DevicePolicyManagerService.java revision 3c26b8f92e1de8ce91d867c44423c8397d9c7dd2
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.devicepolicy; 18 19import static android.Manifest.permission.BIND_DEVICE_ADMIN; 20import static android.Manifest.permission.MANAGE_CA_CERTIFICATES; 21import static android.app.ActivityManager.LOCK_TASK_MODE_NONE; 22import static android.app.admin.DeviceAdminReceiver.EXTRA_TRANSFER_OWNERSHIP_ADMIN_EXTRAS_BUNDLE; 23import static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_USER; 24import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY; 25import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED; 26import static android.app.admin.DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE; 27import static android.app.admin.DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED; 28import static android.app.admin.DevicePolicyManager.CODE_HAS_DEVICE_OWNER; 29import static android.app.admin.DevicePolicyManager.CODE_HAS_PAIRED; 30import static android.app.admin.DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED; 31import static android.app.admin.DevicePolicyManager.CODE_NONSYSTEM_USER_EXISTS; 32import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER; 33import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT; 34import static android.app.admin.DevicePolicyManager.CODE_OK; 35import static android.app.admin.DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; 36import static android.app.admin.DevicePolicyManager.CODE_SYSTEM_USER; 37import static android.app.admin.DevicePolicyManager.CODE_USER_HAS_PROFILE_OWNER; 38import static android.app.admin.DevicePolicyManager.CODE_USER_NOT_RUNNING; 39import static android.app.admin.DevicePolicyManager.CODE_USER_SETUP_COMPLETED; 40import static android.app.admin.DevicePolicyManager.DELEGATION_APP_RESTRICTIONS; 41import static android.app.admin.DevicePolicyManager.DELEGATION_BLOCK_UNINSTALL; 42import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL; 43import static android.app.admin.DevicePolicyManager.DELEGATION_ENABLE_SYSTEM_APP; 44import static android.app.admin.DevicePolicyManager.DELEGATION_INSTALL_EXISTING_PACKAGE; 45import static android.app.admin.DevicePolicyManager.DELEGATION_KEEP_UNINSTALLED_PACKAGES; 46import static android.app.admin.DevicePolicyManager.DELEGATION_PACKAGE_ACCESS; 47import static android.app.admin.DevicePolicyManager.DELEGATION_PERMISSION_GRANT; 48import static android.app.admin.DevicePolicyManager.ID_TYPE_BASE_INFO; 49import static android.app.admin.DevicePolicyManager.ID_TYPE_IMEI; 50import static android.app.admin.DevicePolicyManager.ID_TYPE_MEID; 51import static android.app.admin.DevicePolicyManager.ID_TYPE_SERIAL; 52import static android.app.admin.DevicePolicyManager.LEAVE_ALL_SYSTEM_APPS_ENABLED; 53import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_HOME; 54import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_NOTIFICATIONS; 55import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_OVERVIEW; 56import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; 57import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; 58import static android.app.admin.DevicePolicyManager.PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER; 59import static android.app.admin.DevicePolicyManager.WIPE_EUICC; 60import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE; 61import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA; 62import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES; 63 64import static android.provider.Telephony.Carriers.DPC_URI; 65import static android.provider.Telephony.Carriers.ENFORCE_KEY; 66import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; 67 68import static com.android.internal.logging.nano.MetricsProto.MetricsEvent 69 .PROVISIONING_ENTRY_POINT_ADB; 70import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker 71 .STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW; 72 73import static com.android.server.devicepolicy.TransferOwnershipMetadataManager.ADMIN_TYPE_DEVICE_OWNER; 74import static com.android.server.devicepolicy.TransferOwnershipMetadataManager.ADMIN_TYPE_PROFILE_OWNER; 75 76import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT; 77import static org.xmlpull.v1.XmlPullParser.END_TAG; 78import static org.xmlpull.v1.XmlPullParser.TEXT; 79 80import android.Manifest.permission; 81import android.accessibilityservice.AccessibilityServiceInfo; 82import android.accounts.Account; 83import android.accounts.AccountManager; 84import android.annotation.NonNull; 85import android.annotation.Nullable; 86import android.annotation.UserIdInt; 87import android.app.Activity; 88import android.app.ActivityManager; 89import android.app.ActivityManagerInternal; 90import android.app.ActivityThread; 91import android.app.AlarmManager; 92import android.app.AppGlobals; 93import android.app.IActivityManager; 94import android.app.IApplicationThread; 95import android.app.IServiceConnection; 96import android.app.Notification; 97import android.app.NotificationManager; 98import android.app.PendingIntent; 99import android.app.StatusBarManager; 100import android.app.admin.DeviceAdminInfo; 101import android.app.admin.DeviceAdminReceiver; 102import android.app.admin.DevicePolicyCache; 103import android.app.admin.DevicePolicyManager; 104import android.app.admin.DevicePolicyManagerInternal; 105import android.app.admin.NetworkEvent; 106import android.app.admin.PasswordMetrics; 107import android.app.admin.SecurityLog; 108import android.app.admin.SecurityLog.SecurityEvent; 109import android.app.admin.SystemUpdateInfo; 110import android.app.admin.SystemUpdatePolicy; 111import android.app.backup.IBackupManager; 112import android.app.backup.ISelectBackupTransportCallback; 113import android.app.trust.TrustManager; 114import android.app.usage.UsageStatsManagerInternal; 115import android.content.BroadcastReceiver; 116import android.content.ComponentName; 117import android.content.ContentValues; 118import android.content.Context; 119import android.content.Intent; 120import android.content.IntentFilter; 121import android.content.pm.ActivityInfo; 122import android.content.pm.ApplicationInfo; 123import android.content.pm.IPackageDataObserver; 124import android.content.pm.IPackageManager; 125import android.content.pm.PackageInfo; 126import android.content.pm.PackageManager; 127import android.content.pm.PackageManager.NameNotFoundException; 128import android.content.pm.PackageManagerInternal; 129import android.content.pm.ParceledListSlice; 130import android.content.pm.PermissionInfo; 131import android.content.pm.ResolveInfo; 132import android.content.pm.ServiceInfo; 133import android.content.pm.StringParceledListSlice; 134import android.content.pm.UserInfo; 135import android.content.res.Resources; 136import android.database.ContentObserver; 137import android.database.Cursor; 138import android.graphics.Bitmap; 139import android.graphics.Color; 140import android.media.AudioManager; 141import android.media.IAudioService; 142import android.net.ConnectivityManager; 143import android.net.IIpConnectivityMetrics; 144import android.net.ProxyInfo; 145import android.net.Uri; 146import android.net.metrics.IpConnectivityLog; 147import android.net.wifi.WifiInfo; 148import android.net.wifi.WifiManager; 149import android.os.Binder; 150import android.os.Build; 151import android.os.Bundle; 152import android.os.Environment; 153import android.os.FileUtils; 154import android.os.Handler; 155import android.os.IBinder; 156import android.os.Looper; 157import android.os.ParcelFileDescriptor; 158import android.os.PersistableBundle; 159import android.os.PowerManager; 160import android.os.PowerManagerInternal; 161import android.os.Process; 162import android.os.RecoverySystem; 163import android.os.RemoteCallback; 164import android.os.RemoteException; 165import android.os.ServiceManager; 166import android.os.ServiceSpecificException; 167import android.os.SystemClock; 168import android.os.SystemProperties; 169import android.os.UserHandle; 170import android.os.UserManager; 171import android.os.UserManagerInternal; 172import android.os.UserManagerInternal.UserRestrictionsListener; 173import android.os.storage.StorageManager; 174import android.provider.ContactsContract.QuickContact; 175import android.provider.ContactsInternal; 176import android.provider.Settings; 177import android.provider.Settings.Global; 178import android.security.IKeyChainAliasCallback; 179import android.security.IKeyChainService; 180import android.security.KeyChain; 181import android.security.KeyChain.KeyChainConnection; 182import android.security.KeyStore; 183import android.security.keymaster.KeymasterCertificateChain; 184import android.security.keystore.AttestationUtils; 185import android.security.keystore.KeyGenParameterSpec; 186import android.security.keystore.ParcelableKeyGenParameterSpec; 187import android.service.persistentdata.PersistentDataBlockManager; 188import android.telephony.TelephonyManager; 189import android.telephony.data.ApnSetting; 190import android.text.TextUtils; 191import android.util.ArrayMap; 192import android.util.ArraySet; 193import android.util.AtomicFile; 194import android.util.Log; 195import android.util.Pair; 196import android.util.Slog; 197import android.util.SparseArray; 198import android.util.Xml; 199import android.view.IWindowManager; 200import android.view.accessibility.AccessibilityManager; 201import android.view.accessibility.IAccessibilityManager; 202import android.view.inputmethod.InputMethodInfo; 203import android.view.inputmethod.InputMethodManager; 204 205import com.android.internal.R; 206import com.android.internal.annotations.GuardedBy; 207import com.android.internal.annotations.VisibleForTesting; 208import com.android.internal.logging.MetricsLogger; 209import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; 210import com.android.internal.notification.SystemNotificationChannels; 211import com.android.internal.os.BackgroundThread; 212import com.android.internal.statusbar.IStatusBarService; 213import com.android.internal.telephony.SmsApplication; 214import com.android.internal.util.DumpUtils; 215import com.android.internal.util.FastXmlSerializer; 216import com.android.internal.util.FunctionalUtils.ThrowingRunnable; 217import com.android.internal.util.JournaledFile; 218import com.android.internal.util.Preconditions; 219import com.android.internal.util.XmlUtils; 220import com.android.internal.widget.LockPatternUtils; 221import com.android.server.LocalServices; 222import com.android.server.LockGuard; 223import com.android.internal.util.StatLogger; 224import com.android.server.SystemServerInitThreadPool; 225import com.android.server.SystemService; 226import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo; 227import com.android.server.net.NetworkPolicyManagerInternal; 228import com.android.server.pm.UserRestrictionsUtils; 229import com.android.server.storage.DeviceStorageMonitorInternal; 230 231import com.google.android.collect.Sets; 232 233import org.xmlpull.v1.XmlPullParser; 234import org.xmlpull.v1.XmlPullParserException; 235import org.xmlpull.v1.XmlSerializer; 236 237import java.io.File; 238import java.io.FileDescriptor; 239import java.io.FileInputStream; 240import java.io.FileNotFoundException; 241import java.io.FileOutputStream; 242import java.io.IOException; 243import java.io.PrintWriter; 244import java.lang.reflect.Constructor; 245import java.nio.charset.StandardCharsets; 246import java.text.DateFormat; 247import java.time.LocalDate; 248import java.util.ArrayList; 249import java.util.Arrays; 250import java.util.Collection; 251import java.util.Collections; 252import java.util.Date; 253import java.util.HashMap; 254import java.util.List; 255import java.util.Map; 256import java.util.Map.Entry; 257import java.util.Objects; 258import java.util.Set; 259import java.util.concurrent.CountDownLatch; 260import java.util.concurrent.TimeUnit; 261import java.util.concurrent.atomic.AtomicBoolean; 262import java.util.function.Function; 263 264/** 265 * Implementation of the device policy APIs. 266 */ 267public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 268 269 protected static final String LOG_TAG = "DevicePolicyManager"; 270 271 private static final boolean VERBOSE_LOG = false; // DO NOT SUBMIT WITH TRUE 272 273 private static final String DEVICE_POLICIES_XML = "device_policies.xml"; 274 275 private static final String TRANSFER_OWNERSHIP_PARAMETERS_XML = 276 "transfer-ownership-parameters.xml"; 277 278 private static final String TAG_ACCEPTED_CA_CERTIFICATES = "accepted-ca-certificate"; 279 280 private static final String TAG_LOCK_TASK_COMPONENTS = "lock-task-component"; 281 282 private static final String TAG_LOCK_TASK_FEATURES = "lock-task-features"; 283 284 private static final String TAG_STATUS_BAR = "statusbar"; 285 286 private static final String ATTR_DISABLED = "disabled"; 287 288 private static final String ATTR_NAME = "name"; 289 290 private static final String DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML = 291 "do-not-ask-credentials-on-boot"; 292 293 private static final String TAG_AFFILIATION_ID = "affiliation-id"; 294 295 private static final String TAG_LAST_SECURITY_LOG_RETRIEVAL = "last-security-log-retrieval"; 296 297 private static final String TAG_LAST_BUG_REPORT_REQUEST = "last-bug-report-request"; 298 299 private static final String TAG_LAST_NETWORK_LOG_RETRIEVAL = "last-network-log-retrieval"; 300 301 private static final String TAG_ADMIN_BROADCAST_PENDING = "admin-broadcast-pending"; 302 303 private static final String TAG_CURRENT_INPUT_METHOD_SET = "current-ime-set"; 304 305 private static final String TAG_OWNER_INSTALLED_CA_CERT = "owner-installed-ca-cert"; 306 307 private static final String ATTR_ID = "id"; 308 309 private static final String ATTR_VALUE = "value"; 310 311 private static final String ATTR_ALIAS = "alias"; 312 313 private static final String TAG_INITIALIZATION_BUNDLE = "initialization-bundle"; 314 315 private static final String TAG_PASSWORD_TOKEN_HANDLE = "password-token"; 316 317 private static final String TAG_PASSWORD_VALIDITY = "password-validity"; 318 319 private static final String TAG_TRANSFER_OWNERSHIP_BUNDLE = "transfer-ownership-bundle"; 320 321 private static final int REQUEST_EXPIRE_PASSWORD = 5571; 322 323 private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1); 324 325 private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms 326 327 private static final String ACTION_EXPIRED_PASSWORD_NOTIFICATION 328 = "com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION"; 329 330 private static final String ATTR_PERMISSION_PROVIDER = "permission-provider"; 331 private static final String ATTR_SETUP_COMPLETE = "setup-complete"; 332 private static final String ATTR_PROVISIONING_STATE = "provisioning-state"; 333 private static final String ATTR_PERMISSION_POLICY = "permission-policy"; 334 private static final String ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED = 335 "device-provisioning-config-applied"; 336 private static final String ATTR_DEVICE_PAIRED = "device-paired"; 337 private static final String ATTR_DELEGATED_CERT_INSTALLER = "delegated-cert-installer"; 338 private static final String ATTR_APPLICATION_RESTRICTIONS_MANAGER 339 = "application-restrictions-manager"; 340 341 // Comprehensive list of delegations. 342 private static final String DELEGATIONS[] = { 343 DELEGATION_CERT_INSTALL, 344 DELEGATION_APP_RESTRICTIONS, 345 DELEGATION_BLOCK_UNINSTALL, 346 DELEGATION_ENABLE_SYSTEM_APP, 347 DELEGATION_KEEP_UNINSTALLED_PACKAGES, 348 DELEGATION_PACKAGE_ACCESS, 349 DELEGATION_PERMISSION_GRANT, 350 DELEGATION_INSTALL_EXISTING_PACKAGE, 351 DELEGATION_KEEP_UNINSTALLED_PACKAGES 352 }; 353 354 /** 355 * System property whose value is either "true" or "false", indicating whether 356 * device owner is present. 357 */ 358 private static final String PROPERTY_DEVICE_OWNER_PRESENT = "ro.device_owner"; 359 360 private static final int STATUS_BAR_DISABLE_MASK = 361 StatusBarManager.DISABLE_EXPAND | 362 StatusBarManager.DISABLE_NOTIFICATION_ICONS | 363 StatusBarManager.DISABLE_NOTIFICATION_ALERTS | 364 StatusBarManager.DISABLE_SEARCH; 365 366 private static final int STATUS_BAR_DISABLE2_MASK = 367 StatusBarManager.DISABLE2_QUICK_SETTINGS; 368 369 private static final Set<String> SECURE_SETTINGS_WHITELIST; 370 private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST; 371 private static final Set<String> GLOBAL_SETTINGS_WHITELIST; 372 private static final Set<String> GLOBAL_SETTINGS_DEPRECATED; 373 private static final Set<String> SYSTEM_SETTINGS_WHITELIST; 374 static { 375 SECURE_SETTINGS_WHITELIST = new ArraySet<>(); 376 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD); 377 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS); 378 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.INSTALL_NON_MARKET_APPS); 379 380 SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new ArraySet<>(); 381 SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST); 382 SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE); 383 384 GLOBAL_SETTINGS_WHITELIST = new ArraySet<>(); 385 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED); 386 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME); 387 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME_ZONE); 388 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DATA_ROAMING); 389 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.USB_MASS_STORAGE_ENABLED); 390 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_SLEEP_POLICY); 391 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.STAY_ON_WHILE_PLUGGED_IN); 392 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN); 393 394 GLOBAL_SETTINGS_DEPRECATED = new ArraySet<>(); 395 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.BLUETOOTH_ON); 396 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.DEVELOPMENT_SETTINGS_ENABLED); 397 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.MODE_RINGER); 398 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.NETWORK_PREFERENCE); 399 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.WIFI_ON); 400 401 SYSTEM_SETTINGS_WHITELIST = new ArraySet<>(); 402 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS); 403 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS_MODE); 404 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_OFF_TIMEOUT); 405 } 406 407 /** 408 * Keyguard features that when set on a profile affect the profile content or challenge only. 409 * These cannot be set on the managed profile's parent DPM instance 410 */ 411 private static final int PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY = 412 DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS; 413 414 /** Keyguard features that are allowed to be set on a managed profile */ 415 private static final int PROFILE_KEYGUARD_FEATURES = 416 PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER | PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY; 417 418 private static final int DEVICE_ADMIN_DEACTIVATE_TIMEOUT = 10000; 419 420 /** 421 * Minimum timeout in milliseconds after which unlocking with weak auth times out, 422 * i.e. the user has to use a strong authentication method like password, PIN or pattern. 423 */ 424 private static final long MINIMUM_STRONG_AUTH_TIMEOUT_MS = TimeUnit.HOURS.toMillis(1); 425 426 /** 427 * Strings logged with {@link 428 * com.android.internal.logging.nano.MetricsProto.MetricsEvent#PROVISIONING_ENTRY_POINT_ADB}. 429 */ 430 private static final String LOG_TAG_PROFILE_OWNER = "profile-owner"; 431 private static final String LOG_TAG_DEVICE_OWNER = "device-owner"; 432 433 final Context mContext; 434 final Injector mInjector; 435 final IPackageManager mIPackageManager; 436 final UserManager mUserManager; 437 final UserManagerInternal mUserManagerInternal; 438 final UsageStatsManagerInternal mUsageStatsManagerInternal; 439 final TelephonyManager mTelephonyManager; 440 private final LockPatternUtils mLockPatternUtils; 441 private final DevicePolicyConstants mConstants; 442 private final DeviceAdminServiceController mDeviceAdminServiceController; 443 private final OverlayPackagesProvider mOverlayPackagesProvider; 444 445 private final DevicePolicyCacheImpl mPolicyCache = new DevicePolicyCacheImpl(); 446 447 /** 448 * Contains (package-user) pairs to remove. An entry (p, u) implies that removal of package p 449 * is requested for user u. 450 */ 451 private final Set<Pair<String, Integer>> mPackagesToRemove = 452 new ArraySet<Pair<String, Integer>>(); 453 454 final LocalService mLocalService; 455 456 // Stores and loads state on device and profile owners. 457 @VisibleForTesting 458 final Owners mOwners; 459 460 private final Binder mToken = new Binder(); 461 462 /** 463 * Whether or not device admin feature is supported. If it isn't return defaults for all 464 * public methods. 465 */ 466 final boolean mHasFeature; 467 468 /** 469 * Whether or not this device is a watch. 470 */ 471 final boolean mIsWatch; 472 473 private final CertificateMonitor mCertificateMonitor; 474 private final SecurityLogMonitor mSecurityLogMonitor; 475 476 @GuardedBy("getLockObject()") 477 private NetworkLogger mNetworkLogger; 478 479 private final AtomicBoolean mRemoteBugreportServiceIsActive = new AtomicBoolean(); 480 private final AtomicBoolean mRemoteBugreportSharingAccepted = new AtomicBoolean(); 481 482 private final SetupContentObserver mSetupContentObserver; 483 484 private static boolean ENABLE_LOCK_GUARD = Build.IS_ENG 485 || (SystemProperties.getInt("debug.dpm.lock_guard", 0) == 1); 486 487 interface Stats { 488 int LOCK_GUARD_GUARD = 0; 489 490 int COUNT = LOCK_GUARD_GUARD + 1; 491 } 492 493 private final StatLogger mStatLogger = new StatLogger(new String[] { 494 "LockGuard.guard()", 495 }); 496 497 private final Object mLockDoNoUseDirectly = LockGuard.installNewLock( 498 LockGuard.INDEX_DPMS, /* doWtf=*/ true); 499 500 final Object getLockObject() { 501 if (ENABLE_LOCK_GUARD) { 502 final long start = mStatLogger.getTime(); 503 LockGuard.guard(LockGuard.INDEX_DPMS); 504 mStatLogger.logDurationStat(Stats.LOCK_GUARD_GUARD, start); 505 } 506 return mLockDoNoUseDirectly; 507 } 508 509 /** 510 * Check if the current thread holds the DPMS lock, and if not, do a WTF. 511 * 512 * (Doing this check too much may be costly, so don't call it in a hot path.) 513 */ 514 final void ensureLocked() { 515 if (Thread.holdsLock(mLockDoNoUseDirectly)) { 516 return; 517 } 518 Slog.wtfStack(LOG_TAG, "Not holding DPMS lock."); 519 } 520 521 @VisibleForTesting 522 final TransferOwnershipMetadataManager mTransferOwnershipMetadataManager; 523 524 private final Runnable mRemoteBugreportTimeoutRunnable = new Runnable() { 525 @Override 526 public void run() { 527 if(mRemoteBugreportServiceIsActive.get()) { 528 onBugreportFailed(); 529 } 530 } 531 }; 532 533 /** Listens only if mHasFeature == true. */ 534 private final BroadcastReceiver mRemoteBugreportFinishedReceiver = new BroadcastReceiver() { 535 536 @Override 537 public void onReceive(Context context, Intent intent) { 538 if (DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH.equals(intent.getAction()) 539 && mRemoteBugreportServiceIsActive.get()) { 540 onBugreportFinished(intent); 541 } 542 } 543 }; 544 545 /** Listens only if mHasFeature == true. */ 546 private final BroadcastReceiver mRemoteBugreportConsentReceiver = new BroadcastReceiver() { 547 548 @Override 549 public void onReceive(Context context, Intent intent) { 550 String action = intent.getAction(); 551 mInjector.getNotificationManager().cancel(LOG_TAG, 552 RemoteBugreportUtils.NOTIFICATION_ID); 553 if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED.equals(action)) { 554 onBugreportSharingAccepted(); 555 } else if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) { 556 onBugreportSharingDeclined(); 557 } 558 mContext.unregisterReceiver(mRemoteBugreportConsentReceiver); 559 } 560 }; 561 562 public static final class Lifecycle extends SystemService { 563 private BaseIDevicePolicyManager mService; 564 565 public Lifecycle(Context context) { 566 super(context); 567 String dpmsClassName = context.getResources() 568 .getString(R.string.config_deviceSpecificDevicePolicyManagerService); 569 if (TextUtils.isEmpty(dpmsClassName)) { 570 dpmsClassName = DevicePolicyManagerService.class.getName(); 571 } 572 try { 573 Class serviceClass = Class.forName(dpmsClassName); 574 Constructor constructor = serviceClass.getConstructor(Context.class); 575 mService = (BaseIDevicePolicyManager) constructor.newInstance(context); 576 } catch (Exception e) { 577 throw new IllegalStateException( 578 "Failed to instantiate DevicePolicyManagerService with class name: " 579 + dpmsClassName, e); 580 } 581 } 582 583 @Override 584 public void onStart() { 585 publishBinderService(Context.DEVICE_POLICY_SERVICE, mService); 586 } 587 588 @Override 589 public void onBootPhase(int phase) { 590 mService.systemReady(phase); 591 } 592 593 @Override 594 public void onStartUser(int userHandle) { 595 mService.handleStartUser(userHandle); 596 } 597 598 @Override 599 public void onUnlockUser(int userHandle) { 600 mService.handleUnlockUser(userHandle); 601 } 602 603 @Override 604 public void onStopUser(int userHandle) { 605 mService.handleStopUser(userHandle); 606 } 607 } 608 609 public static class DevicePolicyData { 610 int mFailedPasswordAttempts = 0; 611 boolean mPasswordValidAtLastCheckpoint = true; 612 613 int mUserHandle; 614 int mPasswordOwner = -1; 615 long mLastMaximumTimeToLock = -1; 616 boolean mUserSetupComplete = false; 617 boolean mPaired = false; 618 int mUserProvisioningState; 619 int mPermissionPolicy; 620 621 boolean mDeviceProvisioningConfigApplied = false; 622 623 final ArrayMap<ComponentName, ActiveAdmin> mAdminMap = new ArrayMap<>(); 624 final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>(); 625 final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>(); 626 627 // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead. 628 final ArraySet<String> mAcceptedCaCertificates = new ArraySet<>(); 629 630 // This is the list of component allowed to start lock task mode. 631 List<String> mLockTaskPackages = new ArrayList<>(); 632 633 // Bitfield of feature flags to be enabled during LockTask mode. 634 // We default on the power button menu, in order to be consistent with pre-P behaviour. 635 int mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_GLOBAL_ACTIONS; 636 637 boolean mStatusBarDisabled = false; 638 639 ComponentName mRestrictionsProvider; 640 641 // Map of delegate package to delegation scopes 642 final ArrayMap<String, List<String>> mDelegationMap = new ArrayMap<>(); 643 644 boolean doNotAskCredentialsOnBoot = false; 645 646 Set<String> mAffiliationIds = new ArraySet<>(); 647 648 long mLastSecurityLogRetrievalTime = -1; 649 650 long mLastBugReportRequestTime = -1; 651 652 long mLastNetworkLogsRetrievalTime = -1; 653 654 boolean mCurrentInputMethodSet = false; 655 656 // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead. 657 Set<String> mOwnerInstalledCaCerts = new ArraySet<>(); 658 659 // Used for initialization of users created by createAndManageUser. 660 boolean mAdminBroadcastPending = false; 661 PersistableBundle mInitBundle = null; 662 663 long mPasswordTokenHandle = 0; 664 665 public DevicePolicyData(int userHandle) { 666 mUserHandle = userHandle; 667 } 668 } 669 670 @GuardedBy("getLockObject()") 671 final SparseArray<DevicePolicyData> mUserData = new SparseArray<>(); 672 673 @GuardedBy("getLockObject()") 674 final SparseArray<PasswordMetrics> mUserPasswordMetrics = new SparseArray<>(); 675 676 final Handler mHandler; 677 final Handler mBackgroundHandler; 678 679 /** Listens only if mHasFeature == true. */ 680 final BroadcastReceiver mReceiver = new BroadcastReceiver() { 681 @Override 682 public void onReceive(Context context, Intent intent) { 683 final String action = intent.getAction(); 684 final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, 685 getSendingUserId()); 686 687 /* 688 * Network logging would ideally be started in setDeviceOwnerSystemPropertyLocked(), 689 * however it's too early in the boot process to register with IIpConnectivityMetrics 690 * to listen for events. 691 */ 692 if (Intent.ACTION_USER_STARTED.equals(action) 693 && userHandle == mOwners.getDeviceOwnerUserId()) { 694 synchronized (getLockObject()) { 695 if (isNetworkLoggingEnabledInternalLocked()) { 696 setNetworkLoggingActiveInternal(true); 697 } 698 } 699 } 700 if (Intent.ACTION_BOOT_COMPLETED.equals(action) 701 && userHandle == mOwners.getDeviceOwnerUserId() 702 && getDeviceOwnerRemoteBugreportUri() != null) { 703 IntentFilter filterConsent = new IntentFilter(); 704 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED); 705 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED); 706 mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent); 707 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, 708 RemoteBugreportUtils.NOTIFICATION_ID, 709 RemoteBugreportUtils.buildNotification(mContext, 710 DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED), 711 UserHandle.ALL); 712 } 713 if (Intent.ACTION_BOOT_COMPLETED.equals(action) 714 || ACTION_EXPIRED_PASSWORD_NOTIFICATION.equals(action)) { 715 if (VERBOSE_LOG) { 716 Slog.v(LOG_TAG, "Sending password expiration notifications for action " 717 + action + " for user " + userHandle); 718 } 719 mHandler.post(new Runnable() { 720 @Override 721 public void run() { 722 handlePasswordExpirationNotification(userHandle); 723 } 724 }); 725 } 726 727 if (Intent.ACTION_USER_ADDED.equals(action)) { 728 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_ADDED, userHandle); 729 synchronized (getLockObject()) { 730 // It might take a while for the user to become affiliated. Make security 731 // and network logging unavailable in the meantime. 732 maybePauseDeviceWideLoggingLocked(); 733 } 734 } else if (Intent.ACTION_USER_REMOVED.equals(action)) { 735 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_REMOVED, userHandle); 736 synchronized (getLockObject()) { 737 // Check whether the user is affiliated, *before* removing its data. 738 boolean isRemovedUserAffiliated = isUserAffiliatedWithDeviceLocked(userHandle); 739 removeUserData(userHandle); 740 if (!isRemovedUserAffiliated) { 741 // We discard the logs when unaffiliated users are deleted (so that the 742 // device owner cannot retrieve data about that user after it's gone). 743 discardDeviceWideLogsLocked(); 744 // Resume logging if all remaining users are affiliated. 745 maybeResumeDeviceWideLoggingLocked(); 746 } 747 } 748 } else if (Intent.ACTION_USER_STARTED.equals(action)) { 749 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STARTED, userHandle); 750 synchronized (getLockObject()) { 751 maybeSendAdminEnabledBroadcastLocked(userHandle); 752 // Reset the policy data 753 mUserData.remove(userHandle); 754 } 755 handlePackagesChanged(null /* check all admins */, userHandle); 756 } else if (Intent.ACTION_USER_STOPPED.equals(action)) { 757 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STOPPED, userHandle); 758 } else if (Intent.ACTION_USER_SWITCHED.equals(action)) { 759 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_SWITCHED, userHandle); 760 } else if (Intent.ACTION_USER_UNLOCKED.equals(action)) { 761 synchronized (getLockObject()) { 762 maybeSendAdminEnabledBroadcastLocked(userHandle); 763 } 764 } else if (Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) { 765 handlePackagesChanged(null /* check all admins */, userHandle); 766 } else if (Intent.ACTION_PACKAGE_CHANGED.equals(action) 767 || (Intent.ACTION_PACKAGE_ADDED.equals(action) 768 && intent.getBooleanExtra(Intent.EXTRA_REPLACING, false))) { 769 handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle); 770 } else if (Intent.ACTION_PACKAGE_REMOVED.equals(action) 771 && !intent.getBooleanExtra(Intent.EXTRA_REPLACING, false)) { 772 handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle); 773 } else if (Intent.ACTION_MANAGED_PROFILE_ADDED.equals(action)) { 774 clearWipeProfileNotification(); 775 } else if (Intent.ACTION_DATE_CHANGED.equals(action) 776 || Intent.ACTION_TIME_CHANGED.equals(action)) { 777 // Update freeze period record when clock naturally progresses to the next day 778 // (ACTION_DATE_CHANGED), or when manual clock adjustment is made 779 // (ACTION_TIME_CHANGED) 780 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ true); 781 } 782 783 } 784 785 private void sendDeviceOwnerUserCommand(String action, int userHandle) { 786 synchronized (getLockObject()) { 787 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 788 if (deviceOwner != null) { 789 Bundle extras = new Bundle(); 790 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 791 sendAdminCommandLocked(deviceOwner, action, extras, /* result */ null, 792 /* inForeground */ true); 793 } 794 } 795 } 796 }; 797 798 protected static class RestrictionsListener implements UserRestrictionsListener { 799 private Context mContext; 800 801 public RestrictionsListener(Context context) { 802 mContext = context; 803 } 804 805 public void onUserRestrictionsChanged(int userId, Bundle newRestrictions, 806 Bundle prevRestrictions) { 807 final boolean newlyDisallowed = 808 newRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE); 809 final boolean previouslyDisallowed = 810 prevRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE); 811 final boolean restrictionChanged = (newlyDisallowed != previouslyDisallowed); 812 813 if (restrictionChanged) { 814 // Notify ManagedProvisioning to update the built-in cross profile intent filters. 815 Intent intent = new Intent( 816 DevicePolicyManager.ACTION_DATA_SHARING_RESTRICTION_CHANGED); 817 intent.setPackage(getManagedProvisioningPackage(mContext)); 818 intent.putExtra(Intent.EXTRA_USER_ID, userId); 819 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 820 mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM); 821 } 822 } 823 } 824 825 static class ActiveAdmin { 826 private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features"; 827 private static final String TAG_TEST_ONLY_ADMIN = "test-only-admin"; 828 private static final String TAG_DISABLE_CAMERA = "disable-camera"; 829 private static final String TAG_DISABLE_CALLER_ID = "disable-caller-id"; 830 private static final String TAG_DISABLE_CONTACTS_SEARCH = "disable-contacts-search"; 831 private static final String TAG_DISABLE_BLUETOOTH_CONTACT_SHARING 832 = "disable-bt-contacts-sharing"; 833 private static final String TAG_DISABLE_SCREEN_CAPTURE = "disable-screen-capture"; 834 private static final String TAG_DISABLE_ACCOUNT_MANAGEMENT = "disable-account-management"; 835 private static final String TAG_REQUIRE_AUTO_TIME = "require_auto_time"; 836 private static final String TAG_FORCE_EPHEMERAL_USERS = "force_ephemeral_users"; 837 private static final String TAG_IS_NETWORK_LOGGING_ENABLED = "is_network_logging_enabled"; 838 private static final String TAG_ACCOUNT_TYPE = "account-type"; 839 private static final String TAG_PERMITTED_ACCESSIBILITY_SERVICES 840 = "permitted-accessiblity-services"; 841 private static final String TAG_ENCRYPTION_REQUESTED = "encryption-requested"; 842 private static final String TAG_MANAGE_TRUST_AGENT_FEATURES = "manage-trust-agent-features"; 843 private static final String TAG_TRUST_AGENT_COMPONENT_OPTIONS = "trust-agent-component-options"; 844 private static final String TAG_TRUST_AGENT_COMPONENT = "component"; 845 private static final String TAG_PASSWORD_EXPIRATION_DATE = "password-expiration-date"; 846 private static final String TAG_PASSWORD_EXPIRATION_TIMEOUT = "password-expiration-timeout"; 847 private static final String TAG_GLOBAL_PROXY_EXCLUSION_LIST = "global-proxy-exclusion-list"; 848 private static final String TAG_GLOBAL_PROXY_SPEC = "global-proxy-spec"; 849 private static final String TAG_SPECIFIES_GLOBAL_PROXY = "specifies-global-proxy"; 850 private static final String TAG_PERMITTED_IMES = "permitted-imes"; 851 private static final String TAG_PERMITTED_NOTIFICATION_LISTENERS = 852 "permitted-notification-listeners"; 853 private static final String TAG_MAX_FAILED_PASSWORD_WIPE = "max-failed-password-wipe"; 854 private static final String TAG_MAX_TIME_TO_UNLOCK = "max-time-to-unlock"; 855 private static final String TAG_STRONG_AUTH_UNLOCK_TIMEOUT = "strong-auth-unlock-timeout"; 856 private static final String TAG_MIN_PASSWORD_NONLETTER = "min-password-nonletter"; 857 private static final String TAG_MIN_PASSWORD_SYMBOLS = "min-password-symbols"; 858 private static final String TAG_MIN_PASSWORD_NUMERIC = "min-password-numeric"; 859 private static final String TAG_MIN_PASSWORD_LETTERS = "min-password-letters"; 860 private static final String TAG_MIN_PASSWORD_LOWERCASE = "min-password-lowercase"; 861 private static final String TAG_MIN_PASSWORD_UPPERCASE = "min-password-uppercase"; 862 private static final String TAG_PASSWORD_HISTORY_LENGTH = "password-history-length"; 863 private static final String TAG_MIN_PASSWORD_LENGTH = "min-password-length"; 864 private static final String ATTR_VALUE = "value"; 865 private static final String TAG_PASSWORD_QUALITY = "password-quality"; 866 private static final String TAG_POLICIES = "policies"; 867 private static final String TAG_CROSS_PROFILE_WIDGET_PROVIDERS = 868 "cross-profile-widget-providers"; 869 private static final String TAG_PROVIDER = "provider"; 870 private static final String TAG_PACKAGE_LIST_ITEM = "item"; 871 private static final String TAG_KEEP_UNINSTALLED_PACKAGES = "keep-uninstalled-packages"; 872 private static final String TAG_USER_RESTRICTIONS = "user-restrictions"; 873 private static final String TAG_DEFAULT_ENABLED_USER_RESTRICTIONS = 874 "default-enabled-user-restrictions"; 875 private static final String TAG_RESTRICTION = "restriction"; 876 private static final String TAG_SHORT_SUPPORT_MESSAGE = "short-support-message"; 877 private static final String TAG_LONG_SUPPORT_MESSAGE = "long-support-message"; 878 private static final String TAG_PARENT_ADMIN = "parent-admin"; 879 private static final String TAG_ORGANIZATION_COLOR = "organization-color"; 880 private static final String TAG_ORGANIZATION_NAME = "organization-name"; 881 private static final String ATTR_LAST_NETWORK_LOGGING_NOTIFICATION = "last-notification"; 882 private static final String ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS = "num-notifications"; 883 private static final String TAG_IS_LOGOUT_ENABLED = "is_logout_enabled"; 884 private static final String TAG_MANDATORY_BACKUP_TRANSPORT = "mandatory_backup_transport"; 885 private static final String TAG_START_USER_SESSION_MESSAGE = "start_user_session_message"; 886 private static final String TAG_END_USER_SESSION_MESSAGE = "end_user_session_message"; 887 private static final String TAG_METERED_DATA_DISABLED_PACKAGES 888 = "metered_data_disabled_packages"; 889 890 DeviceAdminInfo info; 891 892 893 static final int DEF_PASSWORD_HISTORY_LENGTH = 0; 894 int passwordHistoryLength = DEF_PASSWORD_HISTORY_LENGTH; 895 896 static final int DEF_MINIMUM_PASSWORD_LENGTH = 0; 897 static final int DEF_MINIMUM_PASSWORD_LETTERS = 1; 898 static final int DEF_MINIMUM_PASSWORD_UPPER_CASE = 0; 899 static final int DEF_MINIMUM_PASSWORD_LOWER_CASE = 0; 900 static final int DEF_MINIMUM_PASSWORD_NUMERIC = 1; 901 static final int DEF_MINIMUM_PASSWORD_SYMBOLS = 1; 902 static final int DEF_MINIMUM_PASSWORD_NON_LETTER = 0; 903 @NonNull 904 PasswordMetrics minimumPasswordMetrics = new PasswordMetrics( 905 PASSWORD_QUALITY_UNSPECIFIED, DEF_MINIMUM_PASSWORD_LENGTH, 906 DEF_MINIMUM_PASSWORD_LETTERS, DEF_MINIMUM_PASSWORD_UPPER_CASE, 907 DEF_MINIMUM_PASSWORD_LOWER_CASE, DEF_MINIMUM_PASSWORD_NUMERIC, 908 DEF_MINIMUM_PASSWORD_SYMBOLS, DEF_MINIMUM_PASSWORD_NON_LETTER); 909 910 static final long DEF_MAXIMUM_TIME_TO_UNLOCK = 0; 911 long maximumTimeToUnlock = DEF_MAXIMUM_TIME_TO_UNLOCK; 912 913 long strongAuthUnlockTimeout = 0; // admin doesn't participate by default 914 915 static final int DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE = 0; 916 int maximumFailedPasswordsForWipe = DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE; 917 918 static final long DEF_PASSWORD_EXPIRATION_TIMEOUT = 0; 919 long passwordExpirationTimeout = DEF_PASSWORD_EXPIRATION_TIMEOUT; 920 921 static final long DEF_PASSWORD_EXPIRATION_DATE = 0; 922 long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE; 923 924 static final int DEF_KEYGUARD_FEATURES_DISABLED = 0; // none 925 926 int disabledKeyguardFeatures = DEF_KEYGUARD_FEATURES_DISABLED; 927 928 boolean encryptionRequested = false; 929 boolean testOnlyAdmin = false; 930 boolean disableCamera = false; 931 boolean disableCallerId = false; 932 boolean disableContactsSearch = false; 933 boolean disableBluetoothContactSharing = true; 934 boolean disableScreenCapture = false; // Can only be set by a device/profile owner. 935 boolean requireAutoTime = false; // Can only be set by a device owner. 936 boolean forceEphemeralUsers = false; // Can only be set by a device owner. 937 boolean isNetworkLoggingEnabled = false; // Can only be set by a device owner. 938 boolean isLogoutEnabled = false; // Can only be set by a device owner. 939 940 // one notification after enabling + one more after reboots 941 static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2; 942 int numNetworkLoggingNotifications = 0; 943 long lastNetworkLoggingNotificationTimeMs = 0; // Time in milliseconds since epoch 944 945 ActiveAdmin parentAdmin; 946 final boolean isParent; 947 948 static class TrustAgentInfo { 949 public PersistableBundle options; 950 TrustAgentInfo(PersistableBundle bundle) { 951 options = bundle; 952 } 953 } 954 955 // The list of packages which are not allowed to use metered data. 956 List<String> meteredDisabledPackages; 957 958 final Set<String> accountTypesWithManagementDisabled = new ArraySet<>(); 959 960 // The list of permitted accessibility services package namesas set by a profile 961 // or device owner. Null means all accessibility services are allowed, empty means 962 // none except system services are allowed. 963 List<String> permittedAccessiblityServices; 964 965 // The list of permitted input methods package names as set by a profile or device owner. 966 // Null means all input methods are allowed, empty means none except system imes are 967 // allowed. 968 List<String> permittedInputMethods; 969 970 // The list of packages allowed to use a NotificationListenerService to receive events for 971 // notifications from this user. Null means that all packages are allowed. Empty list means 972 // that only packages from the system are allowed. 973 List<String> permittedNotificationListeners; 974 975 // List of package names to keep cached. 976 List<String> keepUninstalledPackages; 977 978 // TODO: review implementation decisions with frameworks team 979 boolean specifiesGlobalProxy = false; 980 String globalProxySpec = null; 981 String globalProxyExclusionList = null; 982 983 ArrayMap<String, TrustAgentInfo> trustAgentInfos = new ArrayMap<>(); 984 985 List<String> crossProfileWidgetProviders; 986 987 Bundle userRestrictions; 988 989 // User restrictions that have already been enabled by default for this admin (either when 990 // setting the device or profile owner, or during a system update if one of those "enabled 991 // by default" restrictions is newly added). 992 final Set<String> defaultEnabledRestrictionsAlreadySet = new ArraySet<>(); 993 994 // Support text provided by the admin to display to the user. 995 CharSequence shortSupportMessage = null; 996 CharSequence longSupportMessage = null; 997 998 // Background color of confirm credentials screen. Default: teal. 999 static final int DEF_ORGANIZATION_COLOR = Color.parseColor("#00796B"); 1000 int organizationColor = DEF_ORGANIZATION_COLOR; 1001 1002 // Default title of confirm credentials screen 1003 String organizationName = null; 1004 1005 // The component name of the backup transport which has to be used if backups are mandatory 1006 // or null if backups are not mandatory. 1007 ComponentName mandatoryBackupTransport = null; 1008 1009 // Message for user switcher 1010 String startUserSessionMessage = null; 1011 String endUserSessionMessage = null; 1012 1013 ActiveAdmin(DeviceAdminInfo _info, boolean parent) { 1014 info = _info; 1015 isParent = parent; 1016 } 1017 1018 ActiveAdmin getParentActiveAdmin() { 1019 Preconditions.checkState(!isParent); 1020 1021 if (parentAdmin == null) { 1022 parentAdmin = new ActiveAdmin(info, /* parent */ true); 1023 } 1024 return parentAdmin; 1025 } 1026 1027 boolean hasParentActiveAdmin() { 1028 return parentAdmin != null; 1029 } 1030 1031 int getUid() { return info.getActivityInfo().applicationInfo.uid; } 1032 1033 public UserHandle getUserHandle() { 1034 return UserHandle.of(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid)); 1035 } 1036 1037 void writeToXml(XmlSerializer out) 1038 throws IllegalArgumentException, IllegalStateException, IOException { 1039 out.startTag(null, TAG_POLICIES); 1040 info.writePoliciesToXml(out); 1041 out.endTag(null, TAG_POLICIES); 1042 if (minimumPasswordMetrics.quality != PASSWORD_QUALITY_UNSPECIFIED) { 1043 out.startTag(null, TAG_PASSWORD_QUALITY); 1044 out.attribute(null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.quality)); 1045 out.endTag(null, TAG_PASSWORD_QUALITY); 1046 if (minimumPasswordMetrics.length != DEF_MINIMUM_PASSWORD_LENGTH) { 1047 out.startTag(null, TAG_MIN_PASSWORD_LENGTH); 1048 out.attribute( 1049 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.length)); 1050 out.endTag(null, TAG_MIN_PASSWORD_LENGTH); 1051 } 1052 if(passwordHistoryLength != DEF_PASSWORD_HISTORY_LENGTH) { 1053 out.startTag(null, TAG_PASSWORD_HISTORY_LENGTH); 1054 out.attribute(null, ATTR_VALUE, Integer.toString(passwordHistoryLength)); 1055 out.endTag(null, TAG_PASSWORD_HISTORY_LENGTH); 1056 } 1057 if (minimumPasswordMetrics.upperCase != DEF_MINIMUM_PASSWORD_UPPER_CASE) { 1058 out.startTag(null, TAG_MIN_PASSWORD_UPPERCASE); 1059 out.attribute( 1060 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.upperCase)); 1061 out.endTag(null, TAG_MIN_PASSWORD_UPPERCASE); 1062 } 1063 if (minimumPasswordMetrics.lowerCase != DEF_MINIMUM_PASSWORD_LOWER_CASE) { 1064 out.startTag(null, TAG_MIN_PASSWORD_LOWERCASE); 1065 out.attribute( 1066 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.lowerCase)); 1067 out.endTag(null, TAG_MIN_PASSWORD_LOWERCASE); 1068 } 1069 if (minimumPasswordMetrics.letters != DEF_MINIMUM_PASSWORD_LETTERS) { 1070 out.startTag(null, TAG_MIN_PASSWORD_LETTERS); 1071 out.attribute( 1072 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.letters)); 1073 out.endTag(null, TAG_MIN_PASSWORD_LETTERS); 1074 } 1075 if (minimumPasswordMetrics.numeric != DEF_MINIMUM_PASSWORD_NUMERIC) { 1076 out.startTag(null, TAG_MIN_PASSWORD_NUMERIC); 1077 out.attribute( 1078 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.numeric)); 1079 out.endTag(null, TAG_MIN_PASSWORD_NUMERIC); 1080 } 1081 if (minimumPasswordMetrics.symbols != DEF_MINIMUM_PASSWORD_SYMBOLS) { 1082 out.startTag(null, TAG_MIN_PASSWORD_SYMBOLS); 1083 out.attribute( 1084 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.symbols)); 1085 out.endTag(null, TAG_MIN_PASSWORD_SYMBOLS); 1086 } 1087 if (minimumPasswordMetrics.nonLetter > DEF_MINIMUM_PASSWORD_NON_LETTER) { 1088 out.startTag(null, TAG_MIN_PASSWORD_NONLETTER); 1089 out.attribute( 1090 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.nonLetter)); 1091 out.endTag(null, TAG_MIN_PASSWORD_NONLETTER); 1092 } 1093 } 1094 if (maximumTimeToUnlock != DEF_MAXIMUM_TIME_TO_UNLOCK) { 1095 out.startTag(null, TAG_MAX_TIME_TO_UNLOCK); 1096 out.attribute(null, ATTR_VALUE, Long.toString(maximumTimeToUnlock)); 1097 out.endTag(null, TAG_MAX_TIME_TO_UNLOCK); 1098 } 1099 if (strongAuthUnlockTimeout != DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { 1100 out.startTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT); 1101 out.attribute(null, ATTR_VALUE, Long.toString(strongAuthUnlockTimeout)); 1102 out.endTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT); 1103 } 1104 if (maximumFailedPasswordsForWipe != DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) { 1105 out.startTag(null, TAG_MAX_FAILED_PASSWORD_WIPE); 1106 out.attribute(null, ATTR_VALUE, Integer.toString(maximumFailedPasswordsForWipe)); 1107 out.endTag(null, TAG_MAX_FAILED_PASSWORD_WIPE); 1108 } 1109 if (specifiesGlobalProxy) { 1110 out.startTag(null, TAG_SPECIFIES_GLOBAL_PROXY); 1111 out.attribute(null, ATTR_VALUE, Boolean.toString(specifiesGlobalProxy)); 1112 out.endTag(null, TAG_SPECIFIES_GLOBAL_PROXY); 1113 if (globalProxySpec != null) { 1114 out.startTag(null, TAG_GLOBAL_PROXY_SPEC); 1115 out.attribute(null, ATTR_VALUE, globalProxySpec); 1116 out.endTag(null, TAG_GLOBAL_PROXY_SPEC); 1117 } 1118 if (globalProxyExclusionList != null) { 1119 out.startTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST); 1120 out.attribute(null, ATTR_VALUE, globalProxyExclusionList); 1121 out.endTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST); 1122 } 1123 } 1124 if (passwordExpirationTimeout != DEF_PASSWORD_EXPIRATION_TIMEOUT) { 1125 out.startTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT); 1126 out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationTimeout)); 1127 out.endTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT); 1128 } 1129 if (passwordExpirationDate != DEF_PASSWORD_EXPIRATION_DATE) { 1130 out.startTag(null, TAG_PASSWORD_EXPIRATION_DATE); 1131 out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationDate)); 1132 out.endTag(null, TAG_PASSWORD_EXPIRATION_DATE); 1133 } 1134 if (encryptionRequested) { 1135 out.startTag(null, TAG_ENCRYPTION_REQUESTED); 1136 out.attribute(null, ATTR_VALUE, Boolean.toString(encryptionRequested)); 1137 out.endTag(null, TAG_ENCRYPTION_REQUESTED); 1138 } 1139 if (testOnlyAdmin) { 1140 out.startTag(null, TAG_TEST_ONLY_ADMIN); 1141 out.attribute(null, ATTR_VALUE, Boolean.toString(testOnlyAdmin)); 1142 out.endTag(null, TAG_TEST_ONLY_ADMIN); 1143 } 1144 if (disableCamera) { 1145 out.startTag(null, TAG_DISABLE_CAMERA); 1146 out.attribute(null, ATTR_VALUE, Boolean.toString(disableCamera)); 1147 out.endTag(null, TAG_DISABLE_CAMERA); 1148 } 1149 if (disableCallerId) { 1150 out.startTag(null, TAG_DISABLE_CALLER_ID); 1151 out.attribute(null, ATTR_VALUE, Boolean.toString(disableCallerId)); 1152 out.endTag(null, TAG_DISABLE_CALLER_ID); 1153 } 1154 if (disableContactsSearch) { 1155 out.startTag(null, TAG_DISABLE_CONTACTS_SEARCH); 1156 out.attribute(null, ATTR_VALUE, Boolean.toString(disableContactsSearch)); 1157 out.endTag(null, TAG_DISABLE_CONTACTS_SEARCH); 1158 } 1159 if (!disableBluetoothContactSharing) { 1160 out.startTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING); 1161 out.attribute(null, ATTR_VALUE, 1162 Boolean.toString(disableBluetoothContactSharing)); 1163 out.endTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING); 1164 } 1165 if (disableScreenCapture) { 1166 out.startTag(null, TAG_DISABLE_SCREEN_CAPTURE); 1167 out.attribute(null, ATTR_VALUE, Boolean.toString(disableScreenCapture)); 1168 out.endTag(null, TAG_DISABLE_SCREEN_CAPTURE); 1169 } 1170 if (requireAutoTime) { 1171 out.startTag(null, TAG_REQUIRE_AUTO_TIME); 1172 out.attribute(null, ATTR_VALUE, Boolean.toString(requireAutoTime)); 1173 out.endTag(null, TAG_REQUIRE_AUTO_TIME); 1174 } 1175 if (forceEphemeralUsers) { 1176 out.startTag(null, TAG_FORCE_EPHEMERAL_USERS); 1177 out.attribute(null, ATTR_VALUE, Boolean.toString(forceEphemeralUsers)); 1178 out.endTag(null, TAG_FORCE_EPHEMERAL_USERS); 1179 } 1180 if (isNetworkLoggingEnabled) { 1181 out.startTag(null, TAG_IS_NETWORK_LOGGING_ENABLED); 1182 out.attribute(null, ATTR_VALUE, Boolean.toString(isNetworkLoggingEnabled)); 1183 out.attribute(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS, 1184 Integer.toString(numNetworkLoggingNotifications)); 1185 out.attribute(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION, 1186 Long.toString(lastNetworkLoggingNotificationTimeMs)); 1187 out.endTag(null, TAG_IS_NETWORK_LOGGING_ENABLED); 1188 } 1189 if (disabledKeyguardFeatures != DEF_KEYGUARD_FEATURES_DISABLED) { 1190 out.startTag(null, TAG_DISABLE_KEYGUARD_FEATURES); 1191 out.attribute(null, ATTR_VALUE, Integer.toString(disabledKeyguardFeatures)); 1192 out.endTag(null, TAG_DISABLE_KEYGUARD_FEATURES); 1193 } 1194 if (!accountTypesWithManagementDisabled.isEmpty()) { 1195 out.startTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT); 1196 writeAttributeValuesToXml( 1197 out, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled); 1198 out.endTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT); 1199 } 1200 if (!trustAgentInfos.isEmpty()) { 1201 Set<Entry<String, TrustAgentInfo>> set = trustAgentInfos.entrySet(); 1202 out.startTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES); 1203 for (Entry<String, TrustAgentInfo> entry : set) { 1204 TrustAgentInfo trustAgentInfo = entry.getValue(); 1205 out.startTag(null, TAG_TRUST_AGENT_COMPONENT); 1206 out.attribute(null, ATTR_VALUE, entry.getKey()); 1207 if (trustAgentInfo.options != null) { 1208 out.startTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS); 1209 try { 1210 trustAgentInfo.options.saveToXml(out); 1211 } catch (XmlPullParserException e) { 1212 Log.e(LOG_TAG, "Failed to save TrustAgent options", e); 1213 } 1214 out.endTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS); 1215 } 1216 out.endTag(null, TAG_TRUST_AGENT_COMPONENT); 1217 } 1218 out.endTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES); 1219 } 1220 if (crossProfileWidgetProviders != null && !crossProfileWidgetProviders.isEmpty()) { 1221 out.startTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS); 1222 writeAttributeValuesToXml(out, TAG_PROVIDER, crossProfileWidgetProviders); 1223 out.endTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS); 1224 } 1225 writePackageListToXml(out, TAG_PERMITTED_ACCESSIBILITY_SERVICES, 1226 permittedAccessiblityServices); 1227 writePackageListToXml(out, TAG_PERMITTED_IMES, permittedInputMethods); 1228 writePackageListToXml(out, TAG_PERMITTED_NOTIFICATION_LISTENERS, 1229 permittedNotificationListeners); 1230 writePackageListToXml(out, TAG_KEEP_UNINSTALLED_PACKAGES, keepUninstalledPackages); 1231 writePackageListToXml(out, TAG_METERED_DATA_DISABLED_PACKAGES, meteredDisabledPackages); 1232 if (hasUserRestrictions()) { 1233 UserRestrictionsUtils.writeRestrictions( 1234 out, userRestrictions, TAG_USER_RESTRICTIONS); 1235 } 1236 if (!defaultEnabledRestrictionsAlreadySet.isEmpty()) { 1237 out.startTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS); 1238 writeAttributeValuesToXml( 1239 out, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet); 1240 out.endTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS); 1241 } 1242 if (!TextUtils.isEmpty(shortSupportMessage)) { 1243 out.startTag(null, TAG_SHORT_SUPPORT_MESSAGE); 1244 out.text(shortSupportMessage.toString()); 1245 out.endTag(null, TAG_SHORT_SUPPORT_MESSAGE); 1246 } 1247 if (!TextUtils.isEmpty(longSupportMessage)) { 1248 out.startTag(null, TAG_LONG_SUPPORT_MESSAGE); 1249 out.text(longSupportMessage.toString()); 1250 out.endTag(null, TAG_LONG_SUPPORT_MESSAGE); 1251 } 1252 if (parentAdmin != null) { 1253 out.startTag(null, TAG_PARENT_ADMIN); 1254 parentAdmin.writeToXml(out); 1255 out.endTag(null, TAG_PARENT_ADMIN); 1256 } 1257 if (organizationColor != DEF_ORGANIZATION_COLOR) { 1258 out.startTag(null, TAG_ORGANIZATION_COLOR); 1259 out.attribute(null, ATTR_VALUE, Integer.toString(organizationColor)); 1260 out.endTag(null, TAG_ORGANIZATION_COLOR); 1261 } 1262 if (organizationName != null) { 1263 out.startTag(null, TAG_ORGANIZATION_NAME); 1264 out.text(organizationName); 1265 out.endTag(null, TAG_ORGANIZATION_NAME); 1266 } 1267 if (isLogoutEnabled) { 1268 out.startTag(null, TAG_IS_LOGOUT_ENABLED); 1269 out.attribute(null, ATTR_VALUE, Boolean.toString(isLogoutEnabled)); 1270 out.endTag(null, TAG_IS_LOGOUT_ENABLED); 1271 } 1272 if (mandatoryBackupTransport != null) { 1273 out.startTag(null, TAG_MANDATORY_BACKUP_TRANSPORT); 1274 out.attribute(null, ATTR_VALUE, mandatoryBackupTransport.flattenToString()); 1275 out.endTag(null, TAG_MANDATORY_BACKUP_TRANSPORT); 1276 } 1277 if (startUserSessionMessage != null) { 1278 out.startTag(null, TAG_START_USER_SESSION_MESSAGE); 1279 out.text(startUserSessionMessage); 1280 out.endTag(null, TAG_START_USER_SESSION_MESSAGE); 1281 } 1282 if (endUserSessionMessage != null) { 1283 out.startTag(null, TAG_END_USER_SESSION_MESSAGE); 1284 out.text(endUserSessionMessage); 1285 out.endTag(null, TAG_END_USER_SESSION_MESSAGE); 1286 } 1287 } 1288 1289 void writePackageListToXml(XmlSerializer out, String outerTag, 1290 List<String> packageList) 1291 throws IllegalArgumentException, IllegalStateException, IOException { 1292 if (packageList == null) { 1293 return; 1294 } 1295 1296 out.startTag(null, outerTag); 1297 writeAttributeValuesToXml(out, TAG_PACKAGE_LIST_ITEM, packageList); 1298 out.endTag(null, outerTag); 1299 } 1300 1301 void writeAttributeValuesToXml(XmlSerializer out, String tag, 1302 @NonNull Collection<String> values) throws IOException { 1303 for (String value : values) { 1304 out.startTag(null, tag); 1305 out.attribute(null, ATTR_VALUE, value); 1306 out.endTag(null, tag); 1307 } 1308 } 1309 1310 void readFromXml(XmlPullParser parser) 1311 throws XmlPullParserException, IOException { 1312 int outerDepth = parser.getDepth(); 1313 int type; 1314 while ((type=parser.next()) != END_DOCUMENT 1315 && (type != END_TAG || parser.getDepth() > outerDepth)) { 1316 if (type == END_TAG || type == TEXT) { 1317 continue; 1318 } 1319 String tag = parser.getName(); 1320 if (TAG_POLICIES.equals(tag)) { 1321 info.readPoliciesFromXml(parser); 1322 } else if (TAG_PASSWORD_QUALITY.equals(tag)) { 1323 minimumPasswordMetrics.quality = Integer.parseInt( 1324 parser.getAttributeValue(null, ATTR_VALUE)); 1325 } else if (TAG_MIN_PASSWORD_LENGTH.equals(tag)) { 1326 minimumPasswordMetrics.length = Integer.parseInt( 1327 parser.getAttributeValue(null, ATTR_VALUE)); 1328 } else if (TAG_PASSWORD_HISTORY_LENGTH.equals(tag)) { 1329 passwordHistoryLength = Integer.parseInt( 1330 parser.getAttributeValue(null, ATTR_VALUE)); 1331 } else if (TAG_MIN_PASSWORD_UPPERCASE.equals(tag)) { 1332 minimumPasswordMetrics.upperCase = Integer.parseInt( 1333 parser.getAttributeValue(null, ATTR_VALUE)); 1334 } else if (TAG_MIN_PASSWORD_LOWERCASE.equals(tag)) { 1335 minimumPasswordMetrics.lowerCase = Integer.parseInt( 1336 parser.getAttributeValue(null, ATTR_VALUE)); 1337 } else if (TAG_MIN_PASSWORD_LETTERS.equals(tag)) { 1338 minimumPasswordMetrics.letters = Integer.parseInt( 1339 parser.getAttributeValue(null, ATTR_VALUE)); 1340 } else if (TAG_MIN_PASSWORD_NUMERIC.equals(tag)) { 1341 minimumPasswordMetrics.numeric = Integer.parseInt( 1342 parser.getAttributeValue(null, ATTR_VALUE)); 1343 } else if (TAG_MIN_PASSWORD_SYMBOLS.equals(tag)) { 1344 minimumPasswordMetrics.symbols = Integer.parseInt( 1345 parser.getAttributeValue(null, ATTR_VALUE)); 1346 } else if (TAG_MIN_PASSWORD_NONLETTER.equals(tag)) { 1347 minimumPasswordMetrics.nonLetter = Integer.parseInt( 1348 parser.getAttributeValue(null, ATTR_VALUE)); 1349 }else if (TAG_MAX_TIME_TO_UNLOCK.equals(tag)) { 1350 maximumTimeToUnlock = Long.parseLong( 1351 parser.getAttributeValue(null, ATTR_VALUE)); 1352 } else if (TAG_STRONG_AUTH_UNLOCK_TIMEOUT.equals(tag)) { 1353 strongAuthUnlockTimeout = Long.parseLong( 1354 parser.getAttributeValue(null, ATTR_VALUE)); 1355 } else if (TAG_MAX_FAILED_PASSWORD_WIPE.equals(tag)) { 1356 maximumFailedPasswordsForWipe = Integer.parseInt( 1357 parser.getAttributeValue(null, ATTR_VALUE)); 1358 } else if (TAG_SPECIFIES_GLOBAL_PROXY.equals(tag)) { 1359 specifiesGlobalProxy = Boolean.parseBoolean( 1360 parser.getAttributeValue(null, ATTR_VALUE)); 1361 } else if (TAG_GLOBAL_PROXY_SPEC.equals(tag)) { 1362 globalProxySpec = 1363 parser.getAttributeValue(null, ATTR_VALUE); 1364 } else if (TAG_GLOBAL_PROXY_EXCLUSION_LIST.equals(tag)) { 1365 globalProxyExclusionList = 1366 parser.getAttributeValue(null, ATTR_VALUE); 1367 } else if (TAG_PASSWORD_EXPIRATION_TIMEOUT.equals(tag)) { 1368 passwordExpirationTimeout = Long.parseLong( 1369 parser.getAttributeValue(null, ATTR_VALUE)); 1370 } else if (TAG_PASSWORD_EXPIRATION_DATE.equals(tag)) { 1371 passwordExpirationDate = Long.parseLong( 1372 parser.getAttributeValue(null, ATTR_VALUE)); 1373 } else if (TAG_ENCRYPTION_REQUESTED.equals(tag)) { 1374 encryptionRequested = Boolean.parseBoolean( 1375 parser.getAttributeValue(null, ATTR_VALUE)); 1376 } else if (TAG_TEST_ONLY_ADMIN.equals(tag)) { 1377 testOnlyAdmin = Boolean.parseBoolean( 1378 parser.getAttributeValue(null, ATTR_VALUE)); 1379 } else if (TAG_DISABLE_CAMERA.equals(tag)) { 1380 disableCamera = Boolean.parseBoolean( 1381 parser.getAttributeValue(null, ATTR_VALUE)); 1382 } else if (TAG_DISABLE_CALLER_ID.equals(tag)) { 1383 disableCallerId = Boolean.parseBoolean( 1384 parser.getAttributeValue(null, ATTR_VALUE)); 1385 } else if (TAG_DISABLE_CONTACTS_SEARCH.equals(tag)) { 1386 disableContactsSearch = Boolean.parseBoolean( 1387 parser.getAttributeValue(null, ATTR_VALUE)); 1388 } else if (TAG_DISABLE_BLUETOOTH_CONTACT_SHARING.equals(tag)) { 1389 disableBluetoothContactSharing = Boolean.parseBoolean(parser 1390 .getAttributeValue(null, ATTR_VALUE)); 1391 } else if (TAG_DISABLE_SCREEN_CAPTURE.equals(tag)) { 1392 disableScreenCapture = Boolean.parseBoolean( 1393 parser.getAttributeValue(null, ATTR_VALUE)); 1394 } else if (TAG_REQUIRE_AUTO_TIME.equals(tag)) { 1395 requireAutoTime = Boolean.parseBoolean( 1396 parser.getAttributeValue(null, ATTR_VALUE)); 1397 } else if (TAG_FORCE_EPHEMERAL_USERS.equals(tag)) { 1398 forceEphemeralUsers = Boolean.parseBoolean( 1399 parser.getAttributeValue(null, ATTR_VALUE)); 1400 } else if (TAG_IS_NETWORK_LOGGING_ENABLED.equals(tag)) { 1401 isNetworkLoggingEnabled = Boolean.parseBoolean( 1402 parser.getAttributeValue(null, ATTR_VALUE)); 1403 lastNetworkLoggingNotificationTimeMs = Long.parseLong( 1404 parser.getAttributeValue(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION)); 1405 numNetworkLoggingNotifications = Integer.parseInt( 1406 parser.getAttributeValue(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS)); 1407 } else if (TAG_DISABLE_KEYGUARD_FEATURES.equals(tag)) { 1408 disabledKeyguardFeatures = Integer.parseInt( 1409 parser.getAttributeValue(null, ATTR_VALUE)); 1410 } else if (TAG_DISABLE_ACCOUNT_MANAGEMENT.equals(tag)) { 1411 readAttributeValues( 1412 parser, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled); 1413 } else if (TAG_MANAGE_TRUST_AGENT_FEATURES.equals(tag)) { 1414 trustAgentInfos = getAllTrustAgentInfos(parser, tag); 1415 } else if (TAG_CROSS_PROFILE_WIDGET_PROVIDERS.equals(tag)) { 1416 crossProfileWidgetProviders = new ArrayList<>(); 1417 readAttributeValues(parser, TAG_PROVIDER, crossProfileWidgetProviders); 1418 } else if (TAG_PERMITTED_ACCESSIBILITY_SERVICES.equals(tag)) { 1419 permittedAccessiblityServices = readPackageList(parser, tag); 1420 } else if (TAG_PERMITTED_IMES.equals(tag)) { 1421 permittedInputMethods = readPackageList(parser, tag); 1422 } else if (TAG_PERMITTED_NOTIFICATION_LISTENERS.equals(tag)) { 1423 permittedNotificationListeners = readPackageList(parser, tag); 1424 } else if (TAG_KEEP_UNINSTALLED_PACKAGES.equals(tag)) { 1425 keepUninstalledPackages = readPackageList(parser, tag); 1426 } else if (TAG_METERED_DATA_DISABLED_PACKAGES.equals(tag)) { 1427 meteredDisabledPackages = readPackageList(parser, tag); 1428 } else if (TAG_USER_RESTRICTIONS.equals(tag)) { 1429 userRestrictions = UserRestrictionsUtils.readRestrictions(parser); 1430 } else if (TAG_DEFAULT_ENABLED_USER_RESTRICTIONS.equals(tag)) { 1431 readAttributeValues( 1432 parser, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet); 1433 } else if (TAG_SHORT_SUPPORT_MESSAGE.equals(tag)) { 1434 type = parser.next(); 1435 if (type == XmlPullParser.TEXT) { 1436 shortSupportMessage = parser.getText(); 1437 } else { 1438 Log.w(LOG_TAG, "Missing text when loading short support message"); 1439 } 1440 } else if (TAG_LONG_SUPPORT_MESSAGE.equals(tag)) { 1441 type = parser.next(); 1442 if (type == XmlPullParser.TEXT) { 1443 longSupportMessage = parser.getText(); 1444 } else { 1445 Log.w(LOG_TAG, "Missing text when loading long support message"); 1446 } 1447 } else if (TAG_PARENT_ADMIN.equals(tag)) { 1448 Preconditions.checkState(!isParent); 1449 1450 parentAdmin = new ActiveAdmin(info, /* parent */ true); 1451 parentAdmin.readFromXml(parser); 1452 } else if (TAG_ORGANIZATION_COLOR.equals(tag)) { 1453 organizationColor = Integer.parseInt( 1454 parser.getAttributeValue(null, ATTR_VALUE)); 1455 } else if (TAG_ORGANIZATION_NAME.equals(tag)) { 1456 type = parser.next(); 1457 if (type == XmlPullParser.TEXT) { 1458 organizationName = parser.getText(); 1459 } else { 1460 Log.w(LOG_TAG, "Missing text when loading organization name"); 1461 } 1462 } else if (TAG_IS_LOGOUT_ENABLED.equals(tag)) { 1463 isLogoutEnabled = Boolean.parseBoolean( 1464 parser.getAttributeValue(null, ATTR_VALUE)); 1465 } else if (TAG_MANDATORY_BACKUP_TRANSPORT.equals(tag)) { 1466 mandatoryBackupTransport = ComponentName.unflattenFromString( 1467 parser.getAttributeValue(null, ATTR_VALUE)); 1468 } else if (TAG_START_USER_SESSION_MESSAGE.equals(tag)) { 1469 type = parser.next(); 1470 if (type == XmlPullParser.TEXT) { 1471 startUserSessionMessage = parser.getText(); 1472 } else { 1473 Log.w(LOG_TAG, "Missing text when loading start session message"); 1474 } 1475 } else if (TAG_END_USER_SESSION_MESSAGE.equals(tag)) { 1476 type = parser.next(); 1477 if (type == XmlPullParser.TEXT) { 1478 endUserSessionMessage = parser.getText(); 1479 } else { 1480 Log.w(LOG_TAG, "Missing text when loading end session message"); 1481 } 1482 } else { 1483 Slog.w(LOG_TAG, "Unknown admin tag: " + tag); 1484 XmlUtils.skipCurrentTag(parser); 1485 } 1486 } 1487 } 1488 1489 private List<String> readPackageList(XmlPullParser parser, 1490 String tag) throws XmlPullParserException, IOException { 1491 List<String> result = new ArrayList<String>(); 1492 int outerDepth = parser.getDepth(); 1493 int outerType; 1494 while ((outerType=parser.next()) != XmlPullParser.END_DOCUMENT 1495 && (outerType != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1496 if (outerType == XmlPullParser.END_TAG || outerType == XmlPullParser.TEXT) { 1497 continue; 1498 } 1499 String outerTag = parser.getName(); 1500 if (TAG_PACKAGE_LIST_ITEM.equals(outerTag)) { 1501 String packageName = parser.getAttributeValue(null, ATTR_VALUE); 1502 if (packageName != null) { 1503 result.add(packageName); 1504 } else { 1505 Slog.w(LOG_TAG, "Package name missing under " + outerTag); 1506 } 1507 } else { 1508 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + outerTag); 1509 } 1510 } 1511 return result; 1512 } 1513 1514 private void readAttributeValues( 1515 XmlPullParser parser, String tag, Collection<String> result) 1516 throws XmlPullParserException, IOException { 1517 result.clear(); 1518 int outerDepthDAM = parser.getDepth(); 1519 int typeDAM; 1520 while ((typeDAM=parser.next()) != END_DOCUMENT 1521 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1522 if (typeDAM == END_TAG || typeDAM == TEXT) { 1523 continue; 1524 } 1525 String tagDAM = parser.getName(); 1526 if (tag.equals(tagDAM)) { 1527 result.add(parser.getAttributeValue(null, ATTR_VALUE)); 1528 } else { 1529 Slog.e(LOG_TAG, "Expected tag " + tag + " but found " + tagDAM); 1530 } 1531 } 1532 } 1533 1534 private ArrayMap<String, TrustAgentInfo> getAllTrustAgentInfos( 1535 XmlPullParser parser, String tag) throws XmlPullParserException, IOException { 1536 int outerDepthDAM = parser.getDepth(); 1537 int typeDAM; 1538 final ArrayMap<String, TrustAgentInfo> result = new ArrayMap<>(); 1539 while ((typeDAM=parser.next()) != END_DOCUMENT 1540 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1541 if (typeDAM == END_TAG || typeDAM == TEXT) { 1542 continue; 1543 } 1544 String tagDAM = parser.getName(); 1545 if (TAG_TRUST_AGENT_COMPONENT.equals(tagDAM)) { 1546 final String component = parser.getAttributeValue(null, ATTR_VALUE); 1547 final TrustAgentInfo trustAgentInfo = getTrustAgentInfo(parser, tag); 1548 result.put(component, trustAgentInfo); 1549 } else { 1550 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + tagDAM); 1551 } 1552 } 1553 return result; 1554 } 1555 1556 private TrustAgentInfo getTrustAgentInfo(XmlPullParser parser, String tag) 1557 throws XmlPullParserException, IOException { 1558 int outerDepthDAM = parser.getDepth(); 1559 int typeDAM; 1560 TrustAgentInfo result = new TrustAgentInfo(null); 1561 while ((typeDAM=parser.next()) != END_DOCUMENT 1562 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1563 if (typeDAM == END_TAG || typeDAM == TEXT) { 1564 continue; 1565 } 1566 String tagDAM = parser.getName(); 1567 if (TAG_TRUST_AGENT_COMPONENT_OPTIONS.equals(tagDAM)) { 1568 result.options = PersistableBundle.restoreFromXml(parser); 1569 } else { 1570 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + tagDAM); 1571 } 1572 } 1573 return result; 1574 } 1575 1576 boolean hasUserRestrictions() { 1577 return userRestrictions != null && userRestrictions.size() > 0; 1578 } 1579 1580 Bundle ensureUserRestrictions() { 1581 if (userRestrictions == null) { 1582 userRestrictions = new Bundle(); 1583 } 1584 return userRestrictions; 1585 } 1586 1587 public void transfer(DeviceAdminInfo deviceAdminInfo) { 1588 if (hasParentActiveAdmin()) { 1589 parentAdmin.info = deviceAdminInfo; 1590 } 1591 info = deviceAdminInfo; 1592 } 1593 1594 void dump(String prefix, PrintWriter pw) { 1595 pw.print(prefix); pw.print("uid="); pw.println(getUid()); 1596 pw.print(prefix); pw.print("testOnlyAdmin="); 1597 pw.println(testOnlyAdmin); 1598 pw.print(prefix); pw.println("policies:"); 1599 ArrayList<DeviceAdminInfo.PolicyInfo> pols = info.getUsedPolicies(); 1600 if (pols != null) { 1601 for (int i=0; i<pols.size(); i++) { 1602 pw.print(prefix); pw.print(" "); pw.println(pols.get(i).tag); 1603 } 1604 } 1605 pw.print(prefix); pw.print("passwordQuality=0x"); 1606 pw.println(Integer.toHexString(minimumPasswordMetrics.quality)); 1607 pw.print(prefix); pw.print("minimumPasswordLength="); 1608 pw.println(minimumPasswordMetrics.length); 1609 pw.print(prefix); pw.print("passwordHistoryLength="); 1610 pw.println(passwordHistoryLength); 1611 pw.print(prefix); pw.print("minimumPasswordUpperCase="); 1612 pw.println(minimumPasswordMetrics.upperCase); 1613 pw.print(prefix); pw.print("minimumPasswordLowerCase="); 1614 pw.println(minimumPasswordMetrics.lowerCase); 1615 pw.print(prefix); pw.print("minimumPasswordLetters="); 1616 pw.println(minimumPasswordMetrics.letters); 1617 pw.print(prefix); pw.print("minimumPasswordNumeric="); 1618 pw.println(minimumPasswordMetrics.numeric); 1619 pw.print(prefix); pw.print("minimumPasswordSymbols="); 1620 pw.println(minimumPasswordMetrics.symbols); 1621 pw.print(prefix); pw.print("minimumPasswordNonLetter="); 1622 pw.println(minimumPasswordMetrics.nonLetter); 1623 pw.print(prefix); pw.print("maximumTimeToUnlock="); 1624 pw.println(maximumTimeToUnlock); 1625 pw.print(prefix); pw.print("strongAuthUnlockTimeout="); 1626 pw.println(strongAuthUnlockTimeout); 1627 pw.print(prefix); pw.print("maximumFailedPasswordsForWipe="); 1628 pw.println(maximumFailedPasswordsForWipe); 1629 pw.print(prefix); pw.print("specifiesGlobalProxy="); 1630 pw.println(specifiesGlobalProxy); 1631 pw.print(prefix); pw.print("passwordExpirationTimeout="); 1632 pw.println(passwordExpirationTimeout); 1633 pw.print(prefix); pw.print("passwordExpirationDate="); 1634 pw.println(passwordExpirationDate); 1635 if (globalProxySpec != null) { 1636 pw.print(prefix); pw.print("globalProxySpec="); 1637 pw.println(globalProxySpec); 1638 } 1639 if (globalProxyExclusionList != null) { 1640 pw.print(prefix); pw.print("globalProxyEclusionList="); 1641 pw.println(globalProxyExclusionList); 1642 } 1643 pw.print(prefix); pw.print("encryptionRequested="); 1644 pw.println(encryptionRequested); 1645 pw.print(prefix); pw.print("disableCamera="); 1646 pw.println(disableCamera); 1647 pw.print(prefix); pw.print("disableCallerId="); 1648 pw.println(disableCallerId); 1649 pw.print(prefix); pw.print("disableContactsSearch="); 1650 pw.println(disableContactsSearch); 1651 pw.print(prefix); pw.print("disableBluetoothContactSharing="); 1652 pw.println(disableBluetoothContactSharing); 1653 pw.print(prefix); pw.print("disableScreenCapture="); 1654 pw.println(disableScreenCapture); 1655 pw.print(prefix); pw.print("requireAutoTime="); 1656 pw.println(requireAutoTime); 1657 pw.print(prefix); pw.print("forceEphemeralUsers="); 1658 pw.println(forceEphemeralUsers); 1659 pw.print(prefix); pw.print("isNetworkLoggingEnabled="); 1660 pw.println(isNetworkLoggingEnabled); 1661 pw.print(prefix); pw.print("disabledKeyguardFeatures="); 1662 pw.println(disabledKeyguardFeatures); 1663 pw.print(prefix); pw.print("crossProfileWidgetProviders="); 1664 pw.println(crossProfileWidgetProviders); 1665 if (permittedAccessiblityServices != null) { 1666 pw.print(prefix); pw.print("permittedAccessibilityServices="); 1667 pw.println(permittedAccessiblityServices); 1668 } 1669 if (permittedInputMethods != null) { 1670 pw.print(prefix); pw.print("permittedInputMethods="); 1671 pw.println(permittedInputMethods); 1672 } 1673 if (permittedNotificationListeners != null) { 1674 pw.print(prefix); pw.print("permittedNotificationListeners="); 1675 pw.println(permittedNotificationListeners); 1676 } 1677 if (keepUninstalledPackages != null) { 1678 pw.print(prefix); pw.print("keepUninstalledPackages="); 1679 pw.println(keepUninstalledPackages); 1680 } 1681 pw.print(prefix); pw.print("organizationColor="); 1682 pw.println(organizationColor); 1683 if (organizationName != null) { 1684 pw.print(prefix); pw.print("organizationName="); 1685 pw.println(organizationName); 1686 } 1687 pw.print(prefix); pw.println("userRestrictions:"); 1688 UserRestrictionsUtils.dumpRestrictions(pw, prefix + " ", userRestrictions); 1689 pw.print(prefix); pw.print("defaultEnabledRestrictionsAlreadySet="); 1690 pw.println(defaultEnabledRestrictionsAlreadySet); 1691 pw.print(prefix); pw.print("isParent="); 1692 pw.println(isParent); 1693 if (parentAdmin != null) { 1694 pw.print(prefix); pw.println("parentAdmin:"); 1695 parentAdmin.dump(prefix + " ", pw); 1696 } 1697 } 1698 } 1699 1700 private void handlePackagesChanged(@Nullable String packageName, int userHandle) { 1701 boolean removedAdmin = false; 1702 if (VERBOSE_LOG) { 1703 Slog.d(LOG_TAG, "Handling package changes package " + packageName 1704 + " for user " + userHandle); 1705 } 1706 DevicePolicyData policy = getUserData(userHandle); 1707 synchronized (getLockObject()) { 1708 for (int i = policy.mAdminList.size() - 1; i >= 0; i--) { 1709 ActiveAdmin aa = policy.mAdminList.get(i); 1710 try { 1711 // If we're checking all packages or if the specific one we're checking matches, 1712 // then check if the package and receiver still exist. 1713 final String adminPackage = aa.info.getPackageName(); 1714 if (packageName == null || packageName.equals(adminPackage)) { 1715 if (mIPackageManager.getPackageInfo(adminPackage, 0, userHandle) == null 1716 || mIPackageManager.getReceiverInfo(aa.info.getComponent(), 1717 PackageManager.MATCH_DIRECT_BOOT_AWARE 1718 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 1719 userHandle) == null) { 1720 removedAdmin = true; 1721 policy.mAdminList.remove(i); 1722 policy.mAdminMap.remove(aa.info.getComponent()); 1723 pushActiveAdminPackagesLocked(userHandle); 1724 pushMeteredDisabledPackagesLocked(userHandle); 1725 } 1726 } 1727 } catch (RemoteException re) { 1728 // Shouldn't happen. 1729 } 1730 } 1731 if (removedAdmin) { 1732 validatePasswordOwnerLocked(policy); 1733 } 1734 1735 boolean removedDelegate = false; 1736 1737 // Check if a delegate was removed. 1738 for (int i = policy.mDelegationMap.size() - 1; i >= 0; i--) { 1739 final String delegatePackage = policy.mDelegationMap.keyAt(i); 1740 if (isRemovedPackage(packageName, delegatePackage, userHandle)) { 1741 policy.mDelegationMap.removeAt(i); 1742 removedDelegate = true; 1743 } 1744 } 1745 1746 // If it's an owner package, we may need to refresh the bound connection. 1747 final ComponentName owner = getOwnerComponent(userHandle); 1748 if ((packageName != null) && (owner != null) 1749 && (owner.getPackageName().equals(packageName))) { 1750 startOwnerService(userHandle, "package-broadcast"); 1751 } 1752 1753 // Persist updates if the removed package was an admin or delegate. 1754 if (removedAdmin || removedDelegate) { 1755 saveSettingsLocked(policy.mUserHandle); 1756 } 1757 } 1758 if (removedAdmin) { 1759 // The removed admin might have disabled camera, so update user restrictions. 1760 pushUserRestrictions(userHandle); 1761 } 1762 } 1763 1764 private boolean isRemovedPackage(String changedPackage, String targetPackage, int userHandle) { 1765 try { 1766 return targetPackage != null 1767 && (changedPackage == null || changedPackage.equals(targetPackage)) 1768 && mIPackageManager.getPackageInfo(targetPackage, 0, userHandle) == null; 1769 } catch (RemoteException e) { 1770 // Shouldn't happen 1771 } 1772 1773 return false; 1774 } 1775 1776 /** 1777 * Unit test will subclass it to inject mocks. 1778 */ 1779 @VisibleForTesting 1780 static class Injector { 1781 1782 public final Context mContext; 1783 1784 Injector(Context context) { 1785 mContext = context; 1786 } 1787 1788 public boolean hasFeature() { 1789 return getPackageManager().hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN); 1790 } 1791 1792 Context createContextAsUser(UserHandle user) throws PackageManager.NameNotFoundException { 1793 final String packageName = mContext.getPackageName(); 1794 return mContext.createPackageContextAsUser(packageName, 0, user); 1795 } 1796 1797 Resources getResources() { 1798 return mContext.getResources(); 1799 } 1800 1801 Owners newOwners() { 1802 return new Owners(getUserManager(), getUserManagerInternal(), 1803 getPackageManagerInternal()); 1804 } 1805 1806 UserManager getUserManager() { 1807 return UserManager.get(mContext); 1808 } 1809 1810 UserManagerInternal getUserManagerInternal() { 1811 return LocalServices.getService(UserManagerInternal.class); 1812 } 1813 1814 PackageManagerInternal getPackageManagerInternal() { 1815 return LocalServices.getService(PackageManagerInternal.class); 1816 } 1817 1818 UsageStatsManagerInternal getUsageStatsManagerInternal() { 1819 return LocalServices.getService(UsageStatsManagerInternal.class); 1820 } 1821 1822 NetworkPolicyManagerInternal getNetworkPolicyManagerInternal() { 1823 return LocalServices.getService(NetworkPolicyManagerInternal.class); 1824 } 1825 1826 NotificationManager getNotificationManager() { 1827 return mContext.getSystemService(NotificationManager.class); 1828 } 1829 1830 IIpConnectivityMetrics getIIpConnectivityMetrics() { 1831 return (IIpConnectivityMetrics) IIpConnectivityMetrics.Stub.asInterface( 1832 ServiceManager.getService(IpConnectivityLog.SERVICE_NAME)); 1833 } 1834 1835 PackageManager getPackageManager() { 1836 return mContext.getPackageManager(); 1837 } 1838 1839 PowerManagerInternal getPowerManagerInternal() { 1840 return LocalServices.getService(PowerManagerInternal.class); 1841 } 1842 1843 TelephonyManager getTelephonyManager() { 1844 return TelephonyManager.from(mContext); 1845 } 1846 1847 TrustManager getTrustManager() { 1848 return (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE); 1849 } 1850 1851 AlarmManager getAlarmManager() { 1852 return (AlarmManager) mContext.getSystemService(AlarmManager.class); 1853 } 1854 1855 IWindowManager getIWindowManager() { 1856 return IWindowManager.Stub 1857 .asInterface(ServiceManager.getService(Context.WINDOW_SERVICE)); 1858 } 1859 1860 IActivityManager getIActivityManager() { 1861 return ActivityManager.getService(); 1862 } 1863 1864 ActivityManagerInternal getActivityManagerInternal() { 1865 return LocalServices.getService(ActivityManagerInternal.class); 1866 } 1867 1868 IPackageManager getIPackageManager() { 1869 return AppGlobals.getPackageManager(); 1870 } 1871 1872 IBackupManager getIBackupManager() { 1873 return IBackupManager.Stub.asInterface( 1874 ServiceManager.getService(Context.BACKUP_SERVICE)); 1875 } 1876 1877 IAudioService getIAudioService() { 1878 return IAudioService.Stub.asInterface(ServiceManager.getService(Context.AUDIO_SERVICE)); 1879 } 1880 1881 boolean isBuildDebuggable() { 1882 return Build.IS_DEBUGGABLE; 1883 } 1884 1885 LockPatternUtils newLockPatternUtils() { 1886 return new LockPatternUtils(mContext); 1887 } 1888 1889 boolean storageManagerIsFileBasedEncryptionEnabled() { 1890 return StorageManager.isFileEncryptedNativeOnly(); 1891 } 1892 1893 boolean storageManagerIsNonDefaultBlockEncrypted() { 1894 long identity = Binder.clearCallingIdentity(); 1895 try { 1896 return StorageManager.isNonDefaultBlockEncrypted(); 1897 } finally { 1898 Binder.restoreCallingIdentity(identity); 1899 } 1900 } 1901 1902 boolean storageManagerIsEncrypted() { 1903 return StorageManager.isEncrypted(); 1904 } 1905 1906 boolean storageManagerIsEncryptable() { 1907 return StorageManager.isEncryptable(); 1908 } 1909 1910 Looper getMyLooper() { 1911 return Looper.myLooper(); 1912 } 1913 1914 WifiManager getWifiManager() { 1915 return mContext.getSystemService(WifiManager.class); 1916 } 1917 1918 long binderClearCallingIdentity() { 1919 return Binder.clearCallingIdentity(); 1920 } 1921 1922 void binderRestoreCallingIdentity(long token) { 1923 Binder.restoreCallingIdentity(token); 1924 } 1925 1926 int binderGetCallingUid() { 1927 return Binder.getCallingUid(); 1928 } 1929 1930 int binderGetCallingPid() { 1931 return Binder.getCallingPid(); 1932 } 1933 1934 UserHandle binderGetCallingUserHandle() { 1935 return Binder.getCallingUserHandle(); 1936 } 1937 1938 boolean binderIsCallingUidMyUid() { 1939 return getCallingUid() == Process.myUid(); 1940 } 1941 1942 void binderWithCleanCallingIdentity(@NonNull ThrowingRunnable action) { 1943 Binder.withCleanCallingIdentity(action); 1944 } 1945 1946 final int userHandleGetCallingUserId() { 1947 return UserHandle.getUserId(binderGetCallingUid()); 1948 } 1949 1950 File environmentGetUserSystemDirectory(int userId) { 1951 return Environment.getUserSystemDirectory(userId); 1952 } 1953 1954 void powerManagerGoToSleep(long time, int reason, int flags) { 1955 mContext.getSystemService(PowerManager.class).goToSleep(time, reason, flags); 1956 } 1957 1958 void powerManagerReboot(String reason) { 1959 mContext.getSystemService(PowerManager.class).reboot(reason); 1960 } 1961 1962 void recoverySystemRebootWipeUserData(boolean shutdown, String reason, boolean force, 1963 boolean wipeEuicc) throws IOException { 1964 RecoverySystem.rebootWipeUserData(mContext, shutdown, reason, force, wipeEuicc); 1965 } 1966 1967 boolean systemPropertiesGetBoolean(String key, boolean def) { 1968 return SystemProperties.getBoolean(key, def); 1969 } 1970 1971 long systemPropertiesGetLong(String key, long def) { 1972 return SystemProperties.getLong(key, def); 1973 } 1974 1975 String systemPropertiesGet(String key, String def) { 1976 return SystemProperties.get(key, def); 1977 } 1978 1979 String systemPropertiesGet(String key) { 1980 return SystemProperties.get(key); 1981 } 1982 1983 void systemPropertiesSet(String key, String value) { 1984 SystemProperties.set(key, value); 1985 } 1986 1987 boolean userManagerIsSplitSystemUser() { 1988 return UserManager.isSplitSystemUser(); 1989 } 1990 1991 String getDevicePolicyFilePathForSystemUser() { 1992 return "/data/system/"; 1993 } 1994 1995 PendingIntent pendingIntentGetActivityAsUser(Context context, int requestCode, 1996 @NonNull Intent intent, int flags, Bundle options, UserHandle user) { 1997 return PendingIntent.getActivityAsUser( 1998 context, requestCode, intent, flags, options, user); 1999 } 2000 2001 void registerContentObserver(Uri uri, boolean notifyForDescendents, 2002 ContentObserver observer, int userHandle) { 2003 mContext.getContentResolver().registerContentObserver(uri, notifyForDescendents, 2004 observer, userHandle); 2005 } 2006 2007 int settingsSecureGetIntForUser(String name, int def, int userHandle) { 2008 return Settings.Secure.getIntForUser(mContext.getContentResolver(), 2009 name, def, userHandle); 2010 } 2011 2012 String settingsSecureGetStringForUser(String name, int userHandle) { 2013 return Settings.Secure.getStringForUser(mContext.getContentResolver(), name, 2014 userHandle); 2015 } 2016 2017 void settingsSecurePutIntForUser(String name, int value, int userHandle) { 2018 Settings.Secure.putIntForUser(mContext.getContentResolver(), 2019 name, value, userHandle); 2020 } 2021 2022 void settingsSecurePutStringForUser(String name, String value, int userHandle) { 2023 Settings.Secure.putStringForUser(mContext.getContentResolver(), 2024 name, value, userHandle); 2025 } 2026 2027 void settingsGlobalPutStringForUser(String name, String value, int userHandle) { 2028 Settings.Global.putStringForUser(mContext.getContentResolver(), 2029 name, value, userHandle); 2030 } 2031 2032 void settingsSecurePutInt(String name, int value) { 2033 Settings.Secure.putInt(mContext.getContentResolver(), name, value); 2034 } 2035 2036 int settingsGlobalGetInt(String name, int def) { 2037 return Settings.Global.getInt(mContext.getContentResolver(), name, def); 2038 } 2039 2040 String settingsGlobalGetString(String name) { 2041 return Settings.Global.getString(mContext.getContentResolver(), name); 2042 } 2043 2044 void settingsGlobalPutInt(String name, int value) { 2045 Settings.Global.putInt(mContext.getContentResolver(), name, value); 2046 } 2047 2048 void settingsSecurePutString(String name, String value) { 2049 Settings.Secure.putString(mContext.getContentResolver(), name, value); 2050 } 2051 2052 void settingsGlobalPutString(String name, String value) { 2053 Settings.Global.putString(mContext.getContentResolver(), name, value); 2054 } 2055 2056 void settingsSystemPutStringForUser(String name, String value, int userId) { 2057 Settings.System.putStringForUser( 2058 mContext.getContentResolver(), name, value, userId); 2059 } 2060 2061 void securityLogSetLoggingEnabledProperty(boolean enabled) { 2062 SecurityLog.setLoggingEnabledProperty(enabled); 2063 } 2064 2065 boolean securityLogGetLoggingEnabledProperty() { 2066 return SecurityLog.getLoggingEnabledProperty(); 2067 } 2068 2069 boolean securityLogIsLoggingEnabled() { 2070 return SecurityLog.isLoggingEnabled(); 2071 } 2072 2073 KeyChainConnection keyChainBindAsUser(UserHandle user) throws InterruptedException { 2074 return KeyChain.bindAsUser(mContext, user); 2075 } 2076 2077 void postOnSystemServerInitThreadPool(Runnable runnable) { 2078 SystemServerInitThreadPool.get().submit(runnable, LOG_TAG); 2079 } 2080 2081 public TransferOwnershipMetadataManager newTransferOwnershipMetadataManager() { 2082 return new TransferOwnershipMetadataManager(); 2083 } 2084 2085 public void runCryptoSelfTest() { 2086 CryptoTestHelper.runAndLogSelfTest(); 2087 } 2088 } 2089 2090 /** 2091 * Instantiates the service. 2092 */ 2093 public DevicePolicyManagerService(Context context) { 2094 this(new Injector(context)); 2095 } 2096 2097 @VisibleForTesting 2098 DevicePolicyManagerService(Injector injector) { 2099 mInjector = injector; 2100 mContext = Preconditions.checkNotNull(injector.mContext); 2101 mHandler = new Handler(Preconditions.checkNotNull(injector.getMyLooper())); 2102 mConstants = DevicePolicyConstants.loadFromString( 2103 mInjector.settingsGlobalGetString(Global.DEVICE_POLICY_CONSTANTS)); 2104 2105 mOwners = Preconditions.checkNotNull(injector.newOwners()); 2106 2107 mUserManager = Preconditions.checkNotNull(injector.getUserManager()); 2108 mUserManagerInternal = Preconditions.checkNotNull(injector.getUserManagerInternal()); 2109 mUsageStatsManagerInternal = Preconditions.checkNotNull( 2110 injector.getUsageStatsManagerInternal()); 2111 mIPackageManager = Preconditions.checkNotNull(injector.getIPackageManager()); 2112 mTelephonyManager = Preconditions.checkNotNull(injector.getTelephonyManager()); 2113 2114 mLocalService = new LocalService(); 2115 mLockPatternUtils = injector.newLockPatternUtils(); 2116 2117 // TODO: why does SecurityLogMonitor need to be created even when mHasFeature == false? 2118 mSecurityLogMonitor = new SecurityLogMonitor(this); 2119 2120 mHasFeature = mInjector.hasFeature(); 2121 mIsWatch = mInjector.getPackageManager() 2122 .hasSystemFeature(PackageManager.FEATURE_WATCH); 2123 mBackgroundHandler = BackgroundThread.getHandler(); 2124 2125 // Needed when mHasFeature == false, because it controls the certificate warning text. 2126 mCertificateMonitor = new CertificateMonitor(this, mInjector, mBackgroundHandler); 2127 2128 mDeviceAdminServiceController = new DeviceAdminServiceController(this, mConstants); 2129 2130 mOverlayPackagesProvider = new OverlayPackagesProvider(mContext); 2131 2132 mTransferOwnershipMetadataManager = mInjector.newTransferOwnershipMetadataManager(); 2133 2134 if (!mHasFeature) { 2135 // Skip the rest of the initialization 2136 mSetupContentObserver = null; 2137 return; 2138 } 2139 2140 IntentFilter filter = new IntentFilter(); 2141 filter.addAction(Intent.ACTION_BOOT_COMPLETED); 2142 filter.addAction(ACTION_EXPIRED_PASSWORD_NOTIFICATION); 2143 filter.addAction(Intent.ACTION_USER_ADDED); 2144 filter.addAction(Intent.ACTION_USER_REMOVED); 2145 filter.addAction(Intent.ACTION_USER_STARTED); 2146 filter.addAction(Intent.ACTION_USER_STOPPED); 2147 filter.addAction(Intent.ACTION_USER_SWITCHED); 2148 filter.addAction(Intent.ACTION_USER_UNLOCKED); 2149 filter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY); 2150 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2151 filter = new IntentFilter(); 2152 filter.addAction(Intent.ACTION_PACKAGE_CHANGED); 2153 filter.addAction(Intent.ACTION_PACKAGE_REMOVED); 2154 filter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE); 2155 filter.addAction(Intent.ACTION_PACKAGE_ADDED); 2156 filter.addDataScheme("package"); 2157 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2158 filter = new IntentFilter(); 2159 filter.addAction(Intent.ACTION_MANAGED_PROFILE_ADDED); 2160 filter.addAction(Intent.ACTION_TIME_CHANGED); 2161 filter.addAction(Intent.ACTION_DATE_CHANGED); 2162 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2163 2164 LocalServices.addService(DevicePolicyManagerInternal.class, mLocalService); 2165 2166 mSetupContentObserver = new SetupContentObserver(mHandler); 2167 2168 mUserManagerInternal.addUserRestrictionsListener(new RestrictionsListener(mContext)); 2169 } 2170 2171 /** 2172 * Creates and loads the policy data from xml. 2173 * @param userHandle the user for whom to load the policy data 2174 * @return 2175 */ 2176 @NonNull 2177 DevicePolicyData getUserData(int userHandle) { 2178 synchronized (getLockObject()) { 2179 DevicePolicyData policy = mUserData.get(userHandle); 2180 if (policy == null) { 2181 policy = new DevicePolicyData(userHandle); 2182 mUserData.append(userHandle, policy); 2183 loadSettingsLocked(policy, userHandle); 2184 } 2185 return policy; 2186 } 2187 } 2188 2189 /** 2190 * Provides PasswordMetrics object corresponding to the given user. 2191 * @param userHandle the user for whom to provide metrics. 2192 * @return the user password metrics, or {@code null} if none have been associated with 2193 * the user yet (for example, if the device has booted but not been unlocked). 2194 */ 2195 PasswordMetrics getUserPasswordMetricsLocked(int userHandle) { 2196 return mUserPasswordMetrics.get(userHandle); 2197 } 2198 2199 /** 2200 * Creates and loads the policy data from xml for data that is shared between 2201 * various profiles of a user. In contrast to {@link #getUserData(int)} 2202 * it allows access to data of users other than the calling user. 2203 * 2204 * This function should only be used for shared data, e.g. everything regarding 2205 * passwords and should be removed once multiple screen locks are present. 2206 * @param userHandle the user for whom to load the policy data 2207 * @return 2208 */ 2209 DevicePolicyData getUserDataUnchecked(int userHandle) { 2210 long ident = mInjector.binderClearCallingIdentity(); 2211 try { 2212 return getUserData(userHandle); 2213 } finally { 2214 mInjector.binderRestoreCallingIdentity(ident); 2215 } 2216 } 2217 2218 void removeUserData(int userHandle) { 2219 synchronized (getLockObject()) { 2220 if (userHandle == UserHandle.USER_SYSTEM) { 2221 Slog.w(LOG_TAG, "Tried to remove device policy file for user 0! Ignoring."); 2222 return; 2223 } 2224 mPolicyCache.onUserRemoved(userHandle); 2225 2226 mOwners.removeProfileOwner(userHandle); 2227 mOwners.writeProfileOwner(userHandle); 2228 2229 DevicePolicyData policy = mUserData.get(userHandle); 2230 if (policy != null) { 2231 mUserData.remove(userHandle); 2232 } 2233 if (mUserPasswordMetrics.get(userHandle) != null) { 2234 mUserPasswordMetrics.remove(userHandle); 2235 } 2236 2237 File policyFile = new File(mInjector.environmentGetUserSystemDirectory(userHandle), 2238 DEVICE_POLICIES_XML); 2239 policyFile.delete(); 2240 Slog.i(LOG_TAG, "Removed device policy file " + policyFile.getAbsolutePath()); 2241 } 2242 } 2243 2244 void loadOwners() { 2245 synchronized (getLockObject()) { 2246 mOwners.load(); 2247 setDeviceOwnerSystemPropertyLocked(); 2248 findOwnerComponentIfNecessaryLocked(); 2249 migrateUserRestrictionsIfNecessaryLocked(); 2250 maybeSetDefaultDeviceOwnerUserRestrictionsLocked(); 2251 2252 // TODO PO may not have a class name either due to b/17652534. Address that too. 2253 2254 updateDeviceOwnerLocked(); 2255 } 2256 } 2257 2258 /** Apply default restrictions that haven't been applied to device owners yet. */ 2259 private void maybeSetDefaultDeviceOwnerUserRestrictionsLocked() { 2260 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 2261 if (deviceOwner != null) { 2262 maybeSetDefaultRestrictionsForAdminLocked(mOwners.getDeviceOwnerUserId(), 2263 deviceOwner, UserRestrictionsUtils.getDefaultEnabledForDeviceOwner()); 2264 } 2265 } 2266 2267 /** Apply default restrictions that haven't been applied to profile owners yet. */ 2268 private void maybeSetDefaultProfileOwnerUserRestrictions() { 2269 synchronized (getLockObject()) { 2270 for (final int userId : mOwners.getProfileOwnerKeys()) { 2271 final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 2272 // The following restrictions used to be applied to managed profiles by different 2273 // means (via Settings or by disabling components). Now they are proper user 2274 // restrictions so we apply them to managed profile owners. Non-managed secondary 2275 // users didn't have those restrictions so we skip them to keep existing behavior. 2276 if (profileOwner == null || !mUserManager.isManagedProfile(userId)) { 2277 continue; 2278 } 2279 maybeSetDefaultRestrictionsForAdminLocked(userId, profileOwner, 2280 UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); 2281 ensureUnknownSourcesRestrictionForProfileOwnerLocked( 2282 userId, profileOwner, false /* newOwner */); 2283 } 2284 } 2285 } 2286 2287 /** 2288 * Checks whether {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES} should be added to the 2289 * set of restrictions for this profile owner. 2290 */ 2291 private void ensureUnknownSourcesRestrictionForProfileOwnerLocked(int userId, 2292 ActiveAdmin profileOwner, boolean newOwner) { 2293 if (newOwner || mInjector.settingsSecureGetIntForUser( 2294 Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId) != 0) { 2295 profileOwner.ensureUserRestrictions().putBoolean( 2296 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true); 2297 saveUserRestrictionsLocked(userId); 2298 mInjector.settingsSecurePutIntForUser( 2299 Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId); 2300 } 2301 } 2302 2303 /** 2304 * Apply default restrictions that haven't been applied to a given admin yet. 2305 */ 2306 private void maybeSetDefaultRestrictionsForAdminLocked( 2307 int userId, ActiveAdmin admin, Set<String> defaultRestrictions) { 2308 if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) { 2309 return; // The same set of default restrictions has been already applied. 2310 } 2311 Slog.i(LOG_TAG, "New user restrictions need to be set by default for user " + userId); 2312 2313 if (VERBOSE_LOG) { 2314 Slog.d(LOG_TAG,"Default enabled restrictions: " 2315 + defaultRestrictions 2316 + ". Restrictions already enabled: " 2317 + admin.defaultEnabledRestrictionsAlreadySet); 2318 } 2319 2320 final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions); 2321 restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet); 2322 if (!restrictionsToSet.isEmpty()) { 2323 for (final String restriction : restrictionsToSet) { 2324 admin.ensureUserRestrictions().putBoolean(restriction, true); 2325 } 2326 admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet); 2327 Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet); 2328 saveUserRestrictionsLocked(userId); 2329 } 2330 } 2331 2332 private void setDeviceOwnerSystemPropertyLocked() { 2333 final boolean deviceProvisioned = 2334 mInjector.settingsGlobalGetInt(Settings.Global.DEVICE_PROVISIONED, 0) != 0; 2335 final boolean hasDeviceOwner = mOwners.hasDeviceOwner(); 2336 // If the device is not provisioned and there is currently no device owner, do not set the 2337 // read-only system property yet, since Device owner may still be provisioned. 2338 if (!hasDeviceOwner && !deviceProvisioned) { 2339 return; 2340 } 2341 // Still at the first stage of CryptKeeper double bounce, mOwners.hasDeviceOwner is 2342 // always false at this point. 2343 if (StorageManager.inCryptKeeperBounce()) { 2344 return; 2345 } 2346 2347 if (!mInjector.systemPropertiesGet(PROPERTY_DEVICE_OWNER_PRESENT, "").isEmpty()) { 2348 Slog.w(LOG_TAG, "Trying to set ro.device_owner, but it has already been set?"); 2349 } else { 2350 final String value = Boolean.toString(hasDeviceOwner); 2351 mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, value); 2352 Slog.i(LOG_TAG, "Set ro.device_owner property to " + value); 2353 2354 if (hasDeviceOwner && mInjector.securityLogGetLoggingEnabledProperty()) { 2355 mSecurityLogMonitor.start(); 2356 mInjector.runCryptoSelfTest(); 2357 maybePauseDeviceWideLoggingLocked(); 2358 } 2359 } 2360 } 2361 2362 private void findOwnerComponentIfNecessaryLocked() { 2363 if (!mOwners.hasDeviceOwner()) { 2364 return; 2365 } 2366 final ComponentName doComponentName = mOwners.getDeviceOwnerComponent(); 2367 2368 if (!TextUtils.isEmpty(doComponentName.getClassName())) { 2369 return; // Already a full component name. 2370 } 2371 2372 final ComponentName doComponent = findAdminComponentWithPackageLocked( 2373 doComponentName.getPackageName(), 2374 mOwners.getDeviceOwnerUserId()); 2375 if (doComponent == null) { 2376 Slog.e(LOG_TAG, "Device-owner isn't registered as device-admin"); 2377 } else { 2378 mOwners.setDeviceOwnerWithRestrictionsMigrated( 2379 doComponent, 2380 mOwners.getDeviceOwnerName(), 2381 mOwners.getDeviceOwnerUserId(), 2382 !mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()); 2383 mOwners.writeDeviceOwner(); 2384 if (VERBOSE_LOG) { 2385 Log.v(LOG_TAG, "Device owner component filled in"); 2386 } 2387 } 2388 } 2389 2390 /** 2391 * We didn't use to persist user restrictions for each owners but only persisted in user 2392 * manager. 2393 */ 2394 private void migrateUserRestrictionsIfNecessaryLocked() { 2395 boolean migrated = false; 2396 // Migrate for the DO. Basically all restrictions should be considered to be set by DO, 2397 // except for the "system controlled" ones. 2398 if (mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()) { 2399 if (VERBOSE_LOG) { 2400 Log.v(LOG_TAG, "Migrating DO user restrictions"); 2401 } 2402 migrated = true; 2403 2404 // Migrate user 0 restrictions to DO. 2405 final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 2406 2407 migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin, 2408 /* exceptionList =*/ null, /* isDeviceOwner =*/ true); 2409 2410 // Push DO user restrictions to user manager. 2411 pushUserRestrictions(UserHandle.USER_SYSTEM); 2412 2413 mOwners.setDeviceOwnerUserRestrictionsMigrated(); 2414 } 2415 2416 // Migrate for POs. 2417 2418 // The following restrictions can be set on secondary users by the device owner, so we 2419 // assume they're not from the PO. 2420 final Set<String> secondaryUserExceptionList = Sets.newArraySet( 2421 UserManager.DISALLOW_OUTGOING_CALLS, 2422 UserManager.DISALLOW_SMS); 2423 2424 for (UserInfo ui : mUserManager.getUsers()) { 2425 final int userId = ui.id; 2426 if (mOwners.getProfileOwnerUserRestrictionsNeedsMigration(userId)) { 2427 if (VERBOSE_LOG) { 2428 Log.v(LOG_TAG, "Migrating PO user restrictions for user " + userId); 2429 } 2430 migrated = true; 2431 2432 final ActiveAdmin profileOwnerAdmin = getProfileOwnerAdminLocked(userId); 2433 2434 final Set<String> exceptionList = 2435 (userId == UserHandle.USER_SYSTEM) ? null : secondaryUserExceptionList; 2436 2437 migrateUserRestrictionsForUser(ui.getUserHandle(), profileOwnerAdmin, 2438 exceptionList, /* isDeviceOwner =*/ false); 2439 2440 // Note if a secondary user has no PO but has a DA that disables camera, we 2441 // don't get here and won't push the camera user restriction to UserManager 2442 // here. That's okay because we'll push user restrictions anyway when a user 2443 // starts. But we still do it because we want to let user manager persist 2444 // upon migration. 2445 pushUserRestrictions(userId); 2446 2447 mOwners.setProfileOwnerUserRestrictionsMigrated(userId); 2448 } 2449 } 2450 if (VERBOSE_LOG && migrated) { 2451 Log.v(LOG_TAG, "User restrictions migrated."); 2452 } 2453 } 2454 2455 private void migrateUserRestrictionsForUser(UserHandle user, ActiveAdmin admin, 2456 Set<String> exceptionList, boolean isDeviceOwner) { 2457 final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions( 2458 user.getIdentifier()); 2459 2460 final Bundle newBaseRestrictions = new Bundle(); 2461 final Bundle newOwnerRestrictions = new Bundle(); 2462 2463 for (String key : origRestrictions.keySet()) { 2464 if (!origRestrictions.getBoolean(key)) { 2465 continue; 2466 } 2467 final boolean canOwnerChange = isDeviceOwner 2468 ? UserRestrictionsUtils.canDeviceOwnerChange(key) 2469 : UserRestrictionsUtils.canProfileOwnerChange(key, user.getIdentifier()); 2470 2471 if (!canOwnerChange || (exceptionList!= null && exceptionList.contains(key))) { 2472 newBaseRestrictions.putBoolean(key, true); 2473 } else { 2474 newOwnerRestrictions.putBoolean(key, true); 2475 } 2476 } 2477 2478 if (VERBOSE_LOG) { 2479 Log.v(LOG_TAG, "origRestrictions=" + origRestrictions); 2480 Log.v(LOG_TAG, "newBaseRestrictions=" + newBaseRestrictions); 2481 Log.v(LOG_TAG, "newOwnerRestrictions=" + newOwnerRestrictions); 2482 } 2483 mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(), 2484 newBaseRestrictions); 2485 2486 if (admin != null) { 2487 admin.ensureUserRestrictions().clear(); 2488 admin.ensureUserRestrictions().putAll(newOwnerRestrictions); 2489 } else { 2490 Slog.w(LOG_TAG, "ActiveAdmin for DO/PO not found. user=" + user.getIdentifier()); 2491 } 2492 saveSettingsLocked(user.getIdentifier()); 2493 } 2494 2495 private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) { 2496 final DevicePolicyData policy = getUserData(userId); 2497 final int n = policy.mAdminList.size(); 2498 ComponentName found = null; 2499 int nFound = 0; 2500 for (int i = 0; i < n; i++) { 2501 final ActiveAdmin admin = policy.mAdminList.get(i); 2502 if (packageName.equals(admin.info.getPackageName())) { 2503 // Found! 2504 if (nFound == 0) { 2505 found = admin.info.getComponent(); 2506 } 2507 nFound++; 2508 } 2509 } 2510 if (nFound > 1) { 2511 Slog.w(LOG_TAG, "Multiple DA found; assume the first one is DO."); 2512 } 2513 return found; 2514 } 2515 2516 /** 2517 * Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration 2518 * reminders. Clears alarm if no expirations are configured. 2519 */ 2520 private void setExpirationAlarmCheckLocked(Context context, int userHandle, boolean parent) { 2521 final long expiration = getPasswordExpirationLocked(null, userHandle, parent); 2522 final long now = System.currentTimeMillis(); 2523 final long timeToExpire = expiration - now; 2524 final long alarmTime; 2525 if (expiration == 0) { 2526 // No expirations are currently configured: Cancel alarm. 2527 alarmTime = 0; 2528 } else if (timeToExpire <= 0) { 2529 // The password has already expired: Repeat every 24 hours. 2530 alarmTime = now + MS_PER_DAY; 2531 } else { 2532 // Selecting the next alarm time: Roll forward to the next 24 hour multiple before 2533 // the expiration time. 2534 long alarmInterval = timeToExpire % MS_PER_DAY; 2535 if (alarmInterval == 0) { 2536 alarmInterval = MS_PER_DAY; 2537 } 2538 alarmTime = now + alarmInterval; 2539 } 2540 2541 long token = mInjector.binderClearCallingIdentity(); 2542 try { 2543 int affectedUserHandle = parent ? getProfileParentId(userHandle) : userHandle; 2544 AlarmManager am = mInjector.getAlarmManager(); 2545 PendingIntent pi = PendingIntent.getBroadcastAsUser(context, REQUEST_EXPIRE_PASSWORD, 2546 new Intent(ACTION_EXPIRED_PASSWORD_NOTIFICATION), 2547 PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_UPDATE_CURRENT, 2548 UserHandle.of(affectedUserHandle)); 2549 am.cancel(pi); 2550 if (alarmTime != 0) { 2551 am.set(AlarmManager.RTC, alarmTime, pi); 2552 } 2553 } finally { 2554 mInjector.binderRestoreCallingIdentity(token); 2555 } 2556 } 2557 2558 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) { 2559 ensureLocked(); 2560 ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who); 2561 if (admin != null 2562 && who.getPackageName().equals(admin.info.getActivityInfo().packageName) 2563 && who.getClassName().equals(admin.info.getActivityInfo().name)) { 2564 return admin; 2565 } 2566 return null; 2567 } 2568 2569 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle, boolean parent) { 2570 ensureLocked(); 2571 if (parent) { 2572 enforceManagedProfile(userHandle, "call APIs on the parent profile"); 2573 } 2574 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 2575 if (admin != null && parent) { 2576 admin = admin.getParentActiveAdmin(); 2577 } 2578 return admin; 2579 } 2580 2581 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy) 2582 throws SecurityException { 2583 ensureLocked(); 2584 final int callingUid = mInjector.binderGetCallingUid(); 2585 2586 ActiveAdmin result = getActiveAdminWithPolicyForUidLocked(who, reqPolicy, callingUid); 2587 if (result != null) { 2588 return result; 2589 } 2590 2591 if (who != null) { 2592 final int userId = UserHandle.getUserId(callingUid); 2593 final DevicePolicyData policy = getUserData(userId); 2594 ActiveAdmin admin = policy.mAdminMap.get(who); 2595 if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { 2596 throw new SecurityException("Admin " + admin.info.getComponent() 2597 + " does not own the device"); 2598 } 2599 if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { 2600 throw new SecurityException("Admin " + admin.info.getComponent() 2601 + " does not own the profile"); 2602 } 2603 throw new SecurityException("Admin " + admin.info.getComponent() 2604 + " did not specify uses-policy for: " 2605 + admin.info.getTagForPolicy(reqPolicy)); 2606 } else { 2607 throw new SecurityException("No active admin owned by uid " 2608 + mInjector.binderGetCallingUid() + " for policy #" + reqPolicy); 2609 } 2610 } 2611 2612 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy, boolean parent) 2613 throws SecurityException { 2614 ensureLocked(); 2615 if (parent) { 2616 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), 2617 "call APIs on the parent profile"); 2618 } 2619 ActiveAdmin admin = getActiveAdminForCallerLocked(who, reqPolicy); 2620 return parent ? admin.getParentActiveAdmin() : admin; 2621 } 2622 /** 2623 * Find the admin for the component and userId bit of the uid, then check 2624 * the admin's uid matches the uid. 2625 */ 2626 private ActiveAdmin getActiveAdminForUidLocked(ComponentName who, int uid) { 2627 ensureLocked(); 2628 final int userId = UserHandle.getUserId(uid); 2629 final DevicePolicyData policy = getUserData(userId); 2630 ActiveAdmin admin = policy.mAdminMap.get(who); 2631 if (admin == null) { 2632 throw new SecurityException("No active admin " + who); 2633 } 2634 if (admin.getUid() != uid) { 2635 throw new SecurityException("Admin " + who + " is not owned by uid " + uid); 2636 } 2637 return admin; 2638 } 2639 2640 private ActiveAdmin getActiveAdminWithPolicyForUidLocked(ComponentName who, int reqPolicy, 2641 int uid) { 2642 ensureLocked(); 2643 // Try to find an admin which can use reqPolicy 2644 final int userId = UserHandle.getUserId(uid); 2645 final DevicePolicyData policy = getUserData(userId); 2646 if (who != null) { 2647 ActiveAdmin admin = policy.mAdminMap.get(who); 2648 if (admin == null) { 2649 throw new SecurityException("No active admin " + who); 2650 } 2651 if (admin.getUid() != uid) { 2652 throw new SecurityException("Admin " + who + " is not owned by uid " + uid); 2653 } 2654 if (isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, userId)) { 2655 return admin; 2656 } 2657 } else { 2658 for (ActiveAdmin admin : policy.mAdminList) { 2659 if (admin.getUid() == uid && isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, 2660 userId)) { 2661 return admin; 2662 } 2663 } 2664 } 2665 2666 return null; 2667 } 2668 2669 @VisibleForTesting 2670 boolean isActiveAdminWithPolicyForUserLocked(ActiveAdmin admin, int reqPolicy, 2671 int userId) { 2672 ensureLocked(); 2673 final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userId); 2674 final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userId); 2675 2676 if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { 2677 return ownsDevice; 2678 } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { 2679 // DO always has the PO power. 2680 return ownsDevice || ownsProfile; 2681 } else { 2682 return admin.info.usesPolicy(reqPolicy); 2683 } 2684 } 2685 2686 void sendAdminCommandLocked(ActiveAdmin admin, String action) { 2687 sendAdminCommandLocked(admin, action, null); 2688 } 2689 2690 void sendAdminCommandLocked(ActiveAdmin admin, String action, BroadcastReceiver result) { 2691 sendAdminCommandLocked(admin, action, null, result); 2692 } 2693 2694 void sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras, 2695 BroadcastReceiver result) { 2696 sendAdminCommandLocked(admin, action, adminExtras, result, false); 2697 } 2698 2699 /** 2700 * Send an update to one specific admin, get notified when that admin returns a result. 2701 * 2702 * @return whether the broadcast was successfully sent 2703 */ 2704 boolean sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras, 2705 BroadcastReceiver result, boolean inForeground) { 2706 Intent intent = new Intent(action); 2707 intent.setComponent(admin.info.getComponent()); 2708 if (UserManager.isDeviceInDemoMode(mContext)) { 2709 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 2710 } 2711 if (action.equals(DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING)) { 2712 intent.putExtra("expiration", admin.passwordExpirationDate); 2713 } 2714 if (inForeground) { 2715 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 2716 } 2717 if (adminExtras != null) { 2718 intent.putExtras(adminExtras); 2719 } 2720 if (mInjector.getPackageManager().queryBroadcastReceiversAsUser( 2721 intent, 2722 PackageManager.MATCH_DEBUG_TRIAGED_MISSING, 2723 admin.getUserHandle()).isEmpty()) { 2724 return false; 2725 } 2726 if (result != null) { 2727 mContext.sendOrderedBroadcastAsUser(intent, admin.getUserHandle(), 2728 null, result, mHandler, Activity.RESULT_OK, null, null); 2729 } else { 2730 mContext.sendBroadcastAsUser(intent, admin.getUserHandle()); 2731 } 2732 return true; 2733 } 2734 2735 /** 2736 * Send an update to all admins of a user that enforce a specified policy. 2737 */ 2738 void sendAdminCommandLocked(String action, int reqPolicy, int userHandle, Bundle adminExtras) { 2739 final DevicePolicyData policy = getUserData(userHandle); 2740 final int count = policy.mAdminList.size(); 2741 for (int i = 0; i < count; i++) { 2742 final ActiveAdmin admin = policy.mAdminList.get(i); 2743 if (admin.info.usesPolicy(reqPolicy)) { 2744 sendAdminCommandLocked(admin, action, adminExtras, null); 2745 } 2746 } 2747 } 2748 2749 /** 2750 * Send an update intent to all admins of a user and its profiles. Only send to admins that 2751 * enforce a specified policy. 2752 */ 2753 private void sendAdminCommandToSelfAndProfilesLocked(String action, int reqPolicy, 2754 int userHandle, Bundle adminExtras) { 2755 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userHandle); 2756 for (int profileId : profileIds) { 2757 sendAdminCommandLocked(action, reqPolicy, profileId, adminExtras); 2758 } 2759 } 2760 2761 /** 2762 * Sends a broadcast to each profile that share the password unlock with the given user id. 2763 */ 2764 private void sendAdminCommandForLockscreenPoliciesLocked( 2765 String action, int reqPolicy, int userHandle) { 2766 final Bundle extras = new Bundle(); 2767 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 2768 if (isSeparateProfileChallengeEnabled(userHandle)) { 2769 sendAdminCommandLocked(action, reqPolicy, userHandle, extras); 2770 } else { 2771 sendAdminCommandToSelfAndProfilesLocked(action, reqPolicy, userHandle, extras); 2772 } 2773 } 2774 2775 void removeActiveAdminLocked(final ComponentName adminReceiver, final int userHandle) { 2776 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 2777 DevicePolicyData policy = getUserData(userHandle); 2778 if (admin != null && !policy.mRemovingAdmins.contains(adminReceiver)) { 2779 policy.mRemovingAdmins.add(adminReceiver); 2780 sendAdminCommandLocked(admin, 2781 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED, 2782 new BroadcastReceiver() { 2783 @Override 2784 public void onReceive(Context context, Intent intent) { 2785 removeAdminArtifacts(adminReceiver, userHandle); 2786 removePackageIfRequired(adminReceiver.getPackageName(), userHandle); 2787 } 2788 }); 2789 } 2790 } 2791 2792 2793 public DeviceAdminInfo findAdmin(ComponentName adminName, int userHandle, 2794 boolean throwForMissingPermission) { 2795 if (!mHasFeature) { 2796 return null; 2797 } 2798 enforceFullCrossUsersPermission(userHandle); 2799 ActivityInfo ai = null; 2800 try { 2801 ai = mIPackageManager.getReceiverInfo(adminName, 2802 PackageManager.GET_META_DATA | 2803 PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS | 2804 PackageManager.MATCH_DIRECT_BOOT_AWARE | 2805 PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userHandle); 2806 } catch (RemoteException e) { 2807 // shouldn't happen. 2808 } 2809 if (ai == null) { 2810 throw new IllegalArgumentException("Unknown admin: " + adminName); 2811 } 2812 2813 if (!permission.BIND_DEVICE_ADMIN.equals(ai.permission)) { 2814 final String message = "DeviceAdminReceiver " + adminName + " must be protected with " 2815 + permission.BIND_DEVICE_ADMIN; 2816 Slog.w(LOG_TAG, message); 2817 if (throwForMissingPermission && 2818 ai.applicationInfo.targetSdkVersion > Build.VERSION_CODES.M) { 2819 throw new IllegalArgumentException(message); 2820 } 2821 } 2822 2823 try { 2824 return new DeviceAdminInfo(mContext, ai); 2825 } catch (XmlPullParserException | IOException e) { 2826 Slog.w(LOG_TAG, "Bad device admin requested for user=" + userHandle + ": " + adminName, 2827 e); 2828 return null; 2829 } 2830 } 2831 2832 private File getPolicyFileDirectory(@UserIdInt int userId) { 2833 return userId == UserHandle.USER_SYSTEM 2834 ? new File(mInjector.getDevicePolicyFilePathForSystemUser()) 2835 : mInjector.environmentGetUserSystemDirectory(userId); 2836 } 2837 2838 private JournaledFile makeJournaledFile(@UserIdInt int userId) { 2839 final String base = new File(getPolicyFileDirectory(userId), DEVICE_POLICIES_XML) 2840 .getAbsolutePath(); 2841 if (VERBOSE_LOG) { 2842 Log.v(LOG_TAG, "Opening " + base); 2843 } 2844 return new JournaledFile(new File(base), new File(base + ".tmp")); 2845 } 2846 2847 private void saveSettingsLocked(int userHandle) { 2848 DevicePolicyData policy = getUserData(userHandle); 2849 JournaledFile journal = makeJournaledFile(userHandle); 2850 FileOutputStream stream = null; 2851 try { 2852 stream = new FileOutputStream(journal.chooseForWrite(), false); 2853 XmlSerializer out = new FastXmlSerializer(); 2854 out.setOutput(stream, StandardCharsets.UTF_8.name()); 2855 out.startDocument(null, true); 2856 2857 out.startTag(null, "policies"); 2858 if (policy.mRestrictionsProvider != null) { 2859 out.attribute(null, ATTR_PERMISSION_PROVIDER, 2860 policy.mRestrictionsProvider.flattenToString()); 2861 } 2862 if (policy.mUserSetupComplete) { 2863 out.attribute(null, ATTR_SETUP_COMPLETE, 2864 Boolean.toString(true)); 2865 } 2866 if (policy.mPaired) { 2867 out.attribute(null, ATTR_DEVICE_PAIRED, 2868 Boolean.toString(true)); 2869 } 2870 if (policy.mDeviceProvisioningConfigApplied) { 2871 out.attribute(null, ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED, 2872 Boolean.toString(true)); 2873 } 2874 if (policy.mUserProvisioningState != DevicePolicyManager.STATE_USER_UNMANAGED) { 2875 out.attribute(null, ATTR_PROVISIONING_STATE, 2876 Integer.toString(policy.mUserProvisioningState)); 2877 } 2878 if (policy.mPermissionPolicy != DevicePolicyManager.PERMISSION_POLICY_PROMPT) { 2879 out.attribute(null, ATTR_PERMISSION_POLICY, 2880 Integer.toString(policy.mPermissionPolicy)); 2881 } 2882 2883 // Serialize delegations. 2884 for (int i = 0; i < policy.mDelegationMap.size(); ++i) { 2885 final String delegatePackage = policy.mDelegationMap.keyAt(i); 2886 final List<String> scopes = policy.mDelegationMap.valueAt(i); 2887 2888 // Every "delegation" tag serializes the information of one delegate-scope pair. 2889 for (String scope : scopes) { 2890 out.startTag(null, "delegation"); 2891 out.attribute(null, "delegatePackage", delegatePackage); 2892 out.attribute(null, "scope", scope); 2893 out.endTag(null, "delegation"); 2894 } 2895 } 2896 2897 final int N = policy.mAdminList.size(); 2898 for (int i=0; i<N; i++) { 2899 ActiveAdmin ap = policy.mAdminList.get(i); 2900 if (ap != null) { 2901 out.startTag(null, "admin"); 2902 out.attribute(null, "name", ap.info.getComponent().flattenToString()); 2903 ap.writeToXml(out); 2904 out.endTag(null, "admin"); 2905 } 2906 } 2907 2908 if (policy.mPasswordOwner >= 0) { 2909 out.startTag(null, "password-owner"); 2910 out.attribute(null, "value", Integer.toString(policy.mPasswordOwner)); 2911 out.endTag(null, "password-owner"); 2912 } 2913 2914 if (policy.mFailedPasswordAttempts != 0) { 2915 out.startTag(null, "failed-password-attempts"); 2916 out.attribute(null, "value", Integer.toString(policy.mFailedPasswordAttempts)); 2917 out.endTag(null, "failed-password-attempts"); 2918 } 2919 2920 // For FDE devices only, we save this flag so we can report on password sufficiency 2921 // before the user enters their password for the first time after a reboot. For 2922 // security reasons, we don't want to store the full set of active password metrics. 2923 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 2924 out.startTag(null, TAG_PASSWORD_VALIDITY); 2925 out.attribute(null, ATTR_VALUE, 2926 Boolean.toString(policy.mPasswordValidAtLastCheckpoint)); 2927 out.endTag(null, TAG_PASSWORD_VALIDITY); 2928 } 2929 2930 for (int i = 0; i < policy.mAcceptedCaCertificates.size(); i++) { 2931 out.startTag(null, TAG_ACCEPTED_CA_CERTIFICATES); 2932 out.attribute(null, ATTR_NAME, policy.mAcceptedCaCertificates.valueAt(i)); 2933 out.endTag(null, TAG_ACCEPTED_CA_CERTIFICATES); 2934 } 2935 2936 for (int i=0; i<policy.mLockTaskPackages.size(); i++) { 2937 String component = policy.mLockTaskPackages.get(i); 2938 out.startTag(null, TAG_LOCK_TASK_COMPONENTS); 2939 out.attribute(null, "name", component); 2940 out.endTag(null, TAG_LOCK_TASK_COMPONENTS); 2941 } 2942 2943 if (policy.mLockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE) { 2944 out.startTag(null, TAG_LOCK_TASK_FEATURES); 2945 out.attribute(null, ATTR_VALUE, Integer.toString(policy.mLockTaskFeatures)); 2946 out.endTag(null, TAG_LOCK_TASK_FEATURES); 2947 } 2948 2949 if (policy.mStatusBarDisabled) { 2950 out.startTag(null, TAG_STATUS_BAR); 2951 out.attribute(null, ATTR_DISABLED, Boolean.toString(policy.mStatusBarDisabled)); 2952 out.endTag(null, TAG_STATUS_BAR); 2953 } 2954 2955 if (policy.doNotAskCredentialsOnBoot) { 2956 out.startTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML); 2957 out.endTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML); 2958 } 2959 2960 for (String id : policy.mAffiliationIds) { 2961 out.startTag(null, TAG_AFFILIATION_ID); 2962 out.attribute(null, ATTR_ID, id); 2963 out.endTag(null, TAG_AFFILIATION_ID); 2964 } 2965 2966 if (policy.mLastSecurityLogRetrievalTime >= 0) { 2967 out.startTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL); 2968 out.attribute(null, ATTR_VALUE, 2969 Long.toString(policy.mLastSecurityLogRetrievalTime)); 2970 out.endTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL); 2971 } 2972 2973 if (policy.mLastBugReportRequestTime >= 0) { 2974 out.startTag(null, TAG_LAST_BUG_REPORT_REQUEST); 2975 out.attribute(null, ATTR_VALUE, 2976 Long.toString(policy.mLastBugReportRequestTime)); 2977 out.endTag(null, TAG_LAST_BUG_REPORT_REQUEST); 2978 } 2979 2980 if (policy.mLastNetworkLogsRetrievalTime >= 0) { 2981 out.startTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL); 2982 out.attribute(null, ATTR_VALUE, 2983 Long.toString(policy.mLastNetworkLogsRetrievalTime)); 2984 out.endTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL); 2985 } 2986 2987 if (policy.mAdminBroadcastPending) { 2988 out.startTag(null, TAG_ADMIN_BROADCAST_PENDING); 2989 out.attribute(null, ATTR_VALUE, 2990 Boolean.toString(policy.mAdminBroadcastPending)); 2991 out.endTag(null, TAG_ADMIN_BROADCAST_PENDING); 2992 } 2993 2994 if (policy.mInitBundle != null) { 2995 out.startTag(null, TAG_INITIALIZATION_BUNDLE); 2996 policy.mInitBundle.saveToXml(out); 2997 out.endTag(null, TAG_INITIALIZATION_BUNDLE); 2998 } 2999 3000 if (policy.mPasswordTokenHandle != 0) { 3001 out.startTag(null, TAG_PASSWORD_TOKEN_HANDLE); 3002 out.attribute(null, ATTR_VALUE, 3003 Long.toString(policy.mPasswordTokenHandle)); 3004 out.endTag(null, TAG_PASSWORD_TOKEN_HANDLE); 3005 } 3006 3007 if (policy.mCurrentInputMethodSet) { 3008 out.startTag(null, TAG_CURRENT_INPUT_METHOD_SET); 3009 out.endTag(null, TAG_CURRENT_INPUT_METHOD_SET); 3010 } 3011 3012 for (final String cert : policy.mOwnerInstalledCaCerts) { 3013 out.startTag(null, TAG_OWNER_INSTALLED_CA_CERT); 3014 out.attribute(null, ATTR_ALIAS, cert); 3015 out.endTag(null, TAG_OWNER_INSTALLED_CA_CERT); 3016 } 3017 3018 out.endTag(null, "policies"); 3019 3020 out.endDocument(); 3021 stream.flush(); 3022 FileUtils.sync(stream); 3023 stream.close(); 3024 journal.commit(); 3025 sendChangedNotification(userHandle); 3026 } catch (XmlPullParserException | IOException e) { 3027 Slog.w(LOG_TAG, "failed writing file", e); 3028 try { 3029 if (stream != null) { 3030 stream.close(); 3031 } 3032 } catch (IOException ex) { 3033 // Ignore 3034 } 3035 journal.rollback(); 3036 } 3037 } 3038 3039 private void sendChangedNotification(int userHandle) { 3040 Intent intent = new Intent(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); 3041 intent.setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 3042 long ident = mInjector.binderClearCallingIdentity(); 3043 try { 3044 mContext.sendBroadcastAsUser(intent, new UserHandle(userHandle)); 3045 } finally { 3046 mInjector.binderRestoreCallingIdentity(ident); 3047 } 3048 } 3049 3050 private void loadSettingsLocked(DevicePolicyData policy, int userHandle) { 3051 JournaledFile journal = makeJournaledFile(userHandle); 3052 FileInputStream stream = null; 3053 File file = journal.chooseForRead(); 3054 boolean needsRewrite = false; 3055 try { 3056 stream = new FileInputStream(file); 3057 XmlPullParser parser = Xml.newPullParser(); 3058 parser.setInput(stream, StandardCharsets.UTF_8.name()); 3059 3060 int type; 3061 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT 3062 && type != XmlPullParser.START_TAG) { 3063 } 3064 String tag = parser.getName(); 3065 if (!"policies".equals(tag)) { 3066 throw new XmlPullParserException( 3067 "Settings do not start with policies tag: found " + tag); 3068 } 3069 3070 // Extract the permission provider component name if available 3071 String permissionProvider = parser.getAttributeValue(null, ATTR_PERMISSION_PROVIDER); 3072 if (permissionProvider != null) { 3073 policy.mRestrictionsProvider = ComponentName.unflattenFromString(permissionProvider); 3074 } 3075 String userSetupComplete = parser.getAttributeValue(null, ATTR_SETUP_COMPLETE); 3076 if (userSetupComplete != null && Boolean.toString(true).equals(userSetupComplete)) { 3077 policy.mUserSetupComplete = true; 3078 } 3079 String paired = parser.getAttributeValue(null, ATTR_DEVICE_PAIRED); 3080 if (paired != null && Boolean.toString(true).equals(paired)) { 3081 policy.mPaired = true; 3082 } 3083 String deviceProvisioningConfigApplied = parser.getAttributeValue(null, 3084 ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED); 3085 if (deviceProvisioningConfigApplied != null 3086 && Boolean.toString(true).equals(deviceProvisioningConfigApplied)) { 3087 policy.mDeviceProvisioningConfigApplied = true; 3088 } 3089 String provisioningState = parser.getAttributeValue(null, ATTR_PROVISIONING_STATE); 3090 if (!TextUtils.isEmpty(provisioningState)) { 3091 policy.mUserProvisioningState = Integer.parseInt(provisioningState); 3092 } 3093 String permissionPolicy = parser.getAttributeValue(null, ATTR_PERMISSION_POLICY); 3094 if (!TextUtils.isEmpty(permissionPolicy)) { 3095 policy.mPermissionPolicy = Integer.parseInt(permissionPolicy); 3096 } 3097 // Check for delegation compatibility with pre-O. 3098 // TODO(edmanp) remove in P. 3099 { 3100 final String certDelegate = parser.getAttributeValue(null, 3101 ATTR_DELEGATED_CERT_INSTALLER); 3102 if (certDelegate != null) { 3103 List<String> scopes = policy.mDelegationMap.get(certDelegate); 3104 if (scopes == null) { 3105 scopes = new ArrayList<>(); 3106 policy.mDelegationMap.put(certDelegate, scopes); 3107 } 3108 if (!scopes.contains(DELEGATION_CERT_INSTALL)) { 3109 scopes.add(DELEGATION_CERT_INSTALL); 3110 needsRewrite = true; 3111 } 3112 } 3113 final String appRestrictionsDelegate = parser.getAttributeValue(null, 3114 ATTR_APPLICATION_RESTRICTIONS_MANAGER); 3115 if (appRestrictionsDelegate != null) { 3116 List<String> scopes = policy.mDelegationMap.get(appRestrictionsDelegate); 3117 if (scopes == null) { 3118 scopes = new ArrayList<>(); 3119 policy.mDelegationMap.put(appRestrictionsDelegate, scopes); 3120 } 3121 if (!scopes.contains(DELEGATION_APP_RESTRICTIONS)) { 3122 scopes.add(DELEGATION_APP_RESTRICTIONS); 3123 needsRewrite = true; 3124 } 3125 } 3126 } 3127 3128 type = parser.next(); 3129 int outerDepth = parser.getDepth(); 3130 policy.mLockTaskPackages.clear(); 3131 policy.mAdminList.clear(); 3132 policy.mAdminMap.clear(); 3133 policy.mAffiliationIds.clear(); 3134 policy.mOwnerInstalledCaCerts.clear(); 3135 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT 3136 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 3137 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 3138 continue; 3139 } 3140 tag = parser.getName(); 3141 if ("admin".equals(tag)) { 3142 String name = parser.getAttributeValue(null, "name"); 3143 try { 3144 DeviceAdminInfo dai = findAdmin( 3145 ComponentName.unflattenFromString(name), userHandle, 3146 /* throwForMissingPermission= */ false); 3147 if (VERBOSE_LOG 3148 && (UserHandle.getUserId(dai.getActivityInfo().applicationInfo.uid) 3149 != userHandle)) { 3150 Slog.w(LOG_TAG, "findAdmin returned an incorrect uid " 3151 + dai.getActivityInfo().applicationInfo.uid + " for user " 3152 + userHandle); 3153 } 3154 if (dai != null) { 3155 ActiveAdmin ap = new ActiveAdmin(dai, /* parent */ false); 3156 ap.readFromXml(parser); 3157 policy.mAdminMap.put(ap.info.getComponent(), ap); 3158 } 3159 } catch (RuntimeException e) { 3160 Slog.w(LOG_TAG, "Failed loading admin " + name, e); 3161 } 3162 } else if ("delegation".equals(tag)) { 3163 // Parse delegation info. 3164 final String delegatePackage = parser.getAttributeValue(null, 3165 "delegatePackage"); 3166 final String scope = parser.getAttributeValue(null, "scope"); 3167 3168 // Get a reference to the scopes list for the delegatePackage. 