summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java24
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java31
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java196
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/EnforcingAdmin.java55
4 files changed, 63 insertions, 243 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java b/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
index 76d16e19e774..a81a0b3251c8 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/ActiveAdmin.java
@@ -73,9 +73,6 @@ import java.util.stream.Collectors;
class ActiveAdmin {
- private final int userId;
- public final boolean isPermissionBased;
-
private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features";
private static final String TAG_TEST_ONLY_ADMIN = "test-only-admin";
private static final String TAG_DISABLE_CAMERA = "disable-camera";
@@ -364,23 +361,8 @@ class ActiveAdmin {
private static final int PROVISIONING_CONTEXT_LENGTH_LIMIT = 1000;
ActiveAdmin(DeviceAdminInfo info, boolean isParent) {
- this.userId = -1;
this.info = info;
this.isParent = isParent;
- this.isPermissionBased = false;
- }
-
- ActiveAdmin(int userId, boolean permissionBased) {
- if (Flags.activeAdminCleanup()) {
- throw new UnsupportedOperationException("permission based admin no longer supported");
- }
- if (permissionBased == false) {
- throw new IllegalArgumentException("Can only pass true for permissionBased admin");
- }
- this.userId = userId;
- this.isPermissionBased = permissionBased;
- this.isParent = false;
- this.info = null;
}
ActiveAdmin getParentActiveAdmin() {
@@ -397,16 +379,10 @@ class ActiveAdmin {
}
int getUid() {
- if (isPermissionBased) {
- return -1;
- }
return info.getActivityInfo().applicationInfo.uid;
}
public UserHandle getUserHandle() {
- if (isPermissionBased) {
- return UserHandle.of(userId);
- }
return UserHandle.of(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid));
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java
index c937e10a28ce..89c8b560ea95 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyData.java
@@ -21,7 +21,6 @@ import android.annotation.Nullable;
import android.annotation.UserIdInt;
import android.app.admin.DeviceAdminInfo;
import android.app.admin.DevicePolicyManager;
-import android.app.admin.flags.Flags;
import android.content.ComponentName;
import android.os.FileUtils;
import android.os.PersistableBundle;
@@ -125,24 +124,6 @@ class DevicePolicyData {
final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>();
final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>();
- /**
- * @deprecated Do not use. Policies set by permission holders must go into DevicePolicyEngine.
- */
- @Deprecated
- ActiveAdmin mPermissionBasedAdmin;
-
- // Create or get the permission-based admin. The permission-based admin will not have a
- // DeviceAdminInfo or ComponentName.
- ActiveAdmin createOrGetPermissionBasedAdmin(int userId) {
- if (Flags.activeAdminCleanup()) {
- throw new UnsupportedOperationException("permission based admin no longer supported");
- }
- if (mPermissionBasedAdmin == null) {
- mPermissionBasedAdmin = new ActiveAdmin(userId, /* permissionBased= */ true);
- }
- return mPermissionBasedAdmin;
- }
-
// TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead.
final ArraySet<String> mAcceptedCaCertificates = new ArraySet<>();
@@ -282,12 +263,6 @@ class DevicePolicyData {
}
}
- if (!Flags.activeAdminCleanup() && policyData.mPermissionBasedAdmin != null) {
- out.startTag(null, "permission-based-admin");
- policyData.mPermissionBasedAdmin.writeToXml(out);
- out.endTag(null, "permission-based-admin");
- }
-
if (policyData.mPasswordOwner >= 0) {
out.startTag(null, "password-owner");
out.attributeInt(null, "value", policyData.mPasswordOwner);
@@ -495,7 +470,6 @@ class DevicePolicyData {
policy.mLockTaskPackages.clear();
policy.mAdminList.clear();
policy.mAdminMap.clear();
- policy.mPermissionBasedAdmin = null;
policy.mAffiliationIds.clear();
policy.mOwnerInstalledCaCerts.clear();
policy.mUserControlDisabledPackages = null;
@@ -523,11 +497,6 @@ class DevicePolicyData {
} catch (RuntimeException e) {
Slogf.w(TAG, e, "Failed loading admin %s", name);
}
- } else if (!Flags.activeAdminCleanup() && "permission-based-admin".equals(tag)) {
-
- ActiveAdmin ap = new ActiveAdmin(policy.mUserId, /* permissionBased= */ true);
- ap.readFromXml(parser, /* overwritePolicies= */ false);
- policy.mPermissionBasedAdmin = ap;
} else if ("delegation".equals(tag)) {
// Parse delegation info.
