diff options
| author | 2021-04-23 13:54:23 +0000 | |
|---|---|---|
| committer | 2021-04-23 13:54:54 +0000 | |
| commit | dc70c57eaf807641cfdf4ec164942d635f7b517d (patch) | |
| tree | bd59421606eaf8635c6d4180abf60c9802816012 | |
| parent | e311f273d4593e135d83bd41f1d4d8b4fd9fc9ad (diff) | |
Revert "Changed dpm shell commands to use 'cmd device_policy'"
This reverts commit e311f273d4593e135d83bd41f1d4d8b4fd9fc9ad.
Reason for revert: Suspected to break git_sc-dev: https://android-build.googleplex.com/builds/tests/view?invocationId=I95100008561539923&testResultId=TR98321419962361792
Bug: 186208038
Change-Id: I0dc3ee2d509f395677600590d0cbb42b4d9f1682
| -rw-r--r-- | cmds/dpm/Android.bp | 5 | ||||
| -rwxr-xr-x | cmds/dpm/dpm | 4 | ||||
| -rw-r--r-- | cmds/dpm/src/com/android/commands/dpm/Dpm.java | 275 | ||||
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerServiceShellCommand.java | 200 |
4 files changed, 285 insertions, 199 deletions
diff --git a/cmds/dpm/Android.bp b/cmds/dpm/Android.bp index 6819d0982d2c..665abcd7314d 100644 --- a/cmds/dpm/Android.bp +++ b/cmds/dpm/Android.bp @@ -18,7 +18,8 @@ license { ], } -sh_binary { +java_binary { name: "dpm", - src: "dpm", + wrapper: "dpm", + srcs: ["**/*.java"], } diff --git a/cmds/dpm/dpm b/cmds/dpm/dpm index 784db5b352a9..e0efdc15a706 100755 --- a/cmds/dpm/dpm +++ b/cmds/dpm/dpm @@ -1,5 +1,7 @@ #!/system/bin/sh # Script to start "dpm" on the device # -cmd device_policy "$@" +base=/system +export CLASSPATH=$base/framework/dpm.jar +exec app_process $base/bin com.android.commands.dpm.Dpm "$@" diff --git a/cmds/dpm/src/com/android/commands/dpm/Dpm.java b/cmds/dpm/src/com/android/commands/dpm/Dpm.java new file mode 100644 index 000000000000..d0c2a24d5314 --- /dev/null +++ b/cmds/dpm/src/com/android/commands/dpm/Dpm.java @@ -0,0 +1,275 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.commands.dpm; + +import android.app.ActivityManager; +import android.app.IActivityManager; +import android.app.admin.DevicePolicyManager; +import android.app.admin.IDevicePolicyManager; +import android.content.ComponentName; +import android.content.Context; +import android.os.RemoteException; +import android.os.ServiceManager; +import android.os.UserHandle; + +import com.android.internal.os.BaseCommand; + +import java.io.PrintStream; + +public final class Dpm extends BaseCommand { + + /** + * Command-line entry point. + * + * @param args The command-line arguments + */ + public static void main(String[] args) { + (new Dpm()).run(args); + } + + private static final String COMMAND_SET_ACTIVE_ADMIN = "set-active-admin"; + private static final String COMMAND_SET_DEVICE_OWNER = "set-device-owner"; + private static final String COMMAND_SET_PROFILE_OWNER = "set-profile-owner"; + private static final String COMMAND_REMOVE_ACTIVE_ADMIN = "remove-active-admin"; + private static final String COMMAND_CLEAR_FREEZE_PERIOD_RECORD = "clear-freeze-period-record"; + private static final String COMMAND_FORCE_NETWORK_LOGS = "force-network-logs"; + private static final String COMMAND_FORCE_SECURITY_LOGS = "force-security-logs"; + private static final String COMMAND_MARK_PO_ON_ORG_OWNED_DEVICE = + "mark-profile-owner-on-organization-owned-device"; + + private IDevicePolicyManager mDevicePolicyManager; + private int mUserId = UserHandle.USER_SYSTEM; + private String mName = ""; + private ComponentName mComponent = null; + + @Override + public void onShowUsage(PrintStream out) { + out.println( + "usage: dpm [subcommand] [options]\n" + + "usage: dpm set-active-admin [ --user <USER_ID> | current ] <COMPONENT>\n" + + // STOPSHIP Finalize it + "usage: dpm set-device-owner [ --user <USER_ID> | current *EXPERIMENTAL* ] " + + "[ --name <NAME> ] <COMPONENT>\n" + + "usage: dpm set-profile-owner [ --user <USER_ID> | current ] [ --name <NAME> ] " + + "<COMPONENT>\n" + + "usage: dpm remove-active-admin [ --user <USER_ID> | current ] [ --name <NAME> ] " + + "<COMPONENT>\n" + + "\n" + + "dpm set-active-admin: Sets the given component as active admin" + + " for an existing user.\n" + + "\n" + + "dpm set-device-owner: Sets the given component as active admin, and its" + + " package as device owner.\n" + + "\n" + + "dpm set-profile-owner: Sets the given component as active admin and profile" + + " owner for an existing user.\n" + + "\n" + + "dpm remove-active-admin: Disables an active admin, the admin must have declared" + + " android:testOnly in the application in its manifest. This will also remove" + + " device and profile owners.\n" + + "\n" + + "dpm " + COMMAND_CLEAR_FREEZE_PERIOD_RECORD + ": clears framework-maintained " + + "record of past freeze periods that the device went through. For use during " + + "feature development to prevent triggering restriction on setting freeze " + + "periods.\n" + + "\n" + + "dpm " + COMMAND_FORCE_NETWORK_LOGS + ": makes all network logs available to " + + "the DPC and triggers DeviceAdminReceiver.onNetworkLogsAvailable() if needed.\n" + + "\n" + + "dpm " + COMMAND_FORCE_SECURITY_LOGS + ": makes all security logs available to " + + "the DPC and triggers DeviceAdminReceiver.onSecurityLogsAvailable() if needed." + + "\n" + + "usage: dpm " + COMMAND_MARK_PO_ON_ORG_OWNED_DEVICE + ": " + + "[ --user <USER_ID> | current ] <COMPONENT>\n"); + } + + @Override + public void onRun() throws Exception { + mDevicePolicyManager = IDevicePolicyManager.Stub.asInterface( + ServiceManager.getService(Context.DEVICE_POLICY_SERVICE)); + if (mDevicePolicyManager == null) { + showError("Error: Could not access the Device Policy Manager. Is the system running?"); + return; + } + + String command = nextArgRequired(); + switch (command) { + case COMMAND_SET_ACTIVE_ADMIN: + runSetActiveAdmin(); + break; + case COMMAND_SET_DEVICE_OWNER: + runSetDeviceOwner(); + break; + case COMMAND_SET_PROFILE_OWNER: + runSetProfileOwner(); + break; + case COMMAND_REMOVE_ACTIVE_ADMIN: + runRemoveActiveAdmin(); + break; + case COMMAND_CLEAR_FREEZE_PERIOD_RECORD: + runClearFreezePeriodRecord(); + break; + case COMMAND_FORCE_NETWORK_LOGS: + runForceNetworkLogs(); + break; + case COMMAND_FORCE_SECURITY_LOGS: + runForceSecurityLogs(); + break; + case COMMAND_MARK_PO_ON_ORG_OWNED_DEVICE: + runMarkProfileOwnerOnOrganizationOwnedDevice(); + break; + default: + throw new IllegalArgumentException ("unknown command '" + command + "'"); + } + } + + private void runForceNetworkLogs() throws RemoteException, InterruptedException { + while (true) { + final long toWait = mDevicePolicyManager.forceNetworkLogs(); + if (toWait == 0) { + break; + } + System.out.println("We have to wait for " + toWait + " milliseconds..."); + Thread.sleep(toWait); + } + System.out.println("Success"); + } + + private void runForceSecurityLogs() throws RemoteException, InterruptedException { + while (true) { + final long toWait = mDevicePolicyManager.forceSecurityLogs(); + if (toWait == 0) { + break; + } + System.out.println("We have to wait for " + toWait + " milliseconds..."); + Thread.sleep(toWait); + } + System.out.println("Success"); + } + + private void parseArgs(boolean canHaveName) { + String opt; + while ((opt = nextOption()) != null) { + if ("--user".equals(opt)) { + String arg = nextArgRequired(); + if ("current".equals(arg) || "cur".equals(arg)) { + mUserId = UserHandle.USER_CURRENT; + } else { + mUserId = parseInt(arg); + } + if (mUserId == UserHandle.USER_CURRENT) { + IActivityManager activityManager = ActivityManager.getService(); + try { + mUserId = activityManager.getCurrentUser().id; + } catch (RemoteException e) { + e.rethrowAsRuntimeException(); + } + } + } else if (canHaveName && "--name".equals(opt)) { + mName = nextArgRequired(); + } else { + throw new IllegalArgumentException("Unknown option: " + opt); + } + } + mComponent = parseComponentName(nextArgRequired()); + } + + private void runSetActiveAdmin() throws RemoteException { + parseArgs(/*canHaveName=*/ false); + mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId); + + System.out.println("Success: Active admin set to component " + mComponent.toShortString()); + } + + private void runSetDeviceOwner() throws RemoteException { + parseArgs(/*canHaveName=*/ true); + mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId); + + try { + if (!mDevicePolicyManager.setDeviceOwner(mComponent, mName, mUserId)) { + throw new RuntimeException( + "Can't set package " + mComponent + " as device owner."); + } + } catch (Exception e) { + // Need to remove the admin that we just added. + mDevicePolicyManager.removeActiveAdmin(mComponent, UserHandle.USER_SYSTEM); + throw e; + } + + mDevicePolicyManager.setUserProvisioningState( + DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId); + + System.out.println("Success: Device owner set to package " + mComponent); + System.out.println("Active admin set to component " + mComponent.toShortString()); + } + + private void runRemoveActiveAdmin() throws RemoteException { + parseArgs(/*canHaveName=*/ false); + mDevicePolicyManager.forceRemoveActiveAdmin(mComponent, mUserId); + System.out.println("Success: Admin removed " + mComponent); + } + + private void runSetProfileOwner() throws RemoteException { + parseArgs(/*canHaveName=*/ true); + mDevicePolicyManager.setActiveAdmin(mComponent, true /*refreshing*/, mUserId); + + try { + if (!mDevicePolicyManager.setProfileOwner(mComponent, mName, mUserId)) { + throw new RuntimeException("Can't set component " + mComponent.toShortString() + + " as profile owner for user " + mUserId); + } + } catch (Exception e) { + // Need to remove the admin that we just added. + mDevicePolicyManager.removeActiveAdmin(mComponent, mUserId); + throw e; + } + + mDevicePolicyManager.setUserProvisioningState( + DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId); + + System.out.println("Success: Active admin and profile owner set to " + + mComponent.toShortString() + " for user " + mUserId); + } + + private void runClearFreezePeriodRecord() throws RemoteException { + mDevicePolicyManager.clearSystemUpdatePolicyFreezePeriodRecord(); + System.out.println("Success"); + } + + + private void runMarkProfileOwnerOnOrganizationOwnedDevice() throws RemoteException { + parseArgs(/*canHaveName=*/ false); + mDevicePolicyManager.markProfileOwnerOnOrganizationOwnedDevice(mComponent, mUserId); + System.out.println("Success"); + } + + private ComponentName parseComponentName(String component) { + ComponentName cn = ComponentName.unflattenFromString(component); + if (cn == null) { + throw new IllegalArgumentException ("Invalid component " + component); + } + return cn; + } + + private int parseInt(String argument) { + try { + return Integer.parseInt(argument); + } catch (NumberFormatException e) { + throw new IllegalArgumentException ("Invalid integer argument '" + argument + "'", e); + } + } +} diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerServiceShellCommand.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerServiceShellCommand.java index a2db6aaca3df..285ecfb6b478 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerServiceShellCommand.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerServiceShellCommand.java @@ -15,12 +15,8 @@ */ package com.android.server.devicepolicy; -import android.app.ActivityManager; import android.app.admin.DevicePolicyManager; -import android.content.ComponentName; import android.os.ShellCommand; -import android.os.SystemClock; -import android.os.UserHandle; import com.android.server.devicepolicy.Owners.OwnerDto; @@ -36,23 +32,8 @@ final class DevicePolicyManagerServiceShellCommand extends ShellCommand { private static final String CMD_SET_SAFE_OPERATION = "set-operation-safe"; private static final String CMD_LIST_OWNERS = "list-owners"; private static final String CMD_LIST_POLICY_EXEMPT_APPS = "list-policy-exempt-apps"; - private static final String CMD_SET_ACTIVE_ADMIN = "set-active-admin"; - private static final String CMD_SET_DEVICE_OWNER = "set-device-owner"; - private static final String CMD_SET_PROFILE_OWNER = "set-profile-owner"; - private static final String CMD_REMOVE_ACTIVE_ADMIN = "remove-active-admin"; - private static final String CMD_CLEAR_FREEZE_PERIOD_RECORD = "clear-freeze-period-record"; - private static final String CMD_FORCE_NETWORK_LOGS = "force-network-logs"; - private static final String CMD_FORCE_SECURITY_LOGS = "force-security-logs"; - private static final String CMD_MARK_PO_ON_ORG_OWNED_DEVICE = - "mark-profile-owner-on-organization-owned-device"; - - private static final String USER_OPTION = "--user"; - private static final String NAME_OPTION = "--name"; private final DevicePolicyManagerService mService; - private int mUserId = UserHandle.USER_SYSTEM; - private String mName = ""; - private ComponentName mComponent; DevicePolicyManagerServiceShellCommand(DevicePolicyManagerService service) { mService = Objects.requireNonNull(service); @@ -60,7 +41,7 @@ final class DevicePolicyManagerServiceShellCommand extends ShellCommand { @Override public void onHelp() { - try (PrintWriter pw = getOutPrintWriter()) { + try (PrintWriter pw = getOutPrintWriter();) { pw.printf("DevicePolicyManager Service (device_policy) commands:\n\n"); showHelp(pw); } @@ -71,7 +52,7 @@ final class DevicePolicyManagerServiceShellCommand extends ShellCommand { if (cmd == null) { return handleDefaultCommands(cmd); } - try (PrintWriter pw = getOutPrintWriter()) { + try (PrintWriter pw = getOutPrintWriter();) { switch (cmd) { case CMD_IS_SAFE_OPERATION: return runIsSafeOperation(pw); @@ -83,22 +64,6 @@ final class DevicePolicyManagerServiceShellCommand extends ShellCommand { return runListOwners(pw); case CMD_LIST_POLICY_EXEMPT_APPS: return runListPolicyExemptApps(pw); - case CMD_SET_ACTIVE_ADMIN: - return runSetActiveAdmin(pw); - case CMD_SET_DEVICE_OWNER: - return runSetDeviceOwner(pw); - case CMD_SET_PROFILE_OWNER: - return runSetProfileOwner(pw); - case CMD_REMOVE_ACTIVE_ADMIN: - return runRemoveActiveAdmin(pw); - case CMD_CLEAR_FREEZE_PERIOD_RECORD: - return