3169 List<String> scopes = policy.mDelegationMap.get(delegatePackage); 3170 // Or make a new list if none was found. 3171 if (scopes == null) { 3172 scopes = new ArrayList<>(); 3173 policy.mDelegationMap.put(delegatePackage, scopes); 3174 } 3175 // Add the new scope to the list of delegatePackage if it's not already there. 3176 if (!scopes.contains(scope)) { 3177 scopes.add(scope); 3178 } 3179 } else if ("failed-password-attempts".equals(tag)) { 3180 policy.mFailedPasswordAttempts = Integer.parseInt( 3181 parser.getAttributeValue(null, "value")); 3182 } else if ("password-owner".equals(tag)) { 3183 policy.mPasswordOwner = Integer.parseInt( 3184 parser.getAttributeValue(null, "value")); 3185 } else if (TAG_ACCEPTED_CA_CERTIFICATES.equals(tag)) { 3186 policy.mAcceptedCaCertificates.add(parser.getAttributeValue(null, ATTR_NAME)); 3187 } else if (TAG_LOCK_TASK_COMPONENTS.equals(tag)) { 3188 policy.mLockTaskPackages.add(parser.getAttributeValue(null, "name")); 3189 } else if (TAG_LOCK_TASK_FEATURES.equals(tag)) { 3190 policy.mLockTaskFeatures = Integer.parseInt( 3191 parser.getAttributeValue(null, ATTR_VALUE)); 3192 } else if (TAG_STATUS_BAR.equals(tag)) { 3193 policy.mStatusBarDisabled = Boolean.parseBoolean( 3194 parser.getAttributeValue(null, ATTR_DISABLED)); 3195 } else if (DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML.equals(tag)) { 3196 policy.doNotAskCredentialsOnBoot = true; 3197 } else if (TAG_AFFILIATION_ID.equals(tag)) { 3198 policy.mAffiliationIds.add(parser.getAttributeValue(null, ATTR_ID)); 3199 } else if (TAG_LAST_SECURITY_LOG_RETRIEVAL.equals(tag)) { 3200 policy.mLastSecurityLogRetrievalTime = Long.parseLong( 3201 parser.getAttributeValue(null, ATTR_VALUE)); 3202 } else if (TAG_LAST_BUG_REPORT_REQUEST.equals(tag)) { 3203 policy.mLastBugReportRequestTime = Long.parseLong( 3204 parser.getAttributeValue(null, ATTR_VALUE)); 3205 } else if (TAG_LAST_NETWORK_LOG_RETRIEVAL.equals(tag)) { 3206 policy.mLastNetworkLogsRetrievalTime = Long.parseLong( 3207 parser.getAttributeValue(null, ATTR_VALUE)); 3208 } else if (TAG_ADMIN_BROADCAST_PENDING.equals(tag)) { 3209 String pending = parser.getAttributeValue(null, ATTR_VALUE); 3210 policy.mAdminBroadcastPending = Boolean.toString(true).equals(pending); 3211 } else if (TAG_INITIALIZATION_BUNDLE.equals(tag)) { 3212 policy.mInitBundle = PersistableBundle.restoreFromXml(parser); 3213 } else if ("active-password".equals(tag)) { 3214 // Remove password metrics from saved settings, as we no longer wish to store 3215 // these on disk 3216 needsRewrite = true; 3217 } else if (TAG_PASSWORD_VALIDITY.equals(tag)) { 3218 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 3219 // This flag is only used for FDE devices 3220 policy.mPasswordValidAtLastCheckpoint = Boolean.parseBoolean( 3221 parser.getAttributeValue(null, ATTR_VALUE)); 3222 } 3223 } else if (TAG_PASSWORD_TOKEN_HANDLE.equals(tag)) { 3224 policy.mPasswordTokenHandle = Long.parseLong( 3225 parser.getAttributeValue(null, ATTR_VALUE)); 3226 } else if (TAG_CURRENT_INPUT_METHOD_SET.equals(tag)) { 3227 policy.mCurrentInputMethodSet = true; 3228 } else if (TAG_OWNER_INSTALLED_CA_CERT.equals(tag)) { 3229 policy.mOwnerInstalledCaCerts.add(parser.getAttributeValue(null, ATTR_ALIAS)); 3230 } else { 3231 Slog.w(LOG_TAG, "Unknown tag: " + tag); 3232 XmlUtils.skipCurrentTag(parser); 3233 } 3234 } 3235 } catch (FileNotFoundException e) { 3236 // Don't be noisy, this is normal if we haven't defined any policies. 3237 } catch (NullPointerException | NumberFormatException | XmlPullParserException | IOException 3238 | IndexOutOfBoundsException e) { 3239 Slog.w(LOG_TAG, "failed parsing " + file, e); 3240 } 3241 try { 3242 if (stream != null) { 3243 stream.close(); 3244 } 3245 } catch (IOException e) { 3246 // Ignore 3247 } 3248 3249 // Generate a list of admins from the admin map 3250 policy.mAdminList.addAll(policy.mAdminMap.values()); 3251 3252 // Might need to upgrade the file by rewriting it 3253 if (needsRewrite) { 3254 saveSettingsLocked(userHandle); 3255 } 3256 3257 validatePasswordOwnerLocked(policy); 3258 updateMaximumTimeToLockLocked(userHandle); 3259 updateLockTaskPackagesLocked(policy.mLockTaskPackages, userHandle); 3260 updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle); 3261 if (policy.mStatusBarDisabled) { 3262 setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle); 3263 } 3264 } 3265 3266 private void updateLockTaskPackagesLocked(List<String> packages, int userId) { 3267 long ident = mInjector.binderClearCallingIdentity(); 3268 try { 3269 mInjector.getIActivityManager() 3270 .updateLockTaskPackages(userId, packages.toArray(new String[packages.size()])); 3271 } catch (RemoteException e) { 3272 // Not gonna happen. 3273 } finally { 3274 mInjector.binderRestoreCallingIdentity(ident); 3275 } 3276 } 3277 3278 private void updateLockTaskFeaturesLocked(int flags, int userId) { 3279 long ident = mInjector.binderClearCallingIdentity(); 3280 try { 3281 mInjector.getIActivityManager() 3282 .updateLockTaskFeatures(userId, flags); 3283 } catch (RemoteException e) { 3284 // Not gonna happen. 3285 } finally { 3286 mInjector.binderRestoreCallingIdentity(ident); 3287 } 3288 } 3289 3290 private void updateDeviceOwnerLocked() { 3291 long ident = mInjector.binderClearCallingIdentity(); 3292 try { 3293 // TODO This is to prevent DO from getting "clear data"ed, but it should also check the 3294 // user id and also protect all other DAs too. 3295 final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 3296 if (deviceOwnerComponent != null) { 3297 mInjector.getIActivityManager() 3298 .updateDeviceOwner(deviceOwnerComponent.getPackageName()); 3299 } 3300 } catch (RemoteException e) { 3301 // Not gonna happen. 3302 } finally { 3303 mInjector.binderRestoreCallingIdentity(ident); 3304 } 3305 } 3306 3307 static void validateQualityConstant(int quality) { 3308 switch (quality) { 3309 case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED: 3310 case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK: 3311 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: 3312 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: 3313 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: 3314 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: 3315 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: 3316 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: 3317 case DevicePolicyManager.PASSWORD_QUALITY_MANAGED: 3318 return; 3319 } 3320 throw new IllegalArgumentException("Invalid quality constant: 0x" 3321 + Integer.toHexString(quality)); 3322 } 3323 3324 void validatePasswordOwnerLocked(DevicePolicyData policy) { 3325 if (policy.mPasswordOwner >= 0) { 3326 boolean haveOwner = false; 3327 for (int i = policy.mAdminList.size() - 1; i >= 0; i--) { 3328 if (policy.mAdminList.get(i).getUid() == policy.mPasswordOwner) { 3329 haveOwner = true; 3330 break; 3331 } 3332 } 3333 if (!haveOwner) { 3334 Slog.w(LOG_TAG, "Previous password owner " + policy.mPasswordOwner 3335 + " no longer active; disabling"); 3336 policy.mPasswordOwner = -1; 3337 } 3338 } 3339 } 3340 3341 @VisibleForTesting 3342 @Override 3343 void systemReady(int phase) { 3344 if (!mHasFeature) { 3345 return; 3346 } 3347 switch (phase) { 3348 case SystemService.PHASE_LOCK_SETTINGS_READY: 3349 onLockSettingsReady(); 3350 loadAdminDataAsync(); 3351 break; 3352 case SystemService.PHASE_BOOT_COMPLETED: 3353 ensureDeviceOwnerUserStarted(); // TODO Consider better place to do this. 3354 break; 3355 } 3356 } 3357 3358 private void onLockSettingsReady() { 3359 getUserData(UserHandle.USER_SYSTEM); 3360 loadOwners(); 3361 cleanUpOldUsers(); 3362 maybeSetDefaultProfileOwnerUserRestrictions(); 3363 handleStartUser(UserHandle.USER_SYSTEM); 3364 maybeLogStart(); 3365 3366 // Register an observer for watching for user setup complete and settings changes. 3367 mSetupContentObserver.register(); 3368 // Initialize the user setup state, to handle the upgrade case. 3369 updateUserSetupCompleteAndPaired(); 3370 3371 List<String> packageList; 3372 synchronized (getLockObject()) { 3373 packageList = getKeepUninstalledPackagesLocked(); 3374 } 3375 if (packageList != null) { 3376 mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList); 3377 } 3378 3379 synchronized (getLockObject()) { 3380 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 3381 if (deviceOwner != null) { 3382 // Push the force-ephemeral-users policy to the user manager. 3383 mUserManagerInternal.setForceEphemeralUsers(deviceOwner.forceEphemeralUsers); 3384 3385 // Update user switcher message to activity manager. 3386 ActivityManagerInternal activityManagerInternal = 3387 mInjector.getActivityManagerInternal(); 3388 activityManagerInternal.setSwitchingFromSystemUserMessage( 3389 deviceOwner.startUserSessionMessage); 3390 activityManagerInternal.setSwitchingToSystemUserMessage( 3391 deviceOwner.endUserSessionMessage); 3392 } 3393 3394 revertTransferOwnershipIfNecessaryLocked(); 3395 } 3396 } 3397 3398 private void revertTransferOwnershipIfNecessaryLocked() { 3399 if (!mTransferOwnershipMetadataManager.metadataFileExists()) { 3400 return; 3401 } 3402 Slog.e(LOG_TAG, "Owner transfer metadata file exists! Reverting transfer."); 3403 final TransferOwnershipMetadataManager.Metadata metadata = 3404 mTransferOwnershipMetadataManager.loadMetadataFile(); 3405 // Revert transfer 3406 if (metadata.adminType.equals(ADMIN_TYPE_PROFILE_OWNER)) { 3407 transferProfileOwnershipLocked(metadata.targetComponent, metadata.sourceComponent, 3408 metadata.userId); 3409 deleteTransferOwnershipMetadataFileLocked(); 3410 deleteTransferOwnershipBundleLocked(metadata.userId); 3411 } else if (metadata.adminType.equals(ADMIN_TYPE_DEVICE_OWNER)) { 3412 transferDeviceOwnershipLocked(metadata.targetComponent, metadata.sourceComponent, 3413 metadata.userId); 3414 deleteTransferOwnershipMetadataFileLocked(); 3415 deleteTransferOwnershipBundleLocked(metadata.userId); 3416 } 3417 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ true); 3418 } 3419 3420 private void maybeLogStart() { 3421 if (!SecurityLog.isLoggingEnabled()) { 3422 return; 3423 } 3424 final String verifiedBootState = 3425 mInjector.systemPropertiesGet("ro.boot.verifiedbootstate"); 3426 final String verityMode = mInjector.systemPropertiesGet("ro.boot.veritymode"); 3427 SecurityLog.writeEvent(SecurityLog.TAG_OS_STARTUP, verifiedBootState, verityMode); 3428 } 3429 3430 private void ensureDeviceOwnerUserStarted() { 3431 final int userId; 3432 synchronized (getLockObject()) { 3433 if (!mOwners.hasDeviceOwner()) { 3434 return; 3435 } 3436 userId = mOwners.getDeviceOwnerUserId(); 3437 } 3438 if (VERBOSE_LOG) { 3439 Log.v(LOG_TAG, "Starting non-system DO user: " + userId); 3440 } 3441 if (userId != UserHandle.USER_SYSTEM) { 3442 try { 3443 mInjector.getIActivityManager().startUserInBackground(userId); 3444 3445 // STOPSHIP Prevent the DO user from being killed. 3446 3447 } catch (RemoteException e) { 3448 Slog.w(LOG_TAG, "Exception starting user", e); 3449 } 3450 } 3451 } 3452 3453 @Override 3454 void handleStartUser(int userId) { 3455 updateScreenCaptureDisabled(userId, 3456 getScreenCaptureDisabled(null, userId)); 3457 pushUserRestrictions(userId); 3458 3459 startOwnerService(userId, "start-user"); 3460 } 3461 3462 @Override 3463 void handleUnlockUser(int userId) { 3464 startOwnerService(userId, "unlock-user"); 3465 } 3466 3467 @Override 3468 void handleStopUser(int userId) { 3469 stopOwnerService(userId, "stop-user"); 3470 } 3471 3472 private void startOwnerService(int userId, String actionForLog) { 3473 final ComponentName owner = getOwnerComponent(userId); 3474 if (owner != null) { 3475 mDeviceAdminServiceController.startServiceForOwner( 3476 owner.getPackageName(), userId, actionForLog); 3477 } 3478 } 3479 3480 private void stopOwnerService(int userId, String actionForLog) { 3481 mDeviceAdminServiceController.stopServiceForOwner(userId, actionForLog); 3482 } 3483 3484 private void cleanUpOldUsers() { 3485 // This is needed in case the broadcast {@link Intent.ACTION_USER_REMOVED} was not handled 3486 // before reboot 3487 Set<Integer> usersWithProfileOwners; 3488 Set<Integer> usersWithData; 3489 synchronized (getLockObject()) { 3490 usersWithProfileOwners = mOwners.getProfileOwnerKeys(); 3491 usersWithData = new ArraySet<>(); 3492 for (int i = 0; i < mUserData.size(); i++) { 3493 usersWithData.add(mUserData.keyAt(i)); 3494 } 3495 } 3496 List<UserInfo> allUsers = mUserManager.getUsers(); 3497 3498 Set<Integer> deletedUsers = new ArraySet<>(); 3499 deletedUsers.addAll(usersWithProfileOwners); 3500 deletedUsers.addAll(usersWithData); 3501 for (UserInfo userInfo : allUsers) { 3502 deletedUsers.remove(userInfo.id); 3503 } 3504 for (Integer userId : deletedUsers) { 3505 removeUserData(userId); 3506 } 3507 } 3508 3509 private void handlePasswordExpirationNotification(int userHandle) { 3510 final Bundle adminExtras = new Bundle(); 3511 adminExtras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 3512 3513 synchronized (getLockObject()) { 3514 final long now = System.currentTimeMillis(); 3515 3516 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 3517 userHandle, /* parent */ false); 3518 final int N = admins.size(); 3519 for (int i = 0; i < N; i++) { 3520 ActiveAdmin admin = admins.get(i); 3521 if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD) 3522 && admin.passwordExpirationTimeout > 0L 3523 && now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS 3524 && admin.passwordExpirationDate > 0L) { 3525 sendAdminCommandLocked(admin, 3526 DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING, adminExtras, null); 3527 } 3528 } 3529 setExpirationAlarmCheckLocked(mContext, userHandle, /* parent */ false); 3530 } 3531 } 3532 3533 /** 3534 * Clean up internal state when the set of installed trusted CA certificates changes. 3535 * 3536 * @param userHandle user to check for. This must be a real user and not, for example, 3537 * {@link UserHandle#ALL}. 3538 * @param installedCertificates the full set of certificate authorities currently installed for 3539 * {@param userHandle}. After calling this function, {@code mAcceptedCaCertificates} will 3540 * correspond to some subset of this. 3541 */ 3542 protected void onInstalledCertificatesChanged(final UserHandle userHandle, 3543 final @NonNull Collection<String> installedCertificates) { 3544 if (!mHasFeature) { 3545 return; 3546 } 3547 enforceManageUsers(); 3548 3549 synchronized (getLockObject()) { 3550 final DevicePolicyData policy = getUserData(userHandle.getIdentifier()); 3551 3552 boolean changed = false; 3553 changed |= policy.mAcceptedCaCertificates.retainAll(installedCertificates); 3554 changed |= policy.mOwnerInstalledCaCerts.retainAll(installedCertificates); 3555 if (changed) { 3556 saveSettingsLocked(userHandle.getIdentifier()); 3557 } 3558 } 3559 } 3560 3561 /** 3562 * Internal method used by {@link CertificateMonitor}. 3563 */ 3564 protected Set<String> getAcceptedCaCertificates(final UserHandle userHandle) { 3565 if (!mHasFeature) { 3566 return Collections.<String> emptySet(); 3567 } 3568 synchronized (getLockObject()) { 3569 final DevicePolicyData policy = getUserData(userHandle.getIdentifier()); 3570 return policy.mAcceptedCaCertificates; 3571 } 3572 } 3573 3574 /** 3575 * @param adminReceiver The admin to add 3576 * @param refreshing true = update an active admin, no error 3577 */ 3578 @Override 3579 public void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle) { 3580 if (!mHasFeature) { 3581 return; 3582 } 3583 setActiveAdmin(adminReceiver, refreshing, userHandle, null); 3584 } 3585 3586 private void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle, 3587 Bundle onEnableData) { 3588 mContext.enforceCallingOrSelfPermission( 3589 android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); 3590 enforceFullCrossUsersPermission(userHandle); 3591 3592 DevicePolicyData policy = getUserData(userHandle); 3593 DeviceAdminInfo info = findAdmin(adminReceiver, userHandle, 3594 /* throwForMissingPermission= */ true); 3595 synchronized (getLockObject()) { 3596 checkActiveAdminPrecondition(adminReceiver, info, policy); 3597 long ident = mInjector.binderClearCallingIdentity(); 3598 try { 3599 final ActiveAdmin existingAdmin 3600 = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3601 if (!refreshing && existingAdmin != null) { 3602 throw new IllegalArgumentException("Admin is already added"); 3603 } 3604 ActiveAdmin newAdmin = new ActiveAdmin(info, /* parent */ false); 3605 newAdmin.testOnlyAdmin = 3606 (existingAdmin != null) ? existingAdmin.testOnlyAdmin 3607 : isPackageTestOnly(adminReceiver.getPackageName(), userHandle); 3608 policy.mAdminMap.put(adminReceiver, newAdmin); 3609 int replaceIndex = -1; 3610 final int N = policy.mAdminList.size(); 3611 for (int i=0; i < N; i++) { 3612 ActiveAdmin oldAdmin = policy.mAdminList.get(i); 3613 if (oldAdmin.info.getComponent().equals(adminReceiver)) { 3614 replaceIndex = i; 3615 break; 3616 } 3617 } 3618 if (replaceIndex == -1) { 3619 policy.mAdminList.add(newAdmin); 3620 enableIfNecessary(info.getPackageName(), userHandle); 3621 mUsageStatsManagerInternal.onActiveAdminAdded( 3622 adminReceiver.getPackageName(), userHandle); 3623 } else { 3624 policy.mAdminList.set(replaceIndex, newAdmin); 3625 } 3626 saveSettingsLocked(userHandle); 3627 sendAdminCommandLocked(newAdmin, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 3628 onEnableData, null); 3629 } finally { 3630 mInjector.binderRestoreCallingIdentity(ident); 3631 } 3632 } 3633 } 3634 3635 private void loadAdminDataAsync() { 3636 mInjector.postOnSystemServerInitThreadPool(() -> { 3637 pushActiveAdminPackages(); 3638 mUsageStatsManagerInternal.onAdminDataAvailable(); 3639 pushAllMeteredRestrictedPackages(); 3640 mInjector.getNetworkPolicyManagerInternal().onAdminDataAvailable(); 3641 }); 3642 } 3643 3644 private void pushActiveAdminPackages() { 3645 synchronized (getLockObject()) { 3646 final List<UserInfo> users = mUserManager.getUsers(); 3647 for (int i = users.size() - 1; i >= 0; --i) { 3648 final int userId = users.get(i).id; 3649 mUsageStatsManagerInternal.setActiveAdminApps( 3650 getActiveAdminPackagesLocked(userId), userId); 3651 } 3652 } 3653 } 3654 3655 private void pushAllMeteredRestrictedPackages() { 3656 synchronized (getLockObject()) { 3657 final List<UserInfo> users = mUserManager.getUsers(); 3658 for (int i = users.size() - 1; i >= 0; --i) { 3659 final int userId = users.get(i).id; 3660 mInjector.getNetworkPolicyManagerInternal().setMeteredRestrictedPackagesAsync( 3661 getMeteredDisabledPackagesLocked(userId), userId); 3662 } 3663 } 3664 } 3665 3666 private void pushActiveAdminPackagesLocked(int userId) { 3667 mUsageStatsManagerInternal.setActiveAdminApps( 3668 getActiveAdminPackagesLocked(userId), userId); 3669 } 3670 3671 private Set<String> getActiveAdminPackagesLocked(int userId) { 3672 final DevicePolicyData policy = getUserData(userId); 3673 Set<String> adminPkgs = null; 3674 for (int i = policy.mAdminList.size() - 1; i >= 0; --i) { 3675 final String pkgName = policy.mAdminList.get(i).info.getPackageName(); 3676 if (adminPkgs == null) { 3677 adminPkgs = new ArraySet<>(); 3678 } 3679 adminPkgs.add(pkgName); 3680 } 3681 return adminPkgs; 3682 } 3683 3684 private void transferActiveAdminUncheckedLocked(ComponentName incomingReceiver, 3685 ComponentName outgoingReceiver, int userHandle) { 3686 final DevicePolicyData policy = getUserData(userHandle); 3687 if (!policy.mAdminMap.containsKey(outgoingReceiver) 3688 && policy.mAdminMap.containsKey(incomingReceiver)) { 3689 // Nothing to transfer - the incoming receiver is already the active admin. 3690 return; 3691 } 3692 final DeviceAdminInfo incomingDeviceInfo = findAdmin(incomingReceiver, userHandle, 3693 /* throwForMissingPermission= */ true); 3694 final ActiveAdmin adminToTransfer = policy.mAdminMap.get(outgoingReceiver); 3695 final int oldAdminUid = adminToTransfer.getUid(); 3696 3697 adminToTransfer.transfer(incomingDeviceInfo); 3698 policy.mAdminMap.remove(outgoingReceiver); 3699 policy.mAdminMap.put(incomingReceiver, adminToTransfer); 3700 if (policy.mPasswordOwner == oldAdminUid) { 3701 policy.mPasswordOwner = adminToTransfer.getUid(); 3702 } 3703 3704 saveSettingsLocked(userHandle); 3705 sendAdminCommandLocked(adminToTransfer, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 3706 null, null); 3707 } 3708 3709 private void checkActiveAdminPrecondition(ComponentName adminReceiver, DeviceAdminInfo info, 3710 DevicePolicyData policy) { 3711 if (info == null) { 3712 throw new IllegalArgumentException("Bad admin: " + adminReceiver); 3713 } 3714 if (!info.getActivityInfo().applicationInfo.isInternal()) { 3715 throw new IllegalArgumentException("Only apps in internal storage can be active admin: " 3716 + adminReceiver); 3717 } 3718 if (info.getActivityInfo().applicationInfo.isInstantApp()) { 3719 throw new IllegalArgumentException("Instant apps cannot be device admins: " 3720 + adminReceiver); 3721 } 3722 if (policy.mRemovingAdmins.contains(adminReceiver)) { 3723 throw new IllegalArgumentException( 3724 "Trying to set an admin which is being removed"); 3725 } 3726 } 3727 3728 @Override 3729 public boolean isAdminActive(ComponentName adminReceiver, int userHandle) { 3730 if (!mHasFeature) { 3731 return false; 3732 } 3733 enforceFullCrossUsersPermission(userHandle); 3734 synchronized (getLockObject()) { 3735 return getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null; 3736 } 3737 } 3738 3739 @Override 3740 public boolean isRemovingAdmin(ComponentName adminReceiver, int userHandle) { 3741 if (!mHasFeature) { 3742 return false; 3743 } 3744 enforceFullCrossUsersPermission(userHandle); 3745 synchronized (getLockObject()) { 3746 DevicePolicyData policyData = getUserData(userHandle); 3747 return policyData.mRemovingAdmins.contains(adminReceiver); 3748 } 3749 } 3750 3751 @Override 3752 public boolean hasGrantedPolicy(ComponentName adminReceiver, int policyId, int userHandle) { 3753 if (!mHasFeature) { 3754 return false; 3755 } 3756 enforceFullCrossUsersPermission(userHandle); 3757 synchronized (getLockObject()) { 3758 ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3759 if (administrator == null) { 3760 throw new SecurityException("No active admin " + adminReceiver); 3761 } 3762 return administrator.info.usesPolicy(policyId); 3763 } 3764 } 3765 3766 @Override 3767 @SuppressWarnings("unchecked") 3768 public List<ComponentName> getActiveAdmins(int userHandle) { 3769 if (!mHasFeature) { 3770 return Collections.EMPTY_LIST; 3771 } 3772 3773 enforceFullCrossUsersPermission(userHandle); 3774 synchronized (getLockObject()) { 3775 DevicePolicyData policy = getUserData(userHandle); 3776 final int N = policy.mAdminList.size(); 3777 if (N <= 0) { 3778 return null; 3779 } 3780 ArrayList<ComponentName> res = new ArrayList<ComponentName>(N); 3781 for (int i=0; i<N; i++) { 3782 res.add(policy.mAdminList.get(i).info.getComponent()); 3783 } 3784 return res; 3785 } 3786 } 3787 3788 @Override 3789 public boolean packageHasActiveAdmins(String packageName, int userHandle) { 3790 if (!mHasFeature) { 3791 return false; 3792 } 3793 enforceFullCrossUsersPermission(userHandle); 3794 synchronized (getLockObject()) { 3795 DevicePolicyData policy = getUserData(userHandle); 3796 final int N = policy.mAdminList.size(); 3797 for (int i=0; i<N; i++) { 3798 if (policy.mAdminList.get(i).info.getPackageName().equals(packageName)) { 3799 return true; 3800 } 3801 } 3802 return false; 3803 } 3804 } 3805 3806 @Override 3807 public void forceRemoveActiveAdmin(ComponentName adminReceiver, int userHandle) { 3808 if (!mHasFeature) { 3809 return; 3810 } 3811 Preconditions.checkNotNull(adminReceiver, "ComponentName is null"); 3812 enforceShell("forceRemoveActiveAdmin"); 3813 long ident = mInjector.binderClearCallingIdentity(); 3814 try { 3815 synchronized (getLockObject()) { 3816 if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) { 3817 throw new SecurityException("Attempt to remove non-test admin " 3818 + adminReceiver + " " + userHandle); 3819 } 3820 3821 // If admin is a device or profile owner tidy that up first. 3822 if (isDeviceOwner(adminReceiver, userHandle)) { 3823 clearDeviceOwnerLocked(getDeviceOwnerAdminLocked(), userHandle); 3824 } 3825 if (isProfileOwner(adminReceiver, userHandle)) { 3826 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, 3827 userHandle, /* parent */ false); 3828 clearProfileOwnerLocked(admin, userHandle); 3829 } 3830 } 3831 // Remove the admin skipping sending the broadcast. 3832 removeAdminArtifacts(adminReceiver, userHandle); 3833 Slog.i(LOG_TAG, "Admin " + adminReceiver + " removed from user " + userHandle); 3834 } finally { 3835 mInjector.binderRestoreCallingIdentity(ident); 3836 } 3837 } 3838 3839 private void clearDeviceOwnerUserRestrictionLocked(UserHandle userHandle) { 3840 // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state 3841 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) { 3842 mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle); 3843 } 3844 } 3845 3846 /** 3847 * Return if a given package has testOnly="true", in which case we'll relax certain rules 3848 * for CTS. 3849 * 3850 * DO NOT use this method except in {@link #setActiveAdmin}. Use {@link #isAdminTestOnlyLocked} 3851 * to check wehter an active admin is test-only or not. 3852 * 3853 * The system allows this flag to be changed when an app is updated, which is not good 3854 * for us. So we persist the flag in {@link ActiveAdmin} when an admin is first installed, 3855 * and used the persisted version in actual checks. (See b/31382361 and b/28928996) 3856 */ 3857 private boolean isPackageTestOnly(String packageName, int userHandle) { 3858 final ApplicationInfo ai; 3859 try { 3860 ai = mInjector.getIPackageManager().getApplicationInfo(packageName, 3861 (PackageManager.MATCH_DIRECT_BOOT_AWARE 3862 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE), userHandle); 3863 } catch (RemoteException e) { 3864 throw new IllegalStateException(e); 3865 } 3866 if (ai == null) { 3867 throw new IllegalStateException("Couldn't find package: " 3868 + packageName + " on user " + userHandle); 3869 } 3870 return (ai.flags & ApplicationInfo.FLAG_TEST_ONLY) != 0; 3871 } 3872 3873 /** 3874 * See {@link #isPackageTestOnly}. 3875 */ 3876 private boolean isAdminTestOnlyLocked(ComponentName who, int userHandle) { 3877 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 3878 return (admin != null) && admin.testOnlyAdmin; 3879 } 3880 3881 private void enforceShell(String method) { 3882 final int callingUid = mInjector.binderGetCallingUid(); 3883 if (callingUid != Process.SHELL_UID && callingUid != Process.ROOT_UID) { 3884 throw new SecurityException("Non-shell user attempted to call " + method); 3885 } 3886 } 3887 3888 @Override 3889 public void removeActiveAdmin(ComponentName adminReceiver, int userHandle) { 3890 if (!mHasFeature) { 3891 return; 3892 } 3893 enforceFullCrossUsersPermission(userHandle); 3894 enforceUserUnlocked(userHandle); 3895 synchronized (getLockObject()) { 3896 ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3897 if (admin == null) { 3898 return; 3899 } 3900 // Active device/profile owners must remain active admins. 3901 if (isDeviceOwner(adminReceiver, userHandle) 3902 || isProfileOwner(adminReceiver, userHandle)) { 3903 Slog.e(LOG_TAG, "Device/profile owner cannot be removed: component=" + 3904 adminReceiver); 3905 return; 3906 } 3907 if (admin.getUid() != mInjector.binderGetCallingUid()) { 3908 mContext.enforceCallingOrSelfPermission( 3909 android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); 3910 } 3911 long ident = mInjector.binderClearCallingIdentity(); 3912 try { 3913 removeActiveAdminLocked(adminReceiver, userHandle); 3914 } finally { 3915 mInjector.binderRestoreCallingIdentity(ident); 3916 } 3917 } 3918 } 3919 3920 @Override 3921 public boolean isSeparateProfileChallengeAllowed(int userHandle) { 3922 ComponentName profileOwner = getProfileOwner(userHandle); 3923 // Profile challenge is supported on N or newer release. 3924 return profileOwner != null && 3925 getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M; 3926 } 3927 3928 @Override 3929 public void setPasswordQuality(ComponentName who, int quality, boolean parent) { 3930 if (!mHasFeature) { 3931 return; 3932 } 3933 Preconditions.checkNotNull(who, "ComponentName is null"); 3934 validateQualityConstant(quality); 3935 3936 final int userId = mInjector.userHandleGetCallingUserId(); 3937 synchronized (getLockObject()) { 3938 ActiveAdmin ap = getActiveAdminForCallerLocked( 3939 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3940 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 3941 if (metrics.quality != quality) { 3942 metrics.quality = quality; 3943 updatePasswordValidityCheckpointLocked(userId, parent); 3944 } 3945 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 3946 } 3947 } 3948 3949 /** 3950 * Updates a flag that tells us whether the user's password currently satisfies the 3951 * requirements set by all of the user's active admins. The flag is updated both in memory 3952 * and persisted to disk by calling {@link #saveSettingsLocked}, for the value of the flag 3953 * be the correct one upon boot. 3954 * This should be called whenever the password or the admin policies have changed. 3955 */ 3956 private void updatePasswordValidityCheckpointLocked(int userHandle, boolean parent) { 3957 final int credentialOwner = getCredentialOwner(userHandle, parent); 3958 DevicePolicyData policy = getUserData(credentialOwner); 3959 PasswordMetrics metrics = getUserPasswordMetricsLocked(credentialOwner); 3960 if (metrics == null) { 3961 metrics = new PasswordMetrics(); 3962 } 3963 policy.mPasswordValidAtLastCheckpoint = 3964 isPasswordSufficientForUserWithoutCheckpointLocked( 3965 metrics, userHandle, parent); 3966 3967 saveSettingsLocked(credentialOwner); 3968 } 3969 3970 @Override 3971 public int getPasswordQuality(ComponentName who, int userHandle, boolean parent) { 3972 if (!mHasFeature) { 3973 return PASSWORD_QUALITY_UNSPECIFIED; 3974 } 3975 enforceFullCrossUsersPermission(userHandle); 3976 synchronized (getLockObject()) { 3977 int mode = PASSWORD_QUALITY_UNSPECIFIED; 3978 3979 if (who != null) { 3980 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 3981 return admin != null ? admin.minimumPasswordMetrics.quality : mode; 3982 } 3983 3984 // Return the strictest policy across all participating admins. 3985 List<ActiveAdmin> admins = 3986 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 3987 final int N = admins.size(); 3988 for (int i = 0; i < N; i++) { 3989 ActiveAdmin admin = admins.get(i); 3990 if (mode < admin.minimumPasswordMetrics.quality) { 3991 mode = admin.minimumPasswordMetrics.quality; 3992 } 3993 } 3994 return mode; 3995 } 3996 } 3997 3998 private List<ActiveAdmin> getActiveAdminsForLockscreenPoliciesLocked( 3999 int userHandle, boolean parent) { 4000 if (!parent && isSeparateProfileChallengeEnabled(userHandle)) { 4001 // If this user has a separate challenge, only return its restrictions. 4002 return getUserDataUnchecked(userHandle).mAdminList; 4003 } else { 4004 // Return all admins for this user and the profiles that are visible from this 4005 // user that do not use a separate work challenge. 4006 ArrayList<ActiveAdmin> admins = new ArrayList<ActiveAdmin>(); 4007 for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { 4008 DevicePolicyData policy = getUserData(userInfo.id); 4009 if (!userInfo.isManagedProfile()) { 4010 admins.addAll(policy.mAdminList); 4011 } else { 4012 // For managed profiles, we always include the policies set on the parent 4013 // profile. Additionally, we include the ones set on the managed profile 4014 // if no separate challenge is in place. 4015 boolean hasSeparateChallenge = isSeparateProfileChallengeEnabled(userInfo.id); 4016 final int N = policy.mAdminList.size(); 4017 for (int i = 0; i < N; i++) { 4018 ActiveAdmin admin = policy.mAdminList.get(i); 4019 if (admin.hasParentActiveAdmin()) { 4020 admins.add(admin.getParentActiveAdmin()); 4021 } 4022 if (!hasSeparateChallenge) { 4023 admins.add(admin); 4024 } 4025 } 4026 } 4027 } 4028 return admins; 4029 } 4030 } 4031 4032 private boolean isSeparateProfileChallengeEnabled(int userHandle) { 4033 long ident = mInjector.binderClearCallingIdentity(); 4034 try { 4035 return mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle); 4036 } finally { 4037 mInjector.binderRestoreCallingIdentity(ident); 4038 } 4039 } 4040 4041 @Override 4042 public void setPasswordMinimumLength(ComponentName who, int length, boolean parent) { 4043 if (!mHasFeature) { 4044 return; 4045 } 4046 Preconditions.checkNotNull(who, "ComponentName is null"); 4047 final int userId = mInjector.userHandleGetCallingUserId(); 4048 synchronized (getLockObject()) { 4049 ActiveAdmin ap = getActiveAdminForCallerLocked( 4050 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4051 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4052 if (metrics.length != length) { 4053 metrics.length = length; 4054 updatePasswordValidityCheckpointLocked(userId, parent); 4055 } 4056 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4057 } 4058 } 4059 4060 @Override 4061 public int getPasswordMinimumLength(ComponentName who, int userHandle, boolean parent) { 4062 return getStrictestPasswordRequirement(who, userHandle, parent, 4063 admin -> admin.minimumPasswordMetrics.length, PASSWORD_QUALITY_UNSPECIFIED); 4064 } 4065 4066 @Override 4067 public void setPasswordHistoryLength(ComponentName who, int length, boolean parent) { 4068 if (!mHasFeature) { 4069 return; 4070 } 4071 Preconditions.checkNotNull(who, "ComponentName is null"); 4072 final int userId = mInjector.userHandleGetCallingUserId(); 4073 synchronized (getLockObject()) { 4074 ActiveAdmin ap = getActiveAdminForCallerLocked( 4075 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4076 if (ap.passwordHistoryLength != length) { 4077 ap.passwordHistoryLength = length; 4078 updatePasswordValidityCheckpointLocked(userId, parent); 4079 } 4080 } 4081 if (SecurityLog.isLoggingEnabled()) { 4082 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 4083 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_HISTORY_LENGTH_SET, 4084 who.getPackageName(), userId, affectedUserId, length); 4085 } 4086 } 4087 4088 @Override 4089 public int getPasswordHistoryLength(ComponentName who, int userHandle, boolean parent) { 4090 return getStrictestPasswordRequirement(who, userHandle, parent, 4091 admin -> admin.passwordHistoryLength, PASSWORD_QUALITY_UNSPECIFIED); 4092 } 4093 4094 @Override 4095 public void setPasswordExpirationTimeout(ComponentName who, long timeout, boolean parent) { 4096 if (!mHasFeature) { 4097 return; 4098 } 4099 Preconditions.checkNotNull(who, "ComponentName is null"); 4100 Preconditions.checkArgumentNonnegative(timeout, "Timeout must be >= 0 ms"); 4101 final int userHandle = mInjector.userHandleGetCallingUserId(); 4102 synchronized (getLockObject()) { 4103 ActiveAdmin ap = getActiveAdminForCallerLocked( 4104 who, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD, parent); 4105 // Calling this API automatically bumps the expiration date 4106 final long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L; 4107 ap.passwordExpirationDate = expiration; 4108 ap.passwordExpirationTimeout = timeout; 4109 if (timeout > 0L) { 4110 Slog.w(LOG_TAG, "setPasswordExpiration(): password will expire on " 4111 + DateFormat.getDateTimeInstance(DateFormat.DEFAULT, DateFormat.DEFAULT) 4112 .format(new Date(expiration))); 4113 } 4114 saveSettingsLocked(userHandle); 4115 4116 // in case this is the first one, set the alarm on the appropriate user. 4117 setExpirationAlarmCheckLocked(mContext, userHandle, parent); 4118 } 4119 if (SecurityLog.isLoggingEnabled()) { 4120 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 4121 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_EXPIRATION_SET, who.getPackageName(), 4122 userHandle, affectedUserId, timeout); 4123 } 4124 } 4125 4126 /** 4127 * Return a single admin's expiration cycle time, or the min of all cycle times. 4128 * Returns 0 if not configured. 4129 */ 4130 @Override 4131 public long getPasswordExpirationTimeout(ComponentName who, int userHandle, boolean parent) { 4132 if (!mHasFeature) { 4133 return 0L; 4134 } 4135 enforceFullCrossUsersPermission(userHandle); 4136 synchronized (getLockObject()) { 4137 long timeout = 0L; 4138 4139 if (who != null) { 4140 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4141 return admin != null ? admin.passwordExpirationTimeout : timeout; 4142 } 4143 4144 // Return the strictest policy across all participating admins. 4145 List<ActiveAdmin> admins = 4146 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4147 final int N = admins.size(); 4148 for (int i = 0; i < N; i++) { 4149 ActiveAdmin admin = admins.get(i); 4150 if (timeout == 0L || (admin.passwordExpirationTimeout != 0L 4151 && timeout > admin.passwordExpirationTimeout)) { 4152 timeout = admin.passwordExpirationTimeout; 4153 } 4154 } 4155 return timeout; 4156 } 4157 } 4158 4159 @Override 4160 public boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) { 4161 final int userId = UserHandle.getCallingUserId(); 4162 List<String> changedProviders = null; 4163 4164 synchronized (getLockObject()) { 4165 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4166 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4167 if (activeAdmin.crossProfileWidgetProviders == null) { 4168 activeAdmin.crossProfileWidgetProviders = new ArrayList<>(); 4169 } 4170 List<String> providers = activeAdmin.crossProfileWidgetProviders; 4171 if (!providers.contains(packageName)) { 4172 providers.add(packageName); 4173 changedProviders = new ArrayList<>(providers); 4174 saveSettingsLocked(userId); 4175 } 4176 } 4177 4178 if (changedProviders != null) { 4179 mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders); 4180 return true; 4181 } 4182 4183 return false; 4184 } 4185 4186 @Override 4187 public boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) { 4188 final int userId = UserHandle.getCallingUserId(); 4189 List<String> changedProviders = null; 4190 4191 synchronized (getLockObject()) { 4192 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4193 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4194 if (activeAdmin.crossProfileWidgetProviders == null 4195 || activeAdmin.crossProfileWidgetProviders.isEmpty()) { 4196 return false; 4197 } 4198 List<String> providers = activeAdmin.crossProfileWidgetProviders; 4199 if (providers.remove(packageName)) { 4200 changedProviders = new ArrayList<>(providers); 4201 saveSettingsLocked(userId); 4202 } 4203 } 4204 4205 if (changedProviders != null) { 4206 mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders); 4207 return true; 4208 } 4209 4210 return false; 4211 } 4212 4213 @Override 4214 public List<String> getCrossProfileWidgetProviders(ComponentName admin) { 4215 synchronized (getLockObject()) { 4216 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4217 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4218 if (activeAdmin.crossProfileWidgetProviders == null 4219 || activeAdmin.crossProfileWidgetProviders.isEmpty()) { 4220 return null; 4221 } 4222 if (mInjector.binderIsCallingUidMyUid()) { 4223 return new ArrayList<>(activeAdmin.crossProfileWidgetProviders); 4224 } else { 4225 return activeAdmin.crossProfileWidgetProviders; 4226 } 4227 } 4228 } 4229 4230 /** 4231 * Return a single admin's expiration date/time, or the min (soonest) for all admins. 4232 * Returns 0 if not configured. 4233 */ 4234 private long getPasswordExpirationLocked(ComponentName who, int userHandle, boolean parent) { 4235 long timeout = 0L; 4236 4237 if (who != null) { 4238 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4239 return admin != null ? admin.passwordExpirationDate : timeout; 4240 } 4241 4242 // Return the strictest policy across all participating admins. 4243 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4244 final int N = admins.size(); 4245 for (int i = 0; i < N; i++) { 4246 ActiveAdmin admin = admins.get(i); 4247 if (timeout == 0L || (admin.passwordExpirationDate != 0 4248 && timeout > admin.passwordExpirationDate)) { 4249 timeout = admin.passwordExpirationDate; 4250 } 4251 } 4252 return timeout; 4253 } 4254 4255 @Override 4256 public long getPasswordExpiration(ComponentName who, int userHandle, boolean parent) { 4257 if (!mHasFeature) { 4258 return 0L; 4259 } 4260 enforceFullCrossUsersPermission(userHandle); 4261 synchronized (getLockObject()) { 4262 return getPasswordExpirationLocked(who, userHandle, parent); 4263 } 4264 } 4265 4266 @Override 4267 public void setPasswordMinimumUpperCase(ComponentName who, int length, boolean parent) { 4268 if (!mHasFeature) { 4269 return; 4270 } 4271 Preconditions.checkNotNull(who, "ComponentName is null"); 4272 final int userId = mInjector.userHandleGetCallingUserId(); 4273 synchronized (getLockObject()) { 4274 final ActiveAdmin ap = getActiveAdminForCallerLocked( 4275 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4276 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4277 if (metrics.upperCase != length) { 4278 metrics.upperCase = length; 4279 updatePasswordValidityCheckpointLocked(userId, parent); 4280 } 4281 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4282 } 4283 } 4284 4285 @Override 4286 public int getPasswordMinimumUpperCase(ComponentName who, int userHandle, boolean parent) { 4287 return getStrictestPasswordRequirement(who, userHandle, parent, 4288 admin -> admin.minimumPasswordMetrics.upperCase, PASSWORD_QUALITY_COMPLEX); 4289 } 4290 4291 @Override 4292 public void setPasswordMinimumLowerCase(ComponentName who, int length, boolean parent) { 4293 Preconditions.checkNotNull(who, "ComponentName is null"); 4294 final int userId = mInjector.userHandleGetCallingUserId(); 4295 synchronized (getLockObject()) { 4296 ActiveAdmin ap = getActiveAdminForCallerLocked( 4297 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4298 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4299 if (metrics.lowerCase != length) { 4300 metrics.lowerCase = length; 4301 updatePasswordValidityCheckpointLocked(userId, parent); 4302 } 4303 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4304 } 4305 } 4306 4307 @Override 4308 public int getPasswordMinimumLowerCase(ComponentName who, int userHandle, boolean parent) { 4309 return getStrictestPasswordRequirement(who, userHandle, parent, 4310 admin -> admin.minimumPasswordMetrics.lowerCase, PASSWORD_QUALITY_COMPLEX); 4311 } 4312 4313 @Override 4314 public void setPasswordMinimumLetters(ComponentName who, int length, boolean parent) { 4315 if (!mHasFeature) { 4316 return; 4317 } 4318 Preconditions.checkNotNull(who, "ComponentName is null"); 4319 final int userId = mInjector.userHandleGetCallingUserId(); 4320 synchronized (getLockObject()) { 4321 ActiveAdmin ap = getActiveAdminForCallerLocked( 4322 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4323 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4324 if (metrics.letters != length) { 4325 metrics.letters = length; 4326 updatePasswordValidityCheckpointLocked(userId, parent); 4327 } 4328 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4329 } 4330 } 4331 4332 @Override 4333 public int getPasswordMinimumLetters(ComponentName who, int userHandle, boolean parent) { 4334 return getStrictestPasswordRequirement(who, userHandle, parent, 4335 admin -> admin.minimumPasswordMetrics.letters, PASSWORD_QUALITY_COMPLEX); 4336 } 4337 4338 @Override 4339 public void setPasswordMinimumNumeric(ComponentName who, int length, boolean parent) { 4340 if (!mHasFeature) { 4341 return; 4342 } 4343 Preconditions.checkNotNull(who, "ComponentName is null"); 4344 final int userId = mInjector.userHandleGetCallingUserId(); 4345 synchronized (getLockObject()) { 4346 ActiveAdmin ap = getActiveAdminForCallerLocked( 4347 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4348 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4349 if (metrics.numeric != length) { 4350 metrics.numeric = length; 4351 updatePasswordValidityCheckpointLocked(userId, parent); 4352 } 4353 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4354 } 4355 } 4356 4357 @Override 4358 public int getPasswordMinimumNumeric(ComponentName who, int userHandle, boolean parent) { 4359 return getStrictestPasswordRequirement(who, userHandle, parent, 4360 admin -> admin.minimumPasswordMetrics.numeric, PASSWORD_QUALITY_COMPLEX); 4361 } 4362 4363 @Override 4364 public void setPasswordMinimumSymbols(ComponentName who, int length, boolean parent) { 4365 if (!mHasFeature) { 4366 return; 4367 } 4368 Preconditions.checkNotNull(who, "ComponentName is null"); 4369 final int userId = mInjector.userHandleGetCallingUserId(); 4370 synchronized (getLockObject()) { 4371 ActiveAdmin ap = getActiveAdminForCallerLocked( 4372 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4373 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4374 if (metrics.symbols != length) { 4375 ap.minimumPasswordMetrics.symbols = length; 4376 updatePasswordValidityCheckpointLocked(userId, parent); 4377 } 4378 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4379 } 4380 } 4381 4382 @Override 4383 public int getPasswordMinimumSymbols(ComponentName who, int userHandle, boolean parent) { 4384 return getStrictestPasswordRequirement(who, userHandle, parent, 4385 admin -> admin.minimumPasswordMetrics.symbols, PASSWORD_QUALITY_COMPLEX); 4386 } 4387 4388 @Override 4389 public void setPasswordMinimumNonLetter(ComponentName who, int length, boolean parent) { 4390 if (!mHasFeature) { 4391 return; 4392 } 4393 Preconditions.checkNotNull(who, "ComponentName is null"); 4394 final int userId = mInjector.userHandleGetCallingUserId(); 4395 synchronized (getLockObject()) { 4396 ActiveAdmin ap = getActiveAdminForCallerLocked( 4397 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4398 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4399 if (metrics.nonLetter != length) { 4400 ap.minimumPasswordMetrics.nonLetter = length; 4401 updatePasswordValidityCheckpointLocked(userId, parent); 4402 } 4403 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4404 } 4405 } 4406 4407 @Override 4408 public int getPasswordMinimumNonLetter(ComponentName who, int userHandle, boolean parent) { 4409 return getStrictestPasswordRequirement(who, userHandle, parent, 4410 admin -> admin.minimumPasswordMetrics.nonLetter, PASSWORD_QUALITY_COMPLEX); 4411 } 4412 4413 /** 4414 * Calculates strictest (maximum) value for a given password property enforced by admin[s]. 4415 */ 4416 private int getStrictestPasswordRequirement(ComponentName who, int userHandle, 4417 boolean parent, Function<ActiveAdmin, Integer> getter, int minimumPasswordQuality) { 4418 if (!mHasFeature) { 4419 return 0; 4420 } 4421 enforceFullCrossUsersPermission(userHandle); 4422 synchronized (getLockObject()) { 4423 if (who != null) { 4424 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4425 return admin != null ? getter.apply(admin) : 0; 4426 } 4427 4428 int maxValue = 0; 4429 final List<ActiveAdmin> admins = 4430 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4431 final int N = admins.size(); 4432 for (int i = 0; i < N; i++) { 4433 final ActiveAdmin admin = admins.get(i); 4434 if (!isLimitPasswordAllowed(admin, minimumPasswordQuality)) { 4435 continue; 4436 } 4437 final Integer adminValue = getter.apply(admin); 4438 if (adminValue > maxValue) { 4439 maxValue = adminValue; 4440 } 4441 } 4442 return maxValue; 4443 } 4444 } 4445 4446 @Override 4447 public boolean isActivePasswordSufficient(int userHandle, boolean parent) { 4448 if (!mHasFeature) { 4449 return true; 4450 } 4451 enforceFullCrossUsersPermission(userHandle); 4452 enforceUserUnlocked(userHandle, parent); 4453 4454 synchronized (getLockObject()) { 4455 // This API can only be called by an active device admin, 4456 // so try to retrieve it to check that the caller is one. 4457 getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4458 int credentialOwner = getCredentialOwner(userHandle, parent); 4459 DevicePolicyData policy = getUserDataUnchecked(credentialOwner); 4460 PasswordMetrics metrics = getUserPasswordMetricsLocked(credentialOwner); 4461 return isActivePasswordSufficientForUserLocked( 4462 policy.mPasswordValidAtLastCheckpoint, metrics, userHandle, parent); 4463 } 4464 } 4465 4466 @Override 4467 public boolean isUsingUnifiedPassword(ComponentName admin) { 4468 if (!mHasFeature) { 4469 return true; 4470 } 4471 final int userId = mInjector.userHandleGetCallingUserId(); 4472 enforceProfileOrDeviceOwner(admin); 4473 enforceManagedProfile(userId, "query unified challenge status"); 4474 return !isSeparateProfileChallengeEnabled(userId); 4475 } 4476 4477 @Override 4478 public boolean isProfileActivePasswordSufficientForParent(int userHandle) { 4479 if (!mHasFeature) { 4480 return true; 4481 } 4482 enforceFullCrossUsersPermission(userHandle); 4483 enforceManagedProfile(userHandle, "call APIs refering to the parent profile"); 4484 4485 synchronized (getLockObject()) { 4486 final int targetUser = getProfileParentId(userHandle); 4487 enforceUserUnlocked(targetUser, false); 4488 int credentialOwner = getCredentialOwner(userHandle, false); 4489 DevicePolicyData policy = getUserDataUnchecked(credentialOwner); 4490 PasswordMetrics metrics = getUserPasswordMetricsLocked(credentialOwner); 4491 return isActivePasswordSufficientForUserLocked( 4492 policy.mPasswordValidAtLastCheckpoint, metrics, targetUser, false); 4493 } 4494 } 4495 4496 private boolean isActivePasswordSufficientForUserLocked( 4497 boolean passwordValidAtLastCheckpoint, PasswordMetrics metrics, int userHandle, 4498 boolean parent) { 4499 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled() && (metrics == null)) { 4500 // Before user enters their password for the first time after a reboot, return the 4501 // value of this flag, which tells us whether the password was valid the last time 4502 // settings were saved. If DPC changes password requirements on boot so that the 4503 // current password no longer meets the requirements, this value will be stale until 4504 // the next time the password is entered. 4505 return passwordValidAtLastCheckpoint; 4506 } 4507 4508 if (metrics == null) { 4509 // This could happen if the user never had a password set, for example, so 4510 // setActivePasswordState has never been called for it. 4511 metrics = new PasswordMetrics(); 4512 } 4513 return isPasswordSufficientForUserWithoutCheckpointLocked(metrics, userHandle, parent); 4514 } 4515 4516 /** 4517 * Returns {@code true} if the password represented by the {@code passwordMetrics} argument 4518 * sufficiently fulfills the password requirements for the user corresponding to 4519 * {@code userHandle} (or its parent, if {@code parent} is set to {@code true}). 4520 */ 4521 private boolean isPasswordSufficientForUserWithoutCheckpointLocked( 4522 PasswordMetrics passwordMetrics, int userHandle, boolean parent) { 4523 final int requiredPasswordQuality = getPasswordQuality(null, userHandle, parent); 4524 4525 if (passwordMetrics.quality < requiredPasswordQuality) { 4526 return false; 4527 } 4528 if (requiredPasswordQuality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC 4529 && passwordMetrics.length < getPasswordMinimumLength( 4530 null, userHandle, parent)) { 4531 return false; 4532 } 4533 if (requiredPasswordQuality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4534 return true; 4535 } 4536 return passwordMetrics.upperCase >= getPasswordMinimumUpperCase( 4537 null, userHandle, parent) 4538 && passwordMetrics.lowerCase >= getPasswordMinimumLowerCase( 4539 null, userHandle, parent) 4540 && passwordMetrics.letters >= getPasswordMinimumLetters( 4541 null, userHandle, parent) 4542 && passwordMetrics.numeric >= getPasswordMinimumNumeric( 4543 null, userHandle, parent) 4544 && passwordMetrics.symbols >= getPasswordMinimumSymbols( 4545 null, userHandle, parent) 4546 && passwordMetrics.nonLetter >= getPasswordMinimumNonLetter( 4547 null, userHandle, parent); 4548 } 4549 4550 @Override 4551 public int getCurrentFailedPasswordAttempts(int userHandle, boolean parent) { 4552 enforceFullCrossUsersPermission(userHandle); 4553 synchronized (getLockObject()) { 4554 if (!isCallerWithSystemUid()) { 4555 // This API can only be called by an active device admin, 4556 // so try to retrieve it to check that the caller is one. 4557 getActiveAdminForCallerLocked( 4558 null, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent); 4559 } 4560 4561 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent)); 4562 4563 return policy.mFailedPasswordAttempts; 4564 } 4565 } 4566 4567 @Override 4568 public void setMaximumFailedPasswordsForWipe(ComponentName who, int num, boolean parent) { 4569 if (!mHasFeature) { 4570 return; 4571 } 4572 Preconditions.checkNotNull(who, "ComponentName is null"); 4573 final int userId = mInjector.userHandleGetCallingUserId(); 4574 synchronized (getLockObject()) { 4575 // This API can only be called by an active device admin, 4576 // so try to retrieve it to check that the caller is one. 4577 getActiveAdminForCallerLocked( 4578 who, DeviceAdminInfo.USES_POLICY_WIPE_DATA, parent); 4579 ActiveAdmin ap = getActiveAdminForCallerLocked( 4580 who, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent); 4581 if (ap.maximumFailedPasswordsForWipe != num) { 4582 ap.maximumFailedPasswordsForWipe = num; 4583 saveSettingsLocked(userId); 4584 } 4585 } 4586 if (SecurityLog.isLoggingEnabled()) { 4587 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 4588 SecurityLog.writeEvent(SecurityLog.TAG_MAX_PASSWORD_ATTEMPTS_SET, who.getPackageName(), 4589 userId, affectedUserId, num); 4590 } 4591 } 4592 4593 @Override 4594 public int getMaximumFailedPasswordsForWipe(ComponentName who, int userHandle, boolean parent) { 4595 if (!mHasFeature) { 4596 return 0; 4597 } 4598 enforceFullCrossUsersPermission(userHandle); 4599 synchronized (getLockObject()) { 4600 ActiveAdmin admin = (who != null) 4601 ? getActiveAdminUncheckedLocked(who, userHandle, parent) 4602 : getAdminWithMinimumFailedPasswordsForWipeLocked(userHandle, parent); 4603 return admin != null ? admin.maximumFailedPasswordsForWipe : 0; 4604 } 4605 } 4606 4607 @Override 4608 public int getProfileWithMinimumFailedPasswordsForWipe(int userHandle, boolean parent) { 4609 if (!mHasFeature) { 4610 return UserHandle.USER_NULL; 4611 } 4612 enforceFullCrossUsersPermission(userHandle); 4613 synchronized (getLockObject()) { 4614 ActiveAdmin admin = getAdminWithMinimumFailedPasswordsForWipeLocked( 4615 userHandle, parent); 4616 return admin != null ? admin.getUserHandle().getIdentifier() : UserHandle.USER_NULL; 4617 } 4618 } 4619 4620 /** 4621 * Returns the admin with the strictest policy on maximum failed passwords for: 4622 * <ul> 4623 * <li>this user if it has a separate profile challenge, or 4624 * <li>this user and all profiles that don't have their own challenge otherwise. 4625 * </ul> 4626 * <p>If the policy for the primary and any other profile are equal, it returns the admin for 4627 * the primary profile. 4628 * Returns {@code null} if no participating admin has that policy set. 4629 */ 4630 private ActiveAdmin getAdminWithMinimumFailedPasswordsForWipeLocked( 4631 int userHandle, boolean parent) { 4632 int count = 0; 4633 ActiveAdmin strictestAdmin = null; 4634 4635 // Return the strictest policy across all participating admins. 4636 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4637 final int N = admins.size(); 4638 for (int i = 0; i < N; i++) { 4639 ActiveAdmin admin = admins.get(i); 4640 if (admin.maximumFailedPasswordsForWipe == 4641 ActiveAdmin.DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) { 4642 continue; // No max number of failed passwords policy set for this profile. 4643 } 4644 4645 // We always favor the primary profile if several profiles have the same value set. 4646 int userId = admin.getUserHandle().getIdentifier(); 4647 if (count == 0 || 4648 count > admin.maximumFailedPasswordsForWipe || 4649 (count == admin.maximumFailedPasswordsForWipe && 4650 getUserInfo(userId).isPrimary())) { 4651 count = admin.maximumFailedPasswordsForWipe; 4652 strictestAdmin = admin; 4653 } 4654 } 4655 return strictestAdmin; 4656 } 4657 4658 private UserInfo getUserInfo(@UserIdInt int userId) { 4659 final long token = mInjector.binderClearCallingIdentity(); 4660 try { 4661 return mUserManager.getUserInfo(userId); 4662 } finally { 4663 mInjector.binderRestoreCallingIdentity(token); 4664 } 4665 } 4666 4667 private boolean canPOorDOCallResetPassword(ActiveAdmin admin, @UserIdInt int userId) { 4668 // Only if the admins targets a pre-O SDK 4669 return getTargetSdk(admin.info.getPackageName(), userId) < Build.VERSION_CODES.O; 4670 } 4671 4672 /* PO or DO could do an untrusted reset in certain conditions. */ 4673 private boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) { 4674 synchronized (getLockObject()) { 4675 // An active DO or PO might be able to fo an untrusted credential reset 4676 for (final ActiveAdmin admin : getUserData(userId).mAdminList) { 4677 if (!isActiveAdminWithPolicyForUserLocked(admin, 4678 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, userId)) { 4679 continue; 4680 } 4681 if (canPOorDOCallResetPassword(admin, userId)) { 4682 return true; 4683 } 4684 } 4685 return false; 4686 } 4687 } 4688 @Override 4689 public boolean resetPassword(String passwordOrNull, int flags) throws RemoteException { 4690 final int callingUid = mInjector.binderGetCallingUid(); 4691 final int userHandle = mInjector.userHandleGetCallingUserId(); 4692 4693 String password = passwordOrNull != null ? passwordOrNull : ""; 4694 4695 // Password resetting to empty/null is not allowed for managed profiles. 4696 if (TextUtils.isEmpty(password)) { 4697 enforceNotManagedProfile(userHandle, "clear the active password"); 4698 } 4699 4700 synchronized (getLockObject()) { 4701 // If caller has PO (or DO) it can change the password, so see if that's the case first. 4702 ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked( 4703 null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid); 4704 final boolean preN; 4705 if (admin != null) { 4706 if (!canPOorDOCallResetPassword(admin, userHandle)) { 4707 throw new SecurityException("resetPassword() is deprecated for DPC targeting O" 4708 + " or later"); 4709 } 4710 preN = getTargetSdk(admin.info.getPackageName(), 4711 userHandle) <= android.os.Build.VERSION_CODES.M; 4712 } else { 4713 // Otherwise, make sure the caller has any active admin with the right policy. 4714 admin = getActiveAdminForCallerLocked(null, 4715 DeviceAdminInfo.USES_POLICY_RESET_PASSWORD); 4716 preN = getTargetSdk(admin.info.getPackageName(), 4717 userHandle) <= android.os.Build.VERSION_CODES.M; 4718 4719 // As of N, password resetting to empty/null is not allowed anymore. 4720 // TODO Should we allow DO/PO to set an empty password? 