final String delegatePackage = parser.getAttributeValue(null,
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 0ce25db6ea55..9bd93d30e794 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3448,8 +3448,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
EnforcingAdmin enforcingAdmin =
EnforcingAdmin.createEnterpriseEnforcingAdmin(
admin.info.getComponent(),
- admin.getUserHandle().getIdentifier(),
- admin);
+ admin.getUserHandle().getIdentifier()
+ );
mDevicePolicyEngine.setGlobalPolicy(
PolicyDefinition.SECURITY_LOGGING,
enforcingAdmin,
@@ -3692,8 +3692,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
int userId = admin.getUserHandle().getIdentifier();
EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
admin.info.getComponent(),
- userId,
- admin);
+ userId
+ );
Integer passwordComplexity = mDevicePolicyEngine.getLocalPolicySetByAdmin(
PolicyDefinition.PASSWORD_COMPLEXITY,
@@ -3985,8 +3985,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
final int N = admins.size();
for (int i = 0; i < N; i++) {
ActiveAdmin admin = admins.get(i);
- if (((!Flags.activeAdminCleanup() && admin.isPermissionBased)
- || admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD))
+ if ((admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD))
&& admin.passwordExpirationTimeout > 0L
&& now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS
&& admin.passwordExpirationDate > 0L) {
@@ -4167,10 +4166,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
EnforcingAdmin oldAdmin =
EnforcingAdmin.createEnterpriseEnforcingAdmin(
- outgoingReceiver, userHandle, adminToTransfer);
+ outgoingReceiver, userHandle);
EnforcingAdmin newAdmin =
EnforcingAdmin.createEnterpriseEnforcingAdmin(
- incomingReceiver, userHandle, adminToTransfer);
+ incomingReceiver, userHandle);
mDevicePolicyEngine.transferPolicies(oldAdmin, newAdmin);
@@ -4470,7 +4469,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
mDevicePolicyEngine.removePoliciesForAdmin(
EnforcingAdmin.createEnterpriseEnforcingAdmin(
- adminReceiver, userHandle, admin));
+ adminReceiver, userHandle));
}
private boolean canSetPasswordQualityOnParent(String packageName, final CallerIdentity caller) {
@@ -4525,10 +4524,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
if (Flags.unmanagedModeMigration()) {
- enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(who,
- userId,
- getActiveAdminForCallerLocked(who,
- DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD));
+ getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
+ enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userId);
}
// If setPasswordQuality is called on the parent, ensure that
// the primary admin does not have password complexity state (this is an
@@ -5584,17 +5581,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
Preconditions.checkArgument(!calledOnParent || isProfileOwner(caller));
final ActiveAdmin activeAdmin;
- if (Flags.activeAdminCleanup()) {
- if (admin.hasAuthority(EnforcingAdmin.DPC_AUTHORITY)) {
- synchronized (getLockObject()) {
- activeAdmin = getActiveAdminUncheckedLocked(
- admin.getComponentName(), admin.getUserId());
- }
- } else {
- activeAdmin = null;
+ if (admin.hasAuthority(EnforcingAdmin.DPC_AUTHORITY)) {
+ synchronized (getLockObject()) {
+ activeAdmin = getActiveAdminUncheckedLocked(
