owner on an organization-owned device.");
-
-        Collections.sort(ssids);
-        boolean changed = false;
-        synchronized (getLockObject()) {
-            final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
-            if (!ssids.equals(admin.mSsidAllowlist)) {
-                admin.mSsidAllowlist = ssids;
-                admin.mSsidDenylist = null;
-                changed = true;
-            }
-            if (changed) saveSettingsLocked(caller.getUserId());
-        }
-        if (changed && !ssids.isEmpty()) {
-            notifyWifiSsidPolicyChanged(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_ALLOWLIST, ssids);
-        }
-    }
-
-    @Override
-    public List<String> getSsidAllowlist() {
+    public WifiSsidPolicy getWifiSsidPolicy() {
         final CallerIdentity caller = getCallerIdentity();
         Preconditions.checkCallAuthorization(
                 isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller)
                         || canQueryAdminPolicy(caller),
-                "SSID allowlist can only be retrieved by a device owner or "
+                "SSID policy can only be retrieved by a device owner or "
                         + "a profile owner on an organization-owned device or "
                         + "an app with the QUERY_ADMIN_POLICY permission.");
         synchronized (getLockObject()) {
             final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(
                     UserHandle.USER_SYSTEM);
-            return (admin == null || admin.mSsidAllowlist == null) ? new ArrayList<>()
-                    : admin.mSsidAllowlist;
+            return admin != null ? admin.mWifiSsidPolicy : null;
         }
     }
 
     @Override
-    public void setSsidDenylist(List<String> ssids) {
+    public void setWifiSsidPolicy(WifiSsidPolicy policy) {
         final CallerIdentity caller = getCallerIdentity();
         Preconditions.checkCallAuthorization(
                 isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller),
                 "SSID denylist can only be controlled by a device owner or "
                         + "a profile owner on an organization-owned device.");
 
-        Collections.sort(ssids);
         boolean changed = false;
         synchronized (getLockObject()) {
             final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
-            if (!ssids.equals(admin.mSsidDenylist)) {
-                admin.mSsidDenylist = ssids;
-                admin.mSsidAllowlist = null;
+            if (!Objects.equals(policy, admin.mWifiSsidPolicy)) {
+                admin.mWifiSsidPolicy = policy;
                 changed = true;
             }
             if (changed) saveSettingsLocked(caller.getUserId());
         }
         if (changed) {
-            notifyWifiSsidPolicyChanged(WifiSsidPolicy.WIFI_SSID_POLICY_TYPE_DENYLIST, ssids);
-        }
-    }
-
-    @Override
-    public List<String> getSsidDenylist() {
-        final CallerIdentity caller = getCallerIdentity();
-        Preconditions.checkCallAuthorization(
-                isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller)
-                        || canQueryAdminPolicy(caller),
-                "SSID denylist can only be retrieved by a device owner or "
-                        + "a profile owner on an organization-owned device or "
-                        + "an app with the QUERY_ADMIN_POLICY permission.");
-        synchronized (getLockObject()) {
-            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(
-                    UserHandle.USER_SYSTEM);
-            return (admin == null || admin.mSsidDenylist == null) ? new ArrayList<>()
-                    : admin.mSsidDenylist;
+            notifyWifiSsidPolicyChanged(policy);
         }
     }
author	Pavel Grafov <pgrafov@google.com>	2022-03-23 18:41:38 +0000
committer	Pavel Grafov <pgrafov@google.com>	2022-03-25 12:59:11 +0000
commit	8d2caa2b019b7650d0447fc36d37b03ed06b51b4 (patch)
tree	5b044a40e31275457e520d0e13991ea6871edd91
parent	1d9203b4e0af5cad1e0d6f1666342f85f3835472 (diff)