4721 if (TextUtils.isEmpty(password)) { 4722 if (!preN) { 4723 throw new SecurityException("Cannot call with null password"); 4724 } else { 4725 Slog.e(LOG_TAG, "Cannot call with null password"); 4726 return false; 4727 } 4728 } 4729 // As of N, password cannot be changed by the admin if it is already set. 4730 if (isLockScreenSecureUnchecked(userHandle)) { 4731 if (!preN) { 4732 throw new SecurityException("Admin cannot change current password"); 4733 } else { 4734 Slog.e(LOG_TAG, "Admin cannot change current password"); 4735 return false; 4736 } 4737 } 4738 } 4739 // Do not allow to reset password when current user has a managed profile 4740 if (!isManagedProfile(userHandle)) { 4741 for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { 4742 if (userInfo.isManagedProfile()) { 4743 if (!preN) { 4744 throw new IllegalStateException( 4745 "Cannot reset password on user has managed profile"); 4746 } else { 4747 Slog.e(LOG_TAG, "Cannot reset password on user has managed profile"); 4748 return false; 4749 } 4750 } 4751 } 4752 } 4753 // Do not allow to reset password when user is locked 4754 if (!mUserManager.isUserUnlocked(userHandle)) { 4755 if (!preN) { 4756 throw new IllegalStateException("Cannot reset password when user is locked"); 4757 } else { 4758 Slog.e(LOG_TAG, "Cannot reset password when user is locked"); 4759 return false; 4760 } 4761 } 4762 } 4763 4764 return resetPasswordInternal(password, 0, null, flags, callingUid, userHandle); 4765 } 4766 4767 private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token, 4768 int flags, int callingUid, int userHandle) { 4769 int quality; 4770 synchronized (getLockObject()) { 4771 quality = getPasswordQuality(null, userHandle, /* parent */ false); 4772 if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) { 4773 quality = PASSWORD_QUALITY_UNSPECIFIED; 4774 } 4775 final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password); 4776 if (quality != PASSWORD_QUALITY_UNSPECIFIED) { 4777 final int realQuality = metrics.quality; 4778 if (realQuality < quality 4779 && quality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4780 Slog.w(LOG_TAG, "resetPassword: password quality 0x" 4781 + Integer.toHexString(realQuality) 4782 + " does not meet required quality 0x" 4783 + Integer.toHexString(quality)); 4784 return false; 4785 } 4786 quality = Math.max(realQuality, quality); 4787 } 4788 int length = getPasswordMinimumLength(null, userHandle, /* parent */ false); 4789 if (password.length() < length) { 4790 Slog.w(LOG_TAG, "resetPassword: password length " + password.length() 4791 + " does not meet required length " + length); 4792 return false; 4793 } 4794 if (quality == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4795 int neededLetters = getPasswordMinimumLetters(null, userHandle, /* parent */ false); 4796 if(metrics.letters < neededLetters) { 4797 Slog.w(LOG_TAG, "resetPassword: number of letters " + metrics.letters 4798 + " does not meet required number of letters " + neededLetters); 4799 return false; 4800 } 4801 int neededNumeric = getPasswordMinimumNumeric(null, userHandle, /* parent */ false); 4802 if (metrics.numeric < neededNumeric) { 4803 Slog.w(LOG_TAG, "resetPassword: number of numerical digits " + metrics.numeric 4804 + " does not meet required number of numerical digits " 4805 + neededNumeric); 4806 return false; 4807 } 4808 int neededLowerCase = getPasswordMinimumLowerCase( 4809 null, userHandle, /* parent */ false); 4810 if (metrics.lowerCase < neededLowerCase) { 4811 Slog.w(LOG_TAG, "resetPassword: number of lowercase letters " 4812 + metrics.lowerCase 4813 + " does not meet required number of lowercase letters " 4814 + neededLowerCase); 4815 return false; 4816 } 4817 int neededUpperCase = getPasswordMinimumUpperCase( 4818 null, userHandle, /* parent */ false); 4819 if (metrics.upperCase < neededUpperCase) { 4820 Slog.w(LOG_TAG, "resetPassword: number of uppercase letters " 4821 + metrics.upperCase 4822 + " does not meet required number of uppercase letters " 4823 + neededUpperCase); 4824 return false; 4825 } 4826 int neededSymbols = getPasswordMinimumSymbols(null, userHandle, /* parent */ false); 4827 if (metrics.symbols < neededSymbols) { 4828 Slog.w(LOG_TAG, "resetPassword: number of special symbols " + metrics.symbols 4829 + " does not meet required number of special symbols " + neededSymbols); 4830 return false; 4831 } 4832 int neededNonLetter = getPasswordMinimumNonLetter( 4833 null, userHandle, /* parent */ false); 4834 if (metrics.nonLetter < neededNonLetter) { 4835 Slog.w(LOG_TAG, "resetPassword: number of non-letter characters " 4836 + metrics.nonLetter 4837 + " does not meet required number of non-letter characters " 4838 + neededNonLetter); 4839 return false; 4840 } 4841 } 4842 } 4843 4844 DevicePolicyData policy = getUserData(userHandle); 4845 if (policy.mPasswordOwner >= 0 && policy.mPasswordOwner != callingUid) { 4846 Slog.w(LOG_TAG, "resetPassword: already set by another uid and not entered by user"); 4847 return false; 4848 } 4849 4850 boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwner(callingUid); 4851 boolean doNotAskCredentialsOnBoot = 4852 (flags & DevicePolicyManager.RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0; 4853 if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) { 4854 setDoNotAskCredentialsOnBoot(); 4855 } 4856 4857 // Don't do this with the lock held, because it is going to call 4858 // back in to the service. 4859 final long ident = mInjector.binderClearCallingIdentity(); 4860 final boolean result; 4861 try { 4862 if (token == null) { 4863 if (!TextUtils.isEmpty(password)) { 4864 mLockPatternUtils.saveLockPassword(password, null, quality, userHandle); 4865 } else { 4866 mLockPatternUtils.clearLock(null, userHandle); 4867 } 4868 result = true; 4869 } else { 4870 result = mLockPatternUtils.setLockCredentialWithToken(password, 4871 TextUtils.isEmpty(password) ? LockPatternUtils.CREDENTIAL_TYPE_NONE 4872 : LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 4873 quality, tokenHandle, token, userHandle); 4874 } 4875 boolean requireEntry = (flags & DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY) != 0; 4876 if (requireEntry) { 4877 mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, 4878 UserHandle.USER_ALL); 4879 } 4880 synchronized (getLockObject()) { 4881 int newOwner = requireEntry ? callingUid : -1; 4882 if (policy.mPasswordOwner != newOwner) { 4883 policy.mPasswordOwner = newOwner; 4884 saveSettingsLocked(userHandle); 4885 } 4886 } 4887 } finally { 4888 mInjector.binderRestoreCallingIdentity(ident); 4889 } 4890 return result; 4891 } 4892 4893 private boolean isLockScreenSecureUnchecked(int userId) { 4894 long ident = mInjector.binderClearCallingIdentity(); 4895 try { 4896 return mLockPatternUtils.isSecure(userId); 4897 } finally { 4898 mInjector.binderRestoreCallingIdentity(ident); 4899 } 4900 } 4901 4902 private void setDoNotAskCredentialsOnBoot() { 4903 synchronized (getLockObject()) { 4904 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 4905 if (!policyData.doNotAskCredentialsOnBoot) { 4906 policyData.doNotAskCredentialsOnBoot = true; 4907 saveSettingsLocked(UserHandle.USER_SYSTEM); 4908 } 4909 } 4910 } 4911 4912 @Override 4913 public boolean getDoNotAskCredentialsOnBoot() { 4914 mContext.enforceCallingOrSelfPermission( 4915 android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null); 4916 synchronized (getLockObject()) { 4917 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 4918 return policyData.doNotAskCredentialsOnBoot; 4919 } 4920 } 4921 4922 @Override 4923 public void setMaximumTimeToLock(ComponentName who, long timeMs, boolean parent) { 4924 if (!mHasFeature) { 4925 return; 4926 } 4927 Preconditions.checkNotNull(who, "ComponentName is null"); 4928 final int userHandle = mInjector.userHandleGetCallingUserId(); 4929 synchronized (getLockObject()) { 4930 ActiveAdmin ap = getActiveAdminForCallerLocked( 4931 who, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent); 4932 if (ap.maximumTimeToUnlock != timeMs) { 4933 ap.maximumTimeToUnlock = timeMs; 4934 saveSettingsLocked(userHandle); 4935 updateMaximumTimeToLockLocked(userHandle); 4936 } 4937 } 4938 if (SecurityLog.isLoggingEnabled()) { 4939 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 4940 SecurityLog.writeEvent(SecurityLog.TAG_MAX_SCREEN_LOCK_TIMEOUT_SET, 4941 who.getPackageName(), userHandle, affectedUserId, timeMs); 4942 } 4943 } 4944 4945 private void updateMaximumTimeToLockLocked(@UserIdInt int userId) { 4946 // Update the profile's timeout 4947 if (isManagedProfile(userId)) { 4948 updateProfileLockTimeoutLocked(userId); 4949 } 4950 4951 final long timeMs; 4952 final long ident = mInjector.binderClearCallingIdentity(); 4953 try { 4954 // Update the device timeout 4955 final int parentId = getProfileParentId(userId); 4956 timeMs = getMaximumTimeToLockPolicyFromAdmins( 4957 getActiveAdminsForLockscreenPoliciesLocked(parentId, false)); 4958 4959 final DevicePolicyData policy = getUserDataUnchecked(parentId); 4960 if (policy.mLastMaximumTimeToLock == timeMs) { 4961 return; 4962 } 4963 policy.mLastMaximumTimeToLock = timeMs; 4964 4965 if (policy.mLastMaximumTimeToLock != Long.MAX_VALUE) { 4966 // Make sure KEEP_SCREEN_ON is disabled, since that 4967 // would allow bypassing of the maximum time to lock. 4968 mInjector.settingsGlobalPutInt(Settings.Global.STAY_ON_WHILE_PLUGGED_IN, 0); 4969 } 4970 } finally { 4971 mInjector.binderRestoreCallingIdentity(ident); 4972 } 4973 4974 mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin( 4975 UserHandle.USER_SYSTEM, timeMs); 4976 } 4977 4978 private void updateProfileLockTimeoutLocked(@UserIdInt int userId) { 4979 final long timeMs; 4980 if (isSeparateProfileChallengeEnabled(userId)) { 4981 timeMs = getMaximumTimeToLockPolicyFromAdmins( 4982 getActiveAdminsForLockscreenPoliciesLocked(userId, false /* parent */)); 4983 } else { 4984 timeMs = Long.MAX_VALUE; 4985 } 4986 4987 final DevicePolicyData policy = getUserDataUnchecked(userId); 4988 if (policy.mLastMaximumTimeToLock == timeMs) { 4989 return; 4990 } 4991 policy.mLastMaximumTimeToLock = timeMs; 4992 4993 mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin( 4994 userId, policy.mLastMaximumTimeToLock); 4995 } 4996 4997 @Override 4998 public long getMaximumTimeToLock(ComponentName who, int userHandle, boolean parent) { 4999 if (!mHasFeature) { 5000 return 0; 5001 } 5002 enforceFullCrossUsersPermission(userHandle); 5003 synchronized (getLockObject()) { 5004 if (who != null) { 5005 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 5006 return admin != null ? admin.maximumTimeToUnlock : 0; 5007 } 5008 // Return the strictest policy across all participating admins. 5009 final List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 5010 userHandle, parent); 5011 final long timeMs = getMaximumTimeToLockPolicyFromAdmins(admins); 5012 return timeMs == Long.MAX_VALUE ? 0 : timeMs; 5013 } 5014 } 5015 5016 private long getMaximumTimeToLockPolicyFromAdmins(List<ActiveAdmin> admins) { 5017 long time = Long.MAX_VALUE; 5018 for (final ActiveAdmin admin : admins) { 5019 if (admin.maximumTimeToUnlock > 0 && admin.maximumTimeToUnlock < time) { 5020 time = admin.maximumTimeToUnlock; 5021 } 5022 } 5023 return time; 5024 } 5025 5026 @Override 5027 public void setRequiredStrongAuthTimeout(ComponentName who, long timeoutMs, 5028 boolean parent) { 5029 if (!mHasFeature) { 5030 return; 5031 } 5032 Preconditions.checkNotNull(who, "ComponentName is null"); 5033 Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number."); 5034 // timeoutMs with value 0 means that the admin doesn't participate 5035 // timeoutMs is clamped to the interval in case the internal constants change in the future 5036 final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs(); 5037 if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) { 5038 timeoutMs = minimumStrongAuthTimeout; 5039 } 5040 if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { 5041 timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5042 } 5043 5044 final int userHandle = mInjector.userHandleGetCallingUserId(); 5045 synchronized (getLockObject()) { 5046 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 5047 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 5048 if (ap.strongAuthUnlockTimeout != timeoutMs) { 5049 ap.strongAuthUnlockTimeout = timeoutMs; 5050 saveSettingsLocked(userHandle); 5051 } 5052 } 5053 } 5054 5055 /** 5056 * Return a single admin's strong auth unlock timeout or minimum value (strictest) of all 5057 * admins if who is null. 5058 * Returns 0 if not configured for the provided admin. 5059 */ 5060 @Override 5061 public long getRequiredStrongAuthTimeout(ComponentName who, int userId, boolean parent) { 5062 if (!mHasFeature) { 5063 return DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5064 } 5065 enforceFullCrossUsersPermission(userId); 5066 synchronized (getLockObject()) { 5067 if (who != null) { 5068 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId, parent); 5069 return admin != null ? admin.strongAuthUnlockTimeout : 0; 5070 } 5071 5072 // Return the strictest policy across all participating admins. 5073 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userId, parent); 5074 5075 long strongAuthUnlockTimeout = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5076 for (int i = 0; i < admins.size(); i++) { 5077 final long timeout = admins.get(i).strongAuthUnlockTimeout; 5078 if (timeout != 0) { // take only participating admins into account 5079 strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout); 5080 } 5081 } 5082 return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs()); 5083 } 5084 } 5085 5086 private long getMinimumStrongAuthTimeoutMs() { 5087 if (!mInjector.isBuildDebuggable()) { 5088 return MINIMUM_STRONG_AUTH_TIMEOUT_MS; 5089 } 5090 // ideally the property was named persist.sys.min_strong_auth_timeout, but system property 5091 // name cannot be longer than 31 characters 5092 return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo", 5093 MINIMUM_STRONG_AUTH_TIMEOUT_MS), 5094 MINIMUM_STRONG_AUTH_TIMEOUT_MS); 5095 } 5096 5097 @Override 5098 public void lockNow(int flags, boolean parent) { 5099 if (!mHasFeature) { 5100 return; 5101 } 5102 5103 final int callingUserId = mInjector.userHandleGetCallingUserId(); 5104 synchronized (getLockObject()) { 5105 // This API can only be called by an active device admin, 5106 // so try to retrieve it to check that the caller is one. 5107 final ActiveAdmin admin = getActiveAdminForCallerLocked( 5108 null, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent); 5109 5110 final long ident = mInjector.binderClearCallingIdentity(); 5111 try { 5112 final ComponentName adminComponent = admin.info.getComponent(); 5113 // Evict key 5114 if ((flags & DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY) != 0) { 5115 enforceManagedProfile( 5116 callingUserId, "set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY"); 5117 if (!isProfileOwner(adminComponent, callingUserId)) { 5118 throw new SecurityException("Only profile owner admins can set " 5119 + "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY"); 5120 } 5121 if (parent) { 5122 throw new IllegalArgumentException( 5123 "Cannot set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY for the parent"); 5124 } 5125 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 5126 throw new UnsupportedOperationException( 5127 "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY only applies to FBE devices"); 5128 } 5129 mUserManager.evictCredentialEncryptionKey(callingUserId); 5130 } 5131 5132 // Lock all users unless this is a managed profile with a separate challenge 5133 final int userToLock = (parent || !isSeparateProfileChallengeEnabled(callingUserId) 5134 ? UserHandle.USER_ALL : callingUserId); 5135 mLockPatternUtils.requireStrongAuth( 5136 STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, userToLock); 5137 5138 // Require authentication for the device or profile 5139 if (userToLock == UserHandle.USER_ALL) { 5140 // Power off the display 5141 mInjector.powerManagerGoToSleep(SystemClock.uptimeMillis(), 5142 PowerManager.GO_TO_SLEEP_REASON_DEVICE_ADMIN, 0); 5143 mInjector.getIWindowManager().lockNow(null); 5144 } else { 5145 mInjector.getTrustManager().setDeviceLockedForUser(userToLock, true); 5146 } 5147 5148 if (SecurityLog.isLoggingEnabled()) { 5149 final int affectedUserId = 5150 parent ? getProfileParentId(callingUserId) : callingUserId; 5151 SecurityLog.writeEvent(SecurityLog.TAG_REMOTE_LOCK, 5152 adminComponent.getPackageName(), callingUserId, affectedUserId); 5153 } 5154 } catch (RemoteException e) { 5155 } finally { 5156 mInjector.binderRestoreCallingIdentity(ident); 5157 } 5158 } 5159 } 5160 5161 @Override 5162 public void enforceCanManageCaCerts(ComponentName who, String callerPackage) { 5163 if (who == null) { 5164 if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) { 5165 mContext.enforceCallingOrSelfPermission(MANAGE_CA_CERTIFICATES, null); 5166 } 5167 } else { 5168 enforceProfileOrDeviceOwner(who); 5169 } 5170 } 5171 5172 private void enforceProfileOrDeviceOwner(ComponentName who) { 5173 synchronized (getLockObject()) { 5174 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5175 } 5176 } 5177 5178 @Override 5179 public boolean approveCaCert(String alias, int userId, boolean approval) { 5180 enforceManageUsers(); 5181 synchronized (getLockObject()) { 5182 Set<String> certs = getUserData(userId).mAcceptedCaCertificates; 5183 boolean changed = (approval ? certs.add(alias) : certs.remove(alias)); 5184 if (!changed) { 5185 return false; 5186 } 5187 saveSettingsLocked(userId); 5188 } 5189 mCertificateMonitor.onCertificateApprovalsChanged(userId); 5190 return true; 5191 } 5192 5193 @Override 5194 public boolean isCaCertApproved(String alias, int userId) { 5195 enforceManageUsers(); 5196 synchronized (getLockObject()) { 5197 return getUserData(userId).mAcceptedCaCertificates.contains(alias); 5198 } 5199 } 5200 5201 private void removeCaApprovalsIfNeeded(int userId) { 5202 for (UserInfo userInfo : mUserManager.getProfiles(userId)) { 5203 boolean isSecure = mLockPatternUtils.isSecure(userInfo.id); 5204 if (userInfo.isManagedProfile()){ 5205 isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id)); 5206 } 5207 if (!isSecure) { 5208 synchronized (getLockObject()) { 5209 getUserData(userInfo.id).mAcceptedCaCertificates.clear(); 5210 saveSettingsLocked(userInfo.id); 5211 } 5212 mCertificateMonitor.onCertificateApprovalsChanged(userId); 5213 } 5214 } 5215 } 5216 5217 @Override 5218 public boolean installCaCert(ComponentName admin, String callerPackage, byte[] certBuffer) 5219 throws RemoteException { 5220 if (!mHasFeature) { 5221 return false; 5222 } 5223 enforceCanManageCaCerts(admin, callerPackage); 5224 5225 final String alias; 5226 5227 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 5228 final long id = mInjector.binderClearCallingIdentity(); 5229 try { 5230 alias = mCertificateMonitor.installCaCert(userHandle, certBuffer); 5231 if (alias == null) { 5232 Log.w(LOG_TAG, "Problem installing cert"); 5233 return false; 5234 } 5235 } finally { 5236 mInjector.binderRestoreCallingIdentity(id); 5237 } 5238 5239 synchronized (getLockObject()) { 5240 getUserData(userHandle.getIdentifier()).mOwnerInstalledCaCerts.add(alias); 5241 saveSettingsLocked(userHandle.getIdentifier()); 5242 } 5243 return true; 5244 } 5245 5246 @Override 5247 public void uninstallCaCerts(ComponentName admin, String callerPackage, String[] aliases) { 5248 if (!mHasFeature) { 5249 return; 5250 } 5251 enforceCanManageCaCerts(admin, callerPackage); 5252 5253 final int userId = mInjector.userHandleGetCallingUserId(); 5254 final long id = mInjector.binderClearCallingIdentity(); 5255 try { 5256 mCertificateMonitor.uninstallCaCerts(UserHandle.of(userId), aliases); 5257 } finally { 5258 mInjector.binderRestoreCallingIdentity(id); 5259 } 5260 5261 synchronized (getLockObject()) { 5262 if (getUserData(userId).mOwnerInstalledCaCerts.removeAll(Arrays.asList(aliases))) { 5263 saveSettingsLocked(userId); 5264 } 5265 } 5266 } 5267 5268 @Override 5269 public boolean installKeyPair(ComponentName who, String callerPackage, byte[] privKey, 5270 byte[] cert, byte[] chain, String alias, boolean requestAccess, 5271 boolean isUserSelectable) { 5272 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5273 DELEGATION_CERT_INSTALL); 5274 5275 5276 final int callingUid = mInjector.binderGetCallingUid(); 5277 final long id = mInjector.binderClearCallingIdentity(); 5278 try { 5279 final KeyChainConnection keyChainConnection = 5280 KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid)); 5281 try { 5282 IKeyChainService keyChain = keyChainConnection.getService(); 5283 if (!keyChain.installKeyPair(privKey, cert, chain, alias)) { 5284 return false; 5285 } 5286 if (requestAccess) { 5287 keyChain.setGrant(callingUid, alias, true); 5288 } 5289 keyChain.setUserSelectable(alias, isUserSelectable); 5290 return true; 5291 } catch (RemoteException e) { 5292 Log.e(LOG_TAG, "Installing certificate", e); 5293 } finally { 5294 keyChainConnection.close(); 5295 } 5296 } catch (InterruptedException e) { 5297 Log.w(LOG_TAG, "Interrupted while installing certificate", e); 5298 Thread.currentThread().interrupt(); 5299 } finally { 5300 mInjector.binderRestoreCallingIdentity(id); 5301 } 5302 return false; 5303 } 5304 5305 @Override 5306 public boolean removeKeyPair(ComponentName who, String callerPackage, String alias) { 5307 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5308 DELEGATION_CERT_INSTALL); 5309 5310 final UserHandle userHandle = new UserHandle(UserHandle.getCallingUserId()); 5311 final long id = Binder.clearCallingIdentity(); 5312 try { 5313 final KeyChainConnection keyChainConnection = KeyChain.bindAsUser(mContext, userHandle); 5314 try { 5315 IKeyChainService keyChain = keyChainConnection.getService(); 5316 return keyChain.removeKeyPair(alias); 5317 } catch (RemoteException e) { 5318 Log.e(LOG_TAG, "Removing keypair", e); 5319 } finally { 5320 keyChainConnection.close(); 5321 } 5322 } catch (InterruptedException e) { 5323 Log.w(LOG_TAG, "Interrupted while removing keypair", e); 5324 Thread.currentThread().interrupt(); 5325 } finally { 5326 Binder.restoreCallingIdentity(id); 5327 } 5328 return false; 5329 } 5330 5331 private void enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner( 5332 ComponentName who, String callerPackage, int callerUid) throws SecurityException { 5333 if (who == null) { 5334 if (!mOwners.hasDeviceOwner()) { 5335 throw new SecurityException("Not in Device Owner mode."); 5336 } 5337 if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) { 5338 throw new SecurityException("Caller not from device owner user"); 5339 } 5340 if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) { 5341 throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() + 5342 "has no permission to generate keys."); 5343 } 5344 } else { 5345 // Caller provided - check it is the device owner. 5346 synchronized (getLockObject()) { 5347 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 5348 } 5349 } 5350 } 5351 5352 @VisibleForTesting 5353 public static int[] translateIdAttestationFlags( 5354 int idAttestationFlags) { 5355 Map<Integer, Integer> idTypeToAttestationFlag = new HashMap(); 5356 idTypeToAttestationFlag.put(ID_TYPE_SERIAL, AttestationUtils.ID_TYPE_SERIAL); 5357 idTypeToAttestationFlag.put(ID_TYPE_IMEI, AttestationUtils.ID_TYPE_IMEI); 5358 idTypeToAttestationFlag.put(ID_TYPE_MEID, AttestationUtils.ID_TYPE_MEID); 5359 5360 int numFlagsSet = Integer.bitCount(idAttestationFlags); 5361 // No flags are set - return null to indicate no device ID attestation information should 5362 // be included in the attestation record. 5363 if (numFlagsSet == 0) { 5364 return null; 5365 } 5366 5367 // If the ID_TYPE_BASE_INFO is set, make sure that a non-null array is returned, even if 5368 // no other flag is set. That will lead to inclusion of general device make data in the 5369 // attestation record, but no specific device identifiers. 5370 if ((idAttestationFlags & ID_TYPE_BASE_INFO) != 0) { 5371 numFlagsSet -= 1; 5372 idAttestationFlags = idAttestationFlags & (~ID_TYPE_BASE_INFO); 5373 } 5374 5375 int[] attestationUtilsFlags = new int[numFlagsSet]; 5376 int i = 0; 5377 for (Integer idType: idTypeToAttestationFlag.keySet()) { 5378 if ((idType & idAttestationFlags) != 0) { 5379 attestationUtilsFlags[i++] = idTypeToAttestationFlag.get(idType); 5380 } 5381 } 5382 5383 return attestationUtilsFlags; 5384 } 5385 5386 @Override 5387 public boolean generateKeyPair(ComponentName who, String callerPackage, String algorithm, 5388 ParcelableKeyGenParameterSpec parcelableKeySpec, 5389 int idAttestationFlags, 5390 KeymasterCertificateChain attestationChain) { 5391 // Get attestation flags, if any. 5392 final int[] attestationUtilsFlags = translateIdAttestationFlags(idAttestationFlags); 5393 final boolean deviceIdAttestationRequired = attestationUtilsFlags != null; 5394 final int callingUid = mInjector.binderGetCallingUid(); 5395 5396 if (deviceIdAttestationRequired && attestationUtilsFlags.length > 0) { 5397 enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner(who, callerPackage, callingUid); 5398 } else { 5399 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5400 DELEGATION_CERT_INSTALL); 5401 } 5402 final KeyGenParameterSpec keySpec = parcelableKeySpec.getSpec(); 5403 final String alias = keySpec.getKeystoreAlias(); 5404 if (TextUtils.isEmpty(alias)) { 5405 throw new IllegalArgumentException("Empty alias provided."); 5406 } 5407 // As the caller will be granted access to the key, ensure no UID was specified, as 5408 // it will not have the desired effect. 5409 if (keySpec.getUid() != KeyStore.UID_SELF) { 5410 Log.e(LOG_TAG, "Only the caller can be granted access to the generated keypair."); 5411 return false; 5412 } 5413 5414 if (deviceIdAttestationRequired && (keySpec.getAttestationChallenge() == null)) { 5415 throw new IllegalArgumentException( 5416 "Requested Device ID attestation but challenge is empty."); 5417 } 5418 5419 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 5420 final long id = mInjector.binderClearCallingIdentity(); 5421 try { 5422 try (KeyChainConnection keyChainConnection = 5423 KeyChain.bindAsUser(mContext, userHandle)) { 5424 IKeyChainService keyChain = keyChainConnection.getService(); 5425 5426 // Copy the provided keySpec, excluding the attestation challenge, which will be 5427 // used later for requesting key attestation record. 5428 final KeyGenParameterSpec noAttestationSpec = 5429 new KeyGenParameterSpec.Builder(keySpec) 5430 .setAttestationChallenge(null) 5431 .build(); 5432 5433 final int generationResult = keyChain.generateKeyPair(algorithm, 5434 new ParcelableKeyGenParameterSpec(noAttestationSpec)); 5435 if (generationResult != KeyChain.KEY_GEN_SUCCESS) { 5436 Log.e(LOG_TAG, String.format( 5437 "KeyChain failed to generate a keypair, error %d.", generationResult)); 5438 return false; 5439 } 5440 5441 // Set a grant for the caller here so that when the client calls 5442 // requestPrivateKey, it will be able to get the key from Keystore. 5443 // Note the use of the calling UID, since the request for the private 5444 // key will come from the client's process, so the grant has to be for 5445 // that UID. 5446 keyChain.setGrant(callingUid, alias, true); 5447 5448 final byte[] attestationChallenge = keySpec.getAttestationChallenge(); 5449 if (attestationChallenge != null) { 5450 final int attestationResult = keyChain.attestKey( 5451 alias, attestationChallenge, attestationUtilsFlags, attestationChain); 5452 if (attestationResult != KeyChain.KEY_ATTESTATION_SUCCESS) { 5453 Log.e(LOG_TAG, String.format( 5454 "Attestation for %s failed (rc=%d), deleting key.", 5455 alias, attestationResult)); 5456 keyChain.removeKeyPair(alias); 5457 if (attestationResult == KeyChain.KEY_ATTESTATION_CANNOT_ATTEST_IDS) { 5458 throw new UnsupportedOperationException( 5459 "Device does not support Device ID attestation."); 5460 } 5461 return false; 5462 } 5463 } 5464 return true; 5465 } 5466 } catch (RemoteException e) { 5467 Log.e(LOG_TAG, "KeyChain error while generating a keypair", e); 5468 } catch (InterruptedException e) { 5469 Log.w(LOG_TAG, "Interrupted while generating keypair", e); 5470 Thread.currentThread().interrupt(); 5471 } finally { 5472 mInjector.binderRestoreCallingIdentity(id); 5473 } 5474 return false; 5475 } 5476 5477 @Override 5478 public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias, 5479 byte[] cert, byte[] chain, boolean isUserSelectable) { 5480 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5481 DELEGATION_CERT_INSTALL); 5482 5483 final int callingUid = mInjector.binderGetCallingUid(); 5484 final long id = mInjector.binderClearCallingIdentity(); 5485 try (final KeyChainConnection keyChainConnection = 5486 KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid))) { 5487 IKeyChainService keyChain = keyChainConnection.getService(); 5488 if (!keyChain.setKeyPairCertificate(alias, cert, chain)) { 5489 return false; 5490 } 5491 keyChain.setUserSelectable(alias, isUserSelectable); 5492 return true; 5493 } catch (InterruptedException e) { 5494 Log.w(LOG_TAG, "Interrupted while setting keypair certificate", e); 5495 Thread.currentThread().interrupt(); 5496 } catch (RemoteException e) { 5497 Log.e(LOG_TAG, "Failed setting keypair certificate", e); 5498 } finally { 5499 mInjector.binderRestoreCallingIdentity(id); 5500 } 5501 return false; 5502 } 5503 5504 @Override 5505 public void choosePrivateKeyAlias(final int uid, final Uri uri, final String alias, 5506 final IBinder response) { 5507 // Caller UID needs to be trusted, so we restrict this method to SYSTEM_UID callers. 5508 if (!isCallerWithSystemUid()) { 5509 return; 5510 } 5511 5512 final UserHandle caller = mInjector.binderGetCallingUserHandle(); 5513 // If there is a profile owner, redirect to that; otherwise query the device owner. 5514 ComponentName aliasChooser = getProfileOwner(caller.getIdentifier()); 5515 if (aliasChooser == null && caller.isSystem()) { 5516 ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 5517 if (deviceOwnerAdmin != null) { 5518 aliasChooser = deviceOwnerAdmin.info.getComponent(); 5519 } 5520 } 5521 if (aliasChooser == null) { 5522 sendPrivateKeyAliasResponse(null, response); 5523 return; 5524 } 5525 5526 Intent intent = new Intent(DeviceAdminReceiver.ACTION_CHOOSE_PRIVATE_KEY_ALIAS); 5527 intent.setComponent(aliasChooser); 5528 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, uid); 5529 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_URI, uri); 5530 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_ALIAS, alias); 5531 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE, response); 5532 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 5533 5534 final long id = mInjector.binderClearCallingIdentity(); 5535 try { 5536 mContext.sendOrderedBroadcastAsUser(intent, caller, null, new BroadcastReceiver() { 5537 @Override 5538 public void onReceive(Context context, Intent intent) { 5539 final String chosenAlias = getResultData(); 5540 sendPrivateKeyAliasResponse(chosenAlias, response); 5541 } 5542 }, null, Activity.RESULT_OK, null, null); 5543 } finally { 5544 mInjector.binderRestoreCallingIdentity(id); 5545 } 5546 } 5547 5548 private void sendPrivateKeyAliasResponse(final String alias, final IBinder responseBinder) { 5549 final IKeyChainAliasCallback keyChainAliasResponse = 5550 IKeyChainAliasCallback.Stub.asInterface(responseBinder); 5551 // Send the response. It's OK to do this from the main thread because IKeyChainAliasCallback 5552 // is oneway, which means it won't block if the recipient lives in another process. 5553 try { 5554 keyChainAliasResponse.alias(alias); 5555 } catch (Exception e) { 5556 // Caller could throw RuntimeException or RemoteException back across processes. Catch 5557 // everything just to be sure. 5558 Log.e(LOG_TAG, "error while responding to callback", e); 5559 } 5560 } 5561 5562 /** 5563 * Determine whether DPMS should check if a delegate package is already installed before 5564 * granting it new delegations via {@link #setDelegatedScopes}. 5565 */ 5566 private static boolean shouldCheckIfDelegatePackageIsInstalled(String delegatePackage, 5567 int targetSdk, List<String> scopes) { 5568 // 1) Never skip is installed check from N. 5569 if (targetSdk >= Build.VERSION_CODES.N) { 5570 return true; 5571 } 5572 // 2) Skip if DELEGATION_CERT_INSTALL is the only scope being given. 5573 if (scopes.size() == 1 && scopes.get(0).equals(DELEGATION_CERT_INSTALL)) { 5574 return false; 5575 } 5576 // 3) Skip if all previously granted scopes are being cleared. 5577 if (scopes.isEmpty()) { 5578 return false; 5579 } 5580 // Otherwise it should check that delegatePackage is installed. 5581 return true; 5582 } 5583 5584 /** 5585 * Set the scopes of a device owner or profile owner delegate. 5586 * 5587 * @param who the device owner or profile owner. 5588 * @param delegatePackage the name of the delegate package. 5589 * @param scopes the list of delegation scopes to be given to the delegate package. 5590 */ 5591 @Override 5592 public void setDelegatedScopes(ComponentName who, String delegatePackage, 5593 List<String> scopes) throws SecurityException { 5594 Preconditions.checkNotNull(who, "ComponentName is null"); 5595 Preconditions.checkStringNotEmpty(delegatePackage, "Delegate package is null or empty"); 5596 Preconditions.checkCollectionElementsNotNull(scopes, "Scopes"); 5597 // Remove possible duplicates. 5598 scopes = new ArrayList(new ArraySet(scopes)); 5599 // Ensure given scopes are valid. 5600 if (scopes.retainAll(Arrays.asList(DELEGATIONS))) { 5601 throw new IllegalArgumentException("Unexpected delegation scopes"); 5602 } 5603 5604 // Retrieve the user ID of the calling process. 5605 final int userId = mInjector.userHandleGetCallingUserId(); 5606 synchronized (getLockObject()) { 5607 // Ensure calling process is device/profile owner. 5608 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5609 // Ensure the delegate is installed (skip this for DELEGATION_CERT_INSTALL in pre-N). 5610 if (shouldCheckIfDelegatePackageIsInstalled(delegatePackage, 5611 getTargetSdk(who.getPackageName(), userId), scopes)) { 5612 // Throw when the delegate package is not installed. 5613 if (!isPackageInstalledForUser(delegatePackage, userId)) { 5614 throw new IllegalArgumentException("Package " + delegatePackage 5615 + " is not installed on the current user"); 5616 } 5617 } 5618 5619 // Set the new delegate in user policies. 5620 final DevicePolicyData policy = getUserData(userId); 5621 if (!scopes.isEmpty()) { 5622 policy.mDelegationMap.put(delegatePackage, new ArrayList<>(scopes)); 5623 } else { 5624 // Remove any delegation info if the given scopes list is empty. 5625 policy.mDelegationMap.remove(delegatePackage); 5626 } 5627 5628 // Notify delegate package of updates. 5629 final Intent intent = new Intent( 5630 DevicePolicyManager.ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED); 5631 // Only call receivers registered with Context#registerReceiver (don’t wake delegate). 5632 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 5633 // Limit components this intent resolves to to the delegate package. 5634 intent.setPackage(delegatePackage); 5635 // Include the list of delegated scopes as an extra. 5636 intent.putStringArrayListExtra(DevicePolicyManager.EXTRA_DELEGATION_SCOPES, 5637 (ArrayList<String>) scopes); 5638 // Send the broadcast. 5639 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 5640 5641 // Persist updates. 5642 saveSettingsLocked(userId); 5643 } 5644 } 5645 5646 /** 5647 * Get the delegation scopes given to a delegate package by a device owner or profile owner. 5648 * 5649 * A DO/PO can get the scopes of any package. A non DO/PO package can get its own scopes by 5650 * passing in {@code null} as the {@code who} parameter and its own name as the 5651 * {@code delegatepackage}. 5652 * 5653 * @param who the device owner or profile owner, or {@code null} if the caller is 5654 * {@code delegatePackage}. 5655 * @param delegatePackage the name of the delegate package whose scopes are to be retrieved. 5656 * @return a list of the delegation scopes currently given to {@code delegatePackage}. 5657 */ 5658 @Override 5659 @NonNull 5660 public List<String> getDelegatedScopes(ComponentName who, 5661 String delegatePackage) throws SecurityException { 5662 Preconditions.checkNotNull(delegatePackage, "Delegate package is null"); 5663 5664 // Retrieve the user ID of the calling process. 5665 final int callingUid = mInjector.binderGetCallingUid(); 5666 final int userId = UserHandle.getUserId(callingUid); 5667 synchronized (getLockObject()) { 5668 // Ensure calling process is device/profile owner. 5669 if (who != null) { 5670 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5671 // Or ensure calling process is delegatePackage itself. 5672 } else { 5673 int uid = 0; 5674 try { 5675 uid = mInjector.getPackageManager() 5676 .getPackageUidAsUser(delegatePackage, userId); 5677 } catch(NameNotFoundException e) { 5678 } 5679 if (uid != callingUid) { 5680 throw new SecurityException("Caller with uid " + callingUid + " is not " 5681 + delegatePackage); 5682 } 5683 } 5684 final DevicePolicyData policy = getUserData(userId); 5685 // Retrieve the scopes assigned to delegatePackage, or null if no scope was given. 5686 final List<String> scopes = policy.mDelegationMap.get(delegatePackage); 5687 return scopes == null ? Collections.EMPTY_LIST : scopes; 5688 } 5689 } 5690 5691 /** 5692 * Get a list of packages that were given a specific delegation scopes by a device owner or 5693 * profile owner. 5694 * 5695 * @param who the device owner or profile owner. 5696 * @param scope the scope whose delegates are to be retrieved. 5697 * @return a list of the delegate packages currently given the {@code scope} delegation. 5698 */ 5699 @NonNull 5700 public List<String> getDelegatePackages(ComponentName who, String scope) 5701 throws SecurityException { 5702 Preconditions.checkNotNull(who, "ComponentName is null"); 5703 Preconditions.checkNotNull(scope, "Scope is null"); 5704 if (!Arrays.asList(DELEGATIONS).contains(scope)) { 5705 throw new IllegalArgumentException("Unexpected delegation scope: " + scope); 5706 } 5707 5708 // Retrieve the user ID of the calling process. 5709 final int userId = mInjector.userHandleGetCallingUserId(); 5710 synchronized (getLockObject()) { 5711 // Ensure calling process is device/profile owner. 5712 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5713 final DevicePolicyData policy = getUserData(userId); 5714 5715 // Create a list to hold the resulting delegate packages. 5716 final List<String> delegatePackagesWithScope = new ArrayList<>(); 5717 // Add all delegations containing scope to the result list. 5718 for (int i = 0; i < policy.mDelegationMap.size(); i++) { 5719 if (policy.mDelegationMap.valueAt(i).contains(scope)) { 5720 delegatePackagesWithScope.add(policy.mDelegationMap.keyAt(i)); 5721 } 5722 } 5723 return delegatePackagesWithScope; 5724 } 5725 } 5726 5727 /** 5728 * Check whether a caller application has been delegated a given scope via 5729 * {@link #setDelegatedScopes} to access privileged APIs on the behalf of a profile owner or 5730 * device owner. 5731 * <p> 5732 * This is done by checking that {@code callerPackage} was granted {@code scope} delegation and 5733 * then comparing the calling UID with the UID of {@code callerPackage} as reported by 5734 * {@link PackageManager#getPackageUidAsUser}. 5735 * 5736 * @param callerPackage the name of the package that is trying to invoke a function in the DPMS. 5737 * @param scope the delegation scope to be checked. 5738 * @return {@code true} if the calling process is a delegate of {@code scope}. 5739 */ 5740 private boolean isCallerDelegate(String callerPackage, String scope) { 5741 Preconditions.checkNotNull(callerPackage, "callerPackage is null"); 5742 if (!Arrays.asList(DELEGATIONS).contains(scope)) { 5743 throw new IllegalArgumentException("Unexpected delegation scope: " + scope); 5744 } 5745 5746 // Retrieve the UID and user ID of the calling process. 5747 final int callingUid = mInjector.binderGetCallingUid(); 5748 final int userId = UserHandle.getUserId(callingUid); 5749 synchronized (getLockObject()) { 5750 // Retrieve user policy data. 5751 final DevicePolicyData policy = getUserData(userId); 5752 // Retrieve the list of delegation scopes granted to callerPackage. 5753 final List<String> scopes = policy.mDelegationMap.get(callerPackage); 5754 // Check callingUid only if callerPackage has the required scope delegation. 5755 if (scopes != null && scopes.contains(scope)) { 5756 try { 5757 // Retrieve the expected UID for callerPackage. 5758 final int uid = mInjector.getPackageManager() 5759 .getPackageUidAsUser(callerPackage, userId); 5760 // Return true if the caller is actually callerPackage. 5761 return uid == callingUid; 5762 } catch (NameNotFoundException e) { 5763 // Ignore. 5764 } 5765 } 5766 return false; 5767 } 5768 } 5769 5770 /** 5771 * Throw a security exception if a ComponentName is given and it is not a device/profile owner 5772 * or if the calling process is not a delegate of the given scope. 5773 * 5774 * @param who the device owner of profile owner, or null if {@code callerPackage} is a 5775 * {@code scope} delegate. 5776 * @param callerPackage the name of the calling package. Required if {@code who} is 5777 * {@code null}. 5778 * @param reqPolicy the policy used in the API whose access permission is being checked. 5779 * @param scope the delegation scope corresponding to the API being checked. 5780 * @throws SecurityException if {@code who} is given and is not an owner for {@code reqPolicy}; 5781 * or when {@code who} is {@code null} and {@code callerPackage} is not a delegate 5782 * of {@code scope}. 5783 */ 5784 private void enforceCanManageScope(ComponentName who, String callerPackage, int reqPolicy, 5785 String scope) { 5786 // If a ComponentName is given ensure it is a device or profile owner according to policy. 5787 if (who != null) { 5788 synchronized (getLockObject()) { 5789 getActiveAdminForCallerLocked(who, reqPolicy); 5790 } 5791 // If no ComponentName is given ensure calling process has scope delegation. 5792 } else if (!isCallerDelegate(callerPackage, scope)) { 5793 throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() 5794 + " is not a delegate of scope " + scope + "."); 5795 } 5796 } 5797 5798 /** 5799 * Helper function to preserve delegation behavior pre-O when using the deprecated functions 5800 * {@code #setCertInstallerPackage} and {@code #setApplicationRestrictionsManagingPackage}. 5801 */ 5802 private void setDelegatedScopePreO(ComponentName who, 5803 String delegatePackage, String scope) { 5804 Preconditions.checkNotNull(who, "ComponentName is null"); 5805 5806 final int userId = mInjector.userHandleGetCallingUserId(); 5807 synchronized (getLockObject()) { 5808 // Ensure calling process is device/profile owner. 5809 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5810 final DevicePolicyData policy = getUserData(userId); 5811 5812 if (delegatePackage != null) { 5813 // Set package as a delegate for scope if it is not already one. 5814 List<String> scopes = policy.mDelegationMap.get(delegatePackage); 5815 if (scopes == null) { 5816 scopes = new ArrayList<>(); 5817 } 5818 if (!scopes.contains(scope)) { 5819 scopes.add(scope); 5820 setDelegatedScopes(who, delegatePackage, scopes); 5821 } 5822 } 5823 5824 // Clear any existing scope delegates. 5825 for (int i = 0; i < policy.mDelegationMap.size(); i++) { 5826 final String currentPackage = policy.mDelegationMap.keyAt(i); 5827 final List<String> currentScopes = policy.mDelegationMap.valueAt(i); 5828 5829 if (!currentPackage.equals(delegatePackage) && currentScopes.contains(scope)) { 5830 final List<String> newScopes = new ArrayList(currentScopes); 5831 newScopes.remove(scope); 5832 setDelegatedScopes(who, currentPackage, newScopes); 5833 } 5834 } 5835 } 5836 } 5837 5838 @Override 5839 public void setCertInstallerPackage(ComponentName who, String installerPackage) 5840 throws SecurityException { 5841 setDelegatedScopePreO(who, installerPackage, DELEGATION_CERT_INSTALL); 5842 } 5843 5844 @Override 5845 public String getCertInstallerPackage(ComponentName who) throws SecurityException { 5846 final List<String> delegatePackages = getDelegatePackages(who, DELEGATION_CERT_INSTALL); 5847 return delegatePackages.size() > 0 ? delegatePackages.get(0) : null; 5848 } 5849 5850 /** 5851 * @return {@code true} if the package is installed and set as always-on, {@code false} if it is 5852 * not installed and therefore not available. 5853 * 5854 * @throws SecurityException if the caller is not a profile or device owner. 5855 * @throws UnsupportedOperationException if the package does not support being set as always-on. 5856 */ 5857 @Override 5858 public boolean setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage, boolean lockdown) 5859 throws SecurityException { 5860 enforceProfileOrDeviceOwner(admin); 5861 5862 final int userId = mInjector.userHandleGetCallingUserId(); 5863 final long token = mInjector.binderClearCallingIdentity(); 5864 try { 5865 if (vpnPackage != null && !isPackageInstalledForUser(vpnPackage, userId)) { 5866 return false; 5867 } 5868 ConnectivityManager connectivityManager = (ConnectivityManager) 5869 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 5870 if (!connectivityManager.setAlwaysOnVpnPackageForUser(userId, vpnPackage, lockdown)) { 5871 throw new UnsupportedOperationException(); 5872 } 5873 } finally { 5874 mInjector.binderRestoreCallingIdentity(token); 5875 } 5876 return true; 5877 } 5878 5879 @Override 5880 public String getAlwaysOnVpnPackage(ComponentName admin) 5881 throws SecurityException { 5882 enforceProfileOrDeviceOwner(admin); 5883 5884 final int userId = mInjector.userHandleGetCallingUserId(); 5885 final long token = mInjector.binderClearCallingIdentity(); 5886 try{ 5887 ConnectivityManager connectivityManager = (ConnectivityManager) 5888 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 5889 return connectivityManager.getAlwaysOnVpnPackageForUser(userId); 5890 } finally { 5891 mInjector.binderRestoreCallingIdentity(token); 5892 } 5893 } 5894 5895 private void forceWipeDeviceNoLock(boolean wipeExtRequested, String reason, boolean wipeEuicc) { 5896 wtfIfInLock(); 5897 5898 if (wipeExtRequested) { 5899 StorageManager sm = (StorageManager) mContext.getSystemService( 5900 Context.STORAGE_SERVICE); 5901 sm.wipeAdoptableDisks(); 5902 } 5903 try { 5904 mInjector.recoverySystemRebootWipeUserData( 5905 /*shutdown=*/ false, reason, /*force=*/ true, /*wipeEuicc=*/ wipeEuicc); 5906 } catch (IOException | SecurityException e) { 5907 Slog.w(LOG_TAG, "Failed requesting data wipe", e); 5908 } 5909 } 5910 5911 private void forceWipeUser(int userId, String wipeReasonForUser) { 5912 try { 5913 IActivityManager am = mInjector.getIActivityManager(); 5914 if (am.getCurrentUser().id == userId) { 5915 am.switchUser(UserHandle.USER_SYSTEM); 5916 } 5917 5918 boolean userRemoved = mUserManagerInternal.removeUserEvenWhenDisallowed(userId); 5919 if (!userRemoved) { 5920 Slog.w(LOG_TAG, "Couldn't remove user " + userId); 5921 } else if (isManagedProfile(userId)) { 5922 sendWipeProfileNotification(wipeReasonForUser); 5923 } 5924 } catch (RemoteException re) { 5925 // Shouldn't happen 5926 } 5927 } 5928 5929 @Override 5930 public void wipeDataWithReason(int flags, String wipeReasonForUser) { 5931 if (!mHasFeature) { 5932 return; 5933 } 5934 Preconditions.checkStringNotEmpty(wipeReasonForUser, "wipeReasonForUser is null or empty"); 5935 enforceFullCrossUsersPermission(mInjector.userHandleGetCallingUserId()); 5936 5937 final ActiveAdmin admin; 5938 synchronized (getLockObject()) { 5939 admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA); 5940 } 5941 String internalReason = "DevicePolicyManager.wipeDataWithReason() from " 5942 + admin.info.getComponent().flattenToShortString(); 5943 wipeDataNoLock( 5944 admin.info.getComponent(), flags, internalReason, wipeReasonForUser, 5945 admin.getUserHandle().getIdentifier()); 5946 } 5947 5948 private void wipeDataNoLock(ComponentName admin, int flags, String internalReason, 5949 String wipeReasonForUser, int userId) { 5950 wtfIfInLock(); 5951 5952 long ident = mInjector.binderClearCallingIdentity(); 5953 try { 5954 // First check whether the admin is allowed to wipe the device/user/profile. 5955 final String restriction; 5956 if (userId == UserHandle.USER_SYSTEM) { 5957 restriction = UserManager.DISALLOW_FACTORY_RESET; 5958 } else if (isManagedProfile(userId)) { 5959 restriction = UserManager.DISALLOW_REMOVE_MANAGED_PROFILE; 5960 } else { 5961 restriction = UserManager.DISALLOW_REMOVE_USER; 5962 } 5963 if (isAdminAffectedByRestriction(admin, restriction, userId)) { 5964 throw new SecurityException("Cannot wipe data. " + restriction 5965 + " restriction is set for user " + userId); 5966 } 5967 5968 if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) { 5969 if (!isDeviceOwner(admin, userId)) { 5970 throw new SecurityException( 5971 "Only device owner admins can set WIPE_RESET_PROTECTION_DATA"); 5972 } 5973 PersistentDataBlockManager manager = (PersistentDataBlockManager) 5974 mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 5975 if (manager != null) { 5976 manager.wipe(); 5977 } 5978 } 5979 5980 // TODO If split user is enabled and the device owner is set in the primary user 5981 // (rather than system), we should probably trigger factory reset. Current code just 5982 // removes that user (but still clears FRP...) 5983 if (userId == UserHandle.USER_SYSTEM) { 5984 forceWipeDeviceNoLock(/*wipeExtRequested=*/ ( 5985 flags & WIPE_EXTERNAL_STORAGE) != 0, 5986 internalReason, 5987 /*wipeEuicc=*/ (flags & WIPE_EUICC) != 0); 5988 } else { 5989 forceWipeUser(userId, wipeReasonForUser); 5990 } 5991 } finally { 5992 mInjector.binderRestoreCallingIdentity(ident); 5993 } 5994 } 5995 5996 private void sendWipeProfileNotification(String wipeReasonForUser) { 5997 Notification notification = 5998 new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) 5999 .setSmallIcon(android.R.drawable.stat_sys_warning) 6000 .setContentTitle(mContext.getString(R.string.work_profile_deleted)) 6001 .setContentText(wipeReasonForUser) 6002 .setColor(mContext.getColor(R.color.system_notification_accent_color)) 6003 .setStyle(new Notification.BigTextStyle().bigText(wipeReasonForUser)) 6004 .build(); 6005 mInjector.getNotificationManager().notify(SystemMessage.NOTE_PROFILE_WIPED, notification); 6006 } 6007 6008 private void clearWipeProfileNotification() { 6009 mInjector.getNotificationManager().cancel(SystemMessage.NOTE_PROFILE_WIPED); 6010 } 6011 6012 @Override 6013 public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) { 6014 if (!mHasFeature) { 6015 return; 6016 } 6017 enforceFullCrossUsersPermission(userHandle); 6018 mContext.enforceCallingOrSelfPermission( 6019 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6020 6021 synchronized (getLockObject()) { 6022 ActiveAdmin admin = getActiveAdminUncheckedLocked(comp, userHandle); 6023 if (admin == null) { 6024 result.sendResult(null); 6025 return; 6026 } 6027 Intent intent = new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED); 6028 intent.setFlags(Intent.FLAG_RECEIVER_FOREGROUND); 6029 intent.setComponent(admin.info.getComponent()); 6030 mContext.sendOrderedBroadcastAsUser(intent, new UserHandle(userHandle), 6031 null, new BroadcastReceiver() { 6032 @Override 6033 public void onReceive(Context context, Intent intent) { 6034 result.sendResult(getResultExtras(false)); 6035 } 6036 }, null, Activity.RESULT_OK, null, null); 6037 } 6038 } 6039 6040 /** 6041 * Notify DPMS regarding the metric of the current password. This happens when the user changes 6042 * the password, but also when the user just unlocks the keyguard. In comparison, 6043 * reportPasswordChanged() is only called when the user changes the password. 6044 */ 6045 @Override 6046 public void setActivePasswordState(PasswordMetrics metrics, int userHandle) { 6047 if (!mHasFeature) { 6048 return; 6049 } 6050 enforceFullCrossUsersPermission(userHandle); 6051 mContext.enforceCallingOrSelfPermission( 6052 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6053 6054 // If the managed profile doesn't have a separate password, set the metrics to default 6055 if (isManagedProfile(userHandle) && !isSeparateProfileChallengeEnabled(userHandle)) { 6056 metrics = new PasswordMetrics(); 6057 } 6058 6059 validateQualityConstant(metrics.quality); 6060 synchronized (getLockObject()) { 6061 mUserPasswordMetrics.put(userHandle, metrics); 6062 } 6063 } 6064 6065 @Override 6066 public void reportPasswordChanged(@UserIdInt int userId) { 6067 if (!mHasFeature) { 6068 return; 6069 } 6070 enforceFullCrossUsersPermission(userId); 6071 6072 // Managed Profile password can only be changed when it has a separate challenge. 6073 if (!isSeparateProfileChallengeEnabled(userId)) { 6074 enforceNotManagedProfile(userId, "set the active password"); 6075 } 6076 6077 mContext.enforceCallingOrSelfPermission( 6078 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6079 6080 DevicePolicyData policy = getUserData(userId); 6081 6082 long ident = mInjector.binderClearCallingIdentity(); 6083 try { 6084 synchronized (getLockObject()) { 6085 policy.mFailedPasswordAttempts = 0; 6086 updatePasswordValidityCheckpointLocked(userId, /* parent */ false); 6087 updatePasswordExpirationsLocked(userId); 6088 setExpirationAlarmCheckLocked(mContext, userId, /* parent */ false); 6089 6090 // Send a broadcast to each profile using this password as its primary unlock. 6091 sendAdminCommandForLockscreenPoliciesLocked( 6092 DeviceAdminReceiver.ACTION_PASSWORD_CHANGED, 6093 DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userId); 6094 } 6095 removeCaApprovalsIfNeeded(userId); 6096 } finally { 6097 mInjector.binderRestoreCallingIdentity(ident); 6098 } 6099 } 6100 6101 /** 6102 * Called any time the device password is updated. Resets all password expiration clocks. 6103 */ 6104 private void updatePasswordExpirationsLocked(int userHandle) { 6105 ArraySet<Integer> affectedUserIds = new ArraySet<Integer>(); 6106 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 6107 userHandle, /* parent */ false); 6108 final int N = admins.size(); 6109 for (int i = 0; i < N; i++) { 6110 ActiveAdmin admin = admins.get(i); 6111 if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) { 6112 affectedUserIds.add(admin.getUserHandle().getIdentifier()); 6113 long timeout = admin.passwordExpirationTimeout; 6114 long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L; 6115 admin.passwordExpirationDate = expiration; 6116 } 6117 } 6118 for (int affectedUserId : affectedUserIds) { 6119 saveSettingsLocked(affectedUserId); 6120 } 6121 } 6122 6123 @Override 6124 public void reportFailedPasswordAttempt(int userHandle) { 6125 enforceFullCrossUsersPermission(userHandle); 6126 if (!isSeparateProfileChallengeEnabled(userHandle)) { 6127 enforceNotManagedProfile(userHandle, 6128 "report failed password attempt if separate profile challenge is not in place"); 6129 } 6130 mContext.enforceCallingOrSelfPermission( 6131 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6132 6133 boolean wipeData = false; 6134 ActiveAdmin strictestAdmin = null; 6135 final long ident = mInjector.binderClearCallingIdentity(); 6136 try { 6137 synchronized (getLockObject()) { 6138 DevicePolicyData policy = getUserData(userHandle); 6139 policy.mFailedPasswordAttempts++; 6140 saveSettingsLocked(userHandle); 6141 if (mHasFeature) { 6142 strictestAdmin = getAdminWithMinimumFailedPasswordsForWipeLocked( 6143 userHandle, /* parent */ false); 6144 int max = strictestAdmin != null 6145 ? strictestAdmin.maximumFailedPasswordsForWipe : 0; 6146 if (max > 0 && policy.mFailedPasswordAttempts >= max) { 6147 wipeData = true; 6148 } 6149 6150 sendAdminCommandForLockscreenPoliciesLocked( 6151 DeviceAdminReceiver.ACTION_PASSWORD_FAILED, 6152 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle); 6153 } 6154 } 6155 } finally { 6156 mInjector.binderRestoreCallingIdentity(ident); 6157 } 6158 6159 if (wipeData && strictestAdmin != null) { 6160 final int userId = strictestAdmin.getUserHandle().getIdentifier(); 6161 Slog.i(LOG_TAG, "Max failed password attempts policy reached for admin: " 6162 + strictestAdmin.info.getComponent().flattenToShortString() 6163 + ". Calling wipeData for user " + userId); 6164 6165 // Attempt to wipe the device/user/profile associated with the admin, as if the 6166 // admin had called wipeData(). That way we can check whether the admin is actually 6167 // allowed to wipe the device (e.g. a regular device admin shouldn't be able to wipe the 6168 // device if the device owner has set DISALLOW_FACTORY_RESET, but the DO should be 6169 // able to do so). 6170 // IMPORTANT: Call without holding the lock to prevent deadlock. 6171 try { 6172 String wipeReasonForUser = mContext.getString( 6173 R.string.work_profile_deleted_reason_maximum_password_failure); 6174 wipeDataNoLock(strictestAdmin.info.getComponent(), 6175 /*flags=*/ 0, 6176 /*reason=*/ "reportFailedPasswordAttempt()", 6177 wipeReasonForUser, 6178 userId); 6179 } catch (SecurityException e) { 6180 Slog.w(LOG_TAG, "Failed to wipe user " + userId 6181 + " after max failed password attempts reached.", e); 6182 } 6183 } 6184 6185 if (mInjector.securityLogIsLoggingEnabled()) { 6186 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, 6187 /*result*/ 0, /*method strength*/ 1); 6188 } 6189 } 6190 6191 @Override 6192 public void reportSuccessfulPasswordAttempt(int userHandle) { 6193 enforceFullCrossUsersPermission(userHandle); 6194 mContext.enforceCallingOrSelfPermission( 6195 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6196 6197 synchronized (getLockObject()) { 6198 DevicePolicyData policy = getUserData(userHandle); 6199 if (policy.mFailedPasswordAttempts != 0 || policy.mPasswordOwner >= 0) { 6200 long ident = mInjector.binderClearCallingIdentity(); 6201 try { 6202 policy.mFailedPasswordAttempts = 0; 6203 policy.mPasswordOwner = -1; 6204 saveSettingsLocked(userHandle); 6205 if (mHasFeature) { 6206 sendAdminCommandForLockscreenPoliciesLocked( 6207 DeviceAdminReceiver.ACTION_PASSWORD_SUCCEEDED, 6208 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle); 6209 } 6210 } finally { 6211 mInjector.binderRestoreCallingIdentity(ident); 6212 } 6213 } 6214 } 6215 6216 if (mInjector.securityLogIsLoggingEnabled()) { 6217 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1, 6218 /*method strength*/ 1); 6219 } 6220 } 6221 6222 @Override 6223 public void reportFailedFingerprintAttempt(int userHandle) { 6224 enforceFullCrossUsersPermission(userHandle); 6225 mContext.enforceCallingOrSelfPermission( 6226 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6227 if (mInjector.securityLogIsLoggingEnabled()) { 6228 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0, 6229 /*method strength*/ 0); 6230 } 6231 } 6232 6233 @Override 6234 public void reportSuccessfulFingerprintAttempt(int userHandle) { 6235 enforceFullCrossUsersPermission(userHandle); 6236 mContext.enforceCallingOrSelfPermission( 6237 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6238 if (mInjector.securityLogIsLoggingEnabled()) { 6239 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1, 6240 /*method strength*/ 0); 6241 } 6242 } 6243 6244 @Override 6245 public void reportKeyguardDismissed(int userHandle) { 6246 enforceFullCrossUsersPermission(userHandle); 6247 mContext.enforceCallingOrSelfPermission( 6248 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6249 6250 if (mInjector.securityLogIsLoggingEnabled()) { 6251 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED); 6252 } 6253 } 6254 6255 @Override 6256 public void reportKeyguardSecured(int userHandle) { 6257 enforceFullCrossUsersPermission(userHandle); 6258 mContext.enforceCallingOrSelfPermission( 6259 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6260 6261 if (mInjector.securityLogIsLoggingEnabled()) { 6262 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED); 6263 } 6264 } 6265 6266 @Override 6267 public ComponentName setGlobalProxy(ComponentName who, String proxySpec, 6268 String exclusionList) { 6269 if (!mHasFeature) { 6270 return null; 6271 } 6272 synchronized (getLockObject()) { 6273 Preconditions.checkNotNull(who, "ComponentName is null"); 6274 6275 // Only check if system user has set global proxy. We don't allow other users to set it. 6276 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6277 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 6278 DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); 6279 6280 // Scan through active admins and find if anyone has already 6281 // set the global proxy. 6282 Set<ComponentName> compSet = policy.mAdminMap.keySet(); 6283 for (ComponentName component : compSet) { 6284 ActiveAdmin ap = policy.mAdminMap.get(component); 6285 if ((ap.specifiesGlobalProxy) && (!component.equals(who))) { 6286 // Another admin already sets the global proxy 6287 // Return it to the caller. 6288 return component; 6289 } 6290 } 6291 6292 // If the user is not system, don't set the global proxy. Fail silently. 6293 if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) { 6294 Slog.w(LOG_TAG, "Only the owner is allowed to set the global proxy. User " 6295 + UserHandle.getCallingUserId() + " is not permitted."); 6296 return null; 6297 } 6298 if (proxySpec == null) { 6299 admin.specifiesGlobalProxy = false; 6300 admin.globalProxySpec = null; 6301 admin.globalProxyExclusionList = null; 6302 } else { 6303 6304 admin.specifiesGlobalProxy = true; 6305 admin.globalProxySpec = proxySpec; 6306 admin.globalProxyExclusionList = exclusionList; 6307 } 6308 6309 // Reset the global proxy accordingly 6310 // Do this using system permissions, as apps cannot write to secure settings 6311 long origId = mInjector.binderClearCallingIdentity(); 6312 try { 6313 resetGlobalProxyLocked(policy); 6314 } finally { 6315 mInjector.binderRestoreCallingIdentity(origId); 6316 } 6317 return null; 6318 } 6319 } 6320 6321 @Override 6322 public ComponentName getGlobalProxyAdmin(int userHandle) { 6323 if (!mHasFeature) { 6324 return null; 6325 } 6326 enforceFullCrossUsersPermission(userHandle); 6327 synchronized (getLockObject()) { 6328 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6329 // Scan through active admins and find if anyone has already 6330 // set the global proxy. 6331 final int N = policy.mAdminList.size(); 6332 for (int i = 0; i < N; i++) { 6333 ActiveAdmin ap = policy.mAdminList.get(i); 6334 if (ap.specifiesGlobalProxy) { 6335 // Device admin sets the global proxy 6336 // Return it to the caller. 6337 return ap.info.getComponent(); 6338 } 6339 } 6340 } 6341 // No device admin sets the global proxy. 