+ admin.getComponentName(), admin.getUserId());
}
} else {
- activeAdmin = admin.getActiveAdmin();
+ activeAdmin = null;
}
// We require the caller to explicitly clear any password quality requirements set
@@ -6331,12 +6324,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
caller.getPackageName(),
getAffectedUser(parent)
);
- if (Flags.activeAdminCleanup()) {
- adminComponent = enforcingAdmin.getComponentName();
- } else {
- ActiveAdmin admin = enforcingAdmin.getActiveAdmin();
- adminComponent = admin == null ? null : admin.info.getComponent();
- }
+ adminComponent = enforcingAdmin.getComponentName();
} else {
ActiveAdmin admin = getActiveAdminOrCheckPermissionForCallerLocked(
null,
@@ -7824,19 +7812,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
calledByProfileOwnerOnOrgOwnedDevice, calledOnParentInstance);
}
- int userId;
- ActiveAdmin admin = null;
- if (Flags.activeAdminCleanup()) {
- userId = enforcingAdmin.getUserId();
- Slogf.i(LOG_TAG, "wipeDataWithReason(%s): admin=%s, user=%d", wipeReasonForUser,
- enforcingAdmin, userId);
- } else {
- admin = enforcingAdmin.getActiveAdmin();
- userId = admin != null ? admin.getUserHandle().getIdentifier()
- : caller.getUserId();
- Slogf.i(LOG_TAG, "wipeDataWithReason(%s): admin=%s, user=%d", wipeReasonForUser, admin,
- userId);
- }
+ int userId = enforcingAdmin.getUserId();
+ Slogf.i(LOG_TAG, "wipeDataWithReason(%s): admin=%s, user=%d", wipeReasonForUser,
+ enforcingAdmin, userId);
if (calledByProfileOwnerOnOrgOwnedDevice) {
// When wipeData is called on the parent instance, it implies wiping the entire device.
@@ -7858,38 +7836,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
final String adminName;
final ComponentName adminComp;
- if (Flags.activeAdminCleanup()) {
- adminComp = enforcingAdmin.getComponentName();
- adminName = adminComp != null
- ? adminComp.flattenToShortString()
- : enforcingAdmin.getPackageName();
- event.setAdmin(enforcingAdmin.getPackageName());
- // Not including any HSUM handling here because the "else" branch in the "flag off"
- // case below is unreachable under normal circumstances and for permission-based
- // callers admin won't be null.
- } else {
- if (admin != null) {
- if (admin.isPermissionBased) {
- adminComp = null;
- adminName = caller.getPackageName();
- event.setAdmin(adminName);
- } else {
- adminComp = admin.info.getComponent();
- adminName = adminComp.flattenToShortString();
- event.setAdmin(adminComp);
- }
- } else {
- adminComp = null;
- adminName = mInjector.getPackageManager().getPackagesForUid(caller.getUid())[0];
- Slogf.i(LOG_TAG, "Logging wipeData() event admin as " + adminName);
- event.setAdmin(adminName);
- if (mInjector.userManagerIsHeadlessSystemUserMode()) {
- // On headless system user mode, the call is meant to factory reset the whole
- // device, otherwise the caller could simply remove the current user.
- userId = UserHandle.USER_SYSTEM;
- }
- }
- }
+ adminComp = enforcingAdmin.getComponentName();
+ adminName = adminComp != null
+ ? adminComp.flattenToShortString()
+ : enforcingAdmin.getPackageName();
+ event.setAdmin(enforcingAdmin.getPackageName());
+ // Not including any HSUM handling here because the "else" branch in the "flag off"
+ // case below is unreachable under normal circumstances and for permission-based
+ // callers admin won't be null.
