diff options
7 files changed, 220 insertions, 54 deletions
diff --git a/core/java/android/os/IUserManager.aidl b/core/java/android/os/IUserManager.aidl index b5bbbbb7717f..c71d6cc00e54 100644 --- a/core/java/android/os/IUserManager.aidl +++ b/core/java/android/os/IUserManager.aidl @@ -56,7 +56,6 @@ interface IUserManager { Bundle getUserRestrictions(int userHandle); boolean hasUserRestriction(in String restrictionKey, int userHandle); void setUserRestriction(String key, boolean value, int userId); - void setSystemControlledUserRestriction(String key, boolean value, int userId); void setApplicationRestrictions(in String packageName, in Bundle restrictions, int userHandle); Bundle getApplicationRestrictions(in String packageName); diff --git a/services/core/java/com/android/server/audio/AudioService.java b/services/core/java/com/android/server/audio/AudioService.java index fe9fe50669f1..75886aa44049 100644 --- a/services/core/java/com/android/server/audio/AudioService.java +++ b/services/core/java/com/android/server/audio/AudioService.java @@ -5151,12 +5151,12 @@ public class AudioService extends IAudioService.Stub { UserInfo userInfo = UserManagerService.getInstance().getUserInfo(userId); killBackgroundUserProcessesWithRecordAudioPermission(userInfo); } - UserManagerService.getInstance().setSystemControlledUserRestriction( + UserManagerService.getInstance().setUserRestriction( UserManager.DISALLOW_RECORD_AUDIO, true, userId); } else if (action.equals(Intent.ACTION_USER_FOREGROUND)) { // Enable audio recording for foreground user/profile int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, -1); - UserManagerService.getInstance().setSystemControlledUserRestriction( + UserManagerService.getInstance().setUserRestriction( UserManager.DISALLOW_RECORD_AUDIO, false, userId); } } diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java index b3c40d36185c..558ea588238a 100644 --- a/services/core/java/com/android/server/pm/UserManagerService.java +++ b/services/core/java/com/android/server/pm/UserManagerService.java @@ -781,18 +781,6 @@ public class UserManagerService extends IUserManager.Stub { @Override public void setUserRestriction(String key, boolean value, int userId) { checkManageUsersPermission("setUserRestriction"); - if (!UserRestrictionsUtils.isSystemControlled(key)) { - setUserRestrictionNoCheck(key, value, userId); - } - } - - @Override - public void setSystemControlledUserRestriction(String key, boolean value, int userId) { - checkSystemOrRoot("setSystemControlledUserRestriction"); - setUserRestrictionNoCheck(key, value, userId); - } - - private void setUserRestrictionNoCheck(String key, boolean value, int userId) { synchronized (mRestrictionsLock) { // Note we can't modify Bundles stored in mBaseUserRestrictions directly, so create // a copy. diff --git a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java index 129cbd3711af..85453a8fbd8b 100644 --- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java +++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java @@ -50,7 +50,7 @@ public class UserRestrictionsUtils { private UserRestrictionsUtils() { } - public static final String[] USER_RESTRICTIONS = { + public static final Set<String> USER_RESTRICTIONS = Sets.newArraySet( UserManager.DISALLOW_CONFIG_WIFI, UserManager.DISALLOW_MODIFY_ACCOUNTS, UserManager.DISALLOW_INSTALL_APPS, @@ -84,14 +84,7 @@ public class UserRestrictionsUtils { UserManager.DISALLOW_SAFE_BOOT, UserManager.ALLOW_PARENT_PROFILE_APP_LINKING, UserManager.DISALLOW_RECORD_AUDIO, - UserManager.DISALLOW_CAMERA, - }; - - /** - * Set of user restrictions, which can only be enforced by the system. - */ - public static final Set<String> SYSTEM_CONTROLLED_USER_RESTRICTIONS = Sets.newArraySet( - UserManager.DISALLOW_RECORD_AUDIO + UserManager.DISALLOW_CAMERA ); /** @@ -143,11 +136,17 @@ public class UserRestrictionsUtils { } serializer.startTag(null, tag); - for (String key : USER_RESTRICTIONS) { - if (restrictions.getBoolean(key) - && !NON_PERSIST_USER_RESTRICTIONS.contains(key)) { - serializer.attribute(null, key, "true"); + for (String key : restrictions.keySet()) { + if (NON_PERSIST_USER_RESTRICTIONS.contains(key)) { + continue; // Don't persist. + } + if (USER_RESTRICTIONS.contains(key)) { + if (restrictions.getBoolean(key)) { + serializer.attribute(null, key, "true"); + } + continue; } + Log.w(TAG, "Unknown user restriction detected: " + key); } serializer.endTag(null, tag); } @@ -198,14 +197,6 @@ public class UserRestrictionsUtils { } /** - * @return true if a restriction is "system controlled"; i.e. can not be overwritten via - * {@link UserManager#setUserRestriction}. - */ - public static boolean isSystemControlled(String restriction) { - return SYSTEM_CONTROLLED_USER_RESTRICTIONS.contains(restriction); - } - - /** * @return true if a restriction is settable by device owner. */ public static boolean canDeviceOwnerChange(String restriction) { diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 92d2324bcb7b..4b855ed92f29 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -1386,11 +1386,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } migrated = true; - // Migrate user 0 restrictions to DO, except for "system" restrictions. + // Migrate user 0 restrictions to DO. final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin, - /* exceptionList =*/ UserRestrictionsUtils.SYSTEM_CONTROLLED_USER_RESTRICTIONS); + /* exceptionList =*/ null); // Push DO user restrictions to user manager. pushUserRestrictions(UserHandle.USER_SYSTEM); @@ -1402,7 +1402,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final Set<String> normalExceptionList = Sets.newArraySet( UserManager.DISALLOW_OUTGOING_CALLS, UserManager.DISALLOW_SMS); - normalExceptionList.addAll(UserRestrictionsUtils.SYSTEM_CONTROLLED_USER_RESTRICTIONS); final Set<String> managedExceptionList = new ArraySet<>(normalExceptionList.size() + 1); managedExceptionList.addAll(normalExceptionList); @@ -1446,15 +1445,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions( user.getIdentifier()); - final Bundle newSystemRestrictions = new Bundle(); + final Bundle newBaseRestrictions = new Bundle(); final Bundle newOwnerRestrictions = new Bundle(); for (String key : origRestrictions.keySet()) { if (!origRestrictions.getBoolean(key)) { continue; } - if (exceptionList.contains(key)) { - newSystemRestrictions.putBoolean(key, true); + if (exceptionList!= null && exceptionList.contains(key)) { + newBaseRestrictions.putBoolean(key, true); } else { newOwnerRestrictions.putBoolean(key, true); } @@ -1462,11 +1461,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (VERBOSE_LOG) { Log.v(LOG_TAG, "origRestrictions=" + origRestrictions); - Log.v(LOG_TAG, "newSystemRestrictions=" + newSystemRestrictions); + Log.v(LOG_TAG, "newBaseRestrictions=" + newBaseRestrictions); Log.v(LOG_TAG, "newOwnerRestrictions=" + newOwnerRestrictions); } mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(), - newSystemRestrictions); + newBaseRestrictions); if (admin != null) { admin.ensureUserRestrictions().clear(); diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java index dfa9f8f383c5..f32f2096b592 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java @@ -145,16 +145,13 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { // Check the