DevicePolicyManagerService.java revision 56681f761e941b1268cde9fc71de39d133280d27
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.devicepolicy; 18 19import static android.Manifest.permission.BIND_DEVICE_ADMIN; 20import static android.Manifest.permission.MANAGE_CA_CERTIFICATES; 21import static android.app.ActivityManager.LOCK_TASK_MODE_NONE; 22import static android.app.admin.DeviceAdminReceiver.EXTRA_TRANSFER_OWNERSHIP_ADMIN_EXTRAS_BUNDLE; 23import static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_USER; 24import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY; 25import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED; 26import static android.app.admin.DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE; 27import static android.app.admin.DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED; 28import static android.app.admin.DevicePolicyManager.CODE_HAS_DEVICE_OWNER; 29import static android.app.admin.DevicePolicyManager.CODE_HAS_PAIRED; 30import static android.app.admin.DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED; 31import static android.app.admin.DevicePolicyManager.CODE_NONSYSTEM_USER_EXISTS; 32import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER; 33import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT; 34import static android.app.admin.DevicePolicyManager.CODE_OK; 35import static android.app.admin.DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; 36import static android.app.admin.DevicePolicyManager.CODE_SYSTEM_USER; 37import static android.app.admin.DevicePolicyManager.CODE_USER_HAS_PROFILE_OWNER; 38import static android.app.admin.DevicePolicyManager.CODE_USER_NOT_RUNNING; 39import static android.app.admin.DevicePolicyManager.CODE_USER_SETUP_COMPLETED; 40import static android.app.admin.DevicePolicyManager.DELEGATION_APP_RESTRICTIONS; 41import static android.app.admin.DevicePolicyManager.DELEGATION_BLOCK_UNINSTALL; 42import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL; 43import static android.app.admin.DevicePolicyManager.DELEGATION_ENABLE_SYSTEM_APP; 44import static android.app.admin.DevicePolicyManager.DELEGATION_INSTALL_EXISTING_PACKAGE; 45import static android.app.admin.DevicePolicyManager.DELEGATION_KEEP_UNINSTALLED_PACKAGES; 46import static android.app.admin.DevicePolicyManager.DELEGATION_PACKAGE_ACCESS; 47import static android.app.admin.DevicePolicyManager.DELEGATION_PERMISSION_GRANT; 48import static android.app.admin.DevicePolicyManager.ID_TYPE_BASE_INFO; 49import static android.app.admin.DevicePolicyManager.ID_TYPE_IMEI; 50import static android.app.admin.DevicePolicyManager.ID_TYPE_MEID; 51import static android.app.admin.DevicePolicyManager.ID_TYPE_SERIAL; 52import static android.app.admin.DevicePolicyManager.LEAVE_ALL_SYSTEM_APPS_ENABLED; 53import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_HOME; 54import static android.app.admin.DevicePolicyManager.LOCK_TASK_FEATURE_OVERVIEW; 55import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; 56import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; 57import static android.app.admin.DevicePolicyManager.PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER; 58import static android.app.admin.DevicePolicyManager.WIPE_EUICC; 59import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE; 60import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA; 61import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES; 62 63import static android.provider.Telephony.Carriers.DPC_URI; 64import static android.provider.Telephony.Carriers.ENFORCE_KEY; 65import static android.provider.Telephony.Carriers.ENFORCE_MANAGED_URI; 66 67import static com.android.internal.logging.nano.MetricsProto.MetricsEvent 68 .PROVISIONING_ENTRY_POINT_ADB; 69import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker 70 .STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW; 71 72import static com.android.server.devicepolicy.TransferOwnershipMetadataManager.ADMIN_TYPE_DEVICE_OWNER; 73import static com.android.server.devicepolicy.TransferOwnershipMetadataManager.ADMIN_TYPE_PROFILE_OWNER; 74 75import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT; 76import static org.xmlpull.v1.XmlPullParser.END_TAG; 77import static org.xmlpull.v1.XmlPullParser.TEXT; 78 79import android.Manifest.permission; 80import android.accessibilityservice.AccessibilityServiceInfo; 81import android.accounts.Account; 82import android.accounts.AccountManager; 83import android.annotation.NonNull; 84import android.annotation.Nullable; 85import android.annotation.UserIdInt; 86import android.app.Activity; 87import android.app.ActivityManager; 88import android.app.ActivityManagerInternal; 89import android.app.ActivityThread; 90import android.app.AlarmManager; 91import android.app.AppGlobals; 92import android.app.IActivityManager; 93import android.app.IApplicationThread; 94import android.app.IServiceConnection; 95import android.app.Notification; 96import android.app.NotificationManager; 97import android.app.PendingIntent; 98import android.app.StatusBarManager; 99import android.app.admin.DeviceAdminInfo; 100import android.app.admin.DeviceAdminReceiver; 101import android.app.admin.DevicePolicyCache; 102import android.app.admin.DevicePolicyManager; 103import android.app.admin.DevicePolicyManagerInternal; 104import android.app.admin.NetworkEvent; 105import android.app.admin.PasswordMetrics; 106import android.app.admin.SecurityLog; 107import android.app.admin.SecurityLog.SecurityEvent; 108import android.app.admin.SystemUpdateInfo; 109import android.app.admin.SystemUpdatePolicy; 110import android.app.backup.BackupManager; 111import android.app.backup.IBackupManager; 112import android.app.backup.ISelectBackupTransportCallback; 113import android.app.trust.TrustManager; 114import android.app.usage.UsageStatsManagerInternal; 115import android.content.BroadcastReceiver; 116import android.content.ComponentName; 117import android.content.ContentValues; 118import android.content.Context; 119import android.content.Intent; 120import android.content.IntentFilter; 121import android.content.pm.ActivityInfo; 122import android.content.pm.ApplicationInfo; 123import android.content.pm.IPackageDataObserver; 124import android.content.pm.IPackageManager; 125import android.content.pm.PackageInfo; 126import android.content.pm.PackageManager; 127import android.content.pm.PackageManager.NameNotFoundException; 128import android.content.pm.PackageManagerInternal; 129import android.content.pm.ParceledListSlice; 130import android.content.pm.PermissionInfo; 131import android.content.pm.ResolveInfo; 132import android.content.pm.ServiceInfo; 133import android.content.pm.StringParceledListSlice; 134import android.content.pm.UserInfo; 135import android.content.res.Resources; 136import android.database.ContentObserver; 137import android.database.Cursor; 138import android.graphics.Bitmap; 139import android.graphics.Color; 140import android.media.AudioManager; 141import android.media.IAudioService; 142import android.net.ConnectivityManager; 143import android.net.IIpConnectivityMetrics; 144import android.net.ProxyInfo; 145import android.net.Uri; 146import android.net.metrics.IpConnectivityLog; 147import android.net.wifi.WifiInfo; 148import android.net.wifi.WifiManager; 149import android.os.Binder; 150import android.os.Build; 151import android.os.Bundle; 152import android.os.Environment; 153import android.os.FileUtils; 154import android.os.Handler; 155import android.os.IBinder; 156import android.os.Looper; 157import android.os.ParcelFileDescriptor; 158import android.os.PersistableBundle; 159import android.os.PowerManager; 160import android.os.PowerManagerInternal; 161import android.os.Process; 162import android.os.RecoverySystem; 163import android.os.RemoteCallback; 164import android.os.RemoteException; 165import android.os.ServiceManager; 166import android.os.ServiceSpecificException; 167import android.os.SystemClock; 168import android.os.SystemProperties; 169import android.os.UserHandle; 170import android.os.UserManager; 171import android.os.UserManagerInternal; 172import android.os.UserManagerInternal.UserRestrictionsListener; 173import android.os.storage.StorageManager; 174import android.provider.ContactsContract.QuickContact; 175import android.provider.ContactsInternal; 176import android.provider.Settings; 177import android.provider.Settings.Global; 178import android.security.IKeyChainAliasCallback; 179import android.security.IKeyChainService; 180import android.security.KeyChain; 181import android.security.KeyChain.KeyChainConnection; 182import android.security.KeyStore; 183import android.security.keymaster.KeymasterCertificateChain; 184import android.security.keystore.AttestationUtils; 185import android.security.keystore.KeyGenParameterSpec; 186import android.security.keystore.ParcelableKeyGenParameterSpec; 187import android.service.persistentdata.PersistentDataBlockManager; 188import android.telephony.TelephonyManager; 189import android.telephony.data.ApnSetting; 190import android.text.TextUtils; 191import android.util.ArrayMap; 192import android.util.ArraySet; 193import android.util.AtomicFile; 194import android.util.Log; 195import android.util.Pair; 196import android.util.Slog; 197import android.util.SparseArray; 198import android.util.Xml; 199import android.view.IWindowManager; 200import android.view.accessibility.AccessibilityManager; 201import android.view.accessibility.IAccessibilityManager; 202import android.view.inputmethod.InputMethodInfo; 203import android.view.inputmethod.InputMethodManager; 204 205import com.android.internal.R; 206import com.android.internal.annotations.GuardedBy; 207import com.android.internal.annotations.VisibleForTesting; 208import com.android.internal.logging.MetricsLogger; 209import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; 210import com.android.internal.notification.SystemNotificationChannels; 211import com.android.internal.os.BackgroundThread; 212import com.android.internal.statusbar.IStatusBarService; 213import com.android.internal.telephony.SmsApplication; 214import com.android.internal.util.DumpUtils; 215import com.android.internal.util.FastXmlSerializer; 216import com.android.internal.util.FunctionalUtils.ThrowingRunnable; 217import com.android.internal.util.JournaledFile; 218import com.android.internal.util.Preconditions; 219import com.android.internal.util.XmlUtils; 220import com.android.internal.widget.LockPatternUtils; 221import com.android.server.LocalServices; 222import com.android.server.SystemServerInitThreadPool; 223import com.android.server.SystemService; 224import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo; 225import com.android.server.net.NetworkPolicyManagerInternal; 226import com.android.server.pm.UserRestrictionsUtils; 227import com.android.server.storage.DeviceStorageMonitorInternal; 228 229import com.google.android.collect.Sets; 230 231import org.xmlpull.v1.XmlPullParser; 232import org.xmlpull.v1.XmlPullParserException; 233import org.xmlpull.v1.XmlSerializer; 234 235import java.io.File; 236import java.io.FileDescriptor; 237import java.io.FileInputStream; 238import java.io.FileNotFoundException; 239import java.io.FileOutputStream; 240import java.io.IOException; 241import java.io.PrintWriter; 242import java.lang.reflect.Constructor; 243import java.nio.charset.StandardCharsets; 244import java.text.DateFormat; 245import java.time.LocalDate; 246import java.util.ArrayList; 247import java.util.Arrays; 248import java.util.Collection; 249import java.util.Collections; 250import java.util.Date; 251import java.util.HashMap; 252import java.util.List; 253import java.util.Map; 254import java.util.Map.Entry; 255import java.util.Objects; 256import java.util.Set; 257import java.util.concurrent.CountDownLatch; 258import java.util.concurrent.TimeUnit; 259import java.util.concurrent.atomic.AtomicBoolean; 260import java.util.function.Function; 261 262/** 263 * Implementation of the device policy APIs. 264 */ 265public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 266 267 protected static final String LOG_TAG = "DevicePolicyManager"; 268 269 private static final boolean VERBOSE_LOG = false; // DO NOT SUBMIT WITH TRUE 270 271 private static final String DEVICE_POLICIES_XML = "device_policies.xml"; 272 273 private static final String TRANSFER_OWNERSHIP_PARAMETERS_XML = 274 "transfer-ownership-parameters.xml"; 275 276 private static final String TAG_ACCEPTED_CA_CERTIFICATES = "accepted-ca-certificate"; 277 278 private static final String TAG_LOCK_TASK_COMPONENTS = "lock-task-component"; 279 280 private static final String TAG_LOCK_TASK_FEATURES = "lock-task-features"; 281 282 private static final String TAG_STATUS_BAR = "statusbar"; 283 284 private static final String ATTR_DISABLED = "disabled"; 285 286 private static final String ATTR_NAME = "name"; 287 288 private static final String DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML = 289 "do-not-ask-credentials-on-boot"; 290 291 private static final String TAG_AFFILIATION_ID = "affiliation-id"; 292 293 private static final String TAG_LAST_SECURITY_LOG_RETRIEVAL = "last-security-log-retrieval"; 294 295 private static final String TAG_LAST_BUG_REPORT_REQUEST = "last-bug-report-request"; 296 297 private static final String TAG_LAST_NETWORK_LOG_RETRIEVAL = "last-network-log-retrieval"; 298 299 private static final String TAG_ADMIN_BROADCAST_PENDING = "admin-broadcast-pending"; 300 301 private static final String TAG_CURRENT_INPUT_METHOD_SET = "current-ime-set"; 302 303 private static final String TAG_OWNER_INSTALLED_CA_CERT = "owner-installed-ca-cert"; 304 305 private static final String ATTR_ID = "id"; 306 307 private static final String ATTR_VALUE = "value"; 308 309 private static final String ATTR_ALIAS = "alias"; 310 311 private static final String TAG_INITIALIZATION_BUNDLE = "initialization-bundle"; 312 313 private static final String TAG_PASSWORD_TOKEN_HANDLE = "password-token"; 314 315 private static final String TAG_PASSWORD_VALIDITY = "password-validity"; 316 317 private static final String TAG_TRANSFER_OWNERSHIP_BUNDLE = "transfer-ownership-bundle"; 318 319 private static final int REQUEST_EXPIRE_PASSWORD = 5571; 320 321 private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1); 322 323 private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms 324 325 private static final String ACTION_EXPIRED_PASSWORD_NOTIFICATION 326 = "com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION"; 327 328 private static final String ATTR_PERMISSION_PROVIDER = "permission-provider"; 329 private static final String ATTR_SETUP_COMPLETE = "setup-complete"; 330 private static final String ATTR_PROVISIONING_STATE = "provisioning-state"; 331 private static final String ATTR_PERMISSION_POLICY = "permission-policy"; 332 private static final String ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED = 333 "device-provisioning-config-applied"; 334 private static final String ATTR_DEVICE_PAIRED = "device-paired"; 335 private static final String ATTR_DELEGATED_CERT_INSTALLER = "delegated-cert-installer"; 336 private static final String ATTR_APPLICATION_RESTRICTIONS_MANAGER 337 = "application-restrictions-manager"; 338 339 // Comprehensive list of delegations. 340 private static final String DELEGATIONS[] = { 341 DELEGATION_CERT_INSTALL, 342 DELEGATION_APP_RESTRICTIONS, 343 DELEGATION_BLOCK_UNINSTALL, 344 DELEGATION_ENABLE_SYSTEM_APP, 345 DELEGATION_KEEP_UNINSTALLED_PACKAGES, 346 DELEGATION_PACKAGE_ACCESS, 347 DELEGATION_PERMISSION_GRANT, 348 DELEGATION_INSTALL_EXISTING_PACKAGE, 349 DELEGATION_KEEP_UNINSTALLED_PACKAGES 350 }; 351 352 /** 353 * System property whose value is either "true" or "false", indicating whether 354 * device owner is present. 355 */ 356 private static final String PROPERTY_DEVICE_OWNER_PRESENT = "ro.device_owner"; 357 358 private static final int STATUS_BAR_DISABLE_MASK = 359 StatusBarManager.DISABLE_EXPAND | 360 StatusBarManager.DISABLE_NOTIFICATION_ICONS | 361 StatusBarManager.DISABLE_NOTIFICATION_ALERTS | 362 StatusBarManager.DISABLE_SEARCH; 363 364 private static final int STATUS_BAR_DISABLE2_MASK = 365 StatusBarManager.DISABLE2_QUICK_SETTINGS; 366 367 private static final Set<String> SECURE_SETTINGS_WHITELIST; 368 private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST; 369 private static final Set<String> GLOBAL_SETTINGS_WHITELIST; 370 private static final Set<String> GLOBAL_SETTINGS_DEPRECATED; 371 private static final Set<String> SYSTEM_SETTINGS_WHITELIST; 372 static { 373 SECURE_SETTINGS_WHITELIST = new ArraySet<>(); 374 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD); 375 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS); 376 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.INSTALL_NON_MARKET_APPS); 377 378 SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new ArraySet<>(); 379 SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST); 380 SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE); 381 382 GLOBAL_SETTINGS_WHITELIST = new ArraySet<>(); 383 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED); 384 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME); 385 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME_ZONE); 386 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DATA_ROAMING); 387 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.USB_MASS_STORAGE_ENABLED); 388 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_SLEEP_POLICY); 389 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.STAY_ON_WHILE_PLUGGED_IN); 390 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN); 391 392 GLOBAL_SETTINGS_DEPRECATED = new ArraySet<>(); 393 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.BLUETOOTH_ON); 394 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.DEVELOPMENT_SETTINGS_ENABLED); 395 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.MODE_RINGER); 396 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.NETWORK_PREFERENCE); 397 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.WIFI_ON); 398 399 SYSTEM_SETTINGS_WHITELIST = new ArraySet<>(); 400 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS); 401 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS_MODE); 402 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_OFF_TIMEOUT); 403 } 404 405 /** 406 * Keyguard features that when set on a profile affect the profile content or challenge only. 407 * These cannot be set on the managed profile's parent DPM instance 408 */ 409 private static final int PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY = 410 DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS; 411 412 /** Keyguard features that are allowed to be set on a managed profile */ 413 private static final int PROFILE_KEYGUARD_FEATURES = 414 PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER | PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY; 415 416 private static final int DEVICE_ADMIN_DEACTIVATE_TIMEOUT = 10000; 417 418 /** 419 * Minimum timeout in milliseconds after which unlocking with weak auth times out, 420 * i.e. the user has to use a strong authentication method like password, PIN or pattern. 421 */ 422 private static final long MINIMUM_STRONG_AUTH_TIMEOUT_MS = TimeUnit.HOURS.toMillis(1); 423 424 /** 425 * Strings logged with {@link 426 * com.android.internal.logging.nano.MetricsProto.MetricsEvent#PROVISIONING_ENTRY_POINT_ADB}. 427 */ 428 private static final String LOG_TAG_PROFILE_OWNER = "profile-owner"; 429 private static final String LOG_TAG_DEVICE_OWNER = "device-owner"; 430 431 final Context mContext; 432 final Injector mInjector; 433 final IPackageManager mIPackageManager; 434 final UserManager mUserManager; 435 final UserManagerInternal mUserManagerInternal; 436 final UsageStatsManagerInternal mUsageStatsManagerInternal; 437 final TelephonyManager mTelephonyManager; 438 private final LockPatternUtils mLockPatternUtils; 439 private final DevicePolicyConstants mConstants; 440 private final DeviceAdminServiceController mDeviceAdminServiceController; 441 private final OverlayPackagesProvider mOverlayPackagesProvider; 442 443 private final DevicePolicyCacheImpl mPolicyCache = new DevicePolicyCacheImpl(); 444 445 /** 446 * Contains (package-user) pairs to remove. An entry (p, u) implies that removal of package p 447 * is requested for user u. 448 */ 449 private final Set<Pair<String, Integer>> mPackagesToRemove = 450 new ArraySet<Pair<String, Integer>>(); 451 452 final LocalService mLocalService; 453 454 // Stores and loads state on device and profile owners. 455 @VisibleForTesting 456 final Owners mOwners; 457 458 private final Binder mToken = new Binder(); 459 460 /** 461 * Whether or not device admin feature is supported. If it isn't return defaults for all 462 * public methods. 463 */ 464 boolean mHasFeature; 465 466 /** 467 * Whether or not this device is a watch. 468 */ 469 boolean mIsWatch; 470 471 private final CertificateMonitor mCertificateMonitor; 472 private final SecurityLogMonitor mSecurityLogMonitor; 473 private NetworkLogger mNetworkLogger; 474 475 private final AtomicBoolean mRemoteBugreportServiceIsActive = new AtomicBoolean(); 476 private final AtomicBoolean mRemoteBugreportSharingAccepted = new AtomicBoolean(); 477 478 private SetupContentObserver mSetupContentObserver; 479 480 @VisibleForTesting 481 final TransferOwnershipMetadataManager mTransferOwnershipMetadataManager; 482 483 private final Runnable mRemoteBugreportTimeoutRunnable = new Runnable() { 484 @Override 485 public void run() { 486 if(mRemoteBugreportServiceIsActive.get()) { 487 onBugreportFailed(); 488 } 489 } 490 }; 491 492 /** Listens only if mHasFeature == true. */ 493 private final BroadcastReceiver mRemoteBugreportFinishedReceiver = new BroadcastReceiver() { 494 495 @Override 496 public void onReceive(Context context, Intent intent) { 497 if (DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH.equals(intent.getAction()) 498 && mRemoteBugreportServiceIsActive.get()) { 499 onBugreportFinished(intent); 500 } 501 } 502 }; 503 504 /** Listens only if mHasFeature == true. */ 505 private final BroadcastReceiver mRemoteBugreportConsentReceiver = new BroadcastReceiver() { 506 507 @Override 508 public void onReceive(Context context, Intent intent) { 509 String action = intent.getAction(); 510 mInjector.getNotificationManager().cancel(LOG_TAG, 511 RemoteBugreportUtils.NOTIFICATION_ID); 512 if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED.equals(action)) { 513 onBugreportSharingAccepted(); 514 } else if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) { 515 onBugreportSharingDeclined(); 516 } 517 mContext.unregisterReceiver(mRemoteBugreportConsentReceiver); 518 } 519 }; 520 521 public static final class Lifecycle extends SystemService { 522 private BaseIDevicePolicyManager mService; 523 524 public Lifecycle(Context context) { 525 super(context); 526 String dpmsClassName = context.getResources() 527 .getString(R.string.config_deviceSpecificDevicePolicyManagerService); 528 if (TextUtils.isEmpty(dpmsClassName)) { 529 dpmsClassName = DevicePolicyManagerService.class.getName(); 530 } 531 try { 532 Class serviceClass = Class.forName(dpmsClassName); 533 Constructor constructor = serviceClass.getConstructor(Context.class); 534 mService = (BaseIDevicePolicyManager) constructor.newInstance(context); 535 } catch (Exception e) { 536 throw new IllegalStateException( 537 "Failed to instantiate DevicePolicyManagerService with class name: " 538 + dpmsClassName, e); 539 } 540 } 541 542 @Override 543 public void onStart() { 544 publishBinderService(Context.DEVICE_POLICY_SERVICE, mService); 545 } 546 547 @Override 548 public void onBootPhase(int phase) { 549 mService.systemReady(phase); 550 } 551 552 @Override 553 public void onStartUser(int userHandle) { 554 mService.handleStartUser(userHandle); 555 } 556 557 @Override 558 public void onUnlockUser(int userHandle) { 559 mService.handleUnlockUser(userHandle); 560 } 561 562 @Override 563 public void onStopUser(int userHandle) { 564 mService.handleStopUser(userHandle); 565 } 566 } 567 568 public static class DevicePolicyData { 569 @NonNull PasswordMetrics mActivePasswordMetrics = new PasswordMetrics(); 570 int mFailedPasswordAttempts = 0; 571 boolean mPasswordStateHasBeenSetSinceBoot = false; 572 boolean mPasswordValidAtLastCheckpoint = true; 573 574 int mUserHandle; 575 int mPasswordOwner = -1; 576 long mLastMaximumTimeToLock = -1; 577 boolean mUserSetupComplete = false; 578 boolean mPaired = false; 579 int mUserProvisioningState; 580 int mPermissionPolicy; 581 582 boolean mDeviceProvisioningConfigApplied = false; 583 584 final ArrayMap<ComponentName, ActiveAdmin> mAdminMap = new ArrayMap<>(); 585 final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>(); 586 final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>(); 587 588 // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead. 589 final ArraySet<String> mAcceptedCaCertificates = new ArraySet<>(); 590 591 // This is the list of component allowed to start lock task mode. 592 List<String> mLockTaskPackages = new ArrayList<>(); 593 594 // Bitfield of feature flags to be enabled during LockTask mode. 595 int mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE; 596 597 boolean mStatusBarDisabled = false; 598 599 ComponentName mRestrictionsProvider; 600 601 // Map of delegate package to delegation scopes 602 final ArrayMap<String, List<String>> mDelegationMap = new ArrayMap<>(); 603 604 boolean doNotAskCredentialsOnBoot = false; 605 606 Set<String> mAffiliationIds = new ArraySet<>(); 607 608 long mLastSecurityLogRetrievalTime = -1; 609 610 long mLastBugReportRequestTime = -1; 611 612 long mLastNetworkLogsRetrievalTime = -1; 613 614 boolean mCurrentInputMethodSet = false; 615 616 // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead. 617 Set<String> mOwnerInstalledCaCerts = new ArraySet<>(); 618 619 // Used for initialization of users created by createAndManageUser. 620 boolean mAdminBroadcastPending = false; 621 PersistableBundle mInitBundle = null; 622 623 long mPasswordTokenHandle = 0; 624 625 public DevicePolicyData(int userHandle) { 626 mUserHandle = userHandle; 627 } 628 } 629 630 final SparseArray<DevicePolicyData> mUserData = new SparseArray<>(); 631 632 final Handler mHandler; 633 final Handler mBackgroundHandler; 634 635 /** Listens only if mHasFeature == true. */ 636 final BroadcastReceiver mReceiver = new BroadcastReceiver() { 637 @Override 638 public void onReceive(Context context, Intent intent) { 639 final String action = intent.getAction(); 640 final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, 641 getSendingUserId()); 642 643 /* 644 * Network logging would ideally be started in setDeviceOwnerSystemPropertyLocked(), 645 * however it's too early in the boot process to register with IIpConnectivityMetrics 646 * to listen for events. 647 */ 648 if (Intent.ACTION_USER_STARTED.equals(action) 649 && userHandle == mOwners.getDeviceOwnerUserId()) { 650 synchronized (DevicePolicyManagerService.this) { 651 if (isNetworkLoggingEnabledInternalLocked()) { 652 setNetworkLoggingActiveInternal(true); 653 } 654 } 655 } 656 if (Intent.ACTION_BOOT_COMPLETED.equals(action) 657 && userHandle == mOwners.getDeviceOwnerUserId() 658 && getDeviceOwnerRemoteBugreportUri() != null) { 659 IntentFilter filterConsent = new IntentFilter(); 660 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED); 661 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED); 662 mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent); 663 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, 664 RemoteBugreportUtils.NOTIFICATION_ID, 665 RemoteBugreportUtils.buildNotification(mContext, 666 DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED), 667 UserHandle.ALL); 668 } 669 if (Intent.ACTION_BOOT_COMPLETED.equals(action) 670 || ACTION_EXPIRED_PASSWORD_NOTIFICATION.equals(action)) { 671 if (VERBOSE_LOG) { 672 Slog.v(LOG_TAG, "Sending password expiration notifications for action " 673 + action + " for user " + userHandle); 674 } 675 mHandler.post(new Runnable() { 676 @Override 677 public void run() { 678 handlePasswordExpirationNotification(userHandle); 679 } 680 }); 681 } 682 683 if (Intent.ACTION_USER_ADDED.equals(action)) { 684 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_ADDED, userHandle); 685 synchronized (DevicePolicyManagerService.this) { 686 // It might take a while for the user to become affiliated. Make security 687 // and network logging unavailable in the meantime. 688 maybePauseDeviceWideLoggingLocked(); 689 } 690 } else if (Intent.ACTION_USER_REMOVED.equals(action)) { 691 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_REMOVED, userHandle); 692 synchronized (DevicePolicyManagerService.this) { 693 // Check whether the user is affiliated, *before* removing its data. 694 boolean isRemovedUserAffiliated = isUserAffiliatedWithDeviceLocked(userHandle); 695 removeUserData(userHandle); 696 if (!isRemovedUserAffiliated) { 697 // We discard the logs when unaffiliated users are deleted (so that the 698 // device owner cannot retrieve data about that user after it's gone). 699 discardDeviceWideLogsLocked(); 700 // Resume logging if all remaining users are affiliated. 701 maybeResumeDeviceWideLoggingLocked(); 702 } 703 } 704 } else if (Intent.ACTION_USER_STARTED.equals(action)) { 705 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STARTED, userHandle); 706 synchronized (DevicePolicyManagerService.this) { 707 maybeSendAdminEnabledBroadcastLocked(userHandle); 708 // Reset the policy data 709 mUserData.remove(userHandle); 710 } 711 handlePackagesChanged(null /* check all admins */, userHandle); 712 } else if (Intent.ACTION_USER_STOPPED.equals(action)) { 713 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STOPPED, userHandle); 714 } else if (Intent.ACTION_USER_SWITCHED.equals(action)) { 715 sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_SWITCHED, userHandle); 716 } else if (Intent.ACTION_USER_UNLOCKED.equals(action)) { 717 synchronized (DevicePolicyManagerService.this) { 718 maybeSendAdminEnabledBroadcastLocked(userHandle); 719 } 720 } else if (Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) { 721 handlePackagesChanged(null /* check all admins */, userHandle); 722 } else if (Intent.ACTION_PACKAGE_CHANGED.equals(action) 723 || (Intent.ACTION_PACKAGE_ADDED.equals(action) 724 && intent.getBooleanExtra(Intent.EXTRA_REPLACING, false))) { 725 handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle); 726 } else if (Intent.ACTION_PACKAGE_REMOVED.equals(action) 727 && !intent.getBooleanExtra(Intent.EXTRA_REPLACING, false)) { 728 handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle); 729 } else if (Intent.ACTION_MANAGED_PROFILE_ADDED.equals(action)) { 730 clearWipeProfileNotification(); 731 } else if (Intent.ACTION_DATE_CHANGED.equals(action) 732 || Intent.ACTION_TIME_CHANGED.equals(action)) { 733 // Update freeze period record when clock naturally progresses to the next day 734 // (ACTION_DATE_CHANGED), or when manual clock adjustment is made 735 // (ACTION_TIME_CHANGED) 736 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ true); 737 } 738 739 } 740 741 private void sendDeviceOwnerUserCommand(String action, int userHandle) { 742 synchronized (DevicePolicyManagerService.this) { 743 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 744 if (deviceOwner != null) { 745 Bundle extras = new Bundle(); 746 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 747 sendAdminCommandLocked(deviceOwner, action, extras, /* result */ null, 748 /* inForeground */ true); 749 } 750 } 751 } 752 }; 753 754 protected static class RestrictionsListener implements UserRestrictionsListener { 755 private Context mContext; 756 757 public RestrictionsListener(Context context) { 758 mContext = context; 759 } 760 761 public void onUserRestrictionsChanged(int userId, Bundle newRestrictions, 762 Bundle prevRestrictions) { 763 final boolean newlyDisallowed = 764 newRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE); 765 final boolean previouslyDisallowed = 766 prevRestrictions.getBoolean(UserManager.DISALLOW_SHARE_INTO_MANAGED_PROFILE); 767 final boolean restrictionChanged = (newlyDisallowed != previouslyDisallowed); 768 769 if (restrictionChanged) { 770 // Notify ManagedProvisioning to update the built-in cross profile intent filters. 771 Intent intent = new Intent( 772 DevicePolicyManager.ACTION_DATA_SHARING_RESTRICTION_CHANGED); 773 intent.setPackage(getManagedProvisioningPackage(mContext)); 774 intent.putExtra(Intent.EXTRA_USER_ID, userId); 775 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 776 mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM); 777 } 778 } 779 } 780 781 static class ActiveAdmin { 782 private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features"; 783 private static final String TAG_TEST_ONLY_ADMIN = "test-only-admin"; 784 private static final String TAG_DISABLE_CAMERA = "disable-camera"; 785 private static final String TAG_DISABLE_CALLER_ID = "disable-caller-id"; 786 private static final String TAG_DISABLE_CONTACTS_SEARCH = "disable-contacts-search"; 787 private static final String TAG_DISABLE_BLUETOOTH_CONTACT_SHARING 788 = "disable-bt-contacts-sharing"; 789 private static final String TAG_DISABLE_SCREEN_CAPTURE = "disable-screen-capture"; 790 private static final String TAG_DISABLE_ACCOUNT_MANAGEMENT = "disable-account-management"; 791 private static final String TAG_REQUIRE_AUTO_TIME = "require_auto_time"; 792 private static final String TAG_FORCE_EPHEMERAL_USERS = "force_ephemeral_users"; 793 private static final String TAG_IS_NETWORK_LOGGING_ENABLED = "is_network_logging_enabled"; 794 private static final String TAG_ACCOUNT_TYPE = "account-type"; 795 private static final String TAG_PERMITTED_ACCESSIBILITY_SERVICES 796 = "permitted-accessiblity-services"; 797 private static final String TAG_ENCRYPTION_REQUESTED = "encryption-requested"; 798 private static final String TAG_MANAGE_TRUST_AGENT_FEATURES = "manage-trust-agent-features"; 799 private static final String TAG_TRUST_AGENT_COMPONENT_OPTIONS = "trust-agent-component-options"; 800 private static final String TAG_TRUST_AGENT_COMPONENT = "component"; 801 private static final String TAG_PASSWORD_EXPIRATION_DATE = "password-expiration-date"; 802 private static final String TAG_PASSWORD_EXPIRATION_TIMEOUT = "password-expiration-timeout"; 803 private static final String TAG_GLOBAL_PROXY_EXCLUSION_LIST = "global-proxy-exclusion-list"; 804 private static final String TAG_GLOBAL_PROXY_SPEC = "global-proxy-spec"; 805 private static final String TAG_SPECIFIES_GLOBAL_PROXY = "specifies-global-proxy"; 806 private static final String TAG_PERMITTED_IMES = "permitted-imes"; 807 private static final String TAG_PERMITTED_NOTIFICATION_LISTENERS = 808 "permitted-notification-listeners"; 809 private static final String TAG_MAX_FAILED_PASSWORD_WIPE = "max-failed-password-wipe"; 810 private static final String TAG_MAX_TIME_TO_UNLOCK = "max-time-to-unlock"; 811 private static final String TAG_STRONG_AUTH_UNLOCK_TIMEOUT = "strong-auth-unlock-timeout"; 812 private static final String TAG_MIN_PASSWORD_NONLETTER = "min-password-nonletter"; 813 private static final String TAG_MIN_PASSWORD_SYMBOLS = "min-password-symbols"; 814 private static final String TAG_MIN_PASSWORD_NUMERIC = "min-password-numeric"; 815 private static final String TAG_MIN_PASSWORD_LETTERS = "min-password-letters"; 816 private static final String TAG_MIN_PASSWORD_LOWERCASE = "min-password-lowercase"; 817 private static final String TAG_MIN_PASSWORD_UPPERCASE = "min-password-uppercase"; 818 private static final String TAG_PASSWORD_HISTORY_LENGTH = "password-history-length"; 819 private static final String TAG_MIN_PASSWORD_LENGTH = "min-password-length"; 820 private static final String ATTR_VALUE = "value"; 821 private static final String TAG_PASSWORD_BLACKLIST = "password-blacklist"; 822 private static final String TAG_PASSWORD_QUALITY = "password-quality"; 823 private static final String TAG_POLICIES = "policies"; 824 private static final String TAG_CROSS_PROFILE_WIDGET_PROVIDERS = 825 "cross-profile-widget-providers"; 826 private static final String TAG_PROVIDER = "provider"; 827 private static final String TAG_PACKAGE_LIST_ITEM = "item"; 828 private static final String TAG_KEEP_UNINSTALLED_PACKAGES = "keep-uninstalled-packages"; 829 private static final String TAG_USER_RESTRICTIONS = "user-restrictions"; 830 private static final String TAG_DEFAULT_ENABLED_USER_RESTRICTIONS = 831 "default-enabled-user-restrictions"; 832 private static final String TAG_RESTRICTION = "restriction"; 833 private static final String TAG_SHORT_SUPPORT_MESSAGE = "short-support-message"; 834 private static final String TAG_LONG_SUPPORT_MESSAGE = "long-support-message"; 835 private static final String TAG_PARENT_ADMIN = "parent-admin"; 836 private static final String TAG_ORGANIZATION_COLOR = "organization-color"; 837 private static final String TAG_ORGANIZATION_NAME = "organization-name"; 838 private static final String ATTR_LAST_NETWORK_LOGGING_NOTIFICATION = "last-notification"; 839 private static final String ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS = "num-notifications"; 840 private static final String TAG_IS_LOGOUT_ENABLED = "is_logout_enabled"; 841 private static final String TAG_MANDATORY_BACKUP_TRANSPORT = "mandatory_backup_transport"; 842 private static final String TAG_START_USER_SESSION_MESSAGE = "start_user_session_message"; 843 private static final String TAG_END_USER_SESSION_MESSAGE = "end_user_session_message"; 844 private static final String TAG_METERED_DATA_DISABLED_PACKAGES 845 = "metered_data_disabled_packages"; 846 847 DeviceAdminInfo info; 848 849 850 static final int DEF_PASSWORD_HISTORY_LENGTH = 0; 851 int passwordHistoryLength = DEF_PASSWORD_HISTORY_LENGTH; 852 853 static final int DEF_MINIMUM_PASSWORD_LENGTH = 0; 854 static final int DEF_MINIMUM_PASSWORD_LETTERS = 1; 855 static final int DEF_MINIMUM_PASSWORD_UPPER_CASE = 0; 856 static final int DEF_MINIMUM_PASSWORD_LOWER_CASE = 0; 857 static final int DEF_MINIMUM_PASSWORD_NUMERIC = 1; 858 static final int DEF_MINIMUM_PASSWORD_SYMBOLS = 1; 859 static final int DEF_MINIMUM_PASSWORD_NON_LETTER = 0; 860 @NonNull 861 PasswordMetrics minimumPasswordMetrics = new PasswordMetrics( 862 PASSWORD_QUALITY_UNSPECIFIED, DEF_MINIMUM_PASSWORD_LENGTH, 863 DEF_MINIMUM_PASSWORD_LETTERS, DEF_MINIMUM_PASSWORD_UPPER_CASE, 864 DEF_MINIMUM_PASSWORD_LOWER_CASE, DEF_MINIMUM_PASSWORD_NUMERIC, 865 DEF_MINIMUM_PASSWORD_SYMBOLS, DEF_MINIMUM_PASSWORD_NON_LETTER); 866 867 static final long DEF_MAXIMUM_TIME_TO_UNLOCK = 0; 868 long maximumTimeToUnlock = DEF_MAXIMUM_TIME_TO_UNLOCK; 869 870 long strongAuthUnlockTimeout = 0; // admin doesn't participate by default 871 872 static final int DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE = 0; 873 int maximumFailedPasswordsForWipe = DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE; 874 875 static final long DEF_PASSWORD_EXPIRATION_TIMEOUT = 0; 876 long passwordExpirationTimeout = DEF_PASSWORD_EXPIRATION_TIMEOUT; 877 878 static final long DEF_PASSWORD_EXPIRATION_DATE = 0; 879 long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE; 880 881 static final int DEF_KEYGUARD_FEATURES_DISABLED = 0; // none 882 883 int disabledKeyguardFeatures = DEF_KEYGUARD_FEATURES_DISABLED; 884 885 boolean encryptionRequested = false; 886 boolean testOnlyAdmin = false; 887 boolean disableCamera = false; 888 boolean disableCallerId = false; 889 boolean disableContactsSearch = false; 890 boolean disableBluetoothContactSharing = true; 891 boolean disableScreenCapture = false; // Can only be set by a device/profile owner. 892 boolean requireAutoTime = false; // Can only be set by a device owner. 893 boolean forceEphemeralUsers = false; // Can only be set by a device owner. 894 boolean isNetworkLoggingEnabled = false; // Can only be set by a device owner. 895 boolean isLogoutEnabled = false; // Can only be set by a device owner. 896 897 // one notification after enabling + one more after reboots 898 static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2; 899 int numNetworkLoggingNotifications = 0; 900 long lastNetworkLoggingNotificationTimeMs = 0; // Time in milliseconds since epoch 901 902 ActiveAdmin parentAdmin; 903 final boolean isParent; 904 905 static class TrustAgentInfo { 906 public PersistableBundle options; 907 TrustAgentInfo(PersistableBundle bundle) { 908 options = bundle; 909 } 910 } 911 912 // The list of packages which are not allowed to use metered data. 913 List<String> meteredDisabledPackages; 914 915 final Set<String> accountTypesWithManagementDisabled = new ArraySet<>(); 916 917 // The list of permitted accessibility services package namesas set by a profile 918 // or device owner. Null means all accessibility services are allowed, empty means 919 // none except system services are allowed. 920 List<String> permittedAccessiblityServices; 921 922 // The list of permitted input methods package names as set by a profile or device owner. 923 // Null means all input methods are allowed, empty means none except system imes are 924 // allowed. 925 List<String> permittedInputMethods; 926 927 // The list of packages allowed to use a NotificationListenerService to receive events for 928 // notifications from this user. Null means that all packages are allowed. Empty list means 929 // that only packages from the system are allowed. 930 List<String> permittedNotificationListeners; 931 932 // List of package names to keep cached. 933 List<String> keepUninstalledPackages; 934 935 // TODO: review implementation decisions with frameworks team 936 boolean specifiesGlobalProxy = false; 937 String globalProxySpec = null; 938 String globalProxyExclusionList = null; 939 940 ArrayMap<String, TrustAgentInfo> trustAgentInfos = new ArrayMap<>(); 941 942 List<String> crossProfileWidgetProviders; 943 944 Bundle userRestrictions; 945 946 // User restrictions that have already been enabled by default for this admin (either when 947 // setting the device or profile owner, or during a system update if one of those "enabled 948 // by default" restrictions is newly added). 949 final Set<String> defaultEnabledRestrictionsAlreadySet = new ArraySet<>(); 950 951 // Support text provided by the admin to display to the user. 952 CharSequence shortSupportMessage = null; 953 CharSequence longSupportMessage = null; 954 955 // Background color of confirm credentials screen. Default: teal. 956 static final int DEF_ORGANIZATION_COLOR = Color.parseColor("#00796B"); 957 int organizationColor = DEF_ORGANIZATION_COLOR; 958 959 // Default title of confirm credentials screen 960 String organizationName = null; 961 962 // The blacklist data is stored in a file whose name is stored in the XML 963 String passwordBlacklistFile = null; 964 965 // The component name of the backup transport which has to be used if backups are mandatory 966 // or null if backups are not mandatory. 967 ComponentName mandatoryBackupTransport = null; 968 969 // Message for user switcher 970 String startUserSessionMessage = null; 971 String endUserSessionMessage = null; 972 973 ActiveAdmin(DeviceAdminInfo _info, boolean parent) { 974 info = _info; 975 isParent = parent; 976 } 977 978 ActiveAdmin getParentActiveAdmin() { 979 Preconditions.checkState(!isParent); 980 981 if (parentAdmin == null) { 982 parentAdmin = new ActiveAdmin(info, /* parent */ true); 983 } 984 return parentAdmin; 985 } 986 987 boolean hasParentActiveAdmin() { 988 return parentAdmin != null; 989 } 990 991 int getUid() { return info.getActivityInfo().applicationInfo.uid; } 992 993 public UserHandle getUserHandle() { 994 return UserHandle.of(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid)); 995 } 996 997 void writeToXml(XmlSerializer out) 998 throws IllegalArgumentException, IllegalStateException, IOException { 999 out.startTag(null, TAG_POLICIES); 1000 info.writePoliciesToXml(out); 1001 out.endTag(null, TAG_POLICIES); 1002 if (minimumPasswordMetrics.quality != PASSWORD_QUALITY_UNSPECIFIED) { 1003 out.startTag(null, TAG_PASSWORD_QUALITY); 1004 out.attribute(null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.quality)); 1005 out.endTag(null, TAG_PASSWORD_QUALITY); 1006 if (minimumPasswordMetrics.length != DEF_MINIMUM_PASSWORD_LENGTH) { 1007 out.startTag(null, TAG_MIN_PASSWORD_LENGTH); 1008 out.attribute( 1009 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.length)); 1010 out.endTag(null, TAG_MIN_PASSWORD_LENGTH); 1011 } 1012 if(passwordHistoryLength != DEF_PASSWORD_HISTORY_LENGTH) { 1013 out.startTag(null, TAG_PASSWORD_HISTORY_LENGTH); 1014 out.attribute(null, ATTR_VALUE, Integer.toString(passwordHistoryLength)); 1015 out.endTag(null, TAG_PASSWORD_HISTORY_LENGTH); 1016 } 1017 if (minimumPasswordMetrics.upperCase != DEF_MINIMUM_PASSWORD_UPPER_CASE) { 1018 out.startTag(null, TAG_MIN_PASSWORD_UPPERCASE); 1019 out.attribute( 1020 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.upperCase)); 1021 out.endTag(null, TAG_MIN_PASSWORD_UPPERCASE); 1022 } 1023 if (minimumPasswordMetrics.lowerCase != DEF_MINIMUM_PASSWORD_LOWER_CASE) { 1024 out.startTag(null, TAG_MIN_PASSWORD_LOWERCASE); 1025 out.attribute( 1026 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.lowerCase)); 1027 out.endTag(null, TAG_MIN_PASSWORD_LOWERCASE); 1028 } 1029 if (minimumPasswordMetrics.letters != DEF_MINIMUM_PASSWORD_LETTERS) { 1030 out.startTag(null, TAG_MIN_PASSWORD_LETTERS); 1031 out.attribute( 1032 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.letters)); 1033 out.endTag(null, TAG_MIN_PASSWORD_LETTERS); 1034 } 1035 if (minimumPasswordMetrics.numeric != DEF_MINIMUM_PASSWORD_NUMERIC) { 1036 out.startTag(null, TAG_MIN_PASSWORD_NUMERIC); 1037 out.attribute( 1038 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.numeric)); 1039 out.endTag(null, TAG_MIN_PASSWORD_NUMERIC); 1040 } 1041 if (minimumPasswordMetrics.symbols != DEF_MINIMUM_PASSWORD_SYMBOLS) { 1042 out.startTag(null, TAG_MIN_PASSWORD_SYMBOLS); 1043 out.attribute( 1044 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.symbols)); 1045 out.endTag(null, TAG_MIN_PASSWORD_SYMBOLS); 1046 } 1047 if (minimumPasswordMetrics.nonLetter > DEF_MINIMUM_PASSWORD_NON_LETTER) { 1048 out.startTag(null, TAG_MIN_PASSWORD_NONLETTER); 1049 out.attribute( 1050 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.nonLetter)); 1051 out.endTag(null, TAG_MIN_PASSWORD_NONLETTER); 1052 } 1053 } 1054 if (passwordBlacklistFile != null) { 1055 out.startTag(null, TAG_PASSWORD_BLACKLIST); 1056 out.attribute(null, ATTR_VALUE, passwordBlacklistFile); 1057 out.endTag(null, TAG_PASSWORD_BLACKLIST); 1058 } 1059 if (maximumTimeToUnlock != DEF_MAXIMUM_TIME_TO_UNLOCK) { 1060 out.startTag(null, TAG_MAX_TIME_TO_UNLOCK); 1061 out.attribute(null, ATTR_VALUE, Long.toString(maximumTimeToUnlock)); 1062 out.endTag(null, TAG_MAX_TIME_TO_UNLOCK); 1063 } 1064 if (strongAuthUnlockTimeout != DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { 1065 out.startTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT); 1066 out.attribute(null, ATTR_VALUE, Long.toString(strongAuthUnlockTimeout)); 1067 out.endTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT); 1068 } 1069 if (maximumFailedPasswordsForWipe != DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) { 1070 out.startTag(null, TAG_MAX_FAILED_PASSWORD_WIPE); 1071 out.attribute(null, ATTR_VALUE, Integer.toString(maximumFailedPasswordsForWipe)); 1072 out.endTag(null, TAG_MAX_FAILED_PASSWORD_WIPE); 1073 } 1074 if (specifiesGlobalProxy) { 1075 out.startTag(null, TAG_SPECIFIES_GLOBAL_PROXY); 1076 out.attribute(null, ATTR_VALUE, Boolean.toString(specifiesGlobalProxy)); 1077 out.endTag(null, TAG_SPECIFIES_GLOBAL_PROXY); 1078 if (globalProxySpec != null) { 1079 out.startTag(null, TAG_GLOBAL_PROXY_SPEC); 1080 out.attribute(null, ATTR_VALUE, globalProxySpec); 1081 out.endTag(null, TAG_GLOBAL_PROXY_SPEC); 1082 } 1083 if (globalProxyExclusionList != null) { 1084 out.startTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST); 1085 out.attribute(null, ATTR_VALUE, globalProxyExclusionList); 1086 out.endTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST); 1087 } 1088 } 1089 if (passwordExpirationTimeout != DEF_PASSWORD_EXPIRATION_TIMEOUT) { 1090 out.startTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT); 1091 out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationTimeout)); 1092 out.endTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT); 1093 } 1094 if (passwordExpirationDate != DEF_PASSWORD_EXPIRATION_DATE) { 1095 out.startTag(null, TAG_PASSWORD_EXPIRATION_DATE); 1096 out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationDate)); 1097 out.endTag(null, TAG_PASSWORD_EXPIRATION_DATE); 1098 } 1099 if (encryptionRequested) { 1100 out.startTag(null, TAG_ENCRYPTION_REQUESTED); 1101 out.attribute(null, ATTR_VALUE, Boolean.toString(encryptionRequested)); 1102 out.endTag(null, TAG_ENCRYPTION_REQUESTED); 1103 } 1104 if (testOnlyAdmin) { 1105 out.startTag(null, TAG_TEST_ONLY_ADMIN); 1106 out.attribute(null, ATTR_VALUE, Boolean.toString(testOnlyAdmin)); 1107 out.endTag(null, TAG_TEST_ONLY_ADMIN); 1108 } 1109 if (disableCamera) { 1110 out.startTag(null, TAG_DISABLE_CAMERA); 1111 out.attribute(null, ATTR_VALUE, Boolean.toString(disableCamera)); 1112 out.endTag(null, TAG_DISABLE_CAMERA); 1113 } 1114 if (disableCallerId) { 1115 out.startTag(null, TAG_DISABLE_CALLER_ID); 1116 out.attribute(null, ATTR_VALUE, Boolean.toString(disableCallerId)); 1117 out.endTag(null, TAG_DISABLE_CALLER_ID); 1118 } 1119 if (disableContactsSearch) { 1120 out.startTag(null, TAG_DISABLE_CONTACTS_SEARCH); 1121 out.attribute(null, ATTR_VALUE, Boolean.toString(disableContactsSearch)); 1122 out.endTag(null, TAG_DISABLE_CONTACTS_SEARCH); 1123 } 1124 if (!disableBluetoothContactSharing) { 1125 out.startTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING); 1126 out.attribute(null, ATTR_VALUE, 1127 Boolean.toString(disableBluetoothContactSharing)); 1128 out.endTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING); 1129 } 1130 if (disableScreenCapture) { 1131 out.startTag(null, TAG_DISABLE_SCREEN_CAPTURE); 1132 out.attribute(null, ATTR_VALUE, Boolean.toString(disableScreenCapture)); 1133 out.endTag(null, TAG_DISABLE_SCREEN_CAPTURE); 1134 } 1135 if (requireAutoTime) { 1136 out.startTag(null, TAG_REQUIRE_AUTO_TIME); 1137 out.attribute(null, ATTR_VALUE, Boolean.toString(requireAutoTime)); 1138 out.endTag(null, TAG_REQUIRE_AUTO_TIME); 1139 } 1140 if (forceEphemeralUsers) { 1141 out.startTag(null, TAG_FORCE_EPHEMERAL_USERS); 1142 out.attribute(null, ATTR_VALUE, Boolean.toString(forceEphemeralUsers)); 1143 out.endTag(null, TAG_FORCE_EPHEMERAL_USERS); 1144 } 1145 if (isNetworkLoggingEnabled) { 1146 out.startTag(null, TAG_IS_NETWORK_LOGGING_ENABLED); 1147 out.attribute(null, ATTR_VALUE, Boolean.toString(isNetworkLoggingEnabled)); 1148 out.attribute(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS, 1149 Integer.toString(numNetworkLoggingNotifications)); 1150 out.attribute(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION, 1151 Long.toString(lastNetworkLoggingNotificationTimeMs)); 1152 out.endTag(null, TAG_IS_NETWORK_LOGGING_ENABLED); 1153 } 1154 if (disabledKeyguardFeatures != DEF_KEYGUARD_FEATURES_DISABLED) { 1155 out.startTag(null, TAG_DISABLE_KEYGUARD_FEATURES); 1156 out.attribute(null, ATTR_VALUE, Integer.toString(disabledKeyguardFeatures)); 1157 out.endTag(null, TAG_DISABLE_KEYGUARD_FEATURES); 1158 } 1159 if (!accountTypesWithManagementDisabled.isEmpty()) { 1160 out.startTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT); 1161 writeAttributeValuesToXml( 1162 out, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled); 1163 out.endTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT); 1164 } 1165 if (!trustAgentInfos.isEmpty()) { 1166 Set<Entry<String, TrustAgentInfo>> set = trustAgentInfos.entrySet(); 1167 out.startTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES); 1168 for (Entry<String, TrustAgentInfo> entry : set) { 1169 TrustAgentInfo trustAgentInfo = entry.getValue(); 1170 out.startTag(null, TAG_TRUST_AGENT_COMPONENT); 1171 out.attribute(null, ATTR_VALUE, entry.getKey()); 1172 if (trustAgentInfo.options != null) { 1173 out.startTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS); 1174 try { 1175 trustAgentInfo.options.saveToXml(out); 1176 } catch (XmlPullParserException e) { 1177 Log.e(LOG_TAG, "Failed to save TrustAgent options", e); 1178 } 1179 out.endTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS); 1180 } 1181 out.endTag(null, TAG_TRUST_AGENT_COMPONENT); 1182 } 1183 out.endTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES); 1184 } 1185 if (crossProfileWidgetProviders != null && !crossProfileWidgetProviders.isEmpty()) { 1186 out.startTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS); 1187 writeAttributeValuesToXml(out, TAG_PROVIDER, crossProfileWidgetProviders); 1188 out.endTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS); 1189 } 1190 writePackageListToXml(out, TAG_PERMITTED_ACCESSIBILITY_SERVICES, 1191 permittedAccessiblityServices); 1192 writePackageListToXml(out, TAG_PERMITTED_IMES, permittedInputMethods); 1193 writePackageListToXml(out, TAG_PERMITTED_NOTIFICATION_LISTENERS, 1194 permittedNotificationListeners); 1195 writePackageListToXml(out, TAG_KEEP_UNINSTALLED_PACKAGES, keepUninstalledPackages); 1196 writePackageListToXml(out, TAG_METERED_DATA_DISABLED_PACKAGES, meteredDisabledPackages); 1197 if (hasUserRestrictions()) { 1198 UserRestrictionsUtils.writeRestrictions( 1199 out, userRestrictions, TAG_USER_RESTRICTIONS); 1200 } 1201 if (!defaultEnabledRestrictionsAlreadySet.isEmpty()) { 1202 out.startTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS); 1203 writeAttributeValuesToXml( 1204 out, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet); 1205 out.endTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS); 1206 } 1207 if (!TextUtils.isEmpty(shortSupportMessage)) { 1208 out.startTag(null, TAG_SHORT_SUPPORT_MESSAGE); 1209 out.text(shortSupportMessage.toString()); 1210 out.endTag(null, TAG_SHORT_SUPPORT_MESSAGE); 1211 } 1212 if (!TextUtils.isEmpty(longSupportMessage)) { 1213 out.startTag(null, TAG_LONG_SUPPORT_MESSAGE); 1214 out.text(longSupportMessage.toString()); 1215 out.endTag(null, TAG_LONG_SUPPORT_MESSAGE); 1216 } 1217 if (parentAdmin != null) { 1218 out.startTag(null, TAG_PARENT_ADMIN); 1219 parentAdmin.writeToXml(out); 1220 out.endTag(null, TAG_PARENT_ADMIN); 1221 } 1222 if (organizationColor != DEF_ORGANIZATION_COLOR) { 1223 out.startTag(null, TAG_ORGANIZATION_COLOR); 1224 out.attribute(null, ATTR_VALUE, Integer.toString(organizationColor)); 1225 out.endTag(null, TAG_ORGANIZATION_COLOR); 1226 } 1227 if (organizationName != null) { 1228 out.startTag(null, TAG_ORGANIZATION_NAME); 1229 out.text(organizationName); 1230 out.endTag(null, TAG_ORGANIZATION_NAME); 1231 } 1232 if (isLogoutEnabled) { 1233 out.startTag(null, TAG_IS_LOGOUT_ENABLED); 1234 out.attribute(null, ATTR_VALUE, Boolean.toString(isLogoutEnabled)); 1235 out.endTag(null, TAG_IS_LOGOUT_ENABLED); 1236 } 1237 if (mandatoryBackupTransport != null) { 1238 out.startTag(null, TAG_MANDATORY_BACKUP_TRANSPORT); 1239 out.attribute(null, ATTR_VALUE, mandatoryBackupTransport.flattenToString()); 1240 out.endTag(null, TAG_MANDATORY_BACKUP_TRANSPORT); 1241 } 1242 if (startUserSessionMessage != null) { 1243 out.startTag(null, TAG_START_USER_SESSION_MESSAGE); 1244 out.text(startUserSessionMessage); 1245 out.endTag(null, TAG_START_USER_SESSION_MESSAGE); 1246 } 1247 if (endUserSessionMessage != null) { 1248 out.startTag(null, TAG_END_USER_SESSION_MESSAGE); 1249 out.text(endUserSessionMessage); 1250 out.endTag(null, TAG_END_USER_SESSION_MESSAGE); 1251 } 1252 } 1253 1254 void writePackageListToXml(XmlSerializer out, String outerTag, 1255 List<String> packageList) 1256 throws IllegalArgumentException, IllegalStateException, IOException { 1257 if (packageList == null) { 1258 return; 1259 } 1260 1261 out.startTag(null, outerTag); 1262 writeAttributeValuesToXml(out, TAG_PACKAGE_LIST_ITEM, packageList); 1263 out.endTag(null, outerTag); 1264 } 1265 1266 void writeAttributeValuesToXml(XmlSerializer out, String tag, 1267 @NonNull Collection<String> values) throws IOException { 1268 for (String value : values) { 1269 out.startTag(null, tag); 1270 out.attribute(null, ATTR_VALUE, value); 1271 out.endTag(null, tag); 1272 } 1273 } 1274 1275 void readFromXml(XmlPullParser parser) 1276 throws XmlPullParserException, IOException { 1277 int outerDepth = parser.getDepth(); 1278 int type; 1279 while ((type=parser.next()) != END_DOCUMENT 1280 && (type != END_TAG || parser.getDepth() > outerDepth)) { 1281 if (type == END_TAG || type == TEXT) { 1282 continue; 1283 } 1284 String tag = parser.getName(); 1285 if (TAG_POLICIES.equals(tag)) { 1286 info.readPoliciesFromXml(parser); 1287 } else if (TAG_PASSWORD_QUALITY.equals(tag)) { 1288 minimumPasswordMetrics.quality = Integer.parseInt( 1289 parser.getAttributeValue(null, ATTR_VALUE)); 1290 } else if (TAG_MIN_PASSWORD_LENGTH.equals(tag)) { 1291 minimumPasswordMetrics.length = Integer.parseInt( 1292 parser.getAttributeValue(null, ATTR_VALUE)); 1293 } else if (TAG_PASSWORD_HISTORY_LENGTH.equals(tag)) { 1294 passwordHistoryLength = Integer.parseInt( 1295 parser.getAttributeValue(null, ATTR_VALUE)); 1296 } else if (TAG_MIN_PASSWORD_UPPERCASE.equals(tag)) { 1297 minimumPasswordMetrics.upperCase = Integer.parseInt( 1298 parser.getAttributeValue(null, ATTR_VALUE)); 1299 } else if (TAG_MIN_PASSWORD_LOWERCASE.equals(tag)) { 1300 minimumPasswordMetrics.lowerCase = Integer.parseInt( 1301 parser.getAttributeValue(null, ATTR_VALUE)); 1302 } else if (TAG_MIN_PASSWORD_LETTERS.equals(tag)) { 1303 minimumPasswordMetrics.letters = Integer.parseInt( 1304 parser.getAttributeValue(null, ATTR_VALUE)); 1305 } else if (TAG_MIN_PASSWORD_NUMERIC.equals(tag)) { 1306 minimumPasswordMetrics.numeric = Integer.parseInt( 1307 parser.getAttributeValue(null, ATTR_VALUE)); 1308 } else if (TAG_MIN_PASSWORD_SYMBOLS.equals(tag)) { 1309 minimumPasswordMetrics.symbols = Integer.parseInt( 1310 parser.getAttributeValue(null, ATTR_VALUE)); 1311 } else if (TAG_MIN_PASSWORD_NONLETTER.equals(tag)) { 1312 minimumPasswordMetrics.nonLetter = Integer.parseInt( 1313 parser.getAttributeValue(null, ATTR_VALUE)); 1314 } else if (TAG_PASSWORD_BLACKLIST.equals(tag)) { 1315 passwordBlacklistFile = parser.getAttributeValue(null, ATTR_VALUE); 1316 }else if (TAG_MAX_TIME_TO_UNLOCK.equals(tag)) { 1317 maximumTimeToUnlock = Long.parseLong( 1318 parser.getAttributeValue(null, ATTR_VALUE)); 1319 } else if (TAG_STRONG_AUTH_UNLOCK_TIMEOUT.equals(tag)) { 1320 strongAuthUnlockTimeout = Long.parseLong( 1321 parser.getAttributeValue(null, ATTR_VALUE)); 1322 } else if (TAG_MAX_FAILED_PASSWORD_WIPE.equals(tag)) { 1323 maximumFailedPasswordsForWipe = Integer.parseInt( 1324 parser.getAttributeValue(null, ATTR_VALUE)); 1325 } else if (TAG_SPECIFIES_GLOBAL_PROXY.equals(tag)) { 1326 specifiesGlobalProxy = Boolean.parseBoolean( 1327 parser.getAttributeValue(null, ATTR_VALUE)); 1328 } else if (TAG_GLOBAL_PROXY_SPEC.equals(tag)) { 1329 globalProxySpec = 1330 parser.getAttributeValue(null, ATTR_VALUE); 1331 } else if (TAG_GLOBAL_PROXY_EXCLUSION_LIST.equals(tag)) { 1332 globalProxyExclusionList = 1333 parser.getAttributeValue(null, ATTR_VALUE); 1334 } else if (TAG_PASSWORD_EXPIRATION_TIMEOUT.equals(tag)) { 1335 passwordExpirationTimeout = Long.parseLong( 1336 parser.getAttributeValue(null, ATTR_VALUE)); 1337 } else if (TAG_PASSWORD_EXPIRATION_DATE.equals(tag)) { 1338 passwordExpirationDate = Long.parseLong( 1339 parser.getAttributeValue(null, ATTR_VALUE)); 1340 } else if (TAG_ENCRYPTION_REQUESTED.equals(tag)) { 1341 encryptionRequested = Boolean.parseBoolean( 1342 parser.getAttributeValue(null, ATTR_VALUE)); 1343 } else if (TAG_TEST_ONLY_ADMIN.equals(tag)) { 1344 testOnlyAdmin = Boolean.parseBoolean( 1345 parser.getAttributeValue(null, ATTR_VALUE)); 1346 } else if (TAG_DISABLE_CAMERA.equals(tag)) { 1347 disableCamera = Boolean.parseBoolean( 1348 parser.getAttributeValue(null, ATTR_VALUE)); 1349 } else if (TAG_DISABLE_CALLER_ID.equals(tag)) { 1350 disableCallerId = Boolean.parseBoolean( 1351 parser.getAttributeValue(null, ATTR_VALUE)); 1352 } else if (TAG_DISABLE_CONTACTS_SEARCH.equals(tag)) { 1353 disableContactsSearch = Boolean.parseBoolean( 1354 parser.getAttributeValue(null, ATTR_VALUE)); 1355 } else if (TAG_DISABLE_BLUETOOTH_CONTACT_SHARING.equals(tag)) { 1356 disableBluetoothContactSharing = Boolean.parseBoolean(parser 1357 .getAttributeValue(null, ATTR_VALUE)); 1358 } else if (TAG_DISABLE_SCREEN_CAPTURE.equals(tag)) { 1359 disableScreenCapture = Boolean.parseBoolean( 1360 parser.getAttributeValue(null, ATTR_VALUE)); 1361 } else if (TAG_REQUIRE_AUTO_TIME.equals(tag)) { 1362 requireAutoTime = Boolean.parseBoolean( 1363 parser.getAttributeValue(null, ATTR_VALUE)); 1364 } else if (TAG_FORCE_EPHEMERAL_USERS.equals(tag)) { 1365 forceEphemeralUsers = Boolean.parseBoolean( 1366 parser.getAttributeValue(null, ATTR_VALUE)); 1367 } else if (TAG_IS_NETWORK_LOGGING_ENABLED.equals(tag)) { 1368 isNetworkLoggingEnabled = Boolean.parseBoolean( 1369 parser.getAttributeValue(null, ATTR_VALUE)); 1370 lastNetworkLoggingNotificationTimeMs = Long.parseLong( 1371 parser.getAttributeValue(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION)); 1372 numNetworkLoggingNotifications = Integer.parseInt( 1373 parser.getAttributeValue(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS)); 1374 } else if (TAG_DISABLE_KEYGUARD_FEATURES.equals(tag)) { 1375 disabledKeyguardFeatures = Integer.parseInt( 1376 parser.getAttributeValue(null, ATTR_VALUE)); 1377 } else if (TAG_DISABLE_ACCOUNT_MANAGEMENT.equals(tag)) { 1378 readAttributeValues( 1379 parser, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled); 1380 } else if (TAG_MANAGE_TRUST_AGENT_FEATURES.equals(tag)) { 1381 trustAgentInfos = getAllTrustAgentInfos(parser, tag); 1382 } else if (TAG_CROSS_PROFILE_WIDGET_PROVIDERS.equals(tag)) { 1383 crossProfileWidgetProviders = new ArrayList<>(); 1384 readAttributeValues(parser, TAG_PROVIDER, crossProfileWidgetProviders); 1385 } else if (TAG_PERMITTED_ACCESSIBILITY_SERVICES.equals(tag)) { 1386 permittedAccessiblityServices = readPackageList(parser, tag); 1387 } else if (TAG_PERMITTED_IMES.equals(tag)) { 1388 permittedInputMethods = readPackageList(parser, tag); 1389 } else if (TAG_PERMITTED_NOTIFICATION_LISTENERS.equals(tag)) { 1390 permittedNotificationListeners = readPackageList(parser, tag); 1391 } else if (TAG_KEEP_UNINSTALLED_PACKAGES.equals(tag)) { 1392 keepUninstalledPackages = readPackageList(parser, tag); 1393 } else if (TAG_METERED_DATA_DISABLED_PACKAGES.equals(tag)) { 1394 meteredDisabledPackages = readPackageList(parser, tag); 1395 } else if (TAG_USER_RESTRICTIONS.equals(tag)) { 1396 userRestrictions = UserRestrictionsUtils.readRestrictions(parser); 1397 } else if (TAG_DEFAULT_ENABLED_USER_RESTRICTIONS.equals(tag)) { 1398 readAttributeValues( 1399 parser, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet); 1400 } else if (TAG_SHORT_SUPPORT_MESSAGE.equals(tag)) { 1401 type = parser.next(); 1402 if (type == XmlPullParser.TEXT) { 1403 shortSupportMessage = parser.getText(); 1404 } else { 1405 Log.w(LOG_TAG, "Missing text when loading short support message"); 1406 } 1407 } else if (TAG_LONG_SUPPORT_MESSAGE.equals(tag)) { 1408 type = parser.next(); 1409 if (type == XmlPullParser.TEXT) { 1410 longSupportMessage = parser.getText(); 1411 } else { 1412 Log.w(LOG_TAG, "Missing text when loading long support message"); 1413 } 1414 } else if (TAG_PARENT_ADMIN.equals(tag)) { 1415 Preconditions.checkState(!isParent); 1416 1417 parentAdmin = new ActiveAdmin(info, /* parent */ true); 1418 parentAdmin.readFromXml(parser); 1419 } else if (TAG_ORGANIZATION_COLOR.equals(tag)) { 1420 organizationColor = Integer.parseInt( 1421 parser.getAttributeValue(null, ATTR_VALUE)); 1422 } else if (TAG_ORGANIZATION_NAME.equals(tag)) { 1423 type = parser.next(); 1424 if (type == XmlPullParser.TEXT) { 1425 organizationName = parser.getText(); 1426 } else { 1427 Log.w(LOG_TAG, "Missing text when loading organization name"); 1428 } 1429 } else if (TAG_IS_LOGOUT_ENABLED.equals(tag)) { 1430 isLogoutEnabled = Boolean.parseBoolean( 1431 parser.getAttributeValue(null, ATTR_VALUE)); 1432 } else if (TAG_MANDATORY_BACKUP_TRANSPORT.equals(tag)) { 1433 mandatoryBackupTransport = ComponentName.unflattenFromString( 1434 parser.getAttributeValue(null, ATTR_VALUE)); 1435 } else if (TAG_START_USER_SESSION_MESSAGE.equals(tag)) { 1436 type = parser.next(); 1437 if (type == XmlPullParser.TEXT) { 1438 startUserSessionMessage = parser.getText(); 1439 } else { 1440 Log.w(LOG_TAG, "Missing text when loading start session message"); 1441 } 1442 } else if (TAG_END_USER_SESSION_MESSAGE.equals(tag)) { 1443 type = parser.next(); 1444 if (type == XmlPullParser.TEXT) { 1445 endUserSessionMessage = parser.getText(); 1446 } else { 1447 Log.w(LOG_TAG, "Missing text when loading end session message"); 1448 } 1449 } else { 1450 Slog.w(LOG_TAG, "Unknown admin tag: " + tag); 1451 XmlUtils.skipCurrentTag(parser); 1452 } 1453 } 1454 } 1455 1456 private List<String> readPackageList(XmlPullParser parser, 1457 String tag) throws XmlPullParserException, IOException { 1458 List<String> result = new ArrayList<String>(); 1459 int outerDepth = parser.getDepth(); 1460 int outerType; 1461 while ((outerType=parser.next()) != XmlPullParser.END_DOCUMENT 1462 && (outerType != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1463 if (outerType == XmlPullParser.END_TAG || outerType == XmlPullParser.TEXT) { 1464 continue; 1465 } 1466 String outerTag = parser.getName(); 1467 if (TAG_PACKAGE_LIST_ITEM.equals(outerTag)) { 1468 String packageName = parser.getAttributeValue(null, ATTR_VALUE); 1469 if (packageName != null) { 1470 result.add(packageName); 1471 } else { 1472 Slog.w(LOG_TAG, "Package name missing under " + outerTag); 1473 } 1474 } else { 1475 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + outerTag); 1476 } 1477 } 1478 return result; 1479 } 1480 1481 private void readAttributeValues( 1482 XmlPullParser parser, String tag, Collection<String> result) 1483 throws XmlPullParserException, IOException { 1484 result.clear(); 1485 int outerDepthDAM = parser.getDepth(); 1486 int typeDAM; 1487 while ((typeDAM=parser.next()) != END_DOCUMENT 1488 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1489 if (typeDAM == END_TAG || typeDAM == TEXT) { 1490 continue; 1491 } 1492 String tagDAM = parser.getName(); 1493 if (tag.equals(tagDAM)) { 1494 result.add(parser.getAttributeValue(null, ATTR_VALUE)); 1495 } else { 1496 Slog.e(LOG_TAG, "Expected tag " + tag + " but found " + tagDAM); 1497 } 1498 } 1499 } 1500 1501 private ArrayMap<String, TrustAgentInfo> getAllTrustAgentInfos( 1502 XmlPullParser parser, String tag) throws XmlPullParserException, IOException { 1503 int outerDepthDAM = parser.getDepth(); 1504 int typeDAM; 1505 final ArrayMap<String, TrustAgentInfo> result = new ArrayMap<>(); 1506 while ((typeDAM=parser.next()) != END_DOCUMENT 1507 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1508 if (typeDAM == END_TAG || typeDAM == TEXT) { 1509 continue; 1510 } 1511 String tagDAM = parser.getName(); 1512 if (TAG_TRUST_AGENT_COMPONENT.equals(tagDAM)) { 1513 final String component = parser.getAttributeValue(null, ATTR_VALUE); 1514 final TrustAgentInfo trustAgentInfo = getTrustAgentInfo(parser, tag); 1515 result.put(component, trustAgentInfo); 1516 } else { 1517 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + tagDAM); 1518 } 1519 } 1520 return result; 1521 } 1522 1523 private TrustAgentInfo getTrustAgentInfo(XmlPullParser parser, String tag) 1524 throws XmlPullParserException, IOException { 1525 int outerDepthDAM = parser.getDepth(); 1526 int typeDAM; 1527 TrustAgentInfo result = new TrustAgentInfo(null); 1528 while ((typeDAM=parser.next()) != END_DOCUMENT 1529 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1530 if (typeDAM == END_TAG || typeDAM == TEXT) { 1531 continue; 1532 } 1533 String tagDAM = parser.getName(); 1534 if (TAG_TRUST_AGENT_COMPONENT_OPTIONS.equals(tagDAM)) { 1535 result.options = PersistableBundle.restoreFromXml(parser); 1536 } else { 1537 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + tagDAM); 1538 } 1539 } 1540 return result; 1541 } 1542 1543 boolean hasUserRestrictions() { 1544 return userRestrictions != null && userRestrictions.size() > 0; 1545 } 1546 1547 Bundle ensureUserRestrictions() { 1548 if (userRestrictions == null) { 1549 userRestrictions = new Bundle(); 1550 } 1551 return userRestrictions; 1552 } 1553 1554 public void transfer(DeviceAdminInfo deviceAdminInfo) { 1555 if (hasParentActiveAdmin()) { 1556 parentAdmin.info = deviceAdminInfo; 1557 } 1558 info = deviceAdminInfo; 1559 } 1560 1561 void dump(String prefix, PrintWriter pw) { 1562 pw.print(prefix); pw.print("uid="); pw.println(getUid()); 1563 pw.print(prefix); pw.print("testOnlyAdmin="); 1564 pw.println(testOnlyAdmin); 1565 pw.print(prefix); pw.println("policies:"); 1566 ArrayList<DeviceAdminInfo.PolicyInfo> pols = info.getUsedPolicies(); 1567 if (pols != null) { 1568 for (int i=0; i<pols.size(); i++) { 1569 pw.print(prefix); pw.print(" "); pw.println(pols.get(i).tag); 1570 } 1571 } 1572 pw.print(prefix); pw.print("passwordQuality=0x"); 1573 pw.println(Integer.toHexString(minimumPasswordMetrics.quality)); 1574 pw.print(prefix); pw.print("minimumPasswordLength="); 1575 pw.println(minimumPasswordMetrics.length); 1576 pw.print(prefix); pw.print("passwordHistoryLength="); 1577 pw.println(passwordHistoryLength); 1578 pw.print(prefix); pw.print("minimumPasswordUpperCase="); 1579 pw.println(minimumPasswordMetrics.upperCase); 1580 pw.print(prefix); pw.print("minimumPasswordLowerCase="); 1581 pw.println(minimumPasswordMetrics.lowerCase); 1582 pw.print(prefix); pw.print("minimumPasswordLetters="); 1583 pw.println(minimumPasswordMetrics.letters); 1584 pw.print(prefix); pw.print("minimumPasswordNumeric="); 1585 pw.println(minimumPasswordMetrics.numeric); 1586 pw.print(prefix); pw.print("minimumPasswordSymbols="); 1587 pw.println(minimumPasswordMetrics.symbols); 1588 pw.print(prefix); pw.print("minimumPasswordNonLetter="); 1589 pw.println(minimumPasswordMetrics.nonLetter); 1590 pw.print(prefix); pw.print("passwordBlacklist="); 1591 pw.println(passwordBlacklistFile != null); 1592 pw.print(prefix); pw.print("maximumTimeToUnlock="); 1593 pw.println(maximumTimeToUnlock); 1594 pw.print(prefix); pw.print("strongAuthUnlockTimeout="); 1595 pw.println(strongAuthUnlockTimeout); 1596 pw.print(prefix); pw.print("maximumFailedPasswordsForWipe="); 1597 pw.println(maximumFailedPasswordsForWipe); 1598 pw.print(prefix); pw.print("specifiesGlobalProxy="); 1599 pw.println(specifiesGlobalProxy); 1600 pw.print(prefix); pw.print("passwordExpirationTimeout="); 1601 pw.println(passwordExpirationTimeout); 1602 pw.print(prefix); pw.print("passwordExpirationDate="); 1603 pw.println(passwordExpirationDate); 1604 if (globalProxySpec != null) { 1605 pw.print(prefix); pw.print("globalProxySpec="); 1606 pw.println(globalProxySpec); 1607 } 1608 if (globalProxyExclusionList != null) { 1609 pw.print(prefix); pw.print("globalProxyEclusionList="); 1610 pw.println(globalProxyExclusionList); 1611 } 1612 pw.print(prefix); pw.print("encryptionRequested="); 1613 pw.println(encryptionRequested); 1614 pw.print(prefix); pw.print("disableCamera="); 1615 pw.println(disableCamera); 1616 pw.print(prefix); pw.print("disableCallerId="); 1617 pw.println(disableCallerId); 1618 pw.print(prefix); pw.print("disableContactsSearch="); 1619 pw.println(disableContactsSearch); 1620 pw.print(prefix); pw.print("disableBluetoothContactSharing="); 1621 pw.println(disableBluetoothContactSharing); 1622 pw.print(prefix); pw.print("disableScreenCapture="); 1623 pw.println(disableScreenCapture); 1624 pw.print(prefix); pw.print("requireAutoTime="); 1625 pw.println(requireAutoTime); 1626 pw.print(prefix); pw.print("forceEphemeralUsers="); 1627 pw.println(forceEphemeralUsers); 1628 pw.print(prefix); pw.print("isNetworkLoggingEnabled="); 1629 pw.println(isNetworkLoggingEnabled); 1630 pw.print(prefix); pw.print("disabledKeyguardFeatures="); 1631 pw.println(disabledKeyguardFeatures); 1632 pw.print(prefix); pw.print("crossProfileWidgetProviders="); 1633 pw.println(crossProfileWidgetProviders); 1634 if (permittedAccessiblityServices != null) { 1635 pw.print(prefix); pw.print("permittedAccessibilityServices="); 1636 pw.println(permittedAccessiblityServices); 1637 } 1638 if (permittedInputMethods != null) { 1639 pw.print(prefix); pw.print("permittedInputMethods="); 1640 pw.println(permittedInputMethods); 1641 } 1642 if (permittedNotificationListeners != null) { 1643 pw.print(prefix); pw.print("permittedNotificationListeners="); 1644 pw.println(permittedNotificationListeners); 1645 } 1646 if (keepUninstalledPackages != null) { 1647 pw.print(prefix); pw.print("keepUninstalledPackages="); 1648 pw.println(keepUninstalledPackages); 1649 } 1650 pw.print(prefix); pw.print("organizationColor="); 1651 pw.println(organizationColor); 1652 if (organizationName != null) { 1653 pw.print(prefix); pw.print("organizationName="); 1654 pw.println(organizationName); 1655 } 1656 pw.print(prefix); pw.println("userRestrictions:"); 1657 UserRestrictionsUtils.dumpRestrictions(pw, prefix + " ", userRestrictions); 1658 pw.print(prefix); pw.print("defaultEnabledRestrictionsAlreadySet="); 1659 pw.println(defaultEnabledRestrictionsAlreadySet); 1660 pw.print(prefix); pw.print("isParent="); 1661 pw.println(isParent); 1662 if (parentAdmin != null) { 1663 pw.print(prefix); pw.println("parentAdmin:"); 1664 parentAdmin.dump(prefix + " ", pw); 1665 } 1666 } 1667 } 1668 1669 private void handlePackagesChanged(@Nullable String packageName, int userHandle) { 1670 boolean removedAdmin = false; 1671 if (VERBOSE_LOG) { 1672 Slog.d(LOG_TAG, "Handling package changes package " + packageName 1673 + " for user " + userHandle); 1674 } 1675 DevicePolicyData policy = getUserData(userHandle); 1676 synchronized (this) { 1677 for (int i = policy.mAdminList.size() - 1; i >= 0; i--) { 1678 ActiveAdmin aa = policy.mAdminList.get(i); 1679 try { 1680 // If we're checking all packages or if the specific one we're checking matches, 1681 // then check if the package and receiver still exist. 1682 final String adminPackage = aa.info.getPackageName(); 1683 if (packageName == null || packageName.equals(adminPackage)) { 1684 if (mIPackageManager.getPackageInfo(adminPackage, 0, userHandle) == null 1685 || mIPackageManager.getReceiverInfo(aa.info.getComponent(), 1686 PackageManager.MATCH_DIRECT_BOOT_AWARE 1687 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 1688 userHandle) == null) { 1689 removedAdmin = true; 1690 policy.mAdminList.remove(i); 1691 policy.mAdminMap.remove(aa.info.getComponent()); 1692 pushActiveAdminPackagesLocked(userHandle); 1693 pushMeteredDisabledPackagesLocked(userHandle); 1694 } 1695 } 1696 } catch (RemoteException re) { 1697 // Shouldn't happen. 1698 } 1699 } 1700 if (removedAdmin) { 1701 validatePasswordOwnerLocked(policy); 1702 } 1703 1704 boolean removedDelegate = false; 1705 1706 // Check if a delegate was removed. 1707 for (int i = policy.mDelegationMap.size() - 1; i >= 0; i--) { 1708 final String delegatePackage = policy.mDelegationMap.keyAt(i); 1709 if (isRemovedPackage(packageName, delegatePackage, userHandle)) { 1710 policy.mDelegationMap.removeAt(i); 1711 removedDelegate = true; 1712 } 1713 } 1714 1715 // If it's an owner package, we may need to refresh the bound connection. 1716 final ComponentName owner = getOwnerComponent(userHandle); 1717 if ((packageName != null) && (owner != null) 1718 && (owner.getPackageName().equals(packageName))) { 1719 startOwnerService(userHandle, "package-broadcast"); 1720 } 1721 1722 // Persist updates if the removed package was an admin or delegate. 1723 if (removedAdmin || removedDelegate) { 1724 saveSettingsLocked(policy.mUserHandle); 1725 } 1726 } 1727 if (removedAdmin) { 1728 // The removed admin might have disabled camera, so update user restrictions. 1729 pushUserRestrictions(userHandle); 1730 } 1731 } 1732 1733 private boolean isRemovedPackage(String changedPackage, String targetPackage, int userHandle) { 1734 try { 1735 return targetPackage != null 1736 && (changedPackage == null || changedPackage.equals(targetPackage)) 1737 && mIPackageManager.getPackageInfo(targetPackage, 0, userHandle) == null; 1738 } catch (RemoteException e) { 1739 // Shouldn't happen 1740 } 1741 1742 return false; 1743 } 1744 1745 /** 1746 * Unit test will subclass it to inject mocks. 1747 */ 1748 @VisibleForTesting 1749 static class Injector { 1750 1751 public final Context mContext; 1752 1753 Injector(Context context) { 1754 mContext = context; 1755 } 1756 1757 public boolean hasFeature() { 1758 return getPackageManager().hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN); 1759 } 1760 1761 Context createContextAsUser(UserHandle user) throws PackageManager.NameNotFoundException { 1762 final String packageName = mContext.getPackageName(); 1763 return mContext.createPackageContextAsUser(packageName, 0, user); 1764 } 1765 1766 Resources getResources() { 1767 return mContext.getResources(); 1768 } 1769 1770 Owners newOwners() { 1771 return new Owners(getUserManager(), getUserManagerInternal(), 1772 getPackageManagerInternal()); 1773 } 1774 1775 UserManager getUserManager() { 1776 return UserManager.get(mContext); 1777 } 1778 1779 UserManagerInternal getUserManagerInternal() { 1780 return LocalServices.getService(UserManagerInternal.class); 1781 } 1782 1783 PackageManagerInternal getPackageManagerInternal() { 1784 return LocalServices.getService(PackageManagerInternal.class); 1785 } 1786 1787 UsageStatsManagerInternal getUsageStatsManagerInternal() { 1788 return LocalServices.getService(UsageStatsManagerInternal.class); 1789 } 1790 1791 NetworkPolicyManagerInternal getNetworkPolicyManagerInternal() { 1792 return LocalServices.getService(NetworkPolicyManagerInternal.class); 1793 } 1794 1795 NotificationManager getNotificationManager() { 1796 return mContext.getSystemService(NotificationManager.class); 1797 } 1798 1799 IIpConnectivityMetrics getIIpConnectivityMetrics() { 1800 return (IIpConnectivityMetrics) IIpConnectivityMetrics.Stub.asInterface( 1801 ServiceManager.getService(IpConnectivityLog.SERVICE_NAME)); 1802 } 1803 1804 PackageManager getPackageManager() { 1805 return mContext.getPackageManager(); 1806 } 1807 1808 PowerManagerInternal getPowerManagerInternal() { 1809 return LocalServices.getService(PowerManagerInternal.class); 1810 } 1811 1812 TelephonyManager getTelephonyManager() { 1813 return TelephonyManager.from(mContext); 1814 } 1815 1816 TrustManager getTrustManager() { 1817 return (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE); 1818 } 1819 1820 AlarmManager getAlarmManager() { 1821 return (AlarmManager) mContext.getSystemService(AlarmManager.class); 1822 } 1823 1824 IWindowManager getIWindowManager() { 1825 return IWindowManager.Stub 1826 .asInterface(ServiceManager.getService(Context.WINDOW_SERVICE)); 1827 } 1828 1829 IActivityManager getIActivityManager() { 1830 return ActivityManager.getService(); 1831 } 1832 1833 ActivityManagerInternal getActivityManagerInternal() { 1834 return LocalServices.getService(ActivityManagerInternal.class); 1835 } 1836 1837 IPackageManager getIPackageManager() { 1838 return AppGlobals.getPackageManager(); 1839 } 1840 1841 IBackupManager getIBackupManager() { 1842 return IBackupManager.Stub.asInterface( 1843 ServiceManager.getService(Context.BACKUP_SERVICE)); 1844 } 1845 1846 IAudioService getIAudioService() { 1847 return IAudioService.Stub.asInterface(ServiceManager.getService(Context.AUDIO_SERVICE)); 1848 } 1849 1850 boolean isBuildDebuggable() { 1851 return Build.IS_DEBUGGABLE; 1852 } 1853 1854 LockPatternUtils newLockPatternUtils() { 1855 return new LockPatternUtils(mContext); 1856 } 1857 1858 PasswordBlacklist newPasswordBlacklist(File file) { 1859 return new PasswordBlacklist(file); 1860 } 1861 1862 boolean storageManagerIsFileBasedEncryptionEnabled() { 1863 return StorageManager.isFileEncryptedNativeOnly(); 1864 } 1865 1866 boolean storageManagerIsNonDefaultBlockEncrypted() { 1867 long identity = Binder.clearCallingIdentity(); 1868 try { 1869 return StorageManager.isNonDefaultBlockEncrypted(); 1870 } finally { 1871 Binder.restoreCallingIdentity(identity); 1872 } 1873 } 1874 1875 boolean storageManagerIsEncrypted() { 1876 return StorageManager.isEncrypted(); 1877 } 1878 1879 boolean storageManagerIsEncryptable() { 1880 return StorageManager.isEncryptable(); 1881 } 1882 1883 Looper getMyLooper() { 1884 return Looper.myLooper(); 1885 } 1886 1887 WifiManager getWifiManager() { 1888 return mContext.getSystemService(WifiManager.class); 1889 } 1890 1891 long binderClearCallingIdentity() { 1892 return Binder.clearCallingIdentity(); 1893 } 1894 1895 void binderRestoreCallingIdentity(long token) { 1896 Binder.restoreCallingIdentity(token); 1897 } 1898 1899 int binderGetCallingUid() { 1900 return Binder.getCallingUid(); 1901 } 1902 1903 int binderGetCallingPid() { 1904 return Binder.getCallingPid(); 1905 } 1906 1907 UserHandle binderGetCallingUserHandle() { 1908 return Binder.getCallingUserHandle(); 1909 } 1910 1911 boolean binderIsCallingUidMyUid() { 1912 return getCallingUid() == Process.myUid(); 1913 } 1914 1915 void binderWithCleanCallingIdentity(@NonNull ThrowingRunnable action) { 1916 Binder.withCleanCallingIdentity(action); 1917 } 1918 1919 final int userHandleGetCallingUserId() { 1920 return UserHandle.getUserId(binderGetCallingUid()); 1921 } 1922 1923 File environmentGetUserSystemDirectory(int userId) { 1924 return Environment.getUserSystemDirectory(userId); 1925 } 1926 1927 void powerManagerGoToSleep(long time, int reason, int flags) { 1928 mContext.getSystemService(PowerManager.class).goToSleep(time, reason, flags); 1929 } 1930 1931 void powerManagerReboot(String reason) { 1932 mContext.getSystemService(PowerManager.class).reboot(reason); 1933 } 1934 1935 void recoverySystemRebootWipeUserData(boolean shutdown, String reason, boolean force, 1936 boolean wipeEuicc) throws IOException { 1937 RecoverySystem.rebootWipeUserData(mContext, shutdown, reason, force, wipeEuicc); 1938 } 1939 1940 boolean systemPropertiesGetBoolean(String key, boolean def) { 1941 return SystemProperties.getBoolean(key, def); 1942 } 1943 1944 long systemPropertiesGetLong(String key, long def) { 1945 return SystemProperties.getLong(key, def); 1946 } 1947 1948 String systemPropertiesGet(String key, String def) { 1949 return SystemProperties.get(key, def); 1950 } 1951 1952 String systemPropertiesGet(String key) { 1953 return SystemProperties.get(key); 1954 } 1955 1956 void systemPropertiesSet(String key, String value) { 1957 SystemProperties.set(key, value); 1958 } 1959 1960 boolean userManagerIsSplitSystemUser() { 1961 return UserManager.isSplitSystemUser(); 1962 } 1963 1964 String getDevicePolicyFilePathForSystemUser() { 1965 return "/data/system/"; 1966 } 1967 1968 PendingIntent pendingIntentGetActivityAsUser(Context context, int requestCode, 1969 @NonNull Intent intent, int flags, Bundle options, UserHandle user) { 1970 return PendingIntent.getActivityAsUser( 1971 context, requestCode, intent, flags, options, user); 1972 } 1973 1974 void registerContentObserver(Uri uri, boolean notifyForDescendents, 1975 ContentObserver observer, int userHandle) { 1976 mContext.getContentResolver().registerContentObserver(uri, notifyForDescendents, 1977 observer, userHandle); 1978 } 1979 1980 int settingsSecureGetIntForUser(String name, int def, int userHandle) { 1981 return Settings.Secure.getIntForUser(mContext.getContentResolver(), 1982 name, def, userHandle); 1983 } 1984 1985 String settingsSecureGetStringForUser(String name, int userHandle) { 1986 return Settings.Secure.getStringForUser(mContext.getContentResolver(), name, 1987 userHandle); 1988 } 1989 1990 void settingsSecurePutIntForUser(String name, int value, int userHandle) { 1991 Settings.Secure.putIntForUser(mContext.getContentResolver(), 1992 name, value, userHandle); 1993 } 1994 1995 void settingsSecurePutStringForUser(String name, String value, int userHandle) { 1996 Settings.Secure.putStringForUser(mContext.getContentResolver(), 1997 name, value, userHandle); 1998 } 1999 2000 void settingsGlobalPutStringForUser(String name, String value, int userHandle) { 2001 Settings.Global.putStringForUser(mContext.getContentResolver(), 2002 name, value, userHandle); 2003 } 2004 2005 void settingsSecurePutInt(String name, int value) { 2006 Settings.Secure.putInt(mContext.getContentResolver(), name, value); 2007 } 2008 2009 int settingsGlobalGetInt(String name, int def) { 2010 return Settings.Global.getInt(mContext.getContentResolver(), name, def); 2011 } 2012 2013 String settingsGlobalGetString(String name) { 2014 return Settings.Global.getString(mContext.getContentResolver(), name); 2015 } 2016 2017 void settingsGlobalPutInt(String name, int value) { 2018 Settings.Global.putInt(mContext.getContentResolver(), name, value); 2019 } 2020 2021 void settingsSecurePutString(String name, String value) { 2022 Settings.Secure.putString(mContext.getContentResolver(), name, value); 2023 } 2024 2025 void settingsGlobalPutString(String name, String value) { 2026 Settings.Global.putString(mContext.getContentResolver(), name, value); 2027 } 2028 2029 void settingsSystemPutString(String name, String value) { 2030 Settings.System.putString(mContext.getContentResolver(), name, value); 2031 } 2032 2033 void securityLogSetLoggingEnabledProperty(boolean enabled) { 2034 SecurityLog.setLoggingEnabledProperty(enabled); 2035 } 2036 2037 boolean securityLogGetLoggingEnabledProperty() { 2038 return SecurityLog.getLoggingEnabledProperty(); 2039 } 2040 2041 boolean securityLogIsLoggingEnabled() { 2042 return SecurityLog.isLoggingEnabled(); 2043 } 2044 2045 KeyChainConnection keyChainBindAsUser(UserHandle user) throws InterruptedException { 2046 return KeyChain.bindAsUser(mContext, user); 2047 } 2048 2049 void postOnSystemServerInitThreadPool(Runnable runnable) { 2050 SystemServerInitThreadPool.get().submit(runnable, LOG_TAG); 2051 } 2052 2053 public TransferOwnershipMetadataManager newTransferOwnershipMetadataManager() { 2054 return new TransferOwnershipMetadataManager(); 2055 } 2056 2057 public void runCryptoSelfTest() { 2058 CryptoTestHelper.runAndLogSelfTest(); 2059 } 2060 } 2061 2062 /** 2063 * Instantiates the service. 2064 */ 2065 public DevicePolicyManagerService(Context context) { 2066 this(new Injector(context)); 2067 } 2068 2069 @VisibleForTesting 2070 DevicePolicyManagerService(Injector injector) { 2071 mInjector = injector; 2072 mContext = Preconditions.checkNotNull(injector.mContext); 2073 mHandler = new Handler(Preconditions.checkNotNull(injector.getMyLooper())); 2074 mConstants = DevicePolicyConstants.loadFromString( 2075 mInjector.settingsGlobalGetString(Global.DEVICE_POLICY_CONSTANTS)); 2076 2077 mOwners = Preconditions.checkNotNull(injector.newOwners()); 2078 2079 mUserManager = Preconditions.checkNotNull(injector.getUserManager()); 2080 mUserManagerInternal = Preconditions.checkNotNull(injector.getUserManagerInternal()); 2081 mUsageStatsManagerInternal = Preconditions.checkNotNull( 2082 injector.getUsageStatsManagerInternal()); 2083 mIPackageManager = Preconditions.checkNotNull(injector.getIPackageManager()); 2084 mTelephonyManager = Preconditions.checkNotNull(injector.getTelephonyManager()); 2085 2086 mLocalService = new LocalService(); 2087 mLockPatternUtils = injector.newLockPatternUtils(); 2088 2089 // TODO: why does SecurityLogMonitor need to be created even when mHasFeature == false? 2090 mSecurityLogMonitor = new SecurityLogMonitor(this); 2091 2092 mHasFeature = mInjector.hasFeature(); 2093 mIsWatch = mInjector.getPackageManager() 2094 .hasSystemFeature(PackageManager.FEATURE_WATCH); 2095 mBackgroundHandler = BackgroundThread.getHandler(); 2096 2097 // Needed when mHasFeature == false, because it controls the certificate warning text. 2098 mCertificateMonitor = new CertificateMonitor(this, mInjector, mBackgroundHandler); 2099 2100 mDeviceAdminServiceController = new DeviceAdminServiceController(this, mConstants); 2101 2102 mOverlayPackagesProvider = new OverlayPackagesProvider(mContext); 2103 2104 mTransferOwnershipMetadataManager = mInjector.newTransferOwnershipMetadataManager(); 2105 2106 if (!mHasFeature) { 2107 // Skip the rest of the initialization 2108 return; 2109 } 2110 2111 IntentFilter filter = new IntentFilter(); 2112 filter.addAction(Intent.ACTION_BOOT_COMPLETED); 2113 filter.addAction(ACTION_EXPIRED_PASSWORD_NOTIFICATION); 2114 filter.addAction(Intent.ACTION_USER_ADDED); 2115 filter.addAction(Intent.ACTION_USER_REMOVED); 2116 filter.addAction(Intent.ACTION_USER_STARTED); 2117 filter.addAction(Intent.ACTION_USER_STOPPED); 2118 filter.addAction(Intent.ACTION_USER_SWITCHED); 2119 filter.addAction(Intent.ACTION_USER_UNLOCKED); 2120 filter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY); 2121 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2122 filter = new IntentFilter(); 2123 filter.addAction(Intent.ACTION_PACKAGE_CHANGED); 2124 filter.addAction(Intent.ACTION_PACKAGE_REMOVED); 2125 filter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE); 2126 filter.addAction(Intent.ACTION_PACKAGE_ADDED); 2127 filter.addDataScheme("package"); 2128 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2129 filter = new IntentFilter(); 2130 filter.addAction(Intent.ACTION_MANAGED_PROFILE_ADDED); 2131 filter.addAction(Intent.ACTION_TIME_CHANGED); 2132 filter.addAction(Intent.ACTION_DATE_CHANGED); 2133 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 2134 2135 LocalServices.addService(DevicePolicyManagerInternal.class, mLocalService); 2136 2137 mSetupContentObserver = new SetupContentObserver(mHandler); 2138 2139 mUserManagerInternal.addUserRestrictionsListener(new RestrictionsListener(mContext)); 2140 } 2141 2142 /** 2143 * Creates and loads the policy data from xml. 2144 * @param userHandle the user for whom to load the policy data 2145 * @return 2146 */ 2147 @NonNull 2148 DevicePolicyData getUserData(int userHandle) { 2149 synchronized (this) { 2150 DevicePolicyData policy = mUserData.get(userHandle); 2151 if (policy == null) { 2152 policy = new DevicePolicyData(userHandle); 2153 mUserData.append(userHandle, policy); 2154 loadSettingsLocked(policy, userHandle); 2155 } 2156 return policy; 2157 } 2158 } 2159 2160 /** 2161 * Creates and loads the policy data from xml for data that is shared between 2162 * various profiles of a user. In contrast to {@link #getUserData(int)} 2163 * it allows access to data of users other than the calling user. 2164 * 2165 * This function should only be used for shared data, e.g. everything regarding 2166 * passwords and should be removed once multiple screen locks are present. 2167 * @param userHandle the user for whom to load the policy data 2168 * @return 2169 */ 2170 DevicePolicyData getUserDataUnchecked(int userHandle) { 2171 long ident = mInjector.binderClearCallingIdentity(); 2172 try { 2173 return getUserData(userHandle); 2174 } finally { 2175 mInjector.binderRestoreCallingIdentity(ident); 2176 } 2177 } 2178 2179 void removeUserData(int userHandle) { 2180 synchronized (this) { 2181 if (userHandle == UserHandle.USER_SYSTEM) { 2182 Slog.w(LOG_TAG, "Tried to remove device policy file for user 0! Ignoring."); 2183 return; 2184 } 2185 mPolicyCache.onUserRemoved(userHandle); 2186 2187 mOwners.removeProfileOwner(userHandle); 2188 mOwners.writeProfileOwner(userHandle); 2189 2190 DevicePolicyData policy = mUserData.get(userHandle); 2191 if (policy != null) { 2192 mUserData.remove(userHandle); 2193 } 2194 File policyFile = new File(mInjector.environmentGetUserSystemDirectory(userHandle), 2195 DEVICE_POLICIES_XML); 2196 policyFile.delete(); 2197 Slog.i(LOG_TAG, "Removed device policy file " + policyFile.getAbsolutePath()); 2198 } 2199 } 2200 2201 void loadOwners() { 2202 synchronized (this) { 2203 mOwners.load(); 2204 setDeviceOwnerSystemPropertyLocked(); 2205 findOwnerComponentIfNecessaryLocked(); 2206 migrateUserRestrictionsIfNecessaryLocked(); 2207 maybeSetDefaultDeviceOwnerUserRestrictionsLocked(); 2208 2209 // TODO PO may not have a class name either due to b/17652534. Address that too. 2210 2211 updateDeviceOwnerLocked(); 2212 } 2213 } 2214 2215 /** Apply default restrictions that haven't been applied to device owners yet. */ 2216 private void maybeSetDefaultDeviceOwnerUserRestrictionsLocked() { 2217 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 2218 if (deviceOwner != null) { 2219 maybeSetDefaultRestrictionsForAdminLocked(mOwners.getDeviceOwnerUserId(), 2220 deviceOwner, UserRestrictionsUtils.getDefaultEnabledForDeviceOwner()); 2221 } 2222 } 2223 2224 /** Apply default restrictions that haven't been applied to profile owners yet. */ 2225 private void maybeSetDefaultProfileOwnerUserRestrictions() { 2226 synchronized (this) { 2227 for (final int userId : mOwners.getProfileOwnerKeys()) { 2228 final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 2229 // The following restrictions used to be applied to managed profiles by different 2230 // means (via Settings or by disabling components). Now they are proper user 2231 // restrictions so we apply them to managed profile owners. Non-managed secondary 2232 // users didn't have those restrictions so we skip them to keep existing behavior. 2233 if (profileOwner == null || !mUserManager.isManagedProfile(userId)) { 2234 continue; 2235 } 2236 maybeSetDefaultRestrictionsForAdminLocked(userId, profileOwner, 2237 UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); 2238 ensureUnknownSourcesRestrictionForProfileOwnerLocked( 2239 userId, profileOwner, false /* newOwner */); 2240 } 2241 } 2242 } 2243 2244 /** 2245 * Checks whether {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES} should be added to the 2246 * set of restrictions for this profile owner. 2247 */ 2248 private void ensureUnknownSourcesRestrictionForProfileOwnerLocked(int userId, 2249 ActiveAdmin profileOwner, boolean newOwner) { 2250 if (newOwner || mInjector.settingsSecureGetIntForUser( 2251 Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId) != 0) { 2252 profileOwner.ensureUserRestrictions().putBoolean( 2253 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true); 2254 saveUserRestrictionsLocked(userId); 2255 mInjector.settingsSecurePutIntForUser( 2256 Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId); 2257 } 2258 } 2259 2260 /** 2261 * Apply default restrictions that haven't been applied to a given admin yet. 2262 */ 2263 private void maybeSetDefaultRestrictionsForAdminLocked( 2264 int userId, ActiveAdmin admin, Set<String> defaultRestrictions) { 2265 if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) { 2266 return; // The same set of default restrictions has been already applied. 2267 } 2268 Slog.i(LOG_TAG, "New user restrictions need to be set by default for user " + userId); 2269 2270 if (VERBOSE_LOG) { 2271 Slog.d(LOG_TAG,"Default enabled restrictions: " 2272 + defaultRestrictions 2273 + ". Restrictions already enabled: " 2274 + admin.defaultEnabledRestrictionsAlreadySet); 2275 } 2276 2277 final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions); 2278 restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet); 2279 if (!restrictionsToSet.isEmpty()) { 2280 for (final String restriction : restrictionsToSet) { 2281 admin.ensureUserRestrictions().putBoolean(restriction, true); 2282 } 2283 admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet); 2284 Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet); 2285 saveUserRestrictionsLocked(userId); 2286 } 2287 } 2288 2289 private void setDeviceOwnerSystemPropertyLocked() { 2290 final boolean deviceProvisioned = 2291 mInjector.settingsGlobalGetInt(Settings.Global.DEVICE_PROVISIONED, 0) != 0; 2292 final boolean hasDeviceOwner = mOwners.hasDeviceOwner(); 2293 // If the device is not provisioned and there is currently no device owner, do not set the 2294 // read-only system property yet, since Device owner may still be provisioned. 2295 if (!hasDeviceOwner && !deviceProvisioned) { 2296 return; 2297 } 2298 // Still at the first stage of CryptKeeper double bounce, mOwners.hasDeviceOwner is 2299 // always false at this point. 2300 if (StorageManager.inCryptKeeperBounce()) { 2301 return; 2302 } 2303 2304 if (!mInjector.systemPropertiesGet(PROPERTY_DEVICE_OWNER_PRESENT, "").isEmpty()) { 2305 Slog.w(LOG_TAG, "Trying to set ro.device_owner, but it has already been set?"); 2306 } else { 2307 final String value = Boolean.toString(hasDeviceOwner); 2308 mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, value); 2309 Slog.i(LOG_TAG, "Set ro.device_owner property to " + value); 2310 2311 if (hasDeviceOwner && mInjector.securityLogGetLoggingEnabledProperty()) { 2312 mSecurityLogMonitor.start(); 2313 mInjector.runCryptoSelfTest(); 2314 maybePauseDeviceWideLoggingLocked(); 2315 } 2316 } 2317 } 2318 2319 private void findOwnerComponentIfNecessaryLocked() { 2320 if (!mOwners.hasDeviceOwner()) { 2321 return; 2322 } 2323 final ComponentName doComponentName = mOwners.getDeviceOwnerComponent(); 2324 2325 if (!TextUtils.isEmpty(doComponentName.getClassName())) { 2326 return; // Already a full component name. 2327 } 2328 2329 final ComponentName doComponent = findAdminComponentWithPackageLocked( 2330 doComponentName.getPackageName(), 2331 mOwners.getDeviceOwnerUserId()); 2332 if (doComponent == null) { 2333 Slog.e(LOG_TAG, "Device-owner isn't registered as device-admin"); 2334 } else { 2335 mOwners.setDeviceOwnerWithRestrictionsMigrated( 2336 doComponent, 2337 mOwners.getDeviceOwnerName(), 2338 mOwners.getDeviceOwnerUserId(), 2339 !mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()); 2340 mOwners.writeDeviceOwner(); 2341 if (VERBOSE_LOG) { 2342 Log.v(LOG_TAG, "Device owner component filled in"); 2343 } 2344 } 2345 } 2346 2347 /** 2348 * We didn't use to persist user restrictions for each owners but only persisted in user 2349 * manager. 2350 */ 2351 private void migrateUserRestrictionsIfNecessaryLocked() { 2352 boolean migrated = false; 2353 // Migrate for the DO. Basically all restrictions should be considered to be set by DO, 2354 // except for the "system controlled" ones. 2355 if (mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()) { 2356 if (VERBOSE_LOG) { 2357 Log.v(LOG_TAG, "Migrating DO user restrictions"); 2358 } 2359 migrated = true; 2360 2361 // Migrate user 0 restrictions to DO. 2362 final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 2363 2364 migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin, 2365 /* exceptionList =*/ null, /* isDeviceOwner =*/ true); 2366 2367 // Push DO user restrictions to user manager. 2368 pushUserRestrictions(UserHandle.USER_SYSTEM); 2369 2370 mOwners.setDeviceOwnerUserRestrictionsMigrated(); 2371 } 2372 2373 // Migrate for POs. 2374 2375 // The following restrictions can be set on secondary users by the device owner, so we 2376 // assume they're not from the PO. 2377 final Set<String> secondaryUserExceptionList = Sets.newArraySet( 2378 UserManager.DISALLOW_OUTGOING_CALLS, 2379 UserManager.DISALLOW_SMS); 2380 2381 for (UserInfo ui : mUserManager.getUsers()) { 2382 final int userId = ui.id; 2383 if (mOwners.getProfileOwnerUserRestrictionsNeedsMigration(userId)) { 2384 if (VERBOSE_LOG) { 2385 Log.v(LOG_TAG, "Migrating PO user restrictions for user " + userId); 2386 } 2387 migrated = true; 2388 2389 final ActiveAdmin profileOwnerAdmin = getProfileOwnerAdminLocked(userId); 2390 2391 final Set<String> exceptionList = 2392 (userId == UserHandle.USER_SYSTEM) ? null : secondaryUserExceptionList; 2393 2394 migrateUserRestrictionsForUser(ui.getUserHandle(), profileOwnerAdmin, 2395 exceptionList, /* isDeviceOwner =*/ false); 2396 2397 // Note if a secondary user has no PO but has a DA that disables camera, we 2398 // don't get here and won't push the camera user restriction to UserManager 2399 // here. That's okay because we'll push user restrictions anyway when a user 2400 // starts. But we still do it because we want to let user manager persist 2401 // upon migration. 2402 pushUserRestrictions(userId); 2403 2404 mOwners.setProfileOwnerUserRestrictionsMigrated(userId); 2405 } 2406 } 2407 if (VERBOSE_LOG && migrated) { 2408 Log.v(LOG_TAG, "User restrictions migrated."); 2409 } 2410 } 2411 2412 private void migrateUserRestrictionsForUser(UserHandle user, ActiveAdmin admin, 2413 Set<String> exceptionList, boolean isDeviceOwner) { 2414 final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions( 2415 user.getIdentifier()); 2416 2417 final Bundle newBaseRestrictions = new Bundle(); 2418 final Bundle newOwnerRestrictions = new Bundle(); 2419 2420 for (String key : origRestrictions.keySet()) { 2421 if (!origRestrictions.getBoolean(key)) { 2422 continue; 2423 } 2424 final boolean canOwnerChange = isDeviceOwner 2425 ? UserRestrictionsUtils.canDeviceOwnerChange(key) 2426 : UserRestrictionsUtils.canProfileOwnerChange(key, user.getIdentifier()); 2427 2428 if (!canOwnerChange || (exceptionList!= null && exceptionList.contains(key))) { 2429 newBaseRestrictions.putBoolean(key, true); 2430 } else { 2431 newOwnerRestrictions.putBoolean(key, true); 2432 } 2433 } 2434 2435 if (VERBOSE_LOG) { 2436 Log.v(LOG_TAG, "origRestrictions=" + origRestrictions); 2437 Log.v(LOG_TAG, "newBaseRestrictions=" + newBaseRestrictions); 2438 Log.v(LOG_TAG, "newOwnerRestrictions=" + newOwnerRestrictions); 2439 } 2440 mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(), 2441 newBaseRestrictions); 2442 2443 if (admin != null) { 2444 admin.ensureUserRestrictions().clear(); 2445 admin.ensureUserRestrictions().putAll(newOwnerRestrictions); 2446 } else { 2447 Slog.w(LOG_TAG, "ActiveAdmin for DO/PO not found. user=" + user.getIdentifier()); 2448 } 2449 saveSettingsLocked(user.getIdentifier()); 2450 } 2451 2452 private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) { 2453 final DevicePolicyData policy = getUserData(userId); 2454 final int n = policy.mAdminList.size(); 2455 ComponentName found = null; 2456 int nFound = 0; 2457 for (int i = 0; i < n; i++) { 2458 final ActiveAdmin admin = policy.mAdminList.get(i); 2459 if (packageName.equals(admin.info.getPackageName())) { 2460 // Found! 2461 if (nFound == 0) { 2462 found = admin.info.getComponent(); 2463 } 2464 nFound++; 2465 } 2466 } 2467 if (nFound > 1) { 2468 Slog.w(LOG_TAG, "Multiple DA found; assume the first one is DO."); 2469 } 2470 return found; 2471 } 2472 2473 /** 2474 * Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration 2475 * reminders. Clears alarm if no expirations are configured. 2476 */ 2477 private void setExpirationAlarmCheckLocked(Context context, int userHandle, boolean parent) { 2478 final long expiration = getPasswordExpirationLocked(null, userHandle, parent); 2479 final long now = System.currentTimeMillis(); 2480 final long timeToExpire = expiration - now; 2481 final long alarmTime; 2482 if (expiration == 0) { 2483 // No expirations are currently configured: Cancel alarm. 2484 alarmTime = 0; 2485 } else if (timeToExpire <= 0) { 2486 // The password has already expired: Repeat every 24 hours. 2487 alarmTime = now + MS_PER_DAY; 2488 } else { 2489 // Selecting the next alarm time: Roll forward to the next 24 hour multiple before 2490 // the expiration time. 2491 long alarmInterval = timeToExpire % MS_PER_DAY; 2492 if (alarmInterval == 0) { 2493 alarmInterval = MS_PER_DAY; 2494 } 2495 alarmTime = now + alarmInterval; 2496 } 2497 2498 long token = mInjector.binderClearCallingIdentity(); 2499 try { 2500 int affectedUserHandle = parent ? getProfileParentId(userHandle) : userHandle; 2501 AlarmManager am = mInjector.getAlarmManager(); 2502 PendingIntent pi = PendingIntent.getBroadcastAsUser(context, REQUEST_EXPIRE_PASSWORD, 2503 new Intent(ACTION_EXPIRED_PASSWORD_NOTIFICATION), 2504 PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_UPDATE_CURRENT, 2505 UserHandle.of(affectedUserHandle)); 2506 am.cancel(pi); 2507 if (alarmTime != 0) { 2508 am.set(AlarmManager.RTC, alarmTime, pi); 2509 } 2510 } finally { 2511 mInjector.binderRestoreCallingIdentity(token); 2512 } 2513 } 2514 2515 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) { 2516 ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who); 2517 if (admin != null 2518 && who.getPackageName().equals(admin.info.getActivityInfo().packageName) 2519 && who.getClassName().equals(admin.info.getActivityInfo().name)) { 2520 return admin; 2521 } 2522 return null; 2523 } 2524 2525 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle, boolean parent) { 2526 if (parent) { 2527 enforceManagedProfile(userHandle, "call APIs on the parent profile"); 2528 } 2529 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 2530 if (admin != null && parent) { 2531 admin = admin.getParentActiveAdmin(); 2532 } 2533 return admin; 2534 } 2535 2536 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy) 2537 throws SecurityException { 2538 final int callingUid = mInjector.binderGetCallingUid(); 2539 2540 ActiveAdmin result = getActiveAdminWithPolicyForUidLocked(who, reqPolicy, callingUid); 2541 if (result != null) { 2542 return result; 2543 } 2544 2545 if (who != null) { 2546 final int userId = UserHandle.getUserId(callingUid); 2547 final DevicePolicyData policy = getUserData(userId); 2548 ActiveAdmin admin = policy.mAdminMap.get(who); 2549 if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { 2550 throw new SecurityException("Admin " + admin.info.getComponent() 2551 + " does not own the device"); 2552 } 2553 if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { 2554 throw new SecurityException("Admin " + admin.info.getComponent() 2555 + " does not own the profile"); 2556 } 2557 throw new SecurityException("Admin " + admin.info.getComponent() 2558 + " did not specify uses-policy for: " 2559 + admin.info.getTagForPolicy(reqPolicy)); 2560 } else { 2561 throw new SecurityException("No active admin owned by uid " 2562 + mInjector.binderGetCallingUid() + " for policy #" + reqPolicy); 2563 } 2564 } 2565 2566 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy, boolean parent) 2567 throws SecurityException { 2568 if (parent) { 2569 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), 2570 "call APIs on the parent profile"); 2571 } 2572 ActiveAdmin admin = getActiveAdminForCallerLocked(who, reqPolicy); 2573 return parent ? admin.getParentActiveAdmin() : admin; 2574 } 2575 /** 2576 * Find the admin for the component and userId bit of the uid, then check 2577 * the admin's uid matches the uid. 2578 */ 2579 private ActiveAdmin getActiveAdminForUidLocked(ComponentName who, int uid) { 2580 final int userId = UserHandle.getUserId(uid); 2581 final DevicePolicyData policy = getUserData(userId); 2582 ActiveAdmin admin = policy.mAdminMap.get(who); 2583 if (admin == null) { 2584 throw new SecurityException("No active admin " + who); 2585 } 2586 if (admin.getUid() != uid) { 2587 throw new SecurityException("Admin " + who + " is not owned by uid " + uid); 2588 } 2589 return admin; 2590 } 2591 2592 private ActiveAdmin getActiveAdminWithPolicyForUidLocked(ComponentName who, int reqPolicy, 2593 int uid) { 2594 // Try to find an admin which can use reqPolicy 2595 final int userId = UserHandle.getUserId(uid); 2596 final DevicePolicyData policy = getUserData(userId); 2597 if (who != null) { 2598 ActiveAdmin admin = policy.mAdminMap.get(who); 2599 if (admin == null) { 2600 throw new SecurityException("No active admin " + who); 2601 } 2602 if (admin.getUid() != uid) { 2603 throw new SecurityException("Admin " + who + " is not owned by uid " + uid); 2604 } 2605 if (isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, userId)) { 2606 return admin; 2607 } 2608 } else { 2609 for (ActiveAdmin admin : policy.mAdminList) { 2610 if (admin.getUid() == uid && isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, 2611 userId)) { 2612 return admin; 2613 } 2614 } 2615 } 2616 2617 return null; 2618 } 2619 2620 @VisibleForTesting 2621 boolean isActiveAdminWithPolicyForUserLocked(ActiveAdmin admin, int reqPolicy, 2622 int userId) { 2623 final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userId); 2624 final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userId); 2625 2626 if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { 2627 return ownsDevice; 2628 } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { 2629 // DO always has the PO power. 2630 return ownsDevice || ownsProfile; 2631 } else { 2632 return admin.info.usesPolicy(reqPolicy); 2633 } 2634 } 2635 2636 void sendAdminCommandLocked(ActiveAdmin admin, String action) { 2637 sendAdminCommandLocked(admin, action, null); 2638 } 2639 2640 void sendAdminCommandLocked(ActiveAdmin admin, String action, BroadcastReceiver result) { 2641 sendAdminCommandLocked(admin, action, null, result); 2642 } 2643 2644 void sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras, 2645 BroadcastReceiver result) { 2646 sendAdminCommandLocked(admin, action, adminExtras, result, false); 2647 } 2648 2649 /** 2650 * Send an update to one specific admin, get notified when that admin returns a result. 2651 * 2652 * @return whether the broadcast was successfully sent 2653 */ 2654 boolean sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras, 2655 BroadcastReceiver result, boolean inForeground) { 2656 Intent intent = new Intent(action); 2657 intent.setComponent(admin.info.getComponent()); 2658 if (UserManager.isDeviceInDemoMode(mContext)) { 2659 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 2660 } 2661 if (action.equals(DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING)) { 2662 intent.putExtra("expiration", admin.passwordExpirationDate); 2663 } 2664 if (inForeground) { 2665 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 2666 } 2667 if (adminExtras != null) { 2668 intent.putExtras(adminExtras); 2669 } 2670 if (mInjector.getPackageManager().queryBroadcastReceiversAsUser( 2671 intent, 2672 PackageManager.MATCH_DEBUG_TRIAGED_MISSING, 2673 admin.getUserHandle()).isEmpty()) { 2674 return false; 2675 } 2676 if (result != null) { 2677 mContext.sendOrderedBroadcastAsUser(intent, admin.getUserHandle(), 2678 null, result, mHandler, Activity.RESULT_OK, null, null); 2679 } else { 2680 mContext.sendBroadcastAsUser(intent, admin.getUserHandle()); 2681 } 2682 return true; 2683 } 2684 2685 /** 2686 * Send an update to all admins of a user that enforce a specified policy. 2687 */ 2688 void sendAdminCommandLocked(String action, int reqPolicy, int userHandle, Bundle adminExtras) { 2689 final DevicePolicyData policy = getUserData(userHandle); 2690 final int count = policy.mAdminList.size(); 2691 for (int i = 0; i < count; i++) { 2692 final ActiveAdmin admin = policy.mAdminList.get(i); 2693 if (admin.info.usesPolicy(reqPolicy)) { 2694 sendAdminCommandLocked(admin, action, adminExtras, null); 2695 } 2696 } 2697 } 2698 2699 /** 2700 * Send an update intent to all admins of a user and its profiles. Only send to admins that 2701 * enforce a specified policy. 2702 */ 2703 private void sendAdminCommandToSelfAndProfilesLocked(String action, int reqPolicy, 2704 int userHandle, Bundle adminExtras) { 2705 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userHandle); 2706 for (int profileId : profileIds) { 2707 sendAdminCommandLocked(action, reqPolicy, profileId, adminExtras); 2708 } 2709 } 2710 2711 /** 2712 * Sends a broadcast to each profile that share the password unlock with the given user id. 2713 */ 2714 private void sendAdminCommandForLockscreenPoliciesLocked( 2715 String action, int reqPolicy, int userHandle) { 2716 final Bundle extras = new Bundle(); 2717 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 2718 if (isSeparateProfileChallengeEnabled(userHandle)) { 2719 sendAdminCommandLocked(action, reqPolicy, userHandle, extras); 2720 } else { 2721 sendAdminCommandToSelfAndProfilesLocked(action, reqPolicy, userHandle, extras); 2722 } 2723 } 2724 2725 void removeActiveAdminLocked(final ComponentName adminReceiver, final int userHandle) { 2726 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 2727 DevicePolicyData policy = getUserData(userHandle); 2728 if (admin != null && !policy.mRemovingAdmins.contains(adminReceiver)) { 2729 policy.mRemovingAdmins.add(adminReceiver); 2730 sendAdminCommandLocked(admin, 2731 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED, 2732 new BroadcastReceiver() { 2733 @Override 2734 public void onReceive(Context context, Intent intent) { 2735 removeAdminArtifacts(adminReceiver, userHandle); 2736 removePackageIfRequired(adminReceiver.getPackageName(), userHandle); 2737 } 2738 }); 2739 } 2740 } 2741 2742 2743 public DeviceAdminInfo findAdmin(ComponentName adminName, int userHandle, 2744 boolean throwForMissingPermission) { 2745 if (!mHasFeature) { 2746 return null; 2747 } 2748 enforceFullCrossUsersPermission(userHandle); 2749 ActivityInfo ai = null; 2750 try { 2751 ai = mIPackageManager.getReceiverInfo(adminName, 2752 PackageManager.GET_META_DATA | 2753 PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS | 2754 PackageManager.MATCH_DIRECT_BOOT_AWARE | 2755 PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userHandle); 2756 } catch (RemoteException e) { 2757 // shouldn't happen. 2758 } 2759 if (ai == null) { 2760 throw new IllegalArgumentException("Unknown admin: " + adminName); 2761 } 2762 2763 if (!permission.BIND_DEVICE_ADMIN.equals(ai.permission)) { 2764 final String message = "DeviceAdminReceiver " + adminName + " must be protected with " 2765 + permission.BIND_DEVICE_ADMIN; 2766 Slog.w(LOG_TAG, message); 2767 if (throwForMissingPermission && 2768 ai.applicationInfo.targetSdkVersion > Build.VERSION_CODES.M) { 2769 throw new IllegalArgumentException(message); 2770 } 2771 } 2772 2773 try { 2774 return new DeviceAdminInfo(mContext, ai); 2775 } catch (XmlPullParserException | IOException e) { 2776 Slog.w(LOG_TAG, "Bad device admin requested for user=" + userHandle + ": " + adminName, 2777 e); 2778 return null; 2779 } 2780 } 2781 2782 private File getPolicyFileDirectory(@UserIdInt int userId) { 2783 return userId == UserHandle.USER_SYSTEM 2784 ? new File(mInjector.getDevicePolicyFilePathForSystemUser()) 2785 : mInjector.environmentGetUserSystemDirectory(userId); 2786 } 2787 2788 private JournaledFile makeJournaledFile(@UserIdInt int userId) { 2789 final String base = new File(getPolicyFileDirectory(userId), DEVICE_POLICIES_XML) 2790 .getAbsolutePath(); 2791 if (VERBOSE_LOG) { 2792 Log.v(LOG_TAG, "Opening " + base); 2793 } 2794 return new JournaledFile(new File(base), new File(base + ".tmp")); 2795 } 2796 2797 private void saveSettingsLocked(int userHandle) { 2798 DevicePolicyData policy = getUserData(userHandle); 2799 JournaledFile journal = makeJournaledFile(userHandle); 2800 FileOutputStream stream = null; 2801 try { 2802 stream = new FileOutputStream(journal.chooseForWrite(), false); 2803 XmlSerializer out = new FastXmlSerializer(); 2804 out.setOutput(stream, StandardCharsets.UTF_8.name()); 2805 out.startDocument(null, true); 2806 2807 out.startTag(null, "policies"); 2808 if (policy.mRestrictionsProvider != null) { 2809 out.attribute(null, ATTR_PERMISSION_PROVIDER, 2810 policy.mRestrictionsProvider.flattenToString()); 2811 } 2812 if (policy.mUserSetupComplete) { 2813 out.attribute(null, ATTR_SETUP_COMPLETE, 2814 Boolean.toString(true)); 2815 } 2816 if (policy.mPaired) { 2817 out.attribute(null, ATTR_DEVICE_PAIRED, 2818 Boolean.toString(true)); 2819 } 2820 if (policy.mDeviceProvisioningConfigApplied) { 2821 out.attribute(null, ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED, 2822 Boolean.toString(true)); 2823 } 2824 if (policy.mUserProvisioningState != DevicePolicyManager.STATE_USER_UNMANAGED) { 2825 out.attribute(null, ATTR_PROVISIONING_STATE, 2826 Integer.toString(policy.mUserProvisioningState)); 2827 } 2828 if (policy.mPermissionPolicy != DevicePolicyManager.PERMISSION_POLICY_PROMPT) { 2829 out.attribute(null, ATTR_PERMISSION_POLICY, 2830 Integer.toString(policy.mPermissionPolicy)); 2831 } 2832 2833 // Serialize delegations. 2834 for (int i = 0; i < policy.mDelegationMap.size(); ++i) { 2835 final String delegatePackage = policy.mDelegationMap.keyAt(i); 2836 final List<String> scopes = policy.mDelegationMap.valueAt(i); 2837 2838 // Every "delegation" tag serializes the information of one delegate-scope pair. 2839 for (String scope : scopes) { 2840 out.startTag(null, "delegation"); 2841 out.attribute(null, "delegatePackage", delegatePackage); 2842 out.attribute(null, "scope", scope); 2843 out.endTag(null, "delegation"); 2844 } 2845 } 2846 2847 final int N = policy.mAdminList.size(); 2848 for (int i=0; i<N; i++) { 2849 ActiveAdmin ap = policy.mAdminList.get(i); 2850 if (ap != null) { 2851 out.startTag(null, "admin"); 2852 out.attribute(null, "name", ap.info.getComponent().flattenToString()); 2853 ap.writeToXml(out); 2854 out.endTag(null, "admin"); 2855 } 2856 } 2857 2858 if (policy.mPasswordOwner >= 0) { 2859 out.startTag(null, "password-owner"); 2860 out.attribute(null, "value", Integer.toString(policy.mPasswordOwner)); 2861 out.endTag(null, "password-owner"); 2862 } 2863 2864 if (policy.mFailedPasswordAttempts != 0) { 2865 out.startTag(null, "failed-password-attempts"); 2866 out.attribute(null, "value", Integer.toString(policy.mFailedPasswordAttempts)); 2867 out.endTag(null, "failed-password-attempts"); 2868 } 2869 2870 // For FDE devices only, we save this flag so we can report on password sufficiency 2871 // before the user enters their password for the first time after a reboot. For 2872 // security reasons, we don't want to store the full set of active password metrics. 2873 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 2874 out.startTag(null, TAG_PASSWORD_VALIDITY); 2875 out.attribute(null, ATTR_VALUE, 2876 Boolean.toString(policy.mPasswordValidAtLastCheckpoint)); 2877 out.endTag(null, TAG_PASSWORD_VALIDITY); 2878 } 2879 2880 for (int i = 0; i < policy.mAcceptedCaCertificates.size(); i++) { 2881 out.startTag(null, TAG_ACCEPTED_CA_CERTIFICATES); 2882 out.attribute(null, ATTR_NAME, policy.mAcceptedCaCertificates.valueAt(i)); 2883 out.endTag(null, TAG_ACCEPTED_CA_CERTIFICATES); 2884 } 2885 2886 for (int i=0; i<policy.mLockTaskPackages.size(); i++) { 2887 String component = policy.mLockTaskPackages.get(i); 2888 out.startTag(null, TAG_LOCK_TASK_COMPONENTS); 2889 out.attribute(null, "name", component); 2890 out.endTag(null, TAG_LOCK_TASK_COMPONENTS); 2891 } 2892 2893 if (policy.mLockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE) { 2894 out.startTag(null, TAG_LOCK_TASK_FEATURES); 2895 out.attribute(null, ATTR_VALUE, Integer.toString(policy.mLockTaskFeatures)); 2896 out.endTag(null, TAG_LOCK_TASK_FEATURES); 2897 } 2898 2899 if (policy.mStatusBarDisabled) { 2900 out.startTag(null, TAG_STATUS_BAR); 2901 out.attribute(null, ATTR_DISABLED, Boolean.toString(policy.mStatusBarDisabled)); 2902 out.endTag(null, TAG_STATUS_BAR); 2903 } 2904 2905 if (policy.doNotAskCredentialsOnBoot) { 2906 out.startTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML); 2907 out.endTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML); 2908 } 2909 2910 for (String id : policy.mAffiliationIds) { 2911 out.startTag(null, TAG_AFFILIATION_ID); 2912 out.attribute(null, ATTR_ID, id); 2913 out.endTag(null, TAG_AFFILIATION_ID); 2914 } 2915 2916 if (policy.mLastSecurityLogRetrievalTime >= 0) { 2917 out.startTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL); 2918 out.attribute(null, ATTR_VALUE, 2919 Long.toString(policy.mLastSecurityLogRetrievalTime)); 2920 out.endTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL); 2921 } 2922 2923 if (policy.mLastBugReportRequestTime >= 0) { 2924 out.startTag(null, TAG_LAST_BUG_REPORT_REQUEST); 2925 out.attribute(null, ATTR_VALUE, 2926 Long.toString(policy.mLastBugReportRequestTime)); 2927 out.endTag(null, TAG_LAST_BUG_REPORT_REQUEST); 2928 } 2929 2930 if (policy.mLastNetworkLogsRetrievalTime >= 0) { 2931 out.startTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL); 2932 out.attribute(null, ATTR_VALUE, 2933 Long.toString(policy.mLastNetworkLogsRetrievalTime)); 2934 out.endTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL); 2935 } 2936 2937 if (policy.mAdminBroadcastPending) { 2938 out.startTag(null, TAG_ADMIN_BROADCAST_PENDING); 2939 out.attribute(null, ATTR_VALUE, 2940 Boolean.toString(policy.mAdminBroadcastPending)); 2941 out.endTag(null, TAG_ADMIN_BROADCAST_PENDING); 2942 } 2943 2944 if (policy.mInitBundle != null) { 2945 out.startTag(null, TAG_INITIALIZATION_BUNDLE); 2946 policy.mInitBundle.saveToXml(out); 2947 out.endTag(null, TAG_INITIALIZATION_BUNDLE); 2948 } 2949 2950 if (policy.mPasswordTokenHandle != 0) { 2951 out.startTag(null, TAG_PASSWORD_TOKEN_HANDLE); 2952 out.attribute(null, ATTR_VALUE, 2953 Long.toString(policy.mPasswordTokenHandle)); 2954 out.endTag(null, TAG_PASSWORD_TOKEN_HANDLE); 2955 } 2956 2957 if (policy.mCurrentInputMethodSet) { 2958 out.startTag(null, TAG_CURRENT_INPUT_METHOD_SET); 2959 out.endTag(null, TAG_CURRENT_INPUT_METHOD_SET); 2960 } 2961 2962 for (final String cert : policy.mOwnerInstalledCaCerts) { 2963 out.startTag(null, TAG_OWNER_INSTALLED_CA_CERT); 2964 out.attribute(null, ATTR_ALIAS, cert); 2965 out.endTag(null, TAG_OWNER_INSTALLED_CA_CERT); 2966 } 2967 2968 out.endTag(null, "policies"); 2969 2970 out.endDocument(); 2971 stream.flush(); 2972 FileUtils.sync(stream); 2973 stream.close(); 2974 journal.commit(); 2975 sendChangedNotification(userHandle); 2976 } catch (XmlPullParserException | IOException e) { 2977 Slog.w(LOG_TAG, "failed writing file", e); 2978 try { 2979 if (stream != null) { 2980 stream.close(); 2981 } 2982 } catch (IOException ex) { 2983 // Ignore 2984 } 2985 journal.rollback(); 2986 } 2987 } 2988 2989 private void sendChangedNotification(int userHandle) { 2990 Intent intent = new Intent(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); 2991 intent.setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 2992 long ident = mInjector.binderClearCallingIdentity(); 2993 try { 2994 mContext.sendBroadcastAsUser(intent, new UserHandle(userHandle)); 2995 } finally { 2996 mInjector.binderRestoreCallingIdentity(ident); 2997 } 2998 } 2999 3000 private void loadSettingsLocked(DevicePolicyData policy, int userHandle) { 3001 JournaledFile journal = makeJournaledFile(userHandle); 3002 FileInputStream stream = null; 3003 File file = journal.chooseForRead(); 3004 boolean needsRewrite = false; 3005 try { 3006 stream = new FileInputStream(file); 3007 XmlPullParser parser = Xml.newPullParser(); 3008 parser.setInput(stream, StandardCharsets.UTF_8.name()); 3009 3010 int type; 3011 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT 3012 && type != XmlPullParser.START_TAG) { 3013 } 3014 String tag = parser.getName(); 3015 if (!"policies".equals(tag)) { 3016 throw new XmlPullParserException( 3017 "Settings do not start with policies tag: found " + tag); 3018 } 3019 3020 // Extract the permission provider component name if available 3021 String permissionProvider = parser.getAttributeValue(null, ATTR_PERMISSION_PROVIDER); 3022 if (permissionProvider != null) { 3023 policy.mRestrictionsProvider = ComponentName.unflattenFromString(permissionProvider); 3024 } 3025 String userSetupComplete = parser.getAttributeValue(null, ATTR_SETUP_COMPLETE); 3026 if (userSetupComplete != null && Boolean.toString(true).equals(userSetupComplete)) { 3027 policy.mUserSetupComplete = true; 3028 } 3029 String paired = parser.getAttributeValue(null, ATTR_DEVICE_PAIRED); 3030 if (paired != null && Boolean.toString(true).equals(paired)) { 3031 policy.mPaired = true; 3032 } 3033 String deviceProvisioningConfigApplied = parser.getAttributeValue(null, 3034 ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED); 3035 if (deviceProvisioningConfigApplied != null 3036 && Boolean.toString(true).equals(deviceProvisioningConfigApplied)) { 3037 policy.mDeviceProvisioningConfigApplied = true; 3038 } 3039 String provisioningState = parser.getAttributeValue(null, ATTR_PROVISIONING_STATE); 3040 if (!TextUtils.isEmpty(provisioningState)) { 3041 policy.mUserProvisioningState = Integer.parseInt(provisioningState); 3042 } 3043 String permissionPolicy = parser.getAttributeValue(null, ATTR_PERMISSION_POLICY); 3044 if (!TextUtils.isEmpty(permissionPolicy)) { 3045 policy.mPermissionPolicy = Integer.parseInt(permissionPolicy); 3046 } 3047 // Check for delegation compatibility with pre-O. 3048 // TODO(edmanp) remove in P. 3049 { 3050 final String certDelegate = parser.getAttributeValue(null, 3051 ATTR_DELEGATED_CERT_INSTALLER); 3052 if (certDelegate != null) { 3053 List<String> scopes = policy.mDelegationMap.get(certDelegate); 3054 if (scopes == null) { 3055 scopes = new ArrayList<>(); 3056 policy.mDelegationMap.put(certDelegate, scopes); 3057 } 3058 if (!scopes.contains(DELEGATION_CERT_INSTALL)) { 3059 scopes.add(DELEGATION_CERT_INSTALL); 3060 needsRewrite = true; 3061 } 3062 } 3063 final String appRestrictionsDelegate = parser.getAttributeValue(null, 3064 ATTR_APPLICATION_RESTRICTIONS_MANAGER); 3065 if (appRestrictionsDelegate != null) { 3066 List<String> scopes = policy.mDelegationMap.get(appRestrictionsDelegate); 3067 if (scopes == null) { 3068 scopes = new ArrayList<>(); 3069 policy.mDelegationMap.put(appRestrictionsDelegate, scopes); 3070 } 3071 if (!scopes.contains(DELEGATION_APP_RESTRICTIONS)) { 3072 scopes.add(DELEGATION_APP_RESTRICTIONS); 3073 needsRewrite = true; 3074 } 3075 } 3076 } 3077 3078 type = parser.next(); 3079 int outerDepth = parser.getDepth(); 3080 policy.mLockTaskPackages.clear(); 3081 policy.mAdminList.clear(); 3082 policy.mAdminMap.clear(); 3083 policy.mAffiliationIds.clear(); 3084 policy.mOwnerInstalledCaCerts.clear(); 3085 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT 3086 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 3087 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 3088 continue; 3089 } 3090 tag = parser.getName(); 3091 if ("admin".equals(tag)) { 3092 String name = parser.getAttributeValue(null, "name"); 3093 try { 3094 DeviceAdminInfo dai = findAdmin( 3095 ComponentName.unflattenFromString(name), userHandle, 3096 /* throwForMissingPermission= */ false); 3097 if (VERBOSE_LOG 3098 && (UserHandle.getUserId(dai.getActivityInfo().applicationInfo.uid) 3099 != userHandle)) { 3100 Slog.w(LOG_TAG, "findAdmin returned an incorrect uid " 3101 + dai.getActivityInfo().applicationInfo.uid + " for user " 3102 + userHandle); 3103 } 3104 if (dai != null) { 3105 ActiveAdmin ap = new ActiveAdmin(dai, /* parent */ false); 3106 ap.readFromXml(parser); 3107 policy.mAdminMap.put(ap.info.getComponent(), ap); 3108 } 3109 } catch (RuntimeException e) { 3110 Slog.w(LOG_TAG, "Failed loading admin " + name, e); 3111 } 3112 } else if ("delegation".equals(tag)) { 3113 // Parse delegation info. 3114 final String delegatePackage = parser.getAttributeValue(null, 3115 "delegatePackage"); 3116 final String scope = parser.getAttributeValue(null, "scope"); 3117 3118 // Get a reference to the scopes list for the delegatePackage. 