DevicePolicyManagerService.java revision af5bac3d2350dc60f645ef6ece93d6a5417c50a9
1/* 2 * Copyright (C) 2010 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.devicepolicy; 18 19import static android.Manifest.permission.BIND_DEVICE_ADMIN; 20import static android.Manifest.permission.MANAGE_CA_CERTIFICATES; 21import static android.app.ActivityManager.LOCK_TASK_MODE_NONE; 22import static android.app.ActivityManager.USER_OP_SUCCESS; 23import static android.app.admin.DevicePolicyManager.ACTION_PROVISION_MANAGED_USER; 24import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY; 25import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED; 26import static android.app.admin.DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE; 27import static android.app.admin.DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED; 28import static android.app.admin.DevicePolicyManager.CODE_HAS_DEVICE_OWNER; 29import static android.app.admin.DevicePolicyManager.CODE_HAS_PAIRED; 30import static android.app.admin.DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED; 31import static android.app.admin.DevicePolicyManager.CODE_NONSYSTEM_USER_EXISTS; 32import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER; 33import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT; 34import static android.app.admin.DevicePolicyManager.CODE_OK; 35import static android.app.admin.DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; 36import static android.app.admin.DevicePolicyManager.CODE_SYSTEM_USER; 37import static android.app.admin.DevicePolicyManager.CODE_USER_HAS_PROFILE_OWNER; 38import static android.app.admin.DevicePolicyManager.CODE_USER_NOT_RUNNING; 39import static android.app.admin.DevicePolicyManager.CODE_USER_SETUP_COMPLETED; 40import static android.app.admin.DevicePolicyManager.DELEGATION_APP_RESTRICTIONS; 41import static android.app.admin.DevicePolicyManager.DELEGATION_BLOCK_UNINSTALL; 42import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL; 43import static android.app.admin.DevicePolicyManager.DELEGATION_ENABLE_SYSTEM_APP; 44import static android.app.admin.DevicePolicyManager.DELEGATION_INSTALL_EXISTING_PACKAGE; 45import static android.app.admin.DevicePolicyManager.DELEGATION_KEEP_UNINSTALLED_PACKAGES; 46import static android.app.admin.DevicePolicyManager.DELEGATION_PACKAGE_ACCESS; 47import static android.app.admin.DevicePolicyManager.DELEGATION_PERMISSION_GRANT; 48import static android.app.admin.DevicePolicyManager.LEAVE_ALL_SYSTEM_APPS_ENABLED; 49import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; 50import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; 51import static android.app.admin.DevicePolicyManager.PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER; 52import static android.app.admin.DevicePolicyManager.START_USER_IN_BACKGROUND; 53import static android.app.admin.DevicePolicyManager.WIPE_EUICC; 54import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE; 55import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA; 56import static android.content.pm.PackageManager.MATCH_UNINSTALLED_PACKAGES; 57import static com.android.internal.logging.nano.MetricsProto.MetricsEvent.PROVISIONING_ENTRY_POINT_ADB; 58import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW; 59import static org.xmlpull.v1.XmlPullParser.END_DOCUMENT; 60import static org.xmlpull.v1.XmlPullParser.END_TAG; 61import static org.xmlpull.v1.XmlPullParser.TEXT; 62 63import android.Manifest.permission; 64import android.accessibilityservice.AccessibilityServiceInfo; 65import android.accounts.Account; 66import android.accounts.AccountManager; 67import android.annotation.NonNull; 68import android.annotation.Nullable; 69import android.annotation.UserIdInt; 70import android.app.Activity; 71import android.app.ActivityManager; 72import android.app.ActivityManagerInternal; 73import android.app.AlarmManager; 74import android.app.AppGlobals; 75import android.app.IActivityManager; 76import android.app.IApplicationThread; 77import android.app.IServiceConnection; 78import android.app.Notification; 79import android.app.NotificationManager; 80import android.app.PendingIntent; 81import android.app.StatusBarManager; 82import android.app.admin.DeviceAdminInfo; 83import android.app.admin.DeviceAdminReceiver; 84import android.app.admin.DevicePolicyManager; 85import android.app.admin.DevicePolicyManagerInternal; 86import android.app.admin.NetworkEvent; 87import android.app.admin.PasswordMetrics; 88import android.app.admin.SecurityLog; 89import android.app.admin.SecurityLog.SecurityEvent; 90import android.app.admin.SystemUpdateInfo; 91import android.app.admin.SystemUpdatePolicy; 92import android.app.backup.IBackupManager; 93import android.app.trust.TrustManager; 94import android.content.BroadcastReceiver; 95import android.content.ComponentName; 96import android.content.Context; 97import android.content.Intent; 98import android.content.IntentFilter; 99import android.content.pm.ActivityInfo; 100import android.content.pm.ApplicationInfo; 101import android.content.pm.IPackageDataObserver; 102import android.content.pm.IPackageManager; 103import android.content.pm.PackageInfo; 104import android.content.pm.PackageManager; 105import android.content.pm.PackageManagerInternal; 106import android.content.pm.PackageManager.NameNotFoundException; 107import android.content.pm.ParceledListSlice; 108import android.content.pm.PermissionInfo; 109import android.content.pm.ResolveInfo; 110import android.content.pm.ServiceInfo; 111import android.content.pm.StringParceledListSlice; 112import android.content.pm.UserInfo; 113import android.content.res.Resources; 114import android.database.ContentObserver; 115import android.graphics.Bitmap; 116import android.graphics.Color; 117import android.media.AudioManager; 118import android.media.IAudioService; 119import android.net.ConnectivityManager; 120import android.net.IIpConnectivityMetrics; 121import android.net.ProxyInfo; 122import android.net.Uri; 123import android.net.metrics.IpConnectivityLog; 124import android.net.wifi.WifiInfo; 125import android.net.wifi.WifiManager; 126import android.os.Binder; 127import android.os.Build; 128import android.os.Bundle; 129import android.os.Environment; 130import android.os.FileUtils; 131import android.os.Handler; 132import android.os.IBinder; 133import android.os.Looper; 134import android.os.ParcelFileDescriptor; 135import android.os.PersistableBundle; 136import android.os.PowerManager; 137import android.os.PowerManagerInternal; 138import android.os.Process; 139import android.os.RecoverySystem; 140import android.os.RemoteCallback; 141import android.os.RemoteException; 142import android.os.ServiceManager; 143import android.os.SystemClock; 144import android.os.SystemProperties; 145import android.os.UserHandle; 146import android.os.UserManager; 147import android.os.UserManagerInternal; 148import android.os.storage.StorageManager; 149import android.provider.ContactsContract.QuickContact; 150import android.provider.ContactsInternal; 151import android.provider.Settings; 152import android.provider.Settings.Global; 153import android.security.Credentials; 154import android.security.IKeyChainAliasCallback; 155import android.security.IKeyChainService; 156import android.security.KeyChain; 157import android.security.KeyChain.KeyChainConnection; 158import android.security.keymaster.KeymasterCertificateChain; 159import android.security.keystore.KeyGenParameterSpec; 160import android.security.keystore.ParcelableKeyGenParameterSpec; 161import android.security.KeyStore; 162import android.security.keystore.AttestationUtils; 163import android.service.persistentdata.PersistentDataBlockManager; 164import android.telephony.TelephonyManager; 165import android.text.TextUtils; 166import android.util.ArrayMap; 167import android.util.ArraySet; 168import android.util.Log; 169import android.util.Pair; 170import android.util.Slog; 171import android.util.SparseArray; 172import android.util.Xml; 173import android.view.IWindowManager; 174import android.view.accessibility.AccessibilityManager; 175import android.view.accessibility.IAccessibilityManager; 