diff options
2 files changed, 1 insertions, 222 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 7e083ba8859a..9271ec9f74b6 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -76,6 +76,7 @@ import static android.Manifest.permission.MANAGE_DEVICE_POLICY_SCREEN_CONTENT; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_SECURITY_LOGGING; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_SMS; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_STATUS_BAR; +import static android.Manifest.permission.MANAGE_DEVICE_POLICY_STORAGE_LIMIT; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_SUPPORT_MESSAGE; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_SYSTEM_DIALOGS; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_SYSTEM_UPDATES; @@ -88,7 +89,6 @@ import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WALLPAPER; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIFI; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WINDOWS; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIPE_DATA; -import static android.Manifest.permission.MANAGE_DEVICE_POLICY_STORAGE_LIMIT; import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS; import static android.Manifest.permission.MASTER_CLEAR; import static android.Manifest.permission.NOTIFY_PENDING_SYSTEM_UPDATE; @@ -116,7 +116,6 @@ import static android.app.admin.DeviceAdminInfo.USES_POLICY_FORCE_LOCK; import static android.app.admin.DeviceAdminInfo.USES_POLICY_WIPE_DATA; import static android.app.admin.DeviceAdminReceiver.ACTION_COMPLIANCE_ACKNOWLEDGEMENT_REQUIRED; import static android.app.admin.DeviceAdminReceiver.EXTRA_TRANSFER_OWNERSHIP_ADMIN_EXTRAS_BUNDLE; -import static android.app.admin.DevicePolicyIdentifiers.AUTO_TIMEZONE_POLICY; import static android.app.admin.DevicePolicyManager.ACTION_CHECK_POLICY_COMPLIANCE; import static android.app.admin.DevicePolicyManager.ACTION_DEVICE_FINANCING_STATE_CHANGED; import static android.app.admin.DevicePolicyManager.ACTION_DEVICE_POLICY_RESOURCE_UPDATED; @@ -407,7 +406,6 @@ import android.hardware.usb.UsbManager; import android.location.Location; import android.location.LocationManager; import android.media.AudioManager; -import android.media.IAudioService; import android.net.ConnectivityManager; import android.net.ConnectivitySettingsManager; import android.net.IIpConnectivityMetrics; @@ -1763,10 +1761,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { ServiceManager.getService(Context.BACKUP_SERVICE)); } - IAudioService getIAudioService() { - return IAudioService.Stub.asInterface(ServiceManager.getService(Context.AUDIO_SERVICE)); - } - PersistentDataBlockManagerInternal getPersistentDataBlockManagerInternal() { return LocalServices.getService(PersistentDataBlockManagerInternal.class); } @@ -1939,10 +1933,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { name, value, userHandle); } - void settingsSecurePutInt(String name, int value) { - Settings.Secure.putInt(mContext.getContentResolver(), name, value); - } - int settingsGlobalGetInt(String name, int def) { return Settings.Global.getInt(mContext.getContentResolver(), name, def); } @@ -1956,10 +1946,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Settings.Global.putInt(mContext.getContentResolver(), name, value); } - void settingsSecurePutString(String name, String value) { - Settings.Secure.putString(mContext.getContentResolver(), name, value); - } - void settingsGlobalPutString(String name, String value) { Settings.Global.putString(mContext.getContentResolver(), name, value); } @@ -2900,16 +2886,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return poAdmin; } - @NonNull ActiveAdmin getOrganizationOwnedProfileOwnerLocked(final CallerIdentity caller) { - Preconditions.checkCallAuthorization( - mOwners.isProfileOwnerOfOrganizationOwnedDevice(caller.getUserId()), - "Caller %s is not an admin of an org-owned device", - caller.getComponentName()); - final ActiveAdmin profileOwner = getProfileOwnerLocked(caller.getUserId()); - - return profileOwner; - } - ActiveAdmin getProfileOwnerOrDeviceOwnerLocked(@UserIdInt int userId) { ensureLocked(); // Try to find an admin which can use reqPolicy @@ -2922,18 +2898,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return getDeviceOwnerLocked(userId); } - ActiveAdmin getProfileOwnerOrDefaultDeviceOwnerLocked(@UserIdInt int userId) { - ensureLocked(); - // Try to find an admin which can use reqPolicy - final ComponentName poAdminComponent = mOwners.getProfileOwnerComponent(userId); - - if (poAdminComponent != null) { - return getProfileOwnerLocked(userId); - } - - return getDefaultDeviceOwnerLocked(userId); - } - @NonNull ActiveAdmin getParentOfAdminIfRequired(ActiveAdmin admin, boolean parent) { Objects.requireNonNull(admin); return parent ? admin.getParentActiveAdmin() : admin; @@ -4446,25 +4410,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { * <ul> * <li>The active admins associated with the userHandle itself</li> * <li>The parent active admins for each managed profile associated with the userHandle</li> - * </ul> - * - * @param userHandle the affected user for whom to get the active admins - * @return the list of