DevicePolicyManagerService.java revision 5416468217e5c79b54d795cb6227e5b9312c24d6
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.devicepolicy; 18 19import static android.Manifest.permission.BIND_DEVICE_ADMIN; 20import static android.Manifest.permission.MANAGE_CA_CERTIFICATES; 21import static android.app.ActivityManager.LOCK_TASK_MODE_NONE; 22import static android.app.admin.DeviceAdminReceiver.EXTRA_TRANSFER_OWNERSHIP_ADMIN_EXTRAS_BUNDLE; 23import static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_USER; 24import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY; 25import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED; 26import static android.app.admin.DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE; 27import static android.app.admin.DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED; 28import static android.app.admin.DevicePolicyManager.CODE_HAS_DEVICE_OWNER; 29import static android.app.admin.DevicePolicyManager.CODE_HAS_PAIRED; 30import static android.app.admin.DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED; 31import static android.app.admin.DevicePolicyManager.CODE_NONSYSTEM_USER_EXISTS; 32import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER; 33import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT; 34import static android.app.admin.DevicePolicyManager.CODE_OK; 35import static android.app.admin.DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; 36import static android.app.admin.DevicePolicyManager.CODE_SYSTEM_USER; 37import static android.app.admin.DevicePolicyManager.CODE_USER_HAS_PROFILE_OWNER; 38import static android.app.admin.DevicePolicyManager.CODE_USER_NOT_RUNNING; 39import static android.app.admin.DevicePolicyManager.CODE_USER_SETUP_COMPLETED; 40import static android.app.admin.DevicePolicyManager.DELEGATION_APP_RESTRICTIONS; 41import static android.app.admin.DevicePolicyManager.DELEGATION_BLOCK_UNINSTALL; 42import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL; 43import static android.app.admin.DevicePolicyManager.DELEGATION_ENABLE_SYSTEM_APP; 44import static android.app.admin.DevicePolicyManager.DELEGATION_INSTALL_EXISTING_PACKAGE; 45import static android.app.admin.DevicePolicyManager.DELEGATION_KEEP_UNINSTALLED_PACKAGES; 46import static android.app.admin.DevicePolicyManager.DELEGATION_PACKAGE_ACCESS; 47import static android.app.admin.DevicePolicyManager.DELEGATION_PERMISSION_GRANT; 48import static android.app.admin.DevicePolicyManager.ID_TYPE_BASE_INFO; 49import static android.app.admin.DevicePolicyManager.ID_TYPE_IMEI; 50import static android.app.admin.DevicePolicyManager.ID_TYPE_MEID; 51import static android.app.admin.DevicePolicyManager.ID_TYPE_SERIAL; 52import static android.app.admin.DevicePolicyManager.LEAVE_ALL_SYSTEM_APPS_ENABLED; 53import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_HOME; 54import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_OVERVIEW; 55import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; 56import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; 57import static android.app.admin.DevicePolicyManager.PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER; 58import static android.app.admin.DevicePolicyManager.WIPE_EUICC; 59import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE; 60import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA; 61import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES; 62 63import static android.provider.Telephony.Carriers.DPC_URI; 64import static android.provider.Telephony.Carriers.ENFORCE_KEY; 65import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; 66 67import static com.android.internal.logging.nano.MetricsProto.MetricsEvent 68 .PROVISIONING_ENTRY_POINT_ADB; 69import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker 70 .STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW; 71 72import static com.android.server.devicepolicy.TransferOwnershipMetadataManager.ADMIN_TYPE_DEVICE_OWNER; 73import static com.android.server.devicepolicy.TransferOwnershipMetadataManager.ADMIN_TYPE_PROFILE_OWNER; 74 75import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT; 76import static org.xmlpull.v1.XmlPullParser.END_TAG; 77import static org.xmlpull.v1.XmlPullParser.TEXT; 78 79import android.Manifest.permission; 80import android.accessibilityservice.AccessibilityServiceInfo; 81import android.accounts.Account; 82import android.accounts.AccountManager; 83import android.annotation.NonNull; 84import android.annotation.Nullable; 85import android.annotation.UserIdInt; 86import android.app.Activity; 87import android.app.ActivityManager; 88import android.app.ActivityManagerInternal; 89import android.app.ActivityThread; 90import android.app.AlarmManager; 91import android.app.AppGlobals; 92import android.app.IActivityManager; 93import android.app.IApplicationThread; 94import android.app.IServiceConnection; 95import android.app.Notification; 96import android.app.NotificationManager; 97import android.app.PendingIntent; 98import android.app.StatusBarManager; 99import android.app.admin.DeviceAdminInfo; 100import android.app.admin.DeviceAdminReceiver; 101import android.app.admin.DevicePolicyManager; 102import android.app.admin.DevicePolicyManagerInternal; 103import android.app.admin.NetworkEvent; 104import android.app.admin.PasswordMetrics; 105import android.app.admin.SecurityLog; 106import android.app.admin.SecurityLog.SecurityEvent; 107import android.app.admin.SystemUpdateInfo; 108import android.app.admin.SystemUpdatePolicy; 109import android.app.backup.IBackupManager; 110import android.app.trust.TrustManager; 111import android.app.usage.UsageStatsManagerInternal; 112import android.content.BroadcastReceiver; 113import android.content.ComponentName; 114import android.content.ContentValues; 115import android.content.Context; 116import android.content.Intent; 117import android.content.IntentFilter; 118import android.content.pm.ActivityInfo; 119import android.content.pm.ApplicationInfo; 120import android.content.pm.IPackageDataObserver; 121import android.content.pm.IPackageManager; 122import android.content.pm.PackageInfo; 123import android.content.pm.PackageManager; 124import android.content.pm.PackageManager.NameNotFoundException; 125import android.content.pm.PackageManagerInternal; 126import android.content.pm.ParceledListSlice; 127import android.content.pm.PermissionInfo; 128import android.content.pm.ResolveInfo; 129import android.content.pm.ServiceInfo; 130import android.content.pm.StringParceledListSlice; 131import android.content.pm.UserInfo; 132import android.content.res.Resources; 133import android.database.ContentObserver; 134import android.database.Cursor; 135import android.graphics.Bitmap; 136import android.graphics.Color; 137import android.media.AudioManager; 138import android.media.IAudioService; 139import android.net.ConnectivityManager; 140import android.net.IIpConnectivityMetrics; 141import android.net.ProxyInfo; 142import android.net.Uri; 143import android.net.metrics.IpConnectivityLog; 144import android.net.wifi.WifiInfo; 145import android.net.wifi.WifiManager; 146import android.os.Binder; 147import android.os.Build; 148import android.os.Bundle; 149import android.os.Environment; 150import android.os.FileUtils; 151import android.os.Handler; 152import android.os.IBinder; 153import android.os.Looper; 154import android.os.ParcelFileDescriptor; 155import android.os.PersistableBundle; 156import android.os.PowerManager; 157import android.os.PowerManagerInternal; 158import android.os.Process; 159import android.os.RecoverySystem; 160import android.os.RemoteCallback; 161import android.os.RemoteException; 162import android.os.ServiceManager; 163import android.os.ServiceSpecificException; 164import android.os.SystemClock; 165import android.os.SystemProperties; 166import android.os.UserHandle; 167import android.os.UserManager; 168import android.os.UserManagerInternal; 169import android.os.UserManagerInternal.UserRestrictionsListener; 170import android.os.storage.StorageManager; 171import android.provider.ContactsContract.QuickContact; 172import android.provider.ContactsInternal; 173import android.provider.Settings; 174import android.provider.Settings.Global; 175import android.security.IKeyChainAliasCallback; 176import android.security.IKeyChainService; 177import android.security.KeyChain; 178import android.security.KeyChain.KeyChainConnection; 179import android.security.KeyStore; 180import android.security.keymaster.KeymasterCertificateChain; 181import android.security.keystore.AttestationUtils; 182import android.security.keystore.KeyGenParameterSpec; 183import android.security.keystore.ParcelableKeyGenParameterSpec; 184import android.service.persistentdata.PersistentDataBlockManager; 185import android.telephony.TelephonyManager; 186import android.telephony.data.ApnSetting; 187import android.text.TextUtils; 188import android.util.ArrayMap; 189import android.util.ArraySet; 190import android.util.AtomicFile; 191import android.util.Log; 192import android.util.Pair; 193import android.util.Slog; 194import android.util.SparseArray; 195import android.util.Xml; 196import android.view.IWindowManager; 197import android.view.accessibility.AccessibilityManager; 198import android.view.accessibility.IAccessibilityManager; 199import android.view.inputmethod.InputMethodInfo; 200import android.view.inputmethod.InputMethodManager; 201 202import com.android.internal.R; 203import com.android.internal.annotations.GuardedBy; 204import com.android.internal.annotations.VisibleForTesting; 205import com.android.internal.logging.MetricsLogger; 206import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; 207import com.android.internal.notification.SystemNotificationChannels; 208import com.android.internal.os.BackgroundThread; 209import com.android.internal.statusbar.IStatusBarService; 210import com.android.internal.telephony.SmsApplication; 211import com.android.internal.util.DumpUtils; 212import com.android.internal.util.FastXmlSerializer; 213import com.android.internal.util.FunctionalUtils.ThrowingRunnable; 214import com.android.internal.util.JournaledFile; 215import com.android.internal.util.Preconditions; 216import com.android.internal.util.XmlUtils; 217import com.android.internal.widget.LockPatternUtils; 218import com.android.server.LocalServices; 219import com.android.server.SystemServerInitThreadPool; 220import com.android.server.SystemService; 221import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo; 222import com.android.server.net.NetworkPolicyManagerInternal; 223import com.android.server.pm.UserRestrictionsUtils; 224import com.android.server.storage.DeviceStorageMonitorInternal; 225 226import com.google.android.collect.Sets; 227 228import org.xmlpull.v1.XmlPullParser; 229import org.xmlpull.v1.XmlPullParserException; 230import org.xmlpull.v1.XmlSerializer; 231 232import java.io.File; 233import java.io.FileDescriptor; 234import java.io.FileInputStream; 235import java.io.FileNotFoundException; 236import java.io.FileOutputStream; 237import java.io.IOException; 238import java.io.PrintWriter; 239import java.lang.reflect.Constructor; 240import java.nio.charset.StandardCharsets; 241import java.text.DateFormat; 242import java.time.LocalDate; 243import java.util.ArrayList; 244import java.util.Arrays; 245import java.util.Collection; 246import java.util.Collections; 247import java.util.Date; 248import java.util.HashMap; 249import java.util.List; 250import java.util.Map; 251import java.util.Map.Entry; 252import java.util.Objects; 253import java.util.Set; 254import java.util.concurrent.TimeUnit; 255import java.util.concurrent.atomic.AtomicBoolean; 256import java.util.function.Function; 257 258/** 259 * Implementation of the device policy APIs. 260 */ 261public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 262 263 protected static final String LOG_TAG = "DevicePolicyManager"; 264 265 private static final boolean VERBOSE_LOG = false; // DO NOT SUBMIT WITH TRUE 266 267 private static final String DEVICE_POLICIES_XML = "device_policies.xml"; 268 269 private static final String TRANSFER_OWNERSHIP_PARAMETERS_XML = 270 "transfer-ownership-parameters.xml"; 271 272 private static final String TAG_ACCEPTED_CA_CERTIFICATES = "accepted-ca-certificate"; 273 274 private static final String TAG_LOCK_TASK_COMPONENTS = "lock-task-component"; 275 276 private static final String TAG_LOCK_TASK_FEATURES = "lock-task-features"; 277 278 private static final String TAG_STATUS_BAR = "statusbar"; 279 280 private static final String ATTR_DISABLED = "disabled"; 281 282 private static final String ATTR_NAME = "name"; 283 284 private static final String DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML = 285 "do-not-ask-credentials-on-boot"; 286 287 private static final String TAG_AFFILIATION_ID = "affiliation-id"; 288 289 private static final String TAG_LAST_SECURITY_LOG_RETRIEVAL = "last-security-log-retrieval"; 290 291 private static final String TAG_LAST_BUG_REPORT_REQUEST = "last-bug-report-request"; 292 293 private static final String TAG_LAST_NETWORK_LOG_RETRIEVAL = "last-network-log-retrieval"; 294 295 private static final String TAG_ADMIN_BROADCAST_PENDING = "admin-broadcast-pending"; 296 297 private static final String TAG_CURRENT_INPUT_METHOD_SET = "current-ime-set"; 298 299 private static final String TAG_OWNER_INSTALLED_CA_CERT = "owner-installed-ca-cert"; 300 301 private static final String ATTR_ID = "id"; 302 303 private static final String ATTR_VALUE = "value"; 304 305 private static final String ATTR_ALIAS = "alias"; 306 307 private static final String TAG_INITIALIZATION_BUNDLE = "initialization-bundle"; 308 309 private static final String TAG_PASSWORD_TOKEN_HANDLE = "password-token"; 310 311 private static final String TAG_PASSWORD_VALIDITY = "password-validity"; 312 313 private static final String TAG_TRANSFER_OWNERSHIP_BUNDLE = "transfer-ownership-bundle"; 314 315 private static final int REQUEST_EXPIRE_PASSWORD = 5571; 316 317 private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1); 318 319 private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms 320 321 private static final String ACTION_EXPIRED_PASSWORD_NOTIFICATION 322 = "com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION"; 323 324 private static final String ATTR_PERMISSION_PROVIDER = "permission-provider"; 325 private static final String ATTR_SETUP_COMPLETE = "setup-complete"; 326 private static final String ATTR_PROVISIONING_STATE = "provisioning-state"; 327 private static final String ATTR_PERMISSION_POLICY = "permission-policy"; 328 private static final String ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED = 329 "device-provisioning-config-applied"; 330 private static final String ATTR_DEVICE_PAIRED = "device-paired"; 331 private static final String ATTR_DELEGATED_CERT_INSTALLER = "delegated-cert-installer"; 332 private static final String ATTR_APPLICATION_RESTRICTIONS_MANAGER 333 = "application-restrictions-manager"; 334 335 // Comprehensive list of delegations. 336 private static final String DELEGATIONS[] = { 337 DELEGATION_CERT_INSTALL, 338 DELEGATION_APP_RESTRICTIONS, 339 DELEGATION_BLOCK_UNINSTALL, 340 DELEGATION_ENABLE_SYSTEM_APP, 341 DELEGATION_KEEP_UNINSTALLED_PACKAGES, 342 DELEGATION_PACKAGE_ACCESS, 343 DELEGATION_PERMISSION_GRANT, 344 DELEGATION_INSTALL_EXISTING_PACKAGE, 345 DELEGATION_KEEP_UNINSTALLED_PACKAGES 346 }; 347 348 /** 349 * System property whose value is either "true" or "false", indicating whether 350 * device owner is present. 351 */ 352 private static final String PROPERTY_DEVICE_OWNER_PRESENT = "ro.device_owner"; 353 354 private static final int STATUS_BAR_DISABLE_MASK = 355 StatusBarManager.DISABLE_EXPAND | 356 StatusBarManager.DISABLE_NOTIFICATION_ICONS | 357 StatusBarManager.DISABLE_NOTIFICATION_ALERTS | 358 StatusBarManager.DISABLE_SEARCH; 359 360 private static final int STATUS_BAR_DISABLE2_MASK = 361 StatusBarManager.DISABLE2_QUICK_SETTINGS; 362 363 private static final Set<String> SECURE_SETTINGS_WHITELIST; 364 private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST; 365 private static final Set<String> GLOBAL_SETTINGS_WHITELIST; 366 private static final Set<String> GLOBAL_SETTINGS_DEPRECATED; 367 private static final Set<String> SYSTEM_SETTINGS_WHITELIST; 368 static { 369 SECURE_SETTINGS_WHITELIST = new ArraySet<>(); 370 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD); 371 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS); 372 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.INSTALL_NON_MARKET_APPS); 373 374 SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new ArraySet<>(); 375 SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST); 376 SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE); 377 378 GLOBAL_SETTINGS_WHITELIST = new ArraySet<>(); 379 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED); 380 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME); 381 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME_ZONE); 382 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DATA_ROAMING); 383 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.USB_MASS_STORAGE_ENABLED); 384 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_SLEEP_POLICY); 385 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.STAY_ON_WHILE_PLUGGED_IN); 386 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN); 387 388 GLOBAL_SETTINGS_DEPRECATED = new ArraySet<>(); 389 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.BLUETOOTH_ON); 390 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.DEVELOPMENT_SETTINGS_ENABLED); 391 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.MODE_RINGER); 392 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.NETWORK_PREFERENCE); 393 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.WIFI_ON); 394 395 SYSTEM_SETTINGS_WHITELIST = new ArraySet<>(); 396 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS); 397 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS_MODE); 398 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_OFF_TIMEOUT); 399 } 400 401 /** 402 * Keyguard features that when set on a profile affect the profile content or challenge only. 403 * These cannot be set on the managed profile's parent DPM instance 404 */ 405 private static final int PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY = 406 DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS; 407 408 /** Keyguard features that are allowed to be set on a managed profile */ 409 private static final int PROFILE_KEYGUARD_FEATURES = 410 PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER | PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY; 411 412 private static final int DEVICE_ADMIN_DEACTIVATE_TIMEOUT = 10000; 413 414 /** 415 * Minimum timeout in milliseconds after which unlocking with weak auth times out, 416 * i.e. the user has to use a strong authentication method like password, PIN or pattern. 417 */ 418 private static final long MINIMUM_STRONG_AUTH_TIMEOUT_MS = TimeUnit.HOURS.toMillis(1); 419 420 /** 421 * Strings logged with {@link 422 * com.android.internal.logging.nano.MetricsProto.MetricsEvent#PROVISIONING_ENTRY_POINT_ADB}. 423 */ 424 private static final String LOG_TAG_PROFILE_OWNER = "profile-owner"; 425 private static final String LOG_TAG_DEVICE_OWNER = "device-owner"; 426 427 final Context mContext; 428 final Injector mInjector; 429 final IPackageManager mIPackageManager; 430 final UserManager mUserManager; 431 final UserManagerInternal mUserManagerInternal; 432 final UsageStatsManagerInternal mUsageStatsManagerInternal; 433 final TelephonyManager mTelephonyManager; 434 private final LockPatternUtils mLockPatternUtils; 435 private final DevicePolicyConstants mConstants; 436 private final DeviceAdminServiceController mDeviceAdminServiceController; 437 private final OverlayPackagesProvider mOverlayPackagesProvider; 438 439 /** 440 * Contains (package-user) pairs to remove. An entry (p, u) implies that removal of package p 441 * is requested for user u. 442 */ 443 private final Set<Pair<String, Integer>> mPackagesToRemove = 444 new ArraySet<Pair<String, Integer>>(); 445 446 final LocalService mLocalService; 447 448 // Stores and loads state on device and profile owners. 449 @VisibleForTesting 450 final Owners mOwners; 451 452 private final Binder mToken = new Binder(); 453 454 /** 455 * Whether or not device admin feature is supported. If it isn't return defaults for all 456 * public methods. 457 */ 458 boolean mHasFeature; 459 460 /** 461 * Whether or not this device is a watch. 462 */ 463 boolean mIsWatch; 464 465 private final CertificateMonitor mCertificateMonitor; 466 private final SecurityLogMonitor mSecurityLogMonitor; 467 private NetworkLogger mNetworkLogger; 468 469 private final AtomicBoolean mRemoteBugreportServiceIsActive = new AtomicBoolean(); 470 private final AtomicBoolean mRemoteBugreportSharingAccepted = new AtomicBoolean(); 471 472 private SetupContentObserver mSetupContentObserver; 473 474 @VisibleForTesting 475 final TransferOwnershipMetadataManager mTransferOwnershipMetadataManager; 476 477 private final Runnable mRemoteBugreportTimeoutRunnable = new Runnable() { 478 @Override 479 public void run() { 480 if(mRemoteBugreportServiceIsActive.get()) { 481 onBugreportFailed(); 482 } 483 } 484 }; 485 486 /** Listens only if mHasFeature == true. */ 487 private final BroadcastReceiver mRemoteBugreportFinishedReceiver = new BroadcastReceiver() { 488 489 @Override 490 public void onReceive(Context context, Intent intent) { 491 if (DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH.equals(intent.getAction()) 492 && mRemoteBugreportServiceIsActive.get()) { 493 onBugreportFinished(intent); 494 } 495 } 496 }; 497 498 /** Listens only if mHasFeature == true. */ 499 private final BroadcastReceiver mRemoteBugreportConsentReceiver = new BroadcastReceiver() { 500 501 @Override 502 public void onReceive(Context context, Intent intent) { 503 String action = intent.getAction(); 504 mInjector.getNotificationManager().cancel(LOG_TAG, 505 RemoteBugreportUtils.NOTIFICATION_ID); 506 if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED.equals(action)) { 507 onBugreportSharingAccepted(); 508 } else if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) { 509 onBugreportSharingDeclined(); 510 } 511 mContext.unregisterReceiver(mRemoteBugreportConsentReceiver); 512 } 513 }; 514 515 public static final class Lifecycle extends SystemService { 516 private BaseIDevicePolicyManager mService; 517 518 public Lifecycle(Context context) { 519 super(context); 520 String dpmsClassName = context.getResources() 521 .getString(R.string.config_deviceSpecificDevicePolicyManagerService); 522 if (TextUtils.isEmpty(dpmsClassName)) { 523 dpmsClassName = DevicePolicyManagerService.class.getName(); 524 } 525 try { 526 Class serviceClass = Class.forName(dpmsClassName); 527 Constructor constructor = serviceClass.getConstructor(Context.class); 528 mService = (BaseIDevicePolicyManager) constructor.newInstance(context); 529 } catch (Exception e) { 530 throw new IllegalStateException( 531 "Failed to instantiate DevicePolicyManagerService with class name: " 532 + dpmsClassName, e); 533 } 534 } 535 536 @Override 537 public void onStart() { 538 publishBinderService(Context.DEVICE_POLICY_SERVICE, mService); 539 } 540 541 @Override 542 public void onBootPhase(int phase) { 543 mService.systemReady(phase); 544 } 545 546 @Override 547 public void onStartUser(int userHandle) { 548 mService.handleStartUser(userHandle); 549 } 550 551 @Override 552 public void onUnlockUser(int userHandle) { 553 mService.handleUnlockUser(userHandle); 554 } 555 556 @Override 557 public void onStopUser(int userHandle) { 558 mService.handleStopUser(userHandle); 559 } 560 } 561 562 public static class DevicePolicyData { 563 @NonNull PasswordMetrics mActivePasswordMetrics = new PasswordMetrics(); 564 int mFailedPasswordAttempts = 0; 565 boolean mPasswordStateHasBeenSetSinceBoot = false; 566 boolean mPasswordValidAtLastCheckpoint = false; 567 568 int mUserHandle; 569 int mPasswordOwner = -1; 570 long mLastMaximumTimeToLock = -1; 571 boolean mUserSetupComplete = false; 572 boolean mPaired = false; 573 int mUserProvisioningState; 574 int mPermissionPolicy; 575 576 boolean mDeviceProvisioningConfigApplied = false; 577 578 final ArrayMap<ComponentName, ActiveAdmin> mAdminMap = new ArrayMap<>(); 579 final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>(); 580 final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>(); 581 582 // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead. 583 final ArraySet<String> mAcceptedCaCertificates = new ArraySet<>(); 584 585 // This is the list of component allowed to start lock task mode. 586 List<String> mLockTaskPackages = new ArrayList<>(); 587 588 // Bitfield of feature flags to be enabled during LockTask mode. 589 int mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE; 590 591 boolean mStatusBarDisabled = false; 592 593 ComponentName mRestrictionsProvider; 594 595 // Map of delegate package to delegation scopes 596 final ArrayMap<String, List<String>> mDelegationMap = new ArrayMap<>(); 597 598 boolean doNotAskCredentialsOnBoot = false; 599 600 Set<String> mAffiliationIds = new ArraySet<>(); 601 602 long mLastSecurityLogRetrievalTime = -1; 603 604 long mLastBugReportRequestTime = -1; 605 606 long mLastNetworkLogsRetrievalTime = -1; 607 608 boolean mCurrentInputMethodSet = false; 609 610 // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead. 611 Set<String> mOwnerInstalledCaCerts = new ArraySet<>(); 612 613 // Used for initialization of users created by createAndManageUser. 614 boolean mAdminBroadcastPending = false; 615 PersistableBundle mInitBundle = null; 616 617 long mPasswordTokenHandle = 0; 618 619 public DevicePolicyData(int userHandle) { 620 mUserHandle = userHandle; 621 } 622 } 623 624 final SparseArray<DevicePolicyData> mUserData = new SparseArray<>(); 625 626 final Handler mHandler; 627 final Handler mBackgroundHandler; 628 629 /** Listens only if mHasFeature == true. */ 630 final BroadcastReceiver mReceiver = new BroadcastReceiver() { 631 @Override 632 public void onReceive(Context context, Intent intent) { 633 final String action = intent.getAction(); 634 final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, 635 getSendingUserId()); 636 637 /* 638 * Network logging would ideally be started in setDeviceOwnerSystemPropertyLocked(), 639 * however it's too early in the boot process to register with IIpConnectivityMetrics 640 * to listen for events. 641 */ 642 if (Intent.ACTION_USER_STARTED.equals(action) 643 && userHandle == mOwners.getDeviceOwnerUserId()) { 644 synchronized (DevicePolicyManagerService.this) { 645 if (isNetworkLoggingEnabledInternalLocked()) { 646 setNetworkLoggingActiveInternal(true); 647 } 648 } 649 } 650 if (Intent.ACTION_BOOT_COMPLETED.equals(action) 651 && userHandle == mOwners.getDeviceOwnerUserId() 652 && getDeviceOwnerRemoteBugreportUri() != null) { 653 IntentFilter filterConsent = new IntentFilter(); 654 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED); 655 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED); 656 mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent); 657 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, 658 RemoteBugreportUtils.NOTIFICATION_ID, 659 RemoteBugreportUtils.buildNotification(mContext, 660 DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED), 661 UserHandle.ALL); 662 } 663 if (Intent.ACTION_BOOT_COMPLETED.equals(action) 664 || ACTION_EXPIRED_PASSWORD_NOTIFICATION.equals(action)) { 665 if (VERBOSE_LOG) { 666 Slog.v(LOG_TAG, "Sending password expiration notifications for action " 667 + action + " for user " + userHandle); 668 } 669 mHandler.post(new Runnable() { 670 @Override 671 public void run() { 672 handlePasswordExpirationNotification(userHandle); 673 } 674 }); 675 } 676 677 if (Intent.ACTION_USER_ADDED.equals(action)) { 678 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_ADDED, userHandle); 679 synchronized (DevicePolicyManagerService.this) { 680 // It might take a while for the user to become affiliated. Make security 681 // and network logging unavailable in the meantime. 682 maybePauseDeviceWideLoggingLocked(); 683 } 684 } else if (Intent.ACTION_USER_REMOVED.equals(action)) { 685 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_REMOVED, userHandle); 686 synchronized (DevicePolicyManagerService.this) { 687 // Check whether the user is affiliated, *before* removing its data. 688 boolean isRemovedUserAffiliated = isUserAffiliatedWithDeviceLocked(userHandle); 689 removeUserData(userHandle); 690 if (!isRemovedUserAffiliated) { 691 // We discard the logs when unaffiliated users are deleted (so that the 692 // device owner cannot retrieve data about that user after it's gone). 693 discardDeviceWideLogsLocked(); 694 // Resume logging if all remaining users are affiliated. 695 maybeResumeDeviceWideLoggingLocked(); 696 } 697 } 698 } else if (Intent.ACTION_USER_STARTED.equals(action)) { 699 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STARTED, userHandle); 700 synchronized (DevicePolicyManagerService.this) { 701 maybeSendAdminEnabledBroadcastLocked(userHandle); 702 // Reset the policy data 703 mUserData.remove(userHandle); 704 } 705 handlePackagesChanged(null /* check all admins */, userHandle); 706 } else if (Intent.ACTION_USER_STOPPED.equals(action)) { 707 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STOPPED, userHandle); 708 } else if (Intent.ACTION_USER_SWITCHED.equals(action)) { 709 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_SWITCHED, userHandle); 710 } else if (Intent.ACTION_USER_UNLOCKED.equals(action)) { 711 synchronized (DevicePolicyManagerService.this) { 712 maybeSendAdminEnabledBroadcastLocked(userHandle); 713 } 714 } else if (Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) { 715 handlePackagesChanged(null /* check all admins */, userHandle); 716 } else if (Intent.ACTION_PACKAGE_CHANGED.equals(action) 717 || (Intent.ACTION_PACKAGE_ADDED.equals(action) 718 && intent.getBooleanExtra(Intent.EXTRA_REPLACING, false))) { 719 handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle); 720 } else if (Intent.ACTION_PACKAGE_REMOVED.equals(action) 721 && !intent.getBooleanExtra(Intent.EXTRA_REPLACING, false)) { 722 handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle); 723 } else if (Intent.ACTION_MANAGED_PROFILE_ADDED.equals(action)) { 724 clearWipeProfileNotification(); 725 } else if (Intent.ACTION_DATE_CHANGED.equals(action) 726 || Intent.ACTION_TIME_CHANGED.equals(action)) { 727 // Update freeze period record when clock naturally progresses to the next day 728 // (ACTION_DATE_CHANGED), or when manual clock adjustment is made 729 // (ACTION_TIME_CHANGED) 730 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ true); 731 } 732 733 } 734 735 private void sendDeviceOwnerUserCommand(String action, int userHandle) { 736 synchronized (DevicePolicyManagerService.this) { 737 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 738 if (deviceOwner != null) { 739 Bundle extras = new Bundle(); 740 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 741 sendAdminCommandLocked(deviceOwner, action, extras, /* result */ null, 742 /* inForeground */ true); 743 } 744 } 745 } 746 }; 747 748 protected static class RestrictionsListener implements UserRestrictionsListener { 749 private Context mContext; 750 751 public RestrictionsListener(Context context) { 752 mContext = context; 753 } 754 755 public void onUserRestrictionsChanged(int userId, Bundle newRestrictions, 756 Bundle prevRestrictions) { 757 final boolean newlyDisallowed = 758 newRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE); 759 final boolean previouslyDisallowed = 760 prevRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE); 761 final boolean restrictionChanged = (newlyDisallowed != previouslyDisallowed); 762 763 if (restrictionChanged) { 764 // Notify ManagedProvisioning to update the built-in cross profile intent filters. 765 Intent intent = new Intent( 766 DevicePolicyManager.ACTION_DATA_SHARING_RESTRICTION_CHANGED); 767 intent.setPackage(getManagedProvisioningPackage(mContext)); 768 intent.putExtra(Intent.EXTRA_USER_ID, userId); 769 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 770 mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM); 771 } 772 } 773 } 774 775 static class ActiveAdmin { 776 private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features"; 777 private static final String TAG_TEST_ONLY_ADMIN = "test-only-admin"; 778 private static final String TAG_DISABLE_CAMERA = "disable-camera"; 779 private static final String TAG_DISABLE_CALLER_ID = "disable-caller-id"; 780 private static final String TAG_DISABLE_CONTACTS_SEARCH = "disable-contacts-search"; 781 private static final String TAG_DISABLE_BLUETOOTH_CONTACT_SHARING 782 = "disable-bt-contacts-sharing"; 783 private static final String TAG_DISABLE_SCREEN_CAPTURE = "disable-screen-capture"; 784 private static final String TAG_DISABLE_ACCOUNT_MANAGEMENT = "disable-account-management"; 785 private static final String TAG_REQUIRE_AUTO_TIME = "require_auto_time"; 786 private static final String TAG_FORCE_EPHEMERAL_USERS = "force_ephemeral_users"; 787 private static final String TAG_IS_NETWORK_LOGGING_ENABLED = "is_network_logging_enabled"; 788 private static final String TAG_ACCOUNT_TYPE = "account-type"; 789 private static final String TAG_PERMITTED_ACCESSIBILITY_SERVICES 790 = "permitted-accessiblity-services"; 791 private static final String TAG_ENCRYPTION_REQUESTED = "encryption-requested"; 792 private static final String TAG_MANAGE_TRUST_AGENT_FEATURES = "manage-trust-agent-features"; 793 private static final String TAG_TRUST_AGENT_COMPONENT_OPTIONS = "trust-agent-component-options"; 794 private static final String TAG_TRUST_AGENT_COMPONENT = "component"; 795 private static final String TAG_PASSWORD_EXPIRATION_DATE = "password-expiration-date"; 796 private static final String TAG_PASSWORD_EXPIRATION_TIMEOUT = "password-expiration-timeout"; 797 private static final String TAG_GLOBAL_PROXY_EXCLUSION_LIST = "global-proxy-exclusion-list"; 798 private static final String TAG_GLOBAL_PROXY_SPEC = "global-proxy-spec"; 799 private static final String TAG_SPECIFIES_GLOBAL_PROXY = "specifies-global-proxy"; 800 private static final String TAG_PERMITTED_IMES = "permitted-imes"; 801 private static final String TAG_PERMITTED_NOTIFICATION_LISTENERS = 802 "permitted-notification-listeners"; 803 private static final String TAG_MAX_FAILED_PASSWORD_WIPE = "max-failed-password-wipe"; 804 private static final String TAG_MAX_TIME_TO_UNLOCK = "max-time-to-unlock"; 805 private static final String TAG_STRONG_AUTH_UNLOCK_TIMEOUT = "strong-auth-unlock-timeout"; 806 private static final String TAG_MIN_PASSWORD_NONLETTER = "min-password-nonletter"; 807 private static final String TAG_MIN_PASSWORD_SYMBOLS = "min-password-symbols"; 808 private static final String TAG_MIN_PASSWORD_NUMERIC = "min-password-numeric"; 809 private static final String TAG_MIN_PASSWORD_LETTERS = "min-password-letters"; 810 private static final String TAG_MIN_PASSWORD_LOWERCASE = "min-password-lowercase"; 811 private static final String TAG_MIN_PASSWORD_UPPERCASE = "min-password-uppercase"; 812 private static final String TAG_PASSWORD_HISTORY_LENGTH = "password-history-length"; 813 private static final String TAG_MIN_PASSWORD_LENGTH = "min-password-length"; 814 private static final String ATTR_VALUE = "value"; 815 private static final String TAG_PASSWORD_BLACKLIST = "password-blacklist"; 816 private static final String TAG_PASSWORD_QUALITY = "password-quality"; 817 private static final String TAG_POLICIES = "policies"; 818 private static final String TAG_CROSS_PROFILE_WIDGET_PROVIDERS = 819 "cross-profile-widget-providers"; 820 private static final String TAG_PROVIDER = "provider"; 821 private static final String TAG_PACKAGE_LIST_ITEM = "item"; 822 private static final String TAG_KEEP_UNINSTALLED_PACKAGES = "keep-uninstalled-packages"; 823 private static final String TAG_USER_RESTRICTIONS = "user-restrictions"; 824 private static final String TAG_DEFAULT_ENABLED_USER_RESTRICTIONS = 825 "default-enabled-user-restrictions"; 826 private static final String TAG_RESTRICTION = "restriction"; 827 private static final String TAG_SHORT_SUPPORT_MESSAGE = "short-support-message"; 828 private static final String TAG_LONG_SUPPORT_MESSAGE = "long-support-message"; 829 private static final String TAG_PARENT_ADMIN = "parent-admin"; 830 private static final String TAG_ORGANIZATION_COLOR = "organization-color"; 831 private static final String TAG_ORGANIZATION_NAME = "organization-name"; 832 private static final String ATTR_LAST_NETWORK_LOGGING_NOTIFICATION = "last-notification"; 833 private static final String ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS = "num-notifications"; 834 private static final String TAG_IS_LOGOUT_ENABLED = "is_logout_enabled"; 835 private static final String TAG_MANDATORY_BACKUP_TRANSPORT = "mandatory_backup_transport"; 836 private static final String TAG_START_USER_SESSION_MESSAGE = "start_user_session_message"; 837 private static final String TAG_END_USER_SESSION_MESSAGE = "end_user_session_message"; 838 private static final String TAG_METERED_DATA_DISABLED_PACKAGES 839 = "metered_data_disabled_packages"; 840 841 DeviceAdminInfo info; 842 843 844 static final int DEF_PASSWORD_HISTORY_LENGTH = 0; 845 int passwordHistoryLength = DEF_PASSWORD_HISTORY_LENGTH; 846 847 static final int DEF_MINIMUM_PASSWORD_LENGTH = 0; 848 static final int DEF_MINIMUM_PASSWORD_LETTERS = 1; 849 static final int DEF_MINIMUM_PASSWORD_UPPER_CASE = 0; 850 static final int DEF_MINIMUM_PASSWORD_LOWER_CASE = 0; 851 static final int DEF_MINIMUM_PASSWORD_NUMERIC = 1; 852 static final int DEF_MINIMUM_PASSWORD_SYMBOLS = 1; 853 static final int DEF_MINIMUM_PASSWORD_NON_LETTER = 0; 854 @NonNull 855 PasswordMetrics minimumPasswordMetrics = new PasswordMetrics( 856 PASSWORD_QUALITY_UNSPECIFIED, DEF_MINIMUM_PASSWORD_LENGTH, 857 DEF_MINIMUM_PASSWORD_LETTERS, DEF_MINIMUM_PASSWORD_UPPER_CASE, 858 DEF_MINIMUM_PASSWORD_LOWER_CASE, DEF_MINIMUM_PASSWORD_NUMERIC, 859 DEF_MINIMUM_PASSWORD_SYMBOLS, DEF_MINIMUM_PASSWORD_NON_LETTER); 860 861 static final long DEF_MAXIMUM_TIME_TO_UNLOCK = 0; 862 long maximumTimeToUnlock = DEF_MAXIMUM_TIME_TO_UNLOCK; 863 864 long strongAuthUnlockTimeout = 0; // admin doesn't participate by default 865 866 static final int DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE = 0; 867 int maximumFailedPasswordsForWipe = DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE; 868 869 static final long DEF_PASSWORD_EXPIRATION_TIMEOUT = 0; 870 long passwordExpirationTimeout = DEF_PASSWORD_EXPIRATION_TIMEOUT; 871 872 static final long DEF_PASSWORD_EXPIRATION_DATE = 0; 873 long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE; 874 875 static final int DEF_KEYGUARD_FEATURES_DISABLED = 0; // none 876 877 int disabledKeyguardFeatures = DEF_KEYGUARD_FEATURES_DISABLED; 878 879 boolean encryptionRequested = false; 880 boolean testOnlyAdmin = false; 881 boolean disableCamera = false; 882 boolean disableCallerId = false; 883 boolean disableContactsSearch = false; 884 boolean disableBluetoothContactSharing = true; 885 boolean disableScreenCapture = false; // Can only be set by a device/profile owner. 886 boolean requireAutoTime = false; // Can only be set by a device owner. 887 boolean forceEphemeralUsers = false; // Can only be set by a device owner. 888 boolean isNetworkLoggingEnabled = false; // Can only be set by a device owner. 889 boolean isLogoutEnabled = false; // Can only be set by a device owner. 890 891 // one notification after enabling + one more after reboots 892 static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2; 893 int numNetworkLoggingNotifications = 0; 894 long lastNetworkLoggingNotificationTimeMs = 0; // Time in milliseconds since epoch 895 896 ActiveAdmin parentAdmin; 897 final boolean isParent; 898 899 static class TrustAgentInfo { 900 public PersistableBundle options; 901 TrustAgentInfo(PersistableBundle bundle) { 902 options = bundle; 903 } 904 } 905 906 // The list of packages which are not allowed to use metered data. 907 List<String> meteredDisabledPackages; 908 909 final Set<String> accountTypesWithManagementDisabled = new ArraySet<>(); 910 911 // The list of permitted accessibility services package namesas set by a profile 912 // or device owner. Null means all accessibility services are allowed, empty means 913 // none except system services are allowed. 914 List<String> permittedAccessiblityServices; 915 916 // The list of permitted input methods package names as set by a profile or device owner. 917 // Null means all input methods are allowed, empty means none except system imes are 918 // allowed. 919 List<String> permittedInputMethods; 920 921 // The list of packages allowed to use a NotificationListenerService to receive events for 922 // notifications from this user. Null means that all packages are allowed. Empty list means 923 // that only packages from the system are allowed. 924 List<String> permittedNotificationListeners; 925 926 // List of package names to keep cached. 927 List<String> keepUninstalledPackages; 928 929 // TODO: review implementation decisions with frameworks team 930 boolean specifiesGlobalProxy = false; 931 String globalProxySpec = null; 932 String globalProxyExclusionList = null; 933 934 ArrayMap<String, TrustAgentInfo> trustAgentInfos = new ArrayMap<>(); 935 936 List<String> crossProfileWidgetProviders; 937 938 Bundle userRestrictions; 939 940 // User restrictions that have already been enabled by default for this admin (either when 941 // setting the device or profile owner, or during a system update if one of those "enabled 942 // by default" restrictions is newly added). 943 final Set<String> defaultEnabledRestrictionsAlreadySet = new ArraySet<>(); 944 945 // Support text provided by the admin to display to the user. 946 CharSequence shortSupportMessage = null; 947 CharSequence longSupportMessage = null; 948 949 // Background color of confirm credentials screen. Default: teal. 950 static final int DEF_ORGANIZATION_COLOR = Color.parseColor("#00796B"); 951 int organizationColor = DEF_ORGANIZATION_COLOR; 952 953 // Default title of confirm credentials screen 954 String organizationName = null; 955 956 // The blacklist data is stored in a file whose name is stored in the XML 957 String passwordBlacklistFile = null; 958 959 // The component name of the backup transport which has to be used if backups are mandatory 960 // or null if backups are not mandatory. 961 ComponentName mandatoryBackupTransport = null; 962 963 // Message for user switcher 964 String startUserSessionMessage = null; 965 String endUserSessionMessage = null; 966 967 ActiveAdmin(DeviceAdminInfo _info, boolean parent) { 968 info = _info; 969 isParent = parent; 970 } 971 972 ActiveAdmin getParentActiveAdmin() { 973 Preconditions.checkState(!isParent); 974 975 if (parentAdmin == null) { 976 parentAdmin = new ActiveAdmin(info, /* parent */ true); 977 } 978 return parentAdmin; 979 } 980 981 boolean hasParentActiveAdmin() { 982 return parentAdmin != null; 983 } 984 985 int getUid() { return info.getActivityInfo().applicationInfo.uid; } 986 987 public UserHandle getUserHandle() { 988 return UserHandle.of(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid)); 989 } 990 991 void writeToXml(XmlSerializer out) 992 throws IllegalArgumentException, IllegalStateException, IOException { 993 out.startTag(null, TAG_POLICIES); 994 info.writePoliciesToXml(out); 995 out.endTag(null, TAG_POLICIES); 996 if (minimumPasswordMetrics.quality != PASSWORD_QUALITY_UNSPECIFIED) { 997 out.startTag(null, TAG_PASSWORD_QUALITY); 998 out.attribute(null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.quality)); 999 out.endTag(null, TAG_PASSWORD_QUALITY); 1000 if (minimumPasswordMetrics.length != DEF_MINIMUM_PASSWORD_LENGTH) { 1001 out.startTag(null, TAG_MIN_PASSWORD_LENGTH); 1002 out.attribute( 1003 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.length)); 1004 out.endTag(null, TAG_MIN_PASSWORD_LENGTH); 1005 } 1006 if(passwordHistoryLength != DEF_PASSWORD_HISTORY_LENGTH) { 1007 out.startTag(null, TAG_PASSWORD_HISTORY_LENGTH); 1008 out.attribute(null, ATTR_VALUE, Integer.toString(passwordHistoryLength)); 1009 out.endTag(null, TAG_PASSWORD_HISTORY_LENGTH); 1010 } 1011 if (minimumPasswordMetrics.upperCase != DEF_MINIMUM_PASSWORD_UPPER_CASE) { 1012 out.startTag(null, TAG_MIN_PASSWORD_UPPERCASE); 1013 out.attribute( 1014 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.upperCase)); 1015 out.endTag(null, TAG_MIN_PASSWORD_UPPERCASE); 1016 } 1017 if (minimumPasswordMetrics.lowerCase != DEF_MINIMUM_PASSWORD_LOWER_CASE) { 1018 out.startTag(null, TAG_MIN_PASSWORD_LOWERCASE); 1019 out.attribute( 1020 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.lowerCase)); 1021 out.endTag(null, TAG_MIN_PASSWORD_LOWERCASE); 1022 } 1023 if (minimumPasswordMetrics.letters != DEF_MINIMUM_PASSWORD_LETTERS) { 1024 out.startTag(null, TAG_MIN_PASSWORD_LETTERS); 1025 out.attribute( 1026 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.letters)); 1027 out.endTag(null, TAG_MIN_PASSWORD_LETTERS); 1028 } 1029 if (minimumPasswordMetrics.numeric != DEF_MINIMUM_PASSWORD_NUMERIC) { 1030 out.startTag(null, TAG_MIN_PASSWORD_NUMERIC); 1031 out.attribute( 1032 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.numeric)); 1033 out.endTag(null, TAG_MIN_PASSWORD_NUMERIC); 1034 } 1035 if (minimumPasswordMetrics.symbols != DEF_MINIMUM_PASSWORD_SYMBOLS) { 1036 out.startTag(null, TAG_MIN_PASSWORD_SYMBOLS); 1037 out.attribute( 1038 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.symbols)); 1039 out.endTag(null, TAG_MIN_PASSWORD_SYMBOLS); 1040 } 1041 if (minimumPasswordMetrics.nonLetter > DEF_MINIMUM_PASSWORD_NON_LETTER) { 1042 out.startTag(null, TAG_MIN_PASSWORD_NONLETTER); 1043 out.attribute( 1044 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.nonLetter)); 1045 out.endTag(null, TAG_MIN_PASSWORD_NONLETTER); 1046 } 1047 } 1048 if (passwordBlacklistFile != null) { 1049 out.startTag(null, TAG_PASSWORD_BLACKLIST); 1050 out.attribute(null, ATTR_VALUE, passwordBlacklistFile); 1051 out.endTag(null, TAG_PASSWORD_BLACKLIST); 1052 } 1053 if (maximumTimeToUnlock != DEF_MAXIMUM_TIME_TO_UNLOCK) { 1054 out.startTag(null, TAG_MAX_TIME_TO_UNLOCK); 1055 out.attribute(null, ATTR_VALUE, Long.toString(maximumTimeToUnlock)); 1056 out.endTag(null, TAG_MAX_TIME_TO_UNLOCK); 1057 } 1058 if (strongAuthUnlockTimeout != DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { 1059 out.startTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT); 1060 out.attribute(null, ATTR_VALUE, Long.toString(strongAuthUnlockTimeout)); 1061 out.endTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT); 1062 } 1063 if (maximumFailedPasswordsForWipe != DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) { 1064 out.startTag(null, TAG_MAX_FAILED_PASSWORD_WIPE); 1065 out.attribute(null, ATTR_VALUE, Integer.toString(maximumFailedPasswordsForWipe)); 1066 out.endTag(null, TAG_MAX_FAILED_PASSWORD_WIPE); 1067 } 1068 if (specifiesGlobalProxy) { 1069 out.startTag(null, TAG_SPECIFIES_GLOBAL_PROXY); 1070 out.attribute(null, ATTR_VALUE, Boolean.toString(specifiesGlobalProxy)); 1071 out.endTag(null, TAG_SPECIFIES_GLOBAL_PROXY); 1072 if (globalProxySpec != null) { 1073 out.startTag(null, TAG_GLOBAL_PROXY_SPEC); 1074 out.attribute(null, ATTR_VALUE, globalProxySpec); 1075 out.endTag(null, TAG_GLOBAL_PROXY_SPEC); 1076 } 1077 if (globalProxyExclusionList != null) { 1078 out.startTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST); 1079 out.attribute(null, ATTR_VALUE, globalProxyExclusionList); 1080 out.endTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST); 1081 } 1082 } 1083 if (passwordExpirationTimeout != DEF_PASSWORD_EXPIRATION_TIMEOUT) { 1084 out.startTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT); 1085 out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationTimeout)); 1086 out.endTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT); 1087 } 1088 if (passwordExpirationDate != DEF_PASSWORD_EXPIRATION_DATE) { 1089 out.startTag(null, TAG_PASSWORD_EXPIRATION_DATE); 1090 out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationDate)); 1091 out.endTag(null, TAG_PASSWORD_EXPIRATION_DATE); 1092 } 1093 if (encryptionRequested) { 1094 out.startTag(null, TAG_ENCRYPTION_REQUESTED); 1095 out.attribute(null, ATTR_VALUE, Boolean.toString(encryptionRequested)); 1096 out.endTag(null, TAG_ENCRYPTION_REQUESTED); 1097 } 1098 if (testOnlyAdmin) { 1099 out.startTag(null, TAG_TEST_ONLY_ADMIN); 1100 out.attribute(null, ATTR_VALUE, Boolean.toString(testOnlyAdmin)); 1101 out.endTag(null, TAG_TEST_ONLY_ADMIN); 1102 } 1103 if (disableCamera) { 1104 out.startTag(null, TAG_DISABLE_CAMERA); 1105 out.attribute(null, ATTR_VALUE, Boolean.toString(disableCamera)); 1106 out.endTag(null, TAG_DISABLE_CAMERA); 1107 } 1108 if (disableCallerId) { 1109 out.startTag(null, TAG_DISABLE_CALLER_ID); 1110 out.attribute(null, ATTR_VALUE, Boolean.toString(disableCallerId)); 1111 out.endTag(null, TAG_DISABLE_CALLER_ID); 1112 } 1113 if (disableContactsSearch) { 1114 out.startTag(null, TAG_DISABLE_CONTACTS_SEARCH); 1115 out.attribute(null, ATTR_VALUE, Boolean.toString(disableContactsSearch)); 1116 out.endTag(null, TAG_DISABLE_CONTACTS_SEARCH); 1117 } 1118 if (!disableBluetoothContactSharing) { 1119 out.startTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING); 1120 out.attribute(null, ATTR_VALUE, 1121 Boolean.toString(disableBluetoothContactSharing)); 1122 out.endTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING); 1123 } 1124 if (disableScreenCapture) { 1125 out.startTag(null, TAG_DISABLE_SCREEN_CAPTURE); 1126 out.attribute(null, ATTR_VALUE, Boolean.toString(disableScreenCapture)); 1127 out.endTag(null, TAG_DISABLE_SCREEN_CAPTURE); 1128 } 1129 if (requireAutoTime) { 1130 out.startTag(null, TAG_REQUIRE_AUTO_TIME); 1131 out.attribute(null, ATTR_VALUE, Boolean.toString(requireAutoTime)); 1132 out.endTag(null, TAG_REQUIRE_AUTO_TIME); 1133 } 1134 if (forceEphemeralUsers) { 1135 out.startTag(null, TAG_FORCE_EPHEMERAL_USERS); 1136 out.attribute(null, ATTR_VALUE, Boolean.toString(forceEphemeralUsers)); 1137 out.endTag(null, TAG_FORCE_EPHEMERAL_USERS); 1138 } 1139 if (isNetworkLoggingEnabled) { 1140 out.startTag(null, TAG_IS_NETWORK_LOGGING_ENABLED); 1141 out.attribute(null, ATTR_VALUE, Boolean.toString(isNetworkLoggingEnabled)); 1142 out.attribute(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS, 1143 Integer.toString(numNetworkLoggingNotifications)); 1144 out.attribute(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION, 1145 Long.toString(lastNetworkLoggingNotificationTimeMs)); 1146 out.endTag(null, TAG_IS_NETWORK_LOGGING_ENABLED); 1147 } 1148 if (disabledKeyguardFeatures != DEF_KEYGUARD_FEATURES_DISABLED) { 1149 out.startTag(null, TAG_DISABLE_KEYGUARD_FEATURES); 1150 out.attribute(null, ATTR_VALUE, Integer.toString(disabledKeyguardFeatures)); 1151 out.endTag(null, TAG_DISABLE_KEYGUARD_FEATURES); 1152 } 1153 if (!accountTypesWithManagementDisabled.isEmpty()) { 1154 out.startTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT); 1155 writeAttributeValuesToXml( 1156 out, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled); 1157 out.endTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT); 1158 } 1159 if (!trustAgentInfos.isEmpty()) { 1160 Set<Entry<String, TrustAgentInfo>> set = trustAgentInfos.entrySet(); 1161 out.startTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES); 1162 for (Entry<String, TrustAgentInfo> entry : set) { 1163 TrustAgentInfo trustAgentInfo = entry.getValue(); 1164 out.startTag(null, TAG_TRUST_AGENT_COMPONENT); 1165 out.attribute(null, ATTR_VALUE, entry.getKey()); 1166 if (trustAgentInfo.options != null) { 1167 out.startTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS); 1168 try { 1169 trustAgentInfo.options.saveToXml(out); 1170 } catch (XmlPullParserException e) { 1171 Log.e(LOG_TAG, "Failed to save TrustAgent options", e); 1172 } 1173 out.endTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS); 1174 } 1175 out.endTag(null, TAG_TRUST_AGENT_COMPONENT); 1176 } 1177 out.endTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES); 1178 } 1179 if (crossProfileWidgetProviders != null && !crossProfileWidgetProviders.isEmpty()) { 1180 out.startTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS); 1181 writeAttributeValuesToXml(out, TAG_PROVIDER, crossProfileWidgetProviders); 1182 out.endTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS); 1183 } 1184 writePackageListToXml(out, TAG_PERMITTED_ACCESSIBILITY_SERVICES, 1185 permittedAccessiblityServices); 1186 writePackageListToXml(out, TAG_PERMITTED_IMES, permittedInputMethods); 1187 writePackageListToXml(out, TAG_PERMITTED_NOTIFICATION_LISTENERS, 1188 permittedNotificationListeners); 1189 writePackageListToXml(out, TAG_KEEP_UNINSTALLED_PACKAGES, keepUninstalledPackages); 1190 writePackageListToXml(out, TAG_METERED_DATA_DISABLED_PACKAGES, meteredDisabledPackages); 1191 if (hasUserRestrictions()) { 1192 UserRestrictionsUtils.writeRestrictions( 1193 out, userRestrictions, TAG_USER_RESTRICTIONS); 1194 } 1195 if (!defaultEnabledRestrictionsAlreadySet.isEmpty()) { 1196 out.startTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS); 1197 writeAttributeValuesToXml( 1198 out, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet); 1199 out.endTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS); 1200 } 1201 if (!TextUtils.isEmpty(shortSupportMessage)) { 1202 out.startTag(null, TAG_SHORT_SUPPORT_MESSAGE); 1203 out.text(shortSupportMessage.toString()); 1204 out.endTag(null, TAG_SHORT_SUPPORT_MESSAGE); 1205 } 1206 if (!TextUtils.isEmpty(longSupportMessage)) { 1207 out.startTag(null, TAG_LONG_SUPPORT_MESSAGE); 1208 out.text(longSupportMessage.toString()); 1209 out.endTag(null, TAG_LONG_SUPPORT_MESSAGE); 1210 } 1211 if (parentAdmin != null) { 1212 out.startTag(null, TAG_PARENT_ADMIN); 1213 parentAdmin.writeToXml(out); 1214 out.endTag(null, TAG_PARENT_ADMIN); 1215 } 1216 if (organizationColor != DEF_ORGANIZATION_COLOR) { 1217 out.startTag(null, TAG_ORGANIZATION_COLOR); 1218 out.attribute(null, ATTR_VALUE, Integer.toString(organizationColor)); 1219 out.endTag(null, TAG_ORGANIZATION_COLOR); 1220 } 1221 if (organizationName != null) { 1222 out.startTag(null, TAG_ORGANIZATION_NAME); 1223 out.text(organizationName); 1224 out.endTag(null, TAG_ORGANIZATION_NAME); 1225 } 1226 if (isLogoutEnabled) { 1227 out.startTag(null, TAG_IS_LOGOUT_ENABLED); 1228 out.attribute(null, ATTR_VALUE, Boolean.toString(isLogoutEnabled)); 1229 out.endTag(null, TAG_IS_LOGOUT_ENABLED); 1230 } 1231 if (mandatoryBackupTransport != null) { 1232 out.startTag(null, TAG_MANDATORY_BACKUP_TRANSPORT); 1233 out.attribute(null, ATTR_VALUE, mandatoryBackupTransport.flattenToString()); 1234 out.endTag(null, TAG_MANDATORY_BACKUP_TRANSPORT); 1235 } 1236 if (startUserSessionMessage != null) { 1237 out.startTag(null, TAG_START_USER_SESSION_MESSAGE); 1238 out.text(startUserSessionMessage); 1239 out.endTag(null, TAG_START_USER_SESSION_MESSAGE); 1240 } 1241 if (endUserSessionMessage != null) { 1242 out.startTag(null, TAG_END_USER_SESSION_MESSAGE); 1243 out.text(endUserSessionMessage); 1244 out.endTag(null, TAG_END_USER_SESSION_MESSAGE); 1245 } 1246 } 1247 1248 void writePackageListToXml(XmlSerializer out, String outerTag, 1249 List<String> packageList) 1250 throws IllegalArgumentException, IllegalStateException, IOException { 1251 if (packageList == null) { 1252 return; 1253 } 1254 1255 out.startTag(null, outerTag); 1256 writeAttributeValuesToXml(out, TAG_PACKAGE_LIST_ITEM, packageList); 1257 out.endTag(null, outerTag); 1258 } 1259 1260 void writeAttributeValuesToXml(XmlSerializer out, String tag, 1261 @NonNull Collection<String> values) throws IOException { 1262 for (String value : values) { 1263 out.startTag(null, tag); 1264 out.attribute(null, ATTR_VALUE, value); 1265 out.endTag(null, tag); 1266 } 1267 } 1268 1269 void readFromXml(XmlPullParser parser) 1270 throws XmlPullParserException, IOException { 1271 int outerDepth = parser.getDepth(); 1272 int type; 1273 while ((type=parser.next()) != END_DOCUMENT 1274 && (type != END_TAG || parser.getDepth() > outerDepth)) { 1275 if (type == END_TAG || type == TEXT) { 1276 continue; 1277 } 1278 String tag = parser.getName(); 1279 if (TAG_POLICIES.equals(tag)) { 1280 info.readPoliciesFromXml(parser); 1281 } else if (TAG_PASSWORD_QUALITY.equals(tag)) { 1282 minimumPasswordMetrics.quality = Integer.parseInt( 1283 parser.getAttributeValue(null, ATTR_VALUE)); 1284 } else if (TAG_MIN_PASSWORD_LENGTH.equals(tag)) { 1285 minimumPasswordMetrics.length = Integer.parseInt( 1286 parser.getAttributeValue(null, ATTR_VALUE)); 1287 } else if (TAG_PASSWORD_HISTORY_LENGTH.equals(tag)) { 1288 passwordHistoryLength = Integer.parseInt( 1289 parser.getAttributeValue(null, ATTR_VALUE)); 1290 } else if (TAG_MIN_PASSWORD_UPPERCASE.equals(tag)) { 1291 minimumPasswordMetrics.upperCase = Integer.parseInt( 1292 parser.getAttributeValue(null, ATTR_VALUE)); 1293 } else if (TAG_MIN_PASSWORD_LOWERCASE.equals(tag)) { 1294 minimumPasswordMetrics.lowerCase = Integer.parseInt( 1295 parser.getAttributeValue(null, ATTR_VALUE)); 1296 } else if (TAG_MIN_PASSWORD_LETTERS.equals(tag)) { 1297 minimumPasswordMetrics.letters = Integer.parseInt( 1298 parser.getAttributeValue(null, ATTR_VALUE)); 1299 } else if (TAG_MIN_PASSWORD_NUMERIC.equals(tag)) { 1300 minimumPasswordMetrics.numeric = Integer.parseInt( 1301 parser.getAttributeValue(null, ATTR_VALUE)); 1302 } else if (TAG_MIN_PASSWORD_SYMBOLS.equals(tag)) { 1303 minimumPasswordMetrics.symbols = Integer.parseInt( 1304 parser.getAttributeValue(null, ATTR_VALUE)); 1305 } else if (TAG_MIN_PASSWORD_NONLETTER.equals(tag)) { 1306 minimumPasswordMetrics.nonLetter = Integer.parseInt( 1307 parser.getAttributeValue(null, ATTR_VALUE)); 1308 } else if (TAG_PASSWORD_BLACKLIST.equals(tag)) { 1309 passwordBlacklistFile = parser.getAttributeValue(null, ATTR_VALUE); 1310 }else if (TAG_MAX_TIME_TO_UNLOCK.equals(tag)) { 1311 maximumTimeToUnlock = Long.parseLong( 1312 parser.getAttributeValue(null, ATTR_VALUE)); 1313 } else if (TAG_STRONG_AUTH_UNLOCK_TIMEOUT.equals(tag)) { 1314 strongAuthUnlockTimeout = Long.parseLong( 1315 parser.getAttributeValue(null, ATTR_VALUE)); 1316 } else if (TAG_MAX_FAILED_PASSWORD_WIPE.equals(tag)) { 1317 maximumFailedPasswordsForWipe = Integer.parseInt( 1318 parser.getAttributeValue(null, ATTR_VALUE)); 1319 } else if (TAG_SPECIFIES_GLOBAL_PROXY.equals(tag)) { 1320 specifiesGlobalProxy = Boolean.parseBoolean( 1321 parser.getAttributeValue(null, ATTR_VALUE)); 1322 } else if (TAG_GLOBAL_PROXY_SPEC.equals(tag)) { 1323 globalProxySpec = 1324 parser.getAttributeValue(null, ATTR_VALUE); 1325 } else if (TAG_GLOBAL_PROXY_EXCLUSION_LIST.equals(tag)) { 1326 globalProxyExclusionList = 1327 parser.getAttributeValue(null, ATTR_VALUE); 1328 } else if (TAG_PASSWORD_EXPIRATION_TIMEOUT.equals(tag)) { 1329 passwordExpirationTimeout = Long.parseLong( 1330 parser.getAttributeValue(null, ATTR_VALUE)); 1331 } else if (TAG_PASSWORD_EXPIRATION_DATE.equals(tag)) { 1332 passwordExpirationDate = Long.parseLong( 1333 parser.getAttributeValue(null, ATTR_VALUE)); 1334 } else if (TAG_ENCRYPTION_REQUESTED.equals(tag)) { 1335 encryptionRequested = Boolean.parseBoolean( 1336 parser.getAttributeValue(null, ATTR_VALUE)); 1337 } else if (TAG_TEST_ONLY_ADMIN.equals(tag)) { 1338 testOnlyAdmin = Boolean.parseBoolean( 1339 parser.getAttributeValue(null, ATTR_VALUE)); 1340 } else if (TAG_DISABLE_CAMERA.equals(tag)) { 1341 disableCamera = Boolean.parseBoolean( 1342 parser.getAttributeValue(null, ATTR_VALUE)); 1343 } else if (TAG_DISABLE_CALLER_ID.equals(tag)) { 1344 disableCallerId = Boolean.parseBoolean( 1345 parser.getAttributeValue(null, ATTR_VALUE)); 1346 } else if (TAG_DISABLE_CONTACTS_SEARCH.equals(tag)) { 1347 disableContactsSearch = Boolean.parseBoolean( 1348 parser.getAttributeValue(null, ATTR_VALUE)); 1349 } else if (TAG_DISABLE_BLUETOOTH_CONTACT_SHARING.equals(tag)) { 1350 disableBluetoothContactSharing = Boolean.parseBoolean(parser 1351 .getAttributeValue(null, ATTR_VALUE)); 1352 } else if (TAG_DISABLE_SCREEN_CAPTURE.equals(tag)) { 1353 disableScreenCapture = Boolean.parseBoolean( 1354 parser.getAttributeValue(null, ATTR_VALUE)); 1355 } else if (TAG_REQUIRE_AUTO_TIME.equals(tag)) { 1356 requireAutoTime = Boolean.parseBoolean( 1357 parser.getAttributeValue(null, ATTR_VALUE)); 1358 } else if (TAG_FORCE_EPHEMERAL_USERS.equals(tag)) { 1359 forceEphemeralUsers = Boolean.parseBoolean( 1360 parser.getAttributeValue(null, ATTR_VALUE)); 1361 } else if (TAG_IS_NETWORK_LOGGING_ENABLED.equals(tag)) { 1362 isNetworkLoggingEnabled = Boolean.parseBoolean( 1363 parser.getAttributeValue(null, ATTR_VALUE)); 1364 lastNetworkLoggingNotificationTimeMs = Long.parseLong( 1365 parser.getAttributeValue(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION)); 1366 numNetworkLoggingNotifications = Integer.parseInt( 1367 parser.getAttributeValue(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS)); 1368 } else if (TAG_DISABLE_KEYGUARD_FEATURES.equals(tag)) { 1369 disabledKeyguardFeatures = Integer.parseInt( 1370 parser.getAttributeValue(null, ATTR_VALUE)); 1371 } else if (TAG_DISABLE_ACCOUNT_MANAGEMENT.equals(tag)) { 1372 readAttributeValues( 1373 parser, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled); 1374 } else if (TAG_MANAGE_TRUST_AGENT_FEATURES.equals(tag)) { 1375 trustAgentInfos = getAllTrustAgentInfos(parser, tag); 1376 } else if (TAG_CROSS_PROFILE_WIDGET_PROVIDERS.equals(tag)) { 1377 crossProfileWidgetProviders = new ArrayList<>(); 1378 readAttributeValues(parser, TAG_PROVIDER, crossProfileWidgetProviders); 1379 } else if (TAG_PERMITTED_ACCESSIBILITY_SERVICES.equals(tag)) { 1380 permittedAccessiblityServices = readPackageList(parser, tag); 1381 } else if (TAG_PERMITTED_IMES.equals(tag)) { 1382 permittedInputMethods = readPackageList(parser, tag); 1383 } else if (TAG_PERMITTED_NOTIFICATION_LISTENERS.equals(tag)) { 1384 permittedNotificationListeners = readPackageList(parser, tag); 1385 } else if (TAG_KEEP_UNINSTALLED_PACKAGES.equals(tag)) { 1386 keepUninstalledPackages = readPackageList(parser, tag); 1387 } else if (TAG_METERED_DATA_DISABLED_PACKAGES.equals(tag)) { 1388 meteredDisabledPackages = readPackageList(parser, tag); 1389 } else if (TAG_USER_RESTRICTIONS.equals(tag)) { 1390 userRestrictions = UserRestrictionsUtils.readRestrictions(parser); 1391 } else if (TAG_DEFAULT_ENABLED_USER_RESTRICTIONS.equals(tag)) { 1392 readAttributeValues( 1393 parser, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet); 1394 } else if (TAG_SHORT_SUPPORT_MESSAGE.equals(tag)) { 1395 type = parser.next(); 1396 if (type == XmlPullParser.TEXT) { 1397 shortSupportMessage = parser.getText(); 1398 } else { 1399 Log.w(LOG_TAG, "Missing text when loading short support message"); 1400 } 1401 } else if (TAG_LONG_SUPPORT_MESSAGE.equals(tag)) { 1402 type = parser.next(); 1403 if (type == XmlPullParser.TEXT) { 1404 longSupportMessage = parser.getText(); 1405 } else { 1406 Log.w(LOG_TAG, "Missing text when loading long support message"); 1407 } 1408 } else if (TAG_PARENT_ADMIN.equals(tag)) { 1409 Preconditions.checkState(!isParent); 1410 1411 parentAdmin = new ActiveAdmin(info, /* parent */ true); 1412 parentAdmin.readFromXml(parser); 1413 } else if (TAG_ORGANIZATION_COLOR.equals(tag)) { 1414 organizationColor = Integer.parseInt( 1415 parser.getAttributeValue(null, ATTR_VALUE)); 1416 } else if (TAG_ORGANIZATION_NAME.equals(tag)) { 1417 type = parser.next(); 1418 if (type == XmlPullParser.TEXT) { 1419 organizationName = parser.getText(); 1420 } else { 1421 Log.w(LOG_TAG, "Missing text when loading organization name"); 1422 } 1423 } else if (TAG_IS_LOGOUT_ENABLED.equals(tag)) { 1424 isLogoutEnabled = Boolean.parseBoolean( 1425 parser.getAttributeValue(null, ATTR_VALUE)); 1426 } else if (TAG_MANDATORY_BACKUP_TRANSPORT.equals(tag)) { 1427 mandatoryBackupTransport = ComponentName.unflattenFromString( 1428 parser.getAttributeValue(null, ATTR_VALUE)); 1429 } else if (TAG_START_USER_SESSION_MESSAGE.equals(tag)) { 1430 type = parser.next(); 1431 if (type == XmlPullParser.TEXT) { 1432 startUserSessionMessage = parser.getText(); 1433 } else { 1434 Log.w(LOG_TAG, "Missing text when loading start session message"); 1435 } 1436 } else if (TAG_END_USER_SESSION_MESSAGE.equals(tag)) { 1437 type = parser.next(); 1438 if (type == XmlPullParser.TEXT) { 1439 endUserSessionMessage = parser.getText(); 1440 } else { 1441 Log.w(LOG_TAG, "Missing text when loading end session message"); 1442 } 1443 } else { 1444 Slog.w(LOG_TAG, "Unknown admin tag: " + tag); 1445 XmlUtils.skipCurrentTag(parser); 1446 } 1447 } 1448 } 1449 1450 private List<String> readPackageList(XmlPullParser parser, 1451 String tag) throws XmlPullParserException, IOException { 1452 List<String> result = new ArrayList<String>(); 1453 int outerDepth = parser.getDepth(); 1454 int outerType; 1455 while ((outerType=parser.next()) != XmlPullParser.END_DOCUMENT 1456 && (outerType != