diff options
| -rw-r--r-- | api/current.txt | 2 | ||||
| -rw-r--r-- | api/removed.txt | 9 | ||||
| -rw-r--r-- | api/system-current.txt | 6 | ||||
| -rw-r--r-- | core/java/android/app/admin/DeviceAdminReceiver.java | 36 | ||||
| -rw-r--r-- | core/java/android/app/admin/DevicePolicyManager.java | 248 | ||||
| -rw-r--r-- | core/java/android/app/admin/IDevicePolicyManager.aidl | 7 | ||||
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 219 | ||||
| -rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/Owners.java | 49 | ||||
| -rw-r--r-- | services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java | 17 |
9 files changed, 33 insertions, 560 deletions
diff --git a/api/current.txt b/api/current.txt index 77c64d7e570f..5f8a362e0475 100644 --- a/api/current.txt +++ b/api/current.txt @@ -5629,7 +5629,7 @@ package android.app.admin { method public void onPasswordFailed(android.content.Context, android.content.Intent); method public void onPasswordSucceeded(android.content.Context, android.content.Intent); method public void onProfileProvisioningComplete(android.content.Context, android.content.Intent); - method public void onReadyForUserInitialization(android.content.Context, android.content.Intent); + method public deprecated void onReadyForUserInitialization(android.content.Context, android.content.Intent); method public void onReceive(android.content.Context, android.content.Intent); method public void onSystemUpdatePending(android.content.Context, android.content.Intent, long); field public static final java.lang.String ACTION_DEVICE_ADMIN_DISABLED = "android.app.action.DEVICE_ADMIN_DISABLED"; diff --git a/api/removed.txt b/api/removed.txt index 642d2a8ac19c..f12e61eea332 100644 --- a/api/removed.txt +++ b/api/removed.txt @@ -6,6 +6,15 @@ package android.app { } +package android.app.admin { + + public class DevicePolicyManager { + method public deprecated java.lang.String getDeviceInitializerApp(); + method public deprecated android.content.ComponentName getDeviceInitializerComponent(); + } + +} + package android.content.pm { public class PackageInfo implements android.os.Parcelable { diff --git a/api/system-current.txt b/api/system-current.txt index cff0055cba2f..9ac323ccac35 100644 --- a/api/system-current.txt +++ b/api/system-current.txt @@ -5750,7 +5750,7 @@ package android.app.admin { method public void onPasswordFailed(android.content.Context, android.content.Intent); method public void onPasswordSucceeded(android.content.Context, android.content.Intent); method public void onProfileProvisioningComplete(android.content.Context, android.content.Intent); - method public void onReadyForUserInitialization(android.content.Context, android.content.Intent); + method public deprecated void onReadyForUserInitialization(android.content.Context, android.content.Intent); method public void onReceive(android.content.Context, android.content.Intent); method public void onSystemUpdatePending(android.content.Context, android.content.Intent, long); field public static final java.lang.String ACTION_DEVICE_ADMIN_DISABLED = "android.app.action.DEVICE_ADMIN_DISABLED"; @@ -5792,8 +5792,8 @@ package android.app.admin { method public boolean getCrossProfileCallerIdDisabled(android.content.ComponentName); method public java.util.List<java.lang.String> getCrossProfileWidgetProviders(android.content.ComponentName); method public int getCurrentFailedPasswordAttempts(); - method public java.lang.String getDeviceInitializerApp(); - method public android.content.ComponentName getDeviceInitializerComponent(); + method public deprecated java.lang.String getDeviceInitializerApp(); + method public deprecated android.content.ComponentName getDeviceInitializerComponent(); method public java.lang.String getDeviceOwner(); method public java.util.List<byte[]> getInstalledCaCerts(android.content.ComponentName); method public int getKeyguardDisabledFeatures(android.content.ComponentName); diff --git a/core/java/android/app/admin/DeviceAdminReceiver.java b/core/java/android/app/admin/DeviceAdminReceiver.java index a1bb40c9298d..84b6d392b83e 100644 --- a/core/java/android/app/admin/DeviceAdminReceiver.java +++ b/core/java/android/app/admin/DeviceAdminReceiver.java @@ -227,24 +227,6 @@ public class DeviceAdminReceiver extends BroadcastReceiver { public static final String ACTION_PROFILE_PROVISIONING_COMPLETE = "android.app.action.PROFILE_PROVISIONING_COMPLETE"; - /** - * @hide - * Broadcast Action: This broadcast is sent to indicate that the system is ready for the device - * initializer to perform user setup tasks. This is only applicable to devices managed by a - * device owner app. - * - * <p>The broadcast will be limited to the {@link DeviceAdminReceiver} component specified in - * the device initializer field of the original intent or NFC bump that started the provisioning - * process. You will generally handle this in - * {@link DeviceAdminReceiver#onReadyForUserInitialization}. - * - * <p>Input: Nothing.