176import android.view.inputmethod.InputMethodInfo; 177import android.view.inputmethod.InputMethodManager; 178 179import com.android.internal.R; 180import com.android.internal.annotations.GuardedBy; 181import com.android.internal.annotations.VisibleForTesting; 182import com.android.internal.logging.MetricsLogger; 183import com.android.internal.messages.nano.SystemMessageProto.SystemMessage; 184import com.android.internal.notification.SystemNotificationChannels; 185import com.android.internal.os.BackgroundThread; 186import com.android.internal.statusbar.IStatusBarService; 187import com.android.internal.util.DumpUtils; 188import com.android.internal.util.FastXmlSerializer; 189import com.android.internal.util.FunctionalUtils.ThrowingRunnable; 190import com.android.internal.util.JournaledFile; 191import com.android.internal.util.Preconditions; 192import com.android.internal.util.XmlUtils; 193import com.android.internal.widget.LockPatternUtils; 194import com.android.server.LocalServices; 195import com.android.server.SystemService; 196import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo; 197import com.android.server.pm.UserRestrictionsUtils; 198import com.google.android.collect.Sets; 199 200import org.xmlpull.v1.XmlPullParser; 201import org.xmlpull.v1.XmlPullParserException; 202import org.xmlpull.v1.XmlSerializer; 203 204import java.io.File; 205import java.io.FileDescriptor; 206import java.io.FileInputStream; 207import java.io.FileNotFoundException; 208import java.io.FileOutputStream; 209import java.io.IOException; 210import java.io.PrintWriter; 211import java.lang.IllegalStateException; 212import java.lang.reflect.Constructor; 213import java.nio.charset.StandardCharsets; 214import java.text.DateFormat; 215import java.util.ArrayList; 216import java.util.Arrays; 217import java.util.Collection; 218import java.util.Collections; 219import java.util.Date; 220import java.util.List; 221import java.util.Map.Entry; 222import java.util.Set; 223import java.util.concurrent.TimeUnit; 224import java.util.concurrent.atomic.AtomicBoolean; 225import java.util.function.Function; 226 227/** 228 * Implementation of the device policy APIs. 229 */ 230public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 231 232 protected static final String LOG_TAG = "DevicePolicyManager"; 233 234 private static final boolean VERBOSE_LOG = false; // DO NOT SUBMIT WITH TRUE 235 236 private static final String DEVICE_POLICIES_XML = "device_policies.xml"; 237 238 private static final String TAG_ACCEPTED_CA_CERTIFICATES = "accepted-ca-certificate"; 239 240 private static final String TAG_LOCK_TASK_COMPONENTS = "lock-task-component"; 241 242 private static final String TAG_LOCK_TASK_FEATURES = "lock-task-features"; 243 244 private static final String TAG_STATUS_BAR = "statusbar"; 245 246 private static final String ATTR_DISABLED = "disabled"; 247 248 private static final String ATTR_NAME = "name"; 249 250 private static final String DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML = 251 "do-not-ask-credentials-on-boot"; 252 253 private static final String TAG_AFFILIATION_ID = "affiliation-id"; 254 255 private static final String TAG_LAST_SECURITY_LOG_RETRIEVAL = "last-security-log-retrieval"; 256 257 private static final String TAG_LAST_BUG_REPORT_REQUEST = "last-bug-report-request"; 258 259 private static final String TAG_LAST_NETWORK_LOG_RETRIEVAL = "last-network-log-retrieval"; 260 261 private static final String TAG_ADMIN_BROADCAST_PENDING = "admin-broadcast-pending"; 262 263 private static final String TAG_CURRENT_INPUT_METHOD_SET = "current-ime-set"; 264 265 private static final String TAG_OWNER_INSTALLED_CA_CERT = "owner-installed-ca-cert"; 266 267 private static final String ATTR_ID = "id"; 268 269 private static final String ATTR_VALUE = "value"; 270 271 private static final String ATTR_ALIAS = "alias"; 272 273 private static final String TAG_INITIALIZATION_BUNDLE = "initialization-bundle"; 274 275 private static final String TAG_PASSWORD_TOKEN_HANDLE = "password-token"; 276 277 private static final String TAG_PASSWORD_VALIDITY = "password-validity"; 278 279 private static final int REQUEST_EXPIRE_PASSWORD = 5571; 280 281 private static final long MS_PER_DAY = TimeUnit.DAYS.toMillis(1); 282 283 private static final long EXPIRATION_GRACE_PERIOD_MS = 5 * MS_PER_DAY; // 5 days, in ms 284 285 private static final String ACTION_EXPIRED_PASSWORD_NOTIFICATION 286 = "com.android.server.ACTION_EXPIRED_PASSWORD_NOTIFICATION"; 287 288 private static final String ATTR_PERMISSION_PROVIDER = "permission-provider"; 289 private static final String ATTR_SETUP_COMPLETE = "setup-complete"; 290 private static final String ATTR_PROVISIONING_STATE = "provisioning-state"; 291 private static final String ATTR_PERMISSION_POLICY = "permission-policy"; 292 private static final String ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED = 293 "device-provisioning-config-applied"; 294 private static final String ATTR_DEVICE_PAIRED = "device-paired"; 295 private static final String ATTR_DELEGATED_CERT_INSTALLER = "delegated-cert-installer"; 296 private static final String ATTR_APPLICATION_RESTRICTIONS_MANAGER 297 = "application-restrictions-manager"; 298 299 private static final String MANAGED_PROVISIONING_PKG = "com.android.managedprovisioning"; 300 301 // Comprehensive list of delegations. 302 private static final String DELEGATIONS[] = { 303 DELEGATION_CERT_INSTALL, 304 DELEGATION_APP_RESTRICTIONS, 305 DELEGATION_BLOCK_UNINSTALL, 306 DELEGATION_ENABLE_SYSTEM_APP, 307 DELEGATION_KEEP_UNINSTALLED_PACKAGES, 308 DELEGATION_PACKAGE_ACCESS, 309 DELEGATION_PERMISSION_GRANT, 310 DELEGATION_INSTALL_EXISTING_PACKAGE, 311 DELEGATION_KEEP_UNINSTALLED_PACKAGES 312 }; 313 314 /** 315 * System property whose value is either "true" or "false", indicating whether 316 * device owner is present. 317 */ 318 private static final String PROPERTY_DEVICE_OWNER_PRESENT = "ro.device_owner"; 319 320 private static final int STATUS_BAR_DISABLE_MASK = 321 StatusBarManager.DISABLE_EXPAND | 322 StatusBarManager.DISABLE_NOTIFICATION_ICONS | 323 StatusBarManager.DISABLE_NOTIFICATION_ALERTS | 324 StatusBarManager.DISABLE_SEARCH; 325 326 private static final int STATUS_BAR_DISABLE2_MASK = 327 StatusBarManager.DISABLE2_QUICK_SETTINGS; 328 329 private static final Set<String> SECURE_SETTINGS_WHITELIST; 330 private static final Set<String> SECURE_SETTINGS_DEVICEOWNER_WHITELIST; 331 private static final Set<String> GLOBAL_SETTINGS_WHITELIST; 332 private static final Set<String> GLOBAL_SETTINGS_DEPRECATED; 333 private static final Set<String> SYSTEM_SETTINGS_WHITELIST; 334 static { 335 SECURE_SETTINGS_WHITELIST = new ArraySet<>(); 336 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.DEFAULT_INPUT_METHOD); 337 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.SKIP_FIRST_USE_HINTS); 338 SECURE_SETTINGS_WHITELIST.add(Settings.Secure.INSTALL_NON_MARKET_APPS); 339 340 SECURE_SETTINGS_DEVICEOWNER_WHITELIST = new ArraySet<>(); 341 SECURE_SETTINGS_DEVICEOWNER_WHITELIST.addAll(SECURE_SETTINGS_WHITELIST); 342 SECURE_SETTINGS_DEVICEOWNER_WHITELIST.add(Settings.Secure.LOCATION_MODE); 343 344 GLOBAL_SETTINGS_WHITELIST = new ArraySet<>(); 345 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.ADB_ENABLED); 346 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME); 347 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.AUTO_TIME_ZONE); 348 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.DATA_ROAMING); 349 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.USB_MASS_STORAGE_ENABLED); 350 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_SLEEP_POLICY); 351 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.STAY_ON_WHILE_PLUGGED_IN); 352 GLOBAL_SETTINGS_WHITELIST.add(Settings.Global.WIFI_DEVICE_OWNER_CONFIGS_LOCKDOWN); 353 354 GLOBAL_SETTINGS_DEPRECATED = new ArraySet<>(); 355 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.BLUETOOTH_ON); 356 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.DEVELOPMENT_SETTINGS_ENABLED); 357 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.MODE_RINGER); 