summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--core/java/android/app/admin/DevicePolicyCache.java14
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java27
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java7
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java2
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java16
5 files changed, 65 insertions, 1 deletions
diff --git a/core/java/android/app/admin/DevicePolicyCache.java b/core/java/android/app/admin/DevicePolicyCache.java
index 29f657ec6ba7..16cb4ecc4cca 100644
--- a/core/java/android/app/admin/DevicePolicyCache.java
+++ b/core/java/android/app/admin/DevicePolicyCache.java
@@ -15,6 +15,9 @@
*/
package android.app.admin;
+import static android.app.admin.DevicePolicyManager.CONTENT_PROTECTION_DISABLED;
+import static android.app.admin.DevicePolicyManager.ContentProtectionPolicy;
+
import android.annotation.UserIdInt;
import com.android.server.LocalServices;
@@ -59,6 +62,12 @@ public abstract class DevicePolicyCache {
public abstract int getPermissionPolicy(@UserIdInt int userHandle);
/**
+ * Caches {@link DevicePolicyManager#getContentProtectionPolicy(android.content.ComponentName)}
+ * of the given user.
+ */
+ public abstract @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId);
+
+ /**
* True if there is an admin on the device who can grant sensor permissions.
*/
public abstract boolean canAdminGrantSensorsPermissions();
@@ -92,6 +101,11 @@ public abstract class DevicePolicyCache {
}
@Override
+ public @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId) {
+ return CONTENT_PROTECTION_DISABLED;
+ }
+
+ @Override
public boolean canAdminGrantSensorsPermissions() {
return false;
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java
index e7855bc85061..c4e2dc802104 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java
@@ -15,6 +15,10 @@
*/
package com.android.server.devicepolicy;
+import static android.app.admin.DevicePolicyManager.CONTENT_PROTECTION_DISABLED;
+import static android.app.admin.DevicePolicyManager.ContentProtectionPolicy;
+
+import android.annotation.Nullable;
import android.annotation.UserIdInt;
import android.app.admin.DevicePolicyCache;
import android.app.admin.DevicePolicyManager;
@@ -70,10 +74,14 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache {
/** Maps to {@code ActiveAdmin.mAdminCanGrantSensorsPermissions}. */
private final AtomicBoolean mCanGrantSensorsPermissions = new AtomicBoolean(false);
+ @GuardedBy("mLock")
+ private final SparseIntArray mContentProtectionPolicy = new SparseIntArray();
+
public void onUserRemoved(int userHandle) {
synchronized (mLock) {
mPasswordQuality.delete(userHandle);
mPermissionPolicy.delete(userHandle);
+ mContentProtectionPolicy.delete(userHandle);
}
}
@@ -143,6 +151,24 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache {
}
@Override
+ public @ContentProtectionPolicy int getContentProtectionPolicy(@UserIdInt int userId) {
+ synchronized (mLock) {
+ return mContentProtectionPolicy.get(userId, CONTENT_PROTECTION_DISABLED);
+ }
+ }
+
+ /** Update the content protection policy for the given user. */
+ public void setContentProtectionPolicy(@UserIdInt int userId, @Nullable Integer value) {
+ synchronized (mLock) {
+ if (value == null) {
+ mContentProtectionPolicy.delete(userId);
+ } else {
+ mContentProtectionPolicy.put(userId, value);
+ }
+ }
+ }
+
+ @Override
public boolean canAdminGrantSensorsPermissions() {
return mCanGrantSensorsPermissions.get();
}
@@ -178,6 +204,7 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache {
pw.println("Screen capture disallowed users: " + mScreenCaptureDisallowedUsers);
pw.println("Password quality: " + mPasswordQuality);
pw.println("Permission policy: " + mPermissionPolicy);
+ pw.println("Content protection policy: " + mContentProtectionPolicy);
pw.println("Admin can grant sensors permission: " + mCanGrantSensorsPermissions.get());
pw.print("Shortcuts overrides: ");
pw.println(mLauncherShortcutOverrides);
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 9c48f2991267..0f97f4a7cdc0 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3633,6 +3633,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
userId == UserHandle.USER_SYSTEM ? UserHandle.USER_ALL : userId);
updatePermissionPolicyCache(userId);
updateAdminCanGrantSensorsPermissionCache(userId);
+ updateContentProtectionPolicyCache(userId);
final List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs;
synchronized (getLockObject()) {
@@ -23534,6 +23535,12 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
}
+ private void updateContentProtectionPolicyCache(@UserIdInt int userId) {
+ mPolicyCache.setContentProtectionPolicy(
+ userId,
+ mDevicePolicyEngine.getResolvedPolicy(PolicyDefinition.CONTENT_PROTECTION, userId));
+ }
+
@Override
public ManagedSubscriptionsPolicy getManagedSubscriptionsPolicy() {
synchronized (getLockObject()) {
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java b/services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java
index 1247f900260a..71facab99fce 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java
@@ -359,7 +359,7 @@ final class PolicyDefinition<V> {
new NoArgsPolicyKey(DevicePolicyIdentifiers.CONTENT_PROTECTION_POLICY),
new MostRecent<>(),
POLICY_FLAG_LOCAL_ONLY_POLICY,
- (Integer value, Context context, Integer userId, PolicyKey policyKey) -> true,
+ PolicyEnforcerCallbacks::setContentProtectionPolicy,
new IntegerPolicySerializer());
private static final Map<String, PolicyDefinition<?>> POLICY_DEFINITIONS = new HashMap<>();
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java b/services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java
index 54242ab279b0..c108deaf33bc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java
@@ -18,6 +18,7 @@ package com.android.server.devicepolicy;
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.annotation.UserIdInt;
import android.app.AppGlobals;
import android.app.admin.DevicePolicyCache;
import android.app.admin.DevicePolicyManager;
@@ -282,6 +283,21 @@ final class PolicyEnforcerCallbacks {
return true;
}
+ static boolean setContentProtectionPolicy(
+ @Nullable Integer value,
+ @NonNull Context context,
+ @UserIdInt Integer userId,
+ @NonNull PolicyKey policyKey) {
+ Binder.withCleanCallingIdentity(
+ () -> {
+ DevicePolicyCache cache = DevicePolicyCache.getInstance();
+ if (cache instanceof DevicePolicyCacheImpl cacheImpl) {
+ cacheImpl.setContentProtectionPolicy(userId, value);
+ }
+ });
+ return true;
+ }
+
private static void updateScreenCaptureDisabled() {
BackgroundThread.getHandler().post(() -> {
try {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-10 13:48:34 +0000