diff options
5 files changed, 27 insertions, 23 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index 0ade5d2f27d2..62412b1de93a 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -6990,7 +6990,7 @@ public class DevicePolicyManager { throwIfParentInstance("isProfileOwnerApp"); if (mService != null) { try { - ComponentName profileOwner = mService.getProfileOwner(myUserId()); + ComponentName profileOwner = mService.getProfileOwnerAsUser(myUserId()); return profileOwner != null && profileOwner.getPackageName().equals(packageName); } catch (RemoteException re) { diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 60dce22f35e5..f4105e9b0373 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -156,7 +156,6 @@ interface IDevicePolicyManager { boolean setProfileOwner(in ComponentName who, String ownerName, int userHandle); ComponentName getProfileOwnerAsUser(int userHandle); - ComponentName getProfileOwner(int userHandle); ComponentName getProfileOwnerOrDeviceOwnerSupervisionComponent(in UserHandle userHandle); String getProfileOwnerName(int userHandle); void setProfileEnabled(in ComponentName who); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/CertificateMonitor.java b/services/devicepolicy/java/com/android/server/devicepolicy/CertificateMonitor.java index fdde4ea36583..d812b8f7fadb 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/CertificateMonitor.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/CertificateMonitor.java @@ -177,7 +177,7 @@ public class CertificateMonitor { int parentUserId = userHandle.getIdentifier(); - if (mService.getProfileOwner(userHandle.getIdentifier()) != null) { + if (mService.getProfileOwnerAsUser(userHandle.getIdentifier()) != null) { contentText = resources.getString(R.string.ssl_ca_cert_noti_managed, mService.getProfileOwnerName(userHandle.getIdentifier())); smallIconId = R.drawable.stat_sys_certificate_info; diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 10e03b3ccb1e..ae544956f0e7 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -3356,7 +3356,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { public boolean isSeparateProfileChallengeAllowed(int userHandle) { enforceSystemCaller("query separate challenge support"); - ComponentName profileOwner = getProfileOwner(userHandle); + ComponentName profileOwner = getProfileOwnerAsUser(userHandle); // Profile challenge is supported on N or newer release. return profileOwner != null && getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M; @@ -5290,7 +5290,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final UserHandle caller = mInjector.binderGetCallingUserHandle(); // If there is a profile owner, redirect to that; otherwise query the device owner. - ComponentName aliasChooser = getProfileOwner(caller.getIdentifier()); + ComponentName aliasChooser = getProfileOwnerAsUser(caller.getIdentifier()); if (aliasChooser == null && caller.isSystem()) { synchronized (getLockObject()) { final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); @@ -7346,7 +7346,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } public boolean isProfileOwner(ComponentName who, int userId) { - final ComponentName profileOwner = getProfileOwner(userId); + final ComponentName profileOwner = getProfileOwnerAsUser(userId); return who != null && who.equals(profileOwner); } @@ -7357,7 +7357,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { */ public boolean isProfileOwner(CallerIdentity caller) { synchronized (getLockObject()) { - final ComponentName profileOwner = getProfileOwner(caller.getUserId()); + final ComponentName profileOwner = getProfileOwnerAsUser(caller.getUserId()); // No profile owner. if (profileOwner == null) { return false; @@ -7958,19 +7958,14 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override public ComponentName getProfileOwnerAsUser(int userHandle) { + if (!mHasFeature) { + return null; + } Preconditions.checkArgumentNonnegative(userHandle, "Invalid userId"); final CallerIdentity caller = getCallerIdentity(); Preconditions.checkCallAuthorization(hasCrossUsersPermission(caller, userHandle)); - return getProfileOwner(userHandle); - } - - @Override - public ComponentName getProfileOwner(int userHandle) { - if (!mHasFeature) { - return null; - } synchronized (getLockObject()) { return mOwners.getProfileOwnerComponent(userHandle); } @@ -8013,9 +8008,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return mInjector.binderWithCleanCallingIdentity(() -> { for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { if (userInfo.isManagedProfile()) { - if (getProfileOwner(userInfo.id) != null + if (getProfileOwnerAsUser(userInfo.id) != null && isProfileOwnerOfOrganizationOwnedDevice(userInfo.id)) { - ComponentName who = getProfileOwner(userInfo.id); + ComponentName who = getProfileOwnerAsUser(userInfo.id); return getActiveAdminUncheckedLocked(who, userInfo.id); } } @@ -8062,7 +8057,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())); - ComponentName profileOwner = getProfileOwner(userHandle); + ComponentName profileOwner = getProfileOwnerAsUser(userHandle); if (profileOwner == null) { return null; } @@ -8366,7 +8361,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return false; } - final ComponentName profileOwner = getProfileOwner(userId); + final ComponentName profileOwner = getProfileOwnerAsUser(userId); if (profileOwner == null) { return false; } @@ -12050,7 +12045,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { // Managed-profiles cannot be setup on the system user. return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; } - if (getProfileOwner(callingUserId) != null) { + if (getProfileOwnerAsUser(callingUserId) != null) { // Managed user cannot have a managed profile. return CODE_USER_HAS_PROFILE_OWNER; } @@ -12727,7 +12722,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return true; } - final ComponentName profileOwner = getProfileOwner(userId); + final ComponentName profileOwner = getProfileOwnerAsUser(userId); if (profileOwner == null) { return false; } @@ -12936,7 +12931,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final int userId = caller.getUserId(); enforceUserUnlocked(userId); - final ComponentName profileOwner = getProfileOwner(userId); + final ComponentName profileOwner = getProfileOwnerAsUser(userId); if (profileOwner != null && packageName.equals(profileOwner.getPackageName())) { throw new IllegalArgumentException("Cannot uninstall a package with a profile owner"); } @@ -14516,7 +14511,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final List<ActiveAdmin> admins = new ArrayList<>(); int[] users = mUserManager.getProfileIdsWithDisabled(UserHandle.getCallingUserId()); for (int i = 0; i < users.length; i++) { - final ComponentName componentName = getProfileOwner(users[i]); + final ComponentName componentName = getProfileOwnerAsUser(users[i]); if (componentName != null) { ActiveAdmin admin = getActiveAdminUncheckedLocked(componentName, users[i]); if (admin != null) { diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java index 8d7bc16fcf56..77e16769d905 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java @@ -674,6 +674,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { @Test public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() { mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS); + mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); // Add admin1. @@ -2748,6 +2749,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS); mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS); mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL); + mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); // Check that the system user is unaffiliated. mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; @@ -4363,6 +4365,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { @Test public void testGetBindDeviceAdminTargetUsers() throws Exception { + mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); + // Setup device owner. mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID; setupDeviceOwner(); @@ -6263,6 +6267,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { @Test public void testGetAllCrossProfilePackages_notSet_returnsEmpty() throws Exception { + mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); addManagedProfile(admin1, mServiceContext.binder.callingUid, admin1); mContext.packageName = admin1.getPackageName(); @@ -6275,6 +6280,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { @Test public void testGetAllCrossProfilePackages_notSet_dpmsReinitialized_returnsEmpty() throws Exception { + mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); addManagedProfile(admin1, mServiceContext.binder.callingUid, admin1); mContext.packageName = admin1.getPackageName(); @@ -6287,6 +6293,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { @Test public void testGetAllCrossProfilePackages_whenSet_returnsCombinedSet() throws Exception { + mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); addManagedProfile(admin1, mServiceContext.binder.callingUid, admin1); final Set<String> packages = Sets.newSet("TEST_PACKAGE", "TEST_COMMON_PACKAGE"); mContext.packageName = admin1.getPackageName(); @@ -6303,6 +6310,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { @Test public void testGetAllCrossProfilePackages_whenSet_dpmsReinitialized_returnsCombinedSet() throws Exception { + mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); addManagedProfile(admin1, mServiceContext.binder.callingUid, admin1); final Set<String> packages = Sets.newSet("TEST_PACKAGE", "TEST_COMMON_PACKAGE"); mContext.packageName = admin1.getPackageName(); @@ -6483,6 +6491,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { @Test public void testSetAccountTypesWithManagementDisabledOnOrgOwnedManagedProfile() throws Exception { + mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS); + final int managedProfileUserId = 15; final int managedProfileAdminUid = UserHandle.getUid(managedProfileUserId, 19436); |