6342 return null; 6343 } 6344 6345 @Override 6346 public void setRecommendedGlobalProxy(ComponentName who, ProxyInfo proxyInfo) { 6347 synchronized (getLockObject()) { 6348 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6349 } 6350 long token = mInjector.binderClearCallingIdentity(); 6351 try { 6352 ConnectivityManager connectivityManager = (ConnectivityManager) 6353 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 6354 connectivityManager.setGlobalProxy(proxyInfo); 6355 } finally { 6356 mInjector.binderRestoreCallingIdentity(token); 6357 } 6358 } 6359 6360 private void resetGlobalProxyLocked(DevicePolicyData policy) { 6361 final int N = policy.mAdminList.size(); 6362 for (int i = 0; i < N; i++) { 6363 ActiveAdmin ap = policy.mAdminList.get(i); 6364 if (ap.specifiesGlobalProxy) { 6365 saveGlobalProxyLocked(ap.globalProxySpec, ap.globalProxyExclusionList); 6366 return; 6367 } 6368 } 6369 // No device admins defining global proxies - reset global proxy settings to none 6370 saveGlobalProxyLocked(null, null); 6371 } 6372 6373 private void saveGlobalProxyLocked(String proxySpec, String exclusionList) { 6374 if (exclusionList == null) { 6375 exclusionList = ""; 6376 } 6377 if (proxySpec == null) { 6378 proxySpec = ""; 6379 } 6380 // Remove white spaces 6381 proxySpec = proxySpec.trim(); 6382 String data[] = proxySpec.split(":"); 6383 int proxyPort = 8080; 6384 if (data.length > 1) { 6385 try { 6386 proxyPort = Integer.parseInt(data[1]); 6387 } catch (NumberFormatException e) {} 6388 } 6389 exclusionList = exclusionList.trim(); 6390 6391 ProxyInfo proxyProperties = new ProxyInfo(data[0], proxyPort, exclusionList); 6392 if (!proxyProperties.isValid()) { 6393 Slog.e(LOG_TAG, "Invalid proxy properties, ignoring: " + proxyProperties.toString()); 6394 return; 6395 } 6396 mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_HOST, data[0]); 6397 mInjector.settingsGlobalPutInt(Settings.Global.GLOBAL_HTTP_PROXY_PORT, proxyPort); 6398 mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_EXCLUSION_LIST, 6399 exclusionList); 6400 } 6401 6402 /** 6403 * Called by an application that is administering the device to request that the storage system 6404 * be encrypted. Does nothing if the caller is on a secondary user or a managed profile. 6405 * 6406 * @return the new total request status (for all admins), or {@link 6407 * DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED} if called for a non-system user 6408 */ 6409 @Override 6410 public int setStorageEncryption(ComponentName who, boolean encrypt) { 6411 if (!mHasFeature) { 6412 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6413 } 6414 Preconditions.checkNotNull(who, "ComponentName is null"); 6415 final int userHandle = UserHandle.getCallingUserId(); 6416 synchronized (getLockObject()) { 6417 // Check for permissions 6418 // Only system user can set storage encryption 6419 if (userHandle != UserHandle.USER_SYSTEM) { 6420 Slog.w(LOG_TAG, "Only owner/system user is allowed to set storage encryption. User " 6421 + UserHandle.getCallingUserId() + " is not permitted."); 6422 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6423 } 6424 6425 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6426 DeviceAdminInfo.USES_ENCRYPTED_STORAGE); 6427 6428 // Quick exit: If the filesystem does not support encryption, we can exit early. 6429 if (!isEncryptionSupported()) { 6430 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6431 } 6432 6433 // (1) Record the value for the admin so it's sticky 6434 if (ap.encryptionRequested != encrypt) { 6435 ap.encryptionRequested = encrypt; 6436 saveSettingsLocked(userHandle); 6437 } 6438 6439 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6440 // (2) Compute "max" for all admins 6441 boolean newRequested = false; 6442 final int N = policy.mAdminList.size(); 6443 for (int i = 0; i < N; i++) { 6444 newRequested |= policy.mAdminList.get(i).encryptionRequested; 6445 } 6446 6447 // Notify OS of new request 6448 setEncryptionRequested(newRequested); 6449 6450 // Return the new global request status 6451 return newRequested 6452 ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE 6453 : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; 6454 } 6455 } 6456 6457 /** 6458 * Get the current storage encryption request status for a given admin, or aggregate of all 6459 * active admins. 6460 */ 6461 @Override 6462 public boolean getStorageEncryption(ComponentName who, int userHandle) { 6463 if (!mHasFeature) { 6464 return false; 6465 } 6466 enforceFullCrossUsersPermission(userHandle); 6467 synchronized (getLockObject()) { 6468 // Check for permissions if a particular caller is specified 6469 if (who != null) { 6470 // When checking for a single caller, status is based on caller's request 6471 ActiveAdmin ap = getActiveAdminUncheckedLocked(who, userHandle); 6472 return ap != null ? ap.encryptionRequested : false; 6473 } 6474 6475 // If no particular caller is specified, return the aggregate set of requests. 6476 // This is short circuited by returning true on the first hit. 6477 DevicePolicyData policy = getUserData(userHandle); 6478 final int N = policy.mAdminList.size(); 6479 for (int i = 0; i < N; i++) { 6480 if (policy.mAdminList.get(i).encryptionRequested) { 6481 return true; 6482 } 6483 } 6484 return false; 6485 } 6486 } 6487 6488 /** 6489 * Get the current encryption status of the device. 6490 */ 6491 @Override 6492 public int getStorageEncryptionStatus(@Nullable String callerPackage, int userHandle) { 6493 if (!mHasFeature) { 6494 // Ok to return current status. 6495 } 6496 enforceFullCrossUsersPermission(userHandle); 6497 6498 // It's not critical here, but let's make sure the package name is correct, in case 6499 // we start using it for different purposes. 6500 ensureCallerPackage(callerPackage); 6501 6502 final ApplicationInfo ai; 6503 try { 6504 ai = mIPackageManager.getApplicationInfo(callerPackage, 0, userHandle); 6505 } catch (RemoteException e) { 6506 throw new SecurityException(e); 6507 } 6508 6509 boolean legacyApp = false; 6510 if (ai.targetSdkVersion <= Build.VERSION_CODES.M) { 6511 legacyApp = true; 6512 } 6513 6514 final int rawStatus = getEncryptionStatus(); 6515 if ((rawStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER) && legacyApp) { 6516 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE; 6517 } 6518 return rawStatus; 6519 } 6520 6521 /** 6522 * Hook to low-levels: This should report if the filesystem supports encrypted storage. 6523 */ 6524 private boolean isEncryptionSupported() { 6525 // Note, this can be implemented as 6526 // return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6527 // But is provided as a separate internal method if there's a faster way to do a 6528 // simple check for supported-or-not. 6529 return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6530 } 6531 6532 /** 6533 * Hook to low-levels: Reporting the current status of encryption. 6534 * @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED}, 6535 * {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE}, 6536 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY}, 6537 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER}, or 6538 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}. 6539 */ 6540 private int getEncryptionStatus() { 6541 if (mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 6542 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER; 6543 } else if (mInjector.storageManagerIsNonDefaultBlockEncrypted()) { 6544 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE; 6545 } else if (mInjector.storageManagerIsEncrypted()) { 6546 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY; 6547 } else if (mInjector.storageManagerIsEncryptable()) { 6548 return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; 6549 } else { 6550 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6551 } 6552 } 6553 6554 /** 6555 * Hook to low-levels: If needed, record the new admin setting for encryption. 6556 */ 6557 private void setEncryptionRequested(boolean encrypt) { 6558 } 6559 6560 /** 6561 * Set whether the screen capture is disabled for the user managed by the specified admin. 6562 */ 6563 @Override 6564 public void setScreenCaptureDisabled(ComponentName who, boolean disabled) { 6565 if (!mHasFeature) { 6566 return; 6567 } 6568 Preconditions.checkNotNull(who, "ComponentName is null"); 6569 final int userHandle = UserHandle.getCallingUserId(); 6570 synchronized (getLockObject()) { 6571 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6572 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 6573 if (ap.disableScreenCapture != disabled) { 6574 ap.disableScreenCapture = disabled; 6575 saveSettingsLocked(userHandle); 6576 updateScreenCaptureDisabled(userHandle, disabled); 6577 } 6578 } 6579 } 6580 6581 /** 6582 * Returns whether or not screen capture is disabled for a given admin, or disabled for any 6583 * active admin (if given admin is null). 6584 */ 6585 @Override 6586 public boolean getScreenCaptureDisabled(ComponentName who, int userHandle) { 6587 if (!mHasFeature) { 6588 return false; 6589 } 6590 synchronized (getLockObject()) { 6591 if (who != null) { 6592 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 6593 return (admin != null) ? admin.disableScreenCapture : false; 6594 } 6595 6596 DevicePolicyData policy = getUserData(userHandle); 6597 final int N = policy.mAdminList.size(); 6598 for (int i = 0; i < N; i++) { 6599 ActiveAdmin admin = policy.mAdminList.get(i); 6600 if (admin.disableScreenCapture) { 6601 return true; 6602 } 6603 } 6604 return false; 6605 } 6606 } 6607 6608 private void updateScreenCaptureDisabled(int userHandle, boolean disabled) { 6609 mPolicyCache.setScreenCaptureDisabled(userHandle, disabled); 6610 mHandler.post(new Runnable() { 6611 @Override 6612 public void run() { 6613 try { 6614 mInjector.getIWindowManager().refreshScreenCaptureDisabled(userHandle); 6615 } catch (RemoteException e) { 6616 Log.w(LOG_TAG, "Unable to notify WindowManager.", e); 6617 } 6618 } 6619 }); 6620 } 6621 6622 /** 6623 * Set whether auto time is required by the specified admin (must be device or profile owner). 6624 */ 6625 @Override 6626 public void setAutoTimeRequired(ComponentName who, boolean required) { 6627 if (!mHasFeature) { 6628 return; 6629 } 6630 Preconditions.checkNotNull(who, "ComponentName is null"); 6631 final int userHandle = UserHandle.getCallingUserId(); 6632 synchronized (getLockObject()) { 6633 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 6634 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 6635 if (admin.requireAutoTime != required) { 6636 admin.requireAutoTime = required; 6637 saveSettingsLocked(userHandle); 6638 } 6639 } 6640 6641 // Turn AUTO_TIME on in settings if it is required 6642 if (required) { 6643 long ident = mInjector.binderClearCallingIdentity(); 6644 try { 6645 mInjector.settingsGlobalPutInt(Settings.Global.AUTO_TIME, 1 /* AUTO_TIME on */); 6646 } finally { 6647 mInjector.binderRestoreCallingIdentity(ident); 6648 } 6649 } 6650 } 6651 6652 /** 6653 * Returns whether or not auto time is required by the device owner or any profile owner. 6654 */ 6655 @Override 6656 public boolean getAutoTimeRequired() { 6657 if (!mHasFeature) { 6658 return false; 6659 } 6660 synchronized (getLockObject()) { 6661 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 6662 if (deviceOwner != null && deviceOwner.requireAutoTime) { 6663 // If the device owner enforces auto time, we don't need to check the PO's 6664 return true; 6665 } 6666 6667 // Now check to see if any profile owner on any user enforces auto time 6668 for (Integer userId : mOwners.getProfileOwnerKeys()) { 6669 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 6670 if (profileOwner != null && profileOwner.requireAutoTime) { 6671 return true; 6672 } 6673 } 6674 6675 return false; 6676 } 6677 } 6678 6679 @Override 6680 public void setForceEphemeralUsers(ComponentName who, boolean forceEphemeralUsers) { 6681 if (!mHasFeature) { 6682 return; 6683 } 6684 Preconditions.checkNotNull(who, "ComponentName is null"); 6685 // Allow setting this policy to true only if there is a split system user. 6686 if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) { 6687 throw new UnsupportedOperationException( 6688 "Cannot force ephemeral users on systems without split system user."); 6689 } 6690 boolean removeAllUsers = false; 6691 synchronized (getLockObject()) { 6692 final ActiveAdmin deviceOwner = 6693 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6694 if (deviceOwner.forceEphemeralUsers != forceEphemeralUsers) { 6695 deviceOwner.forceEphemeralUsers = forceEphemeralUsers; 6696 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 6697 mUserManagerInternal.setForceEphemeralUsers(forceEphemeralUsers); 6698 removeAllUsers = forceEphemeralUsers; 6699 } 6700 } 6701 if (removeAllUsers) { 6702 long identitity = mInjector.binderClearCallingIdentity(); 6703 try { 6704 mUserManagerInternal.removeAllUsers(); 6705 } finally { 6706 mInjector.binderRestoreCallingIdentity(identitity); 6707 } 6708 } 6709 } 6710 6711 @Override 6712 public boolean getForceEphemeralUsers(ComponentName who) { 6713 if (!mHasFeature) { 6714 return false; 6715 } 6716 Preconditions.checkNotNull(who, "ComponentName is null"); 6717 synchronized (getLockObject()) { 6718 final ActiveAdmin deviceOwner = 6719 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6720 return deviceOwner.forceEphemeralUsers; 6721 } 6722 } 6723 6724 private void ensureDeviceOwnerAndAllUsersAffiliated(ComponentName who) throws SecurityException { 6725 synchronized (getLockObject()) { 6726 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6727 if (!areAllUsersAffiliatedWithDeviceLocked()) { 6728 throw new SecurityException("Not all users are affiliated."); 6729 } 6730 } 6731 } 6732 6733 @Override 6734 public boolean requestBugreport(ComponentName who) { 6735 if (!mHasFeature) { 6736 return false; 6737 } 6738 Preconditions.checkNotNull(who, "ComponentName is null"); 6739 6740 // TODO: If an unaffiliated user is removed, the admin will be able to request a bugreport 6741 // which could still contain data related to that user. Should we disallow that, e.g. until 6742 // next boot? Might not be needed given that this still requires user consent. 6743 ensureDeviceOwnerAndAllUsersAffiliated(who); 6744 6745 if (mRemoteBugreportServiceIsActive.get() 6746 || (getDeviceOwnerRemoteBugreportUri() != null)) { 6747 Slog.d(LOG_TAG, "Remote bugreport wasn't started because there's already one running."); 6748 return false; 6749 } 6750 6751 final long currentTime = System.currentTimeMillis(); 6752 synchronized (getLockObject()) { 6753 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 6754 if (currentTime > policyData.mLastBugReportRequestTime) { 6755 policyData.mLastBugReportRequestTime = currentTime; 6756 saveSettingsLocked(UserHandle.USER_SYSTEM); 6757 } 6758 } 6759 6760 final long callingIdentity = mInjector.binderClearCallingIdentity(); 6761 try { 6762 mInjector.getIActivityManager().requestBugReport( 6763 ActivityManager.BUGREPORT_OPTION_REMOTE); 6764 6765 mRemoteBugreportServiceIsActive.set(true); 6766 mRemoteBugreportSharingAccepted.set(false); 6767 registerRemoteBugreportReceivers(); 6768 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, 6769 RemoteBugreportUtils.NOTIFICATION_ID, 6770 RemoteBugreportUtils.buildNotification(mContext, 6771 DevicePolicyManager.NOTIFICATION_BUGREPORT_STARTED), UserHandle.ALL); 6772 mHandler.postDelayed(mRemoteBugreportTimeoutRunnable, 6773 RemoteBugreportUtils.REMOTE_BUGREPORT_TIMEOUT_MILLIS); 6774 return true; 6775 } catch (RemoteException re) { 6776 // should never happen 6777 Slog.e(LOG_TAG, "Failed to make remote calls to start bugreportremote service", re); 6778 return false; 6779 } finally { 6780 mInjector.binderRestoreCallingIdentity(callingIdentity); 6781 } 6782 } 6783 6784 void sendDeviceOwnerCommand(String action, Bundle extras) { 6785 int deviceOwnerUserId; 6786 ComponentName deviceOwnerComponent; 6787 synchronized (getLockObject()) { 6788 deviceOwnerUserId = mOwners.getDeviceOwnerUserId(); 6789 deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 6790 } 6791 sendActiveAdminCommand(action, extras, deviceOwnerUserId, 6792 deviceOwnerComponent); 6793 } 6794 6795 private void sendProfileOwnerCommand(String action, Bundle extras, int userHandle) { 6796 sendActiveAdminCommand(action, extras, userHandle, 6797 mOwners.getProfileOwnerComponent(userHandle)); 6798 } 6799 6800 private void sendActiveAdminCommand(String action, Bundle extras, 6801 int userHandle, ComponentName receiverComponent) { 6802 final Intent intent = new Intent(action); 6803 intent.setComponent(receiverComponent); 6804 if (extras != null) { 6805 intent.putExtras(extras); 6806 } 6807 mContext.sendBroadcastAsUser(intent, UserHandle.of(userHandle)); 6808 } 6809 6810 private void sendOwnerChangedBroadcast(String broadcast, int userId) { 6811 final Intent intent = new Intent(broadcast) 6812 .addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND); 6813 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 6814 } 6815 6816 private String getDeviceOwnerRemoteBugreportUri() { 6817 synchronized (getLockObject()) { 6818 return mOwners.getDeviceOwnerRemoteBugreportUri(); 6819 } 6820 } 6821 6822 private void setDeviceOwnerRemoteBugreportUriAndHash(String bugreportUri, 6823 String bugreportHash) { 6824 synchronized (getLockObject()) { 6825 mOwners.setDeviceOwnerRemoteBugreportUriAndHash(bugreportUri, bugreportHash); 6826 } 6827 } 6828 6829 private void registerRemoteBugreportReceivers() { 6830 try { 6831 IntentFilter filterFinished = new IntentFilter( 6832 DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH, 6833 RemoteBugreportUtils.BUGREPORT_MIMETYPE); 6834 mContext.registerReceiver(mRemoteBugreportFinishedReceiver, filterFinished); 6835 } catch (IntentFilter.MalformedMimeTypeException e) { 6836 // should never happen, as setting a constant 6837 Slog.w(LOG_TAG, "Failed to set type " + RemoteBugreportUtils.BUGREPORT_MIMETYPE, e); 6838 } 6839 IntentFilter filterConsent = new IntentFilter(); 6840 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED); 6841 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED); 6842 mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent); 6843 } 6844 6845 private void onBugreportFinished(Intent intent) { 6846 mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable); 6847 mRemoteBugreportServiceIsActive.set(false); 6848 Uri bugreportUri = intent.getData(); 6849 String bugreportUriString = null; 6850 if (bugreportUri != null) { 6851 bugreportUriString = bugreportUri.toString(); 6852 } 6853 String bugreportHash = intent.getStringExtra( 6854 DevicePolicyManager.EXTRA_REMOTE_BUGREPORT_HASH); 6855 if (mRemoteBugreportSharingAccepted.get()) { 6856 shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash); 6857 mInjector.getNotificationManager().cancel(LOG_TAG, 6858 RemoteBugreportUtils.NOTIFICATION_ID); 6859 } else { 6860 setDeviceOwnerRemoteBugreportUriAndHash(bugreportUriString, bugreportHash); 6861 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID, 6862 RemoteBugreportUtils.buildNotification(mContext, 6863 DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED), 6864 UserHandle.ALL); 6865 } 6866 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6867 } 6868 6869 private void onBugreportFailed() { 6870 mRemoteBugreportServiceIsActive.set(false); 6871 mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP, 6872 RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE); 6873 mRemoteBugreportSharingAccepted.set(false); 6874 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6875 mInjector.getNotificationManager().cancel(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID); 6876 Bundle extras = new Bundle(); 6877 extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON, 6878 DeviceAdminReceiver.BUGREPORT_FAILURE_FAILED_COMPLETING); 6879 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras); 6880 mContext.unregisterReceiver(mRemoteBugreportConsentReceiver); 6881 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6882 } 6883 6884 private void onBugreportSharingAccepted() { 6885 mRemoteBugreportSharingAccepted.set(true); 6886 String bugreportUriString = null; 6887 String bugreportHash = null; 6888 synchronized (getLockObject()) { 6889 bugreportUriString = getDeviceOwnerRemoteBugreportUri(); 6890 bugreportHash = mOwners.getDeviceOwnerRemoteBugreportHash(); 6891 } 6892 if (bugreportUriString != null) { 6893 shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash); 6894 } else if (mRemoteBugreportServiceIsActive.get()) { 6895 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID, 6896 RemoteBugreportUtils.buildNotification(mContext, 6897 DevicePolicyManager.NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED), 6898 UserHandle.ALL); 6899 } 6900 } 6901 6902 private void onBugreportSharingDeclined() { 6903 if (mRemoteBugreportServiceIsActive.get()) { 6904 mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP, 6905 RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE); 6906 mRemoteBugreportServiceIsActive.set(false); 6907 mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable); 6908 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6909 } 6910 mRemoteBugreportSharingAccepted.set(false); 6911 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6912 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_SHARING_DECLINED, null); 6913 } 6914 6915 private void shareBugreportWithDeviceOwnerIfExists(String bugreportUriString, 6916 String bugreportHash) { 6917 ParcelFileDescriptor pfd = null; 6918 try { 6919 if (bugreportUriString == null) { 6920 throw new FileNotFoundException(); 6921 } 6922 Uri bugreportUri = Uri.parse(bugreportUriString); 6923 pfd = mContext.getContentResolver().openFileDescriptor(bugreportUri, "r"); 6924 6925 synchronized (getLockObject()) { 6926 Intent intent = new Intent(DeviceAdminReceiver.ACTION_BUGREPORT_SHARE); 6927 intent.setComponent(mOwners.getDeviceOwnerComponent()); 6928 intent.setDataAndType(bugreportUri, RemoteBugreportUtils.BUGREPORT_MIMETYPE); 6929 intent.putExtra(DeviceAdminReceiver.EXTRA_BUGREPORT_HASH, bugreportHash); 6930 intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); 6931 6932 LocalServices.getService(ActivityManagerInternal.class) 6933 .grantUriPermissionFromIntent(Process.SHELL_UID, 6934 mOwners.getDeviceOwnerComponent().getPackageName(), 6935 intent, mOwners.getDeviceOwnerUserId()); 6936 mContext.sendBroadcastAsUser(intent, UserHandle.of(mOwners.getDeviceOwnerUserId())); 6937 } 6938 } catch (FileNotFoundException e) { 6939 Bundle extras = new Bundle(); 6940 extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON, 6941 DeviceAdminReceiver.BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE); 6942 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras); 6943 } finally { 6944 try { 6945 if (pfd != null) { 6946 pfd.close(); 6947 } 6948 } catch (IOException ex) { 6949 // Ignore 6950 } 6951 mRemoteBugreportSharingAccepted.set(false); 6952 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6953 } 6954 } 6955 6956 /** 6957 * Disables all device cameras according to the specified admin. 6958 */ 6959 @Override 6960 public void setCameraDisabled(ComponentName who, boolean disabled) { 6961 if (!mHasFeature) { 6962 return; 6963 } 6964 Preconditions.checkNotNull(who, "ComponentName is null"); 6965 final int userHandle = mInjector.userHandleGetCallingUserId(); 6966 synchronized (getLockObject()) { 6967 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6968 DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA); 6969 if (ap.disableCamera != disabled) { 6970 ap.disableCamera = disabled; 6971 saveSettingsLocked(userHandle); 6972 } 6973 } 6974 // Tell the user manager that the restrictions have changed. 6975 pushUserRestrictions(userHandle); 6976 } 6977 6978 /** 6979 * Gets whether or not all device cameras are disabled for a given admin, or disabled for any 6980 * active admins. 6981 */ 6982 @Override 6983 public boolean getCameraDisabled(ComponentName who, int userHandle) { 6984 return getCameraDisabled(who, userHandle, /* mergeDeviceOwnerRestriction= */ true); 6985 } 6986 6987 private boolean getCameraDisabled(ComponentName who, int userHandle, 6988 boolean mergeDeviceOwnerRestriction) { 6989 if (!mHasFeature) { 6990 return false; 6991 } 6992 synchronized (getLockObject()) { 6993 if (who != null) { 6994 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 6995 return (admin != null) ? admin.disableCamera : false; 6996 } 6997 // First, see if DO has set it. If so, it's device-wide. 6998 if (mergeDeviceOwnerRestriction) { 6999 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7000 if (deviceOwner != null && deviceOwner.disableCamera) { 7001 return true; 7002 } 7003 } 7004 7005 // Then check each device admin on the user. 7006 DevicePolicyData policy = getUserData(userHandle); 7007 // Determine whether or not the device camera is disabled for any active admins. 7008 final int N = policy.mAdminList.size(); 7009 for (int i = 0; i < N; i++) { 7010 ActiveAdmin admin = policy.mAdminList.get(i); 7011 if (admin.disableCamera) { 7012 return true; 7013 } 7014 } 7015 return false; 7016 } 7017 } 7018 7019 @Override 7020 public void setKeyguardDisabledFeatures(ComponentName who, int which, boolean parent) { 7021 if (!mHasFeature) { 7022 return; 7023 } 7024 Preconditions.checkNotNull(who, "ComponentName is null"); 7025 final int userHandle = mInjector.userHandleGetCallingUserId(); 7026 if (isManagedProfile(userHandle)) { 7027 if (parent) { 7028 which = which & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER; 7029 } else { 7030 which = which & PROFILE_KEYGUARD_FEATURES; 7031 } 7032 } 7033 synchronized (getLockObject()) { 7034 ActiveAdmin ap = getActiveAdminForCallerLocked( 7035 who, DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent); 7036 if (ap.disabledKeyguardFeatures != which) { 7037 ap.disabledKeyguardFeatures = which; 7038 saveSettingsLocked(userHandle); 7039 } 7040 } 7041 if (SecurityLog.isLoggingEnabled()) { 7042 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 7043 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISABLED_FEATURES_SET, 7044 who.getPackageName(), userHandle, affectedUserId, which); 7045 } 7046 } 7047 7048 /** 7049 * Gets the disabled state for features in keyguard for the given admin, 7050 * or the aggregate of all active admins if who is null. 7051 */ 7052 @Override 7053 public int getKeyguardDisabledFeatures(ComponentName who, int userHandle, boolean parent) { 7054 if (!mHasFeature) { 7055 return 0; 7056 } 7057 enforceFullCrossUsersPermission(userHandle); 7058 final long ident = mInjector.binderClearCallingIdentity(); 7059 try { 7060 synchronized (getLockObject()) { 7061 if (who != null) { 7062 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 7063 return (admin != null) ? admin.disabledKeyguardFeatures : 0; 7064 } 7065 7066 final List<ActiveAdmin> admins; 7067 if (!parent && isManagedProfile(userHandle)) { 7068 // If we are being asked about a managed profile, just return keyguard features 7069 // disabled by admins in the profile. 7070 admins = getUserDataUnchecked(userHandle).mAdminList; 7071 } else { 7072 // Otherwise return those set by admins in the user and its profiles. 7073 admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 7074 } 7075 7076 int which = DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE; 7077 final int N = admins.size(); 7078 for (int i = 0; i < N; i++) { 7079 ActiveAdmin admin = admins.get(i); 7080 int userId = admin.getUserHandle().getIdentifier(); 7081 boolean isRequestedUser = !parent && (userId == userHandle); 7082 if (isRequestedUser || !isManagedProfile(userId)) { 7083 // If we are being asked explicitly about this user 7084 // return all disabled features even if its a managed profile. 7085 which |= admin.disabledKeyguardFeatures; 7086 } else { 7087 // Otherwise a managed profile is only allowed to disable 7088 // some features on the parent user. 7089 which |= (admin.disabledKeyguardFeatures 7090 & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER); 7091 } 7092 } 7093 return which; 7094 } 7095 } finally { 7096 mInjector.binderRestoreCallingIdentity(ident); 7097 } 7098 } 7099 7100 @Override 7101 public void setKeepUninstalledPackages(ComponentName who, String callerPackage, 7102 List<String> packageList) { 7103 if (!mHasFeature) { 7104 return; 7105 } 7106 Preconditions.checkNotNull(packageList, "packageList is null"); 7107 final int userHandle = UserHandle.getCallingUserId(); 7108 synchronized (getLockObject()) { 7109 // Ensure the caller is a DO or a keep uninstalled packages delegate. 7110 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7111 DELEGATION_KEEP_UNINSTALLED_PACKAGES); 7112 // Get the device owner 7113 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7114 // Set list of packages to be kept even if uninstalled. 7115 deviceOwner.keepUninstalledPackages = packageList; 7116 // Save settings. 7117 saveSettingsLocked(userHandle); 7118 // Notify package manager. 7119 mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList); 7120 } 7121 } 7122 7123 @Override 7124 public List<String> getKeepUninstalledPackages(ComponentName who, String callerPackage) { 7125 if (!mHasFeature) { 7126 return null; 7127 } 7128 // TODO In split system user mode, allow apps on user 0 to query the list 7129 synchronized (getLockObject()) { 7130 // Ensure the caller is a DO or a keep uninstalled packages delegate. 7131 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7132 DELEGATION_KEEP_UNINSTALLED_PACKAGES); 7133 return getKeepUninstalledPackagesLocked(); 7134 } 7135 } 7136 7137 private List<String> getKeepUninstalledPackagesLocked() { 7138 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7139 return (deviceOwner != null) ? deviceOwner.keepUninstalledPackages : null; 7140 } 7141 7142 @Override 7143 public boolean setDeviceOwner(ComponentName admin, String ownerName, int userId) { 7144 if (!mHasFeature) { 7145 return false; 7146 } 7147 if (admin == null 7148 || !isPackageInstalledForUser(admin.getPackageName(), userId)) { 7149 throw new IllegalArgumentException("Invalid component " + admin 7150 + " for device owner"); 7151 } 7152 final boolean hasIncompatibleAccountsOrNonAdb = 7153 hasIncompatibleAccountsOrNonAdbNoLock(userId, admin); 7154 synchronized (getLockObject()) { 7155 enforceCanSetDeviceOwnerLocked(admin, userId, hasIncompatibleAccountsOrNonAdb); 7156 final ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(admin, userId); 7157 if (activeAdmin == null 7158 || getUserData(userId).mRemovingAdmins.contains(admin)) { 7159 throw new IllegalArgumentException("Not active admin: " + admin); 7160 } 7161 7162 // Shutting down backup manager service permanently. 7163 long ident = mInjector.binderClearCallingIdentity(); 7164 try { 7165 if (mInjector.getIBackupManager() != null) { 7166 mInjector.getIBackupManager() 7167 .setBackupServiceActive(UserHandle.USER_SYSTEM, false); 7168 } 7169 } catch (RemoteException e) { 7170 throw new IllegalStateException("Failed deactivating backup service.", e); 7171 } finally { 7172 mInjector.binderRestoreCallingIdentity(ident); 7173 } 7174 7175 if (isAdb()) { 7176 // Log device owner provisioning was started using adb. 7177 MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_DEVICE_OWNER); 7178 } 7179 7180 mOwners.setDeviceOwner(admin, ownerName, userId); 7181 mOwners.writeDeviceOwner(); 7182 updateDeviceOwnerLocked(); 7183 setDeviceOwnerSystemPropertyLocked(); 7184 7185 final Set<String> restrictions = 7186 UserRestrictionsUtils.getDefaultEnabledForDeviceOwner(); 7187 if (!restrictions.isEmpty()) { 7188 for (String restriction : restrictions) { 7189 activeAdmin.ensureUserRestrictions().putBoolean(restriction, true); 7190 } 7191 activeAdmin.defaultEnabledRestrictionsAlreadySet.addAll(restrictions); 7192 Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictions); 7193 7194 saveUserRestrictionsLocked(userId); 7195 } 7196 7197 ident = mInjector.binderClearCallingIdentity(); 7198 try { 7199 // TODO Send to system too? 7200 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId); 7201 } finally { 7202 mInjector.binderRestoreCallingIdentity(ident); 7203 } 7204 mDeviceAdminServiceController.startServiceForOwner( 7205 admin.getPackageName(), userId, "set-device-owner"); 7206 7207 Slog.i(LOG_TAG, "Device owner set: " + admin + " on user " + userId); 7208 return true; 7209 } 7210 } 7211 7212 @Override 7213 public boolean hasDeviceOwner() { 7214 enforceDeviceOwnerOrManageUsers(); 7215 return mOwners.hasDeviceOwner(); 7216 } 7217 7218 boolean isDeviceOwner(ActiveAdmin admin) { 7219 return isDeviceOwner(admin.info.getComponent(), admin.getUserHandle().getIdentifier()); 7220 } 7221 7222 public boolean isDeviceOwner(ComponentName who, int userId) { 7223 synchronized (getLockObject()) { 7224 return mOwners.hasDeviceOwner() 7225 && mOwners.getDeviceOwnerUserId() == userId 7226 && mOwners.getDeviceOwnerComponent().equals(who); 7227 } 7228 } 7229 7230 private boolean isDeviceOwnerPackage(String packageName, int userId) { 7231 synchronized (getLockObject()) { 7232 return mOwners.hasDeviceOwner() 7233 && mOwners.getDeviceOwnerUserId() == userId 7234 && mOwners.getDeviceOwnerPackageName().equals(packageName); 7235 } 7236 } 7237 7238 private boolean isProfileOwnerPackage(String packageName, int userId) { 7239 synchronized (getLockObject()) { 7240 return mOwners.hasProfileOwner(userId) 7241 && mOwners.getProfileOwnerPackage(userId).equals(packageName); 7242 } 7243 } 7244 7245 public boolean isProfileOwner(ComponentName who, int userId) { 7246 final ComponentName profileOwner = getProfileOwner(userId); 7247 return who != null && who.equals(profileOwner); 7248 } 7249 7250 @Override 7251 public ComponentName getDeviceOwnerComponent(boolean callingUserOnly) { 7252 if (!mHasFeature) { 7253 return null; 7254 } 7255 if (!callingUserOnly) { 7256 enforceManageUsers(); 7257 } 7258 synchronized (getLockObject()) { 7259 if (!mOwners.hasDeviceOwner()) { 7260 return null; 7261 } 7262 if (callingUserOnly && mInjector.userHandleGetCallingUserId() != 7263 mOwners.getDeviceOwnerUserId()) { 7264 return null; 7265 } 7266 return mOwners.getDeviceOwnerComponent(); 7267 } 7268 } 7269 7270 @Override 7271 public int getDeviceOwnerUserId() { 7272 if (!mHasFeature) { 7273 return UserHandle.USER_NULL; 7274 } 7275 enforceManageUsers(); 7276 synchronized (getLockObject()) { 7277 return mOwners.hasDeviceOwner() ? mOwners.getDeviceOwnerUserId() : UserHandle.USER_NULL; 7278 } 7279 } 7280 7281 /** 7282 * Returns the "name" of the device owner. It'll work for non-DO users too, but requires 7283 * MANAGE_USERS. 7284 */ 7285 @Override 7286 public String getDeviceOwnerName() { 7287 if (!mHasFeature) { 7288 return null; 7289 } 7290 enforceManageUsers(); 7291 synchronized (getLockObject()) { 7292 if (!mOwners.hasDeviceOwner()) { 7293 return null; 7294 } 7295 // TODO This totally ignores the name passed to setDeviceOwner (change for b/20679292) 7296 // Should setDeviceOwner/ProfileOwner still take a name? 7297 String deviceOwnerPackage = mOwners.getDeviceOwnerPackageName(); 7298 return getApplicationLabel(deviceOwnerPackage, UserHandle.USER_SYSTEM); 7299 } 7300 } 7301 7302 /** Returns the active device owner or {@code null} if there is no device owner. */ 7303 @VisibleForTesting 7304 ActiveAdmin getDeviceOwnerAdminLocked() { 7305 ensureLocked(); 7306 ComponentName component = mOwners.getDeviceOwnerComponent(); 7307 if (component == null) { 7308 return null; 7309 } 7310 7311 DevicePolicyData policy = getUserData(mOwners.getDeviceOwnerUserId()); 7312 final int n = policy.mAdminList.size(); 7313 for (int i = 0; i < n; i++) { 7314 ActiveAdmin admin = policy.mAdminList.get(i); 7315 if (component.equals(admin.info.getComponent())) { 7316 return admin; 7317 } 7318 } 7319 Slog.wtf(LOG_TAG, "Active admin for device owner not found. component=" + component); 7320 return null; 7321 } 7322 7323 @Override 7324 public void clearDeviceOwner(String packageName) { 7325 Preconditions.checkNotNull(packageName, "packageName is null"); 7326 final int callingUid = mInjector.binderGetCallingUid(); 7327 try { 7328 int uid = mInjector.getPackageManager().getPackageUidAsUser(packageName, 7329 UserHandle.getUserId(callingUid)); 7330 if (uid != callingUid) { 7331 throw new SecurityException("Invalid packageName"); 7332 } 7333 } catch (NameNotFoundException e) { 7334 throw new SecurityException(e); 7335 } 7336 synchronized (getLockObject()) { 7337 final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 7338 final int deviceOwnerUserId = mOwners.getDeviceOwnerUserId(); 7339 if (!mOwners.hasDeviceOwner() 7340 || !deviceOwnerComponent.getPackageName().equals(packageName) 7341 || (deviceOwnerUserId != UserHandle.getUserId(callingUid))) { 7342 throw new SecurityException( 7343 "clearDeviceOwner can only be called by the device owner"); 7344 } 7345 enforceUserUnlocked(deviceOwnerUserId); 7346 7347 final ActiveAdmin admin = getDeviceOwnerAdminLocked(); 7348 long ident = mInjector.binderClearCallingIdentity(); 7349 try { 7350 clearDeviceOwnerLocked(admin, deviceOwnerUserId); 7351 removeActiveAdminLocked(deviceOwnerComponent, deviceOwnerUserId); 7352 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, 7353 deviceOwnerUserId); 7354 } finally { 7355 mInjector.binderRestoreCallingIdentity(ident); 7356 } 7357 Slog.i(LOG_TAG, "Device owner removed: " + deviceOwnerComponent); 7358 } 7359 } 7360 7361 private void clearOverrideApnUnchecked() { 7362 // Disable Override APNs and remove them from database. 7363 setOverrideApnsEnabledUnchecked(false); 7364 final List<ApnSetting> apns = getOverrideApnsUnchecked(); 7365 for (int i = 0; i < apns.size(); i ++) { 7366 removeOverrideApnUnchecked(apns.get(i).getId()); 7367 } 7368 } 7369 7370 private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) { 7371 mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner"); 7372 7373 if (admin != null) { 7374 admin.disableCamera = false; 7375 admin.userRestrictions = null; 7376 admin.defaultEnabledRestrictionsAlreadySet.clear(); 7377 admin.forceEphemeralUsers = false; 7378 admin.isNetworkLoggingEnabled = false; 7379 mUserManagerInternal.setForceEphemeralUsers(admin.forceEphemeralUsers); 7380 } 7381 final DevicePolicyData policyData = getUserData(userId); 7382 policyData.mCurrentInputMethodSet = false; 7383 saveSettingsLocked(userId); 7384 final DevicePolicyData systemPolicyData = getUserData(UserHandle.USER_SYSTEM); 7385 systemPolicyData.mLastSecurityLogRetrievalTime = -1; 7386 systemPolicyData.mLastBugReportRequestTime = -1; 7387 systemPolicyData.mLastNetworkLogsRetrievalTime = -1; 7388 saveSettingsLocked(UserHandle.USER_SYSTEM); 7389 clearUserPoliciesLocked(userId); 7390 clearOverrideApnUnchecked(); 7391 7392 mOwners.clearDeviceOwner(); 7393 mOwners.writeDeviceOwner(); 7394 updateDeviceOwnerLocked(); 7395 7396 clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userId)); 7397 mInjector.securityLogSetLoggingEnabledProperty(false); 7398 mSecurityLogMonitor.stop(); 7399 setNetworkLoggingActiveInternal(false); 7400 deleteTransferOwnershipBundleLocked(userId); 7401 7402 try { 7403 if (mInjector.getIBackupManager() != null) { 7404 // Reactivate backup service. 7405 mInjector.getIBackupManager().setBackupServiceActive(UserHandle.USER_SYSTEM, true); 7406 } 7407 } catch (RemoteException e) { 7408 throw new IllegalStateException("Failed reactivating backup service.", e); 7409 } 7410 } 7411 7412 @Override 7413 public boolean setProfileOwner(ComponentName who, String ownerName, int userHandle) { 7414 if (!mHasFeature) { 7415 return false; 7416 } 7417 if (who == null 7418 || !isPackageInstalledForUser(who.getPackageName(), userHandle)) { 7419 throw new IllegalArgumentException("Component " + who 7420 + " not installed for userId:" + userHandle); 7421 } 7422 final boolean hasIncompatibleAccountsOrNonAdb = 7423 hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who); 7424 synchronized (getLockObject()) { 7425 enforceCanSetProfileOwnerLocked(who, userHandle, hasIncompatibleAccountsOrNonAdb); 7426 7427 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 7428 if (admin == null || getUserData(userHandle).mRemovingAdmins.contains(who)) { 7429 throw new IllegalArgumentException("Not active admin: " + who); 7430 } 7431 7432 if (isAdb()) { 7433 // Log profile owner provisioning was started using adb. 7434 MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER); 7435 } 7436 7437 mOwners.setProfileOwner(who, ownerName, userHandle); 7438 mOwners.writeProfileOwner(userHandle); 7439 Slog.i(LOG_TAG, "Profile owner set: " + who + " on user " + userHandle); 7440 7441 final long id = mInjector.binderClearCallingIdentity(); 7442 try { 7443 if (mUserManager.isManagedProfile(userHandle)) { 7444 maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin, 7445 UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); 7446 ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin, 7447 true /* newOwner */); 7448 } 7449 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, 7450 userHandle); 7451 } finally { 7452 mInjector.binderRestoreCallingIdentity(id); 7453 } 7454 mDeviceAdminServiceController.startServiceForOwner( 7455 who.getPackageName(), userHandle, "set-profile-owner"); 7456 return true; 7457 } 7458 } 7459 7460 @Override 7461 public void clearProfileOwner(ComponentName who) { 7462 if (!mHasFeature) { 7463 return; 7464 } 7465 Preconditions.checkNotNull(who, "ComponentName is null"); 7466 7467 final int userId = mInjector.userHandleGetCallingUserId(); 7468 enforceNotManagedProfile(userId, "clear profile owner"); 7469 enforceUserUnlocked(userId); 7470 synchronized (getLockObject()) { 7471 // Check if this is the profile owner who is calling 7472 final ActiveAdmin admin = 7473 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7474 7475 final long ident = mInjector.binderClearCallingIdentity(); 7476 try { 7477 clearProfileOwnerLocked(admin, userId); 7478 removeActiveAdminLocked(who, userId); 7479 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, 7480 userId); 7481 } finally { 7482 mInjector.binderRestoreCallingIdentity(ident); 7483 } 7484 Slog.i(LOG_TAG, "Profile owner " + who + " removed from user " + userId); 7485 } 7486 } 7487 7488 public void clearProfileOwnerLocked(ActiveAdmin admin, int userId) { 7489 mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-profile-owner"); 7490 7491 if (admin != null) { 7492 admin.disableCamera = false; 7493 admin.userRestrictions = null; 7494 admin.defaultEnabledRestrictionsAlreadySet.clear(); 7495 } 7496 final DevicePolicyData policyData = getUserData(userId); 7497 policyData.mCurrentInputMethodSet = false; 7498 policyData.mOwnerInstalledCaCerts.clear(); 7499 saveSettingsLocked(userId); 7500 clearUserPoliciesLocked(userId); 7501 mOwners.removeProfileOwner(userId); 7502 mOwners.writeProfileOwner(userId); 7503 deleteTransferOwnershipBundleLocked(userId); 7504 } 7505 7506 @Override 7507 public void setDeviceOwnerLockScreenInfo(ComponentName who, CharSequence info) { 7508 Preconditions.checkNotNull(who, "ComponentName is null"); 7509 if (!mHasFeature) { 7510 return; 7511 } 7512 7513 synchronized (getLockObject()) { 7514 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 7515 long token = mInjector.binderClearCallingIdentity(); 7516 try { 7517 mLockPatternUtils.setDeviceOwnerInfo(info != null ? info.toString() : null); 7518 } finally { 7519 mInjector.binderRestoreCallingIdentity(token); 7520 } 7521 } 7522 } 7523 7524 @Override 7525 public CharSequence getDeviceOwnerLockScreenInfo() { 7526 return mLockPatternUtils.getDeviceOwnerInfo(); 7527 } 7528 7529 private void clearUserPoliciesLocked(int userId) { 7530 // Reset some of the user-specific policies. 7531 final DevicePolicyData policy = getUserData(userId); 7532 policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT; 7533 // Clear delegations. 7534 policy.mDelegationMap.clear(); 7535 policy.mStatusBarDisabled = false; 7536 policy.mUserProvisioningState = DevicePolicyManager.STATE_USER_UNMANAGED; 7537 policy.mAffiliationIds.clear(); 7538 policy.mLockTaskPackages.clear(); 7539 updateLockTaskPackagesLocked(policy.mLockTaskPackages, userId); 7540 policy.mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE; 7541 saveSettingsLocked(userId); 7542 7543 try { 7544 mIPackageManager.updatePermissionFlagsForAllApps( 7545 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 7546 0 /* flagValues */, userId); 7547 pushUserRestrictions(userId); 7548 } catch (RemoteException re) { 7549 // Shouldn't happen. 7550 } 7551 } 7552 7553 @Override 7554 public boolean hasUserSetupCompleted() { 7555 return hasUserSetupCompleted(UserHandle.getCallingUserId()); 7556 } 7557 7558 // This checks only if the Setup Wizard has run. Since Wear devices pair before 7559 // completing Setup Wizard, and pairing involves transferring user data, calling 7560 // logic may want to check mIsWatch or mPaired in addition to hasUserSetupCompleted(). 7561 private boolean hasUserSetupCompleted(int userHandle) { 7562 if (!mHasFeature) { 7563 return true; 7564 } 7565 return getUserData(userHandle).mUserSetupComplete; 7566 } 7567 7568 private boolean hasPaired(int userHandle) { 7569 if (!mHasFeature) { 7570 return true; 7571 } 7572 return getUserData(userHandle).mPaired; 7573 } 7574 7575 @Override 7576 public int getUserProvisioningState() { 7577 if (!mHasFeature) { 7578 return DevicePolicyManager.STATE_USER_UNMANAGED; 7579 } 7580 enforceManageUsers(); 7581 int userHandle = mInjector.userHandleGetCallingUserId(); 7582 return getUserProvisioningState(userHandle); 7583 } 7584 7585 private int getUserProvisioningState(int userHandle) { 7586 return getUserData(userHandle).mUserProvisioningState; 7587 } 7588 7589 @Override 7590 public void setUserProvisioningState(int newState, int userHandle) { 7591 if (!mHasFeature) { 7592 return; 7593 } 7594 7595 if (userHandle != mOwners.getDeviceOwnerUserId() && !mOwners.hasProfileOwner(userHandle) 7596 && getManagedUserId(userHandle) == -1) { 7597 // No managed device, user or profile, so setting provisioning state makes no sense. 7598 throw new IllegalStateException("Not allowed to change provisioning state unless a " 7599 + "device or profile owner is set."); 7600 } 7601 7602 synchronized (getLockObject()) { 7603 boolean transitionCheckNeeded = true; 7604 7605 // Calling identity/permission checks. 7606 if (isAdb()) { 7607 // ADB shell can only move directly from un-managed to finalized as part of directly 7608 // setting profile-owner or device-owner. 7609 if (getUserProvisioningState(userHandle) != 7610 DevicePolicyManager.STATE_USER_UNMANAGED 7611 || newState != DevicePolicyManager.STATE_USER_SETUP_FINALIZED) { 7612 throw new IllegalStateException("Not allowed to change provisioning state " 7613 + "unless current provisioning state is unmanaged, and new state is " 7614 + "finalized."); 7615 } 7616 transitionCheckNeeded = false; 7617 } else { 7618 // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS. 7619 enforceCanManageProfileAndDeviceOwners(); 7620 } 7621 7622 final DevicePolicyData policyData = getUserData(userHandle); 7623 if (transitionCheckNeeded) { 7624 // Optional state transition check for non-ADB case. 7625 checkUserProvisioningStateTransition(policyData.mUserProvisioningState, newState); 7626 } 7627 policyData.mUserProvisioningState = newState; 7628 saveSettingsLocked(userHandle); 7629 } 7630 } 7631 7632 private void checkUserProvisioningStateTransition(int currentState, int newState) { 7633 // Valid transitions for normal use-cases. 7634 switch (currentState) { 7635 case DevicePolicyManager.STATE_USER_UNMANAGED: 7636 // Can move to any state from unmanaged (except itself as an edge case).. 7637 if (newState != DevicePolicyManager.STATE_USER_UNMANAGED) { 7638 return; 7639 } 7640 break; 7641 case DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE: 7642 case DevicePolicyManager.STATE_USER_SETUP_COMPLETE: 7643 // Can only move to finalized from these states. 7644 if (newState == DevicePolicyManager.STATE_USER_SETUP_FINALIZED) { 7645 return; 7646 } 7647 break; 7648 case DevicePolicyManager.STATE_USER_PROFILE_COMPLETE: 7649 // Current user has a managed-profile, but current user is not managed, so 7650 // rather than moving to finalized state, go back to unmanaged once 7651 // profile provisioning is complete. 7652 if (newState == DevicePolicyManager.STATE_USER_UNMANAGED) { 7653 return; 7654 } 7655 break; 7656 case DevicePolicyManager.STATE_USER_SETUP_FINALIZED: 7657 // Cannot transition out of finalized. 7658 break; 7659 } 7660 7661 // Didn't meet any of the accepted state transition checks above, throw appropriate error. 7662 throw new IllegalStateException("Cannot move to user provisioning state [" + newState + "] " 7663 + "from state [" + currentState + "]"); 7664 } 7665 7666 @Override 7667 public void setProfileEnabled(ComponentName who) { 7668 if (!mHasFeature) { 7669 return; 7670 } 7671 Preconditions.checkNotNull(who, "ComponentName is null"); 7672 synchronized (getLockObject()) { 7673 // Check if this is the profile owner who is calling 7674 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7675 final int userId = UserHandle.getCallingUserId(); 7676 enforceManagedProfile(userId, "enable the profile"); 7677 // Check if the profile is already enabled. 7678 UserInfo managedProfile = getUserInfo(userId); 7679 if (managedProfile.isEnabled()) { 7680 Slog.e(LOG_TAG, 7681 "setProfileEnabled is called when the profile is already enabled"); 7682 return; 7683 } 7684 long id = mInjector.binderClearCallingIdentity(); 7685 try { 7686 mUserManager.setUserEnabled(userId); 7687 UserInfo parent = mUserManager.getProfileParent(userId); 7688 Intent intent = new Intent(Intent.ACTION_MANAGED_PROFILE_ADDED); 7689 intent.putExtra(Intent.EXTRA_USER, new UserHandle(userId)); 7690 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY | 7691 Intent.FLAG_RECEIVER_FOREGROUND); 7692 mContext.sendBroadcastAsUser(intent, new UserHandle(parent.id)); 7693 } finally { 7694 mInjector.binderRestoreCallingIdentity(id); 7695 } 7696 } 7697 } 7698 7699 @Override 7700 public void setProfileName(ComponentName who, String profileName) { 7701 Preconditions.checkNotNull(who, "ComponentName is null"); 7702 int userId = UserHandle.getCallingUserId(); 7703 // Check if this is the profile owner (includes device owner). 7704 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7705 7706 long id = mInjector.binderClearCallingIdentity(); 7707 try { 7708 mUserManager.setUserName(userId, profileName); 7709 } finally { 7710 mInjector.binderRestoreCallingIdentity(id); 7711 } 7712 } 7713 7714 @Override 7715 public ComponentName getProfileOwner(int userHandle) { 7716 if (!mHasFeature) { 7717 return null; 7718 } 7719 7720 synchronized (getLockObject()) { 7721 return mOwners.getProfileOwnerComponent(userHandle); 7722 } 7723 } 7724 7725 // Returns the active profile owner for this user or null if the current user has no 7726 // profile owner. 7727 @VisibleForTesting 7728 ActiveAdmin getProfileOwnerAdminLocked(int userHandle) { 7729 ComponentName profileOwner = mOwners.getProfileOwnerComponent(userHandle); 7730 if (profileOwner == null) { 7731 return null; 7732 } 7733 DevicePolicyData policy = getUserData(userHandle); 7734 final int n = policy.mAdminList.size(); 7735 for (int i = 0; i < n; i++) { 7736 ActiveAdmin admin = policy.mAdminList.get(i); 7737 if (profileOwner.equals(admin.info.getComponent())) { 7738 return admin; 7739 } 7740 } 7741 return null; 7742 } 7743 7744 @Override 7745 public String getProfileOwnerName(int userHandle) { 7746 if (!mHasFeature) { 7747 return null; 7748 } 7749 enforceManageUsers(); 7750 ComponentName profileOwner = getProfileOwner(userHandle); 7751 if (profileOwner == null) { 7752 return null; 7753 } 7754 return getApplicationLabel(profileOwner.getPackageName(), userHandle); 7755 } 7756 7757 /** 7758 * Canonical name for a given package. 7759 */ 7760 private String getApplicationLabel(String packageName, int userHandle) { 7761 long token = mInjector.binderClearCallingIdentity(); 7762 try { 7763 final Context userContext; 7764 try { 7765 UserHandle handle = new UserHandle(userHandle); 7766 userContext = mContext.createPackageContextAsUser(packageName, 0, handle); 7767 } catch (PackageManager.NameNotFoundException nnfe) { 7768 Log.w(LOG_TAG, packageName + " is not installed for user " + userHandle, nnfe); 7769 return null; 7770 } 7771 ApplicationInfo appInfo = userContext.getApplicationInfo(); 7772 CharSequence result = null; 7773 if (appInfo != null) { 7774 result = appInfo.loadUnsafeLabel(userContext.getPackageManager()); 7775 } 7776 return result != null ? result.toString() : null; 7777 } finally { 7778 mInjector.binderRestoreCallingIdentity(token); 7779 } 7780 } 7781 7782 /** 7783 * Calls wtfStack() if called with the DPMS lock held. 7784 */ 7785 private void wtfIfInLock() { 7786 if (Thread.holdsLock(this)) { 7787 Slog.wtfStack(LOG_TAG, "Shouldn't be called with DPMS lock held"); 7788 } 7789 } 7790 7791 /** 7792 * The profile owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS 7793 * permission. 7794 * The profile owner can only be set before the user setup phase has completed, 7795 * except for: 7796 * - SYSTEM_UID 7797 * - adb unless hasIncompatibleAccountsOrNonAdb is true. 7798 */ 7799 private void enforceCanSetProfileOwnerLocked(@Nullable ComponentName owner, int userHandle, 7800 boolean hasIncompatibleAccountsOrNonAdb) { 7801 UserInfo info = getUserInfo(userHandle); 7802 if (info == null) { 7803 // User doesn't exist. 7804 throw new IllegalArgumentException( 7805 "Attempted to set profile owner for invalid userId: " + userHandle); 7806 } 7807 if (info.isGuest()) { 7808 throw new IllegalStateException("Cannot set a profile owner on a guest"); 7809 } 7810 if (mOwners.hasProfileOwner(userHandle)) { 7811 throw new IllegalStateException("Trying to set the profile owner, but profile owner " 7812 + "is already set."); 7813 } 7814 if (mOwners.hasDeviceOwner() && mOwners.getDeviceOwnerUserId() == userHandle) { 7815 throw new IllegalStateException("Trying to set the profile owner, but the user " 7816 + "already has a device owner."); 7817 } 7818 if (isAdb()) { 7819 if ((mIsWatch || hasUserSetupCompleted(userHandle)) 7820 && hasIncompatibleAccountsOrNonAdb) { 7821 throw new IllegalStateException("Not allowed to set the profile owner because " 7822 + "there are already some accounts on the profile"); 7823 } 7824 return; 7825 } 7826 enforceCanManageProfileAndDeviceOwners(); 7827 if ((mIsWatch || hasUserSetupCompleted(userHandle)) && !isCallerWithSystemUid()) { 7828 throw new IllegalStateException("Cannot set the profile owner on a user which is " 7829 + "already set-up"); 7830 } 7831 } 7832 7833 /** 7834 * The Device owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS 7835 * permission. 7836 */ 7837 private void enforceCanSetDeviceOwnerLocked(@Nullable ComponentName owner, int userId, 7838 boolean hasIncompatibleAccountsOrNonAdb) { 7839 if (!isAdb()) { 7840 enforceCanManageProfileAndDeviceOwners(); 7841 } 7842 7843 final int code = checkDeviceOwnerProvisioningPreConditionLocked( 7844 owner, userId, isAdb(), hasIncompatibleAccountsOrNonAdb); 7845 switch (code) { 7846 case CODE_OK: 7847 return; 7848 case CODE_HAS_DEVICE_OWNER: 7849 throw new IllegalStateException( 7850 "Trying to set the device owner, but device owner is already set."); 7851 case CODE_USER_HAS_PROFILE_OWNER: 7852 throw new IllegalStateException("Trying to set the device owner, but the user " 7853 + "already has a profile owner."); 7854 case CODE_USER_NOT_RUNNING: 7855 throw new IllegalStateException("User not running: " + userId); 7856 case CODE_NOT_SYSTEM_USER: 7857 throw new IllegalStateException("User is not system user"); 7858 case CODE_USER_SETUP_COMPLETED: 7859 throw new IllegalStateException( 7860 "Cannot set the device owner if the device is already set-up"); 7861 case CODE_NONSYSTEM_USER_EXISTS: 7862 throw new IllegalStateException("Not allowed to set the device owner because there " 7863 + "are already several users on the device"); 7864 case CODE_ACCOUNTS_NOT_EMPTY: 7865 throw new IllegalStateException("Not allowed to set the device owner because there " 7866 + "are already some accounts on the device"); 7867 case CODE_HAS_PAIRED: 7868 throw new IllegalStateException("Not allowed to set the device owner because this " 7869 + "device has already paired"); 7870 default: 7871 throw new IllegalStateException("Unexpected @ProvisioningPreCondition " + code); 7872 } 7873 } 7874 7875 private void enforceUserUnlocked(int userId) { 7876 // Since we're doing this operation on behalf of an app, we only 7877 // want to use the actual "unlocked" state. 7878 Preconditions.checkState(mUserManager.isUserUnlocked(userId), 7879 "User must be running and unlocked"); 7880 } 7881 7882 private void enforceUserUnlocked(@UserIdInt int userId, boolean parent) { 7883 if (parent) { 7884 enforceUserUnlocked(getProfileParentId(userId)); 7885 } else { 7886 enforceUserUnlocked(userId); 7887 } 7888 } 7889 7890 private void enforceManageUsers() { 7891 final int callingUid = mInjector.binderGetCallingUid(); 7892 if (!(isCallerWithSystemUid() || callingUid == Process.ROOT_UID)) { 7893 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); 7894 } 7895 } 7896 7897 private void enforceFullCrossUsersPermission(int userHandle) { 7898 enforceSystemUserOrPermissionIfCrossUser(userHandle, 7899 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL); 7900 } 7901 7902 private void enforceCrossUsersPermission(int userHandle) { 7903 enforceSystemUserOrPermissionIfCrossUser(userHandle, 7904 android.Manifest.permission.INTERACT_ACROSS_USERS); 7905 } 7906 7907 private void enforceSystemUserOrPermission(String permission) { 7908 if (!(isCallerWithSystemUid() || mInjector.binderGetCallingUid() == Process.ROOT_UID)) { 7909 mContext.enforceCallingOrSelfPermission(permission, 7910 "Must be system or have " + permission + " permission"); 7911 } 7912 } 7913 7914 private void enforceSystemUserOrPermissionIfCrossUser(int userHandle, String permission) { 7915 if (userHandle < 0) { 7916 throw new IllegalArgumentException("Invalid userId " + userHandle); 7917 } 7918 if (userHandle == mInjector.userHandleGetCallingUserId()) { 7919 return; 7920 } 7921 enforceSystemUserOrPermission(permission); 7922 } 7923 7924 private void enforceManagedProfile(int userHandle, String message) { 7925 if(!isManagedProfile(userHandle)) { 7926 throw new SecurityException("You can not " + message + " outside a managed profile."); 7927 } 7928 } 7929 7930 private void enforceNotManagedProfile(int userHandle, String message) { 7931 if(isManagedProfile(userHandle)) { 7932 throw new SecurityException("You can not " + message + " for a managed profile."); 7933 } 7934 } 7935 7936 private void enforceDeviceOwnerOrManageUsers() { 7937 synchronized (getLockObject()) { 7938 if (getActiveAdminWithPolicyForUidLocked(null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7939 mInjector.binderGetCallingUid()) != null) { 7940 return; 7941 } 7942 } 7943 enforceManageUsers(); 7944 } 7945 7946 private void enforceProfileOwnerOrSystemUser() { 7947 synchronized (getLockObject()) { 7948 if (getActiveAdminWithPolicyForUidLocked(null, 7949 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid()) 7950 != null) { 7951 return; 7952 } 7953 } 7954 Preconditions.checkState(isCallerWithSystemUid(), 7955 "Only profile owner, device owner and system may call this method."); 7956 } 7957 7958 private void enforceProfileOwnerOrFullCrossUsersPermission(int userId) { 7959 if (userId == mInjector.userHandleGetCallingUserId()) { 7960 synchronized (getLockObject()) { 7961 if (getActiveAdminWithPolicyForUidLocked(null, 7962 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid()) 7963 != null) { 7964 // Device Owner/Profile Owner may access the user it runs on. 7965 return; 7966 } 7967 } 7968 } 7969 // Otherwise, INTERACT_ACROSS_USERS_FULL permission, system UID or root UID is required. 7970 enforceSystemUserOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL); 7971 } 7972 7973 private boolean canUserUseLockTaskLocked(int userId) { 7974 if (isUserAffiliatedWithDeviceLocked(userId)) { 7975 return true; 7976 } 7977 7978 // Unaffiliated profile owners are not allowed to use lock when there is a device owner. 