diff options
9 files changed, 59 insertions, 171 deletions
diff --git a/core/api/current.txt b/core/api/current.txt index baf142a0640c..0dc48baa4145 100644 --- a/core/api/current.txt +++ b/core/api/current.txt @@ -7968,7 +7968,7 @@ package android.app.admin { field public static final String PERMISSION_GRANT_POLICY = "permissionGrant"; field public static final String PERSISTENT_PREFERRED_ACTIVITY_POLICY = "persistentPreferredActivity"; field public static final String RESET_PASSWORD_TOKEN_POLICY = "resetPasswordToken"; - field @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") public static final String SECURITY_LOGGING_POLICY = "securityLogging"; + field public static final String SECURITY_LOGGING_POLICY = "securityLogging"; field public static final String STATUS_BAR_DISABLED_POLICY = "statusBarDisabled"; field @FlaggedApi("android.app.admin.flags.policy_engine_migration_v2_enabled") public static final String USB_DATA_SIGNALING_POLICY = "usbDataSignaling"; field public static final String USER_CONTROL_DISABLED_PACKAGES_POLICY = "userControlDisabledPackages"; diff --git a/core/api/system-current.txt b/core/api/system-current.txt index 9c93c3aaf4fb..dc94fcff8660 100644 --- a/core/api/system-current.txt +++ b/core/api/system-current.txt @@ -201,7 +201,7 @@ package android { field public static final String MANAGE_DEFAULT_APPLICATIONS = "android.permission.MANAGE_DEFAULT_APPLICATIONS"; field public static final String MANAGE_DEVICE_ADMINS = "android.permission.MANAGE_DEVICE_ADMINS"; field public static final String MANAGE_DEVICE_POLICY_APP_EXEMPTIONS = "android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS"; - field @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") public static final String MANAGE_DEVICE_POLICY_AUDIT_LOGGING = "android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING"; + field public static final String MANAGE_DEVICE_POLICY_AUDIT_LOGGING = "android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING"; field @FlaggedApi("android.permission.flags.enhanced_confirmation_mode_apis_enabled") public static final String MANAGE_ENHANCED_CONFIRMATION_STATES = "android.permission.MANAGE_ENHANCED_CONFIRMATION_STATES"; field public static final String MANAGE_ETHERNET_NETWORKS = "android.permission.MANAGE_ETHERNET_NETWORKS"; field public static final String MANAGE_FACTORY_RESET_PROTECTION = "android.permission.MANAGE_FACTORY_RESET_PROTECTION"; @@ -1296,7 +1296,7 @@ package android.app.admin { } public final class DevicePolicyIdentifiers { - field @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") public static final String AUDIT_LOGGING_POLICY = "auditLogging"; + field public static final String AUDIT_LOGGING_POLICY = "auditLogging"; } public class DevicePolicyKeyguardService extends android.app.Service { @@ -1308,7 +1308,7 @@ package android.app.admin { public class DevicePolicyManager { method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public int checkProvisioningPrecondition(@NonNull String, @NonNull String); - method @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void clearAuditLogEventCallback(); + method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void clearAuditLogEventCallback(); method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public android.os.UserHandle createAndProvisionManagedProfile(@NonNull android.app.admin.ManagedProfileProvisioningParams) throws android.app.admin.ProvisioningException; method @Nullable public android.content.Intent createProvisioningIntentFromNfcIntent(@NonNull android.content.Intent); method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void finalizeWorkProfileProvisioning(@NonNull android.os.UserHandle, @Nullable android.accounts.Account); @@ -1328,7 +1328,7 @@ package android.app.admin { method @Nullable public android.content.ComponentName getProfileOwner() throws java.lang.IllegalArgumentException; method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}) public String getProfileOwnerNameAsUser(int) throws java.lang.IllegalArgumentException; method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}) public int getUserProvisioningState(); - method @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public boolean isAuditLogEnabled(); + method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public