diff options
| author | 2024-04-17 16:09:59 +0000 | |
|---|---|---|
| committer | 2024-04-17 16:09:59 +0000 | |
| commit | b48b9c73cdee0e17a2f4cbfaf3dd66f93fe49af0 (patch) | |
| tree | 2089081e5338c245aa2f75f29f3e63f53e408618 | |
| parent | 3c4c6b8fbdb8d7aed25448e439ec0e9e7ebb3614 (diff) | |
| parent | cd75e6ae1ed72bbc0b985f3ab5effc581fa91f91 (diff) | |
Merge changes from topic "power-exemption-bg-appop" into main
* changes:
Make power exemption grant bg usage app op
Cleanup flag and unused method
3 files changed, 43 insertions, 56 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManagerInternal.java b/core/java/android/app/admin/DevicePolicyManagerInternal.java index 1aee9fe57466..a9f2d74eae39 100644 --- a/core/java/android/app/admin/DevicePolicyManagerInternal.java +++ b/core/java/android/app/admin/DevicePolicyManagerInternal.java @@ -317,11 +317,6 @@ public abstract class DevicePolicyManagerInternal { public abstract boolean isUserOrganizationManaged(@UserIdInt int userId); /** - * Returns whether the application exemptions feature flag is enabled. - */ - public abstract boolean isApplicationExemptionsFlagEnabled(); - - /** * Returns a map of admin to {@link Bundle} map of restrictions set by the admins for the * provided {@code packageName} in the provided {@code userId} */ diff --git a/core/java/android/app/admin/flags/flags.aconfig b/core/java/android/app/admin/flags/flags.aconfig index 6a07484eebc6..0d0db1d2fc9a 100644 --- a/core/java/android/app/admin/flags/flags.aconfig +++ b/core/java/android/app/admin/flags/flags.aconfig @@ -195,6 +195,15 @@ flag { } } +flag { + name: "power_exemption_bg_usage_fix" + namespace: "enterprise" + description: "Ensure aps with EXEMPT_FROM_POWER_RESTRICTIONS can execute in the background" + bug: "333379020" + metadata { + purpose: PURPOSE_BUGFIX + } +} flag { name: "esim_management_ux_enabled" diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index cb637579d8db..e1ad979ded96 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -107,6 +107,8 @@ import static android.app.AppOpsManager.OPSTR_SYSTEM_EXEMPT_FROM_DISMISSIBLE_NOT import static android.app.AppOpsManager.OPSTR_SYSTEM_EXEMPT_FROM_HIBERNATION; import static android.app.AppOpsManager.OPSTR_SYSTEM_EXEMPT_FROM_POWER_RESTRICTIONS; import static android.app.AppOpsManager.OPSTR_SYSTEM_EXEMPT_FROM_SUSPENSION; +import static android.app.AppOpsManager.OP_RUN_ANY_IN_BACKGROUND; +import static android.app.AppOpsManager.OP_RUN_IN_BACKGROUND; import static android.app.admin.DeviceAdminInfo.HEADLESS_DEVICE_OWNER_MODE_AFFILIATED; import static android.app.admin.DeviceAdminInfo.HEADLESS_DEVICE_OWNER_MODE_SINGLE_USER; import static android.app.admin.DeviceAdminInfo.HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED; @@ -886,10 +888,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { "enable_permission_based_access"; private static final boolean DEFAULT_VALUE_PERMISSION_BASED_ACCESS_FLAG = false; - // TODO(b/266831522) remove the flag after rollout. - private static final String APPLICATION_EXEMPTIONS_FLAG = "application_exemptions"; - private static final boolean DEFAULT_APPLICATION_EXEMPTIONS_FLAG = true; - private static final int RETRY_COPY_ACCOUNT_ATTEMPTS = 3; /** @@ -3689,26 +3687,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mDevicePolicyEngine.handleStartUser(userId); } - void pushUserControlDisabledPackagesLocked(int userId) { - final int targetUserId; - final ActiveAdmin owner; - if (getDeviceOwnerUserIdUncheckedLocked() == userId) { - owner = getDeviceOwnerAdminLocked(); - targetUserId = UserHandle.USER_ALL; - } else { - owner = getProfileOwnerAdminLocked(userId); - targetUserId = userId; - } - - List<String> protectedPackages = (owner == null || owner.protectedPackages == null) - ? null : owner.protectedPackages; - mInjector.binderWithCleanCallingIdentity(() -> - mInjector.getPackageManagerInternal().setOwnerProtectedPackages( - targetUserId, protectedPackages)); - mUsageStatsManagerInternal.setAdminProtectedPackages(new ArraySet(protectedPackages), - targetUserId); - } - void handleUnlockUser(int userId) { startOwnerService(userId, "unlock-user"); mDevicePolicyEngine.handleUnlockUser(userId); @@ -15913,14 +15891,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override - public boolean isApplicationExemptionsFlagEnabled() { - return DeviceConfig.getBoolean( - NAMESPACE_DEVICE_POLICY_MANAGER, - APPLICATION_EXEMPTIONS_FLAG, - DEFAULT_APPLICATION_EXEMPTIONS_FLAG); - } - - @Override public List<Bundle> getApplicationRestrictionsPerAdminForUser( String packageName, @UserIdInt int userId) { if (UserHandle.getCallingUserId() != userId @@ -20378,34 +20348,47 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { hasCallingOrSelfPermission(permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS)); final CallerIdentity caller = getCallerIdentity(callerPackage); - final ApplicationInfo packageInfo; - packageInfo = getPackageInfoWithNullCheck(packageName, caller); + final AppOpsManager appOpsMgr = mInjector.getAppOpsManager(); + final ApplicationInfo appInfo = getPackageInfoWithNullCheck(packageName, caller); + final int uid = appInfo.uid; - for (Map.Entry<Integer, String> entry : - APPLICATION_EXEMPTION_CONSTANTS_TO_APP_OPS.entrySet()) { - int currentMode = mInjector.getAppOpsManager().unsafeCheckOpNoThrow( - entry.getValue(), packageInfo.uid, packageInfo.packageName); - int newMode = ArrayUtils.contains(exemptions, entry.getKey()) - ? MODE_ALLOWED : MODE_DEFAULT; - mInjector.binderWithCleanCallingIdentity(() -> { + mInjector.binderWithCleanCallingIdentity(() -> { + APPLICATION_EXEMPTION_CONSTANTS_TO_APP_OPS.forEach((exemption, appOp) -> { + int currentMode = appOpsMgr.unsafeCheckOpNoThrow(appOp, uid, packageName); + int newMode = ArrayUtils.contains(exemptions, exemption) + ? MODE_ALLOWED : MODE_DEFAULT; if (currentMode != newMode) { - mInjector.getAppOpsManager() - .setMode(entry.getValue(), - packageInfo.uid, - packageName, - newMode); + appOpsMgr.setMode(appOp, uid, packageName, newMode); + + // If the user has already disabled background usage for the package, it won't + // have OP_RUN_ANY_IN_BACKGROUND app op and won't execute in the background. The + // code below grants that app op, and once the exemption is in place, the user + // won't be able to disable background usage anymore. + if (Flags.powerExemptionBgUsageFix() + && exemption == EXEMPT_FROM_POWER_RESTRICTIONS + && newMode == MODE_ALLOWED) { + setBgUsageAppOp(appOpsMgr, appInfo); + } } }); - } + }); + String[] appOpExemptions = new String[exemptions.length]; for (int i = 0; i < exemptions.length; i++) { appOpExemptions[i] = APPLICATION_EXEMPTION_CONSTANTS_TO_APP_OPS.get(exemptions[i]); } DevicePolicyEventLogger - .createEvent(DevicePolicyEnums.SET_APPLICATION_EXEMPTIONS) - .setAdmin(caller.getPackageName()) - .setStrings(packageName, appOpExemptions) - .write(); + .createEvent(DevicePolicyEnums.SET_APPLICATION_EXEMPTIONS) + .setAdmin(caller.getPackageName()) + .setStrings(packageName, appOpExemptions) + .write(); + } + + static void setBgUsageAppOp(AppOpsManager appOpsMgr, ApplicationInfo appInfo) { + appOpsMgr.setMode(OP_RUN_ANY_IN_BACKGROUND, appInfo.uid, appInfo.packageName, MODE_ALLOWED); + if (appInfo.targetSdkVersion < Build.VERSION_CODES.O) { + appOpsMgr.setMode(OP_RUN_IN_BACKGROUND, appInfo.uid, appInfo.packageName, MODE_ALLOWED); + } } @Override |