3119 List<String> scopes = policy.mDelegationMap.get(delegatePackage); 3120 // Or make a new list if none was found. 3121 if (scopes == null) { 3122 scopes = new ArrayList<>(); 3123 policy.mDelegationMap.put(delegatePackage, scopes); 3124 } 3125 // Add the new scope to the list of delegatePackage if it's not already there. 3126 if (!scopes.contains(scope)) { 3127 scopes.add(scope); 3128 } 3129 } else if ("failed-password-attempts".equals(tag)) { 3130 policy.mFailedPasswordAttempts = Integer.parseInt( 3131 parser.getAttributeValue(null, "value")); 3132 } else if ("password-owner".equals(tag)) { 3133 policy.mPasswordOwner = Integer.parseInt( 3134 parser.getAttributeValue(null, "value")); 3135 } else if (TAG_ACCEPTED_CA_CERTIFICATES.equals(tag)) { 3136 policy.mAcceptedCaCertificates.add(parser.getAttributeValue(null, ATTR_NAME)); 3137 } else if (TAG_LOCK_TASK_COMPONENTS.equals(tag)) { 3138 policy.mLockTaskPackages.add(parser.getAttributeValue(null, "name")); 3139 } else if (TAG_LOCK_TASK_FEATURES.equals(tag)) { 3140 policy.mLockTaskFeatures = Integer.parseInt( 3141 parser.getAttributeValue(null, ATTR_VALUE)); 3142 } else if (TAG_STATUS_BAR.equals(tag)) { 3143 policy.mStatusBarDisabled = Boolean.parseBoolean( 3144 parser.getAttributeValue(null, ATTR_DISABLED)); 3145 } else if (DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML.equals(tag)) { 3146 policy.doNotAskCredentialsOnBoot = true; 3147 } else if (TAG_AFFILIATION_ID.equals(tag)) { 3148 policy.mAffiliationIds.add(parser.getAttributeValue(null, ATTR_ID)); 3149 } else if (TAG_LAST_SECURITY_LOG_RETRIEVAL.equals(tag)) { 3150 policy.mLastSecurityLogRetrievalTime = Long.parseLong( 3151 parser.getAttributeValue(null, ATTR_VALUE)); 3152 } else if (TAG_LAST_BUG_REPORT_REQUEST.equals(tag)) { 3153 policy.mLastBugReportRequestTime = Long.parseLong( 3154 parser.getAttributeValue(null, ATTR_VALUE)); 3155 } else if (TAG_LAST_NETWORK_LOG_RETRIEVAL.equals(tag)) { 3156 policy.mLastNetworkLogsRetrievalTime = Long.parseLong( 3157 parser.getAttributeValue(null, ATTR_VALUE)); 3158 } else if (TAG_ADMIN_BROADCAST_PENDING.equals(tag)) { 3159 String pending = parser.getAttributeValue(null, ATTR_VALUE); 3160 policy.mAdminBroadcastPending = Boolean.toString(true).equals(pending); 3161 } else if (TAG_INITIALIZATION_BUNDLE.equals(tag)) { 3162 policy.mInitBundle = PersistableBundle.restoreFromXml(parser); 3163 } else if ("active-password".equals(tag)) { 3164 // Remove password metrics from saved settings, as we no longer wish to store 3165 // these on disk 3166 needsRewrite = true; 3167 } else if (TAG_PASSWORD_VALIDITY.equals(tag)) { 3168 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 3169 // This flag is only used for FDE devices 3170 policy.mPasswordValidAtLastCheckpoint = Boolean.parseBoolean( 3171 parser.getAttributeValue(null, ATTR_VALUE)); 3172 } 3173 } else if (TAG_PASSWORD_TOKEN_HANDLE.equals(tag)) { 3174 policy.mPasswordTokenHandle = Long.parseLong( 3175 parser.getAttributeValue(null, ATTR_VALUE)); 3176 } else if (TAG_CURRENT_INPUT_METHOD_SET.equals(tag)) { 3177 policy.mCurrentInputMethodSet = true; 3178 } else if (TAG_OWNER_INSTALLED_CA_CERT.equals(tag)) { 3179 policy.mOwnerInstalledCaCerts.add(parser.getAttributeValue(null, ATTR_ALIAS)); 3180 } else { 3181 Slog.w(LOG_TAG, "Unknown tag: " + tag); 3182 XmlUtils.skipCurrentTag(parser); 3183 } 3184 } 3185 } catch (FileNotFoundException e) { 3186 // Don't be noisy, this is normal if we haven't defined any policies. 3187 } catch (NullPointerException | NumberFormatException | XmlPullParserException | IOException 3188 | IndexOutOfBoundsException e) { 3189 Slog.w(LOG_TAG, "failed parsing " + file, e); 3190 } 3191 try { 3192 if (stream != null) { 3193 stream.close(); 3194 } 3195 } catch (IOException e) { 3196 // Ignore 3197 } 3198 3199 // Generate a list of admins from the admin map 3200 policy.mAdminList.addAll(policy.mAdminMap.values()); 3201 3202 // Might need to upgrade the file by rewriting it 3203 if (needsRewrite) { 3204 saveSettingsLocked(userHandle); 3205 } 3206 3207 validatePasswordOwnerLocked(policy); 3208 updateMaximumTimeToLockLocked(userHandle); 3209 updateLockTaskPackagesLocked(policy.mLockTaskPackages, userHandle); 3210 updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle); 3211 if (policy.mStatusBarDisabled) { 3212 setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle); 3213 } 3214 } 3215 3216 private void updateLockTaskPackagesLocked(List<String> packages, int userId) { 3217 long ident = mInjector.binderClearCallingIdentity(); 3218 try { 3219 mInjector.getIActivityManager() 3220 .updateLockTaskPackages(userId, packages.toArray(new String[packages.size()])); 3221 } catch (RemoteException e) { 3222 // Not gonna happen. 3223 } finally { 3224 mInjector.binderRestoreCallingIdentity(ident); 3225 } 3226 } 3227 3228 private void updateLockTaskFeaturesLocked(int flags, int userId) { 3229 long ident = mInjector.binderClearCallingIdentity(); 3230 try { 3231 mInjector.getIActivityManager() 3232 .updateLockTaskFeatures(userId, flags); 3233 } catch (RemoteException e) { 3234 // Not gonna happen. 3235 } finally { 3236 mInjector.binderRestoreCallingIdentity(ident); 3237 } 3238 } 3239 3240 private void updateDeviceOwnerLocked() { 3241 long ident = mInjector.binderClearCallingIdentity(); 3242 try { 3243 // TODO This is to prevent DO from getting "clear data"ed, but it should also check the 3244 // user id and also protect all other DAs too. 3245 final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 3246 if (deviceOwnerComponent != null) { 3247 mInjector.getIActivityManager() 3248 .updateDeviceOwner(deviceOwnerComponent.getPackageName()); 3249 } 3250 } catch (RemoteException e) { 3251 // Not gonna happen. 3252 } finally { 3253 mInjector.binderRestoreCallingIdentity(ident); 3254 } 3255 } 3256 3257 static void validateQualityConstant(int quality) { 3258 switch (quality) { 3259 case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED: 3260 case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK: 3261 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: 3262 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: 3263 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: 3264 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: 3265 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: 3266 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: 3267 case DevicePolicyManager.PASSWORD_QUALITY_MANAGED: 3268 return; 3269 } 3270 throw new IllegalArgumentException("Invalid quality constant: 0x" 3271 + Integer.toHexString(quality)); 3272 } 3273 3274 void validatePasswordOwnerLocked(DevicePolicyData policy) { 3275 if (policy.mPasswordOwner >= 0) { 3276 boolean haveOwner = false; 3277 for (int i = policy.mAdminList.size() - 1; i >= 0; i--) { 3278 if (policy.mAdminList.get(i).getUid() == policy.mPasswordOwner) { 3279 haveOwner = true; 3280 break; 3281 } 3282 } 3283 if (!haveOwner) { 3284 Slog.w(LOG_TAG, "Previous password owner " + policy.mPasswordOwner 3285 + " no longer active; disabling"); 3286 policy.mPasswordOwner = -1; 3287 } 3288 } 3289 } 3290 3291 @VisibleForTesting 3292 @Override 3293 void systemReady(int phase) { 3294 if (!mHasFeature) { 3295 return; 3296 } 3297 switch (phase) { 3298 case SystemService.PHASE_LOCK_SETTINGS_READY: 3299 onLockSettingsReady(); 3300 loadAdminDataAsync(); 3301 break; 3302 case SystemService.PHASE_BOOT_COMPLETED: 3303 ensureDeviceOwnerUserStarted(); // TODO Consider better place to do this. 3304 break; 3305 } 3306 } 3307 3308 private void onLockSettingsReady() { 3309 getUserData(UserHandle.USER_SYSTEM); 3310 loadOwners(); 3311 cleanUpOldUsers(); 3312 maybeSetDefaultProfileOwnerUserRestrictions(); 3313 handleStartUser(UserHandle.USER_SYSTEM); 3314 maybeLogStart(); 3315 3316 // Register an observer for watching for user setup complete and settings changes. 3317 mSetupContentObserver.register(); 3318 // Initialize the user setup state, to handle the upgrade case. 3319 updateUserSetupCompleteAndPaired(); 3320 3321 List<String> packageList; 3322 synchronized (this) { 3323 packageList = getKeepUninstalledPackagesLocked(); 3324 } 3325 if (packageList != null) { 3326 mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList); 3327 } 3328 3329 synchronized (this) { 3330 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 3331 if (deviceOwner != null) { 3332 // Push the force-ephemeral-users policy to the user manager. 3333 mUserManagerInternal.setForceEphemeralUsers(deviceOwner.forceEphemeralUsers); 3334 3335 // Update user switcher message to activity manager. 3336 ActivityManagerInternal activityManagerInternal = 3337 mInjector.getActivityManagerInternal(); 3338 activityManagerInternal.setSwitchingFromSystemUserMessage( 3339 deviceOwner.startUserSessionMessage); 3340 activityManagerInternal.setSwitchingToSystemUserMessage( 3341 deviceOwner.endUserSessionMessage); 3342 } 3343 3344 revertTransferOwnershipIfNecessaryLocked(); 3345 } 3346 } 3347 3348 private void revertTransferOwnershipIfNecessaryLocked() { 3349 if (!mTransferOwnershipMetadataManager.metadataFileExists()) { 3350 return; 3351 } 3352 Slog.e(LOG_TAG, "Owner transfer metadata file exists! Reverting transfer."); 3353 final TransferOwnershipMetadataManager.Metadata metadata = 3354 mTransferOwnershipMetadataManager.loadMetadataFile(); 3355 // Revert transfer 3356 if (metadata.adminType.equals(ADMIN_TYPE_PROFILE_OWNER)) { 3357 transferProfileOwnershipLocked(metadata.targetComponent, metadata.sourceComponent, 3358 metadata.userId); 3359 deleteTransferOwnershipMetadataFileLocked(); 3360 deleteTransferOwnershipBundleLocked(metadata.userId); 3361 } else if (metadata.adminType.equals(ADMIN_TYPE_DEVICE_OWNER)) { 3362 transferDeviceOwnershipLocked(metadata.targetComponent, metadata.sourceComponent, 3363 metadata.userId); 3364 deleteTransferOwnershipMetadataFileLocked(); 3365 deleteTransferOwnershipBundleLocked(metadata.userId); 3366 } 3367 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ true); 3368 } 3369 3370 private void maybeLogStart() { 3371 if (!SecurityLog.isLoggingEnabled()) { 3372 return; 3373 } 3374 final String verifiedBootState = 3375 mInjector.systemPropertiesGet("ro.boot.verifiedbootstate"); 3376 final String verityMode = mInjector.systemPropertiesGet("ro.boot.veritymode"); 3377 SecurityLog.writeEvent(SecurityLog.TAG_OS_STARTUP, verifiedBootState, verityMode); 3378 } 3379 3380 private void ensureDeviceOwnerUserStarted() { 3381 final int userId; 3382 synchronized (this) { 3383 if (!mOwners.hasDeviceOwner()) { 3384 return; 3385 } 3386 userId = mOwners.getDeviceOwnerUserId(); 3387 } 3388 if (VERBOSE_LOG) { 3389 Log.v(LOG_TAG, "Starting non-system DO user: " + userId); 3390 } 3391 if (userId != UserHandle.USER_SYSTEM) { 3392 try { 3393 mInjector.getIActivityManager().startUserInBackground(userId); 3394 3395 // STOPSHIP Prevent the DO user from being killed. 3396 3397 } catch (RemoteException e) { 3398 Slog.w(LOG_TAG, "Exception starting user", e); 3399 } 3400 } 3401 } 3402 3403 @Override 3404 void handleStartUser(int userId) { 3405 updateScreenCaptureDisabled(userId, 3406 getScreenCaptureDisabled(null, userId)); 3407 pushUserRestrictions(userId); 3408 3409 startOwnerService(userId, "start-user"); 3410 } 3411 3412 @Override 3413 void handleUnlockUser(int userId) { 3414 startOwnerService(userId, "unlock-user"); 3415 } 3416 3417 @Override 3418 void handleStopUser(int userId) { 3419 stopOwnerService(userId, "stop-user"); 3420 } 3421 3422 private void startOwnerService(int userId, String actionForLog) { 3423 final ComponentName owner = getOwnerComponent(userId); 3424 if (owner != null) { 3425 mDeviceAdminServiceController.startServiceForOwner( 3426 owner.getPackageName(), userId, actionForLog); 3427 } 3428 } 3429 3430 private void stopOwnerService(int userId, String actionForLog) { 3431 mDeviceAdminServiceController.stopServiceForOwner(userId, actionForLog); 3432 } 3433 3434 private void cleanUpOldUsers() { 3435 // This is needed in case the broadcast {@link Intent.ACTION_USER_REMOVED} was not handled 3436 // before reboot 3437 Set<Integer> usersWithProfileOwners; 3438 Set<Integer> usersWithData; 3439 synchronized(this) { 3440 usersWithProfileOwners = mOwners.getProfileOwnerKeys(); 3441 usersWithData = new ArraySet<>(); 3442 for (int i = 0; i < mUserData.size(); i++) { 3443 usersWithData.add(mUserData.keyAt(i)); 3444 } 3445 } 3446 List<UserInfo> allUsers = mUserManager.getUsers(); 3447 3448 Set<Integer> deletedUsers = new ArraySet<>(); 3449 deletedUsers.addAll(usersWithProfileOwners); 3450 deletedUsers.addAll(usersWithData); 3451 for (UserInfo userInfo : allUsers) { 3452 deletedUsers.remove(userInfo.id); 3453 } 3454 for (Integer userId : deletedUsers) { 3455 removeUserData(userId); 3456 } 3457 } 3458 3459 private void handlePasswordExpirationNotification(int userHandle) { 3460 final Bundle adminExtras = new Bundle(); 3461 adminExtras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 3462 3463 synchronized (this) { 3464 final long now = System.currentTimeMillis(); 3465 3466 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 3467 userHandle, /* parent */ false); 3468 final int N = admins.size(); 3469 for (int i = 0; i < N; i++) { 3470 ActiveAdmin admin = admins.get(i); 3471 if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD) 3472 && admin.passwordExpirationTimeout > 0L 3473 && now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS 3474 && admin.passwordExpirationDate > 0L) { 3475 sendAdminCommandLocked(admin, 3476 DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING, adminExtras, null); 3477 } 3478 } 3479 setExpirationAlarmCheckLocked(mContext, userHandle, /* parent */ false); 3480 } 3481 } 3482 3483 /** 3484 * Clean up internal state when the set of installed trusted CA certificates changes. 3485 * 3486 * @param userHandle user to check for. This must be a real user and not, for example, 3487 * {@link UserHandle#ALL}. 3488 * @param installedCertificates the full set of certificate authorities currently installed for 3489 * {@param userHandle}. After calling this function, {@code mAcceptedCaCertificates} will 3490 * correspond to some subset of this. 3491 */ 3492 protected void onInstalledCertificatesChanged(final UserHandle userHandle, 3493 final @NonNull Collection<String> installedCertificates) { 3494 if (!mHasFeature) { 3495 return; 3496 } 3497 enforceManageUsers(); 3498 3499 synchronized (this) { 3500 final DevicePolicyData policy = getUserData(userHandle.getIdentifier()); 3501 3502 boolean changed = false; 3503 changed |= policy.mAcceptedCaCertificates.retainAll(installedCertificates); 3504 changed |= policy.mOwnerInstalledCaCerts.retainAll(installedCertificates); 3505 if (changed) { 3506 saveSettingsLocked(userHandle.getIdentifier()); 3507 } 3508 } 3509 } 3510 3511 /** 3512 * Internal method used by {@link CertificateMonitor}. 3513 */ 3514 protected Set<String> getAcceptedCaCertificates(final UserHandle userHandle) { 3515 if (!mHasFeature) { 3516 return Collections.<String> emptySet(); 3517 } 3518 synchronized (this) { 3519 final DevicePolicyData policy = getUserData(userHandle.getIdentifier()); 3520 return policy.mAcceptedCaCertificates; 3521 } 3522 } 3523 3524 /** 3525 * @param adminReceiver The admin to add 3526 * @param refreshing true = update an active admin, no error 3527 */ 3528 @Override 3529 public void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle) { 3530 if (!mHasFeature) { 3531 return; 3532 } 3533 setActiveAdmin(adminReceiver, refreshing, userHandle, null); 3534 } 3535 3536 private void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle, 3537 Bundle onEnableData) { 3538 mContext.enforceCallingOrSelfPermission( 3539 android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); 3540 enforceFullCrossUsersPermission(userHandle); 3541 3542 DevicePolicyData policy = getUserData(userHandle); 3543 DeviceAdminInfo info = findAdmin(adminReceiver, userHandle, 3544 /* throwForMissingPermission= */ true); 3545 synchronized (this) { 3546 checkActiveAdminPrecondition(adminReceiver, info, policy); 3547 long ident = mInjector.binderClearCallingIdentity(); 3548 try { 3549 final ActiveAdmin existingAdmin 3550 = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3551 if (!refreshing && existingAdmin != null) { 3552 throw new IllegalArgumentException("Admin is already added"); 3553 } 3554 ActiveAdmin newAdmin = new ActiveAdmin(info, /* parent */ false); 3555 newAdmin.testOnlyAdmin = 3556 (existingAdmin != null) ? existingAdmin.testOnlyAdmin 3557 : isPackageTestOnly(adminReceiver.getPackageName(), userHandle); 3558 policy.mAdminMap.put(adminReceiver, newAdmin); 3559 int replaceIndex = -1; 3560 final int N = policy.mAdminList.size(); 3561 for (int i=0; i < N; i++) { 3562 ActiveAdmin oldAdmin = policy.mAdminList.get(i); 3563 if (oldAdmin.info.getComponent().equals(adminReceiver)) { 3564 replaceIndex = i; 3565 break; 3566 } 3567 } 3568 if (replaceIndex == -1) { 3569 policy.mAdminList.add(newAdmin); 3570 enableIfNecessary(info.getPackageName(), userHandle); 3571 mUsageStatsManagerInternal.onActiveAdminAdded( 3572 adminReceiver.getPackageName(), userHandle); 3573 } else { 3574 policy.mAdminList.set(replaceIndex, newAdmin); 3575 } 3576 saveSettingsLocked(userHandle); 3577 sendAdminCommandLocked(newAdmin, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 3578 onEnableData, null); 3579 } finally { 3580 mInjector.binderRestoreCallingIdentity(ident); 3581 } 3582 } 3583 } 3584 3585 private void loadAdminDataAsync() { 3586 mInjector.postOnSystemServerInitThreadPool(() -> { 3587 pushActiveAdminPackages(); 3588 mUsageStatsManagerInternal.onAdminDataAvailable(); 3589 pushAllMeteredRestrictedPackages(); 3590 mInjector.getNetworkPolicyManagerInternal().onAdminDataAvailable(); 3591 }); 3592 } 3593 3594 private void pushActiveAdminPackages() { 3595 synchronized (this) { 3596 final List<UserInfo> users = mUserManager.getUsers(); 3597 for (int i = users.size() - 1; i >= 0; --i) { 3598 final int userId = users.get(i).id; 3599 mUsageStatsManagerInternal.setActiveAdminApps( 3600 getActiveAdminPackagesLocked(userId), userId); 3601 } 3602 } 3603 } 3604 3605 private void pushAllMeteredRestrictedPackages() { 3606 synchronized (this) { 3607 final List<UserInfo> users = mUserManager.getUsers(); 3608 for (int i = users.size() - 1; i >= 0; --i) { 3609 final int userId = users.get(i).id; 3610 mInjector.getNetworkPolicyManagerInternal().setMeteredRestrictedPackagesAsync( 3611 getMeteredDisabledPackagesLocked(userId), userId); 3612 } 3613 } 3614 } 3615 3616 private void pushActiveAdminPackagesLocked(int userId) { 3617 mUsageStatsManagerInternal.setActiveAdminApps( 3618 getActiveAdminPackagesLocked(userId), userId); 3619 } 3620 3621 private Set<String> getActiveAdminPackagesLocked(int userId) { 3622 final DevicePolicyData policy = getUserData(userId); 3623 Set<String> adminPkgs = null; 3624 for (int i = policy.mAdminList.size() - 1; i >= 0; --i) { 3625 final String pkgName = policy.mAdminList.get(i).info.getPackageName(); 3626 if (adminPkgs == null) { 3627 adminPkgs = new ArraySet<>(); 3628 } 3629 adminPkgs.add(pkgName); 3630 } 3631 return adminPkgs; 3632 } 3633 3634 private void transferActiveAdminUncheckedLocked(ComponentName incomingReceiver, 3635 ComponentName outgoingReceiver, int userHandle) { 3636 final DevicePolicyData policy = getUserData(userHandle); 3637 if (!policy.mAdminMap.containsKey(outgoingReceiver) 3638 && policy.mAdminMap.containsKey(incomingReceiver)) { 3639 // Nothing to transfer - the incoming receiver is already the active admin. 3640 return; 3641 } 3642 final DeviceAdminInfo incomingDeviceInfo = findAdmin(incomingReceiver, userHandle, 3643 /* throwForMissingPermission= */ true); 3644 final ActiveAdmin adminToTransfer = policy.mAdminMap.get(outgoingReceiver); 3645 final int oldAdminUid = adminToTransfer.getUid(); 3646 3647 adminToTransfer.transfer(incomingDeviceInfo); 3648 policy.mAdminMap.remove(outgoingReceiver); 3649 policy.mAdminMap.put(incomingReceiver, adminToTransfer); 3650 if (policy.mPasswordOwner == oldAdminUid) { 3651 policy.mPasswordOwner = adminToTransfer.getUid(); 3652 } 3653 3654 saveSettingsLocked(userHandle); 3655 sendAdminCommandLocked(adminToTransfer, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 3656 null, null); 3657 } 3658 3659 private void checkActiveAdminPrecondition(ComponentName adminReceiver, DeviceAdminInfo info, 3660 DevicePolicyData policy) { 3661 if (info == null) { 3662 throw new IllegalArgumentException("Bad admin: " + adminReceiver); 3663 } 3664 if (!info.getActivityInfo().applicationInfo.isInternal()) { 3665 throw new IllegalArgumentException("Only apps in internal storage can be active admin: " 3666 + adminReceiver); 3667 } 3668 if (info.getActivityInfo().applicationInfo.isInstantApp()) { 3669 throw new IllegalArgumentException("Instant apps cannot be device admins: " 3670 + adminReceiver); 3671 } 3672 if (policy.mRemovingAdmins.contains(adminReceiver)) { 3673 throw new IllegalArgumentException( 3674 "Trying to set an admin which is being removed"); 3675 } 3676 } 3677 3678 @Override 3679 public boolean isAdminActive(ComponentName adminReceiver, int userHandle) { 3680 if (!mHasFeature) { 3681 return false; 3682 } 3683 enforceFullCrossUsersPermission(userHandle); 3684 synchronized (this) { 3685 return getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null; 3686 } 3687 } 3688 3689 @Override 3690 public boolean isRemovingAdmin(ComponentName adminReceiver, int userHandle) { 3691 if (!mHasFeature) { 3692 return false; 3693 } 3694 enforceFullCrossUsersPermission(userHandle); 3695 synchronized (this) { 3696 DevicePolicyData policyData = getUserData(userHandle); 3697 return policyData.mRemovingAdmins.contains(adminReceiver); 3698 } 3699 } 3700 3701 @Override 3702 public boolean hasGrantedPolicy(ComponentName adminReceiver, int policyId, int userHandle) { 3703 if (!mHasFeature) { 3704 return false; 3705 } 3706 enforceFullCrossUsersPermission(userHandle); 3707 synchronized (this) { 3708 ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3709 if (administrator == null) { 3710 throw new SecurityException("No active admin " + adminReceiver); 3711 } 3712 return administrator.info.usesPolicy(policyId); 3713 } 3714 } 3715 3716 @Override 3717 @SuppressWarnings("unchecked") 3718 public List<ComponentName> getActiveAdmins(int userHandle) { 3719 if (!mHasFeature) { 3720 return Collections.EMPTY_LIST; 3721 } 3722 3723 enforceFullCrossUsersPermission(userHandle); 3724 synchronized (this) { 3725 DevicePolicyData policy = getUserData(userHandle); 3726 final int N = policy.mAdminList.size(); 3727 if (N <= 0) { 3728 return null; 3729 } 3730 ArrayList<ComponentName> res = new ArrayList<ComponentName>(N); 3731 for (int i=0; i<N; i++) { 3732 res.add(policy.mAdminList.get(i).info.getComponent()); 3733 } 3734 return res; 3735 } 3736 } 3737 3738 @Override 3739 public boolean packageHasActiveAdmins(String packageName, int userHandle) { 3740 if (!mHasFeature) { 3741 return false; 3742 } 3743 enforceFullCrossUsersPermission(userHandle); 3744 synchronized (this) { 3745 DevicePolicyData policy = getUserData(userHandle); 3746 final int N = policy.mAdminList.size(); 3747 for (int i=0; i<N; i++) { 3748 if (policy.mAdminList.get(i).info.getPackageName().equals(packageName)) { 3749 return true; 3750 } 3751 } 3752 return false; 3753 } 3754 } 3755 3756 @Override 3757 public void forceRemoveActiveAdmin(ComponentName adminReceiver, int userHandle) { 3758 if (!mHasFeature) { 3759 return; 3760 } 3761 Preconditions.checkNotNull(adminReceiver, "ComponentName is null"); 3762 enforceShell("forceRemoveActiveAdmin"); 3763 long ident = mInjector.binderClearCallingIdentity(); 3764 try { 3765 synchronized (this) { 3766 if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) { 3767 throw new SecurityException("Attempt to remove non-test admin " 3768 + adminReceiver + " " + userHandle); 3769 } 3770 3771 // If admin is a device or profile owner tidy that up first. 3772 if (isDeviceOwner(adminReceiver, userHandle)) { 3773 clearDeviceOwnerLocked(getDeviceOwnerAdminLocked(), userHandle); 3774 } 3775 if (isProfileOwner(adminReceiver, userHandle)) { 3776 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, 3777 userHandle, /* parent */ false); 3778 clearProfileOwnerLocked(admin, userHandle); 3779 } 3780 } 3781 // Remove the admin skipping sending the broadcast. 3782 removeAdminArtifacts(adminReceiver, userHandle); 3783 Slog.i(LOG_TAG, "Admin " + adminReceiver + " removed from user " + userHandle); 3784 } finally { 3785 mInjector.binderRestoreCallingIdentity(ident); 3786 } 3787 } 3788 3789 private void clearDeviceOwnerUserRestrictionLocked(UserHandle userHandle) { 3790 // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state 3791 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) { 3792 mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle); 3793 } 3794 } 3795 3796 /** 3797 * Return if a given package has testOnly="true", in which case we'll relax certain rules 3798 * for CTS. 3799 * 3800 * DO NOT use this method except in {@link #setActiveAdmin}. Use {@link #isAdminTestOnlyLocked} 3801 * to check wehter an active admin is test-only or not. 3802 * 3803 * The system allows this flag to be changed when an app is updated, which is not good 3804 * for us. So we persist the flag in {@link ActiveAdmin} when an admin is first installed, 3805 * and used the persisted version in actual checks. (See b/31382361 and b/28928996) 3806 */ 3807 private boolean isPackageTestOnly(String packageName, int userHandle) { 3808 final ApplicationInfo ai; 3809 try { 3810 ai = mInjector.getIPackageManager().getApplicationInfo(packageName, 3811 (PackageManager.MATCH_DIRECT_BOOT_AWARE 3812 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE), userHandle); 3813 } catch (RemoteException e) { 3814 throw new IllegalStateException(e); 3815 } 3816 if (ai == null) { 3817 throw new IllegalStateException("Couldn't find package: " 3818 + packageName + " on user " + userHandle); 3819 } 3820 return (ai.flags & ApplicationInfo.FLAG_TEST_ONLY) != 0; 3821 } 3822 3823 /** 3824 * See {@link #isPackageTestOnly}. 3825 */ 3826 private boolean isAdminTestOnlyLocked(ComponentName who, int userHandle) { 3827 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 3828 return (admin != null) && admin.testOnlyAdmin; 3829 } 3830 3831 private void enforceShell(String method) { 3832 final int callingUid = mInjector.binderGetCallingUid(); 3833 if (callingUid != Process.SHELL_UID && callingUid != Process.ROOT_UID) { 3834 throw new SecurityException("Non-shell user attempted to call " + method); 3835 } 3836 } 3837 3838 @Override 3839 public void removeActiveAdmin(ComponentName adminReceiver, int userHandle) { 3840 if (!mHasFeature) { 3841 return; 3842 } 3843 enforceFullCrossUsersPermission(userHandle); 3844 enforceUserUnlocked(userHandle); 3845 synchronized (this) { 3846 ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3847 if (admin == null) { 3848 return; 3849 } 3850 // Active device/profile owners must remain active admins. 3851 if (isDeviceOwner(adminReceiver, userHandle) 3852 || isProfileOwner(adminReceiver, userHandle)) { 3853 Slog.e(LOG_TAG, "Device/profile owner cannot be removed: component=" + 3854 adminReceiver); 3855 return; 3856 } 3857 if (admin.getUid() != mInjector.binderGetCallingUid()) { 3858 mContext.enforceCallingOrSelfPermission( 3859 android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); 3860 } 3861 long ident = mInjector.binderClearCallingIdentity(); 3862 try { 3863 removeActiveAdminLocked(adminReceiver, userHandle); 3864 } finally { 3865 mInjector.binderRestoreCallingIdentity(ident); 3866 } 3867 } 3868 } 3869 3870 @Override 3871 public boolean isSeparateProfileChallengeAllowed(int userHandle) { 3872 ComponentName profileOwner = getProfileOwner(userHandle); 3873 // Profile challenge is supported on N or newer release. 3874 return profileOwner != null && 3875 getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M; 3876 } 3877 3878 @Override 3879 public void setPasswordQuality(ComponentName who, int quality, boolean parent) { 3880 if (!mHasFeature) { 3881 return; 3882 } 3883 Preconditions.checkNotNull(who, "ComponentName is null"); 3884 validateQualityConstant(quality); 3885 3886 final int userId = mInjector.userHandleGetCallingUserId(); 3887 synchronized (this) { 3888 ActiveAdmin ap = getActiveAdminForCallerLocked( 3889 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3890 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 3891 if (metrics.quality != quality) { 3892 metrics.quality = quality; 3893 updatePasswordValidityCheckpointLocked(userId, parent); 3894 } 3895 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 3896 } 3897 } 3898 3899 /** 3900 * Updates a flag that tells us whether the user's password currently satisfies the 3901 * requirements set by all of the user's active admins. The flag is updated both in memory 3902 * and persisted to disk by calling {@link #saveSettingsLocked}, for the value of the flag 3903 * be the correct one upon boot. 3904 * This should be called whenever the password or the admin policies have changed. 3905 */ 3906 @GuardedBy("DevicePolicyManagerService.this") 3907 private void updatePasswordValidityCheckpointLocked(int userHandle, boolean parent) { 3908 final int credentialOwner = getCredentialOwner(userHandle, parent); 3909 DevicePolicyData policy = getUserData(credentialOwner); 3910 policy.mPasswordValidAtLastCheckpoint = 3911 isPasswordSufficientForUserWithoutCheckpointLocked( 3912 policy.mActivePasswordMetrics, userHandle, parent); 3913 3914 saveSettingsLocked(credentialOwner); 3915 } 3916 3917 @Override 3918 public int getPasswordQuality(ComponentName who, int userHandle, boolean parent) { 3919 if (!mHasFeature) { 3920 return PASSWORD_QUALITY_UNSPECIFIED; 3921 } 3922 enforceFullCrossUsersPermission(userHandle); 3923 synchronized (this) { 3924 int mode = PASSWORD_QUALITY_UNSPECIFIED; 3925 3926 if (who != null) { 3927 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 3928 return admin != null ? admin.minimumPasswordMetrics.quality : mode; 3929 } 3930 3931 // Return the strictest policy across all participating admins. 3932 List<ActiveAdmin> admins = 3933 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 3934 final int N = admins.size(); 3935 for (int i = 0; i < N; i++) { 3936 ActiveAdmin admin = admins.get(i); 3937 if (mode < admin.minimumPasswordMetrics.quality) { 3938 mode = admin.minimumPasswordMetrics.quality; 3939 } 3940 } 3941 return mode; 3942 } 3943 } 3944 3945 private List<ActiveAdmin> getActiveAdminsForLockscreenPoliciesLocked( 3946 int userHandle, boolean parent) { 3947 if (!parent && isSeparateProfileChallengeEnabled(userHandle)) { 3948 // If this user has a separate challenge, only return its restrictions. 3949 return getUserDataUnchecked(userHandle).mAdminList; 3950 } else { 3951 // Return all admins for this user and the profiles that are visible from this 3952 // user that do not use a separate work challenge. 3953 ArrayList<ActiveAdmin> admins = new ArrayList<ActiveAdmin>(); 3954 for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { 3955 DevicePolicyData policy = getUserData(userInfo.id); 3956 if (!userInfo.isManagedProfile()) { 3957 admins.addAll(policy.mAdminList); 3958 } else { 3959 // For managed profiles, we always include the policies set on the parent 3960 // profile. Additionally, we include the ones set on the managed profile 3961 // if no separate challenge is in place. 3962 boolean hasSeparateChallenge = isSeparateProfileChallengeEnabled(userInfo.id); 3963 final int N = policy.mAdminList.size(); 3964 for (int i = 0; i < N; i++) { 3965 ActiveAdmin admin = policy.mAdminList.get(i); 3966 if (admin.hasParentActiveAdmin()) { 3967 admins.add(admin.getParentActiveAdmin()); 3968 } 3969 if (!hasSeparateChallenge) { 3970 admins.add(admin); 3971 } 3972 } 3973 } 3974 } 3975 return admins; 3976 } 3977 } 3978 3979 private boolean isSeparateProfileChallengeEnabled(int userHandle) { 3980 long ident = mInjector.binderClearCallingIdentity(); 3981 try { 3982 return mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle); 3983 } finally { 3984 mInjector.binderRestoreCallingIdentity(ident); 3985 } 3986 } 3987 3988 @Override 3989 public void setPasswordMinimumLength(ComponentName who, int length, boolean parent) { 3990 if (!mHasFeature) { 3991 return; 3992 } 3993 Preconditions.checkNotNull(who, "ComponentName is null"); 3994 final int userId = mInjector.userHandleGetCallingUserId(); 3995 synchronized (this) { 3996 ActiveAdmin ap = getActiveAdminForCallerLocked( 3997 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3998 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 3999 if (metrics.length != length) { 4000 metrics.length = length; 4001 updatePasswordValidityCheckpointLocked(userId, parent); 4002 } 4003 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4004 } 4005 } 4006 4007 @Override 4008 public int getPasswordMinimumLength(ComponentName who, int userHandle, boolean parent) { 4009 return getStrictestPasswordRequirement(who, userHandle, parent, 4010 admin -> admin.minimumPasswordMetrics.length, PASSWORD_QUALITY_UNSPECIFIED); 4011 } 4012 4013 @Override 4014 public void setPasswordHistoryLength(ComponentName who, int length, boolean parent) { 4015 if (!mHasFeature) { 4016 return; 4017 } 4018 Preconditions.checkNotNull(who, "ComponentName is null"); 4019 final int userId = mInjector.userHandleGetCallingUserId(); 4020 synchronized (this) { 4021 ActiveAdmin ap = getActiveAdminForCallerLocked( 4022 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4023 if (ap.passwordHistoryLength != length) { 4024 ap.passwordHistoryLength = length; 4025 updatePasswordValidityCheckpointLocked(userId, parent); 4026 } 4027 } 4028 if (SecurityLog.isLoggingEnabled()) { 4029 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 4030 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_HISTORY_LENGTH_SET, 4031 who.getPackageName(), userId, affectedUserId, length); 4032 } 4033 } 4034 4035 @Override 4036 public int getPasswordHistoryLength(ComponentName who, int userHandle, boolean parent) { 4037 return getStrictestPasswordRequirement(who, userHandle, parent, 4038 admin -> admin.passwordHistoryLength, PASSWORD_QUALITY_UNSPECIFIED); 4039 } 4040 4041 @Override 4042 public void setPasswordExpirationTimeout(ComponentName who, long timeout, boolean parent) { 4043 if (!mHasFeature) { 4044 return; 4045 } 4046 Preconditions.checkNotNull(who, "ComponentName is null"); 4047 Preconditions.checkArgumentNonnegative(timeout, "Timeout must be >= 0 ms"); 4048 final int userHandle = mInjector.userHandleGetCallingUserId(); 4049 synchronized (this) { 4050 ActiveAdmin ap = getActiveAdminForCallerLocked( 4051 who, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD, parent); 4052 // Calling this API automatically bumps the expiration date 4053 final long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L; 4054 ap.passwordExpirationDate = expiration; 4055 ap.passwordExpirationTimeout = timeout; 4056 if (timeout > 0L) { 4057 Slog.w(LOG_TAG, "setPasswordExpiration(): password will expire on " 4058 + DateFormat.getDateTimeInstance(DateFormat.DEFAULT, DateFormat.DEFAULT) 4059 .format(new Date(expiration))); 4060 } 4061 saveSettingsLocked(userHandle); 4062 4063 // in case this is the first one, set the alarm on the appropriate user. 4064 setExpirationAlarmCheckLocked(mContext, userHandle, parent); 4065 } 4066 if (SecurityLog.isLoggingEnabled()) { 4067 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 4068 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_EXPIRATION_SET, who.getPackageName(), 4069 userHandle, affectedUserId, timeout); 4070 } 4071 } 4072 4073 /** 4074 * Return a single admin's expiration cycle time, or the min of all cycle times. 4075 * Returns 0 if not configured. 4076 */ 4077 @Override 4078 public long getPasswordExpirationTimeout(ComponentName who, int userHandle, boolean parent) { 4079 if (!mHasFeature) { 4080 return 0L; 4081 } 4082 enforceFullCrossUsersPermission(userHandle); 4083 synchronized (this) { 4084 long timeout = 0L; 4085 4086 if (who != null) { 4087 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4088 return admin != null ? admin.passwordExpirationTimeout : timeout; 4089 } 4090 4091 // Return the strictest policy across all participating admins. 4092 List<ActiveAdmin> admins = 4093 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4094 final int N = admins.size(); 4095 for (int i = 0; i < N; i++) { 4096 ActiveAdmin admin = admins.get(i); 4097 if (timeout == 0L || (admin.passwordExpirationTimeout != 0L 4098 && timeout > admin.passwordExpirationTimeout)) { 4099 timeout = admin.passwordExpirationTimeout; 4100 } 4101 } 4102 return timeout; 4103 } 4104 } 4105 4106 @Override 4107 public boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) { 4108 final int userId = UserHandle.getCallingUserId(); 4109 List<String> changedProviders = null; 4110 4111 synchronized (this) { 4112 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4113 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4114 if (activeAdmin.crossProfileWidgetProviders == null) { 4115 activeAdmin.crossProfileWidgetProviders = new ArrayList<>(); 4116 } 4117 List<String> providers = activeAdmin.crossProfileWidgetProviders; 4118 if (!providers.contains(packageName)) { 4119 providers.add(packageName); 4120 changedProviders = new ArrayList<>(providers); 4121 saveSettingsLocked(userId); 4122 } 4123 } 4124 4125 if (changedProviders != null) { 4126 mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders); 4127 return true; 4128 } 4129 4130 return false; 4131 } 4132 4133 @Override 4134 public boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) { 4135 final int userId = UserHandle.getCallingUserId(); 4136 List<String> changedProviders = null; 4137 4138 synchronized (this) { 4139 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4140 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4141 if (activeAdmin.crossProfileWidgetProviders == null 4142 || activeAdmin.crossProfileWidgetProviders.isEmpty()) { 4143 return false; 4144 } 4145 List<String> providers = activeAdmin.crossProfileWidgetProviders; 4146 if (providers.remove(packageName)) { 4147 changedProviders = new ArrayList<>(providers); 4148 saveSettingsLocked(userId); 4149 } 4150 } 4151 4152 if (changedProviders != null) { 4153 mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders); 4154 return true; 4155 } 4156 4157 return false; 4158 } 4159 4160 @Override 4161 public List<String> getCrossProfileWidgetProviders(ComponentName admin) { 4162 synchronized (this) { 4163 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 4164 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4165 if (activeAdmin.crossProfileWidgetProviders == null 4166 || activeAdmin.crossProfileWidgetProviders.isEmpty()) { 4167 return null; 4168 } 4169 if (mInjector.binderIsCallingUidMyUid()) { 4170 return new ArrayList<>(activeAdmin.crossProfileWidgetProviders); 4171 } else { 4172 return activeAdmin.crossProfileWidgetProviders; 4173 } 4174 } 4175 } 4176 4177 /** 4178 * Return a single admin's expiration date/time, or the min (soonest) for all admins. 4179 * Returns 0 if not configured. 4180 */ 4181 private long getPasswordExpirationLocked(ComponentName who, int userHandle, boolean parent) { 4182 long timeout = 0L; 4183 4184 if (who != null) { 4185 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4186 return admin != null ? admin.passwordExpirationDate : timeout; 4187 } 4188 4189 // Return the strictest policy across all participating admins. 4190 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4191 final int N = admins.size(); 4192 for (int i = 0; i < N; i++) { 4193 ActiveAdmin admin = admins.get(i); 4194 if (timeout == 0L || (admin.passwordExpirationDate != 0 4195 && timeout > admin.passwordExpirationDate)) { 4196 timeout = admin.passwordExpirationDate; 4197 } 4198 } 4199 return timeout; 4200 } 4201 4202 @Override 4203 public long getPasswordExpiration(ComponentName who, int userHandle, boolean parent) { 4204 if (!mHasFeature) { 4205 return 0L; 4206 } 4207 enforceFullCrossUsersPermission(userHandle); 4208 synchronized (this) { 4209 return getPasswordExpirationLocked(who, userHandle, parent); 4210 } 4211 } 4212 4213 @Override 4214 public void setPasswordMinimumUpperCase(ComponentName who, int length, boolean parent) { 4215 if (!mHasFeature) { 4216 return; 4217 } 4218 Preconditions.checkNotNull(who, "ComponentName is null"); 4219 final int userId = mInjector.userHandleGetCallingUserId(); 4220 synchronized (this) { 4221 final ActiveAdmin ap = getActiveAdminForCallerLocked( 4222 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4223 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4224 if (metrics.upperCase != length) { 4225 metrics.upperCase = length; 4226 updatePasswordValidityCheckpointLocked(userId, parent); 4227 } 4228 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4229 } 4230 } 4231 4232 @Override 4233 public int getPasswordMinimumUpperCase(ComponentName who, int userHandle, boolean parent) { 4234 return getStrictestPasswordRequirement(who, userHandle, parent, 4235 admin -> admin.minimumPasswordMetrics.upperCase, PASSWORD_QUALITY_COMPLEX); 4236 } 4237 4238 @Override 4239 public void setPasswordMinimumLowerCase(ComponentName who, int length, boolean parent) { 4240 Preconditions.checkNotNull(who, "ComponentName is null"); 4241 final int userId = mInjector.userHandleGetCallingUserId(); 4242 synchronized (this) { 4243 ActiveAdmin ap = getActiveAdminForCallerLocked( 4244 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4245 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4246 if (metrics.lowerCase != length) { 4247 metrics.lowerCase = length; 4248 updatePasswordValidityCheckpointLocked(userId, parent); 4249 } 4250 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4251 } 4252 } 4253 4254 @Override 4255 public int getPasswordMinimumLowerCase(ComponentName who, int userHandle, boolean parent) { 4256 return getStrictestPasswordRequirement(who, userHandle, parent, 4257 admin -> admin.minimumPasswordMetrics.lowerCase, PASSWORD_QUALITY_COMPLEX); 4258 } 4259 4260 @Override 4261 public void setPasswordMinimumLetters(ComponentName who, int length, boolean parent) { 4262 if (!mHasFeature) { 4263 return; 4264 } 4265 Preconditions.checkNotNull(who, "ComponentName is null"); 4266 final int userId = mInjector.userHandleGetCallingUserId(); 4267 synchronized (this) { 4268 ActiveAdmin ap = getActiveAdminForCallerLocked( 4269 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4270 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4271 if (metrics.letters != length) { 4272 metrics.letters = length; 4273 updatePasswordValidityCheckpointLocked(userId, parent); 4274 } 4275 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4276 } 4277 } 4278 4279 @Override 4280 public int getPasswordMinimumLetters(ComponentName who, int userHandle, boolean parent) { 4281 return getStrictestPasswordRequirement(who, userHandle, parent, 4282 admin -> admin.minimumPasswordMetrics.letters, PASSWORD_QUALITY_COMPLEX); 4283 } 4284 4285 @Override 4286 public void setPasswordMinimumNumeric(ComponentName who, int length, boolean parent) { 4287 if (!mHasFeature) { 4288 return; 4289 } 4290 Preconditions.checkNotNull(who, "ComponentName is null"); 4291 final int userId = mInjector.userHandleGetCallingUserId(); 4292 synchronized (this) { 4293 ActiveAdmin ap = getActiveAdminForCallerLocked( 4294 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4295 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4296 if (metrics.numeric != length) { 4297 metrics.numeric = length; 4298 updatePasswordValidityCheckpointLocked(userId, parent); 4299 } 4300 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4301 } 4302 } 4303 4304 @Override 4305 public int getPasswordMinimumNumeric(ComponentName who, int userHandle, boolean parent) { 4306 return getStrictestPasswordRequirement(who, userHandle, parent, 4307 admin -> admin.minimumPasswordMetrics.numeric, PASSWORD_QUALITY_COMPLEX); 4308 } 4309 4310 @Override 4311 public void setPasswordMinimumSymbols(ComponentName who, int length, boolean parent) { 4312 if (!mHasFeature) { 4313 return; 4314 } 4315 Preconditions.checkNotNull(who, "ComponentName is null"); 4316 final int userId = mInjector.userHandleGetCallingUserId(); 4317 synchronized (this) { 4318 ActiveAdmin ap = getActiveAdminForCallerLocked( 4319 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4320 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4321 if (metrics.symbols != length) { 4322 ap.minimumPasswordMetrics.symbols = length; 4323 updatePasswordValidityCheckpointLocked(userId, parent); 4324 } 4325 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4326 } 4327 } 4328 4329 @Override 4330 public int getPasswordMinimumSymbols(ComponentName who, int userHandle, boolean parent) { 4331 return getStrictestPasswordRequirement(who, userHandle, parent, 4332 admin -> admin.minimumPasswordMetrics.symbols, PASSWORD_QUALITY_COMPLEX); 4333 } 4334 4335 @Override 4336 public void setPasswordMinimumNonLetter(ComponentName who, int length, boolean parent) { 4337 if (!mHasFeature) { 4338 return; 4339 } 4340 Preconditions.checkNotNull(who, "ComponentName is null"); 4341 final int userId = mInjector.userHandleGetCallingUserId(); 4342 synchronized (this) { 4343 ActiveAdmin ap = getActiveAdminForCallerLocked( 4344 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4345 final PasswordMetrics metrics = ap.minimumPasswordMetrics; 4346 if (metrics.nonLetter != length) { 4347 ap.minimumPasswordMetrics.nonLetter = length; 4348 updatePasswordValidityCheckpointLocked(userId, parent); 4349 } 4350 maybeLogPasswordComplexitySet(who, userId, parent, metrics); 4351 } 4352 } 4353 4354 @Override 4355 public int getPasswordMinimumNonLetter(ComponentName who, int userHandle, boolean parent) { 4356 return getStrictestPasswordRequirement(who, userHandle, parent, 4357 admin -> admin.minimumPasswordMetrics.nonLetter, PASSWORD_QUALITY_COMPLEX); 4358 } 4359 4360 /** 4361 * Calculates strictest (maximum) value for a given password property enforced by admin[s]. 4362 */ 4363 private int getStrictestPasswordRequirement(ComponentName who, int userHandle, 4364 boolean parent, Function<ActiveAdmin, Integer> getter, int minimumPasswordQuality) { 4365 if (!mHasFeature) { 4366 return 0; 4367 } 4368 enforceFullCrossUsersPermission(userHandle); 4369 synchronized (this) { 4370 if (who != null) { 4371 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4372 return admin != null ? getter.apply(admin) : 0; 4373 } 4374 4375 int maxValue = 0; 4376 final List<ActiveAdmin> admins = 4377 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4378 final int N = admins.size(); 4379 for (int i = 0; i < N; i++) { 4380 final ActiveAdmin admin = admins.get(i); 4381 if (!isLimitPasswordAllowed(admin, minimumPasswordQuality)) { 4382 continue; 4383 } 4384 final Integer adminValue = getter.apply(admin); 4385 if (adminValue > maxValue) { 4386 maxValue = adminValue; 4387 } 4388 } 4389 return maxValue; 4390 } 4391 } 4392 4393 /* @return the password blacklist set by the admin or {@code null} if none. */ 4394 PasswordBlacklist getAdminPasswordBlacklistLocked(@NonNull ActiveAdmin admin) { 4395 final int userId = UserHandle.getUserId(admin.getUid()); 4396 return admin.passwordBlacklistFile == null ? null : new PasswordBlacklist( 4397 new File(getPolicyFileDirectory(userId), admin.passwordBlacklistFile)); 4398 } 4399 4400 private static final String PASSWORD_BLACKLIST_FILE_PREFIX = "password-blacklist-"; 4401 private static final String PASSWORD_BLACKLIST_FILE_SUFFIX = ""; 4402 4403 @Override 4404 public boolean setPasswordBlacklist(ComponentName who, String name, List<String> blacklist, 4405 boolean parent) { 4406 if (!mHasFeature) { 4407 return false; 4408 } 4409 Preconditions.checkNotNull(who, "who is null"); 4410 4411 synchronized (this) { 4412 final ActiveAdmin admin = getActiveAdminForCallerLocked( 4413 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 4414 final int userId = mInjector.userHandleGetCallingUserId(); 4415 PasswordBlacklist adminBlacklist = getAdminPasswordBlacklistLocked(admin); 4416 4417 if (blacklist == null || blacklist.isEmpty()) { 4418 // Remove the adminBlacklist 4419 admin.passwordBlacklistFile = null; 4420 saveSettingsLocked(userId); 4421 if (adminBlacklist != null) { 4422 adminBlacklist.delete(); 4423 } 4424 return true; 4425 } 4426 4427 // Validate server side 4428 Preconditions.checkNotNull(name, "name is null"); 4429 DevicePolicyManager.enforcePasswordBlacklistSize(blacklist); 4430 4431 // Blacklist is case insensitive so normalize to lower case 4432 final int blacklistSize = blacklist.size(); 4433 for (int i = 0; i < blacklistSize; ++i) { 4434 blacklist.set(i, blacklist.get(i).toLowerCase()); 4435 } 4436 4437 final boolean isNewBlacklist = adminBlacklist == null; 4438 if (isNewBlacklist) { 4439 // Create a new file for the blacklist. There could be multiple admins, each setting 4440 // different blacklists, to restrict a user's credential, for example a managed 4441 // profile can impose restrictions on its parent while the parent is already 4442 // restricted by its own admin. A deterministic naming scheme would be fragile if 4443 // new types of admin are introduced so we generate and save the file name instead. 4444 // This isn't a temporary file but it reuses the name generation logic 4445 final File file; 4446 try { 4447 file = File.createTempFile(PASSWORD_BLACKLIST_FILE_PREFIX, 4448 PASSWORD_BLACKLIST_FILE_SUFFIX, getPolicyFileDirectory(userId)); 4449 } catch (IOException e) { 4450 Slog.e(LOG_TAG, "Failed to make a file for the blacklist", e); 4451 return false; 4452 } 4453 adminBlacklist = mInjector.newPasswordBlacklist(file); 4454 } 4455 4456 if (adminBlacklist.savePasswordBlacklist(name, blacklist)) { 4457 if (isNewBlacklist) { 4458 // The blacklist was saved so point the admin to the file 4459 admin.passwordBlacklistFile = adminBlacklist.getFile().getName(); 4460 saveSettingsLocked(userId); 4461 } 4462 return true; 4463 } 4464 } 4465 4466 return false; 4467 } 4468 4469 @Override 4470 public String getPasswordBlacklistName(ComponentName who, @UserIdInt int userId, 4471 boolean parent) { 4472 if (!mHasFeature) { 4473 return null; 4474 } 4475 Preconditions.checkNotNull(who, "who is null"); 4476 enforceFullCrossUsersPermission(userId); 4477 synchronized (this) { 4478 final ActiveAdmin admin = getActiveAdminForCallerLocked( 4479 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 4480 final PasswordBlacklist blacklist = getAdminPasswordBlacklistLocked(admin); 4481 if (blacklist == null) { 4482 return null; 4483 } 4484 return blacklist.getName(); 4485 } 4486 } 4487 4488 @Override 4489 public boolean isPasswordBlacklisted(@UserIdInt int userId, String password) { 4490 if (!mHasFeature) { 4491 return false; 4492 } 4493 mContext.enforceCallingOrSelfPermission( 4494 android.Manifest.permission.TEST_BLACKLISTED_PASSWORD, null); 4495 return isPasswordBlacklistedInternal(userId, password); 4496 } 4497 4498 private boolean isPasswordBlacklistedInternal(@UserIdInt int userId, String password) { 4499 Preconditions.checkNotNull(password, "Password is null"); 4500 enforceFullCrossUsersPermission(userId); 4501 4502 // Normalize to lower case for case insensitive blacklist match 4503 final String lowerCasePassword = password.toLowerCase(); 4504 4505 synchronized (this) { 4506 final List<ActiveAdmin> admins = 4507 getActiveAdminsForLockscreenPoliciesLocked(userId, /* parent */ false); 4508 final int N = admins.size(); 4509 for (int i = 0; i < N; i++) { 4510 final PasswordBlacklist blacklist 4511 = getAdminPasswordBlacklistLocked(admins.get(i)); 4512 if (blacklist != null) { 4513 if (blacklist.isPasswordBlacklisted(lowerCasePassword)) { 4514 return true; 4515 } 4516 } 4517 } 4518 } 4519 4520 return false; 4521 } 4522 4523 @Override 4524 public boolean isActivePasswordSufficient(int userHandle, boolean parent) { 4525 if (!mHasFeature) { 4526 return true; 4527 } 4528 enforceFullCrossUsersPermission(userHandle); 4529 enforceUserUnlocked(userHandle, parent); 4530 4531 synchronized (this) { 4532 // This API can only be called by an active device admin, 4533 // so try to retrieve it to check that the caller is one. 4534 getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4535 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent)); 4536 return isActivePasswordSufficientForUserLocked(policy, userHandle, parent); 4537 } 4538 } 4539 4540 @Override 4541 public boolean isUsingUnifiedPassword(ComponentName admin) { 4542 if (!mHasFeature) { 4543 return true; 4544 } 4545 final int userId = mInjector.userHandleGetCallingUserId(); 4546 enforceProfileOrDeviceOwner(admin); 4547 enforceManagedProfile(userId, "query unified challenge status"); 4548 return !isSeparateProfileChallengeEnabled(userId); 4549 } 4550 4551 @Override 4552 public boolean isProfileActivePasswordSufficientForParent(int userHandle) { 4553 if (!mHasFeature) { 4554 return true; 4555 } 4556 enforceFullCrossUsersPermission(userHandle); 4557 enforceManagedProfile(userHandle, "call APIs refering to the parent profile"); 4558 4559 synchronized (this) { 4560 final int targetUser = getProfileParentId(userHandle); 4561 enforceUserUnlocked(targetUser, false); 4562 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, false)); 4563 return isActivePasswordSufficientForUserLocked(policy, targetUser, false); 4564 } 4565 } 4566 4567 private boolean isActivePasswordSufficientForUserLocked( 4568 DevicePolicyData policy, int userHandle, boolean parent) { 4569 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled() 4570 && !policy.mPasswordStateHasBeenSetSinceBoot) { 4571 // Before user enters their password for the first time after a reboot, return the 4572 // value of this flag, which tells us whether the password was valid the last time 4573 // settings were saved. If DPC changes password requirements on boot so that the 4574 // current password no longer meets the requirements, this value will be stale until 4575 // the next time the password is entered. 4576 return policy.mPasswordValidAtLastCheckpoint; 4577 } 4578 4579 return isPasswordSufficientForUserWithoutCheckpointLocked( 4580 policy.mActivePasswordMetrics, userHandle, parent); 4581 } 4582 4583 /** 4584 * Returns {@code true} if the password represented by the {@code passwordMetrics} argument 4585 * sufficiently fulfills the password requirements for the user corresponding to 4586 * {@code userHandle} (or its parent, if {@code parent} is set to {@code true}). 4587 */ 4588 private boolean isPasswordSufficientForUserWithoutCheckpointLocked( 4589 PasswordMetrics passwordMetrics, int userHandle, boolean parent) { 4590 final int requiredPasswordQuality = getPasswordQuality(null, userHandle, parent); 4591 4592 if (passwordMetrics.quality < requiredPasswordQuality) { 4593 return false; 4594 } 4595 if (requiredPasswordQuality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC 4596 && passwordMetrics.length < getPasswordMinimumLength( 4597 null, userHandle, parent)) { 4598 return false; 4599 } 4600 if (requiredPasswordQuality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4601 return true; 4602 } 4603 return passwordMetrics.upperCase >= getPasswordMinimumUpperCase( 4604 null, userHandle, parent) 4605 && passwordMetrics.lowerCase >= getPasswordMinimumLowerCase( 4606 null, userHandle, parent) 4607 && passwordMetrics.letters >= getPasswordMinimumLetters( 4608 null, userHandle, parent) 4609 && passwordMetrics.numeric >= getPasswordMinimumNumeric( 4610 null, userHandle, parent) 4611 && passwordMetrics.symbols >= getPasswordMinimumSymbols( 4612 null, userHandle, parent) 4613 && passwordMetrics.nonLetter >= getPasswordMinimumNonLetter( 4614 null, userHandle, parent); 4615 } 4616 4617 @Override 4618 public int getCurrentFailedPasswordAttempts(int userHandle, boolean parent) { 4619 enforceFullCrossUsersPermission(userHandle); 4620 synchronized (this) { 4621 if (!isCallerWithSystemUid()) { 4622 // This API can only be called by an active device admin, 4623 // so try to retrieve it to check that the caller is one. 4624 getActiveAdminForCallerLocked( 4625 null, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent); 4626 } 4627 4628 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent)); 4629 4630 return policy.mFailedPasswordAttempts; 4631 } 4632 } 4633 4634 @Override 4635 public void setMaximumFailedPasswordsForWipe(ComponentName who, int num, boolean parent) { 4636 if (!mHasFeature) { 4637 return; 4638 } 4639 Preconditions.checkNotNull(who, "ComponentName is null"); 4640 final int userId = mInjector.userHandleGetCallingUserId(); 4641 synchronized (this) { 4642 // This API can only be called by an active device admin, 4643 // so try to retrieve it to check that the caller is one. 4644 getActiveAdminForCallerLocked( 4645 who, DeviceAdminInfo.USES_POLICY_WIPE_DATA, parent); 4646 ActiveAdmin ap = getActiveAdminForCallerLocked( 4647 who, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent); 4648 if (ap.maximumFailedPasswordsForWipe != num) { 4649 ap.maximumFailedPasswordsForWipe = num; 4650 saveSettingsLocked(userId); 4651 } 4652 } 4653 if (SecurityLog.isLoggingEnabled()) { 4654 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 4655 SecurityLog.writeEvent(SecurityLog.TAG_MAX_PASSWORD_ATTEMPTS_SET, who.getPackageName(), 4656 userId, affectedUserId, num); 4657 } 4658 } 4659 4660 @Override 4661 public int getMaximumFailedPasswordsForWipe(ComponentName who, int userHandle, boolean parent) { 4662 if (!mHasFeature) { 4663 return 0; 4664 } 4665 enforceFullCrossUsersPermission(userHandle); 4666 synchronized (this) { 4667 ActiveAdmin admin = (who != null) 4668 ? getActiveAdminUncheckedLocked(who, userHandle, parent) 4669 : getAdminWithMinimumFailedPasswordsForWipeLocked(userHandle, parent); 4670 return admin != null ? admin.maximumFailedPasswordsForWipe : 0; 4671 } 4672 } 4673 4674 @Override 4675 public int getProfileWithMinimumFailedPasswordsForWipe(int userHandle, boolean parent) { 4676 if (!mHasFeature) { 4677 return UserHandle.USER_NULL; 4678 } 4679 enforceFullCrossUsersPermission(userHandle); 4680 synchronized (this) { 4681 ActiveAdmin admin = getAdminWithMinimumFailedPasswordsForWipeLocked( 4682 userHandle, parent); 4683 return admin != null ? admin.getUserHandle().getIdentifier() : UserHandle.USER_NULL; 4684 } 4685 } 4686 4687 /** 4688 * Returns the admin with the strictest policy on maximum failed passwords for: 4689 * <ul> 4690 * <li>this user if it has a separate profile challenge, or 4691 * <li>this user and all profiles that don't have their own challenge otherwise. 4692 * </ul> 4693 * <p>If the policy for the primary and any other profile are equal, it returns the admin for 4694 * the primary profile. 4695 * Returns {@code null} if no participating admin has that policy set. 4696 */ 4697 private ActiveAdmin getAdminWithMinimumFailedPasswordsForWipeLocked( 4698 int userHandle, boolean parent) { 4699 int count = 0; 4700 ActiveAdmin strictestAdmin = null; 4701 4702 // Return the strictest policy across all participating admins. 4703 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4704 final int N = admins.size(); 4705 for (int i = 0; i < N; i++) { 4706 ActiveAdmin admin = admins.get(i); 4707 if (admin.maximumFailedPasswordsForWipe == 4708 ActiveAdmin.DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) { 4709 continue; // No max number of failed passwords policy set for this profile. 4710 } 4711 4712 // We always favor the primary profile if several profiles have the same value set. 4713 int userId = admin.getUserHandle().getIdentifier(); 4714 if (count == 0 || 4715 count > admin.maximumFailedPasswordsForWipe || 4716 (count == admin.maximumFailedPasswordsForWipe && 4717 getUserInfo(userId).isPrimary())) { 4718 count = admin.maximumFailedPasswordsForWipe; 4719 strictestAdmin = admin; 4720 } 4721 } 4722 return strictestAdmin; 4723 } 4724 4725 private UserInfo getUserInfo(@UserIdInt int userId) { 4726 final long token = mInjector.binderClearCallingIdentity(); 4727 try { 4728 return mUserManager.getUserInfo(userId); 4729 } finally { 4730 mInjector.binderRestoreCallingIdentity(token); 4731 } 4732 } 4733 4734 private boolean canPOorDOCallResetPassword(ActiveAdmin admin, @UserIdInt int userId) { 4735 // Only if the admins targets a pre-O SDK 4736 return getTargetSdk(admin.info.getPackageName(), userId) < Build.VERSION_CODES.O; 4737 } 4738 4739 /* PO or DO could do an untrusted reset in certain conditions. */ 4740 private boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) { 4741 synchronized (this) { 4742 // An active DO or PO might be able to fo an untrusted credential reset 4743 for (final ActiveAdmin admin : getUserData(userId).mAdminList) { 4744 if (!isActiveAdminWithPolicyForUserLocked(admin, 4745 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, userId)) { 4746 continue; 4747 } 4748 if (canPOorDOCallResetPassword(admin, userId)) { 4749 return true; 4750 } 4751 } 4752 return false; 4753 } 4754 } 4755 @Override 4756 public boolean resetPassword(String passwordOrNull, int flags) throws RemoteException { 4757 final int callingUid = mInjector.binderGetCallingUid(); 4758 final int userHandle = mInjector.userHandleGetCallingUserId(); 4759 4760 String password = passwordOrNull != null ? passwordOrNull : ""; 4761 4762 // Password resetting to empty/null is not allowed for managed profiles. 