active admins for the affected user - */ - @GuardedBy("getLockObject()") - private List<ActiveAdmin> getActiveAdminsForAffectedUserLocked(int userHandle) { - if (isManagedProfile(userHandle)) { - return getUserDataUnchecked(userHandle).mAdminList; - } - return getActiveAdminsForUserAndItsManagedProfilesLocked(userHandle, - /* shouldIncludeProfileAdmins */ (user) -> false); - } - - /** - * Get the list of active admins for an affected user: - * <ul> - * <li>The active admins associated with the userHandle itself</li> - * <li>The parent active admins for each managed profile associated with the userHandle</li> * <li>The permission based admin associated with the userHandle itself</li> * </ul> * @@ -8669,17 +8614,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { .write(); } - // Set the latest screen capture policy, overriding any existing ones. - // userHandle can be one of USER_ALL, USER_NULL or a concrete userId. - private void setScreenCaptureDisabled(int userHandle) { - int current = mPolicyCache.getScreenCaptureDisallowedUser(); - if (userHandle == current) { - return; - } - mPolicyCache.setScreenCaptureDisallowedUser(userHandle); - updateScreenCaptureDisabled(); - } - /** * Returns whether or not screen capture is disabled for any active admin. */ @@ -9896,16 +9830,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return doOrPo; } - ActiveAdmin getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceParentLocked(int userId) { - ensureLocked(); - ActiveAdmin admin = getDeviceOwnerAdminLocked(); - if (admin != null) { - return admin; - } - admin = getProfileOwnerOfOrganizationOwnedDeviceLocked(userId); - return admin != null ? admin.getParentActiveAdmin() : null; - } - @Override public void clearDeviceOwner(String packageName) { Objects.requireNonNull(packageName, "packageName is null"); @@ -10234,13 +10158,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return mInjector.hasUserSetupCompleted(getUserData(userHandle)); } - private boolean hasPaired(int userHandle) { - if (!mHasFeature) { - return true; - } - return getUserData(userHandle).mPaired; - } - @Override public int getUserProvisioningState(int userHandle) { if (!mHasFeature) { @@ -11035,16 +10952,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return enforcingAdmin; } - private void enforceCanCallLockTaskLocked(CallerIdentity caller) { - Preconditions.checkCallAuthorization(isProfileOwner(caller) - || isDefaultDeviceOwner(caller) || isFinancedDeviceOwner(caller)); - - final int userId = caller.getUserId(); - if (!canDPCManagedUserUseLockTaskLocked(userId)) { - throw new SecurityException("User " + userId + " is not allowed to use lock task"); - } - } - private boolean isSystemUid(CallerIdentity caller) { return UserHandle.isSameApp(caller.getUid(), Process.SYSTEM_UID); } @@ -14576,15 +14483,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - private void setLockTaskPackagesLocked(int userHandle, List<String> packages) { - DevicePolicyData policy = getUserData(userHandle); - policy.mLockTaskPackages = packages; - - // Store the settings persistently. - saveSettingsLocked(userHandle); - updateLockTaskPackagesLocked(mContext, packages, userHandle); - } - @Override public String[] getLockTaskPackages(ComponentName who, String callerPackageName) { CallerIdentity caller = getCallerIdentity(who, callerPackageName); @@ -14634,7 +14532,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { "Cannot use LOCK_TASK_FEATURE_NOTIFICATIONS without LOCK_TASK_FEATURE_HOME"); CallerIdentity caller = getCallerIdentity(who, callerPackageName); - final int userHandle = caller.getUserId(); synchronized (getLockObject()) { checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_LOCK_TASK_FEATURES); } @@ -14670,13 +14567,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - private void setLockTaskFeaturesLocked(int userHandle, int flags) { - DevicePolicyData policy = getUserData(userHandle); - policy.mLockTaskFeatures = flags; - saveSettingsLocked(userHandle); - updateLockTaskFeaturesLocked(flags, userHandle); - } - @Override public int getLockTaskFeatures(ComponentName who, String callerPackageName) { CallerIdentity caller = getCallerIdentity(who, callerPackageName); @@ -16152,29 +16042,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - - /** - * Excludes restrictions imposed by UserManager. - */ - private List<UserManager.EnforcingUser> getDevicePolicySources( - List<UserManager.EnforcingUser> sources) { - int sizeBefore = sources.size(); - List<UserManager.EnforcingUser> realSources = new ArrayList<>(sizeBefore); - for (int i = 0; i < sizeBefore; i++) { - UserManager.EnforcingUser source = sources.get(i); - int type = source.getUserRestrictionSource(); - if (type != UserManager.RESTRICTION_SOURCE_PROFILE_OWNER - && type != UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) { - // TODO(b/128928355): add unit test - Slogf.d(LOG_TAG, "excluding source of type %s at index %d", - userRestrictionSourceToString(type), i); - continue; - } - realSources.add(source); - } - return realSources; - } - private static String userRestrictionSourceToString(@UserRestrictionSource