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1457 if (outerType == XmlPullParser.END_TAG || outerType == XmlPullParser.TEXT) { 1458 continue; 1459 } 1460 String outerTag = parser.getName(); 1461 if (TAG_PACKAGE_LIST_ITEM.equals(outerTag)) { 1462 String packageName = parser.getAttributeValue(null, ATTR_VALUE); 1463 if (packageName != null) { 1464 result.add(packageName); 1465 } else { 1466 Slog.w(LOG_TAG, "Package name missing under " + outerTag); 1467 } 1468 } else { 1469 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + outerTag); 1470 } 1471 } 1472 return result; 1473 } 1474 1475 private void readAttributeValues( 1476 XmlPullParser parser, String tag, Collection<String> result) 1477 throws XmlPullParserException, IOException { 1478 result.clear(); 1479 int outerDepthDAM = parser.getDepth(); 1480 int typeDAM; 1481 while ((typeDAM=parser.next()) != END_DOCUMENT 1482 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1483 if (typeDAM == END_TAG || typeDAM == TEXT) { 1484 continue; 1485 } 1486 String tagDAM = parser.getName(); 1487 if (tag.equals(tagDAM)) { 1488 result.add(parser.getAttributeValue(null, ATTR_VALUE)); 1489 } else { 1490 Slog.e(LOG_TAG, "Expected tag " + tag + " but found " + tagDAM); 1491 } 1492 } 1493 } 1494 1495 private ArrayMap<String, TrustAgentInfo> getAllTrustAgentInfos( 1496 XmlPullParser parser, String tag) throws XmlPullParserException, IOException { 1497 int outerDepthDAM = parser.getDepth(); 1498 int typeDAM; 1499 final ArrayMap<String, TrustAgentInfo> result = new ArrayMap<>(); 1500 while ((typeDAM=parser.next()) != END_DOCUMENT 1501 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1502 if (typeDAM == END_TAG || typeDAM == TEXT) { 1503 continue; 1504 } 1505 String tagDAM = parser.getName(); 1506 if (TAG_TRUST_AGENT_COMPONENT.equals(tagDAM)) { 1507 final String component = parser.getAttributeValue(null, ATTR_VALUE); 1508 final TrustAgentInfo trustAgentInfo = getTrustAgentInfo(parser, tag); 1509 result.put(component, trustAgentInfo); 1510 } else { 1511 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + tagDAM); 1512 } 1513 } 1514 return result; 1515 } 1516 1517 private TrustAgentInfo getTrustAgentInfo(XmlPullParser parser, String tag) 1518 throws XmlPullParserException, IOException { 1519 int outerDepthDAM = parser.getDepth(); 1520 int typeDAM; 1521 TrustAgentInfo result = new TrustAgentInfo(null); 1522 while ((typeDAM=parser.next()) != END_DOCUMENT 1523 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1524 if (typeDAM == END_TAG || typeDAM == TEXT) { 1525 continue; 1526 } 1527 String tagDAM = parser.getName(); 1528 if (TAG_TRUST_AGENT_COMPONENT_OPTIONS.equals(tagDAM)) { 1529 result.options = PersistableBundle.restoreFromXml(parser); 1530 } else { 1531 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + tagDAM); 1532 } 1533 } 1534 return result; 1535 } 1536 1537 boolean hasUserRestrictions() { 1538 return userRestrictions != null && userRestrictions.size() > 0; 1539 } 1540 1541 Bundle ensureUserRestrictions() { 1542 if (userRestrictions == null) { 1543 userRestrictions = new Bundle(); 1544 } 1545 return userRestrictions; 1546 } 1547 1548 public void transfer(DeviceAdminInfo deviceAdminInfo) { 1549 if (hasParentActiveAdmin()) { 1550 parentAdmin.info = deviceAdminInfo; 1551 } 1552 info = deviceAdminInfo; 1553 } 1554 1555 void dump(String prefix, PrintWriter pw) { 1556 pw.print(prefix); pw.print("uid="); pw.println(getUid()); 1557 pw.print(prefix); pw.print("testOnlyAdmin="); 1558 pw.println(testOnlyAdmin); 1559 pw.print(prefix); pw.println("policies:"); 1560 ArrayList<DeviceAdminInfo.PolicyInfo> pols = info.getUsedPolicies(); 1561 if (pols != null) { 1562 for (int i=0; i<pols.size(); i++) { 1563 pw.print(prefix); pw.print(" "); pw.println(pols.get(i).tag); 1564 } 1565 } 1566 pw.print(prefix); pw.print("passwordQuality=0x"); 1567 pw.println(Integer.toHexString(minimumPasswordMetrics.quality)); 1568 pw.print(prefix); pw.print("minimumPasswordLength="); 1569 pw.println(minimumPasswordMetrics.length); 1570 pw.print(prefix); pw.print("passwordHistoryLength="); 1571 pw.println(passwordHistoryLength); 1572 pw.print(prefix); pw.print("minimumPasswordUpperCase="); 1573 pw.println(minimumPasswordMetrics.upperCase); 1574 pw.print(prefix); pw.print("minimumPasswordLowerCase="); 1575 pw.println(minimumPasswordMetrics.lowerCase); 1576 pw.print(prefix); pw.print("minimumPasswordLetters="); 1577 pw.println(minimumPasswordMetrics.letters); 1578 pw.print(prefix); pw.print("minimumPasswordNumeric="); 1579 pw.println(minimumPasswordMetrics.numeric); 1580 pw.print(prefix); pw.print("minimumPasswordSymbols="); 1581 pw.println(minimumPasswordMetrics.symbols); 1582 pw.print(prefix); pw.print("minimumPasswordNonLetter="); 1583 pw.println(minimumPasswordMetrics.nonLetter); 1584 pw.print(prefix); pw.print("passwordBlacklist="); 1585 pw.println(passwordBlacklistFile != null); 1586 pw.print(prefix); pw.print("maximumTimeToUnlock="); 1587 pw.println(maximumTimeToUnlock); 1588 pw.print(prefix); pw.print("strongAuthUnlockTimeout="); 1589 pw.println(strongAuthUnlockTimeout); 1590 pw.print(prefix); pw.print("maximumFailedPasswordsForWipe="); 1591 pw.println(maximumFailedPasswordsForWipe); 1592 pw.print(prefix); pw.print("specifiesGlobalProxy="); 1593 pw.println(specifiesGlobalProxy); 1594 pw.print(prefix); pw.print("passwordExpirationTimeout="); 1595 pw.println(passwordExpirationTimeout); 1596 pw.print(prefix); pw.print("passwordExpirationDate="); 1597 pw.println(passwordExpirationDate); 1598 if (globalProxySpec != null) { 1599 pw.print(prefix); pw.print("globalProxySpec="); 1600 pw.println(globalProxySpec); 1601 } 1602 if (globalProxyExclusionList != null) { 1603 pw.print(prefix); pw.print("globalProxyEclusionList="); 1604 pw.println(globalProxyExclusionList); 1605 } 1606 pw.print(prefix); pw.print("encryptionRequested="); 1607 pw.println(encryptionRequested); 1608 pw.print(prefix); pw.print("disableCamera="); 1609 pw.println(disableCamera); 1610 pw.print(prefix); pw.print("disableCallerId="); 1611 pw.println(disableCallerId); 1612 pw.print(prefix); pw.print("disableContactsSearch="); 1613 pw.println(disableContactsSearch); 1614 pw.print(prefix); pw.print("disableBluetoothContactSharing="); 1615 pw.println(disableBluetoothContactSharing); 1616 pw.print(prefix); pw.print("disableScreenCapture="); 1617 pw.println(disableScreenCapture); 1618 pw.print(prefix); pw.print("requireAutoTime="); 1619 pw.println(requireAutoTime); 1620 pw.print(prefix); pw.print("forceEphemeralUsers="); 1621 pw.println(forceEphemeralUsers); 1622 pw.print(prefix); pw.print("isNetworkLoggingEnabled="); 1623 pw.println(isNetworkLoggingEnabled); 1624 pw.print(prefix); pw.print("disabledKeyguardFeatures="); 1625 pw.println(disabledKeyguardFeatures); 1626 pw.print(prefix); pw.print("crossProfileWidgetProviders="); 1627 pw.println(crossProfileWidgetProviders); 1628 if (permittedAccessiblityServices != null) { 1629 pw.print(prefix); pw.print("permittedAccessibilityServices="); 1630 pw.println(permittedAccessiblityServices); 1631 } 1632 if (permittedInputMethods != null) { 1633 pw.print(prefix); pw.print("permittedInputMethods="); 1634 pw.println(permittedInputMethods); 1635 } 1636 if (permittedNotificationListeners != null) { 1637 pw.print(prefix); pw.print("permittedNotificationListeners="); 1638 pw.println(permittedNotificationListeners); 1639 } 1640 if (keepUninstalledPackages != null) { 1641 pw.print(prefix); pw.print("keepUninstalledPackages="); 1642 pw.println(keepUninstalledPackages); 1643 } 1644 pw.print(prefix); pw.print("organizationColor="); 1645 pw.println(organizationColor); 1646 if (organizationName != null) { 1647 pw.print(prefix); pw.print("organizationName="); 1648 pw.println(organizationName); 1649 } 1650 pw.print(prefix); pw.println("userRestrictions:"); 1651 UserRestrictionsUtils.dumpRestrictions(pw, prefix + " ", userRestrictions); 1652 pw.print(prefix); pw.print("defaultEnabledRestrictionsAlreadySet="); 1653 pw.println(defaultEnabledRestrictionsAlreadySet); 1654 pw.print(prefix); pw.print("isParent="); 1655 pw.println(isParent); 1656 if (parentAdmin != null) { 1657 pw.print(prefix); pw.println("parentAdmin:"); 1658 parentAdmin.dump(prefix + " ", pw); 1659 } 1660 } 1661 } 1662 1663 private void handlePackagesChanged(@Nullable String packageName, int userHandle) { 1664 boolean removedAdmin = false; 1665 if (VERBOSE_LOG) { 1666 Slog.d(LOG_TAG, "Handling package changes package " + packageName 1667 + " for user " + userHandle); 1668 } 1669 DevicePolicyData policy = getUserData(userHandle); 1670 synchronized (this) { 1671 for (int i = policy.mAdminList.size() - 1; i >= 0; i--) { 1672 ActiveAdmin aa = policy.mAdminList.get(i); 1673 try { 1674 // If we're checking all packages or if the specific one we're checking matches, 1675 // then check if the package and receiver still exist. 1676 final String adminPackage = aa.info.getPackageName(); 1677 if (packageName == null || packageName.equals(adminPackage)) { 1678 if (mIPackageManager.getPackageInfo(adminPackage, 0, userHandle) == null 1679 || mIPackageManager.getReceiverInfo(aa.info.getComponent(), 1680 PackageManager.MATCH_DIRECT_BOOT_AWARE 1681 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 1682 userHandle) == null) { 1683 removedAdmin = true; 1684 policy.mAdminList.remove(i); 1685 policy.mAdminMap.remove(aa.info.getComponent()); 1686 pushActiveAdminPackagesLocked(userHandle); 1687 pushMeteredDisabledPackagesLocked(userHandle); 1688 } 1689 } 1690 } catch (RemoteException re) { 1691 // Shouldn't happen. 1692 } 1693 } 1694 if (removedAdmin) { 1695 validatePasswordOwnerLocked(policy); 1696 } 1697 1698 boolean removedDelegate = false; 1699 1700 // Check if a delegate was removed. 1701 for (int i = policy.mDelegationMap.size() - 1; i >= 0; i--) { 1702 final String delegatePackage = policy.mDelegationMap.keyAt(i); 1703 if (isRemovedPackage(packageName, delegatePackage, userHandle)) { 1704 policy.mDelegationMap.removeAt(i); 1705 removedDelegate = true; 1706 } 1707 } 1708 1709 // If it's an owner package, we may need to refresh the bound connection. 1710 final ComponentName owner = getOwnerComponent(userHandle); 1711 if ((packageName != null) && (owner != null) 1712 && (owner.getPackageName().equals(packageName))) { 1713 startOwnerService(userHandle, "package-broadcast"); 1714 } 1715 1716 // Persist updates if the removed package was an admin or delegate. 1717 if (removedAdmin || removedDelegate) { 1718 saveSettingsLocked(policy.mUserHandle); 1719 } 1720 } 1721 if (removedAdmin) { 1722 // The removed admin might have disabled camera, so update user restrictions. 1723 pushUserRestrictions(userHandle); 1724 } 1725 } 1726 1727 private boolean isRemovedPackage(String changedPackage, String targetPackage, int userHandle) { 1728 try { 1729 return targetPackage != null 1730 && (changedPackage == null || changedPackage.equals(targetPackage)) 1731 && mIPackageManager.getPackageInfo(targetPackage, 0, userHandle) == null; 1732 } catch (RemoteException e) { 1733 // Shouldn't happen 1734 } 1735 1736 return false; 1737 } 1738 1739 /** 1740 * Unit test will subclass it to inject mocks. 1741 */ 1742 @VisibleForTesting 1743 static class Injector { 1744 1745 public final Context mContext; 1746 1747 Injector(Context context) { 1748 mContext = context; 1749 } 1750 1751 public boolean hasFeature() { 1752 return getPackageManager().hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN); 1753 } 1754 1755 Context createContextAsUser(UserHandle user) throws PackageManager.NameNotFoundException { 1756 final String packageName = mContext.getPackageName(); 1757 return mContext.createPackageContextAsUser(packageName, 0, user); 1758 } 1759 1760 Resources getResources() { 1761 return mContext.getResources(); 1762 } 1763 1764 Owners newOwners() { 1765 return new Owners(getUserManager(), getUserManagerInternal(), 1766 getPackageManagerInternal()); 1767 } 1768 1769 UserManager getUserManager() { 1770 return UserManager.get(mContext); 1771 } 1772 1773 UserManagerInternal getUserManagerInternal() { 1774 return LocalServices.getService(UserManagerInternal.class); 1775 } 1776 1777 PackageManagerInternal getPackageManagerInternal() { 1778 return LocalServices.getService(PackageManagerInternal.class); 1779 } 1780 1781 UsageStatsManagerInternal getUsageStatsManagerInternal() { 1782 return LocalServices.getService(UsageStatsManagerInternal.class); 1783 } 1784 1785 NetworkPolicyManagerInternal getNetworkPolicyManagerInternal() { 1786 return LocalServices.getService(NetworkPolicyManagerInternal.class); 1787 } 1788 1789 NotificationManager getNotificationManager() { 1790 return mContext.getSystemService(NotificationManager.class); 1791 } 1792 1793 IIpConnectivityMetrics getIIpConnectivityMetrics() { 1794 return (IIpConnectivityMetrics) IIpConnectivityMetrics.Stub.asInterface( 1795 ServiceManager.getService(IpConnectivityLog.SERVICE_NAME)); 1796 } 1797 1798 PackageManager getPackageManager() { 1799 return mContext.getPackageManager(); 1800 } 1801 1802 PowerManagerInternal getPowerManagerInternal() { 1803 return LocalServices.getService(PowerManagerInternal.class); 1804 } 1805 1806 TelephonyManager getTelephonyManager() { 1807 return TelephonyManager.from(mContext); 1808 } 1809 1810 TrustManager getTrustManager() { 1811 return (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE); 1812 } 1813 1814 AlarmManager getAlarmManager() { 1815 return (AlarmManager) mContext.getSystemService(AlarmManager.class); 1816 } 1817 1818 IWindowManager getIWindowManager() { 1819 return IWindowManager.Stub 1820 .asInterface(ServiceManager.getService(Context.WINDOW_SERVICE)); 1821 } 1822 1823 IActivityManager getIActivityManager() { 1824 return ActivityManager.getService(); 1825 } 1826 1827 ActivityManagerInternal getActivityManagerInternal() { 1828 return LocalServices.getService(ActivityManagerInternal.class); 1829 } 1830 1831 IPackageManager getIPackageManager() { 1832 return AppGlobals.getPackageManager(); 1833 } 1834 1835 IBackupManager getIBackupManager() { 1836 return IBackupManager.Stub.asInterface( 1837 ServiceManager.getService(Context.BACKUP_SERVICE)); 1838 } 1839 1840 IAudioService getIAudioService() { 1841 return IAudioService.Stub.asInterface(ServiceManager.getService(Context.AUDIO_SERVICE)); 1842 } 1843 1844 boolean isBuildDebuggable() { 1845 return Build.IS_DEBUGGABLE; 1846 } 1847 1848 LockPatternUtils newLockPatternUtils() { 1849 return new LockPatternUtils(mContext); 1850 } 1851 1852 PasswordBlacklist newPasswordBlacklist(File file) { 1853 return new PasswordBlacklist(file); 1854 } 1855 1856 boolean storageManagerIsFileBasedEncryptionEnabled() { 1857 return StorageManager.isFileEncryptedNativeOnly(); 1858 } 1859 1860 boolean storageManagerIsNonDefaultBlockEncrypted() { 1861 long identity = Binder.clearCallingIdentity(); 1862 try { 1863 return StorageManager.isNonDefaultBlockEncrypted(); 1864 } finally { 1865 Binder.restoreCallingIdentity(identity); 1866 } 1867 } 1868 1869 boolean storageManagerIsEncrypted() { 1870 return StorageManager.isEncrypted(); 1871 } 1872 1873 boolean storageManagerIsEncryptable() { 1874 return StorageManager.isEncryptable(); 1875 } 1876 1877 Looper getMyLooper() { 1878 return Looper.myLooper(); 1879 } 1880 1881 WifiManager getWifiManager() { 1882 return mContext.getSystemService(WifiManager.class); 1883 } 1884 1885 long binderClearCallingIdentity() { 1886 return Binder.clearCallingIdentity(); 1887 } 1888 1889 void binderRestoreCallingIdentity(long token) { 1890 Binder.restoreCallingIdentity(token); 1891 } 1892 1893 int binderGetCallingUid() { 1894 return Binder.getCallingUid(); 1895 } 1896 1897 int binderGetCallingPid() { 1898 return Binder.getCallingPid(); 1899 } 1900 1901 UserHandle binderGetCallingUserHandle() { 1902 return Binder.getCallingUserHandle(); 1903 } 1904 1905 boolean binderIsCallingUidMyUid() { 1906 return getCallingUid() == Process.myUid(); 1907 } 1908 1909 void binderWithCleanCallingIdentity(@NonNull ThrowingRunnable action) { 1910 Binder.withCleanCallingIdentity(action); 1911 } 1912 1913 final int userHandleGetCallingUserId() { 1914 return UserHandle.getUserId(binderGetCallingUid()); 1915 } 1916 1917 File environmentGetUserSystemDirectory(int userId) { 1918 return Environment.getUserSystemDirectory(userId); 1919 } 1920 1921 void powerManagerGoToSleep(long time, int reason, int flags) { 1922 mContext.getSystemService(PowerManager.class).goToSleep(time, reason, flags); 1923 } 1924 1925 void powerManagerReboot(String reason) { 1926 mContext.getSystemService(PowerManager.class).reboot(reason); 1927 } 1928 1929 void recoverySystemRebootWipeUserData(boolean shutdown, String reason, boolean force, 1930 boolean wipeEuicc) throws IOException { 1931 RecoverySystem.rebootWipeUserData(mContext, shutdown, reason, force, wipeEuicc); 1932 } 1933 1934 boolean systemPropertiesGetBoolean(String key, boolean def) { 1935 return SystemProperties.getBoolean(key, def); 1936 } 1937 1938 long systemPropertiesGetLong(String key, long def) { 1939 return SystemProperties.getLong(key, def); 1940 } 1941 1942 String systemPropertiesGet(String key, String def) { 1943 return SystemProperties.get(key, def); 1944 } 1945 1946 String systemPropertiesGet(String key) { 1947 return SystemProperties.get(key); 1948 } 1949 1950 void systemPropertiesSet(String key, String value) { 1951 SystemProperties.set(key, value); 1952 } 1953 1954 boolean userManagerIsSplitSystemUser() { 1955 return UserManager.isSplitSystemUser(); 1956 } 1957 1958 String getDevicePolicyFilePathForSystemUser() { 1959 return "/data/system/"; 1960 } 1961 1962 PendingIntent pendingIntentGetActivityAsUser(Context context, int requestCode, 1963 @NonNull Intent intent, int flags, Bundle options, UserHandle user) { 1964 return PendingIntent.getActivityAsUser( 1965 context, requestCode, intent, flags, options, user); 1966 } 1967 1968 void registerContentObserver(Uri uri, boolean notifyForDescendents, 1969 ContentObserver observer, int userHandle) { 1970 mContext.getContentResolver().registerContentObserver(uri, notifyForDescendents, 1971 observer, userHandle); 1972 } 1973 1974 int settingsSecureGetIntForUser(String name, int def, int userHandle) { 1975 return Settings.Secure.getIntForUser(mContext.getContentResolver(), 1976 name, def, userHandle); 1977 } 1978 1979 String settingsSecureGetStringForUser(String name, int userHandle) { 1980 return Settings.Secure.getStringForUser(mContext.getContentResolver(), name, 1981 userHandle); 1982 } 1983 1984 void settingsSecurePutIntForUser(String name, int value, int userHandle) { 1985 Settings.Secure.putIntForUser(mContext.getContentResolver(), 1986 name, value, userHandle); 1987 } 1988 1989 void settingsSecurePutStringForUser(String name, String value, int userHandle) { 1990 Settings.Secure.putStringForUser(mContext.getContentResolver(), 1991 name, value, userHandle); 1992 } 1993 1994 void settingsGlobalPutStringForUser(String name, String value, int userHandle) { 1995 Settings.Global.putStringForUser(mContext.getContentResolver(), 1996 name, value, userHandle); 1997 } 1998 1999 void settingsSecurePutInt(String name, int value) { 2000 Settings.Secure.putInt(mContext.getContentResolver(), name, value); 2001 } 2002 2003 int settingsGlobalGetInt(String name, int def) { 2004 return Settings.Global.getInt(mContext.getContentResolver(), name, def); 2005 } 2006 2007 String settingsGlobalGetString(String name) { 2008 return Settings.Global.getString(mContext.getContentResolver(), name); 2009 } 2010 2011 void settingsGlobalPutInt(String name, int value) { 2012 Settings.Global.putInt(mContext.getContentResolver(), name, value); 2013 } 2014 2015 void settingsSecurePutString(String name, String value) { 2016 Settings.Secure.putString(mContext.getContentResolver(), name, value); 2017 } 2018 2019 void settingsGlobalPutString(String name, String value) { 2020 Settings.Global.putString(mContext.getContentResolver(), name, value); 2021 } 2022 2023 void settingsSystemPutString(String name, String value) { 2024 Settings.System.putString(mContext.getContentResolver(), name, value); 2025 } 2026 2027 void securityLogSetLoggingEnabledProperty(boolean enabled) { 2028 SecurityLog.setLoggingEnabledProperty(enabled); 2029 } 2030 2031 boolean securityLogGetLoggingEnabledProperty() { 2032 return SecurityLog.getLoggingEnabledProperty(); 2033 } 2034 2035 boolean securityLogIsLoggingEnabled() { 2036 return SecurityLog.isLoggingEnabled(); 2037 } 2038 2039 KeyChainConnection keyChainBindAsUser(UserHandle user) throws InterruptedException { 2040 return KeyChain.bindAsUser(mContext, user); 2041 } 2042 2043 void postOnSystemServerInitThreadPool(Runnable runnable) { 2044 SystemServerInitThreadPool.get().submit(runnable, LOG_TAG); 2045 } 2046 2047 public TransferOwnershipMetadataManager newTransferOwnershipMetadataManager() { 2048 return new TransferOwnershipMetadataManager(); 2049 } 2050 2051 public void runCryptoSelfTest() { 2052 CryptoTestHelper.runAndLogSelfTest(); 2053 } 2054 } 2055 2056 /** 2057 * Instantiates the service. 2058 */ 2059 public DevicePolicyManagerService(Context context) { 2060 this(new Injector(context)); 2061 } 2062 2063 @VisibleForTesting 2064 DevicePolicyManagerService(Injector injector) { 2065 mInjector = injector; 2066 mContext = Preconditions.checkNotNull(injector.mContext); 2067 mHandler = new Handler(Preconditions.checkNotNull(injector.getMyLooper())); 2068 mConstants = DevicePolicyConstants.loadFromString( 2069 mInjector.settingsGlobalGetString(Global.DEVICE_POLICY_CONSTANTS)); 2070 2071 mOwners = Preconditions.checkNotNull(injector.newOwners()); 2072 2073 mUserManager = Preconditions.checkNotNull(injector.getUserManager()); 2074 mUserManagerInternal = Preconditions.checkNotNull(injector.getUserManagerInternal()); 2075 mUsageStatsManagerInternal = Preconditions.checkNotNull( 2076 injector.getUsageStatsManagerInternal()); 2077 mIPackageManager = Preconditions.checkNotNull(injector.getIPackageManager()); 2078 mTelephonyManager = Preconditions.checkNotNull(injector.getTelephonyManager()); 2079 2080 mLocalService = new LocalService(); 2081 mLockPatternUtils = injector.newLockPatternUtils(); 2082 2083 // TODO: why does SecurityLogMonitor need to be created even when mHasFeature == false? 2084 mSecurityLogMonitor = new SecurityLogMonitor(this); 2085 2086 mHasFeature = mInjector.hasFeature(); 2087 mIsWatch = mInjector.getPackageManager() 2088 .hasSystemFeature(PackageManager.FEATURE_WATCH); 2089 mBackgroundHandler = BackgroundThread.getHandler(); 2090 2091 // Needed when mHasFeature == false, because it controls the certificate warning text. 2092 mCertificateMonitor = new CertificateMonitor(this, mInjector, mBackgroundHandler); 2093 2094 mDeviceAdminServiceController = new DeviceAdminServiceController(this, mConstants); 2095 2096 mOverlayPackagesProvider = new OverlayPackagesProvider(mContext); 2097 2098 mTransferOwnershipMetadataManager = mInjector.newTransferOwnershipMetadataManager(); 2099 2100 if (!mHasFeature) { 2101 // Skip the rest of the initialization 2102 return; 2103 } 2104 2105 IntentFilter filter = new IntentFilter(); 2106 filter.addAction(Intent.ACTION_BOOT_COMPLETED); 2107 filter.addAction(ACTION_EXPIRED_PASSWORD_NOTIFICATION); 2108 filter.addAction(Intent.ACTION_USER_ADDED); 2109 filter.addAction(Intent.ACTION_USER_REMOVED); 2110 filter.addAction(Intent.ACTION_USER_STARTED); 2111 filter.addAction(Intent.ACTION_USER_STOPPED); 2112 filter.addAction(Intent.ACTION_USER_SWITCHED); 2113 filter.addAction(Intent.ACTION_USER_UNLOCKED); 2114 filter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY); 2115 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2116 filter = new IntentFilter(); 2117 filter.addAction(Intent.ACTION_PACKAGE_CHANGED); 2118 filter.addAction(Intent.ACTION_PACKAGE_REMOVED); 2119 filter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE); 2120 filter.addAction(Intent.ACTION_PACKAGE_ADDED); 2121 filter.addDataScheme("package"); 2122 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2123 filter = new IntentFilter(); 2124 filter.addAction(Intent.ACTION_MANAGED_PROFILE_ADDED); 2125 filter.addAction(Intent.ACTION_TIME_CHANGED); 2126 filter.addAction(Intent.ACTION_DATE_CHANGED); 2127 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2128 2129 LocalServices.addService(DevicePolicyManagerInternal.class, mLocalService); 2130 2131 mSetupContentObserver = new SetupContentObserver(mHandler); 2132 2133 mUserManagerInternal.addUserRestrictionsListener(new RestrictionsListener(mContext)); 2134 } 2135 2136 /** 2137 * Creates and loads the policy data from xml. 2138 * @param userHandle the user for whom to load the policy data 2139 * @return 2140 */ 2141 @NonNull 2142 DevicePolicyData getUserData(int userHandle) { 2143 synchronized (this) { 2144 DevicePolicyData policy = mUserData.get(userHandle); 2145 if (policy == null) { 2146 policy = new DevicePolicyData(userHandle); 2147 mUserData.append(userHandle, policy); 2148 loadSettingsLocked(policy, userHandle); 2149 } 2150 return policy; 2151 } 2152 } 2153 2154 /** 2155 * Creates and loads the policy data from xml for data that is shared between 2156 * various profiles of a user. In contrast to {@link #getUserData(int)} 2157 * it allows access to data of users other than the calling user. 2158 * 2159 * This function should only be used for shared data, e.g. everything regarding 2160 * passwords and should be removed once multiple screen locks are present. 2161 * @param userHandle the user for whom to load the policy data 2162 * @return 2163 */ 2164 DevicePolicyData getUserDataUnchecked(int userHandle) { 2165 long ident = mInjector.binderClearCallingIdentity(); 2166 try { 2167 return getUserData(userHandle); 2168 } finally { 2169 mInjector.binderRestoreCallingIdentity(ident); 2170 } 2171 } 2172 2173 void removeUserData(int userHandle) { 2174 synchronized (this) { 2175 if (userHandle == UserHandle.USER_SYSTEM) { 2176 Slog.w(LOG_TAG, "Tried to remove device policy file for user 0! Ignoring."); 2177 return; 2178 } 2179 mOwners.removeProfileOwner(userHandle); 2180 mOwners.writeProfileOwner(userHandle); 2181 2182 DevicePolicyData policy = mUserData.get(userHandle); 2183 if (policy != null) { 2184 mUserData.remove(userHandle); 2185 } 2186 File policyFile = new File(mInjector.environmentGetUserSystemDirectory(userHandle), 2187 DEVICE_POLICIES_XML); 2188 policyFile.delete(); 2189 Slog.i(LOG_TAG, "Removed device policy file " + policyFile.getAbsolutePath()); 2190 } 2191 updateScreenCaptureDisabledInWindowManager(userHandle, false /* default value */); 2192 } 2193 2194 void loadOwners() { 2195 synchronized (this) { 2196 mOwners.load(); 2197 setDeviceOwnerSystemPropertyLocked(); 2198 findOwnerComponentIfNecessaryLocked(); 2199 migrateUserRestrictionsIfNecessaryLocked(); 2200 maybeSetDefaultDeviceOwnerUserRestrictionsLocked(); 2201 2202 // TODO PO may not have a class name either due to b/17652534. Address that too. 2203 2204 updateDeviceOwnerLocked(); 2205 } 2206 } 2207 2208 /** Apply default restrictions that haven't been applied to device owners yet. */ 2209 private void maybeSetDefaultDeviceOwnerUserRestrictionsLocked() { 2210 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 2211 if (deviceOwner != null) { 2212 maybeSetDefaultRestrictionsForAdminLocked(mOwners.getDeviceOwnerUserId(), 2213 deviceOwner, UserRestrictionsUtils.getDefaultEnabledForDeviceOwner()); 2214 } 2215 } 2216 2217 /** Apply default restrictions that haven't been applied to profile owners yet. */ 2218 private void maybeSetDefaultProfileOwnerUserRestrictions() { 2219 synchronized (this) { 2220 for (final int userId : mOwners.getProfileOwnerKeys()) { 2221 final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 2222 // The following restrictions used to be applied to managed profiles by different 2223 // means (via Settings or by disabling components). Now they are proper user 2224 // restrictions so we apply them to managed profile owners. Non-managed secondary 2225 // users didn't have those restrictions so we skip them to keep existing behavior. 2226 if (profileOwner == null || !mUserManager.isManagedProfile(userId)) { 2227 continue; 2228 } 2229 maybeSetDefaultRestrictionsForAdminLocked(userId, profileOwner, 2230 UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); 2231 ensureUnknownSourcesRestrictionForProfileOwnerLocked( 2232 userId, profileOwner, false /* newOwner */); 2233 } 2234 } 2235 } 2236 2237 /** 2238 * Checks whether {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES} should be added to the 2239 * set of restrictions for this profile owner. 2240 */ 2241 private void ensureUnknownSourcesRestrictionForProfileOwnerLocked(int userId, 2242 ActiveAdmin profileOwner, boolean newOwner) { 2243 if (newOwner || mInjector.settingsSecureGetIntForUser( 2244 Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId) != 0) { 2245 profileOwner.ensureUserRestrictions().putBoolean( 2246 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true); 2247 saveUserRestrictionsLocked(userId); 2248 mInjector.settingsSecurePutIntForUser( 2249 Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId); 2250 } 2251 } 2252 2253 /** 2254 * Apply default restrictions that haven't been applied to a given admin yet. 2255 */ 2256 private void maybeSetDefaultRestrictionsForAdminLocked( 2257 int userId, ActiveAdmin admin, Set<String> defaultRestrictions) { 2258 if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) { 2259 return; // The same set of default restrictions has been already applied. 2260 } 2261 Slog.i(LOG_TAG, "New user restrictions need to be set by default for user " + userId); 2262 2263 if (VERBOSE_LOG) { 2264 Slog.d(LOG_TAG,"Default enabled restrictions: " 2265 + defaultRestrictions 2266 + ". Restrictions already enabled: " 2267 + admin.defaultEnabledRestrictionsAlreadySet); 2268 } 2269 2270 final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions); 2271 restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet); 2272 if (!restrictionsToSet.isEmpty()) { 2273 for (final String restriction : restrictionsToSet) { 2274 admin.ensureUserRestrictions().putBoolean(restriction, true); 2275 } 2276 admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet); 2277 Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet); 2278 saveUserRestrictionsLocked(userId); 2279 } 2280 } 2281 2282 private void setDeviceOwnerSystemPropertyLocked() { 2283 final boolean deviceProvisioned = 2284 mInjector.settingsGlobalGetInt(Settings.Global.DEVICE_PROVISIONED, 0) != 0; 2285 final boolean hasDeviceOwner = mOwners.hasDeviceOwner(); 2286 // If the device is not provisioned and there is currently no device owner, do not set the 2287 // read-only system property yet, since Device owner may still be provisioned. 2288 if (!hasDeviceOwner && !deviceProvisioned) { 2289 return; 2290 } 2291 // Still at the first stage of CryptKeeper double bounce, mOwners.hasDeviceOwner is 2292 // always false at this point. 2293 if (StorageManager.inCryptKeeperBounce()) { 2294 return; 2295 } 2296 2297 if (!mInjector.systemPropertiesGet(PROPERTY_DEVICE_OWNER_PRESENT, "").isEmpty()) { 2298 Slog.w(LOG_TAG, "Trying to set ro.device_owner, but it has already been set?"); 2299 } else { 2300 final String value = Boolean.toString(hasDeviceOwner); 2301 mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, value); 2302 Slog.i(LOG_TAG, "Set ro.device_owner property to " + value); 2303 2304 if (hasDeviceOwner && mInjector.securityLogGetLoggingEnabledProperty()) { 2305 mSecurityLogMonitor.start(); 2306 mInjector.runCryptoSelfTest(); 2307 maybePauseDeviceWideLoggingLocked(); 2308 } 2309 } 2310 } 2311 2312 private void findOwnerComponentIfNecessaryLocked() { 2313 if (!mOwners.hasDeviceOwner()) { 2314 return; 2315 } 2316 final ComponentName doComponentName = mOwners.getDeviceOwnerComponent(); 2317 2318 if (!TextUtils.isEmpty(doComponentName.getClassName())) { 2319 return; // Already a full component name. 2320 } 2321 2322 final ComponentName doComponent = findAdminComponentWithPackageLocked( 2323 doComponentName.getPackageName(), 2324 mOwners.getDeviceOwnerUserId()); 2325 if (doComponent == null) { 2326 Slog.e(LOG_TAG, "Device-owner isn't registered as device-admin"); 2327 } else { 2328 mOwners.setDeviceOwnerWithRestrictionsMigrated( 2329 doComponent, 2330 mOwners.getDeviceOwnerName(), 2331 mOwners.getDeviceOwnerUserId(), 2332 !mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()); 2333 mOwners.writeDeviceOwner(); 2334 if (VERBOSE_LOG) { 2335 Log.v(LOG_TAG, "Device owner component filled in"); 2336 } 2337 } 2338 } 2339 2340 /** 2341 * We didn't use to persist user restrictions for each owners but only persisted in user 2342 * manager. 2343 */ 2344 private void migrateUserRestrictionsIfNecessaryLocked() { 2345 boolean migrated = false; 2346 // Migrate for the DO. Basically all restrictions should be considered to be set by DO, 2347 // except for the "system controlled" ones. 2348 if (mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()) { 2349 if (VERBOSE_LOG) { 2350 Log.v(LOG_TAG, "Migrating DO user restrictions"); 2351 } 2352 migrated = true; 2353 2354 // Migrate user 0 restrictions to DO. 2355 final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 2356 2357 migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin, 2358 /* exceptionList =*/ null, /* isDeviceOwner =*/ true); 2359 2360 // Push DO user restrictions to user manager. 2361 pushUserRestrictions(UserHandle.USER_SYSTEM); 2362 2363 mOwners.setDeviceOwnerUserRestrictionsMigrated(); 2364 } 2365 2366 // Migrate for POs. 2367 2368 // The following restrictions can be set on secondary users by the device owner, so we 2369 // assume they're not from the PO. 2370 final Set<String> secondaryUserExceptionList = Sets.newArraySet( 2371 UserManager.DISALLOW_OUTGOING_CALLS, 2372 UserManager.DISALLOW_SMS); 2373 2374 for (UserInfo ui : mUserManager.getUsers()) { 2375 final int userId = ui.id; 2376 if (mOwners.getProfileOwnerUserRestrictionsNeedsMigration(userId)) { 2377 if (VERBOSE_LOG) { 2378 Log.v(LOG_TAG, "Migrating PO user restrictions for user " + userId); 2379 } 2380 migrated = true; 2381 2382 final ActiveAdmin profileOwnerAdmin = getProfileOwnerAdminLocked(userId); 2383 2384 final Set<String> exceptionList = 2385 (userId == UserHandle.USER_SYSTEM) ? null : secondaryUserExceptionList; 2386 2387 migrateUserRestrictionsForUser(ui.getUserHandle(), profileOwnerAdmin, 2388 exceptionList, /* isDeviceOwner =*/ false); 2389 2390 // Note if a secondary user has no PO but has a DA that disables camera, we 2391 // don't get here and won't push the camera user restriction to UserManager 2392 // here. That's okay because we'll push user restrictions anyway when a user 2393 // starts. But we still do it because we want to let user manager persist 2394 // upon migration. 2395 pushUserRestrictions(userId); 2396 2397 mOwners.setProfileOwnerUserRestrictionsMigrated(userId); 2398 } 2399 } 2400 if (VERBOSE_LOG && migrated) { 2401 Log.v(LOG_TAG, "User restrictions migrated."); 2402 } 2403 } 2404 2405 private void migrateUserRestrictionsForUser(UserHandle user, ActiveAdmin admin, 2406 Set<String> exceptionList, boolean isDeviceOwner) { 2407 final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions( 2408 user.getIdentifier()); 2409 2410 final Bundle newBaseRestrictions = new Bundle(); 2411 final Bundle newOwnerRestrictions = new Bundle(); 2412 2413 for (String key : origRestrictions.keySet()) { 2414 if (!origRestrictions.getBoolean(key)) { 2415 continue; 2416 } 2417 final boolean canOwnerChange = isDeviceOwner 2418 ? UserRestrictionsUtils.canDeviceOwnerChange(key) 2419 : UserRestrictionsUtils.canProfileOwnerChange(key, user.getIdentifier()); 2420 2421 if (!canOwnerChange || (exceptionList!= null && exceptionList.contains(key))) { 2422 newBaseRestrictions.putBoolean(key, true); 2423 } else { 2424 newOwnerRestrictions.putBoolean(key, true); 2425 } 2426 } 2427 2428 if (VERBOSE_LOG) { 2429 Log.v(LOG_TAG, "origRestrictions=" + origRestrictions); 2430 Log.v(LOG_TAG, "newBaseRestrictions=" + newBaseRestrictions); 2431 Log.v(LOG_TAG, "newOwnerRestrictions=" + newOwnerRestrictions); 2432 } 2433 mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(), 2434 newBaseRestrictions); 2435 2436 if (admin != null) { 2437 admin.ensureUserRestrictions().clear(); 2438 admin.ensureUserRestrictions().putAll(newOwnerRestrictions); 2439 } else { 2440 Slog.w(LOG_TAG, "ActiveAdmin for DO/PO not found. user=" + user.getIdentifier()); 2441 } 2442 saveSettingsLocked(user.getIdentifier()); 2443 } 2444 2445 private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) { 2446 final DevicePolicyData policy = getUserData(userId); 2447 final int n = policy.mAdminList.size(); 2448 ComponentName found = null; 2449 int nFound = 0; 2450 for (int i = 0; i < n; i++) { 2451 final ActiveAdmin admin = policy.mAdminList.get(i); 2452 if (packageName.equals(admin.info.getPackageName())) { 2453 // Found! 2454 if (nFound == 0) { 2455 found = admin.info.getComponent(); 2456 } 2457 nFound++; 2458 } 2459 } 2460 if (nFound > 1) { 2461 Slog.w(LOG_TAG, "Multiple DA found; assume the first one is DO."); 2462 } 2463 return found; 2464 } 2465 2466 /** 2467 * Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration 2468 * reminders. Clears alarm if no expirations are configured. 2469 */ 2470 private void setExpirationAlarmCheckLocked(Context context, int userHandle, boolean parent) { 2471 final long expiration = getPasswordExpirationLocked(null, userHandle, parent); 2472 final long now = System.currentTimeMillis(); 2473 final long timeToExpire = expiration - now; 2474 final long alarmTime; 2475 if (expiration == 0) { 2476 // No expirations are currently configured: Cancel alarm. 2477 alarmTime = 0; 2478 } else if (timeToExpire <= 0) { 2479 // The password has already expired: Repeat every 24 hours. 2480 alarmTime = now + MS_PER_DAY; 2481 } else { 2482 // Selecting the next alarm time: Roll forward to the next 24 hour multiple before 2483 // the expiration time. 2484 long alarmInterval = timeToExpire % MS_PER_DAY; 2485 if (alarmInterval == 0) { 2486 alarmInterval = MS_PER_DAY; 2487 } 2488 alarmTime = now + alarmInterval; 2489 } 2490 2491 long token = mInjector.binderClearCallingIdentity(); 2492 try { 2493 int affectedUserHandle = parent ? getProfileParentId(userHandle) : userHandle; 2494 AlarmManager am = mInjector.getAlarmManager(); 2495 PendingIntent pi = PendingIntent.getBroadcastAsUser(context, REQUEST_EXPIRE_PASSWORD, 2496 new Intent(ACTION_EXPIRED_PASSWORD_NOTIFICATION), 2497 PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_UPDATE_CURRENT, 2498 UserHandle.of(affectedUserHandle)); 2499 am.cancel(pi); 2500 if (alarmTime != 0) { 2501 am.set(AlarmManager.RTC, alarmTime, pi); 2502 } 2503 } finally { 2504 mInjector.binderRestoreCallingIdentity(token); 2505 } 2506 } 2507 2508 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) { 2509 ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who); 2510 if (admin != null 2511 && who.getPackageName().equals(admin.info.getActivityInfo().packageName) 2512 && who.getClassName().equals(admin.info.getActivityInfo().name)) { 2513 return admin; 2514 } 2515 return null; 2516 } 2517 2518 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle, boolean parent) { 2519 if (parent) { 2520 enforceManagedProfile(userHandle, "call APIs on the parent profile"); 2521 } 2522 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 2523 if (admin != null && parent) { 2524 admin = admin.getParentActiveAdmin(); 2525 } 2526 return admin; 2527 } 2528 2529 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy) 2530 throws SecurityException { 2531 final int callingUid = mInjector.binderGetCallingUid(); 2532 2533 ActiveAdmin result = getActiveAdminWithPolicyForUidLocked(who, reqPolicy, callingUid); 2534 if (result != null) { 2535 return result; 2536 } 2537 2538 if (who != null) { 2539 final int userId = UserHandle.getUserId(callingUid); 2540 final DevicePolicyData policy = getUserData(userId); 2541 ActiveAdmin admin = policy.mAdminMap.get(who); 2542 if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { 2543 throw new SecurityException("Admin " + admin.info.getComponent() 2544 + " does not own the device"); 2545 } 2546 if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { 2547 throw new SecurityException("Admin " + admin.info.getComponent() 2548 + " does not own the profile"); 2549 } 2550 throw new SecurityException("Admin " + admin.info.getComponent() 2551 + " did not specify uses-policy for: " 2552 + admin.info.getTagForPolicy(reqPolicy)); 2553 } else { 2554 throw new SecurityException("No active admin owned by uid " 2555 + mInjector.binderGetCallingUid() + " for policy #" + reqPolicy); 2556 } 2557 } 2558 2559 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy, boolean parent) 2560 throws SecurityException { 2561 if (parent) { 2562 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), 2563 "call APIs on the parent profile"); 2564 } 2565 ActiveAdmin admin = getActiveAdminForCallerLocked(who, reqPolicy); 2566 return parent ? admin.getParentActiveAdmin() : admin; 2567 } 2568 /** 2569 * Find the admin for the component and userId bit of the uid, then check 2570 * the admin's uid matches the uid. 2571 */ 2572 private ActiveAdmin getActiveAdminForUidLocked(ComponentName who, int uid) { 2573 final int userId = UserHandle.getUserId(uid); 2574 final DevicePolicyData policy = getUserData(userId); 2575 ActiveAdmin admin = policy.mAdminMap.get(who); 2576 if (admin == null) { 2577 throw new SecurityException("No active admin " + who); 2578 } 2579 if (admin.getUid() != uid) { 2580 throw new SecurityException("Admin " + who + " is not owned by uid " + uid); 2581 } 2582 return admin; 2583 } 2584 2585 private ActiveAdmin getActiveAdminWithPolicyForUidLocked(ComponentName who, int reqPolicy, 2586 int uid) { 2587 // Try to find an admin which can use reqPolicy 2588 final int userId = UserHandle.getUserId(uid); 2589 final DevicePolicyData policy = getUserData(userId); 2590 if (who != null) { 2591 ActiveAdmin admin = policy.mAdminMap.get(who); 2592 if (admin == null) { 2593 throw new SecurityException("No active admin " + who); 2594 } 2595 if (admin.getUid() != uid) { 2596 throw new SecurityException("Admin " + who + " is not owned by uid " + uid); 2597 } 2598 if (isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, userId)) { 2599 return admin; 2600 } 2601 } else { 2602 for (ActiveAdmin admin : policy.mAdminList) { 2603 if (admin.getUid() == uid && isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, 2604 userId)) { 2605 return admin; 2606 } 2607 } 2608 } 2609 2610 return null; 2611 } 2612 2613 @VisibleForTesting 2614 boolean isActiveAdminWithPolicyForUserLocked(ActiveAdmin admin, int reqPolicy, 2615 int userId) { 2616 final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userId); 2617 final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userId); 2618 2619 if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { 2620 return ownsDevice; 2621 } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { 2622 // DO always has the PO power. 2623 return ownsDevice || ownsProfile; 2624 } else { 2625 return admin.info.usesPolicy(reqPolicy); 2626 } 2627 } 2628 2629 void sendAdminCommandLocked(ActiveAdmin admin, String action) { 2630 sendAdminCommandLocked(admin, action, null); 2631 } 2632 2633 void sendAdminCommandLocked(ActiveAdmin admin, String action, BroadcastReceiver result) { 2634 sendAdminCommandLocked(admin, action, null, result); 2635 } 2636 2637 void sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras, 2638 BroadcastReceiver result) { 2639 sendAdminCommandLocked(admin, action, adminExtras, result, false); 2640 } 2641 2642 /** 2643 * Send an update to one specific admin, get notified when that admin returns a result. 2644 * 2645 * @return whether the broadcast was successfully sent 2646 */ 2647 boolean sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras, 2648 BroadcastReceiver result, boolean inForeground) { 2649 Intent intent = new Intent(action); 2650 intent.setComponent(admin.info.getComponent()); 2651 if (UserManager.isDeviceInDemoMode(mContext)) { 2652 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 2653 } 2654 if (action.equals(DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING)) { 2655 intent.putExtra("expiration", admin.passwordExpirationDate); 2656 } 2657 if (inForeground) { 2658 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 2659 } 2660 if (adminExtras != null) { 2661 intent.putExtras(adminExtras); 2662 } 2663 if (mInjector.getPackageManager().queryBroadcastReceiversAsUser( 2664 intent, 2665 PackageManager.MATCH_DEBUG_TRIAGED_MISSING, 2666 admin.getUserHandle()).isEmpty()) { 2667 return false; 2668 } 2669 if (result != null) { 2670 mContext.sendOrderedBroadcastAsUser(intent, admin.getUserHandle(), 2671 null, result, mHandler, Activity.RESULT_OK, null, null); 2672 } else { 2673 mContext.sendBroadcastAsUser(intent, admin.getUserHandle()); 2674 } 2675 return true; 2676 } 2677 2678 /** 2679 * Send an update to all admins of a user that enforce a specified policy. 2680 */ 2681 void sendAdminCommandLocked(String action, int reqPolicy, int userHandle, Bundle adminExtras) { 2682 final DevicePolicyData policy = getUserData(userHandle); 2683 final int count = policy.mAdminList.size(); 2684 for (int i = 0; i < count; i++) { 2685 final ActiveAdmin admin = policy.mAdminList.get(i); 2686 if (admin.info.usesPolicy(reqPolicy)) { 2687 sendAdminCommandLocked(admin, action, adminExtras, null); 2688 } 2689 } 2690 } 2691 2692 /** 2693 * Send an update intent to all admins of a user and its profiles. Only send to admins that 2694 * enforce a specified policy. 2695 */ 2696 private void sendAdminCommandToSelfAndProfilesLocked(String action, int reqPolicy, 2697 int userHandle, Bundle adminExtras) { 2698 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userHandle); 2699 for (int profileId : profileIds) { 2700 sendAdminCommandLocked(action, reqPolicy, profileId, adminExtras); 2701 } 2702 } 2703 2704 /** 2705 * Sends a broadcast to each profile that share the password unlock with the given user id. 2706 */ 2707 private void sendAdminCommandForLockscreenPoliciesLocked( 2708 String action, int reqPolicy, int userHandle) { 2709 final Bundle extras = new Bundle(); 2710 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 2711 if (isSeparateProfileChallengeEnabled(userHandle)) { 2712 sendAdminCommandLocked(action, reqPolicy, userHandle, extras); 2713 } else { 2714 sendAdminCommandToSelfAndProfilesLocked(action, reqPolicy, userHandle, extras); 2715 } 2716 } 2717 2718 void removeActiveAdminLocked(final ComponentName adminReceiver, final int userHandle) { 2719 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 2720 DevicePolicyData policy = getUserData(userHandle); 2721 if (admin != null && !policy.mRemovingAdmins.contains(adminReceiver)) { 2722 policy.mRemovingAdmins.add(adminReceiver); 2723 sendAdminCommandLocked(admin, 2724 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED, 2725 new BroadcastReceiver() { 2726 @Override 2727 public void onReceive(Context context, Intent intent) { 2728 removeAdminArtifacts(adminReceiver, userHandle); 2729 removePackageIfRequired(adminReceiver.getPackageName(), userHandle); 2730 } 2731 }); 2732 } 2733 } 2734 2735 2736 public DeviceAdminInfo findAdmin(ComponentName adminName, int userHandle, 2737 boolean throwForMissingPermission) { 2738 if (!mHasFeature) { 2739 return null; 2740 } 2741 enforceFullCrossUsersPermission(userHandle); 2742 ActivityInfo ai = null; 2743 try { 2744 ai = mIPackageManager.getReceiverInfo(adminName, 2745 PackageManager.GET_META_DATA | 2746 PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS | 2747 PackageManager.MATCH_DIRECT_BOOT_AWARE | 2748 PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userHandle); 2749 } catch (RemoteException e) { 2750 // shouldn't happen. 2751 } 2752 if (ai == null) { 2753 throw new IllegalArgumentException("Unknown admin: " + adminName); 2754 } 2755 2756 if (!permission.BIND_DEVICE_ADMIN.equals(ai.permission)) { 2757 final String message = "DeviceAdminReceiver " + adminName + " must be protected with " 2758 + permission.BIND_DEVICE_ADMIN; 2759 Slog.w(LOG_TAG, message); 2760 if (throwForMissingPermission && 2761 ai.applicationInfo.targetSdkVersion > Build.VERSION_CODES.M) { 2762 throw new IllegalArgumentException(message); 2763 } 2764 } 2765 2766 try { 2767 return new DeviceAdminInfo(mContext, ai); 2768 } catch (XmlPullParserException | IOException e) { 2769 Slog.w(LOG_TAG, "Bad device admin requested for user=" + userHandle + ": " + adminName, 2770 e); 2771 return null; 2772 } 2773 } 2774 2775 private File getPolicyFileDirectory(@UserIdInt int userId) { 2776 return userId == UserHandle.USER_SYSTEM 2777 ? new File(mInjector.getDevicePolicyFilePathForSystemUser()) 2778 : mInjector.environmentGetUserSystemDirectory(userId); 2779 } 2780 2781 private JournaledFile makeJournaledFile(@UserIdInt int userId) { 2782 final String base = new File(getPolicyFileDirectory(userId), DEVICE_POLICIES_XML) 2783 .getAbsolutePath(); 2784 if (VERBOSE_LOG) { 2785 Log.v(LOG_TAG, "Opening " + base); 2786 } 2787 return new JournaledFile(new File(base), new File(base + ".tmp")); 2788 } 2789 2790 private void saveSettingsLocked(int userHandle) { 2791 DevicePolicyData policy = getUserData(userHandle); 2792 JournaledFile journal = makeJournaledFile(userHandle); 2793 FileOutputStream stream = null; 2794 try { 2795 stream = new FileOutputStream(journal.chooseForWrite(), false); 2796 XmlSerializer out = new FastXmlSerializer(); 2797 out.setOutput(stream, StandardCharsets.UTF_8.name()); 2798 out.startDocument(null, true); 2799 2800 out.startTag(null, "policies"); 2801 if (policy.mRestrictionsProvider != null) { 2802 out.attribute(null, ATTR_PERMISSION_PROVIDER, 2803 policy.mRestrictionsProvider.flattenToString()); 2804 } 2805 if (policy.mUserSetupComplete) { 2806 out.attribute(null, ATTR_SETUP_COMPLETE, 2807 Boolean.toString(true)); 2808 } 2809 if (policy.mPaired) { 2810 out.attribute(null, ATTR_DEVICE_PAIRED, 2811 Boolean.toString(true)); 2812 } 2813 if (policy.mDeviceProvisioningConfigApplied) { 2814 out.attribute(null, ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED, 2815 Boolean.toString(true)); 2816 } 2817 if (policy.mUserProvisioningState != DevicePolicyManager.STATE_USER_UNMANAGED) { 2818 out.attribute(null, ATTR_PROVISIONING_STATE, 2819 Integer.toString(policy.mUserProvisioningState)); 2820 } 2821 if (policy.mPermissionPolicy != DevicePolicyManager.PERMISSION_POLICY_PROMPT) { 2822 out.attribute(null, ATTR_PERMISSION_POLICY, 2823 Integer.toString(policy.mPermissionPolicy)); 2824 } 2825 2826 // Serialize delegations. 2827 for (int i = 0; i < policy.mDelegationMap.size(); ++i) { 2828 final String delegatePackage = policy.mDelegationMap.keyAt(i); 2829 final List<String> scopes = policy.mDelegationMap.valueAt(i); 2830 2831 // Every "delegation" tag serializes the information of one delegate-scope pair. 2832 for (String scope : scopes) { 2833 out.startTag(null, "delegation"); 2834 out.attribute(null, "delegatePackage", delegatePackage); 2835 out.attribute(null, "scope", scope); 2836 out.endTag(null, "delegation"); 2837 } 2838 } 2839 2840 final int N = policy.mAdminList.size(); 2841 for (int i=0; i<N; i++) { 2842 ActiveAdmin ap = policy.mAdminList.get(i); 2843 if (ap != null) { 2844 out.startTag(null, "admin"); 2845 out.attribute(null, "name", ap.info.getComponent().flattenToString()); 2846 ap.writeToXml(out); 2847 out.endTag(null, "admin"); 2848 } 2849 } 2850 2851 if (policy.mPasswordOwner >= 0) { 2852 out.startTag(null, "password-owner"); 2853 out.attribute(null, "value", Integer.toString(policy.mPasswordOwner)); 2854 out.endTag(null, "password-owner"); 2855 } 2856 2857 if (policy.mFailedPasswordAttempts != 0) { 2858 out.startTag(null, "failed-password-attempts"); 2859 out.attribute(null, "value", Integer.toString(policy.mFailedPasswordAttempts)); 2860 out.endTag(null, "failed-password-attempts"); 2861 } 2862 2863 // For FDE devices only, we save this flag so we can report on password sufficiency 2864 // before the user enters their password for the first time after a reboot. For 2865 // security reasons, we don't want to store the full set of active password metrics. 2866 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 2867 out.startTag(null, TAG_PASSWORD_VALIDITY); 2868 out.attribute(null, ATTR_VALUE, 2869 Boolean.toString(policy.mPasswordValidAtLastCheckpoint)); 2870 out.endTag(null, TAG_PASSWORD_VALIDITY); 2871 } 2872 2873 for (int i = 0; i < policy.mAcceptedCaCertificates.size(); i++) { 2874 out.startTag(null, TAG_ACCEPTED_CA_CERTIFICATES); 2875 out.attribute(null, ATTR_NAME, policy.mAcceptedCaCertificates.valueAt(i)); 2876 out.endTag(null, TAG_ACCEPTED_CA_CERTIFICATES); 2877 } 2878 2879 for (int i=0; i<policy.mLockTaskPackages.size(); i++) { 2880 String component = policy.mLockTaskPackages.get(i); 2881 out.startTag(null, TAG_LOCK_TASK_COMPONENTS); 2882 out.attribute(null, "name", component); 2883 out.endTag(null, TAG_LOCK_TASK_COMPONENTS); 2884 } 2885 2886 if (policy.mLockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE) { 2887 out.startTag(null, TAG_LOCK_TASK_FEATURES); 2888 out.attribute(null, ATTR_VALUE, Integer.toString(policy.mLockTaskFeatures)); 2889 out.endTag(null, TAG_LOCK_TASK_FEATURES); 2890 } 2891 2892 if (policy.mStatusBarDisabled) { 2893 out.startTag(null, TAG_STATUS_BAR); 2894 out.attribute(null, ATTR_DISABLED, Boolean.toString(policy.mStatusBarDisabled)); 2895 out.endTag(null, TAG_STATUS_BAR); 2896 } 2897 2898 if (policy.doNotAskCredentialsOnBoot) { 2899 out.startTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML); 2900 out.endTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML); 2901 } 2902 2903 for (String id : policy.mAffiliationIds) { 2904 out.startTag(null, TAG_AFFILIATION_ID); 2905 out.attribute(null, ATTR_ID, id); 2906 out.endTag(null, TAG_AFFILIATION_ID); 2907 } 2908 2909 if (policy.mLastSecurityLogRetrievalTime >= 0) { 2910 out.startTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL); 2911 out.attribute(null, ATTR_VALUE, 2912 Long.toString(policy.mLastSecurityLogRetrievalTime)); 2913 out.endTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL); 2914 } 2915 2916 if (policy.mLastBugReportRequestTime >= 0) { 2917 out.startTag(null, TAG_LAST_BUG_REPORT_REQUEST); 2918 out.attribute(null, ATTR_VALUE, 2919 Long.toString(policy.mLastBugReportRequestTime)); 2920 out.endTag(null, TAG_LAST_BUG_REPORT_REQUEST); 2921 } 2922 2923 if (policy.mLastNetworkLogsRetrievalTime >= 0) { 2924 out.startTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL); 2925 out.attribute(null, ATTR_VALUE, 2926 Long.toString(policy.mLastNetworkLogsRetrievalTime)); 2927 out.endTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL); 2928 } 2929 2930 if (policy.mAdminBroadcastPending) { 2931 out.startTag(null, TAG_ADMIN_BROADCAST_PENDING); 2932 out.attribute(null, ATTR_VALUE, 2933 Boolean.toString(policy.mAdminBroadcastPending)); 2934 out.endTag(null, TAG_ADMIN_BROADCAST_PENDING); 2935 } 2936 2937 if (policy.mInitBundle != null) { 2938 out.startTag(null, TAG_INITIALIZATION_BUNDLE); 2939 policy.mInitBundle.saveToXml(out); 2940 out.endTag(null, TAG_INITIALIZATION_BUNDLE); 2941 } 2942 2943 if (policy.mPasswordTokenHandle != 0) { 2944 out.startTag(null, TAG_PASSWORD_TOKEN_HANDLE); 2945 out.attribute(null, ATTR_VALUE, 2946 Long.toString(policy.mPasswordTokenHandle)); 2947 out.endTag(null, TAG_PASSWORD_TOKEN_HANDLE); 2948 } 2949 2950 if (policy.mCurrentInputMethodSet) { 2951 out.startTag(null, TAG_CURRENT_INPUT_METHOD_SET); 2952 out.endTag(null, TAG_CURRENT_INPUT_METHOD_SET); 2953 } 2954 2955 for (final String cert : policy.mOwnerInstalledCaCerts) { 2956 out.startTag(null, TAG_OWNER_INSTALLED_CA_CERT); 2957 out.attribute(null, ATTR_ALIAS, cert); 2958 out.endTag(null, TAG_OWNER_INSTALLED_CA_CERT); 2959 } 2960 2961 out.endTag(null, "policies"); 2962 2963 out.endDocument(); 2964 stream.flush(); 2965 FileUtils.sync(stream); 2966 stream.close(); 2967 journal.commit(); 2968 sendChangedNotification(userHandle); 2969 } catch (XmlPullParserException | IOException e) { 2970 Slog.w(LOG_TAG, "failed writing file", e); 2971 try { 2972 if (stream != null) { 2973 stream.close(); 2974 } 2975 } catch (IOException ex) { 2976 // Ignore 2977 } 2978 journal.rollback(); 2979 } 2980 } 2981 2982 private void sendChangedNotification(int userHandle) { 2983 Intent intent = new Intent(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); 2984 intent.setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 2985 long ident = mInjector.binderClearCallingIdentity(); 2986 try { 2987 mContext.sendBroadcastAsUser(intent, new UserHandle(userHandle)); 2988 } finally { 2989 mInjector.binderRestoreCallingIdentity(ident); 2990 } 2991 } 2992 2993 private void loadSettingsLocked(DevicePolicyData policy, int userHandle) { 2994 JournaledFile journal = makeJournaledFile(userHandle); 2995 FileInputStream stream = null; 2996 File file = journal.chooseForRead(); 2997 boolean needsRewrite = false; 2998 try { 2999 stream = new FileInputStream(file); 3000 XmlPullParser parser = Xml.newPullParser(); 3001 parser.setInput(stream, StandardCharsets.UTF_8.name()); 3002 3003 int type; 3004 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT 3005 && type != XmlPullParser.START_TAG) { 3006 } 3007 String tag = parser.getName(); 3008 if (!"policies".equals(tag)) { 3009 throw new XmlPullParserException( 3010 "Settings do not start with policies tag: found " + tag); 3011 } 3012 3013 // Extract the permission provider component name if available 3014 String permissionProvider = parser.getAttributeValue(null, ATTR_PERMISSION_PROVIDER); 3015 if (permissionProvider != null) { 3016 policy.mRestrictionsProvider = ComponentName.unflattenFromString(permissionProvider); 3017 } 3018 String userSetupComplete = parser.getAttributeValue(null, ATTR_SETUP_COMPLETE); 3019 if (userSetupComplete != null && Boolean.toString(true).equals(userSetupComplete)) { 3020 policy.mUserSetupComplete = true; 3021 } 3022 String paired = parser.getAttributeValue(null, ATTR_DEVICE_PAIRED); 3023 if (paired != null && Boolean.toString(true).equals(paired)) { 3024 policy.mPaired = true; 3025 } 3026 String deviceProvisioningConfigApplied = parser.getAttributeValue(null, 3027 ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED); 3028 if (deviceProvisioningConfigApplied != null 3029 && Boolean.toString(true).equals(deviceProvisioningConfigApplied)) { 3030 policy.mDeviceProvisioningConfigApplied = true; 3031 } 3032 String provisioningState = parser.getAttributeValue(null, ATTR_PROVISIONING_STATE); 3033 if (!TextUtils.isEmpty(provisioningState)) { 3034 policy.mUserProvisioningState = Integer.parseInt(provisioningState); 3035 } 3036 String permissionPolicy = parser.getAttributeValue(null, ATTR_PERMISSION_POLICY); 3037 if (!TextUtils.isEmpty(permissionPolicy)) { 3038 policy.mPermissionPolicy = Integer.parseInt(permissionPolicy); 3039 } 3040 // Check for delegation compatibility with pre-O. 3041 // TODO(edmanp) remove in P. 3042 { 3043 final String certDelegate = parser.getAttributeValue(null, 3044 ATTR_DELEGATED_CERT_INSTALLER); 3045 if (certDelegate != null) { 3046 List<String> scopes = policy.mDelegationMap.get(certDelegate); 3047 if (scopes == null) { 3048 scopes = new ArrayList<>(); 3049 policy.mDelegationMap.put(certDelegate, scopes); 3050 } 3051 if (!scopes.contains(DELEGATION_CERT_INSTALL)) { 3052 scopes.add(DELEGATION_CERT_INSTALL); 3053 needsRewrite = true; 3054 } 3055 } 3056 final String appRestrictionsDelegate = parser.getAttributeValue(null, 3057 ATTR_APPLICATION_RESTRICTIONS_MANAGER); 3058 if (appRestrictionsDelegate != null) { 3059 List<String> scopes = policy.mDelegationMap.get(appRestrictionsDelegate); 3060 if (scopes == null) { 3061 scopes = new ArrayList<>(); 3062 policy.mDelegationMap.put(appRestrictionsDelegate, scopes); 3063 } 3064 if (!scopes.contains(DELEGATION_APP_RESTRICTIONS)) { 3065 scopes.add(DELEGATION_APP_RESTRICTIONS); 3066 needsRewrite = true; 3067 } 3068 } 3069 } 3070 3071 type = parser.next(); 3072 int outerDepth = parser.getDepth(); 3073 policy.mLockTaskPackages.clear(); 3074 policy.mAdminList.clear(); 3075 policy.mAdminMap.clear(); 3076 policy.mAffiliationIds.clear(); 3077 policy.mOwnerInstalledCaCerts.clear(); 3078 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT 3079 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 3080 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 3081 continue; 3082 } 3083 tag = parser.getName(); 3084 if ("admin".equals(tag)) { 3085 String name = parser.getAttributeValue(null, "name"); 3086 try { 3087 DeviceAdminInfo dai = findAdmin( 3088 ComponentName.unflattenFromString(name), userHandle, 3089 /* throwForMissingPermission= */ false); 3090 if (VERBOSE_LOG 3091 && (UserHandle.getUserId(dai.getActivityInfo().applicationInfo.uid) 3092 != userHandle)) { 3093 Slog.w(LOG_TAG, "findAdmin returned an incorrect uid " 3094 + dai.getActivityInfo().applicationInfo.uid + " for user " 3095 + userHandle); 3096 } 3097 if (dai != null) { 3098 ActiveAdmin ap = new ActiveAdmin(dai, /* parent */ false); 3099 ap.readFromXml(parser); 3100 policy.mAdminMap.put(ap.info.getComponent(), ap); 3101 } 3102 } catch (RuntimeException e) { 3103 Slog.w(LOG_TAG, "Failed loading admin " + name, e); 3104 } 3105 } else if ("delegation".equals(tag)) { 3106 // Parse delegation info. 3107 final String delegatePackage = parser.getAttributeValue(null, 3108 "delegatePackage"); 3109 final String scope = parser.getAttributeValue(null, "scope"); 3110 3111 // Get a reference to the scopes list for the delegatePackage. 