</p> - * <p>Output: Nothing</p> - */ - @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION) - public static final String ACTION_READY_FOR_USER_INITIALIZATION = - "android.app.action.READY_FOR_USER_INITIALIZATION"; - /** @hide */ public static final String ACTION_CHOOSE_PRIVATE_KEY_ALIAS = "android.app.action.CHOOSE_PRIVATE_KEY_ALIAS"; @@ -435,23 +417,13 @@ public class DeviceAdminReceiver extends BroadcastReceiver { /** * Called during provisioning of a managed device to allow the device initializer to perform - * user setup steps. Only device initializers should override this method. - * - * <p> Called when the DeviceAdminReceiver receives an - * android.app.action.ACTION_READY_FOR_USER_INITIALIZATION broadcast. As a prerequisite for the - * execution of this callback the {@link DeviceAdminReceiver} has - * to declare an intent filter for android.app.action.ACTION_READY_FOR_USER_INITIALIZATION. Only - * the component specified in the device initializer component name field of the - * original intent or NFC bump that started the provisioning process will receive this callback. - * - * <p>It is not assumed that the device initializer is finished when it returns from - * this call, as it may do additional setup asynchronously. The device initializer must enable - * the current user when it has finished any additional setup (such as adding an account by - * using the {@link AccountManager}) in order for the user to be functional. + * user setup steps. * * @param context The running context as per {@link #onReceive}. * @param intent The received intent as per {@link #onReceive}. + * @deprecated Do not use */ + @Deprecated @SystemApi public void onReadyForUserInitialization(Context context, Intent intent) { } @@ -549,8 +521,6 @@ public class DeviceAdminReceiver extends BroadcastReceiver { onLockTaskModeEntering(context, intent, pkg); } else if (ACTION_LOCK_TASK_EXITING.equals(action)) { onLockTaskModeExiting(context, intent); - } else if (ACTION_READY_FOR_USER_INITIALIZATION.equals(action)) { - onReadyForUserInitialization(context, intent); } else if (ACTION_NOTIFY_PENDING_SYSTEM_UPDATE.equals(action)) { long receivedTime = intent.getLongExtra(EXTRA_SYSTEM_UPDATE_RECEIVED_TIME, -1); onSystemUpdatePending(context, intent, receivedTime); diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java index a118f167ae5c..50764f740bc6 100644 --- a/core/java/android/app/admin/DevicePolicyManager.java +++ b/core/java/android/app/admin/DevicePolicyManager.java @@ -497,96 +497,6 @@ public class DevicePolicyManager { "android.app.extra.PROVISIONING_SKIP_ENCRYPTION"; /** - * @hide - * On devices managed by a device owner app, a {@link ComponentName} extra indicating the - * component of the application that is temporarily granted device owner privileges during - * device initialization and profile owner privileges during secondary user initialization. - * - * <p> - * It can also be used in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC_V2} that starts - * device owner provisioning via an NFC bump. For the NFC record, it should be flattened to a - * string first. - * - * @see ComponentName#flattenToShortString() - */ - public static final String EXTRA_PROVISIONING_DEVICE_INITIALIZER_COMPONENT_NAME - = "android.app.extra.PROVISIONING_DEVICE_INITIALIZER_COMPONENT_NAME"; - - /** - * @hide - * A String extra holding an http url that specifies the download location of the device - * initializer package. When not provided it is assumed that the device initializer package is - * already installed. - * - * <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC_V2} that starts device owner - * provisioning via an NFC bump. - */ - public static final String EXTRA_PROVISIONING_DEVICE_INITIALIZER_PACKAGE_DOWNLOAD_LOCATION - = "android.app.extra.PROVISIONING_DEVICE_INITIALIZER_PACKAGE_DOWNLOAD_LOCATION"; - - /** - * @hide - * An int extra holding a minimum required version code for the device initializer package. - * If the initializer is already installed on the device, it will only be re-downloaded from - * {@link #EXTRA_PROVISIONING_DEVICE_INITIALIZER_PACKAGE_DOWNLOAD_LOCATION} if the version of - * the installed package is less than this version code. - * - * <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC_V2} that