4763 if (TextUtils.isEmpty(password)) { 4764 enforceNotManagedProfile(userHandle, "clear the active password"); 4765 } 4766 4767 synchronized (this) { 4768 // If caller has PO (or DO) it can change the password, so see if that's the case first. 4769 ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked( 4770 null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid); 4771 final boolean preN; 4772 if (admin != null) { 4773 if (!canPOorDOCallResetPassword(admin, userHandle)) { 4774 throw new SecurityException("resetPassword() is deprecated for DPC targeting O" 4775 + " or later"); 4776 } 4777 preN = getTargetSdk(admin.info.getPackageName(), 4778 userHandle) <= android.os.Build.VERSION_CODES.M; 4779 } else { 4780 // Otherwise, make sure the caller has any active admin with the right policy. 4781 admin = getActiveAdminForCallerLocked(null, 4782 DeviceAdminInfo.USES_POLICY_RESET_PASSWORD); 4783 preN = getTargetSdk(admin.info.getPackageName(), 4784 userHandle) <= android.os.Build.VERSION_CODES.M; 4785 4786 // As of N, password resetting to empty/null is not allowed anymore. 4787 // TODO Should we allow DO/PO to set an empty password? 4788 if (TextUtils.isEmpty(password)) { 4789 if (!preN) { 4790 throw new SecurityException("Cannot call with null password"); 4791 } else { 4792 Slog.e(LOG_TAG, "Cannot call with null password"); 4793 return false; 4794 } 4795 } 4796 // As of N, password cannot be changed by the admin if it is already set. 4797 if (isLockScreenSecureUnchecked(userHandle)) { 4798 if (!preN) { 4799 throw new SecurityException("Admin cannot change current password"); 4800 } else { 4801 Slog.e(LOG_TAG, "Admin cannot change current password"); 4802 return false; 4803 } 4804 } 4805 } 4806 // Do not allow to reset password when current user has a managed profile 4807 if (!isManagedProfile(userHandle)) { 4808 for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { 4809 if (userInfo.isManagedProfile()) { 4810 if (!preN) { 4811 throw new IllegalStateException( 4812 "Cannot reset password on user has managed profile"); 4813 } else { 4814 Slog.e(LOG_TAG, "Cannot reset password on user has managed profile"); 4815 return false; 4816 } 4817 } 4818 } 4819 } 4820 // Do not allow to reset password when user is locked 4821 if (!mUserManager.isUserUnlocked(userHandle)) { 4822 if (!preN) { 4823 throw new IllegalStateException("Cannot reset password when user is locked"); 4824 } else { 4825 Slog.e(LOG_TAG, "Cannot reset password when user is locked"); 4826 return false; 4827 } 4828 } 4829 } 4830 4831 return resetPasswordInternal(password, 0, null, flags, callingUid, userHandle); 4832 } 4833 4834 private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token, 4835 int flags, int callingUid, int userHandle) { 4836 int quality; 4837 synchronized (this) { 4838 quality = getPasswordQuality(null, userHandle, /* parent */ false); 4839 if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) { 4840 quality = PASSWORD_QUALITY_UNSPECIFIED; 4841 } 4842 final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password); 4843 if (quality != PASSWORD_QUALITY_UNSPECIFIED) { 4844 final int realQuality = metrics.quality; 4845 if (realQuality < quality 4846 && quality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4847 Slog.w(LOG_TAG, "resetPassword: password quality 0x" 4848 + Integer.toHexString(realQuality) 4849 + " does not meet required quality 0x" 4850 + Integer.toHexString(quality)); 4851 return false; 4852 } 4853 quality = Math.max(realQuality, quality); 4854 } 4855 int length = getPasswordMinimumLength(null, userHandle, /* parent */ false); 4856 if (password.length() < length) { 4857 Slog.w(LOG_TAG, "resetPassword: password length " + password.length() 4858 + " does not meet required length " + length); 4859 return false; 4860 } 4861 if (quality == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4862 int neededLetters = getPasswordMinimumLetters(null, userHandle, /* parent */ false); 4863 if(metrics.letters < neededLetters) { 4864 Slog.w(LOG_TAG, "resetPassword: number of letters " + metrics.letters 4865 + " does not meet required number of letters " + neededLetters); 4866 return false; 4867 } 4868 int neededNumeric = getPasswordMinimumNumeric(null, userHandle, /* parent */ false); 4869 if (metrics.numeric < neededNumeric) { 4870 Slog.w(LOG_TAG, "resetPassword: number of numerical digits " + metrics.numeric 4871 + " does not meet required number of numerical digits " 4872 + neededNumeric); 4873 return false; 4874 } 4875 int neededLowerCase = getPasswordMinimumLowerCase( 4876 null, userHandle, /* parent */ false); 4877 if (metrics.lowerCase < neededLowerCase) { 4878 Slog.w(LOG_TAG, "resetPassword: number of lowercase letters " 4879 + metrics.lowerCase 4880 + " does not meet required number of lowercase letters " 4881 + neededLowerCase); 4882 return false; 4883 } 4884 int neededUpperCase = getPasswordMinimumUpperCase( 4885 null, userHandle, /* parent */ false); 4886 if (metrics.upperCase < neededUpperCase) { 4887 Slog.w(LOG_TAG, "resetPassword: number of uppercase letters " 4888 + metrics.upperCase 4889 + " does not meet required number of uppercase letters " 4890 + neededUpperCase); 4891 return false; 4892 } 4893 int neededSymbols = getPasswordMinimumSymbols(null, userHandle, /* parent */ false); 4894 if (metrics.symbols < neededSymbols) { 4895 Slog.w(LOG_TAG, "resetPassword: number of special symbols " + metrics.symbols 4896 + " does not meet required number of special symbols " + neededSymbols); 4897 return false; 4898 } 4899 int neededNonLetter = getPasswordMinimumNonLetter( 4900 null, userHandle, /* parent */ false); 4901 if (metrics.nonLetter < neededNonLetter) { 4902 Slog.w(LOG_TAG, "resetPassword: number of non-letter characters " 4903 + metrics.nonLetter 4904 + " does not meet required number of non-letter characters " 4905 + neededNonLetter); 4906 return false; 4907 } 4908 } 4909 4910 if (isPasswordBlacklistedInternal(userHandle, password)) { 4911 Slog.w(LOG_TAG, "resetPassword: the password is blacklisted"); 4912 return false; 4913 } 4914 } 4915 4916 DevicePolicyData policy = getUserData(userHandle); 4917 if (policy.mPasswordOwner >= 0 && policy.mPasswordOwner != callingUid) { 4918 Slog.w(LOG_TAG, "resetPassword: already set by another uid and not entered by user"); 4919 return false; 4920 } 4921 4922 boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwner(callingUid); 4923 boolean doNotAskCredentialsOnBoot = 4924 (flags & DevicePolicyManager.RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0; 4925 if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) { 4926 setDoNotAskCredentialsOnBoot(); 4927 } 4928 4929 // Don't do this with the lock held, because it is going to call 4930 // back in to the service. 4931 final long ident = mInjector.binderClearCallingIdentity(); 4932 final boolean result; 4933 try { 4934 if (token == null) { 4935 if (!TextUtils.isEmpty(password)) { 4936 mLockPatternUtils.saveLockPassword(password, null, quality, userHandle); 4937 } else { 4938 mLockPatternUtils.clearLock(null, userHandle); 4939 } 4940 result = true; 4941 } else { 4942 result = mLockPatternUtils.setLockCredentialWithToken(password, 4943 TextUtils.isEmpty(password) ? LockPatternUtils.CREDENTIAL_TYPE_NONE 4944 : LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 4945 quality, tokenHandle, token, userHandle); 4946 } 4947 boolean requireEntry = (flags & DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY) != 0; 4948 if (requireEntry) { 4949 mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, 4950 UserHandle.USER_ALL); 4951 } 4952 synchronized (this) { 4953 int newOwner = requireEntry ? callingUid : -1; 4954 if (policy.mPasswordOwner != newOwner) { 4955 policy.mPasswordOwner = newOwner; 4956 saveSettingsLocked(userHandle); 4957 } 4958 } 4959 } finally { 4960 mInjector.binderRestoreCallingIdentity(ident); 4961 } 4962 return result; 4963 } 4964 4965 private boolean isLockScreenSecureUnchecked(int userId) { 4966 long ident = mInjector.binderClearCallingIdentity(); 4967 try { 4968 return mLockPatternUtils.isSecure(userId); 4969 } finally { 4970 mInjector.binderRestoreCallingIdentity(ident); 4971 } 4972 } 4973 4974 private void setDoNotAskCredentialsOnBoot() { 4975 synchronized (this) { 4976 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 4977 if (!policyData.doNotAskCredentialsOnBoot) { 4978 policyData.doNotAskCredentialsOnBoot = true; 4979 saveSettingsLocked(UserHandle.USER_SYSTEM); 4980 } 4981 } 4982 } 4983 4984 @Override 4985 public boolean getDoNotAskCredentialsOnBoot() { 4986 mContext.enforceCallingOrSelfPermission( 4987 android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null); 4988 synchronized (this) { 4989 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 4990 return policyData.doNotAskCredentialsOnBoot; 4991 } 4992 } 4993 4994 @Override 4995 public void setMaximumTimeToLock(ComponentName who, long timeMs, boolean parent) { 4996 if (!mHasFeature) { 4997 return; 4998 } 4999 Preconditions.checkNotNull(who, "ComponentName is null"); 5000 final int userHandle = mInjector.userHandleGetCallingUserId(); 5001 synchronized (this) { 5002 ActiveAdmin ap = getActiveAdminForCallerLocked( 5003 who, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent); 5004 if (ap.maximumTimeToUnlock != timeMs) { 5005 ap.maximumTimeToUnlock = timeMs; 5006 saveSettingsLocked(userHandle); 5007 updateMaximumTimeToLockLocked(userHandle); 5008 } 5009 } 5010 if (SecurityLog.isLoggingEnabled()) { 5011 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 5012 SecurityLog.writeEvent(SecurityLog.TAG_MAX_SCREEN_LOCK_TIMEOUT_SET, 5013 who.getPackageName(), userHandle, affectedUserId, timeMs); 5014 } 5015 } 5016 5017 private void updateMaximumTimeToLockLocked(@UserIdInt int userId) { 5018 // Update the profile's timeout 5019 if (isManagedProfile(userId)) { 5020 updateProfileLockTimeoutLocked(userId); 5021 } 5022 5023 final long timeMs; 5024 final long ident = mInjector.binderClearCallingIdentity(); 5025 try { 5026 // Update the device timeout 5027 final int parentId = getProfileParentId(userId); 5028 timeMs = getMaximumTimeToLockPolicyFromAdmins( 5029 getActiveAdminsForLockscreenPoliciesLocked(parentId, false)); 5030 5031 final DevicePolicyData policy = getUserDataUnchecked(parentId); 5032 if (policy.mLastMaximumTimeToLock == timeMs) { 5033 return; 5034 } 5035 policy.mLastMaximumTimeToLock = timeMs; 5036 5037 if (policy.mLastMaximumTimeToLock != Long.MAX_VALUE) { 5038 // Make sure KEEP_SCREEN_ON is disabled, since that 5039 // would allow bypassing of the maximum time to lock. 5040 mInjector.settingsGlobalPutInt(Settings.Global.STAY_ON_WHILE_PLUGGED_IN, 0); 5041 } 5042 } finally { 5043 mInjector.binderRestoreCallingIdentity(ident); 5044 } 5045 5046 mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin( 5047 UserHandle.USER_SYSTEM, timeMs); 5048 } 5049 5050 private void updateProfileLockTimeoutLocked(@UserIdInt int userId) { 5051 final long timeMs; 5052 if (isSeparateProfileChallengeEnabled(userId)) { 5053 timeMs = getMaximumTimeToLockPolicyFromAdmins( 5054 getActiveAdminsForLockscreenPoliciesLocked(userId, false /* parent */)); 5055 } else { 5056 timeMs = Long.MAX_VALUE; 5057 } 5058 5059 final DevicePolicyData policy = getUserDataUnchecked(userId); 5060 if (policy.mLastMaximumTimeToLock == timeMs) { 5061 return; 5062 } 5063 policy.mLastMaximumTimeToLock = timeMs; 5064 5065 mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin( 5066 userId, policy.mLastMaximumTimeToLock); 5067 } 5068 5069 @Override 5070 public long getMaximumTimeToLock(ComponentName who, int userHandle, boolean parent) { 5071 if (!mHasFeature) { 5072 return 0; 5073 } 5074 enforceFullCrossUsersPermission(userHandle); 5075 synchronized (this) { 5076 if (who != null) { 5077 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 5078 return admin != null ? admin.maximumTimeToUnlock : 0; 5079 } 5080 // Return the strictest policy across all participating admins. 5081 final List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 5082 userHandle, parent); 5083 final long timeMs = getMaximumTimeToLockPolicyFromAdmins(admins); 5084 return timeMs == Long.MAX_VALUE ? 0 : timeMs; 5085 } 5086 } 5087 5088 private long getMaximumTimeToLockPolicyFromAdmins(List<ActiveAdmin> admins) { 5089 long time = Long.MAX_VALUE; 5090 for (final ActiveAdmin admin : admins) { 5091 if (admin.maximumTimeToUnlock > 0 && admin.maximumTimeToUnlock < time) { 5092 time = admin.maximumTimeToUnlock; 5093 } 5094 } 5095 return time; 5096 } 5097 5098 @Override 5099 public void setRequiredStrongAuthTimeout(ComponentName who, long timeoutMs, 5100 boolean parent) { 5101 if (!mHasFeature) { 5102 return; 5103 } 5104 Preconditions.checkNotNull(who, "ComponentName is null"); 5105 Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number."); 5106 // timeoutMs with value 0 means that the admin doesn't participate 5107 // timeoutMs is clamped to the interval in case the internal constants change in the future 5108 final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs(); 5109 if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) { 5110 timeoutMs = minimumStrongAuthTimeout; 5111 } 5112 if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { 5113 timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5114 } 5115 5116 final int userHandle = mInjector.userHandleGetCallingUserId(); 5117 synchronized (this) { 5118 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 5119 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 5120 if (ap.strongAuthUnlockTimeout != timeoutMs) { 5121 ap.strongAuthUnlockTimeout = timeoutMs; 5122 saveSettingsLocked(userHandle); 5123 } 5124 } 5125 } 5126 5127 /** 5128 * Return a single admin's strong auth unlock timeout or minimum value (strictest) of all 5129 * admins if who is null. 5130 * Returns 0 if not configured for the provided admin. 5131 */ 5132 @Override 5133 public long getRequiredStrongAuthTimeout(ComponentName who, int userId, boolean parent) { 5134 if (!mHasFeature) { 5135 return DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5136 } 5137 enforceFullCrossUsersPermission(userId); 5138 synchronized (this) { 5139 if (who != null) { 5140 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId, parent); 5141 return admin != null ? admin.strongAuthUnlockTimeout : 0; 5142 } 5143 5144 // Return the strictest policy across all participating admins. 5145 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userId, parent); 5146 5147 long strongAuthUnlockTimeout = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 5148 for (int i = 0; i < admins.size(); i++) { 5149 final long timeout = admins.get(i).strongAuthUnlockTimeout; 5150 if (timeout != 0) { // take only participating admins into account 5151 strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout); 5152 } 5153 } 5154 return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs()); 5155 } 5156 } 5157 5158 private long getMinimumStrongAuthTimeoutMs() { 5159 if (!mInjector.isBuildDebuggable()) { 5160 return MINIMUM_STRONG_AUTH_TIMEOUT_MS; 5161 } 5162 // ideally the property was named persist.sys.min_strong_auth_timeout, but system property 5163 // name cannot be longer than 31 characters 5164 return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo", 5165 MINIMUM_STRONG_AUTH_TIMEOUT_MS), 5166 MINIMUM_STRONG_AUTH_TIMEOUT_MS); 5167 } 5168 5169 @Override 5170 public void lockNow(int flags, boolean parent) { 5171 if (!mHasFeature) { 5172 return; 5173 } 5174 5175 final int callingUserId = mInjector.userHandleGetCallingUserId(); 5176 synchronized (this) { 5177 // This API can only be called by an active device admin, 5178 // so try to retrieve it to check that the caller is one. 5179 final ActiveAdmin admin = getActiveAdminForCallerLocked( 5180 null, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent); 5181 5182 final long ident = mInjector.binderClearCallingIdentity(); 5183 try { 5184 final ComponentName adminComponent = admin.info.getComponent(); 5185 // Evict key 5186 if ((flags & DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY) != 0) { 5187 enforceManagedProfile( 5188 callingUserId, "set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY"); 5189 if (!isProfileOwner(adminComponent, callingUserId)) { 5190 throw new SecurityException("Only profile owner admins can set " 5191 + "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY"); 5192 } 5193 if (parent) { 5194 throw new IllegalArgumentException( 5195 "Cannot set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY for the parent"); 5196 } 5197 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 5198 throw new UnsupportedOperationException( 5199 "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY only applies to FBE devices"); 5200 } 5201 mUserManager.evictCredentialEncryptionKey(callingUserId); 5202 } 5203 5204 // Lock all users unless this is a managed profile with a separate challenge 5205 final int userToLock = (parent || !isSeparateProfileChallengeEnabled(callingUserId) 5206 ? UserHandle.USER_ALL : callingUserId); 5207 mLockPatternUtils.requireStrongAuth( 5208 STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, userToLock); 5209 5210 // Require authentication for the device or profile 5211 if (userToLock == UserHandle.USER_ALL) { 5212 // Power off the display 5213 mInjector.powerManagerGoToSleep(SystemClock.uptimeMillis(), 5214 PowerManager.GO_TO_SLEEP_REASON_DEVICE_ADMIN, 0); 5215 mInjector.getIWindowManager().lockNow(null); 5216 } else { 5217 mInjector.getTrustManager().setDeviceLockedForUser(userToLock, true); 5218 } 5219 5220 if (SecurityLog.isLoggingEnabled()) { 5221 final int affectedUserId = 5222 parent ? getProfileParentId(callingUserId) : callingUserId; 5223 SecurityLog.writeEvent(SecurityLog.TAG_REMOTE_LOCK, 5224 adminComponent.getPackageName(), callingUserId, affectedUserId); 5225 } 5226 } catch (RemoteException e) { 5227 } finally { 5228 mInjector.binderRestoreCallingIdentity(ident); 5229 } 5230 } 5231 } 5232 5233 @Override 5234 public void enforceCanManageCaCerts(ComponentName who, String callerPackage) { 5235 if (who == null) { 5236 if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) { 5237 mContext.enforceCallingOrSelfPermission(MANAGE_CA_CERTIFICATES, null); 5238 } 5239 } else { 5240 enforceProfileOrDeviceOwner(who); 5241 } 5242 } 5243 5244 private void enforceProfileOrDeviceOwner(ComponentName who) { 5245 synchronized (this) { 5246 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5247 } 5248 } 5249 5250 @Override 5251 public boolean approveCaCert(String alias, int userId, boolean approval) { 5252 enforceManageUsers(); 5253 synchronized (this) { 5254 Set<String> certs = getUserData(userId).mAcceptedCaCertificates; 5255 boolean changed = (approval ? certs.add(alias) : certs.remove(alias)); 5256 if (!changed) { 5257 return false; 5258 } 5259 saveSettingsLocked(userId); 5260 } 5261 mCertificateMonitor.onCertificateApprovalsChanged(userId); 5262 return true; 5263 } 5264 5265 @Override 5266 public boolean isCaCertApproved(String alias, int userId) { 5267 enforceManageUsers(); 5268 synchronized (this) { 5269 return getUserData(userId).mAcceptedCaCertificates.contains(alias); 5270 } 5271 } 5272 5273 private void removeCaApprovalsIfNeeded(int userId) { 5274 for (UserInfo userInfo : mUserManager.getProfiles(userId)) { 5275 boolean isSecure = mLockPatternUtils.isSecure(userInfo.id); 5276 if (userInfo.isManagedProfile()){ 5277 isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id)); 5278 } 5279 if (!isSecure) { 5280 synchronized (this) { 5281 getUserData(userInfo.id).mAcceptedCaCertificates.clear(); 5282 saveSettingsLocked(userInfo.id); 5283 } 5284 mCertificateMonitor.onCertificateApprovalsChanged(userId); 5285 } 5286 } 5287 } 5288 5289 @Override 5290 public boolean installCaCert(ComponentName admin, String callerPackage, byte[] certBuffer) 5291 throws RemoteException { 5292 if (!mHasFeature) { 5293 return false; 5294 } 5295 enforceCanManageCaCerts(admin, callerPackage); 5296 5297 final String alias; 5298 5299 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 5300 final long id = mInjector.binderClearCallingIdentity(); 5301 try { 5302 alias = mCertificateMonitor.installCaCert(userHandle, certBuffer); 5303 if (alias == null) { 5304 Log.w(LOG_TAG, "Problem installing cert"); 5305 return false; 5306 } 5307 } finally { 5308 mInjector.binderRestoreCallingIdentity(id); 5309 } 5310 5311 synchronized (this) { 5312 getUserData(userHandle.getIdentifier()).mOwnerInstalledCaCerts.add(alias); 5313 saveSettingsLocked(userHandle.getIdentifier()); 5314 } 5315 return true; 5316 } 5317 5318 @Override 5319 public void uninstallCaCerts(ComponentName admin, String callerPackage, String[] aliases) { 5320 if (!mHasFeature) { 5321 return; 5322 } 5323 enforceCanManageCaCerts(admin, callerPackage); 5324 5325 final int userId = mInjector.userHandleGetCallingUserId(); 5326 final long id = mInjector.binderClearCallingIdentity(); 5327 try { 5328 mCertificateMonitor.uninstallCaCerts(UserHandle.of(userId), aliases); 5329 } finally { 5330 mInjector.binderRestoreCallingIdentity(id); 5331 } 5332 5333 synchronized (this) { 5334 if (getUserData(userId).mOwnerInstalledCaCerts.removeAll(Arrays.asList(aliases))) { 5335 saveSettingsLocked(userId); 5336 } 5337 } 5338 } 5339 5340 @Override 5341 public boolean installKeyPair(ComponentName who, String callerPackage, byte[] privKey, 5342 byte[] cert, byte[] chain, String alias, boolean requestAccess, 5343 boolean isUserSelectable) { 5344 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5345 DELEGATION_CERT_INSTALL); 5346 5347 5348 final int callingUid = mInjector.binderGetCallingUid(); 5349 final long id = mInjector.binderClearCallingIdentity(); 5350 try { 5351 final KeyChainConnection keyChainConnection = 5352 KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid)); 5353 try { 5354 IKeyChainService keyChain = keyChainConnection.getService(); 5355 if (!keyChain.installKeyPair(privKey, cert, chain, alias)) { 5356 return false; 5357 } 5358 if (requestAccess) { 5359 keyChain.setGrant(callingUid, alias, true); 5360 } 5361 keyChain.setUserSelectable(alias, isUserSelectable); 5362 return true; 5363 } catch (RemoteException e) { 5364 Log.e(LOG_TAG, "Installing certificate", e); 5365 } finally { 5366 keyChainConnection.close(); 5367 } 5368 } catch (InterruptedException e) { 5369 Log.w(LOG_TAG, "Interrupted while installing certificate", e); 5370 Thread.currentThread().interrupt(); 5371 } finally { 5372 mInjector.binderRestoreCallingIdentity(id); 5373 } 5374 return false; 5375 } 5376 5377 @Override 5378 public boolean removeKeyPair(ComponentName who, String callerPackage, String alias) { 5379 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5380 DELEGATION_CERT_INSTALL); 5381 5382 final UserHandle userHandle = new UserHandle(UserHandle.getCallingUserId()); 5383 final long id = Binder.clearCallingIdentity(); 5384 try { 5385 final KeyChainConnection keyChainConnection = KeyChain.bindAsUser(mContext, userHandle); 5386 try { 5387 IKeyChainService keyChain = keyChainConnection.getService(); 5388 return keyChain.removeKeyPair(alias); 5389 } catch (RemoteException e) { 5390 Log.e(LOG_TAG, "Removing keypair", e); 5391 } finally { 5392 keyChainConnection.close(); 5393 } 5394 } catch (InterruptedException e) { 5395 Log.w(LOG_TAG, "Interrupted while removing keypair", e); 5396 Thread.currentThread().interrupt(); 5397 } finally { 5398 Binder.restoreCallingIdentity(id); 5399 } 5400 return false; 5401 } 5402 5403 private void enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner( 5404 ComponentName who, String callerPackage, int callerUid) throws SecurityException { 5405 if (who == null) { 5406 if (!mOwners.hasDeviceOwner()) { 5407 throw new SecurityException("Not in Device Owner mode."); 5408 } 5409 if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) { 5410 throw new SecurityException("Caller not from device owner user"); 5411 } 5412 if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) { 5413 throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() + 5414 "has no permission to generate keys."); 5415 } 5416 } else { 5417 // Caller provided - check it is the device owner. 5418 synchronized (this) { 5419 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 5420 } 5421 } 5422 } 5423 5424 @VisibleForTesting 5425 public static int[] translateIdAttestationFlags( 5426 int idAttestationFlags) { 5427 Map<Integer, Integer> idTypeToAttestationFlag = new HashMap(); 5428 idTypeToAttestationFlag.put(ID_TYPE_SERIAL, AttestationUtils.ID_TYPE_SERIAL); 5429 idTypeToAttestationFlag.put(ID_TYPE_IMEI, AttestationUtils.ID_TYPE_IMEI); 5430 idTypeToAttestationFlag.put(ID_TYPE_MEID, AttestationUtils.ID_TYPE_MEID); 5431 5432 int numFlagsSet = Integer.bitCount(idAttestationFlags); 5433 // No flags are set - return null to indicate no device ID attestation information should 5434 // be included in the attestation record. 5435 if (numFlagsSet == 0) { 5436 return null; 5437 } 5438 5439 // If the ID_TYPE_BASE_INFO is set, make sure that a non-null array is returned, even if 5440 // no other flag is set. That will lead to inclusion of general device make data in the 5441 // attestation record, but no specific device identifiers. 5442 if ((idAttestationFlags & ID_TYPE_BASE_INFO) != 0) { 5443 numFlagsSet -= 1; 5444 idAttestationFlags = idAttestationFlags & (~ID_TYPE_BASE_INFO); 5445 } 5446 5447 int[] attestationUtilsFlags = new int[numFlagsSet]; 5448 int i = 0; 5449 for (Integer idType: idTypeToAttestationFlag.keySet()) { 5450 if ((idType & idAttestationFlags) != 0) { 5451 attestationUtilsFlags[i++] = idTypeToAttestationFlag.get(idType); 5452 } 5453 } 5454 5455 return attestationUtilsFlags; 5456 } 5457 5458 @Override 5459 public boolean generateKeyPair(ComponentName who, String callerPackage, String algorithm, 5460 ParcelableKeyGenParameterSpec parcelableKeySpec, 5461 int idAttestationFlags, 5462 KeymasterCertificateChain attestationChain) { 5463 // Get attestation flags, if any. 5464 final int[] attestationUtilsFlags = translateIdAttestationFlags(idAttestationFlags); 5465 final boolean deviceIdAttestationRequired = attestationUtilsFlags != null; 5466 final int callingUid = mInjector.binderGetCallingUid(); 5467 5468 if (deviceIdAttestationRequired && attestationUtilsFlags.length > 0) { 5469 enforceIsDeviceOwnerOrCertInstallerOfDeviceOwner(who, callerPackage, callingUid); 5470 } else { 5471 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5472 DELEGATION_CERT_INSTALL); 5473 } 5474 final KeyGenParameterSpec keySpec = parcelableKeySpec.getSpec(); 5475 final String alias = keySpec.getKeystoreAlias(); 5476 if (TextUtils.isEmpty(alias)) { 5477 throw new IllegalArgumentException("Empty alias provided."); 5478 } 5479 // As the caller will be granted access to the key, ensure no UID was specified, as 5480 // it will not have the desired effect. 5481 if (keySpec.getUid() != KeyStore.UID_SELF) { 5482 Log.e(LOG_TAG, "Only the caller can be granted access to the generated keypair."); 5483 return false; 5484 } 5485 5486 if (deviceIdAttestationRequired && (keySpec.getAttestationChallenge() == null)) { 5487 throw new IllegalArgumentException( 5488 "Requested Device ID attestation but challenge is empty."); 5489 } 5490 5491 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 5492 final long id = mInjector.binderClearCallingIdentity(); 5493 try { 5494 try (KeyChainConnection keyChainConnection = 5495 KeyChain.bindAsUser(mContext, userHandle)) { 5496 IKeyChainService keyChain = keyChainConnection.getService(); 5497 5498 // Copy the provided keySpec, excluding the attestation challenge, which will be 5499 // used later for requesting key attestation record. 5500 final KeyGenParameterSpec noAttestationSpec = 5501 new KeyGenParameterSpec.Builder(keySpec) 5502 .setAttestationChallenge(null) 5503 .build(); 5504 5505 final boolean generationResult = keyChain.generateKeyPair(algorithm, 5506 new ParcelableKeyGenParameterSpec(noAttestationSpec)); 5507 if (!generationResult) { 5508 Log.e(LOG_TAG, "KeyChain failed to generate a keypair."); 5509 return false; 5510 } 5511 5512 // Set a grant for the caller here so that when the client calls 5513 // requestPrivateKey, it will be able to get the key from Keystore. 5514 // Note the use of the calling UID, since the request for the private 5515 // key will come from the client's process, so the grant has to be for 5516 // that UID. 5517 keyChain.setGrant(callingUid, alias, true); 5518 5519 final byte[] attestationChallenge = keySpec.getAttestationChallenge(); 5520 if (attestationChallenge != null) { 5521 final boolean attestationResult = keyChain.attestKey( 5522 alias, attestationChallenge, attestationUtilsFlags, attestationChain); 5523 if (!attestationResult) { 5524 Log.e(LOG_TAG, String.format( 5525 "Attestation for %s failed, deleting key.", alias)); 5526 keyChain.removeKeyPair(alias); 5527 return false; 5528 } 5529 } 5530 return true; 5531 } 5532 } catch (RemoteException e) { 5533 Log.e(LOG_TAG, "KeyChain error while generating a keypair", e); 5534 } catch (InterruptedException e) { 5535 Log.w(LOG_TAG, "Interrupted while generating keypair", e); 5536 Thread.currentThread().interrupt(); 5537 } finally { 5538 mInjector.binderRestoreCallingIdentity(id); 5539 } 5540 return false; 5541 } 5542 5543 @Override 5544 public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias, 5545 byte[] cert, byte[] chain, boolean isUserSelectable) { 5546 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5547 DELEGATION_CERT_INSTALL); 5548 5549 final int callingUid = mInjector.binderGetCallingUid(); 5550 final long id = mInjector.binderClearCallingIdentity(); 5551 try (final KeyChainConnection keyChainConnection = 5552 KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid))) { 5553 IKeyChainService keyChain = keyChainConnection.getService(); 5554 if (!keyChain.setKeyPairCertificate(alias, cert, chain)) { 5555 return false; 5556 } 5557 keyChain.setUserSelectable(alias, isUserSelectable); 5558 return true; 5559 } catch (InterruptedException e) { 5560 Log.w(LOG_TAG, "Interrupted while setting keypair certificate", e); 5561 Thread.currentThread().interrupt(); 5562 } catch (RemoteException e) { 5563 Log.e(LOG_TAG, "Failed setting keypair certificate", e); 5564 } finally { 5565 mInjector.binderRestoreCallingIdentity(id); 5566 } 5567 return false; 5568 } 5569 5570 @Override 5571 public void choosePrivateKeyAlias(final int uid, final Uri uri, final String alias, 5572 final IBinder response) { 5573 // Caller UID needs to be trusted, so we restrict this method to SYSTEM_UID callers. 5574 if (!isCallerWithSystemUid()) { 5575 return; 5576 } 5577 5578 final UserHandle caller = mInjector.binderGetCallingUserHandle(); 5579 // If there is a profile owner, redirect to that; otherwise query the device owner. 5580 ComponentName aliasChooser = getProfileOwner(caller.getIdentifier()); 5581 if (aliasChooser == null && caller.isSystem()) { 5582 ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 5583 if (deviceOwnerAdmin != null) { 5584 aliasChooser = deviceOwnerAdmin.info.getComponent(); 5585 } 5586 } 5587 if (aliasChooser == null) { 5588 sendPrivateKeyAliasResponse(null, response); 5589 return; 5590 } 5591 5592 Intent intent = new Intent(DeviceAdminReceiver.ACTION_CHOOSE_PRIVATE_KEY_ALIAS); 5593 intent.setComponent(aliasChooser); 5594 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, uid); 5595 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_URI, uri); 5596 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_ALIAS, alias); 5597 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE, response); 5598 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 5599 5600 final long id = mInjector.binderClearCallingIdentity(); 5601 try { 5602 mContext.sendOrderedBroadcastAsUser(intent, caller, null, new BroadcastReceiver() { 5603 @Override 5604 public void onReceive(Context context, Intent intent) { 5605 final String chosenAlias = getResultData(); 5606 sendPrivateKeyAliasResponse(chosenAlias, response); 5607 } 5608 }, null, Activity.RESULT_OK, null, null); 5609 } finally { 5610 mInjector.binderRestoreCallingIdentity(id); 5611 } 5612 } 5613 5614 private void sendPrivateKeyAliasResponse(final String alias, final IBinder responseBinder) { 5615 final IKeyChainAliasCallback keyChainAliasResponse = 5616 IKeyChainAliasCallback.Stub.asInterface(responseBinder); 5617 // Send the response. It's OK to do this from the main thread because IKeyChainAliasCallback 5618 // is oneway, which means it won't block if the recipient lives in another process. 5619 try { 5620 keyChainAliasResponse.alias(alias); 5621 } catch (Exception e) { 5622 // Caller could throw RuntimeException or RemoteException back across processes. Catch 5623 // everything just to be sure. 5624 Log.e(LOG_TAG, "error while responding to callback", e); 5625 } 5626 } 5627 5628 /** 5629 * Determine whether DPMS should check if a delegate package is already installed before 5630 * granting it new delegations via {@link #setDelegatedScopes}. 5631 */ 5632 private static boolean shouldCheckIfDelegatePackageIsInstalled(String delegatePackage, 5633 int targetSdk, List<String> scopes) { 5634 // 1) Never skip is installed check from N. 5635 if (targetSdk >= Build.VERSION_CODES.N) { 5636 return true; 5637 } 5638 // 2) Skip if DELEGATION_CERT_INSTALL is the only scope being given. 5639 if (scopes.size() == 1 && scopes.get(0).equals(DELEGATION_CERT_INSTALL)) { 5640 return false; 5641 } 5642 // 3) Skip if all previously granted scopes are being cleared. 5643 if (scopes.isEmpty()) { 5644 return false; 5645 } 5646 // Otherwise it should check that delegatePackage is installed. 5647 return true; 5648 } 5649 5650 /** 5651 * Set the scopes of a device owner or profile owner delegate. 5652 * 5653 * @param who the device owner or profile owner. 5654 * @param delegatePackage the name of the delegate package. 5655 * @param scopes the list of delegation scopes to be given to the delegate package. 5656 */ 5657 @Override 5658 public void setDelegatedScopes(ComponentName who, String delegatePackage, 5659 List<String> scopes) throws SecurityException { 5660 Preconditions.checkNotNull(who, "ComponentName is null"); 5661 Preconditions.checkStringNotEmpty(delegatePackage, "Delegate package is null or empty"); 5662 Preconditions.checkCollectionElementsNotNull(scopes, "Scopes"); 5663 // Remove possible duplicates. 5664 scopes = new ArrayList(new ArraySet(scopes)); 5665 // Ensure given scopes are valid. 5666 if (scopes.retainAll(Arrays.asList(DELEGATIONS))) { 5667 throw new IllegalArgumentException("Unexpected delegation scopes"); 5668 } 5669 5670 // Retrieve the user ID of the calling process. 5671 final int userId = mInjector.userHandleGetCallingUserId(); 5672 synchronized (this) { 5673 // Ensure calling process is device/profile owner. 5674 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5675 // Ensure the delegate is installed (skip this for DELEGATION_CERT_INSTALL in pre-N). 5676 if (shouldCheckIfDelegatePackageIsInstalled(delegatePackage, 5677 getTargetSdk(who.getPackageName(), userId), scopes)) { 5678 // Throw when the delegate package is not installed. 5679 if (!isPackageInstalledForUser(delegatePackage, userId)) { 5680 throw new IllegalArgumentException("Package " + delegatePackage 5681 + " is not installed on the current user"); 5682 } 5683 } 5684 5685 // Set the new delegate in user policies. 5686 final DevicePolicyData policy = getUserData(userId); 5687 if (!scopes.isEmpty()) { 5688 policy.mDelegationMap.put(delegatePackage, new ArrayList<>(scopes)); 5689 } else { 5690 // Remove any delegation info if the given scopes list is empty. 5691 policy.mDelegationMap.remove(delegatePackage); 5692 } 5693 5694 // Notify delegate package of updates. 5695 final Intent intent = new Intent( 5696 DevicePolicyManager.ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED); 5697 // Only call receivers registered with Context#registerReceiver (don’t wake delegate). 5698 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 5699 // Limit components this intent resolves to to the delegate package. 5700 intent.setPackage(delegatePackage); 5701 // Include the list of delegated scopes as an extra. 5702 intent.putStringArrayListExtra(DevicePolicyManager.EXTRA_DELEGATION_SCOPES, 5703 (ArrayList<String>) scopes); 5704 // Send the broadcast. 5705 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 5706 5707 // Persist updates. 5708 saveSettingsLocked(userId); 5709 } 5710 } 5711 5712 /** 5713 * Get the delegation scopes given to a delegate package by a device owner or profile owner. 5714 * 5715 * A DO/PO can get the scopes of any package. A non DO/PO package can get its own scopes by 5716 * passing in {@code null} as the {@code who} parameter and its own name as the 5717 * {@code delegatepackage}. 5718 * 5719 * @param who the device owner or profile owner, or {@code null} if the caller is 5720 * {@code delegatePackage}. 5721 * @param delegatePackage the name of the delegate package whose scopes are to be retrieved. 5722 * @return a list of the delegation scopes currently given to {@code delegatePackage}. 5723 */ 5724 @Override 5725 @NonNull 5726 public List<String> getDelegatedScopes(ComponentName who, 5727 String delegatePackage) throws SecurityException { 5728 Preconditions.checkNotNull(delegatePackage, "Delegate package is null"); 5729 5730 // Retrieve the user ID of the calling process. 5731 final int callingUid = mInjector.binderGetCallingUid(); 5732 final int userId = UserHandle.getUserId(callingUid); 5733 synchronized (this) { 5734 // Ensure calling process is device/profile owner. 5735 if (who != null) { 5736 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5737 // Or ensure calling process is delegatePackage itself. 5738 } else { 5739 int uid = 0; 5740 try { 5741 uid = mInjector.getPackageManager() 5742 .getPackageUidAsUser(delegatePackage, userId); 5743 } catch(NameNotFoundException e) { 5744 } 5745 if (uid != callingUid) { 5746 throw new SecurityException("Caller with uid " + callingUid + " is not " 5747 + delegatePackage); 5748 } 5749 } 5750 final DevicePolicyData policy = getUserData(userId); 5751 // Retrieve the scopes assigned to delegatePackage, or null if no scope was given. 5752 final List<String> scopes = policy.mDelegationMap.get(delegatePackage); 5753 return scopes == null ? Collections.EMPTY_LIST : scopes; 5754 } 5755 } 5756 5757 /** 5758 * Get a list of packages that were given a specific delegation scopes by a device owner or 5759 * profile owner. 5760 * 5761 * @param who the device owner or profile owner. 5762 * @param scope the scope whose delegates are to be retrieved. 5763 * @return a list of the delegate packages currently given the {@code scope} delegation. 5764 */ 5765 @NonNull 5766 public List<String> getDelegatePackages(ComponentName who, String scope) 5767 throws SecurityException { 5768 Preconditions.checkNotNull(who, "ComponentName is null"); 5769 Preconditions.checkNotNull(scope, "Scope is null"); 5770 if (!Arrays.asList(DELEGATIONS).contains(scope)) { 5771 throw new IllegalArgumentException("Unexpected delegation scope: " + scope); 5772 } 5773 5774 // Retrieve the user ID of the calling process. 5775 final int userId = mInjector.userHandleGetCallingUserId(); 5776 synchronized (this) { 5777 // Ensure calling process is device/profile owner. 5778 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5779 final DevicePolicyData policy = getUserData(userId); 5780 5781 // Create a list to hold the resulting delegate packages. 5782 final List<String> delegatePackagesWithScope = new ArrayList<>(); 5783 // Add all delegations containing scope to the result list. 5784 for (int i = 0; i < policy.mDelegationMap.size(); i++) { 5785 if (policy.mDelegationMap.valueAt(i).contains(scope)) { 5786 delegatePackagesWithScope.add(policy.mDelegationMap.keyAt(i)); 5787 } 5788 } 5789 return delegatePackagesWithScope; 5790 } 5791 } 5792 5793 /** 5794 * Check whether a caller application has been delegated a given scope via 5795 * {@link #setDelegatedScopes} to access privileged APIs on the behalf of a profile owner or 5796 * device owner. 5797 * <p> 5798 * This is done by checking that {@code callerPackage} was granted {@code scope} delegation and 5799 * then comparing the calling UID with the UID of {@code callerPackage} as reported by 5800 * {@link PackageManager#getPackageUidAsUser}. 5801 * 5802 * @param callerPackage the name of the package that is trying to invoke a function in the DPMS. 5803 * @param scope the delegation scope to be checked. 5804 * @return {@code true} if the calling process is a delegate of {@code scope}. 5805 */ 5806 private boolean isCallerDelegate(String callerPackage, String scope) { 5807 Preconditions.checkNotNull(callerPackage, "callerPackage is null"); 5808 if (!Arrays.asList(DELEGATIONS).contains(scope)) { 5809 throw new IllegalArgumentException("Unexpected delegation scope: " + scope); 5810 } 5811 5812 // Retrieve the UID and user ID of the calling process. 5813 final int callingUid = mInjector.binderGetCallingUid(); 5814 final int userId = UserHandle.getUserId(callingUid); 5815 synchronized (this) { 5816 // Retrieve user policy data. 5817 final DevicePolicyData policy = getUserData(userId); 5818 // Retrieve the list of delegation scopes granted to callerPackage. 5819 final List<String> scopes = policy.mDelegationMap.get(callerPackage); 5820 // Check callingUid only if callerPackage has the required scope delegation. 5821 if (scopes != null && scopes.contains(scope)) { 5822 try { 5823 // Retrieve the expected UID for callerPackage. 5824 final int uid = mInjector.getPackageManager() 5825 .getPackageUidAsUser(callerPackage, userId); 5826 // Return true if the caller is actually callerPackage. 5827 return uid == callingUid; 5828 } catch (NameNotFoundException e) { 5829 // Ignore. 5830 } 5831 } 5832 return false; 5833 } 5834 } 5835 5836 /** 5837 * Throw a security exception if a ComponentName is given and it is not a device/profile owner 5838 * or if the calling process is not a delegate of the given scope. 5839 * 5840 * @param who the device owner of profile owner, or null if {@code callerPackage} is a 5841 * {@code scope} delegate. 5842 * @param callerPackage the name of the calling package. Required if {@code who} is 5843 * {@code null}. 5844 * @param reqPolicy the policy used in the API whose access permission is being checked. 5845 * @param scope the delegation scope corresponding to the API being checked. 5846 * @throws SecurityException if {@code who} is given and is not an owner for {@code reqPolicy}; 5847 * or when {@code who} is {@code null} and {@code callerPackage} is not a delegate 5848 * of {@code scope}. 5849 */ 5850 private void enforceCanManageScope(ComponentName who, String callerPackage, int reqPolicy, 5851 String scope) { 5852 // If a ComponentName is given ensure it is a device or profile owner according to policy. 5853 if (who != null) { 5854 synchronized (this) { 5855 getActiveAdminForCallerLocked(who, reqPolicy); 5856 } 5857 // If no ComponentName is given ensure calling process has scope delegation. 5858 } else if (!isCallerDelegate(callerPackage, scope)) { 5859 throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() 5860 + " is not a delegate of scope " + scope + "."); 5861 } 5862 } 5863 5864 /** 5865 * Helper function to preserve delegation behavior pre-O when using the deprecated functions 5866 * {@code #setCertInstallerPackage} and {@code #setApplicationRestrictionsManagingPackage}. 5867 */ 5868 private void setDelegatedScopePreO(ComponentName who, 5869 String delegatePackage, String scope) { 5870 Preconditions.checkNotNull(who, "ComponentName is null"); 5871 5872 final int userId = mInjector.userHandleGetCallingUserId(); 5873 synchronized(this) { 5874 // Ensure calling process is device/profile owner. 5875 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5876 final DevicePolicyData policy = getUserData(userId); 5877 5878 if (delegatePackage != null) { 5879 // Set package as a delegate for scope if it is not already one. 5880 List<String> scopes = policy.mDelegationMap.get(delegatePackage); 5881 if (scopes == null) { 5882 scopes = new ArrayList<>(); 5883 } 5884 if (!scopes.contains(scope)) { 5885 scopes.add(scope); 5886 setDelegatedScopes(who, delegatePackage, scopes); 5887 } 5888 } 5889 5890 // Clear any existing scope delegates. 5891 for (int i = 0; i < policy.mDelegationMap.size(); i++) { 5892 final String currentPackage = policy.mDelegationMap.keyAt(i); 5893 final List<String> currentScopes = policy.mDelegationMap.valueAt(i); 5894 5895 if (!currentPackage.equals(delegatePackage) && currentScopes.contains(scope)) { 5896 final List<String> newScopes = new ArrayList(currentScopes); 5897 newScopes.remove(scope); 5898 setDelegatedScopes(who, currentPackage, newScopes); 5899 } 5900 } 5901 } 5902 } 5903 5904 @Override 5905 public void setCertInstallerPackage(ComponentName who, String installerPackage) 5906 throws SecurityException { 5907 setDelegatedScopePreO(who, installerPackage, DELEGATION_CERT_INSTALL); 5908 } 5909 5910 @Override 5911 public String getCertInstallerPackage(ComponentName who) throws SecurityException { 5912 final List<String> delegatePackages = getDelegatePackages(who, DELEGATION_CERT_INSTALL); 5913 return delegatePackages.size() > 0 ? delegatePackages.get(0) : null; 5914 } 5915 5916 /** 5917 * @return {@code true} if the package is installed and set as always-on, {@code false} if it is 5918 * not installed and therefore not available. 5919 * 5920 * @throws SecurityException if the caller is not a profile or device owner. 5921 * @throws UnsupportedOperationException if the package does not support being set as always-on. 5922 */ 5923 @Override 5924 public boolean setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage, boolean lockdown) 5925 throws SecurityException { 5926 enforceProfileOrDeviceOwner(admin); 5927 5928 final int userId = mInjector.userHandleGetCallingUserId(); 5929 final long token = mInjector.binderClearCallingIdentity(); 5930 try { 5931 if (vpnPackage != null && !isPackageInstalledForUser(vpnPackage, userId)) { 5932 return false; 5933 } 5934 ConnectivityManager connectivityManager = (ConnectivityManager) 5935 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 5936 if (!connectivityManager.setAlwaysOnVpnPackageForUser(userId, vpnPackage, lockdown)) { 5937 throw new UnsupportedOperationException(); 5938 } 5939 } finally { 5940 mInjector.binderRestoreCallingIdentity(token); 5941 } 5942 return true; 5943 } 5944 5945 @Override 5946 public String getAlwaysOnVpnPackage(ComponentName admin) 5947 throws SecurityException { 5948 enforceProfileOrDeviceOwner(admin); 5949 5950 final int userId = mInjector.userHandleGetCallingUserId(); 5951 final long token = mInjector.binderClearCallingIdentity(); 5952 try{ 5953 ConnectivityManager connectivityManager = (ConnectivityManager) 5954 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 5955 return connectivityManager.getAlwaysOnVpnPackageForUser(userId); 5956 } finally { 5957 mInjector.binderRestoreCallingIdentity(token); 5958 } 5959 } 5960 5961 private void forceWipeDeviceNoLock(boolean wipeExtRequested, String reason, boolean wipeEuicc) { 5962 wtfIfInLock(); 5963 5964 if (wipeExtRequested) { 5965 StorageManager sm = (StorageManager) mContext.getSystemService( 5966 Context.STORAGE_SERVICE); 5967 sm.wipeAdoptableDisks(); 5968 } 5969 try { 5970 mInjector.recoverySystemRebootWipeUserData( 5971 /*shutdown=*/ false, reason, /*force=*/ true, /*wipeEuicc=*/ wipeEuicc); 5972 } catch (IOException | SecurityException e) { 5973 Slog.w(LOG_TAG, "Failed requesting data wipe", e); 5974 } 5975 } 5976 5977 private void forceWipeUser(int userId, String wipeReasonForUser) { 5978 try { 5979 IActivityManager am = mInjector.getIActivityManager(); 5980 if (am.getCurrentUser().id == userId) { 5981 am.switchUser(UserHandle.USER_SYSTEM); 5982 } 5983 5984 boolean userRemoved = mUserManagerInternal.removeUserEvenWhenDisallowed(userId); 5985 if (!userRemoved) { 5986 Slog.w(LOG_TAG, "Couldn't remove user " + userId); 5987 } else if (isManagedProfile(userId)) { 5988 sendWipeProfileNotification(wipeReasonForUser); 5989 } 5990 } catch (RemoteException re) { 5991 // Shouldn't happen 5992 } 5993 } 5994 5995 @Override 5996 public void wipeDataWithReason(int flags, String wipeReasonForUser) { 5997 if (!mHasFeature) { 5998 return; 5999 } 6000 Preconditions.checkStringNotEmpty(wipeReasonForUser, "wipeReasonForUser is null or empty"); 6001 enforceFullCrossUsersPermission(mInjector.userHandleGetCallingUserId()); 6002 6003 final ActiveAdmin admin; 6004 synchronized (this) { 6005 admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA); 6006 } 6007 String internalReason = "DevicePolicyManager.wipeDataWithReason() from " 6008 + admin.info.getComponent().flattenToShortString(); 6009 wipeDataNoLock( 6010 admin.info.getComponent(), flags, internalReason, wipeReasonForUser, 6011 admin.getUserHandle().getIdentifier()); 6012 } 6013 6014 private void wipeDataNoLock(ComponentName admin, int flags, String internalReason, 6015 String wipeReasonForUser, int userId) { 6016 wtfIfInLock(); 6017 6018 long ident = mInjector.binderClearCallingIdentity(); 6019 try { 6020 // First check whether the admin is allowed to wipe the device/user/profile. 6021 final String restriction; 6022 if (userId == UserHandle.USER_SYSTEM) { 6023 restriction = UserManager.DISALLOW_FACTORY_RESET; 6024 } else if (isManagedProfile(userId)) { 6025 restriction = UserManager.DISALLOW_REMOVE_MANAGED_PROFILE; 6026 } else { 6027 restriction = UserManager.DISALLOW_REMOVE_USER; 6028 } 6029 if (isAdminAffectedByRestriction(admin, restriction, userId)) { 6030 throw new SecurityException("Cannot wipe data. " + restriction 6031 + " restriction is set for user " + userId); 6032 } 6033 6034 if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) { 6035 if (!isDeviceOwner(admin, userId)) { 6036 throw new SecurityException( 6037 "Only device owner admins can set WIPE_RESET_PROTECTION_DATA"); 6038 } 6039 PersistentDataBlockManager manager = (PersistentDataBlockManager) 6040 mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 6041 if (manager != null) { 6042 manager.wipe(); 6043 } 6044 } 6045 6046 // TODO If split user is enabled and the device owner is set in the primary user 6047 // (rather than system), we should probably trigger factory reset. Current code just 6048 // removes that user (but still clears FRP...) 6049 if (userId == UserHandle.USER_SYSTEM) { 6050 forceWipeDeviceNoLock(/*wipeExtRequested=*/ ( 6051 flags & WIPE_EXTERNAL_STORAGE) != 0, 6052 internalReason, 6053 /*wipeEuicc=*/ (flags & WIPE_EUICC) != 0); 6054 } else { 6055 forceWipeUser(userId, wipeReasonForUser); 6056 } 6057 } finally { 6058 mInjector.binderRestoreCallingIdentity(ident); 6059 } 6060 } 6061 6062 private void sendWipeProfileNotification(String wipeReasonForUser) { 6063 Notification notification = 6064 new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) 6065 .setSmallIcon(android.R.drawable.stat_sys_warning) 6066 .setContentTitle(mContext.getString(R.string.work_profile_deleted)) 6067 .setContentText(wipeReasonForUser) 6068 .setColor(mContext.getColor(R.color.system_notification_accent_color)) 6069 .setStyle(new Notification.BigTextStyle().bigText(wipeReasonForUser)) 6070 .build(); 6071 mInjector.getNotificationManager().notify(SystemMessage.NOTE_PROFILE_WIPED, notification); 6072 } 6073 6074 private void clearWipeProfileNotification() { 6075 mInjector.getNotificationManager().cancel(SystemMessage.NOTE_PROFILE_WIPED); 6076 } 6077 6078 @Override 6079 public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) { 6080 if (!mHasFeature) { 6081 return; 6082 } 6083 enforceFullCrossUsersPermission(userHandle); 6084 mContext.enforceCallingOrSelfPermission( 6085 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6086 6087 synchronized (this) { 6088 ActiveAdmin admin = getActiveAdminUncheckedLocked(comp, userHandle); 6089 if (admin == null) { 6090 result.sendResult(null); 6091 return; 6092 } 6093 Intent intent = new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED); 6094 intent.setFlags(Intent.FLAG_RECEIVER_FOREGROUND); 6095 intent.setComponent(admin.info.getComponent()); 6096 mContext.sendOrderedBroadcastAsUser(intent, new UserHandle(userHandle), 6097 null, new BroadcastReceiver() { 6098 @Override 6099 public void onReceive(Context context, Intent intent) { 6100 result.sendResult(getResultExtras(false)); 6101 } 6102 }, null, Activity.RESULT_OK, null, null); 6103 } 6104 } 6105 6106 /** 6107 * Notify DPMS regarding the metric of the current password. This happens when the user changes 6108 * the password, but also when the user just unlocks the keyguard. In comparison, 6109 * reportPasswordChanged() is only called when the user changes the password. 6110 */ 6111 @Override 6112 public void setActivePasswordState(PasswordMetrics metrics, int userHandle) { 6113 if (!mHasFeature) { 6114 return; 6115 } 6116 enforceFullCrossUsersPermission(userHandle); 6117 mContext.enforceCallingOrSelfPermission( 6118 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6119 6120 // If the managed profile doesn't have a separate password, set the metrics to default 6121 if (isManagedProfile(userHandle) && !isSeparateProfileChallengeEnabled(userHandle)) { 6122 metrics = new PasswordMetrics(); 6123 } 6124 6125 validateQualityConstant(metrics.quality); 6126 DevicePolicyData policy = getUserData(userHandle); 6127 synchronized (this) { 6128 policy.mActivePasswordMetrics = metrics; 6129 policy.mPasswordStateHasBeenSetSinceBoot = true; 6130 } 6131 } 6132 6133 @Override 6134 public void reportPasswordChanged(@UserIdInt int userId) { 6135 if (!mHasFeature) { 6136 return; 6137 } 6138 enforceFullCrossUsersPermission(userId); 6139 6140 // Managed Profile password can only be changed when it has a separate challenge. 6141 if (!isSeparateProfileChallengeEnabled(userId)) { 6142 enforceNotManagedProfile(userId, "set the active password"); 6143 } 6144 6145 mContext.enforceCallingOrSelfPermission( 6146 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6147 6148 DevicePolicyData policy = getUserData(userId); 6149 6150 long ident = mInjector.binderClearCallingIdentity(); 6151 try { 6152 synchronized (this) { 6153 policy.mFailedPasswordAttempts = 0; 6154 updatePasswordValidityCheckpointLocked(userId, /* parent */ false); 6155 updatePasswordExpirationsLocked(userId); 6156 setExpirationAlarmCheckLocked(mContext, userId, /* parent */ false); 6157 6158 // Send a broadcast to each profile using this password as its primary unlock. 6159 sendAdminCommandForLockscreenPoliciesLocked( 6160 DeviceAdminReceiver.ACTION_PASSWORD_CHANGED, 6161 DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userId); 6162 } 6163 removeCaApprovalsIfNeeded(userId); 6164 } finally { 6165 mInjector.binderRestoreCallingIdentity(ident); 6166 } 6167 } 6168 6169 /** 6170 * Called any time the device password is updated. Resets all password expiration clocks. 6171 */ 6172 private void updatePasswordExpirationsLocked(int userHandle) { 6173 ArraySet<Integer> affectedUserIds = new ArraySet<Integer>(); 6174 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 6175 userHandle, /* parent */ false); 6176 final int N = admins.size(); 6177 for (int i = 0; i < N; i++) { 6178 ActiveAdmin admin = admins.get(i); 6179 if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) { 6180 affectedUserIds.add(admin.getUserHandle().getIdentifier()); 6181 long timeout = admin.passwordExpirationTimeout; 6182 long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L; 6183 admin.passwordExpirationDate = expiration; 6184 } 6185 } 6186 for (int affectedUserId : affectedUserIds) { 6187 saveSettingsLocked(affectedUserId); 6188 } 6189 } 6190 6191 @Override 6192 public void reportFailedPasswordAttempt(int userHandle) { 6193 enforceFullCrossUsersPermission(userHandle); 6194 if (!isSeparateProfileChallengeEnabled(userHandle)) { 6195 enforceNotManagedProfile(userHandle, 6196 "report failed password attempt if separate profile challenge is not in place"); 6197 } 6198 mContext.enforceCallingOrSelfPermission( 6199 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6200 6201 boolean wipeData = false; 6202 ActiveAdmin strictestAdmin = null; 6203 final long ident = mInjector.binderClearCallingIdentity(); 6204 try { 6205 synchronized (this) { 6206 DevicePolicyData policy = getUserData(userHandle); 6207 policy.mFailedPasswordAttempts++; 6208 saveSettingsLocked(userHandle); 6209 if (mHasFeature) { 6210 strictestAdmin = getAdminWithMinimumFailedPasswordsForWipeLocked( 6211 userHandle, /* parent */ false); 6212 int max = strictestAdmin != null 6213 ? strictestAdmin.maximumFailedPasswordsForWipe : 0; 6214 if (max > 0 && policy.mFailedPasswordAttempts >= max) { 6215 wipeData = true; 6216 } 6217 6218 sendAdminCommandForLockscreenPoliciesLocked( 6219 DeviceAdminReceiver.ACTION_PASSWORD_FAILED, 6220 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle); 6221 } 6222 } 6223 } finally { 6224 mInjector.binderRestoreCallingIdentity(ident); 6225 } 6226 6227 if (wipeData && strictestAdmin != null) { 6228 final int userId = strictestAdmin.getUserHandle().getIdentifier(); 6229 Slog.i(LOG_TAG, "Max failed password attempts policy reached for admin: " 6230 + strictestAdmin.info.getComponent().flattenToShortString() 6231 + ". Calling wipeData for user " + userId); 6232 6233 // Attempt to wipe the device/user/profile associated with the admin, as if the 6234 // admin had called wipeData(). That way we can check whether the admin is actually 6235 // allowed to wipe the device (e.g. a regular device admin shouldn't be able to wipe the 6236 // device if the device owner has set DISALLOW_FACTORY_RESET, but the DO should be 6237 // able to do so). 6238 // IMPORTANT: Call without holding the lock to prevent deadlock. 6239 try { 6240 String wipeReasonForUser = mContext.getString( 6241 R.string.work_profile_deleted_reason_maximum_password_failure); 6242 wipeDataNoLock(strictestAdmin.info.getComponent(), 6243 /*flags=*/ 0, 6244 /*reason=*/ "reportFailedPasswordAttempt()", 6245 wipeReasonForUser, 6246 userId); 6247 } catch (SecurityException e) { 6248 Slog.w(LOG_TAG, "Failed to wipe user " + userId 6249 + " after max failed password attempts reached.", e); 6250 } 6251 } 6252 6253 if (mInjector.securityLogIsLoggingEnabled()) { 6254 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, 6255 /*result*/ 0, /*method strength*/ 1); 6256 } 6257 } 6258 6259 @Override 6260 public void reportSuccessfulPasswordAttempt(int userHandle) { 6261 enforceFullCrossUsersPermission(userHandle); 6262 mContext.enforceCallingOrSelfPermission( 6263 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6264 6265 synchronized (this) { 6266 DevicePolicyData policy = getUserData(userHandle); 6267 if (policy.mFailedPasswordAttempts != 0 || policy.mPasswordOwner >= 0) { 6268 long ident = mInjector.binderClearCallingIdentity(); 6269 try { 6270 policy.mFailedPasswordAttempts = 0; 6271 policy.mPasswordOwner = -1; 6272 saveSettingsLocked(userHandle); 6273 if (mHasFeature) { 6274 sendAdminCommandForLockscreenPoliciesLocked( 6275 DeviceAdminReceiver.ACTION_PASSWORD_SUCCEEDED, 6276 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle); 6277 } 6278 } finally { 6279 mInjector.binderRestoreCallingIdentity(ident); 6280 } 6281 } 6282 } 6283 6284 if (mInjector.securityLogIsLoggingEnabled()) { 6285 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1, 6286 /*method strength*/ 1); 6287 } 6288 } 6289 6290 @Override 6291 public void reportFailedFingerprintAttempt(int userHandle) { 6292 enforceFullCrossUsersPermission(userHandle); 6293 mContext.enforceCallingOrSelfPermission( 6294 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6295 if (mInjector.securityLogIsLoggingEnabled()) { 6296 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0, 6297 /*method strength*/ 0); 6298 } 6299 } 6300 6301 @Override 6302 public void reportSuccessfulFingerprintAttempt(int userHandle) { 6303 enforceFullCrossUsersPermission(userHandle); 6304 mContext.enforceCallingOrSelfPermission( 6305 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6306 if (mInjector.securityLogIsLoggingEnabled()) { 6307 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1, 6308 /*method strength*/ 0); 6309 } 6310 } 6311 6312 @Override 6313 public void reportKeyguardDismissed(int userHandle) { 6314 enforceFullCrossUsersPermission(userHandle); 6315 mContext.enforceCallingOrSelfPermission( 6316 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6317 6318 if (mInjector.securityLogIsLoggingEnabled()) { 6319 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED); 6320 } 6321 } 6322 6323 @Override 6324 public void reportKeyguardSecured(int userHandle) { 6325 enforceFullCrossUsersPermission(userHandle); 6326 mContext.enforceCallingOrSelfPermission( 6327 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 6328 6329 if (mInjector.securityLogIsLoggingEnabled()) { 6330 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED); 6331 } 6332 } 6333 6334 @Override 6335 public ComponentName setGlobalProxy(ComponentName who, String proxySpec, 6336 String exclusionList) { 6337 if (!mHasFeature) { 6338 return null; 6339 } 6340 synchronized(this) { 6341 Preconditions.checkNotNull(who, "ComponentName is null"); 6342 6343 // Only check if system user has set global proxy. We don't allow other users to set it. 6344 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6345 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 6346 DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); 6347 6348 // Scan through active admins and find if anyone has already 6349 // set the global proxy. 