From 38f9ab54ca597a82977a6ed5fa35b8302c838bec Mon Sep 17 00:00:00 2001
From: Jonathan Scott <scottjonathan@google.com>
Date: Wed, 29 Jan 2020 16:36:09 +0000
Subject: Add vendor_cross_profile_apps.xml and hidden API to read them.

Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest;
Change-Id: Ie84e7d28ddc9c1f46d33cb4a543b04615b3b26e7
---
 .../android/app/admin/DevicePolicyManager.java     | 30 +++++++++++++++++---
 .../android/app/admin/IDevicePolicyManager.aidl    |  1 +
 core/res/res/values/symbols.xml                    |  1 +
 core/res/res/values/vendor_cross_profile_apps.xml  | 24 ++++++++++++++++
 .../devicepolicy/DevicePolicyManagerService.java   | 11 ++++++--
 .../devicepolicy/DevicePolicyManagerTest.java      | 32 ++++++++++++++++++++--
 6 files changed, 91 insertions(+), 8 deletions(-)
 create mode 100644 core/res/res/values/vendor_cross_profile_apps.xml

diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index f71d78b40242..2a4148f02217 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -11584,12 +11584,14 @@ public class DevicePolicyManager {
      * #setCrossProfilePackages(ComponentName, Set)}.</li>
      * <li>The default package names set by the OEM that are allowed to request user consent for
      * cross-profile communication without being explicitly enabled by the admin, via
-     * {@link com.android.internal.R.array#cross_profile_apps}</li>
+     * {@link com.android.internal.R.array#cross_profile_apps} and
+     * {@link com.android.internal.R.array#vendor_cross_profile_apps}.</li>
      * </ul>
      *
      * @return the combined set of whitelisted package names set via
-     * {@link #setCrossProfilePackages(ComponentName, Set)} and
-     * {@link com.android.internal.R.array#cross_profile_apps}
+     * {@link #setCrossProfilePackages(ComponentName, Set)},
+     * {@link com.android.internal.R.array#cross_profile_apps},
+     * and {@link com.android.internal.R.array#vendor_cross_profile_apps}.
      *
      * @hide
      */
@@ -11599,7 +11601,7 @@ public class DevicePolicyManager {
             permission.INTERACT_ACROSS_PROFILES
     })
     public @NonNull Set<String> getAllCrossProfilePackages() {
-        throwIfParentInstance("getDefaultCrossProfilePackages");
+        throwIfParentInstance("getAllCrossProfilePackages");
         if (mService != null) {
             try {
                 return new ArraySet<>(mService.getAllCrossProfilePackages());
@@ -11610,6 +11612,26 @@ public class DevicePolicyManager {
         return Collections.emptySet();
     }
 
+    /**
+     * Returns the default package names set by the OEM that are allowed to request user consent for
+     * cross-profile communication without being explicitly enabled by the admin, via
+     * {@link com.android.internal.R.array#cross_profile_apps} and
+     * {@link com.android.internal.R.array#vendor_cross_profile_apps}.
+     *
+     * @hide
+     */
+    public @NonNull Set<String> getDefaultCrossProfilePackages() {
+        throwIfParentInstance("getDefaultCrossProfilePackages");
+        if (mService != null) {
+            try {
+                return new ArraySet<>(mService.getDefaultCrossProfilePackages());
+            } catch (RemoteException e) {
+                throw e.rethrowFromSystemServer();
+            }
+        }
+        return Collections.emptySet();
+    }
+
     /**
      * Returns whether the device is being used as a managed kiosk. These requirements are as
      * follows:
diff --git a/core/java/android/app/admin/IDevicePolicyManager.aidl b/core/java/android/app/admin/IDevicePolicyManager.aidl
index 7fd0ae4a1a00..d2672eb3e2b2 100644
--- a/core/java/android/app/admin/IDevicePolicyManager.aidl
+++ b/core/java/android/app/admin/IDevicePolicyManager.aidl
@@ -457,6 +457,7 @@ interface IDevicePolicyManager {
     List<String> getCrossProfilePackages(in ComponentName admin);
 
     List<String> getAllCrossProfilePackages();
+    List<String> getDefaultCrossProfilePackages();
 
     boolean isManagedKiosk();
     boolean isUnattendedManagedKiosk();
diff --git a/core/res/res/values/symbols.xml b/core/res/res/values/symbols.xml
index 21128e33b6e5..21d1d3cf9c89 100644
--- a/core/res/res/values/symbols.xml
+++ b/core/res/res/values/symbols.xml
@@ -1266,6 +1266,7 @@
   <java-symbol type="array" name="vendor_disallowed_apps_managed_profile" />
   <java-symbol type="array" name="vendor_disallowed_apps_managed_device" />
   <java-symbol type="array" name="cross_profile_apps" />
+  <java-symbol type="array" name="vendor_cross_profile_apps" />
 
