From 93684104f3329e4e3036aa7e364491ba866240b7 Mon Sep 17 00:00:00 2001
From: Nino Jagar <njagar@google.com>
Date: Thu, 8 Feb 2024 22:11:57 +0000
Subject: Remove extra checks for content protection policy, add to lists

Bug: 321718961
Test: N/A
Change-Id: Ia9e25d900422cf0d85dd1de48458a24b691886fb
---
 .../devicepolicy/DevicePolicyManagerService.java   | 59 +++++-----------------
 1 file changed, 12 insertions(+), 47 deletions(-)

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 05d1c49b3508..7efefeb42d82 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -22286,6 +22286,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             MANAGE_DEVICE_POLICY_CAMERA,
             MANAGE_DEVICE_POLICY_CERTIFICATES,
             MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE,
+            MANAGE_DEVICE_POLICY_CONTENT_PROTECTION,
             MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES,
             MANAGE_DEVICE_POLICY_DEFAULT_SMS,
             MANAGE_DEVICE_POLICY_DISPLAY,
@@ -22369,6 +22370,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                     MANAGE_DEVICE_POLICY_CALLS,
                     MANAGE_DEVICE_POLICY_CAMERA,
                     MANAGE_DEVICE_POLICY_CERTIFICATES,
+                    MANAGE_DEVICE_POLICY_CONTENT_PROTECTION,
                     MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES,
                     MANAGE_DEVICE_POLICY_DISPLAY,
                     MANAGE_DEVICE_POLICY_FACTORY_RESET,
@@ -23184,38 +23186,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
     }
 
-    private EnforcingAdmin enforceCanCallContentProtectionLocked(
-            ComponentName who, String callerPackageName) {
-        CallerIdentity caller = getCallerIdentity(who, callerPackageName);
-        final int userId = caller.getUserId();
-
-        EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin(
-                who,
-                MANAGE_DEVICE_POLICY_CONTENT_PROTECTION,
-                caller.getPackageName(),
-                userId
-        );
-        if ((isDeviceOwner(caller) || isProfileOwner(caller))
-                && !canDPCManagedUserUseLockTaskLocked(userId)) {
-            throw new SecurityException(
-                    "User " + userId + " is not allowed to use content protection");
-        }
-        return enforcingAdmin;
-    }
-
-    private void enforceCanQueryContentProtectionLocked(
-            ComponentName who, String callerPackageName) {
-        CallerIdentity caller = getCallerIdentity(who, callerPackageName);
-        final int userId = caller.getUserId();
-
-        enforceCanQuery(MANAGE_DEVICE_POLICY_CONTENT_PROTECTION, caller.getPackageName(), userId);
-        if ((isDeviceOwner(caller) || isProfileOwner(caller))
-                && !canDPCManagedUserUseLockTaskLocked(userId)) {
-            throw new SecurityException(
-                    "User " + userId + " is not allowed to use content protection");
-        }
-    }
-
     @Override
     public void setContentProtectionPolicy(
             ComponentName who, String callerPackageName, @ContentProtectionPolicy int policy)
@@ -23225,24 +23195,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
 
         CallerIdentity caller = getCallerIdentity(who, callerPackageName);
+        int userId = caller.getUserId();
         checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_CONTENT_PROTECTION_POLICY);
-
-        EnforcingAdmin enforcingAdmin;
-        synchronized (getLockObject()) {
-            enforcingAdmin = enforceCanCallContentProtectionLocked(who, caller.getPackageName());
-        }
+        EnforcingAdmin enforcingAdmin =
+                enforcePermissionAndGetEnforcingAdmin(
+                        who, MANAGE_DEVICE_POLICY_CONTENT_PROTECTION, callerPackageName, userId);
 
         if (policy == CONTENT_PROTECTION_DISABLED) {
             mDevicePolicyEngine.removeLocalPolicy(
-                    PolicyDefinition.CONTENT_PROTECTION,
-                    enforcingAdmin,
-                    caller.getUserId());
+                    PolicyDefinition.CONTENT_PROTECTION, enforcingAdmin, userId);
         } else {
             mDevicePolicyEngine.setLocalPolicy(
                     PolicyDefinition.CONTENT_PROTECTION,
                     enforcingAdmin,
                     new IntegerPolicyValue(policy),
-                    caller.getUserId());
+                    userId);
         }
     }
 
@@ -23254,13 +23221,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
 
         CallerIdentity caller = getCallerIdentity(who, callerPackageName);
-        final int userHandle = caller.getUserId();
+        int userId = caller.getUserId();
+        enforceCanQuery(MANAGE_DEVICE_POLICY_CONTENT_PROTECTION, callerPackageName, userId);
 
-        synchronized (getLockObject()) {
-            enforceCanQueryContentProtectionLocked(who, caller.getPackageName());
-        }
-        Integer policy = mDevicePolicyEngine.getResolvedPolicy(
-                PolicyDefinition.CONTENT_PROTECTION, userHandle);
+        Integer policy =
+                mDevicePolicyEngine.getResolvedPolicy(PolicyDefinition.CONTENT_PROTECTION, userId);
         if (policy == null) {
             return CONTENT_PROTECTION_DISABLED;
         } else {
-- 
cgit v1.2.3-59-g8ed1b