6350 Set<ComponentName> compSet = policy.mAdminMap.keySet(); 6351 for (ComponentName component : compSet) { 6352 ActiveAdmin ap = policy.mAdminMap.get(component); 6353 if ((ap.specifiesGlobalProxy) && (!component.equals(who))) { 6354 // Another admin already sets the global proxy 6355 // Return it to the caller. 6356 return component; 6357 } 6358 } 6359 6360 // If the user is not system, don't set the global proxy. Fail silently. 6361 if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) { 6362 Slog.w(LOG_TAG, "Only the owner is allowed to set the global proxy. User " 6363 + UserHandle.getCallingUserId() + " is not permitted."); 6364 return null; 6365 } 6366 if (proxySpec == null) { 6367 admin.specifiesGlobalProxy = false; 6368 admin.globalProxySpec = null; 6369 admin.globalProxyExclusionList = null; 6370 } else { 6371 6372 admin.specifiesGlobalProxy = true; 6373 admin.globalProxySpec = proxySpec; 6374 admin.globalProxyExclusionList = exclusionList; 6375 } 6376 6377 // Reset the global proxy accordingly 6378 // Do this using system permissions, as apps cannot write to secure settings 6379 long origId = mInjector.binderClearCallingIdentity(); 6380 try { 6381 resetGlobalProxyLocked(policy); 6382 } finally { 6383 mInjector.binderRestoreCallingIdentity(origId); 6384 } 6385 return null; 6386 } 6387 } 6388 6389 @Override 6390 public ComponentName getGlobalProxyAdmin(int userHandle) { 6391 if (!mHasFeature) { 6392 return null; 6393 } 6394 enforceFullCrossUsersPermission(userHandle); 6395 synchronized(this) { 6396 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6397 // Scan through active admins and find if anyone has already 6398 // set the global proxy. 6399 final int N = policy.mAdminList.size(); 6400 for (int i = 0; i < N; i++) { 6401 ActiveAdmin ap = policy.mAdminList.get(i); 6402 if (ap.specifiesGlobalProxy) { 6403 // Device admin sets the global proxy 6404 // Return it to the caller. 6405 return ap.info.getComponent(); 6406 } 6407 } 6408 } 6409 // No device admin sets the global proxy. 6410 return null; 6411 } 6412 6413 @Override 6414 public void setRecommendedGlobalProxy(ComponentName who, ProxyInfo proxyInfo) { 6415 synchronized (this) { 6416 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6417 } 6418 long token = mInjector.binderClearCallingIdentity(); 6419 try { 6420 ConnectivityManager connectivityManager = (ConnectivityManager) 6421 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 6422 connectivityManager.setGlobalProxy(proxyInfo); 6423 } finally { 6424 mInjector.binderRestoreCallingIdentity(token); 6425 } 6426 } 6427 6428 private void resetGlobalProxyLocked(DevicePolicyData policy) { 6429 final int N = policy.mAdminList.size(); 6430 for (int i = 0; i < N; i++) { 6431 ActiveAdmin ap = policy.mAdminList.get(i); 6432 if (ap.specifiesGlobalProxy) { 6433 saveGlobalProxyLocked(ap.globalProxySpec, ap.globalProxyExclusionList); 6434 return; 6435 } 6436 } 6437 // No device admins defining global proxies - reset global proxy settings to none 6438 saveGlobalProxyLocked(null, null); 6439 } 6440 6441 private void saveGlobalProxyLocked(String proxySpec, String exclusionList) { 6442 if (exclusionList == null) { 6443 exclusionList = ""; 6444 } 6445 if (proxySpec == null) { 6446 proxySpec = ""; 6447 } 6448 // Remove white spaces 6449 proxySpec = proxySpec.trim(); 6450 String data[] = proxySpec.split(":"); 6451 int proxyPort = 8080; 6452 if (data.length > 1) { 6453 try { 6454 proxyPort = Integer.parseInt(data[1]); 6455 } catch (NumberFormatException e) {} 6456 } 6457 exclusionList = exclusionList.trim(); 6458 6459 ProxyInfo proxyProperties = new ProxyInfo(data[0], proxyPort, exclusionList); 6460 if (!proxyProperties.isValid()) { 6461 Slog.e(LOG_TAG, "Invalid proxy properties, ignoring: " + proxyProperties.toString()); 6462 return; 6463 } 6464 mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_HOST, data[0]); 6465 mInjector.settingsGlobalPutInt(Settings.Global.GLOBAL_HTTP_PROXY_PORT, proxyPort); 6466 mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_EXCLUSION_LIST, 6467 exclusionList); 6468 } 6469 6470 /** 6471 * Called by an application that is administering the device to request that the storage system 6472 * be encrypted. Does nothing if the caller is on a secondary user or a managed profile. 6473 * 6474 * @return the new total request status (for all admins), or {@link 6475 * DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED} if called for a non-system user 6476 */ 6477 @Override 6478 public int setStorageEncryption(ComponentName who, boolean encrypt) { 6479 if (!mHasFeature) { 6480 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6481 } 6482 Preconditions.checkNotNull(who, "ComponentName is null"); 6483 final int userHandle = UserHandle.getCallingUserId(); 6484 synchronized (this) { 6485 // Check for permissions 6486 // Only system user can set storage encryption 6487 if (userHandle != UserHandle.USER_SYSTEM) { 6488 Slog.w(LOG_TAG, "Only owner/system user is allowed to set storage encryption. User " 6489 + UserHandle.getCallingUserId() + " is not permitted."); 6490 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6491 } 6492 6493 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6494 DeviceAdminInfo.USES_ENCRYPTED_STORAGE); 6495 6496 // Quick exit: If the filesystem does not support encryption, we can exit early. 6497 if (!isEncryptionSupported()) { 6498 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6499 } 6500 6501 // (1) Record the value for the admin so it's sticky 6502 if (ap.encryptionRequested != encrypt) { 6503 ap.encryptionRequested = encrypt; 6504 saveSettingsLocked(userHandle); 6505 } 6506 6507 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6508 // (2) Compute "max" for all admins 6509 boolean newRequested = false; 6510 final int N = policy.mAdminList.size(); 6511 for (int i = 0; i < N; i++) { 6512 newRequested |= policy.mAdminList.get(i).encryptionRequested; 6513 } 6514 6515 // Notify OS of new request 6516 setEncryptionRequested(newRequested); 6517 6518 // Return the new global request status 6519 return newRequested 6520 ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE 6521 : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; 6522 } 6523 } 6524 6525 /** 6526 * Get the current storage encryption request status for a given admin, or aggregate of all 6527 * active admins. 6528 */ 6529 @Override 6530 public boolean getStorageEncryption(ComponentName who, int userHandle) { 6531 if (!mHasFeature) { 6532 return false; 6533 } 6534 enforceFullCrossUsersPermission(userHandle); 6535 synchronized (this) { 6536 // Check for permissions if a particular caller is specified 6537 if (who != null) { 6538 // When checking for a single caller, status is based on caller's request 6539 ActiveAdmin ap = getActiveAdminUncheckedLocked(who, userHandle); 6540 return ap != null ? ap.encryptionRequested : false; 6541 } 6542 6543 // If no particular caller is specified, return the aggregate set of requests. 6544 // This is short circuited by returning true on the first hit. 6545 DevicePolicyData policy = getUserData(userHandle); 6546 final int N = policy.mAdminList.size(); 6547 for (int i = 0; i < N; i++) { 6548 if (policy.mAdminList.get(i).encryptionRequested) { 6549 return true; 6550 } 6551 } 6552 return false; 6553 } 6554 } 6555 6556 /** 6557 * Get the current encryption status of the device. 6558 */ 6559 @Override 6560 public int getStorageEncryptionStatus(@Nullable String callerPackage, int userHandle) { 6561 if (!mHasFeature) { 6562 // Ok to return current status. 6563 } 6564 enforceFullCrossUsersPermission(userHandle); 6565 6566 // It's not critical here, but let's make sure the package name is correct, in case 6567 // we start using it for different purposes. 6568 ensureCallerPackage(callerPackage); 6569 6570 final ApplicationInfo ai; 6571 try { 6572 ai = mIPackageManager.getApplicationInfo(callerPackage, 0, userHandle); 6573 } catch (RemoteException e) { 6574 throw new SecurityException(e); 6575 } 6576 6577 boolean legacyApp = false; 6578 if (ai.targetSdkVersion <= Build.VERSION_CODES.M) { 6579 legacyApp = true; 6580 } 6581 6582 final int rawStatus = getEncryptionStatus(); 6583 if ((rawStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER) && legacyApp) { 6584 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE; 6585 } 6586 return rawStatus; 6587 } 6588 6589 /** 6590 * Hook to low-levels: This should report if the filesystem supports encrypted storage. 6591 */ 6592 private boolean isEncryptionSupported() { 6593 // Note, this can be implemented as 6594 // return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6595 // But is provided as a separate internal method if there's a faster way to do a 6596 // simple check for supported-or-not. 6597 return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6598 } 6599 6600 /** 6601 * Hook to low-levels: Reporting the current status of encryption. 6602 * @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED}, 6603 * {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE}, 6604 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY}, 6605 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER}, or 6606 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}. 6607 */ 6608 private int getEncryptionStatus() { 6609 if (mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 6610 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER; 6611 } else if (mInjector.storageManagerIsNonDefaultBlockEncrypted()) { 6612 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE; 6613 } else if (mInjector.storageManagerIsEncrypted()) { 6614 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY; 6615 } else if (mInjector.storageManagerIsEncryptable()) { 6616 return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; 6617 } else { 6618 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6619 } 6620 } 6621 6622 /** 6623 * Hook to low-levels: If needed, record the new admin setting for encryption. 6624 */ 6625 private void setEncryptionRequested(boolean encrypt) { 6626 } 6627 6628 /** 6629 * Set whether the screen capture is disabled for the user managed by the specified admin. 6630 */ 6631 @Override 6632 public void setScreenCaptureDisabled(ComponentName who, boolean disabled) { 6633 if (!mHasFeature) { 6634 return; 6635 } 6636 Preconditions.checkNotNull(who, "ComponentName is null"); 6637 final int userHandle = UserHandle.getCallingUserId(); 6638 synchronized (this) { 6639 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6640 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 6641 if (ap.disableScreenCapture != disabled) { 6642 ap.disableScreenCapture = disabled; 6643 saveSettingsLocked(userHandle); 6644 updateScreenCaptureDisabled(userHandle, disabled); 6645 } 6646 } 6647 } 6648 6649 /** 6650 * Returns whether or not screen capture is disabled for a given admin, or disabled for any 6651 * active admin (if given admin is null). 6652 */ 6653 @Override 6654 public boolean getScreenCaptureDisabled(ComponentName who, int userHandle) { 6655 if (!mHasFeature) { 6656 return false; 6657 } 6658 synchronized (this) { 6659 if (who != null) { 6660 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 6661 return (admin != null) ? admin.disableScreenCapture : false; 6662 } 6663 6664 DevicePolicyData policy = getUserData(userHandle); 6665 final int N = policy.mAdminList.size(); 6666 for (int i = 0; i < N; i++) { 6667 ActiveAdmin admin = policy.mAdminList.get(i); 6668 if (admin.disableScreenCapture) { 6669 return true; 6670 } 6671 } 6672 return false; 6673 } 6674 } 6675 6676 private void updateScreenCaptureDisabled(int userHandle, boolean disabled) { 6677 mPolicyCache.setScreenCaptureDisabled(userHandle, disabled); 6678 mHandler.post(new Runnable() { 6679 @Override 6680 public void run() { 6681 try { 6682 mInjector.getIWindowManager().refreshScreenCaptureDisabled(userHandle); 6683 } catch (RemoteException e) { 6684 Log.w(LOG_TAG, "Unable to notify WindowManager.", e); 6685 } 6686 } 6687 }); 6688 } 6689 6690 /** 6691 * Set whether auto time is required by the specified admin (must be device or profile owner). 6692 */ 6693 @Override 6694 public void setAutoTimeRequired(ComponentName who, boolean required) { 6695 if (!mHasFeature) { 6696 return; 6697 } 6698 Preconditions.checkNotNull(who, "ComponentName is null"); 6699 final int userHandle = UserHandle.getCallingUserId(); 6700 synchronized (this) { 6701 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 6702 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 6703 if (admin.requireAutoTime != required) { 6704 admin.requireAutoTime = required; 6705 saveSettingsLocked(userHandle); 6706 } 6707 } 6708 6709 // Turn AUTO_TIME on in settings if it is required 6710 if (required) { 6711 long ident = mInjector.binderClearCallingIdentity(); 6712 try { 6713 mInjector.settingsGlobalPutInt(Settings.Global.AUTO_TIME, 1 /* AUTO_TIME on */); 6714 } finally { 6715 mInjector.binderRestoreCallingIdentity(ident); 6716 } 6717 } 6718 } 6719 6720 /** 6721 * Returns whether or not auto time is required by the device owner or any profile owner. 6722 */ 6723 @Override 6724 public boolean getAutoTimeRequired() { 6725 if (!mHasFeature) { 6726 return false; 6727 } 6728 synchronized (this) { 6729 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 6730 if (deviceOwner != null && deviceOwner.requireAutoTime) { 6731 // If the device owner enforces auto time, we don't need to check the PO's 6732 return true; 6733 } 6734 6735 // Now check to see if any profile owner on any user enforces auto time 6736 for (Integer userId : mOwners.getProfileOwnerKeys()) { 6737 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 6738 if (profileOwner != null && profileOwner.requireAutoTime) { 6739 return true; 6740 } 6741 } 6742 6743 return false; 6744 } 6745 } 6746 6747 @Override 6748 public void setForceEphemeralUsers(ComponentName who, boolean forceEphemeralUsers) { 6749 if (!mHasFeature) { 6750 return; 6751 } 6752 Preconditions.checkNotNull(who, "ComponentName is null"); 6753 // Allow setting this policy to true only if there is a split system user. 6754 if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) { 6755 throw new UnsupportedOperationException( 6756 "Cannot force ephemeral users on systems without split system user."); 6757 } 6758 boolean removeAllUsers = false; 6759 synchronized (this) { 6760 final ActiveAdmin deviceOwner = 6761 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6762 if (deviceOwner.forceEphemeralUsers != forceEphemeralUsers) { 6763 deviceOwner.forceEphemeralUsers = forceEphemeralUsers; 6764 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 6765 mUserManagerInternal.setForceEphemeralUsers(forceEphemeralUsers); 6766 removeAllUsers = forceEphemeralUsers; 6767 } 6768 } 6769 if (removeAllUsers) { 6770 long identitity = mInjector.binderClearCallingIdentity(); 6771 try { 6772 mUserManagerInternal.removeAllUsers(); 6773 } finally { 6774 mInjector.binderRestoreCallingIdentity(identitity); 6775 } 6776 } 6777 } 6778 6779 @Override 6780 public boolean getForceEphemeralUsers(ComponentName who) { 6781 if (!mHasFeature) { 6782 return false; 6783 } 6784 Preconditions.checkNotNull(who, "ComponentName is null"); 6785 synchronized (this) { 6786 final ActiveAdmin deviceOwner = 6787 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6788 return deviceOwner.forceEphemeralUsers; 6789 } 6790 } 6791 6792 private void ensureDeviceOwnerAndAllUsersAffiliated(ComponentName who) throws SecurityException { 6793 synchronized (this) { 6794 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6795 if (!areAllUsersAffiliatedWithDeviceLocked()) { 6796 throw new SecurityException("Not all users are affiliated."); 6797 } 6798 } 6799 } 6800 6801 @Override 6802 public boolean requestBugreport(ComponentName who) { 6803 if (!mHasFeature) { 6804 return false; 6805 } 6806 Preconditions.checkNotNull(who, "ComponentName is null"); 6807 6808 // TODO: If an unaffiliated user is removed, the admin will be able to request a bugreport 6809 // which could still contain data related to that user. Should we disallow that, e.g. until 6810 // next boot? Might not be needed given that this still requires user consent. 6811 ensureDeviceOwnerAndAllUsersAffiliated(who); 6812 6813 if (mRemoteBugreportServiceIsActive.get() 6814 || (getDeviceOwnerRemoteBugreportUri() != null)) { 6815 Slog.d(LOG_TAG, "Remote bugreport wasn't started because there's already one running."); 6816 return false; 6817 } 6818 6819 final long currentTime = System.currentTimeMillis(); 6820 synchronized (this) { 6821 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 6822 if (currentTime > policyData.mLastBugReportRequestTime) { 6823 policyData.mLastBugReportRequestTime = currentTime; 6824 saveSettingsLocked(UserHandle.USER_SYSTEM); 6825 } 6826 } 6827 6828 final long callingIdentity = mInjector.binderClearCallingIdentity(); 6829 try { 6830 mInjector.getIActivityManager().requestBugReport( 6831 ActivityManager.BUGREPORT_OPTION_REMOTE); 6832 6833 mRemoteBugreportServiceIsActive.set(true); 6834 mRemoteBugreportSharingAccepted.set(false); 6835 registerRemoteBugreportReceivers(); 6836 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, 6837 RemoteBugreportUtils.NOTIFICATION_ID, 6838 RemoteBugreportUtils.buildNotification(mContext, 6839 DevicePolicyManager.NOTIFICATION_BUGREPORT_STARTED), UserHandle.ALL); 6840 mHandler.postDelayed(mRemoteBugreportTimeoutRunnable, 6841 RemoteBugreportUtils.REMOTE_BUGREPORT_TIMEOUT_MILLIS); 6842 return true; 6843 } catch (RemoteException re) { 6844 // should never happen 6845 Slog.e(LOG_TAG, "Failed to make remote calls to start bugreportremote service", re); 6846 return false; 6847 } finally { 6848 mInjector.binderRestoreCallingIdentity(callingIdentity); 6849 } 6850 } 6851 6852 void sendDeviceOwnerCommand(String action, Bundle extras) { 6853 int deviceOwnerUserId; 6854 ComponentName deviceOwnerComponent; 6855 synchronized (this) { 6856 deviceOwnerUserId = mOwners.getDeviceOwnerUserId(); 6857 deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 6858 } 6859 sendActiveAdminCommand(action, extras, deviceOwnerUserId, 6860 deviceOwnerComponent); 6861 } 6862 6863 private void sendProfileOwnerCommand(String action, Bundle extras, int userHandle) { 6864 sendActiveAdminCommand(action, extras, userHandle, 6865 mOwners.getProfileOwnerComponent(userHandle)); 6866 } 6867 6868 private void sendActiveAdminCommand(String action, Bundle extras, 6869 int userHandle, ComponentName receiverComponent) { 6870 final Intent intent = new Intent(action); 6871 intent.setComponent(receiverComponent); 6872 if (extras != null) { 6873 intent.putExtras(extras); 6874 } 6875 mContext.sendBroadcastAsUser(intent, UserHandle.of(userHandle)); 6876 } 6877 6878 private void sendOwnerChangedBroadcast(String broadcast, int userId) { 6879 final Intent intent = new Intent(broadcast) 6880 .addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND); 6881 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 6882 } 6883 6884 private synchronized String getDeviceOwnerRemoteBugreportUri() { 6885 return mOwners.getDeviceOwnerRemoteBugreportUri(); 6886 } 6887 6888 private synchronized void setDeviceOwnerRemoteBugreportUriAndHash(String bugreportUri, 6889 String bugreportHash) { 6890 mOwners.setDeviceOwnerRemoteBugreportUriAndHash(bugreportUri, bugreportHash); 6891 } 6892 6893 private void registerRemoteBugreportReceivers() { 6894 try { 6895 IntentFilter filterFinished = new IntentFilter( 6896 DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH, 6897 RemoteBugreportUtils.BUGREPORT_MIMETYPE); 6898 mContext.registerReceiver(mRemoteBugreportFinishedReceiver, filterFinished); 6899 } catch (IntentFilter.MalformedMimeTypeException e) { 6900 // should never happen, as setting a constant 6901 Slog.w(LOG_TAG, "Failed to set type " + RemoteBugreportUtils.BUGREPORT_MIMETYPE, e); 6902 } 6903 IntentFilter filterConsent = new IntentFilter(); 6904 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED); 6905 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED); 6906 mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent); 6907 } 6908 6909 private void onBugreportFinished(Intent intent) { 6910 mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable); 6911 mRemoteBugreportServiceIsActive.set(false); 6912 Uri bugreportUri = intent.getData(); 6913 String bugreportUriString = null; 6914 if (bugreportUri != null) { 6915 bugreportUriString = bugreportUri.toString(); 6916 } 6917 String bugreportHash = intent.getStringExtra( 6918 DevicePolicyManager.EXTRA_REMOTE_BUGREPORT_HASH); 6919 if (mRemoteBugreportSharingAccepted.get()) { 6920 shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash); 6921 mInjector.getNotificationManager().cancel(LOG_TAG, 6922 RemoteBugreportUtils.NOTIFICATION_ID); 6923 } else { 6924 setDeviceOwnerRemoteBugreportUriAndHash(bugreportUriString, bugreportHash); 6925 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID, 6926 RemoteBugreportUtils.buildNotification(mContext, 6927 DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED), 6928 UserHandle.ALL); 6929 } 6930 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6931 } 6932 6933 private void onBugreportFailed() { 6934 mRemoteBugreportServiceIsActive.set(false); 6935 mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP, 6936 RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE); 6937 mRemoteBugreportSharingAccepted.set(false); 6938 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6939 mInjector.getNotificationManager().cancel(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID); 6940 Bundle extras = new Bundle(); 6941 extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON, 6942 DeviceAdminReceiver.BUGREPORT_FAILURE_FAILED_COMPLETING); 6943 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras); 6944 mContext.unregisterReceiver(mRemoteBugreportConsentReceiver); 6945 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6946 } 6947 6948 private void onBugreportSharingAccepted() { 6949 mRemoteBugreportSharingAccepted.set(true); 6950 String bugreportUriString = null; 6951 String bugreportHash = null; 6952 synchronized (this) { 6953 bugreportUriString = getDeviceOwnerRemoteBugreportUri(); 6954 bugreportHash = mOwners.getDeviceOwnerRemoteBugreportHash(); 6955 } 6956 if (bugreportUriString != null) { 6957 shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash); 6958 } else if (mRemoteBugreportServiceIsActive.get()) { 6959 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID, 6960 RemoteBugreportUtils.buildNotification(mContext, 6961 DevicePolicyManager.NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED), 6962 UserHandle.ALL); 6963 } 6964 } 6965 6966 private void onBugreportSharingDeclined() { 6967 if (mRemoteBugreportServiceIsActive.get()) { 6968 mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP, 6969 RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE); 6970 mRemoteBugreportServiceIsActive.set(false); 6971 mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable); 6972 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6973 } 6974 mRemoteBugreportSharingAccepted.set(false); 6975 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6976 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_SHARING_DECLINED, null); 6977 } 6978 6979 private void shareBugreportWithDeviceOwnerIfExists(String bugreportUriString, 6980 String bugreportHash) { 6981 ParcelFileDescriptor pfd = null; 6982 try { 6983 if (bugreportUriString == null) { 6984 throw new FileNotFoundException(); 6985 } 6986 Uri bugreportUri = Uri.parse(bugreportUriString); 6987 pfd = mContext.getContentResolver().openFileDescriptor(bugreportUri, "r"); 6988 6989 synchronized (this) { 6990 Intent intent = new Intent(DeviceAdminReceiver.ACTION_BUGREPORT_SHARE); 6991 intent.setComponent(mOwners.getDeviceOwnerComponent()); 6992 intent.setDataAndType(bugreportUri, RemoteBugreportUtils.BUGREPORT_MIMETYPE); 6993 intent.putExtra(DeviceAdminReceiver.EXTRA_BUGREPORT_HASH, bugreportHash); 6994 intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); 6995 6996 LocalServices.getService(ActivityManagerInternal.class) 6997 .grantUriPermissionFromIntent(Process.SHELL_UID, 6998 mOwners.getDeviceOwnerComponent().getPackageName(), 6999 intent, mOwners.getDeviceOwnerUserId()); 7000 mContext.sendBroadcastAsUser(intent, UserHandle.of(mOwners.getDeviceOwnerUserId())); 7001 } 7002 } catch (FileNotFoundException e) { 7003 Bundle extras = new Bundle(); 7004 extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON, 7005 DeviceAdminReceiver.BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE); 7006 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras); 7007 } finally { 7008 try { 7009 if (pfd != null) { 7010 pfd.close(); 7011 } 7012 } catch (IOException ex) { 7013 // Ignore 7014 } 7015 mRemoteBugreportSharingAccepted.set(false); 7016 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 7017 } 7018 } 7019 7020 /** 7021 * Disables all device cameras according to the specified admin. 7022 */ 7023 @Override 7024 public void setCameraDisabled(ComponentName who, boolean disabled) { 7025 if (!mHasFeature) { 7026 return; 7027 } 7028 Preconditions.checkNotNull(who, "ComponentName is null"); 7029 final int userHandle = mInjector.userHandleGetCallingUserId(); 7030 synchronized (this) { 7031 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 7032 DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA); 7033 if (ap.disableCamera != disabled) { 7034 ap.disableCamera = disabled; 7035 saveSettingsLocked(userHandle); 7036 } 7037 } 7038 // Tell the user manager that the restrictions have changed. 7039 pushUserRestrictions(userHandle); 7040 } 7041 7042 /** 7043 * Gets whether or not all device cameras are disabled for a given admin, or disabled for any 7044 * active admins. 7045 */ 7046 @Override 7047 public boolean getCameraDisabled(ComponentName who, int userHandle) { 7048 return getCameraDisabled(who, userHandle, /* mergeDeviceOwnerRestriction= */ true); 7049 } 7050 7051 private boolean getCameraDisabled(ComponentName who, int userHandle, 7052 boolean mergeDeviceOwnerRestriction) { 7053 if (!mHasFeature) { 7054 return false; 7055 } 7056 synchronized (this) { 7057 if (who != null) { 7058 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 7059 return (admin != null) ? admin.disableCamera : false; 7060 } 7061 // First, see if DO has set it. If so, it's device-wide. 7062 if (mergeDeviceOwnerRestriction) { 7063 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7064 if (deviceOwner != null && deviceOwner.disableCamera) { 7065 return true; 7066 } 7067 } 7068 7069 // Then check each device admin on the user. 7070 DevicePolicyData policy = getUserData(userHandle); 7071 // Determine whether or not the device camera is disabled for any active admins. 7072 final int N = policy.mAdminList.size(); 7073 for (int i = 0; i < N; i++) { 7074 ActiveAdmin admin = policy.mAdminList.get(i); 7075 if (admin.disableCamera) { 7076 return true; 7077 } 7078 } 7079 return false; 7080 } 7081 } 7082 7083 @Override 7084 public void setKeyguardDisabledFeatures(ComponentName who, int which, boolean parent) { 7085 if (!mHasFeature) { 7086 return; 7087 } 7088 Preconditions.checkNotNull(who, "ComponentName is null"); 7089 final int userHandle = mInjector.userHandleGetCallingUserId(); 7090 if (isManagedProfile(userHandle)) { 7091 if (parent) { 7092 which = which & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER; 7093 } else { 7094 which = which & PROFILE_KEYGUARD_FEATURES; 7095 } 7096 } 7097 synchronized (this) { 7098 ActiveAdmin ap = getActiveAdminForCallerLocked( 7099 who, DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent); 7100 if (ap.disabledKeyguardFeatures != which) { 7101 ap.disabledKeyguardFeatures = which; 7102 saveSettingsLocked(userHandle); 7103 } 7104 } 7105 if (SecurityLog.isLoggingEnabled()) { 7106 final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; 7107 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISABLED_FEATURES_SET, 7108 who.getPackageName(), userHandle, affectedUserId, which); 7109 } 7110 } 7111 7112 /** 7113 * Gets the disabled state for features in keyguard for the given admin, 7114 * or the aggregate of all active admins if who is null. 7115 */ 7116 @Override 7117 public int getKeyguardDisabledFeatures(ComponentName who, int userHandle, boolean parent) { 7118 if (!mHasFeature) { 7119 return 0; 7120 } 7121 enforceFullCrossUsersPermission(userHandle); 7122 final long ident = mInjector.binderClearCallingIdentity(); 7123 try { 7124 synchronized (this) { 7125 if (who != null) { 7126 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 7127 return (admin != null) ? admin.disabledKeyguardFeatures : 0; 7128 } 7129 7130 final List<ActiveAdmin> admins; 7131 if (!parent && isManagedProfile(userHandle)) { 7132 // If we are being asked about a managed profile, just return keyguard features 7133 // disabled by admins in the profile. 7134 admins = getUserDataUnchecked(userHandle).mAdminList; 7135 } else { 7136 // Otherwise return those set by admins in the user and its profiles. 7137 admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 7138 } 7139 7140 int which = DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE; 7141 final int N = admins.size(); 7142 for (int i = 0; i < N; i++) { 7143 ActiveAdmin admin = admins.get(i); 7144 int userId = admin.getUserHandle().getIdentifier(); 7145 boolean isRequestedUser = !parent && (userId == userHandle); 7146 if (isRequestedUser || !isManagedProfile(userId)) { 7147 // If we are being asked explicitly about this user 7148 // return all disabled features even if its a managed profile. 7149 which |= admin.disabledKeyguardFeatures; 7150 } else { 7151 // Otherwise a managed profile is only allowed to disable 7152 // some features on the parent user. 7153 which |= (admin.disabledKeyguardFeatures 7154 & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER); 7155 } 7156 } 7157 return which; 7158 } 7159 } finally { 7160 mInjector.binderRestoreCallingIdentity(ident); 7161 } 7162 } 7163 7164 @Override 7165 public void setKeepUninstalledPackages(ComponentName who, String callerPackage, 7166 List<String> packageList) { 7167 if (!mHasFeature) { 7168 return; 7169 } 7170 Preconditions.checkNotNull(packageList, "packageList is null"); 7171 final int userHandle = UserHandle.getCallingUserId(); 7172 synchronized (this) { 7173 // Ensure the caller is a DO or a keep uninstalled packages delegate. 7174 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7175 DELEGATION_KEEP_UNINSTALLED_PACKAGES); 7176 // Get the device owner 7177 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7178 // Set list of packages to be kept even if uninstalled. 7179 deviceOwner.keepUninstalledPackages = packageList; 7180 // Save settings. 7181 saveSettingsLocked(userHandle); 7182 // Notify package manager. 7183 mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList); 7184 } 7185 } 7186 7187 @Override 7188 public List<String> getKeepUninstalledPackages(ComponentName who, String callerPackage) { 7189 if (!mHasFeature) { 7190 return null; 7191 } 7192 // TODO In split system user mode, allow apps on user 0 to query the list 7193 synchronized (this) { 7194 // Ensure the caller is a DO or a keep uninstalled packages delegate. 7195 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7196 DELEGATION_KEEP_UNINSTALLED_PACKAGES); 7197 return getKeepUninstalledPackagesLocked(); 7198 } 7199 } 7200 7201 private List<String> getKeepUninstalledPackagesLocked() { 7202 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 7203 return (deviceOwner != null) ? deviceOwner.keepUninstalledPackages : null; 7204 } 7205 7206 @Override 7207 public boolean setDeviceOwner(ComponentName admin, String ownerName, int userId) { 7208 if (!mHasFeature) { 7209 return false; 7210 } 7211 if (admin == null 7212 || !isPackageInstalledForUser(admin.getPackageName(), userId)) { 7213 throw new IllegalArgumentException("Invalid component " + admin 7214 + " for device owner"); 7215 } 7216 final boolean hasIncompatibleAccountsOrNonAdb = 7217 hasIncompatibleAccountsOrNonAdbNoLock(userId, admin); 7218 synchronized (this) { 7219 enforceCanSetDeviceOwnerLocked(admin, userId, hasIncompatibleAccountsOrNonAdb); 7220 final ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(admin, userId); 7221 if (activeAdmin == null 7222 || getUserData(userId).mRemovingAdmins.contains(admin)) { 7223 throw new IllegalArgumentException("Not active admin: " + admin); 7224 } 7225 7226 // Shutting down backup manager service permanently. 7227 long ident = mInjector.binderClearCallingIdentity(); 7228 try { 7229 if (mInjector.getIBackupManager() != null) { 7230 mInjector.getIBackupManager() 7231 .setBackupServiceActive(UserHandle.USER_SYSTEM, false); 7232 } 7233 } catch (RemoteException e) { 7234 throw new IllegalStateException("Failed deactivating backup service.", e); 7235 } finally { 7236 mInjector.binderRestoreCallingIdentity(ident); 7237 } 7238 7239 if (isAdb()) { 7240 // Log device owner provisioning was started using adb. 7241 MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_DEVICE_OWNER); 7242 } 7243 7244 mOwners.setDeviceOwner(admin, ownerName, userId); 7245 mOwners.writeDeviceOwner(); 7246 updateDeviceOwnerLocked(); 7247 setDeviceOwnerSystemPropertyLocked(); 7248 7249 final Set<String> restrictions = 7250 UserRestrictionsUtils.getDefaultEnabledForDeviceOwner(); 7251 if (!restrictions.isEmpty()) { 7252 for (String restriction : restrictions) { 7253 activeAdmin.ensureUserRestrictions().putBoolean(restriction, true); 7254 } 7255 activeAdmin.defaultEnabledRestrictionsAlreadySet.addAll(restrictions); 7256 Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictions); 7257 7258 saveUserRestrictionsLocked(userId); 7259 } 7260 7261 ident = mInjector.binderClearCallingIdentity(); 7262 try { 7263 // TODO Send to system too? 7264 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, userId); 7265 } finally { 7266 mInjector.binderRestoreCallingIdentity(ident); 7267 } 7268 mDeviceAdminServiceController.startServiceForOwner( 7269 admin.getPackageName(), userId, "set-device-owner"); 7270 7271 Slog.i(LOG_TAG, "Device owner set: " + admin + " on user " + userId); 7272 return true; 7273 } 7274 } 7275 7276 @Override 7277 public boolean hasDeviceOwner() { 7278 enforceDeviceOwnerOrManageUsers(); 7279 return mOwners.hasDeviceOwner(); 7280 } 7281 7282 boolean isDeviceOwner(ActiveAdmin admin) { 7283 return isDeviceOwner(admin.info.getComponent(), admin.getUserHandle().getIdentifier()); 7284 } 7285 7286 public boolean isDeviceOwner(ComponentName who, int userId) { 7287 synchronized (this) { 7288 return mOwners.hasDeviceOwner() 7289 && mOwners.getDeviceOwnerUserId() == userId 7290 && mOwners.getDeviceOwnerComponent().equals(who); 7291 } 7292 } 7293 7294 private boolean isDeviceOwnerPackage(String packageName, int userId) { 7295 synchronized (this) { 7296 return mOwners.hasDeviceOwner() 7297 && mOwners.getDeviceOwnerUserId() == userId 7298 && mOwners.getDeviceOwnerPackageName().equals(packageName); 7299 } 7300 } 7301 7302 private boolean isProfileOwnerPackage(String packageName, int userId) { 7303 synchronized (this) { 7304 return mOwners.hasProfileOwner(userId) 7305 && mOwners.getProfileOwnerPackage(userId).equals(packageName); 7306 } 7307 } 7308 7309 public boolean isProfileOwner(ComponentName who, int userId) { 7310 final ComponentName profileOwner = getProfileOwner(userId); 7311 return who != null && who.equals(profileOwner); 7312 } 7313 7314 @Override 7315 public ComponentName getDeviceOwnerComponent(boolean callingUserOnly) { 7316 if (!mHasFeature) { 7317 return null; 7318 } 7319 if (!callingUserOnly) { 7320 enforceManageUsers(); 7321 } 7322 synchronized (this) { 7323 if (!mOwners.hasDeviceOwner()) { 7324 return null; 7325 } 7326 if (callingUserOnly && mInjector.userHandleGetCallingUserId() != 7327 mOwners.getDeviceOwnerUserId()) { 7328 return null; 7329 } 7330 return mOwners.getDeviceOwnerComponent(); 7331 } 7332 } 7333 7334 @Override 7335 public int getDeviceOwnerUserId() { 7336 if (!mHasFeature) { 7337 return UserHandle.USER_NULL; 7338 } 7339 enforceManageUsers(); 7340 synchronized (this) { 7341 return mOwners.hasDeviceOwner() ? mOwners.getDeviceOwnerUserId() : UserHandle.USER_NULL; 7342 } 7343 } 7344 7345 /** 7346 * Returns the "name" of the device owner. It'll work for non-DO users too, but requires 7347 * MANAGE_USERS. 7348 */ 7349 @Override 7350 public String getDeviceOwnerName() { 7351 if (!mHasFeature) { 7352 return null; 7353 } 7354 enforceManageUsers(); 7355 synchronized (this) { 7356 if (!mOwners.hasDeviceOwner()) { 7357 return null; 7358 } 7359 // TODO This totally ignores the name passed to setDeviceOwner (change for b/20679292) 7360 // Should setDeviceOwner/ProfileOwner still take a name? 7361 String deviceOwnerPackage = mOwners.getDeviceOwnerPackageName(); 7362 return getApplicationLabel(deviceOwnerPackage, UserHandle.USER_SYSTEM); 7363 } 7364 } 7365 7366 /** Returns the active device owner or {@code null} if there is no device owner. */ 7367 @VisibleForTesting 7368 ActiveAdmin getDeviceOwnerAdminLocked() { 7369 ComponentName component = mOwners.getDeviceOwnerComponent(); 7370 if (component == null) { 7371 return null; 7372 } 7373 7374 DevicePolicyData policy = getUserData(mOwners.getDeviceOwnerUserId()); 7375 final int n = policy.mAdminList.size(); 7376 for (int i = 0; i < n; i++) { 7377 ActiveAdmin admin = policy.mAdminList.get(i); 7378 if (component.equals(admin.info.getComponent())) { 7379 return admin; 7380 } 7381 } 7382 Slog.wtf(LOG_TAG, "Active admin for device owner not found. component=" + component); 7383 return null; 7384 } 7385 7386 @Override 7387 public void clearDeviceOwner(String packageName) { 7388 Preconditions.checkNotNull(packageName, "packageName is null"); 7389 final int callingUid = mInjector.binderGetCallingUid(); 7390 try { 7391 int uid = mInjector.getPackageManager().getPackageUidAsUser(packageName, 7392 UserHandle.getUserId(callingUid)); 7393 if (uid != callingUid) { 7394 throw new SecurityException("Invalid packageName"); 7395 } 7396 } catch (NameNotFoundException e) { 7397 throw new SecurityException(e); 7398 } 7399 synchronized (this) { 7400 final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 7401 final int deviceOwnerUserId = mOwners.getDeviceOwnerUserId(); 7402 if (!mOwners.hasDeviceOwner() 7403 || !deviceOwnerComponent.getPackageName().equals(packageName) 7404 || (deviceOwnerUserId != UserHandle.getUserId(callingUid))) { 7405 throw new SecurityException( 7406 "clearDeviceOwner can only be called by the device owner"); 7407 } 7408 enforceUserUnlocked(deviceOwnerUserId); 7409 7410 final ActiveAdmin admin = getDeviceOwnerAdminLocked(); 7411 long ident = mInjector.binderClearCallingIdentity(); 7412 try { 7413 clearDeviceOwnerLocked(admin, deviceOwnerUserId); 7414 removeActiveAdminLocked(deviceOwnerComponent, deviceOwnerUserId); 7415 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, 7416 deviceOwnerUserId); 7417 } finally { 7418 mInjector.binderRestoreCallingIdentity(ident); 7419 } 7420 Slog.i(LOG_TAG, "Device owner removed: " + deviceOwnerComponent); 7421 } 7422 } 7423 7424 private void clearOverrideApnUnchecked() { 7425 // Disable Override APNs and remove them from database. 7426 setOverrideApnsEnabledUnchecked(false); 7427 final List<ApnSetting> apns = getOverrideApnsUnchecked(); 7428 for (int i = 0; i < apns.size(); i ++) { 7429 removeOverrideApnUnchecked(apns.get(i).getId()); 7430 } 7431 } 7432 7433 private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) { 7434 mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner"); 7435 7436 if (admin != null) { 7437 admin.disableCamera = false; 7438 admin.userRestrictions = null; 7439 admin.defaultEnabledRestrictionsAlreadySet.clear(); 7440 admin.forceEphemeralUsers = false; 7441 admin.isNetworkLoggingEnabled = false; 7442 mUserManagerInternal.setForceEphemeralUsers(admin.forceEphemeralUsers); 7443 } 7444 final DevicePolicyData policyData = getUserData(userId); 7445 policyData.mCurrentInputMethodSet = false; 7446 saveSettingsLocked(userId); 7447 final DevicePolicyData systemPolicyData = getUserData(UserHandle.USER_SYSTEM); 7448 systemPolicyData.mLastSecurityLogRetrievalTime = -1; 7449 systemPolicyData.mLastBugReportRequestTime = -1; 7450 systemPolicyData.mLastNetworkLogsRetrievalTime = -1; 7451 saveSettingsLocked(UserHandle.USER_SYSTEM); 7452 clearUserPoliciesLocked(userId); 7453 clearOverrideApnUnchecked(); 7454 7455 mOwners.clearDeviceOwner(); 7456 mOwners.writeDeviceOwner(); 7457 updateDeviceOwnerLocked(); 7458 7459 clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userId)); 7460 mInjector.securityLogSetLoggingEnabledProperty(false); 7461 mSecurityLogMonitor.stop(); 7462 setNetworkLoggingActiveInternal(false); 7463 deleteTransferOwnershipBundleLocked(userId); 7464 7465 try { 7466 if (mInjector.getIBackupManager() != null) { 7467 // Reactivate backup service. 7468 mInjector.getIBackupManager().setBackupServiceActive(UserHandle.USER_SYSTEM, true); 7469 } 7470 } catch (RemoteException e) { 7471 throw new IllegalStateException("Failed reactivating backup service.", e); 7472 } 7473 } 7474 7475 @Override 7476 public boolean setProfileOwner(ComponentName who, String ownerName, int userHandle) { 7477 if (!mHasFeature) { 7478 return false; 7479 } 7480 if (who == null 7481 || !isPackageInstalledForUser(who.getPackageName(), userHandle)) { 7482 throw new IllegalArgumentException("Component " + who 7483 + " not installed for userId:" + userHandle); 7484 } 7485 final boolean hasIncompatibleAccountsOrNonAdb = 7486 hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who); 7487 synchronized (this) { 7488 enforceCanSetProfileOwnerLocked(who, userHandle, hasIncompatibleAccountsOrNonAdb); 7489 7490 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 7491 if (admin == null || getUserData(userHandle).mRemovingAdmins.contains(who)) { 7492 throw new IllegalArgumentException("Not active admin: " + who); 7493 } 7494 7495 if (isAdb()) { 7496 // Log profile owner provisioning was started using adb. 7497 MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER); 7498 } 7499 7500 mOwners.setProfileOwner(who, ownerName, userHandle); 7501 mOwners.writeProfileOwner(userHandle); 7502 Slog.i(LOG_TAG, "Profile owner set: " + who + " on user " + userHandle); 7503 7504 final long id = mInjector.binderClearCallingIdentity(); 7505 try { 7506 if (mUserManager.isManagedProfile(userHandle)) { 7507 maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin, 7508 UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); 7509 ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin, 7510 true /* newOwner */); 7511 } 7512 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, 7513 userHandle); 7514 } finally { 7515 mInjector.binderRestoreCallingIdentity(id); 7516 } 7517 mDeviceAdminServiceController.startServiceForOwner( 7518 who.getPackageName(), userHandle, "set-profile-owner"); 7519 return true; 7520 } 7521 } 7522 7523 @Override 7524 public void clearProfileOwner(ComponentName who) { 7525 if (!mHasFeature) { 7526 return; 7527 } 7528 Preconditions.checkNotNull(who, "ComponentName is null"); 7529 7530 final int userId = mInjector.userHandleGetCallingUserId(); 7531 enforceNotManagedProfile(userId, "clear profile owner"); 7532 enforceUserUnlocked(userId); 7533 synchronized (this) { 7534 // Check if this is the profile owner who is calling 7535 final ActiveAdmin admin = 7536 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7537 7538 final long ident = mInjector.binderClearCallingIdentity(); 7539 try { 7540 clearProfileOwnerLocked(admin, userId); 7541 removeActiveAdminLocked(who, userId); 7542 sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, 7543 userId); 7544 } finally { 7545 mInjector.binderRestoreCallingIdentity(ident); 7546 } 7547 Slog.i(LOG_TAG, "Profile owner " + who + " removed from user " + userId); 7548 } 7549 } 7550 7551 public void clearProfileOwnerLocked(ActiveAdmin admin, int userId) { 7552 mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-profile-owner"); 7553 7554 if (admin != null) { 7555 admin.disableCamera = false; 7556 admin.userRestrictions = null; 7557 admin.defaultEnabledRestrictionsAlreadySet.clear(); 7558 } 7559 final DevicePolicyData policyData = getUserData(userId); 7560 policyData.mCurrentInputMethodSet = false; 7561 policyData.mOwnerInstalledCaCerts.clear(); 7562 saveSettingsLocked(userId); 7563 clearUserPoliciesLocked(userId); 7564 mOwners.removeProfileOwner(userId); 7565 mOwners.writeProfileOwner(userId); 7566 deleteTransferOwnershipBundleLocked(userId); 7567 } 7568 7569 @Override 7570 public void setDeviceOwnerLockScreenInfo(ComponentName who, CharSequence info) { 7571 Preconditions.checkNotNull(who, "ComponentName is null"); 7572 if (!mHasFeature) { 7573 return; 7574 } 7575 7576 synchronized (this) { 7577 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 7578 long token = mInjector.binderClearCallingIdentity(); 7579 try { 7580 mLockPatternUtils.setDeviceOwnerInfo(info != null ? info.toString() : null); 7581 } finally { 7582 mInjector.binderRestoreCallingIdentity(token); 7583 } 7584 } 7585 } 7586 7587 @Override 7588 public CharSequence getDeviceOwnerLockScreenInfo() { 7589 return mLockPatternUtils.getDeviceOwnerInfo(); 7590 } 7591 7592 private void clearUserPoliciesLocked(int userId) { 7593 // Reset some of the user-specific policies. 7594 final DevicePolicyData policy = getUserData(userId); 7595 policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT; 7596 // Clear delegations. 7597 policy.mDelegationMap.clear(); 7598 policy.mStatusBarDisabled = false; 7599 policy.mUserProvisioningState = DevicePolicyManager.STATE_USER_UNMANAGED; 7600 policy.mAffiliationIds.clear(); 7601 policy.mLockTaskPackages.clear(); 7602 updateLockTaskPackagesLocked(policy.mLockTaskPackages, userId); 7603 policy.mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE; 7604 saveSettingsLocked(userId); 7605 7606 try { 7607 mIPackageManager.updatePermissionFlagsForAllApps( 7608 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 7609 0 /* flagValues */, userId); 7610 pushUserRestrictions(userId); 7611 } catch (RemoteException re) { 7612 // Shouldn't happen. 7613 } 7614 } 7615 7616 @Override 7617 public boolean hasUserSetupCompleted() { 7618 return hasUserSetupCompleted(UserHandle.getCallingUserId()); 7619 } 7620 7621 // This checks only if the Setup Wizard has run. Since Wear devices pair before 7622 // completing Setup Wizard, and pairing involves transferring user data, calling 7623 // logic may want to check mIsWatch or mPaired in addition to hasUserSetupCompleted(). 7624 private boolean hasUserSetupCompleted(int userHandle) { 7625 if (!mHasFeature) { 7626 return true; 7627 } 7628 return getUserData(userHandle).mUserSetupComplete; 7629 } 7630 7631 private boolean hasPaired(int userHandle) { 7632 if (!mHasFeature) { 7633 return true; 7634 } 7635 return getUserData(userHandle).mPaired; 7636 } 7637 7638 @Override 7639 public int getUserProvisioningState() { 7640 if (!mHasFeature) { 7641 return DevicePolicyManager.STATE_USER_UNMANAGED; 7642 } 7643 int userHandle = mInjector.userHandleGetCallingUserId(); 7644 return getUserProvisioningState(userHandle); 7645 } 7646 7647 private int getUserProvisioningState(int userHandle) { 7648 return getUserData(userHandle).mUserProvisioningState; 7649 } 7650 7651 @Override 7652 public void setUserProvisioningState(int newState, int userHandle) { 7653 if (!mHasFeature) { 7654 return; 7655 } 7656 7657 if (userHandle != mOwners.getDeviceOwnerUserId() && !mOwners.hasProfileOwner(userHandle) 7658 && getManagedUserId(userHandle) == -1) { 7659 // No managed device, user or profile, so setting provisioning state makes no sense. 7660 throw new IllegalStateException("Not allowed to change provisioning state unless a " 7661 + "device or profile owner is set."); 7662 } 7663 7664 synchronized (this) { 7665 boolean transitionCheckNeeded = true; 7666 7667 // Calling identity/permission checks. 7668 if (isAdb()) { 7669 // ADB shell can only move directly from un-managed to finalized as part of directly 7670 // setting profile-owner or device-owner. 7671 if (getUserProvisioningState(userHandle) != 7672 DevicePolicyManager.STATE_USER_UNMANAGED 7673 || newState != DevicePolicyManager.STATE_USER_SETUP_FINALIZED) { 7674 throw new IllegalStateException("Not allowed to change provisioning state " 7675 + "unless current provisioning state is unmanaged, and new state is " 7676 + "finalized."); 7677 } 7678 transitionCheckNeeded = false; 7679 } else { 7680 // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS. 7681 enforceCanManageProfileAndDeviceOwners(); 7682 } 7683 7684 final DevicePolicyData policyData = getUserData(userHandle); 7685 if (transitionCheckNeeded) { 7686 // Optional state transition check for non-ADB case. 7687 checkUserProvisioningStateTransition(policyData.mUserProvisioningState, newState); 7688 } 7689 policyData.mUserProvisioningState = newState; 7690 saveSettingsLocked(userHandle); 7691 } 7692 } 7693 7694 private void checkUserProvisioningStateTransition(int currentState, int newState) { 7695 // Valid transitions for normal use-cases. 7696 switch (currentState) { 7697 case DevicePolicyManager.STATE_USER_UNMANAGED: 7698 // Can move to any state from unmanaged (except itself as an edge case).. 7699 if (newState != DevicePolicyManager.STATE_USER_UNMANAGED) { 7700 return; 7701 } 7702 break; 7703 case DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE: 7704 case DevicePolicyManager.STATE_USER_SETUP_COMPLETE: 7705 // Can only move to finalized from these states. 7706 if (newState == DevicePolicyManager.STATE_USER_SETUP_FINALIZED) { 7707 return; 7708 } 7709 break; 7710 case DevicePolicyManager.STATE_USER_PROFILE_COMPLETE: 7711 // Current user has a managed-profile, but current user is not managed, so 7712 // rather than moving to finalized state, go back to unmanaged once 7713 // profile provisioning is complete. 7714 if (newState == DevicePolicyManager.STATE_USER_UNMANAGED) { 7715 return; 7716 } 7717 break; 7718 case DevicePolicyManager.STATE_USER_SETUP_FINALIZED: 7719 // Cannot transition out of finalized. 7720 break; 7721 } 7722 7723 // Didn't meet any of the accepted state transition checks above, throw appropriate error. 7724 throw new IllegalStateException("Cannot move to user provisioning state [" + newState + "] " 7725 + "from state [" + currentState + "]"); 7726 } 7727 7728 @Override 7729 public void setProfileEnabled(ComponentName who) { 7730 if (!mHasFeature) { 7731 return; 7732 } 7733 Preconditions.checkNotNull(who, "ComponentName is null"); 7734 synchronized (this) { 7735 // Check if this is the profile owner who is calling 7736 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7737 final int userId = UserHandle.getCallingUserId(); 7738 enforceManagedProfile(userId, "enable the profile"); 7739 // Check if the profile is already enabled. 7740 UserInfo managedProfile = getUserInfo(userId); 7741 if (managedProfile.isEnabled()) { 7742 Slog.e(LOG_TAG, 7743 "setProfileEnabled is called when the profile is already enabled"); 7744 return; 7745 } 7746 long id = mInjector.binderClearCallingIdentity(); 7747 try { 7748 mUserManager.setUserEnabled(userId); 7749 UserInfo parent = mUserManager.getProfileParent(userId); 7750 Intent intent = new Intent(Intent.ACTION_MANAGED_PROFILE_ADDED); 7751 intent.putExtra(Intent.EXTRA_USER, new UserHandle(userId)); 7752 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY | 7753 Intent.FLAG_RECEIVER_FOREGROUND); 7754 mContext.sendBroadcastAsUser(intent, new UserHandle(parent.id)); 7755 } finally { 7756 mInjector.binderRestoreCallingIdentity(id); 7757 } 7758 } 7759 } 7760 7761 @Override 7762 public void setProfileName(ComponentName who, String profileName) { 7763 Preconditions.checkNotNull(who, "ComponentName is null"); 7764 int userId = UserHandle.getCallingUserId(); 7765 // Check if this is the profile owner (includes device owner). 7766 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7767 7768 long id = mInjector.binderClearCallingIdentity(); 7769 try { 7770 mUserManager.setUserName(userId, profileName); 7771 } finally { 7772 mInjector.binderRestoreCallingIdentity(id); 7773 } 7774 } 7775 7776 @Override 7777 public ComponentName getProfileOwner(int userHandle) { 7778 if (!mHasFeature) { 7779 return null; 7780 } 7781 7782 synchronized (this) { 7783 return mOwners.getProfileOwnerComponent(userHandle); 7784 } 7785 } 7786 7787 // Returns the active profile owner for this user or null if the current user has no 7788 // profile owner. 7789 @VisibleForTesting 7790 ActiveAdmin getProfileOwnerAdminLocked(int userHandle) { 7791 ComponentName profileOwner = mOwners.getProfileOwnerComponent(userHandle); 7792 if (profileOwner == null) { 7793 return null; 7794 } 7795 DevicePolicyData policy = getUserData(userHandle); 7796 final int n = policy.mAdminList.size(); 7797 for (int i = 0; i < n; i++) { 7798 ActiveAdmin admin = policy.mAdminList.get(i); 7799 if (profileOwner.equals(admin.info.getComponent())) { 7800 return admin; 7801 } 7802 } 7803 return null; 7804 } 7805 7806 @Override 7807 public String getProfileOwnerName(int userHandle) { 7808 if (!mHasFeature) { 7809 return null; 7810 } 7811 enforceManageUsers(); 7812 ComponentName profileOwner = getProfileOwner(userHandle); 7813 if (profileOwner == null) { 7814 return null; 7815 } 7816 return getApplicationLabel(profileOwner.getPackageName(), userHandle); 7817 } 7818 7819 /** 7820 * Canonical name for a given package. 7821 */ 7822 private String getApplicationLabel(String packageName, int userHandle) { 7823 long token = mInjector.binderClearCallingIdentity(); 7824 try { 7825 final Context userContext; 7826 try { 7827 UserHandle handle = new UserHandle(userHandle); 7828 userContext = mContext.createPackageContextAsUser(packageName, 0, handle); 7829 } catch (PackageManager.NameNotFoundException nnfe) { 7830 Log.w(LOG_TAG, packageName + " is not installed for user " + userHandle, nnfe); 7831 return null; 7832 } 7833 ApplicationInfo appInfo = userContext.getApplicationInfo(); 7834 CharSequence result = null; 7835 if (appInfo != null) { 7836 PackageManager pm = userContext.getPackageManager(); 7837 result = pm.getApplicationLabel(appInfo); 7838 } 7839 return result != null ? result.toString() : null; 7840 } finally { 7841 mInjector.binderRestoreCallingIdentity(token); 7842 } 7843 } 7844 7845 /** 7846 * Calls wtfStack() if called with the DPMS lock held. 7847 */ 7848 private void wtfIfInLock() { 7849 if (Thread.holdsLock(this)) { 7850 Slog.wtfStack(LOG_TAG, "Shouldn't be called with DPMS lock held"); 7851 } 7852 } 7853 7854 /** 7855 * The profile owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS 7856 * permission. 7857 * The profile owner can only be set before the user setup phase has completed, 7858 * except for: 7859 * - SYSTEM_UID 7860 * - adb unless hasIncompatibleAccountsOrNonAdb is true. 7861 */ 7862 private void enforceCanSetProfileOwnerLocked(@Nullable ComponentName owner, int userHandle, 7863 boolean hasIncompatibleAccountsOrNonAdb) { 7864 UserInfo info = getUserInfo(userHandle); 7865 if (info == null) { 7866 // User doesn't exist. 7867 throw new IllegalArgumentException( 7868 "Attempted to set profile owner for invalid userId: " + userHandle); 7869 } 7870 if (info.isGuest()) { 7871 throw new IllegalStateException("Cannot set a profile owner on a guest"); 7872 } 7873 if (mOwners.hasProfileOwner(userHandle)) { 7874 throw new IllegalStateException("Trying to set the profile owner, but profile owner " 7875 + "is already set."); 7876 } 7877 if (mOwners.hasDeviceOwner() && mOwners.getDeviceOwnerUserId() == userHandle) { 7878 throw new IllegalStateException("Trying to set the profile owner, but the user " 7879 + "already has a device owner."); 7880 } 7881 if (isAdb()) { 7882 if ((mIsWatch || hasUserSetupCompleted(userHandle)) 7883 && hasIncompatibleAccountsOrNonAdb) { 7884 throw new IllegalStateException("Not allowed to set the profile owner because " 7885 + "there are already some accounts on the profile"); 7886 } 7887 return; 7888 } 7889 enforceCanManageProfileAndDeviceOwners(); 7890 if ((mIsWatch || hasUserSetupCompleted(userHandle)) && !isCallerWithSystemUid()) { 7891 throw new IllegalStateException("Cannot set the profile owner on a user which is " 7892 + "already set-up"); 7893 } 7894 } 7895 7896 /** 7897 * The Device owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS 7898 * permission. 7899 */ 7900 private void enforceCanSetDeviceOwnerLocked(@Nullable ComponentName owner, int userId, 7901 boolean hasIncompatibleAccountsOrNonAdb) { 7902 if (!isAdb()) { 7903 enforceCanManageProfileAndDeviceOwners(); 7904 } 7905 7906 final int code = checkDeviceOwnerProvisioningPreConditionLocked( 7907 owner, userId, isAdb(), hasIncompatibleAccountsOrNonAdb); 7908 switch (code) { 7909 case CODE_OK: 7910 return; 7911 case CODE_HAS_DEVICE_OWNER: 7912 throw new IllegalStateException( 7913 "Trying to set the device owner, but device owner is already set."); 7914 case CODE_USER_HAS_PROFILE_OWNER: 7915 throw new IllegalStateException("Trying to set the device owner, but the user " 7916 + "already has a profile owner."); 7917 case CODE_USER_NOT_RUNNING: 7918 throw new IllegalStateException("User not running: " + userId); 7919 case CODE_NOT_SYSTEM_USER: 7920 throw new IllegalStateException("User is not system user"); 7921 case CODE_USER_SETUP_COMPLETED: 7922 throw new IllegalStateException( 7923 "Cannot set the device owner if the device is already set-up"); 7924 case CODE_NONSYSTEM_USER_EXISTS: 7925 throw new IllegalStateException("Not allowed to set the device owner because there " 7926 + "are already several users on the device"); 7927 case CODE_ACCOUNTS_NOT_EMPTY: 7928 throw new IllegalStateException("Not allowed to set the device owner because there " 7929 + "are already some accounts on the device"); 7930 case CODE_HAS_PAIRED: 7931 throw new IllegalStateException("Not allowed to set the device owner because this " 7932 + "device has already paired"); 7933 default: 7934 throw new IllegalStateException("Unexpected @ProvisioningPreCondition " + code); 7935 } 7936 } 7937 7938 private void enforceUserUnlocked(int userId) { 7939 // Since we're doing this operation on behalf of an app, we only 7940 // want to use the actual "unlocked" state. 7941 Preconditions.checkState(mUserManager.isUserUnlocked(userId), 7942 "User must be running and unlocked"); 7943 } 7944 7945 private void enforceUserUnlocked(@UserIdInt int userId, boolean parent) { 7946 if (parent) { 7947 enforceUserUnlocked(getProfileParentId(userId)); 7948 } else { 7949 enforceUserUnlocked(userId); 7950 } 7951 } 7952 7953 private void enforceManageUsers() { 7954 final int callingUid = mInjector.binderGetCallingUid(); 7955 if (!(isCallerWithSystemUid() || callingUid == Process.ROOT_UID)) { 7956 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); 7957 } 7958 } 7959 7960 private void enforceFullCrossUsersPermission(int userHandle) { 7961 enforceSystemUserOrPermissionIfCrossUser(userHandle, 7962 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL); 7963 } 7964 7965 private void enforceCrossUsersPermission(int userHandle) { 7966 enforceSystemUserOrPermissionIfCrossUser(userHandle, 7967 android.Manifest.permission.INTERACT_ACROSS_USERS); 7968 } 7969 7970 private void enforceSystemUserOrPermission(String permission) { 7971 if (!(isCallerWithSystemUid() || mInjector.binderGetCallingUid() == Process.ROOT_UID)) { 7972 mContext.enforceCallingOrSelfPermission(permission, 7973 "Must be system or have " + permission + " permission"); 7974 } 7975 } 7976 7977 private void enforceSystemUserOrPermissionIfCrossUser(int userHandle, String permission) { 7978 if (userHandle < 0) { 7979 throw new IllegalArgumentException("Invalid userId " + userHandle); 7980 } 7981 if (userHandle == mInjector.userHandleGetCallingUserId()) { 7982 return; 7983 } 7984 enforceSystemUserOrPermission(permission); 7985 } 7986 7987 private void enforceManagedProfile(int userHandle, String message) { 7988 if(!isManagedProfile(userHandle)) { 7989 throw new SecurityException("You can not " + message + " outside a managed profile."); 7990 } 7991 } 7992 7993 private void enforceNotManagedProfile(int userHandle, String message) { 7994 if(isManagedProfile(userHandle)) { 7995 throw new SecurityException("You can not " + message + " for a managed profile."); 7996 } 7997 } 7998 7999 private void enforceDeviceOwnerOrManageUsers() { 8000 synchronized (this) { 8001 if (getActiveAdminWithPolicyForUidLocked(null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 8002 mInjector.binderGetCallingUid()) != null) { 8003 return; 8004 } 8005 } 8006 enforceManageUsers(); 8007 } 8008 8009 private void enforceProfileOwnerOrSystemUser() { 8010 synchronized (this) { 8011 if (getActiveAdminWithPolicyForUidLocked(null, 8012 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid()) 8013 != null) { 8014 return; 8015 } 8016 } 8017 Preconditions.checkState(isCallerWithSystemUid(), 8018 "Only profile owner, device owner and system may call this method."); 8019 } 8020 8021 private void enforceProfileOwnerOrFullCrossUsersPermission(int userId) { 8022 if (userId == mInjector.userHandleGetCallingUserId()) { 8023 synchronized (this) { 8024 if (getActiveAdminWithPolicyForUidLocked(null, 8025 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid()) 8026 != null) { 8027 // Device Owner/Profile Owner may access the user it runs on. 8028 return; 8029 } 8030 } 8031 } 8032 // Otherwise, INTERACT_ACROSS_USERS_FULL permission, system UID or root UID is required. 8033 enforceSystemUserOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL); 8034 } 8035 8036 private boolean canUserUseLockTaskLocked(int userId) { 8037 if (isUserAffiliatedWithDeviceLocked(userId)) { 8038 return true; 8039 } 8040 8041 // Unaffiliated profile owners are not allowed to use lock when there is a device owner. 