event.write();
String internalReason = String.format(
@@ -8375,8 +8329,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle);
for (int i = 0; i < admins.size(); i++) {
ActiveAdmin admin = admins.get(i);
- if ((!Flags.activeAdminCleanup() && admin.isPermissionBased)
- || admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {
+ if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) {
affectedUserIds.add(admin.getUserHandle().getIdentifier());
long timeout = admin.passwordExpirationTimeout;
admin.passwordExpirationDate =
@@ -8470,9 +8423,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
*/
private int getUserIdToWipeForFailedPasswords(ActiveAdmin admin) {
final int userId = admin.getUserHandle().getIdentifier();
- if (!Flags.activeAdminCleanup() && admin.isPermissionBased) {
- return userId;
- }
final ComponentName component = admin.info.getComponent();
return isProfileOwnerOfOrganizationOwnedDevice(component, userId)
? getProfileParentId(userId) : userId;
@@ -10282,8 +10232,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
setGlobalSettingDeviceOwnerType(DEVICE_OWNER_TYPE_DEFAULT);
mDevicePolicyEngine.removePoliciesForAdmin(
- EnforcingAdmin.createEnterpriseEnforcingAdmin(
- admin.info.getComponent(), userId, admin));
+ EnforcingAdmin.createEnterpriseEnforcingAdmin(admin.info.getComponent(), userId));
}
private void clearApplicationRestrictions(int userId) {
@@ -10433,8 +10382,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
setNetworkLoggingActiveInternal(false);
mDevicePolicyEngine.removePoliciesForAdmin(
- EnforcingAdmin.createEnterpriseEnforcingAdmin(
- admin.info.getComponent(), userId, admin));
+ EnforcingAdmin.createEnterpriseEnforcingAdmin(admin.info.getComponent(), userId));
}
@Override
@@ -16449,8 +16397,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
if (admin.mPasswordPolicy.quality < minPasswordQuality) {
return false;
}
- return (!Flags.activeAdminCleanup() && admin.isPermissionBased)
- || admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
+ return admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD);
}
@Override
@@ -20918,8 +20865,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
if (profileOwner != null) {
EnforcingAdmin admin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
profileOwner.info.getComponent(),
- profileUserId,
- profileOwner);
+ profileUserId);
mDevicePolicyEngine.setLocalPolicy(
PolicyDefinition.PERSONAL_APPS_SUSPENDED,
admin,
@@ -23517,27 +23463,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
*
* @param callerPackageName The package name of the calling application.
* @param adminPolicy The admin policy that should grant holders permission.
- * @param permission The name of the permission being checked.
- * @param targetUserId The userId of the user which the caller needs permission to act on.
- * @throws SecurityException if the caller has not been granted the given permission,
- * the associated cross-user permission if the caller's user is different to the target user.
- */
- private void enforcePermission(String permission, int adminPolicy,
- String callerPackageName, int targetUserId) throws SecurityException {
- if (hasAdminPolicy(adminPolicy, callerPackageName)) {
- return;
- }
- enforcePermission(permission, callerPackageName, targetUserId);
- }
-
- /**
- * Checks if the calling process has been granted permission to apply a device policy on a
- * specific user.
- * The given permission will be checked along with its associated cross-user permission if it
- * exists and the target user is different to the calling user.
- *
- * @param callerPackageName The package name of the calling application.
- * @param adminPolicy The admin policy that should grant holders permission.
* @param permissions The names of the permissions being checked.
* @param targetUserId The userId of the user which the caller needs permission to act on.
* @throws SecurityException if the caller has not been granted the given permission,
@@ -23670,24 +23595,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
ComponentName component;
synchronized (getLockObject()) {
if (who != null) {
- admin = getActiveAdminUncheckedLocked(who, userId);
component = who;
} else {
admin = getDeviceOrProfileOwnerAdminLocked(userId);
component = admin.info.getComponent();
}
}
- return EnforcingAdmin.createEnterpriseEnforcingAdmin(component, userId, admin);
+ return EnforcingAdmin.createEnterpriseEnforcingAdmin(component, userId);
}
- // Check for non-DPC active admins.
+ // Check for DA active admins.
admin = getActiveAdminForCaller(who, caller);
if (admin != null) {
- return EnforcingAdmin.createDeviceAdminEnforcingAdmin(admin.info.getComponent(), userId,
- admin);
+ return EnforcingAdmin.createDeviceAdminEnforcingAdmin(
+ admin.info.getComponent(), userId);
}
- admin = Flags.activeAdminCleanup()
- ? null : getUserData(userId).createOrGetPermissionBasedAdmin(userId);
- return EnforcingAdmin.createEnforcingAdmin(caller.getPackageName(), userId, admin);
+ return EnforcingAdmin.createEnforcingAdmin(caller.getPackageName(), userId);
}
private EnforcingAdmin getEnforcingAdminForPackage(@Nullable ComponentName who,
@@ -23699,19 +23621,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
admin = getActiveAdminUncheckedLocked(who, userId);
}
if (admin != null) {
- return EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userId, admin);
+ return EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userId);
}
} else {
- // Check for non-DPC active admins.