boolean isAuditLogEnabled(); method public boolean isDeviceManaged(); method @FlaggedApi("android.app.admin.flags.device_theft_api_enabled") @RequiresPermission(android.Manifest.permission.QUERY_DEVICE_STOLEN_STATE) public boolean isDevicePotentiallyStolen(); method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isDeviceProvisioned(); @@ -1344,8 +1344,8 @@ package android.app.admin { method @RequiresPermission(android.Manifest.permission.TRIGGER_LOST_MODE) public void sendLostModeLocationUpdate(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Boolean>); method @Deprecated @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS) public boolean setActiveProfileOwner(@NonNull android.content.ComponentName, String) throws java.lang.IllegalArgumentException; method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS) public void setApplicationExemptions(@NonNull String, @NonNull java.util.Set<java.lang.Integer>) throws android.content.pm.PackageManager.NameNotFoundException; - method @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEnabled(boolean); - method @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEventCallback(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.util.List<android.app.admin.SecurityLog.SecurityEvent>>); + method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEnabled(boolean); + method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEventCallback(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.util.List<android.app.admin.SecurityLog.SecurityEvent>>); method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public void setDeviceProvisioningConfigApplied(); method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setDpcDownloaded(boolean); method @FlaggedApi("android.app.admin.flags.device_policy_size_tracking_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setMaxPolicyStorageLimit(int); diff --git a/core/java/android/app/admin/DevicePolicyIdentifiers.java b/core/java/android/app/admin/DevicePolicyIdentifiers.java index eeaf0b3706fc..156512a90295 100644 --- a/core/java/android/app/admin/DevicePolicyIdentifiers.java +++ b/core/java/android/app/admin/DevicePolicyIdentifiers.java @@ -17,7 +17,6 @@ package android.app.admin; import static android.app.admin.flags.Flags.FLAG_POLICY_ENGINE_MIGRATION_V2_ENABLED; -import static android.app.admin.flags.Flags.FLAG_SECURITY_LOG_V2_ENABLED; import android.annotation.FlaggedApi; import android.annotation.NonNull; @@ -50,7 +49,6 @@ public final class DevicePolicyIdentifiers { /** * String identifier for {@link DevicePolicyManager#setSecurityLoggingEnabled}. */ - @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED) public static final String SECURITY_LOGGING_POLICY = "securityLogging"; /** @@ -58,7 +56,6 @@ public final class DevicePolicyIdentifiers { * * @hide */ - @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED) @SystemApi public static final String AUDIT_LOGGING_POLICY = "auditLogging"; diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index ba1dc5677b21..5088ea6b603c 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -60,7 +60,6 @@ import static android.app.admin.flags.Flags.FLAG_ESIM_MANAGEMENT_ENABLED; import static android.app.admin.flags.Flags.FLAG_DEVICE_POLICY_SIZE_TRACKING_ENABLED; import static android.app.admin.flags.Flags.FLAG_HEADLESS_DEVICE_OWNER_PROVISIONING_FIX_ENABLED; import static android.app.admin.flags.Flags.FLAG_HEADLESS_DEVICE_OWNER_SINGLE_USER_ENABLED; -import static android.app.admin.flags.Flags.FLAG_SECURITY_LOG_V2_ENABLED; import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled; import static android.app.admin.flags.Flags.onboardingConsentlessBugreports; import static android.app.admin.flags.Flags.FLAG_IS_MTE_POLICY_ENFORCED; @@ -14335,7 +14334,6 @@ public class DevicePolicyManager { * @hide */ @SystemApi - @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED) @RequiresPermission(permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEnabled(boolean enabled) { throwIfParentInstance("setAuditLogEnabled"); @@ -14352,7 +14350,6 @@ public class DevicePolicyManager { * @hide */ @SystemApi - @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED) @RequiresPermission(permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public