358 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.NETWORK_PREFERENCE); 359 GLOBAL_SETTINGS_DEPRECATED.add(Settings.Global.WIFI_ON); 360 361 SYSTEM_SETTINGS_WHITELIST = new ArraySet<>(); 362 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS); 363 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_BRIGHTNESS_MODE); 364 SYSTEM_SETTINGS_WHITELIST.add(Settings.System.SCREEN_OFF_TIMEOUT); 365 } 366 367 /** 368 * Keyguard features that when set on a profile affect the profile content or challenge only. 369 * These cannot be set on the managed profile's parent DPM instance 370 */ 371 private static final int PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY = 372 DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS; 373 374 /** Keyguard features that are allowed to be set on a managed profile */ 375 private static final int PROFILE_KEYGUARD_FEATURES = 376 PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER | PROFILE_KEYGUARD_FEATURES_PROFILE_ONLY; 377 378 private static final int DEVICE_ADMIN_DEACTIVATE_TIMEOUT = 10000; 379 380 /** 381 * Minimum timeout in milliseconds after which unlocking with weak auth times out, 382 * i.e. the user has to use a strong authentication method like password, PIN or pattern. 383 */ 384 private static final long MINIMUM_STRONG_AUTH_TIMEOUT_MS = TimeUnit.HOURS.toMillis(1); 385 386 /** 387 * Strings logged with {@link 388 * com.android.internal.logging.nano.MetricsProto.MetricsEvent#PROVISIONING_ENTRY_POINT_ADB}. 389 */ 390 private static final String LOG_TAG_PROFILE_OWNER = "profile-owner"; 391 private static final String LOG_TAG_DEVICE_OWNER = "device-owner"; 392 393 final Context mContext; 394 final Injector mInjector; 395 final IPackageManager mIPackageManager; 396 final UserManager mUserManager; 397 final UserManagerInternal mUserManagerInternal; 398 final TelephonyManager mTelephonyManager; 399 private final LockPatternUtils mLockPatternUtils; 400 private final DevicePolicyConstants mConstants; 401 private final DeviceAdminServiceController mDeviceAdminServiceController; 402 private final OverlayPackagesProvider mOverlayPackagesProvider; 403 404 /** 405 * Contains (package-user) pairs to remove. An entry (p, u) implies that removal of package p 406 * is requested for user u. 407 */ 408 private final Set<Pair<String, Integer>> mPackagesToRemove = 409 new ArraySet<Pair<String, Integer>>(); 410 411 final LocalService mLocalService; 412 413 // Stores and loads state on device and profile owners. 414 @VisibleForTesting 415 final Owners mOwners; 416 417 private final Binder mToken = new Binder(); 418 419 /** 420 * Whether or not device admin feature is supported. If it isn't return defaults for all 421 * public methods. 422 */ 423 boolean mHasFeature; 424 425 /** 426 * Whether or not this device is a watch. 427 */ 428 boolean mIsWatch; 429 430 private final CertificateMonitor mCertificateMonitor; 431 private final SecurityLogMonitor mSecurityLogMonitor; 432 private NetworkLogger mNetworkLogger; 433 434 private final AtomicBoolean mRemoteBugreportServiceIsActive = new AtomicBoolean(); 435 private final AtomicBoolean mRemoteBugreportSharingAccepted = new AtomicBoolean(); 436 437 private SetupContentObserver mSetupContentObserver; 438 439 private final Runnable mRemoteBugreportTimeoutRunnable = new Runnable() { 440 @Override 441 public void run() { 442 if(mRemoteBugreportServiceIsActive.get()) { 443 onBugreportFailed(); 444 } 445 } 446 }; 447 448 /** Listens only if mHasFeature == true. */ 449 private final BroadcastReceiver mRemoteBugreportFinishedReceiver = new BroadcastReceiver() { 450 451 @Override 452 public void onReceive(Context context, Intent intent) { 453 if (DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH.equals(intent.getAction()) 454 && mRemoteBugreportServiceIsActive.get()) { 455 onBugreportFinished(intent); 456 } 457 } 458 }; 459 460 /** Listens only if mHasFeature == true. */ 461 private final BroadcastReceiver mRemoteBugreportConsentReceiver = new BroadcastReceiver() { 462 463 @Override 464 public void onReceive(Context context, Intent intent) { 465 String action = intent.getAction(); 466 mInjector.getNotificationManager().cancel(LOG_TAG, 467 RemoteBugreportUtils.NOTIFICATION_ID); 468 if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED.equals(action)) { 469 onBugreportSharingAccepted(); 470 } else if (DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED.equals(action)) { 471 onBugreportSharingDeclined(); 472 } 473 mContext.unregisterReceiver(mRemoteBugreportConsentReceiver); 474 } 475 }; 476 477 public static final class Lifecycle extends SystemService { 478 private BaseIDevicePolicyManager mService; 479 480 public Lifecycle(Context context) { 481 super(context); 482 String dpmsClassName = context.getResources() 483 .getString(R.string.config_deviceSpecificDevicePolicyManagerService); 484 if (TextUtils.isEmpty(dpmsClassName)) { 485 dpmsClassName = DevicePolicyManagerService.class.getName(); 486 } 487 try { 488 Class serviceClass = Class.forName(dpmsClassName); 489 Constructor constructor = serviceClass.getConstructor(Context.class); 490 mService = (BaseIDevicePolicyManager) constructor.newInstance(context); 491 } catch (Exception e) { 492 throw new IllegalStateException( 493 "Failed to instantiate DevicePolicyManagerService with class name: " 494 + dpmsClassName, e); 495 } 496 } 497 498 @Override 499 public void onStart() { 500 publishBinderService(Context.DEVICE_POLICY_SERVICE, mService); 501 } 502 503 @Override 504 public void onBootPhase(int phase) { 505 mService.systemReady(phase); 506 } 507 508 @Override 509 public void onStartUser(int userHandle) { 510 mService.handleStartUser(userHandle); 511 } 512 513 @Override 514 public void onUnlockUser(int userHandle) { 515 mService.handleUnlockUser(userHandle); 516 } 517 518 @Override 519 public void onStopUser(int userHandle) { 520 mService.handleStopUser(userHandle); 521 } 522 } 523 524 public static class DevicePolicyData { 525 @NonNull PasswordMetrics mActivePasswordMetrics = new PasswordMetrics(); 526 int mFailedPasswordAttempts = 0; 527 boolean mPasswordStateHasBeenSetSinceBoot = false; 528 boolean mPasswordValidAtLastCheckpoint = false; 529 530 int mUserHandle; 531 int mPasswordOwner = -1; 532 long mLastMaximumTimeToLock = -1; 533 boolean mUserSetupComplete = false; 534 boolean mPaired = false; 535 int mUserProvisioningState; 536 int mPermissionPolicy; 537 538 boolean mDeviceProvisioningConfigApplied = false; 539 540 final ArrayMap<ComponentName, ActiveAdmin> mAdminMap = new ArrayMap<>(); 541 final ArrayList<ActiveAdmin> mAdminList = new ArrayList<>(); 542 final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>(); 543 544 // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead. 545 final ArraySet<String> mAcceptedCaCertificates = new ArraySet<>(); 546 547 // This is the list of component allowed to start lock task mode. 548 List<String> mLockTaskPackages = new ArrayList<>(); 549 550 // Bitfield of feature flags to be enabled during LockTask mode. 551 int mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE; 552 553 boolean mStatusBarDisabled = false; 554 555 ComponentName mRestrictionsProvider; 556 557 // Map of delegate package to delegation scopes 558 final ArrayMap<String, List<String>> mDelegationMap = new ArrayMap<>(); 559 560 boolean doNotAskCredentialsOnBoot = false; 561 562 Set<String> mAffiliationIds = new ArraySet<>(); 563 564 long mLastSecurityLogRetrievalTime = -1; 565 566 long mLastBugReportRequestTime = -1; 567 568 long mLastNetworkLogsRetrievalTime = -1; 569 570 boolean mCurrentInputMethodSet = false; 571 572 // TODO(b/35385311): Keep track of metadata in TrustedCertificateStore instead. 573 Set<String> mOwnerInstalledCaCerts = new ArraySet<>(); 574 575 // Used for initialization of users created by createAndManageUser. 