+ // Check for DA active admins.
admin = getActiveAdminUncheckedLocked(who, userId);
if (admin != null) {
- return EnforcingAdmin.createDeviceAdminEnforcingAdmin(who, userId, admin);
+ return EnforcingAdmin.createDeviceAdminEnforcingAdmin(who, userId);
}
}
}
- admin = Flags.activeAdminCleanup()
- ? null : getUserData(userId).createOrGetPermissionBasedAdmin(userId);
- return EnforcingAdmin.createEnforcingAdmin(packageName, userId, admin);
+ return EnforcingAdmin.createEnforcingAdmin(packageName, userId);
}
private int getAffectedUser(boolean calledOnParent) {
@@ -24427,9 +24347,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
&& admin.getParentActiveAdmin().disableScreenCapture))) {
EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
- admin.info.getComponent(),
- admin.getUserHandle().getIdentifier(),
- admin);
+ admin.info.getComponent(), admin.getUserHandle().getIdentifier());
mDevicePolicyEngine.setGlobalPolicy(
PolicyDefinition.SCREEN_CAPTURE_DISABLED,
enforcingAdmin,
@@ -24442,8 +24360,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
if (profileOwner != null && profileOwner.disableScreenCapture) {
EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
profileOwner.info.getComponent(),
- profileOwner.getUserHandle().getIdentifier(),
- profileOwner);
+ profileOwner.getUserHandle().getIdentifier());
mDevicePolicyEngine.setLocalPolicy(
PolicyDefinition.SCREEN_CAPTURE_DISABLED,
enforcingAdmin,
@@ -24485,10 +24402,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
private void setLockTaskPolicyInPolicyEngine(
ActiveAdmin admin, int userId, List<String> packages, int features) {
EnforcingAdmin enforcingAdmin =
- EnforcingAdmin.createEnterpriseEnforcingAdmin(
- admin.info.getComponent(),
- userId,
- admin);
+ EnforcingAdmin.createEnterpriseEnforcingAdmin(admin.info.getComponent(), userId);
mDevicePolicyEngine.setLocalPolicy(
PolicyDefinition.LOCK_TASK,
enforcingAdmin,
@@ -24503,9 +24417,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);
if (admin != null) {
EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
- admin.info.getComponent(),
- admin.getUserHandle().getIdentifier(),
- admin);
+ admin.info.getComponent(), admin.getUserHandle().getIdentifier());
if (admin.permittedInputMethods != null) {
mDevicePolicyEngine.setLocalPolicy(
PolicyDefinition.PERMITTED_INPUT_METHODS,
@@ -24536,9 +24448,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);
if (admin != null) {
EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
- admin.info.getComponent(),
- admin.getUserHandle().getIdentifier(),
- admin);
+ admin.info.getComponent(), admin.getUserHandle().getIdentifier());
for (String accountType : admin.accountTypesWithManagementDisabled) {
mDevicePolicyEngine.setLocalPolicy(
PolicyDefinition.ACCOUNT_MANAGEMENT_DISABLED(accountType),
@@ -24569,9 +24479,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);
if (admin != null && admin.protectedPackages != null) {
EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
- admin.info.getComponent(),
- admin.getUserHandle().getIdentifier(),
- admin);
+ admin.info.getComponent(), admin.getUserHandle().getIdentifier());
if (isDeviceOwner(admin)) {
mDevicePolicyEngine.setGlobalPolicy(
PolicyDefinition.USER_CONTROLLED_DISABLED_PACKAGES,
@@ -24599,10 +24507,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
if (admin == null) continue;
ComponentName adminComponent = admin.info.getComponent();
int userId = userInfo.id;
- EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
- adminComponent,
- userId,
- admin);
+ EnforcingAdmin enforcingAdmin =
+ EnforcingAdmin.createEnterpriseEnforcingAdmin(adminComponent, userId);
int ownerType;
if (isDeviceOwner(admin)) {
ownerType = OWNER_TYPE_DEVICE_OWNER;
