summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Ayush Sharma <ayushsha@google.com> 2022-10-03 14:56:37 +0000
committer Android (Google) Code Review <android-gerrit@google.com> 2022-10-03 14:56:37 +0000
commit9dc49539044e1d1105a8ed855d9627318e66d1d5 (patch)
treedd24f1e7d4c2f2e10e1cf737005c1e62c44ef824
parentb1ab4249bcd08894d7ef7913f2a8f28a09120483 (diff)
parent3a595e73920a83691f812af6d52ed3aefbce3038 (diff)
Merge "Simplify checks for get profile/device owner"
Diffstat
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java218
1 files changed, 107 insertions, 111 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 897ac1fe1e7f..fbb853793915 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2491,83 +2491,41 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
reqPolicy, /* permission= */ null);
}
- @NonNull ActiveAdmin getDeviceOwnerLocked(final CallerIdentity caller) {
+ ActiveAdmin getDeviceOwnerLocked(@UserIdInt int userId) {
ensureLocked();
ComponentName doComponent = mOwners.getDeviceOwnerComponent();
- Preconditions.checkState(doComponent != null,
- "No device owner for user %d", caller.getUid());
-
- // Use the user ID of the caller instead of mOwners.getDeviceOwnerUserId() because
- // secondary, affiliated users will have their own admin.
- ActiveAdmin doAdmin = getUserData(caller.getUserId()).mAdminMap.get(doComponent);
- Preconditions.checkState(doAdmin != null,
- "Device owner %s for user %d not found", doComponent,
- caller.getUid());
-
- Preconditions.checkCallAuthorization(doAdmin.getUid() == caller.getUid(),
- "Admin %s is not owned by uid %d, but uid %d", doComponent,
- caller.getUid(), doAdmin.getUid());
-
- Preconditions.checkCallAuthorization(
- !caller.hasAdminComponent()
- || doAdmin.info.getComponent().equals(caller.getComponentName()),
- "Caller component %s is not device owner",
- caller.getComponentName());
-
+ ActiveAdmin doAdmin = getUserData(userId).mAdminMap.get(doComponent);
return doAdmin;
}
- @NonNull ActiveAdmin getProfileOwnerLocked(final CallerIdentity caller) {
+ ActiveAdmin getProfileOwnerLocked(@UserIdInt int userId) {
ensureLocked();
- final ComponentName poAdminComponent = mOwners.getProfileOwnerComponent(caller.getUserId());
-
- Preconditions.checkState(poAdminComponent != null,
- "No profile owner for user %d", caller.getUid());
-
- ActiveAdmin poAdmin = getUserData(caller.getUserId()).mAdminMap.get(poAdminComponent);
- Preconditions.checkState(poAdmin != null,
- "No device profile owner for caller %d", caller.getUid());
-
- Preconditions.checkCallAuthorization(poAdmin.getUid() == caller.getUid(),
- "Admin %s is not owned by uid %d", poAdminComponent,
- caller.getUid());
-
- Preconditions.checkCallAuthorization(
- !caller.hasAdminComponent()
- || poAdmin.info.getComponent().equals(caller.getComponentName()),
- "Caller component %s is not profile owner",
- caller.getComponentName());
-
+ final ComponentName poAdminComponent = mOwners.getProfileOwnerComponent(userId);
+ ActiveAdmin poAdmin = getUserData(userId).mAdminMap.get(poAdminComponent);
return poAdmin;
}
@NonNull ActiveAdmin getOrganizationOwnedProfileOwnerLocked(final CallerIdentity caller) {
- final ActiveAdmin profileOwner = getProfileOwnerLocked(caller);
-
Preconditions.checkCallAuthorization(
mOwners.isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId()),
- "Admin %s is not of an org-owned device",
- profileOwner.info.getComponent());
+ "Caller %s is not an admin of an org-owned device",
+ caller.getComponentName());
+ final ActiveAdmin profileOwner = getProfileOwnerLocked(caller.getUserId());
return profileOwner;
}
- @NonNull ActiveAdmin getProfileOwnerOrDeviceOwnerLocked(final CallerIdentity caller) {
+ ActiveAdmin getProfileOwnerOrDeviceOwnerLocked(@UserIdInt int userId) {
ensureLocked();