3112 List<String> scopes = policy.mDelegationMap.get(delegatePackage); 3113 // Or make a new list if none was found. 3114 if (scopes == null) { 3115 scopes = new ArrayList<>(); 3116 policy.mDelegationMap.put(delegatePackage, scopes); 3117 } 3118 // Add the new scope to the list of delegatePackage if it's not already there. 3119 if (!scopes.contains(scope)) { 3120 scopes.add(scope); 3121 } 3122 } else if ("failed-password-attempts".equals(tag)) { 3123 policy.mFailedPasswordAttempts = Integer.parseInt( 3124 parser.getAttributeValue(null, "value")); 3125 } else if ("password-owner".equals(tag)) { 3126 policy.mPasswordOwner = Integer.parseInt( 3127 parser.getAttributeValue(null, "value")); 3128 } else if (TAG_ACCEPTED_CA_CERTIFICATES.equals(tag)) { 3129 policy.mAcceptedCaCertificates.add(parser.getAttributeValue(null, ATTR_NAME)); 3130 } else if (TAG_LOCK_TASK_COMPONENTS.equals(tag)) { 3131 policy.mLockTaskPackages.add(parser.getAttributeValue(null, "name")); 3132 } else if (TAG_LOCK_TASK_FEATURES.equals(tag)) { 3133 policy.mLockTaskFeatures = Integer.parseInt( 3134 parser.getAttributeValue(null, ATTR_VALUE)); 3135 } else if (TAG_STATUS_BAR.equals(tag)) { 3136 policy.mStatusBarDisabled = Boolean.parseBoolean( 3137 parser.getAttributeValue(null, ATTR_DISABLED)); 3138 } else if (DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML.equals(tag)) { 3139 policy.doNotAskCredentialsOnBoot = true; 3140 } else if (TAG_AFFILIATION_ID.equals(tag)) { 3141 policy.mAffiliationIds.add(parser.getAttributeValue(null, ATTR_ID)); 3142 } else if (TAG_LAST_SECURITY_LOG_RETRIEVAL.equals(tag)) { 3143 policy.mLastSecurityLogRetrievalTime = Long.parseLong( 3144 parser.getAttributeValue(null, ATTR_VALUE)); 3145 } else if (TAG_LAST_BUG_REPORT_REQUEST.equals(tag)) { 3146 policy.mLastBugReportRequestTime = Long.parseLong( 3147 parser.getAttributeValue(null, ATTR_VALUE)); 3148 } else if (TAG_LAST_NETWORK_LOG_RETRIEVAL.equals(tag)) { 3149 policy.mLastNetworkLogsRetrievalTime = Long.parseLong( 3150 parser.getAttributeValue(null, ATTR_VALUE)); 3151 } else if (TAG_ADMIN_BROADCAST_PENDING.equals(tag)) { 3152 String pending = parser.getAttributeValue(null, ATTR_VALUE); 3153 policy.mAdminBroadcastPending = Boolean.toString(true).equals(pending); 3154 } else if (TAG_INITIALIZATION_BUNDLE.equals(tag)) { 3155 policy.mInitBundle = PersistableBundle.restoreFromXml(parser); 3156 } else if ("active-password".equals(tag)) { 3157 // Remove password metrics from saved settings, as we no longer wish to store 3158 // these on disk 3159 needsRewrite = true; 3160 } else if (TAG_PASSWORD_VALIDITY.equals(tag)) { 3161 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 3162 // This flag is only used for FDE devices 3163 policy.mPasswordValidAtLastCheckpoint = Boolean.parseBoolean( 3164 parser.getAttributeValue(null, ATTR_VALUE)); 3165 } 3166 } else if (TAG_PASSWORD_TOKEN_HANDLE.equals(tag)) { 3167 policy.mPasswordTokenHandle = Long.parseLong( 3168 parser.getAttributeValue(null, ATTR_VALUE)); 3169 } else if (TAG_CURRENT_INPUT_METHOD_SET.equals(tag)) { 3170 policy.mCurrentInputMethodSet = true; 3171 } else if (TAG_OWNER_INSTALLED_CA_CERT.equals(tag)) { 3172 policy.mOwnerInstalledCaCerts.add(parser.getAttributeValue(null, ATTR_ALIAS)); 3173 } else { 3174 Slog.w(LOG_TAG, "Unknown tag: " + tag); 3175 XmlUtils.skipCurrentTag(parser); 3176 } 3177 } 3178 } catch (FileNotFoundException e) { 3179 // Don't be noisy, this is normal if we haven't defined any policies. 3180 } catch (NullPointerException | NumberFormatException | XmlPullParserException | IOException 3181 | IndexOutOfBoundsException e) { 3182 Slog.w(LOG_TAG, "failed parsing " + file, e); 3183 } 3184 try { 3185 if (stream != null) { 3186 stream.close(); 3187 } 3188 } catch (IOException e) { 3189 // Ignore 3190 } 3191 3192 // Generate a list of admins from the admin map 3193 policy.mAdminList.addAll(policy.mAdminMap.values()); 3194 3195 // Might need to upgrade the file by rewriting it 3196 if (needsRewrite) { 3197 saveSettingsLocked(userHandle); 3198 } 3199 3200 validatePasswordOwnerLocked(policy); 3201 updateMaximumTimeToLockLocked(userHandle); 3202 updateLockTaskPackagesLocked(policy.mLockTaskPackages, userHandle); 3203 updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle); 3204 if (policy.mStatusBarDisabled) { 3205 setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle); 3206 } 3207 } 3208 3209 private void updateLockTaskPackagesLocked(List<String> packages, int userId) { 3210 long ident = mInjector.binderClearCallingIdentity(); 3211 try { 3212 mInjector.getIActivityManager() 3213 .updateLockTaskPackages(userId, packages.toArray(new String[packages.size()])); 3214 } catch (RemoteException e) { 3215 // Not gonna happen. 3216 } finally { 3217 mInjector.binderRestoreCallingIdentity(ident); 3218 } 3219 } 3220 3221 private void updateLockTaskFeaturesLocked(int flags, int userId) { 3222 long ident = mInjector.binderClearCallingIdentity(); 3223 try { 3224 mInjector.getIActivityManager() 3225 .updateLockTaskFeatures(userId, flags); 3226 } catch (RemoteException e) { 3227 // Not gonna happen. 3228 } finally { 3229 mInjector.binderRestoreCallingIdentity(ident); 3230 } 3231 } 3232 3233 private void updateDeviceOwnerLocked() { 3234 long ident = mInjector.binderClearCallingIdentity(); 3235 try { 3236 // TODO This is to prevent DO from getting "clear data"ed, but it should also check the 3237 // user id and also protect all other DAs too. 3238 final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 3239 if (deviceOwnerComponent != null) { 3240 mInjector.getIActivityManager() 3241 .updateDeviceOwner(deviceOwnerComponent.getPackageName()); 3242 } 3243 } catch (RemoteException e) { 3244 // Not gonna happen. 3245 } finally { 3246 mInjector.binderRestoreCallingIdentity(ident); 3247 } 3248 } 3249 3250 static void validateQualityConstant(int quality) { 3251 switch (quality) { 3252 case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED: 3253 case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK: 3254 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: 3255 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: 3256 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: 3257 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: 3258 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: 3259 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: 3260 case DevicePolicyManager.PASSWORD_QUALITY_MANAGED: 3261 return; 3262 } 3263 throw new IllegalArgumentException("Invalid quality constant: 0x" 3264 + Integer.toHexString(quality)); 3265 } 3266 3267 void validatePasswordOwnerLocked(DevicePolicyData policy) { 3268 if (policy.mPasswordOwner >= 0) { 3269 boolean haveOwner = false; 3270 for (int i = policy.mAdminList.size() - 1; i >= 0; i--) { 3271 if (policy.mAdminList.get(i).getUid() == policy.mPasswordOwner) { 3272 haveOwner = true; 3273 break; 3274 } 3275 } 3276 if (!haveOwner) { 3277 Slog.w(LOG_TAG, "Previous password owner " + policy.mPasswordOwner 3278 + " no longer active; disabling"); 3279 policy.mPasswordOwner = -1; 3280 } 3281 } 3282 } 3283 3284 @VisibleForTesting 3285 @Override 3286 void systemReady(int phase) { 3287 if (!mHasFeature) { 3288 return; 3289 } 3290 switch (phase) { 3291 case SystemService.PHASE_LOCK_SETTINGS_READY: 3292 onLockSettingsReady(); 3293 loadAdminDataAsync(); 3294 break; 3295 case SystemService.PHASE_BOOT_COMPLETED: 3296 ensureDeviceOwnerUserStarted(); // TODO Consider better place to do this. 3297 break; 3298 } 3299 } 3300 3301 private void onLockSettingsReady() { 3302 getUserData(UserHandle.USER_SYSTEM); 3303 loadOwners(); 3304 cleanUpOldUsers(); 3305 maybeSetDefaultProfileOwnerUserRestrictions(); 3306 handleStartUser(UserHandle.USER_SYSTEM); 3307 maybeLogStart(); 3308 3309 // Register an observer for watching for user setup complete and settings changes. 3310 mSetupContentObserver.register(); 3311 // Initialize the user setup state, to handle the upgrade case. 3312 updateUserSetupCompleteAndPaired(); 3313 3314 List<String> packageList; 3315 synchronized (this) { 3316 packageList = getKeepUninstalledPackagesLocked(); 3317 } 3318 if (packageList != null) { 3319 mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList); 3320 } 3321 3322 synchronized (this) { 3323 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 3324 if (deviceOwner != null) { 3325 // Push the force-ephemeral-users policy to the user manager. 3326 mUserManagerInternal.setForceEphemeralUsers(deviceOwner.forceEphemeralUsers); 3327 3328 // Update user switcher message to activity manager. 3329 ActivityManagerInternal activityManagerInternal = 3330 mInjector.getActivityManagerInternal(); 3331 activityManagerInternal.setSwitchingFromSystemUserMessage( 3332 deviceOwner.startUserSessionMessage); 3333 activityManagerInternal.setSwitchingToSystemUserMessage( 3334 deviceOwner.endUserSessionMessage); 3335 } 3336 3337 revertTransferOwnershipIfNecessaryLocked(); 3338 } 3339 } 3340 3341 private void revertTransferOwnershipIfNecessaryLocked() { 3342 if (!mTransferOwnershipMetadataManager.metadataFileExists()) { 3343 return; 3344 } 3345 Slog.e(LOG_TAG, "Owner transfer metadata file exists! Reverting transfer."); 3346 final TransferOwnershipMetadataManager.Metadata metadata = 3347 mTransferOwnershipMetadataManager.loadMetadataFile(); 3348 // Revert transfer 3349 if (metadata.adminType.equals(ADMIN_TYPE_PROFILE_OWNER)) { 3350 transferProfileOwnershipLocked(metadata.targetComponent, metadata.sourceComponent, 3351 metadata.userId); 3352 deleteTransferOwnershipMetadataFileLocked(); 3353 deleteTransferOwnershipBundleLocked(metadata.userId); 3354 } else if (metadata.adminType.equals(ADMIN_TYPE_DEVICE_OWNER)) { 3355 transferDeviceOwnershipLocked(metadata.targetComponent, metadata.sourceComponent, 3356 metadata.userId); 3357 deleteTransferOwnershipMetadataFileLocked(); 3358 deleteTransferOwnershipBundleLocked(metadata.userId); 3359 } 3360 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ true); 3361 } 3362 3363 private void maybeLogStart() { 3364 if (!SecurityLog.isLoggingEnabled()) { 3365 return; 3366 } 3367 final String verifiedBootState = 3368 mInjector.systemPropertiesGet("ro.boot.verifiedbootstate"); 3369 final String verityMode = mInjector.systemPropertiesGet("ro.boot.veritymode"); 3370 SecurityLog.writeEvent(SecurityLog.TAG_OS_STARTUP, verifiedBootState, verityMode); 3371 } 3372 3373 private void ensureDeviceOwnerUserStarted() { 3374 final int userId; 3375 synchronized (this) { 3376 if (!mOwners.hasDeviceOwner()) { 3377 return; 3378 } 3379 userId = mOwners.getDeviceOwnerUserId(); 3380 } 3381 if (VERBOSE_LOG) { 3382 Log.v(LOG_TAG, "Starting non-system DO user: " + userId); 3383 } 3384 if (userId != UserHandle.USER_SYSTEM) { 3385 try { 3386 mInjector.getIActivityManager().startUserInBackground(userId); 3387 3388 // STOPSHIP Prevent the DO user from being killed. 3389 3390 } catch (RemoteException e) { 3391 Slog.w(LOG_TAG, "Exception starting user", e); 3392 } 3393 } 3394 } 3395 3396 @Override 3397 void handleStartUser(int userId) { 3398 updateScreenCaptureDisabledInWindowManager(userId, 3399 getScreenCaptureDisabled(null, userId)); 3400 pushUserRestrictions(userId); 3401 3402 startOwnerService(userId, "start-user"); 3403 } 3404 3405 @Override 3406 void handleUnlockUser(int userId) { 3407 startOwnerService(userId, "unlock-user"); 3408 } 3409 3410 @Override 3411 void handleStopUser(int userId) { 3412 stopOwnerService(userId, "stop-user"); 3413 } 3414 3415 private void startOwnerService(int userId, String actionForLog) { 3416 final ComponentName owner = getOwnerComponent(userId); 3417 if (owner != null) { 3418 mDeviceAdminServiceController.startServiceForOwner( 3419 owner.getPackageName(), userId, actionForLog); 3420 } 3421 } 3422 3423 private void stopOwnerService(int userId, String actionForLog) { 3424 mDeviceAdminServiceController.stopServiceForOwner(userId, actionForLog); 3425 } 3426 3427 private void cleanUpOldUsers() { 3428 // This is needed in case the broadcast {@link Intent.ACTION_USER_REMOVED} was not handled 3429 // before reboot 3430 Set<Integer> usersWithProfileOwners; 3431 Set<Integer> usersWithData; 3432 synchronized(this) { 3433 usersWithProfileOwners = mOwners.getProfileOwnerKeys(); 3434 usersWithData = new ArraySet<>(); 3435 for (int i = 0; i < mUserData.size(); i++) { 3436 usersWithData.add(mUserData.keyAt(i)); 3437 } 3438 } 3439 List<UserInfo> allUsers = mUserManager.getUsers(); 3440 3441 Set<Integer> deletedUsers = new ArraySet<>(); 3442 deletedUsers.addAll(usersWithProfileOwners); 3443 deletedUsers.addAll(usersWithData); 3444 for (UserInfo userInfo : allUsers) { 3445 deletedUsers.remove(userInfo.id); 3446 } 3447 for (Integer userId : deletedUsers) { 3448 removeUserData(userId); 3449 } 3450 } 3451 3452 private void handlePasswordExpirationNotification(int userHandle) { 3453 final Bundle adminExtras = new Bundle(); 3454 adminExtras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 3455 3456 synchronized (this) { 3457 final long now = System.currentTimeMillis(); 3458 3459 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 3460 userHandle, /* parent */ false); 3461 final int N = admins.size(); 3462 for (int i = 0; i < N; i++) { 3463 ActiveAdmin admin = admins.get(i); 3464 if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD) 3465 && admin.passwordExpirationTimeout > 0L 3466 && now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS 3467 && admin.passwordExpirationDate > 0L) { 3468 sendAdminCommandLocked(admin, 3469 DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING, adminExtras, null); 3470 } 3471 } 3472 setExpirationAlarmCheckLocked(mContext, userHandle, /* parent */ false); 3473 } 3474 } 3475 3476 /** 3477 * Clean up internal state when the set of installed trusted CA certificates changes. 3478 * 3479 * @param userHandle user to check for. This must be a real user and not, for example, 3480 * {@link UserHandle#ALL}. 3481 * @param installedCertificates the full set of certificate authorities currently installed for 3482 * {@param userHandle}. After calling this function, {@code mAcceptedCaCertificates} will 3483 * correspond to some subset of this. 3484 */ 3485 protected void onInstalledCertificatesChanged(final UserHandle userHandle, 3486 final @NonNull Collection<String> installedCertificates) { 3487 if (!mHasFeature) { 3488 return; 3489 } 3490 enforceManageUsers(); 3491 3492 synchronized (this) { 3493 final DevicePolicyData policy = getUserData(userHandle.getIdentifier()); 3494 3495 boolean changed = false; 3496 changed |= policy.mAcceptedCaCertificates.retainAll(installedCertificates); 3497 changed |= policy.mOwnerInstalledCaCerts.retainAll(installedCertificates); 3498 if (changed) { 3499 saveSettingsLocked(userHandle.getIdentifier()); 3500 } 3501 } 3502 } 3503 3504 /** 3505 * Internal method used by {@link CertificateMonitor}. 3506 */ 3507 protected Set<String> getAcceptedCaCertificates(final UserHandle userHandle) { 3508 if (!mHasFeature) { 3509 return Collections.<String> emptySet(); 3510 } 3511 synchronized (this) { 3512 final DevicePolicyData policy = getUserData(userHandle.getIdentifier()); 3513 return policy.mAcceptedCaCertificates; 3514 } 3515 } 3516 3517 /** 3518 * @param adminReceiver The admin to add 3519 * @param refreshing true = update an active admin, no error 3520 */ 3521 @Override 3522 public void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle) { 3523 if (!mHasFeature) { 3524 return; 3525 } 3526 setActiveAdmin(adminReceiver, refreshing, userHandle, null); 3527 } 3528 3529 private void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle, 3530 Bundle onEnableData) { 3531 mContext.enforceCallingOrSelfPermission( 3532 android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); 3533 enforceFullCrossUsersPermission(userHandle); 3534 3535 DevicePolicyData policy = getUserData(userHandle); 3536 DeviceAdminInfo info = findAdmin(adminReceiver, userHandle, 3537 /* throwForMissingPermission= */ true); 3538 synchronized (this) { 3539 checkActiveAdminPrecondition(adminReceiver, info, policy); 3540 long ident = mInjector.binderClearCallingIdentity(); 3541 try { 3542 final ActiveAdmin existingAdmin 3543 = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3544 if (!refreshing && existingAdmin != null) { 3545 throw new IllegalArgumentException("Admin is already added"); 3546 } 3547 ActiveAdmin newAdmin = new ActiveAdmin(info, /* parent */ false); 3548 newAdmin.testOnlyAdmin = 3549 (existingAdmin != null) ? existingAdmin.testOnlyAdmin 3550 : isPackageTestOnly(adminReceiver.getPackageName(), userHandle); 3551 policy.mAdminMap.put(adminReceiver, newAdmin); 3552 int replaceIndex = -1; 3553 final int N = policy.mAdminList.size(); 3554 for (int i=0; i < N; i++) { 3555 ActiveAdmin oldAdmin = policy.mAdminList.get(i); 3556 if (oldAdmin.info.getComponent().equals(adminReceiver)) { 3557 replaceIndex = i; 3558 break; 3559 } 3560 } 3561 if (replaceIndex == -1) { 3562 policy.mAdminList.add(newAdmin); 3563 enableIfNecessary(info.getPackageName(), userHandle); 3564 mUsageStatsManagerInternal.onActiveAdminAdded( 3565 adminReceiver.getPackageName(), userHandle); 3566 } else { 3567 policy.mAdminList.set(replaceIndex, newAdmin); 3568 } 3569 saveSettingsLocked(userHandle); 3570 sendAdminCommandLocked(newAdmin, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 3571 onEnableData, null); 3572 } finally { 3573 mInjector.binderRestoreCallingIdentity(ident); 3574 } 3575 } 3576 } 3577 3578 private void loadAdminDataAsync() { 3579 mInjector.postOnSystemServerInitThreadPool(() -> { 3580 pushActiveAdminPackages(); 3581 mUsageStatsManagerInternal.onAdminDataAvailable(); 3582 pushAllMeteredRestrictedPackages(); 3583 mInjector.getNetworkPolicyManagerInternal().onAdminDataAvailable(); 3584 }); 3585 } 3586 3587 private void pushActiveAdminPackages() { 3588 synchronized (this) { 3589 final List<UserInfo> users = mUserManager.getUsers(); 3590 for (int i = users.size() - 1; i >= 0; --i) { 3591 final int userId = users.get(i).id; 3592 mUsageStatsManagerInternal.setActiveAdminApps( 3593 getActiveAdminPackagesLocked(userId), userId); 3594 } 3595 } 3596 } 3597 3598 private void pushAllMeteredRestrictedPackages() { 3599 synchronized (this) { 3600 final List<UserInfo> users = mUserManager.getUsers(); 3601 for (int i = users.size() - 1; i >= 0; --i) { 3602 final int userId = users.get(i).id; 3603 mInjector.getNetworkPolicyManagerInternal().setMeteredRestrictedPackagesAsync( 3604 getMeteredDisabledPackagesLocked(userId), userId); 3605 } 3606 } 3607 } 3608 3609 private void pushActiveAdminPackagesLocked(int userId) { 3610 mUsageStatsManagerInternal.setActiveAdminApps( 3611 getActiveAdminPackagesLocked(userId), userId); 3612 } 3613 3614 private Set<String> getActiveAdminPackagesLocked(int userId) { 3615 final DevicePolicyData policy = getUserData(userId); 3616 Set<String> adminPkgs = null; 3617 for (int i = policy.mAdminList.size() - 1; i >= 0; --i) { 3618 final String pkgName = policy.mAdminList.get(i).info.getPackageName(); 3619 if (adminPkgs == null) { 3620 adminPkgs = new ArraySet<>(); 3621 } 3622 adminPkgs.add(pkgName); 3623 } 3624 return adminPkgs; 3625 } 3626 3627 private void transferActiveAdminUncheckedLocked(ComponentName incomingReceiver, 3628 ComponentName outgoingReceiver, int userHandle) { 3629 final DevicePolicyData policy = getUserData(userHandle); 3630 if (!policy.mAdminMap.containsKey(outgoingReceiver) 3631 && policy.mAdminMap.containsKey(incomingReceiver)) { 3632 // Nothing to transfer - the incoming receiver is already the active admin. 3633 return; 3634 } 3635 final DeviceAdminInfo incomingDeviceInfo = findAdmin(incomingReceiver, userHandle, 3636 /* throwForMissingPermission= */ true); 3637 final ActiveAdmin adminToTransfer = policy.mAdminMap.get(outgoingReceiver); 3638 final int oldAdminUid = adminToTransfer.getUid(); 3639 3640 adminToTransfer.transfer(incomingDeviceInfo); 3641 policy.mAdminMap.remove(outgoingReceiver); 3642 policy.mAdminMap.put(incomingReceiver, adminToTransfer); 3643 if (policy.mPasswordOwner == oldAdminUid) { 3644 policy.mPasswordOwner = adminToTransfer.getUid(); 3645 } 3646 3647 saveSettingsLocked(userHandle); 3648 sendAdminCommandLocked(adminToTransfer, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 3649 null, null); 3650 } 3651 3652 private void checkActiveAdminPrecondition(ComponentName adminReceiver, DeviceAdminInfo info, 3653 DevicePolicyData policy) { 3654 if (info == null) { 3655 throw new IllegalArgumentException("Bad admin: " + adminReceiver); 3656 } 3657 if (!info.getActivityInfo().applicationInfo.isInternal()) { 3658 throw new IllegalArgumentException("Only apps in internal storage can be active admin: " 3659 + adminReceiver); 3660 } 3661 if (info.getActivityInfo().applicationInfo.isInstantApp()) { 3662 throw new IllegalArgumentException("Instant apps cannot be device admins: " 3663 + adminReceiver); 3664 } 3665 if (policy.mRemovingAdmins.contains(adminReceiver)) { 3666 throw new IllegalArgumentException( 3667 "Trying to set an admin which is being removed"); 3668 } 3669 } 3670 3671 @Override 3672 public boolean isAdminActive(ComponentName adminReceiver, int userHandle) { 3673 if (!mHasFeature) { 3674 return false; 3675 } 3676 enforceFullCrossUsersPermission(userHandle); 3677 synchronized (this) { 3678 return getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null; 3679 } 3680 } 3681 3682 @Override 3683 public boolean isRemovingAdmin(ComponentName adminReceiver, int userHandle) { 3684 if (!mHasFeature) { 3685 return false; 3686 } 3687 enforceFullCrossUsersPermission(userHandle); 3688 synchronized (this) { 3689 DevicePolicyData policyData = getUserData(userHandle); 3690 return policyData.mRemovingAdmins.contains(adminReceiver); 3691 } 3692 } 3693 3694 @Override 3695 public boolean hasGrantedPolicy(ComponentName adminReceiver, int policyId, int userHandle) { 3696 if (!mHasFeature) { 3697 return false; 3698 } 3699 enforceFullCrossUsersPermission(userHandle); 3700 synchronized (this) { 3701 ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3702 if (administrator == null) { 3703 throw new SecurityException("No active admin " + adminReceiver); 3704 } 3705 return administrator.info.usesPolicy(policyId); 3706 } 3707 } 3708 3709 @Override 3710 @SuppressWarnings("unchecked") 3711 public List<ComponentName> getActiveAdmins(int userHandle) { 3712 if (!mHasFeature) { 3713 return Collections.EMPTY_LIST; 3714 } 3715 3716 enforceFullCrossUsersPermission(userHandle); 3717 synchronized (this) { 3718 DevicePolicyData policy = getUserData(userHandle); 3719 final int N = policy.mAdminList.size(); 3720 if (N <= 0) { 3721 return null; 3722 } 3723 ArrayList<ComponentName> res = new ArrayList<ComponentName>(N); 3724 for (int i=0; i<N; i++) { 3725 res.add(policy.mAdminList.get(i).info.getComponent()); 3726 } 3727 return res; 3728 } 3729 } 3730 3731 @Override 3732 public boolean packageHasActiveAdmins(String packageName, int userHandle) { 3733 if (!mHasFeature) { 3734 return false; 3735 } 3736 enforceFullCrossUsersPermission(userHandle); 3737 synchronized (this) { 3738 DevicePolicyData policy = getUserData(userHandle); 3739 final int N = policy.mAdminList.size(); 3740 for (int i=0; i<N; i++) { 3741 if (policy.mAdminList.get(i).info.getPackageName().equals(packageName)) { 3742 return true; 3743 } 3744 } 3745 return false; 3746 } 3747 } 3748 3749 @Override 3750 public void forceRemoveActiveAdmin(ComponentName adminReceiver, int userHandle) { 3751 if (!mHasFeature) { 3752 return; 3753 } 3754 Preconditions.checkNotNull(adminReceiver, "ComponentName is null"); 3755 enforceShell("forceRemoveActiveAdmin"); 3756 long ident = mInjector.binderClearCallingIdentity(); 3757 try { 3758 synchronized (this) { 3759 if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) { 3760 throw new SecurityException("Attempt to remove non-test admin " 3761 + adminReceiver + " " + userHandle); 3762 } 3763 3764 // If admin is a device or profile owner tidy that up first. 3765 if (isDeviceOwner(adminReceiver, userHandle)) { 3766 clearDeviceOwnerLocked(getDeviceOwnerAdminLocked(), userHandle); 3767 } 3768 if (isProfileOwner(adminReceiver, userHandle)) { 3769 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, 3770 userHandle, /* parent */ false); 3771 clearProfileOwnerLocked(admin, userHandle); 3772 } 3773 } 3774 // Remove the admin skipping sending the broadcast. 3775 removeAdminArtifacts(adminReceiver, userHandle); 3776 Slog.i(LOG_TAG, "Admin " + adminReceiver + " removed from user " + userHandle); 3777 } finally { 3778 mInjector.binderRestoreCallingIdentity(ident); 3779 } 3780 } 3781 3782 private void clearDeviceOwnerUserRestrictionLocked(UserHandle userHandle) { 3783 // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state 3784 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) { 3785 mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle); 3786 } 3787 } 3788 3789 /** 3790 * Return if a given package has testOnly="true", in which case we'll relax certain rules 3791 * for CTS. 3792 * 3793 * DO NOT use this method except in {@link #setActiveAdmin}. Use {@link #isAdminTestOnlyLocked} 3794 * to check wehter an active admin is test-only or not. 3795 * 3796 * The system allows this flag to be changed when an app is updated, which is not good 3797 * for us. So we persist the flag in {@link ActiveAdmin} when an admin is first installed, 3798 * and used the persisted version in actual checks. (See b/31382361 and b/28928996) 3799 */ 3800 private boolean isPackageTestOnly(String packageName, int userHandle) { 3801 final ApplicationInfo ai; 3802 try { 3803 ai = mInjector.getIPackageManager().getApplicationInfo(packageName, 3804 (PackageManager.MATCH_DIRECT_BOOT_AWARE 3805 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE), userHandle); 3806 } catch (RemoteException e) { 3807 throw new IllegalStateException(e); 3808 } 3809 if (ai == null) { 3810 throw new IllegalStateException("Couldn't find package: " 3811 + packageName + " on user " + userHandle); 3812 } 3813 return (ai.flags & ApplicationInfo.FLAG_TEST_ONLY) != 0; 3814 } 3815 3816 /** 3817 * See {@link #isPackageTestOnly}. 3818 */ 3819 private boolean isAdminTestOnlyLocked(ComponentName who, int userHandle) { 3820 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 3821 return (admin != null) && admin.testOnlyAdmin; 3822 } 3823 3824 private void enforceShell(String method) { 3825 final int callingUid = mInjector.binderGetCallingUid(); 3826 if (callingUid != Process.SHELL_UID && callingUid != Process.ROOT_UID) { 3827 throw new SecurityException("Non-shell user attempted to call " + method); 3828 } 3829 } 3830 3831 @Override 3832 public void removeActiveAdmin(ComponentName adminReceiver, int userHandle) { 3833 if (!mHasFeature) { 3834 return; 3835 } 3836 enforceFullCrossUsersPermission(userHandle); 3837 enforceUserUnlocked(userHandle); 3838 synchronized (this) { 3839 ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3840 if (admin == null) { 3841 return; 3842 } 3843 // Active device/profile owners must remain active admins. 3844 if (isDeviceOwner(adminReceiver, userHandle) 3845 || isProfileOwner(adminReceiver, userHandle)) { 3846 Slog.e(LOG_TAG, "Device/profile owner cannot be removed: component=" + 3847 adminReceiver); 3848 return; 3849 } 3850 if (admin.getUid() != mInjector.binderGetCallingUid()) { 3851 mContext.enforceCallingOrSelfPermission( 3852 android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); 3853 } 3854 long ident = mInjector.binderClearCallingIdentity(); 3855 try { 3856 removeActiveAdminLocked(adminReceiver, userHandle); 3857 } finally { 3858 mInjector.binderRestoreCallingIdentity(ident); 3859 } 3860 } 3861 } 3862 3863 @Override 3864 public boolean isSeparateProfileChallengeAllowed(int userHandle) { 3865 ComponentName profileOwner = getProfileOwner(userHandle); 3866 // Profile challenge is supported on N or newer release. 3867 return profileOwner != null && 3868 getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M; 3869 } 3870 3871 @Override 3872 public void setPasswordQuality(ComponentName who, int quality, boolean parent) { 3873 if (!mHasFeature) { 3874 return; 3875 } 3876 Preconditions.checkNotNull(who, "ComponentName is null"); 3877 validateQualityConstant(quality); 3878 3879 final int userId = mInjector.userHandleGetCallingUserId(); 3880 synchronized (this) { 3881 ActiveAdmin ap = getActiveAdminForCallerLocked( 3882 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3883 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 3884 if (metrics.quality != quality) { 3885 metrics.quality = quality; 3886 updatePasswordValidityCheckpointLocked(userId); 3887 saveSettingsLocked(userId); 3888 } 3889 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 3890 } 3891 } 3892 3893 /** 3894 * Updates flag in memory that tells us whether the user's password currently satisfies the 3895 * requirements set by all of the user's active admins. This should be called before 3896 * {@link #saveSettingsLocked} whenever the password or the admin policies have changed. 3897 */ 3898 @GuardedBy("DevicePolicyManagerService.this") 3899 private void updatePasswordValidityCheckpointLocked(int userHandle) { 3900 DevicePolicyData policy = getUserData(userHandle); 3901 policy.mPasswordValidAtLastCheckpoint = isActivePasswordSufficientForUserLocked( 3902 policy, policy.mUserHandle, false); 3903 } 3904 3905 @Override 3906 public int getPasswordQuality(ComponentName who, int userHandle, boolean parent) { 3907 if (!mHasFeature) { 3908 return PASSWORD_QUALITY_UNSPECIFIED; 3909 } 3910 enforceFullCrossUsersPermission(userHandle); 3911 synchronized (this) { 3912 int mode = PASSWORD_QUALITY_UNSPECIFIED; 3913 3914 if (who != null) { 3915 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 3916 return admin != null ? admin.minimumPasswordMetrics.quality : mode; 3917 } 3918 3919 // Return the strictest policy across all participating admins. 3920 List<ActiveAdmin> admins = 3921 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 3922 final int N = admins.size(); 3923 for (int i = 0; i < N; i++) { 3924 ActiveAdmin admin = admins.get(i); 3925 if (mode < admin.minimumPasswordMetrics.quality) { 3926 mode = admin.minimumPasswordMetrics.quality; 3927 } 3928 } 3929 return mode; 3930 } 3931 } 3932 3933 private List<ActiveAdmin> getActiveAdminsForLockscreenPoliciesLocked( 3934 int userHandle, boolean parent) { 3935 if (!parent && isSeparateProfileChallengeEnabled(userHandle)) { 3936 // If this user has a separate challenge, only return its restrictions. 3937 return getUserDataUnchecked(userHandle).mAdminList; 3938 } else { 3939 // Return all admins for this user and the profiles that are visible from this 3940 // user that do not use a separate work challenge. 3941 ArrayList<ActiveAdmin> admins = new ArrayList<ActiveAdmin>(); 3942 for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { 3943 DevicePolicyData policy = getUserData(userInfo.id); 3944 if (!userInfo.isManagedProfile()) { 3945 admins.addAll(policy.mAdminList); 3946 } else { 3947 // For managed profiles, we always include the policies set on the parent 3948 // profile. Additionally, we include the ones set on the managed profile 3949 // if no separate challenge is in place. 3950 boolean hasSeparateChallenge = isSeparateProfileChallengeEnabled(userInfo.id); 3951 final int N = policy.mAdminList.size(); 3952 for (int i = 0; i < N; i++) { 3953 ActiveAdmin admin = policy.mAdminList.get(i); 3954 if (admin.hasParentActiveAdmin()) { 3955 admins.add(admin.getParentActiveAdmin()); 3956 } 3957 if (!hasSeparateChallenge) { 3958 admins.add(admin); 3959 } 3960 } 3961 } 3962 } 3963 return admins; 3964 } 3965 } 3966 3967 private boolean isSeparateProfileChallengeEnabled(int userHandle) { 3968 long ident = mInjector.binderClearCallingIdentity(); 3969 try { 3970 return mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle); 3971 } finally { 3972 mInjector.binderRestoreCallingIdentity(ident); 3973 } 3974 } 3975 3976 @Override 3977 public void setPasswordMinimumLength(ComponentName who, int length, boolean parent) { 3978 if (!mHasFeature) { 3979 return; 3980 } 3981 Preconditions.checkNotNull(who, "ComponentName is null"); 3982 final int userId = mInjector.userHandleGetCallingUserId(); 3983 synchronized (this) { 3984 ActiveAdmin ap = getActiveAdminForCallerLocked( 3985 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3986 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 3987 if (metrics.length != length) { 3988 metrics.length = length; 3989 updatePasswordValidityCheckpointLocked(userId); 3990 saveSettingsLocked(userId); 3991 } 3992 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 3993 } 3994 } 3995 3996 @Override 3997 public int getPasswordMinimumLength(ComponentName who, int userHandle, boolean parent) { 3998 return getStrictestPasswordRequirement(who, userHandle, parent, 3999 admin -> admin.minimumPasswordMetrics.length, PASSWORD_QUALITY_UNSPECIFIED); 4000 } 4001 4002 @Override 4003 public void setPasswordHistoryLength(ComponentName who, int length, boolean parent) { 4004 if (!mHasFeature) { 4005 return; 4006 } 4007 Preconditions.checkNotNull(who, "ComponentName is null"); 4008 final int userId = mInjector.userHandleGetCallingUserId(); 4009 synchronized (this) { 4010 ActiveAdmin ap = getActiveAdminForCallerLocked( 4011 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4012 if (ap.passwordHistoryLength != length) { 4013 ap.passwordHistoryLength = length; 4014 updatePasswordValidityCheckpointLocked(userId); 4015 saveSettingsLocked(userId); 4016 } 4017 } 4018 if (SecurityLog.isLoggingEnabled()) { 4019 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 4020 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_HISTORY_LENGTH_SET, 4021 who.getPackageName(), userId, affectedUserId, length); 4022 } 4023 } 4024 4025 @Override 4026 public int getPasswordHistoryLength(ComponentName who, int userHandle, boolean parent) { 4027 return getStrictestPasswordRequirement(who, userHandle, parent, 4028 admin -> admin.passwordHistoryLength, PASSWORD_QUALITY_UNSPECIFIED); 4029 } 4030 4031 @Override 4032 public void setPasswordExpirationTimeout(ComponentName who, long timeout, boolean parent) { 4033 if (!mHasFeature) { 4034 return; 4035 } 4036 Preconditions.checkNotNull(who, "ComponentName is null"); 4037 Preconditions.checkArgumentNonnegative(timeout, "Timeout must be >= 0 ms"); 4038 final int userHandle = mInjector.userHandleGetCallingUserId(); 4039 synchronized (this) { 4040 ActiveAdmin ap = getActiveAdminForCallerLocked( 4041 who, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD, parent); 4042 // Calling this API automatically bumps the expiration date 4043 final long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L; 4044 ap.passwordExpirationDate = expiration; 4045 ap.passwordExpirationTimeout = timeout; 4046 if (timeout > 0L) { 4047 Slog.w(LOG_TAG, "setPasswordExpiration(): password will expire on " 4048 + DateFormat.getDateTimeInstance(DateFormat.DEFAULT, DateFormat.DEFAULT) 4049 .format(new Date(expiration))); 4050 } 4051 saveSettingsLocked(userHandle); 4052 4053 // in case this is the first one, set the alarm on the appropriate user. 4054 setExpirationAlarmCheckLocked(mContext, userHandle, parent); 4055 } 4056 if (SecurityLog.isLoggingEnabled()) { 4057 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 4058 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_EXPIRATION_SET, who.getPackageName(), 4059 userHandle, affectedUserId, timeout); 4060 } 4061 } 4062 4063 /** 4064 * Return a single admin's expiration cycle time, or the min of all cycle times. 4065 * Returns 0 if not configured. 4066 */ 4067 @Override 4068 public long getPasswordExpirationTimeout(ComponentName who, int userHandle, boolean parent) { 4069 if (!mHasFeature) { 4070 return 0L; 4071 } 4072 enforceFullCrossUsersPermission(userHandle); 4073 synchronized (this) { 4074 long timeout = 0L; 4075 4076 if (who != null) { 4077 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4078 return admin != null ? admin.passwordExpirationTimeout : timeout; 4079 } 4080 4081 // Return the strictest policy across all participating admins. 4082 List<ActiveAdmin> admins = 4083 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4084 final int N = admins.size(); 4085 for (int i = 0; i < N; i++) { 4086 ActiveAdmin admin = admins.get(i); 4087 if (timeout == 0L || (admin.passwordExpirationTimeout != 0L 4088 && timeout > admin.passwordExpirationTimeout)) { 4089 timeout = admin.passwordExpirationTimeout; 4090 } 4091 } 4092 return timeout; 4093 } 4094 } 4095 4096 @Override 4097 public boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) { 4098 final int userId = UserHandle.getCallingUserId(); 4099 List<String> changedProviders = null; 4100 4101 synchronized (this) { 4102 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4103 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4104 if (activeAdmin.crossProfileWidgetProviders == null) { 4105 activeAdmin.crossProfileWidgetProviders = new ArrayList<>(); 4106 } 4107 List<String> providers = activeAdmin.crossProfileWidgetProviders; 4108 if (!providers.contains(packageName)) { 4109 providers.add(packageName); 4110 changedProviders = new ArrayList<>(providers); 4111 saveSettingsLocked(userId); 4112 } 4113 } 4114 4115 if (changedProviders != null) { 4116 mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders); 4117 return true; 4118 } 4119 4120 return false; 4121 } 4122 4123 @Override 4124 public boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) { 4125 final int userId = UserHandle.getCallingUserId(); 4126 List<String> changedProviders = null; 4127 4128 synchronized (this) { 4129 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4130 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4131 if (activeAdmin.crossProfileWidgetProviders == null 4132 || activeAdmin.crossProfileWidgetProviders.isEmpty()) { 4133 return false; 4134 } 4135 List<String> providers = activeAdmin.crossProfileWidgetProviders; 4136 if (providers.remove(packageName)) { 4137 changedProviders = new ArrayList<>(providers); 4138 saveSettingsLocked(userId); 4139 } 4140 } 4141 4142 if (changedProviders != null) { 4143 mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders); 4144 return true; 4145 } 4146 4147 return false; 4148 } 4149 4150 @Override 4151 public List<String> getCrossProfileWidgetProviders(ComponentName admin) { 4152 synchronized (this) { 4153 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4154 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4155 if (activeAdmin.crossProfileWidgetProviders == null 4156 || activeAdmin.crossProfileWidgetProviders.isEmpty()) { 4157 return null; 4158 } 4159 if (mInjector.binderIsCallingUidMyUid()) { 4160 return new ArrayList<>(activeAdmin.crossProfileWidgetProviders); 4161 } else { 4162 return activeAdmin.crossProfileWidgetProviders; 4163 } 4164 } 4165 } 4166 4167 /** 4168 * Return a single admin's expiration date/time, or the min (soonest) for all admins. 4169 * Returns 0 if not configured. 4170 */ 4171 private long getPasswordExpirationLocked(ComponentName who, int userHandle, boolean parent) { 4172 long timeout = 0L; 4173 4174 if (who != null) { 4175 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4176 return admin != null ? admin.passwordExpirationDate : timeout; 4177 } 4178 4179 // Return the strictest policy across all participating admins. 4180 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4181 final int N = admins.size(); 4182 for (int i = 0; i < N; i++) { 4183 ActiveAdmin admin = admins.get(i); 4184 if (timeout == 0L || (admin.passwordExpirationDate != 0 4185 && timeout > admin.passwordExpirationDate)) { 4186 timeout = admin.passwordExpirationDate; 4187 } 4188 } 4189 return timeout; 4190 } 4191 4192 @Override 4193 public long getPasswordExpiration(ComponentName who, int userHandle, boolean parent) { 4194 if (!mHasFeature) { 4195 return 0L; 4196 } 4197 enforceFullCrossUsersPermission(userHandle); 4198 synchronized (this) { 4199 return getPasswordExpirationLocked(who, userHandle, parent); 4200 } 4201 } 4202 4203 @Override 4204 public void setPasswordMinimumUpperCase(ComponentName who, int length, boolean parent) { 4205 if (!mHasFeature) { 4206 return; 4207 } 4208 Preconditions.checkNotNull(who, "ComponentName is null"); 4209 final int userId = mInjector.userHandleGetCallingUserId(); 4210 synchronized (this) { 4211 final ActiveAdmin ap = getActiveAdminForCallerLocked( 4212 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4213 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4214 if (metrics.upperCase != length) { 4215 metrics.upperCase = length; 4216 updatePasswordValidityCheckpointLocked(userId); 4217 saveSettingsLocked(userId); 4218 } 4219 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4220 } 4221 } 4222 4223 @Override 4224 public int getPasswordMinimumUpperCase(ComponentName who, int userHandle, boolean parent) { 4225 return getStrictestPasswordRequirement(who, userHandle, parent, 4226 admin -> admin.minimumPasswordMetrics.upperCase, PASSWORD_QUALITY_COMPLEX); 4227 } 4228 4229 @Override 4230 public void setPasswordMinimumLowerCase(ComponentName who, int length, boolean parent) { 4231 Preconditions.checkNotNull(who, "ComponentName is null"); 4232 final int userId = mInjector.userHandleGetCallingUserId(); 4233 synchronized (this) { 4234 ActiveAdmin ap = getActiveAdminForCallerLocked( 4235 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4236 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4237 if (metrics.lowerCase != length) { 4238 metrics.lowerCase = length; 4239 updatePasswordValidityCheckpointLocked(userId); 4240 saveSettingsLocked(userId); 4241 } 4242 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4243 } 4244 } 4245 4246 @Override 4247 public int getPasswordMinimumLowerCase(ComponentName who, int userHandle, boolean parent) { 4248 return getStrictestPasswordRequirement(who, userHandle, parent, 4249 admin -> admin.minimumPasswordMetrics.lowerCase, PASSWORD_QUALITY_COMPLEX); 4250 } 4251 4252 @Override 4253 public void setPasswordMinimumLetters(ComponentName who, int length, boolean parent) { 4254 if (!mHasFeature) { 4255 return; 4256 } 4257 Preconditions.checkNotNull(who, "ComponentName is null"); 4258 final int userId = mInjector.userHandleGetCallingUserId(); 4259 synchronized (this) { 4260 ActiveAdmin ap = getActiveAdminForCallerLocked( 4261 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4262 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4263 if (metrics.letters != length) { 4264 metrics.letters = length; 4265 updatePasswordValidityCheckpointLocked(userId); 4266 saveSettingsLocked(userId); 4267 } 4268 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4269 } 4270 } 4271 4272 @Override 4273 public int getPasswordMinimumLetters(ComponentName who, int userHandle, boolean parent) { 4274 return getStrictestPasswordRequirement(who, userHandle, parent, 4275 admin -> admin.minimumPasswordMetrics.letters, PASSWORD_QUALITY_COMPLEX); 4276 } 4277 4278 @Override 4279 public void setPasswordMinimumNumeric(ComponentName who, int length, boolean parent) { 4280 if (!mHasFeature) { 4281 return; 4282 } 4283 Preconditions.checkNotNull(who, "ComponentName is null"); 4284 final int userId = mInjector.userHandleGetCallingUserId(); 4285 synchronized (this) { 4286 ActiveAdmin ap = getActiveAdminForCallerLocked( 4287 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4288 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4289 if (metrics.numeric != length) { 4290 metrics.numeric = length; 4291 updatePasswordValidityCheckpointLocked(userId); 4292 saveSettingsLocked(userId); 4293 } 4294 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4295 } 4296 } 4297 4298 @Override 4299 public int getPasswordMinimumNumeric(ComponentName who, int userHandle, boolean parent) { 4300 return getStrictestPasswordRequirement(who, userHandle, parent, 4301 admin -> admin.minimumPasswordMetrics.numeric, PASSWORD_QUALITY_COMPLEX); 4302 } 4303 4304 @Override 4305 public void setPasswordMinimumSymbols(ComponentName who, int length, boolean parent) { 4306 if (!mHasFeature) { 4307 return; 4308 } 4309 Preconditions.checkNotNull(who, "ComponentName is null"); 4310 final int userId = mInjector.userHandleGetCallingUserId(); 4311 synchronized (this) { 4312 ActiveAdmin ap = getActiveAdminForCallerLocked( 4313 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4314 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4315 if (metrics.symbols != length) { 4316 ap.minimumPasswordMetrics.symbols = length; 4317 updatePasswordValidityCheckpointLocked(userId); 4318 saveSettingsLocked(userId); 4319 } 4320 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4321 } 4322 } 4323 4324 @Override 4325 public int getPasswordMinimumSymbols(ComponentName who, int userHandle, boolean parent) { 4326 return getStrictestPasswordRequirement(who, userHandle, parent, 4327 admin -> admin.minimumPasswordMetrics.symbols, PASSWORD_QUALITY_COMPLEX); 4328 } 4329 4330 @Override 4331 public void setPasswordMinimumNonLetter(ComponentName who, int length, boolean parent) { 4332 if (!mHasFeature) { 4333 return; 4334 } 4335 Preconditions.checkNotNull(who, "ComponentName is null"); 4336 final int userId = mInjector.userHandleGetCallingUserId(); 4337 synchronized (this) { 4338 ActiveAdmin ap = getActiveAdminForCallerLocked( 4339 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4340 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4341 if (metrics.nonLetter != length) { 4342 ap.minimumPasswordMetrics.nonLetter = length; 4343 updatePasswordValidityCheckpointLocked(userId); 4344 saveSettingsLocked(userId); 4345 } 4346 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4347 } 4348 } 4349 4350 @Override 4351 public int getPasswordMinimumNonLetter(ComponentName who, int userHandle, boolean parent) { 4352 return getStrictestPasswordRequirement(who, userHandle, parent, 4353 admin -> admin.minimumPasswordMetrics.nonLetter, PASSWORD_QUALITY_COMPLEX); 4354 } 4355 4356 /** 4357 * Calculates strictest (maximum) value for a given password property enforced by admin[s]. 4358 */ 4359 private int getStrictestPasswordRequirement(ComponentName who, int userHandle, 4360 boolean parent, Function<ActiveAdmin, Integer> getter, int minimumPasswordQuality) { 4361 if (!mHasFeature) { 4362 return 0; 4363 } 4364 enforceFullCrossUsersPermission(userHandle); 4365 synchronized (this) { 4366 if (who != null) { 4367 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4368 return admin != null ? getter.apply(admin) : 0; 4369 } 4370 4371 int maxValue = 0; 4372 final List<ActiveAdmin> admins = 4373 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4374 final int N = admins.size(); 4375 for (int i = 0; i < N; i++) { 4376 final ActiveAdmin admin = admins.get(i); 4377 if (!isLimitPasswordAllowed(admin, minimumPasswordQuality)) { 4378 continue; 4379 } 4380 final Integer adminValue = getter.apply(admin); 4381 if (adminValue > maxValue) { 4382 maxValue = adminValue; 4383 } 4384 } 4385 return maxValue; 4386 } 4387 } 4388 4389 /* @return the password blacklist set by the admin or {@code null} if none. */ 4390 PasswordBlacklist getAdminPasswordBlacklistLocked(@NonNull ActiveAdmin admin) { 4391 final int userId = UserHandle.getUserId(admin.getUid()); 4392 return admin.passwordBlacklistFile == null ? null : new PasswordBlacklist( 4393 new File(getPolicyFileDirectory(userId), admin.passwordBlacklistFile)); 4394 } 4395 4396 private static final String PASSWORD_BLACKLIST_FILE_PREFIX = "password-blacklist-"; 4397 private static final String PASSWORD_BLACKLIST_FILE_SUFFIX = ""; 4398 4399 @Override 4400 public boolean setPasswordBlacklist(ComponentName who, String name, List<String> blacklist, 4401 boolean parent) { 4402 if (!mHasFeature) { 4403 return false; 4404 } 4405 Preconditions.checkNotNull(who, "who is null"); 4406 4407 synchronized (this) { 4408 final ActiveAdmin admin = getActiveAdminForCallerLocked( 4409 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 4410 final int userId = mInjector.userHandleGetCallingUserId(); 4411 PasswordBlacklist adminBlacklist = getAdminPasswordBlacklistLocked(admin); 4412 4413 if (blacklist == null || blacklist.isEmpty()) { 4414 // Remove the adminBlacklist 4415 admin.passwordBlacklistFile = null; 4416 saveSettingsLocked(userId); 4417 if (adminBlacklist != null) { 4418 adminBlacklist.delete(); 4419 } 4420 return true; 4421 } 4422 4423 // Validate server side 4424 Preconditions.checkNotNull(name, "name is null"); 4425 DevicePolicyManager.enforcePasswordBlacklistSize(blacklist); 4426 4427 // Blacklist is case insensitive so normalize to lower case 4428 final int blacklistSize = blacklist.size(); 4429 for (int i = 0; i < blacklistSize; ++i) { 4430 blacklist.set(i, blacklist.get(i).toLowerCase()); 4431 } 4432 4433 final boolean isNewBlacklist = adminBlacklist == null; 4434 if (isNewBlacklist) { 4435 // Create a new file for the blacklist. There could be multiple admins, each setting 4436 // different blacklists, to restrict a user's credential, for example a managed 4437 // profile can impose restrictions on its parent while the parent is already 4438 // restricted by its own admin. A deterministic naming scheme would be fragile if 4439 // new types of admin are introduced so we generate and save the file name instead. 4440 // This isn't a temporary file but it reuses the name generation logic 4441 final File file; 4442 try { 4443 file = File.createTempFile(PASSWORD_BLACKLIST_FILE_PREFIX, 4444 PASSWORD_BLACKLIST_FILE_SUFFIX, getPolicyFileDirectory(userId)); 4445 } catch (IOException e) { 4446 Slog.e(LOG_TAG, "Failed to make a file for the blacklist", e); 4447 return false; 4448 } 4449 adminBlacklist = mInjector.newPasswordBlacklist(file); 4450 } 4451 4452 if (adminBlacklist.savePasswordBlacklist(name, blacklist)) { 4453 if (isNewBlacklist) { 4454 // The blacklist was saved so point the admin to the file 4455 admin.passwordBlacklistFile = adminBlacklist.getFile().getName(); 4456 saveSettingsLocked(userId); 4457 } 4458 return true; 4459 } 4460 } 4461 4462 return false; 4463 } 4464 4465 @Override 4466 public String getPasswordBlacklistName(ComponentName who, @UserIdInt int userId, 4467 boolean parent) { 4468 if (!mHasFeature) { 4469 return null; 4470 } 4471 Preconditions.checkNotNull(who, "who is null"); 4472 enforceFullCrossUsersPermission(userId); 4473 synchronized (this) { 4474 final ActiveAdmin admin = getActiveAdminForCallerLocked( 4475 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 4476 final PasswordBlacklist blacklist = getAdminPasswordBlacklistLocked(admin); 4477 if (blacklist == null) { 4478 return null; 4479 } 4480 return blacklist.getName(); 4481 } 4482 } 4483 4484 @Override 4485 public boolean isPasswordBlacklisted(@UserIdInt int userId, String password) { 4486 if (!mHasFeature) { 4487 return false; 4488 } 4489 mContext.enforceCallingOrSelfPermission( 4490 android.Manifest.permission.TEST_BLACKLISTED_PASSWORD, null); 4491 return isPasswordBlacklistedInternal(userId, password); 4492 } 4493 4494 private boolean isPasswordBlacklistedInternal(@UserIdInt int userId, String password) { 4495 Preconditions.checkNotNull(password, "Password is null"); 4496 enforceFullCrossUsersPermission(userId); 4497 4498 // Normalize to lower case for case insensitive blacklist match 4499 final String lowerCasePassword = password.toLowerCase(); 4500 4501 synchronized (this) { 4502 final List<ActiveAdmin> admins = 4503 getActiveAdminsForLockscreenPoliciesLocked(userId, /* parent */ false); 4504 final int N = admins.size(); 4505 for (int i = 0; i < N; i++) { 4506 final PasswordBlacklist blacklist 4507 = getAdminPasswordBlacklistLocked(admins.get(i)); 4508 if (blacklist != null) { 4509 if (blacklist.isPasswordBlacklisted(lowerCasePassword)) { 4510 return true; 4511 } 4512 } 4513 } 4514 } 4515 4516 return false; 4517 } 4518 4519 @Override 4520 public boolean isActivePasswordSufficient(int userHandle, boolean parent) { 4521 if (!mHasFeature) { 4522 return true; 4523 } 4524 enforceFullCrossUsersPermission(userHandle); 4525 enforceUserUnlocked(userHandle, parent); 4526 4527 synchronized (this) { 4528 // This API can only be called by an active device admin, 4529 // so try to retrieve it to check that the caller is one. 4530 getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4531 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent)); 4532 return isActivePasswordSufficientForUserLocked(policy, userHandle, parent); 4533 } 4534 } 4535 4536 @Override 4537 public boolean isUsingUnifiedPassword(ComponentName admin) { 4538 if (!mHasFeature) { 4539 return true; 4540 } 4541 final int userId = mInjector.userHandleGetCallingUserId(); 4542 enforceProfileOrDeviceOwner(admin); 4543 enforceManagedProfile(userId, "query unified challenge status"); 4544 return !isSeparateProfileChallengeEnabled(userId); 4545 } 4546 4547 @Override 4548 public boolean isProfileActivePasswordSufficientForParent(int userHandle) { 4549 if (!mHasFeature) { 4550 return true; 4551 } 4552 enforceFullCrossUsersPermission(userHandle); 4553 enforceManagedProfile(userHandle, "call APIs refering to the parent profile"); 4554 4555 synchronized (this) { 4556 final int targetUser = getProfileParentId(userHandle); 4557 enforceUserUnlocked(targetUser, false); 4558 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, false)); 4559 return isActivePasswordSufficientForUserLocked(policy, targetUser, false); 4560 } 4561 } 4562 4563 private boolean isActivePasswordSufficientForUserLocked( 4564 DevicePolicyData policy, int userHandle, boolean parent) { 4565 final int requiredPasswordQuality = getPasswordQuality(null, userHandle, parent); 4566 if (requiredPasswordQuality == PASSWORD_QUALITY_UNSPECIFIED) { 4567 // A special case is when there is no required password quality, then we just return 4568 // true since any password would be sufficient. This is for the scenario when a work 4569 // profile is first created so there is no information about the current password but 4570 // it should be considered sufficient as there is no password requirement either. 4571 // This is useful since it short-circuits the password checkpoint for FDE device below. 4572 return true; 4573 } 4574 4575 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled() 4576 && !policy.mPasswordStateHasBeenSetSinceBoot) { 4577 // Before user enters their password for the first time after a reboot, return the 4578 // value of this flag, which tells us whether the password was valid the last time 4579 // settings were saved. If DPC changes password requirements on boot so that the 4580 // current password no longer meets the requirements, this value will be stale until 4581 // the next time the password is entered. 4582 return policy.mPasswordValidAtLastCheckpoint; 4583 } 4584 4585 if (policy.mActivePasswordMetrics.quality < requiredPasswordQuality) { 4586 return false; 4587 } 4588 if (requiredPasswordQuality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC 4589 && policy.mActivePasswordMetrics.length < getPasswordMinimumLength( 4590 null, userHandle, parent)) { 4591 return false; 4592 } 4593 if (requiredPasswordQuality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4594 return true; 4595 } 4596 return policy.mActivePasswordMetrics.upperCase >= getPasswordMinimumUpperCase( 4597 null, userHandle, parent) 4598 && policy.mActivePasswordMetrics.lowerCase >= getPasswordMinimumLowerCase( 4599 null, userHandle, parent) 4600 && policy.mActivePasswordMetrics.letters >= getPasswordMinimumLetters( 4601 null, userHandle, parent) 4602 && policy.mActivePasswordMetrics.numeric >= getPasswordMinimumNumeric( 4603 null, userHandle, parent) 4604 && policy.mActivePasswordMetrics.symbols >= getPasswordMinimumSymbols( 4605 null, userHandle, parent) 4606 && policy.mActivePasswordMetrics.nonLetter >= getPasswordMinimumNonLetter( 4607 null, userHandle, parent); 4608 } 4609 4610 @Override 4611 public int getCurrentFailedPasswordAttempts(int userHandle, boolean parent) { 4612 enforceFullCrossUsersPermission(userHandle); 4613 synchronized (this) { 4614 if (!isCallerWithSystemUid()) { 4615 // This API can only be called by an active device admin, 4616 // so try to retrieve it to check that the caller is one. 4617 getActiveAdminForCallerLocked( 4618 null, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent); 4619 } 4620 4621 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent)); 4622 4623 return policy.mFailedPasswordAttempts; 4624 } 4625 } 4626 4627 @Override 4628 public void setMaximumFailedPasswordsForWipe(ComponentName who, int num, boolean parent) { 4629 if (!mHasFeature) { 4630 return; 4631 } 4632 Preconditions.checkNotNull(who, "ComponentName is null"); 4633 final int userId = mInjector.userHandleGetCallingUserId(); 4634 synchronized (this) { 4635 // This API can only be called by an active device admin, 4636 // so try to retrieve it to check that the caller is one. 4637 getActiveAdminForCallerLocked( 4638 who, DeviceAdminInfo.USES_POLICY_WIPE_DATA, parent); 4639 ActiveAdmin ap = getActiveAdminForCallerLocked( 4640 who, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent); 4641 if (ap.maximumFailedPasswordsForWipe != num) { 4642 ap.maximumFailedPasswordsForWipe = num; 4643 saveSettingsLocked(userId); 4644 } 4645 } 4646 if (SecurityLog.isLoggingEnabled()) { 4647 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 4648 SecurityLog.writeEvent(SecurityLog.TAG_MAX_PASSWORD_ATTEMPTS_SET, who.getPackageName(), 4649 userId, affectedUserId, num); 4650 } 4651 } 4652 4653 @Override 4654 public int getMaximumFailedPasswordsForWipe(ComponentName who, int userHandle, boolean parent) { 4655 if (!mHasFeature) { 4656 return 0; 4657 } 4658 enforceFullCrossUsersPermission(userHandle); 4659 synchronized (this) { 4660 ActiveAdmin admin = (who != null) 4661 ? getActiveAdminUncheckedLocked(who, userHandle, parent) 4662 : getAdminWithMinimumFailedPasswordsForWipeLocked(userHandle, parent); 4663 return admin != null ? admin.maximumFailedPasswordsForWipe : 0; 4664 } 4665 } 4666 4667 @Override 4668 public int getProfileWithMinimumFailedPasswordsForWipe(int userHandle, boolean parent) { 4669 if (!mHasFeature) { 4670 return UserHandle.USER_NULL; 4671 } 4672 enforceFullCrossUsersPermission(userHandle); 4673 synchronized (this) { 4674 ActiveAdmin admin = getAdminWithMinimumFailedPasswordsForWipeLocked( 4675 userHandle, parent); 4676 return admin != null ? admin.getUserHandle().getIdentifier() : UserHandle.USER_NULL; 4677 } 4678 } 4679 4680 /** 4681 * Returns the admin with the strictest policy on maximum failed passwords for: 4682 * <ul> 4683 * <li>this user if it has a separate profile challenge, or 4684 * <li>this user and all profiles that don't have their own challenge otherwise. 4685 * </ul> 4686 * <p>If the policy for the primary and any other profile are equal, it returns the admin for 4687 * the primary profile. 4688 * Returns {@code null} if no participating admin has that policy set. 4689 */ 4690 private ActiveAdmin getAdminWithMinimumFailedPasswordsForWipeLocked( 4691 int userHandle, boolean parent) { 4692 int count = 0; 4693 ActiveAdmin strictestAdmin = null; 4694 4695 // Return the strictest policy across all participating admins. 4696 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4697 final int N = admins.size(); 4698 for (int i = 0; i < N; i++) { 4699 ActiveAdmin admin = admins.get(i); 4700 if (admin.maximumFailedPasswordsForWipe == 4701 ActiveAdmin.DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) { 4702 continue; // No max number of failed passwords policy set for this profile. 