starts device owner - * provisioning via an NFC bump. - */ - public static final String EXTRA_PROVISIONING_DEVICE_INITIALIZER_MINIMUM_VERSION_CODE - = "android.app.extra.PROVISIONING_DEVICE_INITIALIZER_MINIMUM_VERSION_CODE"; - - /** - * @hide - * A String extra holding a http cookie header which should be used in the http request to the - * url specified in {@link #EXTRA_PROVISIONING_DEVICE_INITIALIZER_PACKAGE_DOWNLOAD_LOCATION}. - * - * <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC_V2} that starts device owner - * provisioning via an NFC bump. - */ - public static final String EXTRA_PROVISIONING_DEVICE_INITIALIZER_PACKAGE_DOWNLOAD_COOKIE_HEADER - = "android.app.extra.PROVISIONING_DEVICE_INITIALIZER_PACKAGE_DOWNLOAD_COOKIE_HEADER"; - - /** - * @hide - * A String extra holding the URL-safe base64 encoded SHA-256 checksum of the file at download - * location specified in - * {@link #EXTRA_PROVISIONING_DEVICE_INITIALIZER_PACKAGE_DOWNLOAD_LOCATION}. - * - * <p>Either this extra or {@link #EXTRA_PROVISIONING_DEVICE_INITIALIZER_SIGNATURE_CHECKSUM} - * should be present. The provided checksum should match the checksum of the file at the - * download location. If the checksum doesn't match an error will be shown to the user and the - * user will be asked to factory reset the device. - * - * <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC_V2} that starts device owner - * provisioning via an NFC bump. - */ - public static final String EXTRA_PROVISIONING_DEVICE_INITIALIZER_PACKAGE_CHECKSUM - = "android.app.extra.PROVISIONING_DEVICE_INITIALIZER_PACKAGE_CHECKSUM"; - - /** - * @hide - * A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the - * android package archive at the download location specified in {@link - * #EXTRA_PROVISIONING_DEVICE_INITIALIZER_PACKAGE_DOWNLOAD_LOCATION}. - * - * <p>The signatures of an android package archive can be obtained using - * {@link android.content.pm.PackageManager#getPackageArchiveInfo} with flag - * {@link android.content.pm.PackageManager#GET_SIGNATURES}. - * - * <p>Either this extra or {@link #EXTRA_PROVISIONING_DEVICE_INITIALIZER_PACKAGE_CHECKSUM} - * should be present. The provided checksum should match the checksum of any signature of the - * file at the download location. If the checksum doesn't match an error will be shown to the - * user and the user will be asked to factory reset the device. - * - * <p>Use in an NFC record with {@link #MIME_TYPE_PROVISIONING_NFC_V2} that starts device owner - * provisioning via an NFC bump. - */ - public static final String EXTRA_PROVISIONING_DEVICE_INITIALIZER_SIGNATURE_CHECKSUM - = "android.app.extra.PROVISIONING_DEVICE_INITIALIZER_SIGNATURE_CHECKSUM"; - - /** * This MIME type is used for starting the Device Owner provisioning. * * <p>During device owner provisioning a device admin app is set as the owner of the device. @@ -629,44 +539,6 @@ public class DevicePolicyManager { public static final String MIME_TYPE_PROVISIONING_NFC = "application/com.android.managedprovisioning"; - - /** - * @hide - * This MIME type is used for starting the Device Owner provisioning that requires - * new provisioning features introduced in API version - * {@link android.os.Build.VERSION_CODES#M} in addition to those supported in earlier - * versions. - * - * <p>During device owner provisioning a device admin app is set as the owner of the device. - * A device owner has full control over the device. The device owner can not be modified by the - * user. - * - * <p> A typical use case would be a device that is owned by a company, but used by either an - * employee or client. - * - * <p> The NFC message should be sent to an unprovisioned device. - * - * <p>The NFC record must contain a serialized {@link java.util.Properties} object which - * contains the following properties in addition to properties listed at - * {@link #MIME_TYPE_PROVISIONING_NFC}: - * <ul> - * <li>{@link #EXTRA_PROVISIONING_SKIP_ENCRYPTION}, optional</li> - * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME}. - * Replaces {@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME}. The value of the property - * should be converted to a String via - * {@link android.content.ComponentName#flattenToString()}</li> - * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_MINIMUM_VERSION_CODE}, optional</li></ul> - * - * <p> When device owner provisioning has completed, an intent of the type - * {@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcasted to the - * device owner. - * - * <p> - * If provisioning fails, the device is factory reset. - */ - public static final String MIME_TYPE_PROVISIONING_NFC_V2 - = "application/com.android.managedprovisioning.v2"; - /** * Activity action: ask the user to add a new device administrator to the system. * The desired policy is the ComponentName of the policy in the @@ -2830,134 +2702,26 @@ public class DevicePolicyManager { /** * @hide - * Sets the given component as the device initializer. The package must already be installed and - * set as an active device administrator, and there must not be an existing device initializer, - * for this call to succeed. This method can only be called by an app holding the - * MANAGE_DEVICE_ADMINS permission before the device is provisioned or by a device owner app. A - * device initializer app is granted device owner privileges during device initialization and - * profile owner privileges during secondary user initialization. - * @param admin Which {@link DeviceAdminReceiver} this request is associated with, or - * {@code null} if not called by the device owner. - * @param initializer Which {@link DeviceAdminReceiver} to make device initializer. - * @return whether the component was successfully registered as the device initializer. - * @throws IllegalArgumentException if the componentname is null or invalid - * @throws IllegalStateException if the caller is not device owner or the device has - * already been provisioned or a device initializer already exists. - */ - public boolean setDeviceInitializer(@Nullable ComponentName admin, - @NonNull ComponentName initializer) - throws IllegalArgumentException, IllegalStateException { - if (mService != null) { - try { - return mService.setDeviceInitializer(admin, initializer); - } catch (RemoteException re) { - Log.w(TAG, "Failed to set device initializer"); - } - } - return false; - } - - /** - * @hide - * Used to determine if a particular package has been registered as the device initializer. - * - * @param packageName the package name of the app, to compare with the registered device - * initializer app, if any. - * @return whether or not the caller is registered as the device initializer app. - */ - public boolean isDeviceInitializerApp(String packageName) { - if (mService != null) { - try { - return mService.isDeviceInitializer(packageName); - } catch (RemoteException re) { - Log.w(TAG, "Failed to check device initializer"); - } - } - return false; - } - - /** - * @hide - * Removes the device initializer, so that it will not be invoked on user initialization for any - * subsequently created users. This method can be called by either the device owner or device - * initializer itself. The caller must be an active administrator. - * - * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - */ - public void clearDeviceInitializerApp(@NonNull ComponentName admin) { - if (mService != null) { - try { - mService.clearDeviceInitializer(admin); - } catch (RemoteException re) { - Log.w(TAG, "Failed to clear device initializer"); - } - } - } - - /** - * @hide - * Gets the device initializer of the system. - * - * @return the package name of the device initializer. + * @deprecated Do not use + * @removed */ + @Deprecated @SystemApi public String getDeviceInitializerApp() { - if (mService != null) { - try { - return mService.getDeviceInitializer(); - } catch (RemoteException re) { - Log.w(TAG, "Failed to get device initializer"); - } - } return null; } /** * @hide - * Gets the device initializer component of the system. - * - * @return the component name of the device initializer. + * @deprecated Do not use + * @removed */ + @Deprecated @SystemApi public ComponentName getDeviceInitializerComponent() { - if (mService != null) { - try { - return mService.getDeviceInitializerComponent(); - } catch (RemoteException re) { - Log.w(TAG, "Failed to get device initializer"); - } - } return null; } - - /** - * @hide - * Sets the enabled state of the user. A user should be enabled only once it is ready to - * be used. - * - * <p>Device initializer must call this method to mark the user as functional. - * Only the device initializer agent can call this. - * - * <p>When the user is enabled, if the device initializer is not also the device owner, the - * device initializer will no longer have elevated permissions to call methods in this class. - * Additionally, it will be removed as an active administrator and its - * {@link DeviceAdminReceiver} will be disabled. - * - * @param admin Which {@link DeviceAdminReceiver} this request is associated with. - * @return whether the user is now enabled. - */ - public boolean setUserEnabled(@NonNull ComponentName admin) { - if (mService != null) { - try { - return mService.setUserEnabled(admin); - } catch (RemoteException e) { - Log.w(TAG, "Failed talking with device policy service", e); - } - } - return false; - } - /** * @hide * @deprecated Use #ACTION_SET_PROFILE_OWNER diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl index 55a21c61f53a..74fb11dbc60c 100644 --- a/core/java/android/app/admin/IDevicePolicyManager.aidl +++ b/core/java/android/app/admin/IDevicePolicyManager.aidl @@ -211,13 +211,6 @@ interface IDevicePolicyManager { boolean isRemovingAdmin(in ComponentName adminReceiver, int userHandle); - boolean setUserEnabled(in ComponentName who); - boolean isDeviceInitializer(String packageName); - void clearDeviceInitializer(in ComponentName who); - boolean setDeviceInitializer(in ComponentName who, in ComponentName initializer); - String getDeviceInitializer(); - ComponentName getDeviceInitializerComponent(); - void setUserIcon(in ComponentName admin, in Bitmap icon); void setSystemUpdatePolicy(in ComponentName who, in SystemUpdatePolicy policy); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 2dd7cdea7305..e85f01a9d8da 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -1381,17 +1381,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { boolean ownsProfile = (getProfileOwner(userId) != null && getProfileOwner(userId).getPackageName() .equals(admin.info.getPackageName())); - boolean ownsInitialization = isDeviceInitializer(admin.info.getPackageName()) - && !hasUserSetupCompleted(userId); if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { - if ((userId == UserHandle.USER_SYSTEM && (ownsDevice || ownsInitialization)) - || (ownsDevice && ownsProfile)) { + if ((userId == UserHandle.USER_SYSTEM && ownsDevice) || (ownsDevice && ownsProfile)) { return true; } } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { - if ((userId == UserHandle.USER_SYSTEM && ownsDevice) || ownsProfile - || ownsInitialization) { + if ((userId == UserHandle.USER_SYSTEM && ownsDevice) || ownsProfile) { return true; } } else { @@ -1798,7 +1794,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { validatePasswordOwnerLocked(policy); syncDeviceCapabilitiesLocked(policy); updateMaximumTimeToLockLocked(policy); - addDeviceInitializerToLockTaskPackagesLocked(userHandle); updateLockTaskPackagesLocked(policy.mLockTaskPackages, userHandle); if (policy.mStatusBarDisabled) { setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle); @@ -3076,7 +3071,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } - boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwnerOrInitializer(callingUid); + boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwner(callingUid); boolean doNotAskCredentialsOnBoot = (flags & DevicePolicyManager.RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0; if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) { @@ -3484,11 +3479,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { long ident = mInjector.binderClearCallingIdentity(); try { if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) { - boolean ownsInitialization = isDeviceInitializer(admin.info.getPackageName()) - && !hasUserSetupCompleted(userHandle); if (userHandle != UserHandle.USER_SYSTEM - || !(isDeviceOwner(admin.info.getPackageName()) - || ownsInitialization)) { + || !isDeviceOwner(admin.info.getPackageName())) { throw new SecurityException( "Only device owner admins can set WIPE_RESET_PROTECTION_DATA"); } @@ -4367,126 +4359,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override - public boolean setDeviceInitializer(ComponentName who, ComponentName initializer) { - if (!mHasFeature) { - return false; - } - if (initializer == null || - !mOwners.hasDeviceOwner() || - !isPackageInstalledForUser(initializer.getPackageName(), - mOwners.getDeviceOwnerUserId())) { - throw new IllegalArgumentException("Invalid component name " + initializer - + " for device initializer or no device owner set"); - } - boolean isInitializerSystemApp; - try { - isInitializerSystemApp = isSystemApp(mIPackageManager, - initializer.getPackageName(), - mInjector.binderGetCallingUserHandle().getIdentifier()); - } catch (RemoteException | IllegalArgumentException e) { - isInitializerSystemApp = false; - Slog.e(LOG_TAG, "Fail to check if device initialzer is system app.", e); - } - if (!isInitializerSystemApp) { - throw new IllegalArgumentException("Only system app can be set as device initializer."); - } - synchronized (this) { - enforceCanSetDeviceInitializer(who); - - if (mOwners.hasDeviceInitializer()) { - throw new IllegalStateException( - "Trying to set device initializer but device initializer is already