8042 if (mOwners.hasDeviceOwner()) { 8043 return false; 8044 } 8045 8046 final ComponentName profileOwner = getProfileOwner(userId); 8047 if (profileOwner == null) { 8048 return false; 8049 } 8050 8051 // Managed profiles are not allowed to use lock task 8052 if (isManagedProfile(userId)) { 8053 return false; 8054 } 8055 8056 return true; 8057 } 8058 8059 private void enforceCanCallLockTaskLocked(ComponentName who) { 8060 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8061 final int userId = mInjector.userHandleGetCallingUserId(); 8062 if (!canUserUseLockTaskLocked(userId)) { 8063 throw new SecurityException("User " + userId + " is not allowed to use lock task"); 8064 } 8065 } 8066 8067 private void ensureCallerPackage(@Nullable String packageName) { 8068 if (packageName == null) { 8069 Preconditions.checkState(isCallerWithSystemUid(), 8070 "Only caller can omit package name"); 8071 } else { 8072 final int callingUid = mInjector.binderGetCallingUid(); 8073 final int userId = mInjector.userHandleGetCallingUserId(); 8074 try { 8075 final ApplicationInfo ai = mIPackageManager.getApplicationInfo( 8076 packageName, 0, userId); 8077 Preconditions.checkState(ai.uid == callingUid, "Unmatching package name"); 8078 } catch (RemoteException e) { 8079 // Shouldn't happen 8080 } 8081 } 8082 } 8083 8084 private boolean isCallerWithSystemUid() { 8085 return UserHandle.isSameApp(mInjector.binderGetCallingUid(), Process.SYSTEM_UID); 8086 } 8087 8088 protected int getProfileParentId(int userHandle) { 8089 final long ident = mInjector.binderClearCallingIdentity(); 8090 try { 8091 UserInfo parentUser = mUserManager.getProfileParent(userHandle); 8092 return parentUser != null ? parentUser.id : userHandle; 8093 } finally { 8094 mInjector.binderRestoreCallingIdentity(ident); 8095 } 8096 } 8097 8098 private int getCredentialOwner(int userHandle, boolean parent) { 8099 final long ident = mInjector.binderClearCallingIdentity(); 8100 try { 8101 if (parent) { 8102 UserInfo parentProfile = mUserManager.getProfileParent(userHandle); 8103 if (parentProfile != null) { 8104 userHandle = parentProfile.id; 8105 } 8106 } 8107 return mUserManager.getCredentialOwnerProfile(userHandle); 8108 } finally { 8109 mInjector.binderRestoreCallingIdentity(ident); 8110 } 8111 } 8112 8113 private boolean isManagedProfile(int userHandle) { 8114 final UserInfo user = getUserInfo(userHandle); 8115 return user != null && user.isManagedProfile(); 8116 } 8117 8118 private void enableIfNecessary(String packageName, int userId) { 8119 try { 8120 final ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName, 8121 PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, userId); 8122 if (ai.enabledSetting 8123 == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) { 8124 mIPackageManager.setApplicationEnabledSetting(packageName, 8125 PackageManager.COMPONENT_ENABLED_STATE_DEFAULT, 8126 PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager"); 8127 } 8128 } catch (RemoteException e) { 8129 } 8130 } 8131 8132 @Override 8133 protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { 8134 if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; 8135 8136 synchronized (this) { 8137 pw.println("Current Device Policy Manager state:"); 8138 8139 mOwners.dump(" ", pw); 8140 mDeviceAdminServiceController.dump(" ", pw); 8141 int userCount = mUserData.size(); 8142 for (int u = 0; u < userCount; u++) { 8143 DevicePolicyData policy = getUserData(mUserData.keyAt(u)); 8144 pw.println(); 8145 pw.println(" Enabled Device Admins (User " + policy.mUserHandle 8146 + ", provisioningState: " + policy.mUserProvisioningState + "):"); 8147 final int N = policy.mAdminList.size(); 8148 for (int i=0; i<N; i++) { 8149 ActiveAdmin ap = policy.mAdminList.get(i); 8150 if (ap != null) { 8151 pw.print(" "); pw.print(ap.info.getComponent().flattenToShortString()); 8152 pw.println(":"); 8153 ap.dump(" ", pw); 8154 } 8155 } 8156 if (!policy.mRemovingAdmins.isEmpty()) { 8157 pw.println(" Removing Device Admins (User " + policy.mUserHandle + "): " 8158 + policy.mRemovingAdmins); 8159 } 8160 8161 pw.println(" "); 8162 pw.print(" mPasswordOwner="); pw.println(policy.mPasswordOwner); 8163 } 8164 pw.println(); 8165 mConstants.dump(" ", pw); 8166 pw.println(); 8167 pw.println(" Encryption Status: " + getEncryptionStatusName(getEncryptionStatus())); 8168 } 8169 } 8170 8171 private String getEncryptionStatusName(int encryptionStatus) { 8172 switch (encryptionStatus) { 8173 case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE: 8174 return "inactive"; 8175 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY: 8176 return "block default key"; 8177 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE: 8178 return "block"; 8179 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER: 8180 return "per-user"; 8181 case DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED: 8182 return "unsupported"; 8183 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING: 8184 return "activating"; 8185 default: 8186 return "unknown"; 8187 } 8188 } 8189 8190 @Override 8191 public void addPersistentPreferredActivity(ComponentName who, IntentFilter filter, 8192 ComponentName activity) { 8193 Preconditions.checkNotNull(who, "ComponentName is null"); 8194 final int userHandle = UserHandle.getCallingUserId(); 8195 synchronized (this) { 8196 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8197 8198 long id = mInjector.binderClearCallingIdentity(); 8199 try { 8200 mIPackageManager.addPersistentPreferredActivity(filter, activity, userHandle); 8201 mIPackageManager.flushPackageRestrictionsAsUser(userHandle); 8202 } catch (RemoteException re) { 8203 // Shouldn't happen 8204 } finally { 8205 mInjector.binderRestoreCallingIdentity(id); 8206 } 8207 } 8208 } 8209 8210 @Override 8211 public void clearPackagePersistentPreferredActivities(ComponentName who, String packageName) { 8212 Preconditions.checkNotNull(who, "ComponentName is null"); 8213 final int userHandle = UserHandle.getCallingUserId(); 8214 synchronized (this) { 8215 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8216 8217 long id = mInjector.binderClearCallingIdentity(); 8218 try { 8219 mIPackageManager.clearPackagePersistentPreferredActivities(packageName, userHandle); 8220 mIPackageManager.flushPackageRestrictionsAsUser(userHandle); 8221 } catch (RemoteException re) { 8222 // Shouldn't happen 8223 } finally { 8224 mInjector.binderRestoreCallingIdentity(id); 8225 } 8226 } 8227 } 8228 8229 @Override 8230 public void setDefaultSmsApplication(ComponentName admin, String packageName) { 8231 Preconditions.checkNotNull(admin, "ComponentName is null"); 8232 synchronized (this) { 8233 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8234 } 8235 mInjector.binderWithCleanCallingIdentity(() -> 8236 SmsApplication.setDefaultApplication(packageName, mContext)); 8237 } 8238 8239 @Override 8240 public boolean setApplicationRestrictionsManagingPackage(ComponentName admin, 8241 String packageName) { 8242 try { 8243 setDelegatedScopePreO(admin, packageName, DELEGATION_APP_RESTRICTIONS); 8244 } catch (IllegalArgumentException e) { 8245 return false; 8246 } 8247 return true; 8248 } 8249 8250 @Override 8251 public String getApplicationRestrictionsManagingPackage(ComponentName admin) { 8252 final List<String> delegatePackages = getDelegatePackages(admin, 8253 DELEGATION_APP_RESTRICTIONS); 8254 return delegatePackages.size() > 0 ? delegatePackages.get(0) : null; 8255 } 8256 8257 @Override 8258 public boolean isCallerApplicationRestrictionsManagingPackage(String callerPackage) { 8259 return isCallerDelegate(callerPackage, DELEGATION_APP_RESTRICTIONS); 8260 } 8261 8262 @Override 8263 public void setApplicationRestrictions(ComponentName who, String callerPackage, 8264 String packageName, Bundle settings) { 8265 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8266 DELEGATION_APP_RESTRICTIONS); 8267 8268 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 8269 final long id = mInjector.binderClearCallingIdentity(); 8270 try { 8271 mUserManager.setApplicationRestrictions(packageName, settings, userHandle); 8272 } finally { 8273 mInjector.binderRestoreCallingIdentity(id); 8274 } 8275 } 8276 8277 @Override 8278 public void setTrustAgentConfiguration(ComponentName admin, ComponentName agent, 8279 PersistableBundle args, boolean parent) { 8280 if (!mHasFeature) { 8281 return; 8282 } 8283 Preconditions.checkNotNull(admin, "admin is null"); 8284 Preconditions.checkNotNull(agent, "agent is null"); 8285 final int userHandle = UserHandle.getCallingUserId(); 8286 synchronized (this) { 8287 ActiveAdmin ap = getActiveAdminForCallerLocked(admin, 8288 DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent); 8289 ap.trustAgentInfos.put(agent.flattenToString(), new TrustAgentInfo(args)); 8290 saveSettingsLocked(userHandle); 8291 } 8292 } 8293 8294 @Override 8295 public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, 8296 ComponentName agent, int userHandle, boolean parent) { 8297 if (!mHasFeature) { 8298 return null; 8299 } 8300 Preconditions.checkNotNull(agent, "agent null"); 8301 enforceFullCrossUsersPermission(userHandle); 8302 8303 synchronized (this) { 8304 final String componentName = agent.flattenToString(); 8305 if (admin != null) { 8306 final ActiveAdmin ap = getActiveAdminUncheckedLocked(admin, userHandle, parent); 8307 if (ap == null) return null; 8308 TrustAgentInfo trustAgentInfo = ap.trustAgentInfos.get(componentName); 8309 if (trustAgentInfo == null || trustAgentInfo.options == null) return null; 8310 List<PersistableBundle> result = new ArrayList<>(); 8311 result.add(trustAgentInfo.options); 8312 return result; 8313 } 8314 8315 // Return strictest policy for this user and profiles that are visible from this user. 8316 List<PersistableBundle> result = null; 8317 // Search through all admins that use KEYGUARD_DISABLE_TRUST_AGENTS and keep track 8318 // of the options. If any admin doesn't have options, discard options for the rest 8319 // and return null. 8320 List<ActiveAdmin> admins = 8321 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 8322 boolean allAdminsHaveOptions = true; 8323 final int N = admins.size(); 8324 for (int i = 0; i < N; i++) { 8325 final ActiveAdmin active = admins.get(i); 8326 8327 final boolean disablesTrust = (active.disabledKeyguardFeatures 8328 & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; 8329 final TrustAgentInfo info = active.trustAgentInfos.get(componentName); 8330 if (info != null && info.options != null && !info.options.isEmpty()) { 8331 if (disablesTrust) { 8332 if (result == null) { 8333 result = new ArrayList<>(); 8334 } 8335 result.add(info.options); 8336 } else { 8337 Log.w(LOG_TAG, "Ignoring admin " + active.info 8338 + " because it has trust options but doesn't declare " 8339 + "KEYGUARD_DISABLE_TRUST_AGENTS"); 8340 } 8341 } else if (disablesTrust) { 8342 allAdminsHaveOptions = false; 8343 break; 8344 } 8345 } 8346 return allAdminsHaveOptions ? result : null; 8347 } 8348 } 8349 8350 @Override 8351 public void setRestrictionsProvider(ComponentName who, ComponentName permissionProvider) { 8352 Preconditions.checkNotNull(who, "ComponentName is null"); 8353 synchronized (this) { 8354 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8355 8356 int userHandle = UserHandle.getCallingUserId(); 8357 DevicePolicyData userData = getUserData(userHandle); 8358 userData.mRestrictionsProvider = permissionProvider; 8359 saveSettingsLocked(userHandle); 8360 } 8361 } 8362 8363 @Override 8364 public ComponentName getRestrictionsProvider(int userHandle) { 8365 synchronized (this) { 8366 if (!isCallerWithSystemUid()) { 8367 throw new SecurityException("Only the system can query the permission provider"); 8368 } 8369 DevicePolicyData userData = getUserData(userHandle); 8370 return userData != null ? userData.mRestrictionsProvider : null; 8371 } 8372 } 8373 8374 @Override 8375 public void addCrossProfileIntentFilter(ComponentName who, IntentFilter filter, int flags) { 8376 Preconditions.checkNotNull(who, "ComponentName is null"); 8377 int callingUserId = UserHandle.getCallingUserId(); 8378 synchronized (this) { 8379 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8380 8381 long id = mInjector.binderClearCallingIdentity(); 8382 try { 8383 UserInfo parent = mUserManager.getProfileParent(callingUserId); 8384 if (parent == null) { 8385 Slog.e(LOG_TAG, "Cannot call addCrossProfileIntentFilter if there is no " 8386 + "parent"); 8387 return; 8388 } 8389 if ((flags & DevicePolicyManager.FLAG_PARENT_CAN_ACCESS_MANAGED) != 0) { 8390 mIPackageManager.addCrossProfileIntentFilter( 8391 filter, who.getPackageName(), callingUserId, parent.id, 0); 8392 } 8393 if ((flags & DevicePolicyManager.FLAG_MANAGED_CAN_ACCESS_PARENT) != 0) { 8394 mIPackageManager.addCrossProfileIntentFilter(filter, who.getPackageName(), 8395 parent.id, callingUserId, 0); 8396 } 8397 } catch (RemoteException re) { 8398 // Shouldn't happen 8399 } finally { 8400 mInjector.binderRestoreCallingIdentity(id); 8401 } 8402 } 8403 } 8404 8405 @Override 8406 public void clearCrossProfileIntentFilters(ComponentName who) { 8407 Preconditions.checkNotNull(who, "ComponentName is null"); 8408 int callingUserId = UserHandle.getCallingUserId(); 8409 synchronized (this) { 8410 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8411 long id = mInjector.binderClearCallingIdentity(); 8412 try { 8413 UserInfo parent = mUserManager.getProfileParent(callingUserId); 8414 if (parent == null) { 8415 Slog.e(LOG_TAG, "Cannot call clearCrossProfileIntentFilter if there is no " 8416 + "parent"); 8417 return; 8418 } 8419 // Removing those that go from the managed profile to the parent. 8420 mIPackageManager.clearCrossProfileIntentFilters( 8421 callingUserId, who.getPackageName()); 8422 // And those that go from the parent to the managed profile. 8423 // If we want to support multiple managed profiles, we will have to only remove 8424 // those that have callingUserId as their target. 8425 mIPackageManager.clearCrossProfileIntentFilters(parent.id, who.getPackageName()); 8426 } catch (RemoteException re) { 8427 // Shouldn't happen 8428 } finally { 8429 mInjector.binderRestoreCallingIdentity(id); 8430 } 8431 } 8432 } 8433 8434 /** 8435 * @return true if all packages in enabledPackages are either in the list 8436 * permittedList or are a system app. 8437 */ 8438 private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages, 8439 List<String> permittedList, int userIdToCheck) { 8440 long id = mInjector.binderClearCallingIdentity(); 8441 try { 8442 // If we have an enabled packages list for a managed profile the packages 8443 // we should check are installed for the parent user. 8444 UserInfo user = getUserInfo(userIdToCheck); 8445 if (user.isManagedProfile()) { 8446 userIdToCheck = user.profileGroupId; 8447 } 8448 8449 for (String enabledPackage : enabledPackages) { 8450 boolean systemService = false; 8451 try { 8452 ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo( 8453 enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES, 8454 userIdToCheck); 8455 systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 8456 } catch (RemoteException e) { 8457 Log.i(LOG_TAG, "Can't talk to package managed", e); 8458 } 8459 if (!systemService && !permittedList.contains(enabledPackage)) { 8460 return false; 8461 } 8462 } 8463 } finally { 8464 mInjector.binderRestoreCallingIdentity(id); 8465 } 8466 return true; 8467 } 8468 8469 private AccessibilityManager getAccessibilityManagerForUser(int userId) { 8470 // Not using AccessibilityManager.getInstance because that guesses 8471 // at the user you require based on callingUid and caches for a given 8472 // process. 8473 IBinder iBinder = ServiceManager.getService(Context.ACCESSIBILITY_SERVICE); 8474 IAccessibilityManager service = iBinder == null 8475 ? null : IAccessibilityManager.Stub.asInterface(iBinder); 8476 return new AccessibilityManager(mContext, service, userId); 8477 } 8478 8479 @Override 8480 public boolean setPermittedAccessibilityServices(ComponentName who, List packageList) { 8481 if (!mHasFeature) { 8482 return false; 8483 } 8484 Preconditions.checkNotNull(who, "ComponentName is null"); 8485 8486 if (packageList != null) { 8487 int userId = UserHandle.getCallingUserId(); 8488 List<AccessibilityServiceInfo> enabledServices = null; 8489 long id = mInjector.binderClearCallingIdentity(); 8490 try { 8491 UserInfo user = getUserInfo(userId); 8492 if (user.isManagedProfile()) { 8493 userId = user.profileGroupId; 8494 } 8495 AccessibilityManager accessibilityManager = getAccessibilityManagerForUser(userId); 8496 enabledServices = accessibilityManager.getEnabledAccessibilityServiceList( 8497 AccessibilityServiceInfo.FEEDBACK_ALL_MASK); 8498 } finally { 8499 mInjector.binderRestoreCallingIdentity(id); 8500 } 8501 8502 if (enabledServices != null) { 8503 List<String> enabledPackages = new ArrayList<String>(); 8504 for (AccessibilityServiceInfo service : enabledServices) { 8505 enabledPackages.add(service.getResolveInfo().serviceInfo.packageName); 8506 } 8507 if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList, 8508 userId)) { 8509 Slog.e(LOG_TAG, "Cannot set permitted accessibility services, " 8510 + "because it contains already enabled accesibility services."); 8511 return false; 8512 } 8513 } 8514 } 8515 8516 synchronized (this) { 8517 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8518 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8519 admin.permittedAccessiblityServices = packageList; 8520 saveSettingsLocked(UserHandle.getCallingUserId()); 8521 } 8522 return true; 8523 } 8524 8525 @Override 8526 public List getPermittedAccessibilityServices(ComponentName who) { 8527 if (!mHasFeature) { 8528 return null; 8529 } 8530 Preconditions.checkNotNull(who, "ComponentName is null"); 8531 8532 synchronized (this) { 8533 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8534 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8535 return admin.permittedAccessiblityServices; 8536 } 8537 } 8538 8539 @Override 8540 public List getPermittedAccessibilityServicesForUser(int userId) { 8541 if (!mHasFeature) { 8542 return null; 8543 } 8544 synchronized (this) { 8545 List<String> result = null; 8546 // If we have multiple profiles we return the intersection of the 8547 // permitted lists. This can happen in cases where we have a device 8548 // and profile owner. 8549 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId); 8550 for (int profileId : profileIds) { 8551 // Just loop though all admins, only device or profiles 8552 // owners can have permitted lists set. 8553 DevicePolicyData policy = getUserDataUnchecked(profileId); 8554 final int N = policy.mAdminList.size(); 8555 for (int j = 0; j < N; j++) { 8556 ActiveAdmin admin = policy.mAdminList.get(j); 8557 List<String> fromAdmin = admin.permittedAccessiblityServices; 8558 if (fromAdmin != null) { 8559 if (result == null) { 8560 result = new ArrayList<>(fromAdmin); 8561 } else { 8562 result.retainAll(fromAdmin); 8563 } 8564 } 8565 } 8566 } 8567 8568 // If we have a permitted list add all system accessibility services. 8569 if (result != null) { 8570 long id = mInjector.binderClearCallingIdentity(); 8571 try { 8572 UserInfo user = getUserInfo(userId); 8573 if (user.isManagedProfile()) { 8574 userId = user.profileGroupId; 8575 } 8576 AccessibilityManager accessibilityManager = 8577 getAccessibilityManagerForUser(userId); 8578 List<AccessibilityServiceInfo> installedServices = 8579 accessibilityManager.getInstalledAccessibilityServiceList(); 8580 8581 if (installedServices != null) { 8582 for (AccessibilityServiceInfo service : installedServices) { 8583 ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo; 8584 ApplicationInfo applicationInfo = serviceInfo.applicationInfo; 8585 if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 8586 result.add(serviceInfo.packageName); 8587 } 8588 } 8589 } 8590 } finally { 8591 mInjector.binderRestoreCallingIdentity(id); 8592 } 8593 } 8594 8595 return result; 8596 } 8597 } 8598 8599 @Override 8600 public boolean isAccessibilityServicePermittedByAdmin(ComponentName who, String packageName, 8601 int userHandle) { 8602 if (!mHasFeature) { 8603 return true; 8604 } 8605 Preconditions.checkNotNull(who, "ComponentName is null"); 8606 Preconditions.checkStringNotEmpty(packageName, "packageName is null"); 8607 if (!isCallerWithSystemUid()){ 8608 throw new SecurityException( 8609 "Only the system can query if an accessibility service is disabled by admin"); 8610 } 8611 synchronized (this) { 8612 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 8613 if (admin == null) { 8614 return false; 8615 } 8616 if (admin.permittedAccessiblityServices == null) { 8617 return true; 8618 } 8619 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8620 admin.permittedAccessiblityServices, userHandle); 8621 } 8622 } 8623 8624 private boolean checkCallerIsCurrentUserOrProfile() { 8625 final int callingUserId = UserHandle.getCallingUserId(); 8626 final long token = mInjector.binderClearCallingIdentity(); 8627 try { 8628 UserInfo currentUser; 8629 UserInfo callingUser = getUserInfo(callingUserId); 8630 try { 8631 currentUser = mInjector.getIActivityManager().getCurrentUser(); 8632 } catch (RemoteException e) { 8633 Slog.e(LOG_TAG, "Failed to talk to activity managed.", e); 8634 return false; 8635 } 8636 8637 if (callingUser.isManagedProfile() && callingUser.profileGroupId != currentUser.id) { 8638 Slog.e(LOG_TAG, "Cannot set permitted input methods for managed profile " 8639 + "of a user that isn't the foreground user."); 8640 return false; 8641 } 8642 if (!callingUser.isManagedProfile() && callingUserId != currentUser.id ) { 8643 Slog.e(LOG_TAG, "Cannot set permitted input methods " 8644 + "of a user that isn't the foreground user."); 8645 return false; 8646 } 8647 } finally { 8648 mInjector.binderRestoreCallingIdentity(token); 8649 } 8650 return true; 8651 } 8652 8653 @Override 8654 public boolean setPermittedInputMethods(ComponentName who, List packageList) { 8655 if (!mHasFeature) { 8656 return false; 8657 } 8658 Preconditions.checkNotNull(who, "ComponentName is null"); 8659 8660 // TODO When InputMethodManager supports per user calls remove 8661 // this restriction. 8662 if (!checkCallerIsCurrentUserOrProfile()) { 8663 return false; 8664 } 8665 8666 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8667 if (packageList != null) { 8668 // InputMethodManager fetches input methods for current user. 8669 // So this can only be set when calling user is the current user 8670 // or parent is current user in case of managed profiles. 8671 InputMethodManager inputMethodManager = 8672 mContext.getSystemService(InputMethodManager.class); 8673 List<InputMethodInfo> enabledImes = inputMethodManager.getEnabledInputMethodList(); 8674 8675 if (enabledImes != null) { 8676 List<String> enabledPackages = new ArrayList<String>(); 8677 for (InputMethodInfo ime : enabledImes) { 8678 enabledPackages.add(ime.getPackageName()); 8679 } 8680 if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList, 8681 callingUserId)) { 8682 Slog.e(LOG_TAG, "Cannot set permitted input methods, " 8683 + "because it contains already enabled input method."); 8684 return false; 8685 } 8686 } 8687 } 8688 8689 synchronized (this) { 8690 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8691 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8692 admin.permittedInputMethods = packageList; 8693 saveSettingsLocked(callingUserId); 8694 } 8695 return true; 8696 } 8697 8698 @Override 8699 public List getPermittedInputMethods(ComponentName who) { 8700 if (!mHasFeature) { 8701 return null; 8702 } 8703 Preconditions.checkNotNull(who, "ComponentName is null"); 8704 8705 synchronized (this) { 8706 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8707 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8708 return admin.permittedInputMethods; 8709 } 8710 } 8711 8712 @Override 8713 public List getPermittedInputMethodsForCurrentUser() { 8714 UserInfo currentUser; 8715 try { 8716 currentUser = mInjector.getIActivityManager().getCurrentUser(); 8717 } catch (RemoteException e) { 8718 Slog.e(LOG_TAG, "Failed to make remote calls to get current user", e); 8719 // Activity managed is dead, just allow all IMEs 8720 return null; 8721 } 8722 8723 int userId = currentUser.id; 8724 synchronized (this) { 8725 List<String> result = null; 8726 // If we have multiple profiles we return the intersection of the 8727 // permitted lists. This can happen in cases where we have a device 8728 // and profile owner. 8729 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId); 8730 for (int profileId : profileIds) { 8731 // Just loop though all admins, only device or profiles 8732 // owners can have permitted lists set. 8733 DevicePolicyData policy = getUserDataUnchecked(profileId); 8734 final int N = policy.mAdminList.size(); 8735 for (int j = 0; j < N; j++) { 8736 ActiveAdmin admin = policy.mAdminList.get(j); 8737 List<String> fromAdmin = admin.permittedInputMethods; 8738 if (fromAdmin != null) { 8739 if (result == null) { 8740 result = new ArrayList<String>(fromAdmin); 8741 } else { 8742 result.retainAll(fromAdmin); 8743 } 8744 } 8745 } 8746 } 8747 8748 // If we have a permitted list add all system input methods. 8749 if (result != null) { 8750 InputMethodManager inputMethodManager = 8751 mContext.getSystemService(InputMethodManager.class); 8752 List<InputMethodInfo> imes = inputMethodManager.getInputMethodList(); 8753 long id = mInjector.binderClearCallingIdentity(); 8754 try { 8755 if (imes != null) { 8756 for (InputMethodInfo ime : imes) { 8757 ServiceInfo serviceInfo = ime.getServiceInfo(); 8758 ApplicationInfo applicationInfo = serviceInfo.applicationInfo; 8759 if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 8760 result.add(serviceInfo.packageName); 8761 } 8762 } 8763 } 8764 } finally { 8765 mInjector.binderRestoreCallingIdentity(id); 8766 } 8767 } 8768 return result; 8769 } 8770 } 8771 8772 @Override 8773 public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName, 8774 int userHandle) { 8775 if (!mHasFeature) { 8776 return true; 8777 } 8778 Preconditions.checkNotNull(who, "ComponentName is null"); 8779 Preconditions.checkStringNotEmpty(packageName, "packageName is null"); 8780 if (!isCallerWithSystemUid()) { 8781 throw new SecurityException( 8782 "Only the system can query if an input method is disabled by admin"); 8783 } 8784 synchronized (this) { 8785 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 8786 if (admin == null) { 8787 return false; 8788 } 8789 if (admin.permittedInputMethods == null) { 8790 return true; 8791 } 8792 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8793 admin.permittedInputMethods, userHandle); 8794 } 8795 } 8796 8797 @Override 8798 public boolean setPermittedCrossProfileNotificationListeners( 8799 ComponentName who, List<String> packageList) { 8800 if (!mHasFeature) { 8801 return false; 8802 } 8803 Preconditions.checkNotNull(who, "ComponentName is null"); 8804 8805 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8806 if (!isManagedProfile(callingUserId)) { 8807 return false; 8808 } 8809 8810 synchronized (this) { 8811 ActiveAdmin admin = getActiveAdminForCallerLocked( 8812 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8813 admin.permittedNotificationListeners = packageList; 8814 saveSettingsLocked(callingUserId); 8815 } 8816 return true; 8817 } 8818 8819 @Override 8820 public List<String> getPermittedCrossProfileNotificationListeners(ComponentName who) { 8821 if (!mHasFeature) { 8822 return null; 8823 } 8824 Preconditions.checkNotNull(who, "ComponentName is null"); 8825 8826 synchronized (this) { 8827 ActiveAdmin admin = getActiveAdminForCallerLocked( 8828 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8829 return admin.permittedNotificationListeners; 8830 } 8831 } 8832 8833 @Override 8834 public boolean isNotificationListenerServicePermitted(String packageName, int userId) { 8835 if (!mHasFeature) { 8836 return true; 8837 } 8838 8839 Preconditions.checkStringNotEmpty(packageName, "packageName is null or empty"); 8840 if (!isCallerWithSystemUid()) { 8841 throw new SecurityException( 8842 "Only the system can query if a notification listener service is permitted"); 8843 } 8844 synchronized (this) { 8845 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 8846 if (profileOwner == null || profileOwner.permittedNotificationListeners == null) { 8847 return true; 8848 } 8849 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8850 profileOwner.permittedNotificationListeners, userId); 8851 8852 } 8853 } 8854 8855 private void maybeSendAdminEnabledBroadcastLocked(int userHandle) { 8856 DevicePolicyData policyData = getUserData(userHandle); 8857 if (policyData.mAdminBroadcastPending) { 8858 // Send the initialization data to profile owner and delete the data 8859 ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle); 8860 boolean clearInitBundle = true; 8861 if (admin != null) { 8862 PersistableBundle initBundle = policyData.mInitBundle; 8863 clearInitBundle = sendAdminCommandLocked(admin, 8864 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 8865 initBundle == null ? null : new Bundle(initBundle), 8866 null /* result receiver */, 8867 true /* send in foreground */); 8868 } 8869 if (clearInitBundle) { 8870 // If there's no admin or we've successfully called the admin, clear the init bundle 8871 // otherwise, keep it around 8872 policyData.mInitBundle = null; 8873 policyData.mAdminBroadcastPending = false; 8874 saveSettingsLocked(userHandle); 8875 } 8876 } 8877 } 8878 8879 @Override 8880 public UserHandle createAndManageUser(ComponentName admin, String name, 8881 ComponentName profileOwner, PersistableBundle adminExtras, int flags) { 8882 Preconditions.checkNotNull(admin, "admin is null"); 8883 Preconditions.checkNotNull(profileOwner, "profileOwner is null"); 8884 if (!admin.getPackageName().equals(profileOwner.getPackageName())) { 8885 throw new IllegalArgumentException("profileOwner " + profileOwner + " and admin " 8886 + admin + " are not in the same package"); 8887 } 8888 // Only allow the system user to use this method 8889 if (!mInjector.binderGetCallingUserHandle().isSystem()) { 8890 throw new SecurityException("createAndManageUser was called from non-system user"); 8891 } 8892 final boolean ephemeral = (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0; 8893 final boolean demo = (flags & DevicePolicyManager.MAKE_USER_DEMO) != 0 8894 && UserManager.isDeviceInDemoMode(mContext); 8895 final boolean leaveAllSystemAppsEnabled = (flags & LEAVE_ALL_SYSTEM_APPS_ENABLED) != 0; 8896 final int targetSdkVersion; 8897 8898 // Create user. 8899 UserHandle user = null; 8900 synchronized (this) { 8901 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8902 8903 final int callingUid = mInjector.binderGetCallingUid(); 8904 final long id = mInjector.binderClearCallingIdentity(); 8905 try { 8906 targetSdkVersion = mInjector.getPackageManagerInternal().getUidTargetSdkVersion( 8907 callingUid); 8908 8909 // Return detail error code for checks inside 8910 // UserManagerService.createUserInternalUnchecked. 8911 DeviceStorageMonitorInternal deviceStorageMonitorInternal = 8912 LocalServices.getService(DeviceStorageMonitorInternal.class); 8913 if (deviceStorageMonitorInternal.isMemoryLow()) { 8914 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8915 throw new ServiceSpecificException( 8916 UserManager.USER_OPERATION_ERROR_LOW_STORAGE, "low device storage"); 8917 } else { 8918 return null; 8919 } 8920 } 8921 if (!mUserManager.canAddMoreUsers()) { 8922 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8923 throw new ServiceSpecificException( 8924 UserManager.USER_OPERATION_ERROR_MAX_USERS, "user limit reached"); 8925 } else { 8926 return null; 8927 } 8928 } 8929 8930 int userInfoFlags = 0; 8931 if (ephemeral) { 8932 userInfoFlags |= UserInfo.FLAG_EPHEMERAL; 8933 } 8934 if (demo) { 8935 userInfoFlags |= UserInfo.FLAG_DEMO; 8936 } 8937 String[] disallowedPackages = null; 8938 if (!leaveAllSystemAppsEnabled) { 8939 disallowedPackages = mOverlayPackagesProvider.getNonRequiredApps(admin, 8940 UserHandle.myUserId(), ACTION_PROVISION_MANAGED_USER).toArray( 8941 new String[0]); 8942 } 8943 UserInfo userInfo = mUserManagerInternal.createUserEvenWhenDisallowed(name, 8944 userInfoFlags, disallowedPackages); 8945 if (userInfo != null) { 8946 user = userInfo.getUserHandle(); 8947 } 8948 } finally { 8949 mInjector.binderRestoreCallingIdentity(id); 8950 } 8951 } 8952 if (user == null) { 8953 if (targetSdkVersion >= Build.VERSION_CODES.P) { 8954 throw new ServiceSpecificException(UserManager.USER_OPERATION_ERROR_UNKNOWN, 8955 "failed to create user"); 8956 } else { 8957 return null; 8958 } 8959 } 8960 8961 final int userHandle = user.getIdentifier(); 8962 final Intent intent = new Intent(DevicePolicyManager.ACTION_MANAGED_USER_CREATED) 8963 .putExtra(Intent.EXTRA_USER_HANDLE, userHandle) 8964 .putExtra( 8965 DevicePolicyManager.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED, 8966 leaveAllSystemAppsEnabled) 8967 .setPackage(getManagedProvisioningPackage(mContext)) 8968 .addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 8969 mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM); 8970 8971 final long id = mInjector.binderClearCallingIdentity(); 8972 try { 8973 final String adminPkg = admin.getPackageName(); 8974 try { 8975 // Install the profile owner if not present. 8976 if (!mIPackageManager.isPackageAvailable(adminPkg, userHandle)) { 8977 mIPackageManager.installExistingPackageAsUser(adminPkg, userHandle, 8978 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 8979 } 8980 } catch (RemoteException e) { 8981 // Does not happen, same process 8982 } 8983 8984 // Set admin. 8985 setActiveAdmin(profileOwner, true, userHandle); 8986 final String ownerName = getProfileOwnerName(Process.myUserHandle().getIdentifier()); 8987 setProfileOwner(profileOwner, ownerName, userHandle); 8988 8989 synchronized (this) { 8990 DevicePolicyData policyData = getUserData(userHandle); 8991 policyData.mInitBundle = adminExtras; 8992 policyData.mAdminBroadcastPending = true; 8993 saveSettingsLocked(userHandle); 8994 } 8995 8996 if ((flags & DevicePolicyManager.SKIP_SETUP_WIZARD) != 0) { 8997 Settings.Secure.putIntForUser(mContext.getContentResolver(), 8998 Settings.Secure.USER_SETUP_COMPLETE, 1, userHandle); 8999 } 9000 9001 return user; 9002 } catch (Throwable re) { 9003 mUserManager.removeUser(userHandle); 9004 if (targetSdkVersion >= Build.VERSION_CODES.P) { 9005 throw new ServiceSpecificException(UserManager.USER_OPERATION_ERROR_UNKNOWN, 9006 re.getMessage()); 9007 } else { 9008 return null; 9009 } 9010 } finally { 9011 mInjector.binderRestoreCallingIdentity(id); 9012 } 9013 } 9014 9015 @Override 9016 public boolean removeUser(ComponentName who, UserHandle userHandle) { 9017 Preconditions.checkNotNull(who, "ComponentName is null"); 9018 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 9019 9020 synchronized (this) { 9021 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9022 } 9023 9024 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9025 final long id = mInjector.binderClearCallingIdentity(); 9026 try { 9027 String restriction = isManagedProfile(userHandle.getIdentifier()) 9028 ? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE 9029 : UserManager.DISALLOW_REMOVE_USER; 9030 if (isAdminAffectedByRestriction(who, restriction, callingUserId)) { 9031 Log.w(LOG_TAG, "The device owner cannot remove a user because " 9032 + restriction + " is enabled, and was not set by the device owner"); 9033 return false; 9034 } 9035 return mUserManagerInternal.removeUserEvenWhenDisallowed(userHandle.getIdentifier()); 9036 } finally { 9037 mInjector.binderRestoreCallingIdentity(id); 9038 } 9039 } 9040 9041 private boolean isAdminAffectedByRestriction( 9042 ComponentName admin, String userRestriction, int userId) { 9043 switch(mUserManager.getUserRestrictionSource(userRestriction, UserHandle.of(userId))) { 9044 case UserManager.RESTRICTION_NOT_SET: 9045 return false; 9046 case UserManager.RESTRICTION_SOURCE_DEVICE_OWNER: 9047 return !isDeviceOwner(admin, userId); 9048 case UserManager.RESTRICTION_SOURCE_PROFILE_OWNER: 9049 return !isProfileOwner(admin, userId); 9050 default: 9051 return true; 9052 } 9053 } 9054 9055 @Override 9056 public boolean switchUser(ComponentName who, UserHandle userHandle) { 9057 Preconditions.checkNotNull(who, "ComponentName is null"); 9058 9059 synchronized (this) { 9060 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9061 9062 long id = mInjector.binderClearCallingIdentity(); 9063 try { 9064 int userId = UserHandle.USER_SYSTEM; 9065 if (userHandle != null) { 9066 userId = userHandle.getIdentifier(); 9067 } 9068 return mInjector.getIActivityManager().switchUser(userId); 9069 } catch (RemoteException e) { 9070 Log.e(LOG_TAG, "Couldn't switch user", e); 9071 return false; 9072 } finally { 9073 mInjector.binderRestoreCallingIdentity(id); 9074 } 9075 } 9076 } 9077 9078 @Override 9079 public int startUserInBackground(ComponentName who, UserHandle userHandle) { 9080 Preconditions.checkNotNull(who, "ComponentName is null"); 9081 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 9082 9083 synchronized (this) { 9084 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9085 } 9086 9087 final int userId = userHandle.getIdentifier(); 9088 if (isManagedProfile(userId)) { 9089 Log.w(LOG_TAG, "Managed profile cannot be started in background"); 9090 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9091 } 9092 9093 final long id = mInjector.binderClearCallingIdentity(); 9094 try { 9095 if (!mInjector.getActivityManagerInternal().canStartMoreUsers()) { 9096 Log.w(LOG_TAG, "Cannot start more users in background"); 9097 return UserManager.USER_OPERATION_ERROR_MAX_RUNNING_USERS; 9098 } 9099 9100 if (mInjector.getIActivityManager().startUserInBackground(userId)) { 9101 return UserManager.USER_OPERATION_SUCCESS; 9102 } else { 9103 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9104 } 9105 } catch (RemoteException e) { 9106 // Same process, should not happen. 9107 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9108 } finally { 9109 mInjector.binderRestoreCallingIdentity(id); 9110 } 9111 } 9112 9113 @Override 9114 public int stopUser(ComponentName who, UserHandle userHandle) { 9115 Preconditions.checkNotNull(who, "ComponentName is null"); 9116 Preconditions.checkNotNull(userHandle, "UserHandle is null"); 9117 9118 synchronized (this) { 9119 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9120 } 9121 9122 final int userId = userHandle.getIdentifier(); 9123 if (isManagedProfile(userId)) { 9124 Log.w(LOG_TAG, "Managed profile cannot be stopped"); 9125 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9126 } 9127 9128 return stopUserUnchecked(userId); 9129 } 9130 9131 @Override 9132 public int logoutUser(ComponentName who) { 9133 Preconditions.checkNotNull(who, "ComponentName is null"); 9134 9135 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9136 synchronized (this) { 9137 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9138 if (!isUserAffiliatedWithDeviceLocked(callingUserId)) { 9139 throw new SecurityException("Admin " + who + 9140 " is neither the device owner or affiliated user's profile owner."); 9141 } 9142 } 9143 9144 if (isManagedProfile(callingUserId)) { 9145 Log.w(LOG_TAG, "Managed profile cannot be logout"); 9146 return UserManager.USER_OPERATION_ERROR_MANAGED_PROFILE; 9147 } 9148 9149 final long id = mInjector.binderClearCallingIdentity(); 9150 try { 9151 if (!mInjector.getIActivityManager().switchUser(UserHandle.USER_SYSTEM)) { 9152 Log.w(LOG_TAG, "Failed to switch to primary user"); 9153 // This should never happen as target user is UserHandle.USER_SYSTEM 9154 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9155 } 9156 } catch (RemoteException e) { 9157 // Same process, should not happen. 9158 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9159 } finally { 9160 mInjector.binderRestoreCallingIdentity(id); 9161 } 9162 9163 return stopUserUnchecked(callingUserId); 9164 } 9165 9166 private int stopUserUnchecked(int userId) { 9167 final long id = mInjector.binderClearCallingIdentity(); 9168 try { 9169 switch (mInjector.getIActivityManager().stopUser(userId, true /*force*/, null)) { 9170 case ActivityManager.USER_OP_SUCCESS: 9171 return UserManager.USER_OPERATION_SUCCESS; 9172 case ActivityManager.USER_OP_IS_CURRENT: 9173 return UserManager.USER_OPERATION_ERROR_CURRENT_USER; 9174 default: 9175 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9176 } 9177 } catch (RemoteException e) { 9178 // Same process, should not happen. 9179 return UserManager.USER_OPERATION_ERROR_UNKNOWN; 9180 } finally { 9181 mInjector.binderRestoreCallingIdentity(id); 9182 } 9183 } 9184 9185 @Override 9186 public List<UserHandle> getSecondaryUsers(ComponentName who) { 9187 Preconditions.checkNotNull(who, "ComponentName is null"); 9188 synchronized (this) { 9189 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9190 } 9191 9192 final long id = mInjector.binderClearCallingIdentity(); 9193 try { 9194 final List<UserInfo> userInfos = mInjector.getUserManager().getUsers(true 9195 /*excludeDying*/); 9196 final List<UserHandle> userHandles = new ArrayList<>(); 9197 for (UserInfo userInfo : userInfos) { 9198 UserHandle userHandle = userInfo.getUserHandle(); 9199 if (!userHandle.isSystem() && !isManagedProfile(userHandle.getIdentifier())) { 9200 userHandles.add(userInfo.getUserHandle()); 9201 } 9202 } 9203 return userHandles; 9204 } finally { 9205 mInjector.binderRestoreCallingIdentity(id); 9206 } 9207 } 9208 9209 @Override 9210 public boolean isEphemeralUser(ComponentName who) { 9211 Preconditions.checkNotNull(who, "ComponentName is null"); 9212 synchronized (this) { 9213 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9214 } 9215 9216 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9217 final long id = mInjector.binderClearCallingIdentity(); 9218 try { 9219 return mInjector.getUserManager().isUserEphemeral(callingUserId); 9220 } finally { 9221 mInjector.binderRestoreCallingIdentity(id); 9222 } 9223 } 9224 9225 @Override 9226 public Bundle getApplicationRestrictions(ComponentName who, String callerPackage, 9227 String packageName) { 9228 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9229 DELEGATION_APP_RESTRICTIONS); 9230 9231 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 9232 final long id = mInjector.binderClearCallingIdentity(); 9233 try { 9234 Bundle bundle = mUserManager.getApplicationRestrictions(packageName, userHandle); 9235 // if no restrictions were saved, mUserManager.getApplicationRestrictions 9236 // returns null, but DPM method should return an empty Bundle as per JavaDoc 9237 return bundle != null ? bundle : Bundle.EMPTY; 9238 } finally { 9239 mInjector.binderRestoreCallingIdentity(id); 9240 } 9241 } 9242 9243 @Override 9244 public String[] setPackagesSuspended(ComponentName who, String callerPackage, 9245 String[] packageNames, boolean suspended) { 9246 int callingUserId = UserHandle.getCallingUserId(); 9247 synchronized (this) { 9248 // Ensure the caller is a DO/PO or a package access delegate. 9249 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9250 DELEGATION_PACKAGE_ACCESS); 9251 9252 long id = mInjector.binderClearCallingIdentity(); 9253 try { 9254 return mIPackageManager.setPackagesSuspendedAsUser( 9255 packageNames, suspended, callingUserId); 9256 } catch (RemoteException re) { 9257 // Shouldn't happen. 9258 Slog.e(LOG_TAG, "Failed talking to the package manager", re); 9259 } finally { 9260 mInjector.binderRestoreCallingIdentity(id); 9261 } 9262 return packageNames; 9263 } 9264 } 9265 9266 @Override 9267 public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) { 9268 int callingUserId = UserHandle.getCallingUserId(); 9269 synchronized (this) { 9270 // Ensure the caller is a DO/PO or a package access delegate. 9271 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9272 DELEGATION_PACKAGE_ACCESS); 9273 9274 long id = mInjector.binderClearCallingIdentity(); 9275 try { 9276 return mIPackageManager.isPackageSuspendedForUser(packageName, callingUserId); 9277 } catch (RemoteException re) { 9278 // Shouldn't happen. 9279 Slog.e(LOG_TAG, "Failed talking to the package manager", re); 9280 } finally { 9281 mInjector.binderRestoreCallingIdentity(id); 9282 } 9283 return false; 9284 } 9285 } 9286 9287 @Override 9288 public void setUserRestriction(ComponentName who, String key, boolean enabledFromThisOwner) { 9289 Preconditions.checkNotNull(who, "ComponentName is null"); 9290 if (!UserRestrictionsUtils.isValidRestriction(key)) { 9291 return; 9292 } 9293 9294 final int userHandle = mInjector.userHandleGetCallingUserId(); 9295 synchronized (this) { 9296 final ActiveAdmin activeAdmin = 9297 getActiveAdminForCallerLocked(who, 9298 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9299 final boolean isDeviceOwner = isDeviceOwner(who, userHandle); 9300 if (isDeviceOwner) { 9301 if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) { 9302 throw new SecurityException("Device owner cannot set user restriction " + key); 9303 } 9304 } else { // profile owner 9305 if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) { 9306 throw new SecurityException("Profile owner cannot set user restriction " + key); 9307 } 9308 } 9309 9310 // Save the restriction to ActiveAdmin. 9311 final Bundle restrictions = activeAdmin.ensureUserRestrictions(); 9312 if (enabledFromThisOwner) { 9313 restrictions.putBoolean(key, true); 9314 } else { 9315 restrictions.remove(key); 9316 } 9317 saveUserRestrictionsLocked(userHandle); 9318 } 9319 if (SecurityLog.isLoggingEnabled()) { 9320 final int eventTag = enabledFromThisOwner 9321 ? SecurityLog.TAG_USER_RESTRICTION_ADDED 9322 : SecurityLog.TAG_USER_RESTRICTION_REMOVED; 9323 SecurityLog.writeEvent(eventTag, who.getPackageName(), userHandle, key); 9324 } 9325 } 9326 9327 private void saveUserRestrictionsLocked(int userId) { 9328 saveSettingsLocked(userId); 9329 pushUserRestrictions(userId); 9330 sendChangedNotification(userId); 9331 } 9332 9333 private void pushUserRestrictions(int userId) { 9334 synchronized (this) { 9335 final boolean isDeviceOwner = mOwners.isDeviceOwnerUserId(userId); 9336 final Bundle userRestrictions; 9337 // Whether device owner enforces camera restriction. 9338 boolean disallowCameraGlobally = false; 9339 9340 if (isDeviceOwner) { 9341 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 9342 if (deviceOwner == null) { 9343 return; // Shouldn't happen. 9344 } 9345 userRestrictions = deviceOwner.userRestrictions; 9346 // DO can disable camera globally. 9347 disallowCameraGlobally = deviceOwner.disableCamera; 9348 } else { 9349 final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 9350 userRestrictions = profileOwner != null ? profileOwner.userRestrictions : null; 9351 } 9352 9353 // Whether any admin enforces camera restriction. 9354 final int cameraRestrictionScope = 9355 getCameraRestrictionScopeLocked(userId, disallowCameraGlobally); 9356 9357 mUserManagerInternal.setDevicePolicyUserRestrictions(userId, userRestrictions, 9358 isDeviceOwner, cameraRestrictionScope); 9359 } 9360 } 9361 9362 /** 9363 * Get the scope of camera restriction for a given user if any. 9364 */ 9365 private int getCameraRestrictionScopeLocked(int userId, boolean disallowCameraGlobally) { 9366 if (disallowCameraGlobally) { 9367 return UserManagerInternal.CAMERA_DISABLED_GLOBALLY; 9368 } else if (getCameraDisabled( 9369 /* who= */ null, userId, /* mergeDeviceOwnerRestriction= */ false)) { 9370 return UserManagerInternal.CAMERA_DISABLED_LOCALLY; 9371 } 9372 return UserManagerInternal.CAMERA_NOT_DISABLED; 9373 } 9374 9375 @Override 9376 public Bundle getUserRestrictions(ComponentName who) { 9377 if (!mHasFeature) { 9378 return null; 9379 } 9380 Preconditions.checkNotNull(who, "ComponentName is null"); 9381 synchronized (this) { 9382 final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who, 9383 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9384 return activeAdmin.userRestrictions; 9385 } 9386 } 9387 9388 @Override 9389 public boolean setApplicationHidden(ComponentName who, String callerPackage, String packageName, 9390 boolean hidden) { 9391 int callingUserId = UserHandle.getCallingUserId(); 9392 synchronized (this) { 9393 // Ensure the caller is a DO/PO or a package access delegate. 9394 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9395 DELEGATION_PACKAGE_ACCESS); 9396 9397 long id = mInjector.binderClearCallingIdentity(); 9398 try { 9399 return mIPackageManager.setApplicationHiddenSettingAsUser( 9400 packageName, hidden, callingUserId); 9401 } catch (RemoteException re) { 9402 // shouldn't happen 9403 Slog.e(LOG_TAG, "Failed to setApplicationHiddenSetting", re); 9404 } finally { 9405 mInjector.binderRestoreCallingIdentity(id); 9406 } 9407 return false; 9408 } 9409 } 9410 9411 @Override 9412 public boolean isApplicationHidden(ComponentName who, String callerPackage, 9413 String packageName) { 9414 int callingUserId = UserHandle.getCallingUserId(); 9415 synchronized (this) { 9416 // Ensure the caller is a DO/PO or a package access delegate. 9417 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9418 DELEGATION_PACKAGE_ACCESS); 9419 9420 long id = mInjector.binderClearCallingIdentity(); 9421 try { 9422 return mIPackageManager.getApplicationHiddenSettingAsUser( 9423 packageName, callingUserId); 9424 } catch (RemoteException re) { 9425 // shouldn't happen 9426 Slog.e(LOG_TAG, "Failed to getApplicationHiddenSettingAsUser", re); 9427 } finally { 9428 mInjector.binderRestoreCallingIdentity(id); 9429 } 9430 return false; 9431 } 9432 } 9433 9434 @Override 9435 public void enableSystemApp(ComponentName who, String callerPackage, String packageName) { 9436 synchronized (this) { 9437 // Ensure the caller is a DO/PO or an enable system app delegate. 9438 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9439 DELEGATION_ENABLE_SYSTEM_APP); 9440 9441 final boolean isDemo = isCurrentUserDemo(); 9442 9443 int userId = UserHandle.getCallingUserId(); 9444 long id = mInjector.binderClearCallingIdentity(); 9445 9446 try { 9447 if (VERBOSE_LOG) { 9448 Slog.v(LOG_TAG, "installing " + packageName + " for " 9449 + userId); 9450 } 9451 9452 int parentUserId = getProfileParentId(userId); 9453 if (!isDemo && !isSystemApp(mIPackageManager, packageName, parentUserId)) { 9454 throw new IllegalArgumentException("Only system apps can be enabled this way."); 9455 } 9456 9457 // Install the app. 9458 mIPackageManager.installExistingPackageAsUser(packageName, userId, 9459 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 9460 if (isDemo) { 9461 // Ensure the app is also ENABLED for demo users. 9462 mIPackageManager.setApplicationEnabledSetting(packageName, 9463 PackageManager.COMPONENT_ENABLED_STATE_ENABLED, 9464 PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager"); 9465 } 9466 } catch (RemoteException re) { 9467 // shouldn't happen 9468 Slog.wtf(LOG_TAG, "Failed to install " + packageName, re); 9469 } finally { 9470 mInjector.binderRestoreCallingIdentity(id); 9471 } 9472 } 9473 } 9474 9475 @Override 9476 public int enableSystemAppWithIntent(ComponentName who, String callerPackage, Intent intent) { 9477 synchronized (this) { 9478 // Ensure the caller is a DO/PO or an enable system app delegate. 9479 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9480 DELEGATION_ENABLE_SYSTEM_APP); 9481 9482 int userId = UserHandle.getCallingUserId(); 9483 long id = mInjector.binderClearCallingIdentity(); 9484 9485 try { 9486 int parentUserId = getProfileParentId(userId); 9487 List<ResolveInfo> activitiesToEnable = mIPackageManager 9488 .queryIntentActivities(intent, 9489 intent.resolveTypeIfNeeded(mContext.getContentResolver()), 9490 PackageManager.MATCH_DIRECT_BOOT_AWARE 9491 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 9492 parentUserId) 9493 .getList(); 9494 9495 if (VERBOSE_LOG) { 9496 Slog.d(LOG_TAG, "Enabling system activities: " + activitiesToEnable); 9497 } 9498 int numberOfAppsInstalled = 0; 9499 if (activitiesToEnable != null) { 9500 for (ResolveInfo info : activitiesToEnable) { 9501 if (info.activityInfo != null) { 9502 String packageName = info.activityInfo.packageName; 9503 if (isSystemApp(mIPackageManager, packageName, parentUserId)) { 9504 numberOfAppsInstalled++; 9505 mIPackageManager.installExistingPackageAsUser(packageName, userId, 9506 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 9507 } else { 9508 Slog.d(LOG_TAG, "Not enabling " + packageName + " since is not a" 9509 + " system app"); 9510 } 9511 } 9512 } 9513 } 9514 return numberOfAppsInstalled; 9515 } catch (RemoteException e) { 9516 // shouldn't happen 9517 Slog.wtf(LOG_TAG, "Failed to resolve intent for: " + intent); 9518 return 0; 9519 } finally { 9520 mInjector.binderRestoreCallingIdentity(id); 9521 } 9522 } 9523 } 9524 9525 private boolean isSystemApp(IPackageManager pm, String packageName, int userId) 9526 throws RemoteException { 9527 ApplicationInfo appInfo = pm.getApplicationInfo(packageName, MATCH_UNINSTALLED_PACKAGES, 9528 userId); 9529 if (appInfo == null) { 9530 throw new IllegalArgumentException("The application " + packageName + 9531 " is not present on this device"); 9532 } 9533 return (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 9534 } 9535 9536 @Override 9537 public boolean installExistingPackage(ComponentName who, String callerPackage, 9538 String packageName) { 9539 synchronized (this) { 9540 // Ensure the caller is a PO or an install existing package delegate 9541 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9542 DELEGATION_INSTALL_EXISTING_PACKAGE); 9543 final int callingUserId = mInjector.userHandleGetCallingUserId(); 9544 if (!isUserAffiliatedWithDeviceLocked(callingUserId)) { 9545 throw new SecurityException("Admin " + who + 9546 " is neither the device owner or affiliated user's profile owner."); 9547 } 9548 9549 final long id = mInjector.binderClearCallingIdentity(); 9550 try { 9551 if (VERBOSE_LOG) { 9552 Slog.v(LOG_TAG, "installing " + packageName + " for " 9553 + callingUserId); 9554 } 9555 9556 // Install the package. 9557 return mIPackageManager.installExistingPackageAsUser(packageName, callingUserId, 9558 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY) 9559 == PackageManager.INSTALL_SUCCEEDED; 9560 } catch (RemoteException re) { 9561 // shouldn't happen 9562 return false; 9563 } finally { 9564 mInjector.binderRestoreCallingIdentity(id); 9565 } 9566 } 9567 } 9568 9569 @Override 9570 public void setAccountManagementDisabled(ComponentName who, String accountType, 9571 boolean disabled) { 9572 if (!mHasFeature) { 9573 return; 9574 } 9575 Preconditions.checkNotNull(who, "ComponentName is null"); 9576 synchronized (this) { 9577 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 9578 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9579 if (disabled) { 9580 ap.accountTypesWithManagementDisabled.add(accountType); 9581 } else { 9582 ap.accountTypesWithManagementDisabled.remove(accountType); 9583 } 9584 saveSettingsLocked(UserHandle.getCallingUserId()); 9585 } 9586 } 9587 9588 @Override 9589 public String[] getAccountTypesWithManagementDisabled() { 9590 return getAccountTypesWithManagementDisabledAsUser(UserHandle.getCallingUserId()); 9591 } 9592 9593 @Override 9594 public String[] getAccountTypesWithManagementDisabledAsUser(int userId) { 9595 enforceFullCrossUsersPermission(userId); 9596 if (!mHasFeature) { 9597 return null; 9598 } 9599 synchronized (this) { 9600 DevicePolicyData policy = getUserData(userId); 9601 final int N = policy.mAdminList.size(); 9602 ArraySet<String> resultSet = new ArraySet<>(); 9603 for (int i = 0; i < N; i++) { 9604 ActiveAdmin admin = policy.mAdminList.get(i); 9605 resultSet.addAll(admin.accountTypesWithManagementDisabled); 9606 } 9607 return resultSet.toArray(new String[resultSet.size()]); 9608 } 9609 } 9610 9611 @Override 9612 public void setUninstallBlocked(ComponentName who, String callerPackage, String packageName, 9613 boolean uninstallBlocked) { 9614 final int userId = UserHandle.getCallingUserId(); 9615 synchronized (this) { 9616 // Ensure the caller is a DO/PO or a block uninstall delegate 9617 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9618 DELEGATION_BLOCK_UNINSTALL); 9619 9620 long id = mInjector.binderClearCallingIdentity(); 9621 try { 9622 mIPackageManager.setBlockUninstallForUser(packageName, uninstallBlocked, userId); 9623 } catch (RemoteException re) { 9624 // Shouldn't happen. 9625 Slog.e(LOG_TAG, "Failed to setBlockUninstallForUser", re); 9626 } finally { 9627 mInjector.binderRestoreCallingIdentity(id); 9628 } 9629 } 9630 } 9631 9632 @Override 9633 public boolean isUninstallBlocked(ComponentName who, String packageName) { 9634 // This function should return true if and only if the package is blocked by 9635 // setUninstallBlocked(). It should still return false for other cases of blocks, such as 9636 // when the package is a system app, or when it is an active device admin. 9637 final int userId = UserHandle.getCallingUserId(); 9638 9639 synchronized (this) { 9640 if (who != null) { 9641 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9642 } 9643 9644 long id = mInjector.binderClearCallingIdentity(); 9645 try { 9646 return mIPackageManager.getBlockUninstallForUser(packageName, userId); 9647 } catch (RemoteException re) { 9648 // Shouldn't happen. 9649 Slog.e(LOG_TAG, "Failed to getBlockUninstallForUser", re); 9650 } finally { 9651 mInjector.binderRestoreCallingIdentity(id); 9652 } 9653 } 9654 return false; 9655 } 9656 9657 @Override 9658 public void setCrossProfileCallerIdDisabled(ComponentName who, boolean disabled) { 9659 if (!mHasFeature) { 9660 return; 9661 } 9662 Preconditions.checkNotNull(who, "ComponentName is null"); 9663 synchronized (this) { 9664 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9665 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9666 if (admin.disableCallerId != disabled) { 9667 admin.disableCallerId = disabled; 9668 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 9669 } 9670 } 9671 } 9672 9673 @Override 9674 public boolean getCrossProfileCallerIdDisabled(ComponentName who) { 9675 if (!mHasFeature) { 9676 return false; 9677 } 9678 Preconditions.checkNotNull(who, "ComponentName is null"); 9679 synchronized (this) { 9680 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9681 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9682 return admin.disableCallerId; 9683 } 9684 } 9685 9686 @Override 9687 public boolean getCrossProfileCallerIdDisabledForUser(int userId) { 9688 enforceCrossUsersPermission(userId); 9689 synchronized (this) { 9690 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9691 return (admin != null) ? admin.disableCallerId : false; 9692 } 9693 } 9694 9695 @Override 9696 public void setCrossProfileContactsSearchDisabled(ComponentName who, boolean disabled) { 9697 if (!mHasFeature) { 9698 return; 9699 } 9700 Preconditions.checkNotNull(who, "ComponentName is null"); 9701 synchronized (this) { 9702 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9703 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9704 if (admin.disableContactsSearch != disabled) { 9705 admin.disableContactsSearch = disabled; 9706 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 9707 } 9708 } 9709 } 9710 9711 @Override 9712 public boolean getCrossProfileContactsSearchDisabled(ComponentName who) { 9713 if (!mHasFeature) { 9714 return false; 9715 } 9716 Preconditions.checkNotNull(who, "ComponentName is null"); 9717 synchronized (this) { 9718 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9719 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9720 return admin.disableContactsSearch; 9721 } 9722 } 9723 9724 @Override 9725 public boolean getCrossProfileContactsSearchDisabledForUser(int userId) { 9726 enforceCrossUsersPermission(userId); 9727 synchronized (this) { 9728 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9729 return (admin != null) ? admin.disableContactsSearch : false; 9730 } 9731 } 9732 9733 @Override 9734 public void startManagedQuickContact(String actualLookupKey, long actualContactId, 9735 boolean isContactIdIgnored, long actualDirectoryId, Intent originalIntent) { 9736 final Intent intent = QuickContact.rebuildManagedQuickContactsIntent(actualLookupKey, 9737 actualContactId, isContactIdIgnored, actualDirectoryId, originalIntent); 9738 final int callingUserId = UserHandle.getCallingUserId(); 9739 9740 final long ident = mInjector.binderClearCallingIdentity(); 9741 try { 9742 synchronized (this) { 9743 final int managedUserId = getManagedUserId(callingUserId); 9744 if (managedUserId < 0) { 9745 return; 9746 } 9747 if (isCrossProfileQuickContactDisabled(managedUserId)) { 9748 if (VERBOSE_LOG) { 9749 Log.v(LOG_TAG, 9750 "Cross-profile contacts access disabled for user " + managedUserId); 9751 } 9752 return; 9753 } 9754 ContactsInternal.startQuickContactWithErrorToastForUser( 9755 mContext, intent, new UserHandle(managedUserId)); 9756 } 9757 } finally { 9758 mInjector.binderRestoreCallingIdentity(ident); 9759 } 9760 } 9761 9762 /** 9763 * @return true if cross-profile QuickContact is disabled 9764 */ 9765 private boolean isCrossProfileQuickContactDisabled(int userId) { 9766 return getCrossProfileCallerIdDisabledForUser(userId) 9767 && getCrossProfileContactsSearchDisabledForUser(userId); 9768 } 9769 9770 /** 9771 * @return the user ID of the managed user that is linked to the current user, if any. 9772 * Otherwise -1. 9773 */ 9774 public int getManagedUserId(int callingUserId) { 9775 if (VERBOSE_LOG) { 9776 Log.v(LOG_TAG, "getManagedUserId: callingUserId=" + callingUserId); 9777 } 9778 9779 for (UserInfo ui : mUserManager.getProfiles(callingUserId)) { 9780 if (ui.id == callingUserId || !ui.isManagedProfile()) { 9781 continue; // Caller user self, or not a managed profile. Skip. 9782 } 9783 if (VERBOSE_LOG) { 9784 Log.v(LOG_TAG, "Managed user=" + ui.id); 9785 } 9786 return ui.id; 9787 } 9788 if (VERBOSE_LOG) { 9789 Log.v(LOG_TAG, "Managed user not found."); 9790 } 9791 return -1; 9792 } 9793 9794 @Override 9795 public void setBluetoothContactSharingDisabled(ComponentName who, boolean disabled) { 9796 if (!mHasFeature) { 9797 return; 9798 } 9799 Preconditions.checkNotNull(who, "ComponentName is null"); 9800 synchronized (this) { 9801 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9802 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9803 if (admin.disableBluetoothContactSharing != disabled) { 9804 admin.disableBluetoothContactSharing = disabled; 9805 saveSettingsLocked(UserHandle.getCallingUserId()); 9806 } 9807 } 9808 } 9809 9810 @Override 9811 public boolean getBluetoothContactSharingDisabled(ComponentName who) { 9812 if (!mHasFeature) { 9813 return false; 9814 } 9815 Preconditions.checkNotNull(who, "ComponentName is null"); 9816 synchronized (this) { 9817 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9818 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9819 return admin.disableBluetoothContactSharing; 9820 } 9821 } 9822 9823 @Override 9824 public boolean getBluetoothContactSharingDisabledForUser(int userId) { 9825 // TODO: Should there be a check to make sure this relationship is 9826 // within a profile group? 