4703 } 4704 4705 // We always favor the primary profile if several profiles have the same value set. 4706 int userId = admin.getUserHandle().getIdentifier(); 4707 if (count == 0 || 4708 count > admin.maximumFailedPasswordsForWipe || 4709 (count == admin.maximumFailedPasswordsForWipe && 4710 getUserInfo(userId).isPrimary())) { 4711 count = admin.maximumFailedPasswordsForWipe; 4712 strictestAdmin = admin; 4713 } 4714 } 4715 return strictestAdmin; 4716 } 4717 4718 private UserInfo getUserInfo(@UserIdInt int userId) { 4719 final long token = mInjector.binderClearCallingIdentity(); 4720 try { 4721 return mUserManager.getUserInfo(userId); 4722 } finally { 4723 mInjector.binderRestoreCallingIdentity(token); 4724 } 4725 } 4726 4727 private boolean canPOorDOCallResetPassword(ActiveAdmin admin, @UserIdInt int userId) { 4728 // Only if the admins targets a pre-O SDK 4729 return getTargetSdk(admin.info.getPackageName(), userId) < Build.VERSION_CODES.O; 4730 } 4731 4732 /* PO or DO could do an untrusted reset in certain conditions. */ 4733 private boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) { 4734 synchronized (this) { 4735 // An active DO or PO might be able to fo an untrusted credential reset 4736 for (final ActiveAdmin admin : getUserData(userId).mAdminList) { 4737 if (!isActiveAdminWithPolicyForUserLocked(admin, 4738 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, userId)) { 4739 continue; 4740 } 4741 if (canPOorDOCallResetPassword(admin, userId)) { 4742 return true; 4743 } 4744 } 4745 return false; 4746 } 4747 } 4748 @Override 4749 public boolean resetPassword(String passwordOrNull, int flags) throws RemoteException { 4750 final int callingUid = mInjector.binderGetCallingUid(); 4751 final int userHandle = mInjector.userHandleGetCallingUserId(); 4752 4753 String password = passwordOrNull != null ? passwordOrNull : ""; 4754 4755 // Password resetting to empty/null is not allowed for managed profiles. 4756 if (TextUtils.isEmpty(password)) { 4757 enforceNotManagedProfile(userHandle, "clear the active password"); 4758 } 4759 4760 synchronized (this) { 4761 // If caller has PO (or DO) it can change the password, so see if that's the case first. 4762 ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked( 4763 null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid); 4764 final boolean preN; 4765 if (admin != null) { 4766 if (!canPOorDOCallResetPassword(admin, userHandle)) { 4767 throw new SecurityException("resetPassword() is deprecated for DPC targeting O" 4768 + " or later"); 4769 } 4770 preN = getTargetSdk(admin.info.getPackageName(), 4771 userHandle) <= android.os.Build.VERSION_CODES.M; 4772 } else { 4773 // Otherwise, make sure the caller has any active admin with the right policy. 4774 admin = getActiveAdminForCallerLocked(null, 4775 DeviceAdminInfo.USES_POLICY_RESET_PASSWORD); 4776 preN = getTargetSdk(admin.info.getPackageName(), 4777 userHandle) <= android.os.Build.VERSION_CODES.M; 4778 4779 // As of N, password resetting to empty/null is not allowed anymore. 4780 // TODO Should we allow DO/PO to set an empty password? 4781 if (TextUtils.isEmpty(password)) { 4782 if (!preN) { 4783 throw new SecurityException("Cannot call with null password"); 4784 } else { 4785 Slog.e(LOG_TAG, "Cannot call with null password"); 4786 return false; 4787 } 4788 } 4789 // As of N, password cannot be changed by the admin if it is already set. 4790 if (isLockScreenSecureUnchecked(userHandle)) { 4791 if (!preN) { 4792 throw new SecurityException("Admin cannot change current password"); 4793 } else { 4794 Slog.e(LOG_TAG, "Admin cannot change current password"); 4795 return false; 4796 } 4797 } 4798 } 4799 // Do not allow to reset password when current user has a managed profile 4800 if (!isManagedProfile(userHandle)) { 4801 for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { 4802 if (userInfo.isManagedProfile()) { 4803 if (!preN) { 4804 throw new IllegalStateException( 4805 "Cannot reset password on user has managed profile"); 4806 } else { 4807 Slog.e(LOG_TAG, "Cannot reset password on user has managed profile"); 4808 return false; 4809 } 4810 } 4811 } 4812 } 4813 // Do not allow to reset password when user is locked 4814 if (!mUserManager.isUserUnlocked(userHandle)) { 4815 if (!preN) { 4816 throw new IllegalStateException("Cannot reset password when user is locked"); 4817 } else { 4818 Slog.e(LOG_TAG, "Cannot reset password when user is locked"); 4819 return false; 4820 } 4821 } 4822 } 4823 4824 return resetPasswordInternal(password, 0, null, flags, callingUid, userHandle); 4825 } 4826 4827 private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token, 4828 int flags, int callingUid, int userHandle) { 4829 int quality; 4830 synchronized (this) { 4831 quality = getPasswordQuality(null, userHandle, /* parent */ false); 4832 if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) { 4833 quality = PASSWORD_QUALITY_UNSPECIFIED; 4834 } 4835 final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password); 4836 if (quality != PASSWORD_QUALITY_UNSPECIFIED) { 4837 final int realQuality = metrics.quality; 4838 if (realQuality < quality 4839 && quality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4840 Slog.w(LOG_TAG, "resetPassword: password quality 0x" 4841 + Integer.toHexString(realQuality) 4842 + " does not meet required quality 0x" 4843 + Integer.toHexString(quality)); 4844 return false; 4845 } 4846 quality = Math.max(realQuality, quality); 4847 } 4848 int length = getPasswordMinimumLength(null, userHandle, /* parent */ false); 4849 if (password.length() < length) { 4850 Slog.w(LOG_TAG, "resetPassword: password length " + password.length() 4851 + " does not meet required length " + length); 4852 return false; 4853 } 4854 if (quality == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4855 int neededLetters = getPasswordMinimumLetters(null, userHandle, /* parent */ false); 4856 if(metrics.letters < neededLetters) { 4857 Slog.w(LOG_TAG, "resetPassword: number of letters " + metrics.letters 4858 + " does not meet required number of letters " + neededLetters); 4859 return false; 4860 } 4861 int neededNumeric = getPasswordMinimumNumeric(null, userHandle, /* parent */ false); 4862 if (metrics.numeric < neededNumeric) { 4863 Slog.w(LOG_TAG, "resetPassword: number of numerical digits " + metrics.numeric 4864 + " does not meet required number of numerical digits " 4865 + neededNumeric); 4866 return false; 4867 } 4868 int neededLowerCase = getPasswordMinimumLowerCase( 4869 null, userHandle, /* parent */ false); 4870 if (metrics.lowerCase < neededLowerCase) { 4871 Slog.w(LOG_TAG, "resetPassword: number of lowercase letters " 4872 + metrics.lowerCase 4873 + " does not meet required number of lowercase letters " 4874 + neededLowerCase); 4875 return false; 4876 } 4877 int neededUpperCase = getPasswordMinimumUpperCase( 4878 null, userHandle, /* parent */ false); 4879 if (metrics.upperCase < neededUpperCase) { 4880 Slog.w(LOG_TAG, "resetPassword: number of uppercase letters " 4881 + metrics.upperCase 4882 + " does not meet required number of uppercase letters " 4883 + neededUpperCase); 4884 return false; 4885 } 4886 int neededSymbols = getPasswordMinimumSymbols(null, userHandle, /* parent */ false); 4887 if (metrics.symbols < neededSymbols) { 4888 Slog.w(LOG_TAG, "resetPassword: number of special symbols " + metrics.symbols 4889 + " does not meet required number of special symbols " + neededSymbols); 4890 return false; 4891 } 4892 int neededNonLetter = getPasswordMinimumNonLetter( 4893 null, userHandle, /* parent */ false); 4894 if (metrics.nonLetter < neededNonLetter) { 4895 Slog.w(LOG_TAG, "resetPassword: number of non-letter characters " 4896 + metrics.nonLetter 4897 + " does not meet required number of non-letter characters " 4898 + neededNonLetter); 4899 return false; 4900 } 4901 } 4902 4903 if (isPasswordBlacklistedInternal(userHandle, password)) { 4904 Slog.w(LOG_TAG, "resetPassword: the password is blacklisted"); 4905 return false; 4906 } 4907 } 4908 4909 DevicePolicyData policy = getUserData(userHandle); 4910 if (policy.mPasswordOwner >= 0 && policy.mPasswordOwner != callingUid) { 4911 Slog.w(LOG_TAG, "resetPassword: already set by another uid and not entered by user"); 4912 return false; 4913 } 4914 4915 boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwner(callingUid); 4916 boolean doNotAskCredentialsOnBoot = 4917 (flags & DevicePolicyManager.RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0; 4918 if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) { 4919 setDoNotAskCredentialsOnBoot(); 4920 } 4921 4922 // Don't do this with the lock held, because it is going to call 4923 // back in to the service. 4924 final long ident = mInjector.binderClearCallingIdentity(); 4925 final boolean result; 4926 try { 4927 if (token == null) { 4928 if (!TextUtils.isEmpty(password)) { 4929 mLockPatternUtils.saveLockPassword(password, null, quality, userHandle); 4930 } else { 4931 mLockPatternUtils.clearLock(null, userHandle); 4932 } 4933 result = true; 4934 } else { 4935 result = mLockPatternUtils.setLockCredentialWithToken(password, 4936 TextUtils.isEmpty(password) ? LockPatternUtils.CREDENTIAL_TYPE_NONE 4937 : LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 4938 quality, tokenHandle, token, userHandle); 4939 } 4940 boolean requireEntry = (flags & DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY) != 0; 4941 if (requireEntry) { 4942 mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, 4943 UserHandle.USER_ALL); 4944 } 4945 synchronized (this) { 4946 int newOwner = requireEntry ? callingUid : -1; 4947 if (policy.mPasswordOwner != newOwner) { 4948 policy.mPasswordOwner = newOwner; 4949 saveSettingsLocked(userHandle); 4950 } 4951 } 4952 } finally { 4953 mInjector.binderRestoreCallingIdentity(ident); 4954 } 4955 return result; 4956 } 4957 4958 private boolean isLockScreenSecureUnchecked(int userId) { 4959 long ident = mInjector.binderClearCallingIdentity(); 4960 try { 4961 return mLockPatternUtils.isSecure(userId); 4962 } finally { 4963 mInjector.binderRestoreCallingIdentity(ident); 4964 } 4965 } 4966 4967 private void setDoNotAskCredentialsOnBoot() { 4968 synchronized (this) { 4969 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 4970 if (!policyData.doNotAskCredentialsOnBoot) { 4971 policyData.doNotAskCredentialsOnBoot = true; 4972 saveSettingsLocked(UserHandle.USER_SYSTEM); 4973 } 4974 } 4975 } 4976 4977 @Override 4978 public boolean getDoNotAskCredentialsOnBoot() { 4979 mContext.enforceCallingOrSelfPermission( 4980 android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null); 4981 synchronized (this) { 4982 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 4983 return policyData.doNotAskCredentialsOnBoot; 4984 } 4985 } 4986 4987 @Override 4988 public void setMaximumTimeToLock(ComponentName who, long timeMs, boolean parent) { 4989 if (!mHasFeature) { 4990 return; 4991 } 4992 Preconditions.checkNotNull(who, "ComponentName is null"); 4993 final int userHandle = mInjector.userHandleGetCallingUserId(); 4994 synchronized (this) { 4995 ActiveAdmin ap = getActiveAdminForCallerLocked( 4996 who, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent); 4997 if (ap.maximumTimeToUnlock != timeMs) { 4998 ap.maximumTimeToUnlock = timeMs; 4999 saveSettingsLocked(userHandle); 5000 updateMaximumTimeToLockLocked(userHandle); 5001 } 5002 } 5003 if (SecurityLog.isLoggingEnabled()) { 5004 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 5005 SecurityLog.writeEvent(SecurityLog.TAG_MAX_SCREEN_LOCK_TIMEOUT_SET, 5006 who.getPackageName(), userHandle, affectedUserId, timeMs); 5007 } 5008 } 5009 5010 private void updateMaximumTimeToLockLocked(@UserIdInt int userId) { 5011 // Update the profile's timeout 5012 if (isManagedProfile(userId)) { 5013 updateProfileLockTimeoutLocked(userId); 5014 } 5015 5016 final long timeMs; 5017 final long ident = mInjector.binderClearCallingIdentity(); 5018 try { 5019 // Update the device timeout 5020 final int parentId = getProfileParentId(userId); 5021 timeMs = getMaximumTimeToLockPolicyFromAdmins( 5022 getActiveAdminsForLockscreenPoliciesLocked(parentId, false)); 5023 5024 final DevicePolicyData policy = getUserDataUnchecked(parentId); 5025 if (policy.mLastMaximumTimeToLock == timeMs) { 5026 return; 5027 } 5028 policy.mLastMaximumTimeToLock = timeMs; 5029 5030 if (policy.mLastMaximumTimeToLock != Long.MAX_VALUE) { 5031 // Make sure KEEP_SCREEN_ON is disabled, since that 5032 // would allow bypassing of the maximum time to lock. 5033 mInjector.settingsGlobalPutInt(Settings.Global.STAY_ON_WHILE_PLUGGED_IN, 0); 5034 } 5035 } finally { 5036 mInjector.binderRestoreCallingIdentity(ident); 5037 } 5038 5039 mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin( 5040 UserHandle.USER_SYSTEM, timeMs); 5041 } 5042 5043 private void updateProfileLockTimeoutLocked(@UserIdInt int userId) { 5044 final long timeMs; 5045 if (isSeparateProfileChallengeEnabled(userId)) { 5046 timeMs = getMaximumTimeToLockPolicyFromAdmins( 5047 getActiveAdminsForLockscreenPoliciesLocked(userId, false /* parent */)); 5048 } else { 5049 timeMs = Long.MAX_VALUE; 5050 } 5051 5052 final DevicePolicyData policy = getUserDataUnchecked(userId); 5053 if (policy.mLastMaximumTimeToLock == timeMs) { 5054 return; 5055 } 5056 policy.mLastMaximumTimeToLock = timeMs; 5057 5058 mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin( 5059 userId, policy.mLastMaximumTimeToLock); 5060 } 5061 5062 @Override 5063 public long getMaximumTimeToLock(ComponentName who, int userHandle, boolean parent) { 5064 if (!mHasFeature) { 5065 return 0; 5066 } 5067 enforceFullCrossUsersPermission(userHandle); 5068 synchronized (this) { 5069 if (who != null) { 5070 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 5071 return admin != null ? admin.maximumTimeToUnlock : 0; 5072 } 5073 // Return the strictest policy across all participating admins. 5074 final List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 5075 userHandle, parent); 5076 final long timeMs = getMaximumTimeToLockPolicyFromAdmins(admins); 5077 return timeMs == Long.MAX_VALUE ? 0 : timeMs; 5078 } 5079 } 5080 5081 private long getMaximumTimeToLockPolicyFromAdmins(List<ActiveAdmin> admins) { 5082 long time = Long.MAX_VALUE; 5083 for (final ActiveAdmin admin : admins) { 5084 if (admin.maximumTimeToUnlock > 0 && admin.maximumTimeToUnlock < time) { 5085 time = admin.maximumTimeToUnlock; 5086 } 5087 } 5088 return time; 5089 } 5090 5091 @Override 5092 public void setRequiredStrongAuthTimeout(ComponentName who, long timeoutMs, 5093 boolean parent) { 5094 if (!mHasFeature) { 5095 return; 5096 } 5097 Preconditions.checkNotNull(who, "ComponentName is null"); 5098 Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number."); 5099 // timeoutMs with value 0 means that the admin doesn't participate 5100 // timeoutMs is clamped to the interval in case the internal constants change in the future 5101 final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs(); 5102 if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) { 5103 timeoutMs = minimumStrongAuthTimeout; 5104 } 5105 if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { 5106 timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5107 } 5108 5109 final int userHandle = mInjector.userHandleGetCallingUserId(); 5110 synchronized (this) { 5111 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 5112 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 5113 if (ap.strongAuthUnlockTimeout != timeoutMs) { 5114 ap.strongAuthUnlockTimeout = timeoutMs; 5115 saveSettingsLocked(userHandle); 5116 } 5117 } 5118 } 5119 5120 /** 5121 * Return a single admin's strong auth unlock timeout or minimum value (strictest) of all 5122 * admins if who is null. 5123 * Returns 0 if not configured for the provided admin. 5124 */ 5125 @Override 5126 public long getRequiredStrongAuthTimeout(ComponentName who, int userId, boolean parent) { 5127 if (!mHasFeature) { 5128 return DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5129 } 5130 enforceFullCrossUsersPermission(userId); 5131 synchronized (this) { 5132 if (who != null) { 5133 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId, parent); 5134 return admin != null ? admin.strongAuthUnlockTimeout : 0; 5135 } 5136 5137 // Return the strictest policy across all participating admins. 5138 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userId, parent); 5139 5140 long strongAuthUnlockTimeout = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5141 for (int i = 0; i < admins.size(); i++) { 5142 final long timeout = admins.get(i).strongAuthUnlockTimeout; 5143 if (timeout != 0) { // take only participating admins into account 5144 strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout); 5145 } 5146 } 5147 return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs()); 5148 } 5149 } 5150 5151 private long getMinimumStrongAuthTimeoutMs() { 5152 if (!mInjector.isBuildDebuggable()) { 5153 return MINIMUM_STRONG_AUTH_TIMEOUT_MS; 5154 } 5155 // ideally the property was named persist.sys.min_strong_auth_timeout, but system property 5156 // name cannot be longer than 31 characters 5157 return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo", 5158 MINIMUM_STRONG_AUTH_TIMEOUT_MS), 5159 MINIMUM_STRONG_AUTH_TIMEOUT_MS); 5160 } 5161 5162 @Override 5163 public void lockNow(int flags, boolean parent) { 5164 if (!mHasFeature) { 5165 return; 5166 } 5167 5168 final int callingUserId = mInjector.userHandleGetCallingUserId(); 5169 synchronized (this) { 5170 // This API can only be called by an active device admin, 5171 // so try to retrieve it to check that the caller is one. 5172 final ActiveAdmin admin = getActiveAdminForCallerLocked( 5173 null, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent); 5174 5175 final long ident = mInjector.binderClearCallingIdentity(); 5176 try { 5177 final ComponentName adminComponent = admin.info.getComponent(); 5178 // Evict key 5179 if ((flags & DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY) != 0) { 5180 enforceManagedProfile( 5181 callingUserId, "set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY"); 5182 if (!isProfileOwner(adminComponent, callingUserId)) { 5183 throw new SecurityException("Only profile owner admins can set " 5184 + "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY"); 5185 } 5186 if (parent) { 5187 throw new IllegalArgumentException( 5188 "Cannot set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY for the parent"); 5189 } 5190 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 5191 throw new UnsupportedOperationException( 5192 "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY only applies to FBE devices"); 5193 } 5194 mUserManager.evictCredentialEncryptionKey(callingUserId); 5195 } 5196 5197 // Lock all users unless this is a managed profile with a separate challenge 5198 final int userToLock = (parent || !isSeparateProfileChallengeEnabled(callingUserId) 5199 ? UserHandle.USER_ALL : callingUserId); 5200 mLockPatternUtils.requireStrongAuth( 5201 STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, userToLock); 5202 5203 // Require authentication for the device or profile 5204 if (userToLock == UserHandle.USER_ALL) { 5205 // Power off the display 5206 mInjector.powerManagerGoToSleep(SystemClock.uptimeMillis(), 5207 PowerManager.GO_TO_SLEEP_REASON_DEVICE_ADMIN, 0); 5208 mInjector.getIWindowManager().lockNow(null); 5209 } else { 5210 mInjector.getTrustManager().setDeviceLockedForUser(userToLock, true); 5211 } 5212 5213 if (SecurityLog.isLoggingEnabled()) { 5214 final int affectedUserId = 5215 parent ? getProfileParentId(callingUserId) : callingUserId; 5216 SecurityLog.writeEvent(SecurityLog.TAG_REMOTE_LOCK, 5217 adminComponent.getPackageName(), callingUserId, affectedUserId); 5218 } 5219 } catch (RemoteException e) { 5220 } finally { 5221 mInjector.binderRestoreCallingIdentity(ident); 5222 } 5223 } 5224 } 5225 5226 @Override 5227 public void enforceCanManageCaCerts(ComponentName who, String callerPackage) { 5228 if (who == null) { 5229 if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) { 5230 mContext.enforceCallingOrSelfPermission(MANAGE_CA_CERTIFICATES, null); 5231 } 5232 } else { 5233 enforceProfileOrDeviceOwner(who); 5234 } 5235 } 5236 5237 private void enforceProfileOrDeviceOwner(ComponentName who) { 5238 synchronized (this) { 5239 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5240 } 5241 } 5242 5243 @Override 5244 public boolean approveCaCert(String alias, int userId, boolean approval) { 5245 enforceManageUsers(); 5246 synchronized (this) { 5247 Set<String> certs = getUserData(userId).mAcceptedCaCertificates; 5248 boolean changed = (approval ? certs.add(alias) : certs.remove(alias)); 5249 if (!changed) { 5250 return false; 5251 } 5252 saveSettingsLocked(userId); 5253 } 5254 mCertificateMonitor.onCertificateApprovalsChanged(userId); 5255 return true; 5256 } 5257 5258 @Override 5259 public boolean isCaCertApproved(String alias, int userId) { 5260 enforceManageUsers(); 5261 synchronized (this) { 5262 return getUserData(userId).mAcceptedCaCertificates.contains(alias); 5263 } 5264 } 5265 5266 private void removeCaApprovalsIfNeeded(int userId) { 5267 for (UserInfo userInfo : mUserManager.getProfiles(userId)) { 5268 boolean isSecure = mLockPatternUtils.isSecure(userInfo.id); 5269 if (userInfo.isManagedProfile()){ 5270 isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id)); 5271 } 5272 if (!isSecure) { 5273 synchronized (this) { 5274 getUserData(userInfo.id).mAcceptedCaCertificates.clear(); 5275 saveSettingsLocked(userInfo.id); 5276 } 5277 mCertificateMonitor.onCertificateApprovalsChanged(userId); 5278 } 5279 } 5280 } 5281 5282 @Override 5283 public boolean installCaCert(ComponentName admin, String callerPackage, byte[] certBuffer) 5284 throws RemoteException { 5285 if (!mHasFeature) { 5286 return false; 5287 } 5288 enforceCanManageCaCerts(admin, callerPackage); 5289 5290 final String alias; 5291 5292 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 5293 final long id = mInjector.binderClearCallingIdentity(); 5294 try { 5295 alias = mCertificateMonitor.installCaCert(userHandle, certBuffer); 5296 if (alias == null) { 5297 Log.w(LOG_TAG, "Problem installing cert"); 5298 return false; 5299 } 5300 } finally { 5301 mInjector.binderRestoreCallingIdentity(id); 5302 } 5303 5304 synchronized (this) { 5305 getUserData(userHandle.getIdentifier()).mOwnerInstalledCaCerts.add(alias); 5306 saveSettingsLocked(userHandle.getIdentifier()); 5307 } 5308 return true; 5309 } 5310 5311 @Override 5312 public void uninstallCaCerts(ComponentName admin, String callerPackage, String[] aliases) { 5313 if (!mHasFeature) { 5314 return; 5315 } 5316 enforceCanManageCaCerts(admin, callerPackage); 5317 5318 final int userId = mInjector.userHandleGetCallingUserId(); 5319 final long id = mInjector.binderClearCallingIdentity(); 5320 try { 5321 mCertificateMonitor.uninstallCaCerts(UserHandle.of(userId), aliases); 5322 } finally { 5323 mInjector.binderRestoreCallingIdentity(id); 5324 } 5325 5326 synchronized (this) { 5327 if (getUserData(userId).mOwnerInstalledCaCerts.removeAll(Arrays.asList(aliases))) { 5328 saveSettingsLocked(userId); 5329 } 5330 } 5331 } 5332 5333 @Override 5334 public boolean installKeyPair(ComponentName who, String callerPackage, byte[] privKey, 5335 byte[] cert, byte[] chain, String alias, boolean requestAccess, 5336 boolean isUserSelectable) { 5337 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5338 DELEGATION_CERT_INSTALL); 5339 5340 5341 final int callingUid = mInjector.binderGetCallingUid(); 5342 final long id = mInjector.binderClearCallingIdentity(); 5343 try { 5344 final KeyChainConnection keyChainConnection = 5345 KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid)); 5346 try { 5347 IKeyChainService keyChain = keyChainConnection.getService(); 5348 if (!keyChain.installKeyPair(privKey, cert, chain, alias)) { 5349 return false; 5350 } 5351 if (requestAccess) { 5352 keyChain.setGrant(callingUid, alias, true); 5353 } 5354 keyChain.setUserSelectable(alias, isUserSelectable); 5355 return true; 5356 } catch (RemoteException e) { 5357 Log.e(LOG_TAG, "Installing certificate", e); 5358 } finally { 5359 keyChainConnection.close(); 5360 } 5361 } catch (InterruptedException e) { 5362 Log.w(LOG_TAG, "Interrupted while installing certificate", e); 5363 Thread.currentThread().interrupt(); 5364 } finally { 5365 mInjector.binderRestoreCallingIdentity(id); 5366 } 5367 return false; 5368 } 5369 5370 @Override 5371 public boolean removeKeyPair(ComponentName who, String callerPackage, String alias) { 5372 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5373 DELEGATION_CERT_INSTALL); 5374 5375 final UserHandle userHandle = new UserHandle(UserHandle.getCallingUserId()); 5376 final long id = Binder.clearCallingIdentity(); 5377 try { 5378 final KeyChainConnection keyChainConnection = KeyChain.bindAsUser(mContext, userHandle); 5379 try { 5380 IKeyChainService keyChain = keyChainConnection.getService(); 5381 return keyChain.removeKeyPair(alias); 5382 } catch (RemoteException e) { 5383 Log.e(LOG_TAG, "Removing keypair", e); 5384 } finally { 5385 keyChainConnection.close(); 5386 } 5387 } catch (InterruptedException e) { 5388 Log.w(LOG_TAG, "Interrupted while removing keypair", e); 5389 Thread.currentThread().interrupt(); 5390 } finally { 5391 Binder.restoreCallingIdentity(id); 5392 } 5393 return false; 5394 } 5395 5396 private void enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner( 5397 ComponentName who, String callerPackage, int callerUid) throws SecurityException { 5398 if (who == null) { 5399 if (!mOwners.hasDeviceOwner()) { 5400 throw new SecurityException("Not in Device Owner mode."); 5401 } 5402 if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) { 5403 throw new SecurityException("Caller not from device owner user"); 5404 } 5405 if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) { 5406 throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() + 5407 "has no permission to generate keys."); 5408 } 5409 } else { 5410 // Caller provided - check it is the device owner. 5411 synchronized (this) { 5412 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 5413 } 5414 } 5415 } 5416 5417 @VisibleForTesting 5418 public static int[] translateIdAttestationFlags( 5419 int idAttestationFlags) { 5420 Map<Integer, Integer> idTypeToAttestationFlag = new HashMap(); 5421 idTypeToAttestationFlag.put(ID_TYPE_SERIAL, AttestationUtils.ID_TYPE_SERIAL); 5422 idTypeToAttestationFlag.put(ID_TYPE_IMEI, AttestationUtils.ID_TYPE_IMEI); 5423 idTypeToAttestationFlag.put(ID_TYPE_MEID, AttestationUtils.ID_TYPE_MEID); 5424 5425 int numFlagsSet = Integer.bitCount(idAttestationFlags); 5426 // No flags are set - return null to indicate no device ID attestation information should 5427 // be included in the attestation record. 5428 if (numFlagsSet == 0) { 5429 return null; 5430 } 5431 5432 // If the ID_TYPE_BASE_INFO is set, make sure that a non-null array is returned, even if 5433 // no other flag is set. That will lead to inclusion of general device make data in the 5434 // attestation record, but no specific device identifiers. 5435 if ((idAttestationFlags & ID_TYPE_BASE_INFO) != 0) { 5436 numFlagsSet -= 1; 5437 idAttestationFlags = idAttestationFlags & (~ID_TYPE_BASE_INFO); 5438 } 5439 5440 int[] attestationUtilsFlags = new int[numFlagsSet]; 5441 int i = 0; 5442 for (Integer idType: idTypeToAttestationFlag.keySet()) { 5443 if ((idType & idAttestationFlags) != 0) { 5444 attestationUtilsFlags[i++] = idTypeToAttestationFlag.get(idType); 5445 } 5446 } 5447 5448 return attestationUtilsFlags; 5449 } 5450 5451 @Override 5452 public boolean generateKeyPair(ComponentName who, String callerPackage, String algorithm, 5453 ParcelableKeyGenParameterSpec parcelableKeySpec, 5454 int idAttestationFlags, 5455 KeymasterCertificateChain attestationChain) { 5456 // Get attestation flags, if any. 5457 final int[] attestationUtilsFlags = translateIdAttestationFlags(idAttestationFlags); 5458 final boolean deviceIdAttestationRequired = attestationUtilsFlags != null; 5459 final int callingUid = mInjector.binderGetCallingUid(); 5460 5461 if (deviceIdAttestationRequired && attestationUtilsFlags.length > 0) { 5462 enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner(who, callerPackage, callingUid); 5463 } else { 5464 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5465 DELEGATION_CERT_INSTALL); 5466 } 5467 final KeyGenParameterSpec keySpec = parcelableKeySpec.getSpec(); 5468 final String alias = keySpec.getKeystoreAlias(); 5469 if (TextUtils.isEmpty(alias)) { 5470 throw new IllegalArgumentException("Empty alias provided."); 5471 } 5472 // As the caller will be granted access to the key, ensure no UID was specified, as 5473 // it will not have the desired effect. 5474 if (keySpec.getUid() != KeyStore.UID_SELF) { 5475 Log.e(LOG_TAG, "Only the caller can be granted access to the generated keypair."); 5476 return false; 5477 } 5478 5479 if (deviceIdAttestationRequired && (keySpec.getAttestationChallenge() == null)) { 5480 throw new IllegalArgumentException( 5481 "Requested Device ID attestation but challenge is empty."); 5482 } 5483 5484 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 5485 final long id = mInjector.binderClearCallingIdentity(); 5486 try { 5487 try (KeyChainConnection keyChainConnection = 5488 KeyChain.bindAsUser(mContext, userHandle)) { 5489 IKeyChainService keyChain = keyChainConnection.getService(); 5490 5491 // Copy the provided keySpec, excluding the attestation challenge, which will be 5492 // used later for requesting key attestation record. 5493 final KeyGenParameterSpec noAttestationSpec = 5494 new KeyGenParameterSpec.Builder(keySpec) 5495 .setAttestationChallenge(null) 5496 .build(); 5497 5498 final boolean generationResult = keyChain.generateKeyPair(algorithm, 5499 new ParcelableKeyGenParameterSpec(noAttestationSpec)); 5500 if (!generationResult) { 5501 Log.e(LOG_TAG, "KeyChain failed to generate a keypair."); 5502 return false; 5503 } 5504 5505 // Set a grant for the caller here so that when the client calls 5506 // requestPrivateKey, it will be able to get the key from Keystore. 5507 // Note the use of the calling UID, since the request for the private 5508 // key will come from the client's process, so the grant has to be for 5509 // that UID. 5510 keyChain.setGrant(callingUid, alias, true); 5511 5512 final byte[] attestationChallenge = keySpec.getAttestationChallenge(); 5513 if (attestationChallenge != null) { 5514 final boolean attestationResult = keyChain.attestKey( 5515 alias, attestationChallenge, attestationUtilsFlags, attestationChain); 5516 if (!attestationResult) { 5517 Log.e(LOG_TAG, String.format( 5518 "Attestation for %s failed, deleting key.", alias)); 5519 keyChain.removeKeyPair(alias); 5520 return false; 5521 } 5522 } 5523 return true; 5524 } 5525 } catch (RemoteException e) { 5526 Log.e(LOG_TAG, "KeyChain error while generating a keypair", e); 5527 } catch (InterruptedException e) { 5528 Log.w(LOG_TAG, "Interrupted while generating keypair", e); 5529 Thread.currentThread().interrupt(); 5530 } finally { 5531 mInjector.binderRestoreCallingIdentity(id); 5532 } 5533 return false; 5534 } 5535 5536 @Override 5537 public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias, 5538 byte[] cert, byte[] chain, boolean isUserSelectable) { 5539 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5540 DELEGATION_CERT_INSTALL); 5541 5542 final int callingUid = mInjector.binderGetCallingUid(); 5543 final long id = mInjector.binderClearCallingIdentity(); 5544 try (final KeyChainConnection keyChainConnection = 5545 KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid))) { 5546 IKeyChainService keyChain = keyChainConnection.getService(); 5547 if (!keyChain.setKeyPairCertificate(alias, cert, chain)) { 5548 return false; 5549 } 5550 keyChain.setUserSelectable(alias, isUserSelectable); 5551 return true; 5552 } catch (InterruptedException e) { 5553 Log.w(LOG_TAG, "Interrupted while setting keypair certificate", e); 5554 Thread.currentThread().interrupt(); 5555 } catch (RemoteException e) { 5556 Log.e(LOG_TAG, "Failed setting keypair certificate", e); 5557 } finally { 5558 mInjector.binderRestoreCallingIdentity(id); 5559 } 5560 return false; 5561 } 5562 5563 @Override 5564 public void choosePrivateKeyAlias(final int uid, final Uri uri, final String alias, 5565 final IBinder response) { 5566 // Caller UID needs to be trusted, so we restrict this method to SYSTEM_UID callers. 5567 if (!isCallerWithSystemUid()) { 5568 return; 5569 } 5570 5571 final UserHandle caller = mInjector.binderGetCallingUserHandle(); 5572 // If there is a profile owner, redirect to that; otherwise query the device owner. 5573 ComponentName aliasChooser = getProfileOwner(caller.getIdentifier()); 5574 if (aliasChooser == null && caller.isSystem()) { 5575 ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 5576 if (deviceOwnerAdmin != null) { 5577 aliasChooser = deviceOwnerAdmin.info.getComponent(); 5578 } 5579 } 5580 if (aliasChooser == null) { 5581 sendPrivateKeyAliasResponse(null, response); 5582 return; 5583 } 5584 5585 Intent intent = new Intent(DeviceAdminReceiver.ACTION_CHOOSE_PRIVATE_KEY_ALIAS); 5586 intent.setComponent(aliasChooser); 5587 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, uid); 5588 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_URI, uri); 5589 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_ALIAS, alias); 5590 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE, response); 5591 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 5592 5593 final long id = mInjector.binderClearCallingIdentity(); 5594 try { 5595 mContext.sendOrderedBroadcastAsUser(intent, caller, null, new BroadcastReceiver() { 5596 @Override 5597 public void onReceive(Context context, Intent intent) { 5598 final String chosenAlias = getResultData(); 5599 sendPrivateKeyAliasResponse(chosenAlias, response); 5600 } 5601 }, null, Activity.RESULT_OK, null, null); 5602 } finally { 5603 mInjector.binderRestoreCallingIdentity(id); 5604 } 5605 } 5606 5607 private void sendPrivateKeyAliasResponse(final String alias, final IBinder responseBinder) { 5608 final IKeyChainAliasCallback keyChainAliasResponse = 5609 IKeyChainAliasCallback.Stub.asInterface(responseBinder); 5610 // Send the response. It's OK to do this from the main thread because IKeyChainAliasCallback 5611 // is oneway, which means it won't block if the recipient lives in another process. 5612 try { 5613 keyChainAliasResponse.alias(alias); 5614 } catch (Exception e) { 5615 // Caller could throw RuntimeException or RemoteException back across processes. Catch 5616 // everything just to be sure. 5617 Log.e(LOG_TAG, "error while responding to callback", e); 5618 } 5619 } 5620 5621 /** 5622 * Determine whether DPMS should check if a delegate package is already installed before 5623 * granting it new delegations via {@link #setDelegatedScopes}. 5624 */ 5625 private static boolean shouldCheckIfDelegatePackageIsInstalled(String delegatePackage, 5626 int targetSdk, List<String> scopes) { 5627 // 1) Never skip is installed check from N. 5628 if (targetSdk >= Build.VERSION_CODES.N) { 5629 return true; 5630 } 5631 // 2) Skip if DELEGATION_CERT_INSTALL is the only scope being given. 5632 if (scopes.size() == 1 && scopes.get(0).equals(DELEGATION_CERT_INSTALL)) { 5633 return false; 5634 } 5635 // 3) Skip if all previously granted scopes are being cleared. 5636 if (scopes.isEmpty()) { 5637 return false; 5638 } 5639 // Otherwise it should check that delegatePackage is installed. 5640 return true; 5641 } 5642 5643 /** 5644 * Set the scopes of a device owner or profile owner delegate. 5645 * 5646 * @param who the device owner or profile owner. 5647 * @param delegatePackage the name of the delegate package. 5648 * @param scopes the list of delegation scopes to be given to the delegate package. 5649 */ 5650 @Override 5651 public void setDelegatedScopes(ComponentName who, String delegatePackage, 5652 List<String> scopes) throws SecurityException { 5653 Preconditions.checkNotNull(who, "ComponentName is null"); 5654 Preconditions.checkStringNotEmpty(delegatePackage, "Delegate package is null or empty"); 5655 Preconditions.checkCollectionElementsNotNull(scopes, "Scopes"); 5656 // Remove possible duplicates. 5657 scopes = new ArrayList(new ArraySet(scopes)); 5658 // Ensure given scopes are valid. 5659 if (scopes.retainAll(Arrays.asList(DELEGATIONS))) { 5660 throw new IllegalArgumentException("Unexpected delegation scopes"); 5661 } 5662 5663 // Retrieve the user ID of the calling process. 5664 final int userId = mInjector.userHandleGetCallingUserId(); 5665 synchronized (this) { 5666 // Ensure calling process is device/profile owner. 5667 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5668 // Ensure the delegate is installed (skip this for DELEGATION_CERT_INSTALL in pre-N). 5669 if (shouldCheckIfDelegatePackageIsInstalled(delegatePackage, 5670 getTargetSdk(who.getPackageName(), userId), scopes)) { 5671 // Throw when the delegate package is not installed. 5672 if (!isPackageInstalledForUser(delegatePackage, userId)) { 5673 throw new IllegalArgumentException("Package " + delegatePackage 5674 + " is not installed on the current user"); 5675 } 5676 } 5677 5678 // Set the new delegate in user policies. 5679 final DevicePolicyData policy = getUserData(userId); 5680 if (!scopes.isEmpty()) { 5681 policy.mDelegationMap.put(delegatePackage, new ArrayList<>(scopes)); 5682 } else { 5683 // Remove any delegation info if the given scopes list is empty. 5684 policy.mDelegationMap.remove(delegatePackage); 5685 } 5686 5687 // Notify delegate package of updates. 5688 final Intent intent = new Intent( 5689 DevicePolicyManager.ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED); 5690 // Only call receivers registered with Context#registerReceiver (don’t wake delegate). 5691 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 5692 // Limit components this intent resolves to to the delegate package. 5693 intent.setPackage(delegatePackage); 5694 // Include the list of delegated scopes as an extra. 5695 intent.putStringArrayListExtra(DevicePolicyManager.EXTRA_DELEGATION_SCOPES, 5696 (ArrayList<String>) scopes); 5697 // Send the broadcast. 5698 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 5699 5700 // Persist updates. 5701 saveSettingsLocked(userId); 5702 } 5703 } 5704 5705 /** 5706 * Get the delegation scopes given to a delegate package by a device owner or profile owner. 5707 * 5708 * A DO/PO can get the scopes of any package. A non DO/PO package can get its own scopes by 5709 * passing in {@code null} as the {@code who} parameter and its own name as the 5710 * {@code delegatepackage}. 5711 * 5712 * @param who the device owner or profile owner, or {@code null} if the caller is 5713 * {@code delegatePackage}. 5714 * @param delegatePackage the name of the delegate package whose scopes are to be retrieved. 5715 * @return a list of the delegation scopes currently given to {@code delegatePackage}. 5716 */ 5717 @Override 5718 @NonNull 5719 public List<String> getDelegatedScopes(ComponentName who, 5720 String delegatePackage) throws SecurityException { 5721 Preconditions.checkNotNull(delegatePackage, "Delegate package is null"); 5722 5723 // Retrieve the user ID of the calling process. 5724 final int callingUid = mInjector.binderGetCallingUid(); 5725 final int userId = UserHandle.getUserId(callingUid); 5726 synchronized (this) { 5727 // Ensure calling process is device/profile owner. 5728 if (who != null) { 5729 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5730 // Or ensure calling process is delegatePackage itself. 5731 } else { 5732 int uid = 0; 5733 try { 5734 uid = mInjector.getPackageManager() 5735 .getPackageUidAsUser(delegatePackage, userId); 5736 } catch(NameNotFoundException e) { 5737 } 5738 if (uid != callingUid) { 5739 throw new SecurityException("Caller with uid " + callingUid + " is not " 5740 + delegatePackage); 5741 } 5742 } 5743 final DevicePolicyData policy = getUserData(userId); 5744 // Retrieve the scopes assigned to delegatePackage, or null if no scope was given. 5745 final List<String> scopes = policy.mDelegationMap.get(delegatePackage); 5746 return scopes == null ? Collections.EMPTY_LIST : scopes; 5747 } 5748 } 5749 5750 /** 5751 * Get a list of packages that were given a specific delegation scopes by a device owner or 5752 * profile owner. 5753 * 5754 * @param who the device owner or profile owner. 5755 * @param scope the scope whose delegates are to be retrieved. 5756 * @return a list of the delegate packages currently given the {@code scope} delegation. 5757 */ 5758 @NonNull 5759 public List<String> getDelegatePackages(ComponentName who, String scope) 5760 throws SecurityException { 5761 Preconditions.checkNotNull(who, "ComponentName is null"); 5762 Preconditions.checkNotNull(scope, "Scope is null"); 5763 if (!Arrays.asList(DELEGATIONS).contains(scope)) { 5764 throw new IllegalArgumentException("Unexpected delegation scope: " + scope); 5765 } 5766 5767 // Retrieve the user ID of the calling process. 5768 final int userId = mInjector.userHandleGetCallingUserId(); 5769 synchronized (this) { 5770 // Ensure calling process is device/profile owner. 5771 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5772 final DevicePolicyData policy = getUserData(userId); 5773 5774 // Create a list to hold the resulting delegate packages. 5775 final List<String> delegatePackagesWithScope = new ArrayList<>(); 5776 // Add all delegations containing scope to the result list. 5777 for (int i = 0; i < policy.mDelegationMap.size(); i++) { 5778 if (policy.mDelegationMap.valueAt(i).contains(scope)) { 5779 delegatePackagesWithScope.add(policy.mDelegationMap.keyAt(i)); 5780 } 5781 } 5782 return delegatePackagesWithScope; 5783 } 5784 } 5785 5786 /** 5787 * Check whether a caller application has been delegated a given scope via 5788 * {@link #setDelegatedScopes} to access privileged APIs on the behalf of a profile owner or 5789 * device owner. 5790 * <p> 5791 * This is done by checking that {@code callerPackage} was granted {@code scope} delegation and 5792 * then comparing the calling UID with the UID of {@code callerPackage} as reported by 5793 * {@link PackageManager#getPackageUidAsUser}. 5794 * 5795 * @param callerPackage the name of the package that is trying to invoke a function in the DPMS. 5796 * @param scope the delegation scope to be checked. 5797 * @return {@code true} if the calling process is a delegate of {@code scope}. 5798 */ 5799 private boolean isCallerDelegate(String callerPackage, String scope) { 5800 Preconditions.checkNotNull(callerPackage, "callerPackage is null"); 5801 if (!Arrays.asList(DELEGATIONS).contains(scope)) { 5802 throw new IllegalArgumentException("Unexpected delegation scope: " + scope); 5803 } 5804 5805 // Retrieve the UID and user ID of the calling process. 5806 final int callingUid = mInjector.binderGetCallingUid(); 5807 final int userId = UserHandle.getUserId(callingUid); 5808 synchronized (this) { 5809 // Retrieve user policy data. 5810 final DevicePolicyData policy = getUserData(userId); 5811 // Retrieve the list of delegation scopes granted to callerPackage. 5812 final List<String> scopes = policy.mDelegationMap.get(callerPackage); 5813 // Check callingUid only if callerPackage has the required scope delegation. 5814 if (scopes != null && scopes.contains(scope)) { 5815 try { 5816 // Retrieve the expected UID for callerPackage. 5817 final int uid = mInjector.getPackageManager() 5818 .getPackageUidAsUser(callerPackage, userId); 5819 // Return true if the caller is actually callerPackage. 5820 return uid == callingUid; 5821 } catch (NameNotFoundException e) { 5822 // Ignore. 5823 } 5824 } 5825 return false; 5826 } 5827 } 5828 5829 /** 5830 * Throw a security exception if a ComponentName is given and it is not a device/profile owner 5831 * or if the calling process is not a delegate of the given scope. 5832 * 5833 * @param who the device owner of profile owner, or null if {@code callerPackage} is a 5834 * {@code scope} delegate. 5835 * @param callerPackage the name of the calling package. Required if {@code who} is 5836 * {@code null}. 5837 * @param reqPolicy the policy used in the API whose access permission is being checked. 5838 * @param scope the delegation scope corresponding to the API being checked. 5839 * @throws SecurityException if {@code who} is given and is not an owner for {@code reqPolicy}; 5840 * or when {@code who} is {@code null} and {@code callerPackage} is not a delegate 5841 * of {@code scope}. 5842 */ 5843 private void enforceCanManageScope(ComponentName who, String callerPackage, int reqPolicy, 5844 String scope) { 5845 // If a ComponentName is given ensure it is a device or profile owner according to policy. 5846 if (who != null) { 5847 synchronized (this) { 5848 getActiveAdminForCallerLocked(who, reqPolicy); 5849 } 5850 // If no ComponentName is given ensure calling process has scope delegation. 5851 } else if (!isCallerDelegate(callerPackage, scope)) { 5852 throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() 5853 + " is not a delegate of scope " + scope + "."); 5854 } 5855 } 5856 5857 /** 5858 * Helper function to preserve delegation behavior pre-O when using the deprecated functions 5859 * {@code #setCertInstallerPackage} and {@code #setApplicationRestrictionsManagingPackage}. 5860 */ 5861 private void setDelegatedScopePreO(ComponentName who, 5862 String delegatePackage, String scope) { 5863 Preconditions.checkNotNull(who, "ComponentName is null"); 5864 5865 final int userId = mInjector.userHandleGetCallingUserId(); 5866 synchronized(this) { 5867 // Ensure calling process is device/profile owner. 5868 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5869 final DevicePolicyData policy = getUserData(userId); 5870 5871 if (delegatePackage != null) { 5872 // Set package as a delegate for scope if it is not already one. 5873 List<String> scopes = policy.mDelegationMap.get(delegatePackage); 5874 if (scopes == null) { 5875 scopes = new ArrayList<>(); 5876 } 5877 if (!scopes.contains(scope)) { 5878 scopes.add(scope); 5879 setDelegatedScopes(who, delegatePackage, scopes); 5880 } 5881 } 5882 5883 // Clear any existing scope delegates. 5884 for (int i = 0; i < policy.mDelegationMap.size(); i++) { 5885 final String currentPackage = policy.mDelegationMap.keyAt(i); 5886 final List<String> currentScopes = policy.mDelegationMap.valueAt(i); 5887 5888 if (!currentPackage.equals(delegatePackage) && currentScopes.contains(scope)) { 5889 final List<String> newScopes = new ArrayList(currentScopes); 5890 newScopes.remove(scope); 5891 setDelegatedScopes(who, currentPackage, newScopes); 5892 } 5893 } 5894 } 5895 } 5896 5897 @Override 5898 public void setCertInstallerPackage(ComponentName who, String installerPackage) 5899 throws SecurityException { 5900 setDelegatedScopePreO(who, installerPackage, DELEGATION_CERT_INSTALL); 5901 } 5902 5903 @Override 5904 public String getCertInstallerPackage(ComponentName who) throws SecurityException { 5905 final List<String> delegatePackages = getDelegatePackages(who, DELEGATION_CERT_INSTALL); 5906 return delegatePackages.size() > 0 ? delegatePackages.get(0) : null; 5907 } 5908 5909 /** 5910 * @return {@code true} if the package is installed and set as always-on, {@code false} if it is 5911 * not installed and therefore not available. 5912 * 5913 * @throws SecurityException if the caller is not a profile or device owner. 5914 * @throws UnsupportedOperationException if the package does not support being set as always-on. 5915 */ 5916 @Override 5917 public boolean setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage, boolean lockdown) 5918 throws SecurityException { 5919 enforceProfileOrDeviceOwner(admin); 5920 5921 final int userId = mInjector.userHandleGetCallingUserId(); 5922 final long token = mInjector.binderClearCallingIdentity(); 5923 try { 5924 if (vpnPackage != null && !isPackageInstalledForUser(vpnPackage, userId)) { 5925 return false; 5926 } 5927 ConnectivityManager connectivityManager = (ConnectivityManager) 5928 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 5929 if (!connectivityManager.setAlwaysOnVpnPackageForUser(userId, vpnPackage, lockdown)) { 5930 throw new UnsupportedOperationException(); 5931 } 5932 } finally { 5933 mInjector.binderRestoreCallingIdentity(token); 5934 } 5935 return true; 5936 } 5937 5938 @Override 5939 public String getAlwaysOnVpnPackage(ComponentName admin) 5940 throws SecurityException { 5941 enforceProfileOrDeviceOwner(admin); 5942 5943 final int userId = mInjector.userHandleGetCallingUserId(); 5944 final long token = mInjector.binderClearCallingIdentity(); 5945 try{ 5946 ConnectivityManager connectivityManager = (ConnectivityManager) 5947 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 5948 return connectivityManager.getAlwaysOnVpnPackageForUser(userId); 5949 } finally { 5950 mInjector.binderRestoreCallingIdentity(token); 5951 } 5952 } 5953 5954 private void forceWipeDeviceNoLock(boolean wipeExtRequested, String reason, boolean wipeEuicc) { 5955 wtfIfInLock(); 5956 5957 if (wipeExtRequested) { 5958 StorageManager sm = (StorageManager) mContext.getSystemService( 5959 Context.STORAGE_SERVICE); 5960 sm.wipeAdoptableDisks(); 5961 } 5962 try { 5963 mInjector.recoverySystemRebootWipeUserData( 5964 /*shutdown=*/ false, reason, /*force=*/ true, /*wipeEuicc=*/ wipeEuicc); 5965 } catch (IOException | SecurityException e) { 5966 Slog.w(LOG_TAG, "Failed requesting data wipe", e); 5967 } 5968 } 5969 5970 private void forceWipeUser(int userId, String wipeReasonForUser) { 5971 try { 5972 IActivityManager am = mInjector.getIActivityManager(); 5973 if (am.getCurrentUser().id == userId) { 5974 am.switchUser(UserHandle.USER_SYSTEM); 5975 } 5976 5977 boolean userRemoved = mUserManagerInternal.removeUserEvenWhenDisallowed(userId); 5978 if (!userRemoved) { 5979 Slog.w(LOG_TAG, "Couldn't remove user " + userId); 5980 } else if (isManagedProfile(userId)) { 5981 sendWipeProfileNotification(wipeReasonForUser); 5982 } 5983 } catch (RemoteException re) { 5984 // Shouldn't happen 5985 } 5986 } 5987 5988 @Override 5989 public void wipeDataWithReason(int flags, String wipeReasonForUser) { 5990 if (!mHasFeature) { 5991 return; 5992 } 5993 Preconditions.checkStringNotEmpty(wipeReasonForUser, "wipeReasonForUser is null or empty"); 5994 enforceFullCrossUsersPermission(mInjector.userHandleGetCallingUserId()); 5995 5996 final ActiveAdmin admin; 5997 synchronized (this) { 5998 admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA); 5999 } 6000 String internalReason = "DevicePolicyManager.wipeDataWithReason() from " 6001 + admin.info.getComponent().flattenToShortString(); 6002 wipeDataNoLock( 6003 admin.info.getComponent(), flags, internalReason, wipeReasonForUser, 6004 admin.getUserHandle().getIdentifier()); 6005 } 6006 6007 private void wipeDataNoLock(ComponentName admin, int flags, String internalReason, 6008 String wipeReasonForUser, int userId) { 6009 wtfIfInLock(); 6010 6011 long ident = mInjector.binderClearCallingIdentity(); 6012 try { 6013 // First check whether the admin is allowed to wipe the device/user/profile. 6014 final String restriction; 6015 if (userId == UserHandle.USER_SYSTEM) { 6016 restriction = UserManager.DISALLOW_FACTORY_RESET; 6017 } else if (isManagedProfile(userId)) { 6018 restriction = UserManager.DISALLOW_REMOVE_MANAGED_PROFILE; 6019 } else { 6020 restriction = UserManager.DISALLOW_REMOVE_USER; 6021 } 6022 if (isAdminAffectedByRestriction(admin, restriction, userId)) { 6023 throw new SecurityException("Cannot wipe data. " + restriction 6024 + " restriction is set for user " + userId); 6025 } 6026 6027 if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) { 6028 if (!isDeviceOwner(admin, userId)) { 6029 throw new SecurityException( 6030 "Only device owner admins can set WIPE_RESET_PROTECTION_DATA"); 6031 } 6032 PersistentDataBlockManager manager = (PersistentDataBlockManager) 6033 mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 6034 if (manager != null) { 6035 manager.wipe(); 6036 } 6037 } 6038 6039 // TODO If split user is enabled and the device owner is set in the primary user 6040 // (rather than system), we should probably trigger factory reset. Current code just 6041 // removes that user (but still clears FRP...) 6042 if (userId == UserHandle.USER_SYSTEM) { 6043 forceWipeDeviceNoLock(/*wipeExtRequested=*/ ( 6044 flags & WIPE_EXTERNAL_STORAGE) != 0, 6045 internalReason, 6046 /*wipeEuicc=*/ (flags & WIPE_EUICC) != 0); 6047 } else { 6048 forceWipeUser(userId, wipeReasonForUser); 6049 } 6050 } finally { 6051 mInjector.binderRestoreCallingIdentity(ident); 6052 } 6053 } 6054 6055 private void sendWipeProfileNotification(String wipeReasonForUser) { 6056 Notification notification = 6057 new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) 6058 .setSmallIcon(android.R.drawable.stat_sys_warning) 6059 .setContentTitle(mContext.getString(R.string.work_profile_deleted)) 6060 .setContentText(wipeReasonForUser) 6061 .setColor(mContext.getColor(R.color.system_notification_accent_color)) 6062 .setStyle(new Notification.BigTextStyle().bigText(wipeReasonForUser)) 6063 .build(); 6064 mInjector.getNotificationManager().notify(SystemMessage.NOTE_PROFILE_WIPED, notification); 6065 } 6066 6067 private void clearWipeProfileNotification() { 6068 mInjector.getNotificationManager().cancel(SystemMessage.NOTE_PROFILE_WIPED); 6069 } 6070 6071 @Override 6072 public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) { 6073 if (!mHasFeature) { 6074 return; 6075 } 6076 enforceFullCrossUsersPermission(userHandle); 6077 mContext.enforceCallingOrSelfPermission( 6078 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6079 6080 synchronized (this) { 6081 ActiveAdmin admin = getActiveAdminUncheckedLocked(comp, userHandle); 6082 if (admin == null) { 6083 result.sendResult(null); 6084 return; 6085 } 6086 Intent intent = new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED); 6087 intent.setFlags(Intent.FLAG_RECEIVER_FOREGROUND); 6088 intent.setComponent(admin.info.getComponent()); 6089 mContext.sendOrderedBroadcastAsUser(intent, new UserHandle(userHandle), 6090 null, new BroadcastReceiver() { 6091 @Override 6092 public void onReceive(Context context, Intent intent) { 6093 result.sendResult(getResultExtras(false)); 6094 } 6095 }, null, Activity.RESULT_OK, null, null); 6096 } 6097 } 6098 6099 /** 6100 * Notify DPMS regarding the metric of the current password. This happens when the user changes 6101 * the password, but also when the user just unlocks the keyguard. In comparison, 6102 * reportPasswordChanged() is only called when the user changes the password. 6103 */ 6104 @Override 6105 public void setActivePasswordState(PasswordMetrics metrics, int userHandle) { 6106 if (!mHasFeature) { 6107 return; 6108 } 6109 enforceFullCrossUsersPermission(userHandle); 6110 mContext.enforceCallingOrSelfPermission( 6111 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6112 6113 // If the managed profile doesn't have a separate password, set the metrics to default 6114 if (isManagedProfile(userHandle) && !isSeparateProfileChallengeEnabled(userHandle)) { 6115 metrics = new PasswordMetrics(); 6116 } 6117 6118 validateQualityConstant(metrics.quality); 6119 DevicePolicyData policy = getUserData(userHandle); 6120 synchronized (this) { 6121 policy.mActivePasswordMetrics = metrics; 6122 policy.mPasswordStateHasBeenSetSinceBoot = true; 6123 } 6124 } 6125 6126 @Override 6127 public void reportPasswordChanged(@UserIdInt int userId) { 6128 if (!mHasFeature) { 6129 return; 6130 } 6131 enforceFullCrossUsersPermission(userId); 6132 6133 // Managed Profile password can only be changed when it has a separate challenge. 6134 if (!isSeparateProfileChallengeEnabled(userId)) { 6135 enforceNotManagedProfile(userId, "set the active password"); 6136 } 6137 6138 mContext.enforceCallingOrSelfPermission( 6139 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6140 6141 DevicePolicyData policy = getUserData(userId); 6142 6143 long ident = mInjector.binderClearCallingIdentity(); 6144 try { 6145 synchronized (this) { 6146 policy.mFailedPasswordAttempts = 0; 6147 updatePasswordValidityCheckpointLocked(userId); 6148 saveSettingsLocked(userId); 6149 updatePasswordExpirationsLocked(userId); 6150 setExpirationAlarmCheckLocked(mContext, userId, /* parent */ false); 6151 6152 // Send a broadcast to each profile using this password as its primary unlock. 6153 sendAdminCommandForLockscreenPoliciesLocked( 6154 DeviceAdminReceiver.ACTION_PASSWORD_CHANGED, 6155 DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userId); 6156 } 6157 removeCaApprovalsIfNeeded(userId); 6158 } finally { 6159 mInjector.binderRestoreCallingIdentity(ident); 6160 } 6161 } 6162 6163 /** 6164 * Called any time the device password is updated. Resets all password expiration clocks. 6165 */ 6166 private void updatePasswordExpirationsLocked(int userHandle) { 6167 ArraySet<Integer> affectedUserIds = new ArraySet<Integer>(); 6168 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 6169 userHandle, /* parent */ false); 6170 final int N = admins.size(); 6171 for (int i = 0; i < N; i++) { 6172 ActiveAdmin admin = admins.get(i); 6173 if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) { 6174 affectedUserIds.add(admin.getUserHandle().getIdentifier()); 6175 long timeout = admin.passwordExpirationTimeout; 6176 long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L; 6177 admin.passwordExpirationDate = expiration; 6178 } 6179 } 6180 for (int affectedUserId : affectedUserIds) { 6181 saveSettingsLocked(affectedUserId); 6182 } 6183 } 6184 6185 @Override 6186 public void reportFailedPasswordAttempt(int userHandle) { 6187 enforceFullCrossUsersPermission(userHandle); 6188 if (!isSeparateProfileChallengeEnabled(userHandle)) { 6189 enforceNotManagedProfile(userHandle, 6190 "report failed password attempt if separate profile challenge is not in place"); 6191 } 6192 mContext.enforceCallingOrSelfPermission( 6193 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6194 6195 boolean wipeData = false; 6196 ActiveAdmin strictestAdmin = null; 6197 final long ident = mInjector.binderClearCallingIdentity(); 6198 try { 6199 synchronized (this) { 6200 DevicePolicyData policy = getUserData(userHandle); 6201 policy.mFailedPasswordAttempts++; 6202 saveSettingsLocked(userHandle); 6203 if (mHasFeature) { 6204 strictestAdmin = getAdminWithMinimumFailedPasswordsForWipeLocked( 6205 userHandle, /* parent */ false); 6206 int max = strictestAdmin != null 6207 ? strictestAdmin.maximumFailedPasswordsForWipe : 0; 6208 if (max > 0 && policy.mFailedPasswordAttempts >= max) { 6209 wipeData = true; 6210 } 6211 6212 sendAdminCommandForLockscreenPoliciesLocked( 6213 DeviceAdminReceiver.ACTION_PASSWORD_FAILED, 6214 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle); 6215 } 6216 } 6217 } finally { 6218 mInjector.binderRestoreCallingIdentity(ident); 6219 } 6220 6221 if (wipeData && strictestAdmin != null) { 6222 final int userId = strictestAdmin.getUserHandle().getIdentifier(); 6223 Slog.i(LOG_TAG, "Max failed password attempts policy reached for admin: " 6224 + strictestAdmin.info.getComponent().flattenToShortString() 6225 + ". Calling wipeData for user " + userId); 6226 6227 // Attempt to wipe the device/user/profile associated with the admin, as if the 6228 // admin had called wipeData(). That way we can check whether the admin is actually 6229 // allowed to wipe the device (e.g. a regular device admin shouldn't be able to wipe the 6230 // device if the device owner has set DISALLOW_FACTORY_RESET, but the DO should be 6231 // able to do so). 6232 // IMPORTANT: Call without holding the lock to prevent deadlock. 6233 try { 6234 String wipeReasonForUser = mContext.getString( 6235 R.string.work_profile_deleted_reason_maximum_password_failure); 6236 wipeDataNoLock(strictestAdmin.info.getComponent(), 6237 /*flags=*/ 0, 6238 /*reason=*/ "reportFailedPasswordAttempt()", 6239 wipeReasonForUser, 6240 userId); 6241 } catch (SecurityException e) { 6242 Slog.w(LOG_TAG, "Failed to wipe user " + userId 6243 + " after max failed password attempts reached.", e); 6244 } 6245 } 6246 6247 if (mInjector.securityLogIsLoggingEnabled()) { 6248 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, 6249 /*result*/ 0, /*method strength*/ 1); 6250 } 6251 } 6252 6253 @Override 6254 public void reportSuccessfulPasswordAttempt(int userHandle) { 6255 enforceFullCrossUsersPermission(userHandle); 6256 mContext.enforceCallingOrSelfPermission( 6257 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6258 6259 synchronized (this) { 6260 DevicePolicyData policy = getUserData(userHandle); 6261 if (policy.mFailedPasswordAttempts != 0 || policy.mPasswordOwner >= 0) { 6262 long ident = mInjector.binderClearCallingIdentity(); 6263 try { 6264 policy.mFailedPasswordAttempts = 0; 6265 policy.mPasswordOwner = -1; 6266 saveSettingsLocked(userHandle); 6267 if (mHasFeature) { 6268 sendAdminCommandForLockscreenPoliciesLocked( 6269 DeviceAdminReceiver.ACTION_PASSWORD_SUCCEEDED, 6270 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle); 6271 } 6272 } finally { 6273 mInjector.binderRestoreCallingIdentity(ident); 6274 } 6275 } 6276 } 6277 6278 if (mInjector.securityLogIsLoggingEnabled()) { 6279 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1, 6280 /*method strength*/ 1); 6281 } 6282 } 6283 6284 @Override 6285 public void reportFailedFingerprintAttempt(int userHandle) { 6286 enforceFullCrossUsersPermission(userHandle); 6287 mContext.enforceCallingOrSelfPermission( 6288 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6289 if (mInjector.securityLogIsLoggingEnabled()) { 6290 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0, 6291 /*method strength*/ 0); 6292 } 6293 } 6294 6295 @Override 6296 public void reportSuccessfulFingerprintAttempt(int userHandle) { 6297 enforceFullCrossUsersPermission(userHandle); 6298 mContext.enforceCallingOrSelfPermission( 6299 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6300 if (mInjector.securityLogIsLoggingEnabled()) { 6301 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1, 6302 /*method strength*/ 0); 6303 } 6304 } 6305 6306 @Override 6307 public void reportKeyguardDismissed(int userHandle) { 6308 enforceFullCrossUsersPermission(userHandle); 6309 mContext.enforceCallingOrSelfPermission( 6310 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6311 6312 if (mInjector.securityLogIsLoggingEnabled()) { 6313 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED); 6314 } 6315 } 6316 6317 @Override 6318 public void reportKeyguardSecured(int userHandle) { 6319 enforceFullCrossUsersPermission(userHandle); 6320 mContext.enforceCallingOrSelfPermission( 6321 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6322 6323 if (mInjector.securityLogIsLoggingEnabled()) { 6324 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED); 6325 } 6326 } 6327 6328 @Override 6329 public ComponentName setGlobalProxy(ComponentName who, String proxySpec, 6330 String exclusionList) { 6331 if (!mHasFeature) { 6332 return null; 6333 } 6334 synchronized(this) { 6335 Preconditions.checkNotNull(who, "ComponentName is null"); 6336 6337 // Only check if system user has set global proxy. We don't allow other users to set it. 6338 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6339 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 6340 DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); 6341 6342 // Scan through active admins and find if anyone has already 6343 // set the global proxy. 