576 boolean mAdminBroadcastPending = false; 577 PersistableBundle mInitBundle = null; 578 579 long mPasswordTokenHandle = 0; 580 581 public DevicePolicyData(int userHandle) { 582 mUserHandle = userHandle; 583 } 584 } 585 586 final SparseArray<DevicePolicyData> mUserData = new SparseArray<>(); 587 588 final Handler mHandler; 589 final Handler mBackgroundHandler; 590 591 /** Listens only if mHasFeature == true. */ 592 final BroadcastReceiver mReceiver = new BroadcastReceiver() { 593 @Override 594 public void onReceive(Context context, Intent intent) { 595 final String action = intent.getAction(); 596 final int userHandle = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, 597 getSendingUserId()); 598 599 /* 600 * Network logging would ideally be started in setDeviceOwnerSystemPropertyLocked(), 601 * however it's too early in the boot process to register with IIpConnectivityMetrics 602 * to listen for events. 603 */ 604 if (Intent.ACTION_USER_STARTED.equals(action) 605 && userHandle == mOwners.getDeviceOwnerUserId()) { 606 synchronized (DevicePolicyManagerService.this) { 607 if (isNetworkLoggingEnabledInternalLocked()) { 608 setNetworkLoggingActiveInternal(true); 609 } 610 } 611 } 612 if (Intent.ACTION_BOOT_COMPLETED.equals(action) 613 && userHandle == mOwners.getDeviceOwnerUserId() 614 && getDeviceOwnerRemoteBugreportUri() != null) { 615 IntentFilter filterConsent = new IntentFilter(); 616 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED); 617 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED); 618 mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent); 619 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, 620 RemoteBugreportUtils.NOTIFICATION_ID, 621 RemoteBugreportUtils.buildNotification(mContext, 622 DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED), 623 UserHandle.ALL); 624 } 625 if (Intent.ACTION_BOOT_COMPLETED.equals(action) 626 || ACTION_EXPIRED_PASSWORD_NOTIFICATION.equals(action)) { 627 if (VERBOSE_LOG) { 628 Slog.v(LOG_TAG, "Sending password expiration notifications for action " 629 + action + " for user " + userHandle); 630 } 631 mHandler.post(new Runnable() { 632 @Override 633 public void run() { 634 handlePasswordExpirationNotification(userHandle); 635 } 636 }); 637 } 638 639 if (Intent.ACTION_USER_ADDED.equals(action)) { 640 sendUserAddedOrRemovedCommand(DeviceAdminReceiver.ACTION_USER_ADDED, userHandle); 641 synchronized (DevicePolicyManagerService.this) { 642 // It might take a while for the user to become affiliated. Make security 643 // and network logging unavailable in the meantime. 644 maybePauseDeviceWideLoggingLocked(); 645 } 646 } else if (Intent.ACTION_USER_REMOVED.equals(action)) { 647 sendUserAddedOrRemovedCommand(DeviceAdminReceiver.ACTION_USER_REMOVED, userHandle); 648 synchronized (DevicePolicyManagerService.this) { 649 // Check whether the user is affiliated, *before* removing its data. 650 boolean isRemovedUserAffiliated = isUserAffiliatedWithDeviceLocked(userHandle); 651 removeUserData(userHandle); 652 if (!isRemovedUserAffiliated) { 653 // We discard the logs when unaffiliated users are deleted (so that the 654 // device owner cannot retrieve data about that user after it's gone). 655 discardDeviceWideLogsLocked(); 656 // Resume logging if all remaining users are affiliated. 657 maybeResumeDeviceWideLoggingLocked(); 658 } 659 } 660 } else if (Intent.ACTION_USER_STARTED.equals(action)) { 661 synchronized (DevicePolicyManagerService.this) { 662 maybeSendAdminEnabledBroadcastLocked(userHandle); 663 // Reset the policy data 664 mUserData.remove(userHandle); 665 } 666 handlePackagesChanged(null /* check all admins */, userHandle); 667 } else if (Intent.ACTION_USER_UNLOCKED.equals(action)) { 668 synchronized (DevicePolicyManagerService.this) { 669 maybeSendAdminEnabledBroadcastLocked(userHandle); 670 } 671 } else if (Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) { 672 handlePackagesChanged(null /* check all admins */, userHandle); 673 } else if (Intent.ACTION_PACKAGE_CHANGED.equals(action) 674 || (Intent.ACTION_PACKAGE_ADDED.equals(action) 675 && intent.getBooleanExtra(Intent.EXTRA_REPLACING, false))) { 676 handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle); 677 } else if (Intent.ACTION_PACKAGE_REMOVED.equals(action) 678 && !intent.getBooleanExtra(Intent.EXTRA_REPLACING, false)) { 679 handlePackagesChanged(intent.getData().getSchemeSpecificPart(), userHandle); 680 } else if (Intent.ACTION_MANAGED_PROFILE_ADDED.equals(action)) { 681 clearWipeProfileNotification(); 682 } 683 } 684 685 private void sendUserAddedOrRemovedCommand(String action, int userHandle) { 686 synchronized (DevicePolicyManagerService.this) { 687 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 688 if (deviceOwner != null) { 689 Bundle extras = new Bundle(); 690 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 691 sendAdminCommandLocked(deviceOwner, action, extras, null); 692 } 693 } 694 } 695 }; 696 697 static class ActiveAdmin { 698 private static final String TAG_DISABLE_KEYGUARD_FEATURES = "disable-keyguard-features"; 699 private static final String TAG_TEST_ONLY_ADMIN = "test-only-admin"; 700 private static final String TAG_DISABLE_CAMERA = "disable-camera"; 701 private static final String TAG_DISABLE_CALLER_ID = "disable-caller-id"; 702 private static final String TAG_DISABLE_CONTACTS_SEARCH = "disable-contacts-search"; 703 private static final String TAG_DISABLE_BLUETOOTH_CONTACT_SHARING 704 = "disable-bt-contacts-sharing"; 705 private static final String TAG_DISABLE_SCREEN_CAPTURE = "disable-screen-capture"; 706 private static final String TAG_DISABLE_ACCOUNT_MANAGEMENT = "disable-account-management"; 707 private static final String TAG_REQUIRE_AUTO_TIME = "require_auto_time"; 708 private static final String TAG_FORCE_EPHEMERAL_USERS = "force_ephemeral_users"; 709 private static final String TAG_IS_NETWORK_LOGGING_ENABLED = "is_network_logging_enabled"; 710 private static final String TAG_ACCOUNT_TYPE = "account-type"; 711 private static final String TAG_PERMITTED_ACCESSIBILITY_SERVICES 712 = "permitted-accessiblity-services"; 713 private static final String TAG_ENCRYPTION_REQUESTED = "encryption-requested"; 714 private static final String TAG_MANAGE_TRUST_AGENT_FEATURES = "manage-trust-agent-features"; 715 private static final String TAG_TRUST_AGENT_COMPONENT_OPTIONS = "trust-agent-component-options"; 716 private static final String TAG_TRUST_AGENT_COMPONENT = "component"; 717 private static final String TAG_PASSWORD_EXPIRATION_DATE = "password-expiration-date"; 718 private static final String TAG_PASSWORD_EXPIRATION_TIMEOUT = "password-expiration-timeout"; 719 private static final String TAG_GLOBAL_PROXY_EXCLUSION_LIST = "global-proxy-exclusion-list"; 720 private static final String TAG_GLOBAL_PROXY_SPEC = "global-proxy-spec"; 721 private static final String TAG_SPECIFIES_GLOBAL_PROXY = "specifies-global-proxy"; 722 private static final String TAG_PERMITTED_IMES = "permitted-imes"; 723 private static final String TAG_PERMITTED_NOTIFICATION_LISTENERS = 724 "permitted-notification-listeners"; 725 private static final String TAG_MAX_FAILED_PASSWORD_WIPE = "max-failed-password-wipe"; 726 private static final String TAG_MAX_TIME_TO_UNLOCK = "max-time-to-unlock"; 727 private static final String TAG_STRONG_AUTH_UNLOCK_TIMEOUT = "strong-auth-unlock-timeout"; 728 private static final String TAG_MIN_PASSWORD_NONLETTER = "min-password-nonletter"; 729 private static final String TAG_MIN_PASSWORD_SYMBOLS = "min-password-symbols"; 730 private static final String TAG_MIN_PASSWORD_NUMERIC = "min-password-numeric"; 731 private static final String TAG_MIN_PASSWORD_LETTERS = "min-password-letters"; 732 private static final String TAG_MIN_PASSWORD_LOWERCASE = "min-password-lowercase"; 733 private static final String TAG_MIN_PASSWORD_UPPERCASE = "min-password-uppercase"; 734 private static final String TAG_PASSWORD_HISTORY_LENGTH = "password-history-length"; 735 private static final String TAG_MIN_PASSWORD_LENGTH = "min-password-length"; 736 private static final String ATTR_VALUE = "value"; 737 private static final String TAG_PASSWORD_BLACKLIST = "password-blacklist"; 738 private static final String TAG_PASSWORD_QUALITY = "password-quality"; 739 private static final String TAG_POLICIES = "policies"; 740 private static final String TAG_CROSS_PROFILE_WIDGET_PROVIDERS = 741 "cross-profile-widget-providers"; 742 private static final String TAG_PROVIDER = "provider"; 743 private static final String TAG_PACKAGE_LIST_ITEM = "item"; 744 private static final String TAG_KEEP_UNINSTALLED_PACKAGES = "keep-uninstalled-packages"; 745 private static final String TAG_USER_RESTRICTIONS = "user-restrictions"; 746 private static final String TAG_DEFAULT_ENABLED_USER_RESTRICTIONS = 747 "default-enabled-user-restrictions"; 748 private static final String TAG_RESTRICTION = "restriction"; 749 private static final String TAG_SHORT_SUPPORT_MESSAGE = "short-support-message"; 750 private static final String TAG_LONG_SUPPORT_MESSAGE = "long-support-message"; 751 private static final String TAG_PARENT_ADMIN = "parent-admin"; 752 private static final String TAG_ORGANIZATION_COLOR = "organization-color"; 753 private static final String TAG_ORGANIZATION_NAME = "organization-name"; 754 private static final String ATTR_LAST_NETWORK_LOGGING_NOTIFICATION = "last-notification"; 755 private static final String ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS = "num-notifications"; 756 private static final String TAG_IS_LOGOUT_ENABLED = "is_logout_enabled"; 757 758 DeviceAdminInfo info; 759 760 761 static final int DEF_PASSWORD_HISTORY_LENGTH = 0; 762 int passwordHistoryLength = DEF_PASSWORD_HISTORY_LENGTH; 763 764 static final int DEF_MINIMUM_PASSWORD_LENGTH = 0; 765 static final int DEF_MINIMUM_PASSWORD_LETTERS = 1; 766 static final int DEF_MINIMUM_PASSWORD_UPPER_CASE = 0; 767 static final int DEF_MINIMUM_PASSWORD_LOWER_CASE = 0; 768 static final int DEF_MINIMUM_PASSWORD_NUMERIC = 1; 769 static final int DEF_MINIMUM_PASSWORD_SYMBOLS = 1; 770 static final int DEF_MINIMUM_PASSWORD_NON_LETTER = 0; 771 @NonNull 772 PasswordMetrics minimumPasswordMetrics = new PasswordMetrics( 773 PASSWORD_QUALITY_UNSPECIFIED, DEF_MINIMUM_PASSWORD_LENGTH, 774 DEF_MINIMUM_PASSWORD_LETTERS, DEF_MINIMUM_PASSWORD_UPPER_CASE, 775 DEF_MINIMUM_PASSWORD_LOWER_CASE, DEF_MINIMUM_PASSWORD_NUMERIC, 776 DEF_MINIMUM_PASSWORD_SYMBOLS, DEF_MINIMUM_PASSWORD_NON_LETTER); 777 778 static final long DEF_MAXIMUM_TIME_TO_UNLOCK = 0; 779 long maximumTimeToUnlock = DEF_MAXIMUM_TIME_TO_UNLOCK; 780 781 long strongAuthUnlockTimeout = 0; // admin doesn't participate by default 782 783 static final int DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE = 0; 784 int maximumFailedPasswordsForWipe = DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE; 785 786 static final long DEF_PASSWORD_EXPIRATION_TIMEOUT = 0; 787 long passwordExpirationTimeout = DEF_PASSWORD_EXPIRATION_TIMEOUT; 788 789 static final long DEF_PASSWORD_EXPIRATION_DATE = 0; 790 long passwordExpirationDate = DEF_PASSWORD_EXPIRATION_DATE; 791 792 static final int DEF_KEYGUARD_FEATURES_DISABLED = 0; // none 793 794 int disabledKeyguardFeatures = DEF_KEYGUARD_FEATURES_DISABLED; 795 796 boolean encryptionRequested = false; 797 boolean testOnlyAdmin = false; 798 boolean disableCamera = false; 799 boolean disableCallerId = false; 800 boolean disableContactsSearch = false; 801 boolean disableBluetoothContactSharing = true; 802 boolean disableScreenCapture = false; // Can only be set by a device/profile owner. 803 boolean requireAutoTime = false; // Can only be set by a device owner. 804 boolean forceEphemeralUsers = false; // Can only be set by a device owner. 805 boolean isNetworkLoggingEnabled = false; // Can only be set by a device owner. 806 boolean isLogoutEnabled = false; // Can only be set by a device owner. 807 808 // one notification after enabling + one more after reboots 809 static final int DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN = 2; 810 int numNetworkLoggingNotifications = 0; 811 long lastNetworkLoggingNotificationTimeMs = 0; // Time in milliseconds since epoch 812 813 ActiveAdmin parentAdmin; 814 final boolean isParent; 815 816 static class TrustAgentInfo { 817 public PersistableBundle options; 818 TrustAgentInfo(PersistableBundle bundle) { 819 options = bundle; 820 } 821 } 822 823 final Set<String> accountTypesWithManagementDisabled = new ArraySet<>(); 824 825 // The list of permitted accessibility services package namesas set by a profile 826 // or device owner. Null means all accessibility services are allowed, empty means 827 // none except system services are allowed. 828 List<String> permittedAccessiblityServices; 829 830 // The list of permitted input methods package names as set by a profile or device owner. 831 // Null means all input methods are allowed, empty means none except system imes are 832 // allowed. 833 List<String> permittedInputMethods; 834 835 // The list of packages allowed to use a NotificationListenerService to receive events for 836 // notifications from this user. Null means that all packages are allowed. Empty list means 837 // that only packages from the system are allowed. 838 List<String> permittedNotificationListeners; 839 840 // List of package names to keep cached. 841 List<String> keepUninstalledPackages; 842 843 // TODO: review implementation decisions with frameworks team 844 boolean specifiesGlobalProxy = false; 845 String globalProxySpec = null; 846 String globalProxyExclusionList = null; 847 848 ArrayMap<String, TrustAgentInfo> trustAgentInfos = new ArrayMap<>(); 849 850 List<String> crossProfileWidgetProviders; 851 852 Bundle userRestrictions; 853 854 // User restrictions that have already been enabled by default for this admin (either when 855 // setting the device or profile owner, or during a system update if one of those "enabled 856 // by default" restrictions is newly added). 857 final Set<String> defaultEnabledRestrictionsAlreadySet = new ArraySet<>(); 858 859 // Support text provided by the admin to display to the user. 860 CharSequence shortSupportMessage = null; 861 CharSequence longSupportMessage = null; 862 863 // Background color of confirm credentials screen. Default: teal. 864 static final int DEF_ORGANIZATION_COLOR = Color.parseColor("#00796B"); 865 int organizationColor = DEF_ORGANIZATION_COLOR; 866 867 // Default title of confirm credentials screen 868 String organizationName = null; 869 870 // The blacklist data is stored in a file whose name is stored in the XML 871 String passwordBlacklistFile = null; 872 873 ActiveAdmin(DeviceAdminInfo _info, boolean parent) { 874 info = _info; 875 isParent = parent; 876 } 877 878 ActiveAdmin getParentActiveAdmin() { 879 Preconditions.checkState(!isParent); 880 881 if (parentAdmin == null) { 882 parentAdmin = new ActiveAdmin(info, /* parent */ true); 883 } 884 return parentAdmin; 885 } 886 887 boolean hasParentActiveAdmin() { 888 return parentAdmin != null; 889 } 890 891 int getUid() { return info.getActivityInfo().applicationInfo.uid; } 892 893 public UserHandle getUserHandle() { 894 return UserHandle.of(UserHandle.getUserId(info.getActivityInfo().applicationInfo.uid)); 895 } 896 897 void writeToXml(XmlSerializer out) 898 throws IllegalArgumentException, IllegalStateException, IOException { 899 out.startTag(null, TAG_POLICIES); 900 info.writePoliciesToXml(out); 901 out.endTag(null, TAG_POLICIES); 902 if (minimumPasswordMetrics.quality != PASSWORD_QUALITY_UNSPECIFIED) { 903 out.startTag(null, TAG_PASSWORD_QUALITY); 904 out.attribute(null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.quality)); 905 out.endTag(null, TAG_PASSWORD_QUALITY); 906 if (minimumPasswordMetrics.length != DEF_MINIMUM_PASSWORD_LENGTH) { 907 out.startTag(null, TAG_MIN_PASSWORD_LENGTH); 908 out.attribute( 909 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.length)); 910 out.endTag(null, TAG_MIN_PASSWORD_LENGTH); 911 } 912 if(passwordHistoryLength != DEF_PASSWORD_HISTORY_LENGTH) { 913 out.startTag(null, TAG_PASSWORD_HISTORY_LENGTH); 914 out.attribute(null, ATTR_VALUE, Integer.toString(passwordHistoryLength)); 915 out.endTag(null, TAG_PASSWORD_HISTORY_LENGTH); 916 } 917 if (minimumPasswordMetrics.upperCase != DEF_MINIMUM_PASSWORD_UPPER_CASE) { 918 out.startTag(null, TAG_MIN_PASSWORD_UPPERCASE); 919 out.attribute( 920 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.upperCase)); 921 out.endTag(null, TAG_MIN_PASSWORD_UPPERCASE); 