runClearFreezePeriodRecord(pw); - case CMD_FORCE_NETWORK_LOGS: - return runForceNetworkLogs(pw); - case CMD_FORCE_SECURITY_LOGS: - return runForceSecurityLogs(pw); - case CMD_MARK_PO_ON_ORG_OWNED_DEVICE: - return runMarkProfileOwnerOnOrganizationOwnedDevice(pw); default: return onInvalidCommand(pw, cmd); } @@ -110,7 +75,7 @@ final class DevicePolicyManagerServiceShellCommand extends ShellCommand { return 0; } - pw.printf("Usage: \n"); + pw.println("Usage: "); showHelp(pw); return -1; } @@ -129,37 +94,6 @@ final class DevicePolicyManagerServiceShellCommand extends ShellCommand { pw.printf(" Lists the device / profile owners per user \n\n"); pw.printf(" %s\n", CMD_LIST_POLICY_EXEMPT_APPS); pw.printf(" Lists the apps that are exempt from policies\n\n"); - pw.printf(" %s [ %s <USER_ID> | current ] <COMPONENT>\n", - CMD_SET_ACTIVE_ADMIN, USER_OPTION); - pw.printf(" Sets the given component as active admin for an existing user.\n\n"); - pw.printf(" %s [ %s <USER_ID> | current *EXPERIMENTAL* ] [ %s <NAME> ] " - + "<COMPONENT>\n", CMD_SET_DEVICE_OWNER, USER_OPTION, NAME_OPTION); - pw.printf(" Sets the given component as active admin, and its package as device owner." - + "\n\n"); - pw.printf(" %s [ %s <USER_ID> | current ] [ %s <NAME> ] <COMPONENT>\n", - CMD_SET_PROFILE_OWNER, USER_OPTION, NAME_OPTION); - pw.printf(" Sets the given component as active admin and profile owner for an existing " - + "user.\n\n"); - pw.printf(" %s [ %s <USER_ID> | current ] [ %s <NAME> ] <COMPONENT>\n", - CMD_REMOVE_ACTIVE_ADMIN, USER_OPTION, NAME_OPTION); - pw.printf(" Disables an active admin, the admin must have declared android:testOnly in " - + "the application in its manifest. This will also remove device and profile " - + "owners.\n\n"); - pw.printf(" %s\n", CMD_CLEAR_FREEZE_PERIOD_RECORD); - pw.printf(" Clears framework-maintained record of past freeze periods that the device " - + "went through. For use during feature development to prevent triggering " - + "restriction on setting freeze periods.\n\n"); - pw.printf(" %s\n", CMD_FORCE_NETWORK_LOGS); - pw.printf(" Makes all network logs available to the DPC and triggers " - + "DeviceAdminReceiver.onNetworkLogsAvailable() if needed.\n\n"); - pw.printf(" %s\n", CMD_FORCE_SECURITY_LOGS); - pw.printf(" Makes all security logs available to the DPC and triggers " - + "DeviceAdminReceiver.onSecurityLogsAvailable() if needed.\n\n"); - pw.printf(" %s [ %s <USER_ID> | current ] <COMPONENT>\n", - CMD_MARK_PO_ON_ORG_OWNED_DEVICE, USER_OPTION); - pw.printf(" Marks the profile owner of the given user as managing an organization-owned" - + "device. That will give it access to device identifiers (such as serial number, " - + "IMEI and MEID), as well as other privileges.\n\n"); } private int runIsSafeOperation(PrintWriter pw) { @@ -227,6 +161,7 @@ final class DevicePolicyManagerServiceShellCommand extends ShellCommand { return 0; } + private int runListPolicyExemptApps(PrintWriter pw) { List<String> apps = mService.listPolicyExemptApps(); int size = printAndGetSize(pw, apps, "policy exempt app"); @@ -239,131 +174,4 @@ final class DevicePolicyManagerServiceShellCommand extends ShellCommand { } return 0; } - - private int runSetActiveAdmin(PrintWriter pw) { - parseArgs(/* canHaveName= */ false); - mService.setActiveAdmin(mComponent, /* refreshing= */ true, mUserId); - - pw.printf("Success: Active admin set to component %s\n", mComponent.flattenToShortString()); - return 0; - } - - private int runSetDeviceOwner(PrintWriter