7979 if (mOwners.hasDeviceOwner()) { 7980 return false; 7981 } 7982 7983 final ComponentName profileOwner = getProfileOwner(userId); 7984 if (profileOwner == null) { 7985 return false; 7986 } 7987 7988 // Managed profiles are not allowed to use lock task 7989 if (isManagedProfile(userId)) { 7990 return false; 7991 } 7992 7993 return true; 7994 } 7995 7996 private void enforceCanCallLockTaskLocked(ComponentName who) { 7997 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7998 final int userId = mInjector.userHandleGetCallingUserId(); 7999 if (!canUserUseLockTaskLocked(userId)) { 8000 throw new SecurityException("User " + userId + " is not allowed to use lock task"); 8001 } 8002 } 8003 8004 private void ensureCallerPackage(@Nullable String packageName) { 8005 if (packageName == null) { 8006 Preconditions.checkState(isCallerWithSystemUid(), 8007 "Only caller can omit package name"); 8008 } else { 8009 final int callingUid = mInjector.binderGetCallingUid(); 8010 final int userId = mInjector.userHandleGetCallingUserId(); 8011 try { 8012 final ApplicationInfo ai = mIPackageManager.getApplicationInfo( 8013 packageName, 0, userId); 8014 Preconditions.checkState(ai.uid == callingUid, "Unmatching package name"); 8015 } catch (RemoteException e) { 8016 // Shouldn't happen 8017 } 8018 } 8019 } 8020 8021 private boolean isCallerWithSystemUid() { 8022 return UserHandle.isSameApp(mInjector.binderGetCallingUid(), Process.SYSTEM_UID); 8023 } 8024 8025 protected int getProfileParentId(int userHandle) { 8026 final long ident = mInjector.binderClearCallingIdentity(); 8027 try { 8028 UserInfo parentUser = mUserManager.getProfileParent(userHandle); 8029 return parentUser != null ? parentUser.id : userHandle; 8030 } finally { 8031 mInjector.binderRestoreCallingIdentity(ident); 8032 } 8033 } 8034 8035 private int getCredentialOwner(int userHandle, boolean parent) { 8036 final long ident = mInjector.binderClearCallingIdentity(); 8037 try { 8038 if (parent) { 8039 UserInfo parentProfile = mUserManager.getProfileParent(userHandle); 8040 if (parentProfile != null) { 8041 userHandle = parentProfile.id; 8042 } 8043 } 8044 return mUserManager.getCredentialOwnerProfile(userHandle); 8045 } finally { 8046 mInjector.binderRestoreCallingIdentity(ident); 8047 } 8048 } 8049 8050 private boolean isManagedProfile(int userHandle) { 8051 final UserInfo user = getUserInfo(userHandle); 8052 return user != null && user.isManagedProfile(); 8053 } 8054 8055 private void enableIfNecessary(String packageName, int userId) { 8056 try { 8057 final ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName, 8058 PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, userId); 8059 if (ai.enabledSetting 8060 == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) { 8061 mIPackageManager.setApplicationEnabledSetting(packageName, 8062 PackageManager.COMPONENT_ENABLED_STATE_DEFAULT, 8063 PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager"); 8064 } 8065 } catch (RemoteException e) { 8066 } 8067 } 8068 8069 @Override 8070 protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { 8071 if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; 8072 8073 synchronized (getLockObject()) { 8074 pw.println("Current Device Policy Manager state:"); 8075 8076 mOwners.dump(" ", pw); 8077 mDeviceAdminServiceController.dump(" ", pw); 8078 int userCount = mUserData.size(); 8079 for (int u = 0; u < userCount; u++) { 8080 DevicePolicyData policy = getUserData(mUserData.keyAt(u)); 8081 pw.println(); 8082 pw.println(" Enabled Device Admins (User " + policy.mUserHandle 8083 + ", provisioningState: " + policy.mUserProvisioningState + "):"); 8084 final int N = policy.mAdminList.size(); 8085 for (int i=0; i<N; i++) { 8086 ActiveAdmin ap = policy.mAdminList.get(i); 8087 if (ap != null) { 8088 pw.print(" "); pw.print(ap.info.getComponent().flattenToShortString()); 8089 pw.println(":"); 8090 ap.dump(" ", pw); 8091 } 8092 } 8093 if (!policy.mRemovingAdmins.isEmpty()) { 8094 pw.println(" Removing Device Admins (User " + policy.mUserHandle + "): " 8095 + policy.mRemovingAdmins); 8096 } 8097 8098 pw.println(" "); 8099 pw.print(" mPasswordOwner="); pw.println(policy.mPasswordOwner); 8100 } 8101 pw.println(); 8102 mConstants.dump(" ", pw); 8103 pw.println(); 8104 mStatLogger.dump(pw, " "); 8105 pw.println(); 8106 pw.println(" Encryption Status: " + getEncryptionStatusName(getEncryptionStatus())); 8107 } 8108 } 8109 8110 private String getEncryptionStatusName(int encryptionStatus) { 8111 switch (encryptionStatus) { 8112 case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE: 8113 return "inactive"; 8114 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY: 8115 return "block default key"; 8116 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE: 8117 return "block"; 8118 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER: 8119 return "per-user"; 8120 case DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED: 8121 return "unsupported"; 8122 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING: 8123 return "activating"; 8124 default: 8125 return "unknown"; 8126 } 8127 } 8128 8129 @Override 8130 public void addPersistentPreferredActivity(ComponentName who, IntentFilter filter, 8131 ComponentName activity) { 8132 Preconditions.checkNotNull(who, "ComponentName is null"); 8133 final int userHandle = UserHandle.getCallingUserId(); 8134 synchronized (getLockObject()) { 8135 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8136 8137 long id = mInjector.binderClearCallingIdentity(); 8138 try { 8139 mIPackageManager.addPersistentPreferredActivity(filter, activity, userHandle); 8140 mIPackageManager.flushPackageRestrictionsAsUser(userHandle); 8141 } catch (RemoteException re) { 8142 // Shouldn't happen 8143 } finally { 8144 mInjector.binderRestoreCallingIdentity(id); 8145 } 8146 } 8147 } 8148 8149 @Override 8150 public void clearPackagePersistentPreferredActivities(ComponentName who, String packageName) { 8151 Preconditions.checkNotNull(who, "ComponentName is null"); 8152 final int userHandle = UserHandle.getCallingUserId(); 8153 synchronized (getLockObject()) { 8154 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8155 8156 long id = mInjector.binderClearCallingIdentity(); 8157 try { 8158 mIPackageManager.clearPackagePersistentPreferredActivities(packageName, userHandle); 8159 mIPackageManager.flushPackageRestrictionsAsUser(userHandle); 8160 } catch (RemoteException re) { 8161 // Shouldn't happen 8162 } finally { 8163 mInjector.binderRestoreCallingIdentity(id); 8164 } 8165 } 8166 } 8167 8168 @Override 8169 public void setDefaultSmsApplication(ComponentName admin, String packageName) { 8170 Preconditions.checkNotNull(admin, "ComponentName is null"); 8171 synchronized (getLockObject()) { 8172 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8173 } 8174 mInjector.binderWithCleanCallingIdentity(() -> 8175 SmsApplication.setDefaultApplication(packageName, mContext)); 8176 } 8177 8178 @Override 8179 public boolean setApplicationRestrictionsManagingPackage(ComponentName admin, 8180 String packageName) { 8181 try { 8182 setDelegatedScopePreO(admin, packageName, DELEGATION_APP_RESTRICTIONS); 8183 } catch (IllegalArgumentException e) { 8184 return false; 8185 } 8186 return true; 8187 } 8188 8189 @Override 8190 public String getApplicationRestrictionsManagingPackage(ComponentName admin) { 8191 final List<String> delegatePackages = getDelegatePackages(admin, 8192 DELEGATION_APP_RESTRICTIONS); 8193 return delegatePackages.size() > 0 ? delegatePackages.get(0) : null; 8194 } 8195 8196 @Override 8197 public boolean isCallerApplicationRestrictionsManagingPackage(String callerPackage) { 8198 return isCallerDelegate(callerPackage, DELEGATION_APP_RESTRICTIONS); 8199 } 8200 8201 @Override 8202 public void setApplicationRestrictions(ComponentName who, String callerPackage, 8203 String packageName, Bundle settings) { 8204 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8205 DELEGATION_APP_RESTRICTIONS); 8206 8207 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 8208 final long id = mInjector.binderClearCallingIdentity(); 8209 try { 8210 mUserManager.setApplicationRestrictions(packageName, settings, userHandle); 8211 } finally { 8212 mInjector.binderRestoreCallingIdentity(id); 8213 } 8214 } 8215 8216 @Override 8217 public void setTrustAgentConfiguration(ComponentName admin, ComponentName agent, 8218 PersistableBundle args, boolean parent) { 8219 if (!mHasFeature) { 8220 return; 8221 } 8222 Preconditions.checkNotNull(admin, "admin is null"); 8223 Preconditions.checkNotNull(agent, "agent is null"); 8224 final int userHandle = UserHandle.getCallingUserId(); 8225 synchronized (getLockObject()) { 8226 ActiveAdmin ap = getActiveAdminForCallerLocked(admin, 8227 DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent); 8228 ap.trustAgentInfos.put(agent.flattenToString(), new TrustAgentInfo(args)); 8229 saveSettingsLocked(userHandle); 8230 } 8231 } 8232 8233 @Override 8234 public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, 8235 ComponentName agent, int userHandle, boolean parent) { 8236 if (!mHasFeature) { 8237 return null; 8238 } 8239 Preconditions.checkNotNull(agent, "agent null"); 8240 enforceFullCrossUsersPermission(userHandle); 8241 8242 synchronized (getLockObject()) { 8243 final String componentName = agent.flattenToString(); 8244 if (admin != null) { 8245 final ActiveAdmin ap = getActiveAdminUncheckedLocked(admin, userHandle, parent); 8246 if (ap == null) return null; 8247 TrustAgentInfo trustAgentInfo = ap.trustAgentInfos.get(componentName); 8248 if (trustAgentInfo == null || trustAgentInfo.options == null) return null; 8249 List<PersistableBundle> result = new ArrayList<>(); 8250 result.add(trustAgentInfo.options); 8251 return result; 8252 } 8253 8254 // Return strictest policy for this user and profiles that are visible from this user. 8255 List<PersistableBundle> result = null; 8256 // Search through all admins that use KEYGUARD_DISABLE_TRUST_AGENTS and keep track 8257 // of the options. If any admin doesn't have options, discard options for the rest 8258 // and return null. 8259 List<ActiveAdmin> admins = 8260 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 8261 boolean allAdminsHaveOptions = true; 8262 final int N = admins.size(); 8263 for (int i = 0; i < N; i++) { 8264 final ActiveAdmin active = admins.get(i); 8265 8266 final boolean disablesTrust = (active.disabledKeyguardFeatures 8267 & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; 8268 final TrustAgentInfo info = active.trustAgentInfos.get(componentName); 8269 if (info != null && info.options != null && !info.options.isEmpty()) { 8270 if (disablesTrust) { 8271 if (result == null) { 8272 result = new ArrayList<>(); 8273 } 8274 result.add(info.options); 8275 } else { 8276 Log.w(LOG_TAG, "Ignoring admin " + active.info 8277 + " because it has trust options but doesn't declare " 8278 + "KEYGUARD_DISABLE_TRUST_AGENTS"); 8279 } 8280 } else if (disablesTrust) { 8281 allAdminsHaveOptions = false; 8282 break; 8283 } 8284 } 8285 return allAdminsHaveOptions ? result : null; 8286 } 8287 } 8288 8289 @Override 8290 public void setRestrictionsProvider(ComponentName who, ComponentName permissionProvider) { 8291 Preconditions.checkNotNull(who, "ComponentName is null"); 8292 synchronized (getLockObject()) { 8293 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8294 8295 int userHandle = UserHandle.getCallingUserId(); 8296 DevicePolicyData userData = getUserData(userHandle); 8297 userData.mRestrictionsProvider = permissionProvider; 8298 saveSettingsLocked(userHandle); 8299 } 8300 } 8301 8302 @Override 8303 public ComponentName getRestrictionsProvider(int userHandle) { 8304 synchronized (getLockObject()) { 8305 if (!isCallerWithSystemUid()) { 8306 throw new SecurityException("Only the system can query the permission provider"); 8307 } 8308 DevicePolicyData userData = getUserData(userHandle); 8309 return userData != null ? userData.mRestrictionsProvider : null; 8310 } 8311 } 8312 8313 @Override 8314 public void addCrossProfileIntentFilter(ComponentName who, IntentFilter filter, int flags) { 8315 Preconditions.checkNotNull(who, "ComponentName is null"); 8316 int callingUserId = UserHandle.getCallingUserId(); 8317 synchronized (getLockObject()) { 8318 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8319 8320 long id = mInjector.binderClearCallingIdentity(); 8321 try { 8322 UserInfo parent = mUserManager.getProfileParent(callingUserId); 8323 if (parent == null) { 8324 Slog.e(LOG_TAG, "Cannot call addCrossProfileIntentFilter if there is no " 8325 + "parent"); 8326 return; 8327 } 8328 if ((flags & DevicePolicyManager.FLAG_PARENT_CAN_ACCESS_MANAGED) != 0) { 8329 mIPackageManager.addCrossProfileIntentFilter( 8330 filter, who.getPackageName(), callingUserId, parent.id, 0); 8331 } 8332 if ((flags & DevicePolicyManager.FLAG_MANAGED_CAN_ACCESS_PARENT) != 0) { 8333 mIPackageManager.addCrossProfileIntentFilter(filter, who.getPackageName(), 8334 parent.id, callingUserId, 0); 8335 } 8336 } catch (RemoteException re) { 8337 // Shouldn't happen 8338 } finally { 8339 mInjector.binderRestoreCallingIdentity(id); 8340 } 8341 } 8342 } 8343 8344 @Override 8345 public void clearCrossProfileIntentFilters(ComponentName who) { 8346 Preconditions.checkNotNull(who, "ComponentName is null"); 8347 int callingUserId = UserHandle.getCallingUserId(); 8348 synchronized (getLockObject()) { 8349 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8350 long id = mInjector.binderClearCallingIdentity(); 8351 try { 8352 UserInfo parent = mUserManager.getProfileParent(callingUserId); 8353 if (parent == null) { 8354 Slog.e(LOG_TAG, "Cannot call clearCrossProfileIntentFilter if there is no " 8355 + "parent"); 8356 return; 8357 } 8358 // Removing those that go from the managed profile to the parent. 8359 mIPackageManager.clearCrossProfileIntentFilters( 8360 callingUserId, who.getPackageName()); 8361 // And those that go from the parent to the managed profile. 8362 // If we want to support multiple managed profiles, we will have to only remove 8363 // those that have callingUserId as their target. 8364 mIPackageManager.clearCrossProfileIntentFilters(parent.id, who.getPackageName()); 8365 } catch (RemoteException re) { 8366 // Shouldn't happen 8367 } finally { 8368 mInjector.binderRestoreCallingIdentity(id); 8369 } 8370 } 8371 } 8372 8373 /** 8374 * @return true if all packages in enabledPackages are either in the list 8375 * permittedList or are a system app. 8376 */ 8377 private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages, 8378 List<String> permittedList, int userIdToCheck) { 8379 long id = mInjector.binderClearCallingIdentity(); 8380 try { 8381 // If we have an enabled packages list for a managed profile the packages 8382 // we should check are installed for the parent user. 8383 UserInfo user = getUserInfo(userIdToCheck); 8384 if (user.isManagedProfile()) { 8385 userIdToCheck = user.profileGroupId; 8386 } 8387 8388 for (String enabledPackage : enabledPackages) { 8389 boolean systemService = false; 8390 try { 8391 ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo( 8392 enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES, 8393 userIdToCheck); 8394 systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 8395 } catch (RemoteException e) { 8396 Log.i(LOG_TAG, "Can't talk to package managed", e); 8397 } 8398 if (!systemService && !permittedList.contains(enabledPackage)) { 8399 return false; 8400 } 8401 } 8402 } finally { 8403 mInjector.binderRestoreCallingIdentity(id); 8404 } 8405 return true; 8406 } 8407 8408 private AccessibilityManager getAccessibilityManagerForUser(int userId) { 8409 // Not using AccessibilityManager.getInstance because that guesses 8410 // at the user you require based on callingUid and caches for a given 8411 // process. 8412 IBinder iBinder = ServiceManager.getService(Context.ACCESSIBILITY_SERVICE); 8413 IAccessibilityManager service = iBinder == null 8414 ? null : IAccessibilityManager.Stub.asInterface(iBinder); 8415 return new AccessibilityManager(mContext, service, userId); 8416 } 8417 8418 @Override 8419 public boolean setPermittedAccessibilityServices(ComponentName who, List packageList) { 8420 if (!mHasFeature) { 8421 return false; 8422 } 8423 Preconditions.checkNotNull(who, "ComponentName is null"); 8424 8425 if (packageList != null) { 8426 int userId = UserHandle.getCallingUserId(); 8427 List<AccessibilityServiceInfo> enabledServices = null; 8428 long id = mInjector.binderClearCallingIdentity(); 8429 try { 8430 UserInfo user = getUserInfo(userId); 8431 if (user.isManagedProfile()) { 8432 userId = user.profileGroupId; 8433 } 8434 AccessibilityManager accessibilityManager = getAccessibilityManagerForUser(userId); 8435 enabledServices = accessibilityManager.getEnabledAccessibilityServiceList( 8436 AccessibilityServiceInfo.FEEDBACK_ALL_MASK); 8437 } finally { 8438 mInjector.binderRestoreCallingIdentity(id); 8439 } 8440 8441 if (enabledServices != null) { 8442 List<String> enabledPackages = new ArrayList<String>(); 8443 for (AccessibilityServiceInfo service : enabledServices) { 8444 enabledPackages.add(service.getResolveInfo().serviceInfo.packageName); 8445 } 8446 if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList, 8447 userId)) { 8448 Slog.e(LOG_TAG, "Cannot set permitted accessibility services, " 8449 + "because it contains already enabled accesibility services."); 8450 return false; 8451 } 8452 } 8453 } 8454 8455 synchronized (getLockObject()) { 8456 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8457 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8458 admin.permittedAccessiblityServices = packageList; 8459 saveSettingsLocked(UserHandle.getCallingUserId()); 8460 } 8461 return true; 8462 } 8463 8464 @Override 8465 public List getPermittedAccessibilityServices(ComponentName who) { 8466 if (!mHasFeature) { 8467 return null; 8468 } 8469 Preconditions.checkNotNull(who, "ComponentName is null"); 8470 8471 synchronized (getLockObject()) { 8472 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8473 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8474 return admin.permittedAccessiblityServices; 8475 } 8476 } 8477 8478 @Override 8479 public List getPermittedAccessibilityServicesForUser(int userId) { 8480 if (!mHasFeature) { 8481 return null; 8482 } 8483 enforceManageUsers(); 8484 synchronized (getLockObject()) { 8485 List<String> result = null; 8486 // If we have multiple profiles we return the intersection of the 8487 // permitted lists. This can happen in cases where we have a device 8488 // and profile owner. 8489 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId); 8490 for (int profileId : profileIds) { 8491 // Just loop though all admins, only device or profiles 8492 // owners can have permitted lists set. 8493 DevicePolicyData policy = getUserDataUnchecked(profileId); 8494 final int N = policy.mAdminList.size(); 8495 for (int j = 0; j < N; j++) { 8496 ActiveAdmin admin = policy.mAdminList.get(j); 8497 List<String> fromAdmin = admin.permittedAccessiblityServices; 8498 if (fromAdmin != null) { 8499 if (result == null) { 8500 result = new ArrayList<>(fromAdmin); 8501 } else { 8502 result.retainAll(fromAdmin); 8503 } 8504 } 8505 } 8506 } 8507 8508 // If we have a permitted list add all system accessibility services. 8509 if (result != null) { 8510 long id = mInjector.binderClearCallingIdentity(); 8511 try { 8512 UserInfo user = getUserInfo(userId); 8513 if (user.isManagedProfile()) { 8514 userId = user.profileGroupId; 8515 } 8516 AccessibilityManager accessibilityManager = 8517 getAccessibilityManagerForUser(userId); 8518 List<AccessibilityServiceInfo> installedServices = 8519 accessibilityManager.getInstalledAccessibilityServiceList(); 8520 8521 if (installedServices != null) { 8522 for (AccessibilityServiceInfo service : installedServices) { 8523 ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo; 8524 ApplicationInfo applicationInfo = serviceInfo.applicationInfo; 8525 if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 8526 result.add(serviceInfo.packageName); 8527 } 8528 } 8529 } 8530 } finally { 8531 mInjector.binderRestoreCallingIdentity(id); 8532 } 8533 } 8534 8535 return result; 8536 } 8537 } 8538 8539 @Override 8540 public boolean isAccessibilityServicePermittedByAdmin(ComponentName who, String packageName, 8541 int userHandle) { 8542 if (!mHasFeature) { 8543 return true; 8544 } 8545 Preconditions.checkNotNull(who, "ComponentName is null"); 8546 Preconditions.checkStringNotEmpty(packageName, "packageName is null"); 8547 if (!isCallerWithSystemUid()){ 8548 throw new SecurityException( 8549 "Only the system can query if an accessibility service is disabled by admin"); 8550 } 8551 synchronized (getLockObject()) { 8552 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 8553 if (admin == null) { 8554 return false; 8555 } 8556 if (admin.permittedAccessiblityServices == null) { 8557 return true; 8558 } 8559 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8560 admin.permittedAccessiblityServices, userHandle); 8561 } 8562 } 8563 8564 private boolean checkCallerIsCurrentUserOrProfile() { 8565 final int callingUserId = UserHandle.getCallingUserId(); 8566 final long token = mInjector.binderClearCallingIdentity(); 8567 try { 8568 UserInfo currentUser; 8569 UserInfo callingUser = getUserInfo(callingUserId); 8570 try { 8571 currentUser = mInjector.getIActivityManager().getCurrentUser(); 8572 } catch (RemoteException e) { 8573 Slog.e(LOG_TAG, "Failed to talk to activity managed.", e); 8574 return false; 8575 } 8576 8577 if (callingUser.isManagedProfile() && callingUser.profileGroupId != currentUser.id) { 8578 Slog.e(LOG_TAG, "Cannot set permitted input methods for managed profile " 8579 + "of a user that isn't the foreground user."); 8580 return false; 8581 } 8582 if (!callingUser.isManagedProfile() && callingUserId != currentUser.id ) { 8583 Slog.e(LOG_TAG, "Cannot set permitted input methods " 8584 + "of a user that isn't the foreground user."); 8585 return false; 8586 } 8587 } finally { 8588 mInjector.binderRestoreCallingIdentity(token); 8589 } 8590 return true; 8591 } 8592 8593 @Override 8594 public boolean setPermittedInputMethods(ComponentName who, List packageList) { 8595 if (!mHasFeature) { 8596 return false; 8597 } 8598 Preconditions.checkNotNull(who, "ComponentName is null"); 8599 8600 // TODO When InputMethodManager supports per user calls remove 8601 // this restriction. 8602 if (!checkCallerIsCurrentUserOrProfile()) { 8603 return false; 8604 } 8605 8606 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8607 if (packageList != null) { 8608 // InputMethodManager fetches input methods for current user. 8609 // So this can only be set when calling user is the current user 8610 // or parent is current user in case of managed profiles. 8611 InputMethodManager inputMethodManager = 8612 mContext.getSystemService(InputMethodManager.class); 8613 List<InputMethodInfo> enabledImes = inputMethodManager.getEnabledInputMethodList(); 8614 8615 if (enabledImes != null) { 8616 List<String> enabledPackages = new ArrayList<String>(); 8617 for (InputMethodInfo ime : enabledImes) { 8618 enabledPackages.add(ime.getPackageName()); 8619 } 8620 if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList, 8621 callingUserId)) { 8622 Slog.e(LOG_TAG, "Cannot set permitted input methods, " 8623 + "because it contains already enabled input method."); 8624 return false; 8625 } 8626 } 8627 } 8628 8629 synchronized (getLockObject()) { 8630 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8631 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8632 admin.permittedInputMethods = packageList; 8633 saveSettingsLocked(callingUserId); 8634 } 8635 return true; 8636 } 8637 8638 @Override 8639 public List getPermittedInputMethods(ComponentName who) { 8640 if (!mHasFeature) { 8641 return null; 8642 } 8643 Preconditions.checkNotNull(who, "ComponentName is null"); 8644 8645 synchronized (getLockObject()) { 8646 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8647 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8648 return admin.permittedInputMethods; 8649 } 8650 } 8651 8652 @Override 8653 public List getPermittedInputMethodsForCurrentUser() { 8654 enforceManageUsers(); 8655 UserInfo currentUser; 8656 try { 8657 currentUser = mInjector.getIActivityManager().getCurrentUser(); 8658 } catch (RemoteException e) { 8659 Slog.e(LOG_TAG, "Failed to make remote calls to get current user", e); 8660 // Activity managed is dead, just allow all IMEs 8661 return null; 8662 } 8663 8664 int userId = currentUser.id; 8665 synchronized (getLockObject()) { 8666 List<String> result = null; 8667 // If we have multiple profiles we return the intersection of the 8668 // permitted lists. This can happen in cases where we have a device 8669 // and profile owner. 8670 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId); 8671 for (int profileId : profileIds) { 8672 // Just loop though all admins, only device or profiles 8673 // owners can have permitted lists set. 8674 DevicePolicyData policy = getUserDataUnchecked(profileId); 8675 final int N = policy.mAdminList.size(); 8676 for (int j = 0; j < N; j++) { 8677 ActiveAdmin admin = policy.mAdminList.get(j); 8678 List<String> fromAdmin = admin.permittedInputMethods; 8679 if (fromAdmin != null) { 8680 if (result == null) { 8681 result = new ArrayList<String>(fromAdmin); 8682 } else { 8683 result.retainAll(fromAdmin); 8684 } 8685 } 8686 } 8687 } 8688 8689 // If we have a permitted list add all system input methods. 8690 if (result != null) { 8691 InputMethodManager inputMethodManager = 8692 mContext.getSystemService(InputMethodManager.class); 8693 List<InputMethodInfo> imes = inputMethodManager.getInputMethodList(); 8694 long id = mInjector.binderClearCallingIdentity(); 8695 try { 8696 if (imes != null) { 8697 for (InputMethodInfo ime : imes) { 8698 ServiceInfo serviceInfo = ime.getServiceInfo(); 8699 ApplicationInfo applicationInfo = serviceInfo.applicationInfo; 8700 if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 8701 result.add(serviceInfo.packageName); 8702 } 8703 } 8704 } 8705 } finally { 8706 mInjector.binderRestoreCallingIdentity(id); 8707 } 8708 } 8709 return result; 8710 } 8711 } 8712 8713 @Override 8714 public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName, 8715 int userHandle) { 8716 if (!mHasFeature) { 8717 return true; 8718 } 8719 Preconditions.checkNotNull(who, "ComponentName is null"); 8720 Preconditions.checkStringNotEmpty(packageName, "packageName is null"); 8721 if (!isCallerWithSystemUid()) { 8722 throw new SecurityException( 8723 "Only the system can query if an input method is disabled by admin"); 8724 } 8725 synchronized (getLockObject()) { 8726 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 8727 if (admin == null) { 8728 return false; 8729 } 8730 if (admin.permittedInputMethods == null) { 8731 return true; 8732 } 8733 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8734 admin.permittedInputMethods, userHandle); 8735 } 8736 } 8737 8738 @Override 8739 public boolean setPermittedCrossProfileNotificationListeners( 8740 ComponentName who, List<String> packageList) { 8741 if (!mHasFeature) { 8742 return false; 8743 } 8744 Preconditions.checkNotNull(who, "ComponentName is null"); 8745 8746 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8747 if (!isManagedProfile(callingUserId)) { 8748 return false; 8749 } 8750 8751 synchronized (getLockObject()) { 8752 ActiveAdmin admin = getActiveAdminForCallerLocked( 8753 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8754 admin.permittedNotificationListeners = packageList; 8755 saveSettingsLocked(callingUserId); 8756 } 8757 return true; 8758 } 8759 8760 @Override 8761 public List<String> getPermittedCrossProfileNotificationListeners(ComponentName who) { 8762 if (!mHasFeature) { 8763 return null; 8764 } 8765 Preconditions.checkNotNull(who, "ComponentName is null"); 8766 8767 synchronized (getLockObject()) { 8768 ActiveAdmin admin = getActiveAdminForCallerLocked( 8769 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8770 return admin.permittedNotificationListeners; 8771 } 8772 } 8773 8774 @Override 8775 public boolean isNotificationListenerServicePermitted(String packageName, int userId) { 8776 if (!mHasFeature) { 8777 return true; 8778 } 8779 8780 Preconditions.checkStringNotEmpty(packageName, "packageName is null or empty"); 8781 if (!isCallerWithSystemUid()) { 8782 throw new SecurityException( 8783 "Only the system can query if a notification listener service is permitted"); 8784 } 8785 synchronized (getLockObject()) { 8786 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 8787 if (profileOwner == null || profileOwner.permittedNotificationListeners == null) { 8788 return true; 8789 } 8790 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8791 profileOwner.permittedNotificationListeners, userId); 8792 8793 } 8794 } 8795 8796 private void maybeSendAdminEnabledBroadcastLocked(int userHandle) { 8797 DevicePolicyData policyData = getUserData(userHandle); 8798 if (policyData.mAdminBroadcastPending) { 8799 // Send the initialization data to profile owner and delete the data 8800 ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle); 8801 boolean clearInitBundle = true; 8802 if (admin != null) { 8803 PersistableBundle initBundle = policyData.mInitBundle; 8804 clearInitBundle = sendAdminCommandLocked(admin, 8805 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 8806 initBundle == null ? null : new Bundle(initBundle), 8807 null /* result receiver */, 8808 true /* send in foreground */); 8809 } 8810 if (clearInitBundle) { 8811 // If there's no admin or we've successfully called the admin, clear the init bundle 8812 // otherwise, keep it around 8813 policyData.mInitBundle = null; 8814 policyData.mAdminBroadcastPending = false; 8815 saveSettingsLocked(userHandle); 8816 } 8817 } 8818 } 8819 8820 @Override 8821 public UserHandle createAndManageUser(ComponentName admin, String name, 8822 ComponentName profileOwner, PersistableBundle adminExtras, int flags) { 8823 Preconditions.checkNotNull(admin, "admin is null"); 8824 Preconditions.checkNotNull(profileOwner, "profileOwner is null"); 8825 if (!admin.getPackageName().equals(profileOwner.getPackageName())) { 8826 throw new IllegalArgumentException("profileOwner " + profileOwner + " and admin " 8827 + admin + " are not in the same package"); 8828 } 8829 // Only allow the system user to use this method 8830 if (!mInjector.binderGetCallingUserHandle().isSystem()) { 8831 throw new SecurityException("createAndManageUser was called from non-system user"); 8832 } 8833 final boolean ephemeral = (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0; 8834 final boolean demo = (flags & DevicePolicyManager.MAKE_USER_DEMO) != 0 8835 && UserManager.isDeviceInDemoMode(mContext); 8836 final boolean leaveAllSystemAppsEnabled = (flags & LEAVE_ALL_SYSTEM_APPS_ENABLED) != 0; 8837 final int targetSdkVersion; 8838 8839 // Create user. 8840 UserHandle user = null; 8841 synchronized (getLockObject()) { 8842 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8843 8844 final int callingUid = mInjector.binderGetCallingUid(); 8845 final long id = mInjector.binderClearCallingIdentity(); 8846 try { 8847 targetSdkVersion = mInjector.getPackageManagerInternal().getUidTargetSdkVersion( 8848 callingUid); 8849 8850 // Return detail error code for checks inside 8851 // UserManagerService.createUserInternalUnchecked. 8852 DeviceStorageMonitorInternal deviceStorageMonitorInternal = 8853 LocalServices.getService(DeviceStorageMonitorInternal.class); 8854 if (deviceStorageMonitorInternal.isMemoryLow()) { 8855 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8856 throw new ServiceSpecificException( 8857 UserManager.USER_OPERATION_ERROR_LOW_STORAGE, "low device storage"); 8858 } else { 8859 return null; 8860 } 8861 } 8862 if (!mUserManager.canAddMoreUsers()) { 8863 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8864 throw new ServiceSpecificException( 8865 UserManager.USER_OPERATION_ERROR_MAX_USERS, "user limit reached"); 8866 } else { 8867 return null; 8868 } 8869 } 8870 8871 int userInfoFlags = 0; 8872 if (ephemeral) { 8873 userInfoFlags |= UserInfo.FLAG_EPHEMERAL; 8874 } 8875 if (demo) { 8876 userInfoFlags |= UserInfo.FLAG_DEMO; 8877 } 8878 String[] disallowedPackages = null; 8879 if (!leaveAllSystemAppsEnabled) { 8880 disallowedPackages = mOverlayPackagesProvider.getNonRequiredApps(admin, 8881 UserHandle.myUserId(), ACTION_PROVISION_MANAGED_USER).toArray( 8882 new String[0]); 8883 } 8884 UserInfo userInfo = mUserManagerInternal.createUserEvenWhenDisallowed(name, 8885 userInfoFlags, disallowedPackages); 8886 if (userInfo != null) { 8887 user = userInfo.getUserHandle(); 8888 } 8889 } finally { 8890 mInjector.binderRestoreCallingIdentity(id); 8891 } 8892 } 8893 if (user == null) { 8894 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8895 throw new ServiceSpecificException(UserManager.USER_OPERATION_ERROR_UNKNOWN, 8896 "failed to create user"); 8897 } else { 8898 return null; 8899 } 8900 } 8901 8902 final int userHandle = user.getIdentifier(); 8903 final Intent intent = new Intent(DevicePolicyManager.ACTION_MANAGED_USER_CREATED) 8904 .putExtra(Intent.EXTRA_USER_HANDLE, userHandle) 8905 .putExtra( 8906 DevicePolicyManager.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED, 8907 leaveAllSystemAppsEnabled) 8908 .setPackage(getManagedProvisioningPackage(mContext)) 8909 .addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 8910 mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM); 8911 8912 final long id = mInjector.binderClearCallingIdentity(); 8913 try { 8914 final String adminPkg = admin.getPackageName(); 8915 try { 8916 // Install the profile owner if not present. 8917 if (!mIPackageManager.isPackageAvailable(adminPkg, userHandle)) { 8918 mIPackageManager.installExistingPackageAsUser(adminPkg, userHandle, 8919 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 8920 } 8921 } catch (RemoteException e) { 8922 // Does not happen, same process 8923 } 8924 8925 // Set admin. 8926 setActiveAdmin(profileOwner, true, userHandle); 8927 final String ownerName = getProfileOwnerName(Process.myUserHandle().getIdentifier()); 8928 setProfileOwner(profileOwner, ownerName, userHandle); 8929 8930 synchronized (getLockObject()) { 8931 DevicePolicyData policyData = getUserData(userHandle); 8932 policyData.mInitBundle = adminExtras; 8933 policyData.mAdminBroadcastPending = true; 8934 saveSettingsLocked(userHandle); 8935 } 8936 8937 if ((flags & DevicePolicyManager.SKIP_SETUP_WIZARD) != 0) { 8938 Settings.Secure.putIntForUser(mContext.getContentResolver(), 8939 Settings.Secure.USER_SETUP_COMPLETE, 1, userHandle); 8940 } 8941 8942 return user; 8943 } catch (Throwable re) { 8944 mUserManager.removeUser(userHandle); 8945 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8946 throw new ServiceSpecificException(UserManager.USER_OPERATION_ERROR_UNKNOWN, 8947 re.getMessage()); 8948 } else { 8949 return null; 8950 } 8951 } finally { 8952 mInjector.binderRestoreCallingIdentity(id); 8953 } 8954 } 8955 8956 @Override 8957 public boolean removeUser(ComponentName who, UserHandle userHandle) { 8958 Preconditions.checkNotNull(who, "ComponentName is null"); 8959 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 8960 8961 synchronized (getLockObject()) { 8962 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8963 } 8964 8965 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8966 final long id = mInjector.binderClearCallingIdentity(); 8967 try { 8968 String restriction = isManagedProfile(userHandle.getIdentifier()) 8969 ? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE 8970 : UserManager.DISALLOW_REMOVE_USER; 8971 if (isAdminAffectedByRestriction(who, restriction, callingUserId)) { 8972 Log.w(LOG_TAG, "The device owner cannot remove a user because " 8973 + restriction + " is enabled, and was not set by the device owner"); 8974 return false; 8975 } 8976 return mUserManagerInternal.removeUserEvenWhenDisallowed(userHandle.getIdentifier()); 8977 } finally { 8978 mInjector.binderRestoreCallingIdentity(id); 8979 } 8980 } 8981 8982 private boolean isAdminAffectedByRestriction( 8983 ComponentName admin, String userRestriction, int userId) { 8984 switch(mUserManager.getUserRestrictionSource(userRestriction, UserHandle.of(userId))) { 8985 case UserManager.RESTRICTION_NOT_SET: 8986 return false; 8987 case UserManager.RESTRICTION_SOURCE_DEVICE_OWNER: 8988 return !isDeviceOwner(admin, userId); 8989 case UserManager.RESTRICTION_SOURCE_PROFILE_OWNER: 8990 return !isProfileOwner(admin, userId); 8991 default: 8992 return true; 8993 } 8994 } 8995 8996 @Override 8997 public boolean switchUser(ComponentName who, UserHandle userHandle) { 8998 Preconditions.checkNotNull(who, "ComponentName is null"); 8999 9000 synchronized (getLockObject()) { 9001 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9002 9003 long id = mInjector.binderClearCallingIdentity(); 9004 try { 9005 int userId = UserHandle.USER_SYSTEM; 9006 if (userHandle != null) { 9007 userId = userHandle.getIdentifier(); 9008 } 9009 return mInjector.getIActivityManager().switchUser(userId); 9010 } catch (RemoteException e) { 9011 Log.e(LOG_TAG, "Couldn't switch user", e); 9012 return false; 9013 } finally { 9014 mInjector.binderRestoreCallingIdentity(id); 9015 } 9016 } 9017 } 9018 9019 @Override 9020 public int startUserInBackground(ComponentName who, UserHandle userHandle) { 9021 Preconditions.checkNotNull(who, "ComponentName is null"); 9022 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 9023 9024 synchronized (getLockObject()) { 9025 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9026 } 9027 9028 final int userId = userHandle.getIdentifier(); 9029 if (isManagedProfile(userId)) { 9030 Log.w(LOG_TAG, "Managed profile cannot be started in background"); 9031 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9032 } 9033 9034 final long id = mInjector.binderClearCallingIdentity(); 9035 try { 9036 if (!mInjector.getActivityManagerInternal().canStartMoreUsers()) { 9037 Log.w(LOG_TAG, "Cannot start more users in background"); 9038 return UserManager.USER_OPERATION_ERROR_MAX_RUNNING_USERS; 9039 } 9040 9041 if (mInjector.getIActivityManager().startUserInBackground(userId)) { 9042 return UserManager.USER_OPERATION_SUCCESS; 9043 } else { 9044 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9045 } 9046 } catch (RemoteException e) { 9047 // Same process, should not happen. 9048 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9049 } finally { 9050 mInjector.binderRestoreCallingIdentity(id); 9051 } 9052 } 9053 9054 @Override 9055 public int stopUser(ComponentName who, UserHandle userHandle) { 9056 Preconditions.checkNotNull(who, "ComponentName is null"); 9057 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 9058 9059 synchronized (getLockObject()) { 9060 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9061 } 9062 9063 final int userId = userHandle.getIdentifier(); 9064 if (isManagedProfile(userId)) { 9065 Log.w(LOG_TAG, "Managed profile cannot be stopped"); 9066 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9067 } 9068 9069 return stopUserUnchecked(userId); 9070 } 9071 9072 @Override 9073 public int logoutUser(ComponentName who) { 9074 Preconditions.checkNotNull(who, "ComponentName is null"); 9075 9076 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9077 synchronized (getLockObject()) { 9078 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9079 if (!isUserAffiliatedWithDeviceLocked(callingUserId)) { 9080 throw new SecurityException("Admin " + who + 9081 " is neither the device owner or affiliated user's profile owner."); 9082 } 9083 } 9084 9085 if (isManagedProfile(callingUserId)) { 9086 Log.w(LOG_TAG, "Managed profile cannot be logout"); 9087 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9088 } 9089 9090 final long id = mInjector.binderClearCallingIdentity(); 9091 try { 9092 if (!mInjector.getIActivityManager().switchUser(UserHandle.USER_SYSTEM)) { 9093 Log.w(LOG_TAG, "Failed to switch to primary user"); 9094 // This should never happen as target user is UserHandle.USER_SYSTEM 9095 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9096 } 9097 } catch (RemoteException e) { 9098 // Same process, should not happen. 9099 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9100 } finally { 9101 mInjector.binderRestoreCallingIdentity(id); 9102 } 9103 9104 return stopUserUnchecked(callingUserId); 9105 } 9106 9107 private int stopUserUnchecked(int userId) { 9108 final long id = mInjector.binderClearCallingIdentity(); 9109 try { 9110 switch (mInjector.getIActivityManager().stopUser(userId, true /*force*/, null)) { 9111 case ActivityManager.USER_OP_SUCCESS: 9112 return UserManager.USER_OPERATION_SUCCESS; 9113 case ActivityManager.USER_OP_IS_CURRENT: 9114 return UserManager.USER_OPERATION_ERROR_CURRENT_USER; 9115 default: 9116 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9117 } 9118 } catch (RemoteException e) { 9119 // Same process, should not happen. 9120 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9121 } finally { 9122 mInjector.binderRestoreCallingIdentity(id); 9123 } 9124 } 9125 9126 @Override 9127 public List<UserHandle> getSecondaryUsers(ComponentName who) { 9128 Preconditions.checkNotNull(who, "ComponentName is null"); 9129 synchronized (getLockObject()) { 9130 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9131 } 9132 9133 final long id = mInjector.binderClearCallingIdentity(); 9134 try { 9135 final List<UserInfo> userInfos = mInjector.getUserManager().getUsers(true 9136 /*excludeDying*/); 9137 final List<UserHandle> userHandles = new ArrayList<>(); 9138 for (UserInfo userInfo : userInfos) { 9139 UserHandle userHandle = userInfo.getUserHandle(); 9140 if (!userHandle.isSystem() && !isManagedProfile(userHandle.getIdentifier())) { 9141 userHandles.add(userInfo.getUserHandle()); 9142 } 9143 } 9144 return userHandles; 9145 } finally { 9146 mInjector.binderRestoreCallingIdentity(id); 9147 } 9148 } 9149 9150 @Override 9151 public boolean isEphemeralUser(ComponentName who) { 9152 Preconditions.checkNotNull(who, "ComponentName is null"); 9153 synchronized (getLockObject()) { 9154 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9155 } 9156 9157 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9158 final long id = mInjector.binderClearCallingIdentity(); 9159 try { 9160 return mInjector.getUserManager().isUserEphemeral(callingUserId); 9161 } finally { 9162 mInjector.binderRestoreCallingIdentity(id); 9163 } 9164 } 9165 9166 @Override 9167 public Bundle getApplicationRestrictions(ComponentName who, String callerPackage, 9168 String packageName) { 9169 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9170 DELEGATION_APP_RESTRICTIONS); 9171 9172 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 9173 final long id = mInjector.binderClearCallingIdentity(); 9174 try { 9175 Bundle bundle = mUserManager.getApplicationRestrictions(packageName, userHandle); 9176 // if no restrictions were saved, mUserManager.getApplicationRestrictions 9177 // returns null, but DPM method should return an empty Bundle as per JavaDoc 9178 return bundle != null ? bundle : Bundle.EMPTY; 9179 } finally { 9180 mInjector.binderRestoreCallingIdentity(id); 9181 } 9182 } 9183 9184 @Override 9185 public String[] setPackagesSuspended(ComponentName who, String callerPackage, 9186 String[] packageNames, boolean suspended) { 9187 int callingUserId = UserHandle.getCallingUserId(); 9188 synchronized (getLockObject()) { 9189 // Ensure the caller is a DO/PO or a package access delegate. 9190 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9191 DELEGATION_PACKAGE_ACCESS); 9192 9193 long id = mInjector.binderClearCallingIdentity(); 9194 try { 9195 return mIPackageManager.setPackagesSuspendedAsUser( 9196 packageNames, suspended, null, null, null, "android", callingUserId); 9197 } catch (RemoteException re) { 9198 // Shouldn't happen. 9199 Slog.e(LOG_TAG, "Failed talking to the package manager", re); 9200 } finally { 9201 mInjector.binderRestoreCallingIdentity(id); 9202 } 9203 return packageNames; 9204 } 9205 } 9206 9207 @Override 9208 public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) { 9209 int callingUserId = UserHandle.getCallingUserId(); 9210 synchronized (getLockObject()) { 9211 // Ensure the caller is a DO/PO or a package access delegate. 9212 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9213 DELEGATION_PACKAGE_ACCESS); 9214 9215 long id = mInjector.binderClearCallingIdentity(); 9216 try { 9217 return mIPackageManager.isPackageSuspendedForUser(packageName, callingUserId); 9218 } catch (RemoteException re) { 9219 // Shouldn't happen. 9220 Slog.e(LOG_TAG, "Failed talking to the package manager", re); 9221 } finally { 9222 mInjector.binderRestoreCallingIdentity(id); 9223 } 9224 return false; 9225 } 9226 } 9227 9228 @Override 9229 public void setUserRestriction(ComponentName who, String key, boolean enabledFromThisOwner) { 9230 Preconditions.checkNotNull(who, "ComponentName is null"); 9231 if (!UserRestrictionsUtils.isValidRestriction(key)) { 9232 return; 9233 } 9234 9235 final int userHandle = mInjector.userHandleGetCallingUserId(); 9236 synchronized (getLockObject()) { 9237 final ActiveAdmin activeAdmin = 9238 getActiveAdminForCallerLocked(who, 9239 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9240 final boolean isDeviceOwner = isDeviceOwner(who, userHandle); 9241 if (isDeviceOwner) { 9242 if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) { 9243 throw new SecurityException("Device owner cannot set user restriction " + key); 9244 } 9245 } else { // profile owner 9246 if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) { 9247 throw new SecurityException("Profile owner cannot set user restriction " + key); 9248 } 9249 } 9250 9251 // Save the restriction to ActiveAdmin. 9252 final Bundle restrictions = activeAdmin.ensureUserRestrictions(); 9253 if (enabledFromThisOwner) { 9254 restrictions.putBoolean(key, true); 9255 } else { 9256 restrictions.remove(key); 9257 } 9258 saveUserRestrictionsLocked(userHandle); 9259 } 9260 if (SecurityLog.isLoggingEnabled()) { 9261 final int eventTag = enabledFromThisOwner 9262 ? SecurityLog.TAG_USER_RESTRICTION_ADDED 9263 : SecurityLog.TAG_USER_RESTRICTION_REMOVED; 9264 SecurityLog.writeEvent(eventTag, who.getPackageName(), userHandle, key); 9265 } 9266 } 9267 9268 private void saveUserRestrictionsLocked(int userId) { 9269 saveSettingsLocked(userId); 9270 pushUserRestrictions(userId); 9271 sendChangedNotification(userId); 9272 } 9273 9274 private void pushUserRestrictions(int userId) { 9275 synchronized (getLockObject()) { 9276 final boolean isDeviceOwner = mOwners.isDeviceOwnerUserId(userId); 9277 final Bundle userRestrictions; 9278 // Whether device owner enforces camera restriction. 9279 boolean disallowCameraGlobally = false; 9280 9281 if (isDeviceOwner) { 9282 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 9283 if (deviceOwner == null) { 9284 return; // Shouldn't happen. 9285 } 9286 userRestrictions = deviceOwner.userRestrictions; 9287 // DO can disable camera globally. 9288 disallowCameraGlobally = deviceOwner.disableCamera; 9289 } else { 9290 final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 9291 userRestrictions = profileOwner != null ? profileOwner.userRestrictions : null; 9292 } 9293 9294 // Whether any admin enforces camera restriction. 9295 final int cameraRestrictionScope = 9296 getCameraRestrictionScopeLocked(userId, disallowCameraGlobally); 9297 9298 mUserManagerInternal.setDevicePolicyUserRestrictions(userId, userRestrictions, 9299 isDeviceOwner, cameraRestrictionScope); 9300 } 9301 } 9302 9303 /** 9304 * Get the scope of camera restriction for a given user if any. 9305 */ 9306 private int getCameraRestrictionScopeLocked(int userId, boolean disallowCameraGlobally) { 9307 if (disallowCameraGlobally) { 9308 return UserManagerInternal.CAMERA_DISABLED_GLOBALLY; 9309 } else if (getCameraDisabled( 9310 /* who= */ null, userId, /* mergeDeviceOwnerRestriction= */ false)) { 9311 return UserManagerInternal.CAMERA_DISABLED_LOCALLY; 9312 } 9313 return UserManagerInternal.CAMERA_NOT_DISABLED; 9314 } 9315 9316 @Override 9317 public Bundle getUserRestrictions(ComponentName who) { 9318 if (!mHasFeature) { 9319 return null; 9320 } 9321 Preconditions.checkNotNull(who, "ComponentName is null"); 9322 synchronized (getLockObject()) { 9323 final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who, 9324 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9325 return activeAdmin.userRestrictions; 9326 } 9327 } 9328 9329 @Override 9330 public boolean setApplicationHidden(ComponentName who, String callerPackage, String packageName, 9331 boolean hidden) { 9332 int callingUserId = UserHandle.getCallingUserId(); 9333 synchronized (getLockObject()) { 9334 // Ensure the caller is a DO/PO or a package access delegate. 9335 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9336 DELEGATION_PACKAGE_ACCESS); 9337 9338 long id = mInjector.binderClearCallingIdentity(); 9339 try { 9340 return mIPackageManager.setApplicationHiddenSettingAsUser( 9341 packageName, hidden, callingUserId); 9342 } catch (RemoteException re) { 9343 // shouldn't happen 9344 Slog.e(LOG_TAG, "Failed to setApplicationHiddenSetting", re); 9345 } finally { 9346 mInjector.binderRestoreCallingIdentity(id); 9347 } 9348 return false; 9349 } 9350 } 9351 9352 @Override 9353 public boolean isApplicationHidden(ComponentName who, String callerPackage, 9354 String packageName) { 9355 int callingUserId = UserHandle.getCallingUserId(); 9356 synchronized (getLockObject()) { 9357 // Ensure the caller is a DO/PO or a package access delegate. 9358 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9359 DELEGATION_PACKAGE_ACCESS); 9360 9361 long id = mInjector.binderClearCallingIdentity(); 9362 try { 9363 return mIPackageManager.getApplicationHiddenSettingAsUser( 9364 packageName, callingUserId); 9365 } catch (RemoteException re) { 9366 // shouldn't happen 9367 Slog.e(LOG_TAG, "Failed to getApplicationHiddenSettingAsUser", re); 9368 } finally { 9369 mInjector.binderRestoreCallingIdentity(id); 9370 } 9371 return false; 9372 } 9373 } 9374 9375 @Override 9376 public void enableSystemApp(ComponentName who, String callerPackage, String packageName) { 9377 synchronized (getLockObject()) { 9378 // Ensure the caller is a DO/PO or an enable system app delegate. 9379 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9380 DELEGATION_ENABLE_SYSTEM_APP); 9381 9382 final boolean isDemo = isCurrentUserDemo(); 9383 9384 int userId = UserHandle.getCallingUserId(); 9385 long id = mInjector.binderClearCallingIdentity(); 9386 9387 try { 9388 if (VERBOSE_LOG) { 9389 Slog.v(LOG_TAG, "installing " + packageName + " for " 9390 + userId); 9391 } 9392 9393 int parentUserId = getProfileParentId(userId); 9394 if (!isDemo && !isSystemApp(mIPackageManager, packageName, parentUserId)) { 9395 throw new IllegalArgumentException("Only system apps can be enabled this way."); 9396 } 9397 9398 // Install the app. 9399 mIPackageManager.installExistingPackageAsUser(packageName, userId, 9400 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 9401 if (isDemo) { 9402 // Ensure the app is also ENABLED for demo users. 9403 mIPackageManager.setApplicationEnabledSetting(packageName, 9404 PackageManager.COMPONENT_ENABLED_STATE_ENABLED, 9405 PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager"); 9406 } 9407 } catch (RemoteException re) { 9408 // shouldn't happen 9409 Slog.wtf(LOG_TAG, "Failed to install " + packageName, re); 9410 } finally { 9411 mInjector.binderRestoreCallingIdentity(id); 9412 } 9413 } 9414 } 9415 9416 @Override 9417 public int enableSystemAppWithIntent(ComponentName who, String callerPackage, Intent intent) { 9418 synchronized (getLockObject()) { 9419 // Ensure the caller is a DO/PO or an enable system app delegate. 9420 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9421 DELEGATION_ENABLE_SYSTEM_APP); 9422 9423 int userId = UserHandle.getCallingUserId(); 9424 long id = mInjector.binderClearCallingIdentity(); 9425 9426 try { 9427 int parentUserId = getProfileParentId(userId); 9428 List<ResolveInfo> activitiesToEnable = mIPackageManager 9429 .queryIntentActivities(intent, 9430 intent.resolveTypeIfNeeded(mContext.getContentResolver()), 9431 PackageManager.MATCH_DIRECT_BOOT_AWARE 9432 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 9433 parentUserId) 9434 .getList(); 9435 9436 if (VERBOSE_LOG) { 9437 Slog.d(LOG_TAG, "Enabling system activities: " + activitiesToEnable); 9438 } 9439 int numberOfAppsInstalled = 0; 9440 if (activitiesToEnable != null) { 9441 for (ResolveInfo info : activitiesToEnable) { 9442 if (info.activityInfo != null) { 9443 String packageName = info.activityInfo.packageName; 9444 if (isSystemApp(mIPackageManager, packageName, parentUserId)) { 9445 numberOfAppsInstalled++; 9446 mIPackageManager.installExistingPackageAsUser(packageName, userId, 9447 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 9448 } else { 9449 Slog.d(LOG_TAG, "Not enabling " + packageName + " since is not a" 9450 + " system app"); 9451 } 9452 } 9453 } 9454 } 9455 return numberOfAppsInstalled; 9456 } catch (RemoteException e) { 9457 // shouldn't happen 9458 Slog.wtf(LOG_TAG, "Failed to resolve intent for: " + intent); 9459 return 0; 9460 } finally { 9461 mInjector.binderRestoreCallingIdentity(id); 9462 } 9463 } 9464 } 9465 9466 private boolean isSystemApp(IPackageManager pm, String packageName, int userId) 9467 throws RemoteException { 9468 ApplicationInfo appInfo = pm.getApplicationInfo(packageName, MATCH_UNINSTALLED_PACKAGES, 9469 userId); 9470 if (appInfo == null) { 9471 throw new IllegalArgumentException("The application " + packageName + 9472 " is not present on this device"); 9473 } 9474 return (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 9475 } 9476 9477 @Override 9478 public boolean installExistingPackage(ComponentName who, String callerPackage, 9479 String packageName) { 9480 synchronized (getLockObject()) { 9481 // Ensure the caller is a PO or an install existing package delegate 9482 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9483 DELEGATION_INSTALL_EXISTING_PACKAGE); 9484 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9485 if (!isUserAffiliatedWithDeviceLocked(callingUserId)) { 9486 throw new SecurityException("Admin " + who + 9487 " is neither the device owner or affiliated user's profile owner."); 9488 } 9489 9490 final long id = mInjector.binderClearCallingIdentity(); 9491 try { 9492 if (VERBOSE_LOG) { 9493 Slog.v(LOG_TAG, "installing " + packageName + " for " 9494 + callingUserId); 9495 } 9496 9497 // Install the package. 9498 return mIPackageManager.installExistingPackageAsUser(packageName, callingUserId, 9499 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY) 9500 == PackageManager.INSTALL_SUCCEEDED; 9501 } catch (RemoteException re) { 9502 // shouldn't happen 9503 return false; 9504 } finally { 9505 mInjector.binderRestoreCallingIdentity(id); 9506 } 9507 } 9508 } 9509 9510 @Override 9511 public void setAccountManagementDisabled(ComponentName who, String accountType, 9512 boolean disabled) { 9513 if (!mHasFeature) { 9514 return; 9515 } 9516 Preconditions.checkNotNull(who, "ComponentName is null"); 9517 synchronized (getLockObject()) { 9518 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 9519 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9520 if (disabled) { 9521 ap.accountTypesWithManagementDisabled.add(accountType); 9522 } else { 9523 ap.accountTypesWithManagementDisabled.remove(accountType); 9524 } 9525 saveSettingsLocked(UserHandle.getCallingUserId()); 9526 } 9527 } 9528 9529 @Override 9530 public String[] getAccountTypesWithManagementDisabled() { 9531 return getAccountTypesWithManagementDisabledAsUser(UserHandle.getCallingUserId()); 9532 } 9533 9534 @Override 9535 public String[] getAccountTypesWithManagementDisabledAsUser(int userId) { 9536 enforceFullCrossUsersPermission(userId); 9537 if (!mHasFeature) { 9538 return null; 9539 } 9540 synchronized (getLockObject()) { 9541 DevicePolicyData policy = getUserData(userId); 9542 final int N = policy.mAdminList.size(); 9543 ArraySet<String> resultSet = new ArraySet<>(); 9544 for (int i = 0; i < N; i++) { 9545 ActiveAdmin admin = policy.mAdminList.get(i); 9546 resultSet.addAll(admin.accountTypesWithManagementDisabled); 9547 } 9548 return resultSet.toArray(new String[resultSet.size()]); 9549 } 9550 } 9551 9552 @Override 9553 public void setUninstallBlocked(ComponentName who, String callerPackage, String packageName, 9554 boolean uninstallBlocked) { 9555 final int userId = UserHandle.getCallingUserId(); 9556 synchronized (getLockObject()) { 9557 // Ensure the caller is a DO/PO or a block uninstall delegate 9558 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9559 DELEGATION_BLOCK_UNINSTALL); 9560 9561 long id = mInjector.binderClearCallingIdentity(); 9562 try { 9563 mIPackageManager.setBlockUninstallForUser(packageName, uninstallBlocked, userId); 9564 } catch (RemoteException re) { 9565 // Shouldn't happen. 9566 Slog.e(LOG_TAG, "Failed to setBlockUninstallForUser", re); 9567 } finally { 9568 mInjector.binderRestoreCallingIdentity(id); 9569 } 9570 } 9571 } 9572 9573 @Override 9574 public boolean isUninstallBlocked(ComponentName who, String packageName) { 9575 // This function should return true if and only if the package is blocked by 9576 // setUninstallBlocked(). It should still return false for other cases of blocks, such as 9577 // when the package is a system app, or when it is an active device admin. 9578 final int userId = UserHandle.getCallingUserId(); 9579 9580 synchronized (getLockObject()) { 9581 if (who != null) { 9582 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9583 } 9584 9585 long id = mInjector.binderClearCallingIdentity(); 9586 try { 9587 return mIPackageManager.getBlockUninstallForUser(packageName, userId); 9588 } catch (RemoteException re) { 9589 // Shouldn't happen. 9590 Slog.e(LOG_TAG, "Failed to getBlockUninstallForUser", re); 9591 } finally { 9592 mInjector.binderRestoreCallingIdentity(id); 9593 } 9594 } 9595 return false; 9596 } 9597 9598 @Override 9599 public void setCrossProfileCallerIdDisabled(ComponentName who, boolean disabled) { 9600 if (!mHasFeature) { 9601 return; 9602 } 9603 Preconditions.checkNotNull(who, "ComponentName is null"); 9604 synchronized (getLockObject()) { 9605 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9606 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9607 if (admin.disableCallerId != disabled) { 9608 admin.disableCallerId = disabled; 9609 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 9610 } 9611 } 9612 } 9613 9614 @Override 9615 public boolean getCrossProfileCallerIdDisabled(ComponentName who) { 9616 if (!mHasFeature) { 9617 return false; 9618 } 9619 Preconditions.checkNotNull(who, "ComponentName is null"); 9620 synchronized (getLockObject()) { 9621 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9622 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9623 return admin.disableCallerId; 9624 } 9625 } 9626 9627 @Override 9628 public boolean getCrossProfileCallerIdDisabledForUser(int userId) { 9629 enforceCrossUsersPermission(userId); 9630 synchronized (getLockObject()) { 9631 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9632 return (admin != null) ? admin.disableCallerId : false; 9633 } 9634 } 9635 9636 @Override 9637 public void setCrossProfileContactsSearchDisabled(ComponentName who, boolean disabled) { 9638 if (!mHasFeature) { 9639 return; 9640 } 9641 Preconditions.checkNotNull(who, "ComponentName is null"); 9642 synchronized (getLockObject()) { 9643 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9644 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9645 if (admin.disableContactsSearch != disabled) { 9646 admin.disableContactsSearch = disabled; 9647 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 9648 } 9649 } 9650 } 9651 9652 @Override 9653 public boolean getCrossProfileContactsSearchDisabled(ComponentName who) { 9654 if (!mHasFeature) { 9655 return false; 9656 } 9657 Preconditions.checkNotNull(who, "ComponentName is null"); 9658 synchronized (getLockObject()) { 9659 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9660 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9661 return admin.disableContactsSearch; 9662 } 9663 } 9664 9665 @Override 9666 public boolean getCrossProfileContactsSearchDisabledForUser(int userId) { 9667 enforceCrossUsersPermission(userId); 9668 synchronized (getLockObject()) { 9669 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9670 return (admin != null) ? admin.disableContactsSearch : false; 9671 } 9672 } 9673 9674 @Override 9675 public void startManagedQuickContact(String actualLookupKey, long actualContactId, 9676 boolean isContactIdIgnored, long actualDirectoryId, Intent originalIntent) { 9677 final Intent intent = QuickContact.rebuildManagedQuickContactsIntent(actualLookupKey, 9678 actualContactId, isContactIdIgnored, actualDirectoryId, originalIntent); 9679 final int callingUserId = UserHandle.getCallingUserId(); 9680 9681 final long ident = mInjector.binderClearCallingIdentity(); 9682 try { 9683 synchronized (getLockObject()) { 9684 final int managedUserId = getManagedUserId(callingUserId); 9685 if (managedUserId < 0) { 9686 return; 9687 } 9688 if (isCrossProfileQuickContactDisabled(managedUserId)) { 9689 if (VERBOSE_LOG) { 9690 Log.v(LOG_TAG, 9691 "Cross-profile contacts access disabled for user " + managedUserId); 9692 } 9693 return; 9694 } 9695 ContactsInternal.startQuickContactWithErrorToastForUser( 9696 mContext, intent, new UserHandle(managedUserId)); 9697 } 9698 } finally { 9699 mInjector.binderRestoreCallingIdentity(ident); 9700 } 9701 } 9702 9703 /** 9704 * @return true if cross-profile QuickContact is disabled 9705 */ 9706 private boolean isCrossProfileQuickContactDisabled(int userId) { 9707 return getCrossProfileCallerIdDisabledForUser(userId) 9708 && getCrossProfileContactsSearchDisabledForUser(userId); 9709 } 9710 9711 /** 9712 * @return the user ID of the managed user that is linked to the current user, if any. 9713 * Otherwise -1. 9714 */ 9715 public int getManagedUserId(int callingUserId) { 9716 if (VERBOSE_LOG) { 9717 Log.v(LOG_TAG, "getManagedUserId: callingUserId=" + callingUserId); 9718 } 9719 9720 for (UserInfo ui : mUserManager.getProfiles(callingUserId)) { 9721 if (ui.id == callingUserId || !ui.isManagedProfile()) { 9722 continue; // Caller user self, or not a managed profile. Skip. 9723 } 9724 if (VERBOSE_LOG) { 9725 Log.v(LOG_TAG, "Managed user=" + ui.id); 9726 } 9727 return ui.id; 9728 } 9729 if (VERBOSE_LOG) { 9730 Log.v(LOG_TAG, "Managed user not found."); 9731 } 9732 return -1; 9733 } 9734 9735 @Override 9736 public void setBluetoothContactSharingDisabled(ComponentName who, boolean disabled) { 9737 if (!mHasFeature) { 9738 return; 9739 } 9740 Preconditions.checkNotNull(who, "ComponentName is null"); 9741 synchronized (getLockObject()) { 9742 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9743 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9744 if (admin.disableBluetoothContactSharing != disabled) { 9745 admin.disableBluetoothContactSharing = disabled; 9746 saveSettingsLocked(UserHandle.getCallingUserId()); 9747 } 9748 } 9749 } 9750 9751 @Override 9752 public boolean getBluetoothContactSharingDisabled(ComponentName who) { 9753 if (!mHasFeature) { 9754 return false; 9755 } 9756 Preconditions.checkNotNull(who, "ComponentName is null"); 9757 synchronized (getLockObject()) { 9758 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9759 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9760 return admin.disableBluetoothContactSharing; 9761 } 9762 } 9763 9764 @Override 9765 public boolean getBluetoothContactSharingDisabledForUser(int userId) { 9766 // TODO: Should there be a check to make sure this relationship is 9767 // within a profile group? 9768 // enforceSystemProcess("getCrossProfileCallerIdDisabled can only be called by system"); 9769 synchronized (getLockObject()) { 9770 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9771 return (admin != null) ? admin.disableBluetoothContactSharing : false; 9772 } 9773 } 9774 9775 @Override 9776 public void setLockTaskPackages(ComponentName who, String[] packages) 9777 throws SecurityException { 9778 Preconditions.checkNotNull(who, "ComponentName is null"); 9779 Preconditions.checkNotNull(packages, "packages is null"); 9780 9781 synchronized (getLockObject()) { 9782 enforceCanCallLockTaskLocked(who); 9783 final int userHandle = mInjector.userHandleGetCallingUserId(); 9784 setLockTaskPackagesLocked(userHandle, new ArrayList<>(Arrays.asList(packages))); 9785 } 9786 } 9787 9788 private void setLockTaskPackagesLocked(int userHandle, List<String> packages) { 9789 DevicePolicyData policy = getUserData(userHandle); 9790 policy.mLockTaskPackages = packages; 9791 9792 // Store the settings persistently. 