922 } 923 if (minimumPasswordMetrics.lowerCase != DEF_MINIMUM_PASSWORD_LOWER_CASE) { 924 out.startTag(null, TAG_MIN_PASSWORD_LOWERCASE); 925 out.attribute( 926 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.lowerCase)); 927 out.endTag(null, TAG_MIN_PASSWORD_LOWERCASE); 928 } 929 if (minimumPasswordMetrics.letters != DEF_MINIMUM_PASSWORD_LETTERS) { 930 out.startTag(null, TAG_MIN_PASSWORD_LETTERS); 931 out.attribute( 932 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.letters)); 933 out.endTag(null, TAG_MIN_PASSWORD_LETTERS); 934 } 935 if (minimumPasswordMetrics.numeric != DEF_MINIMUM_PASSWORD_NUMERIC) { 936 out.startTag(null, TAG_MIN_PASSWORD_NUMERIC); 937 out.attribute( 938 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.numeric)); 939 out.endTag(null, TAG_MIN_PASSWORD_NUMERIC); 940 } 941 if (minimumPasswordMetrics.symbols != DEF_MINIMUM_PASSWORD_SYMBOLS) { 942 out.startTag(null, TAG_MIN_PASSWORD_SYMBOLS); 943 out.attribute( 944 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.symbols)); 945 out.endTag(null, TAG_MIN_PASSWORD_SYMBOLS); 946 } 947 if (minimumPasswordMetrics.nonLetter > DEF_MINIMUM_PASSWORD_NON_LETTER) { 948 out.startTag(null, TAG_MIN_PASSWORD_NONLETTER); 949 out.attribute( 950 null, ATTR_VALUE, Integer.toString(minimumPasswordMetrics.nonLetter)); 951 out.endTag(null, TAG_MIN_PASSWORD_NONLETTER); 952 } 953 } 954 if (passwordBlacklistFile != null) { 955 out.startTag(null, TAG_PASSWORD_BLACKLIST); 956 out.attribute(null, ATTR_VALUE, passwordBlacklistFile); 957 out.endTag(null, TAG_PASSWORD_BLACKLIST); 958 } 959 if (maximumTimeToUnlock != DEF_MAXIMUM_TIME_TO_UNLOCK) { 960 out.startTag(null, TAG_MAX_TIME_TO_UNLOCK); 961 out.attribute(null, ATTR_VALUE, Long.toString(maximumTimeToUnlock)); 962 out.endTag(null, TAG_MAX_TIME_TO_UNLOCK); 963 } 964 if (strongAuthUnlockTimeout != DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { 965 out.startTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT); 966 out.attribute(null, ATTR_VALUE, Long.toString(strongAuthUnlockTimeout)); 967 out.endTag(null, TAG_STRONG_AUTH_UNLOCK_TIMEOUT); 968 } 969 if (maximumFailedPasswordsForWipe != DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) { 970 out.startTag(null, TAG_MAX_FAILED_PASSWORD_WIPE); 971 out.attribute(null, ATTR_VALUE, Integer.toString(maximumFailedPasswordsForWipe)); 972 out.endTag(null, TAG_MAX_FAILED_PASSWORD_WIPE); 973 } 974 if (specifiesGlobalProxy) { 975 out.startTag(null, TAG_SPECIFIES_GLOBAL_PROXY); 976 out.attribute(null, ATTR_VALUE, Boolean.toString(specifiesGlobalProxy)); 977 out.endTag(null, TAG_SPECIFIES_GLOBAL_PROXY); 978 if (globalProxySpec != null) { 979 out.startTag(null, TAG_GLOBAL_PROXY_SPEC); 980 out.attribute(null, ATTR_VALUE, globalProxySpec); 981 out.endTag(null, TAG_GLOBAL_PROXY_SPEC); 982 } 983 if (globalProxyExclusionList != null) { 984 out.startTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST); 985 out.attribute(null, ATTR_VALUE, globalProxyExclusionList); 986 out.endTag(null, TAG_GLOBAL_PROXY_EXCLUSION_LIST); 987 } 988 } 989 if (passwordExpirationTimeout != DEF_PASSWORD_EXPIRATION_TIMEOUT) { 990 out.startTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT); 991 out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationTimeout)); 992 out.endTag(null, TAG_PASSWORD_EXPIRATION_TIMEOUT); 993 } 994 if (passwordExpirationDate != DEF_PASSWORD_EXPIRATION_DATE) { 995 out.startTag(null, TAG_PASSWORD_EXPIRATION_DATE); 996 out.attribute(null, ATTR_VALUE, Long.toString(passwordExpirationDate)); 997 out.endTag(null, TAG_PASSWORD_EXPIRATION_DATE); 998 } 999 if (encryptionRequested) { 1000 out.startTag(null, TAG_ENCRYPTION_REQUESTED); 1001 out.attribute(null, ATTR_VALUE, Boolean.toString(encryptionRequested)); 1002 out.endTag(null, TAG_ENCRYPTION_REQUESTED); 1003 } 1004 if (testOnlyAdmin) { 1005 out.startTag(null, TAG_TEST_ONLY_ADMIN); 1006 out.attribute(null, ATTR_VALUE, Boolean.toString(testOnlyAdmin)); 1007 out.endTag(null, TAG_TEST_ONLY_ADMIN); 1008 } 1009 if (disableCamera) { 1010 out.startTag(null, TAG_DISABLE_CAMERA); 1011 out.attribute(null, ATTR_VALUE, Boolean.toString(disableCamera)); 1012 out.endTag(null, TAG_DISABLE_CAMERA); 1013 } 1014 if (disableCallerId) { 1015 out.startTag(null, TAG_DISABLE_CALLER_ID); 1016 out.attribute(null, ATTR_VALUE, Boolean.toString(disableCallerId)); 1017 out.endTag(null, TAG_DISABLE_CALLER_ID); 1018 } 1019 if (disableContactsSearch) { 1020 out.startTag(null, TAG_DISABLE_CONTACTS_SEARCH); 1021 out.attribute(null, ATTR_VALUE, Boolean.toString(disableContactsSearch)); 1022 out.endTag(null, TAG_DISABLE_CONTACTS_SEARCH); 1023 } 1024 if (!disableBluetoothContactSharing) { 1025 out.startTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING); 1026 out.attribute(null, ATTR_VALUE, 1027 Boolean.toString(disableBluetoothContactSharing)); 1028 out.endTag(null, TAG_DISABLE_BLUETOOTH_CONTACT_SHARING); 1029 } 1030 if (disableScreenCapture) { 1031 out.startTag(null, TAG_DISABLE_SCREEN_CAPTURE); 1032 out.attribute(null, ATTR_VALUE, Boolean.toString(disableScreenCapture)); 1033 out.endTag(null, TAG_DISABLE_SCREEN_CAPTURE); 1034 } 1035 if (requireAutoTime) { 1036 out.startTag(null, TAG_REQUIRE_AUTO_TIME); 1037 out.attribute(null, ATTR_VALUE, Boolean.toString(requireAutoTime)); 1038 out.endTag(null, TAG_REQUIRE_AUTO_TIME); 1039 } 1040 if (forceEphemeralUsers) { 1041 out.startTag(null, TAG_FORCE_EPHEMERAL_USERS); 1042 out.attribute(null, ATTR_VALUE, Boolean.toString(forceEphemeralUsers)); 1043 out.endTag(null, TAG_FORCE_EPHEMERAL_USERS); 1044 } 1045 if (isNetworkLoggingEnabled) { 1046 out.startTag(null, TAG_IS_NETWORK_LOGGING_ENABLED); 1047 out.attribute(null, ATTR_VALUE, Boolean.toString(isNetworkLoggingEnabled)); 1048 out.attribute(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS, 1049 Integer.toString(numNetworkLoggingNotifications)); 1050 out.attribute(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION, 1051 Long.toString(lastNetworkLoggingNotificationTimeMs)); 1052 out.endTag(null, TAG_IS_NETWORK_LOGGING_ENABLED); 1053 } 1054 if (disabledKeyguardFeatures != DEF_KEYGUARD_FEATURES_DISABLED) { 1055 out.startTag(null, TAG_DISABLE_KEYGUARD_FEATURES); 1056 out.attribute(null, ATTR_VALUE, Integer.toString(disabledKeyguardFeatures)); 1057 out.endTag(null, TAG_DISABLE_KEYGUARD_FEATURES); 1058 } 1059 if (!accountTypesWithManagementDisabled.isEmpty()) { 1060 out.startTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT); 1061 writeAttributeValuesToXml( 1062 out, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled); 1063 out.endTag(null, TAG_DISABLE_ACCOUNT_MANAGEMENT); 1064 } 1065 if (!trustAgentInfos.isEmpty()) { 1066 Set<Entry<String, TrustAgentInfo>> set = trustAgentInfos.entrySet(); 1067 out.startTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES); 1068 for (Entry<String, TrustAgentInfo> entry : set) { 1069 TrustAgentInfo trustAgentInfo = entry.getValue(); 1070 out.startTag(null, TAG_TRUST_AGENT_COMPONENT); 1071 out.attribute(null, ATTR_VALUE, entry.getKey()); 1072 if (trustAgentInfo.options != null) { 1073 out.startTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS); 1074 try { 1075 trustAgentInfo.options.saveToXml(out); 1076 } catch (XmlPullParserException e) { 1077 Log.e(LOG_TAG, "Failed to save TrustAgent options", e); 1078 } 1079 out.endTag(null, TAG_TRUST_AGENT_COMPONENT_OPTIONS); 1080 } 1081 out.endTag(null, TAG_TRUST_AGENT_COMPONENT); 1082 } 1083 out.endTag(null, TAG_MANAGE_TRUST_AGENT_FEATURES); 1084 } 1085 if (crossProfileWidgetProviders != null && !crossProfileWidgetProviders.isEmpty()) { 1086 out.startTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS); 1087 writeAttributeValuesToXml(out, TAG_PROVIDER, crossProfileWidgetProviders); 1088 out.endTag(null, TAG_CROSS_PROFILE_WIDGET_PROVIDERS); 1089 } 1090 writePackageListToXml(out, TAG_PERMITTED_ACCESSIBILITY_SERVICES, 1091 permittedAccessiblityServices); 1092 writePackageListToXml(out, TAG_PERMITTED_IMES, permittedInputMethods); 1093 writePackageListToXml(out, TAG_PERMITTED_NOTIFICATION_LISTENERS, 1094 permittedNotificationListeners); 1095 