set."); - } - - mOwners.setDeviceInitializer(initializer); - - addDeviceInitializerToLockTaskPackagesLocked(mOwners.getDeviceOwnerUserId()); - mOwners.writeDeviceOwner(); - return true; - } - } - - private void enforceCanSetDeviceInitializer(ComponentName who) { - if (who == null) { - mContext.enforceCallingOrSelfPermission( - android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); - if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { - throw new IllegalStateException( - "Trying to set device initializer but device is already provisioned."); - } - } else { - getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); - } - } - - @Override - public boolean isDeviceInitializer(String packageName) { - if (!mHasFeature) { - return false; - } - synchronized (this) { - return mOwners.hasDeviceInitializer() - && mOwners.getDeviceInitializerPackageName().equals(packageName); - } - } - - @Override - public String getDeviceInitializer() { - if (!mHasFeature) { - return null; - } - synchronized (this) { - if (mOwners.hasDeviceInitializer()) { - return mOwners.getDeviceInitializerPackageName(); - } - } - return null; - } - - @Override - public ComponentName getDeviceInitializerComponent() { - if (!mHasFeature) { - return null; - } - synchronized (this) { - if (mOwners.hasDeviceInitializer()) { - return mOwners.getDeviceInitializerComponent(); - } - } - return null; - } - - @Override - public void clearDeviceInitializer(ComponentName who) { - if (!mHasFeature) { - return; - } - Preconditions.checkNotNull(who, "ComponentName is null"); - - ActiveAdmin admin = getActiveAdminUncheckedLocked(who, UserHandle.getCallingUserId()); - - if (admin.getUid() != mInjector.binderGetCallingUid()) { - throw new SecurityException("Admin " + who + " is not owned by uid " - + mInjector.binderGetCallingUid()); - } - - if (!isDeviceInitializer(admin.info.getPackageName()) - && !isDeviceOwner(admin.info.getPackageName())) { - throw new SecurityException( - "clearDeviceInitializer can only be called by the device initializer/owner"); - } - synchronized (this) { - long ident = mInjector.binderClearCallingIdentity(); - try { - mOwners.clearDeviceInitializer(); - mOwners.writeDeviceOwner(); - } finally { - mInjector.binderRestoreCallingIdentity(ident); - } - } - } - - @Override public boolean setProfileOwner(ComponentName who, String ownerName, int userHandle) { if (!mHasFeature) { return false; @@ -4576,50 +4448,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override - public boolean setUserEnabled(ComponentName who) { - if (!mHasFeature) { - return false; - } - synchronized (this) { - if (who == null) { - throw new NullPointerException("ComponentName is null"); - } - int userId = UserHandle.getCallingUserId(); - - ActiveAdmin activeAdmin = - getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); - if (!isDeviceInitializer(activeAdmin.info.getPackageName())) { - throw new SecurityException( - "This method can only be called by device initializers"); - } - - long id = mInjector.binderClearCallingIdentity(); - try { - if (!isDeviceOwner(activeAdmin.info.getPackageName())) { - mIPackageManager.setComponentEnabledSetting(who, - PackageManager.COMPONENT_ENABLED_STATE_DISABLED, - PackageManager.DONT_KILL_APP, userId); - - removeActiveAdmin(who, userId); - } - - if (userId == UserHandle.USER_SYSTEM) { - Settings.Global.putInt(mContext.getContentResolver(), - Settings.Global.DEVICE_PROVISIONED, 1); - } - Settings.Secure.putIntForUser(mContext.getContentResolver(), - Settings.Secure.USER_SETUP_COMPLETE, 1, userId); - } catch (RemoteException e) { - Log.i(LOG_TAG, "Can't talk to package manager", e); - return false; - } finally { - mInjector.binderRestoreCallingIdentity(id); - } - return true; - } - } - - @Override public void setProfileEnabled(ComponentName who) { if (!mHasFeature) { return; @@ -6288,8 +6116,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (!policy.mUserSetupComplete) { policy.mUserSetupComplete = true; synchronized (this) { - // The DeviceInitializer was whitelisted but now should be removed. - removeDeviceInitializerFromLockTaskPackages(userHandle); saveSettingsLocked(userHandle); } } @@ -6297,35 +6123,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - private void addDeviceInitializerToLockTaskPackagesLocked(int userHandle) { - if (hasUserSetupCompleted(userHandle)) { - return; - } - - final String deviceInitializerPackage = getDeviceInitializer(); - if (deviceInitializerPackage == null) { - return; - } - - final List<String> packages = getLockTaskPackagesLocked(userHandle); - if (!packages.contains(deviceInitializerPackage)) { - packages.add(deviceInitializerPackage); - setLockTaskPackagesLocked(userHandle, packages); - } - } - - private