// Try to find an admin which can use reqPolicy
- final ComponentName poAdminComponent = mOwners.getProfileOwnerComponent(caller.getUserId());
+ final ComponentName poAdminComponent = mOwners.getProfileOwnerComponent(userId);
final ComponentName doAdminComponent = mOwners.getDeviceOwnerComponent();
- if (poAdminComponent == null && doAdminComponent == null) {
- throw new IllegalStateException(
- String.format("No profile or device owner for user %d", caller.getUid()));
- }
-
if (poAdminComponent != null) {
- return getProfileOwnerLocked(caller);
+ return getProfileOwnerLocked(userId);
}
- return getDeviceOwnerLocked(caller);
+ return getDeviceOwnerLocked(userId);
}
@NonNull ActiveAdmin getParentOfAdminIfRequired(ActiveAdmin admin, boolean parent) {
@@ -4136,7 +4094,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
List<String> changedProviders = null;
synchronized (getLockObject()) {
- ActiveAdmin activeAdmin = getProfileOwnerLocked(caller);
+ ActiveAdmin activeAdmin = getProfileOwnerLocked(caller.getUserId());
if (activeAdmin.crossProfileWidgetProviders == null) {
activeAdmin.crossProfileWidgetProviders = new ArrayList<>();
}
@@ -4171,7 +4129,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
List<String> changedProviders = null;
synchronized (getLockObject()) {
- ActiveAdmin activeAdmin = getProfileOwnerLocked(caller);
+ ActiveAdmin activeAdmin = getProfileOwnerLocked(caller.getUserId());
if (activeAdmin.crossProfileWidgetProviders == null
|| activeAdmin.crossProfileWidgetProviders.isEmpty()) {
return false;
@@ -4205,7 +4163,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin activeAdmin = getProfileOwnerLocked(caller);
+ ActiveAdmin activeAdmin = getProfileOwnerLocked(caller.getUserId());
if (activeAdmin.crossProfileWidgetProviders == null
|| activeAdmin.crossProfileWidgetProviders.isEmpty()) {
return null;
@@ -4725,7 +4683,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
synchronized (getLockObject()) {
final ActiveAdmin admin = getParentOfAdminIfRequired(
- getProfileOwnerOrDeviceOwnerLocked(caller), calledOnParent);
+ getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), calledOnParent);
if (admin.mPasswordComplexity != passwordComplexity) {
// We require the caller to explicitly clear any password quality requirements set
// on the parent DPM instance, to avoid the case where password requirements are
@@ -4994,7 +4952,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
// If caller has PO (or DO) throw or fail silently depending on its target SDK level.
if (isDefaultDeviceOwner(caller) || isProfileOwner(caller)) {
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (getTargetSdk(admin.info.getPackageName(), userHandle) < Build.VERSION_CODES.O) {
Slogf.e(LOG_TAG, "DPC can no longer call resetPassword()");
return false;
@@ -5253,8 +5211,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final int userHandle = caller.getUserId();
boolean changed = false;
synchronized (getLockObject()) {
- ActiveAdmin ap = getParentOfAdminIfRequired(getProfileOwnerOrDeviceOwnerLocked(caller),
- parent);
+ ActiveAdmin ap = getParentOfAdminIfRequired(
+ getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), parent);
if (ap.strongAuthUnlockTimeout != timeoutMs) {
ap.strongAuthUnlockTimeout = timeoutMs;
saveSettingsLocked(userHandle);
@@ -6523,7 +6481,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
if (vpnPackage == null) {
final String prevVpnPackage;
synchronized (getLockObject()) {
- prevVpnPackage = getProfileOwnerOrDeviceOwnerLocked(caller).mAlwaysOnVpnPackage;
+ prevVpnPackage = getProfileOwnerOrDeviceOwnerLocked(
+ caller.getUserId()).mAlwaysOnVpnPackage;
// If the admin is clearing VPN package but hasn't configure any VPN previously,
// ignore it so that it doesn't interfere with user-configured VPNs.