9827 // enforceSystemProcess("getCrossProfileCallerIdDisabled can only be called by system"); 9828 synchronized (this) { 9829 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9830 return (admin != null) ? admin.disableBluetoothContactSharing : false; 9831 } 9832 } 9833 9834 @Override 9835 public void setLockTaskPackages(ComponentName who, String[] packages) 9836 throws SecurityException { 9837 Preconditions.checkNotNull(who, "ComponentName is null"); 9838 Preconditions.checkNotNull(packages, "packages is null"); 9839 9840 synchronized (this) { 9841 enforceCanCallLockTaskLocked(who); 9842 final int userHandle = mInjector.userHandleGetCallingUserId(); 9843 setLockTaskPackagesLocked(userHandle, new ArrayList<>(Arrays.asList(packages))); 9844 } 9845 } 9846 9847 private void setLockTaskPackagesLocked(int userHandle, List<String> packages) { 9848 DevicePolicyData policy = getUserData(userHandle); 9849 policy.mLockTaskPackages = packages; 9850 9851 // Store the settings persistently. 9852 saveSettingsLocked(userHandle); 9853 updateLockTaskPackagesLocked(packages, userHandle); 9854 } 9855 9856 @Override 9857 public String[] getLockTaskPackages(ComponentName who) { 9858 Preconditions.checkNotNull(who, "ComponentName is null"); 9859 9860 final int userHandle = mInjector.binderGetCallingUserHandle().getIdentifier(); 9861 synchronized (this) { 9862 enforceCanCallLockTaskLocked(who); 9863 final List<String> packages = getUserData(userHandle).mLockTaskPackages; 9864 return packages.toArray(new String[packages.size()]); 9865 } 9866 } 9867 9868 @Override 9869 public boolean isLockTaskPermitted(String pkg) { 9870 final int userHandle = mInjector.userHandleGetCallingUserId(); 9871 synchronized (this) { 9872 return getUserData(userHandle).mLockTaskPackages.contains(pkg); 9873 } 9874 } 9875 9876 @Override 9877 public void setLockTaskFeatures(ComponentName who, int flags) { 9878 Preconditions.checkNotNull(who, "ComponentName is null"); 9879 9880 // Throw if Overview is used without Home. 9881 boolean hasHome = (flags & LOCK_TASK_FEATURE_HOME) != 0; 9882 boolean hasOverview = (flags & LOCK_TASK_FEATURE_OVERVIEW) != 0; 9883 Preconditions.checkArgument(hasHome || !hasOverview, 9884 "Cannot use LOCK_TASK_FEATURE_OVERVIEW without LOCK_TASK_FEATURE_HOME"); 9885 9886 final int userHandle = mInjector.userHandleGetCallingUserId(); 9887 synchronized (this) { 9888 enforceCanCallLockTaskLocked(who); 9889 setLockTaskFeaturesLocked(userHandle, flags); 9890 } 9891 } 9892 9893 private void setLockTaskFeaturesLocked(int userHandle, int flags) { 9894 DevicePolicyData policy = getUserData(userHandle); 9895 policy.mLockTaskFeatures = flags; 9896 saveSettingsLocked(userHandle); 9897 updateLockTaskFeaturesLocked(flags, userHandle); 9898 } 9899 9900 @Override 9901 public int getLockTaskFeatures(ComponentName who) { 9902 Preconditions.checkNotNull(who, "ComponentName is null"); 9903 final int userHandle = mInjector.userHandleGetCallingUserId(); 9904 synchronized (this) { 9905 enforceCanCallLockTaskLocked(who); 9906 return getUserData(userHandle).mLockTaskFeatures; 9907 } 9908 } 9909 9910 private void maybeClearLockTaskPolicyLocked() { 9911 final long ident = mInjector.binderClearCallingIdentity(); 9912 try { 9913 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 9914 for (int i = userInfos.size() - 1; i >= 0; i--) { 9915 int userId = userInfos.get(i).id; 9916 if (canUserUseLockTaskLocked(userId)) { 9917 continue; 9918 } 9919 9920 final List<String> lockTaskPackages = getUserData(userId).mLockTaskPackages; 9921 if (!lockTaskPackages.isEmpty()) { 9922 Slog.d(LOG_TAG, 9923 "User id " + userId + " not affiliated. Clearing lock task packages"); 9924 setLockTaskPackagesLocked(userId, Collections.<String>emptyList()); 9925 } 9926 final int lockTaskFeatures = getUserData(userId).mLockTaskFeatures; 9927 if (lockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE){ 9928 Slog.d(LOG_TAG, 9929 "User id " + userId + " not affiliated. Clearing lock task features"); 9930 setLockTaskFeaturesLocked(userId, DevicePolicyManager.LOCK_TASK_FEATURE_NONE); 9931 } 9932 } 9933 } finally { 9934 mInjector.binderRestoreCallingIdentity(ident); 9935 } 9936 } 9937 9938 @Override 9939 public void notifyLockTaskModeChanged(boolean isEnabled, String pkg, int userHandle) { 9940 if (!isCallerWithSystemUid()) { 9941 throw new SecurityException("notifyLockTaskModeChanged can only be called by system"); 9942 } 9943 synchronized (this) { 9944 final DevicePolicyData policy = getUserData(userHandle); 9945 9946 if (policy.mStatusBarDisabled) { 9947 // Status bar is managed by LockTaskController during LockTask, so we cancel this 9948 // policy when LockTask starts, and reapply it when LockTask ends 9949 setStatusBarDisabledInternal(!isEnabled, userHandle); 9950 } 9951 9952 Bundle adminExtras = new Bundle(); 9953 adminExtras.putString(DeviceAdminReceiver.EXTRA_LOCK_TASK_PACKAGE, pkg); 9954 for (ActiveAdmin admin : policy.mAdminList) { 9955 final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userHandle); 9956 final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userHandle); 9957 if (ownsDevice || ownsProfile) { 9958 if (isEnabled) { 9959 sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_ENTERING, 9960 adminExtras, null); 9961 } else { 9962 sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_EXITING); 9963 } 9964 } 9965 } 9966 } 9967 } 9968 9969 @Override 9970 public void setGlobalSetting(ComponentName who, String setting, String value) { 9971 Preconditions.checkNotNull(who, "ComponentName is null"); 9972 9973 synchronized (this) { 9974 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9975 9976 // Some settings are no supported any more. However we do not want to throw a 9977 // SecurityException to avoid breaking apps. 9978 if (GLOBAL_SETTINGS_DEPRECATED.contains(setting)) { 9979 Log.i(LOG_TAG, "Global setting no longer supported: " + setting); 9980 return; 9981 } 9982 9983 if (!GLOBAL_SETTINGS_WHITELIST.contains(setting) 9984 && !UserManager.isDeviceInDemoMode(mContext)) { 9985 throw new SecurityException(String.format( 9986 "Permission denial: device owners cannot update %1$s", setting)); 9987 } 9988 9989 if (Settings.Global.STAY_ON_WHILE_PLUGGED_IN.equals(setting)) { 9990 // ignore if it contradicts an existing policy 9991 long timeMs = getMaximumTimeToLock( 9992 who, mInjector.userHandleGetCallingUserId(), /* parent */ false); 9993 if (timeMs > 0 && timeMs < Long.MAX_VALUE) { 9994 return; 9995 } 9996 } 9997 9998 long id = mInjector.binderClearCallingIdentity(); 9999 try { 10000 mInjector.settingsGlobalPutString(setting, value); 10001 } finally { 10002 mInjector.binderRestoreCallingIdentity(id); 10003 } 10004 } 10005 } 10006 10007 @Override 10008 public void setSystemSetting(ComponentName who, String setting, String value) { 10009 Preconditions.checkNotNull(who, "ComponentName is null"); 10010 Preconditions.checkStringNotEmpty(setting, "String setting is null or empty"); 10011 10012 synchronized (this) { 10013 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10014 10015 if (!SYSTEM_SETTINGS_WHITELIST.contains(setting)) { 10016 throw new SecurityException(String.format( 10017 "Permission denial: device owners cannot update %1$s", setting)); 10018 } 10019 10020 mInjector.binderWithCleanCallingIdentity(() -> mInjector.settingsSystemPutString( 10021 setting, value)); 10022 } 10023 } 10024 10025 @Override 10026 public boolean setTime(ComponentName who, long millis) { 10027 Preconditions.checkNotNull(who, "ComponentName is null in setTime"); 10028 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10029 // Don't allow set time when auto time is on. 10030 if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME, 0) == 1) { 10031 return false; 10032 } 10033 mInjector.binderWithCleanCallingIdentity(() -> mInjector.getAlarmManager().setTime(millis)); 10034 return true; 10035 } 10036 10037 @Override 10038 public boolean setTimeZone(ComponentName who, String timeZone) { 10039 Preconditions.checkNotNull(who, "ComponentName is null in setTimeZone"); 10040 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10041 // Don't allow set timezone when auto timezone is on. 10042 if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME_ZONE, 0) == 1) { 10043 return false; 10044 } 10045 mInjector.binderWithCleanCallingIdentity(() -> 10046 mInjector.getAlarmManager().setTimeZone(timeZone)); 10047 return true; 10048 } 10049 10050 @Override 10051 public void setSecureSetting(ComponentName who, String setting, String value) { 10052 Preconditions.checkNotNull(who, "ComponentName is null"); 10053 int callingUserId = mInjector.userHandleGetCallingUserId(); 10054 10055 synchronized (this) { 10056 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10057 10058 if (isDeviceOwner(who, callingUserId)) { 10059 if (!SECURE_SETTINGS_DEVICEOWNER_WHITELIST.contains(setting) 10060 && !isCurrentUserDemo()) { 10061 throw new SecurityException(String.format( 10062 "Permission denial: Device owners cannot update %1$s", setting)); 10063 } 10064 } else if (!SECURE_SETTINGS_WHITELIST.contains(setting) && !isCurrentUserDemo()) { 10065 throw new SecurityException(String.format( 10066 "Permission denial: Profile owners cannot update %1$s", setting)); 10067 } 10068 if (setting.equals(Settings.Secure.INSTALL_NON_MARKET_APPS)) { 10069 if (getTargetSdk(who.getPackageName(), callingUserId) >= Build.VERSION_CODES.O) { 10070 throw new UnsupportedOperationException(Settings.Secure.INSTALL_NON_MARKET_APPS 10071 + " is deprecated. Please use the user restriction " 10072 + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES + " instead."); 10073 } 10074 if (!mUserManager.isManagedProfile(callingUserId)) { 10075 Slog.e(LOG_TAG, "Ignoring setSecureSetting request for " 10076 + setting + ". User restriction " 10077 + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES 10078 + " should be used instead."); 10079 } else { 10080 try { 10081 setUserRestriction(who, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, 10082 (Integer.parseInt(value) == 0) ? true : false); 10083 } catch (NumberFormatException exc) { 10084 Slog.e(LOG_TAG, "Invalid value: " + value + " for setting " + setting); 10085 } 10086 } 10087 return; 10088 } 10089 long id = mInjector.binderClearCallingIdentity(); 10090 try { 10091 if (Settings.Secure.DEFAULT_INPUT_METHOD.equals(setting)) { 10092 final String currentValue = mInjector.settingsSecureGetStringForUser( 10093 Settings.Secure.DEFAULT_INPUT_METHOD, callingUserId); 10094 if (!TextUtils.equals(currentValue, value)) { 10095 // Tell the content observer that the next change will be due to the owner 10096 // changing the value. There is a small race condition here that we cannot 10097 // avoid: Change notifications are sent asynchronously, so it is possible 10098 // that there are prior notifications queued up before the one we are about 10099 // to trigger. This is a corner case that will have no impact in practice. 10100 mSetupContentObserver.addPendingChangeByOwnerLocked(callingUserId); 10101 } 10102 getUserData(callingUserId).mCurrentInputMethodSet = true; 10103 saveSettingsLocked(callingUserId); 10104 } 10105 mInjector.settingsSecurePutStringForUser(setting, value, callingUserId); 10106 } finally { 10107 mInjector.binderRestoreCallingIdentity(id); 10108 } 10109 } 10110 } 10111 10112 @Override 10113 public void setMasterVolumeMuted(ComponentName who, boolean on) { 10114 Preconditions.checkNotNull(who, "ComponentName is null"); 10115 synchronized (this) { 10116 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10117 setUserRestriction(who, UserManager.DISALLOW_UNMUTE_DEVICE, on); 10118 } 10119 } 10120 10121 @Override 10122 public boolean isMasterVolumeMuted(ComponentName who) { 10123 Preconditions.checkNotNull(who, "ComponentName is null"); 10124 synchronized (this) { 10125 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10126 10127 AudioManager audioManager = 10128 (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE); 10129 return audioManager.isMasterMute(); 10130 } 10131 } 10132 10133 @Override 10134 public void setUserIcon(ComponentName who, Bitmap icon) { 10135 synchronized (this) { 10136 Preconditions.checkNotNull(who, "ComponentName is null"); 10137 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10138 10139 int userId = UserHandle.getCallingUserId(); 10140 long id = mInjector.binderClearCallingIdentity(); 10141 try { 10142 mUserManagerInternal.setUserIcon(userId, icon); 10143 } finally { 10144 mInjector.binderRestoreCallingIdentity(id); 10145 } 10146 } 10147 } 10148 10149 @Override 10150 public boolean setKeyguardDisabled(ComponentName who, boolean disabled) { 10151 Preconditions.checkNotNull(who, "ComponentName is null"); 10152 final int userId = mInjector.userHandleGetCallingUserId(); 10153 synchronized (this) { 10154 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10155 if (!isUserAffiliatedWithDeviceLocked(userId)) { 10156 throw new SecurityException("Admin " + who + 10157 " is neither the device owner or affiliated user's profile owner."); 10158 } 10159 } 10160 if (isManagedProfile(userId)) { 10161 throw new SecurityException("Managed profile cannot disable keyguard"); 10162 } 10163 10164 long ident = mInjector.binderClearCallingIdentity(); 10165 try { 10166 // disallow disabling the keyguard if a password is currently set 10167 if (disabled && mLockPatternUtils.isSecure(userId)) { 10168 return false; 10169 } 10170 mLockPatternUtils.setLockScreenDisabled(disabled, userId); 10171 mInjector.getIWindowManager().dismissKeyguard(null /* callback */, null /* message */); 10172 } catch (RemoteException e) { 10173 // Same process, does not happen. 10174 } finally { 10175 mInjector.binderRestoreCallingIdentity(ident); 10176 } 10177 return true; 10178 } 10179 10180 @Override 10181 public boolean setStatusBarDisabled(ComponentName who, boolean disabled) { 10182 int userId = UserHandle.getCallingUserId(); 10183 synchronized (this) { 10184 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10185 if (!isUserAffiliatedWithDeviceLocked(userId)) { 10186 throw new SecurityException("Admin " + who + 10187 " is neither the device owner or affiliated user's profile owner."); 10188 } 10189 if (isManagedProfile(userId)) { 10190 throw new SecurityException("Managed profile cannot disable status bar"); 10191 } 10192 DevicePolicyData policy = getUserData(userId); 10193 if (policy.mStatusBarDisabled != disabled) { 10194 boolean isLockTaskMode = false; 10195 try { 10196 isLockTaskMode = mInjector.getIActivityManager().getLockTaskModeState() 10197 != LOCK_TASK_MODE_NONE; 10198 } catch (RemoteException e) { 10199 Slog.e(LOG_TAG, "Failed to get LockTask mode"); 10200 } 10201 if (!isLockTaskMode) { 10202 if (!setStatusBarDisabledInternal(disabled, userId)) { 10203 return false; 10204 } 10205 } 10206 policy.mStatusBarDisabled = disabled; 10207 saveSettingsLocked(userId); 10208 } 10209 } 10210 return true; 10211 } 10212 10213 private boolean setStatusBarDisabledInternal(boolean disabled, int userId) { 10214 long ident = mInjector.binderClearCallingIdentity(); 10215 try { 10216 IStatusBarService statusBarService = IStatusBarService.Stub.asInterface( 10217 ServiceManager.checkService(Context.STATUS_BAR_SERVICE)); 10218 if (statusBarService != null) { 10219 int flags1 = disabled ? STATUS_BAR_DISABLE_MASK : StatusBarManager.DISABLE_NONE; 10220 int flags2 = disabled ? STATUS_BAR_DISABLE2_MASK : StatusBarManager.DISABLE2_NONE; 10221 statusBarService.disableForUser(flags1, mToken, mContext.getPackageName(), userId); 10222 statusBarService.disable2ForUser(flags2, mToken, mContext.getPackageName(), userId); 10223 return true; 10224 } 10225 } catch (RemoteException e) { 10226 Slog.e(LOG_TAG, "Failed to disable the status bar", e); 10227 } finally { 10228 mInjector.binderRestoreCallingIdentity(ident); 10229 } 10230 return false; 10231 } 10232 10233 /** 10234 * We need to update the internal state of whether a user has completed setup or a 10235 * device has paired once. After that, we ignore any changes that reset the 10236 * Settings.Secure.USER_SETUP_COMPLETE or Settings.Secure.DEVICE_PAIRED change 10237 * as we don't trust any apps that might try to reset them. 10238 * <p> 10239 * Unfortunately, we don't know which user's setup state was changed, so we write all of 10240 * them. 10241 */ 10242 void updateUserSetupCompleteAndPaired() { 10243 List<UserInfo> users = mUserManager.getUsers(true); 10244 final int N = users.size(); 10245 for (int i = 0; i < N; i++) { 10246 int userHandle = users.get(i).id; 10247 if (mInjector.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0, 10248 userHandle) != 0) { 10249 DevicePolicyData policy = getUserData(userHandle); 10250 if (!policy.mUserSetupComplete) { 10251 policy.mUserSetupComplete = true; 10252 synchronized (this) { 10253 saveSettingsLocked(userHandle); 10254 } 10255 } 10256 } 10257 if (mIsWatch && mInjector.settingsSecureGetIntForUser(Settings.Secure.DEVICE_PAIRED, 0, 10258 userHandle) != 0) { 10259 DevicePolicyData policy = getUserData(userHandle); 10260 if (!policy.mPaired) { 10261 policy.mPaired = true; 10262 synchronized (this) { 10263 saveSettingsLocked(userHandle); 10264 } 10265 } 10266 } 10267 } 10268 } 10269 10270 private class SetupContentObserver extends ContentObserver { 10271 private final Uri mUserSetupComplete = Settings.Secure.getUriFor( 10272 Settings.Secure.USER_SETUP_COMPLETE); 10273 private final Uri mDeviceProvisioned = Settings.Global.getUriFor( 10274 Settings.Global.DEVICE_PROVISIONED); 10275 private final Uri mPaired = Settings.Secure.getUriFor(Settings.Secure.DEVICE_PAIRED); 10276 private final Uri mDefaultImeChanged = Settings.Secure.getUriFor( 10277 Settings.Secure.DEFAULT_INPUT_METHOD); 10278 10279 @GuardedBy("DevicePolicyManagerService.this") 10280 private Set<Integer> mUserIdsWithPendingChangesByOwner = new ArraySet<>(); 10281 10282 public SetupContentObserver(Handler handler) { 10283 super(handler); 10284 } 10285 10286 void register() { 10287 mInjector.registerContentObserver(mUserSetupComplete, false, this, UserHandle.USER_ALL); 10288 mInjector.registerContentObserver(mDeviceProvisioned, false, this, UserHandle.USER_ALL); 10289 if (mIsWatch) { 10290 mInjector.registerContentObserver(mPaired, false, this, UserHandle.USER_ALL); 10291 } 10292 mInjector.registerContentObserver(mDefaultImeChanged, false, this, UserHandle.USER_ALL); 10293 } 10294 10295 @GuardedBy("DevicePolicyManagerService.this") 10296 private void addPendingChangeByOwnerLocked(int userId) { 10297 mUserIdsWithPendingChangesByOwner.add(userId); 10298 } 10299 10300 @Override 10301 public void onChange(boolean selfChange, Uri uri, int userId) { 10302 if (mUserSetupComplete.equals(uri) || (mIsWatch && mPaired.equals(uri))) { 10303 updateUserSetupCompleteAndPaired(); 10304 } else if (mDeviceProvisioned.equals(uri)) { 10305 synchronized (DevicePolicyManagerService.this) { 10306 // Set PROPERTY_DEVICE_OWNER_PRESENT, for the SUW case where setting the property 10307 // is delayed until device is marked as provisioned. 10308 setDeviceOwnerSystemPropertyLocked(); 10309 } 10310 } else if (mDefaultImeChanged.equals(uri)) { 10311 synchronized (DevicePolicyManagerService.this) { 10312 if (mUserIdsWithPendingChangesByOwner.contains(userId)) { 10313 // This change notification was triggered by the owner changing the current 10314 // IME. Ignore it. 10315 mUserIdsWithPendingChangesByOwner.remove(userId); 10316 } else { 10317 // This change notification was triggered by the user manually changing the 10318 // current IME. 10319 getUserData(userId).mCurrentInputMethodSet = false; 10320 saveSettingsLocked(userId); 10321 } 10322 } 10323 } 10324 } 10325 } 10326 10327 @VisibleForTesting 10328 final class LocalService extends DevicePolicyManagerInternal { 10329 private List<OnCrossProfileWidgetProvidersChangeListener> mWidgetProviderListeners; 10330 10331 @Override 10332 public List<String> getCrossProfileWidgetProviders(int profileId) { 10333 synchronized (DevicePolicyManagerService.this) { 10334 if (mOwners == null) { 10335 return Collections.emptyList(); 10336 } 10337 ComponentName ownerComponent = mOwners.getProfileOwnerComponent(profileId); 10338 if (ownerComponent == null) { 10339 return Collections.emptyList(); 10340 } 10341 10342 DevicePolicyData policy = getUserDataUnchecked(profileId); 10343 ActiveAdmin admin = policy.mAdminMap.get(ownerComponent); 10344 10345 if (admin == null || admin.crossProfileWidgetProviders == null 10346 || admin.crossProfileWidgetProviders.isEmpty()) { 10347 return Collections.emptyList(); 10348 } 10349 10350 return admin.crossProfileWidgetProviders; 10351 } 10352 } 10353 10354 @Override 10355 public void addOnCrossProfileWidgetProvidersChangeListener( 10356 OnCrossProfileWidgetProvidersChangeListener listener) { 10357 synchronized (DevicePolicyManagerService.this) { 10358 if (mWidgetProviderListeners == null) { 10359 mWidgetProviderListeners = new ArrayList<>(); 10360 } 10361 if (!mWidgetProviderListeners.contains(listener)) { 10362 mWidgetProviderListeners.add(listener); 10363 } 10364 } 10365 } 10366 10367 @Override 10368 public boolean isActiveAdminWithPolicy(int uid, int reqPolicy) { 10369 synchronized(DevicePolicyManagerService.this) { 10370 return getActiveAdminWithPolicyForUidLocked(null, reqPolicy, uid) != null; 10371 } 10372 } 10373 10374 private void notifyCrossProfileProvidersChanged(int userId, List<String> packages) { 10375 final List<OnCrossProfileWidgetProvidersChangeListener> listeners; 10376 synchronized (DevicePolicyManagerService.this) { 10377 listeners = new ArrayList<>(mWidgetProviderListeners); 10378 } 10379 final int listenerCount = listeners.size(); 10380 for (int i = 0; i < listenerCount; i++) { 10381 OnCrossProfileWidgetProvidersChangeListener listener = listeners.get(i); 10382 listener.onCrossProfileWidgetProvidersChanged(userId, packages); 10383 } 10384 } 10385 10386 @Override 10387 public Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin) { 10388 // This method is called from AM with its lock held, so don't take the DPMS lock. 10389 // b/29242568 10390 10391 ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); 10392 if (profileOwner != null) { 10393 return DevicePolicyManagerService.this 10394 .createShowAdminSupportIntent(profileOwner, userId); 10395 } 10396 10397 final Pair<Integer, ComponentName> deviceOwner = 10398 mOwners.getDeviceOwnerUserIdAndComponent(); 10399 if (deviceOwner != null && deviceOwner.first == userId) { 10400 return DevicePolicyManagerService.this 10401 .createShowAdminSupportIntent(deviceOwner.second, userId); 10402 } 10403 10404 // We're not specifying the device admin because there isn't one. 10405 if (useDefaultIfNoAdmin) { 10406 return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); 10407 } 10408 return null; 10409 } 10410 10411 @Override 10412 public Intent createUserRestrictionSupportIntent(int userId, String userRestriction) { 10413 int source; 10414 long ident = mInjector.binderClearCallingIdentity(); 10415 try { 10416 source = mUserManager.getUserRestrictionSource(userRestriction, 10417 UserHandle.of(userId)); 10418 } finally { 10419 mInjector.binderRestoreCallingIdentity(ident); 10420 } 10421 if ((source & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) { 10422 /* 10423 * In this case, the user restriction is enforced by the system. 10424 * So we won't show an admin support intent, even if it is also 10425 * enforced by a profile/device owner. 10426 */ 10427 return null; 10428 } 10429 boolean enforcedByDo = (source & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0; 10430 boolean enforcedByPo = (source & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0; 10431 if (enforcedByDo && enforcedByPo) { 10432 // In this case, we'll show an admin support dialog that does not 10433 // specify the admin. 10434 return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); 10435 } else if (enforcedByPo) { 10436 final ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); 10437 if (profileOwner != null) { 10438 return DevicePolicyManagerService.this 10439 .createShowAdminSupportIntent(profileOwner, userId); 10440 } 10441 // This could happen if another thread has changed the profile owner since we called 10442 // getUserRestrictionSource 10443 return null; 10444 } else if (enforcedByDo) { 10445 final Pair<Integer, ComponentName> deviceOwner 10446 = mOwners.getDeviceOwnerUserIdAndComponent(); 10447 if (deviceOwner != null) { 10448 return DevicePolicyManagerService.this 10449 .createShowAdminSupportIntent(deviceOwner.second, deviceOwner.first); 10450 } 10451 // This could happen if another thread has changed the device owner since we called 10452 // getUserRestrictionSource 10453 return null; 10454 } 10455 return null; 10456 } 10457 10458 @Override 10459 public boolean isUserAffiliatedWithDevice(int userId) { 10460 return DevicePolicyManagerService.this.isUserAffiliatedWithDeviceLocked(userId); 10461 } 10462 10463 @Override 10464 public void reportSeparateProfileChallengeChanged(@UserIdInt int userId) { 10465 synchronized (DevicePolicyManagerService.this) { 10466 updateMaximumTimeToLockLocked(userId); 10467 } 10468 } 10469 10470 @Override 10471 public boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) { 10472 return DevicePolicyManagerService.this.canUserHaveUntrustedCredentialReset(userId); 10473 } 10474 10475 @Override 10476 public CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId) { 10477 synchronized (DevicePolicyManagerService.this) { 10478 DevicePolicyData policy = getUserData(userId); 10479 if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_PRINTING, 10480 UserHandle.of(userId))) { 10481 Log.e(LOG_TAG, "printing is enabled"); 10482 return null; 10483 } 10484 String ownerPackage = mOwners.getProfileOwnerPackage(userId); 10485 if (ownerPackage == null) { 10486 ownerPackage = mOwners.getDeviceOwnerPackageName(); 10487 } 10488 PackageManager pm = mInjector.getPackageManager(); 10489 PackageInfo packageInfo; 10490 try { 10491 packageInfo = pm.getPackageInfo(ownerPackage, 0); 10492 } catch (NameNotFoundException e) { 10493 Log.e(LOG_TAG, "getPackageInfo error", e); 10494 return null; 10495 } 10496 if (packageInfo == null) { 10497 Log.e(LOG_TAG, "packageInfo is inexplicably null"); 10498 return null; 10499 } 10500 ApplicationInfo appInfo = packageInfo.applicationInfo; 10501 if (appInfo == null) { 10502 Log.e(LOG_TAG, "appInfo is inexplicably null"); 10503 return null; 10504 } 10505 CharSequence appLabel = pm.getApplicationLabel(appInfo); 10506 if (appLabel == null) { 10507 Log.e(LOG_TAG, "appLabel is inexplicably null"); 10508 return null; 10509 } 10510 return ((Context) ActivityThread.currentActivityThread().getSystemUiContext()) 10511 .getResources().getString(R.string.printing_disabled_by, appLabel); 10512 } 10513 } 10514 10515 @Override 10516 protected DevicePolicyCache getDevicePolicyCache() { 10517 return mPolicyCache; 10518 } 10519 } 10520 10521 private Intent createShowAdminSupportIntent(ComponentName admin, int userId) { 10522 // This method is called with AMS lock held, so don't take DPMS lock 10523 final Intent intent = new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS); 10524 intent.putExtra(Intent.EXTRA_USER_ID, userId); 10525 intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, admin); 10526 intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); 10527 return intent; 10528 } 10529 10530 @Override 10531 public Intent createAdminSupportIntent(String restriction) { 10532 Preconditions.checkNotNull(restriction); 10533 final int uid = mInjector.binderGetCallingUid(); 10534 final int userId = UserHandle.getUserId(uid); 10535 Intent intent = null; 10536 if (DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction) || 10537 DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction) || 10538 DevicePolicyManager.POLICY_MANDATORY_BACKUPS.equals(restriction)) { 10539 synchronized(this) { 10540 final DevicePolicyData policy = getUserData(userId); 10541 final int N = policy.mAdminList.size(); 10542 for (int i = 0; i < N; i++) { 10543 final ActiveAdmin admin = policy.mAdminList.get(i); 10544 if ((admin.disableCamera && 10545 DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) || 10546 (admin.disableScreenCapture && DevicePolicyManager 10547 .POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction)) || 10548 (admin.mandatoryBackupTransport != null && DevicePolicyManager 10549 .POLICY_MANDATORY_BACKUPS.equals(restriction))) { 10550 intent = createShowAdminSupportIntent(admin.info.getComponent(), userId); 10551 break; 10552 } 10553 } 10554 // For the camera, a device owner on a different user can disable it globally, 10555 // so we need an additional check. 10556 if (intent == null 10557 && DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) { 10558 final ActiveAdmin admin = getDeviceOwnerAdminLocked(); 10559 if (admin != null && admin.disableCamera) { 10560 intent = createShowAdminSupportIntent(admin.info.getComponent(), 10561 mOwners.getDeviceOwnerUserId()); 10562 } 10563 } 10564 } 10565 } else { 10566 // if valid, |restriction| can only be a user restriction 10567 intent = mLocalService.createUserRestrictionSupportIntent(userId, restriction); 10568 } 10569 if (intent != null) { 10570 intent.putExtra(DevicePolicyManager.EXTRA_RESTRICTION, restriction); 10571 } 10572 return intent; 10573 } 10574 10575 /** 10576 * Returns true if specified admin is allowed to limit passwords and has a 10577 * {@code minimumPasswordMetrics.quality} of at least {@code minPasswordQuality} 10578 */ 10579 private static boolean isLimitPasswordAllowed(ActiveAdmin admin, int minPasswordQuality) { 10580 if (admin.minimumPasswordMetrics.quality < minPasswordQuality) { 10581 return false; 10582 } 10583 return admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD); 10584 } 10585 10586 @Override 10587 public void setSystemUpdatePolicy(ComponentName who, SystemUpdatePolicy policy) { 10588 if (policy != null) { 10589 // throws exception if policy type is invalid 10590 policy.validateType(); 10591 // throws exception if freeze period is invalid 10592 policy.validateFreezePeriods(); 10593 Pair<LocalDate, LocalDate> record = mOwners.getSystemUpdateFreezePeriodRecord(); 10594 // throws exception if freeze period is incompatible with previous freeze period record 10595 policy.validateAgainstPreviousFreezePeriod(record.first, record.second, 10596 LocalDate.now()); 10597 } 10598 synchronized (this) { 10599 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10600 if (policy == null) { 10601 mOwners.clearSystemUpdatePolicy(); 10602 } else { 10603 mOwners.setSystemUpdatePolicy(policy); 10604 updateSystemUpdateFreezePeriodsRecord(/* saveIfChanged */ false); 10605 } 10606 mOwners.writeDeviceOwner(); 10607 } 10608 mContext.sendBroadcastAsUser( 10609 new Intent(DevicePolicyManager.ACTION_SYSTEM_UPDATE_POLICY_CHANGED), 10610 UserHandle.SYSTEM); 10611 } 10612 10613 @Override 10614 public SystemUpdatePolicy getSystemUpdatePolicy() { 10615 synchronized (this) { 10616 SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy(); 10617 if (policy != null && !policy.isValid()) { 10618 Slog.w(LOG_TAG, "Stored system update policy is invalid, return null instead."); 10619 return null; 10620 } 10621 return policy; 10622 } 10623 } 10624 10625 private static boolean withinRange(Pair<LocalDate, LocalDate> range, LocalDate date) { 10626 return (!date.isBefore(range.first) && !date.isAfter(range.second)); 10627 } 10628 10629 /** 10630 * keeps track of the last continuous period when the system is under OTA freeze. 10631 * 10632 * DPMS keeps track of the previous dates during which OTA was freezed as a result of an 10633 * system update policy with freeze periods in effect. This is needed to make robust 10634 * validation on new system update polices, for example to prevent the OTA from being 10635 * frozen for more than 90 days if the DPC keeps resetting a new 24-hour freeze period 10636 * on midnight everyday, or having freeze periods closer than 60 days apart by DPC resetting 10637 * a new freeze period after a few days. 10638 * 10639 * @param saveIfChanged whether to persist the result on disk if freeze period record is 10640 * updated. This should only be set to {@code false} if there is a guaranteed 10641 * mOwners.writeDeviceOwner() later in the control flow to reduce the number of 10642 * disk writes. Otherwise you risk inconsistent on-disk state. 10643 * 10644 * @see SystemUpdatePolicy#validateAgainstPreviousFreezePeriod 10645 */ 10646 private void updateSystemUpdateFreezePeriodsRecord(boolean saveIfChanged) { 10647 Slog.d(LOG_TAG, "updateSystemUpdateFreezePeriodsRecord"); 10648 synchronized (this) { 10649 final SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy(); 10650 if (policy == null) { 10651 return; 10652 } 10653 final LocalDate now = LocalDate.now(); 10654 final Pair<LocalDate, LocalDate> currentPeriod = policy.getCurrentFreezePeriod(now); 10655 if (currentPeriod == null) { 10656 return; 10657 } 10658 final Pair<LocalDate, LocalDate> record = mOwners.getSystemUpdateFreezePeriodRecord(); 10659 final LocalDate start = record.first; 10660 final LocalDate end = record.second; 10661 final boolean changed; 10662 if (end == null || start == null) { 10663 // Start a new period if there is none at the moment 10664 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10665 } else if (now.equals(end.plusDays(1))) { 10666 // Extend the existing period 10667 changed = mOwners.setSystemUpdateFreezePeriodRecord(start, now); 10668 } else if (now.isAfter(end.plusDays(1))) { 10669 if (withinRange(currentPeriod, start) && withinRange(currentPeriod, end)) { 10670 // The device might be off for some period. If the past freeze record 10671 // is within range of the current freeze period, assume the device was off 10672 // during the period [end, now] and extend the freeze record to [start, now]. 10673 changed = mOwners.setSystemUpdateFreezePeriodRecord(start, now); 10674 } else { 10675 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10676 } 10677 } else if (now.isBefore(start)) { 10678 // Systm clock was adjusted backwards, restart record 10679 changed = mOwners.setSystemUpdateFreezePeriodRecord(now, now); 10680 } else /* start <= now <= end */ { 10681 changed = false; 10682 } 10683 if (changed && saveIfChanged) { 10684 mOwners.writeDeviceOwner(); 10685 } 10686 } 10687 } 10688 10689 @Override 10690 public void clearSystemUpdatePolicyFreezePeriodRecord() { 10691 enforceShell("clearSystemUpdatePolicyFreezePeriodRecord"); 10692 synchronized (this) { 10693 // Print out current record to help diagnosed CTS failures 10694 Slog.i(LOG_TAG, "Clear freeze period record: " 10695 + mOwners.getSystemUpdateFreezePeriodRecordAsString()); 10696 if (mOwners.setSystemUpdateFreezePeriodRecord(null, null)) { 10697 mOwners.writeDeviceOwner(); 10698 } 10699 } 10700 } 10701 10702 /** 10703 * Checks if the caller of the method is the device owner app. 10704 * 10705 * @param callerUid UID of the caller. 10706 * @return true if the caller is the device owner app 10707 */ 10708 @VisibleForTesting 10709 boolean isCallerDeviceOwner(int callerUid) { 10710 synchronized (this) { 10711 if (!mOwners.hasDeviceOwner()) { 10712 return false; 10713 } 10714 if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) { 10715 return false; 10716 } 10717 final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent() 10718 .getPackageName(); 10719 try { 10720 String[] pkgs = mInjector.getIPackageManager().getPackagesForUid(callerUid); 10721 for (String pkg : pkgs) { 10722 if (deviceOwnerPackageName.equals(pkg)) { 10723 return true; 10724 } 10725 } 10726 } catch (RemoteException e) { 10727 return false; 10728 } 10729 } 10730 10731 return false; 10732 } 10733 10734 @Override 10735 public void notifyPendingSystemUpdate(@Nullable SystemUpdateInfo info) { 10736 mContext.enforceCallingOrSelfPermission(permission.NOTIFY_PENDING_SYSTEM_UPDATE, 10737 "Only the system update service can broadcast update information"); 10738 10739 if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) { 10740 Slog.w(LOG_TAG, "Only the system update service in the system user " + 10741 "can broadcast update information."); 10742 return; 10743 } 10744 10745 if (!mOwners.saveSystemUpdateInfo(info)) { 10746 // Pending system update hasn't changed, don't send duplicate notification. 10747 return; 10748 } 10749 10750 final Intent intent = new Intent(DeviceAdminReceiver.ACTION_NOTIFY_PENDING_SYSTEM_UPDATE) 10751 .putExtra(DeviceAdminReceiver.EXTRA_SYSTEM_UPDATE_RECEIVED_TIME, 10752 info == null ? -1 : info.getReceivedTime()); 10753 10754 final long ident = mInjector.binderClearCallingIdentity(); 10755 try { 10756 synchronized (this) { 10757 // Broadcast to device owner first if there is one. 10758 if (mOwners.hasDeviceOwner()) { 10759 final UserHandle deviceOwnerUser = 10760 UserHandle.of(mOwners.getDeviceOwnerUserId()); 10761 intent.setComponent(mOwners.getDeviceOwnerComponent()); 10762 mContext.sendBroadcastAsUser(intent, deviceOwnerUser); 10763 } 10764 } 10765 // Get running users. 10766 final int runningUserIds[]; 10767 try { 10768 runningUserIds = mInjector.getIActivityManager().getRunningUserIds(); 10769 } catch (RemoteException e) { 10770 // Shouldn't happen. 10771 Log.e(LOG_TAG, "Could not retrieve the list of running users", e); 10772 return; 10773 } 10774 // Send broadcasts to corresponding profile owners if any. 10775 for (final int userId : runningUserIds) { 10776 synchronized (this) { 10777 final ComponentName profileOwnerPackage = 10778 mOwners.getProfileOwnerComponent(userId); 10779 if (profileOwnerPackage != null) { 10780 intent.setComponent(profileOwnerPackage); 10781 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 10782 } 10783 } 10784 } 10785 } finally { 10786 mInjector.binderRestoreCallingIdentity(ident); 10787 } 10788 } 10789 10790 @Override 10791 public SystemUpdateInfo getPendingSystemUpdate(ComponentName admin) { 10792 Preconditions.checkNotNull(admin, "ComponentName is null"); 10793 enforceProfileOrDeviceOwner(admin); 10794 10795 return mOwners.getSystemUpdateInfo(); 10796 } 10797 10798 @Override 10799 public void setPermissionPolicy(ComponentName admin, String callerPackage, int policy) 10800 throws RemoteException { 10801 int userId = UserHandle.getCallingUserId(); 10802 synchronized (this) { 10803 // Ensure the caller is a DO/PO or a permission grant state delegate. 10804 enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 10805 DELEGATION_PERMISSION_GRANT); 10806 DevicePolicyData userPolicy = getUserData(userId); 10807 if (userPolicy.mPermissionPolicy != policy) { 10808 userPolicy.mPermissionPolicy = policy; 10809 saveSettingsLocked(userId); 10810 } 10811 } 10812 } 10813 10814 @Override 10815 public int getPermissionPolicy(ComponentName admin) throws RemoteException { 10816 int userId = UserHandle.getCallingUserId(); 10817 synchronized (this) { 10818 DevicePolicyData userPolicy = getUserData(userId); 10819 return userPolicy.mPermissionPolicy; 10820 } 10821 } 10822 10823 @Override 10824 public boolean setPermissionGrantState(ComponentName admin, String callerPackage, 10825 String packageName, String permission, int grantState) throws RemoteException { 10826 UserHandle user = mInjector.binderGetCallingUserHandle(); 10827 synchronized (this) { 10828 // Ensure the caller is a DO/PO or a permission grant state delegate. 10829 enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 10830 DELEGATION_PERMISSION_GRANT); 10831 long ident = mInjector.binderClearCallingIdentity(); 10832 try { 10833 if (getTargetSdk(packageName, user.getIdentifier()) 10834 < android.os.Build.VERSION_CODES.M) { 10835 return false; 10836 } 10837 if (!isRuntimePermission(permission)) { 10838 return false; 10839 } 10840 final PackageManager packageManager = mInjector.getPackageManager(); 10841 switch (grantState) { 10842 case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: { 10843 mInjector.getPackageManagerInternal().grantRuntimePermission(packageName, 10844 permission, user.getIdentifier(), true /* override policy */); 10845 packageManager.updatePermissionFlags(permission, packageName, 10846 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 10847 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); 10848 } break; 10849 10850 case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: { 10851 mInjector.getPackageManagerInternal().revokeRuntimePermission(packageName, 10852 permission, user.getIdentifier(), true /* override policy */); 10853 packageManager.updatePermissionFlags(permission, packageName, 10854 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 10855 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); 10856 } break; 10857 10858 case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: { 10859 packageManager.updatePermissionFlags(permission, packageName, 10860 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user); 10861 } break; 10862 } 10863 return true; 10864 } catch (SecurityException se) { 10865 return false; 10866 } catch (NameNotFoundException e) { 10867 return false; 10868 } finally { 10869 mInjector.binderRestoreCallingIdentity(ident); 10870 } 10871 } 10872 } 10873 10874 @Override 10875 public int getPermissionGrantState(ComponentName admin, String callerPackage, 10876 String packageName, String permission) throws RemoteException { 10877 PackageManager packageManager = mInjector.getPackageManager(); 10878 10879 UserHandle user = mInjector.binderGetCallingUserHandle(); 10880 if (!isCallerWithSystemUid()) { 10881 // Ensure the caller is a DO/PO or a permission grant state delegate. 10882 enforceCanManageScope(admin, callerPackage, 10883 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT); 10884 } 10885 synchronized (this) { 10886 long ident = mInjector.binderClearCallingIdentity(); 10887 try { 10888 int granted = mIPackageManager.checkPermission(permission, 10889 packageName, user.getIdentifier()); 10890 int permFlags = packageManager.getPermissionFlags(permission, packageName, user); 10891 if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) 10892 != PackageManager.FLAG_PERMISSION_POLICY_FIXED) { 10893 // Not controlled by policy 10894 return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT; 10895 } else { 10896 // Policy controlled so return result based on permission grant state 10897 return granted == PackageManager.PERMISSION_GRANTED 10898 ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED 10899 : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED; 10900 } 10901 } finally { 10902 mInjector.binderRestoreCallingIdentity(ident); 10903 } 10904 } 10905 } 10906 10907 boolean isPackageInstalledForUser(String packageName, int userHandle) { 10908 try { 10909 PackageInfo pi = mInjector.getIPackageManager().getPackageInfo(packageName, 0, 10910 userHandle); 10911 return (pi != null) && (pi.applicationInfo.flags != 0); 10912 } catch (RemoteException re) { 10913 throw new RuntimeException("Package manager has died", re); 10914 } 10915 } 10916 10917 public boolean isRuntimePermission(String permissionName) throws NameNotFoundException { 10918 final PackageManager packageManager = mInjector.getPackageManager(); 10919 PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0); 10920 return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) 10921 == PermissionInfo.PROTECTION_DANGEROUS; 10922 } 10923 10924 @Override 10925 public boolean isProvisioningAllowed(String action, String packageName) { 10926 Preconditions.checkNotNull(packageName); 10927 10928 final int callingUid = mInjector.binderGetCallingUid(); 10929 final long ident = mInjector.binderClearCallingIdentity(); 10930 try { 10931 final int uidForPackage = mInjector.getPackageManager().getPackageUidAsUser( 10932 packageName, UserHandle.getUserId(callingUid)); 10933 Preconditions.checkArgument(callingUid == uidForPackage, 10934 "Caller uid doesn't match the one for the provided package."); 10935 } catch (NameNotFoundException e) { 10936 throw new IllegalArgumentException("Invalid package provided " + packageName, e); 10937 } finally { 10938 mInjector.binderRestoreCallingIdentity(ident); 10939 } 10940 10941 return checkProvisioningPreConditionSkipPermission(action, packageName) == CODE_OK; 10942 } 10943 10944 @Override 10945 public int checkProvisioningPreCondition(String action, String packageName) { 10946 Preconditions.checkNotNull(packageName); 10947 enforceCanManageProfileAndDeviceOwners(); 10948 return checkProvisioningPreConditionSkipPermission(action, packageName); 10949 } 10950 10951 private int checkProvisioningPreConditionSkipPermission(String action, String packageName) { 10952 if (!mHasFeature) { 10953 return CODE_DEVICE_ADMIN_NOT_SUPPORTED; 10954 } 10955 10956 final int callingUserId = mInjector.userHandleGetCallingUserId(); 10957 if (action != null) { 10958 switch (action) { 10959 case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE: 10960 return checkManagedProfileProvisioningPreCondition(packageName, callingUserId); 10961 case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE: 10962 return checkDeviceOwnerProvisioningPreCondition(callingUserId); 10963 case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER: 10964 return checkManagedUserProvisioningPreCondition(callingUserId); 10965 case DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE: 10966 return checkManagedShareableDeviceProvisioningPreCondition(callingUserId); 10967 } 10968 } 10969 throw new IllegalArgumentException("Unknown provisioning action " + action); 10970 } 10971 10972 /** 10973 * The device owner can only be set before the setup phase of the primary user has completed, 10974 * except for adb command if no accounts or additional users are present on the device. 10975 */ 10976 private int checkDeviceOwnerProvisioningPreConditionLocked(@Nullable ComponentName owner, 10977 int deviceOwnerUserId, boolean isAdb, boolean hasIncompatibleAccountsOrNonAdb) { 10978 if (mOwners.hasDeviceOwner()) { 10979 return CODE_HAS_DEVICE_OWNER; 10980 } 10981 if (mOwners.hasProfileOwner(deviceOwnerUserId)) { 10982 return CODE_USER_HAS_PROFILE_OWNER; 10983 } 10984 if (!mUserManager.isUserRunning(new UserHandle(deviceOwnerUserId))) { 10985 return CODE_USER_NOT_RUNNING; 10986 } 10987 if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) { 10988 return CODE_HAS_PAIRED; 10989 } 10990 if (isAdb) { 10991 // if shell command runs after user setup completed check device status. Otherwise, OK. 10992 if (mIsWatch || hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { 10993 if (!mInjector.userManagerIsSplitSystemUser()) { 10994 if (mUserManager.getUserCount() > 1) { 10995 return CODE_NONSYSTEM_USER_EXISTS; 10996 } 10997 if (hasIncompatibleAccountsOrNonAdb) { 10998 return CODE_ACCOUNTS_NOT_EMPTY; 10999 } 11000 } else { 11001 // STOPSHIP Do proper check in split user mode 11002 } 11003 } 11004 return CODE_OK; 11005 } else { 11006 if (!mInjector.userManagerIsSplitSystemUser()) { 11007 // In non-split user mode, DO has to be user 0 11008 if (deviceOwnerUserId != UserHandle.USER_SYSTEM) { 11009 return CODE_NOT_SYSTEM_USER; 11010 } 11011 // In non-split user mode, only provision DO before setup wizard completes 11012 if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { 11013 return CODE_USER_SETUP_COMPLETED; 11014 } 11015 } else { 11016 // STOPSHIP Do proper check in split user mode 11017 } 11018 return CODE_OK; 11019 } 11020 } 11021 11022 private int checkDeviceOwnerProvisioningPreCondition(int deviceOwnerUserId) { 11023 synchronized (this) { 11024 // hasIncompatibleAccountsOrNonAdb doesn't matter since the caller is not adb. 11025 return checkDeviceOwnerProvisioningPreConditionLocked(/* owner unknown */ null, 11026 deviceOwnerUserId, /* isAdb= */ false, 11027 /* hasIncompatibleAccountsOrNonAdb=*/ true); 11028 } 11029 } 11030 11031 private int checkManagedProfileProvisioningPreCondition(String packageName, int callingUserId) { 11032 if (!hasFeatureManagedUsers()) { 11033 return CODE_MANAGED_USERS_NOT_SUPPORTED; 11034 } 11035 if (callingUserId == UserHandle.USER_SYSTEM 11036 && mInjector.userManagerIsSplitSystemUser()) { 11037 // Managed-profiles cannot be setup on the system user. 11038 return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; 11039 } 11040 if (getProfileOwner(callingUserId) != null) { 11041 // Managed user cannot have a managed profile. 11042 return CODE_USER_HAS_PROFILE_OWNER; 11043 } 11044 11045 final long ident = mInjector.binderClearCallingIdentity(); 11046 try { 11047 final UserHandle callingUserHandle = UserHandle.of(callingUserId); 11048 final ComponentName ownerAdmin = getOwnerComponent(packageName, callingUserId); 11049 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, 11050 callingUserHandle)) { 11051 // An admin can initiate provisioning if it has set the restriction. 11052 if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin, 11053 UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserId)) { 11054 return CODE_ADD_MANAGED_PROFILE_DISALLOWED; 11055 } 11056 } 11057 boolean canRemoveProfile = true; 11058 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 11059 callingUserHandle)) { 11060 // We can remove a profile if the admin itself has set the restriction. 11061 if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin, 11062 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 11063 callingUserId)) { 11064 canRemoveProfile = false; 11065 } 11066 } 11067 if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) { 11068 return CODE_CANNOT_ADD_MANAGED_PROFILE; 11069 } 11070 } finally { 11071 mInjector.binderRestoreCallingIdentity(ident); 11072 } 11073 return CODE_OK; 11074 } 11075 11076 private ComponentName getOwnerComponent(String packageName, int userId) { 11077 if (isDeviceOwnerPackage(packageName, userId)) { 11078 return mOwners.getDeviceOwnerComponent(); 11079 } 11080 if (isProfileOwnerPackage(packageName, userId)) { 11081 return mOwners.getProfileOwnerComponent(userId); 11082 } 11083 return null; 11084 } 11085 11086 /** 11087 * Return device owner or profile owner set on a given user. 11088 */ 11089 private @Nullable ComponentName getOwnerComponent(int userId) { 11090 synchronized (this) { 11091 if (mOwners.getDeviceOwnerUserId() == userId) { 11092 return mOwners.getDeviceOwnerComponent(); 11093 } 11094 if (mOwners.hasProfileOwner(userId)) { 11095 return mOwners.getProfileOwnerComponent(userId); 11096 } 11097 } 11098 return null; 11099 } 11100 11101 private int checkManagedUserProvisioningPreCondition(int callingUserId) { 11102 if (!hasFeatureManagedUsers()) { 11103 return CODE_MANAGED_USERS_NOT_SUPPORTED; 11104 } 11105 if (!mInjector.userManagerIsSplitSystemUser()) { 11106 // ACTION_PROVISION_MANAGED_USER only supported on split-user systems. 11107 return CODE_NOT_SYSTEM_USER_SPLIT; 11108 } 11109 if (callingUserId == UserHandle.USER_SYSTEM) { 11110 // System user cannot be a managed user. 11111 return CODE_SYSTEM_USER; 11112 } 11113 if (hasUserSetupCompleted(callingUserId)) { 11114 return CODE_USER_SETUP_COMPLETED; 11115 } 11116 if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) { 11117 return CODE_HAS_PAIRED; 11118 } 11119 return CODE_OK; 11120 } 11121 11122 private int checkManagedShareableDeviceProvisioningPreCondition(int callingUserId) { 11123 if (!mInjector.userManagerIsSplitSystemUser()) { 11124 // ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE only supported on split-user systems. 11125 return CODE_NOT_SYSTEM_USER_SPLIT; 11126 } 11127 return checkDeviceOwnerProvisioningPreCondition(callingUserId); 11128 } 11129 11130 private boolean hasFeatureManagedUsers() { 11131 try { 11132 return mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0); 11133 } catch (RemoteException e) { 11134 return false; 11135 } 11136 } 11137 11138 @Override 11139 public String getWifiMacAddress(ComponentName admin) { 11140 // Make sure caller has DO. 11141 synchronized (this) { 11142 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11143 } 11144 11145 final long ident = mInjector.binderClearCallingIdentity(); 11146 try { 11147 final WifiInfo wifiInfo = mInjector.getWifiManager().getConnectionInfo(); 11148 if (wifiInfo == null) { 11149 return null; 11150 } 11151 return wifiInfo.hasRealMacAddress() ? wifiInfo.getMacAddress() : null; 11152 } finally { 11153 mInjector.binderRestoreCallingIdentity(ident); 11154 } 11155 } 11156 11157 /** 11158 * Returns the target sdk version number that the given packageName was built for 11159 * in the given user. 11160 */ 11161 private int getTargetSdk(String packageName, int userId) { 11162 final ApplicationInfo ai; 11163 try { 11164 ai = mIPackageManager.getApplicationInfo(packageName, 0, userId); 11165 final int targetSdkVersion = ai == null ? 0 : ai.targetSdkVersion; 11166 return targetSdkVersion; 11167 } catch (RemoteException e) { 11168 // Shouldn't happen 11169 return 0; 11170 } 11171 } 11172 11173 @Override 11174 public boolean isManagedProfile(ComponentName admin) { 11175 enforceProfileOrDeviceOwner(admin); 11176 return isManagedProfile(mInjector.userHandleGetCallingUserId()); 11177 } 11178 11179 @Override 11180 public boolean isSystemOnlyUser(ComponentName admin) { 11181 synchronized (this) { 11182 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11183 } 11184 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11185 return UserManager.isSplitSystemUser() && callingUserId == UserHandle.USER_SYSTEM; 11186 } 11187 11188 @Override 11189 public void reboot(ComponentName admin) { 11190 Preconditions.checkNotNull(admin); 11191 // Make sure caller has DO. 11192 synchronized (this) { 11193 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11194 } 11195 long ident = mInjector.binderClearCallingIdentity(); 11196 try { 11197 // Make sure there are no ongoing calls on the device. 11198 if (mTelephonyManager.getCallState() != TelephonyManager.CALL_STATE_IDLE) { 11199 throw new IllegalStateException("Cannot be called with ongoing call on the device"); 11200 } 11201 mInjector.powerManagerReboot(PowerManager.REBOOT_REQUESTED_BY_DEVICE_OWNER); 11202 } finally { 11203 mInjector.binderRestoreCallingIdentity(ident); 11204 } 11205 } 11206 11207 @Override 11208 public void setShortSupportMessage(@NonNull ComponentName who, CharSequence message) { 11209 if (!mHasFeature) { 11210 return; 11211 } 11212 Preconditions.checkNotNull(who, "ComponentName is null"); 11213 final int userHandle = mInjector.userHandleGetCallingUserId(); 11214 synchronized (this) { 11215 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11216 mInjector.binderGetCallingUid()); 11217 if (!TextUtils.equals(admin.shortSupportMessage, message)) { 11218 admin.shortSupportMessage = message; 11219 saveSettingsLocked(userHandle); 11220 } 11221 } 11222 } 11223 11224 @Override 11225 public CharSequence getShortSupportMessage(@NonNull ComponentName who) { 11226 if (!mHasFeature) { 11227 return null; 11228 } 11229 Preconditions.checkNotNull(who, "ComponentName is null"); 11230 synchronized (this) { 11231 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11232 mInjector.binderGetCallingUid()); 11233 return admin.shortSupportMessage; 11234 } 11235 } 11236 11237 @Override 11238 public void setLongSupportMessage(@NonNull ComponentName who, CharSequence message) { 11239 if (!mHasFeature) { 11240 return; 11241 } 11242 Preconditions.checkNotNull(who, "ComponentName is null"); 11243 final int userHandle = mInjector.userHandleGetCallingUserId(); 11244 synchronized (this) { 11245 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11246 mInjector.binderGetCallingUid()); 11247 if (!TextUtils.equals(admin.longSupportMessage, message)) { 11248 admin.longSupportMessage = message; 11249 saveSettingsLocked(userHandle); 11250 } 11251 } 11252 } 11253 11254 @Override 11255 public CharSequence getLongSupportMessage(@NonNull ComponentName who) { 11256 if (!mHasFeature) { 11257 return null; 11258 } 11259 Preconditions.checkNotNull(who, "ComponentName is null"); 11260 synchronized (this) { 11261 ActiveAdmin admin = getActiveAdminForUidLocked(who, 11262 mInjector.binderGetCallingUid()); 11263 return admin.longSupportMessage; 11264 } 11265 } 11266 11267 @Override 11268 public CharSequence getShortSupportMessageForUser(@NonNull ComponentName who, int userHandle) { 11269 if (!mHasFeature) { 11270 return null; 11271 } 11272 Preconditions.checkNotNull(who, "ComponentName is null"); 11273 if (!isCallerWithSystemUid()) { 11274 throw new SecurityException("Only the system can query support message for user"); 11275 } 11276 synchronized (this) { 11277 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 11278 if (admin != null) { 11279 return admin.shortSupportMessage; 11280 } 11281 } 11282 return null; 11283 } 11284 11285 @Override 11286 public CharSequence getLongSupportMessageForUser(@NonNull ComponentName who, int userHandle) { 11287 if (!mHasFeature) { 11288 return null; 11289 } 11290 Preconditions.checkNotNull(who, "ComponentName is null"); 11291 if (!isCallerWithSystemUid()) { 11292 throw new SecurityException("Only the system can query support message for user"); 11293 } 11294 synchronized (this) { 11295 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 11296 if (admin != null) { 11297 return admin.longSupportMessage; 11298 } 11299 } 11300 return null; 11301 } 11302 11303 @Override 11304 public void setOrganizationColor(@NonNull ComponentName who, int color) { 11305 if (!mHasFeature) { 11306 return; 11307 } 11308 Preconditions.checkNotNull(who, "ComponentName is null"); 11309 final int userHandle = mInjector.userHandleGetCallingUserId(); 11310 enforceManagedProfile(userHandle, "set organization color"); 11311 synchronized (this) { 11312 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11313 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11314 admin.organizationColor = color; 11315 saveSettingsLocked(userHandle); 11316 } 11317 } 11318 11319 @Override 11320 public void setOrganizationColorForUser(int color, int userId) { 11321 if (!mHasFeature) { 11322 return; 11323 } 11324 enforceFullCrossUsersPermission(userId); 11325 enforceManageUsers(); 11326 enforceManagedProfile(userId, "set organization color"); 11327 synchronized (this) { 11328 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 11329 admin.organizationColor = color; 11330 saveSettingsLocked(userId); 11331 } 11332 } 11333 11334 @Override 11335 public int getOrganizationColor(@NonNull ComponentName who) { 11336 if (!mHasFeature) { 11337 return ActiveAdmin.DEF_ORGANIZATION_COLOR; 11338 } 11339 Preconditions.checkNotNull(who, "ComponentName is null"); 11340 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization color"); 11341 synchronized (this) { 11342 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11343 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11344 return admin.organizationColor; 11345 } 11346 } 11347 11348 @Override 11349 public int getOrganizationColorForUser(int userHandle) { 11350 if (!mHasFeature) { 11351 return ActiveAdmin.DEF_ORGANIZATION_COLOR; 11352 } 11353 enforceFullCrossUsersPermission(userHandle); 11354 enforceManagedProfile(userHandle, "get organization color"); 11355 synchronized (this) { 11356 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle); 11357 return (profileOwner != null) 11358 ? profileOwner.organizationColor 11359 : ActiveAdmin.DEF_ORGANIZATION_COLOR; 11360 } 11361 } 11362 11363 @Override 11364 public void setOrganizationName(@NonNull ComponentName who, CharSequence text) { 11365 if (!mHasFeature) { 11366 return; 11367 } 11368 Preconditions.checkNotNull(who, "ComponentName is null"); 11369 final int userHandle = mInjector.userHandleGetCallingUserId(); 11370 11371 synchronized (this) { 11372 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11373 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11374 if (!TextUtils.equals(admin.organizationName, text)) { 11375 admin.organizationName = (text == null || text.length() == 0) 11376 ? null : text.toString(); 11377 saveSettingsLocked(userHandle); 11378 } 11379 } 11380 } 11381 11382 @Override 11383 public CharSequence getOrganizationName(@NonNull ComponentName who) { 11384 if (!mHasFeature) { 11385 return null; 11386 } 11387 Preconditions.checkNotNull(who, "ComponentName is null"); 11388 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization name"); 11389 synchronized(this) { 11390 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11391 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11392 return admin.organizationName; 11393 } 11394 } 11395 11396 @Override 11397 public CharSequence getDeviceOwnerOrganizationName() { 11398 if (!mHasFeature) { 11399 return null; 11400 } 11401 enforceDeviceOwnerOrManageUsers(); 11402 synchronized(this) { 11403 final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 11404 return deviceOwnerAdmin == null ? null : deviceOwnerAdmin.organizationName; 11405 } 11406 } 11407 11408 @Override 11409 public CharSequence getOrganizationNameForUser(int userHandle) { 11410 if (!mHasFeature) { 11411 return null; 11412 } 11413 enforceFullCrossUsersPermission(userHandle); 11414 enforceManagedProfile(userHandle, "get organization name"); 11415 synchronized (this) { 11416 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle); 11417 return (profileOwner != null) 11418 ? profileOwner.organizationName 11419 : null; 11420 } 11421 } 11422 11423 @Override 11424 public List<String> setMeteredDataDisabled(ComponentName who, List<String> packageNames) { 11425 Preconditions.checkNotNull(who); 11426 Preconditions.checkNotNull(packageNames); 11427 11428 if (!mHasFeature) { 11429 return packageNames; 11430 } 11431 synchronized (this) { 11432 final ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11433 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11434 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11435 final long identity = mInjector.binderClearCallingIdentity(); 11436 try { 11437 final List<String> excludedPkgs 11438 = removeInvalidPkgsForMeteredDataRestriction(callingUserId, packageNames); 11439 admin.meteredDisabledPackages = packageNames; 11440 pushMeteredDisabledPackagesLocked(callingUserId); 11441 saveSettingsLocked(callingUserId); 11442 return excludedPkgs; 11443 } finally { 11444 mInjector.binderRestoreCallingIdentity(identity); 11445 } 11446 } 11447 } 11448 11449 private List<String> removeInvalidPkgsForMeteredDataRestriction( 11450 int userId, List<String> pkgNames) { 11451 final Set<String> activeAdmins = getActiveAdminPackagesLocked(userId); 11452 final List<String> excludedPkgs = new ArrayList<>(); 11453 for (int i = pkgNames.size() - 1; i >= 0; --i) { 11454 final String pkgName = pkgNames.get(i); 11455 // If the package is an active admin, don't restrict it. 11456 if (activeAdmins.contains(pkgName)) { 11457 excludedPkgs.add(pkgName); 11458 continue; 11459 } 11460 // If the package doesn't exist, don't restrict it. 11461 try { 11462 if (!mInjector.getIPackageManager().isPackageAvailable(pkgName, userId)) { 11463 excludedPkgs.add(pkgName); 11464 } 11465 } catch (RemoteException e) { 11466 // Should not happen 11467 } 11468 } 11469 pkgNames.removeAll(excludedPkgs); 11470 return excludedPkgs; 11471 } 11472 11473 @Override 11474 public List<String> getMeteredDataDisabled(ComponentName who) { 11475 Preconditions.checkNotNull(who); 11476 11477 if (!mHasFeature) { 11478 return new ArrayList<>(); 11479 } 11480 synchronized (this) { 11481 final ActiveAdmin admin = getActiveAdminForCallerLocked(who, 11482 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11483 return admin.meteredDisabledPackages == null 11484 ? new ArrayList<>() : admin.meteredDisabledPackages; 11485 } 11486 } 11487 11488 @Override 11489 public boolean isMeteredDataDisabledForUser(ComponentName who, 11490 String packageName, int userId) { 11491 Preconditions.checkNotNull(who); 11492 11493 if (!mHasFeature) { 11494 return false; 11495 } 11496 if (!isCallerWithSystemUid()) { 11497 throw new SecurityException( 11498 "Only the system can query restricted pkgs for a specific user"); 11499 } 11500 synchronized (this) { 11501 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId); 11502 if (admin != null && admin.meteredDisabledPackages != null) { 11503 return admin.meteredDisabledPackages.contains(packageName); 11504 } 11505 } 11506 return false; 11507 } 11508 11509 private void pushMeteredDisabledPackagesLocked(int userId) { 11510 mInjector.getNetworkPolicyManagerInternal().setMeteredRestrictedPackages( 11511 getMeteredDisabledPackagesLocked(userId), userId); 11512 } 11513 11514 private Set<String> getMeteredDisabledPackagesLocked(int userId) { 11515 final ComponentName who = getOwnerComponent(userId); 11516 final Set<String> restrictedPkgs = new ArraySet<>(); 11517 if (who != null) { 11518 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId); 11519 if (admin != null && admin.meteredDisabledPackages != null) { 11520 restrictedPkgs.addAll(admin.meteredDisabledPackages); 11521 } 11522 } 11523 return restrictedPkgs; 11524 } 11525 11526 @Override 11527 public void setAffiliationIds(ComponentName admin, List<String> ids) { 11528 if (!mHasFeature) { 11529 return; 11530 } 11531 if (ids == null) { 11532 throw new IllegalArgumentException("ids must not be null"); 11533 } 11534 for (String id : ids) { 11535 if (TextUtils.isEmpty(id)) { 11536 throw new IllegalArgumentException("ids must not contain empty string"); 11537 } 11538 } 11539 11540 final Set<String> affiliationIds = new ArraySet<>(ids); 11541 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11542 synchronized (this) { 11543 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11544 getUserData(callingUserId).mAffiliationIds = affiliationIds; 11545 saveSettingsLocked(callingUserId); 11546 if (callingUserId != UserHandle.USER_SYSTEM && isDeviceOwner(admin, callingUserId)) { 11547 // Affiliation ids specified by the device owner are additionally stored in 11548 // UserHandle.USER_SYSTEM's DevicePolicyData. 