9793 saveSettingsLocked(userHandle); 9794 updateLockTaskPackagesLocked(packages, userHandle); 9795 } 9796 9797 @Override 9798 public String[] getLockTaskPackages(ComponentName who) { 9799 Preconditions.checkNotNull(who, "ComponentName is null"); 9800 9801 final int userHandle = mInjector.binderGetCallingUserHandle().getIdentifier(); 9802 synchronized (getLockObject()) { 9803 enforceCanCallLockTaskLocked(who); 9804 final List<String> packages = getUserData(userHandle).mLockTaskPackages; 9805 return packages.toArray(new String[packages.size()]); 9806 } 9807 } 9808 9809 @Override 9810 public boolean isLockTaskPermitted(String pkg) { 9811 final int userHandle = mInjector.userHandleGetCallingUserId(); 9812 synchronized (getLockObject()) { 9813 return getUserData(userHandle).mLockTaskPackages.contains(pkg); 9814 } 9815 } 9816 9817 @Override 9818 public void setLockTaskFeatures(ComponentName who, int flags) { 9819 Preconditions.checkNotNull(who, "ComponentName is null"); 9820 9821 // Throw if Overview is used without Home. 9822 boolean hasHome = (flags & LOCK_TASK_FEATURE_HOME) != 0; 9823 boolean hasOverview = (flags & LOCK_TASK_FEATURE_OVERVIEW) != 0; 9824 Preconditions.checkArgument(hasHome || !hasOverview, 9825 "Cannot use LOCK_TASK_FEATURE_OVERVIEW without LOCK_TASK_FEATURE_HOME"); 9826 boolean hasNotification = (flags & LOCK_TASK_FEATURE_NOTIFICATIONS) != 0; 9827 Preconditions.checkArgument(hasHome || !hasNotification, 9828 "Cannot use LOCK_TASK_FEATURE_NOTIFICATIONS without LOCK_TASK_FEATURE_HOME"); 9829 9830 final int userHandle = mInjector.userHandleGetCallingUserId(); 9831 synchronized (getLockObject()) { 9832 enforceCanCallLockTaskLocked(who); 9833 setLockTaskFeaturesLocked(userHandle, flags); 9834 } 9835 } 9836 9837 private void setLockTaskFeaturesLocked(int userHandle, int flags) { 9838 DevicePolicyData policy = getUserData(userHandle); 9839 policy.mLockTaskFeatures = flags; 9840 saveSettingsLocked(userHandle); 9841 updateLockTaskFeaturesLocked(flags, userHandle); 9842 } 9843 9844 @Override 9845 public int getLockTaskFeatures(ComponentName who) { 9846 Preconditions.checkNotNull(who, "ComponentName is null"); 9847 final int userHandle = mInjector.userHandleGetCallingUserId(); 9848 synchronized (getLockObject()) { 9849 enforceCanCallLockTaskLocked(who); 9850 return getUserData(userHandle).mLockTaskFeatures; 9851 } 9852 } 9853 9854 private void maybeClearLockTaskPolicyLocked() { 9855 final long ident = mInjector.binderClearCallingIdentity(); 9856 try { 9857 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 9858 for (int i = userInfos.size() - 1; i >= 0; i--) { 9859 int userId = userInfos.get(i).id; 9860 if (canUserUseLockTaskLocked(userId)) { 9861 continue; 9862 } 9863 9864 final List<String> lockTaskPackages = getUserData(userId).mLockTaskPackages; 9865 if (!lockTaskPackages.isEmpty()) { 9866 Slog.d(LOG_TAG, 9867 "User id " + userId + " not affiliated. Clearing lock task packages"); 9868 setLockTaskPackagesLocked(userId, Collections.<String>emptyList()); 9869 } 9870 final int lockTaskFeatures = getUserData(userId).mLockTaskFeatures; 9871 if (lockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE){ 9872 Slog.d(LOG_TAG, 9873 "User id " + userId + " not affiliated. Clearing lock task features"); 9874 setLockTaskFeaturesLocked(userId, DevicePolicyManager.LOCK_TASK_FEATURE_NONE); 9875 } 9876 } 9877 } finally { 9878 mInjector.binderRestoreCallingIdentity(ident); 9879 } 9880 } 9881 9882 @Override 9883 public void notifyLockTaskModeChanged(boolean isEnabled, String pkg, int userHandle) { 9884 if (!isCallerWithSystemUid()) { 9885 throw new SecurityException("notifyLockTaskModeChanged can only be called by system"); 9886 } 9887 synchronized (getLockObject()) { 9888 final DevicePolicyData policy = getUserData(userHandle); 9889 9890 if (policy.mStatusBarDisabled) { 9891 // Status bar is managed by LockTaskController during LockTask, so we cancel this 9892 // policy when LockTask starts, and reapply it when LockTask ends 9893 setStatusBarDisabledInternal(!isEnabled, userHandle); 9894 } 9895 9896 Bundle adminExtras = new Bundle(); 9897 adminExtras.putString(DeviceAdminReceiver.EXTRA_LOCK_TASK_PACKAGE, pkg); 9898 for (ActiveAdmin admin : policy.mAdminList) { 9899 final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userHandle); 9900 final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userHandle); 9901 if (ownsDevice || ownsProfile) { 9902 if (isEnabled) { 9903 sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_ENTERING, 9904 adminExtras, null); 9905 } else { 9906 sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_EXITING); 9907 } 9908 } 9909 } 9910 } 9911 } 9912 9913 @Override 9914 public void setGlobalSetting(ComponentName who, String setting, String value) { 9915 Preconditions.checkNotNull(who, "ComponentName is null"); 9916 9917 synchronized (getLockObject()) { 9918 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9919 9920 // Some settings are no supported any more. However we do not want to throw a 9921 // SecurityException to avoid breaking apps. 9922 if (GLOBAL_SETTINGS_DEPRECATED.contains(setting)) { 9923 Log.i(LOG_TAG, "Global setting no longer supported: " + setting); 9924 return; 9925 } 9926 9927 if (!GLOBAL_SETTINGS_WHITELIST.contains(setting) 9928 && !UserManager.isDeviceInDemoMode(mContext)) { 9929 throw new SecurityException(String.format( 9930 "Permission denial: device owners cannot update %1$s", setting)); 9931 } 9932 9933 if (Settings.Global.STAY_ON_WHILE_PLUGGED_IN.equals(setting)) { 9934 // ignore if it contradicts an existing policy 9935 long timeMs = getMaximumTimeToLock( 9936 who, mInjector.userHandleGetCallingUserId(), /* parent */ false); 9937 if (timeMs > 0 && timeMs < Long.MAX_VALUE) { 9938 return; 9939 } 9940 } 9941 9942 long id = mInjector.binderClearCallingIdentity(); 9943 try { 9944 mInjector.settingsGlobalPutString(setting, value); 9945 } finally { 9946 mInjector.binderRestoreCallingIdentity(id); 9947 } 9948 } 9949 } 9950 9951 @Override 9952 public void setSystemSetting(ComponentName who, String setting, String value) { 9953 Preconditions.checkNotNull(who, "ComponentName is null"); 9954 Preconditions.checkStringNotEmpty(setting, "String setting is null or empty"); 9955 9956 synchronized (getLockObject()) { 9957 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9958 9959 if (!SYSTEM_SETTINGS_WHITELIST.contains(setting)) { 9960 throw new SecurityException(String.format( 9961 "Permission denial: device owners cannot update %1$s", setting)); 9962 } 9963 9964 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9965 9966 mInjector.binderWithCleanCallingIdentity(() -> 9967 mInjector.settingsSystemPutStringForUser(setting, value, callingUserId)); 9968 } 9969 } 9970 9971 @Override 9972 public boolean setTime(ComponentName who, long millis) { 9973 Preconditions.checkNotNull(who, "ComponentName is null in setTime"); 9974 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9975 // Don't allow set time when auto time is on. 9976 if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME, 0) == 1) { 9977 return false; 9978 } 9979 mInjector.binderWithCleanCallingIdentity(() -> mInjector.getAlarmManager().setTime(millis)); 9980 return true; 9981 } 9982 9983 @Override 9984 public boolean setTimeZone(ComponentName who, String timeZone) { 9985 Preconditions.checkNotNull(who, "ComponentName is null in setTimeZone"); 9986 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9987 // Don't allow set timezone when auto timezone is on. 9988 if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME_ZONE, 0) == 1) { 9989 return false; 9990 } 9991 mInjector.binderWithCleanCallingIdentity(() -> 9992 mInjector.getAlarmManager().setTimeZone(timeZone)); 9993 return true; 9994 } 9995 9996 @Override 9997 public void setSecureSetting(ComponentName who, String setting, String value) { 9998 Preconditions.checkNotNull(who, "ComponentName is null"); 9999 int callingUserId = mInjector.userHandleGetCallingUserId(); 10000 10001 synchronized (getLockObject()) { 10002 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10003 10004 if (isDeviceOwner(who, callingUserId)) { 10005 if (!SECURE_SETTINGS_DEVICEOWNER_WHITELIST.contains(setting) 10006 && !isCurrentUserDemo()) { 10007 throw new SecurityException(String.format( 10008 "Permission denial: Device owners cannot update %1$s", setting)); 10009 } 10010 } else if (!SECURE_SETTINGS_WHITELIST.contains(setting) && !isCurrentUserDemo()) { 10011 throw new SecurityException(String.format( 10012 "Permission denial: Profile owners cannot update %1$s", setting)); 10013 } 10014 if (setting.equals(Settings.Secure.INSTALL_NON_MARKET_APPS)) { 10015 if (getTargetSdk(who.getPackageName(), callingUserId) >= Build.VERSION_CODES.O) { 10016 throw new UnsupportedOperationException(Settings.Secure.INSTALL_NON_MARKET_APPS 10017 + " is deprecated. Please use the user restriction " 10018 + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES + " instead."); 10019 } 10020 if (!mUserManager.isManagedProfile(callingUserId)) { 10021 Slog.e(LOG_TAG, "Ignoring setSecureSetting request for " 10022 + setting + ". User restriction " 10023 + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES 10024 + " should be used instead."); 10025 } else { 10026 try { 10027 setUserRestriction(who, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, 10028 (Integer.parseInt(value) == 0) ? true : false); 10029 } catch (NumberFormatException exc) { 10030 Slog.e(LOG_TAG, "Invalid value: " + value + " for setting " + setting); 10031 } 10032 } 10033 return; 10034 } 10035 long id = mInjector.binderClearCallingIdentity(); 10036 try { 10037 if (Settings.Secure.DEFAULT_INPUT_METHOD.equals(setting)) { 10038 final String currentValue = mInjector.settingsSecureGetStringForUser( 10039 Settings.Secure.DEFAULT_INPUT_METHOD, callingUserId); 10040 if (!TextUtils.equals(currentValue, value)) { 10041 // Tell the content observer that the next change will be due to the owner 10042 // changing the value. There is a small race condition here that we cannot 10043 // avoid: Change notifications are sent asynchronously, so it is possible 10044 // that there are prior notifications queued up before the one we are about 10045 // to trigger. This is a corner case that will have no impact in practice. 10046 mSetupContentObserver.addPendingChangeByOwnerLocked(callingUserId); 10047 } 10048 getUserData(callingUserId).mCurrentInputMethodSet = true; 10049 saveSettingsLocked(callingUserId); 10050 } 10051 mInjector.settingsSecurePutStringForUser(setting, value, callingUserId); 10052 } finally { 10053 mInjector.binderRestoreCallingIdentity(id); 10054 } 10055 } 10056 } 10057 10058 @Override 10059 public void setMasterVolumeMuted(ComponentName who, boolean on) { 10060 Preconditions.checkNotNull(who, "ComponentName is null"); 10061 synchronized (getLockObject()) { 10062 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10063 setUserRestriction(who, UserManager.DISALLOW_UNMUTE_DEVICE, on); 10064 } 10065 } 10066 10067 @Override 10068 public boolean isMasterVolumeMuted(ComponentName who) { 10069 Preconditions.checkNotNull(who, "ComponentName is null"); 10070 synchronized (getLockObject()) { 10071 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10072 10073 AudioManager audioManager = 10074 (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE); 10075 return audioManager.isMasterMute(); 10076 } 10077 } 10078 10079 @Override 10080 public void setUserIcon(ComponentName who, Bitmap icon) { 10081 synchronized (getLockObject()) { 10082 Preconditions.checkNotNull(who, "ComponentName is null"); 10083 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10084 10085 int userId = UserHandle.getCallingUserId(); 10086 long id = mInjector.binderClearCallingIdentity(); 10087 try { 10088 mUserManagerInternal.setUserIcon(userId, icon); 10089 } finally { 10090 mInjector.binderRestoreCallingIdentity(id); 10091 } 10092 } 10093 } 10094 10095 @Override 10096 public boolean setKeyguardDisabled(ComponentName who, boolean disabled) { 10097 Preconditions.checkNotNull(who, "ComponentName is null"); 10098 final int userId = mInjector.userHandleGetCallingUserId(); 10099 synchronized (getLockObject()) { 10100 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10101 if (!isUserAffiliatedWithDeviceLocked(userId)) { 10102 throw new SecurityException("Admin " + who + 10103 " is neither the device owner or affiliated user's profile owner."); 10104 } 10105 } 10106 if (isManagedProfile(userId)) { 10107 throw new SecurityException("Managed profile cannot disable keyguard"); 10108 } 10109 10110 long ident = mInjector.binderClearCallingIdentity(); 10111 try { 10112 // disallow disabling the keyguard if a password is currently set 10113 if (disabled && mLockPatternUtils.isSecure(userId)) { 10114 return false; 10115 } 10116 mLockPatternUtils.setLockScreenDisabled(disabled, userId); 10117 mInjector.getIWindowManager().dismissKeyguard(null /* callback */, null /* message */); 10118 } catch (RemoteException e) { 10119 // Same process, does not happen. 10120 } finally { 10121 mInjector.binderRestoreCallingIdentity(ident); 10122 } 10123 return true; 10124 } 10125 10126 @Override 10127 public boolean setStatusBarDisabled(ComponentName who, boolean disabled) { 10128 int userId = UserHandle.getCallingUserId(); 10129 synchronized (getLockObject()) { 10130 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10131 if (!isUserAffiliatedWithDeviceLocked(userId)) { 10132 throw new SecurityException("Admin " + who + 10133 " is neither the device owner or affiliated user's profile owner."); 10134 } 10135 if (isManagedProfile(userId)) { 10136 throw new SecurityException("Managed profile cannot disable status bar"); 10137 } 10138 DevicePolicyData policy = getUserData(userId); 10139 if (policy.mStatusBarDisabled != disabled) { 10140 boolean isLockTaskMode = false; 10141 try { 10142 isLockTaskMode = mInjector.getIActivityManager().getLockTaskModeState() 10143 != LOCK_TASK_MODE_NONE; 10144 } catch (RemoteException e) { 10145 Slog.e(LOG_TAG, "Failed to get LockTask mode"); 10146 } 10147 if (!isLockTaskMode) { 10148 if (!setStatusBarDisabledInternal(disabled, userId)) { 10149 return false; 10150 } 10151 } 10152 policy.mStatusBarDisabled = disabled; 10153 saveSettingsLocked(userId); 10154 } 10155 } 10156 return true; 10157 } 10158 10159 private boolean setStatusBarDisabledInternal(boolean disabled, int userId) { 10160 long ident = mInjector.binderClearCallingIdentity(); 10161 try { 10162 IStatusBarService statusBarService = IStatusBarService.Stub.asInterface( 10163 ServiceManager.checkService(Context.STATUS_BAR_SERVICE)); 10164 if (statusBarService != null) { 10165 int flags1 = disabled ? STATUS_BAR_DISABLE_MASK : StatusBarManager.DISABLE_NONE; 10166 int flags2 = disabled ? STATUS_BAR_DISABLE2_MASK : StatusBarManager.DISABLE2_NONE; 10167 statusBarService.disableForUser(flags1, mToken, mContext.getPackageName(), userId); 10168 statusBarService.disable2ForUser(flags2, mToken, mContext.getPackageName(), userId); 10169 return true; 10170 } 10171 } catch (RemoteException e) { 10172 Slog.e(LOG_TAG, "Failed to disable the status bar", e); 10173 } finally { 10174 mInjector.binderRestoreCallingIdentity(ident); 10175 } 10176 return false; 10177 } 10178 10179 /** 10180 * We need to update the internal state of whether a user has completed setup or a 10181 * device has paired once. After that, we ignore any changes that reset the 10182 * Settings.Secure.USER_SETUP_COMPLETE or Settings.Secure.DEVICE_PAIRED change 10183 * as we don't trust any apps that might try to reset them. 10184 * <p> 10185 * Unfortunately, we don't know which user's setup state was changed, so we write all of 10186 * them. 10187 */ 10188 void updateUserSetupCompleteAndPaired() { 10189 List<UserInfo> users = mUserManager.getUsers(true); 10190 final int N = users.size(); 10191 for (int i = 0; i < N; i++) { 10192 int userHandle = users.get(i).id; 10193 if (mInjector.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0, 10194 userHandle) != 0) { 10195 DevicePolicyData policy = getUserData(userHandle); 10196 if (!policy.mUserSetupComplete) { 10197 policy.mUserSetupComplete = true; 10198 synchronized (getLockObject()) { 10199 saveSettingsLocked(userHandle); 10200 } 10201 } 10202 } 10203 if (mIsWatch && mInjector.settingsSecureGetIntForUser(Settings.Secure.DEVICE_PAIRED, 0, 10204 userHandle) != 0) { 10205 DevicePolicyData policy = getUserData(userHandle); 10206 if (!policy.mPaired) { 10207 policy.mPaired = true; 10208 synchronized (getLockObject()) { 10209 saveSettingsLocked(userHandle); 10210 } 10211 } 10212 } 10213 } 10214 } 10215 10216 private class SetupContentObserver extends ContentObserver { 10217 private final Uri mUserSetupComplete = Settings.Secure.getUriFor( 10218 Settings.Secure.USER_SETUP_COMPLETE); 10219 private final Uri mDeviceProvisioned = Settings.Global.getUriFor( 10220 Settings.Global.DEVICE_PROVISIONED); 10221 private final Uri mPaired = Settings.Secure.getUriFor(Settings.Secure.DEVICE_PAIRED); 10222 private final Uri mDefaultImeChanged = Settings.Secure.getUriFor( 10223 Settings.Secure.DEFAULT_INPUT_METHOD); 10224 10225 @GuardedBy("getLockObject()") 10226 private Set<Integer> mUserIdsWithPendingChangesByOwner = new ArraySet<>(); 10227 10228 public SetupContentObserver(Handler handler) { 10229 super(handler); 10230 } 10231 10232 void register() { 10233 mInjector.registerContentObserver(mUserSetupComplete, false, this, UserHandle.USER_ALL); 10234 mInjector.registerContentObserver(mDeviceProvisioned, false, this, UserHandle.USER_ALL); 10235 if (mIsWatch) { 10236 mInjector.registerContentObserver(mPaired, false, this, UserHandle.USER_ALL); 10237 } 10238 mInjector.registerContentObserver(mDefaultImeChanged, false, this, UserHandle.USER_ALL); 10239 } 10240 10241 @GuardedBy("getLockObject()") 10242 private void addPendingChangeByOwnerLocked(int userId) { 10243 mUserIdsWithPendingChangesByOwner.add(userId); 10244 } 10245 10246 @Override 10247 public void onChange(boolean selfChange, Uri uri, int userId) { 10248 if (mUserSetupComplete.equals(uri) || (mIsWatch && mPaired.equals(uri))) { 10249 updateUserSetupCompleteAndPaired(); 10250 } else if (mDeviceProvisioned.equals(uri)) { 10251 synchronized (getLockObject()) { 10252 // Set PROPERTY_DEVICE_OWNER_PRESENT, for the SUW case where setting the property 10253 // is delayed until device is marked as provisioned. 10254 setDeviceOwnerSystemPropertyLocked(); 10255 } 10256 } else if (mDefaultImeChanged.equals(uri)) { 10257 synchronized (getLockObject()) { 10258 if (mUserIdsWithPendingChangesByOwner.contains(userId)) { 10259 // This change notification was triggered by the owner changing the current 10260 // IME. Ignore it. 10261 mUserIdsWithPendingChangesByOwner.remove(userId); 10262 } else { 10263 // This change notification was triggered by the user manually changing the 10264 // current IME. 10265 getUserData(userId).mCurrentInputMethodSet = false; 10266 saveSettingsLocked(userId); 10267 } 10268 } 10269 } 10270 } 10271 } 10272 10273 @VisibleForTesting 10274 final class LocalService extends DevicePolicyManagerInternal { 10275 private List<OnCrossProfileWidgetProvidersChangeListener> mWidgetProviderListeners; 10276 10277 @Override 10278 public List<String> getCrossProfileWidgetProviders(int profileId) { 10279 synchronized (getLockObject()) { 10280 if (mOwners == null) { 10281 return Collections.emptyList(); 10282 } 10283 ComponentName ownerComponent = mOwners.getProfileOwnerComponent(profileId); 10284 if (ownerComponent == null) { 10285 return Collections.emptyList(); 10286 } 10287 10288 DevicePolicyData policy = getUserDataUnchecked(profileId); 10289 ActiveAdmin admin = policy.mAdminMap.get(ownerComponent); 10290 10291 if (admin == null || admin.crossProfileWidgetProviders == null 10292 || admin.crossProfileWidgetProviders.isEmpty()) { 10293 return Collections.emptyList(); 10294 } 10295 10296 return admin.crossProfileWidgetProviders; 10297 } 10298 } 10299 10300 @Override 10301 public void addOnCrossProfileWidgetProvidersChangeListener( 10302 OnCrossProfileWidgetProvidersChangeListener listener) { 10303 synchronized (getLockObject()) { 10304 if (mWidgetProviderListeners == null) { 10305 mWidgetProviderListeners = new ArrayList<>(); 10306 } 10307 if (!mWidgetProviderListeners.contains(listener)) { 10308 mWidgetProviderListeners.add(listener); 10309 } 10310 } 10311 } 10312 10313 @Override 10314 public boolean isActiveAdminWithPolicy(int uid, int reqPolicy) { 10315 synchronized (getLockObject()) { 10316 return getActiveAdminWithPolicyForUidLocked(null, reqPolicy, uid) != null; 10317 } 10318 } 10319 10320 private void notifyCrossProfileProvidersChanged(int userId, List<String> packages) { 10321 final List<OnCrossProfileWidgetProvidersChangeListener> listeners; 10322 synchronized (getLockObject()) { 10323 listeners = new ArrayList<>(mWidgetProviderListeners); 10324 } 10325 final int listenerCount = listeners.size(); 10326 for (int i = 0; i < listenerCount; i++) { 10327 OnCrossProfileWidgetProvidersChangeListener listener = listeners.get(i); 10328 listener.onCrossProfileWidgetProvidersChanged(userId, packages); 10329 } 10330 } 10331 10332 @Override 10333 public Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin) { 10334 // This method is called from AM with its lock held, so don't take the DPMS lock. 10335 // b/29242568 10336 10337 ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); 10338 if (profileOwner != null) { 10339 return DevicePolicyManagerService.this 10340 .createShowAdminSupportIntent(profileOwner, userId); 10341 } 10342 10343 final Pair<Integer, ComponentName> deviceOwner = 10344 mOwners.getDeviceOwnerUserIdAndComponent(); 10345 if (deviceOwner != null && deviceOwner.first == userId) { 10346 return DevicePolicyManagerService.this 10347 .createShowAdminSupportIntent(deviceOwner.second, userId); 10348 } 10349 10350 // We're not specifying the device admin because there isn't one. 10351 if (useDefaultIfNoAdmin) { 10352 return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); 10353 } 10354 return null; 10355 } 10356 10357 @Override 10358 public Intent createUserRestrictionSupportIntent(int userId, String userRestriction) { 10359 int source; 10360 long ident = mInjector.binderClearCallingIdentity(); 10361 try { 10362 source = mUserManager.getUserRestrictionSource(userRestriction, 10363 UserHandle.of(userId)); 10364 } finally { 10365 mInjector.binderRestoreCallingIdentity(ident); 10366 } 10367 if ((source & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) { 10368 /* 10369 * In this case, the user restriction is enforced by the system. 10370 * So we won't show an admin support intent, even if it is also 10371 * enforced by a profile/device owner. 10372 */ 10373 return null; 10374 } 10375 boolean enforcedByDo = (source & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0; 10376 boolean enforcedByPo = (source & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0; 10377 if (enforcedByDo && enforcedByPo) { 10378 // In this case, we'll show an admin support dialog that does not 10379 // specify the admin. 10380 return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); 10381 } else if (enforcedByPo) { 10382 final ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); 10383 if (profileOwner != null) { 10384 return DevicePolicyManagerService.this 10385 .createShowAdminSupportIntent(profileOwner, userId); 10386 } 10387 // This could happen if another thread has changed the profile owner since we called 10388 // getUserRestrictionSource 10389 return null; 10390 } else if (enforcedByDo) { 10391 final Pair<Integer, ComponentName> deviceOwner 10392 = mOwners.getDeviceOwnerUserIdAndComponent(); 10393 if (deviceOwner != null) { 10394 return DevicePolicyManagerService.this 10395 .createShowAdminSupportIntent(deviceOwner.second, deviceOwner.first); 10396 } 10397 // This could happen if another thread has changed the device owner since we called 10398 // getUserRestrictionSource 10399 return null; 10400 } 10401 return null; 10402 } 10403 10404 @Override 10405 public boolean isUserAffiliatedWithDevice(int userId) { 10406 return DevicePolicyManagerService.this.isUserAffiliatedWithDeviceLocked(userId); 10407 } 10408 10409 @Override 10410 public void reportSeparateProfileChallengeChanged(@UserIdInt int userId) { 10411 synchronized (getLockObject()) { 10412 updateMaximumTimeToLockLocked(userId); 10413 } 10414 } 10415 10416 @Override 10417 public boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) { 10418 return DevicePolicyManagerService.this.canUserHaveUntrustedCredentialReset(userId); 10419 } 10420 10421 @Override 10422 public CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId) { 10423 synchronized (getLockObject()) { 10424 DevicePolicyData policy = getUserData(userId); 10425 if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_PRINTING, 10426 UserHandle.of(userId))) { 10427 Log.e(LOG_TAG, "printing is enabled"); 10428 return null; 10429 } 10430 String ownerPackage = mOwners.getProfileOwnerPackage(userId); 10431 if (ownerPackage == null) { 10432 ownerPackage = mOwners.getDeviceOwnerPackageName(); 10433 } 10434 PackageManager pm = mInjector.getPackageManager(); 10435 PackageInfo packageInfo; 10436 try { 10437 packageInfo = pm.getPackageInfo(ownerPackage, 0); 10438 } catch (NameNotFoundException e) { 10439 Log.e(LOG_TAG, "getPackageInfo error", e); 10440 return null; 10441 } 10442 if (packageInfo == null) { 10443 Log.e(LOG_TAG, "packageInfo is inexplicably null"); 10444 return null; 10445 } 10446 ApplicationInfo appInfo = packageInfo.applicationInfo; 10447 if (appInfo == null) { 10448 Log.e(LOG_TAG, "appInfo is inexplicably null"); 10449 return null; 10450 } 10451 CharSequence appLabel = pm.getApplicationLabel(appInfo); 10452 if (appLabel == null) { 10453 Log.e(LOG_TAG, "appLabel is inexplicably null"); 10454 return null; 10455 } 10456 return ((Context) ActivityThread.currentActivityThread().getSystemUiContext()) 10457 .getResources().getString(R.string.printing_disabled_by, appLabel); 10458 } 10459 } 10460 10461 @Override 10462 protected DevicePolicyCache getDevicePolicyCache() { 10463 return mPolicyCache; 10464 } 10465 } 10466 10467 private Intent createShowAdminSupportIntent(ComponentName admin, int userId) { 10468 // This method is called with AMS lock held, so don't take DPMS lock 10469 final Intent intent = new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS); 10470 intent.putExtra(Intent.EXTRA_USER_ID, userId); 10471 intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, admin); 10472 intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); 10473 return intent; 10474 } 10475 10476 @Override 10477 public Intent createAdminSupportIntent(String restriction) { 10478 Preconditions.checkNotNull(restriction); 10479 final int uid = mInjector.binderGetCallingUid(); 10480 final int userId = UserHandle.getUserId(uid); 10481 Intent intent = null; 10482 if (DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction) || 10483 DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction) || 10484 DevicePolicyManager.POLICY_MANDATORY_BACKUPS.equals(restriction)) { 10485 synchronized (getLockObject()) { 10486 final DevicePolicyData policy = getUserData(userId); 10487 final int N = policy.mAdminList.size(); 10488 for (int i = 0; i < N; i++) { 10489 final ActiveAdmin admin = policy.mAdminList.get(i); 10490 if ((admin.disableCamera && 10491 DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) || 10492 (admin.disableScreenCapture && DevicePolicyManager 10493 .POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction)) || 10494 (admin.mandatoryBackupTransport != null && DevicePolicyManager 10495 .POLICY_MANDATORY_BACKUPS.equals(restriction))) { 10496 intent = createShowAdminSupportIntent(admin.info.getComponent(), userId); 10497 break; 10498 } 10499 } 10500 // For the camera, a device owner on a different user can disable it globally, 10501 // so we need an additional check. 10502 if (intent == null 10503 && DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) { 10504 final ActiveAdmin admin = getDeviceOwnerAdminLocked(); 10505 if (admin != null && admin.disableCamera) { 10506 intent = createShowAdminSupportIntent(admin.info.getComponent(), 10507 mOwners.getDeviceOwnerUserId()); 10508 } 10509 } 10510 } 10511 } else { 10512 // if valid, |restriction| can only be a user restriction 10513 intent = mLocalService.createUserRestrictionSupportIntent(userId, restriction); 10514 } 10515 if (intent != null) { 10516 intent.putExtra(DevicePolicyManager.EXTRA_RESTRICTION, restriction); 10517 } 10518 return intent; 10519 } 10520 10521 /** 10522 * Returns true if specified admin is allowed to limit passwords and has a 10523 * {@code minimumPasswordMetrics.quality} of at least {@code minPasswordQuality} 10524 */ 10525 private static boolean isLimitPasswordAllowed(ActiveAdmin admin, int minPasswordQuality) { 10526 if (admin.minimumPasswordMetrics.quality < minPasswordQuality) { 10527 return false; 10528 } 10529 return admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD); 10530 } 10531 10532 @Override 10533 public void setSystemUpdatePolicy(ComponentName who, SystemUpdatePolicy policy) { 10534 if (policy != null) { 10535 // throws exception if policy type is invalid 10536 policy.validateType(); 10537 // throws exception if freeze period is invalid 10538 policy.validateFreezePeriods(); 10539 Pair<LocalDate, LocalDate> record = mOwners.getSystemUpdateFreezePeriodRecord(); 10540 // throws exception if freeze period is incompatible with previous freeze period record 10541 policy.validateAgainstPreviousFreezePeriod(record.first, record.second, 10542 LocalDate.now()); 10543 } 10544 synchronized (getLockObject()) { 10545 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10546 if (policy == null) { 10547 mOwners.clearSystemUpdatePolicy(); 10548 } else { 10549 mOwners.setSystemUpdatePolicy(policy); 10550 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ false); 10551 } 10552 mOwners.writeDeviceOwner(); 10553 } 10554 mContext.sendBroadcastAsUser( 10555 new Intent(DevicePolicyManager.ACTION_SYSTEM_UPDATE_POLICY_CHANGED), 10556 UserHandle.SYSTEM); 10557 } 10558 10559 @Override 10560 public SystemUpdatePolicy getSystemUpdatePolicy() { 10561 synchronized (getLockObject()) { 10562 SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy(); 10563 if (policy != null && !policy.isValid()) { 10564 Slog.w(LOG_TAG, "Stored system update policy is invalid, return null instead."); 10565 return null; 10566 } 10567 return policy; 10568 } 10569 } 10570 10571 private static boolean withinRange(Pair<LocalDate, LocalDate> range, LocalDate date) { 10572 return (!date.isBefore(range.first) && !date.isAfter(range.second)); 10573 } 10574 10575 /** 10576 * keeps track of the last continuous period when the system is under OTA freeze. 10577 * 10578 * DPMS keeps track of the previous dates during which OTA was freezed as a result of an 10579 * system update policy with freeze periods in effect. This is needed to make robust 10580 * validation on new system update polices, for example to prevent the OTA from being 10581 * frozen for more than 90 days if the DPC keeps resetting a new 24-hour freeze period 10582 * on midnight everyday, or having freeze periods closer than 60 days apart by DPC resetting 10583 * a new freeze period after a few days. 10584 * 10585 * @param saveIfChanged whether to persist the result on disk if freeze period record is 10586 * updated. This should only be set to {@code false} if there is a guaranteed 10587 * mOwners.writeDeviceOwner() later in the control flow to reduce the number of 10588 * disk writes. Otherwise you risk inconsistent on-disk state. 10589 * 10590 * @see SystemUpdatePolicy#validateAgainstPreviousFreezePeriod 10591 */ 10592 private void updateSystemUpdateFreezePeriodsRecord(boolean saveIfChanged) { 10593 Slog.d(LOG_TAG, "updateSystemUpdateFreezePeriodsRecord"); 10594 synchronized (getLockObject()) { 10595 final SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy(); 10596 if (policy == null) { 10597 return; 10598 } 10599 final LocalDate now = LocalDate.now(); 10600 final Pair<LocalDate, LocalDate> currentPeriod = policy.getCurrentFreezePeriod(now); 10601 if (currentPeriod == null) { 10602 return; 10603 } 10604 final Pair<LocalDate, LocalDate> record = mOwners.getSystemUpdateFreezePeriodRecord(); 10605 final LocalDate start = record.first; 10606 final LocalDate end = record.second; 10607 final boolean changed; 10608 if (end == null || start == null) { 10609 // Start a new period if there is none at the moment 10610 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10611 } else if (now.equals(end.plusDays(1))) { 10612 // Extend the existing period 10613 changed = mOwners.setSystemUpdateFreezePeriodRecord(start, now); 10614 } else if (now.isAfter(end.plusDays(1))) { 10615 if (withinRange(currentPeriod, start) && withinRange(currentPeriod, end)) { 10616 // The device might be off for some period. If the past freeze record 10617 // is within range of the current freeze period, assume the device was off 10618 // during the period [end, now] and extend the freeze record to [start, now]. 10619 changed = mOwners.setSystemUpdateFreezePeriodRecord(start, now); 10620 } else { 10621 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10622 } 10623 } else if (now.isBefore(start)) { 10624 // Systm clock was adjusted backwards, restart record 10625 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10626 } else /* start <= now <= end */ { 10627 changed = false; 10628 } 10629 if (changed && saveIfChanged) { 10630 mOwners.writeDeviceOwner(); 10631 } 10632 } 10633 } 10634 10635 @Override 10636 public void clearSystemUpdatePolicyFreezePeriodRecord() { 10637 enforceShell("clearSystemUpdatePolicyFreezePeriodRecord"); 10638 synchronized (getLockObject()) { 10639 // Print out current record to help diagnosed CTS failures 10640 Slog.i(LOG_TAG, "Clear freeze period record: " 10641 + mOwners.getSystemUpdateFreezePeriodRecordAsString()); 10642 if (mOwners.setSystemUpdateFreezePeriodRecord(null, null)) { 10643 mOwners.writeDeviceOwner(); 10644 } 10645 } 10646 } 10647 10648 /** 10649 * Checks if the caller of the method is the device owner app. 10650 * 10651 * @param callerUid UID of the caller. 10652 * @return true if the caller is the device owner app 10653 */ 10654 @VisibleForTesting 10655 boolean isCallerDeviceOwner(int callerUid) { 10656 synchronized (getLockObject()) { 10657 if (!mOwners.hasDeviceOwner()) { 10658 return false; 10659 } 10660 if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) { 10661 return false; 10662 } 10663 final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent() 10664 .getPackageName(); 10665 try { 10666 String[] pkgs = mInjector.getIPackageManager().getPackagesForUid(callerUid); 10667 for (String pkg : pkgs) { 10668 if (deviceOwnerPackageName.equals(pkg)) { 10669 return true; 10670 } 10671 } 10672 } catch (RemoteException e) { 10673 return false; 10674 } 10675 } 10676 10677 return false; 10678 } 10679 10680 @Override 10681 public void notifyPendingSystemUpdate(@Nullable SystemUpdateInfo info) { 10682 mContext.enforceCallingOrSelfPermission(permission.NOTIFY_PENDING_SYSTEM_UPDATE, 10683 "Only the system update service can broadcast update information"); 10684 10685 if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) { 10686 Slog.w(LOG_TAG, "Only the system update service in the system user " + 10687 "can broadcast update information."); 10688 return; 10689 } 10690 10691 if (!mOwners.saveSystemUpdateInfo(info)) { 10692 // Pending system update hasn't changed, don't send duplicate notification. 10693 return; 10694 } 10695 10696 final Intent intent = new Intent(DeviceAdminReceiver.ACTION_NOTIFY_PENDING_SYSTEM_UPDATE) 10697 .putExtra(DeviceAdminReceiver.EXTRA_SYSTEM_UPDATE_RECEIVED_TIME, 10698 info == null ? -1 : info.getReceivedTime()); 10699 10700 final long ident = mInjector.binderClearCallingIdentity(); 10701 try { 10702 synchronized (getLockObject()) { 10703 // Broadcast to device owner first if there is one. 10704 if (mOwners.hasDeviceOwner()) { 10705 final UserHandle deviceOwnerUser = 10706 UserHandle.of(mOwners.getDeviceOwnerUserId()); 10707 intent.setComponent(mOwners.getDeviceOwnerComponent()); 10708 mContext.sendBroadcastAsUser(intent, deviceOwnerUser); 10709 } 10710 } 10711 // Get running users. 10712 final int runningUserIds[]; 10713 try { 10714 runningUserIds = mInjector.getIActivityManager().getRunningUserIds(); 10715 } catch (RemoteException e) { 10716 // Shouldn't happen. 10717 Log.e(LOG_TAG, "Could not retrieve the list of running users", e); 10718 return; 10719 } 10720 // Send broadcasts to corresponding profile owners if any. 10721 for (final int userId : runningUserIds) { 10722 synchronized (getLockObject()) { 10723 final ComponentName profileOwnerPackage = 10724 mOwners.getProfileOwnerComponent(userId); 10725 if (profileOwnerPackage != null) { 10726 intent.setComponent(profileOwnerPackage); 10727 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 10728 } 10729 } 10730 } 10731 } finally { 10732 mInjector.binderRestoreCallingIdentity(ident); 10733 } 10734 } 10735 10736 @Override 10737 public SystemUpdateInfo getPendingSystemUpdate(ComponentName admin) { 10738 Preconditions.checkNotNull(admin, "ComponentName is null"); 10739 enforceProfileOrDeviceOwner(admin); 10740 10741 return mOwners.getSystemUpdateInfo(); 10742 } 10743 10744 @Override 10745 public void setPermissionPolicy(ComponentName admin, String callerPackage, int policy) 10746 throws RemoteException { 10747 int userId = UserHandle.getCallingUserId(); 10748 synchronized (getLockObject()) { 10749 // Ensure the caller is a DO/PO or a permission grant state delegate. 10750 enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 10751 DELEGATION_PERMISSION_GRANT); 10752 DevicePolicyData userPolicy = getUserData(userId); 10753 if (userPolicy.mPermissionPolicy != policy) { 10754 userPolicy.mPermissionPolicy = policy; 10755 saveSettingsLocked(userId); 10756 } 10757 } 10758 } 10759 10760 @Override 10761 public int getPermissionPolicy(ComponentName admin) throws RemoteException { 10762 int userId = UserHandle.getCallingUserId(); 10763 synchronized (getLockObject()) { 10764 DevicePolicyData userPolicy = getUserData(userId); 10765 return userPolicy.mPermissionPolicy; 10766 } 10767 } 10768 10769 @Override 10770 public boolean setPermissionGrantState(ComponentName admin, String callerPackage, 10771 String packageName, String permission, int grantState) throws RemoteException { 10772 UserHandle user = mInjector.binderGetCallingUserHandle(); 10773 synchronized (getLockObject()) { 10774 // Ensure the caller is a DO/PO or a permission grant state delegate. 10775 enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 10776 DELEGATION_PERMISSION_GRANT); 10777 long ident = mInjector.binderClearCallingIdentity(); 10778 try { 10779 if (getTargetSdk(packageName, user.getIdentifier()) 10780 < android.os.Build.VERSION_CODES.M) { 10781 return false; 10782 } 10783 if (!isRuntimePermission(permission)) { 10784 return false; 10785 } 10786 final PackageManager packageManager = mInjector.getPackageManager(); 10787 switch (grantState) { 10788 case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: { 10789 mInjector.getPackageManagerInternal().grantRuntimePermission(packageName, 10790 permission, user.getIdentifier(), true /* override policy */); 10791 packageManager.updatePermissionFlags(permission, packageName, 10792 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 10793 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); 10794 } break; 10795 10796 case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: { 10797 mInjector.getPackageManagerInternal().revokeRuntimePermission(packageName, 10798 permission, user.getIdentifier(), true /* override policy */); 10799 packageManager.updatePermissionFlags(permission, packageName, 10800 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 10801 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); 10802 } break; 10803 10804 case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: { 10805 packageManager.updatePermissionFlags(permission, packageName, 10806 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user); 10807 } break; 10808 } 10809 return true; 10810 } catch (SecurityException se) { 10811 return false; 10812 } catch (NameNotFoundException e) { 10813 return false; 10814 } finally { 10815 mInjector.binderRestoreCallingIdentity(ident); 10816 } 10817 } 10818 } 10819 10820 @Override 10821 public int getPermissionGrantState(ComponentName admin, String callerPackage, 10822 String packageName, String permission) throws RemoteException { 10823 PackageManager packageManager = mInjector.getPackageManager(); 10824 10825 UserHandle user = mInjector.binderGetCallingUserHandle(); 10826 if (!isCallerWithSystemUid()) { 10827 // Ensure the caller is a DO/PO or a permission grant state delegate. 10828 enforceCanManageScope(admin, callerPackage, 10829 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT); 10830 } 10831 synchronized (getLockObject()) { 10832 long ident = mInjector.binderClearCallingIdentity(); 10833 try { 10834 int granted = mIPackageManager.checkPermission(permission, 10835 packageName, user.getIdentifier()); 10836 int permFlags = packageManager.getPermissionFlags(permission, packageName, user); 10837 if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) 10838 != PackageManager.FLAG_PERMISSION_POLICY_FIXED) { 10839 // Not controlled by policy 10840 return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT; 10841 } else { 10842 // Policy controlled so return result based on permission grant state 10843 return granted == PackageManager.PERMISSION_GRANTED 10844 ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED 10845 : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED; 10846 } 10847 } finally { 10848 mInjector.binderRestoreCallingIdentity(ident); 10849 } 10850 } 10851 } 10852 10853 boolean isPackageInstalledForUser(String packageName, int userHandle) { 10854 try { 10855 PackageInfo pi = mInjector.getIPackageManager().getPackageInfo(packageName, 0, 10856 userHandle); 10857 return (pi != null) && (pi.applicationInfo.flags != 0); 10858 } catch (RemoteException re) { 10859 throw new RuntimeException("Package manager has died", re); 10860 } 10861 } 10862 10863 public boolean isRuntimePermission(String permissionName) throws NameNotFoundException { 10864 final PackageManager packageManager = mInjector.getPackageManager(); 10865 PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0); 10866 return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) 10867 == PermissionInfo.PROTECTION_DANGEROUS; 10868 } 10869 10870 @Override 10871 public boolean isProvisioningAllowed(String action, String packageName) { 10872 Preconditions.checkNotNull(packageName); 10873 10874 final int callingUid = mInjector.binderGetCallingUid(); 10875 final long ident = mInjector.binderClearCallingIdentity(); 10876 try { 10877 final int uidForPackage = mInjector.getPackageManager().getPackageUidAsUser( 10878 packageName, UserHandle.getUserId(callingUid)); 10879 Preconditions.checkArgument(callingUid == uidForPackage, 10880 "Caller uid doesn't match the one for the provided package."); 10881 } catch (NameNotFoundException e) { 10882 throw new IllegalArgumentException("Invalid package provided " + packageName, e); 10883 } finally { 10884 mInjector.binderRestoreCallingIdentity(ident); 10885 } 10886 10887 return checkProvisioningPreConditionSkipPermission(action, packageName) == CODE_OK; 10888 } 10889 10890 @Override 10891 public int checkProvisioningPreCondition(String action, String packageName) { 10892 Preconditions.checkNotNull(packageName); 10893 enforceCanManageProfileAndDeviceOwners(); 10894 return checkProvisioningPreConditionSkipPermission(action, packageName); 10895 } 10896 10897 private int checkProvisioningPreConditionSkipPermission(String action, String packageName) { 10898 if (!mHasFeature) { 10899 return CODE_DEVICE_ADMIN_NOT_SUPPORTED; 10900 } 10901 10902 final int callingUserId = mInjector.userHandleGetCallingUserId(); 10903 if (action != null) { 10904 switch (action) { 10905 case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE: 10906 return checkManagedProfileProvisioningPreCondition(packageName, callingUserId); 10907 case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE: 10908 return checkDeviceOwnerProvisioningPreCondition(callingUserId); 10909 case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER: 10910 return checkManagedUserProvisioningPreCondition(callingUserId); 10911 case DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE: 10912 return checkManagedShareableDeviceProvisioningPreCondition(callingUserId); 10913 } 10914 } 10915 throw new IllegalArgumentException("Unknown provisioning action " + action); 10916 } 10917 10918 /** 10919 * The device owner can only be set before the setup phase of the primary user has completed, 10920 * except for adb command if no accounts or additional users are present on the device. 10921 */ 10922 private int checkDeviceOwnerProvisioningPreConditionLocked(@Nullable ComponentName owner, 10923 int deviceOwnerUserId, boolean isAdb, boolean hasIncompatibleAccountsOrNonAdb) { 10924 if (mOwners.hasDeviceOwner()) { 10925 return CODE_HAS_DEVICE_OWNER; 10926 } 10927 if (mOwners.hasProfileOwner(deviceOwnerUserId)) { 10928 return CODE_USER_HAS_PROFILE_OWNER; 10929 } 10930 if (!mUserManager.isUserRunning(new UserHandle(deviceOwnerUserId))) { 10931 return CODE_USER_NOT_RUNNING; 10932 } 10933 if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) { 10934 return CODE_HAS_PAIRED; 10935 } 10936 if (isAdb) { 10937 // if shell command runs after user setup completed check device status. Otherwise, OK. 10938 if (mIsWatch || hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { 10939 if (!mInjector.userManagerIsSplitSystemUser()) { 10940 if (mUserManager.getUserCount() > 1) { 10941 return CODE_NONSYSTEM_USER_EXISTS; 10942 } 10943 if (hasIncompatibleAccountsOrNonAdb) { 10944 return CODE_ACCOUNTS_NOT_EMPTY; 10945 } 10946 } else { 10947 // STOPSHIP Do proper check in split user mode 10948 } 10949 } 10950 return CODE_OK; 10951 } else { 10952 if (!mInjector.userManagerIsSplitSystemUser()) { 10953 // In non-split user mode, DO has to be user 0 10954 if (deviceOwnerUserId != UserHandle.USER_SYSTEM) { 10955 return CODE_NOT_SYSTEM_USER; 10956 } 10957 // In non-split user mode, only provision DO before setup wizard completes 10958 if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { 10959 return CODE_USER_SETUP_COMPLETED; 10960 } 10961 } else { 10962 // STOPSHIP Do proper check in split user mode 10963 } 10964 return CODE_OK; 10965 } 10966 } 10967 10968 private int checkDeviceOwnerProvisioningPreCondition(int deviceOwnerUserId) { 10969 synchronized (getLockObject()) { 10970 // hasIncompatibleAccountsOrNonAdb doesn't matter since the caller is not adb. 10971 return checkDeviceOwnerProvisioningPreConditionLocked(/* owner unknown */ null, 10972 deviceOwnerUserId, /* isAdb= */ false, 10973 /* hasIncompatibleAccountsOrNonAdb=*/ true); 10974 } 10975 } 10976 10977 private int checkManagedProfileProvisioningPreCondition(String packageName, int callingUserId) { 10978 if (!hasFeatureManagedUsers()) { 10979 return CODE_MANAGED_USERS_NOT_SUPPORTED; 10980 } 10981 if (callingUserId == UserHandle.USER_SYSTEM 10982 && mInjector.userManagerIsSplitSystemUser()) { 10983 // Managed-profiles cannot be setup on the system user. 10984 return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; 10985 } 10986 if (getProfileOwner(callingUserId) != null) { 10987 // Managed user cannot have a managed profile. 10988 return CODE_USER_HAS_PROFILE_OWNER; 10989 } 10990 10991 final long ident = mInjector.binderClearCallingIdentity(); 10992 try { 10993 final UserHandle callingUserHandle = UserHandle.of(callingUserId); 10994 final ComponentName ownerAdmin = getOwnerComponent(packageName, callingUserId); 10995 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, 10996 callingUserHandle)) { 10997 // An admin can initiate provisioning if it has set the restriction. 10998 if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin, 10999 UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserId)) { 11000 return CODE_ADD_MANAGED_PROFILE_DISALLOWED; 11001 } 11002 } 11003 boolean canRemoveProfile = true; 11004 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 11005 callingUserHandle)) { 11006 // We can remove a profile if the admin itself has set the restriction. 11007 if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin, 11008 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 11009 callingUserId)) { 11010 canRemoveProfile = false; 11011 } 11012 } 11013 if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) { 11014 return CODE_CANNOT_ADD_MANAGED_PROFILE; 11015 } 11016 } finally { 11017 mInjector.binderRestoreCallingIdentity(ident); 11018 } 11019 return CODE_OK; 11020 } 11021 11022 private ComponentName getOwnerComponent(String packageName, int userId) { 11023 if (isDeviceOwnerPackage(packageName, userId)) { 11024 return mOwners.getDeviceOwnerComponent(); 11025 } 11026 if (isProfileOwnerPackage(packageName, userId)) { 11027 return mOwners.getProfileOwnerComponent(userId); 11028 } 11029 return null; 11030 } 11031 11032 /** 11033 * Return device owner or profile owner set on a given user. 11034 */ 11035 private @Nullable ComponentName getOwnerComponent(int userId) { 11036 synchronized (getLockObject()) { 11037 if (mOwners.getDeviceOwnerUserId() == userId) { 11038 return mOwners.getDeviceOwnerComponent(); 11039 } 11040 if (mOwners.hasProfileOwner(userId)) { 11041 return mOwners.getProfileOwnerComponent(userId); 11042 } 11043 } 11044 return null; 11045 } 11046 11047 private int checkManagedUserProvisioningPreCondition(int callingUserId) { 11048 if (!hasFeatureManagedUsers()) { 11049 return CODE_MANAGED_USERS_NOT_SUPPORTED; 11050 } 11051 if (!mInjector.userManagerIsSplitSystemUser()) { 11052 // ACTION_PROVISION_MANAGED_USER only supported on split-user systems. 11053 return CODE_NOT_SYSTEM_USER_SPLIT; 11054 } 11055 if (callingUserId == UserHandle.USER_SYSTEM) { 11056 // System user cannot be a managed user. 11057 return CODE_SYSTEM_USER; 11058 } 11059 if (hasUserSetupCompleted(callingUserId)) { 11060 return CODE_USER_SETUP_COMPLETED; 11061 } 11062 if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) { 11063 return CODE_HAS_PAIRED; 11064 } 11065 return CODE_OK; 11066 } 11067 11068 private int checkManagedShareableDeviceProvisioningPreCondition(int callingUserId) { 11069 if (!mInjector.userManagerIsSplitSystemUser()) { 11070 // ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE only supported on split-user systems. 11071 return CODE_NOT_SYSTEM_USER_SPLIT; 11072 } 11073 return checkDeviceOwnerProvisioningPreCondition(callingUserId); 11074 } 11075 11076 private boolean hasFeatureManagedUsers() { 11077 try { 11078 return mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0); 11079 } catch (RemoteException e) { 11080 return false; 11081 } 11082 } 11083 11084 @Override 11085 public String getWifiMacAddress(ComponentName admin) { 11086 // Make sure caller has DO. 11087 synchronized (getLockObject()) { 11088 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11089 } 11090 11091 final long ident = mInjector.binderClearCallingIdentity(); 11092 try { 11093 final WifiInfo wifiInfo = mInjector.getWifiManager().getConnectionInfo(); 11094 if (wifiInfo == null) { 11095 return null; 11096 } 11097 return wifiInfo.hasRealMacAddress() ? wifiInfo.getMacAddress() : null; 11098 } finally { 11099 mInjector.binderRestoreCallingIdentity(ident); 11100 } 11101 } 11102 11103 /** 11104 * Returns the target sdk version number that the given packageName was built for 11105 * in the given user. 11106 */ 11107 private int getTargetSdk(String packageName, int userId) { 11108 final ApplicationInfo ai; 11109 try { 11110 ai = mIPackageManager.getApplicationInfo(packageName, 0, userId); 11111 final int targetSdkVersion = ai == null ? 0 : ai.targetSdkVersion; 11112 return targetSdkVersion; 11113 } catch (RemoteException e) { 11114 // Shouldn't happen 11115 return 0; 11116 } 11117 } 11118 11119 @Override 11120 public boolean isManagedProfile(ComponentName admin) { 11121 enforceProfileOrDeviceOwner(admin); 11122 return isManagedProfile(mInjector.userHandleGetCallingUserId()); 11123 } 11124 11125 @Override 11126 public boolean isSystemOnlyUser(ComponentName admin) { 11127 synchronized (getLockObject()) { 11128 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11129 } 11130 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11131 return UserManager.isSplitSystemUser() && callingUserId == UserHandle.USER_SYSTEM; 11132 } 11133 11134 @Override 11135 public void reboot(ComponentName admin) { 11136 Preconditions.checkNotNull(admin); 11137 // Make sure caller has DO. 11138 synchronized (getLockObject()) { 11139 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11140 } 11141 long ident = mInjector.binderClearCallingIdentity(); 11142 try { 11143 // Make sure there are no ongoing calls on the device. 11144 if (mTelephonyManager.getCallState() != TelephonyManager.CALL_STATE_IDLE) { 11145 throw new IllegalStateException("Cannot be called with ongoing call on the device"); 11146 } 11147 mInjector.powerManagerReboot(PowerManager.REBOOT_REQUESTED_BY_DEVICE_OWNER); 11148 } finally { 11149 mInjector.binderRestoreCallingIdentity(ident); 11150 } 11151 } 11152 11153 @Override 11154 public void setShortSupportMessage(@NonNull ComponentName who, CharSequence message) { 11155 if (!mHasFeature) { 11156 return; 11157 } 11158 Preconditions.checkNotNull(who, "ComponentName is null"); 11159 final int userHandle = mInjector.userHandleGetCallingUserId(); 11160 synchronized (getLockObject()) { 11161 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11162 mInjector.binderGetCallingUid()); 11163 if (!TextUtils.equals(admin.shortSupportMessage, message)) { 11164 admin.shortSupportMessage = message; 11165 saveSettingsLocked(userHandle); 11166 } 11167 } 11168 } 11169 11170 @Override 11171 public CharSequence getShortSupportMessage(@NonNull ComponentName who) { 11172 if (!mHasFeature) { 11173 return null; 11174 } 11175 Preconditions.checkNotNull(who, "ComponentName is null"); 11176 synchronized (getLockObject()) { 11177 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11178 mInjector.binderGetCallingUid()); 11179 return admin.shortSupportMessage; 11180 } 11181 } 11182 11183 @Override 11184 public void setLongSupportMessage(@NonNull ComponentName who, CharSequence message) { 11185 if (!mHasFeature) { 11186 return; 11187 } 11188 Preconditions.checkNotNull(who, "ComponentName is null"); 11189 final int userHandle = mInjector.userHandleGetCallingUserId(); 11190 synchronized (getLockObject()) { 11191 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11192 mInjector.binderGetCallingUid()); 11193 if (!TextUtils.equals(admin.longSupportMessage, message)) { 11194 admin.longSupportMessage = message; 11195 saveSettingsLocked(userHandle); 11196 } 11197 } 11198 } 11199 11200 @Override 11201 public CharSequence getLongSupportMessage(@NonNull ComponentName who) { 11202 if (!mHasFeature) { 11203 return null; 11204 } 11205 Preconditions.checkNotNull(who, "ComponentName is null"); 11206 synchronized (getLockObject()) { 11207 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11208 mInjector.binderGetCallingUid()); 11209 return admin.longSupportMessage; 11210 } 11211 } 11212 11213 @Override 11214 public CharSequence getShortSupportMessageForUser(@NonNull ComponentName who, int userHandle) { 11215 if (!mHasFeature) { 11216 return null; 11217 } 11218 Preconditions.checkNotNull(who, "ComponentName is null"); 11219 if (!isCallerWithSystemUid()) { 11220 throw new SecurityException("Only the system can query support message for user"); 11221 } 11222 synchronized (getLockObject()) { 11223 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 11224 if (admin != null) { 11225 return admin.shortSupportMessage; 11226 } 11227 } 11228 return null; 11229 } 11230 11231 @Override 11232 public CharSequence getLongSupportMessageForUser(@NonNull ComponentName who, int userHandle) { 11233 if (!mHasFeature) { 11234 return null; 11235 } 11236 Preconditions.checkNotNull(who, "ComponentName is null"); 11237 if (!isCallerWithSystemUid()) { 11238 throw new SecurityException("Only the system can query support message for user"); 11239 } 11240 synchronized (getLockObject()) { 11241 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 11242 if (admin != null) { 11243 return admin.longSupportMessage; 11244 } 11245 } 11246 return null; 11247 } 11248 11249 @Override 11250 public void setOrganizationColor(@NonNull ComponentName who, int color) { 11251 if (!mHasFeature) { 11252 return; 11253 } 11254 Preconditions.checkNotNull(who, "ComponentName is null"); 11255 final int userHandle = mInjector.userHandleGetCallingUserId(); 11256 enforceManagedProfile(userHandle, "set organization color"); 11257 synchronized (getLockObject()) { 11258 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11259 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11260 admin.organizationColor = color; 11261 saveSettingsLocked(userHandle); 11262 } 11263 } 11264 11265 @Override 11266 public void setOrganizationColorForUser(int color, int userId) { 11267 if (!mHasFeature) { 11268 return; 11269 } 11270 enforceFullCrossUsersPermission(userId); 11271 enforceManageUsers(); 11272 enforceManagedProfile(userId, "set organization color"); 11273 synchronized (getLockObject()) { 11274 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 11275 admin.organizationColor = color; 11276 saveSettingsLocked(userId); 11277 } 11278 } 11279 11280 @Override 11281 public int getOrganizationColor(@NonNull ComponentName who) { 11282 if (!mHasFeature) { 11283 return ActiveAdmin.DEF_ORGANIZATION_COLOR; 11284 } 11285 Preconditions.checkNotNull(who, "ComponentName is null"); 11286 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization color"); 11287 synchronized (getLockObject()) { 11288 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11289 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11290 return admin.organizationColor; 11291 } 11292 } 11293 11294 @Override 11295 public int getOrganizationColorForUser(int userHandle) { 11296 if (!mHasFeature) { 11297 return ActiveAdmin.DEF_ORGANIZATION_COLOR; 11298 } 11299 enforceFullCrossUsersPermission(userHandle); 11300 enforceManagedProfile(userHandle, "get organization color"); 11301 synchronized (getLockObject()) { 11302 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle); 11303 return (profileOwner != null) 11304 ? profileOwner.organizationColor 11305 : ActiveAdmin.DEF_ORGANIZATION_COLOR; 11306 } 11307 } 11308 11309 @Override 11310 public void setOrganizationName(@NonNull ComponentName who, CharSequence text) { 11311 if (!mHasFeature) { 11312 return; 11313 } 11314 Preconditions.checkNotNull(who, "ComponentName is null"); 11315 final int userHandle = mInjector.userHandleGetCallingUserId(); 11316 11317 synchronized (getLockObject()) { 11318 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11319 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11320 if (!TextUtils.equals(admin.organizationName, text)) { 11321 admin.organizationName = (text == null || text.length() == 0) 11322 ? null : text.toString(); 11323 saveSettingsLocked(userHandle); 11324 } 11325 } 11326 } 11327 11328 @Override 11329 public CharSequence getOrganizationName(@NonNull ComponentName who) { 11330 if (!mHasFeature) { 11331 return null; 11332 } 11333 Preconditions.checkNotNull(who, "ComponentName is null"); 11334 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization name"); 11335 synchronized (getLockObject()) { 11336 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11337 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11338 return admin.organizationName; 11339 } 11340 } 11341 11342 @Override 11343 public CharSequence getDeviceOwnerOrganizationName() { 11344 if (!mHasFeature) { 11345 return null; 11346 } 11347 enforceDeviceOwnerOrManageUsers(); 11348 synchronized (getLockObject()) { 11349 final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 11350 return deviceOwnerAdmin == null ? null : deviceOwnerAdmin.organizationName; 11351 } 11352 } 11353 11354 @Override 11355 public CharSequence getOrganizationNameForUser(int userHandle) { 11356 if (!mHasFeature) { 11357 return null; 11358 } 11359 enforceFullCrossUsersPermission(userHandle); 11360 enforceManagedProfile(userHandle, "get organization name"); 11361 synchronized (getLockObject()) { 11362 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle); 11363 return (profileOwner != null) 11364 ? profileOwner.organizationName 11365 : null; 11366 } 11367 } 11368 11369 @Override 11370 public List<String> setMeteredDataDisabledPackages(ComponentName who, List<String> packageNames) { 11371 Preconditions.checkNotNull(who); 11372 Preconditions.checkNotNull(packageNames); 11373 11374 if (!mHasFeature) { 11375 return packageNames; 11376 } 11377 synchronized (getLockObject()) { 11378 final ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11379 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11380 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11381 final long identity = mInjector.binderClearCallingIdentity(); 11382 try { 11383 final List<String> excludedPkgs 11384 = removeInvalidPkgsForMeteredDataRestriction(callingUserId, packageNames); 11385 admin.meteredDisabledPackages = packageNames; 11386 pushMeteredDisabledPackagesLocked(callingUserId); 11387 saveSettingsLocked(callingUserId); 11388 return excludedPkgs; 11389 } finally { 11390 mInjector.binderRestoreCallingIdentity(identity); 11391 } 11392 } 11393 } 11394 11395 private List<String> removeInvalidPkgsForMeteredDataRestriction( 11396 int userId, List<String> pkgNames) { 11397 final Set<String> activeAdmins = getActiveAdminPackagesLocked(userId); 11398 final List<String> excludedPkgs = new ArrayList<>(); 11399 for (int i = pkgNames.size() - 1; i >= 0; --i) { 11400 final String pkgName = pkgNames.get(i); 11401 // If the package is an active admin, don't restrict it. 11402 if (activeAdmins.contains(pkgName)) { 11403 excludedPkgs.add(pkgName); 11404 continue; 11405 } 11406 // If the package doesn't exist, don't restrict it. 11407 try { 11408 if (!mInjector.getIPackageManager().isPackageAvailable(pkgName, userId)) { 11409 excludedPkgs.add(pkgName); 11410 } 11411 } catch (RemoteException e) { 11412 // Should not happen 11413 } 11414 } 11415 pkgNames.removeAll(excludedPkgs); 11416 return excludedPkgs; 11417 } 11418 11419 @Override 11420 public List<String> getMeteredDataDisabledPackages(ComponentName who) { 11421 Preconditions.checkNotNull(who); 11422 11423 if (!mHasFeature) { 11424 return new ArrayList<>(); 11425 } 11426 synchronized (getLockObject()) { 11427 final ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11428 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11429 return admin.meteredDisabledPackages == null 11430 ? new ArrayList<>() : admin.meteredDisabledPackages; 11431 } 11432 } 11433 11434 @Override 11435 public boolean isMeteredDataDisabledPackageForUser(ComponentName who, 11436 String packageName, int userId) { 11437 Preconditions.checkNotNull(who); 11438 11439 if (!mHasFeature) { 11440 return false; 11441 } 11442 if (!isCallerWithSystemUid()) { 11443 throw new SecurityException( 11444 "Only the system can query restricted pkgs for a specific user"); 11445 } 11446 synchronized (getLockObject()) { 11447 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId); 11448 if (admin != null && admin.meteredDisabledPackages != null) { 11449 return admin.meteredDisabledPackages.contains(packageName); 11450 } 11451 } 11452 return false; 11453 } 11454 11455 private void pushMeteredDisabledPackagesLocked(int userId) { 11456 mInjector.getNetworkPolicyManagerInternal().setMeteredRestrictedPackages( 11457 getMeteredDisabledPackagesLocked(userId), userId); 11458 } 11459 11460 private Set<String> getMeteredDisabledPackagesLocked(int userId) { 11461 final ComponentName who = getOwnerComponent(userId); 11462 final Set<String> restrictedPkgs = new ArraySet<>(); 11463 if (who != null) { 11464 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId); 11465 if (admin != null && admin.meteredDisabledPackages != null) { 11466 restrictedPkgs.addAll(admin.meteredDisabledPackages); 11467 } 11468 } 11469 return restrictedPkgs; 11470 } 11471 11472 @Override 11473 public void setAffiliationIds(ComponentName admin, List<String> ids) { 11474 if (!mHasFeature) { 11475 return; 11476 } 11477 if (ids == null) { 11478 throw new IllegalArgumentException("ids must not be null"); 11479 } 11480 for (String id : ids) { 11481 if (TextUtils.isEmpty(id)) { 11482 throw new IllegalArgumentException("ids must not contain empty string"); 11483 } 11484 } 11485 11486 final Set<String> affiliationIds = new ArraySet<>(ids); 11487 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11488 synchronized (getLockObject()) { 11489 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11490 getUserData(callingUserId).mAffiliationIds = affiliationIds; 11491 saveSettingsLocked(callingUserId); 11492 if (callingUserId != UserHandle.USER_SYSTEM && isDeviceOwner(admin, callingUserId)) { 11493 // Affiliation ids specified by the device owner are additionally stored in 11494 // UserHandle.USER_SYSTEM's DevicePolicyData. 