Remove requireAutoTime on upgrade

* In Android 11, setRequireAutoTime was deprecated.
  The user restriction DISALLOW_CONFIG_DATE_TIME
  should be used instead to enforce time policies.
* When removing the DO, requireAutoTime needs to
  be set to false
* When transferring policies from the DO to the
  COPE PO, the user restriction should be used instead
  of requireAutoTime. This is because requireAutoTime
  can never be turned false for the COPE PO

Manual testing steps - Scenario 1
* Flash device with Android Q build and set up
  device in DO mode
* Apply some policies using TestDPC, including requireAutoTime
* Flash device with Android R build and do not wipe
* Replicate issue by checking date time cannot be removed
* Flash device with Android S build and do not wipe
* Verify date time restriction can be removed

Manual testing steps - Scenario 2
* Flash device with Android Q build and set up
  device in DO mode
* Apply some policies using TestDPC, including requireAutoTime
* Flash device with Android S build and do not wipe
* Verify DO restriction has been set on parent admin
* Verify date time restriction can be removed

Bug: 165026695
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
      Manual testing
Change-Id: I76344fe2df7475b6411362b4aff806a5cbf053a7

1 files changed, 45 insertions, 1 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index bc130e2c1e5b..5d85b8168da3 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2086,12 +2086,19 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
 
         // The following policies weren't available to PO, but will be available after migration.
         parentAdmin.disableCamera = doAdmin.disableCamera;
-        parentAdmin.requireAutoTime = doAdmin.requireAutoTime;
         parentAdmin.disableScreenCapture = doAdmin.disableScreenCapture;
         parentAdmin.accountTypesWithManagementDisabled.addAll(
                 doAdmin.accountTypesWithManagementDisabled);
 
         moveDoUserRestrictionsToCopeParent(doAdmin, parentAdmin);
+
+        // From Android 11, {@link setAutoTimeRequired} is no longer used. The user restriction
+        // {@link UserManager#DISALLOW_CONFIG_DATE_TIME} should be used to enforce auto time
+        // settings instead.
+        if (doAdmin.requireAutoTime) {
+            parentAdmin.ensureUserRestrictions().putBoolean(
+                    UserManager.DISALLOW_CONFIG_DATE_TIME, true);
+        }
     }
 
     private void moveDoUserRestrictionsToCopeParent(ActiveAdmin doAdmin, ActiveAdmin parentAdmin) {
@@ -2361,6 +2368,41 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         saveSettingsLocked(user.getIdentifier());
     }
 
+    /**
+     * Fix left-over restrictions and auto-time policy during COMP -> COPE migration.
+     *
+     * When a COMP device with requireAutoTime policy set was migrated to an
+     * organization-owned profile, a DISALLOW_CONFIG_DATE_TIME restriction is set
+     * on user 0 from the DO user, which becomes unremovable by the organization-owned
+     * profile owner. Fix this by force removing that restriction. Also revert the
+     * parentAdmin.requireAutoTime bit (since the COPE PO cannot unset this bit)
+     * and replace it with DISALLOW_CONFIG_DATE_TIME on the correct
+     * admin, in line with the deprecation recommendation of setAutoTimeRequired().
+     */
+    private void fixupAutoTimeRestrictionDuringOrganizationOwnedDeviceMigration() {
+        for (UserInfo ui : mUserManager.getUsers()) {
+            final int userId = ui.id;
+            if (isProfileOwnerOfOrganizationOwnedDevice(userId)) {
+                final ActiveAdmin parent = getProfileOwnerAdminLocked(userId).parentAdmin;
+                if (parent != null && parent.requireAutoTime) {
+                    // Remove deprecated requireAutoTime
+                    parent.requireAutoTime = false;
+                    saveSettingsLocked(userId);
+
+                    // Remove user restrictions set by the device owner before the upgrade to
+                    // Android 11.
+                    mUserManagerInternal.setDevicePolicyUserRestrictions(UserHandle.USER_SYSTEM,
+                            new Bundle(), new RestrictionsSet(), /* isDeviceOwner */ false);
+
+                    // Apply user restriction to parent active admin instead
+                    parent.ensureUserRestrictions().putBoolean(
+                            UserManager.DISALLOW_CONFIG_DATE_TIME, true);
+                    pushUserRestrictions(userId);
+                }
+            }
+        }
+    }
+
     private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) {
         final DevicePolicyData policy = getUserData(userId);
         final int n = policy.mAdminList.size();
@@ -3020,6 +3062,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
     private void onLockSettingsReady() {
         synchronized (getLockObject()) {
             migrateUserRestrictionsIfNecessaryLocked();
+            fixupAutoTimeRestrictionDuringOrganizationOwnedDeviceMigration();
             performPolicyVersionUpgrade();
         }
         getUserData(UserHandle.USER_SYSTEM);
@@ -8574,6 +8617,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
             admin.defaultEnabledRestrictionsAlreadySet.clear();
             admin.forceEphemeralUsers = false;
             admin.isNetworkLoggingEnabled = false;
+            admin.requireAutoTime = false;
             mUserManagerInternal.setForceEphemeralUsers(admin.forceEphemeralUsers);
         }
         final DevicePolicyData policyData = getUserData(userId);