6344 Set<ComponentName> compSet = policy.mAdminMap.keySet(); 6345 for (ComponentName component : compSet) { 6346 ActiveAdmin ap = policy.mAdminMap.get(component); 6347 if ((ap.specifiesGlobalProxy) && (!component.equals(who))) { 6348 // Another admin already sets the global proxy 6349 // Return it to the caller. 6350 return component; 6351 } 6352 } 6353 6354 // If the user is not system, don't set the global proxy. Fail silently. 6355 if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) { 6356 Slog.w(LOG_TAG, "Only the owner is allowed to set the global proxy. User " 6357 + UserHandle.getCallingUserId() + " is not permitted."); 6358 return null; 6359 } 6360 if (proxySpec == null) { 6361 admin.specifiesGlobalProxy = false; 6362 admin.globalProxySpec = null; 6363 admin.globalProxyExclusionList = null; 6364 } else { 6365 6366 admin.specifiesGlobalProxy = true; 6367 admin.globalProxySpec = proxySpec; 6368 admin.globalProxyExclusionList = exclusionList; 6369 } 6370 6371 // Reset the global proxy accordingly 6372 // Do this using system permissions, as apps cannot write to secure settings 6373 long origId = mInjector.binderClearCallingIdentity(); 6374 try { 6375 resetGlobalProxyLocked(policy); 6376 } finally { 6377 mInjector.binderRestoreCallingIdentity(origId); 6378 } 6379 return null; 6380 } 6381 } 6382 6383 @Override 6384 public ComponentName getGlobalProxyAdmin(int userHandle) { 6385 if (!mHasFeature) { 6386 return null; 6387 } 6388 enforceFullCrossUsersPermission(userHandle); 6389 synchronized(this) { 6390 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6391 // Scan through active admins and find if anyone has already 6392 // set the global proxy. 6393 final int N = policy.mAdminList.size(); 6394 for (int i = 0; i < N; i++) { 6395 ActiveAdmin ap = policy.mAdminList.get(i); 6396 if (ap.specifiesGlobalProxy) { 6397 // Device admin sets the global proxy 6398 // Return it to the caller. 6399 return ap.info.getComponent(); 6400 } 6401 } 6402 } 6403 // No device admin sets the global proxy. 6404 return null; 6405 } 6406 6407 @Override 6408 public void setRecommendedGlobalProxy(ComponentName who, ProxyInfo proxyInfo) { 6409 synchronized (this) { 6410 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6411 } 6412 long token = mInjector.binderClearCallingIdentity(); 6413 try { 6414 ConnectivityManager connectivityManager = (ConnectivityManager) 6415 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 6416 connectivityManager.setGlobalProxy(proxyInfo); 6417 } finally { 6418 mInjector.binderRestoreCallingIdentity(token); 6419 } 6420 } 6421 6422 private void resetGlobalProxyLocked(DevicePolicyData policy) { 6423 final int N = policy.mAdminList.size(); 6424 for (int i = 0; i < N; i++) { 6425 ActiveAdmin ap = policy.mAdminList.get(i); 6426 if (ap.specifiesGlobalProxy) { 6427 saveGlobalProxyLocked(ap.globalProxySpec, ap.globalProxyExclusionList); 6428 return; 6429 } 6430 } 6431 // No device admins defining global proxies - reset global proxy settings to none 6432 saveGlobalProxyLocked(null, null); 6433 } 6434 6435 private void saveGlobalProxyLocked(String proxySpec, String exclusionList) { 6436 if (exclusionList == null) { 6437 exclusionList = ""; 6438 } 6439 if (proxySpec == null) { 6440 proxySpec = ""; 6441 } 6442 // Remove white spaces 6443 proxySpec = proxySpec.trim(); 6444 String data[] = proxySpec.split(":"); 6445 int proxyPort = 8080; 6446 if (data.length > 1) { 6447 try { 6448 proxyPort = Integer.parseInt(data[1]); 6449 } catch (NumberFormatException e) {} 6450 } 6451 exclusionList = exclusionList.trim(); 6452 6453 ProxyInfo proxyProperties = new ProxyInfo(data[0], proxyPort, exclusionList); 6454 if (!proxyProperties.isValid()) { 6455 Slog.e(LOG_TAG, "Invalid proxy properties, ignoring: " + proxyProperties.toString()); 6456 return; 6457 } 6458 mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_HOST, data[0]); 6459 mInjector.settingsGlobalPutInt(Settings.Global.GLOBAL_HTTP_PROXY_PORT, proxyPort); 6460 mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_EXCLUSION_LIST, 6461 exclusionList); 6462 } 6463 6464 /** 6465 * Set the storage encryption request for a single admin. Returns the new total request 6466 * status (for all admins). 6467 */ 6468 @Override 6469 public int setStorageEncryption(ComponentName who, boolean encrypt) { 6470 if (!mHasFeature) { 6471 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6472 } 6473 Preconditions.checkNotNull(who, "ComponentName is null"); 6474 final int userHandle = UserHandle.getCallingUserId(); 6475 synchronized (this) { 6476 // Check for permissions 6477 // Only system user can set storage encryption 6478 if (userHandle != UserHandle.USER_SYSTEM) { 6479 Slog.w(LOG_TAG, "Only owner/system user is allowed to set storage encryption. User " 6480 + UserHandle.getCallingUserId() + " is not permitted."); 6481 return 0; 6482 } 6483 6484 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6485 DeviceAdminInfo.USES_ENCRYPTED_STORAGE); 6486 6487 // Quick exit: If the filesystem does not support encryption, we can exit early. 6488 if (!isEncryptionSupported()) { 6489 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6490 } 6491 6492 // (1) Record the value for the admin so it's sticky 6493 if (ap.encryptionRequested != encrypt) { 6494 ap.encryptionRequested = encrypt; 6495 saveSettingsLocked(userHandle); 6496 } 6497 6498 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6499 // (2) Compute "max" for all admins 6500 boolean newRequested = false; 6501 final int N = policy.mAdminList.size(); 6502 for (int i = 0; i < N; i++) { 6503 newRequested |= policy.mAdminList.get(i).encryptionRequested; 6504 } 6505 6506 // Notify OS of new request 6507 setEncryptionRequested(newRequested); 6508 6509 // Return the new global request status 6510 return newRequested 6511 ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE 6512 : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; 6513 } 6514 } 6515 6516 /** 6517 * Get the current storage encryption request status for a given admin, or aggregate of all 6518 * active admins. 6519 */ 6520 @Override 6521 public boolean getStorageEncryption(ComponentName who, int userHandle) { 6522 if (!mHasFeature) { 6523 return false; 6524 } 6525 enforceFullCrossUsersPermission(userHandle); 6526 synchronized (this) { 6527 // Check for permissions if a particular caller is specified 6528 if (who != null) { 6529 // When checking for a single caller, status is based on caller's request 6530 ActiveAdmin ap = getActiveAdminUncheckedLocked(who, userHandle); 6531 return ap != null ? ap.encryptionRequested : false; 6532 } 6533 6534 // If no particular caller is specified, return the aggregate set of requests. 6535 // This is short circuited by returning true on the first hit. 6536 DevicePolicyData policy = getUserData(userHandle); 6537 final int N = policy.mAdminList.size(); 6538 for (int i = 0; i < N; i++) { 6539 if (policy.mAdminList.get(i).encryptionRequested) { 6540 return true; 6541 } 6542 } 6543 return false; 6544 } 6545 } 6546 6547 /** 6548 * Get the current encryption status of the device. 6549 */ 6550 @Override 6551 public int getStorageEncryptionStatus(@Nullable String callerPackage, int userHandle) { 6552 if (!mHasFeature) { 6553 // Ok to return current status. 6554 } 6555 enforceFullCrossUsersPermission(userHandle); 6556 6557 // It's not critical here, but let's make sure the package name is correct, in case 6558 // we start using it for different purposes. 6559 ensureCallerPackage(callerPackage); 6560 6561 final ApplicationInfo ai; 6562 try { 6563 ai = mIPackageManager.getApplicationInfo(callerPackage, 0, userHandle); 6564 } catch (RemoteException e) { 6565 throw new SecurityException(e); 6566 } 6567 6568 boolean legacyApp = false; 6569 if (ai.targetSdkVersion <= Build.VERSION_CODES.M) { 6570 legacyApp = true; 6571 } 6572 6573 final int rawStatus = getEncryptionStatus(); 6574 if ((rawStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER) && legacyApp) { 6575 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE; 6576 } 6577 return rawStatus; 6578 } 6579 6580 /** 6581 * Hook to low-levels: This should report if the filesystem supports encrypted storage. 6582 */ 6583 private boolean isEncryptionSupported() { 6584 // Note, this can be implemented as 6585 // return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6586 // But is provided as a separate internal method if there's a faster way to do a 6587 // simple check for supported-or-not. 6588 return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6589 } 6590 6591 /** 6592 * Hook to low-levels: Reporting the current status of encryption. 6593 * @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED}, 6594 * {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE}, 6595 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY}, 6596 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER}, or 6597 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}. 6598 */ 6599 private int getEncryptionStatus() { 6600 if (mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 6601 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER; 6602 } else if (mInjector.storageManagerIsNonDefaultBlockEncrypted()) { 6603 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE; 6604 } else if (mInjector.storageManagerIsEncrypted()) { 6605 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY; 6606 } else if (mInjector.storageManagerIsEncryptable()) { 6607 return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; 6608 } else { 6609 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6610 } 6611 } 6612 6613 /** 6614 * Hook to low-levels: If needed, record the new admin setting for encryption. 6615 */ 6616 private void setEncryptionRequested(boolean encrypt) { 6617 } 6618 6619 /** 6620 * Set whether the screen capture is disabled for the user managed by the specified admin. 6621 */ 6622 @Override 6623 public void setScreenCaptureDisabled(ComponentName who, boolean disabled) { 6624 if (!mHasFeature) { 6625 return; 6626 } 6627 Preconditions.checkNotNull(who, "ComponentName is null"); 6628 final int userHandle = UserHandle.getCallingUserId(); 6629 synchronized (this) { 6630 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6631 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 6632 if (ap.disableScreenCapture != disabled) { 6633 ap.disableScreenCapture = disabled; 6634 saveSettingsLocked(userHandle); 6635 updateScreenCaptureDisabledInWindowManager(userHandle, disabled); 6636 } 6637 } 6638 } 6639 6640 /** 6641 * Returns whether or not screen capture is disabled for a given admin, or disabled for any 6642 * active admin (if given admin is null). 6643 */ 6644 @Override 6645 public boolean getScreenCaptureDisabled(ComponentName who, int userHandle) { 6646 if (!mHasFeature) { 6647 return false; 6648 } 6649 synchronized (this) { 6650 if (who != null) { 6651 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 6652 return (admin != null) ? admin.disableScreenCapture : false; 6653 } 6654 6655 DevicePolicyData policy = getUserData(userHandle); 6656 final int N = policy.mAdminList.size(); 6657 for (int i = 0; i < N; i++) { 6658 ActiveAdmin admin = policy.mAdminList.get(i); 6659 if (admin.disableScreenCapture) { 6660 return true; 6661 } 6662 } 6663 return false; 6664 } 6665 } 6666 6667 private void updateScreenCaptureDisabledInWindowManager(final int userHandle, 6668 final boolean disabled) { 6669 mHandler.post(new Runnable() { 6670 @Override 6671 public void run() { 6672 try { 6673 mInjector.getIWindowManager().setScreenCaptureDisabled(userHandle, disabled); 6674 } catch (RemoteException e) { 6675 Log.w(LOG_TAG, "Unable to notify WindowManager.", e); 6676 } 6677 } 6678 }); 6679 } 6680 6681 /** 6682 * Set whether auto time is required by the specified admin (must be device or profile owner). 6683 */ 6684 @Override 6685 public void setAutoTimeRequired(ComponentName who, boolean required) { 6686 if (!mHasFeature) { 6687 return; 6688 } 6689 Preconditions.checkNotNull(who, "ComponentName is null"); 6690 final int userHandle = UserHandle.getCallingUserId(); 6691 synchronized (this) { 6692 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 6693 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 6694 if (admin.requireAutoTime != required) { 6695 admin.requireAutoTime = required; 6696 saveSettingsLocked(userHandle); 6697 } 6698 } 6699 6700 // Turn AUTO_TIME on in settings if it is required 6701 if (required) { 6702 long ident = mInjector.binderClearCallingIdentity(); 6703 try { 6704 mInjector.settingsGlobalPutInt(Settings.Global.AUTO_TIME, 1 /* AUTO_TIME on */); 6705 } finally { 6706 mInjector.binderRestoreCallingIdentity(ident); 6707 } 6708 } 6709 } 6710 6711 /** 6712 * Returns whether or not auto time is required by the device owner or any profile owner. 6713 */ 6714 @Override 6715 public boolean getAutoTimeRequired() { 6716 if (!mHasFeature) { 6717 return false; 6718 } 6719 synchronized (this) { 6720 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 6721 if (deviceOwner != null && deviceOwner.requireAutoTime) { 6722 // If the device owner enforces auto time, we don't need to check the PO's 6723 return true; 6724 } 6725 6726 // Now check to see if any profile owner on any user enforces auto time 6727 for (Integer userId : mOwners.getProfileOwnerKeys()) { 6728 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 6729 if (profileOwner != null && profileOwner.requireAutoTime) { 6730 return true; 6731 } 6732 } 6733 6734 return false; 6735 } 6736 } 6737 6738 @Override 6739 public void setForceEphemeralUsers(ComponentName who, boolean forceEphemeralUsers) { 6740 if (!mHasFeature) { 6741 return; 6742 } 6743 Preconditions.checkNotNull(who, "ComponentName is null"); 6744 // Allow setting this policy to true only if there is a split system user. 6745 if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) { 6746 throw new UnsupportedOperationException( 6747 "Cannot force ephemeral users on systems without split system user."); 6748 } 6749 boolean removeAllUsers = false; 6750 synchronized (this) { 6751 final ActiveAdmin deviceOwner = 6752 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6753 if (deviceOwner.forceEphemeralUsers != forceEphemeralUsers) { 6754 deviceOwner.forceEphemeralUsers = forceEphemeralUsers; 6755 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 6756 mUserManagerInternal.setForceEphemeralUsers(forceEphemeralUsers); 6757 removeAllUsers = forceEphemeralUsers; 6758 } 6759 } 6760 if (removeAllUsers) { 6761 long identitity = mInjector.binderClearCallingIdentity(); 6762 try { 6763 mUserManagerInternal.removeAllUsers(); 6764 } finally { 6765 mInjector.binderRestoreCallingIdentity(identitity); 6766 } 6767 } 6768 } 6769 6770 @Override 6771 public boolean getForceEphemeralUsers(ComponentName who) { 6772 if (!mHasFeature) { 6773 return false; 6774 } 6775 Preconditions.checkNotNull(who, "ComponentName is null"); 6776 synchronized (this) { 6777 final ActiveAdmin deviceOwner = 6778 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6779 return deviceOwner.forceEphemeralUsers; 6780 } 6781 } 6782 6783 private void ensureDeviceOwnerAndAllUsersAffiliated(ComponentName who) throws SecurityException { 6784 synchronized (this) { 6785 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6786 if (!areAllUsersAffiliatedWithDeviceLocked()) { 6787 throw new SecurityException("Not all users are affiliated."); 6788 } 6789 } 6790 } 6791 6792 @Override 6793 public boolean requestBugreport(ComponentName who) { 6794 if (!mHasFeature) { 6795 return false; 6796 } 6797 Preconditions.checkNotNull(who, "ComponentName is null"); 6798 6799 // TODO: If an unaffiliated user is removed, the admin will be able to request a bugreport 6800 // which could still contain data related to that user. Should we disallow that, e.g. until 6801 // next boot? Might not be needed given that this still requires user consent. 6802 ensureDeviceOwnerAndAllUsersAffiliated(who); 6803 6804 if (mRemoteBugreportServiceIsActive.get() 6805 || (getDeviceOwnerRemoteBugreportUri() != null)) { 6806 Slog.d(LOG_TAG, "Remote bugreport wasn't started because there's already one running."); 6807 return false; 6808 } 6809 6810 final long currentTime = System.currentTimeMillis(); 6811 synchronized (this) { 6812 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 6813 if (currentTime > policyData.mLastBugReportRequestTime) { 6814 policyData.mLastBugReportRequestTime = currentTime; 6815 saveSettingsLocked(UserHandle.USER_SYSTEM); 6816 } 6817 } 6818 6819 final long callingIdentity = mInjector.binderClearCallingIdentity(); 6820 try { 6821 mInjector.getIActivityManager().requestBugReport( 6822 ActivityManager.BUGREPORT_OPTION_REMOTE); 6823 6824 mRemoteBugreportServiceIsActive.set(true); 6825 mRemoteBugreportSharingAccepted.set(false); 6826 registerRemoteBugreportReceivers(); 6827 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, 6828 RemoteBugreportUtils.NOTIFICATION_ID, 6829 RemoteBugreportUtils.buildNotification(mContext, 6830 DevicePolicyManager.NOTIFICATION_BUGREPORT_STARTED), UserHandle.ALL); 6831 mHandler.postDelayed(mRemoteBugreportTimeoutRunnable, 6832 RemoteBugreportUtils.REMOTE_BUGREPORT_TIMEOUT_MILLIS); 6833 return true; 6834 } catch (RemoteException re) { 6835 // should never happen 6836 Slog.e(LOG_TAG, "Failed to make remote calls to start bugreportremote service", re); 6837 return false; 6838 } finally { 6839 mInjector.binderRestoreCallingIdentity(callingIdentity); 6840 } 6841 } 6842 6843 void sendDeviceOwnerCommand(String action, Bundle extras) { 6844 int deviceOwnerUserId; 6845 ComponentName deviceOwnerComponent; 6846 synchronized (this) { 6847 deviceOwnerUserId = mOwners.getDeviceOwnerUserId(); 6848 deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 6849 } 6850 sendActiveAdminCommand(action, extras, deviceOwnerUserId, 6851 deviceOwnerComponent); 6852 } 6853 6854 private void sendProfileOwnerCommand(String action, Bundle extras, int userHandle) { 6855 sendActiveAdminCommand(action, extras, userHandle, 6856 mOwners.getProfileOwnerComponent(userHandle)); 6857 } 6858 6859 private void sendActiveAdminCommand(String action, Bundle extras, 6860 int userHandle, ComponentName receiverComponent) { 6861 final Intent intent = new Intent(action); 6862 intent.setComponent(receiverComponent); 6863 if (extras != null) { 6864 intent.putExtras(extras); 6865 } 6866 mContext.sendBroadcastAsUser(intent, UserHandle.of(userHandle)); 6867 } 6868 6869 private void sendOwnerChangedBroadcast(String broadcast, int userId) { 6870 final Intent intent = new Intent(broadcast) 6871 .addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND); 6872 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 6873 } 6874 6875 private synchronized String getDeviceOwnerRemoteBugreportUri() { 6876 return mOwners.getDeviceOwnerRemoteBugreportUri(); 6877 } 6878 6879 private synchronized void setDeviceOwnerRemoteBugreportUriAndHash(String bugreportUri, 6880 String bugreportHash) { 6881 mOwners.setDeviceOwnerRemoteBugreportUriAndHash(bugreportUri, bugreportHash); 6882 } 6883 6884 private void registerRemoteBugreportReceivers() { 6885 try { 6886 IntentFilter filterFinished = new IntentFilter( 6887 DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH, 6888 RemoteBugreportUtils.BUGREPORT_MIMETYPE); 6889 mContext.registerReceiver(mRemoteBugreportFinishedReceiver, filterFinished); 6890 } catch (IntentFilter.MalformedMimeTypeException e) { 6891 // should never happen, as setting a constant 6892 Slog.w(LOG_TAG, "Failed to set type " + RemoteBugreportUtils.BUGREPORT_MIMETYPE, e); 6893 } 6894 IntentFilter filterConsent = new IntentFilter(); 6895 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED); 6896 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED); 6897 mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent); 6898 } 6899 6900 private void onBugreportFinished(Intent intent) { 6901 mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable); 6902 mRemoteBugreportServiceIsActive.set(false); 6903 Uri bugreportUri = intent.getData(); 6904 String bugreportUriString = null; 6905 if (bugreportUri != null) { 6906 bugreportUriString = bugreportUri.toString(); 6907 } 6908 String bugreportHash = intent.getStringExtra( 6909 DevicePolicyManager.EXTRA_REMOTE_BUGREPORT_HASH); 6910 if (mRemoteBugreportSharingAccepted.get()) { 6911 shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash); 6912 mInjector.getNotificationManager().cancel(LOG_TAG, 6913 RemoteBugreportUtils.NOTIFICATION_ID); 6914 } else { 6915 setDeviceOwnerRemoteBugreportUriAndHash(bugreportUriString, bugreportHash); 6916 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID, 6917 RemoteBugreportUtils.buildNotification(mContext, 6918 DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED), 6919 UserHandle.ALL); 6920 } 6921 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6922 } 6923 6924 private void onBugreportFailed() { 6925 mRemoteBugreportServiceIsActive.set(false); 6926 mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP, 6927 RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE); 6928 mRemoteBugreportSharingAccepted.set(false); 6929 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6930 mInjector.getNotificationManager().cancel(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID); 6931 Bundle extras = new Bundle(); 6932 extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON, 6933 DeviceAdminReceiver.BUGREPORT_FAILURE_FAILED_COMPLETING); 6934 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras); 6935 mContext.unregisterReceiver(mRemoteBugreportConsentReceiver); 6936 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6937 } 6938 6939 private void onBugreportSharingAccepted() { 6940 mRemoteBugreportSharingAccepted.set(true); 6941 String bugreportUriString = null; 6942 String bugreportHash = null; 6943 synchronized (this) { 6944 bugreportUriString = getDeviceOwnerRemoteBugreportUri(); 6945 bugreportHash = mOwners.getDeviceOwnerRemoteBugreportHash(); 6946 } 6947 if (bugreportUriString != null) { 6948 shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash); 6949 } else if (mRemoteBugreportServiceIsActive.get()) { 6950 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID, 6951 RemoteBugreportUtils.buildNotification(mContext, 6952 DevicePolicyManager.NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED), 6953 UserHandle.ALL); 6954 } 6955 } 6956 6957 private void onBugreportSharingDeclined() { 6958 if (mRemoteBugreportServiceIsActive.get()) { 6959 mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP, 6960 RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE); 6961 mRemoteBugreportServiceIsActive.set(false); 6962 mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable); 6963 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6964 } 6965 mRemoteBugreportSharingAccepted.set(false); 6966 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6967 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_SHARING_DECLINED, null); 6968 } 6969 6970 private void shareBugreportWithDeviceOwnerIfExists(String bugreportUriString, 6971 String bugreportHash) { 6972 ParcelFileDescriptor pfd = null; 6973 try { 6974 if (bugreportUriString == null) { 6975 throw new FileNotFoundException(); 6976 } 6977 Uri bugreportUri = Uri.parse(bugreportUriString); 6978 pfd = mContext.getContentResolver().openFileDescriptor(bugreportUri, "r"); 6979 6980 synchronized (this) { 6981 Intent intent = new Intent(DeviceAdminReceiver.ACTION_BUGREPORT_SHARE); 6982 intent.setComponent(mOwners.getDeviceOwnerComponent()); 6983 intent.setDataAndType(bugreportUri, RemoteBugreportUtils.BUGREPORT_MIMETYPE); 6984 intent.putExtra(DeviceAdminReceiver.EXTRA_BUGREPORT_HASH, bugreportHash); 6985 intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); 6986 6987 LocalServices.getService(ActivityManagerInternal.class) 6988 .grantUriPermissionFromIntent(Process.SHELL_UID, 6989 mOwners.getDeviceOwnerComponent().getPackageName(), 6990 intent, mOwners.getDeviceOwnerUserId()); 6991 mContext.sendBroadcastAsUser(intent, UserHandle.of(mOwners.getDeviceOwnerUserId())); 6992 } 6993 } catch (FileNotFoundException e) { 6994 Bundle extras = new Bundle(); 6995 extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON, 6996 DeviceAdminReceiver.BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE); 6997 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras); 6998 } finally { 6999 try { 7000 if (pfd != null) { 7001 pfd.close(); 7002 } 7003 } catch (IOException ex) { 7004 // Ignore 7005 } 7006 mRemoteBugreportSharingAccepted.set(false); 7007 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 7008 } 7009 } 7010 7011 /** 7012 * Disables all device cameras according to the specified admin. 7013 */ 7014 @Override 7015 public void setCameraDisabled(ComponentName who, boolean disabled) { 7016 if (!mHasFeature) { 7017 return; 7018 } 7019 Preconditions.checkNotNull(who, "ComponentName is null"); 7020 final int userHandle = mInjector.userHandleGetCallingUserId(); 7021 synchronized (this) { 7022 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 7023 DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA); 7024 if (ap.disableCamera != disabled) { 7025 ap.disableCamera = disabled; 7026 saveSettingsLocked(userHandle); 7027 } 7028 } 7029 // Tell the user manager that the restrictions have changed. 7030 pushUserRestrictions(userHandle); 7031 } 7032 7033 /** 7034 * Gets whether or not all device cameras are disabled for a given admin, or disabled for any 7035 * active admins. 7036 */ 7037 @Override 7038 public boolean getCameraDisabled(ComponentName who, int userHandle) { 7039 return getCameraDisabled(who, userHandle, /* mergeDeviceOwnerRestriction= */ true); 7040 } 7041 7042 private boolean getCameraDisabled(ComponentName who, int userHandle, 7043 boolean mergeDeviceOwnerRestriction) { 7044 if (!mHasFeature) { 7045 return false; 7046 } 7047 synchronized (this) { 7048 if (who != null) { 7049 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 7050 return (admin != null) ? admin.disableCamera : false; 7051 } 7052 // First, see if DO has set it. If so, it's device-wide. 7053 if (mergeDeviceOwnerRestriction) { 7054 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7055 if (deviceOwner != null && deviceOwner.disableCamera) { 7056 return true; 7057 } 7058 } 7059 7060 // Then check each device admin on the user. 7061 DevicePolicyData policy = getUserData(userHandle); 7062 // Determine whether or not the device camera is disabled for any active admins. 7063 final int N = policy.mAdminList.size(); 7064 for (int i = 0; i < N; i++) { 7065 ActiveAdmin admin = policy.mAdminList.get(i); 7066 if (admin.disableCamera) { 7067 return true; 7068 } 7069 } 7070 return false; 7071 } 7072 } 7073 7074 @Override 7075 public void setKeyguardDisabledFeatures(ComponentName who, int which, boolean parent) { 7076 if (!mHasFeature) { 7077 return; 7078 } 7079 Preconditions.checkNotNull(who, "ComponentName is null"); 7080 final int userHandle = mInjector.userHandleGetCallingUserId(); 7081 if (isManagedProfile(userHandle)) { 7082 if (parent) { 7083 which = which & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER; 7084 } else { 7085 which = which & PROFILE_KEYGUARD_FEATURES; 7086 } 7087 } 7088 synchronized (this) { 7089 ActiveAdmin ap = getActiveAdminForCallerLocked( 7090 who, DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent); 7091 if (ap.disabledKeyguardFeatures != which) { 7092 ap.disabledKeyguardFeatures = which; 7093 saveSettingsLocked(userHandle); 7094 } 7095 } 7096 if (SecurityLog.isLoggingEnabled()) { 7097 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 7098 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISABLED_FEATURES_SET, 7099 who.getPackageName(), userHandle, affectedUserId, which); 7100 } 7101 } 7102 7103 /** 7104 * Gets the disabled state for features in keyguard for the given admin, 7105 * or the aggregate of all active admins if who is null. 7106 */ 7107 @Override 7108 public int getKeyguardDisabledFeatures(ComponentName who, int userHandle, boolean parent) { 7109 if (!mHasFeature) { 7110 return 0; 7111 } 7112 enforceFullCrossUsersPermission(userHandle); 7113 final long ident = mInjector.binderClearCallingIdentity(); 7114 try { 7115 synchronized (this) { 7116 if (who != null) { 7117 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 7118 return (admin != null) ? admin.disabledKeyguardFeatures : 0; 7119 } 7120 7121 final List<ActiveAdmin> admins; 7122 if (!parent && isManagedProfile(userHandle)) { 7123 // If we are being asked about a managed profile, just return keyguard features 7124 // disabled by admins in the profile. 7125 admins = getUserDataUnchecked(userHandle).mAdminList; 7126 } else { 7127 // Otherwise return those set by admins in the user and its profiles. 7128 admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 7129 } 7130 7131 int which = DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE; 7132 final int N = admins.size(); 7133 for (int i = 0; i < N; i++) { 7134 ActiveAdmin admin = admins.get(i); 7135 int userId = admin.getUserHandle().getIdentifier(); 7136 boolean isRequestedUser = !parent && (userId == userHandle); 7137 if (isRequestedUser || !isManagedProfile(userId)) { 7138 // If we are being asked explicitly about this user 7139 // return all disabled features even if its a managed profile. 7140 which |= admin.disabledKeyguardFeatures; 7141 } else { 7142 // Otherwise a managed profile is only allowed to disable 7143 // some features on the parent user. 7144 which |= (admin.disabledKeyguardFeatures 7145 & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER); 7146 } 7147 } 7148 return which; 7149 } 7150 } finally { 7151 mInjector.binderRestoreCallingIdentity(ident); 7152 } 7153 } 7154 7155 @Override 7156 public void setKeepUninstalledPackages(ComponentName who, String callerPackage, 7157 List<String> packageList) { 7158 if (!mHasFeature) { 7159 return; 7160 } 7161 Preconditions.checkNotNull(packageList, "packageList is null"); 7162 final int userHandle = UserHandle.getCallingUserId(); 7163 synchronized (this) { 7164 // Ensure the caller is a DO or a keep uninstalled packages delegate. 7165 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7166 DELEGATION_KEEP_UNINSTALLED_PACKAGES); 7167 // Get the device owner 7168 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7169 // Set list of packages to be kept even if uninstalled. 7170 deviceOwner.keepUninstalledPackages = packageList; 7171 // Save settings. 7172 saveSettingsLocked(userHandle); 7173 // Notify package manager. 7174 mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList); 7175 } 7176 } 7177 7178 @Override 7179 public List<String> getKeepUninstalledPackages(ComponentName who, String callerPackage) { 7180 if (!mHasFeature) { 7181 return null; 7182 } 7183 // TODO In split system user mode, allow apps on user 0 to query the list 7184 synchronized (this) { 7185 // Ensure the caller is a DO or a keep uninstalled packages delegate. 7186 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7187 DELEGATION_KEEP_UNINSTALLED_PACKAGES); 7188 return getKeepUninstalledPackagesLocked(); 7189 } 7190 } 7191 7192 private List<String> getKeepUninstalledPackagesLocked() { 7193 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7194 return (deviceOwner != null) ? deviceOwner.keepUninstalledPackages : null; 7195 } 7196 7197 @Override 7198 public boolean setDeviceOwner(ComponentName admin, String ownerName, int userId) { 7199 if (!mHasFeature) { 7200 return false; 7201 } 7202 if (admin == null 7203 || !isPackageInstalledForUser(admin.getPackageName(), userId)) { 7204 throw new IllegalArgumentException("Invalid component " + admin 7205 + " for device owner"); 7206 } 7207 final boolean hasIncompatibleAccountsOrNonAdb = 7208 hasIncompatibleAccountsOrNonAdbNoLock(userId, admin); 7209 synchronized (this) { 7210 enforceCanSetDeviceOwnerLocked(admin, userId, hasIncompatibleAccountsOrNonAdb); 7211 final ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(admin, userId); 7212 if (activeAdmin == null 7213 || getUserData(userId).mRemovingAdmins.contains(admin)) { 7214 throw new IllegalArgumentException("Not active admin: " + admin); 7215 } 7216 7217 // Shutting down backup manager service permanently. 7218 long ident = mInjector.binderClearCallingIdentity(); 7219 try { 7220 if (mInjector.getIBackupManager() != null) { 7221 mInjector.getIBackupManager() 7222 .setBackupServiceActive(UserHandle.USER_SYSTEM, false); 7223 } 7224 } catch (RemoteException e) { 7225 throw new IllegalStateException("Failed deactivating backup service.", e); 7226 } finally { 7227 mInjector.binderRestoreCallingIdentity(ident); 7228 } 7229 7230 if (isAdb()) { 7231 // Log device owner provisioning was started using adb. 7232 MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_DEVICE_OWNER); 7233 } 7234 7235 mOwners.setDeviceOwner(admin, ownerName, userId); 7236 mOwners.writeDeviceOwner(); 7237 updateDeviceOwnerLocked(); 7238 setDeviceOwnerSystemPropertyLocked(); 7239 7240 final Set<String> restrictions = 7241 UserRestrictionsUtils.getDefaultEnabledForDeviceOwner(); 7242 if (!restrictions.isEmpty()) { 7243 for (String restriction : restrictions) { 7244 activeAdmin.ensureUserRestrictions().putBoolean(restriction, true); 7245 } 7246 activeAdmin.defaultEnabledRestrictionsAlreadySet.addAll(restrictions); 7247 Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictions); 7248 7249 saveUserRestrictionsLocked(userId); 7250 } 7251 7252 ident = mInjector.binderClearCallingIdentity(); 7253 try { 7254 // TODO Send to system too? 7255 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId); 7256 } finally { 7257 mInjector.binderRestoreCallingIdentity(ident); 7258 } 7259 mDeviceAdminServiceController.startServiceForOwner( 7260 admin.getPackageName(), userId, "set-device-owner"); 7261 7262 Slog.i(LOG_TAG, "Device owner set: " + admin + " on user " + userId); 7263 return true; 7264 } 7265 } 7266 7267 @Override 7268 public boolean hasDeviceOwner() { 7269 enforceDeviceOwnerOrManageUsers(); 7270 return mOwners.hasDeviceOwner(); 7271 } 7272 7273 boolean isDeviceOwner(ActiveAdmin admin) { 7274 return isDeviceOwner(admin.info.getComponent(), admin.getUserHandle().getIdentifier()); 7275 } 7276 7277 public boolean isDeviceOwner(ComponentName who, int userId) { 7278 synchronized (this) { 7279 return mOwners.hasDeviceOwner() 7280 && mOwners.getDeviceOwnerUserId() == userId 7281 && mOwners.getDeviceOwnerComponent().equals(who); 7282 } 7283 } 7284 7285 private boolean isDeviceOwnerPackage(String packageName, int userId) { 7286 synchronized (this) { 7287 return mOwners.hasDeviceOwner() 7288 && mOwners.getDeviceOwnerUserId() == userId 7289 && mOwners.getDeviceOwnerPackageName().equals(packageName); 7290 } 7291 } 7292 7293 private boolean isProfileOwnerPackage(String packageName, int userId) { 7294 synchronized (this) { 7295 return mOwners.hasProfileOwner(userId) 7296 && mOwners.getProfileOwnerPackage(userId).equals(packageName); 7297 } 7298 } 7299 7300 public boolean isProfileOwner(ComponentName who, int userId) { 7301 final ComponentName profileOwner = getProfileOwner(userId); 7302 return who != null && who.equals(profileOwner); 7303 } 7304 7305 @Override 7306 public ComponentName getDeviceOwnerComponent(boolean callingUserOnly) { 7307 if (!mHasFeature) { 7308 return null; 7309 } 7310 if (!callingUserOnly) { 7311 enforceManageUsers(); 7312 } 7313 synchronized (this) { 7314 if (!mOwners.hasDeviceOwner()) { 7315 return null; 7316 } 7317 if (callingUserOnly && mInjector.userHandleGetCallingUserId() != 7318 mOwners.getDeviceOwnerUserId()) { 7319 return null; 7320 } 7321 return mOwners.getDeviceOwnerComponent(); 7322 } 7323 } 7324 7325 @Override 7326 public int getDeviceOwnerUserId() { 7327 if (!mHasFeature) { 7328 return UserHandle.USER_NULL; 7329 } 7330 enforceManageUsers(); 7331 synchronized (this) { 7332 return mOwners.hasDeviceOwner() ? mOwners.getDeviceOwnerUserId() : UserHandle.USER_NULL; 7333 } 7334 } 7335 7336 /** 7337 * Returns the "name" of the device owner. It'll work for non-DO users too, but requires 7338 * MANAGE_USERS. 7339 */ 7340 @Override 7341 public String getDeviceOwnerName() { 7342 if (!mHasFeature) { 7343 return null; 7344 } 7345 enforceManageUsers(); 7346 synchronized (this) { 7347 if (!mOwners.hasDeviceOwner()) { 7348 return null; 7349 } 7350 // TODO This totally ignores the name passed to setDeviceOwner (change for b/20679292) 7351 // Should setDeviceOwner/ProfileOwner still take a name? 7352 String deviceOwnerPackage = mOwners.getDeviceOwnerPackageName(); 7353 return getApplicationLabel(deviceOwnerPackage, UserHandle.USER_SYSTEM); 7354 } 7355 } 7356 7357 /** Returns the active device owner or {@code null} if there is no device owner. */ 7358 @VisibleForTesting 7359 ActiveAdmin getDeviceOwnerAdminLocked() { 7360 ComponentName component = mOwners.getDeviceOwnerComponent(); 7361 if (component == null) { 7362 return null; 7363 } 7364 7365 DevicePolicyData policy = getUserData(mOwners.getDeviceOwnerUserId()); 7366 final int n = policy.mAdminList.size(); 7367 for (int i = 0; i < n; i++) { 7368 ActiveAdmin admin = policy.mAdminList.get(i); 7369 if (component.equals(admin.info.getComponent())) { 7370 return admin; 7371 } 7372 } 7373 Slog.wtf(LOG_TAG, "Active admin for device owner not found. component=" + component); 7374 return null; 7375 } 7376 7377 @Override 7378 public void clearDeviceOwner(String packageName) { 7379 Preconditions.checkNotNull(packageName, "packageName is null"); 7380 final int callingUid = mInjector.binderGetCallingUid(); 7381 try { 7382 int uid = mInjector.getPackageManager().getPackageUidAsUser(packageName, 7383 UserHandle.getUserId(callingUid)); 7384 if (uid != callingUid) { 7385 throw new SecurityException("Invalid packageName"); 7386 } 7387 } catch (NameNotFoundException e) { 7388 throw new SecurityException(e); 7389 } 7390 synchronized (this) { 7391 final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 7392 final int deviceOwnerUserId = mOwners.getDeviceOwnerUserId(); 7393 if (!mOwners.hasDeviceOwner() 7394 || !deviceOwnerComponent.getPackageName().equals(packageName) 7395 || (deviceOwnerUserId != UserHandle.getUserId(callingUid))) { 7396 throw new SecurityException( 7397 "clearDeviceOwner can only be called by the device owner"); 7398 } 7399 enforceUserUnlocked(deviceOwnerUserId); 7400 7401 final ActiveAdmin admin = getDeviceOwnerAdminLocked(); 7402 long ident = mInjector.binderClearCallingIdentity(); 7403 try { 7404 clearDeviceOwnerLocked(admin, deviceOwnerUserId); 7405 removeActiveAdminLocked(deviceOwnerComponent, deviceOwnerUserId); 7406 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, 7407 deviceOwnerUserId); 7408 } finally { 7409 mInjector.binderRestoreCallingIdentity(ident); 7410 } 7411 Slog.i(LOG_TAG, "Device owner removed: " + deviceOwnerComponent); 7412 } 7413 } 7414 7415 private void clearOverrideApnUnchecked() { 7416 // Disable Override APNs and remove them from database. 7417 setOverrideApnsEnabledUnchecked(false); 7418 final List<ApnSetting> apns = getOverrideApnsUnchecked(); 7419 for (int i = 0; i < apns.size(); i ++) { 7420 removeOverrideApnUnchecked(apns.get(i).getId()); 7421 } 7422 } 7423 7424 private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) { 7425 mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner"); 7426 7427 if (admin != null) { 7428 admin.disableCamera = false; 7429 admin.userRestrictions = null; 7430 admin.defaultEnabledRestrictionsAlreadySet.clear(); 7431 admin.forceEphemeralUsers = false; 7432 admin.isNetworkLoggingEnabled = false; 7433 mUserManagerInternal.setForceEphemeralUsers(admin.forceEphemeralUsers); 7434 } 7435 final DevicePolicyData policyData = getUserData(userId); 7436 policyData.mCurrentInputMethodSet = false; 7437 saveSettingsLocked(userId); 7438 final DevicePolicyData systemPolicyData = getUserData(UserHandle.USER_SYSTEM); 7439 systemPolicyData.mLastSecurityLogRetrievalTime = -1; 7440 systemPolicyData.mLastBugReportRequestTime = -1; 7441 systemPolicyData.mLastNetworkLogsRetrievalTime = -1; 7442 saveSettingsLocked(UserHandle.USER_SYSTEM); 7443 clearUserPoliciesLocked(userId); 7444 clearOverrideApnUnchecked(); 7445 7446 mOwners.clearDeviceOwner(); 7447 mOwners.writeDeviceOwner(); 7448 updateDeviceOwnerLocked(); 7449 7450 clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userId)); 7451 mInjector.securityLogSetLoggingEnabledProperty(false); 7452 mSecurityLogMonitor.stop(); 7453 setNetworkLoggingActiveInternal(false); 7454 deleteTransferOwnershipBundleLocked(userId); 7455 7456 try { 7457 if (mInjector.getIBackupManager() != null) { 7458 // Reactivate backup service. 7459 mInjector.getIBackupManager().setBackupServiceActive(UserHandle.USER_SYSTEM, true); 7460 } 7461 } catch (RemoteException e) { 7462 throw new IllegalStateException("Failed reactivating backup service.", e); 7463 } 7464 } 7465 7466 @Override 7467 public boolean setProfileOwner(ComponentName who, String ownerName, int userHandle) { 7468 if (!mHasFeature) { 7469 return false; 7470 } 7471 if (who == null 7472 || !isPackageInstalledForUser(who.getPackageName(), userHandle)) { 7473 throw new IllegalArgumentException("Component " + who 7474 + " not installed for userId:" + userHandle); 7475 } 7476 final boolean hasIncompatibleAccountsOrNonAdb = 7477 hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who); 7478 synchronized (this) { 7479 enforceCanSetProfileOwnerLocked(who, userHandle, hasIncompatibleAccountsOrNonAdb); 7480 7481 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 7482 if (admin == null || getUserData(userHandle).mRemovingAdmins.contains(who)) { 7483 throw new IllegalArgumentException("Not active admin: " + who); 7484 } 7485 7486 if (isAdb()) { 7487 // Log profile owner provisioning was started using adb. 7488 MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER); 7489 } 7490 7491 mOwners.setProfileOwner(who, ownerName, userHandle); 7492 mOwners.writeProfileOwner(userHandle); 7493 Slog.i(LOG_TAG, "Profile owner set: " + who + " on user " + userHandle); 7494 7495 final long id = mInjector.binderClearCallingIdentity(); 7496 try { 7497 if (mUserManager.isManagedProfile(userHandle)) { 7498 maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin, 7499 UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); 7500 ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin, 7501 true /* newOwner */); 7502 } 7503 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, 7504 userHandle); 7505 } finally { 7506 mInjector.binderRestoreCallingIdentity(id); 7507 } 7508 mDeviceAdminServiceController.startServiceForOwner( 7509 who.getPackageName(), userHandle, "set-profile-owner"); 7510 return true; 7511 } 7512 } 7513 7514 @Override 7515 public void clearProfileOwner(ComponentName who) { 7516 if (!mHasFeature) { 7517 return; 7518 } 7519 Preconditions.checkNotNull(who, "ComponentName is null"); 7520 7521 final int userId = mInjector.userHandleGetCallingUserId(); 7522 enforceNotManagedProfile(userId, "clear profile owner"); 7523 enforceUserUnlocked(userId); 7524 synchronized (this) { 7525 // Check if this is the profile owner who is calling 7526 final ActiveAdmin admin = 7527 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7528 7529 final long ident = mInjector.binderClearCallingIdentity(); 7530 try { 7531 clearProfileOwnerLocked(admin, userId); 7532 removeActiveAdminLocked(who, userId); 7533 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, 7534 userId); 7535 } finally { 7536 mInjector.binderRestoreCallingIdentity(ident); 7537 } 7538 Slog.i(LOG_TAG, "Profile owner " + who + " removed from user " + userId); 7539 } 7540 } 7541 7542 public void clearProfileOwnerLocked(ActiveAdmin admin, int userId) { 7543 mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-profile-owner"); 7544 7545 if (admin != null) { 7546 admin.disableCamera = false; 7547 admin.userRestrictions = null; 7548 admin.defaultEnabledRestrictionsAlreadySet.clear(); 7549 } 7550 final DevicePolicyData policyData = getUserData(userId); 7551 policyData.mCurrentInputMethodSet = false; 7552 policyData.mOwnerInstalledCaCerts.clear(); 7553 saveSettingsLocked(userId); 7554 clearUserPoliciesLocked(userId); 7555 mOwners.removeProfileOwner(userId); 7556 mOwners.writeProfileOwner(userId); 7557 deleteTransferOwnershipBundleLocked(userId); 7558 } 7559 7560 @Override 7561 public void setDeviceOwnerLockScreenInfo(ComponentName who, CharSequence info) { 7562 Preconditions.checkNotNull(who, "ComponentName is null"); 7563 if (!mHasFeature) { 7564 return; 7565 } 7566 7567 synchronized (this) { 7568 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 7569 long token = mInjector.binderClearCallingIdentity(); 7570 try { 7571 mLockPatternUtils.setDeviceOwnerInfo(info != null ? info.toString() : null); 7572 } finally { 7573 mInjector.binderRestoreCallingIdentity(token); 7574 } 7575 } 7576 } 7577 7578 @Override 7579 public CharSequence getDeviceOwnerLockScreenInfo() { 7580 return mLockPatternUtils.getDeviceOwnerInfo(); 7581 } 7582 7583 private void clearUserPoliciesLocked(int userId) { 7584 // Reset some of the user-specific policies. 7585 final DevicePolicyData policy = getUserData(userId); 7586 policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT; 7587 // Clear delegations. 7588 policy.mDelegationMap.clear(); 7589 policy.mStatusBarDisabled = false; 7590 policy.mUserProvisioningState = DevicePolicyManager.STATE_USER_UNMANAGED; 7591 policy.mAffiliationIds.clear(); 7592 policy.mLockTaskPackages.clear(); 7593 updateLockTaskPackagesLocked(policy.mLockTaskPackages, userId); 7594 policy.mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE; 7595 saveSettingsLocked(userId); 7596 7597 try { 7598 mIPackageManager.updatePermissionFlagsForAllApps( 7599 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 7600 0 /* flagValues */, userId); 7601 pushUserRestrictions(userId); 7602 } catch (RemoteException re) { 7603 // Shouldn't happen. 7604 } 7605 } 7606 7607 @Override 7608 public boolean hasUserSetupCompleted() { 7609 return hasUserSetupCompleted(UserHandle.getCallingUserId()); 7610 } 7611 7612 // This checks only if the Setup Wizard has run. Since Wear devices pair before 7613 // completing Setup Wizard, and pairing involves transferring user data, calling 7614 // logic may want to check mIsWatch or mPaired in addition to hasUserSetupCompleted(). 7615 private boolean hasUserSetupCompleted(int userHandle) { 7616 if (!mHasFeature) { 7617 return true; 7618 } 7619 return getUserData(userHandle).mUserSetupComplete; 7620 } 7621 7622 private boolean hasPaired(int userHandle) { 7623 if (!mHasFeature) { 7624 return true; 7625 } 7626 return getUserData(userHandle).mPaired; 7627 } 7628 7629 @Override 7630 public int getUserProvisioningState() { 7631 if (!mHasFeature) { 7632 return DevicePolicyManager.STATE_USER_UNMANAGED; 7633 } 7634 int userHandle = mInjector.userHandleGetCallingUserId(); 7635 return getUserProvisioningState(userHandle); 7636 } 7637 7638 private int getUserProvisioningState(int userHandle) { 7639 return getUserData(userHandle).mUserProvisioningState; 7640 } 7641 7642 @Override 7643 public void setUserProvisioningState(int newState, int userHandle) { 7644 if (!mHasFeature) { 7645 return; 7646 } 7647 7648 if (userHandle != mOwners.getDeviceOwnerUserId() && !mOwners.hasProfileOwner(userHandle) 7649 && getManagedUserId(userHandle) == -1) { 7650 // No managed device, user or profile, so setting provisioning state makes no sense. 7651 throw new IllegalStateException("Not allowed to change provisioning state unless a " 7652 + "device or profile owner is set."); 7653 } 7654 7655 synchronized (this) { 7656 boolean transitionCheckNeeded = true; 7657 7658 // Calling identity/permission checks. 7659 if (isAdb()) { 7660 // ADB shell can only move directly from un-managed to finalized as part of directly 7661 // setting profile-owner or device-owner. 7662 if (getUserProvisioningState(userHandle) != 7663 DevicePolicyManager.STATE_USER_UNMANAGED 7664 || newState != DevicePolicyManager.STATE_USER_SETUP_FINALIZED) { 7665 throw new IllegalStateException("Not allowed to change provisioning state " 7666 + "unless current provisioning state is unmanaged, and new state is " 7667 + "finalized."); 7668 } 7669 transitionCheckNeeded = false; 7670 } else { 7671 // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS. 7672 enforceCanManageProfileAndDeviceOwners(); 7673 } 7674 7675 final DevicePolicyData policyData = getUserData(userHandle); 7676 if (transitionCheckNeeded) { 7677 // Optional state transition check for non-ADB case. 7678 checkUserProvisioningStateTransition(policyData.mUserProvisioningState, newState); 7679 } 7680 policyData.mUserProvisioningState = newState; 7681 saveSettingsLocked(userHandle); 7682 } 7683 } 7684 7685 private void checkUserProvisioningStateTransition(int currentState, int newState) { 7686 // Valid transitions for normal use-cases. 7687 switch (currentState) { 7688 case DevicePolicyManager.STATE_USER_UNMANAGED: 7689 // Can move to any state from unmanaged (except itself as an edge case).. 7690 if (newState != DevicePolicyManager.STATE_USER_UNMANAGED) { 7691 return; 7692 } 7693 break; 7694 case DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE: 7695 case DevicePolicyManager.STATE_USER_SETUP_COMPLETE: 7696 // Can only move to finalized from these states. 7697 if (newState == DevicePolicyManager.STATE_USER_SETUP_FINALIZED) { 7698 return; 7699 } 7700 break; 7701 case DevicePolicyManager.STATE_USER_PROFILE_COMPLETE: 7702 // Current user has a managed-profile, but current user is not managed, so 7703 // rather than moving to finalized state, go back to unmanaged once 7704 // profile provisioning is complete. 7705 if (newState == DevicePolicyManager.STATE_USER_UNMANAGED) { 7706 return; 7707 } 7708 break; 7709 case DevicePolicyManager.STATE_USER_SETUP_FINALIZED: 7710 // Cannot transition out of finalized. 7711 break; 7712 } 7713 7714 // Didn't meet any of the accepted state transition checks above, throw appropriate error. 7715 throw new IllegalStateException("Cannot move to user provisioning state [" + newState + "] " 7716 + "from state [" + currentState + "]"); 7717 } 7718 7719 @Override 7720 public void setProfileEnabled(ComponentName who) { 7721 if (!mHasFeature) { 7722 return; 7723 } 7724 Preconditions.checkNotNull(who, "ComponentName is null"); 7725 synchronized (this) { 7726 // Check if this is the profile owner who is calling 7727 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7728 final int userId = UserHandle.getCallingUserId(); 7729 enforceManagedProfile(userId, "enable the profile"); 7730 // Check if the profile is already enabled. 7731 UserInfo managedProfile = getUserInfo(userId); 7732 if (managedProfile.isEnabled()) { 7733 Slog.e(LOG_TAG, 7734 "setProfileEnabled is called when the profile is already enabled"); 7735 return; 7736 } 7737 long id = mInjector.binderClearCallingIdentity(); 7738 try { 7739 mUserManager.setUserEnabled(userId); 7740 UserInfo parent = mUserManager.getProfileParent(userId); 7741 Intent intent = new Intent(Intent.ACTION_MANAGED_PROFILE_ADDED); 7742 intent.putExtra(Intent.EXTRA_USER, new UserHandle(userId)); 7743 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY | 7744 Intent.FLAG_RECEIVER_FOREGROUND); 7745 mContext.sendBroadcastAsUser(intent, new UserHandle(parent.id)); 7746 } finally { 7747 mInjector.binderRestoreCallingIdentity(id); 7748 } 7749 } 7750 } 7751 7752 @Override 7753 public void setProfileName(ComponentName who, String profileName) { 7754 Preconditions.checkNotNull(who, "ComponentName is null"); 7755 int userId = UserHandle.getCallingUserId(); 7756 // Check if this is the profile owner (includes device owner). 7757 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7758 7759 long id = mInjector.binderClearCallingIdentity(); 7760 try { 7761 mUserManager.setUserName(userId, profileName); 7762 } finally { 7763 mInjector.binderRestoreCallingIdentity(id); 7764 } 7765 } 7766 7767 @Override 7768 public ComponentName getProfileOwner(int userHandle) { 7769 if (!mHasFeature) { 7770 return null; 7771 } 7772 7773 synchronized (this) { 7774 return mOwners.getProfileOwnerComponent(userHandle); 7775 } 7776 } 7777 7778 // Returns the active profile owner for this user or null if the current user has no 7779 // profile owner. 7780 @VisibleForTesting 7781 ActiveAdmin getProfileOwnerAdminLocked(int userHandle) { 7782 ComponentName profileOwner = mOwners.getProfileOwnerComponent(userHandle); 7783 if (profileOwner == null) { 7784 return null; 7785 } 7786 DevicePolicyData policy = getUserData(userHandle); 7787 final int n = policy.mAdminList.size(); 7788 for (int i = 0; i < n; i++) { 7789 ActiveAdmin admin = policy.mAdminList.get(i); 7790 if (profileOwner.equals(admin.info.getComponent())) { 7791 return admin; 7792 } 7793 } 7794 return null; 7795 } 7796 7797 @Override 7798 public String getProfileOwnerName(int userHandle) { 7799 if (!mHasFeature) { 7800 return null; 7801 } 7802 enforceManageUsers(); 7803 ComponentName profileOwner = getProfileOwner(userHandle); 7804 if (profileOwner == null) { 7805 return null; 7806 } 7807 return getApplicationLabel(profileOwner.getPackageName(), userHandle); 7808 } 7809 7810 /** 7811 * Canonical name for a given package. 7812 */ 7813 private String getApplicationLabel(String packageName, int userHandle) { 7814 long token = mInjector.binderClearCallingIdentity(); 7815 try { 7816 final Context userContext; 7817 try { 7818 UserHandle handle = new UserHandle(userHandle); 7819 userContext = mContext.createPackageContextAsUser(packageName, 0, handle); 7820 } catch (PackageManager.NameNotFoundException nnfe) { 7821 Log.w(LOG_TAG, packageName + " is not installed for user " + userHandle, nnfe); 7822 return null; 7823 } 7824 ApplicationInfo appInfo = userContext.getApplicationInfo(); 7825 CharSequence result = null; 7826 if (appInfo != null) { 7827 PackageManager pm = userContext.getPackageManager(); 7828 result = pm.getApplicationLabel(appInfo); 7829 } 7830 return result != null ? result.toString() : null; 7831 } finally { 7832 mInjector.binderRestoreCallingIdentity(token); 7833 } 7834 } 7835 7836 /** 7837 * Calls wtfStack() if called with the DPMS lock held. 7838 */ 7839 private void wtfIfInLock() { 7840 if (Thread.holdsLock(this)) { 7841 Slog.wtfStack(LOG_TAG, "Shouldn't be called with DPMS lock held"); 7842 } 7843 } 7844 7845 /** 7846 * The profile owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS 7847 * permission. 7848 * The profile owner can only be set before the user setup phase has completed, 7849 * except for: 7850 * - SYSTEM_UID 7851 * - adb unless hasIncompatibleAccountsOrNonAdb is true. 7852 */ 7853 private void enforceCanSetProfileOwnerLocked(@Nullable ComponentName owner, int userHandle, 7854 boolean hasIncompatibleAccountsOrNonAdb) { 7855 UserInfo info = getUserInfo(userHandle); 7856 if (info == null) { 7857 // User doesn't exist. 7858 throw new IllegalArgumentException( 7859 "Attempted to set profile owner for invalid userId: " + userHandle); 7860 } 7861 if (info.isGuest()) { 7862 throw new IllegalStateException("Cannot set a profile owner on a guest"); 7863 } 7864 if (mOwners.hasProfileOwner(userHandle)) { 7865 throw new IllegalStateException("Trying to set the profile owner, but profile owner " 7866 + "is already set."); 7867 } 7868 if (mOwners.hasDeviceOwner() && mOwners.getDeviceOwnerUserId() == userHandle) { 7869 throw new IllegalStateException("Trying to set the profile owner, but the user " 7870 + "already has a device owner."); 7871 } 7872 if (isAdb()) { 7873 if ((mIsWatch || hasUserSetupCompleted(userHandle)) 7874 && hasIncompatibleAccountsOrNonAdb) { 7875 throw new IllegalStateException("Not allowed to set the profile owner because " 7876 + "there are already some accounts on the profile"); 7877 } 7878 return; 7879 } 7880 enforceCanManageProfileAndDeviceOwners(); 7881 if ((mIsWatch || hasUserSetupCompleted(userHandle)) && !isCallerWithSystemUid()) { 7882 throw new IllegalStateException("Cannot set the profile owner on a user which is " 7883 + "already set-up"); 7884 } 7885 } 7886 7887 /** 7888 * The Device owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS 7889 * permission. 7890 */ 7891 private void enforceCanSetDeviceOwnerLocked(@Nullable ComponentName owner, int userId, 7892 boolean hasIncompatibleAccountsOrNonAdb) { 7893 if (!isAdb()) { 7894 enforceCanManageProfileAndDeviceOwners(); 7895 } 7896 7897 final int code = checkDeviceOwnerProvisioningPreConditionLocked( 7898 owner, userId, isAdb(), hasIncompatibleAccountsOrNonAdb); 7899 switch (code) { 7900 case CODE_OK: 7901 return; 7902 case CODE_HAS_DEVICE_OWNER: 7903 throw new IllegalStateException( 7904 "Trying to set the device owner, but device owner is already set."); 7905 case CODE_USER_HAS_PROFILE_OWNER: 7906 throw new IllegalStateException("Trying to set the device owner, but the user " 7907 + "already has a profile owner."); 7908 case CODE_USER_NOT_RUNNING: 7909 throw new IllegalStateException("User not running: " + userId); 7910 case CODE_NOT_SYSTEM_USER: 7911 throw new IllegalStateException("User is not system user"); 7912 case CODE_USER_SETUP_COMPLETED: 7913 throw new IllegalStateException( 7914 "Cannot set the device owner if the device is already set-up"); 7915 case CODE_NONSYSTEM_USER_EXISTS: 7916 throw new IllegalStateException("Not allowed to set the device owner because there " 7917 + "are already several users on the device"); 7918 case CODE_ACCOUNTS_NOT_EMPTY: 7919 throw new IllegalStateException("Not allowed to set the device owner because there " 7920 + "are already some accounts on the device"); 7921 case CODE_HAS_PAIRED: 7922 throw new IllegalStateException("Not allowed to set the device owner because this " 7923 + "device has already paired"); 7924 default: 7925 throw new IllegalStateException("Unexpected @ProvisioningPreCondition " + code); 7926 } 7927 } 7928 7929 private void enforceUserUnlocked(int userId) { 7930 // Since we're doing this operation on behalf of an app, we only 7931 // want to use the actual "unlocked" state. 7932 Preconditions.checkState(mUserManager.isUserUnlocked(userId), 7933 "User must be running and unlocked"); 7934 } 7935 7936 private void enforceUserUnlocked(@UserIdInt int userId, boolean parent) { 7937 if (parent) { 7938 enforceUserUnlocked(getProfileParentId(userId)); 7939 } else { 7940 enforceUserUnlocked(userId); 7941 } 7942 } 7943 7944 private void enforceManageUsers() { 7945 final int callingUid = mInjector.binderGetCallingUid(); 7946 if (!(isCallerWithSystemUid() || callingUid == Process.ROOT_UID)) { 7947 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); 7948 } 7949 } 7950 7951 private void enforceFullCrossUsersPermission(int userHandle) { 7952 enforceSystemUserOrPermissionIfCrossUser(userHandle, 7953 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL); 7954 } 7955 7956 private void enforceCrossUsersPermission(int userHandle) { 7957 enforceSystemUserOrPermissionIfCrossUser(userHandle, 7958 android.Manifest.permission.INTERACT_ACROSS_USERS); 7959 } 7960 7961 private void enforceSystemUserOrPermission(String permission) { 7962 if (!(isCallerWithSystemUid() || mInjector.binderGetCallingUid() == Process.ROOT_UID)) { 7963 mContext.enforceCallingOrSelfPermission(permission, 7964 "Must be system or have " + permission + " permission"); 7965 } 7966 } 7967 7968 private void enforceSystemUserOrPermissionIfCrossUser(int userHandle, String permission) { 7969 if (userHandle < 0) { 7970 throw new IllegalArgumentException("Invalid userId " + userHandle); 7971 } 7972 if (userHandle == mInjector.userHandleGetCallingUserId()) { 7973 return; 7974 } 7975 enforceSystemUserOrPermission(permission); 7976 } 7977 7978 private void enforceManagedProfile(int userHandle, String message) { 7979 if(!isManagedProfile(userHandle)) { 7980 throw new SecurityException("You can not " + message + " outside a managed profile."); 7981 } 7982 } 7983 7984 private void enforceNotManagedProfile(int userHandle, String message) { 7985 if(isManagedProfile(userHandle)) { 7986 throw new SecurityException("You can not " + message + " for a managed profile."); 7987 } 7988 } 7989 7990 private void enforceDeviceOwnerOrManageUsers() { 7991 synchronized (this) { 7992 if (getActiveAdminWithPolicyForUidLocked(null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7993 mInjector.binderGetCallingUid()) != null) { 7994 return; 7995 } 7996 } 7997 enforceManageUsers(); 7998 } 7999 8000 private void enforceProfileOwnerOrSystemUser() { 8001 synchronized (this) { 8002 if (getActiveAdminWithPolicyForUidLocked(null, 8003 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid()) 8004 != null) { 8005 return; 8006 } 8007 } 8008 Preconditions.checkState(isCallerWithSystemUid(), 8009 "Only profile owner, device owner and system may call this method."); 8010 } 8011 8012 private void enforceProfileOwnerOrFullCrossUsersPermission(int userId) { 8013 if (userId == mInjector.userHandleGetCallingUserId()) { 8014 synchronized (this) { 8015 if (getActiveAdminWithPolicyForUidLocked(null, 8016 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid()) 8017 != null) { 8018 // Device Owner/Profile Owner may access the user it runs on. 8019 return; 8020 } 8021 } 8022 } 8023 // Otherwise, INTERACT_ACROSS_USERS_FULL permission, system UID or root UID is required. 