Merge "Allow the supervision component requirement for DPM#setSecondaryLockscreenEnabled to be bypassed for testOnly admins."

author: TreeHugger Robot <treehugger-gerrit@google.com> 2020-09-14 15:28:31 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-09-14 15:28:31 +0000
commit: d2ba4a0fe96af4085eca60428b71a488a99f2c0f (patch)
tree: dbf68b74ac6bf3511a0a5879c28789e2e68d8e44
parent: de50855fedb27b555d04ce28b7ed1975ce1cbeb9 (diff)
parent: 756df8e3b347002a99f2b73ddebefaad0d4686d8 (diff)
2 files changed, 25 insertions, 3 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 42bad3e314a8..183a1495b075 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -7867,15 +7867,21 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
             return null;
         }
         synchronized (getLockObject()) {
+            final ComponentName doComponent = mOwners.getDeviceOwnerComponent();
+            final ComponentName poComponent =
+                    mOwners.getProfileOwnerComponent(userHandle.getIdentifier());
+            // Return test only admin by default.
+            if (isAdminTestOnlyLocked(doComponent, userHandle.getIdentifier())) {
+                return doComponent;
+            } else if (isAdminTestOnlyLocked(poComponent, userHandle.getIdentifier())) {
+                return poComponent;
+            }
             final String supervisor = mContext.getResources().getString(
                     com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
             if (supervisor == null) {
                 return null;
             }
             final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor);
-            final ComponentName doComponent = mOwners.getDeviceOwnerComponent();
-            final ComponentName poComponent =
-                    mOwners.getProfileOwnerComponent(userHandle.getIdentifier());
             if (supervisorComponent.equals(doComponent) || supervisorComponent.equals(
                     poComponent)) {
                 return supervisorComponent;
@@ -10225,6 +10231,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
             throw new SecurityException(
                     "User " + userId + " is not allowed to call setSecondaryLockscreenEnabled");
         }
+        synchronized (getLockObject()) {
+            if (isAdminTestOnlyLocked(who, userId)) {
+                // Allow testOnly admins to bypass supervision config requirement.
+                return;
+            }
+        }
         // Only the default supervision app can use this API.
         final String supervisor = mContext.getResources().getString(
                 com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 8759077ea0ad..3a8d9c3e9ff5 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -4392,6 +4392,16 @@ public class DevicePolicyManagerTest extends DpmTestBase {
     public void testSecondaryLockscreen_nonSupervisionApp() throws Exception {
         mContext.binder.callingUid = DpmMockContext.CALLER_UID;
 
+        // Ensure packages are *not* flagged as test_only.
+        doReturn(new ApplicationInfo()).when(getServices().ipackageManager).getApplicationInfo(
+                eq(admin1.getPackageName()),
+                anyInt(),
+                eq(CALLER_USER_HANDLE));
+        doReturn(new ApplicationInfo()).when(getServices().ipackageManager).getApplicationInfo(
+                eq(admin2.getPackageName()),
+                anyInt(),
+                eq(CALLER_USER_HANDLE));
+
         // Initial state is disabled.
         assertFalse(dpm.isSecondaryLockscreenEnabled(UserHandle.of(CALLER_USER_HANDLE)));
author	TreeHugger Robot <treehugger-gerrit@google.com>	2020-09-14 15:28:31 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-09-14 15:28:31 +0000
commit	d2ba4a0fe96af4085eca60428b71a488a99f2c0f (patch)
tree	dbf68b74ac6bf3511a0a5879c28789e2e68d8e44
parent	de50855fedb27b555d04ce28b7ed1975ce1cbeb9 (diff)
parent	756df8e3b347002a99f2b73ddebefaad0d4686d8 (diff)