if (TextUtils.isEmpty(prevVpnPackage)) {
@@ -6564,7 +6523,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
.setInt(lockdownAllowlist != null ? lockdownAllowlist.size() : 0)
.write();
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (!TextUtils.equals(vpnPackage, admin.mAlwaysOnVpnPackage)
|| lockdown != admin.mAlwaysOnVpnLockdown) {
admin.mAlwaysOnVpnPackage = vpnPackage;
@@ -6951,7 +6910,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final int frpManagementAgentUid = getFrpManagementAgentUidOrThrow();
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
admin.mFactoryResetProtectionPolicy = policy;
saveSettingsLocked(caller.getUserId());
}
@@ -6996,7 +6955,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkCallAuthorization(
isDefaultDeviceOwner(caller)
|| isProfileOwnerOfOrganizationOwnedDevice(caller));
- admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
}
}
@@ -7639,11 +7598,14 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final CallerIdentity caller = getCallerIdentity(who);
if (parent) {
Preconditions.checkCallAuthorization(isProfileOwnerOfOrganizationOwnedDevice(caller));
+ } else {
+ Preconditions.checkCallAuthorization(isProfileOwner(caller)
+ || isDeviceOwner(caller));
}
synchronized (getLockObject()) {
- ActiveAdmin ap = getParentOfAdminIfRequired(getProfileOwnerOrDeviceOwnerLocked(caller),
- parent);
+ ActiveAdmin ap = getParentOfAdminIfRequired(
+ getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), parent);
if (ap.disableScreenCapture != disabled) {
ap.disableScreenCapture = disabled;
saveSettingsLocked(caller.getUserId());
@@ -7729,7 +7691,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
isDefaultDeviceOwner(caller) || isProfileOwner(caller));
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (admin.mNearbyNotificationStreamingPolicy != policy) {
admin.mNearbyNotificationStreamingPolicy = policy;
saveSettingsLocked(caller.getUserId());
@@ -7769,7 +7731,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
isDefaultDeviceOwner(caller) || isProfileOwner(caller));
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (admin.mNearbyAppStreamingPolicy != policy) {
admin.mNearbyAppStreamingPolicy = policy;
saveSettingsLocked(caller.getUserId());
@@ -7808,12 +7770,14 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
Objects.requireNonNull(who, "ComponentName is null");
final CallerIdentity caller = getCallerIdentity(who);
+ Preconditions.checkCallAuthorization(
+ isDeviceOwner(caller) || isProfileOwner(caller));
boolean requireAutoTimeChanged = false;
synchronized (getLockObject()) {
Preconditions.checkCallAuthorization(!isManagedProfile(caller.getUserId()),
"Managed profile cannot set auto time required");
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (admin.requireAutoTime != required) {
admin.requireAutoTime = required;
saveSettingsLocked(caller.getUserId());
@@ -8466,6 +8430,17 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
}
+ /**
+ * Returns {@code true} if the provided caller identity is of a device owner.
+ * @param caller identity of caller.
+ * @return true if {@code identity} is a device owner, false otherwise.
+ */
+ public boolean isDeviceOwner(CallerIdentity caller) {
+ synchronized (getLockObject()) {
+ return isDeviceOwnerLocked(caller);
+ }
+ }
+
private boolean isDeviceOwnerLocked(CallerIdentity caller) {
if (!mOwners.hasDeviceOwner() || mOwners.getDeviceOwnerUserId() != caller.getUserId()) {
return false;
@@ -8890,11 +8865,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final CallerIdentity caller = getCallerIdentity(who);
final int userId = caller.getUserId();
Preconditions.checkCallingUser(!isManagedProfile(userId));
+ Preconditions.checkCallAuthorization(isProfileOwner(caller));
enforceUserUnlocked(userId);
synchronized (getLockObject()) {
- // Check if this is the profile owner who is calling
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
mInjector.binderWithCleanCallingIdentity(() -> {
clearProfileOwnerLocked(admin, userId);
@@ -10269,6 +10244,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
Objects.requireNonNull(who, "ComponentName is null");
final CallerIdentity caller = getCallerIdentity(who);
+ Preconditions.checkCallAuthorization(
+ isDeviceOwner(caller) || isProfileOwner(caller));
if (packageList != null) {
int userId = caller.getUserId();
@@ -10300,7 +10277,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
admin.permittedAccessiblityServices = packageList;
saveSettingsLocked(UserHandle.getCallingUserId());
}
@@ -10325,7 +10302,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
isDefaultDeviceOwner(caller) || isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
return admin.permittedAccessiblityServices;
}
}
@@ -10458,7 +10435,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
synchronized (getLockObject()) {
final ActiveAdmin admin = getParentOfAdminIfRequired(
- getProfileOwnerOrDeviceOwnerLocked(caller), calledOnParentInstance);
+ getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), calledOnParentInstance);
admin.permittedInputMethods = packageList;
saveSettingsLocked(caller.getUserId());
}
@@ -10500,7 +10477,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
synchronized (getLockObject()) {
final ActiveAdmin admin = getParentOfAdminIfRequired(
- getProfileOwnerOrDeviceOwnerLocked(caller), calledOnParentInstance);
+ getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), calledOnParentInstance);
return admin.permittedInputMethods;
}
}
@@ -10590,9 +10567,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
if (!isManagedProfile(caller.getUserId())) {
return false;
}
-
+ Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
admin.permittedNotificationListeners = packageList;
saveSettingsLocked(caller.getUserId());
}
@@ -10606,11 +10583,13 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
Objects.requireNonNull(who, "ComponentName is null");
final CallerIdentity caller = getCallerIdentity(who);
+ Preconditions.checkCallAuthorization(
+ isDeviceOwner(caller) || isProfileOwner(caller));
synchronized (getLockObject()) {
// API contract is to return null if there are no permitted cross-profile notification
// listeners, including in Device Owner mode.