@@ -24635,9 +24541,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
ActiveAdmin admin = getProfileOwnerOrDeviceOwnerLocked(userInfo.id);
if (admin == null) continue;
EnforcingAdmin enforcingAdmin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
- admin.info.getComponent(),
- userInfo.id,
- admin);
+ admin.info.getComponent(), userInfo.id);
runner.accept(admin, enforcingAdmin);
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/EnforcingAdmin.java b/services/devicepolicy/java/com/android/server/devicepolicy/EnforcingAdmin.java
index 5a0b079b6a24..aca331564a40 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/EnforcingAdmin.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/EnforcingAdmin.java
@@ -23,7 +23,6 @@ import android.app.admin.DeviceAdminAuthority;
import android.app.admin.DpcAuthority;
import android.app.admin.RoleAuthority;
import android.app.admin.UnknownAuthority;
-import android.app.admin.flags.Flags;
import android.content.ComponentName;
import android.os.UserHandle;
@@ -80,36 +79,24 @@ final class EnforcingAdmin {
private final int mUserId;
private final boolean mIsRoleAuthority;
private final boolean mIsSystemAuthority;
- private final ActiveAdmin mActiveAdmin;
- static EnforcingAdmin createEnforcingAdmin(@NonNull String packageName, int userId,
- ActiveAdmin admin) {
+ static EnforcingAdmin createEnforcingAdmin(@NonNull String packageName, int userId) {
Objects.requireNonNull(packageName);
- return new EnforcingAdmin(packageName, userId, admin);
+ return new EnforcingAdmin(packageName, userId);
}
static EnforcingAdmin createEnterpriseEnforcingAdmin(
@NonNull ComponentName componentName, int userId) {
Objects.requireNonNull(componentName);
return new EnforcingAdmin(
- componentName.getPackageName(), componentName, Set.of(DPC_AUTHORITY), userId,
- /* activeAdmin=*/ null);
+ componentName.getPackageName(), componentName, Set.of(DPC_AUTHORITY), userId);
}
- static EnforcingAdmin createEnterpriseEnforcingAdmin(
- @NonNull ComponentName componentName, int userId, ActiveAdmin activeAdmin) {
- Objects.requireNonNull(componentName);
- return new EnforcingAdmin(
- componentName.getPackageName(), componentName, Set.of(DPC_AUTHORITY), userId,
- activeAdmin);
- }
-
- static EnforcingAdmin createDeviceAdminEnforcingAdmin(ComponentName componentName, int userId,
- ActiveAdmin activeAdmin) {
+ static EnforcingAdmin createDeviceAdminEnforcingAdmin(ComponentName componentName, int userId) {
Objects.requireNonNull(componentName);
return new EnforcingAdmin(
componentName.getPackageName(), componentName, Set.of(DEVICE_ADMIN_AUTHORITY),
- userId, activeAdmin);
+ userId);
}
static EnforcingAdmin createSystemEnforcingAdmin(@NonNull String systemEntity) {
@@ -124,24 +111,20 @@ final class EnforcingAdmin {
if (DpcAuthority.DPC_AUTHORITY.equals(authority)) {
return new EnforcingAdmin(
admin.getPackageName(), admin.getComponentName(),
- Set.of(DPC_AUTHORITY), admin.getUserHandle().getIdentifier(),
- /* activeAdmin = */ null);
+ Set.of(DPC_AUTHORITY), admin.getUserHandle().getIdentifier());
} else if (DeviceAdminAuthority.DEVICE_ADMIN_AUTHORITY.equals(authority)) {
return new EnforcingAdmin(
admin.getPackageName(), admin.getComponentName(),
- Set.of(DEVICE_ADMIN_AUTHORITY), admin.getUserHandle().getIdentifier(),
- /* activeAdmin = */ null);
+ Set.of(DEVICE_ADMIN_AUTHORITY), admin.getUserHandle().getIdentifier());
} else if (authority instanceof RoleAuthority roleAuthority) {
return new EnforcingAdmin(
admin.getPackageName(), admin.getComponentName(),
Set.of(DEVICE_ADMIN_AUTHORITY), admin.getUserHandle().getIdentifier(),
- /* activeAdmin = */ null,
/* isRoleAuthority = */ true);
}
// TODO(b/324899199): Consider supporting android.app.admin.SystemAuthority.