boolean isAuditLogEnabled() { throwIfParentInstance("isAuditLogEnabled"); @@ -14374,7 +14371,6 @@ public class DevicePolicyManager { * @hide */ @SystemApi - @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED) @RequiresPermission(permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEventCallback( @NonNull @CallbackExecutor Executor executor, @@ -14401,7 +14397,6 @@ public class DevicePolicyManager { * @hide */ @SystemApi - @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED) @RequiresPermission(permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void clearAuditLogEventCallback() { throwIfParentInstance("clearAuditLogEventCallback"); diff --git a/core/java/android/app/admin/flags/flags.aconfig b/core/java/android/app/admin/flags/flags.aconfig index 9148e3c3a072..56f47922b078 100644 --- a/core/java/android/app/admin/flags/flags.aconfig +++ b/core/java/android/app/admin/flags/flags.aconfig @@ -105,6 +105,7 @@ flag { bug: "289520697" } +# Fully rolled out and must not be used. flag { name: "security_log_v2_enabled" is_exported: true diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index f795406074b8..661d71fb4ef9 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -3836,7 +3836,6 @@ <!-- Allows an application to use audit logging API. @hide @SystemApi - @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") --> <permission android:name="android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING" android:protectionLevel="internal|role" /> diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 1290fb7ef91a..a80ee0f66742 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -2726,22 +2726,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return; } - if (Flags.securityLogV2Enabled()) { - boolean auditLoggingEnabled = Boolean.TRUE.equals( - mDevicePolicyEngine.getResolvedPolicy( - PolicyDefinition.AUDIT_LOGGING, UserHandle.USER_ALL)); - boolean securityLoggingEnabled = Boolean.TRUE.equals( - mDevicePolicyEngine.getResolvedPolicy( - PolicyDefinition.SECURITY_LOGGING, UserHandle.USER_ALL)); - setLoggingConfiguration(securityLoggingEnabled, auditLoggingEnabled); - mInjector.runCryptoSelfTest(); - } else { - synchronized (getLockObject()) { - mSecurityLogMonitor.start(getSecurityLoggingEnabledUser()); - mInjector.runCryptoSelfTest(); - maybePauseDeviceWideLoggingLocked(); - } - } + boolean auditLoggingEnabled = Boolean.TRUE.equals( + mDevicePolicyEngine.getResolvedPolicy( + PolicyDefinition.AUDIT_LOGGING, UserHandle.USER_ALL)); + boolean securityLoggingEnabled = Boolean.TRUE.equals( + mDevicePolicyEngine.getResolvedPolicy( + PolicyDefinition.SECURITY_LOGGING, UserHandle.USER_ALL)); + setLoggingConfiguration(securityLoggingEnabled, auditLoggingEnabled); + mInjector.runCryptoSelfTest(); } /** @@ -3399,7 +3391,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @GuardedBy("getLockObject()") private void maybeMigrateSecurityLoggingPolicyLocked() { - if (!Flags.securityLogV2Enabled() || mOwners.isSecurityLoggingMigrated()) { + if (mOwners.isSecurityLoggingMigrated()) { return; } @@ -16304,9 +16296,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public void enforceSecurityLoggingPolicy(boolean enabled) { - if (!Flags.securityLogV2Enabled()) { - return; - } Boolean auditLoggingEnabled = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.AUDIT_LOGGING, UserHandle.USER_ALL); enforceLoggingPolicy(enabled, Boolean.TRUE.equals(auditLoggingEnabled)); @@ -16314,9 +16303,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public void enforceAuditLoggingPolicy(boolean enabled) { - if (!Flags.securityLogV2Enabled()) { - return; - } Boolean securityLoggingEnabled = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.SECURITY_LOGGING, UserHandle.USER_ALL); enforceLoggingPolicy(Boolean.TRUE.equals(securityLoggingEnabled), enabled); @@ -18252,45 +18238,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } final CallerIdentity caller = getCallerIdentity(who, packageName); - if (Flags.securityLogV2Enabled()) { - EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( - who, - MANAGE_DEVICE_POLICY_SECURITY_LOGGING, - caller.getPackageName(), - caller.getUserId()); - if (enabled) { - mDevicePolicyEngine.setGlobalPolicy( - PolicyDefinition.SECURITY_LOGGING, - admin, - new