8024 enforceSystemUserOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL); 8025 } 8026 8027 private boolean canUserUseLockTaskLocked(int userId) { 8028 if (isUserAffiliatedWithDeviceLocked(userId)) { 8029 return true; 8030 } 8031 8032 // Unaffiliated profile owners are not allowed to use lock when there is a device owner. 8033 if (mOwners.hasDeviceOwner()) { 8034 return false; 8035 } 8036 8037 final ComponentName profileOwner = getProfileOwner(userId); 8038 if (profileOwner == null) { 8039 return false; 8040 } 8041 8042 // Managed profiles are not allowed to use lock task 8043 if (isManagedProfile(userId)) { 8044 return false; 8045 } 8046 8047 return true; 8048 } 8049 8050 private void enforceCanCallLockTaskLocked(ComponentName who) { 8051 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8052 final int userId = mInjector.userHandleGetCallingUserId(); 8053 if (!canUserUseLockTaskLocked(userId)) { 8054 throw new SecurityException("User " + userId + " is not allowed to use lock task"); 8055 } 8056 } 8057 8058 private void ensureCallerPackage(@Nullable String packageName) { 8059 if (packageName == null) { 8060 Preconditions.checkState(isCallerWithSystemUid(), 8061 "Only caller can omit package name"); 8062 } else { 8063 final int callingUid = mInjector.binderGetCallingUid(); 8064 final int userId = mInjector.userHandleGetCallingUserId(); 8065 try { 8066 final ApplicationInfo ai = mIPackageManager.getApplicationInfo( 8067 packageName, 0, userId); 8068 Preconditions.checkState(ai.uid == callingUid, "Unmatching package name"); 8069 } catch (RemoteException e) { 8070 // Shouldn't happen 8071 } 8072 } 8073 } 8074 8075 private boolean isCallerWithSystemUid() { 8076 return UserHandle.isSameApp(mInjector.binderGetCallingUid(), Process.SYSTEM_UID); 8077 } 8078 8079 protected int getProfileParentId(int userHandle) { 8080 final long ident = mInjector.binderClearCallingIdentity(); 8081 try { 8082 UserInfo parentUser = mUserManager.getProfileParent(userHandle); 8083 return parentUser != null ? parentUser.id : userHandle; 8084 } finally { 8085 mInjector.binderRestoreCallingIdentity(ident); 8086 } 8087 } 8088 8089 private int getCredentialOwner(int userHandle, boolean parent) { 8090 final long ident = mInjector.binderClearCallingIdentity(); 8091 try { 8092 if (parent) { 8093 UserInfo parentProfile = mUserManager.getProfileParent(userHandle); 8094 if (parentProfile != null) { 8095 userHandle = parentProfile.id; 8096 } 8097 } 8098 return mUserManager.getCredentialOwnerProfile(userHandle); 8099 } finally { 8100 mInjector.binderRestoreCallingIdentity(ident); 8101 } 8102 } 8103 8104 private boolean isManagedProfile(int userHandle) { 8105 final UserInfo user = getUserInfo(userHandle); 8106 return user != null && user.isManagedProfile(); 8107 } 8108 8109 private void enableIfNecessary(String packageName, int userId) { 8110 try { 8111 final ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName, 8112 PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, userId); 8113 if (ai.enabledSetting 8114 == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) { 8115 mIPackageManager.setApplicationEnabledSetting(packageName, 8116 PackageManager.COMPONENT_ENABLED_STATE_DEFAULT, 8117 PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager"); 8118 } 8119 } catch (RemoteException e) { 8120 } 8121 } 8122 8123 @Override 8124 protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { 8125 if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; 8126 8127 synchronized (this) { 8128 pw.println("Current Device Policy Manager state:"); 8129 8130 mOwners.dump(" ", pw); 8131 mDeviceAdminServiceController.dump(" ", pw); 8132 int userCount = mUserData.size(); 8133 for (int u = 0; u < userCount; u++) { 8134 DevicePolicyData policy = getUserData(mUserData.keyAt(u)); 8135 pw.println(); 8136 pw.println(" Enabled Device Admins (User " + policy.mUserHandle 8137 + ", provisioningState: " + policy.mUserProvisioningState + "):"); 8138 final int N = policy.mAdminList.size(); 8139 for (int i=0; i<N; i++) { 8140 ActiveAdmin ap = policy.mAdminList.get(i); 8141 if (ap != null) { 8142 pw.print(" "); pw.print(ap.info.getComponent().flattenToShortString()); 8143 pw.println(":"); 8144 ap.dump(" ", pw); 8145 } 8146 } 8147 if (!policy.mRemovingAdmins.isEmpty()) { 8148 pw.println(" Removing Device Admins (User " + policy.mUserHandle + "): " 8149 + policy.mRemovingAdmins); 8150 } 8151 8152 pw.println(" "); 8153 pw.print(" mPasswordOwner="); pw.println(policy.mPasswordOwner); 8154 } 8155 pw.println(); 8156 mConstants.dump(" ", pw); 8157 pw.println(); 8158 pw.println(" Encryption Status: " + getEncryptionStatusName(getEncryptionStatus())); 8159 } 8160 } 8161 8162 private String getEncryptionStatusName(int encryptionStatus) { 8163 switch (encryptionStatus) { 8164 case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE: 8165 return "inactive"; 8166 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY: 8167 return "block default key"; 8168 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE: 8169 return "block"; 8170 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER: 8171 return "per-user"; 8172 case DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED: 8173 return "unsupported"; 8174 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING: 8175 return "activating"; 8176 default: 8177 return "unknown"; 8178 } 8179 } 8180 8181 @Override 8182 public void addPersistentPreferredActivity(ComponentName who, IntentFilter filter, 8183 ComponentName activity) { 8184 Preconditions.checkNotNull(who, "ComponentName is null"); 8185 final int userHandle = UserHandle.getCallingUserId(); 8186 synchronized (this) { 8187 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8188 8189 long id = mInjector.binderClearCallingIdentity(); 8190 try { 8191 mIPackageManager.addPersistentPreferredActivity(filter, activity, userHandle); 8192 mIPackageManager.flushPackageRestrictionsAsUser(userHandle); 8193 } catch (RemoteException re) { 8194 // Shouldn't happen 8195 } finally { 8196 mInjector.binderRestoreCallingIdentity(id); 8197 } 8198 } 8199 } 8200 8201 @Override 8202 public void clearPackagePersistentPreferredActivities(ComponentName who, String packageName) { 8203 Preconditions.checkNotNull(who, "ComponentName is null"); 8204 final int userHandle = UserHandle.getCallingUserId(); 8205 synchronized (this) { 8206 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8207 8208 long id = mInjector.binderClearCallingIdentity(); 8209 try { 8210 mIPackageManager.clearPackagePersistentPreferredActivities(packageName, userHandle); 8211 mIPackageManager.flushPackageRestrictionsAsUser(userHandle); 8212 } catch (RemoteException re) { 8213 // Shouldn't happen 8214 } finally { 8215 mInjector.binderRestoreCallingIdentity(id); 8216 } 8217 } 8218 } 8219 8220 @Override 8221 public void setDefaultSmsApplication(ComponentName admin, String packageName) { 8222 Preconditions.checkNotNull(admin, "ComponentName is null"); 8223 synchronized (this) { 8224 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8225 } 8226 mInjector.binderWithCleanCallingIdentity(() -> 8227 SmsApplication.setDefaultApplication(packageName, mContext)); 8228 } 8229 8230 @Override 8231 public boolean setApplicationRestrictionsManagingPackage(ComponentName admin, 8232 String packageName) { 8233 try { 8234 setDelegatedScopePreO(admin, packageName, DELEGATION_APP_RESTRICTIONS); 8235 } catch (IllegalArgumentException e) { 8236 return false; 8237 } 8238 return true; 8239 } 8240 8241 @Override 8242 public String getApplicationRestrictionsManagingPackage(ComponentName admin) { 8243 final List<String> delegatePackages = getDelegatePackages(admin, 8244 DELEGATION_APP_RESTRICTIONS); 8245 return delegatePackages.size() > 0 ? delegatePackages.get(0) : null; 8246 } 8247 8248 @Override 8249 public boolean isCallerApplicationRestrictionsManagingPackage(String callerPackage) { 8250 return isCallerDelegate(callerPackage, DELEGATION_APP_RESTRICTIONS); 8251 } 8252 8253 @Override 8254 public void setApplicationRestrictions(ComponentName who, String callerPackage, 8255 String packageName, Bundle settings) { 8256 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8257 DELEGATION_APP_RESTRICTIONS); 8258 8259 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 8260 final long id = mInjector.binderClearCallingIdentity(); 8261 try { 8262 mUserManager.setApplicationRestrictions(packageName, settings, userHandle); 8263 } finally { 8264 mInjector.binderRestoreCallingIdentity(id); 8265 } 8266 } 8267 8268 @Override 8269 public void setTrustAgentConfiguration(ComponentName admin, ComponentName agent, 8270 PersistableBundle args, boolean parent) { 8271 if (!mHasFeature) { 8272 return; 8273 } 8274 Preconditions.checkNotNull(admin, "admin is null"); 8275 Preconditions.checkNotNull(agent, "agent is null"); 8276 final int userHandle = UserHandle.getCallingUserId(); 8277 synchronized (this) { 8278 ActiveAdmin ap = getActiveAdminForCallerLocked(admin, 8279 DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent); 8280 ap.trustAgentInfos.put(agent.flattenToString(), new TrustAgentInfo(args)); 8281 saveSettingsLocked(userHandle); 8282 } 8283 } 8284 8285 @Override 8286 public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, 8287 ComponentName agent, int userHandle, boolean parent) { 8288 if (!mHasFeature) { 8289 return null; 8290 } 8291 Preconditions.checkNotNull(agent, "agent null"); 8292 enforceFullCrossUsersPermission(userHandle); 8293 8294 synchronized (this) { 8295 final String componentName = agent.flattenToString(); 8296 if (admin != null) { 8297 final ActiveAdmin ap = getActiveAdminUncheckedLocked(admin, userHandle, parent); 8298 if (ap == null) return null; 8299 TrustAgentInfo trustAgentInfo = ap.trustAgentInfos.get(componentName); 8300 if (trustAgentInfo == null || trustAgentInfo.options == null) return null; 8301 List<PersistableBundle> result = new ArrayList<>(); 8302 result.add(trustAgentInfo.options); 8303 return result; 8304 } 8305 8306 // Return strictest policy for this user and profiles that are visible from this user. 8307 List<PersistableBundle> result = null; 8308 // Search through all admins that use KEYGUARD_DISABLE_TRUST_AGENTS and keep track 8309 // of the options. If any admin doesn't have options, discard options for the rest 8310 // and return null. 8311 List<ActiveAdmin> admins = 8312 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 8313 boolean allAdminsHaveOptions = true; 8314 final int N = admins.size(); 8315 for (int i = 0; i < N; i++) { 8316 final ActiveAdmin active = admins.get(i); 8317 8318 final boolean disablesTrust = (active.disabledKeyguardFeatures 8319 & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; 8320 final TrustAgentInfo info = active.trustAgentInfos.get(componentName); 8321 if (info != null && info.options != null && !info.options.isEmpty()) { 8322 if (disablesTrust) { 8323 if (result == null) { 8324 result = new ArrayList<>(); 8325 } 8326 result.add(info.options); 8327 } else { 8328 Log.w(LOG_TAG, "Ignoring admin " + active.info 8329 + " because it has trust options but doesn't declare " 8330 + "KEYGUARD_DISABLE_TRUST_AGENTS"); 8331 } 8332 } else if (disablesTrust) { 8333 allAdminsHaveOptions = false; 8334 break; 8335 } 8336 } 8337 return allAdminsHaveOptions ? result : null; 8338 } 8339 } 8340 8341 @Override 8342 public void setRestrictionsProvider(ComponentName who, ComponentName permissionProvider) { 8343 Preconditions.checkNotNull(who, "ComponentName is null"); 8344 synchronized (this) { 8345 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8346 8347 int userHandle = UserHandle.getCallingUserId(); 8348 DevicePolicyData userData = getUserData(userHandle); 8349 userData.mRestrictionsProvider = permissionProvider; 8350 saveSettingsLocked(userHandle); 8351 } 8352 } 8353 8354 @Override 8355 public ComponentName getRestrictionsProvider(int userHandle) { 8356 synchronized (this) { 8357 if (!isCallerWithSystemUid()) { 8358 throw new SecurityException("Only the system can query the permission provider"); 8359 } 8360 DevicePolicyData userData = getUserData(userHandle); 8361 return userData != null ? userData.mRestrictionsProvider : null; 8362 } 8363 } 8364 8365 @Override 8366 public void addCrossProfileIntentFilter(ComponentName who, IntentFilter filter, int flags) { 8367 Preconditions.checkNotNull(who, "ComponentName is null"); 8368 int callingUserId = UserHandle.getCallingUserId(); 8369 synchronized (this) { 8370 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8371 8372 long id = mInjector.binderClearCallingIdentity(); 8373 try { 8374 UserInfo parent = mUserManager.getProfileParent(callingUserId); 8375 if (parent == null) { 8376 Slog.e(LOG_TAG, "Cannot call addCrossProfileIntentFilter if there is no " 8377 + "parent"); 8378 return; 8379 } 8380 if ((flags & DevicePolicyManager.FLAG_PARENT_CAN_ACCESS_MANAGED) != 0) { 8381 mIPackageManager.addCrossProfileIntentFilter( 8382 filter, who.getPackageName(), callingUserId, parent.id, 0); 8383 } 8384 if ((flags & DevicePolicyManager.FLAG_MANAGED_CAN_ACCESS_PARENT) != 0) { 8385 mIPackageManager.addCrossProfileIntentFilter(filter, who.getPackageName(), 8386 parent.id, callingUserId, 0); 8387 } 8388 } catch (RemoteException re) { 8389 // Shouldn't happen 8390 } finally { 8391 mInjector.binderRestoreCallingIdentity(id); 8392 } 8393 } 8394 } 8395 8396 @Override 8397 public void clearCrossProfileIntentFilters(ComponentName who) { 8398 Preconditions.checkNotNull(who, "ComponentName is null"); 8399 int callingUserId = UserHandle.getCallingUserId(); 8400 synchronized (this) { 8401 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8402 long id = mInjector.binderClearCallingIdentity(); 8403 try { 8404 UserInfo parent = mUserManager.getProfileParent(callingUserId); 8405 if (parent == null) { 8406 Slog.e(LOG_TAG, "Cannot call clearCrossProfileIntentFilter if there is no " 8407 + "parent"); 8408 return; 8409 } 8410 // Removing those that go from the managed profile to the parent. 8411 mIPackageManager.clearCrossProfileIntentFilters( 8412 callingUserId, who.getPackageName()); 8413 // And those that go from the parent to the managed profile. 8414 // If we want to support multiple managed profiles, we will have to only remove 8415 // those that have callingUserId as their target. 8416 mIPackageManager.clearCrossProfileIntentFilters(parent.id, who.getPackageName()); 8417 } catch (RemoteException re) { 8418 // Shouldn't happen 8419 } finally { 8420 mInjector.binderRestoreCallingIdentity(id); 8421 } 8422 } 8423 } 8424 8425 /** 8426 * @return true if all packages in enabledPackages are either in the list 8427 * permittedList or are a system app. 8428 */ 8429 private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages, 8430 List<String> permittedList, int userIdToCheck) { 8431 long id = mInjector.binderClearCallingIdentity(); 8432 try { 8433 // If we have an enabled packages list for a managed profile the packages 8434 // we should check are installed for the parent user. 8435 UserInfo user = getUserInfo(userIdToCheck); 8436 if (user.isManagedProfile()) { 8437 userIdToCheck = user.profileGroupId; 8438 } 8439 8440 for (String enabledPackage : enabledPackages) { 8441 boolean systemService = false; 8442 try { 8443 ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo( 8444 enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES, 8445 userIdToCheck); 8446 systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 8447 } catch (RemoteException e) { 8448 Log.i(LOG_TAG, "Can't talk to package managed", e); 8449 } 8450 if (!systemService && !permittedList.contains(enabledPackage)) { 8451 return false; 8452 } 8453 } 8454 } finally { 8455 mInjector.binderRestoreCallingIdentity(id); 8456 } 8457 return true; 8458 } 8459 8460 private AccessibilityManager getAccessibilityManagerForUser(int userId) { 8461 // Not using AccessibilityManager.getInstance because that guesses 8462 // at the user you require based on callingUid and caches for a given 8463 // process. 8464 IBinder iBinder = ServiceManager.getService(Context.ACCESSIBILITY_SERVICE); 8465 IAccessibilityManager service = iBinder == null 8466 ? null : IAccessibilityManager.Stub.asInterface(iBinder); 8467 return new AccessibilityManager(mContext, service, userId); 8468 } 8469 8470 @Override 8471 public boolean setPermittedAccessibilityServices(ComponentName who, List packageList) { 8472 if (!mHasFeature) { 8473 return false; 8474 } 8475 Preconditions.checkNotNull(who, "ComponentName is null"); 8476 8477 if (packageList != null) { 8478 int userId = UserHandle.getCallingUserId(); 8479 List<AccessibilityServiceInfo> enabledServices = null; 8480 long id = mInjector.binderClearCallingIdentity(); 8481 try { 8482 UserInfo user = getUserInfo(userId); 8483 if (user.isManagedProfile()) { 8484 userId = user.profileGroupId; 8485 } 8486 AccessibilityManager accessibilityManager = getAccessibilityManagerForUser(userId); 8487 enabledServices = accessibilityManager.getEnabledAccessibilityServiceList( 8488 AccessibilityServiceInfo.FEEDBACK_ALL_MASK); 8489 } finally { 8490 mInjector.binderRestoreCallingIdentity(id); 8491 } 8492 8493 if (enabledServices != null) { 8494 List<String> enabledPackages = new ArrayList<String>(); 8495 for (AccessibilityServiceInfo service : enabledServices) { 8496 enabledPackages.add(service.getResolveInfo().serviceInfo.packageName); 8497 } 8498 if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList, 8499 userId)) { 8500 Slog.e(LOG_TAG, "Cannot set permitted accessibility services, " 8501 + "because it contains already enabled accesibility services."); 8502 return false; 8503 } 8504 } 8505 } 8506 8507 synchronized (this) { 8508 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8509 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8510 admin.permittedAccessiblityServices = packageList; 8511 saveSettingsLocked(UserHandle.getCallingUserId()); 8512 } 8513 return true; 8514 } 8515 8516 @Override 8517 public List getPermittedAccessibilityServices(ComponentName who) { 8518 if (!mHasFeature) { 8519 return null; 8520 } 8521 Preconditions.checkNotNull(who, "ComponentName is null"); 8522 8523 synchronized (this) { 8524 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8525 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8526 return admin.permittedAccessiblityServices; 8527 } 8528 } 8529 8530 @Override 8531 public List getPermittedAccessibilityServicesForUser(int userId) { 8532 if (!mHasFeature) { 8533 return null; 8534 } 8535 synchronized (this) { 8536 List<String> result = null; 8537 // If we have multiple profiles we return the intersection of the 8538 // permitted lists. This can happen in cases where we have a device 8539 // and profile owner. 8540 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId); 8541 for (int profileId : profileIds) { 8542 // Just loop though all admins, only device or profiles 8543 // owners can have permitted lists set. 8544 DevicePolicyData policy = getUserDataUnchecked(profileId); 8545 final int N = policy.mAdminList.size(); 8546 for (int j = 0; j < N; j++) { 8547 ActiveAdmin admin = policy.mAdminList.get(j); 8548 List<String> fromAdmin = admin.permittedAccessiblityServices; 8549 if (fromAdmin != null) { 8550 if (result == null) { 8551 result = new ArrayList<>(fromAdmin); 8552 } else { 8553 result.retainAll(fromAdmin); 8554 } 8555 } 8556 } 8557 } 8558 8559 // If we have a permitted list add all system accessibility services. 8560 if (result != null) { 8561 long id = mInjector.binderClearCallingIdentity(); 8562 try { 8563 UserInfo user = getUserInfo(userId); 8564 if (user.isManagedProfile()) { 8565 userId = user.profileGroupId; 8566 } 8567 AccessibilityManager accessibilityManager = 8568 getAccessibilityManagerForUser(userId); 8569 List<AccessibilityServiceInfo> installedServices = 8570 accessibilityManager.getInstalledAccessibilityServiceList(); 8571 8572 if (installedServices != null) { 8573 for (AccessibilityServiceInfo service : installedServices) { 8574 ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo; 8575 ApplicationInfo applicationInfo = serviceInfo.applicationInfo; 8576 if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 8577 result.add(serviceInfo.packageName); 8578 } 8579 } 8580 } 8581 } finally { 8582 mInjector.binderRestoreCallingIdentity(id); 8583 } 8584 } 8585 8586 return result; 8587 } 8588 } 8589 8590 @Override 8591 public boolean isAccessibilityServicePermittedByAdmin(ComponentName who, String packageName, 8592 int userHandle) { 8593 if (!mHasFeature) { 8594 return true; 8595 } 8596 Preconditions.checkNotNull(who, "ComponentName is null"); 8597 Preconditions.checkStringNotEmpty(packageName, "packageName is null"); 8598 if (!isCallerWithSystemUid()){ 8599 throw new SecurityException( 8600 "Only the system can query if an accessibility service is disabled by admin"); 8601 } 8602 synchronized (this) { 8603 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 8604 if (admin == null) { 8605 return false; 8606 } 8607 if (admin.permittedAccessiblityServices == null) { 8608 return true; 8609 } 8610 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8611 admin.permittedAccessiblityServices, userHandle); 8612 } 8613 } 8614 8615 private boolean checkCallerIsCurrentUserOrProfile() { 8616 final int callingUserId = UserHandle.getCallingUserId(); 8617 final long token = mInjector.binderClearCallingIdentity(); 8618 try { 8619 UserInfo currentUser; 8620 UserInfo callingUser = getUserInfo(callingUserId); 8621 try { 8622 currentUser = mInjector.getIActivityManager().getCurrentUser(); 8623 } catch (RemoteException e) { 8624 Slog.e(LOG_TAG, "Failed to talk to activity managed.", e); 8625 return false; 8626 } 8627 8628 if (callingUser.isManagedProfile() && callingUser.profileGroupId != currentUser.id) { 8629 Slog.e(LOG_TAG, "Cannot set permitted input methods for managed profile " 8630 + "of a user that isn't the foreground user."); 8631 return false; 8632 } 8633 if (!callingUser.isManagedProfile() && callingUserId != currentUser.id ) { 8634 Slog.e(LOG_TAG, "Cannot set permitted input methods " 8635 + "of a user that isn't the foreground user."); 8636 return false; 8637 } 8638 } finally { 8639 mInjector.binderRestoreCallingIdentity(token); 8640 } 8641 return true; 8642 } 8643 8644 @Override 8645 public boolean setPermittedInputMethods(ComponentName who, List packageList) { 8646 if (!mHasFeature) { 8647 return false; 8648 } 8649 Preconditions.checkNotNull(who, "ComponentName is null"); 8650 8651 // TODO When InputMethodManager supports per user calls remove 8652 // this restriction. 8653 if (!checkCallerIsCurrentUserOrProfile()) { 8654 return false; 8655 } 8656 8657 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8658 if (packageList != null) { 8659 // InputMethodManager fetches input methods for current user. 8660 // So this can only be set when calling user is the current user 8661 // or parent is current user in case of managed profiles. 8662 InputMethodManager inputMethodManager = 8663 mContext.getSystemService(InputMethodManager.class); 8664 List<InputMethodInfo> enabledImes = inputMethodManager.getEnabledInputMethodList(); 8665 8666 if (enabledImes != null) { 8667 List<String> enabledPackages = new ArrayList<String>(); 8668 for (InputMethodInfo ime : enabledImes) { 8669 enabledPackages.add(ime.getPackageName()); 8670 } 8671 if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList, 8672 callingUserId)) { 8673 Slog.e(LOG_TAG, "Cannot set permitted input methods, " 8674 + "because it contains already enabled input method."); 8675 return false; 8676 } 8677 } 8678 } 8679 8680 synchronized (this) { 8681 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8682 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8683 admin.permittedInputMethods = packageList; 8684 saveSettingsLocked(callingUserId); 8685 } 8686 return true; 8687 } 8688 8689 @Override 8690 public List getPermittedInputMethods(ComponentName who) { 8691 if (!mHasFeature) { 8692 return null; 8693 } 8694 Preconditions.checkNotNull(who, "ComponentName is null"); 8695 8696 synchronized (this) { 8697 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8698 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8699 return admin.permittedInputMethods; 8700 } 8701 } 8702 8703 @Override 8704 public List getPermittedInputMethodsForCurrentUser() { 8705 UserInfo currentUser; 8706 try { 8707 currentUser = mInjector.getIActivityManager().getCurrentUser(); 8708 } catch (RemoteException e) { 8709 Slog.e(LOG_TAG, "Failed to make remote calls to get current user", e); 8710 // Activity managed is dead, just allow all IMEs 8711 return null; 8712 } 8713 8714 int userId = currentUser.id; 8715 synchronized (this) { 8716 List<String> result = null; 8717 // If we have multiple profiles we return the intersection of the 8718 // permitted lists. This can happen in cases where we have a device 8719 // and profile owner. 8720 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId); 8721 for (int profileId : profileIds) { 8722 // Just loop though all admins, only device or profiles 8723 // owners can have permitted lists set. 8724 DevicePolicyData policy = getUserDataUnchecked(profileId); 8725 final int N = policy.mAdminList.size(); 8726 for (int j = 0; j < N; j++) { 8727 ActiveAdmin admin = policy.mAdminList.get(j); 8728 List<String> fromAdmin = admin.permittedInputMethods; 8729 if (fromAdmin != null) { 8730 if (result == null) { 8731 result = new ArrayList<String>(fromAdmin); 8732 } else { 8733 result.retainAll(fromAdmin); 8734 } 8735 } 8736 } 8737 } 8738 8739 // If we have a permitted list add all system input methods. 8740 if (result != null) { 8741 InputMethodManager inputMethodManager = 8742 mContext.getSystemService(InputMethodManager.class); 8743 List<InputMethodInfo> imes = inputMethodManager.getInputMethodList(); 8744 long id = mInjector.binderClearCallingIdentity(); 8745 try { 8746 if (imes != null) { 8747 for (InputMethodInfo ime : imes) { 8748 ServiceInfo serviceInfo = ime.getServiceInfo(); 8749 ApplicationInfo applicationInfo = serviceInfo.applicationInfo; 8750 if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 8751 result.add(serviceInfo.packageName); 8752 } 8753 } 8754 } 8755 } finally { 8756 mInjector.binderRestoreCallingIdentity(id); 8757 } 8758 } 8759 return result; 8760 } 8761 } 8762 8763 @Override 8764 public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName, 8765 int userHandle) { 8766 if (!mHasFeature) { 8767 return true; 8768 } 8769 Preconditions.checkNotNull(who, "ComponentName is null"); 8770 Preconditions.checkStringNotEmpty(packageName, "packageName is null"); 8771 if (!isCallerWithSystemUid()) { 8772 throw new SecurityException( 8773 "Only the system can query if an input method is disabled by admin"); 8774 } 8775 synchronized (this) { 8776 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 8777 if (admin == null) { 8778 return false; 8779 } 8780 if (admin.permittedInputMethods == null) { 8781 return true; 8782 } 8783 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8784 admin.permittedInputMethods, userHandle); 8785 } 8786 } 8787 8788 @Override 8789 public boolean setPermittedCrossProfileNotificationListeners( 8790 ComponentName who, List<String> packageList) { 8791 if (!mHasFeature) { 8792 return false; 8793 } 8794 Preconditions.checkNotNull(who, "ComponentName is null"); 8795 8796 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8797 if (!isManagedProfile(callingUserId)) { 8798 return false; 8799 } 8800 8801 synchronized (this) { 8802 ActiveAdmin admin = getActiveAdminForCallerLocked( 8803 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8804 admin.permittedNotificationListeners = packageList; 8805 saveSettingsLocked(callingUserId); 8806 } 8807 return true; 8808 } 8809 8810 @Override 8811 public List<String> getPermittedCrossProfileNotificationListeners(ComponentName who) { 8812 if (!mHasFeature) { 8813 return null; 8814 } 8815 Preconditions.checkNotNull(who, "ComponentName is null"); 8816 8817 synchronized (this) { 8818 ActiveAdmin admin = getActiveAdminForCallerLocked( 8819 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8820 return admin.permittedNotificationListeners; 8821 } 8822 } 8823 8824 @Override 8825 public boolean isNotificationListenerServicePermitted(String packageName, int userId) { 8826 if (!mHasFeature) { 8827 return true; 8828 } 8829 8830 Preconditions.checkStringNotEmpty(packageName, "packageName is null or empty"); 8831 if (!isCallerWithSystemUid()) { 8832 throw new SecurityException( 8833 "Only the system can query if a notification listener service is permitted"); 8834 } 8835 synchronized (this) { 8836 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 8837 if (profileOwner == null || profileOwner.permittedNotificationListeners == null) { 8838 return true; 8839 } 8840 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8841 profileOwner.permittedNotificationListeners, userId); 8842 8843 } 8844 } 8845 8846 private void maybeSendAdminEnabledBroadcastLocked(int userHandle) { 8847 DevicePolicyData policyData = getUserData(userHandle); 8848 if (policyData.mAdminBroadcastPending) { 8849 // Send the initialization data to profile owner and delete the data 8850 ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle); 8851 boolean clearInitBundle = true; 8852 if (admin != null) { 8853 PersistableBundle initBundle = policyData.mInitBundle; 8854 clearInitBundle = sendAdminCommandLocked(admin, 8855 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 8856 initBundle == null ? null : new Bundle(initBundle), 8857 null /* result receiver */, 8858 true /* send in foreground */); 8859 } 8860 if (clearInitBundle) { 8861 // If there's no admin or we've successfully called the admin, clear the init bundle 8862 // otherwise, keep it around 8863 policyData.mInitBundle = null; 8864 policyData.mAdminBroadcastPending = false; 8865 saveSettingsLocked(userHandle); 8866 } 8867 } 8868 } 8869 8870 @Override 8871 public UserHandle createAndManageUser(ComponentName admin, String name, 8872 ComponentName profileOwner, PersistableBundle adminExtras, int flags) { 8873 Preconditions.checkNotNull(admin, "admin is null"); 8874 Preconditions.checkNotNull(profileOwner, "profileOwner is null"); 8875 if (!admin.getPackageName().equals(profileOwner.getPackageName())) { 8876 throw new IllegalArgumentException("profileOwner " + profileOwner + " and admin " 8877 + admin + " are not in the same package"); 8878 } 8879 // Only allow the system user to use this method 8880 if (!mInjector.binderGetCallingUserHandle().isSystem()) { 8881 throw new SecurityException("createAndManageUser was called from non-system user"); 8882 } 8883 final boolean ephemeral = (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0; 8884 final boolean demo = (flags & DevicePolicyManager.MAKE_USER_DEMO) != 0 8885 && UserManager.isDeviceInDemoMode(mContext); 8886 final boolean leaveAllSystemAppsEnabled = (flags & LEAVE_ALL_SYSTEM_APPS_ENABLED) != 0; 8887 final int targetSdkVersion; 8888 8889 // Create user. 8890 UserHandle user = null; 8891 synchronized (this) { 8892 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8893 8894 final int callingUid = mInjector.binderGetCallingUid(); 8895 final long id = mInjector.binderClearCallingIdentity(); 8896 try { 8897 targetSdkVersion = mInjector.getPackageManagerInternal().getUidTargetSdkVersion( 8898 callingUid); 8899 8900 // Return detail error code for checks inside 8901 // UserManagerService.createUserInternalUnchecked. 8902 DeviceStorageMonitorInternal deviceStorageMonitorInternal = 8903 LocalServices.getService(DeviceStorageMonitorInternal.class); 8904 if (deviceStorageMonitorInternal.isMemoryLow()) { 8905 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8906 throw new ServiceSpecificException( 8907 UserManager.USER_OPERATION_ERROR_LOW_STORAGE, "low device storage"); 8908 } else { 8909 return null; 8910 } 8911 } 8912 if (!mUserManager.canAddMoreUsers()) { 8913 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8914 throw new ServiceSpecificException( 8915 UserManager.USER_OPERATION_ERROR_MAX_USERS, "user limit reached"); 8916 } else { 8917 return null; 8918 } 8919 } 8920 8921 int userInfoFlags = 0; 8922 if (ephemeral) { 8923 userInfoFlags |= UserInfo.FLAG_EPHEMERAL; 8924 } 8925 if (demo) { 8926 userInfoFlags |= UserInfo.FLAG_DEMO; 8927 } 8928 String[] disallowedPackages = null; 8929 if (!leaveAllSystemAppsEnabled) { 8930 disallowedPackages = mOverlayPackagesProvider.getNonRequiredApps(admin, 8931 UserHandle.myUserId(), ACTION_PROVISION_MANAGED_USER).toArray( 8932 new String[0]); 8933 } 8934 UserInfo userInfo = mUserManagerInternal.createUserEvenWhenDisallowed(name, 8935 userInfoFlags, disallowedPackages); 8936 if (userInfo != null) { 8937 user = userInfo.getUserHandle(); 8938 } 8939 } finally { 8940 mInjector.binderRestoreCallingIdentity(id); 8941 } 8942 } 8943 if (user == null) { 8944 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8945 throw new ServiceSpecificException(UserManager.USER_OPERATION_ERROR_UNKNOWN, 8946 "failed to create user"); 8947 } else { 8948 return null; 8949 } 8950 } 8951 8952 final int userHandle = user.getIdentifier(); 8953 final Intent intent = new Intent(DevicePolicyManager.ACTION_MANAGED_USER_CREATED) 8954 .putExtra(Intent.EXTRA_USER_HANDLE, userHandle) 8955 .putExtra( 8956 DevicePolicyManager.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED, 8957 leaveAllSystemAppsEnabled) 8958 .setPackage(getManagedProvisioningPackage(mContext)) 8959 .addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 8960 mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM); 8961 8962 final long id = mInjector.binderClearCallingIdentity(); 8963 try { 8964 final String adminPkg = admin.getPackageName(); 8965 try { 8966 // Install the profile owner if not present. 8967 if (!mIPackageManager.isPackageAvailable(adminPkg, userHandle)) { 8968 mIPackageManager.installExistingPackageAsUser(adminPkg, userHandle, 8969 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 8970 } 8971 } catch (RemoteException e) { 8972 // Does not happen, same process 8973 } 8974 8975 // Set admin. 8976 setActiveAdmin(profileOwner, true, userHandle); 8977 final String ownerName = getProfileOwnerName(Process.myUserHandle().getIdentifier()); 8978 setProfileOwner(profileOwner, ownerName, userHandle); 8979 8980 synchronized (this) { 8981 DevicePolicyData policyData = getUserData(userHandle); 8982 policyData.mInitBundle = adminExtras; 8983 policyData.mAdminBroadcastPending = true; 8984 saveSettingsLocked(userHandle); 8985 } 8986 8987 if ((flags & DevicePolicyManager.SKIP_SETUP_WIZARD) != 0) { 8988 Settings.Secure.putIntForUser(mContext.getContentResolver(), 8989 Settings.Secure.USER_SETUP_COMPLETE, 1, userHandle); 8990 } 8991 8992 return user; 8993 } catch (Throwable re) { 8994 mUserManager.removeUser(userHandle); 8995 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8996 throw new ServiceSpecificException(UserManager.USER_OPERATION_ERROR_UNKNOWN, 8997 re.getMessage()); 8998 } else { 8999 return null; 9000 } 9001 } finally { 9002 mInjector.binderRestoreCallingIdentity(id); 9003 } 9004 } 9005 9006 @Override 9007 public boolean removeUser(ComponentName who, UserHandle userHandle) { 9008 Preconditions.checkNotNull(who, "ComponentName is null"); 9009 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 9010 9011 synchronized (this) { 9012 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9013 } 9014 9015 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9016 final long id = mInjector.binderClearCallingIdentity(); 9017 try { 9018 String restriction = isManagedProfile(userHandle.getIdentifier()) 9019 ? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE 9020 : UserManager.DISALLOW_REMOVE_USER; 9021 if (isAdminAffectedByRestriction(who, restriction, callingUserId)) { 9022 Log.w(LOG_TAG, "The device owner cannot remove a user because " 9023 + restriction + " is enabled, and was not set by the device owner"); 9024 return false; 9025 } 9026 return mUserManagerInternal.removeUserEvenWhenDisallowed(userHandle.getIdentifier()); 9027 } finally { 9028 mInjector.binderRestoreCallingIdentity(id); 9029 } 9030 } 9031 9032 private boolean isAdminAffectedByRestriction( 9033 ComponentName admin, String userRestriction, int userId) { 9034 switch(mUserManager.getUserRestrictionSource(userRestriction, UserHandle.of(userId))) { 9035 case UserManager.RESTRICTION_NOT_SET: 9036 return false; 9037 case UserManager.RESTRICTION_SOURCE_DEVICE_OWNER: 9038 return !isDeviceOwner(admin, userId); 9039 case UserManager.RESTRICTION_SOURCE_PROFILE_OWNER: 9040 return !isProfileOwner(admin, userId); 9041 default: 9042 return true; 9043 } 9044 } 9045 9046 @Override 9047 public boolean switchUser(ComponentName who, UserHandle userHandle) { 9048 Preconditions.checkNotNull(who, "ComponentName is null"); 9049 9050 synchronized (this) { 9051 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9052 9053 long id = mInjector.binderClearCallingIdentity(); 9054 try { 9055 int userId = UserHandle.USER_SYSTEM; 9056 if (userHandle != null) { 9057 userId = userHandle.getIdentifier(); 9058 } 9059 return mInjector.getIActivityManager().switchUser(userId); 9060 } catch (RemoteException e) { 9061 Log.e(LOG_TAG, "Couldn't switch user", e); 9062 return false; 9063 } finally { 9064 mInjector.binderRestoreCallingIdentity(id); 9065 } 9066 } 9067 } 9068 9069 @Override 9070 public int startUserInBackground(ComponentName who, UserHandle userHandle) { 9071 Preconditions.checkNotNull(who, "ComponentName is null"); 9072 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 9073 9074 synchronized (this) { 9075 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9076 } 9077 9078 final int userId = userHandle.getIdentifier(); 9079 if (isManagedProfile(userId)) { 9080 Log.w(LOG_TAG, "Managed profile cannot be started in background"); 9081 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9082 } 9083 9084 final long id = mInjector.binderClearCallingIdentity(); 9085 try { 9086 if (!mInjector.getActivityManagerInternal().canStartMoreUsers()) { 9087 Log.w(LOG_TAG, "Cannot start more users in background"); 9088 return UserManager.USER_OPERATION_ERROR_MAX_RUNNING_USERS; 9089 } 9090 9091 if (mInjector.getIActivityManager().startUserInBackground(userId)) { 9092 return UserManager.USER_OPERATION_SUCCESS; 9093 } else { 9094 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9095 } 9096 } catch (RemoteException e) { 9097 // Same process, should not happen. 9098 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9099 } finally { 9100 mInjector.binderRestoreCallingIdentity(id); 9101 } 9102 } 9103 9104 @Override 9105 public int stopUser(ComponentName who, UserHandle userHandle) { 9106 Preconditions.checkNotNull(who, "ComponentName is null"); 9107 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 9108 9109 synchronized (this) { 9110 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9111 } 9112 9113 final int userId = userHandle.getIdentifier(); 9114 if (isManagedProfile(userId)) { 9115 Log.w(LOG_TAG, "Managed profile cannot be stopped"); 9116 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9117 } 9118 9119 return stopUserUnchecked(userId); 9120 } 9121 9122 @Override 9123 public int logoutUser(ComponentName who) { 9124 Preconditions.checkNotNull(who, "ComponentName is null"); 9125 9126 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9127 synchronized (this) { 9128 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9129 if (!isUserAffiliatedWithDeviceLocked(callingUserId)) { 9130 throw new SecurityException("Admin " + who + 9131 " is neither the device owner or affiliated user's profile owner."); 9132 } 9133 } 9134 9135 if (isManagedProfile(callingUserId)) { 9136 Log.w(LOG_TAG, "Managed profile cannot be logout"); 9137 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9138 } 9139 9140 final long id = mInjector.binderClearCallingIdentity(); 9141 try { 9142 if (!mInjector.getIActivityManager().switchUser(UserHandle.USER_SYSTEM)) { 9143 Log.w(LOG_TAG, "Failed to switch to primary user"); 9144 // This should never happen as target user is UserHandle.USER_SYSTEM 9145 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9146 } 9147 } catch (RemoteException e) { 9148 // Same process, should not happen. 9149 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9150 } finally { 9151 mInjector.binderRestoreCallingIdentity(id); 9152 } 9153 9154 return stopUserUnchecked(callingUserId); 9155 } 9156 9157 private int stopUserUnchecked(int userId) { 9158 final long id = mInjector.binderClearCallingIdentity(); 9159 try { 9160 switch (mInjector.getIActivityManager().stopUser(userId, true /*force*/, null)) { 9161 case ActivityManager.USER_OP_SUCCESS: 9162 return UserManager.USER_OPERATION_SUCCESS; 9163 case ActivityManager.USER_OP_IS_CURRENT: 9164 return UserManager.USER_OPERATION_ERROR_CURRENT_USER; 9165 default: 9166 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9167 } 9168 } catch (RemoteException e) { 9169 // Same process, should not happen. 9170 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9171 } finally { 9172 mInjector.binderRestoreCallingIdentity(id); 9173 } 9174 } 9175 9176 @Override 9177 public List<UserHandle> getSecondaryUsers(ComponentName who) { 9178 Preconditions.checkNotNull(who, "ComponentName is null"); 9179 synchronized (this) { 9180 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9181 } 9182 9183 final long id = mInjector.binderClearCallingIdentity(); 9184 try { 9185 final List<UserInfo> userInfos = mInjector.getUserManager().getUsers(true 9186 /*excludeDying*/); 9187 final List<UserHandle> userHandles = new ArrayList<>(); 9188 for (UserInfo userInfo : userInfos) { 9189 UserHandle userHandle = userInfo.getUserHandle(); 9190 if (!userHandle.isSystem() && !isManagedProfile(userHandle.getIdentifier())) { 9191 userHandles.add(userInfo.getUserHandle()); 9192 } 9193 } 9194 return userHandles; 9195 } finally { 9196 mInjector.binderRestoreCallingIdentity(id); 9197 } 9198 } 9199 9200 @Override 9201 public boolean isEphemeralUser(ComponentName who) { 9202 Preconditions.checkNotNull(who, "ComponentName is null"); 9203 synchronized (this) { 9204 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9205 } 9206 9207 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9208 final long id = mInjector.binderClearCallingIdentity(); 9209 try { 9210 return mInjector.getUserManager().isUserEphemeral(callingUserId); 9211 } finally { 9212 mInjector.binderRestoreCallingIdentity(id); 9213 } 9214 } 9215 9216 @Override 9217 public Bundle getApplicationRestrictions(ComponentName who, String callerPackage, 9218 String packageName) { 9219 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9220 DELEGATION_APP_RESTRICTIONS); 9221 9222 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 9223 final long id = mInjector.binderClearCallingIdentity(); 9224 try { 9225 Bundle bundle = mUserManager.getApplicationRestrictions(packageName, userHandle); 9226 // if no restrictions were saved, mUserManager.getApplicationRestrictions 9227 // returns null, but DPM method should return an empty Bundle as per JavaDoc 9228 return bundle != null ? bundle : Bundle.EMPTY; 9229 } finally { 9230 mInjector.binderRestoreCallingIdentity(id); 9231 } 9232 } 9233 9234 @Override 9235 public String[] setPackagesSuspended(ComponentName who, String callerPackage, 9236 String[] packageNames, boolean suspended) { 9237 int callingUserId = UserHandle.getCallingUserId(); 9238 synchronized (this) { 9239 // Ensure the caller is a DO/PO or a package access delegate. 9240 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9241 DELEGATION_PACKAGE_ACCESS); 9242 9243 long id = mInjector.binderClearCallingIdentity(); 9244 try { 9245 return mIPackageManager.setPackagesSuspendedAsUser( 9246 packageNames, suspended, callingUserId); 9247 } catch (RemoteException re) { 9248 // Shouldn't happen. 9249 Slog.e(LOG_TAG, "Failed talking to the package manager", re); 9250 } finally { 9251 mInjector.binderRestoreCallingIdentity(id); 9252 } 9253 return packageNames; 9254 } 9255 } 9256 9257 @Override 9258 public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) { 9259 int callingUserId = UserHandle.getCallingUserId(); 9260 synchronized (this) { 9261 // Ensure the caller is a DO/PO or a package access delegate. 9262 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9263 DELEGATION_PACKAGE_ACCESS); 9264 9265 long id = mInjector.binderClearCallingIdentity(); 9266 try { 9267 return mIPackageManager.isPackageSuspendedForUser(packageName, callingUserId); 9268 } catch (RemoteException re) { 9269 // Shouldn't happen. 9270 Slog.e(LOG_TAG, "Failed talking to the package manager", re); 9271 } finally { 9272 mInjector.binderRestoreCallingIdentity(id); 9273 } 9274 return false; 9275 } 9276 } 9277 9278 @Override 9279 public void setUserRestriction(ComponentName who, String key, boolean enabledFromThisOwner) { 9280 Preconditions.checkNotNull(who, "ComponentName is null"); 9281 if (!UserRestrictionsUtils.isValidRestriction(key)) { 9282 return; 9283 } 9284 9285 final int userHandle = mInjector.userHandleGetCallingUserId(); 9286 synchronized (this) { 9287 final ActiveAdmin activeAdmin = 9288 getActiveAdminForCallerLocked(who, 9289 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9290 final boolean isDeviceOwner = isDeviceOwner(who, userHandle); 9291 if (isDeviceOwner) { 9292 if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) { 9293 throw new SecurityException("Device owner cannot set user restriction " + key); 9294 } 9295 } else { // profile owner 9296 if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) { 9297 throw new SecurityException("Profile owner cannot set user restriction " + key); 9298 } 9299 } 9300 9301 // Save the restriction to ActiveAdmin. 9302 final Bundle restrictions = activeAdmin.ensureUserRestrictions(); 9303 if (enabledFromThisOwner) { 9304 restrictions.putBoolean(key, true); 9305 } else { 9306 restrictions.remove(key); 9307 } 9308 saveUserRestrictionsLocked(userHandle); 9309 } 9310 if (SecurityLog.isLoggingEnabled()) { 9311 final int eventTag = enabledFromThisOwner 9312 ? SecurityLog.TAG_USER_RESTRICTION_ADDED 9313 : SecurityLog.TAG_USER_RESTRICTION_REMOVED; 9314 SecurityLog.writeEvent(eventTag, who.getPackageName(), userHandle, key); 9315 } 9316 } 9317 9318 private void saveUserRestrictionsLocked(int userId) { 9319 saveSettingsLocked(userId); 9320 pushUserRestrictions(userId); 9321 sendChangedNotification(userId); 9322 } 9323 9324 private void pushUserRestrictions(int userId) { 9325 synchronized (this) { 9326 final boolean isDeviceOwner = mOwners.isDeviceOwnerUserId(userId); 9327 final Bundle userRestrictions; 9328 // Whether device owner enforces camera restriction. 9329 boolean disallowCameraGlobally = false; 9330 9331 if (isDeviceOwner) { 9332 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 9333 if (deviceOwner == null) { 9334 return; // Shouldn't happen. 9335 } 9336 userRestrictions = deviceOwner.userRestrictions; 9337 // DO can disable camera globally. 9338 disallowCameraGlobally = deviceOwner.disableCamera; 9339 } else { 9340 final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 9341 userRestrictions = profileOwner != null ? profileOwner.userRestrictions : null; 9342 } 9343 9344 // Whether any admin enforces camera restriction. 9345 final int cameraRestrictionScope = 9346 getCameraRestrictionScopeLocked(userId, disallowCameraGlobally); 9347 9348 mUserManagerInternal.setDevicePolicyUserRestrictions(userId, userRestrictions, 9349 isDeviceOwner, cameraRestrictionScope); 9350 } 9351 } 9352 9353 /** 9354 * Get the scope of camera restriction for a given user if any. 9355 */ 9356 private int getCameraRestrictionScopeLocked(int userId, boolean disallowCameraGlobally) { 9357 if (disallowCameraGlobally) { 9358 return UserManagerInternal.CAMERA_DISABLED_GLOBALLY; 9359 } else if (getCameraDisabled( 9360 /* who= */ null, userId, /* mergeDeviceOwnerRestriction= */ false)) { 9361 return UserManagerInternal.CAMERA_DISABLED_LOCALLY; 9362 } 9363 return UserManagerInternal.CAMERA_NOT_DISABLED; 9364 } 9365 9366 @Override 9367 public Bundle getUserRestrictions(ComponentName who) { 9368 if (!mHasFeature) { 9369 return null; 9370 } 9371 Preconditions.checkNotNull(who, "ComponentName is null"); 9372 synchronized (this) { 9373 final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who, 9374 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9375 return activeAdmin.userRestrictions; 9376 } 9377 } 9378 9379 @Override 9380 public boolean setApplicationHidden(ComponentName who, String callerPackage, String packageName, 9381 boolean hidden) { 9382 int callingUserId = UserHandle.getCallingUserId(); 9383 synchronized (this) { 9384 // Ensure the caller is a DO/PO or a package access delegate. 9385 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9386 DELEGATION_PACKAGE_ACCESS); 9387 9388 long id = mInjector.binderClearCallingIdentity(); 9389 try { 9390 return mIPackageManager.setApplicationHiddenSettingAsUser( 9391 packageName, hidden, callingUserId); 9392 } catch (RemoteException re) { 9393 // shouldn't happen 9394 Slog.e(LOG_TAG, "Failed to setApplicationHiddenSetting", re); 9395 } finally { 9396 mInjector.binderRestoreCallingIdentity(id); 9397 } 9398 return false; 9399 } 9400 } 9401 9402 @Override 9403 public boolean isApplicationHidden(ComponentName who, String callerPackage, 9404 String packageName) { 9405 int callingUserId = UserHandle.getCallingUserId(); 9406 synchronized (this) { 9407 // Ensure the caller is a DO/PO or a package access delegate. 9408 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9409 DELEGATION_PACKAGE_ACCESS); 9410 9411 long id = mInjector.binderClearCallingIdentity(); 9412 try { 9413 return mIPackageManager.getApplicationHiddenSettingAsUser( 9414 packageName, callingUserId); 9415 } catch (RemoteException re) { 9416 // shouldn't happen 9417 Slog.e(LOG_TAG, "Failed to getApplicationHiddenSettingAsUser", re); 9418 } finally { 9419 mInjector.binderRestoreCallingIdentity(id); 9420 } 9421 return false; 9422 } 9423 } 9424 9425 @Override 9426 public void enableSystemApp(ComponentName who, String callerPackage, String packageName) { 9427 synchronized (this) { 9428 // Ensure the caller is a DO/PO or an enable system app delegate. 9429 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9430 DELEGATION_ENABLE_SYSTEM_APP); 9431 9432 final boolean isDemo = isCurrentUserDemo(); 9433 9434 int userId = UserHandle.getCallingUserId(); 9435 long id = mInjector.binderClearCallingIdentity(); 9436 9437 try { 9438 if (VERBOSE_LOG) { 9439 Slog.v(LOG_TAG, "installing " + packageName + " for " 9440 + userId); 9441 } 9442 9443 int parentUserId = getProfileParentId(userId); 9444 if (!isDemo && !isSystemApp(mIPackageManager, packageName, parentUserId)) { 9445 throw new IllegalArgumentException("Only system apps can be enabled this way."); 9446 } 9447 9448 // Install the app. 9449 mIPackageManager.installExistingPackageAsUser(packageName, userId, 9450 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 9451 if (isDemo) { 9452 // Ensure the app is also ENABLED for demo users. 9453 mIPackageManager.setApplicationEnabledSetting(packageName, 9454 PackageManager.COMPONENT_ENABLED_STATE_ENABLED, 9455 PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager"); 9456 } 9457 } catch (RemoteException re) { 9458 // shouldn't happen 9459 Slog.wtf(LOG_TAG, "Failed to install " + packageName, re); 9460 } finally { 9461 mInjector.binderRestoreCallingIdentity(id); 9462 } 9463 } 9464 } 9465 9466 @Override 9467 public int enableSystemAppWithIntent(ComponentName who, String callerPackage, Intent intent) { 9468 synchronized (this) { 9469 // Ensure the caller is a DO/PO or an enable system app delegate. 9470 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9471 DELEGATION_ENABLE_SYSTEM_APP); 9472 9473 int userId = UserHandle.getCallingUserId(); 9474 long id = mInjector.binderClearCallingIdentity(); 9475 9476 try { 9477 int parentUserId = getProfileParentId(userId); 9478 List<ResolveInfo> activitiesToEnable = mIPackageManager 9479 .queryIntentActivities(intent, 9480 intent.resolveTypeIfNeeded(mContext.getContentResolver()), 9481 PackageManager.MATCH_DIRECT_BOOT_AWARE 9482 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 9483 parentUserId) 9484 .getList(); 9485 9486 if (VERBOSE_LOG) { 9487 Slog.d(LOG_TAG, "Enabling system activities: " + activitiesToEnable); 9488 } 9489 int numberOfAppsInstalled = 0; 9490 if (activitiesToEnable != null) { 9491 for (ResolveInfo info : activitiesToEnable) { 9492 if (info.activityInfo != null) { 9493 String packageName = info.activityInfo.packageName; 9494 if (isSystemApp(mIPackageManager, packageName, parentUserId)) { 9495 numberOfAppsInstalled++; 9496 mIPackageManager.installExistingPackageAsUser(packageName, userId, 9497 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 9498 } else { 9499 Slog.d(LOG_TAG, "Not enabling " + packageName + " since is not a" 9500 + " system app"); 9501 } 9502 } 9503 } 9504 } 9505 return numberOfAppsInstalled; 9506 } catch (RemoteException e) { 9507 // shouldn't happen 9508 Slog.wtf(LOG_TAG, "Failed to resolve intent for: " + intent); 9509 return 0; 9510 } finally { 9511 mInjector.binderRestoreCallingIdentity(id); 9512 } 9513 } 9514 } 9515 9516 private boolean isSystemApp(IPackageManager pm, String packageName, int userId) 9517 throws RemoteException { 9518 ApplicationInfo appInfo = pm.getApplicationInfo(packageName, MATCH_UNINSTALLED_PACKAGES, 9519 userId); 9520 if (appInfo == null) { 9521 throw new IllegalArgumentException("The application " + packageName + 9522 " is not present on this device"); 9523 } 9524 return (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 9525 } 9526 9527 @Override 9528 public boolean installExistingPackage(ComponentName who, String callerPackage, 9529 String packageName) { 9530 synchronized (this) { 9531 // Ensure the caller is a PO or an install existing package delegate 9532 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9533 DELEGATION_INSTALL_EXISTING_PACKAGE); 9534 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9535 if (!isUserAffiliatedWithDeviceLocked(callingUserId)) { 9536 throw new SecurityException("Admin " + who + 9537 " is neither the device owner or affiliated user's profile owner."); 9538 } 9539 9540 final long id = mInjector.binderClearCallingIdentity(); 9541 try { 9542 if (VERBOSE_LOG) { 9543 Slog.v(LOG_TAG, "installing " + packageName + " for " 9544 + callingUserId); 9545 } 9546 9547 // Install the package. 9548 return mIPackageManager.installExistingPackageAsUser(packageName, callingUserId, 9549 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY) 9550 == PackageManager.INSTALL_SUCCEEDED; 9551 } catch (RemoteException re) { 9552 // shouldn't happen 9553 return false; 9554 } finally { 9555 mInjector.binderRestoreCallingIdentity(id); 9556 } 9557 } 9558 } 9559 9560 @Override 9561 public void setAccountManagementDisabled(ComponentName who, String accountType, 9562 boolean disabled) { 9563 if (!mHasFeature) { 9564 return; 9565 } 9566 Preconditions.checkNotNull(who, "ComponentName is null"); 9567 synchronized (this) { 9568 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 9569 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9570 if (disabled) { 9571 ap.accountTypesWithManagementDisabled.add(accountType); 9572 } else { 9573 ap.accountTypesWithManagementDisabled.remove(accountType); 9574 } 9575 saveSettingsLocked(UserHandle.getCallingUserId()); 9576 } 9577 } 9578 9579 @Override 9580 public String[] getAccountTypesWithManagementDisabled() { 9581 return getAccountTypesWithManagementDisabledAsUser(UserHandle.getCallingUserId()); 9582 } 9583 9584 @Override 9585 public String[] getAccountTypesWithManagementDisabledAsUser(int userId) { 9586 enforceFullCrossUsersPermission(userId); 9587 if (!mHasFeature) { 9588 return null; 9589 } 9590 synchronized (this) { 9591 DevicePolicyData policy = getUserData(userId); 9592 final int N = policy.mAdminList.size(); 9593 ArraySet<String> resultSet = new ArraySet<>(); 9594 for (int i = 0; i < N; i++) { 9595 ActiveAdmin admin = policy.mAdminList.get(i); 9596 resultSet.addAll(admin.accountTypesWithManagementDisabled); 9597 } 9598 return resultSet.toArray(new String[resultSet.size()]); 9599 } 9600 } 9601 9602 @Override 9603 public void setUninstallBlocked(ComponentName who, String callerPackage, String packageName, 9604 boolean uninstallBlocked) { 9605 final int userId = UserHandle.getCallingUserId(); 9606 synchronized (this) { 9607 // Ensure the caller is a DO/PO or a block uninstall delegate 9608 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9609 DELEGATION_BLOCK_UNINSTALL); 9610 9611 long id = mInjector.binderClearCallingIdentity(); 9612 try { 9613 mIPackageManager.setBlockUninstallForUser(packageName, uninstallBlocked, userId); 9614 } catch (RemoteException re) { 9615 // Shouldn't happen. 9616 Slog.e(LOG_TAG, "Failed to setBlockUninstallForUser", re); 9617 } finally { 9618 mInjector.binderRestoreCallingIdentity(id); 9619 } 9620 } 9621 } 9622 9623 @Override 9624 public boolean isUninstallBlocked(ComponentName who, String packageName) { 9625 // This function should return true if and only if the package is blocked by 9626 // setUninstallBlocked(). It should still return false for other cases of blocks, such as 9627 // when the package is a system app, or when it is an active device admin. 9628 final int userId = UserHandle.getCallingUserId(); 9629 9630 synchronized (this) { 9631 if (who != null) { 9632 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9633 } 9634 9635 long id = mInjector.binderClearCallingIdentity(); 9636 try { 9637 return mIPackageManager.getBlockUninstallForUser(packageName, userId); 9638 } catch (RemoteException re) { 9639 // Shouldn't happen. 9640 Slog.e(LOG_TAG, "Failed to getBlockUninstallForUser", re); 9641 } finally { 9642 mInjector.binderRestoreCallingIdentity(id); 9643 } 9644 } 9645 return false; 9646 } 9647 9648 @Override 9649 public void setCrossProfileCallerIdDisabled(ComponentName who, boolean disabled) { 9650 if (!mHasFeature) { 9651 return; 9652 } 9653 Preconditions.checkNotNull(who, "ComponentName is null"); 9654 synchronized (this) { 9655 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9656 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9657 if (admin.disableCallerId != disabled) { 9658 admin.disableCallerId = disabled; 9659 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 9660 } 9661 } 9662 } 9663 9664 @Override 9665 public boolean getCrossProfileCallerIdDisabled(ComponentName who) { 9666 if (!mHasFeature) { 9667 return false; 9668 } 9669 Preconditions.checkNotNull(who, "ComponentName is null"); 9670 synchronized (this) { 9671 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9672 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9673 return admin.disableCallerId; 9674 } 9675 } 9676 9677 @Override 9678 public boolean getCrossProfileCallerIdDisabledForUser(int userId) { 9679 enforceCrossUsersPermission(userId); 9680 synchronized (this) { 9681 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9682 return (admin != null) ? admin.disableCallerId : false; 9683 } 9684 } 9685 9686 @Override 9687 public void setCrossProfileContactsSearchDisabled(ComponentName who, boolean disabled) { 9688 if (!mHasFeature) { 9689 return; 9690 } 9691 Preconditions.checkNotNull(who, "ComponentName is null"); 9692 synchronized (this) { 9693 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9694 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9695 if (admin.disableContactsSearch != disabled) { 9696 admin.disableContactsSearch = disabled; 9697 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 9698 } 9699 } 9700 } 9701 9702 @Override 9703 public boolean getCrossProfileContactsSearchDisabled(ComponentName who) { 9704 if (!mHasFeature) { 9705 return false; 9706 } 9707 Preconditions.checkNotNull(who, "ComponentName is null"); 9708 synchronized (this) { 9709 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9710 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9711 return admin.disableContactsSearch; 9712 } 9713 } 9714 9715 @Override 9716 public boolean getCrossProfileContactsSearchDisabledForUser(int userId) { 9717 enforceCrossUsersPermission(userId); 9718 synchronized (this) { 9719 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9720 return (admin != null) ? admin.disableContactsSearch : false; 9721 } 9722 } 9723 9724 @Override 9725 public void startManagedQuickContact(String actualLookupKey, long actualContactId, 9726 boolean isContactIdIgnored, long actualDirectoryId, Intent originalIntent) { 9727 final Intent intent = QuickContact.rebuildManagedQuickContactsIntent(actualLookupKey, 9728 actualContactId, isContactIdIgnored, actualDirectoryId, originalIntent); 9729 final int callingUserId = UserHandle.getCallingUserId(); 9730 9731 final long ident = mInjector.binderClearCallingIdentity(); 9732 try { 9733 synchronized (this) { 9734 final int managedUserId = getManagedUserId(callingUserId); 9735 if (managedUserId < 0) { 9736 return; 9737 } 9738 if (isCrossProfileQuickContactDisabled(managedUserId)) { 9739 if (VERBOSE_LOG) { 9740 Log.v(LOG_TAG, 9741 "Cross-profile contacts access disabled for user " + managedUserId); 9742 } 9743 return; 9744 } 9745 ContactsInternal.startQuickContactWithErrorToastForUser( 9746 mContext, intent, new UserHandle(managedUserId)); 9747 } 9748 } finally { 9749 mInjector.binderRestoreCallingIdentity(ident); 9750 } 9751 } 9752 9753 /** 9754 * @return true if cross-profile QuickContact is disabled 9755 */ 9756 private boolean isCrossProfileQuickContactDisabled(int userId) { 9757 return getCrossProfileCallerIdDisabledForUser(userId) 9758 && getCrossProfileContactsSearchDisabledForUser(userId); 9759 } 9760 9761 /** 9762 * @return the user ID of the managed user that is linked to the current user, if any. 9763 * Otherwise -1. 