return new EnforcingAdmin(admin.getPackageName(), admin.getComponentName(),
- Set.of(), admin.getUserHandle().getIdentifier(),
- /* activeAdmin = */ null);
+ Set.of(), admin.getUserHandle().getIdentifier());
}
static String getRoleAuthorityOf(String roleName) {
@@ -167,7 +150,7 @@ final class EnforcingAdmin {
private EnforcingAdmin(
String packageName, @Nullable ComponentName componentName, Set<String> authorities,
- int userId, @Nullable ActiveAdmin activeAdmin) {
+ int userId) {
Objects.requireNonNull(packageName);
Objects.requireNonNull(authorities);
@@ -179,10 +162,9 @@ final class EnforcingAdmin {
mComponentName = componentName;
mAuthorities = new HashSet<>(authorities);
mUserId = userId;
- mActiveAdmin = activeAdmin;
}
- private EnforcingAdmin(String packageName, int userId, ActiveAdmin activeAdmin) {
+ private EnforcingAdmin(String packageName, int userId) {
Objects.requireNonNull(packageName);
// Only role authorities use this constructor.
@@ -194,7 +176,6 @@ final class EnforcingAdmin {
mComponentName = null;
// authorities will be loaded when needed
mAuthorities = null;
- mActiveAdmin = activeAdmin;
}
/** Constructor for System authorities. */
@@ -210,12 +191,11 @@ final class EnforcingAdmin {
mUserId = UserHandle.USER_SYSTEM;
mComponentName = null;
mAuthorities = getSystemAuthority(systemEntity);
- mActiveAdmin = null;
}
private EnforcingAdmin(
String packageName, @Nullable ComponentName componentName, Set<String> authorities,
- int userId, @Nullable ActiveAdmin activeAdmin, boolean isRoleAuthority) {
+ int userId, boolean isRoleAuthority) {
Objects.requireNonNull(packageName);
Objects.requireNonNull(authorities);
@@ -226,7 +206,6 @@ final class EnforcingAdmin {
mComponentName = componentName;
mAuthorities = new HashSet<>(authorities);
mUserId = userId;
- mActiveAdmin = activeAdmin;
}
private static Set<String> getRoleAuthoritiesOrDefault(String packageName, int userId) {
@@ -295,14 +274,6 @@ final class EnforcingAdmin {
}
@Nullable
- public ActiveAdmin getActiveAdmin() {
- if (Flags.activeAdminCleanup()) {
- throw new UnsupportedOperationException("getActiveAdmin() no longer supported");
- }
- return mActiveAdmin;
- }
-
- @Nullable
ComponentName getComponentName() {
return mComponentName;
}
@@ -419,7 +390,7 @@ final class EnforcingAdmin {
return null;
}
// TODO(b/281697976): load active admin
- return new EnforcingAdmin(packageName, userId, null);
+ return new EnforcingAdmin(packageName, userId);
} else if (isSystemAuthority) {
if (systemEntity == null) {
Slogf.wtf(TAG, "Error parsing EnforcingAdmin with SystemAuthority, "
@@ -439,7 +410,7 @@ final class EnforcingAdmin {
? null : new ComponentName(packageName, className);
Set<String> authorities = Set.of(authoritiesStr.split(ATTR_AUTHORITIES_SEPARATOR));
// TODO(b/281697976): load active admin
- return new EnforcingAdmin(packageName, componentName, authorities, userId, null);
+ return new EnforcingAdmin(packageName, componentName, authorities, userId);
}
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-01 11:29:37 +0000