BooleanPolicyValue(true)); - } else { - mDevicePolicyEngine.removeGlobalPolicy( - PolicyDefinition.SECURITY_LOGGING, - admin); - } + EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( + who, + MANAGE_DEVICE_POLICY_SECURITY_LOGGING, + caller.getPackageName(), + caller.getUserId()); + if (enabled) { + mDevicePolicyEngine.setGlobalPolicy( + PolicyDefinition.SECURITY_LOGGING, + admin, + new BooleanPolicyValue(true)); } else { - synchronized (getLockObject()) { - if (who != null) { - Preconditions.checkCallAuthorization( - isProfileOwnerOfOrganizationOwnedDevice(caller) - || isDefaultDeviceOwner(caller)); - } else { - // A delegate app passes a null admin component, which is expected - Preconditions.checkCallAuthorization( - isCallerDelegate(caller, DELEGATION_SECURITY_LOGGING)); - } - - if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) { - return; - } - mInjector.securityLogSetLoggingEnabledProperty(enabled); - if (enabled) { - mSecurityLogMonitor.start(getSecurityLoggingEnabledUser()); - maybePauseDeviceWideLoggingLocked(); - } else { - mSecurityLogMonitor.stop(); - } - } + mDevicePolicyEngine.removeGlobalPolicy( + PolicyDefinition.SECURITY_LOGGING, + admin); } DevicePolicyEventLogger .createEvent(DevicePolicyEnums.SET_SECURITY_LOGGING_ENABLED) @@ -18312,29 +18273,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return mInjector.securityLogGetLoggingEnabledProperty(); } - if (Flags.securityLogV2Enabled()) { - final EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( - admin, - MANAGE_DEVICE_POLICY_SECURITY_LOGGING, - caller.getPackageName(), - caller.getUserId()); - final Boolean policy = mDevicePolicyEngine.getGlobalPolicySetByAdmin( - PolicyDefinition.SECURITY_LOGGING, enforcingAdmin); - return Boolean.TRUE.equals(policy); - } else { - synchronized (getLockObject()) { - if (admin != null) { - Preconditions.checkCallAuthorization( - isProfileOwnerOfOrganizationOwnedDevice(caller) - || isDefaultDeviceOwner(caller)); - } else { - // A delegate app passes a null admin component, which is expected - Preconditions.checkCallAuthorization( - isCallerDelegate(caller, DELEGATION_SECURITY_LOGGING)); - } - return mInjector.securityLogGetLoggingEnabledProperty(); - } - } + final EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( + admin, + MANAGE_DEVICE_POLICY_SECURITY_LOGGING, + caller.getPackageName(), + caller.getUserId()); + final Boolean policy = mDevicePolicyEngine.getGlobalPolicySetByAdmin( + PolicyDefinition.SECURITY_LOGGING, enforcingAdmin); + return Boolean.TRUE.equals(policy); } private void recordSecurityLogRetrievalTime() { @@ -18410,42 +18356,24 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(admin, packageName); - if (Flags.securityLogV2Enabled()) { - EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( - admin, - MANAGE_DEVICE_POLICY_SECURITY_LOGGING, - caller.getPackageName(), - caller.getUserId()); - - synchronized (getLockObject()) { - Preconditions.checkCallAuthorization(isOrganizationOwnedDeviceWithManagedProfile() - || areAllUsersAffiliatedWithDeviceLocked()); - } - - Boolean policy = mDevicePolicyEngine.getGlobalPolicySetByAdmin( - PolicyDefinition.SECURITY_LOGGING, enforcingAdmin); + EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( + admin, + MANAGE_DEVICE_POLICY_SECURITY_LOGGING, + caller.getPackageName(), + caller.getUserId()); - if (!Boolean.TRUE.equals(policy)) { - Slogf.e(LOG_TAG, "%s hasn't enabled security logging but tries to retrieve logs", - caller.getPackageName()); - return null; - } - } else { - if (admin != null) { - Preconditions.checkCallAuthorization( - isProfileOwnerOfOrganizationOwnedDevice(caller) - || isDefaultDeviceOwner(caller)); - } else { - // A delegate app passes a null admin component, which is expected - Preconditions.checkCallAuthorization( - isCallerDelegate(caller, DELEGATION_SECURITY_LOGGING)); - } + synchronized (getLockObject()) { Preconditions.checkCallAuthorization(isOrganizationOwnedDeviceWithManagedProfile() || areAllUsersAffiliatedWithDeviceLocked()); + } - if (!mInjector.securityLogGetLoggingEnabledProperty()) { - return null; - } + Boolean policy = mDevicePolicyEngine.getGlobalPolicySetByAdmin( + PolicyDefinition.SECURITY_LOGGING, enforcingAdmin); + + if (!Boolean.TRUE.equals(policy)) { + Slogf.e(LOG_TAG, "%s hasn't enabled security logging but tries to retrieve logs", + caller.getPackageName()); + return null; } recordSecurityLogRetrievalTime(); @@ -18465,10 +18393,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } final CallerIdentity caller = getCallerIdentity(callingPackage); - if (!Flags.securityLogV2Enabled()) { - throw new UnsupportedOperationException("Audit log not enabled"); - } - EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( null /* admin */, MANAGE_DEVICE_POLICY_AUDIT_LOGGING, @@ -18493,10 +18417,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } - if (!Flags.securityLogV2Enabled()) { - throw new UnsupportedOperationException("Audit log not enabled"); - } - final CallerIdentity caller = getCallerIdentity(callingPackage); EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin( null /* admin */, diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java b/services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java index 2ea5f168bdd1..52a784559510 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java @@ -410,9 +410,8 @@ class OwnersData { out.startTag(null, TAG_POLICY_ENGINE_MIGRATION); out.attributeBoolean(null, ATTR_MIGRATED_TO_POLICY_ENGINE, mMigratedToPolicyEngine); out.attributeBoolean(null, ATTR_MIGRATED_POST_UPGRADE, mPoliciesMigratedPostUpdate); - if (Flags.securityLogV2Enabled()) { - out.attributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, mSecurityLoggingMigrated); - } + out.attributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, mSecurityLoggingMigrated); + if (Flags.unmanagedModeMigration()) { out.attributeBoolean(null, ATTR_REQUIRED_PASSWORD_COMPLEXITY_MIGRATED, mRequiredPasswordComplexityMigrated); @@ -483,8 +482,8 @@ class OwnersData { null, ATTR_MIGRATED_TO_POLICY_ENGINE, false); mPoliciesMigratedPostUpdate = parser.getAttributeBoolean( null, ATTR_MIGRATED_POST_UPGRADE, false); - mSecurityLoggingMigrated = Flags.securityLogV2Enabled() - && parser.getAttributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, false); + mSecurityLoggingMigrated = + parser.getAttributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, false); mRequiredPasswordComplexityMigrated = Flags.unmanagedModeMigration() && parser.getAttributeBoolean(null, ATTR_REQUIRED_PASSWORD_COMPLEXITY_MIGRATED, false); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java b/services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java index dd0493032c56..474c48a746c9 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java @@ -23,7 +23,6 @@ import android.app.admin.DeviceAdminReceiver; import android.app.admin.IAuditLogEventsCallback; import android.app.admin.SecurityLog; import android.app.admin.SecurityLog.SecurityEvent; -import android.app.admin.flags.Flags; import android.os.Handler; import android.os.IBinder; import android.os.Process; @@ -184,28 +183,6 @@ class SecurityLogMonitor implements Runnable { @GuardedBy("mLock") private final ArrayDeque<SecurityEvent> mAuditLogEventBuffer = new ArrayDeque<>(); - /** - * Start security logging. - * - * @param enabledUser which user logging is enabled on, or USER_ALL to enable logging for all - * users on the device. - */ - void start(int enabledUser) { - Slog.i(TAG, "Starting security logging for user " + enabledUser); - mEnabledUser = enabledUser; - mLock.lock(); - try { - if (mMonitorThread == null) { - resetLegacyBufferLocked(); - startMonitorThreadLocked(); - } else { - Slog.i(TAG, "Security log monitor thread is already running"); - } - } finally { - mLock.unlock(); - } - } - void stop() { Slog.i(TAG, "Stopping security logging."); mLock.lock(); @@ -467,11 +444,11 @@ class SecurityLogMonitor implements Runnable { assignLogId(event); } - if (!Flags.securityLogV2Enabled() || mLegacyLogEnabled) { + if (mLegacyLogEnabled) { addToLegacyBufferLocked(dedupedLogs); } - if (Flags.securityLogV2Enabled() && mAuditLogEnabled) { + if (mAuditLogEnabled) { addAuditLogEventsLocked(dedupedLogs); } } @@ -548,7 +525,7 @@ class SecurityLogMonitor implements Runnable { saveLastEvents(newLogs); newLogs.clear(); - if (!Flags.securityLogV2Enabled() || mLegacyLogEnabled) { + if (mLegacyLogEnabled) { notifyDeviceOwnerOrProfileOwnerIfNeeded(force); } } catch (IOException e) { |