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
return admin.permittedNotificationListeners;
}
}
@@ -11383,10 +11362,16 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
return;
}
+ if (parent) {
+ Preconditions.checkCallAuthorization(isProfileOwnerOfOrganizationOwnedDevice(caller));
+ } else {
+ Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller));
+ }
+
int userHandle = caller.getUserId();
synchronized (getLockObject()) {
final ActiveAdmin activeAdmin = getParentOfAdminIfRequired(
- getProfileOwnerOrDeviceOwnerLocked(caller), parent);
+ getProfileOwnerOrDeviceOwnerLocked(userHandle), parent);
if (isDefaultDeviceOwner(caller)) {
if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) {
@@ -11516,7 +11501,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
synchronized (getLockObject()) {
final ActiveAdmin activeAdmin = getParentOfAdminIfRequired(
- getProfileOwnerOrDeviceOwnerLocked(caller), parent);
+ getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), parent);
return activeAdmin.userRestrictions;
}
}
@@ -11777,8 +11762,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
ap = getParentOfAdminIfRequired(getOrganizationOwnedProfileOwnerLocked(caller),
parent);
} else {
- Preconditions.checkCallAuthorization(!isFinancedDeviceOwner(caller));
- ap = getParentOfAdminIfRequired(getProfileOwnerOrDeviceOwnerLocked(caller), parent);
+ Preconditions.checkCallAuthorization(
+ isDefaultDeviceOwner(caller) || isProfileOwner(caller));
+ ap = getParentOfAdminIfRequired(
+ getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), parent);
}
if (disabled) {
@@ -11899,7 +11886,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
if (admin.disableCallerId != disabled) {
admin.disableCallerId = disabled;
saveSettingsLocked(caller.getUserId());
@@ -11922,7 +11909,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
return admin.disableCallerId;
}
}
@@ -11950,7 +11937,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
if (admin.disableContactsSearch != disabled) {
admin.disableContactsSearch = disabled;
saveSettingsLocked(caller.getUserId());
@@ -11973,7 +11960,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
return admin.disableContactsSearch;
}
}
@@ -12055,7 +12042,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
isDefaultDeviceOwner(caller) || isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (admin.disableBluetoothContactSharing != disabled) {
admin.disableBluetoothContactSharing = disabled;
saveSettingsLocked(caller.getUserId());
@@ -12080,7 +12067,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
isDefaultDeviceOwner(caller) || isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
return admin.disableBluetoothContactSharing;
}
}
@@ -14411,9 +14398,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final CallerIdentity caller = getCallerIdentity(who);
Preconditions.checkCallingUser(isManagedProfile(caller.getUserId()));
+ Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
admin.organizationColor = color;
saveSettingsLocked(caller.getUserId());
}
@@ -14452,9 +14440,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final CallerIdentity caller = getCallerIdentity(who);
Preconditions.checkCallingUser(isManagedProfile(caller.getUserId()));
+ Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
return admin.organizationColor;
}
}
@@ -14486,9 +14475,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
Objects.requireNonNull(who, "ComponentName is null");
final CallerIdentity caller = getCallerIdentity(who);
+ Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (!TextUtils.equals(admin.organizationName, text)) {
admin.organizationName = (text == null || text.length() == 0)
? null : text.toString();
@@ -14506,9 +14496,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final CallerIdentity caller = getCallerIdentity(who);
Preconditions.checkCallingUser(isManagedProfile(caller.getUserId()));
+ Preconditions.checkCallAuthorization(isDeviceOwner(caller) || isProfileOwner(caller));
synchronized (getLockObject()) {
- ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
return admin.organizationName;
}
}
@@ -14568,7 +14559,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
return packageNames;
}
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
return mInjector.binderWithCleanCallingIdentity(() -> {
final List<String> excludedPkgs = removeInvalidPkgsForMeteredDataRestriction(
caller.getUserId(), packageNames);
@@ -14617,7 +14608,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
"Admin %s does not own the profile", caller.getComponentName());
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
return admin.meteredDisabledPackages == null
? new ArrayList<>() : admin.meteredDisabledPackages;
}
@@ -16653,9 +16644,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
Objects.requireNonNull(who, "ComponentName is null");
final CallerIdentity caller = getCallerIdentity(who);
+ Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
admin.mCrossProfileCalendarPackages = packageNames;
saveSettingsLocked(caller.getUserId());