new base restrictions. DpmTestUtils.assertRestrictions( - DpmTestUtils.newRestrictions( - UserManager.DISALLOW_RECORD_AUDIO - ), + DpmTestUtils.newRestrictions(), newBaseRestrictions.get(UserHandle.USER_SYSTEM)); DpmTestUtils.assertRestrictions( DpmTestUtils.newRestrictions( UserManager.DISALLOW_SMS, - UserManager.DISALLOW_OUTGOING_CALLS, - UserManager.DISALLOW_RECORD_AUDIO + UserManager.DISALLOW_OUTGOING_CALLS ), newBaseRestrictions.get(10)); @@ -162,28 +159,30 @@ public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { DpmTestUtils.newRestrictions( UserManager.DISALLOW_SMS, UserManager.DISALLOW_OUTGOING_CALLS, - UserManager.DISALLOW_WALLPAPER, - UserManager.DISALLOW_RECORD_AUDIO + UserManager.DISALLOW_WALLPAPER ), newBaseRestrictions.get(11)); // Check the new owner restrictions. DpmTestUtils.assertRestrictions( DpmTestUtils.newRestrictions( - UserManager.DISALLOW_ADD_USER + UserManager.DISALLOW_ADD_USER, + UserManager.DISALLOW_RECORD_AUDIO ), dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()); DpmTestUtils.assertRestrictions( DpmTestUtils.newRestrictions( UserManager.DISALLOW_REMOVE_USER, - UserManager.DISALLOW_WALLPAPER + UserManager.DISALLOW_WALLPAPER, + UserManager.DISALLOW_RECORD_AUDIO ), dpms.getProfileOwnerAdminLocked(10).ensureUserRestrictions()); DpmTestUtils.assertRestrictions( DpmTestUtils.newRestrictions( - UserManager.DISALLOW_REMOVE_USER + UserManager.DISALLOW_REMOVE_USER, + UserManager.DISALLOW_RECORD_AUDIO ), dpms.getProfileOwnerAdminLocked(11).ensureUserRestrictions()); } diff --git a/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java b/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java new file mode 100644 index 000000000000..5542a4fe2d8d --- /dev/null +++ b/services/tests/servicestests/src/com/android/server/pm/UserRestrictionsUtilsTest.java @@ -0,0 +1,190 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.pm; + +import com.android.server.devicepolicy.DpmTestUtils; + +import android.os.Bundle; +import android.os.UserManager; +import android.test.AndroidTestCase; +import android.test.MoreAsserts; + +/** + * Tests for {@link com.android.server.pm.UserRestrictionsUtils}. + * + * <p>Run with:<pre> + m FrameworksServicesTests && + adb install \ + -r out/target/product/hammerhead/data/app/FrameworksServicesTests/FrameworksServicesTests.apk && + adb shell am instrument -e class com.android.server.pm.UserRestrictionsUtilsTest \ + -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner + * </pre> + */ +public class UserRestrictionsUtilsTest extends AndroidTestCase { + public void testNonNull() { + Bundle out = UserRestrictionsUtils.nonNull(null); + assertNotNull(out); + out.putBoolean("a", true); // Should not be Bundle.EMPTY. + + Bundle in = new Bundle(); + assertSame(in, UserRestrictionsUtils.nonNull(in)); + } + + public void testIsEmpty() { + assertTrue(UserRestrictionsUtils.isEmpty(null)); + assertTrue(UserRestrictionsUtils.isEmpty(new Bundle())); + assertFalse(UserRestrictionsUtils.isEmpty(DpmTestUtils.newRestrictions("a"))); + } + + public void testClone() { + Bundle in = new Bundle(); + Bundle out = UserRestrictionsUtils.clone(in); + assertNotSame(in, out); + DpmTestUtils.assertRestrictions(out, new Bundle()); + + out = UserRestrictionsUtils.clone(null); + assertNotNull(out); + out.putBoolean("a", true); // Should not be Bundle.EMPTY. + } + + public void testMerge() { + Bundle a = DpmTestUtils.newRestrictions("a", "d"); + Bundle b = DpmTestUtils.newRestrictions("b", "d", "e"); + + UserRestrictionsUtils.merge(a, b); + + DpmTestUtils.assertRestrictions(DpmTestUtils.newRestrictions("a", "b", "d", "e"), a); + + UserRestrictionsUtils.merge(a, null); + + DpmTestUtils.assertRestrictions(DpmTestUtils.newRestrictions("a", "b", "d", "e"), a); + + try { + UserRestrictionsUtils.merge(a, a); + fail(); + } catch (IllegalArgumentException expected) { + } + } + + public void testCanDeviceOwnerChange() { + assertFalse(UserRestrictionsUtils.canDeviceOwnerChange(UserManager.DISALLOW_RECORD_AUDIO)); + assertFalse(UserRestrictionsUtils.canDeviceOwnerChange(UserManager.DISALLOW_WALLPAPER)); + assertTrue(UserRestrictionsUtils.canDeviceOwnerChange(UserManager.DISALLOW_ADD_USER)); + } + + public void testCanProfileOwnerChange() { + assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_RECORD_AUDIO)); + assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_WALLPAPER)); + assertFalse(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_ADD_USER)); + assertTrue(UserRestrictionsUtils.canProfileOwnerChange(UserManager.DISALLOW_ADJUST_VOLUME)); + } + + public void testSortToGlobalAndLocal() { + final Bundle local = new Bundle(); + final Bundle global = new Bundle(); + + UserRestrictionsUtils.sortToGlobalAndLocal(null, global, local); + assertEquals(0, global.size()); + assertEquals(0, local.size()); + + UserRestrictionsUtils.sortToGlobalAndLocal(Bundle.EMPTY, global, local); + assertEquals(0, global.size()); + assertEquals(0, local.size()); + + UserRestrictionsUtils.sortToGlobalAndLocal(DpmTestUtils.newRestrictions( + UserManager.DISALLOW_ADJUST_VOLUME, + UserManager.DISALLOW_UNMUTE_MICROPHONE, + UserManager.DISALLOW_USB_FILE_TRANSFER, + UserManager.DISALLOW_CONFIG_TETHERING, + UserManager.DISALLOW_OUTGOING_BEAM, + UserManager.DISALLOW_APPS_CONTROL + ), global, local); + + + DpmTestUtils.assertRestrictions(DpmTestUtils.newRestrictions( + // These can be set by PO too, but when DO sets them, they're global. + UserManager.DISALLOW_ADJUST_VOLUME, + UserManager.DISALLOW_UNMUTE_MICROPHONE, + + // These can only be set by DO. + UserManager.DISALLOW_USB_FILE_TRANSFER, + UserManager.DISALLOW_CONFIG_TETHERING + ), global); + + DpmTestUtils.assertRestrictions(DpmTestUtils.newRestrictions( + // They can be set by both DO/PO. + UserManager.DISALLOW_OUTGOING_BEAM, + UserManager.DISALLOW_APPS_CONTROL + ), local); + } + + public void testAreEqual() { + assertTrue(UserRestrictionsUtils.areEqual( + null, + null)); + + assertTrue(UserRestrictionsUtils.areEqual( + null, + Bundle.EMPTY)); + + assertTrue(UserRestrictionsUtils.areEqual( + Bundle.EMPTY, + null)); + + assertTrue(UserRestrictionsUtils.areEqual( + Bundle.EMPTY, + Bundle.EMPTY)); + + assertTrue(UserRestrictionsUtils.areEqual( + new Bundle(), + Bundle.EMPTY)); + + assertFalse(UserRestrictionsUtils.areEqual( + null, + DpmTestUtils.newRestrictions("a"))); + + assertFalse(UserRestrictionsUtils.areEqual( + DpmTestUtils.newRestrictions("a"), + null)); + + assertTrue(UserRestrictionsUtils.areEqual( + DpmTestUtils.newRestrictions("a"), + DpmTestUtils.newRestrictions("a"))); + + assertFalse(UserRestrictionsUtils.areEqual( + DpmTestUtils.newRestrictions("a"), + DpmTestUtils.newRestrictions("a", "b"))); + + assertFalse(UserRestrictionsUtils.areEqual( + DpmTestUtils.newRestrictions("a", "b"), + DpmTestUtils.newRestrictions("a"))); + + assertFalse(UserRestrictionsUtils.areEqual( + DpmTestUtils.newRestrictions("b", "a"), + DpmTestUtils.newRestrictions("a", "a"))); + + // Make sure false restrictions are handled correctly. + final Bundle a = DpmTestUtils.newRestrictions("a"); + a.putBoolean("b", true); + + final Bundle b = DpmTestUtils.newRestrictions("a"); + b.putBoolean("b", false); + + assertFalse(UserRestrictionsUtils.areEqual(a, b)); + assertFalse(UserRestrictionsUtils.areEqual(b, a)); + } +} |