diff options
4 files changed, 91 insertions, 21 deletions
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index ada703b8367a..36a9c4c4b651 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -13270,7 +13270,8 @@ public class DevicePolicyManager { return null; } try { - return mService.createAndProvisionManagedProfile(provisioningParams); + return mService.createAndProvisionManagedProfile( + provisioningParams, mContext.getPackageName()); } catch (ServiceSpecificException e) { throw new ProvisioningException(e, e.errorCode); } catch (RemoteException e) { @@ -13301,7 +13302,7 @@ public class DevicePolicyManager { throws ProvisioningException { if (mService != null) { try { - mService.provisionFullyManagedDevice(provisioningParams); + mService.provisionFullyManagedDevice(provisioningParams, mContext.getPackageName()); } catch (ServiceSpecificException e) { throw new ProvisioningException(e, e.errorCode); } catch (RemoteException re) { diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 3765a67b9c8a..00f9b34f6a6a 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -496,6 +496,6 @@ interface IDevicePolicyManager { String getEnrollmentSpecificId(String callerPackage); void setOrganizationIdForUser(in String callerPackage, in String enterpriseId, int userId); - UserHandle createAndProvisionManagedProfile(in ManagedProfileProvisioningParams provisioningParams); - void provisionFullyManagedDevice(in FullyManagedDeviceProvisioningParams provisioningParams); + UserHandle createAndProvisionManagedProfile(in ManagedProfileProvisioningParams provisioningParams, in String callerPackage); + void provisionFullyManagedDevice(in FullyManagedDeviceProvisioningParams provisioningParams, in String callerPackage); } diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java b/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java index 1194099c1145..11e4db503ec5 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java @@ -120,11 +120,11 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub { @NonNull String callerPackage, @NonNull String enterpriseId, int userId) {} public UserHandle createAndProvisionManagedProfile( - @NonNull ManagedProfileProvisioningParams provisioningParams) { + @NonNull ManagedProfileProvisioningParams provisioningParams, String callerPackage) { return null; } public void provisionFullyManagedDevice( - FullyManagedDeviceProvisioningParams provisioningParams) { + FullyManagedDeviceProvisioningParams provisioningParams, String callerPackage) { } } diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index c3bb757634c2..09123c61365c 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -130,6 +130,7 @@ import android.accounts.AccountManager; import android.accounts.AccountManagerFuture; import android.accounts.AuthenticatorException; import android.accounts.OperationCanceledException; +import android.annotation.IntDef; import android.annotation.NonNull; import android.annotation.Nullable; import android.annotation.UserIdInt; @@ -560,6 +561,21 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.Q) private static final long USE_SET_LOCATION_ENABLED = 117835097L; + // Only add to the end of the list. Do not change or rearrange these values, that will break + // historical data. Do not use negative numbers or zero, logger only handles positive + // integers. + private static final int COPY_ACCOUNT_SUCCEEDED = 1; + private static final int COPY_ACCOUNT_FAILED = 2; + private static final int COPY_ACCOUNT_TIMED_OUT = 3; + private static final int COPY_ACCOUNT_EXCEPTION = 4; + + @IntDef({ + COPY_ACCOUNT_SUCCEEDED, + COPY_ACCOUNT_FAILED, + COPY_ACCOUNT_TIMED_OUT, + COPY_ACCOUNT_EXCEPTION}) + private @interface CopyAccountStatus {} + /** * Admin apps targeting Android S+ may not use * {@link android.app.admin.DevicePolicyManager#setPasswordQuality} to set password quality @@ -16006,11 +16022,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override public UserHandle createAndProvisionManagedProfile( - @NonNull ManagedProfileProvisioningParams provisioningParams) { + @NonNull ManagedProfileProvisioningParams provisioningParams, + @NonNull String callerPackage) { final ComponentName admin = provisioningParams.getProfileAdminComponentName(); Objects.requireNonNull(admin, "admin is null"); - final CallerIdentity caller = getCallerIdentity(); + final CallerIdentity caller = getCallerIdentity(callerPackage); Preconditions.checkCallAuthorization( hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)); @@ -16025,6 +16042,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { "Provisioning preconditions failed with result: " + result); } + final long startTime = SystemClock.elapsedRealtime(); final Set<String> nonRequiredApps = provisioningParams.isLeaveAllSystemAppsEnabled() ? Collections.emptySet() : mOverlayPackagesProvider.getNonRequiredApps( @@ -16041,8 +16059,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { "Error creating profile, createProfileForUserEvenWhenDisallowed " + "returned null."); } - resetInteractAcrossProfilesAppOps(); + logEventDuration( + DevicePolicyEnums.PLATFORM_PROVISIONING_CREATE_PROFILE_MS, + startTime, + callerPackage); + installExistingAdminPackage(userInfo.id, admin.getPackageName()); if (!enableAdminAndSetProfileOwner( userInfo.id, caller.getUserId(), admin, provisioningParams.getOwnerName())) { @@ -16052,10 +16074,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } setUserSetupComplete(userInfo.id); - startUser(userInfo.id); + startUser(userInfo.id, callerPackage); maybeMigrateAccount( userInfo.id, caller.getUserId(), provisioningParams.getAccountToMigrate(), - provisioningParams.isKeepAccountMigrated()); + provisioningParams.isKeepAccountMigrated(), callerPackage); if (provisioningParams.isOrganizationOwnedProvisioning()) { markIsProfileOwnerOnOrganizationOwnedDevice(admin, userInfo.id); @@ -16073,7 +16095,11 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { return userInfo.getUserHandle(); } catch (Exception e) { - // in case of any errors during provisioning, remove the newly created profile. + DevicePolicyEventLogger + .createEvent(DevicePolicyEnums.PLATFORM_PROVISIONING_ERROR) + .setStrings(callerPackage) + .write(); + // In case of any errors during provisioning, remove the newly created profile. if (userInfo != null) { mUserManager.removeUserEvenWhenDisallowed(userInfo.id); } @@ -16178,7 +16204,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { mContext.getContentResolver(), USER_SETUP_COMPLETE, 1, userId); } - private void startUser(@UserIdInt int userId) throws IllegalStateException { + private void startUser(@UserIdInt int userId, String callerPackage) + throws IllegalStateException { + final long startTime = SystemClock.elapsedRealtime(); final UserUnlockedBlockingReceiver unlockedReceiver = new UserUnlockedBlockingReceiver( userId); mContext.registerReceiverAsUser( @@ -16197,6 +16225,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { throw new ServiceSpecificException(PROVISIONING_RESULT_STARTING_PROFILE_FAILED, String.format("Timeout whilst waiting for unlock of user %d.", userId)); } + logEventDuration( + DevicePolicyEnums.PLATFORM_PROVISIONING_START_PROFILE_MS, + startTime, + callerPackage); } catch (RemoteException e) { // Shouldn't happen. } finally { @@ -16204,9 +16236,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { } } - void maybeMigrateAccount( + private void maybeMigrateAccount( @UserIdInt int targetUserId, @UserIdInt int sourceUserId, Account accountToMigrate, - boolean keepAccountMigrated) { + boolean keepAccountMigrated, String callerPackage) { final UserHandle sourceUser = UserHandle.of(sourceUserId); final UserHandle targetUser = UserHandle.of(targetUserId); if (accountToMigrate == null) { @@ -16217,13 +16249,16 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { Slog.w(LOG_TAG, "sourceUser and targetUser are the same, won't migrate account."); return; } - copyAccount(targetUser, sourceUser, accountToMigrate); + copyAccount(targetUser, sourceUser, accountToMigrate, callerPackage); if (!keepAccountMigrated) { removeAccount(accountToMigrate); } } - void copyAccount(UserHandle targetUser, UserHandle sourceUser, Account accountToMigrate) { + private void copyAccount( + UserHandle targetUser, UserHandle sourceUser, Account accountToMigrate, + String callerPackage) { + final long startTime = SystemClock.elapsedRealtime(); try { final AccountManager accountManager = mContext.getSystemService(AccountManager.class); final boolean copySucceeded = accountManager.copyAccountToUser( @@ -16232,16 +16267,35 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { targetUser, /* callback= */ null, /* handler= */ null) .getResult(60 * 3, TimeUnit.SECONDS); - if (!copySucceeded) { + if (copySucceeded) { + logCopyAccountStatus(COPY_ACCOUNT_SUCCEEDED, callerPackage); + logEventDuration( + DevicePolicyEnums.PLATFORM_PROVISIONING_COPY_ACCOUNT_MS, + startTime, + callerPackage); + } else { + logCopyAccountStatus(COPY_ACCOUNT_FAILED, callerPackage); Slog.e(LOG_TAG, "Failed to copy account to " + targetUser); } - } catch (OperationCanceledException | AuthenticatorException | IOException e) { + } catch (OperationCanceledException e) { // Account migration is not considered a critical operation. + logCopyAccountStatus(COPY_ACCOUNT_TIMED_OUT, callerPackage); + Slog.e(LOG_TAG, "Exception copying account to " + targetUser, e); + } catch (AuthenticatorException | IOException e) { + logCopyAccountStatus(COPY_ACCOUNT_EXCEPTION, callerPackage); Slog.e(LOG_TAG, "Exception copying account to " + targetUser, e); } } - void removeAccount(Account account) { + private static void logCopyAccountStatus(@CopyAccountStatus int status, String callerPackage) { + DevicePolicyEventLogger + .createEvent(DevicePolicyEnums.PLATFORM_PROVISIONING_COPY_ACCOUNT_STATUS) + .setInt(status) + .setStrings(callerPackage) + .write(); + } + + private void removeAccount(Account account) { final AccountManager accountManager = mContext.getSystemService(AccountManager.class); final AccountManagerFuture<Bundle> bundle = accountManager.removeAccount(account, @@ -16287,7 +16341,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override public void provisionFullyManagedDevice( - FullyManagedDeviceProvisioningParams provisioningParams) { + FullyManagedDeviceProvisioningParams provisioningParams, String callerPackage) { ComponentName deviceAdmin = provisioningParams.getDeviceAdminComponentName(); Objects.requireNonNull(deviceAdmin, "admin is null."); @@ -16336,6 +16390,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { .setPackage(getManagedProvisioningPackage(mContext)) .addFlags(Intent.FLAG_RECEIVER_FOREGROUND); mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM); + } catch (Exception e) { + DevicePolicyEventLogger + .createEvent(DevicePolicyEnums.PLATFORM_PROVISIONING_ERROR) + .setStrings(callerPackage) + .write(); + throw e; } finally { Binder.restoreCallingIdentity(identity); } @@ -16414,4 +16474,13 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { enableAndSetActiveAdmin(userId, userId, adminComponent); return setDeviceOwner(adminComponent, name, userId); } + + private static void logEventDuration(int eventId, long startTime, String callerPackage) { + final long duration = SystemClock.elapsedRealtime() - startTime; + DevicePolicyEventLogger + .createEvent(eventId) + .setTimePeriod(duration) + .setStrings(callerPackage) + .write(); + } } |