   <java-symbol type="drawable" name="default_wallpaper" />
   <java-symbol type="drawable" name="default_lock_wallpaper" />
diff --git a/core/res/res/values/vendor_cross_profile_apps.xml b/core/res/res/values/vendor_cross_profile_apps.xml
new file mode 100644
index 000000000000..32839cd17e1d
--- /dev/null
+++ b/core/res/res/values/vendor_cross_profile_apps.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (C) 2020 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<resources>
+    <!--
+    A collection of apps that have been pre-approved for cross-profile communication.
+    These will not require admin consent, but will still require user consent during provisioning.
+    -->
+    <string-array translatable="false" name="vendor_cross_profile_apps">
+    </string-array>
+</resources>
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index ec3ef7807c3a..65cabadaa3d8 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -15077,9 +15077,16 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
         return packages;
     }
 
-    private List<String> getDefaultCrossProfilePackages() {
-        return Arrays.asList(mContext.getResources()
+    @Override
+    public List<String> getDefaultCrossProfilePackages() {
+        Set<String> crossProfilePackages = new HashSet<>();
+
+        Collections.addAll(crossProfilePackages, mContext.getResources()
                 .getStringArray(R.array.cross_profile_apps));
+        Collections.addAll(crossProfilePackages, mContext.getResources()
+                .getStringArray(R.array.vendor_cross_profile_apps));
+
+        return new ArrayList<>(crossProfilePackages);
     }
 
     private List<ActiveAdmin> getProfileOwnerAdminsForCurrentProfileGroup() {
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index f7a9e5456156..b193a34952f4 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -5817,6 +5817,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
         mContext.packageName = admin1.getPackageName();
 
         setCrossProfileAppsList();
+        setVendorCrossProfileAppsList();
 
         assertTrue(dpm.getAllCrossProfilePackages().isEmpty());
     }
@@ -5827,6 +5828,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
         mContext.packageName = admin1.getPackageName();
 
         setCrossProfileAppsList();
+        setVendorCrossProfileAppsList();
         initializeDpms();
 
         assertTrue(dpm.getAllCrossProfilePackages().isEmpty());
@@ -5839,9 +5841,11 @@ public class DevicePolicyManagerTest extends DpmTestBase {
 
         dpm.setCrossProfilePackages(admin1, packages);
         setCrossProfileAppsList("TEST_DEFAULT_PACKAGE", "TEST_COMMON_PACKAGE");
+        setVendorCrossProfileAppsList("TEST_VENDOR_DEFAULT_PACKAGE");
 
         assertEquals(Sets.newSet(
-                        "TEST_PACKAGE", "TEST_DEFAULT_PACKAGE", "TEST_COMMON_PACKAGE"),
+                        "TEST_PACKAGE", "TEST_DEFAULT_PACKAGE", "TEST_COMMON_PACKAGE",
+                        "TEST_VENDOR_DEFAULT_PACKAGE"),
                 dpm.getAllCrossProfilePackages());
 
     }
@@ -5854,13 +5858,31 @@ public class DevicePolicyManagerTest extends DpmTestBase {
 
         dpm.setCrossProfilePackages(admin1, packages);
         setCrossProfileAppsList("TEST_DEFAULT_PACKAGE", "TEST_COMMON_PACKAGE");
+        setVendorCrossProfileAppsList("TEST_VENDOR_DEFAULT_PACKAGE");
         initializeDpms();
 
         assertEquals(Sets.newSet(
-                "TEST_PACKAGE", "TEST_DEFAULT_PACKAGE", "TEST_COMMON_PACKAGE"),
+                "TEST_PACKAGE", "TEST_DEFAULT_PACKAGE", "TEST_COMMON_PACKAGE",
+                "TEST_VENDOR_DEFAULT_PACKAGE"),
                 dpm.getAllCrossProfilePackages());
     }
 
+    public void testGetDefaultCrossProfilePackages_noPackagesSet_returnsEmpty() {
+        setCrossProfileAppsList();
+        setVendorCrossProfileAppsList();
+
+        assertThat(dpm.getDefaultCrossProfilePackages()).isEmpty();
+    }
+
+    public void testGetDefaultCrossProfilePackages_packagesSet_returnsCombinedSet() {
+        setCrossProfileAppsList("TEST_DEFAULT_PACKAGE", "TEST_COMMON_PACKAGE");
+        setVendorCrossProfileAppsList("TEST_VENDOR_DEFAULT_PACKAGE");
+
+        assertThat(dpm.getDefaultCrossProfilePackages()).isEqualTo(Sets.newSet(
+                "TEST_DEFAULT_PACKAGE", "TEST_COMMON_PACKAGE", "TEST_VENDOR_DEFAULT_PACKAGE"
+        ));
+    }
+
     public void testSetCommonCriteriaMode_asDeviceOwner() throws Exception {
         setDeviceOwner();
 
@@ -5892,6 +5914,12 @@ public class DevicePolicyManagerTest extends DpmTestBase {
                 .thenReturn(packages);
     }
 
+    private void setVendorCrossProfileAppsList(String... packages) {
+        when(mContext.getResources()
+                .getStringArray(eq(R.array.vendor_cross_profile_apps)))
+                .thenReturn(packages);
+    }
+
     // admin1 is the outgoing DPC, adminAnotherPakcage is the incoming one.
     private void assertDeviceOwnershipRevertedWithFakeTransferMetadata() throws Exception {
         writeFakeTransferMetadataFile(UserHandle.USER_SYSTEM,
-- 
cgit v1.2.3-59-g8ed1b