From 1ffd8afcd33f64d5dfc83133cbe29e6acb3b01fd Mon Sep 17 00:00:00 2001 From: Pavel Grafov Date: Tue, 27 Aug 2024 18:03:59 +0100 Subject: Clean up fully rolled out PermissionMigrationForZeroTrustImplEnabled Flag was rolled out in Android V. Bug: 335663055 Test: TH Flag: EXEMPT flag cleanup Change-Id: I97f94c48f3ae0020b181963d190e71ec359307e4 --- core/java/android/app/admin/flags/flags.aconfig | 7 ----- .../devicepolicy/DevicePolicyManagerService.java | 36 ++++++---------------- 2 files changed, 10 insertions(+), 33 deletions(-) diff --git a/core/java/android/app/admin/flags/flags.aconfig b/core/java/android/app/admin/flags/flags.aconfig index 08649bfd480f..fd7569527493 100644 --- a/core/java/android/app/admin/flags/flags.aconfig +++ b/core/java/android/app/admin/flags/flags.aconfig @@ -67,13 +67,6 @@ flag { bug: "289520697" } -flag { - name: "permission_migration_for_zero_trust_impl_enabled" - namespace: "enterprise" - description: "(Implementation) Migrate existing APIs to permission based, and enable DMRH to call them to collect Zero Trust signals." - bug: "289520697" -} - flag { name: "device_theft_api_enabled" is_exported: true diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index a20e1c0bf6fc..bf67ce3b713e 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -16765,13 +16765,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); } - if (Flags.permissionMigrationForZeroTrustImplEnabled()) { - final UserHandle user = UserHandle.of(userId); - final String roleHolderPackage = getRoleHolderPackageNameOnUser( - RoleManager.ROLE_DEVICE_POLICY_MANAGEMENT, userId); - if (roleHolderPackage != null) { - broadcastExplicitIntentToPackage(intent, roleHolderPackage, user); - } + final UserHandle user = UserHandle.of(userId); + final String roleHolderPackage = getRoleHolderPackageNameOnUser( + RoleManager.ROLE_DEVICE_POLICY_MANAGEMENT, userId); + if (roleHolderPackage != null) { + broadcastExplicitIntentToPackage(intent, roleHolderPackage, user); } } }); @@ -16779,18 +16777,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { @Override public SystemUpdateInfo getPendingSystemUpdate(ComponentName admin, String callerPackage) { - if (Flags.permissionMigrationForZeroTrustImplEnabled()) { - CallerIdentity caller = getCallerIdentity(admin, callerPackage); - enforcePermissions(new String[] {NOTIFY_PENDING_SYSTEM_UPDATE, - MANAGE_DEVICE_POLICY_QUERY_SYSTEM_UPDATES}, caller.getPackageName(), - caller.getUserId()); - } else { - Objects.requireNonNull(admin, "ComponentName is null"); - - final CallerIdentity caller = getCallerIdentity(admin); - Preconditions.checkCallAuthorization( - isDefaultDeviceOwner(caller) || isProfileOwner(caller)); - } + CallerIdentity caller = getCallerIdentity(admin, callerPackage); + enforcePermissions(new String[] {NOTIFY_PENDING_SYSTEM_UPDATE, + MANAGE_DEVICE_POLICY_QUERY_SYSTEM_UPDATES}, caller.getPackageName(), + caller.getUserId()); return mOwners.getSystemUpdateInfo(); } @@ -21372,13 +21362,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final CallerIdentity caller = getCallerIdentity(callerPackage); - if (Flags.permissionMigrationForZeroTrustImplEnabled()) { - enforcePermission(MANAGE_DEVICE_POLICY_CERTIFICATES, caller.getPackageName()); - } else { - Preconditions.checkCallAuthorization( - isDefaultDeviceOwner(caller) || isProfileOwner(caller) - || isCallerDelegate(caller, DELEGATION_CERT_INSTALL)); - } + enforcePermission(MANAGE_DEVICE_POLICY_CERTIFICATES, caller.getPackageName()); synchronized (getLockObject()) { final ActiveAdmin requiredAdmin = getDeviceOrProfileOwnerAdminLocked( caller.getUserId()); -- cgit v1.2.3-59-g8ed1b