}
@@ -16674,9 +16666,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
Objects.requireNonNull(who, "ComponentName is null");
final CallerIdentity caller = getCallerIdentity(who);
+ Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
return admin.mCrossProfileCalendarPackages;
}
}
@@ -16749,10 +16742,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Objects.requireNonNull(who, "ComponentName is null");
Objects.requireNonNull(packageNames, "Package names is null");
final CallerIdentity caller = getCallerIdentity(who);
+ Preconditions.checkCallAuthorization(isProfileOwner(caller));
final List<String> previousCrossProfilePackages;
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
previousCrossProfilePackages = admin.mCrossProfilePackages;
if (packageNames.equals(previousCrossProfilePackages)) {
return;
@@ -16782,9 +16776,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
}
Objects.requireNonNull(who, "ComponentName is null");
final CallerIdentity caller = getCallerIdentity(who);
+ Preconditions.checkCallAuthorization(isProfileOwner(caller));
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
return admin.mCrossProfilePackages;
}
}
@@ -17039,7 +17034,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
"Common Criteria mode can only be controlled by a device owner or "
+ "a profile owner on an organization-owned device.");
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
admin.mCommonCriteriaMode = enabled;
saveSettingsLocked(caller.getUserId());
}
@@ -17060,7 +17055,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
+ "a profile owner on an organization-owned device.");
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
return admin.mCommonCriteriaMode;
}
}
@@ -17083,7 +17078,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkCallAuthorization(isProfileOwnerOfOrganizationOwnedDevice(caller));
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
final long deadline = admin.mProfileOffDeadline;
final int result = makeSuspensionReasons(admin.mSuspendPersonalApps,
deadline != 0 && mInjector.systemCurrentTimeMillis() > deadline);
@@ -17115,7 +17110,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final int callingUserId = caller.getUserId();
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(callingUserId);
boolean shouldSaveSettings = false;
if (admin.mSuspendPersonalApps != suspended) {
admin.mSuspendPersonalApps = suspended;
@@ -17407,7 +17402,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
final int userId = caller.getUserId();
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(userId);
// Ensure the timeout is long enough to avoid having bad user experience.
if (timeoutMillis > 0 && timeoutMillis < MANAGED_PROFILE_MAXIMUM_TIME_OFF_THRESHOLD
@@ -17451,7 +17446,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
Preconditions.checkCallAuthorization(isProfileOwnerOfOrganizationOwnedDevice(caller));
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
return admin.mProfileMaximumTimeOffMillis;
}
}
@@ -17463,7 +17458,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
enforceUserUnlocked(caller.getUserId());
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
if (admin.mProfileOffDeadline > 0) {
admin.mProfileOffDeadline = 0;
saveSettingsLocked(caller.getUserId());
@@ -17478,7 +17473,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
enforceUserUnlocked(caller.getUserId());
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerLocked(caller.getUserId());
return admin.mProfileOffDeadline != 0;
}
}
@@ -18417,7 +18412,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
"USB data signaling cannot be disabled.");
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (admin.mUsbDataSignalingEnabled != enabled) {
admin.mUsbDataSignalingEnabled = enabled;
saveSettingsLocked(caller.getUserId());
@@ -18452,7 +18447,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
// If the caller is an admin, return the policy set by itself. Otherwise
// return the device-wide policy.
if (isDefaultDeviceOwner(caller) || isProfileOwnerOfOrganizationOwnedDevice(caller)) {
- return getProfileOwnerOrDeviceOwnerLocked(caller).mUsbDataSignalingEnabled;
+ return getProfileOwnerOrDeviceOwnerLocked(
+ caller.getUserId()).mUsbDataSignalingEnabled;
} else {
return isUsbDataSignalingEnabledInternalLocked();
}
@@ -18508,7 +18504,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
boolean valueChanged = false;
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (admin.mWifiMinimumSecurityLevel != level) {
admin.mWifiMinimumSecurityLevel = level;
saveSettingsLocked(caller.getUserId());
@@ -18554,7 +18550,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
boolean changed = false;
synchronized (getLockObject()) {
- final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller);
+ final ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(caller.getUserId());
if (!Objects.equals(policy, admin.mWifiSsidPolicy)) {
admin.mWifiSsidPolicy = policy;
changed = true;
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2026-01-02 07:46:17 +0000