int source) { return DebugUtils.flagsToString(UserManager.class, "RESTRICTION_", source); } @@ -20843,17 +20710,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - private void suspendPersonalAppsInPackageManager(int userId) { - mInjector.binderWithCleanCallingIdentity(() -> { - final String[] appsToSuspend = mInjector.getPersonalAppsForSuspension(userId); - final String[] failedApps = mInjector.getPackageManagerInternal() - .setPackagesSuspendedByAdmin(userId, appsToSuspend, true); - if (!ArrayUtils.isEmpty(failedApps)) { - Slogf.wtf(LOG_TAG, "Failed to suspend apps: " + String.join(",", failedApps)); - } - }); - } - private void notifyIfManagedSubscriptionsAreUnavailable( UserHandle managedProfile, boolean managedProfileAvailable) { if (!isManagedProfile(managedProfile.getIdentifier())) { @@ -23296,14 +23152,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return getEnforcingAdminForCaller(admin, callerPackageName); } - private static final HashMap<String, String> POLICY_IDENTIFIER_TO_PERMISSION = new HashMap<>(); - { - POLICY_IDENTIFIER_TO_PERMISSION.put(AUTO_TIMEZONE_POLICY, SET_TIME_ZONE); - } - - private static final HashMap<String, Integer> POLICY_IDENTIFIER_TO_ACTIVE_ADMIN_POLICY = - new HashMap<>(); - /** * Checks if the calling process has been granted permission to apply a device policy. * @@ -23322,7 +23170,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - /** * Checks if the calling process has been granted permission to apply a device policy on a * specific user. Only one permission provided in the list needs to be granted to pass this @@ -24422,52 +24269,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - // We need to add a mapping of policyId to permission in POLICY_IDENTIFIER_TO_PERMISSION - // for each migrated permission. - private List<ActiveAdmin> getNonDPCActiveAdminsForPolicyLocked(String policyIdentifier) { - Integer activeAdminPolicy = POLICY_IDENTIFIER_TO_ACTIVE_ADMIN_POLICY.get(policyIdentifier); - if (activeAdminPolicy == null) { - Slogf.e(LOG_TAG, - "Can't find a active admin policy for %s in POLICY_IDENTIFIER_TO_PERMISSION", - policyIdentifier); - return new ArrayList<>(); - } - - List<ActiveAdmin> admins = new ArrayList<>(); - for (UserInfo userInfo : mUserManager.getUsers()) { - List<ComponentName> activeAdmins = getActiveAdmins(userInfo.id); - for (ComponentName admin : activeAdmins) { - if (isDeviceOwner(admin, userInfo.id) || isProfileOwner(admin, userInfo.id)) { - continue; - } - DevicePolicyData policy = getUserDataUnchecked(userInfo.id); - if (isActiveAdminWithPolicyForUserLocked( - policy.mAdminMap.get(admin), activeAdminPolicy, - userInfo.id)) { - admins.add(policy.mAdminMap.get(admin)); - } - } - } - return admins; - } - - // TODO: this can actually accept an EnforcingAdmin that gets created in the permission - // check method. - private boolean isCallerActiveAdminOrDelegate( - CallerIdentity caller, @Nullable String delegateScope) { - return mInjector.binderWithCleanCallingIdentity(() -> { - List<ComponentName> activeAdmins = getActiveAdmins(caller.getUserId()); - if (activeAdmins != null) { - for (ComponentName admin : activeAdmins) { - if (admin.getPackageName().equals(caller.getPackageName())) { - return true; - } - } - } - return delegateScope != null && isCallerDelegate(caller, delegateScope); - }); - } - private ActiveAdmin getActiveAdminForCaller(@Nullable ComponentName who, CallerIdentity caller) { synchronized (getLockObject()) { diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java index de3cfbf859ff..855c6582dfec 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java @@ -30,8 +30,6 @@ import android.content.Intent; import android.content.pm.IPackageManager; import android.content.pm.PackageManagerInternal; import android.database.ContentObserver; -import android.hardware.usb.UsbManager; -import android.media.IAudioService; import android.net.IIpConnectivityMetrics; import android.net.Uri; import android.os.Bundle; @@ -216,11 +214,6 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi } @Override - IAudioService getIAudioService() { - return services.iaudioService; - } - - @Override PersistentDataBlockManagerInternal getPersistentDataBlockManagerInternal() { return services.persistentDataBlockManagerInternal; } @@ -244,11 +237,6 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi } @Override - UsbManager getUsbManager() { - return services.usbManager; - } - - @Override boolean storageManagerIsFileBasedEncryptionEnabled() { return services.storageManager.isFileBasedEncryptionEnabled(); } @@ -380,21 +368,11 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi } @Override - void settingsSecurePutInt(String name, int value) { - services.settings.settingsSecurePutInt(name, value); - } - - @Override void settingsGlobalPutInt(String name, int value) { services.settings.settingsGlobalPutInt(name, value); } @Override - void settingsSecurePutString(String name, String value) { - services.settings.settingsSecurePutString(name, value); - } - - @Override void settingsGlobalPutString(String name, String value) { services.settings.settingsGlobalPutString(name, value); } |