11495 getUserData(UserHandle.USER_SYSTEM).mAffiliationIds = affiliationIds; 11496 saveSettingsLocked(UserHandle.USER_SYSTEM); 11497 } 11498 11499 // Affiliation status for any user, not just the calling user, might have changed. 11500 // The device owner user will still be affiliated after changing its affiliation ids, 11501 // but as a result of that other users might become affiliated or un-affiliated. 11502 maybePauseDeviceWideLoggingLocked(); 11503 maybeResumeDeviceWideLoggingLocked(); 11504 maybeClearLockTaskPolicyLocked(); 11505 } 11506 } 11507 11508 @Override 11509 public List<String> getAffiliationIds(ComponentName admin) { 11510 if (!mHasFeature) { 11511 return Collections.emptyList(); 11512 } 11513 11514 Preconditions.checkNotNull(admin); 11515 synchronized (getLockObject()) { 11516 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11517 return new ArrayList<String>( 11518 getUserData(mInjector.userHandleGetCallingUserId()).mAffiliationIds); 11519 } 11520 } 11521 11522 @Override 11523 public boolean isAffiliatedUser() { 11524 if (!mHasFeature) { 11525 return false; 11526 } 11527 11528 synchronized (getLockObject()) { 11529 return isUserAffiliatedWithDeviceLocked(mInjector.userHandleGetCallingUserId()); 11530 } 11531 } 11532 11533 private boolean isUserAffiliatedWithDeviceLocked(int userId) { 11534 if (!mOwners.hasDeviceOwner()) { 11535 return false; 11536 } 11537 if (userId == mOwners.getDeviceOwnerUserId()) { 11538 // The user that the DO is installed on is always affiliated with the device. 11539 return true; 11540 } 11541 if (userId == UserHandle.USER_SYSTEM) { 11542 // The system user is always affiliated in a DO device, even if the DO is set on a 11543 // different user. This could be the case if the DO is set in the primary user 11544 // of a split user device. 11545 return true; 11546 } 11547 11548 final ComponentName profileOwner = getProfileOwner(userId); 11549 if (profileOwner == null) { 11550 return false; 11551 } 11552 11553 final Set<String> userAffiliationIds = getUserData(userId).mAffiliationIds; 11554 final Set<String> deviceAffiliationIds = 11555 getUserData(UserHandle.USER_SYSTEM).mAffiliationIds; 11556 for (String id : userAffiliationIds) { 11557 if (deviceAffiliationIds.contains(id)) { 11558 return true; 11559 } 11560 } 11561 return false; 11562 } 11563 11564 private boolean areAllUsersAffiliatedWithDeviceLocked() { 11565 final long ident = mInjector.binderClearCallingIdentity(); 11566 try { 11567 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 11568 for (int i = 0; i < userInfos.size(); i++) { 11569 int userId = userInfos.get(i).id; 11570 if (!isUserAffiliatedWithDeviceLocked(userId)) { 11571 Slog.d(LOG_TAG, "User id " + userId + " not affiliated."); 11572 return false; 11573 } 11574 } 11575 } finally { 11576 mInjector.binderRestoreCallingIdentity(ident); 11577 } 11578 11579 return true; 11580 } 11581 11582 @Override 11583 public void setSecurityLoggingEnabled(ComponentName admin, boolean enabled) { 11584 if (!mHasFeature) { 11585 return; 11586 } 11587 Preconditions.checkNotNull(admin); 11588 11589 synchronized (getLockObject()) { 11590 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11591 if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) { 11592 return; 11593 } 11594 mInjector.securityLogSetLoggingEnabledProperty(enabled); 11595 if (enabled) { 11596 mSecurityLogMonitor.start(); 11597 maybePauseDeviceWideLoggingLocked(); 11598 } else { 11599 mSecurityLogMonitor.stop(); 11600 } 11601 } 11602 } 11603 11604 @Override 11605 public boolean isSecurityLoggingEnabled(ComponentName admin) { 11606 if (!mHasFeature) { 11607 return false; 11608 } 11609 11610 synchronized (getLockObject()) { 11611 if (!isCallerWithSystemUid()) { 11612 Preconditions.checkNotNull(admin); 11613 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11614 } 11615 return mInjector.securityLogGetLoggingEnabledProperty(); 11616 } 11617 } 11618 11619 private void recordSecurityLogRetrievalTime() { 11620 synchronized (getLockObject()) { 11621 final long currentTime = System.currentTimeMillis(); 11622 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 11623 if (currentTime > policyData.mLastSecurityLogRetrievalTime) { 11624 policyData.mLastSecurityLogRetrievalTime = currentTime; 11625 saveSettingsLocked(UserHandle.USER_SYSTEM); 11626 } 11627 } 11628 } 11629 11630 @Override 11631 public ParceledListSlice<SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin) { 11632 if (!mHasFeature) { 11633 return null; 11634 } 11635 11636 Preconditions.checkNotNull(admin); 11637 ensureDeviceOwnerAndAllUsersAffiliated(admin); 11638 11639 if (!mContext.getResources().getBoolean(R.bool.config_supportPreRebootSecurityLogs) 11640 || !mInjector.securityLogGetLoggingEnabledProperty()) { 11641 return null; 11642 } 11643 11644 recordSecurityLogRetrievalTime(); 11645 11646 ArrayList<SecurityEvent> output = new ArrayList<SecurityEvent>(); 11647 try { 11648 SecurityLog.readPreviousEvents(output); 11649 return new ParceledListSlice<SecurityEvent>(output); 11650 } catch (IOException e) { 11651 Slog.w(LOG_TAG, "Fail to read previous events" , e); 11652 return new ParceledListSlice<SecurityEvent>(Collections.<SecurityEvent>emptyList()); 11653 } 11654 } 11655 11656 @Override 11657 public ParceledListSlice<SecurityEvent> retrieveSecurityLogs(ComponentName admin) { 11658 if (!mHasFeature) { 11659 return null; 11660 } 11661 11662 Preconditions.checkNotNull(admin); 11663 ensureDeviceOwnerAndAllUsersAffiliated(admin); 11664 11665 if (!mInjector.securityLogGetLoggingEnabledProperty()) { 11666 return null; 11667 } 11668 11669 recordSecurityLogRetrievalTime(); 11670 11671 List<SecurityEvent> logs = mSecurityLogMonitor.retrieveLogs(); 11672 return logs != null ? new ParceledListSlice<SecurityEvent>(logs) : null; 11673 } 11674 11675 @Override 11676 public long forceSecurityLogs() { 11677 enforceShell("forceSecurityLogs"); 11678 if (!mInjector.securityLogGetLoggingEnabledProperty()) { 11679 throw new IllegalStateException("logging is not available"); 11680 } 11681 return mSecurityLogMonitor.forceLogs(); 11682 } 11683 11684 private void enforceCanManageDeviceAdmin() { 11685 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS, 11686 null); 11687 } 11688 11689 private void enforceCanManageProfileAndDeviceOwners() { 11690 mContext.enforceCallingOrSelfPermission( 11691 android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); 11692 } 11693 11694 private void enforceCallerSystemUserHandle() { 11695 final int callingUid = mInjector.binderGetCallingUid(); 11696 final int userId = UserHandle.getUserId(callingUid); 11697 if (userId != UserHandle.USER_SYSTEM) { 11698 throw new SecurityException("Caller has to be in user 0"); 11699 } 11700 } 11701 11702 @Override 11703 public boolean isUninstallInQueue(final String packageName) { 11704 enforceCanManageDeviceAdmin(); 11705 final int userId = mInjector.userHandleGetCallingUserId(); 11706 Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11707 synchronized (getLockObject()) { 11708 return mPackagesToRemove.contains(packageUserPair); 11709 } 11710 } 11711 11712 @Override 11713 public void uninstallPackageWithActiveAdmins(final String packageName) { 11714 enforceCanManageDeviceAdmin(); 11715 Preconditions.checkArgument(!TextUtils.isEmpty(packageName)); 11716 11717 final int userId = mInjector.userHandleGetCallingUserId(); 11718 11719 enforceUserUnlocked(userId); 11720 11721 final ComponentName profileOwner = getProfileOwner(userId); 11722 if (profileOwner != null && packageName.equals(profileOwner.getPackageName())) { 11723 throw new IllegalArgumentException("Cannot uninstall a package with a profile owner"); 11724 } 11725 11726 final ComponentName deviceOwner = getDeviceOwnerComponent(/* callingUserOnly= */ false); 11727 if (getDeviceOwnerUserId() == userId && deviceOwner != null 11728 && packageName.equals(deviceOwner.getPackageName())) { 11729 throw new IllegalArgumentException("Cannot uninstall a package with a device owner"); 11730 } 11731 11732 final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11733 synchronized (getLockObject()) { 11734 mPackagesToRemove.add(packageUserPair); 11735 } 11736 11737 // All active admins on the user. 11738 final List<ComponentName> allActiveAdmins = getActiveAdmins(userId); 11739 11740 // Active admins in the target package. 11741 final List<ComponentName> packageActiveAdmins = new ArrayList<>(); 11742 if (allActiveAdmins != null) { 11743 for (ComponentName activeAdmin : allActiveAdmins) { 11744 if (packageName.equals(activeAdmin.getPackageName())) { 11745 packageActiveAdmins.add(activeAdmin); 11746 removeActiveAdmin(activeAdmin, userId); 11747 } 11748 } 11749 } 11750 if (packageActiveAdmins.size() == 0) { 11751 startUninstallIntent(packageName, userId); 11752 } else { 11753 mHandler.postDelayed(new Runnable() { 11754 @Override 11755 public void run() { 11756 for (ComponentName activeAdmin : packageActiveAdmins) { 11757 removeAdminArtifacts(activeAdmin, userId); 11758 } 11759 startUninstallIntent(packageName, userId); 11760 } 11761 }, DEVICE_ADMIN_DEACTIVATE_TIMEOUT); // Start uninstall after timeout anyway. 11762 } 11763 } 11764 11765 @Override 11766 public boolean isDeviceProvisioned() { 11767 enforceManageUsers(); 11768 synchronized (getLockObject()) { 11769 return getUserDataUnchecked(UserHandle.USER_SYSTEM).mUserSetupComplete; 11770 } 11771 } 11772 11773 private boolean isCurrentUserDemo() { 11774 if (UserManager.isDeviceInDemoMode(mContext)) { 11775 final int userId = mInjector.userHandleGetCallingUserId(); 11776 final long callingIdentity = mInjector.binderClearCallingIdentity(); 11777 try { 11778 return mUserManager.getUserInfo(userId).isDemo(); 11779 } finally { 11780 mInjector.binderRestoreCallingIdentity(callingIdentity); 11781 } 11782 } 11783 return false; 11784 } 11785 11786 private void removePackageIfRequired(final String packageName, final int userId) { 11787 if (!packageHasActiveAdmins(packageName, userId)) { 11788 // Will not do anything if uninstall was not requested or was already started. 11789 startUninstallIntent(packageName, userId); 11790 } 11791 } 11792 11793 private void startUninstallIntent(final String packageName, final int userId) { 11794 final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11795 synchronized (getLockObject()) { 11796 if (!mPackagesToRemove.contains(packageUserPair)) { 11797 // Do nothing if uninstall was not requested or was already started. 11798 return; 11799 } 11800 mPackagesToRemove.remove(packageUserPair); 11801 } 11802 try { 11803 if (mInjector.getIPackageManager().getPackageInfo(packageName, 0, userId) == null) { 11804 // Package does not exist. Nothing to do. 11805 return; 11806 } 11807 } catch (RemoteException re) { 11808 Log.e(LOG_TAG, "Failure talking to PackageManager while getting package info"); 11809 } 11810 11811 try { // force stop the package before uninstalling 11812 mInjector.getIActivityManager().forceStopPackage(packageName, userId); 11813 } catch (RemoteException re) { 11814 Log.e(LOG_TAG, "Failure talking to ActivityManager while force stopping package"); 11815 } 11816 final Uri packageURI = Uri.parse("package:" + packageName); 11817 final Intent uninstallIntent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE, packageURI); 11818 uninstallIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); 11819 mContext.startActivityAsUser(uninstallIntent, UserHandle.of(userId)); 11820 } 11821 11822 /** 11823 * Removes the admin from the policy. Ideally called after the admin's 11824 * {@link DeviceAdminReceiver#onDisabled(Context, Intent)} has been successfully completed. 11825 * 11826 * @param adminReceiver The admin to remove 11827 * @param userHandle The user for which this admin has to be removed. 11828 */ 11829 private void removeAdminArtifacts(final ComponentName adminReceiver, final int userHandle) { 11830 synchronized (getLockObject()) { 11831 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 11832 if (admin == null) { 11833 return; 11834 } 11835 final DevicePolicyData policy = getUserData(userHandle); 11836 final boolean doProxyCleanup = admin.info.usesPolicy( 11837 DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); 11838 policy.mAdminList.remove(admin); 11839 policy.mAdminMap.remove(adminReceiver); 11840 validatePasswordOwnerLocked(policy); 11841 if (doProxyCleanup) { 11842 resetGlobalProxyLocked(policy); 11843 } 11844 pushActiveAdminPackagesLocked(userHandle); 11845 pushMeteredDisabledPackagesLocked(userHandle); 11846 saveSettingsLocked(userHandle); 11847 updateMaximumTimeToLockLocked(userHandle); 11848 policy.mRemovingAdmins.remove(adminReceiver); 11849 11850 Slog.i(LOG_TAG, "Device admin " + adminReceiver + " removed from user " + userHandle); 11851 } 11852 // The removed admin might have disabled camera, so update user 11853 // restrictions. 11854 pushUserRestrictions(userHandle); 11855 } 11856 11857 @Override 11858 public void setDeviceProvisioningConfigApplied() { 11859 enforceManageUsers(); 11860 synchronized (getLockObject()) { 11861 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 11862 policy.mDeviceProvisioningConfigApplied = true; 11863 saveSettingsLocked(UserHandle.USER_SYSTEM); 11864 } 11865 } 11866 11867 @Override 11868 public boolean isDeviceProvisioningConfigApplied() { 11869 enforceManageUsers(); 11870 synchronized (getLockObject()) { 11871 final DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 11872 return policy.mDeviceProvisioningConfigApplied; 11873 } 11874 } 11875 11876 /** 11877 * Force update internal persistent state from Settings.Secure.USER_SETUP_COMPLETE. 11878 * 11879 * It's added for testing only. Please use this API carefully if it's used by other system app 11880 * and bare in mind Settings.Secure.USER_SETUP_COMPLETE can be modified by user and other system 11881 * apps. 11882 */ 11883 @Override 11884 public void forceUpdateUserSetupComplete() { 11885 enforceCanManageProfileAndDeviceOwners(); 11886 enforceCallerSystemUserHandle(); 11887 // no effect if it's called from user build 11888 if (!mInjector.isBuildDebuggable()) { 11889 return; 11890 } 11891 final int userId = UserHandle.USER_SYSTEM; 11892 boolean isUserCompleted = mInjector.settingsSecureGetIntForUser( 11893 Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0; 11894 DevicePolicyData policy = getUserData(userId); 11895 policy.mUserSetupComplete = isUserCompleted; 11896 synchronized (getLockObject()) { 11897 saveSettingsLocked(userId); 11898 } 11899 } 11900 11901 // TODO(b/22388012): When backup is available for secondary users and profiles, consider 11902 // whether there are any privacy/security implications of enabling the backup service here 11903 // if there are other users or profiles unmanaged or managed by a different entity (i.e. not 11904 // affiliated). 11905 @Override 11906 public void setBackupServiceEnabled(ComponentName admin, boolean enabled) { 11907 if (!mHasFeature) { 11908 return; 11909 } 11910 Preconditions.checkNotNull(admin); 11911 synchronized (getLockObject()) { 11912 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked( 11913 admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11914 if (!enabled) { 11915 activeAdmin.mandatoryBackupTransport = null; 11916 saveSettingsLocked(UserHandle.USER_SYSTEM); 11917 } 11918 } 11919 11920 final long ident = mInjector.binderClearCallingIdentity(); 11921 try { 11922 IBackupManager ibm = mInjector.getIBackupManager(); 11923 if (ibm != null) { 11924 ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, enabled); 11925 } 11926 } catch (RemoteException e) { 11927 throw new IllegalStateException( 11928 "Failed " + (enabled ? "" : "de") + "activating backup service.", e); 11929 } finally { 11930 mInjector.binderRestoreCallingIdentity(ident); 11931 } 11932 } 11933 11934 @Override 11935 public boolean isBackupServiceEnabled(ComponentName admin) { 11936 Preconditions.checkNotNull(admin); 11937 if (!mHasFeature) { 11938 return true; 11939 } 11940 synchronized (getLockObject()) { 11941 try { 11942 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11943 IBackupManager ibm = mInjector.getIBackupManager(); 11944 return ibm != null && ibm.isBackupServiceActive(UserHandle.USER_SYSTEM); 11945 } catch (RemoteException e) { 11946 throw new IllegalStateException("Failed requesting backup service state.", e); 11947 } 11948 } 11949 } 11950 11951 @Override 11952 public boolean setMandatoryBackupTransport( 11953 ComponentName admin, 11954 ComponentName backupTransportComponent) { 11955 if (!mHasFeature) { 11956 return false; 11957 } 11958 Preconditions.checkNotNull(admin); 11959 synchronized (getLockObject()) { 11960 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11961 } 11962 11963 final int callingUid = mInjector.binderGetCallingUid(); 11964 final AtomicBoolean success = new AtomicBoolean(false); 11965 final CountDownLatch countDownLatch = new CountDownLatch(1); 11966 final ISelectBackupTransportCallback selectBackupTransportCallbackInternal = 11967 new ISelectBackupTransportCallback.Stub() { 11968 public void onSuccess(String transportName) { 11969 saveMandatoryBackupTransport(admin, callingUid, backupTransportComponent); 11970 success.set(true); 11971 countDownLatch.countDown(); 11972 } 11973 11974 public void onFailure(int reason) { 11975 countDownLatch.countDown(); 11976 } 11977 }; 11978 final long identity = mInjector.binderClearCallingIdentity(); 11979 try { 11980 IBackupManager ibm = mInjector.getIBackupManager(); 11981 if (ibm != null && backupTransportComponent != null) { 11982 if (!ibm.isBackupServiceActive(UserHandle.USER_SYSTEM)) { 11983 ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, true); 11984 } 11985 ibm.selectBackupTransportAsync( 11986 backupTransportComponent, selectBackupTransportCallbackInternal); 11987 countDownLatch.await(); 11988 if (success.get()) { 11989 ibm.setBackupEnabled(true); 11990 } 11991 } else if (backupTransportComponent == null) { 11992 saveMandatoryBackupTransport(admin, callingUid, backupTransportComponent); 11993 success.set(true); 11994 } 11995 } catch (RemoteException e) { 11996 throw new IllegalStateException("Failed to set mandatory backup transport.", e); 11997 } catch (InterruptedException e) { 11998 throw new IllegalStateException("Failed to set mandatory backup transport.", e); 11999 } finally { 12000 mInjector.binderRestoreCallingIdentity(identity); 12001 } 12002 return success.get(); 12003 } 12004 12005 private void saveMandatoryBackupTransport( 12006 ComponentName admin, int callingUid, ComponentName backupTransportComponent) { 12007 synchronized (getLockObject()) { 12008 ActiveAdmin activeAdmin = 12009 getActiveAdminWithPolicyForUidLocked( 12010 admin, 12011 DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 12012 callingUid); 12013 if (!Objects.equals(backupTransportComponent, 12014 activeAdmin.mandatoryBackupTransport)) { 12015 activeAdmin.mandatoryBackupTransport = 12016 backupTransportComponent; 12017 saveSettingsLocked(UserHandle.USER_SYSTEM); 12018 } 12019 } 12020 } 12021 12022 @Override 12023 public ComponentName getMandatoryBackupTransport() { 12024 if (!mHasFeature) { 12025 return null; 12026 } 12027 synchronized (getLockObject()) { 12028 ActiveAdmin activeAdmin = getDeviceOwnerAdminLocked(); 12029 return activeAdmin == null ? null : activeAdmin.mandatoryBackupTransport; 12030 } 12031 } 12032 12033 12034 @Override 12035 public boolean bindDeviceAdminServiceAsUser( 12036 @NonNull ComponentName admin, @NonNull IApplicationThread caller, 12037 @Nullable IBinder activtiyToken, @NonNull Intent serviceIntent, 12038 @NonNull IServiceConnection connection, int flags, @UserIdInt int targetUserId) { 12039 if (!mHasFeature) { 12040 return false; 12041 } 12042 Preconditions.checkNotNull(admin); 12043 Preconditions.checkNotNull(caller); 12044 Preconditions.checkNotNull(serviceIntent); 12045 Preconditions.checkArgument( 12046 serviceIntent.getComponent() != null || serviceIntent.getPackage() != null, 12047 "Service intent must be explicit (with a package name or component): " 12048 + serviceIntent); 12049 Preconditions.checkNotNull(connection); 12050 Preconditions.checkArgument(mInjector.userHandleGetCallingUserId() != targetUserId, 12051 "target user id must be different from the calling user id"); 12052 12053 if (!getBindDeviceAdminTargetUsers(admin).contains(UserHandle.of(targetUserId))) { 12054 throw new SecurityException("Not allowed to bind to target user id"); 12055 } 12056 12057 final String targetPackage; 12058 synchronized (getLockObject()) { 12059 targetPackage = getOwnerPackageNameForUserLocked(targetUserId); 12060 } 12061 12062 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12063 try { 12064 // Validate and sanitize the incoming service intent. 12065 final Intent sanitizedIntent = 12066 createCrossUserServiceIntent(serviceIntent, targetPackage, targetUserId); 12067 if (sanitizedIntent == null) { 12068 // Fail, cannot lookup the target service. 12069 return false; 12070 } 12071 // Ask ActivityManager to bind it. Notice that we are binding the service with the 12072 // caller app instead of DevicePolicyManagerService. 12073 return mInjector.getIActivityManager().bindService( 12074 caller, activtiyToken, serviceIntent, 12075 serviceIntent.resolveTypeIfNeeded(mContext.getContentResolver()), 12076 connection, flags, mContext.getOpPackageName(), 12077 targetUserId) != 0; 12078 } catch (RemoteException ex) { 12079 // Same process, should not happen. 12080 } finally { 12081 mInjector.binderRestoreCallingIdentity(callingIdentity); 12082 } 12083 12084 // Failed to bind. 12085 return false; 12086 } 12087 12088 @Override 12089 public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) { 12090 if (!mHasFeature) { 12091 return Collections.emptyList(); 12092 } 12093 Preconditions.checkNotNull(admin); 12094 12095 synchronized (getLockObject()) { 12096 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12097 12098 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12099 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12100 try { 12101 ArrayList<UserHandle> targetUsers = new ArrayList<>(); 12102 if (!isDeviceOwner(admin, callingUserId)) { 12103 // Profile owners can only bind to the device owner. 12104 if (canUserBindToDeviceOwnerLocked(callingUserId)) { 12105 targetUsers.add(UserHandle.of(mOwners.getDeviceOwnerUserId())); 12106 } 12107 } else { 12108 // Caller is the device owner: Look for profile owners that it can bind to. 12109 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 12110 for (int i = 0; i < userInfos.size(); i++) { 12111 final int userId = userInfos.get(i).id; 12112 if (userId != callingUserId && canUserBindToDeviceOwnerLocked(userId)) { 12113 targetUsers.add(UserHandle.of(userId)); 12114 } 12115 } 12116 } 12117 12118 return targetUsers; 12119 } finally { 12120 mInjector.binderRestoreCallingIdentity(callingIdentity); 12121 } 12122 } 12123 } 12124 12125 private boolean canUserBindToDeviceOwnerLocked(int userId) { 12126 // There has to be a device owner, under another user id. 12127 if (!mOwners.hasDeviceOwner() || userId == mOwners.getDeviceOwnerUserId()) { 12128 return false; 12129 } 12130 12131 // The user must have a profile owner that belongs to the same package as the device owner. 12132 if (!mOwners.hasProfileOwner(userId) || !TextUtils.equals( 12133 mOwners.getDeviceOwnerPackageName(), mOwners.getProfileOwnerPackage(userId))) { 12134 return false; 12135 } 12136 12137 // The user must be affiliated. 12138 return isUserAffiliatedWithDeviceLocked(userId); 12139 } 12140 12141 /** 12142 * Return true if a given user has any accounts that'll prevent installing a device or profile 12143 * owner {@code owner}. 12144 * - If the user has no accounts, then return false. 12145 * - Otherwise, if the owner is unknown (== null), or is not test-only, then return true. 12146 * - Otherwise, if there's any account that does not have ..._ALLOWED, or does have 12147 * ..._DISALLOWED, return true. 12148 * - Otherwise return false. 12149 * 12150 * If the caller is *not* ADB, it also returns true. The returned value shouldn't be used 12151 * when the caller is not ADB. 12152 * 12153 * DO NOT CALL IT WITH THE DPMS LOCK HELD. 12154 */ 12155 private boolean hasIncompatibleAccountsOrNonAdbNoLock( 12156 int userId, @Nullable ComponentName owner) { 12157 if (!isAdb()) { 12158 return true; 12159 } 12160 wtfIfInLock(); 12161 12162 final long token = mInjector.binderClearCallingIdentity(); 12163 try { 12164 final AccountManager am = AccountManager.get(mContext); 12165 final Account accounts[] = am.getAccountsAsUser(userId); 12166 if (accounts.length == 0) { 12167 return false; 12168 } 12169 synchronized (getLockObject()) { 12170 if (owner == null || !isAdminTestOnlyLocked(owner, userId)) { 12171 Log.w(LOG_TAG, 12172 "Non test-only owner can't be installed with existing accounts."); 12173 return true; 12174 } 12175 } 12176 12177 final String[] feature_allow = 12178 { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED }; 12179 final String[] feature_disallow = 12180 { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED }; 12181 12182 boolean compatible = true; 12183 for (Account account : accounts) { 12184 if (hasAccountFeatures(am, account, feature_disallow)) { 12185 Log.e(LOG_TAG, account + " has " + feature_disallow[0]); 12186 compatible = false; 12187 break; 12188 } 12189 if (!hasAccountFeatures(am, account, feature_allow)) { 12190 Log.e(LOG_TAG, account + " doesn't have " + feature_allow[0]); 12191 compatible = false; 12192 break; 12193 } 12194 } 12195 if (compatible) { 12196 Log.w(LOG_TAG, "All accounts are compatible"); 12197 } else { 12198 Log.e(LOG_TAG, "Found incompatible accounts"); 12199 } 12200 return !compatible; 12201 } finally { 12202 mInjector.binderRestoreCallingIdentity(token); 12203 } 12204 } 12205 12206 private boolean hasAccountFeatures(AccountManager am, Account account, String[] features) { 12207 try { 12208 return am.hasFeatures(account, features, null, null).getResult(); 12209 } catch (Exception e) { 12210 Log.w(LOG_TAG, "Failed to get account feature", e); 12211 return false; 12212 } 12213 } 12214 12215 private boolean isAdb() { 12216 final int callingUid = mInjector.binderGetCallingUid(); 12217 return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID; 12218 } 12219 12220 @Override 12221 public void setNetworkLoggingEnabled(ComponentName admin, boolean enabled) { 12222 if (!mHasFeature) { 12223 return; 12224 } 12225 synchronized (getLockObject()) { 12226 Preconditions.checkNotNull(admin); 12227 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12228 12229 if (enabled == isNetworkLoggingEnabledInternalLocked()) { 12230 // already in the requested state 12231 return; 12232 } 12233 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12234 deviceOwner.isNetworkLoggingEnabled = enabled; 12235 if (!enabled) { 12236 deviceOwner.numNetworkLoggingNotifications = 0; 12237 deviceOwner.lastNetworkLoggingNotificationTimeMs = 0; 12238 } 12239 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12240 12241 setNetworkLoggingActiveInternal(enabled); 12242 } 12243 } 12244 12245 private void setNetworkLoggingActiveInternal(boolean active) { 12246 synchronized (getLockObject()) { 12247 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12248 try { 12249 if (active) { 12250 mNetworkLogger = new NetworkLogger(this, mInjector.getPackageManagerInternal()); 12251 if (!mNetworkLogger.startNetworkLogging()) { 12252 mNetworkLogger = null; 12253 Slog.wtf(LOG_TAG, "Network logging could not be started due to the logging" 12254 + " service not being available yet."); 12255 } 12256 maybePauseDeviceWideLoggingLocked(); 12257 sendNetworkLoggingNotificationLocked(); 12258 } else { 12259 if (mNetworkLogger != null && !mNetworkLogger.stopNetworkLogging()) { 12260 Slog.wtf(LOG_TAG, "Network logging could not be stopped due to the logging" 12261 + " service not being available yet."); 12262 } 12263 mNetworkLogger = null; 12264 mInjector.getNotificationManager().cancel(SystemMessage.NOTE_NETWORK_LOGGING); 12265 } 12266 } finally { 12267 mInjector.binderRestoreCallingIdentity(callingIdentity); 12268 } 12269 } 12270 } 12271 12272 /** Pauses security and network logging if there are unaffiliated users on the device */ 12273 private void maybePauseDeviceWideLoggingLocked() { 12274 if (!areAllUsersAffiliatedWithDeviceLocked()) { 12275 Slog.i(LOG_TAG, "There are unaffiliated users, security and network logging will be " 12276 + "paused if enabled."); 12277 mSecurityLogMonitor.pause(); 12278 if (mNetworkLogger != null) { 12279 mNetworkLogger.pause(); 12280 } 12281 } 12282 } 12283 12284 /** Resumes security and network logging (if they are enabled) if all users are affiliated */ 12285 private void maybeResumeDeviceWideLoggingLocked() { 12286 if (areAllUsersAffiliatedWithDeviceLocked()) { 12287 final long ident = mInjector.binderClearCallingIdentity(); 12288 try { 12289 mSecurityLogMonitor.resume(); 12290 if (mNetworkLogger != null) { 12291 mNetworkLogger.resume(); 12292 } 12293 } finally { 12294 mInjector.binderRestoreCallingIdentity(ident); 12295 } 12296 } 12297 } 12298 12299 /** Deletes any security and network logs that might have been collected so far */ 12300 private void discardDeviceWideLogsLocked() { 12301 mSecurityLogMonitor.discardLogs(); 12302 if (mNetworkLogger != null) { 12303 mNetworkLogger.discardLogs(); 12304 } 12305 // TODO: We should discard pre-boot security logs here too, as otherwise those 12306 // logs (which might contain data from the user just removed) will be 12307 // available after next boot. 12308 } 12309 12310 @Override 12311 public boolean isNetworkLoggingEnabled(ComponentName admin) { 12312 if (!mHasFeature) { 12313 return false; 12314 } 12315 synchronized (getLockObject()) { 12316 enforceDeviceOwnerOrManageUsers(); 12317 return isNetworkLoggingEnabledInternalLocked(); 12318 } 12319 } 12320 12321 private boolean isNetworkLoggingEnabledInternalLocked() { 12322 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12323 return (deviceOwner != null) && deviceOwner.isNetworkLoggingEnabled; 12324 } 12325 12326 /* 12327 * A maximum of 1200 events are returned, and the total marshalled size is in the order of 12328 * 100kB, so returning a List instead of ParceledListSlice is acceptable. 12329 * Ideally this would be done with ParceledList, however it only supports homogeneous types. 12330 * 12331 * @see NetworkLoggingHandler#MAX_EVENTS_PER_BATCH 12332 */ 12333 @Override 12334 public List<NetworkEvent> retrieveNetworkLogs(ComponentName admin, long batchToken) { 12335 if (!mHasFeature) { 12336 return null; 12337 } 12338 Preconditions.checkNotNull(admin); 12339 ensureDeviceOwnerAndAllUsersAffiliated(admin); 12340 12341 synchronized (getLockObject()) { 12342 if (mNetworkLogger == null 12343 || !isNetworkLoggingEnabledInternalLocked()) { 12344 return null; 12345 } 12346 12347 final long currentTime = System.currentTimeMillis(); 12348 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 12349 if (currentTime > policyData.mLastNetworkLogsRetrievalTime) { 12350 policyData.mLastNetworkLogsRetrievalTime = currentTime; 12351 saveSettingsLocked(UserHandle.USER_SYSTEM); 12352 } 12353 return mNetworkLogger.retrieveLogs(batchToken); 12354 } 12355 } 12356 12357 private void sendNetworkLoggingNotificationLocked() { 12358 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12359 if (deviceOwner == null || !deviceOwner.isNetworkLoggingEnabled) { 12360 return; 12361 } 12362 if (deviceOwner.numNetworkLoggingNotifications >= 12363 ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) { 12364 return; 12365 } 12366 final long now = System.currentTimeMillis(); 12367 if (now - deviceOwner.lastNetworkLoggingNotificationTimeMs < MS_PER_DAY) { 12368 return; 12369 } 12370 deviceOwner.numNetworkLoggingNotifications++; 12371 if (deviceOwner.numNetworkLoggingNotifications 12372 >= ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) { 12373 deviceOwner.lastNetworkLoggingNotificationTimeMs = 0; 12374 } else { 12375 deviceOwner.lastNetworkLoggingNotificationTimeMs = now; 12376 } 12377 final Intent intent = new Intent(DevicePolicyManager.ACTION_SHOW_DEVICE_MONITORING_DIALOG); 12378 intent.setPackage("com.android.systemui"); 12379 final PendingIntent pendingIntent = PendingIntent.getBroadcastAsUser(mContext, 0, intent, 0, 12380 UserHandle.CURRENT); 12381 Notification notification = 12382 new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) 12383 .setSmallIcon(R.drawable.ic_info_outline) 12384 .setContentTitle(mContext.getString(R.string.network_logging_notification_title)) 12385 .setContentText(mContext.getString(R.string.network_logging_notification_text)) 12386 .setTicker(mContext.getString(R.string.network_logging_notification_title)) 12387 .setShowWhen(true) 12388 .setContentIntent(pendingIntent) 12389 .setStyle(new Notification.BigTextStyle() 12390 .bigText(mContext.getString(R.string.network_logging_notification_text))) 12391 .build(); 12392 mInjector.getNotificationManager().notify(SystemMessage.NOTE_NETWORK_LOGGING, notification); 12393 saveSettingsLocked(mOwners.getDeviceOwnerUserId()); 12394 } 12395 12396 /** 12397 * Return the package name of owner in a given user. 12398 */ 12399 private String getOwnerPackageNameForUserLocked(int userId) { 12400 return mOwners.getDeviceOwnerUserId() == userId 12401 ? mOwners.getDeviceOwnerPackageName() 12402 : mOwners.getProfileOwnerPackage(userId); 12403 } 12404 12405 /** 12406 * @param rawIntent Original service intent specified by caller. It must be explicit. 12407 * @param expectedPackageName The expected package name of the resolved service. 12408 * @return Intent that have component explicitly set. {@code null} if no service is resolved 12409 * with the given intent. 12410 * @throws SecurityException if the intent is resolved to an invalid service. 12411 */ 12412 private Intent createCrossUserServiceIntent( 12413 @NonNull Intent rawIntent, @NonNull String expectedPackageName, 12414 @UserIdInt int targetUserId) throws RemoteException, SecurityException { 12415 ResolveInfo info = mIPackageManager.resolveService( 12416 rawIntent, 12417 rawIntent.resolveTypeIfNeeded(mContext.getContentResolver()), 12418 0, // flags 12419 targetUserId); 12420 if (info == null || info.serviceInfo == null) { 12421 Log.e(LOG_TAG, "Fail to look up the service: " + rawIntent 12422 + " or user " + targetUserId + " is not running"); 12423 return null; 12424 } 12425 if (!expectedPackageName.equals(info.serviceInfo.packageName)) { 12426 throw new SecurityException("Only allow to bind service in " + expectedPackageName); 12427 } 12428 // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release. 12429 if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) { 12430 throw new SecurityException( 12431 "Service must be protected by BIND_DEVICE_ADMIN permission"); 12432 } 12433 // It is the system server to bind the service, it would be extremely dangerous if it 12434 // can be exploited to bind any service. Set the component explicitly to make sure we 12435 // do not bind anything accidentally. 12436 rawIntent.setComponent(info.serviceInfo.getComponentName()); 12437 return rawIntent; 12438 } 12439 12440 @Override 12441 public long getLastSecurityLogRetrievalTime() { 12442 enforceDeviceOwnerOrManageUsers(); 12443 return getUserData(UserHandle.USER_SYSTEM).mLastSecurityLogRetrievalTime; 12444 } 12445 12446 @Override 12447 public long getLastBugReportRequestTime() { 12448 enforceDeviceOwnerOrManageUsers(); 12449 return getUserData(UserHandle.USER_SYSTEM).mLastBugReportRequestTime; 12450 } 12451 12452 @Override 12453 public long getLastNetworkLogRetrievalTime() { 12454 enforceDeviceOwnerOrManageUsers(); 12455 return getUserData(UserHandle.USER_SYSTEM).mLastNetworkLogsRetrievalTime; 12456 } 12457 12458 @Override 12459 public boolean setResetPasswordToken(ComponentName admin, byte[] token) { 12460 if (!mHasFeature) { 12461 return false; 12462 } 12463 if (token == null || token.length < 32) { 12464 throw new IllegalArgumentException("token must be at least 32-byte long"); 12465 } 12466 synchronized (getLockObject()) { 12467 final int userHandle = mInjector.userHandleGetCallingUserId(); 12468 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12469 12470 DevicePolicyData policy = getUserData(userHandle); 12471 long ident = mInjector.binderClearCallingIdentity(); 12472 try { 12473 if (policy.mPasswordTokenHandle != 0) { 12474 mLockPatternUtils.removeEscrowToken(policy.mPasswordTokenHandle, userHandle); 12475 } 12476 12477 policy.mPasswordTokenHandle = mLockPatternUtils.addEscrowToken(token, userHandle); 12478 saveSettingsLocked(userHandle); 12479 return policy.mPasswordTokenHandle != 0; 12480 } finally { 12481 mInjector.binderRestoreCallingIdentity(ident); 12482 } 12483 } 12484 } 12485 12486 @Override 12487 public boolean clearResetPasswordToken(ComponentName admin) { 12488 if (!mHasFeature) { 12489 return false; 12490 } 12491 synchronized (getLockObject()) { 12492 final int userHandle = mInjector.userHandleGetCallingUserId(); 12493 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12494 12495 DevicePolicyData policy = getUserData(userHandle); 12496 if (policy.mPasswordTokenHandle != 0) { 12497 long ident = mInjector.binderClearCallingIdentity(); 12498 try { 12499 boolean result = mLockPatternUtils.removeEscrowToken( 12500 policy.mPasswordTokenHandle, userHandle); 12501 policy.mPasswordTokenHandle = 0; 12502 saveSettingsLocked(userHandle); 12503 return result; 12504 } finally { 12505 mInjector.binderRestoreCallingIdentity(ident); 12506 } 12507 } 12508 } 12509 return false; 12510 } 12511 12512 @Override 12513 public boolean isResetPasswordTokenActive(ComponentName admin) { 12514 synchronized (getLockObject()) { 12515 final int userHandle = mInjector.userHandleGetCallingUserId(); 12516 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12517 12518 DevicePolicyData policy = getUserData(userHandle); 12519 if (policy.mPasswordTokenHandle != 0) { 12520 long ident = mInjector.binderClearCallingIdentity(); 12521 try { 12522 return mLockPatternUtils.isEscrowTokenActive(policy.mPasswordTokenHandle, 12523 userHandle); 12524 } finally { 12525 mInjector.binderRestoreCallingIdentity(ident); 12526 } 12527 } 12528 } 12529 return false; 12530 } 12531 12532 @Override 12533 public boolean resetPasswordWithToken(ComponentName admin, String passwordOrNull, byte[] token, 12534 int flags) { 12535 Preconditions.checkNotNull(token); 12536 synchronized (getLockObject()) { 12537 final int userHandle = mInjector.userHandleGetCallingUserId(); 12538 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12539 12540 DevicePolicyData policy = getUserData(userHandle); 12541 if (policy.mPasswordTokenHandle != 0) { 12542 final String password = passwordOrNull != null ? passwordOrNull : ""; 12543 return resetPasswordInternal(password, policy.mPasswordTokenHandle, token, 12544 flags, mInjector.binderGetCallingUid(), userHandle); 12545 } else { 12546 Slog.w(LOG_TAG, "No saved token handle"); 12547 } 12548 } 12549 return false; 12550 } 12551 12552 @Override 12553 public boolean isCurrentInputMethodSetByOwner() { 12554 enforceProfileOwnerOrSystemUser(); 12555 return getUserData(mInjector.userHandleGetCallingUserId()).mCurrentInputMethodSet; 12556 } 12557 12558 @Override 12559 public StringParceledListSlice getOwnerInstalledCaCerts(@NonNull UserHandle user) { 12560 final int userId = user.getIdentifier(); 12561 enforceProfileOwnerOrFullCrossUsersPermission(userId); 12562 synchronized (getLockObject()) { 12563 return new StringParceledListSlice( 12564 new ArrayList<>(getUserData(userId).mOwnerInstalledCaCerts)); 12565 } 12566 } 12567 12568 @Override 12569 public void clearApplicationUserData(ComponentName admin, String packageName, 12570 IPackageDataObserver callback) { 12571 Preconditions.checkNotNull(admin, "ComponentName is null"); 12572 Preconditions.checkNotNull(packageName, "packageName is null"); 12573 Preconditions.checkNotNull(callback, "callback is null"); 12574 synchronized (getLockObject()) { 12575 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12576 } 12577 final int userId = UserHandle.getCallingUserId(); 12578 12579 long ident = mInjector.binderClearCallingIdentity(); 12580 try { 12581 ActivityManager.getService().clearApplicationUserData(packageName, false, callback, 12582 userId); 12583 } catch(RemoteException re) { 12584 // Same process, should not happen. 12585 } catch (SecurityException se) { 12586 // This can happen e.g. for device admin packages, do not throw out the exception, 12587 // because callers have no means to know beforehand for which packages this might 12588 // happen. If so, we send back that removal failed. 12589 Slog.w(LOG_TAG, "Not allowed to clear application user data for package " + packageName, 12590 se); 12591 try { 12592 callback.onRemoveCompleted(packageName, false); 12593 } catch (RemoteException re) { 12594 // Caller is no longer available, ignore 12595 } 12596 } finally { 12597 mInjector.binderRestoreCallingIdentity(ident); 12598 } 12599 } 12600 12601 @Override 12602 public void setLogoutEnabled(ComponentName admin, boolean enabled) { 12603 if (!mHasFeature) { 12604 return; 12605 } 12606 Preconditions.checkNotNull(admin); 12607 12608 synchronized (getLockObject()) { 12609 ActiveAdmin deviceOwner = 12610 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12611 12612 if (deviceOwner.isLogoutEnabled == enabled) { 12613 // already in the requested state 12614 return; 12615 } 12616 deviceOwner.isLogoutEnabled = enabled; 12617 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12618 } 12619 } 12620 12621 @Override 12622 public boolean isLogoutEnabled() { 12623 if (!mHasFeature) { 12624 return false; 12625 } 12626 synchronized (getLockObject()) { 12627 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12628 return (deviceOwner != null) && deviceOwner.isLogoutEnabled; 12629 } 12630 } 12631 12632 @Override 12633 public List<String> getDisallowedSystemApps(ComponentName admin, int userId, 12634 String provisioningAction) throws RemoteException { 12635 enforceCanManageProfileAndDeviceOwners(); 12636 return new ArrayList<>( 12637 mOverlayPackagesProvider.getNonRequiredApps(admin, userId, provisioningAction)); 12638 } 12639 12640 @Override 12641 public void transferOwnership(@NonNull ComponentName admin, @NonNull ComponentName target, 12642 @Nullable PersistableBundle bundle) { 12643 if (!mHasFeature) { 12644 return; 12645 } 12646 12647 Preconditions.checkNotNull(admin, "Admin cannot be null."); 12648 Preconditions.checkNotNull(target, "Target cannot be null."); 12649 12650 enforceProfileOrDeviceOwner(admin); 12651 12652 if (admin.equals(target)) { 12653 throw new IllegalArgumentException("Provided administrator and target are " 12654 + "the same object."); 12655 } 12656 12657 if (admin.getPackageName().equals(target.getPackageName())) { 12658 throw new IllegalArgumentException("Provided administrator and target have " 12659 + "the same package name."); 12660 } 12661 12662 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12663 final DevicePolicyData policy = getUserData(callingUserId); 12664 final DeviceAdminInfo incomingDeviceInfo = findAdmin(target, callingUserId, 12665 /* throwForMissingPermission= */ true); 12666 checkActiveAdminPrecondition(target, incomingDeviceInfo, policy); 12667 if (!incomingDeviceInfo.supportsTransferOwnership()) { 12668 throw new IllegalArgumentException("Provided target does not support " 12669 + "ownership transfer."); 12670 } 12671 12672 final long id = mInjector.binderClearCallingIdentity(); 12673 try { 12674 synchronized (getLockObject()) { 12675 /* 12676 * We must ensure the whole process is atomic to prevent the device from ending up 12677 * in an invalid state (e.g. no active admin). This could happen if the device 12678 * is rebooted or work mode is turned off mid-transfer. 12679 * In order to guarantee atomicity, we: 12680 * 12681 * 1. Save an atomic journal file describing the transfer process 12682 * 2. Perform the transfer itself 12683 * 3. Delete the journal file 12684 * 12685 * That way if the journal file exists on device boot, we know that the transfer 12686 * must be reverted back to the original administrator. This logic is implemented in 12687 * revertTransferOwnershipIfNecessaryLocked. 12688 * */ 12689 if (bundle == null) { 12690 bundle = new PersistableBundle(); 12691 } 12692 if (isProfileOwner(admin, callingUserId)) { 12693 prepareTransfer(admin, target, bundle, callingUserId, 12694 ADMIN_TYPE_PROFILE_OWNER); 12695 transferProfileOwnershipLocked(admin, target, callingUserId); 12696 sendProfileOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE, 12697 getTransferOwnershipAdminExtras(bundle), callingUserId); 12698 postTransfer(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, callingUserId); 12699 if (isUserAffiliatedWithDeviceLocked(callingUserId)) { 12700 notifyAffiliatedProfileTransferOwnershipComplete(callingUserId); 12701 } 12702 } else if (isDeviceOwner(admin, callingUserId)) { 12703 prepareTransfer(admin, target, bundle, callingUserId, 12704 ADMIN_TYPE_DEVICE_OWNER); 12705 transferDeviceOwnershipLocked(admin, target, callingUserId); 12706 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE, 12707 getTransferOwnershipAdminExtras(bundle)); 12708 postTransfer(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, callingUserId); 12709 } 12710 } 12711 } finally { 12712 mInjector.binderRestoreCallingIdentity(id); 12713 } 12714 } 12715 12716 private void prepareTransfer(ComponentName admin, ComponentName target, 12717 PersistableBundle bundle, int callingUserId, String adminType) { 12718 saveTransferOwnershipBundleLocked(bundle, callingUserId); 12719 mTransferOwnershipMetadataManager.saveMetadataFile( 12720 new TransferOwnershipMetadataManager.Metadata(admin, target, 12721 callingUserId, adminType)); 12722 } 12723 12724 private void postTransfer(String broadcast, int callingUserId) { 12725 deleteTransferOwnershipMetadataFileLocked(); 12726 sendOwnerChangedBroadcast(broadcast, callingUserId); 12727 } 12728 12729 private void notifyAffiliatedProfileTransferOwnershipComplete(int callingUserId) { 12730 final Bundle extras = new Bundle(); 12731 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(callingUserId)); 12732 sendDeviceOwnerCommand( 12733 DeviceAdminReceiver.ACTION_AFFILIATED_PROFILE_TRANSFER_OWNERSHIP_COMPLETE, extras); 12734 } 12735 12736 /** 12737 * Transfers the profile owner for user with id profileOwnerUserId from admin to target. 12738 */ 12739 private void transferProfileOwnershipLocked(ComponentName admin, ComponentName target, 12740 int profileOwnerUserId) { 12741 transferActiveAdminUncheckedLocked(target, admin, profileOwnerUserId); 12742 mOwners.transferProfileOwner(target, profileOwnerUserId); 12743 Slog.i(LOG_TAG, "Profile owner set: " + target + " on user " + profileOwnerUserId); 12744 mOwners.writeProfileOwner(profileOwnerUserId); 12745 mDeviceAdminServiceController.startServiceForOwner( 12746 target.getPackageName(), profileOwnerUserId, "transfer-profile-owner"); 12747 } 12748 12749 /** 12750 * Transfers the device owner for user with id userId from admin to target. 12751 */ 12752 private void transferDeviceOwnershipLocked(ComponentName admin, ComponentName target, int userId) { 12753 transferActiveAdminUncheckedLocked(target, admin, userId); 12754 mOwners.transferDeviceOwnership(target); 12755 Slog.i(LOG_TAG, "Device owner set: " + target + " on user " + userId); 12756 mOwners.writeDeviceOwner(); 12757 mDeviceAdminServiceController.startServiceForOwner( 12758 target.getPackageName(), userId, "transfer-device-owner"); 12759 } 12760 12761 private Bundle getTransferOwnershipAdminExtras(PersistableBundle bundle) { 12762 Bundle extras = new Bundle(); 12763 if (bundle != null) { 12764 extras.putParcelable(EXTRA_TRANSFER_OWNERSHIP_ADMIN_EXTRAS_BUNDLE, bundle); 12765 } 12766 return extras; 12767 } 12768 12769 @Override 12770 public void setStartUserSessionMessage( 12771 ComponentName admin, CharSequence startUserSessionMessage) { 12772 if (!mHasFeature) { 12773 return; 12774 } 12775 Preconditions.checkNotNull(admin); 12776 12777 final String startUserSessionMessageString = 12778 startUserSessionMessage != null ? startUserSessionMessage.toString() : null; 12779 12780 synchronized (getLockObject()) { 12781 final ActiveAdmin deviceOwner = 12782 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12783 12784 if (TextUtils.equals(deviceOwner.startUserSessionMessage, startUserSessionMessage)) { 12785 return; 12786 } 12787 deviceOwner.startUserSessionMessage = startUserSessionMessageString; 12788 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12789 } 12790 12791 mInjector.getActivityManagerInternal() 12792 .setSwitchingFromSystemUserMessage(startUserSessionMessageString); 12793 } 12794 12795 @Override 12796 public void setEndUserSessionMessage(ComponentName admin, CharSequence endUserSessionMessage) { 12797 if (!mHasFeature) { 12798 return; 12799 } 12800 Preconditions.checkNotNull(admin); 12801 12802 final String endUserSessionMessageString = 12803 endUserSessionMessage != null ? endUserSessionMessage.toString() : null; 12804 12805 synchronized (getLockObject()) { 12806 final ActiveAdmin deviceOwner = 12807 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12808 12809 if (TextUtils.equals(deviceOwner.endUserSessionMessage, endUserSessionMessage)) { 12810 return; 12811 } 12812 deviceOwner.endUserSessionMessage = endUserSessionMessageString; 12813 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12814 } 12815 12816 mInjector.getActivityManagerInternal() 12817 .setSwitchingToSystemUserMessage(endUserSessionMessageString); 12818 } 12819 12820 @Override 12821 public String getStartUserSessionMessage(ComponentName admin) { 12822 if (!mHasFeature) { 12823 return null; 12824 } 12825 Preconditions.checkNotNull(admin); 12826 12827 synchronized (getLockObject()) { 12828 final ActiveAdmin deviceOwner = 12829 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12830 return deviceOwner.startUserSessionMessage; 12831 } 12832 } 12833 12834 @Override 12835 public String getEndUserSessionMessage(ComponentName admin) { 12836 if (!mHasFeature) { 12837 return null; 12838 } 12839 Preconditions.checkNotNull(admin); 12840 12841 synchronized (getLockObject()) { 12842 final ActiveAdmin deviceOwner = 12843 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12844 return deviceOwner.endUserSessionMessage; 12845 } 12846 } 12847 12848 private void deleteTransferOwnershipMetadataFileLocked() { 12849 mTransferOwnershipMetadataManager.deleteMetadataFile(); 12850 } 12851 12852 @Override 12853 @Nullable 12854 public PersistableBundle getTransferOwnershipBundle() { 12855 synchronized (getLockObject()) { 12856 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12857 getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12858 final File bundleFile = new File( 12859 mInjector.environmentGetUserSystemDirectory(callingUserId), 12860 TRANSFER_OWNERSHIP_PARAMETERS_XML); 12861 if (!bundleFile.exists()) { 12862 return null; 12863 } 12864 try (FileInputStream stream = new FileInputStream(bundleFile)) { 12865 XmlPullParser parser = Xml.newPullParser(); 12866 parser.setInput(stream, null); 12867 parser.next(); 12868 return PersistableBundle.restoreFromXml(parser); 12869 } catch (IOException | XmlPullParserException | IllegalArgumentException e) { 12870 Slog.e(LOG_TAG, "Caught exception while trying to load the " 12871 + "owner transfer parameters from file " + bundleFile, e); 12872 return null; 12873 } 12874 } 12875 } 12876 12877 @Override 12878 public int addOverrideApn(@NonNull ComponentName who, @NonNull ApnSetting apnSetting) { 12879 if (!mHasFeature) { 12880 return -1; 12881 } 12882 Preconditions.checkNotNull(who, "ComponentName is null in addOverrideApn"); 12883 Preconditions.checkNotNull(apnSetting, "ApnSetting is null in addOverrideApn"); 12884 synchronized (getLockObject()) { 12885 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12886 } 12887 12888 int operatedId = -1; 12889 Uri resultUri; 12890 final long id = mInjector.binderClearCallingIdentity(); 12891 try { 12892 resultUri = mContext.getContentResolver().insert(DPC_URI, apnSetting.toContentValues()); 12893 } finally { 12894 mInjector.binderRestoreCallingIdentity(id); 12895 } 12896 if (resultUri != null) { 12897 try { 12898 operatedId = Integer.parseInt(resultUri.getLastPathSegment()); 12899 } catch (NumberFormatException e) { 12900 Slog.e(LOG_TAG, "Failed to parse inserted override APN id.", e); 12901 } 12902 } 12903 12904 return operatedId; 12905 } 12906 12907 @Override 12908 public boolean updateOverrideApn(@NonNull ComponentName who, int apnId, 12909 @NonNull ApnSetting apnSetting) { 12910 if (!mHasFeature) { 12911 return false; 12912 } 12913 Preconditions.checkNotNull(who, "ComponentName is null in updateOverrideApn"); 12914 Preconditions.checkNotNull(apnSetting, "ApnSetting is null in updateOverrideApn"); 12915 synchronized (getLockObject()) { 12916 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12917 } 12918 12919 if (apnId < 0) { 12920 return false; 12921 } 12922 final long id = mInjector.binderClearCallingIdentity(); 12923 try { 12924 return mContext.getContentResolver().update( 12925 Uri.withAppendedPath(DPC_URI, Integer.toString(apnId)), 12926 apnSetting.toContentValues(), null, null) > 0; 12927 } finally { 12928 mInjector.binderRestoreCallingIdentity(id); 12929 } 12930 } 12931 12932 @Override 12933 public boolean removeOverrideApn(@NonNull ComponentName who, int apnId) { 12934 if (!mHasFeature) { 12935 return false; 12936 } 12937 Preconditions.checkNotNull(who, "ComponentName is null in removeOverrideApn"); 12938 synchronized (getLockObject()) { 12939 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12940 } 12941 12942 return removeOverrideApnUnchecked(apnId); 12943 } 12944 12945 private boolean removeOverrideApnUnchecked(int apnId) { 12946 if(apnId < 0) { 12947 return false; 12948 } 12949 int numDeleted = 0; 12950 final long id = mInjector.binderClearCallingIdentity(); 12951 try { 12952 numDeleted = mContext.getContentResolver().delete( 12953 Uri.withAppendedPath(DPC_URI, Integer.toString(apnId)), null, null); 12954 } finally { 12955 mInjector.binderRestoreCallingIdentity(id); 12956 } 12957 return numDeleted > 0; 12958 } 12959 12960 @Override 12961 public List<ApnSetting> getOverrideApns(@NonNull ComponentName who) { 12962 if (!mHasFeature) { 12963 return Collections.emptyList(); 12964 } 12965 Preconditions.checkNotNull(who, "ComponentName is null in getOverrideApns"); 12966 synchronized (getLockObject()) { 12967 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12968 } 12969 12970 return getOverrideApnsUnchecked(); 12971 } 12972 12973 private List<ApnSetting> getOverrideApnsUnchecked() { 12974 final Cursor cursor; 12975 final long id = mInjector.binderClearCallingIdentity(); 12976 try { 12977 cursor = mContext.getContentResolver().query(DPC_URI, null, null, null, null); 12978 } finally { 12979 mInjector.binderRestoreCallingIdentity(id); 12980 } 12981 12982 if (cursor == null) { 12983 return Collections.emptyList(); 12984 } 12985 try { 12986 List<ApnSetting> apnList = new ArrayList<ApnSetting>(); 12987 cursor.moveToPosition(-1); 12988 while (cursor.moveToNext()) { 12989 ApnSetting apn = ApnSetting.makeApnSetting(cursor); 12990 apnList.add(apn); 12991 } 12992 return apnList; 12993 } finally { 12994 cursor.close(); 12995 } 12996 } 12997 12998 @Override 12999 public void setOverrideApnsEnabled(@NonNull ComponentName who, boolean enabled) { 13000 if (!mHasFeature) { 13001 return; 13002 } 13003 Preconditions.checkNotNull(who, "ComponentName is null in setOverrideApnEnabled"); 13004 synchronized (getLockObject()) { 13005 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 13006 } 13007 13008 setOverrideApnsEnabledUnchecked(enabled); 13009 } 13010 13011 private void setOverrideApnsEnabledUnchecked(boolean enabled) { 13012 ContentValues value = new ContentValues(); 13013 value.put(ENFORCE_KEY, enabled); 13014 final long id = mInjector.binderClearCallingIdentity(); 13015 try { 13016 mContext.getContentResolver().update( 13017 ENFORCE_MANAGED_URI, value, null, null); 13018 } finally { 13019 mInjector.binderRestoreCallingIdentity(id); 13020 } 13021 } 13022 13023 @Override 13024 public boolean isOverrideApnEnabled(@NonNull ComponentName who) { 13025 if (!mHasFeature) { 13026 return false; 13027 } 13028 Preconditions.checkNotNull(who, "ComponentName is null in isOverrideApnEnabled"); 13029 synchronized (getLockObject()) { 13030 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 13031 } 13032 13033 Cursor enforceCursor; 13034 final long id = mInjector.binderClearCallingIdentity(); 13035 try { 13036 enforceCursor = mContext.getContentResolver().query( 13037 ENFORCE_MANAGED_URI, null, null, null, null); 13038 } finally { 13039 mInjector.binderRestoreCallingIdentity(id); 13040 } 13041 13042 if (enforceCursor == null) { 13043 return false; 13044 } 13045 try { 13046 if (enforceCursor.moveToFirst()) { 13047 return enforceCursor.getInt(enforceCursor.getColumnIndex(ENFORCE_KEY)) == 1; 13048 } 13049 } catch (IllegalArgumentException e) { 13050 Slog.e(LOG_TAG, "Cursor returned from ENFORCE_MANAGED_URI doesn't contain " 13051 + "correct info.", e); 13052 } finally { 13053 enforceCursor.close(); 13054 } 13055 return false; 13056 } 13057 13058 @VisibleForTesting 13059 void saveTransferOwnershipBundleLocked(PersistableBundle bundle, int userId) { 13060 final File parametersFile = new File( 13061 mInjector.environmentGetUserSystemDirectory(userId), 13062 TRANSFER_OWNERSHIP_PARAMETERS_XML); 13063 final AtomicFile atomicFile = new AtomicFile(parametersFile); 13064 FileOutputStream stream = null; 13065 try { 13066 stream = atomicFile.startWrite(); 13067 final XmlSerializer serializer = new FastXmlSerializer(); 13068 serializer.setOutput(stream, StandardCharsets.UTF_8.name()); 13069 serializer.startDocument(null, true); 13070 serializer.startTag(null, TAG_TRANSFER_OWNERSHIP_BUNDLE); 13071 bundle.saveToXml(serializer); 13072 serializer.endTag(null, TAG_TRANSFER_OWNERSHIP_BUNDLE); 13073 serializer.endDocument(); 13074 atomicFile.finishWrite(stream); 13075 } catch (IOException | XmlPullParserException e) { 13076 Slog.e(LOG_TAG, "Caught exception while trying to save the " 13077 + "owner transfer parameters to file " + parametersFile, e); 13078 parametersFile.delete(); 13079 atomicFile.failWrite(stream); 13080 } 13081 } 13082 13083 void deleteTransferOwnershipBundleLocked(int userId) { 13084 final File parametersFile = new File(mInjector.environmentGetUserSystemDirectory(userId), 13085 TRANSFER_OWNERSHIP_PARAMETERS_XML); 13086 parametersFile.delete(); 13087 } 13088 13089 private void maybeLogPasswordComplexitySet(ComponentName who, int userId, boolean parent, 13090 PasswordMetrics metrics) { 13091 if (SecurityLog.isLoggingEnabled()) { 13092 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 13093 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_COMPLEXITY_SET, who.getPackageName(), 13094 userId, affectedUserId, metrics.length, metrics.quality, metrics.letters, 13095 metrics.nonLetter, metrics.numeric, metrics.upperCase, metrics.lowerCase, 13096 metrics.symbols); 13097 } 13098 } 13099 13100 private static String getManagedProvisioningPackage(Context context) { 13101 return context.getResources().getString(R.string.config_managed_provisioning_package); 13102 } 13103} 13104