pw) { - parseArgs(/* canHaveName= */ true); - mService.setActiveAdmin(mComponent, /* refreshing= */ true, mUserId); - - try { - if (!mService.setDeviceOwner(mComponent, mName, mUserId)) { - throw new RuntimeException( - "Can't set package " + mComponent + " as device owner."); - } - } catch (Exception e) { - // Need to remove the admin that we just added. - mService.removeActiveAdmin(mComponent, UserHandle.USER_SYSTEM); - throw e; - } - - mService.setUserProvisioningState( - DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId); - - pw.printf("Success: Device owner set to package %s\n", mComponent.flattenToShortString()); - pw.printf("Active admin set to component %s\n", mComponent.flattenToShortString()); - return 0; - } - - private int runRemoveActiveAdmin(PrintWriter pw) { - parseArgs(/* canHaveName= */ false); - mService.forceRemoveActiveAdmin(mComponent, mUserId); - pw.printf("Success: Admin removed %s\n", mComponent); - return 0; - } - - private int runSetProfileOwner(PrintWriter pw) { - parseArgs(/* canHaveName= */ true); - mService.setActiveAdmin(mComponent, /* refreshing= */ true, mUserId); - - try { - if (!mService.setProfileOwner(mComponent, mName, mUserId)) { - throw new RuntimeException("Can't set component " - + mComponent.flattenToShortString() + " as profile owner for user " - + mUserId); - } - } catch (Exception e) { - // Need to remove the admin that we just added. - mService.removeActiveAdmin(mComponent, mUserId); - throw e; - } - - mService.setUserProvisioningState( - DevicePolicyManager.STATE_USER_SETUP_FINALIZED, mUserId); - - pw.printf("Success: Active admin and profile owner set to %s for user %d\n", - mComponent.flattenToShortString(), mUserId); - return 0; - } - - private int runClearFreezePeriodRecord(PrintWriter pw) { - mService.clearSystemUpdatePolicyFreezePeriodRecord(); - pw.printf("Success\n"); - return 0; - } - - private int runForceNetworkLogs(PrintWriter pw) { - while (true) { - long toWait = mService.forceNetworkLogs(); - if (toWait == 0) { - break; - } - pw.printf("We have to wait for %d milliseconds...\n", toWait); - SystemClock.sleep(toWait); - } - pw.printf("Success\n"); - return 0; - } - - private int runForceSecurityLogs(PrintWriter pw) { - while (true) { - long toWait = mService.forceSecurityLogs(); - if (toWait == 0) { - break; - } - pw.printf("We have to wait for %d milliseconds...\n", toWait); - SystemClock.sleep(toWait); - } - pw.printf("Success\n"); - return 0; - } - - private int runMarkProfileOwnerOnOrganizationOwnedDevice(PrintWriter pw) { - parseArgs(/* canHaveName= */ false); - mService.markProfileOwnerOnOrganizationOwnedDevice(mComponent, mUserId); - pw.printf("Success\n"); - return 0; - } - - private void parseArgs(boolean canHaveName) { - String opt; - while ((opt = getNextOption()) != null) { - if (USER_OPTION.equals(opt)) { - String arg = getNextArgRequired(); - mUserId = UserHandle.parseUserArg(arg); - if (mUserId == UserHandle.USER_CURRENT) { - mUserId = ActivityManager.getCurrentUser(); - } - } else if (canHaveName && NAME_OPTION.equals(opt)) { - mName = getNextArgRequired(); - } else { - throw new IllegalArgumentException("Unknown option: " + opt); - } - } - mComponent = parseComponentName(getNextArgRequired()); - } - - private ComponentName parseComponentName(String component) { - ComponentName cn = ComponentName.unflattenFromString(component); - if (cn == null) { - throw new IllegalArgumentException("Invalid component " + component); - } - return cn; - } } |