11549 getUserData(UserHandle.USER_SYSTEM).mAffiliationIds = affiliationIds; 11550 saveSettingsLocked(UserHandle.USER_SYSTEM); 11551 } 11552 11553 // Affiliation status for any user, not just the calling user, might have changed. 11554 // The device owner user will still be affiliated after changing its affiliation ids, 11555 // but as a result of that other users might become affiliated or un-affiliated. 11556 maybePauseDeviceWideLoggingLocked(); 11557 maybeResumeDeviceWideLoggingLocked(); 11558 maybeClearLockTaskPolicyLocked(); 11559 } 11560 } 11561 11562 @Override 11563 public List<String> getAffiliationIds(ComponentName admin) { 11564 if (!mHasFeature) { 11565 return Collections.emptyList(); 11566 } 11567 11568 Preconditions.checkNotNull(admin); 11569 synchronized (this) { 11570 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11571 return new ArrayList<String>( 11572 getUserData(mInjector.userHandleGetCallingUserId()).mAffiliationIds); 11573 } 11574 } 11575 11576 @Override 11577 public boolean isAffiliatedUser() { 11578 if (!mHasFeature) { 11579 return false; 11580 } 11581 11582 synchronized (this) { 11583 return isUserAffiliatedWithDeviceLocked(mInjector.userHandleGetCallingUserId()); 11584 } 11585 } 11586 11587 private boolean isUserAffiliatedWithDeviceLocked(int userId) { 11588 if (!mOwners.hasDeviceOwner()) { 11589 return false; 11590 } 11591 if (userId == mOwners.getDeviceOwnerUserId()) { 11592 // The user that the DO is installed on is always affiliated with the device. 11593 return true; 11594 } 11595 if (userId == UserHandle.USER_SYSTEM) { 11596 // The system user is always affiliated in a DO device, even if the DO is set on a 11597 // different user. This could be the case if the DO is set in the primary user 11598 // of a split user device. 11599 return true; 11600 } 11601 11602 final ComponentName profileOwner = getProfileOwner(userId); 11603 if (profileOwner == null) { 11604 return false; 11605 } 11606 11607 final Set<String> userAffiliationIds = getUserData(userId).mAffiliationIds; 11608 final Set<String> deviceAffiliationIds = 11609 getUserData(UserHandle.USER_SYSTEM).mAffiliationIds; 11610 for (String id : userAffiliationIds) { 11611 if (deviceAffiliationIds.contains(id)) { 11612 return true; 11613 } 11614 } 11615 return false; 11616 } 11617 11618 private boolean areAllUsersAffiliatedWithDeviceLocked() { 11619 final long ident = mInjector.binderClearCallingIdentity(); 11620 try { 11621 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 11622 for (int i = 0; i < userInfos.size(); i++) { 11623 int userId = userInfos.get(i).id; 11624 if (!isUserAffiliatedWithDeviceLocked(userId)) { 11625 Slog.d(LOG_TAG, "User id " + userId + " not affiliated."); 11626 return false; 11627 } 11628 } 11629 } finally { 11630 mInjector.binderRestoreCallingIdentity(ident); 11631 } 11632 11633 return true; 11634 } 11635 11636 @Override 11637 public void setSecurityLoggingEnabled(ComponentName admin, boolean enabled) { 11638 if (!mHasFeature) { 11639 return; 11640 } 11641 Preconditions.checkNotNull(admin); 11642 11643 synchronized (this) { 11644 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11645 if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) { 11646 return; 11647 } 11648 mInjector.securityLogSetLoggingEnabledProperty(enabled); 11649 if (enabled) { 11650 mSecurityLogMonitor.start(); 11651 maybePauseDeviceWideLoggingLocked(); 11652 } else { 11653 mSecurityLogMonitor.stop(); 11654 } 11655 } 11656 } 11657 11658 @Override 11659 public boolean isSecurityLoggingEnabled(ComponentName admin) { 11660 if (!mHasFeature) { 11661 return false; 11662 } 11663 11664 synchronized (this) { 11665 if (!isCallerWithSystemUid()) { 11666 Preconditions.checkNotNull(admin); 11667 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11668 } 11669 return mInjector.securityLogGetLoggingEnabledProperty(); 11670 } 11671 } 11672 11673 private synchronized void recordSecurityLogRetrievalTime() { 11674 final long currentTime = System.currentTimeMillis(); 11675 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 11676 if (currentTime > policyData.mLastSecurityLogRetrievalTime) { 11677 policyData.mLastSecurityLogRetrievalTime = currentTime; 11678 saveSettingsLocked(UserHandle.USER_SYSTEM); 11679 } 11680 } 11681 11682 @Override 11683 public ParceledListSlice<SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin) { 11684 if (!mHasFeature) { 11685 return null; 11686 } 11687 11688 Preconditions.checkNotNull(admin); 11689 ensureDeviceOwnerAndAllUsersAffiliated(admin); 11690 11691 if (!mContext.getResources().getBoolean(R.bool.config_supportPreRebootSecurityLogs) 11692 || !mInjector.securityLogGetLoggingEnabledProperty()) { 11693 return null; 11694 } 11695 11696 recordSecurityLogRetrievalTime(); 11697 11698 ArrayList<SecurityEvent> output = new ArrayList<SecurityEvent>(); 11699 try { 11700 SecurityLog.readPreviousEvents(output); 11701 return new ParceledListSlice<SecurityEvent>(output); 11702 } catch (IOException e) { 11703 Slog.w(LOG_TAG, "Fail to read previous events" , e); 11704 return new ParceledListSlice<SecurityEvent>(Collections.<SecurityEvent>emptyList()); 11705 } 11706 } 11707 11708 @Override 11709 public ParceledListSlice<SecurityEvent> retrieveSecurityLogs(ComponentName admin) { 11710 if (!mHasFeature) { 11711 return null; 11712 } 11713 11714 Preconditions.checkNotNull(admin); 11715 ensureDeviceOwnerAndAllUsersAffiliated(admin); 11716 11717 if (!mInjector.securityLogGetLoggingEnabledProperty()) { 11718 return null; 11719 } 11720 11721 recordSecurityLogRetrievalTime(); 11722 11723 List<SecurityEvent> logs = mSecurityLogMonitor.retrieveLogs(); 11724 return logs != null ? new ParceledListSlice<SecurityEvent>(logs) : null; 11725 } 11726 11727 @Override 11728 public long forceSecurityLogs() { 11729 enforceShell("forceSecurityLogs"); 11730 if (!mInjector.securityLogGetLoggingEnabledProperty()) { 11731 throw new IllegalStateException("logging is not available"); 11732 } 11733 return mSecurityLogMonitor.forceLogs(); 11734 } 11735 11736 private void enforceCanManageDeviceAdmin() { 11737 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS, 11738 null); 11739 } 11740 11741 private void enforceCanManageProfileAndDeviceOwners() { 11742 mContext.enforceCallingOrSelfPermission( 11743 android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); 11744 } 11745 11746 private void enforceCallerSystemUserHandle() { 11747 final int callingUid = mInjector.binderGetCallingUid(); 11748 final int userId = UserHandle.getUserId(callingUid); 11749 if (userId != UserHandle.USER_SYSTEM) { 11750 throw new SecurityException("Caller has to be in user 0"); 11751 } 11752 } 11753 11754 @Override 11755 public boolean isUninstallInQueue(final String packageName) { 11756 enforceCanManageDeviceAdmin(); 11757 final int userId = mInjector.userHandleGetCallingUserId(); 11758 Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11759 synchronized (this) { 11760 return mPackagesToRemove.contains(packageUserPair); 11761 } 11762 } 11763 11764 @Override 11765 public void uninstallPackageWithActiveAdmins(final String packageName) { 11766 enforceCanManageDeviceAdmin(); 11767 Preconditions.checkArgument(!TextUtils.isEmpty(packageName)); 11768 11769 final int userId = mInjector.userHandleGetCallingUserId(); 11770 11771 enforceUserUnlocked(userId); 11772 11773 final ComponentName profileOwner = getProfileOwner(userId); 11774 if (profileOwner != null && packageName.equals(profileOwner.getPackageName())) { 11775 throw new IllegalArgumentException("Cannot uninstall a package with a profile owner"); 11776 } 11777 11778 final ComponentName deviceOwner = getDeviceOwnerComponent(/* callingUserOnly= */ false); 11779 if (getDeviceOwnerUserId() == userId && deviceOwner != null 11780 && packageName.equals(deviceOwner.getPackageName())) { 11781 throw new IllegalArgumentException("Cannot uninstall a package with a device owner"); 11782 } 11783 11784 final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11785 synchronized (this) { 11786 mPackagesToRemove.add(packageUserPair); 11787 } 11788 11789 // All active admins on the user. 11790 final List<ComponentName> allActiveAdmins = getActiveAdmins(userId); 11791 11792 // Active admins in the target package. 11793 final List<ComponentName> packageActiveAdmins = new ArrayList<>(); 11794 if (allActiveAdmins != null) { 11795 for (ComponentName activeAdmin : allActiveAdmins) { 11796 if (packageName.equals(activeAdmin.getPackageName())) { 11797 packageActiveAdmins.add(activeAdmin); 11798 removeActiveAdmin(activeAdmin, userId); 11799 } 11800 } 11801 } 11802 if (packageActiveAdmins.size() == 0) { 11803 startUninstallIntent(packageName, userId); 11804 } else { 11805 mHandler.postDelayed(new Runnable() { 11806 @Override 11807 public void run() { 11808 for (ComponentName activeAdmin : packageActiveAdmins) { 11809 removeAdminArtifacts(activeAdmin, userId); 11810 } 11811 startUninstallIntent(packageName, userId); 11812 } 11813 }, DEVICE_ADMIN_DEACTIVATE_TIMEOUT); // Start uninstall after timeout anyway. 11814 } 11815 } 11816 11817 @Override 11818 public boolean isDeviceProvisioned() { 11819 synchronized (this) { 11820 return getUserDataUnchecked(UserHandle.USER_SYSTEM).mUserSetupComplete; 11821 } 11822 } 11823 11824 private boolean isCurrentUserDemo() { 11825 if (UserManager.isDeviceInDemoMode(mContext)) { 11826 final int userId = mInjector.userHandleGetCallingUserId(); 11827 final long callingIdentity = mInjector.binderClearCallingIdentity(); 11828 try { 11829 return mUserManager.getUserInfo(userId).isDemo(); 11830 } finally { 11831 mInjector.binderRestoreCallingIdentity(callingIdentity); 11832 } 11833 } 11834 return false; 11835 } 11836 11837 private void removePackageIfRequired(final String packageName, final int userId) { 11838 if (!packageHasActiveAdmins(packageName, userId)) { 11839 // Will not do anything if uninstall was not requested or was already started. 11840 startUninstallIntent(packageName, userId); 11841 } 11842 } 11843 11844 private void startUninstallIntent(final String packageName, final int userId) { 11845 final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11846 synchronized (this) { 11847 if (!mPackagesToRemove.contains(packageUserPair)) { 11848 // Do nothing if uninstall was not requested or was already started. 11849 return; 11850 } 11851 mPackagesToRemove.remove(packageUserPair); 11852 } 11853 try { 11854 if (mInjector.getIPackageManager().getPackageInfo(packageName, 0, userId) == null) { 11855 // Package does not exist. Nothing to do. 11856 return; 11857 } 11858 } catch (RemoteException re) { 11859 Log.e(LOG_TAG, "Failure talking to PackageManager while getting package info"); 11860 } 11861 11862 try { // force stop the package before uninstalling 11863 mInjector.getIActivityManager().forceStopPackage(packageName, userId); 11864 } catch (RemoteException re) { 11865 Log.e(LOG_TAG, "Failure talking to ActivityManager while force stopping package"); 11866 } 11867 final Uri packageURI = Uri.parse("package:" + packageName); 11868 final Intent uninstallIntent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE, packageURI); 11869 uninstallIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); 11870 mContext.startActivityAsUser(uninstallIntent, UserHandle.of(userId)); 11871 } 11872 11873 /** 11874 * Removes the admin from the policy. Ideally called after the admin's 11875 * {@link DeviceAdminReceiver#onDisabled(Context, Intent)} has been successfully completed. 11876 * 11877 * @param adminReceiver The admin to remove 11878 * @param userHandle The user for which this admin has to be removed. 11879 */ 11880 private void removeAdminArtifacts(final ComponentName adminReceiver, final int userHandle) { 11881 synchronized (this) { 11882 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 11883 if (admin == null) { 11884 return; 11885 } 11886 final DevicePolicyData policy = getUserData(userHandle); 11887 final boolean doProxyCleanup = admin.info.usesPolicy( 11888 DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); 11889 policy.mAdminList.remove(admin); 11890 policy.mAdminMap.remove(adminReceiver); 11891 validatePasswordOwnerLocked(policy); 11892 if (doProxyCleanup) { 11893 resetGlobalProxyLocked(policy); 11894 } 11895 pushActiveAdminPackagesLocked(userHandle); 11896 pushMeteredDisabledPackagesLocked(userHandle); 11897 saveSettingsLocked(userHandle); 11898 updateMaximumTimeToLockLocked(userHandle); 11899 policy.mRemovingAdmins.remove(adminReceiver); 11900 11901 Slog.i(LOG_TAG, "Device admin " + adminReceiver + " removed from user " + userHandle); 11902 } 11903 // The removed admin might have disabled camera, so update user 11904 // restrictions. 11905 pushUserRestrictions(userHandle); 11906 } 11907 11908 @Override 11909 public void setDeviceProvisioningConfigApplied() { 11910 enforceManageUsers(); 11911 synchronized (this) { 11912 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 11913 policy.mDeviceProvisioningConfigApplied = true; 11914 saveSettingsLocked(UserHandle.USER_SYSTEM); 11915 } 11916 } 11917 11918 @Override 11919 public boolean isDeviceProvisioningConfigApplied() { 11920 enforceManageUsers(); 11921 synchronized (this) { 11922 final DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 11923 return policy.mDeviceProvisioningConfigApplied; 11924 } 11925 } 11926 11927 /** 11928 * Force update internal persistent state from Settings.Secure.USER_SETUP_COMPLETE. 11929 * 11930 * It's added for testing only. Please use this API carefully if it's used by other system app 11931 * and bare in mind Settings.Secure.USER_SETUP_COMPLETE can be modified by user and other system 11932 * apps. 11933 */ 11934 @Override 11935 public void forceUpdateUserSetupComplete() { 11936 enforceCanManageProfileAndDeviceOwners(); 11937 enforceCallerSystemUserHandle(); 11938 // no effect if it's called from user build 11939 if (!mInjector.isBuildDebuggable()) { 11940 return; 11941 } 11942 final int userId = UserHandle.USER_SYSTEM; 11943 boolean isUserCompleted = mInjector.settingsSecureGetIntForUser( 11944 Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0; 11945 DevicePolicyData policy = getUserData(userId); 11946 policy.mUserSetupComplete = isUserCompleted; 11947 synchronized (this) { 11948 saveSettingsLocked(userId); 11949 } 11950 } 11951 11952 // TODO(b/22388012): When backup is available for secondary users and profiles, consider 11953 // whether there are any privacy/security implications of enabling the backup service here 11954 // if there are other users or profiles unmanaged or managed by a different entity (i.e. not 11955 // affiliated). 11956 @Override 11957 public void setBackupServiceEnabled(ComponentName admin, boolean enabled) { 11958 if (!mHasFeature) { 11959 return; 11960 } 11961 Preconditions.checkNotNull(admin); 11962 synchronized (this) { 11963 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked( 11964 admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11965 if (!enabled) { 11966 activeAdmin.mandatoryBackupTransport = null; 11967 saveSettingsLocked(UserHandle.USER_SYSTEM); 11968 } 11969 } 11970 11971 final long ident = mInjector.binderClearCallingIdentity(); 11972 try { 11973 IBackupManager ibm = mInjector.getIBackupManager(); 11974 if (ibm != null) { 11975 ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, enabled); 11976 } 11977 } catch (RemoteException e) { 11978 throw new IllegalStateException( 11979 "Failed " + (enabled ? "" : "de") + "activating backup service.", e); 11980 } finally { 11981 mInjector.binderRestoreCallingIdentity(ident); 11982 } 11983 } 11984 11985 @Override 11986 public boolean isBackupServiceEnabled(ComponentName admin) { 11987 Preconditions.checkNotNull(admin); 11988 if (!mHasFeature) { 11989 return true; 11990 } 11991 synchronized (this) { 11992 try { 11993 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11994 IBackupManager ibm = mInjector.getIBackupManager(); 11995 return ibm != null && ibm.isBackupServiceActive(UserHandle.USER_SYSTEM); 11996 } catch (RemoteException e) { 11997 throw new IllegalStateException("Failed requesting backup service state.", e); 11998 } 11999 } 12000 } 12001 12002 @Override 12003 public boolean setMandatoryBackupTransport( 12004 ComponentName admin, 12005 ComponentName backupTransportComponent) { 12006 if (!mHasFeature) { 12007 return false; 12008 } 12009 Preconditions.checkNotNull(admin); 12010 synchronized (this) { 12011 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12012 } 12013 12014 final int callingUid = mInjector.binderGetCallingUid(); 12015 final AtomicBoolean success = new AtomicBoolean(false); 12016 final CountDownLatch countDownLatch = new CountDownLatch(1); 12017 final ISelectBackupTransportCallback selectBackupTransportCallbackInternal = 12018 new ISelectBackupTransportCallback.Stub() { 12019 public void onSuccess(String transportName) { 12020 saveMandatoryBackupTransport(admin, callingUid, backupTransportComponent); 12021 success.set(true); 12022 countDownLatch.countDown(); 12023 } 12024 12025 public void onFailure(int reason) { 12026 countDownLatch.countDown(); 12027 } 12028 }; 12029 final long identity = mInjector.binderClearCallingIdentity(); 12030 try { 12031 IBackupManager ibm = mInjector.getIBackupManager(); 12032 if (ibm != null && backupTransportComponent != null) { 12033 if (!ibm.isBackupServiceActive(UserHandle.USER_SYSTEM)) { 12034 ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, true); 12035 } 12036 ibm.selectBackupTransportAsync( 12037 backupTransportComponent, selectBackupTransportCallbackInternal); 12038 countDownLatch.await(); 12039 if (success.get()) { 12040 ibm.setBackupEnabled(true); 12041 } 12042 } else if (backupTransportComponent == null) { 12043 saveMandatoryBackupTransport(admin, callingUid, backupTransportComponent); 12044 success.set(true); 12045 } 12046 } catch (RemoteException e) { 12047 throw new IllegalStateException("Failed to set mandatory backup transport.", e); 12048 } catch (InterruptedException e) { 12049 throw new IllegalStateException("Failed to set mandatory backup transport.", e); 12050 } finally { 12051 mInjector.binderRestoreCallingIdentity(identity); 12052 } 12053 return success.get(); 12054 } 12055 12056 synchronized private void saveMandatoryBackupTransport( 12057 ComponentName admin, int callingUid, ComponentName backupTransportComponent) { 12058 ActiveAdmin activeAdmin = 12059 getActiveAdminWithPolicyForUidLocked( 12060 admin, 12061 DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 12062 callingUid); 12063 if (!Objects.equals(backupTransportComponent, 12064 activeAdmin.mandatoryBackupTransport)) { 12065 activeAdmin.mandatoryBackupTransport = 12066 backupTransportComponent; 12067 saveSettingsLocked(UserHandle.USER_SYSTEM); 12068 } 12069 } 12070 12071 @Override 12072 public ComponentName getMandatoryBackupTransport() { 12073 if (!mHasFeature) { 12074 return null; 12075 } 12076 synchronized (this) { 12077 ActiveAdmin activeAdmin = getDeviceOwnerAdminLocked(); 12078 return activeAdmin == null ? null : activeAdmin.mandatoryBackupTransport; 12079 } 12080 } 12081 12082 12083 @Override 12084 public boolean bindDeviceAdminServiceAsUser( 12085 @NonNull ComponentName admin, @NonNull IApplicationThread caller, 12086 @Nullable IBinder activtiyToken, @NonNull Intent serviceIntent, 12087 @NonNull IServiceConnection connection, int flags, @UserIdInt int targetUserId) { 12088 if (!mHasFeature) { 12089 return false; 12090 } 12091 Preconditions.checkNotNull(admin); 12092 Preconditions.checkNotNull(caller); 12093 Preconditions.checkNotNull(serviceIntent); 12094 Preconditions.checkArgument( 12095 serviceIntent.getComponent() != null || serviceIntent.getPackage() != null, 12096 "Service intent must be explicit (with a package name or component): " 12097 + serviceIntent); 12098 Preconditions.checkNotNull(connection); 12099 Preconditions.checkArgument(mInjector.userHandleGetCallingUserId() != targetUserId, 12100 "target user id must be different from the calling user id"); 12101 12102 if (!getBindDeviceAdminTargetUsers(admin).contains(UserHandle.of(targetUserId))) { 12103 throw new SecurityException("Not allowed to bind to target user id"); 12104 } 12105 12106 final String targetPackage; 12107 synchronized (this) { 12108 targetPackage = getOwnerPackageNameForUserLocked(targetUserId); 12109 } 12110 12111 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12112 try { 12113 // Validate and sanitize the incoming service intent. 12114 final Intent sanitizedIntent = 12115 createCrossUserServiceIntent(serviceIntent, targetPackage, targetUserId); 12116 if (sanitizedIntent == null) { 12117 // Fail, cannot lookup the target service. 12118 return false; 12119 } 12120 // Ask ActivityManager to bind it. Notice that we are binding the service with the 12121 // caller app instead of DevicePolicyManagerService. 12122 return mInjector.getIActivityManager().bindService( 12123 caller, activtiyToken, serviceIntent, 12124 serviceIntent.resolveTypeIfNeeded(mContext.getContentResolver()), 12125 connection, flags, mContext.getOpPackageName(), 12126 targetUserId) != 0; 12127 } catch (RemoteException ex) { 12128 // Same process, should not happen. 12129 } finally { 12130 mInjector.binderRestoreCallingIdentity(callingIdentity); 12131 } 12132 12133 // Failed to bind. 12134 return false; 12135 } 12136 12137 @Override 12138 public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) { 12139 if (!mHasFeature) { 12140 return Collections.emptyList(); 12141 } 12142 Preconditions.checkNotNull(admin); 12143 12144 synchronized (this) { 12145 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12146 12147 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12148 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12149 try { 12150 ArrayList<UserHandle> targetUsers = new ArrayList<>(); 12151 if (!isDeviceOwner(admin, callingUserId)) { 12152 // Profile owners can only bind to the device owner. 12153 if (canUserBindToDeviceOwnerLocked(callingUserId)) { 12154 targetUsers.add(UserHandle.of(mOwners.getDeviceOwnerUserId())); 12155 } 12156 } else { 12157 // Caller is the device owner: Look for profile owners that it can bind to. 12158 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 12159 for (int i = 0; i < userInfos.size(); i++) { 12160 final int userId = userInfos.get(i).id; 12161 if (userId != callingUserId && canUserBindToDeviceOwnerLocked(userId)) { 12162 targetUsers.add(UserHandle.of(userId)); 12163 } 12164 } 12165 } 12166 12167 return targetUsers; 12168 } finally { 12169 mInjector.binderRestoreCallingIdentity(callingIdentity); 12170 } 12171 } 12172 } 12173 12174 private boolean canUserBindToDeviceOwnerLocked(int userId) { 12175 // There has to be a device owner, under another user id. 12176 if (!mOwners.hasDeviceOwner() || userId == mOwners.getDeviceOwnerUserId()) { 12177 return false; 12178 } 12179 12180 // The user must have a profile owner that belongs to the same package as the device owner. 12181 if (!mOwners.hasProfileOwner(userId) || !TextUtils.equals( 12182 mOwners.getDeviceOwnerPackageName(), mOwners.getProfileOwnerPackage(userId))) { 12183 return false; 12184 } 12185 12186 // The user must be affiliated. 12187 return isUserAffiliatedWithDeviceLocked(userId); 12188 } 12189 12190 /** 12191 * Return true if a given user has any accounts that'll prevent installing a device or profile 12192 * owner {@code owner}. 12193 * - If the user has no accounts, then return false. 12194 * - Otherwise, if the owner is unknown (== null), or is not test-only, then return true. 12195 * - Otherwise, if there's any account that does not have ..._ALLOWED, or does have 12196 * ..._DISALLOWED, return true. 12197 * - Otherwise return false. 12198 * 12199 * If the caller is *not* ADB, it also returns true. The returned value shouldn't be used 12200 * when the caller is not ADB. 12201 * 12202 * DO NOT CALL IT WITH THE DPMS LOCK HELD. 12203 */ 12204 private boolean hasIncompatibleAccountsOrNonAdbNoLock( 12205 int userId, @Nullable ComponentName owner) { 12206 if (!isAdb()) { 12207 return true; 12208 } 12209 wtfIfInLock(); 12210 12211 final long token = mInjector.binderClearCallingIdentity(); 12212 try { 12213 final AccountManager am = AccountManager.get(mContext); 12214 final Account accounts[] = am.getAccountsAsUser(userId); 12215 if (accounts.length == 0) { 12216 return false; 12217 } 12218 synchronized (this) { 12219 if (owner == null || !isAdminTestOnlyLocked(owner, userId)) { 12220 Log.w(LOG_TAG, 12221 "Non test-only owner can't be installed with existing accounts."); 12222 return true; 12223 } 12224 } 12225 12226 final String[] feature_allow = 12227 { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED }; 12228 final String[] feature_disallow = 12229 { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED }; 12230 12231 boolean compatible = true; 12232 for (Account account : accounts) { 12233 if (hasAccountFeatures(am, account, feature_disallow)) { 12234 Log.e(LOG_TAG, account + " has " + feature_disallow[0]); 12235 compatible = false; 12236 break; 12237 } 12238 if (!hasAccountFeatures(am, account, feature_allow)) { 12239 Log.e(LOG_TAG, account + " doesn't have " + feature_allow[0]); 12240 compatible = false; 12241 break; 12242 } 12243 } 12244 if (compatible) { 12245 Log.w(LOG_TAG, "All accounts are compatible"); 12246 } else { 12247 Log.e(LOG_TAG, "Found incompatible accounts"); 12248 } 12249 return !compatible; 12250 } finally { 12251 mInjector.binderRestoreCallingIdentity(token); 12252 } 12253 } 12254 12255 private boolean hasAccountFeatures(AccountManager am, Account account, String[] features) { 12256 try { 12257 return am.hasFeatures(account, features, null, null).getResult(); 12258 } catch (Exception e) { 12259 Log.w(LOG_TAG, "Failed to get account feature", e); 12260 return false; 12261 } 12262 } 12263 12264 private boolean isAdb() { 12265 final int callingUid = mInjector.binderGetCallingUid(); 12266 return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID; 12267 } 12268 12269 @Override 12270 public synchronized void setNetworkLoggingEnabled(ComponentName admin, boolean enabled) { 12271 if (!mHasFeature) { 12272 return; 12273 } 12274 Preconditions.checkNotNull(admin); 12275 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12276 12277 if (enabled == isNetworkLoggingEnabledInternalLocked()) { 12278 // already in the requested state 12279 return; 12280 } 12281 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12282 deviceOwner.isNetworkLoggingEnabled = enabled; 12283 if (!enabled) { 12284 deviceOwner.numNetworkLoggingNotifications = 0; 12285 deviceOwner.lastNetworkLoggingNotificationTimeMs = 0; 12286 } 12287 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12288 12289 setNetworkLoggingActiveInternal(enabled); 12290 } 12291 12292 private synchronized void setNetworkLoggingActiveInternal(boolean active) { 12293 final long callingIdentity = mInjector.binderClearCallingIdentity(); 12294 try { 12295 if (active) { 12296 mNetworkLogger = new NetworkLogger(this, mInjector.getPackageManagerInternal()); 12297 if (!mNetworkLogger.startNetworkLogging()) { 12298 mNetworkLogger = null; 12299 Slog.wtf(LOG_TAG, "Network logging could not be started due to the logging" 12300 + " service not being available yet."); 12301 } 12302 maybePauseDeviceWideLoggingLocked(); 12303 sendNetworkLoggingNotificationLocked(); 12304 } else { 12305 if (mNetworkLogger != null && !mNetworkLogger.stopNetworkLogging()) { 12306 Slog.wtf(LOG_TAG, "Network logging could not be stopped due to the logging" 12307 + " service not being available yet."); 12308 } 12309 mNetworkLogger = null; 12310 mInjector.getNotificationManager().cancel(SystemMessage.NOTE_NETWORK_LOGGING); 12311 } 12312 } finally { 12313 mInjector.binderRestoreCallingIdentity(callingIdentity); 12314 } 12315 } 12316 12317 /** Pauses security and network logging if there are unaffiliated users on the device */ 12318 private void maybePauseDeviceWideLoggingLocked() { 12319 if (!areAllUsersAffiliatedWithDeviceLocked()) { 12320 Slog.i(LOG_TAG, "There are unaffiliated users, security and network logging will be " 12321 + "paused if enabled."); 12322 mSecurityLogMonitor.pause(); 12323 if (mNetworkLogger != null) { 12324 mNetworkLogger.pause(); 12325 } 12326 } 12327 } 12328 12329 /** Resumes security and network logging (if they are enabled) if all users are affiliated */ 12330 private void maybeResumeDeviceWideLoggingLocked() { 12331 if (areAllUsersAffiliatedWithDeviceLocked()) { 12332 final long ident = mInjector.binderClearCallingIdentity(); 12333 try { 12334 mSecurityLogMonitor.resume(); 12335 if (mNetworkLogger != null) { 12336 mNetworkLogger.resume(); 12337 } 12338 } finally { 12339 mInjector.binderRestoreCallingIdentity(ident); 12340 } 12341 } 12342 } 12343 12344 /** Deletes any security and network logs that might have been collected so far */ 12345 private void discardDeviceWideLogsLocked() { 12346 mSecurityLogMonitor.discardLogs(); 12347 if (mNetworkLogger != null) { 12348 mNetworkLogger.discardLogs(); 12349 } 12350 // TODO: We should discard pre-boot security logs here too, as otherwise those 12351 // logs (which might contain data from the user just removed) will be 12352 // available after next boot. 12353 } 12354 12355 @Override 12356 public boolean isNetworkLoggingEnabled(ComponentName admin) { 12357 if (!mHasFeature) { 12358 return false; 12359 } 12360 synchronized (this) { 12361 enforceDeviceOwnerOrManageUsers(); 12362 return isNetworkLoggingEnabledInternalLocked(); 12363 } 12364 } 12365 12366 private boolean isNetworkLoggingEnabledInternalLocked() { 12367 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12368 return (deviceOwner != null) && deviceOwner.isNetworkLoggingEnabled; 12369 } 12370 12371 /* 12372 * A maximum of 1200 events are returned, and the total marshalled size is in the order of 12373 * 100kB, so returning a List instead of ParceledListSlice is acceptable. 12374 * Ideally this would be done with ParceledList, however it only supports homogeneous types. 12375 * 12376 * @see NetworkLoggingHandler#MAX_EVENTS_PER_BATCH 12377 */ 12378 @Override 12379 public List<NetworkEvent> retrieveNetworkLogs(ComponentName admin, long batchToken) { 12380 if (!mHasFeature) { 12381 return null; 12382 } 12383 Preconditions.checkNotNull(admin); 12384 ensureDeviceOwnerAndAllUsersAffiliated(admin); 12385 12386 synchronized (this) { 12387 if (mNetworkLogger == null 12388 || !isNetworkLoggingEnabledInternalLocked()) { 12389 return null; 12390 } 12391 12392 final long currentTime = System.currentTimeMillis(); 12393 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 12394 if (currentTime > policyData.mLastNetworkLogsRetrievalTime) { 12395 policyData.mLastNetworkLogsRetrievalTime = currentTime; 12396 saveSettingsLocked(UserHandle.USER_SYSTEM); 12397 } 12398 return mNetworkLogger.retrieveLogs(batchToken); 12399 } 12400 } 12401 12402 private void sendNetworkLoggingNotificationLocked() { 12403 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12404 if (deviceOwner == null || !deviceOwner.isNetworkLoggingEnabled) { 12405 return; 12406 } 12407 if (deviceOwner.numNetworkLoggingNotifications >= 12408 ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) { 12409 return; 12410 } 12411 final long now = System.currentTimeMillis(); 12412 if (now - deviceOwner.lastNetworkLoggingNotificationTimeMs < MS_PER_DAY) { 12413 return; 12414 } 12415 deviceOwner.numNetworkLoggingNotifications++; 12416 if (deviceOwner.numNetworkLoggingNotifications 12417 >= ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) { 12418 deviceOwner.lastNetworkLoggingNotificationTimeMs = 0; 12419 } else { 12420 deviceOwner.lastNetworkLoggingNotificationTimeMs = now; 12421 } 12422 final Intent intent = new Intent(DevicePolicyManager.ACTION_SHOW_DEVICE_MONITORING_DIALOG); 12423 intent.setPackage("com.android.systemui"); 12424 final PendingIntent pendingIntent = PendingIntent.getBroadcastAsUser(mContext, 0, intent, 0, 12425 UserHandle.CURRENT); 12426 Notification notification = 12427 new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) 12428 .setSmallIcon(R.drawable.ic_info_outline) 12429 .setContentTitle(mContext.getString(R.string.network_logging_notification_title)) 12430 .setContentText(mContext.getString(R.string.network_logging_notification_text)) 12431 .setTicker(mContext.getString(R.string.network_logging_notification_title)) 12432 .setShowWhen(true) 12433 .setContentIntent(pendingIntent) 12434 .setStyle(new Notification.BigTextStyle() 12435 .bigText(mContext.getString(R.string.network_logging_notification_text))) 12436 .build(); 12437 mInjector.getNotificationManager().notify(SystemMessage.NOTE_NETWORK_LOGGING, notification); 12438 saveSettingsLocked(mOwners.getDeviceOwnerUserId()); 12439 } 12440 12441 /** 12442 * Return the package name of owner in a given user. 12443 */ 12444 private String getOwnerPackageNameForUserLocked(int userId) { 12445 return mOwners.getDeviceOwnerUserId() == userId 12446 ? mOwners.getDeviceOwnerPackageName() 12447 : mOwners.getProfileOwnerPackage(userId); 12448 } 12449 12450 /** 12451 * @param rawIntent Original service intent specified by caller. It must be explicit. 12452 * @param expectedPackageName The expected package name of the resolved service. 12453 * @return Intent that have component explicitly set. {@code null} if no service is resolved 12454 * with the given intent. 12455 * @throws SecurityException if the intent is resolved to an invalid service. 12456 */ 12457 private Intent createCrossUserServiceIntent( 12458 @NonNull Intent rawIntent, @NonNull String expectedPackageName, 12459 @UserIdInt int targetUserId) throws RemoteException, SecurityException { 12460 ResolveInfo info = mIPackageManager.resolveService( 12461 rawIntent, 12462 rawIntent.resolveTypeIfNeeded(mContext.getContentResolver()), 12463 0, // flags 12464 targetUserId); 12465 if (info == null || info.serviceInfo == null) { 12466 Log.e(LOG_TAG, "Fail to look up the service: " + rawIntent 12467 + " or user " + targetUserId + " is not running"); 12468 return null; 12469 } 12470 if (!expectedPackageName.equals(info.serviceInfo.packageName)) { 12471 throw new SecurityException("Only allow to bind service in " + expectedPackageName); 12472 } 12473 // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release. 12474 if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) { 12475 throw new SecurityException( 12476 "Service must be protected by BIND_DEVICE_ADMIN permission"); 12477 } 12478 // It is the system server to bind the service, it would be extremely dangerous if it 12479 // can be exploited to bind any service. Set the component explicitly to make sure we 12480 // do not bind anything accidentally. 12481 rawIntent.setComponent(info.serviceInfo.getComponentName()); 12482 return rawIntent; 12483 } 12484 12485 @Override 12486 public long getLastSecurityLogRetrievalTime() { 12487 enforceDeviceOwnerOrManageUsers(); 12488 return getUserData(UserHandle.USER_SYSTEM).mLastSecurityLogRetrievalTime; 12489 } 12490 12491 @Override 12492 public long getLastBugReportRequestTime() { 12493 enforceDeviceOwnerOrManageUsers(); 12494 return getUserData(UserHandle.USER_SYSTEM).mLastBugReportRequestTime; 12495 } 12496 12497 @Override 12498 public long getLastNetworkLogRetrievalTime() { 12499 enforceDeviceOwnerOrManageUsers(); 12500 return getUserData(UserHandle.USER_SYSTEM).mLastNetworkLogsRetrievalTime; 12501 } 12502 12503 @Override 12504 public boolean setResetPasswordToken(ComponentName admin, byte[] token) { 12505 if (!mHasFeature) { 12506 return false; 12507 } 12508 if (token == null || token.length < 32) { 12509 throw new IllegalArgumentException("token must be at least 32-byte long"); 12510 } 12511 synchronized (this) { 12512 final int userHandle = mInjector.userHandleGetCallingUserId(); 12513 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12514 12515 DevicePolicyData policy = getUserData(userHandle); 12516 long ident = mInjector.binderClearCallingIdentity(); 12517 try { 12518 if (policy.mPasswordTokenHandle != 0) { 12519 mLockPatternUtils.removeEscrowToken(policy.mPasswordTokenHandle, userHandle); 12520 } 12521 12522 policy.mPasswordTokenHandle = mLockPatternUtils.addEscrowToken(token, userHandle); 12523 saveSettingsLocked(userHandle); 12524 return policy.mPasswordTokenHandle != 0; 12525 } finally { 12526 mInjector.binderRestoreCallingIdentity(ident); 12527 } 12528 } 12529 } 12530 12531 @Override 12532 public boolean clearResetPasswordToken(ComponentName admin) { 12533 if (!mHasFeature) { 12534 return false; 12535 } 12536 synchronized (this) { 12537 final int userHandle = mInjector.userHandleGetCallingUserId(); 12538 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12539 12540 DevicePolicyData policy = getUserData(userHandle); 12541 if (policy.mPasswordTokenHandle != 0) { 12542 long ident = mInjector.binderClearCallingIdentity(); 12543 try { 12544 boolean result = mLockPatternUtils.removeEscrowToken( 12545 policy.mPasswordTokenHandle, userHandle); 12546 policy.mPasswordTokenHandle = 0; 12547 saveSettingsLocked(userHandle); 12548 return result; 12549 } finally { 12550 mInjector.binderRestoreCallingIdentity(ident); 12551 } 12552 } 12553 } 12554 return false; 12555 } 12556 12557 @Override 12558 public boolean isResetPasswordTokenActive(ComponentName admin) { 12559 synchronized (this) { 12560 final int userHandle = mInjector.userHandleGetCallingUserId(); 12561 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12562 12563 DevicePolicyData policy = getUserData(userHandle); 12564 if (policy.mPasswordTokenHandle != 0) { 12565 long ident = mInjector.binderClearCallingIdentity(); 12566 try { 12567 return mLockPatternUtils.isEscrowTokenActive(policy.mPasswordTokenHandle, 12568 userHandle); 12569 } finally { 12570 mInjector.binderRestoreCallingIdentity(ident); 12571 } 12572 } 12573 } 12574 return false; 12575 } 12576 12577 @Override 12578 public boolean resetPasswordWithToken(ComponentName admin, String passwordOrNull, byte[] token, 12579 int flags) { 12580 Preconditions.checkNotNull(token); 12581 synchronized (this) { 12582 final int userHandle = mInjector.userHandleGetCallingUserId(); 12583 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12584 12585 DevicePolicyData policy = getUserData(userHandle); 12586 if (policy.mPasswordTokenHandle != 0) { 12587 final String password = passwordOrNull != null ? passwordOrNull : ""; 12588 return resetPasswordInternal(password, policy.mPasswordTokenHandle, token, 12589 flags, mInjector.binderGetCallingUid(), userHandle); 12590 } else { 12591 Slog.w(LOG_TAG, "No saved token handle"); 12592 } 12593 } 12594 return false; 12595 } 12596 12597 @Override 12598 public boolean isCurrentInputMethodSetByOwner() { 12599 enforceProfileOwnerOrSystemUser(); 12600 return getUserData(mInjector.userHandleGetCallingUserId()).mCurrentInputMethodSet; 12601 } 12602 12603 @Override 12604 public StringParceledListSlice getOwnerInstalledCaCerts(@NonNull UserHandle user) { 12605 final int userId = user.getIdentifier(); 12606 enforceProfileOwnerOrFullCrossUsersPermission(userId); 12607 synchronized (this) { 12608 return new StringParceledListSlice( 12609 new ArrayList<>(getUserData(userId).mOwnerInstalledCaCerts)); 12610 } 12611 } 12612 12613 @Override 12614 public void clearApplicationUserData(ComponentName admin, String packageName, 12615 IPackageDataObserver callback) { 12616 Preconditions.checkNotNull(admin, "ComponentName is null"); 12617 Preconditions.checkNotNull(packageName, "packageName is null"); 12618 Preconditions.checkNotNull(callback, "callback is null"); 12619 synchronized (this) { 12620 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12621 } 12622 final int userId = UserHandle.getCallingUserId(); 12623 12624 long ident = mInjector.binderClearCallingIdentity(); 12625 try { 12626 ActivityManager.getService().clearApplicationUserData(packageName, false, callback, 12627 userId); 12628 } catch(RemoteException re) { 12629 // Same process, should not happen. 12630 } catch (SecurityException se) { 12631 // This can happen e.g. for device admin packages, do not throw out the exception, 12632 // because callers have no means to know beforehand for which packages this might 12633 // happen. If so, we send back that removal failed. 12634 Slog.w(LOG_TAG, "Not allowed to clear application user data for package " + packageName, 12635 se); 12636 try { 12637 callback.onRemoveCompleted(packageName, false); 12638 } catch (RemoteException re) { 12639 // Caller is no longer available, ignore 12640 } 12641 } finally { 12642 mInjector.binderRestoreCallingIdentity(ident); 12643 } 12644 } 12645 12646 @Override 12647 public synchronized void setLogoutEnabled(ComponentName admin, boolean enabled) { 12648 if (!mHasFeature) { 12649 return; 12650 } 12651 Preconditions.checkNotNull(admin); 12652 12653 synchronized (this) { 12654 ActiveAdmin deviceOwner = 12655 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12656 12657 if (deviceOwner.isLogoutEnabled == enabled) { 12658 // already in the requested state 12659 return; 12660 } 12661 deviceOwner.isLogoutEnabled = enabled; 12662 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12663 } 12664 } 12665 12666 @Override 12667 public boolean isLogoutEnabled() { 12668 if (!mHasFeature) { 12669 return false; 12670 } 12671 synchronized (this) { 12672 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 12673 return (deviceOwner != null) && deviceOwner.isLogoutEnabled; 12674 } 12675 } 12676 12677 @Override 12678 public List<String> getDisallowedSystemApps(ComponentName admin, int userId, 12679 String provisioningAction) throws RemoteException { 12680 enforceCanManageProfileAndDeviceOwners(); 12681 return new ArrayList<>( 12682 mOverlayPackagesProvider.getNonRequiredApps(admin, userId, provisioningAction)); 12683 } 12684 12685 @Override 12686 public void transferOwnership(@NonNull ComponentName admin, @NonNull ComponentName target, 12687 @Nullable PersistableBundle bundle) { 12688 if (!mHasFeature) { 12689 return; 12690 } 12691 12692 Preconditions.checkNotNull(admin, "Admin cannot be null."); 12693 Preconditions.checkNotNull(target, "Target cannot be null."); 12694 12695 enforceProfileOrDeviceOwner(admin); 12696 12697 if (admin.equals(target)) { 12698 throw new IllegalArgumentException("Provided administrator and target are " 12699 + "the same object."); 12700 } 12701 12702 if (admin.getPackageName().equals(target.getPackageName())) { 12703 throw new IllegalArgumentException("Provided administrator and target have " 12704 + "the same package name."); 12705 } 12706 12707 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12708 final DevicePolicyData policy = getUserData(callingUserId); 12709 final DeviceAdminInfo incomingDeviceInfo = findAdmin(target, callingUserId, 12710 /* throwForMissingPermission= */ true); 12711 checkActiveAdminPrecondition(target, incomingDeviceInfo, policy); 12712 if (!incomingDeviceInfo.supportsTransferOwnership()) { 12713 throw new IllegalArgumentException("Provided target does not support " 12714 + "ownership transfer."); 12715 } 12716 12717 final long id = mInjector.binderClearCallingIdentity(); 12718 try { 12719 synchronized (this) { 12720 /* 12721 * We must ensure the whole process is atomic to prevent the device from ending up 12722 * in an invalid state (e.g. no active admin). This could happen if the device 12723 * is rebooted or work mode is turned off mid-transfer. 12724 * In order to guarantee atomicity, we: 12725 * 12726 * 1. Save an atomic journal file describing the transfer process 12727 * 2. Perform the transfer itself 12728 * 3. Delete the journal file 12729 * 12730 * That way if the journal file exists on device boot, we know that the transfer 12731 * must be reverted back to the original administrator. This logic is implemented in 12732 * revertTransferOwnershipIfNecessaryLocked. 12733 * */ 12734 if (bundle == null) { 12735 bundle = new PersistableBundle(); 12736 } 12737 if (isProfileOwner(admin, callingUserId)) { 12738 prepareTransfer(admin, target, bundle, callingUserId, 12739 ADMIN_TYPE_PROFILE_OWNER); 12740 transferProfileOwnershipLocked(admin, target, callingUserId); 12741 sendProfileOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE, 12742 getTransferOwnershipAdminExtras(bundle), callingUserId); 12743 postTransfer(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, callingUserId); 12744 if (isUserAffiliatedWithDeviceLocked(callingUserId)) { 12745 notifyAffiliatedProfileTransferOwnershipComplete(callingUserId); 12746 } 12747 } else if (isDeviceOwner(admin, callingUserId)) { 12748 prepareTransfer(admin, target, bundle, callingUserId, 12749 ADMIN_TYPE_DEVICE_OWNER); 12750 transferDeviceOwnershipLocked(admin, target, callingUserId); 12751 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_TRANSFER_OWNERSHIP_COMPLETE, 12752 getTransferOwnershipAdminExtras(bundle)); 12753 postTransfer(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED, callingUserId); 12754 } 12755 } 12756 } finally { 12757 mInjector.binderRestoreCallingIdentity(id); 12758 } 12759 } 12760 12761 private void prepareTransfer(ComponentName admin, ComponentName target, 12762 PersistableBundle bundle, int callingUserId, String adminType) { 12763 saveTransferOwnershipBundleLocked(bundle, callingUserId); 12764 mTransferOwnershipMetadataManager.saveMetadataFile( 12765 new TransferOwnershipMetadataManager.Metadata(admin, target, 12766 callingUserId, adminType)); 12767 } 12768 12769 private void postTransfer(String broadcast, int callingUserId) { 12770 deleteTransferOwnershipMetadataFileLocked(); 12771 sendOwnerChangedBroadcast(broadcast, callingUserId); 12772 } 12773 12774 private void notifyAffiliatedProfileTransferOwnershipComplete(int callingUserId) { 12775 final Bundle extras = new Bundle(); 12776 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(callingUserId)); 12777 sendDeviceOwnerCommand( 12778 DeviceAdminReceiver.ACTION_AFFILIATED_PROFILE_TRANSFER_OWNERSHIP_COMPLETE, extras); 12779 } 12780 12781 /** 12782 * Transfers the profile owner for user with id profileOwnerUserId from admin to target. 12783 */ 12784 private void transferProfileOwnershipLocked(ComponentName admin, ComponentName target, 12785 int profileOwnerUserId) { 12786 transferActiveAdminUncheckedLocked(target, admin, profileOwnerUserId); 12787 mOwners.transferProfileOwner(target, profileOwnerUserId); 12788 Slog.i(LOG_TAG, "Profile owner set: " + target + " on user " + profileOwnerUserId); 12789 mOwners.writeProfileOwner(profileOwnerUserId); 12790 mDeviceAdminServiceController.startServiceForOwner( 12791 target.getPackageName(), profileOwnerUserId, "transfer-profile-owner"); 12792 } 12793 12794 /** 12795 * Transfers the device owner for user with id userId from admin to target. 12796 */ 12797 private void transferDeviceOwnershipLocked(ComponentName admin, ComponentName target, int userId) { 12798 transferActiveAdminUncheckedLocked(target, admin, userId); 12799 mOwners.transferDeviceOwnership(target); 12800 Slog.i(LOG_TAG, "Device owner set: " + target + " on user " + userId); 12801 mOwners.writeDeviceOwner(); 12802 mDeviceAdminServiceController.startServiceForOwner( 12803 target.getPackageName(), userId, "transfer-device-owner"); 12804 } 12805 12806 private Bundle getTransferOwnershipAdminExtras(PersistableBundle bundle) { 12807 Bundle extras = new Bundle(); 12808 if (bundle != null) { 12809 extras.putParcelable(EXTRA_TRANSFER_OWNERSHIP_ADMIN_EXTRAS_BUNDLE, bundle); 12810 } 12811 return extras; 12812 } 12813 12814 @Override 12815 public void setStartUserSessionMessage( 12816 ComponentName admin, CharSequence startUserSessionMessage) { 12817 if (!mHasFeature) { 12818 return; 12819 } 12820 Preconditions.checkNotNull(admin); 12821 12822 final String startUserSessionMessageString = 12823 startUserSessionMessage != null ? startUserSessionMessage.toString() : null; 12824 12825 synchronized (this) { 12826 final ActiveAdmin deviceOwner = 12827 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12828 12829 if (TextUtils.equals(deviceOwner.startUserSessionMessage, startUserSessionMessage)) { 12830 return; 12831 } 12832 deviceOwner.startUserSessionMessage = startUserSessionMessageString; 12833 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12834 } 12835 12836 mInjector.getActivityManagerInternal() 12837 .setSwitchingFromSystemUserMessage(startUserSessionMessageString); 12838 } 12839 12840 @Override 12841 public void setEndUserSessionMessage(ComponentName admin, CharSequence endUserSessionMessage) { 12842 if (!mHasFeature) { 12843 return; 12844 } 12845 Preconditions.checkNotNull(admin); 12846 12847 final String endUserSessionMessageString = 12848 endUserSessionMessage != null ? endUserSessionMessage.toString() : null; 12849 12850 synchronized (this) { 12851 final ActiveAdmin deviceOwner = 12852 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12853 12854 if (TextUtils.equals(deviceOwner.endUserSessionMessage, endUserSessionMessage)) { 12855 return; 12856 } 12857 deviceOwner.endUserSessionMessage = endUserSessionMessageString; 12858 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 12859 } 12860 12861 mInjector.getActivityManagerInternal() 12862 .setSwitchingToSystemUserMessage(endUserSessionMessageString); 12863 } 12864 12865 @Override 12866 public String getStartUserSessionMessage(ComponentName admin) { 12867 if (!mHasFeature) { 12868 return null; 12869 } 12870 Preconditions.checkNotNull(admin); 12871 12872 synchronized (this) { 12873 final ActiveAdmin deviceOwner = 12874 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12875 return deviceOwner.startUserSessionMessage; 12876 } 12877 } 12878 12879 @Override 12880 public String getEndUserSessionMessage(ComponentName admin) { 12881 if (!mHasFeature) { 12882 return null; 12883 } 12884 Preconditions.checkNotNull(admin); 12885 12886 synchronized (this) { 12887 final ActiveAdmin deviceOwner = 12888 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12889 return deviceOwner.endUserSessionMessage; 12890 } 12891 } 12892 12893 private void deleteTransferOwnershipMetadataFileLocked() { 12894 mTransferOwnershipMetadataManager.deleteMetadataFile(); 12895 } 12896 12897 @Override 12898 @Nullable 12899 public PersistableBundle getTransferOwnershipBundle() { 12900 synchronized (this) { 12901 final int callingUserId = mInjector.userHandleGetCallingUserId(); 12902 getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 12903 final File bundleFile = new File( 12904 mInjector.environmentGetUserSystemDirectory(callingUserId), 12905 TRANSFER_OWNERSHIP_PARAMETERS_XML); 12906 if (!bundleFile.exists()) { 12907 return null; 12908 } 12909 try (FileInputStream stream = new FileInputStream(bundleFile)) { 12910 XmlPullParser parser = Xml.newPullParser(); 12911 parser.setInput(stream, null); 12912 parser.next(); 12913 return PersistableBundle.restoreFromXml(parser); 12914 } catch (IOException | XmlPullParserException | IllegalArgumentException e) { 12915 Slog.e(LOG_TAG, "Caught exception while trying to load the " 12916 + "owner transfer parameters from file " + bundleFile, e); 12917 return null; 12918 } 12919 } 12920 } 12921 12922 @Override 12923 public int addOverrideApn(@NonNull ComponentName who, @NonNull ApnSetting apnSetting) { 12924 if (!mHasFeature) { 12925 return -1; 12926 } 12927 Preconditions.checkNotNull(who, "ComponentName is null in addOverrideApn"); 12928 Preconditions.checkNotNull(apnSetting, "ApnSetting is null in addOverrideApn"); 12929 synchronized (this) { 12930 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12931 } 12932 12933 int operatedId = -1; 12934 Uri resultUri; 12935 final long id = mInjector.binderClearCallingIdentity(); 12936 try { 12937 resultUri = mContext.getContentResolver().insert(DPC_URI, apnSetting.toContentValues()); 12938 } finally { 12939 mInjector.binderRestoreCallingIdentity(id); 12940 } 12941 if (resultUri != null) { 12942 try { 12943 operatedId = Integer.parseInt(resultUri.getLastPathSegment()); 12944 } catch (NumberFormatException e) { 12945 Slog.e(LOG_TAG, "Failed to parse inserted override APN id.", e); 12946 } 12947 } 12948 12949 return operatedId; 12950 } 12951 12952 @Override 12953 public boolean updateOverrideApn(@NonNull ComponentName who, int apnId, 12954 @NonNull ApnSetting apnSetting) { 12955 if (!mHasFeature) { 12956 return false; 12957 } 12958 Preconditions.checkNotNull(who, "ComponentName is null in updateOverrideApn"); 12959 Preconditions.checkNotNull(apnSetting, "ApnSetting is null in updateOverrideApn"); 12960 synchronized (this) { 12961 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12962 } 12963 12964 if (apnId < 0) { 12965 return false; 12966 } 12967 final long id = mInjector.binderClearCallingIdentity(); 12968 try { 12969 return mContext.getContentResolver().update( 12970 Uri.withAppendedPath(DPC_URI, Integer.toString(apnId)), 12971 apnSetting.toContentValues(), null, null) > 0; 12972 } finally { 12973 mInjector.binderRestoreCallingIdentity(id); 12974 } 12975 } 12976 12977 @Override 12978 public boolean removeOverrideApn(@NonNull ComponentName who, int apnId) { 12979 if (!mHasFeature) { 12980 return false; 12981 } 12982 Preconditions.checkNotNull(who, "ComponentName is null in removeOverrideApn"); 12983 synchronized (this) { 12984 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 12985 } 12986 12987 return removeOverrideApnUnchecked(apnId); 12988 } 12989 12990 private boolean removeOverrideApnUnchecked(int apnId) { 12991 if(apnId < 0) { 12992 return false; 12993 } 12994 int numDeleted = 0; 12995 final long id = mInjector.binderClearCallingIdentity(); 12996 try { 12997 numDeleted = mContext.getContentResolver().delete( 12998 Uri.withAppendedPath(DPC_URI, Integer.toString(apnId)), null, null); 12999 } finally { 13000 mInjector.binderRestoreCallingIdentity(id); 13001 } 13002 return numDeleted > 0; 13003 } 13004 13005 @Override 13006 public List<ApnSetting> getOverrideApns(@NonNull ComponentName who) { 13007 if (!mHasFeature) { 13008 return Collections.emptyList(); 13009 } 13010 Preconditions.checkNotNull(who, "ComponentName is null in getOverrideApns"); 13011 synchronized (this) { 13012 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 13013 } 13014 13015 return getOverrideApnsUnchecked(); 13016 } 13017 13018 private List<ApnSetting> getOverrideApnsUnchecked() { 13019 final Cursor cursor; 13020 final long id = mInjector.binderClearCallingIdentity(); 13021 try { 13022 cursor = mContext.getContentResolver().query(DPC_URI, null, null, null, null); 13023 } finally { 13024 mInjector.binderRestoreCallingIdentity(id); 13025 } 13026 13027 if (cursor == null) { 13028 return Collections.emptyList(); 13029 } 13030 try { 13031 List<ApnSetting> apnList = new ArrayList<ApnSetting>(); 13032 cursor.moveToPosition(-1); 13033 while (cursor.moveToNext()) { 13034 ApnSetting apn = ApnSetting.makeApnSetting(cursor); 13035 apnList.add(apn); 13036 } 13037 return apnList; 13038 } finally { 13039 cursor.close(); 13040 } 13041 } 13042 13043 @Override 13044 public void setOverrideApnsEnabled(@NonNull ComponentName who, boolean enabled) { 13045 if (!mHasFeature) { 13046 return; 13047 } 13048 Preconditions.checkNotNull(who, "ComponentName is null in setOverrideApnEnabled"); 13049 synchronized (this) { 13050 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 13051 } 13052 13053 setOverrideApnsEnabledUnchecked(enabled); 13054 } 13055 13056 private void setOverrideApnsEnabledUnchecked(boolean enabled) { 13057 ContentValues value = new ContentValues(); 13058 value.put(ENFORCE_KEY, enabled); 13059 final long id = mInjector.binderClearCallingIdentity(); 13060 try { 13061 mContext.getContentResolver().update( 13062 ENFORCE_MANAGED_URI, value, null, null); 13063 } finally { 13064 mInjector.binderRestoreCallingIdentity(id); 13065 } 13066 } 13067 13068 @Override 13069 public boolean isOverrideApnEnabled(@NonNull ComponentName who) { 13070 if (!mHasFeature) { 13071 return false; 13072 } 13073 Preconditions.checkNotNull(who, "ComponentName is null in isOverrideApnEnabled"); 13074 synchronized (this) { 13075 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 13076 } 13077 13078 Cursor enforceCursor; 13079 final long id = mInjector.binderClearCallingIdentity(); 13080 try { 13081 enforceCursor = mContext.getContentResolver().query( 13082 ENFORCE_MANAGED_URI, null, null, null, null); 13083 } finally { 13084 mInjector.binderRestoreCallingIdentity(id); 13085 } 13086 13087 if (enforceCursor == null) { 13088 return false; 13089 } 13090 try { 13091 if (enforceCursor.moveToFirst()) { 13092 return enforceCursor.getInt(enforceCursor.getColumnIndex(ENFORCE_KEY)) == 1; 13093 } 13094 } catch (IllegalArgumentException e) { 13095 Slog.e(LOG_TAG, "Cursor returned from ENFORCE_MANAGED_URI doesn't contain " 13096 + "correct info.", e); 13097 } finally { 13098 enforceCursor.close(); 13099 } 13100 return false; 13101 } 13102 13103 @VisibleForTesting 13104 void saveTransferOwnershipBundleLocked(PersistableBundle bundle, int userId) { 13105 final File parametersFile = new File( 13106 mInjector.environmentGetUserSystemDirectory(userId), 13107 TRANSFER_OWNERSHIP_PARAMETERS_XML); 13108 final AtomicFile atomicFile = new AtomicFile(parametersFile); 13109 FileOutputStream stream = null; 13110 try { 13111 stream = atomicFile.startWrite(); 13112 final XmlSerializer serializer = new FastXmlSerializer(); 13113 serializer.setOutput(stream, StandardCharsets.UTF_8.name()); 13114 serializer.startDocument(null, true); 13115 serializer.startTag(null, TAG_TRANSFER_OWNERSHIP_BUNDLE); 13116 bundle.saveToXml(serializer); 13117 serializer.endTag(null, TAG_TRANSFER_OWNERSHIP_BUNDLE); 13118 serializer.endDocument(); 13119 atomicFile.finishWrite(stream); 13120 } catch (IOException | XmlPullParserException e) { 13121 Slog.e(LOG_TAG, "Caught exception while trying to save the " 13122 + "owner transfer parameters to file " + parametersFile, e); 13123 parametersFile.delete(); 13124 atomicFile.failWrite(stream); 13125 } 13126 } 13127 13128 void deleteTransferOwnershipBundleLocked(int userId) { 13129 final File parametersFile = new File(mInjector.environmentGetUserSystemDirectory(userId), 13130 TRANSFER_OWNERSHIP_PARAMETERS_XML); 13131 parametersFile.delete(); 13132 } 13133 13134 private void maybeLogPasswordComplexitySet(ComponentName who, int userId, boolean parent, 13135 PasswordMetrics metrics) { 13136 if (SecurityLog.isLoggingEnabled()) { 13137 final int affectedUserId = parent ? getProfileParentId(userId) : userId; 13138 SecurityLog.writeEvent(SecurityLog.TAG_PASSWORD_COMPLEXITY_SET, who.getPackageName(), 13139 userId, affectedUserId, metrics.length, metrics.quality, metrics.letters, 13140 metrics.nonLetter, metrics.numeric, metrics.upperCase, metrics.lowerCase, 13141 metrics.symbols); 13142 } 13143 } 13144 13145 private static String getManagedProvisioningPackage(Context context) { 13146 return context.getResources().getString(R.string.config_managed_provisioning_package); 13147 } 13148} 13149