9764 */ 9765 public int getManagedUserId(int callingUserId) { 9766 if (VERBOSE_LOG) { 9767 Log.v(LOG_TAG, "getManagedUserId: callingUserId=" + callingUserId); 9768 } 9769 9770 for (UserInfo ui : mUserManager.getProfiles(callingUserId)) { 9771 if (ui.id == callingUserId || !ui.isManagedProfile()) { 9772 continue; // Caller user self, or not a managed profile. Skip. 9773 } 9774 if (VERBOSE_LOG) { 9775 Log.v(LOG_TAG, "Managed user=" + ui.id); 9776 } 9777 return ui.id; 9778 } 9779 if (VERBOSE_LOG) { 9780 Log.v(LOG_TAG, "Managed user not found."); 9781 } 9782 return -1; 9783 } 9784 9785 @Override 9786 public void setBluetoothContactSharingDisabled(ComponentName who, boolean disabled) { 9787 if (!mHasFeature) { 9788 return; 9789 } 9790 Preconditions.checkNotNull(who, "ComponentName is null"); 9791 synchronized (this) { 9792 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9793 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9794 if (admin.disableBluetoothContactSharing != disabled) { 9795 admin.disableBluetoothContactSharing = disabled; 9796 saveSettingsLocked(UserHandle.getCallingUserId()); 9797 } 9798 } 9799 } 9800 9801 @Override 9802 public boolean getBluetoothContactSharingDisabled(ComponentName who) { 9803 if (!mHasFeature) { 9804 return false; 9805 } 9806 Preconditions.checkNotNull(who, "ComponentName is null"); 9807 synchronized (this) { 9808 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9809 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9810 return admin.disableBluetoothContactSharing; 9811 } 9812 } 9813 9814 @Override 9815 public boolean getBluetoothContactSharingDisabledForUser(int userId) { 9816 // TODO: Should there be a check to make sure this relationship is 9817 // within a profile group? 9818 // enforceSystemProcess("getCrossProfileCallerIdDisabled can only be called by system"); 9819 synchronized (this) { 9820 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9821 return (admin != null) ? admin.disableBluetoothContactSharing : false; 9822 } 9823 } 9824 9825 @Override 9826 public void setLockTaskPackages(ComponentName who, String[] packages) 9827 throws SecurityException { 9828 Preconditions.checkNotNull(who, "ComponentName is null"); 9829 Preconditions.checkNotNull(packages, "packages is null"); 9830 9831 synchronized (this) { 9832 enforceCanCallLockTaskLocked(who); 9833 final int userHandle = mInjector.userHandleGetCallingUserId(); 9834 setLockTaskPackagesLocked(userHandle, new ArrayList<>(Arrays.asList(packages))); 9835 } 9836 } 9837 9838 private void setLockTaskPackagesLocked(int userHandle, List<String> packages) { 9839 DevicePolicyData policy = getUserData(userHandle); 9840 policy.mLockTaskPackages = packages; 9841 9842 // Store the settings persistently. 9843 saveSettingsLocked(userHandle); 9844 updateLockTaskPackagesLocked(packages, userHandle); 9845 } 9846 9847 @Override 9848 public String[] getLockTaskPackages(ComponentName who) { 9849 Preconditions.checkNotNull(who, "ComponentName is null"); 9850 9851 final int userHandle = mInjector.binderGetCallingUserHandle().getIdentifier(); 9852 synchronized (this) { 9853 enforceCanCallLockTaskLocked(who); 9854 final List<String> packages = getUserData(userHandle).mLockTaskPackages; 9855 return packages.toArray(new String[packages.size()]); 9856 } 9857 } 9858 9859 @Override 9860 public boolean isLockTaskPermitted(String pkg) { 9861 final int userHandle = mInjector.userHandleGetCallingUserId(); 9862 synchronized (this) { 9863 return getUserData(userHandle).mLockTaskPackages.contains(pkg); 9864 } 9865 } 9866 9867 @Override 9868 public void setLockTaskFeatures(ComponentName who, int flags) { 9869 Preconditions.checkNotNull(who, "ComponentName is null"); 9870 9871 // Throw if Overview is used without Home. 9872 boolean hasHome = (flags & LOCK_TASK_FEATURE_HOME) != 0; 9873 boolean hasOverview = (flags & LOCK_TASK_FEATURE_OVERVIEW) != 0; 9874 Preconditions.checkArgument(hasHome || !hasOverview, 9875 "Cannot use LOCK_TASK_FEATURE_OVERVIEW without LOCK_TASK_FEATURE_HOME"); 9876 9877 final int userHandle = mInjector.userHandleGetCallingUserId(); 9878 synchronized (this) { 9879 enforceCanCallLockTaskLocked(who); 9880 setLockTaskFeaturesLocked(userHandle, flags); 9881 } 9882 } 9883 9884 private void setLockTaskFeaturesLocked(int userHandle, int flags) { 9885 DevicePolicyData policy = getUserData(userHandle); 9886 policy.mLockTaskFeatures = flags; 9887 saveSettingsLocked(userHandle); 9888 updateLockTaskFeaturesLocked(flags, userHandle); 9889 } 9890 9891 @Override 9892 public int getLockTaskFeatures(ComponentName who) { 9893 Preconditions.checkNotNull(who, "ComponentName is null"); 9894 final int userHandle = mInjector.userHandleGetCallingUserId(); 9895 synchronized (this) { 9896 enforceCanCallLockTaskLocked(who); 9897 return getUserData(userHandle).mLockTaskFeatures; 9898 } 9899 } 9900 9901 private void maybeClearLockTaskPolicyLocked() { 9902 final long ident = mInjector.binderClearCallingIdentity(); 9903 try { 9904 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 9905 for (int i = userInfos.size() - 1; i >= 0; i--) { 9906 int userId = userInfos.get(i).id; 9907 if (canUserUseLockTaskLocked(userId)) { 9908 continue; 9909 } 9910 9911 final List<String> lockTaskPackages = getUserData(userId).mLockTaskPackages; 9912 if (!lockTaskPackages.isEmpty()) { 9913 Slog.d(LOG_TAG, 9914 "User id " + userId + " not affiliated. Clearing lock task packages"); 9915 setLockTaskPackagesLocked(userId, Collections.<String>emptyList()); 9916 } 9917 final int lockTaskFeatures = getUserData(userId).mLockTaskFeatures; 9918 if (lockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE){ 9919 Slog.d(LOG_TAG, 9920 "User id " + userId + " not affiliated. Clearing lock task features"); 9921 setLockTaskFeaturesLocked(userId, DevicePolicyManager.LOCK_TASK_FEATURE_NONE); 9922 } 9923 } 9924 } finally { 9925 mInjector.binderRestoreCallingIdentity(ident); 9926 } 9927 } 9928 9929 @Override 9930 public void notifyLockTaskModeChanged(boolean isEnabled, String pkg, int userHandle) { 9931 if (!isCallerWithSystemUid()) { 9932 throw new SecurityException("notifyLockTaskModeChanged can only be called by system"); 9933 } 9934 synchronized (this) { 9935 final DevicePolicyData policy = getUserData(userHandle); 9936 9937 if (policy.mStatusBarDisabled) { 9938 // Status bar is managed by LockTaskController during LockTask, so we cancel this 9939 // policy when LockTask starts, and reapply it when LockTask ends 9940 setStatusBarDisabledInternal(!isEnabled, userHandle); 9941 } 9942 9943 Bundle adminExtras = new Bundle(); 9944 adminExtras.putString(DeviceAdminReceiver.EXTRA_LOCK_TASK_PACKAGE, pkg); 9945 for (ActiveAdmin admin : policy.mAdminList) { 9946 final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userHandle); 9947 final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userHandle); 9948 if (ownsDevice || ownsProfile) { 9949 if (isEnabled) { 9950 sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_ENTERING, 9951 adminExtras, null); 9952 } else { 9953 sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_EXITING); 9954 } 9955 } 9956 } 9957 } 9958 } 9959 9960 @Override 9961 public void setGlobalSetting(ComponentName who, String setting, String value) { 9962 Preconditions.checkNotNull(who, "ComponentName is null"); 9963 9964 synchronized (this) { 9965 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9966 9967 // Some settings are no supported any more. However we do not want to throw a 9968 // SecurityException to avoid breaking apps. 9969 if (GLOBAL_SETTINGS_DEPRECATED.contains(setting)) { 9970 Log.i(LOG_TAG, "Global setting no longer supported: " + setting); 9971 return; 9972 } 9973 9974 if (!GLOBAL_SETTINGS_WHITELIST.contains(setting) 9975 && !UserManager.isDeviceInDemoMode(mContext)) { 9976 throw new SecurityException(String.format( 9977 "Permission denial: device owners cannot update %1$s", setting)); 9978 } 9979 9980 if (Settings.Global.STAY_ON_WHILE_PLUGGED_IN.equals(setting)) { 9981 // ignore if it contradicts an existing policy 9982 long timeMs = getMaximumTimeToLock( 9983 who, mInjector.userHandleGetCallingUserId(), /* parent */ false); 9984 if (timeMs > 0 && timeMs < Long.MAX_VALUE) { 9985 return; 9986 } 9987 } 9988 9989 long id = mInjector.binderClearCallingIdentity(); 9990 try { 9991 mInjector.settingsGlobalPutString(setting, value); 9992 } finally { 9993 mInjector.binderRestoreCallingIdentity(id); 9994 } 9995 } 9996 } 9997 9998 @Override 9999 public void setSystemSetting(ComponentName who, String setting, String value) { 10000 Preconditions.checkNotNull(who, "ComponentName is null"); 10001 Preconditions.checkStringNotEmpty(setting, "String setting is null or empty"); 10002 10003 synchronized (this) { 10004 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10005 10006 if (!SYSTEM_SETTINGS_WHITELIST.contains(setting)) { 10007 throw new SecurityException(String.format( 10008 "Permission denial: device owners cannot update %1$s", setting)); 10009 } 10010 10011 mInjector.binderWithCleanCallingIdentity(() -> mInjector.settingsSystemPutString( 10012 setting, value)); 10013 } 10014 } 10015 10016 @Override 10017 public boolean setTime(ComponentName who, long millis) { 10018 Preconditions.checkNotNull(who, "ComponentName is null in setTime"); 10019 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10020 // Don't allow set time when auto time is on. 10021 if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME, 0) == 1) { 10022 return false; 10023 } 10024 mInjector.binderWithCleanCallingIdentity(() -> mInjector.getAlarmManager().setTime(millis)); 10025 return true; 10026 } 10027 10028 @Override 10029 public boolean setTimeZone(ComponentName who, String timeZone) { 10030 Preconditions.checkNotNull(who, "ComponentName is null in setTimeZone"); 10031 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10032 // Don't allow set timezone when auto timezone is on. 10033 if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME_ZONE, 0) == 1) { 10034 return false; 10035 } 10036 mInjector.binderWithCleanCallingIdentity(() -> 10037 mInjector.getAlarmManager().setTimeZone(timeZone)); 10038 return true; 10039 } 10040 10041 @Override 10042 public void setSecureSetting(ComponentName who, String setting, String value) { 10043 Preconditions.checkNotNull(who, "ComponentName is null"); 10044 int callingUserId = mInjector.userHandleGetCallingUserId(); 10045 10046 synchronized (this) { 10047 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10048 10049 if (isDeviceOwner(who, callingUserId)) { 10050 if (!SECURE_SETTINGS_DEVICEOWNER_WHITELIST.contains(setting) 10051 && !isCurrentUserDemo()) { 10052 throw new SecurityException(String.format( 10053 "Permission denial: Device owners cannot update %1$s", setting)); 10054 } 10055 } else if (!SECURE_SETTINGS_WHITELIST.contains(setting) && !isCurrentUserDemo()) { 10056 throw new SecurityException(String.format( 10057 "Permission denial: Profile owners cannot update %1$s", setting)); 10058 } 10059 if (setting.equals(Settings.Secure.INSTALL_NON_MARKET_APPS)) { 10060 if (getTargetSdk(who.getPackageName(), callingUserId) >= Build.VERSION_CODES.O) { 10061 throw new UnsupportedOperationException(Settings.Secure.INSTALL_NON_MARKET_APPS 10062 + " is deprecated. Please use the user restriction " 10063 + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES + " instead."); 10064 } 10065 if (!mUserManager.isManagedProfile(callingUserId)) { 10066 Slog.e(LOG_TAG, "Ignoring setSecureSetting request for " 10067 + setting + ". User restriction " 10068 + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES 10069 + " should be used instead."); 10070 } else { 10071 try { 10072 setUserRestriction(who, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, 10073 (Integer.parseInt(value) == 0) ? true : false); 10074 } catch (NumberFormatException exc) { 10075 Slog.e(LOG_TAG, "Invalid value: " + value + " for setting " + setting); 10076 } 10077 } 10078 return; 10079 } 10080 long id = mInjector.binderClearCallingIdentity(); 10081 try { 10082 if (Settings.Secure.DEFAULT_INPUT_METHOD.equals(setting)) { 10083 final String currentValue = mInjector.settingsSecureGetStringForUser( 10084 Settings.Secure.DEFAULT_INPUT_METHOD, callingUserId); 10085 if (!TextUtils.equals(currentValue, value)) { 10086 // Tell the content observer that the next change will be due to the owner 10087 // changing the value. There is a small race condition here that we cannot 10088 // avoid: Change notifications are sent asynchronously, so it is possible 10089 // that there are prior notifications queued up before the one we are about 10090 // to trigger. This is a corner case that will have no impact in practice. 10091 mSetupContentObserver.addPendingChangeByOwnerLocked(callingUserId); 10092 } 10093 getUserData(callingUserId).mCurrentInputMethodSet = true; 10094 saveSettingsLocked(callingUserId); 10095 } 10096 mInjector.settingsSecurePutStringForUser(setting, value, callingUserId); 10097 } finally { 10098 mInjector.binderRestoreCallingIdentity(id); 10099 } 10100 } 10101 } 10102 10103 @Override 10104 public void setMasterVolumeMuted(ComponentName who, boolean on) { 10105 Preconditions.checkNotNull(who, "ComponentName is null"); 10106 synchronized (this) { 10107 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10108 setUserRestriction(who, UserManager.DISALLOW_UNMUTE_DEVICE, on); 10109 } 10110 } 10111 10112 @Override 10113 public boolean isMasterVolumeMuted(ComponentName who) { 10114 Preconditions.checkNotNull(who, "ComponentName is null"); 10115 synchronized (this) { 10116 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10117 10118 AudioManager audioManager = 10119 (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE); 10120 return audioManager.isMasterMute(); 10121 } 10122 } 10123 10124 @Override 10125 public void setUserIcon(ComponentName who, Bitmap icon) { 10126 synchronized (this) { 10127 Preconditions.checkNotNull(who, "ComponentName is null"); 10128 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10129 10130 int userId = UserHandle.getCallingUserId(); 10131 long id = mInjector.binderClearCallingIdentity(); 10132 try { 10133 mUserManagerInternal.setUserIcon(userId, icon); 10134 } finally { 10135 mInjector.binderRestoreCallingIdentity(id); 10136 } 10137 } 10138 } 10139 10140 @Override 10141 public boolean setKeyguardDisabled(ComponentName who, boolean disabled) { 10142 Preconditions.checkNotNull(who, "ComponentName is null"); 10143 final int userId = mInjector.userHandleGetCallingUserId(); 10144 synchronized (this) { 10145 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10146 if (!isUserAffiliatedWithDeviceLocked(userId)) { 10147 throw new SecurityException("Admin " + who + 10148 " is neither the device owner or affiliated user's profile owner."); 10149 } 10150 } 10151 if (isManagedProfile(userId)) { 10152 throw new SecurityException("Managed profile cannot disable keyguard"); 10153 } 10154 10155 long ident = mInjector.binderClearCallingIdentity(); 10156 try { 10157 // disallow disabling the keyguard if a password is currently set 10158 if (disabled && mLockPatternUtils.isSecure(userId)) { 10159 return false; 10160 } 10161 mLockPatternUtils.setLockScreenDisabled(disabled, userId); 10162 mInjector.getIWindowManager().dismissKeyguard(null /* callback */, null /* message */); 10163 } catch (RemoteException e) { 10164 // Same process, does not happen. 10165 } finally { 10166 mInjector.binderRestoreCallingIdentity(ident); 10167 } 10168 return true; 10169 } 10170 10171 @Override 10172 public boolean setStatusBarDisabled(ComponentName who, boolean disabled) { 10173 int userId = UserHandle.getCallingUserId(); 10174 synchronized (this) { 10175 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10176 if (!isUserAffiliatedWithDeviceLocked(userId)) { 10177 throw new SecurityException("Admin " + who + 10178 " is neither the device owner or affiliated user's profile owner."); 10179 } 10180 if (isManagedProfile(userId)) { 10181 throw new SecurityException("Managed profile cannot disable status bar"); 10182 } 10183 DevicePolicyData policy = getUserData(userId); 10184 if (policy.mStatusBarDisabled != disabled) { 10185 boolean isLockTaskMode = false; 10186 try { 10187 isLockTaskMode = mInjector.getIActivityManager().getLockTaskModeState() 10188 != LOCK_TASK_MODE_NONE; 10189 } catch (RemoteException e) { 10190 Slog.e(LOG_TAG, "Failed to get LockTask mode"); 10191 } 10192 if (!isLockTaskMode) { 10193 if (!setStatusBarDisabledInternal(disabled, userId)) { 10194 return false; 10195 } 10196 } 10197 policy.mStatusBarDisabled = disabled; 10198 saveSettingsLocked(userId); 10199 } 10200 } 10201 return true; 10202 } 10203 10204 private boolean setStatusBarDisabledInternal(boolean disabled, int userId) { 10205 long ident = mInjector.binderClearCallingIdentity(); 10206 try { 10207 IStatusBarService statusBarService = IStatusBarService.Stub.asInterface( 10208 ServiceManager.checkService(Context.STATUS_BAR_SERVICE)); 10209 if (statusBarService != null) { 10210 int flags1 = disabled ? STATUS_BAR_DISABLE_MASK : StatusBarManager.DISABLE_NONE; 10211 int flags2 = disabled ? STATUS_BAR_DISABLE2_MASK : StatusBarManager.DISABLE2_NONE; 10212 statusBarService.disableForUser(flags1, mToken, mContext.getPackageName(), userId); 10213 statusBarService.disable2ForUser(flags2, mToken, mContext.getPackageName(), userId); 10214 return true; 10215 } 10216 } catch (RemoteException e) { 10217 Slog.e(LOG_TAG, "Failed to disable the status bar", e); 10218 } finally { 10219 mInjector.binderRestoreCallingIdentity(ident); 10220 } 10221 return false; 10222 } 10223 10224 /** 10225 * We need to update the internal state of whether a user has completed setup or a 10226 * device has paired once. After that, we ignore any changes that reset the 10227 * Settings.Secure.USER_SETUP_COMPLETE or Settings.Secure.DEVICE_PAIRED change 10228 * as we don't trust any apps that might try to reset them. 10229 * <p> 10230 * Unfortunately, we don't know which user's setup state was changed, so we write all of 10231 * them. 10232 */ 10233 void updateUserSetupCompleteAndPaired() { 10234 List<UserInfo> users = mUserManager.getUsers(true); 10235 final int N = users.size(); 10236 for (int i = 0; i < N; i++) { 10237 int userHandle = users.get(i).id; 10238 if (mInjector.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0, 10239 userHandle) != 0) { 10240 DevicePolicyData policy = getUserData(userHandle); 10241 if (!policy.mUserSetupComplete) { 10242 policy.mUserSetupComplete = true; 10243 synchronized (this) { 10244 saveSettingsLocked(userHandle); 10245 } 10246 } 10247 } 10248 if (mIsWatch && mInjector.settingsSecureGetIntForUser(Settings.Secure.DEVICE_PAIRED, 0, 10249 userHandle) != 0) { 10250 DevicePolicyData policy = getUserData(userHandle); 10251 if (!policy.mPaired) { 10252 policy.mPaired = true; 10253 synchronized (this) { 10254 saveSettingsLocked(userHandle); 10255 } 10256 } 10257 } 10258 } 10259 } 10260 10261 private class SetupContentObserver extends ContentObserver { 10262 private final Uri mUserSetupComplete = Settings.Secure.getUriFor( 10263 Settings.Secure.USER_SETUP_COMPLETE); 10264 private final Uri mDeviceProvisioned = Settings.Global.getUriFor( 10265 Settings.Global.DEVICE_PROVISIONED); 10266 private final Uri mPaired = Settings.Secure.getUriFor(Settings.Secure.DEVICE_PAIRED); 10267 private final Uri mDefaultImeChanged = Settings.Secure.getUriFor( 10268 Settings.Secure.DEFAULT_INPUT_METHOD); 10269 10270 @GuardedBy("DevicePolicyManagerService.this") 10271 private Set<Integer> mUserIdsWithPendingChangesByOwner = new ArraySet<>(); 10272 10273 public SetupContentObserver(Handler handler) { 10274 super(handler); 10275 } 10276 10277 void register() { 10278 mInjector.registerContentObserver(mUserSetupComplete, false, this, UserHandle.USER_ALL); 10279 mInjector.registerContentObserver(mDeviceProvisioned, false, this, UserHandle.USER_ALL); 10280 if (mIsWatch) { 10281 mInjector.registerContentObserver(mPaired, false, this, UserHandle.USER_ALL); 10282 } 10283 mInjector.registerContentObserver(mDefaultImeChanged, false, this, UserHandle.USER_ALL); 10284 } 10285 10286 @GuardedBy("DevicePolicyManagerService.this") 10287 private void addPendingChangeByOwnerLocked(int userId) { 10288 mUserIdsWithPendingChangesByOwner.add(userId); 10289 } 10290 10291 @Override 10292 public void onChange(boolean selfChange, Uri uri, int userId) { 10293 if (mUserSetupComplete.equals(uri) || (mIsWatch && mPaired.equals(uri))) { 10294 updateUserSetupCompleteAndPaired(); 10295 } else if (mDeviceProvisioned.equals(uri)) { 10296 synchronized (DevicePolicyManagerService.this) { 10297 // Set PROPERTY_DEVICE_OWNER_PRESENT, for the SUW case where setting the property 10298 // is delayed until device is marked as provisioned. 10299 setDeviceOwnerSystemPropertyLocked(); 10300 } 10301 } else if (mDefaultImeChanged.equals(uri)) { 10302 synchronized (DevicePolicyManagerService.this) { 10303 if (mUserIdsWithPendingChangesByOwner.contains(userId)) { 10304 // This change notification was triggered by the owner changing the current 10305 // IME. Ignore it. 10306 mUserIdsWithPendingChangesByOwner.remove(userId); 10307 } else { 10308 // This change notification was triggered by the user manually changing the 10309 // current IME. 10310 getUserData(userId).mCurrentInputMethodSet = false; 10311 saveSettingsLocked(userId); 10312 } 10313 } 10314 } 10315 } 10316 } 10317 10318 @VisibleForTesting 10319 final class LocalService extends DevicePolicyManagerInternal { 10320 private List<OnCrossProfileWidgetProvidersChangeListener> mWidgetProviderListeners; 10321 10322 @Override 10323 public List<String> getCrossProfileWidgetProviders(int profileId) { 10324 synchronized (DevicePolicyManagerService.this) { 10325 if (mOwners == null) { 10326 return Collections.emptyList(); 10327 } 10328 ComponentName ownerComponent = mOwners.getProfileOwnerComponent(profileId); 10329 if (ownerComponent == null) { 10330 return Collections.emptyList(); 10331 } 10332 10333 DevicePolicyData policy = getUserDataUnchecked(profileId); 10334 ActiveAdmin admin = policy.mAdminMap.get(ownerComponent); 10335 10336 if (admin == null || admin.crossProfileWidgetProviders == null 10337 || admin.crossProfileWidgetProviders.isEmpty()) { 10338 return Collections.emptyList(); 10339 } 10340 10341 return admin.crossProfileWidgetProviders; 10342 } 10343 } 10344 10345 @Override 10346 public void addOnCrossProfileWidgetProvidersChangeListener( 10347 OnCrossProfileWidgetProvidersChangeListener listener) { 10348 synchronized (DevicePolicyManagerService.this) { 10349 if (mWidgetProviderListeners == null) { 10350 mWidgetProviderListeners = new ArrayList<>(); 10351 } 10352 if (!mWidgetProviderListeners.contains(listener)) { 10353 mWidgetProviderListeners.add(listener); 10354 } 10355 } 10356 } 10357 10358 @Override 10359 public boolean isActiveAdminWithPolicy(int uid, int reqPolicy) { 10360 synchronized(DevicePolicyManagerService.this) { 10361 return getActiveAdminWithPolicyForUidLocked(null, reqPolicy, uid) != null; 10362 } 10363 } 10364 10365 private void notifyCrossProfileProvidersChanged(int userId, List<String> packages) { 10366 final List<OnCrossProfileWidgetProvidersChangeListener> listeners; 10367 synchronized (DevicePolicyManagerService.this) { 10368 listeners = new ArrayList<>(mWidgetProviderListeners); 10369 } 10370 final int listenerCount = listeners.size(); 10371 for (int i = 0; i < listenerCount; i++) { 10372 OnCrossProfileWidgetProvidersChangeListener listener = listeners.get(i); 10373 listener.onCrossProfileWidgetProvidersChanged(userId, packages); 10374 } 10375 } 10376 10377 @Override 10378 public Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin) { 10379 // This method is called from AM with its lock held, so don't take the DPMS lock. 10380 // b/29242568 10381 10382 ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); 10383 if (profileOwner != null) { 10384 return DevicePolicyManagerService.this 10385 .createShowAdminSupportIntent(profileOwner, userId); 10386 } 10387 10388 final Pair<Integer, ComponentName> deviceOwner = 10389 mOwners.getDeviceOwnerUserIdAndComponent(); 10390 if (deviceOwner != null && deviceOwner.first == userId) { 10391 return DevicePolicyManagerService.this 10392 .createShowAdminSupportIntent(deviceOwner.second, userId); 10393 } 10394 10395 // We're not specifying the device admin because there isn't one. 10396 if (useDefaultIfNoAdmin) { 10397 return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); 10398 } 10399 return null; 10400 } 10401 10402 @Override 10403 public Intent createUserRestrictionSupportIntent(int userId, String userRestriction) { 10404 int source; 10405 long ident = mInjector.binderClearCallingIdentity(); 10406 try { 10407 source = mUserManager.getUserRestrictionSource(userRestriction, 10408 UserHandle.of(userId)); 10409 } finally { 10410 mInjector.binderRestoreCallingIdentity(ident); 10411 } 10412 if ((source & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) { 10413 /* 10414 * In this case, the user restriction is enforced by the system. 10415 * So we won't show an admin support intent, even if it is also 10416 * enforced by a profile/device owner. 10417 */ 10418 return null; 10419 } 10420 boolean enforcedByDo = (source & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0; 10421 boolean enforcedByPo = (source & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0; 10422 if (enforcedByDo && enforcedByPo) { 10423 // In this case, we'll show an admin support dialog that does not 10424 // specify the admin. 10425 return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); 10426 } else if (enforcedByPo) { 10427 final ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); 10428 if (profileOwner != null) { 10429 return DevicePolicyManagerService.this 10430 .createShowAdminSupportIntent(profileOwner, userId); 10431 } 10432 // This could happen if another thread has changed the profile owner since we called 10433 // getUserRestrictionSource 10434 return null; 10435 } else if (enforcedByDo) { 10436 final Pair<Integer, ComponentName> deviceOwner 10437 = mOwners.getDeviceOwnerUserIdAndComponent(); 10438 if (deviceOwner != null) { 10439 return DevicePolicyManagerService.this 10440 .createShowAdminSupportIntent(deviceOwner.second, deviceOwner.first); 10441 } 10442 // This could happen if another thread has changed the device owner since we called 10443 // getUserRestrictionSource 10444 return null; 10445 } 10446 return null; 10447 } 10448 10449 @Override 10450 public boolean isUserAffiliatedWithDevice(int userId) { 10451 return DevicePolicyManagerService.this.isUserAffiliatedWithDeviceLocked(userId); 10452 } 10453 10454 @Override 10455 public void reportSeparateProfileChallengeChanged(@UserIdInt int userId) { 10456 synchronized (DevicePolicyManagerService.this) { 10457 updateMaximumTimeToLockLocked(userId); 10458 } 10459 } 10460 10461 @Override 10462 public boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) { 10463 return DevicePolicyManagerService.this.canUserHaveUntrustedCredentialReset(userId); 10464 } 10465 10466 @Override 10467 public CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId) { 10468 synchronized (DevicePolicyManagerService.this) { 10469 DevicePolicyData policy = getUserData(userId); 10470 if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_PRINTING, 10471 UserHandle.of(userId))) { 10472 Log.e(LOG_TAG, "printing is enabled"); 10473 return null; 10474 } 10475 String ownerPackage = mOwners.getProfileOwnerPackage(userId); 10476 if (ownerPackage == null) { 10477 ownerPackage = mOwners.getDeviceOwnerPackageName(); 10478 } 10479 PackageManager pm = mInjector.getPackageManager(); 10480 PackageInfo packageInfo; 10481 try { 10482 packageInfo = pm.getPackageInfo(ownerPackage, 0); 10483 } catch (NameNotFoundException e) { 10484 Log.e(LOG_TAG, "getPackageInfo error", e); 10485 return null; 10486 } 10487 if (packageInfo == null) { 10488 Log.e(LOG_TAG, "packageInfo is inexplicably null"); 10489 return null; 10490 } 10491 ApplicationInfo appInfo = packageInfo.applicationInfo; 10492 if (appInfo == null) { 10493 Log.e(LOG_TAG, "appInfo is inexplicably null"); 10494 return null; 10495 } 10496 CharSequence appLabel = pm.getApplicationLabel(appInfo); 10497 if (appLabel == null) { 10498 Log.e(LOG_TAG, "appLabel is inexplicably null"); 10499 return null; 10500 } 10501 return ((Context) ActivityThread.currentActivityThread().getSystemUiContext()) 10502 .getResources().getString(R.string.printing_disabled_by, appLabel); 10503 } 10504 } 10505 } 10506 10507 private Intent createShowAdminSupportIntent(ComponentName admin, int userId) { 10508 // This method is called with AMS lock held, so don't take DPMS lock 10509 final Intent intent = new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS); 10510 intent.putExtra(Intent.EXTRA_USER_ID, userId); 10511 intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, admin); 10512 intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); 10513 return intent; 10514 } 10515 10516 @Override 10517 public Intent createAdminSupportIntent(String restriction) { 10518 Preconditions.checkNotNull(restriction); 10519 final int uid = mInjector.binderGetCallingUid(); 10520 final int userId = UserHandle.getUserId(uid); 10521 Intent intent = null; 10522 if (DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction) || 10523 DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction) || 10524 DevicePolicyManager.POLICY_MANDATORY_BACKUPS.equals(restriction)) { 10525 synchronized(this) { 10526 final DevicePolicyData policy = getUserData(userId); 10527 final int N = policy.mAdminList.size(); 10528 for (int i = 0; i < N; i++) { 10529 final ActiveAdmin admin = policy.mAdminList.get(i); 10530 if ((admin.disableCamera && 10531 DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) || 10532 (admin.disableScreenCapture && DevicePolicyManager 10533 .POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction)) || 10534 (admin.mandatoryBackupTransport != null && DevicePolicyManager 10535 .POLICY_MANDATORY_BACKUPS.equals(restriction))) { 10536 intent = createShowAdminSupportIntent(admin.info.getComponent(), userId); 10537 break; 10538 } 10539 } 10540 // For the camera, a device owner on a different user can disable it globally, 10541 // so we need an additional check. 10542 if (intent == null 10543 && DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) { 10544 final ActiveAdmin admin = getDeviceOwnerAdminLocked(); 10545 if (admin != null && admin.disableCamera) { 10546 intent = createShowAdminSupportIntent(admin.info.getComponent(), 10547 mOwners.getDeviceOwnerUserId()); 10548 } 10549 } 10550 } 10551 } else { 10552 // if valid, |restriction| can only be a user restriction 10553 intent = mLocalService.createUserRestrictionSupportIntent(userId, restriction); 10554 } 10555 if (intent != null) { 10556 intent.putExtra(DevicePolicyManager.EXTRA_RESTRICTION, restriction); 10557 } 10558 return intent; 10559 } 10560 10561 /** 10562 * Returns true if specified admin is allowed to limit passwords and has a 10563 * {@code minimumPasswordMetrics.quality} of at least {@code minPasswordQuality} 10564 */ 10565 private static boolean isLimitPasswordAllowed(ActiveAdmin admin, int minPasswordQuality) { 10566 if (admin.minimumPasswordMetrics.quality < minPasswordQuality) { 10567 return false; 10568 } 10569 return admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD); 10570 } 10571 10572 @Override 10573 public void setSystemUpdatePolicy(ComponentName who, SystemUpdatePolicy policy) { 10574 if (policy != null) { 10575 // throws exception if policy type is invalid 10576 policy.validateType(); 10577 // throws exception if freeze period is invalid 10578 policy.validateFreezePeriods(); 10579 Pair<LocalDate, LocalDate> record = mOwners.getSystemUpdateFreezePeriodRecord(); 10580 // throws exception if freeze period is incompatible with previous freeze period record 10581 policy.validateAgainstPreviousFreezePeriod(record.first, record.second, 10582 LocalDate.now()); 10583 } 10584 synchronized (this) { 10585 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10586 if (policy == null) { 10587 mOwners.clearSystemUpdatePolicy(); 10588 } else { 10589 mOwners.setSystemUpdatePolicy(policy); 10590 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ false); 10591 } 10592 mOwners.writeDeviceOwner(); 10593 } 10594 mContext.sendBroadcastAsUser( 10595 new Intent(DevicePolicyManager.ACTION_SYSTEM_UPDATE_POLICY_CHANGED), 10596 UserHandle.SYSTEM); 10597 } 10598 10599 @Override 10600 public SystemUpdatePolicy getSystemUpdatePolicy() { 10601 synchronized (this) { 10602 SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy(); 10603 if (policy != null && !policy.isValid()) { 10604 Slog.w(LOG_TAG, "Stored system update policy is invalid, return null instead."); 10605 return null; 10606 } 10607 return policy; 10608 } 10609 } 10610 10611 private static boolean withinRange(Pair<LocalDate, LocalDate> range, LocalDate date) { 10612 return (!date.isBefore(range.first) && !date.isAfter(range.second)); 10613 } 10614 10615 /** 10616 * keeps track of the last continuous period when the system is under OTA freeze. 10617 * 10618 * DPMS keeps track of the previous dates during which OTA was freezed as a result of an 10619 * system update policy with freeze periods in effect. This is needed to make robust 10620 * validation on new system update polices, for example to prevent the OTA from being 10621 * frozen for more than 90 days if the DPC keeps resetting a new 24-hour freeze period 10622 * on midnight everyday, or having freeze periods closer than 60 days apart by DPC resetting 10623 * a new freeze period after a few days. 10624 * 10625 * @param saveIfChanged whether to persist the result on disk if freeze period record is 10626 * updated. This should only be set to {@code false} if there is a guaranteed 10627 * mOwners.writeDeviceOwner() later in the control flow to reduce the number of 10628 * disk writes. Otherwise you risk inconsistent on-disk state. 10629 * 10630 * @see SystemUpdatePolicy#validateAgainstPreviousFreezePeriod 10631 */ 10632 private void updateSystemUpdateFreezePeriodsRecord(boolean saveIfChanged) { 10633 Slog.d(LOG_TAG, "updateSystemUpdateFreezePeriodsRecord"); 10634 synchronized (this) { 10635 final SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy(); 10636 if (policy == null) { 10637 return; 10638 } 10639 final LocalDate now = LocalDate.now(); 10640 final Pair<LocalDate, LocalDate> currentPeriod = policy.getCurrentFreezePeriod(now); 10641 if (currentPeriod == null) { 10642 return; 10643 } 10644 final Pair<LocalDate, LocalDate> record = mOwners.getSystemUpdateFreezePeriodRecord(); 10645 final LocalDate start = record.first; 10646 final LocalDate end = record.second; 10647 final boolean changed; 10648 if (end == null || start == null) { 10649 // Start a new period if there is none at the moment 10650 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10651 } else if (now.equals(end.plusDays(1))) { 10652 // Extend the existing period 10653 changed = mOwners.setSystemUpdateFreezePeriodRecord(start, now); 10654 } else if (now.isAfter(end.plusDays(1))) { 10655 if (withinRange(currentPeriod, start) && withinRange(currentPeriod, end)) { 10656 // The device might be off for some period. If the past freeze record 10657 // is within range of the current freeze period, assume the device was off 10658 // during the period [end, now] and extend the freeze record to [start, now]. 10659 changed = mOwners.setSystemUpdateFreezePeriodRecord(start, now); 10660 } else { 10661 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10662 } 10663 } else if (now.isBefore(start)) { 10664 // Systm clock was adjusted backwards, restart record 10665 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10666 } else /* start <= now <= end */ { 10667 changed = false; 10668 } 10669 if (changed && saveIfChanged) { 10670 mOwners.writeDeviceOwner(); 10671 } 10672 } 10673 } 10674 10675 @Override 10676 public void clearSystemUpdatePolicyFreezePeriodRecord() { 10677 enforceShell("clearSystemUpdatePolicyFreezePeriodRecord"); 10678 synchronized (this) { 10679 // Print out current record to help diagnosed CTS failures 10680 Slog.i(LOG_TAG, "Clear freeze period record: " 10681 + mOwners.getSystemUpdateFreezePeriodRecordAsString()); 10682 if (mOwners.setSystemUpdateFreezePeriodRecord(null, null)) { 10683 mOwners.writeDeviceOwner(); 10684 } 10685 } 10686 } 10687 10688 /** 10689 * Checks if the caller of the method is the device owner app. 10690 * 10691 * @param callerUid UID of the caller. 10692 * @return true if the caller is the device owner app 10693 */ 10694 @VisibleForTesting 10695 boolean isCallerDeviceOwner(int callerUid) { 10696 synchronized (this) { 10697 if (!mOwners.hasDeviceOwner()) { 10698 return false; 10699 } 10700 if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) { 10701 return false; 10702 } 10703 final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent() 10704 .getPackageName(); 10705 try { 10706 String[] pkgs = mInjector.getIPackageManager().getPackagesForUid(callerUid); 10707 for (String pkg : pkgs) { 10708 if (deviceOwnerPackageName.equals(pkg)) { 10709 return true; 10710 } 10711 } 10712 } catch (RemoteException e) { 10713 return false; 10714 } 10715 } 10716 10717 return false; 10718 } 10719 10720 @Override 10721 public void notifyPendingSystemUpdate(@Nullable SystemUpdateInfo info) { 10722 mContext.enforceCallingOrSelfPermission(permission.NOTIFY_PENDING_SYSTEM_UPDATE, 10723 "Only the system update service can broadcast update information"); 10724 10725 if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) { 10726 Slog.w(LOG_TAG, "Only the system update service in the system user " + 10727 "can broadcast update information."); 10728 return; 10729 } 10730 10731 if (!mOwners.saveSystemUpdateInfo(info)) { 10732 // Pending system update hasn't changed, don't send duplicate notification. 10733 return; 10734 } 10735 10736 final Intent intent = new Intent(DeviceAdminReceiver.ACTION_NOTIFY_PENDING_SYSTEM_UPDATE) 10737 .putExtra(DeviceAdminReceiver.EXTRA_SYSTEM_UPDATE_RECEIVED_TIME, 10738 info == null ? -1 : info.getReceivedTime()); 10739 10740 final long ident = mInjector.binderClearCallingIdentity(); 10741 try { 10742 synchronized (this) { 10743 // Broadcast to device owner first if there is one. 10744 if (mOwners.hasDeviceOwner()) { 10745 final UserHandle deviceOwnerUser = 10746 UserHandle.of(mOwners.getDeviceOwnerUserId()); 10747 intent.setComponent(mOwners.getDeviceOwnerComponent()); 10748 mContext.sendBroadcastAsUser(intent, deviceOwnerUser); 10749 } 10750 } 10751 // Get running users. 10752 final int runningUserIds[]; 10753 try { 10754 runningUserIds = mInjector.getIActivityManager().getRunningUserIds(); 10755 } catch (RemoteException e) { 10756 // Shouldn't happen. 10757 Log.e(LOG_TAG, "Could not retrieve the list of running users", e); 10758 return; 10759 } 10760 // Send broadcasts to corresponding profile owners if any. 10761 for (final int userId : runningUserIds) { 10762 synchronized (this) { 10763 final ComponentName profileOwnerPackage = 10764 mOwners.getProfileOwnerComponent(userId); 10765 if (profileOwnerPackage != null) { 10766 intent.setComponent(profileOwnerPackage); 10767 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 10768 } 10769 } 10770 } 10771 } finally { 10772 mInjector.binderRestoreCallingIdentity(ident); 10773 } 10774 } 10775 10776 @Override 10777 public SystemUpdateInfo getPendingSystemUpdate(ComponentName admin) { 10778 Preconditions.checkNotNull(admin, "ComponentName is null"); 10779 enforceProfileOrDeviceOwner(admin); 10780 10781 return mOwners.getSystemUpdateInfo(); 10782 } 10783 10784 @Override 10785 public void setPermissionPolicy(ComponentName admin, String callerPackage, int policy) 10786 throws RemoteException { 10787 int userId = UserHandle.getCallingUserId(); 10788 synchronized (this) { 10789 // Ensure the caller is a DO/PO or a permission grant state delegate. 10790 enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 10791 DELEGATION_PERMISSION_GRANT); 10792 DevicePolicyData userPolicy = getUserData(userId); 10793 if (userPolicy.mPermissionPolicy != policy) { 10794 userPolicy.mPermissionPolicy = policy; 10795 saveSettingsLocked(userId); 10796 } 10797 } 10798 } 10799 10800 @Override 10801 public int getPermissionPolicy(ComponentName admin) throws RemoteException { 10802 int userId = UserHandle.getCallingUserId(); 10803 synchronized (this) { 10804 DevicePolicyData userPolicy = getUserData(userId); 10805 return userPolicy.mPermissionPolicy; 10806 } 10807 } 10808 10809 @Override 10810 public boolean setPermissionGrantState(ComponentName admin, String callerPackage, 10811 String packageName, String permission, int grantState) throws RemoteException { 10812 UserHandle user = mInjector.binderGetCallingUserHandle(); 10813 synchronized (this) { 10814 // Ensure the caller is a DO/PO or a permission grant state delegate. 10815 enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 10816 DELEGATION_PERMISSION_GRANT); 10817 long ident = mInjector.binderClearCallingIdentity(); 10818 try { 10819 if (getTargetSdk(packageName, user.getIdentifier()) 10820 < android.os.Build.VERSION_CODES.M) { 10821 return false; 10822 } 10823 if (!isRuntimePermission(permission)) { 10824 return false; 10825 } 10826 final PackageManager packageManager = mInjector.getPackageManager(); 10827 switch (grantState) { 10828 case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: { 10829 mInjector.getPackageManagerInternal().grantRuntimePermission(packageName, 10830 permission, user.getIdentifier(), true /* override policy */); 10831 packageManager.updatePermissionFlags(permission, packageName, 10832 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 10833 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); 10834 } break; 10835 10836 case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: { 10837 mInjector.getPackageManagerInternal().revokeRuntimePermission(packageName, 10838 permission, user.getIdentifier(), true /* override policy */); 10839 packageManager.updatePermissionFlags(permission, packageName, 10840 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 10841 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); 10842 } break; 10843 10844 case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: { 10845 packageManager.updatePermissionFlags(permission, packageName, 10846 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user); 10847 } break; 10848 } 10849 return true; 10850 } catch (SecurityException se) { 10851 return false; 10852 } catch (NameNotFoundException e) { 10853 return false; 10854 } finally { 10855 mInjector.binderRestoreCallingIdentity(ident); 10856 } 10857 } 10858 } 10859 10860 @Override 10861 public int getPermissionGrantState(ComponentName admin, String callerPackage, 10862 String packageName, String permission) throws RemoteException { 10863 PackageManager packageManager = mInjector.getPackageManager(); 10864 10865 UserHandle user = mInjector.binderGetCallingUserHandle(); 10866 if (!isCallerWithSystemUid()) { 10867 // Ensure the caller is a DO/PO or a permission grant state delegate. 10868 enforceCanManageScope(admin, callerPackage, 10869 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT); 10870 } 10871 synchronized (this) { 10872 long ident = mInjector.binderClearCallingIdentity(); 10873 try { 10874 int granted = mIPackageManager.checkPermission(permission, 10875 packageName, user.getIdentifier()); 10876 int permFlags = packageManager.getPermissionFlags(permission, packageName, user); 10877 if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) 10878 != PackageManager.FLAG_PERMISSION_POLICY_FIXED) { 10879 // Not controlled by policy 10880 return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT; 10881 } else { 10882 // Policy controlled so return result based on permission grant state 10883 return granted == PackageManager.PERMISSION_GRANTED 10884 ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED 10885 : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED; 10886 } 10887 } finally { 10888 mInjector.binderRestoreCallingIdentity(ident); 10889 } 10890 } 10891 } 10892 10893 boolean isPackageInstalledForUser(String packageName, int userHandle) { 10894 try { 10895 PackageInfo pi = mInjector.getIPackageManager().getPackageInfo(packageName, 0, 10896 userHandle); 10897 return (pi != null) && (pi.applicationInfo.flags != 0); 10898 } catch (RemoteException re) { 10899 throw new RuntimeException("Package manager has died", re); 10900 } 10901 } 10902 10903 public boolean isRuntimePermission(String permissionName) throws NameNotFoundException { 10904 final PackageManager packageManager = mInjector.getPackageManager(); 10905 PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0); 10906 return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) 10907 == PermissionInfo.PROTECTION_DANGEROUS; 10908 } 10909 10910 @Override 10911 public boolean isProvisioningAllowed(String action, String packageName) { 10912 Preconditions.checkNotNull(packageName); 10913 10914 final int callingUid = mInjector.binderGetCallingUid(); 10915 final long ident = mInjector.binderClearCallingIdentity(); 10916 try { 10917 final int uidForPackage = mInjector.getPackageManager().getPackageUidAsUser( 10918 packageName, UserHandle.getUserId(callingUid)); 10919 Preconditions.checkArgument(callingUid == uidForPackage, 10920 "Caller uid doesn't match the one for the provided package."); 10921 } catch (NameNotFoundException e) { 10922 throw new IllegalArgumentException("Invalid package provided " + packageName, e); 10923 } finally { 10924 mInjector.binderRestoreCallingIdentity(ident); 10925 } 10926 10927 return checkProvisioningPreConditionSkipPermission(action, packageName) == CODE_OK; 10928 } 10929 10930 @Override 10931 public int checkProvisioningPreCondition(String action, String packageName) { 10932 Preconditions.checkNotNull(packageName); 10933 enforceCanManageProfileAndDeviceOwners(); 10934 return checkProvisioningPreConditionSkipPermission(action, packageName); 10935 } 10936 10937 private int checkProvisioningPreConditionSkipPermission(String action, String packageName) { 10938 if (!mHasFeature) { 10939 return CODE_DEVICE_ADMIN_NOT_SUPPORTED; 10940 } 10941 10942 final int callingUserId = mInjector.userHandleGetCallingUserId(); 10943 if (action != null) { 10944 switch (action) { 10945 case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE: 10946 return checkManagedProfileProvisioningPreCondition(packageName, callingUserId); 10947 case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE: 10948 return checkDeviceOwnerProvisioningPreCondition(callingUserId); 10949 case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER: 10950 return checkManagedUserProvisioningPreCondition(callingUserId); 10951 case DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE: 10952 return checkManagedShareableDeviceProvisioningPreCondition(callingUserId); 10953 } 10954 } 10955 throw new IllegalArgumentException("Unknown provisioning action " + action); 10956 } 10957 10958 /** 10959 * The device owner can only be set before the setup phase of the primary user has completed, 10960 * except for adb command if no accounts or additional users are present on the device. 10961 */ 10962 private int checkDeviceOwnerProvisioningPreConditionLocked(@Nullable ComponentName owner, 10963 int deviceOwnerUserId, boolean isAdb, boolean hasIncompatibleAccountsOrNonAdb) { 10964 if (mOwners.hasDeviceOwner()) { 10965 return CODE_HAS_DEVICE_OWNER; 10966 } 10967 if (mOwners.hasProfileOwner(deviceOwnerUserId)) { 10968 return CODE_USER_HAS_PROFILE_OWNER; 10969 } 10970 if (!mUserManager.isUserRunning(new UserHandle(deviceOwnerUserId))) { 10971 return CODE_USER_NOT_RUNNING; 10972 } 10973 if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) { 10974 return CODE_HAS_PAIRED; 10975 } 10976 if (isAdb) { 10977 // if shell command runs after user setup completed check device status. Otherwise, OK. 10978 if (mIsWatch || hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { 10979 if (!mInjector.userManagerIsSplitSystemUser()) { 10980 if (mUserManager.getUserCount() > 1) { 10981 return CODE_NONSYSTEM_USER_EXISTS; 10982 } 10983 if (hasIncompatibleAccountsOrNonAdb) { 10984 return CODE_ACCOUNTS_NOT_EMPTY; 10985 } 10986 } else { 10987 // STOPSHIP Do proper check in split user mode 10988 } 10989 } 10990 return CODE_OK; 10991 } else { 10992 if (!mInjector.userManagerIsSplitSystemUser()) { 10993 // In non-split user mode, DO has to be user 0 10994 if (deviceOwnerUserId != UserHandle.USER_SYSTEM) { 10995 return CODE_NOT_SYSTEM_USER; 10996 } 10997 // In non-split user mode, only provision DO before setup wizard completes 10998 if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { 10999 return CODE_USER_SETUP_COMPLETED; 11000 } 11001 } else { 11002 // STOPSHIP Do proper check in split user mode 11003 } 11004 return CODE_OK; 11005 } 11006 } 11007 11008 private int checkDeviceOwnerProvisioningPreCondition(int deviceOwnerUserId) { 11009 synchronized (this) { 11010 // hasIncompatibleAccountsOrNonAdb doesn't matter since the caller is not adb. 11011 return checkDeviceOwnerProvisioningPreConditionLocked(/* owner unknown */ null, 11012 deviceOwnerUserId, /* isAdb= */ false, 11013 /* hasIncompatibleAccountsOrNonAdb=*/ true); 11014 } 11015 } 11016 11017 private int checkManagedProfileProvisioningPreCondition(String packageName, int callingUserId) { 11018 if (!hasFeatureManagedUsers()) { 11019 return CODE_MANAGED_USERS_NOT_SUPPORTED; 11020 } 11021 if (callingUserId == UserHandle.USER_SYSTEM 11022 && mInjector.userManagerIsSplitSystemUser()) { 11023 // Managed-profiles cannot be setup on the system user. 11024 return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; 11025 } 11026 if (getProfileOwner(callingUserId) != null) { 11027 // Managed user cannot have a managed profile. 11028 return CODE_USER_HAS_PROFILE_OWNER; 11029 } 11030 11031 final long ident = mInjector.binderClearCallingIdentity(); 11032 try { 11033 final UserHandle callingUserHandle = UserHandle.of(callingUserId); 11034 final ComponentName ownerAdmin = getOwnerComponent(packageName, callingUserId); 11035 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, 11036 callingUserHandle)) { 11037 // An admin can initiate provisioning if it has set the restriction. 11038 if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin, 11039 UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserId)) { 11040 return CODE_ADD_MANAGED_PROFILE_DISALLOWED; 11041 } 11042 } 11043 boolean canRemoveProfile = true; 11044 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 11045 callingUserHandle)) { 11046 // We can remove a profile if the admin itself has set the restriction. 11047 if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin, 11048 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 11049 callingUserId)) { 11050 canRemoveProfile = false; 11051 } 11052 } 11053 if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) { 11054 return CODE_CANNOT_ADD_MANAGED_PROFILE; 11055 } 11056 } finally { 11057 mInjector.binderRestoreCallingIdentity(ident); 11058 } 11059 return CODE_OK; 11060 } 11061 11062 private ComponentName getOwnerComponent(String packageName, int userId) { 11063 if (isDeviceOwnerPackage(packageName, userId)) { 11064 return mOwners.getDeviceOwnerComponent(); 11065 } 11066 if (isProfileOwnerPackage(packageName, userId)) { 11067 return mOwners.getProfileOwnerComponent(userId); 11068 } 11069 return null; 11070 } 11071 11072 /** 11073 * Return device owner or profile owner set on a given user. 11074 */ 11075 private @Nullable ComponentName getOwnerComponent(int userId) { 11076 synchronized (this) { 11077 if (mOwners.getDeviceOwnerUserId() == userId) { 11078 return mOwners.getDeviceOwnerComponent(); 11079 } 11080 if (mOwners.hasProfileOwner(userId)) { 11081 return mOwners.getProfileOwnerComponent(userId); 11082 } 11083 } 11084 return null; 11085 } 11086 11087 private int checkManagedUserProvisioningPreCondition(int callingUserId) { 11088 if (!hasFeatureManagedUsers()) { 11089 return CODE_MANAGED_USERS_NOT_SUPPORTED; 11090 } 11091 if (!mInjector.userManagerIsSplitSystemUser()) { 11092 // ACTION_PROVISION_MANAGED_USER only supported on split-user systems. 11093 return CODE_NOT_SYSTEM_USER_SPLIT; 11094 } 11095 if (callingUserId == UserHandle.USER_SYSTEM) { 11096 // System user cannot be a managed user. 11097 return CODE_SYSTEM_USER; 11098 } 11099 if (hasUserSetupCompleted(callingUserId)) { 11100 return CODE_USER_SETUP_COMPLETED; 11101 } 11102 if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) { 11103 return CODE_HAS_PAIRED; 11104 } 11105 return CODE_OK; 11106 } 11107 11108 private int checkManagedShareableDeviceProvisioningPreCondition(int callingUserId) { 11109 if (!mInjector.userManagerIsSplitSystemUser()) { 11110 // ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE only supported on split-user systems. 11111 return CODE_NOT_SYSTEM_USER_SPLIT; 11112 } 11113 return checkDeviceOwnerProvisioningPreCondition(callingUserId); 11114 } 11115 11116 private boolean hasFeatureManagedUsers() { 11117 try { 11118 return mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0); 11119 } catch (RemoteException e) { 11120 return false; 11121 } 11122 } 11123 11124 @Override 11125 public String getWifiMacAddress(ComponentName admin) { 11126 // Make sure caller has DO. 11127 synchronized (this) { 11128 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11129 } 11130 11131 final long ident = mInjector.binderClearCallingIdentity(); 11132 try { 11133 final WifiInfo wifiInfo = mInjector.getWifiManager().getConnectionInfo(); 11134 if (wifiInfo == null) { 11135 return null; 11136 } 11137 return wifiInfo.hasRealMacAddress() ? wifiInfo.getMacAddress() : null; 11138 } finally { 11139 mInjector.binderRestoreCallingIdentity(ident); 11140 } 11141 } 11142 11143 /** 11144 * Returns the target sdk version number that the given packageName was built for 11145 * in the given user. 11146 */ 11147 private int getTargetSdk(String packageName, int userId) { 11148 final ApplicationInfo ai; 11149 try { 11150 ai = mIPackageManager.getApplicationInfo(packageName, 0, userId); 11151 final int targetSdkVersion = ai == null ? 0 : ai.targetSdkVersion; 11152 return targetSdkVersion; 11153 } catch (RemoteException e) { 11154 // Shouldn't happen 11155 return 0; 11156 } 11157 } 11158 11159 @Override 11160 public boolean isManagedProfile(ComponentName admin) { 11161 enforceProfileOrDeviceOwner(admin); 11162 return isManagedProfile(mInjector.userHandleGetCallingUserId()); 11163 } 11164 11165 @Override 11166 public boolean isSystemOnlyUser(ComponentName admin) { 11167 synchronized (this) { 11168 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11169 } 11170 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11171 return UserManager.isSplitSystemUser() && callingUserId == UserHandle.USER_SYSTEM; 11172 } 11173 11174 @Override 11175 public void reboot(ComponentName admin) { 11176 Preconditions.checkNotNull(admin); 11177 // Make sure caller has DO. 11178 synchronized (this) { 11179 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11180 } 11181 long ident = mInjector.binderClearCallingIdentity(); 11182 try { 11183 // Make sure there are no ongoing calls on the device. 11184 if (mTelephonyManager.getCallState() != TelephonyManager.CALL_STATE_IDLE) { 11185 throw new IllegalStateException("Cannot be called with ongoing call on the device"); 11186 } 11187 mInjector.powerManagerReboot(PowerManager.REBOOT_REQUESTED_BY_DEVICE_OWNER); 11188 } finally { 11189 mInjector.binderRestoreCallingIdentity(ident); 11190 } 11191 } 11192 11193 @Override 11194 public void setShortSupportMessage(@NonNull ComponentName who, CharSequence message) { 11195 if (!mHasFeature) { 11196 return; 11197 } 11198 Preconditions.checkNotNull(who, "ComponentName is null"); 11199 final int userHandle = mInjector.userHandleGetCallingUserId(); 11200 synchronized (this) { 11201 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11202 mInjector.binderGetCallingUid()); 11203 if (!TextUtils.equals(admin.shortSupportMessage, message)) { 11204 admin.shortSupportMessage = message; 11205 saveSettingsLocked(userHandle); 11206 } 11207 } 11208 } 11209 11210 @Override 11211 public CharSequence getShortSupportMessage(@NonNull ComponentName who) { 11212 if (!mHasFeature) { 11213 return null; 11214 } 11215 Preconditions.checkNotNull(who, "ComponentName is null"); 11216 synchronized (this) { 11217 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11218 mInjector.binderGetCallingUid()); 11219 return admin.shortSupportMessage; 11220 } 11221 } 11222 11223 @Override 11224 public void setLongSupportMessage(@NonNull ComponentName who, CharSequence message) { 11225 if (!mHasFeature) { 11226 return; 11227 } 11228 Preconditions.checkNotNull(who, "ComponentName is null"); 11229 final int userHandle = mInjector.userHandleGetCallingUserId(); 11230 synchronized (this) { 11231 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11232 mInjector.binderGetCallingUid()); 11233 if (!TextUtils.equals(admin.longSupportMessage, message)) { 11234 admin.longSupportMessage = message; 11235 saveSettingsLocked(userHandle); 11236 } 11237 } 11238 } 11239 11240 @Override 11241 public CharSequence getLongSupportMessage(@NonNull ComponentName who) { 11242 if (!mHasFeature) { 11243 return null; 11244 } 11245 Preconditions.checkNotNull(who, "ComponentName is null"); 11246 synchronized (this) { 11247 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11248 mInjector.binderGetCallingUid()); 11249 return admin.longSupportMessage; 11250 } 11251 } 11252 11253 @Override 11254 public CharSequence getShortSupportMessageForUser(@NonNull ComponentName who, int userHandle) { 11255 if (!mHasFeature) { 11256 return null; 11257 } 11258 Preconditions.checkNotNull(who, "ComponentName is null"); 11259 if (!isCallerWithSystemUid()) { 11260 throw new SecurityException("Only the system can query support message for user"); 11261 } 11262 synchronized (this) { 11263 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 11264 if (admin != null) { 11265 return admin.shortSupportMessage; 11266 } 11267 } 11268 return null; 11269 } 11270 11271 @Override 11272 public CharSequence getLongSupportMessageForUser(@NonNull ComponentName who, int userHandle) { 11273 if (!mHasFeature) { 11274 return null; 11275 } 11276 Preconditions.checkNotNull(who, "ComponentName is null"); 11277 if (!isCallerWithSystemUid()) { 11278 throw new SecurityException("Only the system can query support message for user"); 11279 } 11280 synchronized (this) { 11281 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 11282 if (admin != null) { 11283 return admin.longSupportMessage; 11284 } 11285 } 11286 return null; 11287 } 11288 11289 @Override 11290 public void setOrganizationColor(@NonNull ComponentName who, int color) { 11291 if (!mHasFeature) { 11292 return; 11293 } 11294 Preconditions.checkNotNull(who, "ComponentName is null"); 11295 final int userHandle = mInjector.userHandleGetCallingUserId(); 11296 enforceManagedProfile(userHandle, "set organization color"); 11297 synchronized (this) { 11298 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11299 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11300 admin.organizationColor = color; 11301 saveSettingsLocked(userHandle); 11302 } 11303 } 11304 11305 @Override 11306 public void setOrganizationColorForUser(int color, int userId) { 11307 if (!mHasFeature) { 11308 return; 11309 } 11310 enforceFullCrossUsersPermission(userId); 11311 enforceManageUsers(); 11312 enforceManagedProfile(userId, "set organization color"); 11313 synchronized (this) { 11314 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 11315 admin.organizationColor = color; 11316 saveSettingsLocked(userId); 11317 } 11318 } 11319 11320 @Override 11321 public int getOrganizationColor(@NonNull ComponentName who) { 11322 if (!mHasFeature) { 11323 return ActiveAdmin.DEF_ORGANIZATION_COLOR; 11324 } 11325 Preconditions.checkNotNull(who, "ComponentName is null"); 11326 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization color"); 11327 synchronized (this) { 11328 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11329 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11330 return admin.organizationColor; 11331 } 11332 } 11333 11334 @Override 11335 public int getOrganizationColorForUser(int userHandle) { 11336 if (!mHasFeature) { 11337 return ActiveAdmin.DEF_ORGANIZATION_COLOR; 11338 } 11339 enforceFullCrossUsersPermission(userHandle); 11340 enforceManagedProfile(userHandle, "get organization color"); 11341 synchronized (this) { 11342 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle); 11343 return (profileOwner != null) 11344 ? profileOwner.organizationColor 11345 : ActiveAdmin.DEF_ORGANIZATION_COLOR; 11346 } 11347 } 11348 11349 @Override 11350 public void setOrganizationName(@NonNull ComponentName who, CharSequence text) { 11351 if (!mHasFeature) { 11352 return; 11353 } 11354 Preconditions.checkNotNull(who, "ComponentName is null"); 11355 final int userHandle = mInjector.userHandleGetCallingUserId(); 11356 11357 synchronized (this) { 11358 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11359 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11360 if (!TextUtils.equals(admin.organizationName, text)) { 11361 admin.organizationName = (text == null || text.length() == 0) 11362 ? null : text.toString(); 11363 saveSettingsLocked(userHandle); 11364 } 11365 } 11366 } 11367 11368 @Override 11369 public CharSequence getOrganizationName(@NonNull ComponentName who) { 11370 if (!mHasFeature) { 11371 return null; 11372 } 11373 Preconditions.checkNotNull(who, "ComponentName is null"); 11374 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization name"); 11375 synchronized(this) { 11376 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11377 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11378 return admin.organizationName; 11379 } 11380 } 11381 11382 @Override 11383 public CharSequence getDeviceOwnerOrganizationName() { 11384 if (!mHasFeature) { 11385 return null; 11386 } 11387 enforceDeviceOwnerOrManageUsers(); 11388 synchronized(this) { 11389 final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 11390 return deviceOwnerAdmin == null ? null : deviceOwnerAdmin.organizationName; 11391 } 11392 } 11393 11394 @Override 11395 public CharSequence getOrganizationNameForUser(int userHandle) { 11396 if (!mHasFeature) { 11397 return null; 11398 } 11399 enforceFullCrossUsersPermission(userHandle); 11400 enforceManagedProfile(userHandle, "get organization name"); 11401 synchronized (this) { 11402 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle); 11403 return (profileOwner != null) 11404 ? profileOwner.organizationName 11405 : null; 11406 } 11407 } 11408 11409 @Override 11410 public List<String> setMeteredDataDisabledPackages(ComponentName who, List<String> packageNames) { 11411 Preconditions.checkNotNull(who); 11412 Preconditions.checkNotNull(packageNames); 11413 11414 if (!mHasFeature) { 11415 return packageNames; 11416 } 11417 synchronized (this) { 11418 final ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11419 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11420 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11421 final long identity = mInjector.binderClearCallingIdentity(); 11422 try { 11423 final List<String> excludedPkgs 11424 = removeInvalidPkgsForMeteredDataRestriction(callingUserId, packageNames); 11425 admin.meteredDisabledPackages = packageNames; 11426 pushMeteredDisabledPackagesLocked(callingUserId); 11427 saveSettingsLocked(callingUserId); 11428 return excludedPkgs; 11429 } finally { 11430 mInjector.binderRestoreCallingIdentity(identity); 11431 } 11432 } 11433 } 11434 11435 private List<String> removeInvalidPkgsForMeteredDataRestriction( 11436 int userId, List<String> pkgNames) { 11437 final Set<String> activeAdmins = getActiveAdminPackagesLocked(userId); 11438 final List<String> excludedPkgs = new ArrayList<>(); 11439 for (int i = pkgNames.size() - 1; i >= 0; --i) { 11440 final String pkgName = pkgNames.get(i); 11441 // If the package is an active admin, don't restrict it. 11442 if (activeAdmins.contains(pkgName)) { 11443 excludedPkgs.add(pkgName); 11444 continue; 11445 } 11446 // If the package doesn't exist, don't restrict it. 11447 try { 11448 if (!mInjector.getIPackageManager().isPackageAvailable(pkgName, userId)) { 11449 excludedPkgs.add(pkgName); 11450 } 11451 } catch (RemoteException e) { 11452 // Should not happen 11453 } 11454 } 11455 pkgNames.removeAll(excludedPkgs); 11456 return excludedPkgs; 11457 } 11458 11459 @Override 11460 public List<String> getMeteredDataDisabledPackages(ComponentName who) { 11461 Preconditions.checkNotNull(who); 11462 11463 if (!mHasFeature) { 11464 return new ArrayList<>(); 11465 } 11466 synchronized (this) { 11467 final ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11468 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11469 return admin.meteredDisabledPackages == null 11470 ? new ArrayList<>() : admin.meteredDisabledPackages; 11471 } 11472 } 11473 11474 @Override 11475 public boolean isMeteredDataDisabledPackageForUser(ComponentName who, 11476 String packageName, int userId) { 11477 Preconditions.checkNotNull(who); 11478 11479 if (!mHasFeature) { 11480 return false; 11481 } 11482 if (!isCallerWithSystemUid()) { 11483 throw new SecurityException( 11484 "Only the system can query restricted pkgs for a specific user"); 11485 } 11486 synchronized (this) { 11487 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId); 11488 if (admin != null && admin.meteredDisabledPackages != null) { 11489 return admin.meteredDisabledPackages.contains(packageName); 11490 } 11491 } 11492 return false; 11493 } 11494 11495 private void pushMeteredDisabledPackagesLocked(int userId) { 11496 mInjector.getNetworkPolicyManagerInternal().setMeteredRestrictedPackages( 11497 getMeteredDisabledPackagesLocked(userId), userId); 11498 } 11499 11500 private Set<String> getMeteredDisabledPackagesLocked(int userId) { 11501 final ComponentName who = getOwnerComponent(userId); 11502 final Set<String> restrictedPkgs = new ArraySet<>(); 11503 if (who != null) { 11504 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId); 11505 if (admin != null && admin.meteredDisabledPackages != null) { 11506 restrictedPkgs.addAll(admin.meteredDisabledPackages); 11507 } 11508 } 11509 return restrictedPkgs; 11510 } 11511 11512 @Override 11513 public void setAffiliationIds(ComponentName admin, List<String> ids) { 11514 if (!mHasFeature) { 11515 return; 11516 } 11517 if (ids == null) { 11518 throw new IllegalArgumentException("ids must not be null"); 11519 } 11520 for (String id : ids) { 11521 if (TextUtils.isEmpty(id)) { 11522 throw new IllegalArgumentException("ids must not contain empty string"); 11523 } 11524 } 11525 11526 final Set<String> affiliationIds = new ArraySet<>(ids); 11527 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11528 synchronized (this) { 11529 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11530 getUserData(callingUserId).mAffiliationIds = affiliationIds; 11531 saveSettingsLocked(callingUserId); 11532 if (callingUserId != UserHandle.USER_SYSTEM && isDeviceOwner(admin, callingUserId)) { 11533 // Affiliation ids specified by the device owner are additionally stored in 11534 // UserHandle.USER_SYSTEM's DevicePolicyData. 