void removeDeviceInitializerFromLockTaskPackages(int userHandle) { - final String deviceInitializerPackage = getDeviceInitializer(); - if (deviceInitializerPackage == null) { - return; - } - - List<String> packages = getLockTaskPackagesLocked(userHandle); - if (packages.remove(deviceInitializerPackage)) { - setLockTaskPackagesLocked(userHandle, packages); - } - } - private class SetupContentObserver extends ContentObserver { private final Uri mUserSetupComplete = Settings.Secure.getUriFor( @@ -6450,15 +6247,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } /** - * Checks if the caller of the method is the device owner app or device initialization app. + * Checks if the caller of the method is the device owner app. * * @param callerUid UID of the caller. - * @return true if the caller is the device owner app or device initializer. + * @return true if the caller is the device owner app */ - private boolean isCallerDeviceOwnerOrInitializer(int callerUid) { + private boolean isCallerDeviceOwner(int callerUid) { String[] pkgs = mContext.getPackageManager().getPackagesForUid(callerUid); for (String pkg : pkgs) { - if (isDeviceOwner(pkg) || isDeviceInitializer(pkg)) { + if (isDeviceOwner(pkg)) { return true; } } diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java index 370cf48b4655..76122e1faaa1 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java @@ -90,9 +90,6 @@ class Owners { private int mDeviceOwnerUserId = UserHandle.USER_NULL; - // Internal state for the device initializer package. - private OwnerInfo mDeviceInitializer; - // Internal state for the profile owner packages. private final ArrayMap<Integer, OwnerInfo> mProfileOwners = new ArrayMap<>(); @@ -167,26 +164,6 @@ class Owners { mDeviceOwnerUserId = UserHandle.USER_NULL; } - ComponentName getDeviceInitializerComponent() { - return mDeviceInitializer.admin; - } - - String getDeviceInitializerPackageName() { - return mDeviceInitializer != null ? mDeviceInitializer.packageName : null; - } - - void setDeviceInitializer(ComponentName admin) { - mDeviceInitializer = new OwnerInfo(null, admin); - } - - void clearDeviceInitializer() { - mDeviceInitializer = null; - } - - boolean hasDeviceInitializer() { - return mDeviceInitializer != null; - } - void setProfileOwner(ComponentName admin, String ownerName, int userId) { mProfileOwners.put(userId, new OwnerInfo(ownerName, admin)); } @@ -252,18 +229,7 @@ class Owners { mDeviceOwner = new OwnerInfo(name, packageName); mDeviceOwnerUserId = UserHandle.USER_SYSTEM; } else if (tag.equals(TAG_DEVICE_INITIALIZER)) { - String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); - String initializerComponentStr = - parser.getAttributeValue(null, ATTR_COMPONENT_NAME); - ComponentName admin = - ComponentName.unflattenFromString(initializerComponentStr); - if (admin != null) { - mDeviceInitializer = new OwnerInfo(null, admin); - } else { - mDeviceInitializer = new OwnerInfo(null, packageName); - Slog.e(TAG, "Error parsing device-owner file. Bad component name " + - initializerComponentStr); - } + // Deprecated tag } else if (tag.equals(TAG_PROFILE_OWNER)) { String profileOwnerPackageName = parser.getAttributeValue(null, ATTR_PACKAGE); String profileOwnerName = parser.getAttributeValue(null, ATTR_NAME); @@ -444,8 +410,7 @@ class Owners { @Override boolean shouldWrite() { - return (mDeviceOwner != null) || (mDeviceInitializer != null) - || (mSystemUpdatePolicy != null); + return (mDeviceOwner != null) || (mSystemUpdatePolicy != null); } @Override @@ -457,9 +422,6 @@ class Owners { out.endTag(null, TAG_DEVICE_OWNER_CONTEXT); } - if (mDeviceInitializer != null) { - mDeviceInitializer.writeToXml(out, TAG_DEVICE_INITIALIZER); - } if (mSystemUpdatePolicy != null) { out.startTag(null, TAG_SYSTEM_UPDATE_POLICY); mSystemUpdatePolicy.saveToXml(out); @@ -488,7 +450,7 @@ class Owners { break; } case TAG_DEVICE_INITIALIZER: - mDeviceInitializer = OwnerInfo.readFromXml(parser); + // Deprecated tag break; case TAG_SYSTEM_UPDATE_POLICY: mSystemUpdatePolicy = SystemUpdatePolicy.restoreFromXml(parser); @@ -607,11 +569,6 @@ class Owners { pw.println(prefix + " User ID: " + mDeviceOwnerUserId); pw.println(); } - if (mDeviceInitializer != null) { - pw.println(prefix + "Device Initializer: "); - mDeviceInitializer.dump(prefix + " ", pw); - pw.println(); - } if (mSystemUpdatePolicy != null) { pw.println(prefix + "System Update Policy: " + mSystemUpdatePolicy); pw.println(); diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java index a07d61520fa4..3d4ce28725b1 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java @@ -104,7 +104,6 @@ public class OwnersTest extends DpmTestBase { assertFalse(owners.hasDeviceOwner()); assertEquals(UserHandle.USER_NULL, owners.getDeviceOwnerUserId()); - assertFalse(owners.hasDeviceInitializer()); assertNull(owners.getSystemUpdatePolicy()); assertEquals(0, owners.getProfileOwnerKeys().size()); } @@ -116,7 +115,6 @@ public class OwnersTest extends DpmTestBase { assertFalse(owners.hasDeviceOwner()); assertEquals(UserHandle.USER_NULL, owners.getDeviceOwnerUserId()); - assertFalse(owners.hasDeviceInitializer()); assertNull(owners.getSystemUpdatePolicy()); assertEquals(0, owners.getProfileOwnerKeys().size()); } @@ -149,7 +147,6 @@ public class OwnersTest extends DpmTestBase { assertEquals("com.google.android.testdpc", owners.getDeviceOwnerPackageName()); assertEquals(UserHandle.USER_SYSTEM, owners.getDeviceOwnerUserId()); - assertFalse(owners.hasDeviceInitializer()); assertNull(owners.getSystemUpdatePolicy()); assertEquals(0, owners.getProfileOwnerKeys().size()); } @@ -164,7 +161,6 @@ public class OwnersTest extends DpmTestBase { assertEquals("com.google.android.testdpc", owners.getDeviceOwnerPackageName()); assertEquals(UserHandle.USER_SYSTEM, owners.getDeviceOwnerUserId()); - assertFalse(owners.hasDeviceInitializer()); assertNull(owners.getSystemUpdatePolicy()); assertEquals(0, owners.getProfileOwnerKeys().size()); } @@ -194,7 +190,6 @@ public class OwnersTest extends DpmTestBase { assertFalse(owners.hasDeviceOwner()); assertEquals(UserHandle.USER_NULL, owners.getDeviceOwnerUserId()); - assertFalse(owners.hasDeviceInitializer()); assertNull(owners.getSystemUpdatePolicy()); assertEquals(2, owners.getProfileOwnerKeys().size()); @@ -217,7 +212,6 @@ public class OwnersTest extends DpmTestBase { assertFalse(owners.hasDeviceOwner()); assertEquals(UserHandle.USER_NULL, owners.getDeviceOwnerUserId()); - assertFalse(owners.hasDeviceInitializer()); assertNull(owners.getSystemUpdatePolicy()); assertEquals(2, owners.getProfileOwnerKeys().size()); @@ -261,8 +255,6 @@ public class OwnersTest extends DpmTestBase { assertEquals("com.google.android.testdpc", owners.getDeviceOwnerPackageName()); assertEquals(UserHandle.USER_SYSTEM, owners.getDeviceOwnerUserId()); - assertTrue(owners.hasDeviceInitializer()); - assertEquals("com.google.android.testdpcx", owners.getDeviceInitializerPackageName()); assertNotNull(owners.getSystemUpdatePolicy()); assertEquals(5, owners.getSystemUpdatePolicy().getPolicyType()); @@ -289,8 +281,6 @@ public class OwnersTest extends DpmTestBase { assertEquals("com.google.android.testdpc", owners.getDeviceOwnerPackageName()); assertEquals(UserHandle.USER_SYSTEM, owners.getDeviceOwnerUserId()); - assertTrue(owners.hasDeviceInitializer()); - assertEquals("com.google.android.testdpcx", owners.getDeviceInitializerPackageName()); assertNotNull(owners.getSystemUpdatePolicy()); assertEquals(5, owners.getSystemUpdatePolicy().getPolicyType()); @@ -332,8 +322,6 @@ public class OwnersTest extends DpmTestBase { assertFalse(owners.hasDeviceOwner()); assertEquals(UserHandle.USER_NULL, owners.getDeviceOwnerUserId()); - assertTrue(owners.hasDeviceInitializer()); - assertEquals("com.google.android.testdpcx", owners.getDeviceInitializerPackageName()); assertNull(owners.getSystemUpdatePolicy()); assertEquals(0, owners.getProfileOwnerKeys().size()); @@ -347,8 +335,6 @@ public class OwnersTest extends DpmTestBase { assertFalse(owners.hasDeviceOwner()); assertEquals(UserHandle.USER_NULL, owners.getDeviceOwnerUserId()); - assertTrue(owners.hasDeviceInitializer()); - assertEquals("com.google.android.testdpcx", owners.getDeviceInitializerPackageName()); assertNull(owners.getSystemUpdatePolicy()); assertEquals(0, owners.getProfileOwnerKeys().size()); @@ -378,7 +364,6 @@ public class OwnersTest extends DpmTestBase { assertFalse(owners.hasDeviceOwner()); assertEquals(UserHandle.USER_NULL, owners.getDeviceOwnerUserId()); - assertFalse(owners.hasDeviceInitializer()); assertEquals(0, owners.getProfileOwnerKeys().size()); assertNotNull(owners.getSystemUpdatePolicy()); @@ -392,7 +377,6 @@ public class OwnersTest extends DpmTestBase { assertFalse(owners.hasDeviceOwner()); assertEquals(UserHandle.USER_NULL, owners.getDeviceOwnerUserId()); - assertFalse(owners.hasDeviceInitializer()); assertEquals(0, owners.getProfileOwnerKeys().size()); assertNotNull(owners.getSystemUpdatePolicy()); @@ -418,7 +402,6 @@ public class OwnersTest extends DpmTestBase { assertTrue(owners.getProfileOwnerFileWithTestOverride(11).exists()); // Then clear all information and save. - owners.clearDeviceInitializer(); owners.clearDeviceOwner(); owners.clearSystemUpdatePolicy(); owners.removeProfileOwner(10); |