11535 getUserData(UserHandle.USER_SYSTEM).mAffiliationIds = affiliationIds; 11536 saveSettingsLocked(UserHandle.USER_SYSTEM); 11537 } 11538 11539 // Affiliation status for any user, not just the calling user, might have changed. 11540 // The device owner user will still be affiliated after changing its affiliation ids, 11541 // but as a result of that other users might become affiliated or un-affiliated. 11542 maybePauseDeviceWideLoggingLocked(); 11543 maybeResumeDeviceWideLoggingLocked(); 11544 maybeClearLockTaskPolicyLocked(); 11545 } 11546 } 11547 11548 @Override 11549 public List<String> getAffiliationIds(ComponentName admin) { 11550 if (!mHasFeature) { 11551 return Collections.emptyList(); 11552 } 11553 11554 Preconditions.checkNotNull(admin); 11555 synchronized (this) { 11556 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11557 return new ArrayList<String>( 11558 getUserData(mInjector.userHandleGetCallingUserId()).mAffiliationIds); 11559 } 11560 } 11561 11562 @Override 11563 public boolean isAffiliatedUser() { 11564 if (!mHasFeature) { 11565 return false; 11566 } 11567 11568 synchronized (this) { 11569 return isUserAffiliatedWithDeviceLocked(mInjector.userHandleGetCallingUserId()); 11570 } 11571 } 11572 11573 private boolean isUserAffiliatedWithDeviceLocked(int userId) { 11574 if (!mOwners.hasDeviceOwner()) { 11575 return false; 11576 } 11577 if (userId == mOwners.getDeviceOwnerUserId()) { 11578 // The user that the DO is installed on is always affiliated with the device. 11579 return true; 11580 } 11581 if (userId == UserHandle.USER_SYSTEM) { 11582 // The system user is always affiliated in a DO device, even if the DO is set on a 11583 // different user. This could be the case if the DO is set in the primary user 11584 // of a split user device. 11585 return true; 11586 } 11587 11588 final ComponentName profileOwner = getProfileOwner(userId); 11589 if (profileOwner == null) { 11590 return false; 11591 } 11592 11593 final Set<String> userAffiliationIds = getUserData(userId).mAffiliationIds; 11594 final Set<String> deviceAffiliationIds = 11595 getUserData(UserHandle.USER_SYSTEM).mAffiliationIds; 11596 for (String id : userAffiliationIds) { 11597 if (deviceAffiliationIds.contains(id)) { 11598 return true; 11599 } 11600 } 11601 return false; 11602 } 11603 11604 private boolean areAllUsersAffiliatedWithDeviceLocked() { 11605 final long ident = mInjector.binderClearCallingIdentity(); 11606 try { 11607 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 11608 for (int i = 0; i < userInfos.size(); i++) { 11609 int userId = userInfos.get(i).id; 11610 if (!isUserAffiliatedWithDeviceLocked(userId)) { 11611 Slog.d(LOG_TAG, "User id " + userId + " not affiliated."); 11612 return false; 11613 } 11614 } 11615 } finally { 11616 mInjector.binderRestoreCallingIdentity(ident); 11617 } 11618 11619 return true; 11620 } 11621 11622 @Override 11623 public void setSecurityLoggingEnabled(ComponentName admin, boolean enabled) { 11624 if (!mHasFeature) { 11625 return; 11626 } 11627 Preconditions.checkNotNull(admin); 11628 11629 synchronized (this) { 11630 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11631 if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) { 11632 return; 11633 } 11634 mInjector.securityLogSetLoggingEnabledProperty(enabled); 11635 if (enabled) { 11636 mSecurityLogMonitor.start(); 11637 maybePauseDeviceWideLoggingLocked(); 11638 } else { 11639 mSecurityLogMonitor.stop(); 11640 } 11641 } 11642 } 11643 11644 @Override 11645 public boolean isSecurityLoggingEnabled(ComponentName admin) { 11646 if (!mHasFeature) { 11647 return false; 11648 } 11649 11650 synchronized (this) { 11651 if (!isCallerWithSystemUid()) { 11652 Preconditions.checkNotNull(admin); 11653 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11654 } 11655 return mInjector.securityLogGetLoggingEnabledProperty(); 11656 } 11657 } 11658 11659 private synchronized void recordSecurityLogRetrievalTime() { 11660 final long currentTime = System.currentTimeMillis(); 11661 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 11662 if (currentTime > policyData.mLastSecurityLogRetrievalTime) { 11663 policyData.mLastSecurityLogRetrievalTime = currentTime; 11664 saveSettingsLocked(UserHandle.USER_SYSTEM); 11665 } 11666 } 11667 11668 @Override 11669 public ParceledListSlice<SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin) { 11670 if (!mHasFeature) { 11671 return null; 11672 } 11673 11674 Preconditions.checkNotNull(admin); 11675 ensureDeviceOwnerAndAllUsersAffiliated(admin); 11676 11677 if (!mContext.getResources().getBoolean(R.bool.config_supportPreRebootSecurityLogs) 11678 || !mInjector.securityLogGetLoggingEnabledProperty()) { 11679 return null; 11680 } 11681 11682 recordSecurityLogRetrievalTime(); 11683 11684 ArrayList<SecurityEvent> output = new ArrayList<SecurityEvent>(); 11685 try { 11686 SecurityLog.readPreviousEvents(output); 11687 return new ParceledListSlice<SecurityEvent>(output); 11688 } catch (IOException e) { 11689 Slog.w(LOG_TAG, "Fail to read previous events" , e); 11690 return new ParceledListSlice<SecurityEvent>(Collections.<SecurityEvent>emptyList()); 11691 } 11692 } 11693 11694 @Override 11695 public ParceledListSlice<SecurityEvent> retrieveSecurityLogs(ComponentName admin) { 11696 if (!mHasFeature) { 11697 return null; 11698 } 11699 11700 Preconditions.checkNotNull(admin); 11701 ensureDeviceOwnerAndAllUsersAffiliated(admin); 11702 11703 if (!mInjector.securityLogGetLoggingEnabledProperty()) { 11704 return null; 11705 } 11706 11707 recordSecurityLogRetrievalTime(); 11708 11709 List<SecurityEvent> logs = mSecurityLogMonitor.retrieveLogs(); 11710 return logs != null ? new ParceledListSlice<SecurityEvent>(logs) : null; 11711 } 11712 11713 @Override 11714 public long forceSecurityLogs() { 11715 enforceShell("forceSecurityLogs"); 11716 if (!mInjector.securityLogGetLoggingEnabledProperty()) { 11717 throw new IllegalStateException("logging is not available"); 11718 } 11719 return mSecurityLogMonitor.forceLogs(); 11720 } 11721 11722 private void enforceCanManageDeviceAdmin() { 11723 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS, 11724 null); 11725 } 11726 11727 private void enforceCanManageProfileAndDeviceOwners() { 11728 mContext.enforceCallingOrSelfPermission( 11729 android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); 11730 } 11731 11732 private void enforceCallerSystemUserHandle() { 11733 final int callingUid = mInjector.binderGetCallingUid(); 11734 final int userId = UserHandle.getUserId(callingUid); 11735 if (userId != UserHandle.USER_SYSTEM) { 11736 throw new SecurityException("Caller has to be in user 0"); 11737 } 11738 } 11739 11740 @Override 11741 public boolean isUninstallInQueue(final String packageName) { 11742 enforceCanManageDeviceAdmin(); 11743 final int userId = mInjector.userHandleGetCallingUserId(); 11744 Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11745 synchronized (this) { 11746 return mPackagesToRemove.contains(packageUserPair); 11747 } 11748 } 11749 11750 @Override 11751 public void uninstallPackageWithActiveAdmins(final String packageName) { 11752 enforceCanManageDeviceAdmin(); 11753 Preconditions.checkArgument(!TextUtils.isEmpty(packageName)); 11754 11755 final int userId = mInjector.userHandleGetCallingUserId(); 11756 11757 enforceUserUnlocked(userId); 11758 11759 final ComponentName profileOwner = getProfileOwner(userId); 11760 if (profileOwner != null && packageName.equals(profileOwner.getPackageName())) { 11761 throw new IllegalArgumentException("Cannot uninstall a package with a profile owner"); 11762 } 11763 11764 final ComponentName deviceOwner = getDeviceOwnerComponent(/* callingUserOnly= */ false); 11765 if (getDeviceOwnerUserId() == userId && deviceOwner != null 11766 && packageName.equals(deviceOwner.getPackageName())) { 11767 throw new IllegalArgumentException("Cannot uninstall a package with a device owner"); 11768 } 11769 11770 final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11771 synchronized (this) { 11772 mPackagesToRemove.add(packageUserPair); 11773 } 11774 11775 // All active admins on the user. 11776 final List<ComponentName> allActiveAdmins = getActiveAdmins(userId); 11777 11778 // Active admins in the target package. 11779 final List<ComponentName> packageActiveAdmins = new ArrayList<>(); 11780 if (allActiveAdmins != null) { 11781 for (ComponentName activeAdmin : allActiveAdmins) { 11782 if (packageName.equals(activeAdmin.getPackageName())) { 11783 packageActiveAdmins.add(activeAdmin); 11784 removeActiveAdmin(activeAdmin, userId); 11785 } 11786 } 11787 } 11788 if (packageActiveAdmins.size() == 0) { 11789 startUninstallIntent(packageName, userId); 11790 } else { 11791 mHandler.postDelayed(new Runnable() { 11792 @Override 11793 public void run() { 11794 for (ComponentName activeAdmin : packageActiveAdmins) { 11795 removeAdminArtifacts(activeAdmin, userId); 11796 } 11797 startUninstallIntent(packageName, userId); 11798 } 11799 }, DEVICE_ADMIN_DEACTIVATE_TIMEOUT); // Start uninstall after timeout anyway. 11800 } 11801 } 11802 11803 @Override 11804 public boolean isDeviceProvisioned() { 11805 synchronized (this) { 11806 return getUserDataUnchecked(UserHandle.USER_SYSTEM).mUserSetupComplete; 11807 } 11808 } 11809 11810 private boolean isCurrentUserDemo() { 11811 if (UserManager.isDeviceInDemoMode(mContext)) { 11812 final int userId = mInjector.userHandleGetCallingUserId(); 11813 final long callingIdentity = mInjector.binderClearCallingIdentity(); 11814 try { 11815 return mUserManager.getUserInfo(userId).isDemo(); 11816 } finally { 11817 mInjector.binderRestoreCallingIdentity(callingIdentity); 11818 } 11819 } 11820 return false; 11821 } 11822 11823 private void removePackageIfRequired(final String packageName, final int userId) { 11824 if (!packageHasActiveAdmins(packageName, userId)) { 11825 // Will not do anything if uninstall was not requested or was already started. 11826 startUninstallIntent(packageName, userId); 11827 } 11828 } 11829 11830 private void startUninstallIntent(final String packageName, final int userId) { 11831 final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11832 synchronized (this) { 11833 if (!mPackagesToRemove.contains(packageUserPair)) { 11834 // Do nothing if uninstall was not requested or was already started. 11835 return; 11836 } 11837 mPackagesToRemove.remove(packageUserPair); 11838 } 11839 try { 11840 if (mInjector.getIPackageManager().getPackageInfo(packageName, 0, userId) == null) { 11841 // Package does not exist. Nothing to do. 11842 return; 11843 } 11844 } catch (RemoteException re) { 11845 Log.e(LOG_TAG, "Failure talking to PackageManager while getting package info"); 11846 } 11847 11848 try { // force stop the package before uninstalling 11849 mInjector.getIActivityManager().forceStopPackage(packageName, userId); 11850 } catch (RemoteException re) { 11851 Log.e(LOG_TAG, "Failure talking to ActivityManager while force stopping package"); 11852 } 11853 final Uri packageURI = Uri.parse("package:" + packageName); 11854 final Intent uninstallIntent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE, packageURI); 11855 uninstallIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); 11856 mContext.startActivityAsUser(uninstallIntent, UserHandle.of(userId)); 11857 } 11858 11859 /** 11860 * Removes the admin from the policy. Ideally called after the admin's 11861 * {@link DeviceAdminReceiver#onDisabled(Context, Intent)} has been successfully completed. 11862 * 11863 * @param adminReceiver The admin to remove 11864 * @param userHandle The user for which this admin has to be removed. 11865 */ 11866 private void removeAdminArtifacts(final ComponentName adminReceiver, final int userHandle) { 11867 synchronized (this) { 11868 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 11869 if (admin == null) { 11870 return; 11871 } 11872 final DevicePolicyData policy = getUserData(userHandle); 11873 final boolean doProxyCleanup = admin.info.usesPolicy( 11874 DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); 11875 policy.mAdminList.remove(admin); 11876 policy.mAdminMap.remove(adminReceiver); 11877 validatePasswordOwnerLocked(policy); 11878 if (doProxyCleanup) { 11879 resetGlobalProxyLocked(policy); 11880 } 11881 pushActiveAdminPackagesLocked(userHandle); 11882 pushMeteredDisabledPackagesLocked(userHandle); 11883 saveSettingsLocked(userHandle); 11884 updateMaximumTimeToLockLocked(userHandle); 11885 policy.mRemovingAdmins.remove(adminReceiver); 11886 11887 Slog.i(LOG_TAG, "Device admin " + adminReceiver + " removed from user " + userHandle); 11888 } 11889 // The removed admin might have disabled camera, so update user 11890 // restrictions. 11891 pushUserRestrictions(userHandle); 11892 } 11893 11894 @Override 11895 public void setDeviceProvisioningConfigApplied() { 11896 enforceManageUsers(); 11897 synchronized (this) { 11898 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 11899 policy.mDeviceProvisioningConfigApplied = true; 11900 saveSettingsLocked(UserHandle.USER_SYSTEM); 11901 } 11902 } 11903 11904 @Override 11905 public boolean isDeviceProvisioningConfigApplied() { 11906 enforceManageUsers(); 11907 synchronized (this) { 11908 final DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 11909 return policy.mDeviceProvisioningConfigApplied; 11910 } 11911 } 11912 11913 /** 11914 * Force update internal persistent state from Settings.Secure.USER_SETUP_COMPLETE. 11915 * 11916 * It's added for testing only. Please use this API carefully if it's used by other system app 11917 * and bare in mind Settings.Secure.USER_SETUP_COMPLETE can be modified by user and other system 11918 * apps. 11919 */ 11920 @Override 11921 public void forceUpdateUserSetupComplete() { 11922 enforceCanManageProfileAndDeviceOwners(); 11923 enforceCallerSystemUserHandle(); 11924 // no effect if it's called from user build 11925 if (!mInjector.isBuildDebuggable()) { 11926 return; 11927 } 11928 final int userId = UserHandle.USER_SYSTEM; 11929 boolean isUserCompleted = mInjector.settingsSecureGetIntForUser( 11930 Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0; 11931 DevicePolicyData policy = getUserData(userId); 11932 policy.mUserSetupComplete = isUserCompleted; 11933 synchronized (this) { 11934 saveSettingsLocked(userId); 11935 } 11936 } 11937 11938 // TODO(b/22388012): When backup is available for secondary users and profiles, consider 11939 // whether there are any privacy/security implications of enabling the backup service here 11940 // if there are other users or profiles unmanaged or managed by a different entity (i.e. not 11941 // affiliated). 11942 @Override 11943 public void setBackupServiceEnabled(ComponentName admin, boolean enabled) { 11944 if (!mHasFeature) { 11945 return; 11946 } 11947 Preconditions.checkNotNull(admin); 11948 synchronized (this) { 11949 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked( 11950 admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11951 if (!enabled) { 11952 activeAdmin.mandatoryBackupTransport = null; 11953 saveSettingsLocked(UserHandle.USER_SYSTEM); 11954 } 11955 } 11956 11957 final long ident = mInjector.binderClearCallingIdentity(); 11958 try { 11959 IBackupManager ibm = mInjector.getIBackupManager(); 11960 if (ibm != null) { 11961 ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, enabled); 11962 } 11963 } catch (RemoteException e) { 11964 throw new IllegalStateException( 11965 "Failed " + (enabled ? "" : "de") + "activating backup service.", e); 11966 } finally { 11967 mInjector.binderRestoreCallingIdentity(ident); 11968 } 11969 } 11970 11971 @Override 11972 public boolean isBackupServiceEnabled(ComponentName admin) { 11973 Preconditions.checkNotNull(admin); 11974 if (!mHasFeature) { 11975 return true; 11976 } 11977 synchronized (this) { 11978 try { 11979 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11980 IBackupManager ibm = mInjector.getIBackupManager(); 11981 return ibm != null && ibm.isBackupServiceActive(UserHandle.USER_SYSTEM); 11982 } catch (RemoteException e) { 11983 throw new IllegalStateException("Failed requesting backup service state.", e); 11984 } 11985 } 11986 } 11987 11988 @Override 11989 public void setMandatoryBackupTransport( 11990 ComponentName admin, ComponentName backupTransportComponent) { 11991 if (!mHasFeature) { 11992 return; 11993 } 11994 Preconditions.checkNotNull(admin); 11995 synchronized (this) { 11996 ActiveAdmin activeAdmin = 11997 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11998 if (!Objects.equals(backupTransportComponent, activeAdmin.mandatoryBackupTransport)) { 11999 activeAdmin.mandatoryBackupTransport = backupTransportComponent; 12000 saveSettingsLocked(UserHandle.USER_SYSTEM); 12001 } 12002 } 12003 final long identity = mInjector.binderClearCallingIdentity(); 12004 try { 12005 IBackupManager ibm = mInjector.getIBackupManager(); 12006 if (ibm != null && backupTransportComponent != null) { 12007 if (!ibm.isBackupServiceActive(UserHandle.USER_SYSTEM)) { 12008 ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, true); 12009 } 12010 ibm.selectBackupTransportAsync(backupTransportComponent, null); 12011 ibm.setBackupEnabled(true); 12012 } 12013 } catch (RemoteException e) { 12014 throw new IllegalStateException("Failed to set mandatory backup transport.", e); 12015 } finally { 12016 mInjector.binderRestoreCallingIdentity(identity); 12017 } 12018 } 12019 12020 @Override 12021 public ComponentName getMandatoryBackupTransport() { 12022 if (!mHasFeature) { 12023 return null; 12024 } 12025 synchronized (this) { 12026 ActiveAdmin activeAdmin = getDeviceOwnerAdminLocked(); 12027 return activeAdmin == null ? null : activeAdmin.mandatoryBackupTransport; 12028 } 12029 } 12030 12031 12032 @Override 12033 public boolean bindDeviceAdminServiceAsUser( 12034 @NonNull ComponentName admin, @NonNull IApplicationThread caller, 12035 @Nullable IBinder activtiyToken, @NonNull Intent serviceIntent, 12036 @NonNull IServiceConnection connection, int flags, @UserIdInt int targetUserId) { 12037 if (!mHasFeature) { 12038 return false; 12039 } 12040 Preconditions.checkNotNull(admin); 12041 Preconditions.checkNotNull(caller); 12042 Preconditions.checkNotNull(serviceIntent); 12043 Preconditions.checkArgument( 12044 serviceIntent.getComponent() != null || serviceIntent.getPackage() != null, 12045 "Service intent must be explicit (with a package name or component): " 12046 + serviceIntent); 12047 Preconditions.checkNotNull(connection); 12048 Preconditions.checkArgument(mInjector.userHandleGetCallingUserId() != targetUserId, 12049 "target user id must be different from the calling user id"); 12050 12051 if (!getBindDeviceAdminTargetUsers(admin).contains(UserHandle.of(targetUserId))) { 12052 throw new SecurityException("Not allowed to bind to target user id"); 12053 } 12054 12055 final String targetPackage; 12056 synchronized (this) { 12057 targetPackage = getOwnerPackageNameForUserLocked(targetUserId); 12058 } 12059 12060 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12061 try { 12062 // Validate and sanitize the incoming service intent. 12063 final Intent sanitizedIntent = 12064 createCrossUserServiceIntent(serviceIntent, targetPackage, targetUserId); 12065 if (sanitizedIntent == null) { 12066 // Fail, cannot lookup the target service. 12067 return false; 12068 } 12069 // Ask ActivityManager to bind it. Notice that we are binding the service with the 12070 // caller app instead of DevicePolicyManagerService. 12071 return mInjector.getIActivityManager().bindService( 12072 caller, activtiyToken, serviceIntent, 12073 serviceIntent.resolveTypeIfNeeded(mContext.getContentResolver()), 12074 connection, flags, mContext.getOpPackageName(), 12075 targetUserId) != 0; 12076 } catch (RemoteException ex) { 12077 // Same process, should not happen. 12078 } finally { 12079 mInjector.binderRestoreCallingIdentity(callingIdentity); 12080 } 12081 12082 // Failed to bind. 12083 return false; 12084 } 12085 12086 @Override 12087 public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) { 12088 if (!mHasFeature) { 12089 return Collections.emptyList(); 12090 } 12091 Preconditions.checkNotNull(admin); 12092 12093 synchronized (this) { 12094 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12095 12096 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12097 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12098 try { 12099 ArrayList<UserHandle> targetUsers = new ArrayList<>(); 12100 if (!isDeviceOwner(admin, callingUserId)) { 12101 // Profile owners can only bind to the device owner. 12102 if (canUserBindToDeviceOwnerLocked(callingUserId)) { 12103 targetUsers.add(UserHandle.of(mOwners.getDeviceOwnerUserId())); 12104 } 12105 } else { 12106 // Caller is the device owner: Look for profile owners that it can bind to. 12107 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 12108 for (int i = 0; i < userInfos.size(); i++) { 12109 final int userId = userInfos.get(i).id; 12110 if (userId != callingUserId && canUserBindToDeviceOwnerLocked(userId)) { 12111 targetUsers.add(UserHandle.of(userId)); 12112 } 12113 } 12114 } 12115 12116 return targetUsers; 12117 } finally { 12118 mInjector.binderRestoreCallingIdentity(callingIdentity); 12119 } 12120 } 12121 } 12122 12123 private boolean canUserBindToDeviceOwnerLocked(int userId) { 12124 // There has to be a device owner, under another user id. 12125 if (!mOwners.hasDeviceOwner() || userId == mOwners.getDeviceOwnerUserId()) { 12126 return false; 12127 } 12128 12129 // The user must have a profile owner that belongs to the same package as the device owner. 12130 if (!mOwners.hasProfileOwner(userId) || !TextUtils.equals( 12131 mOwners.getDeviceOwnerPackageName(), mOwners.getProfileOwnerPackage(userId))) { 12132 return false; 12133 } 12134 12135 // The user must be affiliated. 12136 return isUserAffiliatedWithDeviceLocked(userId); 12137 } 12138 12139 /** 12140 * Return true if a given user has any accounts that'll prevent installing a device or profile 12141 * owner {@code owner}. 12142 * - If the user has no accounts, then return false. 12143 * - Otherwise, if the owner is unknown (== null), or is not test-only, then return true. 12144 * - Otherwise, if there's any account that does not have ..._ALLOWED, or does have 12145 * ..._DISALLOWED, return true. 12146 * - Otherwise return false. 12147 * 12148 * If the caller is *not* ADB, it also returns true. The returned value shouldn't be used 12149 * when the caller is not ADB. 12150 * 12151 * DO NOT CALL IT WITH THE DPMS LOCK HELD. 12152 */ 12153 private boolean hasIncompatibleAccountsOrNonAdbNoLock( 12154 int userId, @Nullable ComponentName owner) { 12155 if (!isAdb()) { 12156 return true; 12157 } 12158 wtfIfInLock(); 12159 12160 final long token = mInjector.binderClearCallingIdentity(); 12161 try { 12162 final AccountManager am = AccountManager.get(mContext); 12163 final Account accounts[] = am.getAccountsAsUser(userId); 12164 if (accounts.length == 0) { 12165 return false; 12166 } 12167 synchronized (this) { 12168 if (owner == null || !isAdminTestOnlyLocked(owner, userId)) { 12169 Log.w(LOG_TAG, 12170 "Non test-only owner can't be installed with existing accounts."); 12171 return true; 12172 } 12173 } 12174 12175 final String[] feature_allow = 12176 { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED }; 12177 final String[] feature_disallow = 12178 { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED }; 12179 12180 boolean compatible = true; 12181 for (Account account : accounts) { 12182 if (hasAccountFeatures(am, account, feature_disallow)) { 12183 Log.e(LOG_TAG, account + " has " + feature_disallow[0]); 12184 compatible = false; 12185 break; 12186 } 12187 if (!hasAccountFeatures(am, account, feature_allow)) { 12188 Log.e(LOG_TAG, account + " doesn't have " + feature_allow[0]); 12189 compatible = false; 12190 break; 12191 } 12192 } 12193 if (compatible) { 12194 Log.w(LOG_TAG, "All accounts are compatible"); 12195 } else { 12196 Log.e(LOG_TAG, "Found incompatible accounts"); 12197 } 12198 return !compatible; 12199 } finally { 12200 mInjector.binderRestoreCallingIdentity(token); 12201 } 12202 } 12203 12204 private boolean hasAccountFeatures(AccountManager am, Account account, String[] features) { 12205 try { 12206 return am.hasFeatures(account, features, null, null).getResult(); 12207 } catch (Exception e) { 12208 Log.w(LOG_TAG, "Failed to get account feature", e); 12209 return false; 12210 } 12211 } 12212 12213 private boolean isAdb() { 12214 final int callingUid = mInjector.binderGetCallingUid(); 12215 return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID; 12216 } 12217 12218 @Override 12219 public synchronized void setNetworkLoggingEnabled(ComponentName admin, boolean enabled) { 12220 if (!mHasFeature) { 12221 return; 12222 } 12223 Preconditions.checkNotNull(admin); 12224 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12225 12226 if (enabled == isNetworkLoggingEnabledInternalLocked()) { 12227 // already in the requested state 12228 return; 12229 } 12230 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12231 deviceOwner.isNetworkLoggingEnabled = enabled; 12232 if (!enabled) { 12233 deviceOwner.numNetworkLoggingNotifications = 0; 12234 deviceOwner.lastNetworkLoggingNotificationTimeMs = 0; 12235 } 12236 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12237 12238 setNetworkLoggingActiveInternal(enabled); 12239 } 12240 12241 private synchronized void setNetworkLoggingActiveInternal(boolean active) { 12242 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12243 try { 12244 if (active) { 12245 mNetworkLogger = new NetworkLogger(this, mInjector.getPackageManagerInternal()); 12246 if (!mNetworkLogger.startNetworkLogging()) { 12247 mNetworkLogger = null; 12248 Slog.wtf(LOG_TAG, "Network logging could not be started due to the logging" 12249 + " service not being available yet."); 12250 } 12251 maybePauseDeviceWideLoggingLocked(); 12252 sendNetworkLoggingNotificationLocked(); 12253 } else { 12254 if (mNetworkLogger != null && !mNetworkLogger.stopNetworkLogging()) { 12255 Slog.wtf(LOG_TAG, "Network logging could not be stopped due to the logging" 12256 + " service not being available yet."); 12257 } 12258 mNetworkLogger = null; 12259 mInjector.getNotificationManager().cancel(SystemMessage.NOTE_NETWORK_LOGGING); 12260 } 12261 } finally { 12262 mInjector.binderRestoreCallingIdentity(callingIdentity); 12263 } 12264 } 12265 12266 /** Pauses security and network logging if there are unaffiliated users on the device */ 12267 private void maybePauseDeviceWideLoggingLocked() { 12268 if (!areAllUsersAffiliatedWithDeviceLocked()) { 12269 Slog.i(LOG_TAG, "There are unaffiliated users, security and network logging will be " 12270 + "paused if enabled."); 12271 mSecurityLogMonitor.pause(); 12272 if (mNetworkLogger != null) { 12273 mNetworkLogger.pause(); 12274 } 12275 } 12276 } 12277 12278 /** Resumes security and network logging (if they are enabled) if all users are affiliated */ 12279 private void maybeResumeDeviceWideLoggingLocked() { 12280 if (areAllUsersAffiliatedWithDeviceLocked()) { 12281 final long ident = mInjector.binderClearCallingIdentity(); 12282 try { 12283 mSecurityLogMonitor.resume(); 12284 if (mNetworkLogger != null) { 12285 mNetworkLogger.resume(); 12286 } 12287 } finally { 12288 mInjector.binderRestoreCallingIdentity(ident); 12289 } 12290 } 12291 } 12292 12293 /** Deletes any security and network logs that might have been collected so far */ 12294 private void discardDeviceWideLogsLocked() { 12295 mSecurityLogMonitor.discardLogs(); 12296 if (mNetworkLogger != null) { 12297 mNetworkLogger.discardLogs(); 12298 } 12299 // TODO: We should discard pre-boot security logs here too, as otherwise those 12300 // logs (which might contain data from the user just removed) will be 12301 // available after next boot. 12302 } 12303 12304 @Override 12305 public boolean isNetworkLoggingEnabled(ComponentName admin) { 12306 if (!mHasFeature) { 12307 return false; 12308 } 12309 synchronized (this) { 12310 enforceDeviceOwnerOrManageUsers(); 12311 return isNetworkLoggingEnabledInternalLocked(); 12312 } 12313 } 12314 12315 private boolean isNetworkLoggingEnabledInternalLocked() { 12316 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12317 return (deviceOwner != null) && deviceOwner.isNetworkLoggingEnabled; 12318 } 12319 12320 /* 12321 * A maximum of 1200 events are returned, and the total marshalled size is in the order of 12322 * 100kB, so returning a List instead of ParceledListSlice is acceptable. 12323 * Ideally this would be done with ParceledList, however it only supports homogeneous types. 12324 * 12325 * @see NetworkLoggingHandler#MAX_EVENTS_PER_BATCH 12326 */ 12327 @Override 12328 public List<NetworkEvent> retrieveNetworkLogs(ComponentName admin, long batchToken) { 12329 if (!mHasFeature) { 12330 return null; 12331 } 12332 Preconditions.checkNotNull(admin); 12333 ensureDeviceOwnerAndAllUsersAffiliated(admin); 12334 12335 synchronized (this) { 12336 if (mNetworkLogger == null 12337 || !isNetworkLoggingEnabledInternalLocked()) { 12338 return null; 12339 } 12340 12341 final long currentTime = System.currentTimeMillis(); 12342 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 12343 if (currentTime > policyData.mLastNetworkLogsRetrievalTime) { 12344 policyData.mLastNetworkLogsRetrievalTime = currentTime; 12345 saveSettingsLocked(UserHandle.USER_SYSTEM); 12346 } 12347 return mNetworkLogger.retrieveLogs(batchToken); 12348 } 12349 } 12350 12351 private void sendNetworkLoggingNotificationLocked() { 12352 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12353 if (deviceOwner == null || !deviceOwner.isNetworkLoggingEnabled) { 12354 return; 12355 } 12356 if (deviceOwner.numNetworkLoggingNotifications >= 12357 ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) { 12358 return; 12359 } 12360 final long now = System.currentTimeMillis(); 12361 if (now - deviceOwner.lastNetworkLoggingNotificationTimeMs < MS_PER_DAY) { 12362 return; 12363 } 12364 deviceOwner.numNetworkLoggingNotifications++; 12365 if (deviceOwner.numNetworkLoggingNotifications 12366 >= ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) { 12367 deviceOwner.lastNetworkLoggingNotificationTimeMs = 0; 12368 } else { 12369 deviceOwner.lastNetworkLoggingNotificationTimeMs = now; 12370 } 12371 final Intent intent = new Intent(DevicePolicyManager.ACTION_SHOW_DEVICE_MONITORING_DIALOG); 12372 intent.setPackage("com.android.systemui"); 12373 final PendingIntent pendingIntent = PendingIntent.getBroadcastAsUser(mContext, 0, intent, 0, 12374 UserHandle.CURRENT); 12375 Notification notification = 12376 new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) 12377 .setSmallIcon(R.drawable.ic_info_outline) 12378 .setContentTitle(mContext.getString(R.string.network_logging_notification_title)) 12379 .setContentText(mContext.getString(R.string.network_logging_notification_text)) 12380 .setTicker(mContext.getString(R.string.network_logging_notification_title)) 12381 .setShowWhen(true) 12382 .setContentIntent(pendingIntent) 12383 .setStyle(new Notification.BigTextStyle() 12384 .bigText(mContext.getString(R.string.network_logging_notification_text))) 12385 .build(); 12386 mInjector.getNotificationManager().notify(SystemMessage.NOTE_NETWORK_LOGGING, notification); 12387 saveSettingsLocked(mOwners.getDeviceOwnerUserId()); 12388 } 12389 12390 /** 12391 * Return the package name of owner in a given user. 12392 */ 12393 private String getOwnerPackageNameForUserLocked(int userId) { 12394 return mOwners.getDeviceOwnerUserId() == userId 12395 ? mOwners.getDeviceOwnerPackageName() 12396 : mOwners.getProfileOwnerPackage(userId); 12397 } 12398 12399 /** 12400 * @param rawIntent Original service intent specified by caller. It must be explicit. 12401 * @param expectedPackageName The expected package name of the resolved service. 12402 * @return Intent that have component explicitly set. {@code null} if no service is resolved 12403 * with the given intent. 12404 * @throws SecurityException if the intent is resolved to an invalid service. 12405 */ 12406 private Intent createCrossUserServiceIntent( 12407 @NonNull Intent rawIntent, @NonNull String expectedPackageName, 12408 @UserIdInt int targetUserId) throws RemoteException, SecurityException { 12409 ResolveInfo info = mIPackageManager.resolveService( 12410 rawIntent, 12411 rawIntent.resolveTypeIfNeeded(mContext.getContentResolver()), 12412 0, // flags 12413 targetUserId); 12414 if (info == null || info.serviceInfo == null) { 12415 Log.e(LOG_TAG, "Fail to look up the service: " + rawIntent 12416 + " or user " + targetUserId + " is not running"); 12417 return null; 12418 } 12419 if (!expectedPackageName.equals(info.serviceInfo.packageName)) { 12420 throw new SecurityException("Only allow to bind service in " + expectedPackageName); 12421 } 12422 // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release. 12423 if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) { 12424 throw new SecurityException( 12425 "Service must be protected by BIND_DEVICE_ADMIN permission"); 12426 } 12427 // It is the system server to bind the service, it would be extremely dangerous if it 12428 // can be exploited to bind any service. Set the component explicitly to make sure we 12429 // do not bind anything accidentally. 12430 rawIntent.setComponent(info.serviceInfo.getComponentName()); 12431 return rawIntent; 12432 } 12433 12434 @Override 12435 public long getLastSecurityLogRetrievalTime() { 12436 enforceDeviceOwnerOrManageUsers(); 12437 return getUserData(UserHandle.USER_SYSTEM).mLastSecurityLogRetrievalTime; 12438 } 12439 12440 @Override 12441 public long getLastBugReportRequestTime() { 12442 enforceDeviceOwnerOrManageUsers(); 12443 return getUserData(UserHandle.USER_SYSTEM).mLastBugReportRequestTime; 12444 } 12445 12446 @Override 12447 public long getLastNetworkLogRetrievalTime() { 12448 enforceDeviceOwnerOrManageUsers(); 12449 return getUserData(UserHandle.USER_SYSTEM).mLastNetworkLogsRetrievalTime; 12450 } 12451 12452 @Override 12453 public boolean setResetPasswordToken(ComponentName admin, byte[] token) { 12454 if (!mHasFeature) { 12455 return false; 12456 } 12457 if (token == null || token.length < 32) { 12458 throw new IllegalArgumentException("token must be at least 32-byte long"); 12459 } 12460 synchronized (this) { 12461 final int userHandle = mInjector.userHandleGetCallingUserId(); 12462 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12463 12464 DevicePolicyData policy = getUserData(userHandle); 12465 long ident = mInjector.binderClearCallingIdentity(); 12466 try { 12467 if (policy.mPasswordTokenHandle != 0) { 12468 mLockPatternUtils.removeEscrowToken(policy.mPasswordTokenHandle, userHandle); 12469 } 12470 12471 policy.mPasswordTokenHandle = mLockPatternUtils.addEscrowToken(token, userHandle); 12472 saveSettingsLocked(userHandle); 12473 return policy.mPasswordTokenHandle != 0; 12474 } finally { 12475 mInjector.binderRestoreCallingIdentity(ident); 12476 } 12477 } 12478 } 12479 12480 @Override 12481 public boolean clearResetPasswordToken(ComponentName admin) { 12482 if (!mHasFeature) { 12483 return false; 12484 } 12485 synchronized (this) { 12486 final int userHandle = mInjector.userHandleGetCallingUserId(); 12487 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12488 12489 DevicePolicyData policy = getUserData(userHandle); 12490 if (policy.mPasswordTokenHandle != 0) { 12491 long ident = mInjector.binderClearCallingIdentity(); 12492 try { 12493 boolean result = mLockPatternUtils.removeEscrowToken( 12494 policy.mPasswordTokenHandle, userHandle); 12495 policy.mPasswordTokenHandle = 0; 12496 saveSettingsLocked(userHandle); 12497 return result; 12498 } finally { 12499 mInjector.binderRestoreCallingIdentity(ident); 12500 } 12501 } 12502 } 12503 return false; 12504 } 12505 12506 @Override 12507 public boolean isResetPasswordTokenActive(ComponentName admin) { 12508 synchronized (this) { 12509 final int userHandle = mInjector.userHandleGetCallingUserId(); 12510 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12511 12512 DevicePolicyData policy = getUserData(userHandle); 12513 if (policy.mPasswordTokenHandle != 0) { 12514 long ident = mInjector.binderClearCallingIdentity(); 12515 try { 12516 return mLockPatternUtils.isEscrowTokenActive(policy.mPasswordTokenHandle, 12517 userHandle); 12518 } finally { 12519 mInjector.binderRestoreCallingIdentity(ident); 12520 } 12521 } 12522 } 12523 return false; 12524 } 12525 12526 @Override 12527 public boolean resetPasswordWithToken(ComponentName admin, String passwordOrNull, byte[] token, 12528 int flags) { 12529 Preconditions.checkNotNull(token); 12530 synchronized (this) { 12531 final int userHandle = mInjector.userHandleGetCallingUserId(); 12532 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12533 12534 DevicePolicyData policy = getUserData(userHandle); 12535 if (policy.mPasswordTokenHandle != 0) { 12536 final String password = passwordOrNull != null ? passwordOrNull : ""; 12537 return resetPasswordInternal(password, policy.mPasswordTokenHandle, token, 12538 flags, mInjector.binderGetCallingUid(), userHandle); 12539 } else { 12540 Slog.w(LOG_TAG, "No saved token handle"); 12541 } 12542 } 12543 return false; 12544 } 12545 12546 @Override 12547 public boolean isCurrentInputMethodSetByOwner() { 12548 enforceProfileOwnerOrSystemUser(); 12549 return getUserData(mInjector.userHandleGetCallingUserId()).mCurrentInputMethodSet; 12550 } 12551 12552 @Override 12553 public StringParceledListSlice getOwnerInstalledCaCerts(@NonNull UserHandle user) { 12554 final int userId = user.getIdentifier(); 12555 enforceProfileOwnerOrFullCrossUsersPermission(userId); 12556 synchronized (this) { 12557 return new StringParceledListSlice( 12558 new ArrayList<>(getUserData(userId).mOwnerInstalledCaCerts)); 12559 } 12560 } 12561 12562 @Override 12563 public void clearApplicationUserData(ComponentName admin, String packageName, 12564 IPackageDataObserver callback) { 12565 Preconditions.checkNotNull(admin, "ComponentName is null"); 12566 Preconditions.checkNotNull(packageName, "packageName is null"); 12567 Preconditions.checkNotNull(callback, "callback is null"); 12568 synchronized (this) { 12569 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12570 } 12571 final int userId = UserHandle.getCallingUserId(); 12572 12573 long ident = mInjector.binderClearCallingIdentity(); 12574 try { 12575 ActivityManager.getService().clearApplicationUserData(packageName, false, callback, 12576 userId); 12577 } catch(RemoteException re) { 12578 // Same process, should not happen. 12579 } catch (SecurityException se) { 12580 // This can happen e.g. for device admin packages, do not throw out the exception, 12581 // because callers have no means to know beforehand for which packages this might 12582 // happen. If so, we send back that removal failed. 12583 Slog.w(LOG_TAG, "Not allowed to clear application user data for package " + packageName, 12584 se); 12585 try { 12586 callback.onRemoveCompleted(packageName, false); 12587 } catch (RemoteException re) { 12588 // Caller is no longer available, ignore 12589 } 12590 } finally { 12591 mInjector.binderRestoreCallingIdentity(ident); 12592 } 12593 } 12594 12595 @Override 12596 public synchronized void setLogoutEnabled(ComponentName admin, boolean enabled) { 12597 if (!mHasFeature) { 12598 return; 12599 } 12600 Preconditions.checkNotNull(admin); 12601 12602 synchronized (this) { 12603 ActiveAdmin deviceOwner = 12604 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12605 12606 if (deviceOwner.isLogoutEnabled == enabled) { 12607 // already in the requested state 12608 return; 12609 } 12610 deviceOwner.isLogoutEnabled = enabled; 12611 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12612 } 12613 } 12614 12615 @Override 12616 public boolean isLogoutEnabled() { 12617 if (!mHasFeature) { 12618 return false; 12619 } 12620 synchronized (this) { 12621 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12622 return (deviceOwner != null) && deviceOwner.isLogoutEnabled; 12623 } 12624 } 12625 12626 @Override 12627 public List<String> getDisallowedSystemApps(ComponentName admin, int userId, 12628 String provisioningAction) throws RemoteException { 12629 enforceCanManageProfileAndDeviceOwners(); 12630 return new ArrayList<>( 12631 mOverlayPackagesProvider.getNonRequiredApps(admin, userId, provisioningAction)); 12632 } 12633 12634 @Override 12635 public void transferOwnership(@NonNull ComponentName admin, @NonNull ComponentName target, 12636 @Nullable PersistableBundle bundle) { 12637 if (!mHasFeature) { 12638 return; 12639 } 12640 12641 Preconditions.checkNotNull(admin, "Admin cannot be null."); 12642 Preconditions.checkNotNull(target, "Target cannot be null."); 12643 12644 enforceProfileOrDeviceOwner(admin); 12645 12646 if (admin.equals(target)) { 12647 throw new IllegalArgumentException("Provided administrator and target are " 12648 + "the same object."); 12649 } 12650 12651 if (admin.getPackageName().equals(target.getPackageName())) { 12652 throw new IllegalArgumentException("Provided administrator and target have " 12653 + "the same package name."); 12654 } 12655 12656 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12657 final DevicePolicyData policy = getUserData(callingUserId); 12658 final DeviceAdminInfo incomingDeviceInfo = findAdmin(target, callingUserId, 12659 /* throwForMissingPermission= */ true); 12660 checkActiveAdminPrecondition(target, incomingDeviceInfo, policy); 12661 if (!incomingDeviceInfo.getActivityInfo().metaData 12662 .getBoolean(DeviceAdminReceiver.SUPPORT_TRANSFER_OWNERSHIP_META_DATA, false)) { 12663 throw new IllegalArgumentException("Provided target does not support " 12664 + "ownership transfer."); 12665 } 12666 12667 final long id = mInjector.binderClearCallingIdentity(); 12668 try { 12669 synchronized (this) { 12670 /* 12671 * We must ensure the whole process is atomic to prevent the device from ending up 12672 * in an invalid state (e.g. no active admin). This could happen if the device 12673 * is rebooted or work mode is turned off mid-transfer. 12674 * In order to guarantee atomicity, we: 12675 * 12676 * 1. Save an atomic journal file describing the transfer process 12677 * 2. Perform the transfer itself 12678 * 3. Delete the journal file 12679 * 12680 * That way if the journal file exists on device boot, we know that the transfer 12681 * must be reverted back to the original administrator. This logic is implemented in 12682 * revertTransferOwnershipIfNecessaryLocked. 12683 * */ 12684 if (bundle == null) { 12685 bundle = new PersistableBundle(); 12686 } 12687 if (isProfileOwner(admin, callingUserId)) { 12688 prepareTransfer(admin, target, bundle, callingUserId, 12689 ADMIN_TYPE_PROFILE_OWNER); 12690 transferProfileOwnershipLocked(admin, target, callingUserId); 12691 sendProfileOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE, 12692 getTransferOwnershipAdminExtras(bundle), callingUserId); 12693 postTransfer(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, callingUserId); 12694 if (isUserAffiliatedWithDeviceLocked(callingUserId)) { 12695 notifyAffiliatedProfileTransferOwnershipComplete(callingUserId); 12696 } 12697 } else if (isDeviceOwner(admin, callingUserId)) { 12698 prepareTransfer(admin, target, bundle, callingUserId, 12699 ADMIN_TYPE_DEVICE_OWNER); 12700 transferDeviceOwnershipLocked(admin, target, callingUserId); 12701 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE, 12702 getTransferOwnershipAdminExtras(bundle)); 12703 postTransfer(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, callingUserId); 12704 } 12705 } 12706 } finally { 12707 mInjector.binderRestoreCallingIdentity(id); 12708 } 12709 } 12710 12711 private void prepareTransfer(ComponentName admin, ComponentName target, 12712 PersistableBundle bundle, int callingUserId, String adminType) { 12713 saveTransferOwnershipBundleLocked(bundle, callingUserId); 12714 mTransferOwnershipMetadataManager.saveMetadataFile( 12715 new TransferOwnershipMetadataManager.Metadata(admin, target, 12716 callingUserId, adminType)); 12717 } 12718 12719 private void postTransfer(String broadcast, int callingUserId) { 12720 deleteTransferOwnershipMetadataFileLocked(); 12721 sendOwnerChangedBroadcast(broadcast, callingUserId); 12722 } 12723 12724 private void notifyAffiliatedProfileTransferOwnershipComplete(int callingUserId) { 12725 final Bundle extras = new Bundle(); 12726 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(callingUserId)); 12727 sendDeviceOwnerCommand( 12728 DeviceAdminReceiver.ACTION_AFFILIATED_PROFILE_TRANSFER_OWNERSHIP_COMPLETE, extras); 12729 } 12730 12731 /** 12732 * Transfers the profile owner for user with id profileOwnerUserId from admin to target. 12733 */ 12734 private void transferProfileOwnershipLocked(ComponentName admin, ComponentName target, 12735 int profileOwnerUserId) { 12736 transferActiveAdminUncheckedLocked(target, admin, profileOwnerUserId); 12737 mOwners.transferProfileOwner(target, profileOwnerUserId); 12738 Slog.i(LOG_TAG, "Profile owner set: " + target + " on user " + profileOwnerUserId); 12739 mOwners.writeProfileOwner(profileOwnerUserId); 12740 mDeviceAdminServiceController.startServiceForOwner( 12741 target.getPackageName(), profileOwnerUserId, "transfer-profile-owner"); 12742 } 12743 12744 /** 12745 * Transfers the device owner for user with id userId from admin to target. 12746 */ 12747 private void transferDeviceOwnershipLocked(ComponentName admin, ComponentName target, int userId) { 12748 transferActiveAdminUncheckedLocked(target, admin, userId); 12749 mOwners.transferDeviceOwnership(target); 12750 Slog.i(LOG_TAG, "Device owner set: " + target + " on user " + userId); 12751 mOwners.writeDeviceOwner(); 12752 mDeviceAdminServiceController.startServiceForOwner( 12753 target.getPackageName(), userId, "transfer-device-owner"); 12754 } 12755 12756 private Bundle getTransferOwnershipAdminExtras(PersistableBundle bundle) { 12757 Bundle extras = new Bundle(); 12758 if (bundle != null) { 12759 extras.putParcelable(EXTRA_TRANSFER_OWNERSHIP_ADMIN_EXTRAS_BUNDLE, bundle); 12760 } 12761 return extras; 12762 } 12763 12764 @Override 12765 public void setStartUserSessionMessage( 12766 ComponentName admin, CharSequence startUserSessionMessage) { 12767 if (!mHasFeature) { 12768 return; 12769 } 12770 Preconditions.checkNotNull(admin); 12771 12772 final String startUserSessionMessageString = 12773 startUserSessionMessage != null ? startUserSessionMessage.toString() : null; 12774 12775 synchronized (this) { 12776 final ActiveAdmin deviceOwner = 12777 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12778 12779 if (TextUtils.equals(deviceOwner.startUserSessionMessage, startUserSessionMessage)) { 12780 return; 12781 } 12782 deviceOwner.startUserSessionMessage = startUserSessionMessageString; 12783 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12784 } 12785 12786 mInjector.getActivityManagerInternal() 12787 .setSwitchingFromSystemUserMessage(startUserSessionMessageString); 12788 } 12789 12790 @Override 12791 public void setEndUserSessionMessage(ComponentName admin, CharSequence endUserSessionMessage) { 12792 if (!mHasFeature) { 12793 return; 12794 } 12795 Preconditions.checkNotNull(admin); 12796 12797 final String endUserSessionMessageString = 12798 endUserSessionMessage != null ? endUserSessionMessage.toString() : null; 12799 12800 synchronized (this) { 12801 final ActiveAdmin deviceOwner = 12802 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12803 12804 if (TextUtils.equals(deviceOwner.endUserSessionMessage, endUserSessionMessage)) { 12805 return; 12806 } 12807 deviceOwner.endUserSessionMessage = endUserSessionMessageString; 12808 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12809 } 12810 12811 mInjector.getActivityManagerInternal() 12812 .setSwitchingToSystemUserMessage(endUserSessionMessageString); 12813 } 12814 12815 @Override 12816 public String getStartUserSessionMessage(ComponentName admin) { 12817 if (!mHasFeature) { 12818 return null; 12819 } 12820 Preconditions.checkNotNull(admin); 12821 12822 synchronized (this) { 12823 final ActiveAdmin deviceOwner = 12824 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12825 return deviceOwner.startUserSessionMessage; 12826 } 12827 } 12828 12829 @Override 12830 public String getEndUserSessionMessage(ComponentName admin) { 12831 if (!mHasFeature) { 12832 return null; 12833 } 12834 Preconditions.checkNotNull(admin); 12835 12836 synchronized (this) { 12837 final ActiveAdmin deviceOwner = 12838 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12839 return deviceOwner.endUserSessionMessage; 12840 } 12841 } 12842 12843 private void deleteTransferOwnershipMetadataFileLocked() { 12844 mTransferOwnershipMetadataManager.deleteMetadataFile(); 12845 } 12846 12847 @Override 12848 @Nullable 12849 public PersistableBundle getTransferOwnershipBundle() { 12850 synchronized (this) { 12851 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12852 getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12853 final File bundleFile = new File( 12854 mInjector.environmentGetUserSystemDirectory(callingUserId), 12855 TRANSFER_OWNERSHIP_PARAMETERS_XML); 12856 if (!bundleFile.exists()) { 12857 return null; 12858 } 12859 try (FileInputStream stream = new FileInputStream(bundleFile)) { 12860 XmlPullParser parser = Xml.newPullParser(); 12861 parser.setInput(stream, null); 12862 parser.next(); 12863 return PersistableBundle.restoreFromXml(parser); 12864 } catch (IOException | XmlPullParserException | IllegalArgumentException e) { 12865 Slog.e(LOG_TAG, "Caught exception while trying to load the " 12866 + "owner transfer parameters from file " + bundleFile, e); 12867 return null; 12868 } 12869 } 12870 } 12871 12872 @Override 12873 public int addOverrideApn(@NonNull ComponentName who, @NonNull ApnSetting apnSetting) { 12874 if (!mHasFeature) { 12875 return -1; 12876 } 12877 Preconditions.checkNotNull(who, "ComponentName is null in addOverrideApn"); 12878 Preconditions.checkNotNull(apnSetting, "ApnSetting is null in addOverrideApn"); 12879 synchronized (this) { 12880 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12881 } 12882 12883 int operatedId = -1; 12884 Uri resultUri; 12885 final long id = mInjector.binderClearCallingIdentity(); 12886 try { 12887 resultUri = mContext.getContentResolver().insert(DPC_URI, apnSetting.toContentValues()); 12888 } finally { 12889 mInjector.binderRestoreCallingIdentity(id); 12890 } 12891 if (resultUri != null) { 12892 try { 12893 operatedId = Integer.parseInt(resultUri.getLastPathSegment()); 12894 } catch (NumberFormatException e) { 12895 Slog.e(LOG_TAG, "Failed to parse inserted override APN id.", e); 12896 } 12897 } 12898 12899 return operatedId; 12900 } 12901 12902 @Override 12903 public boolean updateOverrideApn(@NonNull ComponentName who, int apnId, 12904 @NonNull ApnSetting apnSetting) { 12905 if (!mHasFeature) { 12906 return false; 12907 } 12908 Preconditions.checkNotNull(who, "ComponentName is null in updateOverrideApn"); 12909 Preconditions.checkNotNull(apnSetting, "ApnSetting is null in updateOverrideApn"); 12910 synchronized (this) { 12911 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12912 } 12913 12914 if (apnId < 0) { 12915 return false; 12916 } 12917 final long id = mInjector.binderClearCallingIdentity(); 12918 try { 12919 return mContext.getContentResolver().update( 12920 Uri.withAppendedPath(DPC_URI, Integer.toString(apnId)), 12921 apnSetting.toContentValues(), null, null) > 0; 12922 } finally { 12923 mInjector.binderRestoreCallingIdentity(id); 12924 } 12925 } 12926 12927 @Override 12928 public boolean removeOverrideApn(@NonNull ComponentName who, int apnId) { 12929 if (!mHasFeature) { 12930 return false; 12931 } 12932 Preconditions.checkNotNull(who, "ComponentName is null in removeOverrideApn"); 12933 synchronized (this) { 12934 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12935 } 12936 12937 return removeOverrideApnUnchecked(apnId); 12938 } 12939 12940 private boolean removeOverrideApnUnchecked(int apnId) { 12941 if(apnId < 0) { 12942 return false; 12943 } 12944 int numDeleted = 0; 12945 final long id = mInjector.binderClearCallingIdentity(); 12946 try { 12947 numDeleted = mContext.getContentResolver().delete( 12948 Uri.withAppendedPath(DPC_URI, Integer.toString(apnId)), null, null); 12949 } finally { 12950 mInjector.binderRestoreCallingIdentity(id); 12951 } 12952 return numDeleted > 0; 12953 } 12954 12955 @Override 12956 public List<ApnSetting> getOverrideApns(@NonNull ComponentName who) { 12957 if (!mHasFeature) { 12958 return Collections.emptyList(); 12959 } 12960 Preconditions.checkNotNull(who, "ComponentName is null in getOverrideApns"); 12961 synchronized (this) { 12962 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12963 } 12964 12965 return getOverrideApnsUnchecked(); 12966 } 12967 12968 private List<ApnSetting> getOverrideApnsUnchecked() { 12969 final Cursor cursor; 12970 final long id = mInjector.binderClearCallingIdentity(); 12971 try { 12972 cursor = mContext.getContentResolver().query(DPC_URI, null, null, null, null); 12973 } finally { 12974 mInjector.binderRestoreCallingIdentity(id); 12975 } 12976 12977 if (cursor == null) { 12978 return Collections.emptyList(); 12979 } 12980 try { 12981 List<ApnSetting> apnList = new ArrayList<ApnSetting>(); 12982 cursor.moveToPosition(-1); 12983 while (cursor.moveToNext()) { 12984 ApnSetting apn = ApnSetting.makeApnSetting(cursor); 12985 apnList.add(apn); 12986 } 12987 return apnList; 12988 } finally { 12989 cursor.close(); 12990 } 12991 } 12992 12993 @Override 12994 public void setOverrideApnsEnabled(@NonNull ComponentName who, boolean enabled) { 12995 if (!mHasFeature) { 12996 return; 12997 } 12998 Preconditions.checkNotNull(who, "ComponentName is null in setOverrideApnEnabled"); 12999 synchronized (this) { 13000 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 13001 } 13002 13003 setOverrideApnsEnabledUnchecked(enabled); 13004 } 13005 13006 private void setOverrideApnsEnabledUnchecked(boolean enabled) { 13007 ContentValues value = new ContentValues(); 13008 value.put(ENFORCE_KEY, enabled); 13009 final long id = mInjector.binderClearCallingIdentity(); 13010 try { 13011 mContext.getContentResolver().update( 13012 ENFORCE_MANAGED_URI, value, null, null); 13013 } finally { 13014 mInjector.binderRestoreCallingIdentity(id); 13015 } 13016 } 13017 13018 @Override 13019 public boolean isOverrideApnEnabled(@NonNull ComponentName who) { 13020 if (!mHasFeature) { 13021 return false; 13022 } 13023 Preconditions.checkNotNull(who, "ComponentName is null in isOverrideApnEnabled"); 13024 synchronized (this) { 13025 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 13026 } 13027 13028 Cursor enforceCursor; 13029 final long id = mInjector.binderClearCallingIdentity(); 13030 try { 13031 enforceCursor = mContext.getContentResolver().query( 13032 ENFORCE_MANAGED_URI, null, null, null, null); 13033 } finally { 13034 mInjector.binderRestoreCallingIdentity(id); 13035 } 13036 13037 if (enforceCursor == null) { 13038 return false; 13039 } 13040 try { 13041 if (enforceCursor.moveToFirst()) { 13042 return enforceCursor.getInt(enforceCursor.getColumnIndex(ENFORCE_KEY)) == 1; 13043 } 13044 } catch (IllegalArgumentException e) { 13045 Slog.e(LOG_TAG, "Cursor returned from ENFORCE_MANAGED_URI doesn't contain " 13046 + "correct info.", e); 13047 } finally { 13048 enforceCursor.close(); 13049 } 13050 return false; 13051 } 13052 13053 @VisibleForTesting 13054 void saveTransferOwnershipBundleLocked(PersistableBundle bundle, int userId) { 13055 final File parametersFile = new File( 13056 mInjector.environmentGetUserSystemDirectory(userId), 13057 TRANSFER_OWNERSHIP_PARAMETERS_XML); 13058 final AtomicFile atomicFile = new AtomicFile(parametersFile); 13059 FileOutputStream stream = null; 13060 try { 13061 stream = atomicFile.startWrite(); 13062 final XmlSerializer serializer = new FastXmlSerializer(); 13063 serializer.setOutput(stream, StandardCharsets.UTF_8.name()); 13064 serializer.startDocument(null, true); 13065 serializer.startTag(null, TAG_TRANSFER_OWNERSHIP_BUNDLE); 13066 bundle.saveToXml(serializer); 13067 serializer.endTag(null, TAG_TRANSFER_OWNERSHIP_BUNDLE); 13068 serializer.endDocument(); 13069 atomicFile.finishWrite(stream); 13070 } catch (IOException | XmlPullParserException e) { 13071 Slog.e(LOG_TAG, "Caught exception while trying to save the " 13072 + "owner transfer parameters to file " + parametersFile, e); 13073 parametersFile.delete(); 13074 atomicFile.failWrite(stream); 13075 } 13076 } 13077 13078 void deleteTransferOwnershipBundleLocked(int userId) { 13079 final File parametersFile = new File(mInjector.environmentGetUserSystemDirectory(userId), 13080 TRANSFER_OWNERSHIP_PARAMETERS_XML); 13081 parametersFile.delete(); 13082 } 13083 13084 private void maybeLogPasswordComplexitySet(ComponentName who, int userId, boolean parent, 13085 PasswordMetrics metrics) { 13086 if (SecurityLog.isLoggingEnabled()) { 13087 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 13088 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_COMPLEXITY_SET, who.getPackageName(), 13089 userId, affectedUserId, metrics.length, metrics.quality, metrics.letters, 13090 metrics.nonLetter, metrics.numeric, metrics.upperCase, metrics.lowerCase, 13091 metrics.symbols); 13092 } 13093 } 13094 13095 private static String getManagedProvisioningPackage(Context context) { 13096 return context.getResources().getString(R.string.config_managed_provisioning_package); 13097 } 13098} 13099