writePackageListToXml(out, TAG_KEEP_UNINSTALLED_PACKAGES, keepUninstalledPackages); 1096 if (hasUserRestrictions()) { 1097 UserRestrictionsUtils.writeRestrictions( 1098 out, userRestrictions, TAG_USER_RESTRICTIONS); 1099 } 1100 if (!defaultEnabledRestrictionsAlreadySet.isEmpty()) { 1101 out.startTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS); 1102 writeAttributeValuesToXml( 1103 out, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet); 1104 out.endTag(null, TAG_DEFAULT_ENABLED_USER_RESTRICTIONS); 1105 } 1106 if (!TextUtils.isEmpty(shortSupportMessage)) { 1107 out.startTag(null, TAG_SHORT_SUPPORT_MESSAGE); 1108 out.text(shortSupportMessage.toString()); 1109 out.endTag(null, TAG_SHORT_SUPPORT_MESSAGE); 1110 } 1111 if (!TextUtils.isEmpty(longSupportMessage)) { 1112 out.startTag(null, TAG_LONG_SUPPORT_MESSAGE); 1113 out.text(longSupportMessage.toString()); 1114 out.endTag(null, TAG_LONG_SUPPORT_MESSAGE); 1115 } 1116 if (parentAdmin != null) { 1117 out.startTag(null, TAG_PARENT_ADMIN); 1118 parentAdmin.writeToXml(out); 1119 out.endTag(null, TAG_PARENT_ADMIN); 1120 } 1121 if (organizationColor != DEF_ORGANIZATION_COLOR) { 1122 out.startTag(null, TAG_ORGANIZATION_COLOR); 1123 out.attribute(null, ATTR_VALUE, Integer.toString(organizationColor)); 1124 out.endTag(null, TAG_ORGANIZATION_COLOR); 1125 } 1126 if (organizationName != null) { 1127 out.startTag(null, TAG_ORGANIZATION_NAME); 1128 out.text(organizationName); 1129 out.endTag(null, TAG_ORGANIZATION_NAME); 1130 } 1131 if (isLogoutEnabled) { 1132 out.startTag(null, TAG_IS_LOGOUT_ENABLED); 1133 out.attribute(null, ATTR_VALUE, Boolean.toString(isLogoutEnabled)); 1134 out.endTag(null, TAG_IS_LOGOUT_ENABLED); 1135 } 1136 } 1137 1138 void writePackageListToXml(XmlSerializer out, String outerTag, 1139 List<String> packageList) 1140 throws IllegalArgumentException, IllegalStateException, IOException { 1141 if (packageList == null) { 1142 return; 1143 } 1144 1145 out.startTag(null, outerTag); 1146 writeAttributeValuesToXml(out, TAG_PACKAGE_LIST_ITEM, packageList); 1147 out.endTag(null, outerTag); 1148 } 1149 1150 void writeAttributeValuesToXml(XmlSerializer out, String tag, 1151 @NonNull Collection<String> values) throws IOException { 1152 for (String value : values) { 1153 out.startTag(null, tag); 1154 out.attribute(null, ATTR_VALUE, value); 1155 out.endTag(null, tag); 1156 } 1157 } 1158 1159 void readFromXml(XmlPullParser parser) 1160 throws XmlPullParserException, IOException { 1161 int outerDepth = parser.getDepth(); 1162 int type; 1163 while ((type=parser.next()) != END_DOCUMENT 1164 && (type != END_TAG || parser.getDepth() > outerDepth)) { 1165 if (type == END_TAG || type == TEXT) { 1166 continue; 1167 } 1168 String tag = parser.getName(); 1169 if (TAG_POLICIES.equals(tag)) { 1170 info.readPoliciesFromXml(parser); 1171 } else if (TAG_PASSWORD_QUALITY.equals(tag)) { 1172 minimumPasswordMetrics.quality = Integer.parseInt( 1173 parser.getAttributeValue(null, ATTR_VALUE)); 1174 } else if (TAG_MIN_PASSWORD_LENGTH.equals(tag)) { 1175 minimumPasswordMetrics.length = Integer.parseInt( 1176 parser.getAttributeValue(null, ATTR_VALUE)); 1177 } else if (TAG_PASSWORD_HISTORY_LENGTH.equals(tag)) { 1178 passwordHistoryLength = Integer.parseInt( 1179 parser.getAttributeValue(null, ATTR_VALUE)); 1180 } else if (TAG_MIN_PASSWORD_UPPERCASE.equals(tag)) { 1181 minimumPasswordMetrics.upperCase = Integer.parseInt( 1182 parser.getAttributeValue(null, ATTR_VALUE)); 1183 } else if (TAG_MIN_PASSWORD_LOWERCASE.equals(tag)) { 1184 minimumPasswordMetrics.lowerCase = Integer.parseInt( 1185 parser.getAttributeValue(null, ATTR_VALUE)); 1186 } else if (TAG_MIN_PASSWORD_LETTERS.equals(tag)) { 1187 minimumPasswordMetrics.letters = Integer.parseInt( 1188 parser.getAttributeValue(null, ATTR_VALUE)); 1189 } else if (TAG_MIN_PASSWORD_NUMERIC.equals(tag)) { 1190 minimumPasswordMetrics.numeric = Integer.parseInt( 1191 parser.getAttributeValue(null, ATTR_VALUE)); 1192 } else if (TAG_MIN_PASSWORD_SYMBOLS.equals(tag)) { 1193 minimumPasswordMetrics.symbols = Integer.parseInt( 1194 parser.getAttributeValue(null, ATTR_VALUE)); 1195 } else if (TAG_MIN_PASSWORD_NONLETTER.equals(tag)) { 1196 minimumPasswordMetrics.nonLetter = Integer.parseInt( 1197 parser.getAttributeValue(null, ATTR_VALUE)); 1198 } else if (TAG_PASSWORD_BLACKLIST.equals(tag)) { 1199 passwordBlacklistFile = parser.getAttributeValue(null, ATTR_VALUE); 1200 }else if (TAG_MAX_TIME_TO_UNLOCK.equals(tag)) { 1201 maximumTimeToUnlock = Long.parseLong( 1202 parser.getAttributeValue(null, ATTR_VALUE)); 1203 } else if (TAG_STRONG_AUTH_UNLOCK_TIMEOUT.equals(tag)) { 1204 strongAuthUnlockTimeout = Long.parseLong( 1205 parser.getAttributeValue(null, ATTR_VALUE)); 1206 } else if (TAG_MAX_FAILED_PASSWORD_WIPE.equals(tag)) { 1207 maximumFailedPasswordsForWipe = Integer.parseInt( 1208 parser.getAttributeValue(null, ATTR_VALUE)); 1209 } else if (TAG_SPECIFIES_GLOBAL_PROXY.equals(tag)) { 1210 specifiesGlobalProxy = Boolean.parseBoolean( 1211 parser.getAttributeValue(null, ATTR_VALUE)); 1212 } else if (TAG_GLOBAL_PROXY_SPEC.equals(tag)) { 1213 globalProxySpec = 1214 parser.getAttributeValue(null, ATTR_VALUE); 1215 } else if (TAG_GLOBAL_PROXY_EXCLUSION_LIST.equals(tag)) { 1216 globalProxyExclusionList = 1217 parser.getAttributeValue(null, ATTR_VALUE); 1218 } else if (TAG_PASSWORD_EXPIRATION_TIMEOUT.equals(tag)) { 1219 passwordExpirationTimeout = Long.parseLong( 1220 parser.getAttributeValue(null, ATTR_VALUE)); 1221 } else if (TAG_PASSWORD_EXPIRATION_DATE.equals(tag)) { 1222 passwordExpirationDate = Long.parseLong( 1223 parser.getAttributeValue(null, ATTR_VALUE)); 1224 } else if (TAG_ENCRYPTION_REQUESTED.equals(tag)) { 1225 encryptionRequested = Boolean.parseBoolean( 1226 parser.getAttributeValue(null, ATTR_VALUE)); 1227 } else if (TAG_TEST_ONLY_ADMIN.equals(tag)) { 1228 testOnlyAdmin = Boolean.parseBoolean( 1229 parser.getAttributeValue(null, ATTR_VALUE)); 1230 } else if (TAG_DISABLE_CAMERA.equals(tag)) { 1231 disableCamera = Boolean.parseBoolean( 1232 parser.getAttributeValue(null, ATTR_VALUE)); 1233 } else if (TAG_DISABLE_CALLER_ID.equals(tag)) { 1234 disableCallerId = Boolean.parseBoolean( 1235 parser.getAttributeValue(null, ATTR_VALUE)); 1236 } else if (TAG_DISABLE_CONTACTS_SEARCH.equals(tag)) { 1237 disableContactsSearch = Boolean.parseBoolean( 1238 parser.getAttributeValue(null, ATTR_VALUE)); 1239 } else if (TAG_DISABLE_BLUETOOTH_CONTACT_SHARING.equals(tag)) { 1240 disableBluetoothContactSharing = Boolean.parseBoolean(parser 1241 .getAttributeValue(null, ATTR_VALUE)); 1242 } else if (TAG_DISABLE_SCREEN_CAPTURE.equals(tag)) { 1243 disableScreenCapture = Boolean.parseBoolean( 1244 parser.getAttributeValue(null, ATTR_VALUE)); 1245 } else if (TAG_REQUIRE_AUTO_TIME.equals(tag)) { 1246 requireAutoTime = Boolean.parseBoolean( 1247 parser.getAttributeValue(null, ATTR_VALUE)); 1248 } else if (TAG_FORCE_EPHEMERAL_USERS.equals(tag)) { 1249 forceEphemeralUsers = Boolean.parseBoolean( 1250 parser.getAttributeValue(null, ATTR_VALUE)); 1251 } else if (TAG_IS_NETWORK_LOGGING_ENABLED.equals(tag)) { 1252 isNetworkLoggingEnabled = Boolean.parseBoolean( 1253 parser.getAttributeValue(null, ATTR_VALUE)); 1254 lastNetworkLoggingNotificationTimeMs = Long.parseLong( 1255 parser.getAttributeValue(null, ATTR_LAST_NETWORK_LOGGING_NOTIFICATION)); 1256 numNetworkLoggingNotifications = Integer.parseInt( 1257 parser.getAttributeValue(null, ATTR_NUM_NETWORK_LOGGING_NOTIFICATIONS)); 1258 } else if (TAG_DISABLE_KEYGUARD_FEATURES.equals(tag)) { 1259 disabledKeyguardFeatures = Integer.parseInt( 1260 parser.getAttributeValue(null, ATTR_VALUE)); 1261 } else if (TAG_DISABLE_ACCOUNT_MANAGEMENT.equals(tag)) { 1262 readAttributeValues( 1263 parser, TAG_ACCOUNT_TYPE, accountTypesWithManagementDisabled); 1264 } else if (TAG_MANAGE_TRUST_AGENT_FEATURES.equals(tag)) { 1265 trustAgentInfos = getAllTrustAgentInfos(parser, tag); 1266 } else if (TAG_CROSS_PROFILE_WIDGET_PROVIDERS.equals(tag)) { 1267 crossProfileWidgetProviders = new ArrayList<>(); 1268 readAttributeValues(parser, TAG_PROVIDER, crossProfileWidgetProviders); 1269 } else if (TAG_PERMITTED_ACCESSIBILITY_SERVICES.equals(tag)) { 1270 permittedAccessiblityServices = readPackageList(parser, tag); 1271 } else if (TAG_PERMITTED_IMES.equals(tag)) { 1272 permittedInputMethods = readPackageList(parser, tag); 1273 } else if (TAG_PERMITTED_NOTIFICATION_LISTENERS.equals(tag)) { 1274 permittedNotificationListeners = readPackageList(parser, tag); 1275 } else if (TAG_KEEP_UNINSTALLED_PACKAGES.equals(tag)) { 1276 keepUninstalledPackages = readPackageList(parser, tag); 1277 } else if (TAG_USER_RESTRICTIONS.equals(tag)) { 1278 userRestrictions = UserRestrictionsUtils.readRestrictions(parser); 1279 } else if (TAG_DEFAULT_ENABLED_USER_RESTRICTIONS.equals(tag)) { 1280 readAttributeValues( 1281 parser, TAG_RESTRICTION, defaultEnabledRestrictionsAlreadySet); 1282 } else if (TAG_SHORT_SUPPORT_MESSAGE.equals(tag)) { 1283 type = parser.next(); 1284 if (type == XmlPullParser.TEXT) { 1285 shortSupportMessage = parser.getText(); 1286 } else { 1287 Log.w(LOG_TAG, "Missing text when loading short support message"); 1288 } 1289 } else if (TAG_LONG_SUPPORT_MESSAGE.equals(tag)) { 1290 type = parser.next(); 1291 if (type == XmlPullParser.TEXT) { 1292 longSupportMessage = parser.getText(); 1293 } else { 1294 Log.w(LOG_TAG, "Missing text when loading long support message"); 1295 } 1296 } else if (TAG_PARENT_ADMIN.equals(tag)) { 1297 Preconditions.checkState(!isParent); 1298 1299 parentAdmin = new ActiveAdmin(info, /* parent */ true); 1300 parentAdmin.readFromXml(parser); 1301 } else if (TAG_ORGANIZATION_COLOR.equals(tag)) { 1302 organizationColor = Integer.parseInt( 1303 parser.getAttributeValue(null, ATTR_VALUE)); 1304 } else if (TAG_ORGANIZATION_NAME.equals(tag)) { 1305 type = parser.next(); 1306 if (type == XmlPullParser.TEXT) { 1307 organizationName = parser.getText(); 1308 } else { 1309 Log.w(LOG_TAG, "Missing text when loading organization name"); 1310 } 1311 } else if (TAG_IS_LOGOUT_ENABLED.equals(tag)) { 1312 isLogoutEnabled = Boolean.parseBoolean( 1313 parser.getAttributeValue(null, ATTR_VALUE)); 1314 } else { 1315 Slog.w(LOG_TAG, "Unknown admin tag: " + tag); 1316 XmlUtils.skipCurrentTag(parser); 1317 } 1318 } 1319 } 1320 1321 private List<String> readPackageList(XmlPullParser parser, 1322 String tag) throws XmlPullParserException, IOException { 1323 List<String> result = new ArrayList<String>(); 1324 int outerDepth = parser.getDepth(); 1325 int outerType; 1326 while ((outerType=parser.next()) != XmlPullParser.END_DOCUMENT 1327 && (outerType != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1328 if (outerType == XmlPullParser.END_TAG || outerType == XmlPullParser.TEXT) { 1329 continue; 1330 } 1331 String outerTag = parser.getName(); 1332 if (TAG_PACKAGE_LIST_ITEM.equals(outerTag)) { 1333 String packageName = parser.getAttributeValue(null, ATTR_VALUE); 1334 if (packageName != null) { 1335 result.add(packageName); 1336 } else { 1337 Slog.w(LOG_TAG, "Package name missing under " + outerTag); 1338 } 1339 } else { 1340 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + outerTag); 1341 } 1342 } 1343 return result; 1344 } 1345 1346 private void readAttributeValues( 1347 XmlPullParser parser, String tag, Collection<String> result) 1348 throws XmlPullParserException, IOException { 1349 result.clear(); 1350 int outerDepthDAM = parser.getDepth(); 1351 int typeDAM; 1352 while ((typeDAM=parser.next()) != END_DOCUMENT 1353 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1354 if (typeDAM == END_TAG || typeDAM == TEXT) { 1355 continue; 1356 } 1357 String tagDAM = parser.getName(); 1358 if (tag.equals(tagDAM)) { 1359 result.add(parser.getAttributeValue(null, ATTR_VALUE)); 1360 } else { 1361 Slog.e(LOG_TAG, "Expected tag " + tag + " but found " + tagDAM); 1362 } 1363 } 1364 } 1365 1366 private ArrayMap<String, TrustAgentInfo> getAllTrustAgentInfos( 1367 XmlPullParser parser, String tag) throws XmlPullParserException, IOException { 1368 int outerDepthDAM = parser.getDepth(); 1369 int typeDAM; 1370 final ArrayMap<String, TrustAgentInfo> result = new ArrayMap<>(); 1371 while ((typeDAM=parser.next()) != END_DOCUMENT 1372 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1373 if (typeDAM == END_TAG || typeDAM == TEXT) { 1374 continue; 1375 } 1376 String tagDAM = parser.getName(); 1377 if (TAG_TRUST_AGENT_COMPONENT.equals(tagDAM)) { 1378 final String component = parser.getAttributeValue(null, ATTR_VALUE); 1379 final TrustAgentInfo trustAgentInfo = getTrustAgentInfo(parser, tag); 1380 result.put(component, trustAgentInfo); 1381 } else { 1382 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + tagDAM); 1383 } 1384 } 1385 return result; 1386 } 1387 1388 private TrustAgentInfo getTrustAgentInfo(XmlPullParser parser, String tag) 1389 throws XmlPullParserException, IOException { 1390 int outerDepthDAM = parser.getDepth(); 1391 int typeDAM; 1392 TrustAgentInfo result = new TrustAgentInfo(null); 1393 while ((typeDAM=parser.next()) != END_DOCUMENT 1394 && (typeDAM != END_TAG || parser.getDepth() > outerDepthDAM)) { 1395 if (typeDAM == END_TAG || typeDAM == TEXT) { 1396 continue; 1397 } 1398 String tagDAM = parser.getName(); 1399 if (TAG_TRUST_AGENT_COMPONENT_OPTIONS.equals(tagDAM)) { 1400 result.options = PersistableBundle.restoreFromXml(parser); 1401 } else { 1402 Slog.w(LOG_TAG, "Unknown tag under " + tag + ": " + tagDAM); 1403 } 1404 } 1405 return result; 1406 } 1407 1408 boolean hasUserRestrictions() { 1409 return userRestrictions != null && userRestrictions.size() > 0; 1410 } 1411 1412 Bundle ensureUserRestrictions() { 1413 if (userRestrictions == null) { 1414 userRestrictions = new Bundle(); 1415 } 1416 return userRestrictions; 1417 } 1418 1419 public void transfer(DeviceAdminInfo deviceAdminInfo) { 1420 if (hasParentActiveAdmin()) { 1421 parentAdmin.info = deviceAdminInfo; 1422 } 1423 info = deviceAdminInfo; 1424 } 1425 1426 void dump(String prefix, PrintWriter pw) { 1427 pw.print(prefix); pw.print("uid="); pw.println(getUid()); 1428 pw.print(prefix); pw.print("testOnlyAdmin="); 1429 pw.println(testOnlyAdmin); 1430 pw.print(prefix); pw.println("policies:"); 1431 ArrayList<DeviceAdminInfo.PolicyInfo> pols = info.getUsedPolicies(); 1432 if (pols != null) { 1433 for (int i=0; i<pols.size(); i++) { 1434 pw.print(prefix); pw.print(" "); pw.println(pols.get(i).tag); 1435 } 1436 } 1437 pw.print(prefix); pw.print("passwordQuality=0x"); 1438 pw.println(Integer.toHexString(minimumPasswordMetrics.quality)); 1439 pw.print(prefix); pw.print("minimumPasswordLength="); 1440 pw.println(minimumPasswordMetrics.length); 1441 pw.print(prefix); pw.print("passwordHistoryLength="); 1442 pw.println(passwordHistoryLength); 1443 pw.print(prefix); pw.print("minimumPasswordUpperCase="); 1444 pw.println(minimumPasswordMetrics.upperCase); 1445 pw.print(prefix); pw.print("minimumPasswordLowerCase="); 1446 pw.println(minimumPasswordMetrics.lowerCase); 1447 pw.print(prefix); pw.print("minimumPasswordLetters="); 1448 pw.println(minimumPasswordMetrics.letters); 1449 pw.print(prefix); pw.print("minimumPasswordNumeric="); 1450 pw.println(minimumPasswordMetrics.numeric); 1451 pw.print(prefix); pw.print("minimumPasswordSymbols="); 1452 pw.println(minimumPasswordMetrics.symbols); 1453 pw.print(prefix); pw.print("minimumPasswordNonLetter="); 1454 pw.println(minimumPasswordMetrics.nonLetter); 1455 pw.print(prefix); pw.print("passwordBlacklist="); 1456 pw.println(passwordBlacklistFile != null); 1457 pw.print(prefix); pw.print("maximumTimeToUnlock="); 1458 pw.println(maximumTimeToUnlock); 1459 pw.print(prefix); pw.print("strongAuthUnlockTimeout="); 1460 pw.println(strongAuthUnlockTimeout); 1461 pw.print(prefix); pw.print("maximumFailedPasswordsForWipe="); 1462 pw.println(maximumFailedPasswordsForWipe); 1463 pw.print(prefix); pw.print("specifiesGlobalProxy="); 1464 pw.println(specifiesGlobalProxy); 1465 pw.print(prefix); pw.print("passwordExpirationTimeout="); 1466 pw.println(passwordExpirationTimeout); 1467 pw.print(prefix); pw.print("passwordExpirationDate="); 1468 pw.println(passwordExpirationDate); 1469 if (globalProxySpec != null) { 1470 pw.print(prefix); pw.print("globalProxySpec="); 1471 pw.println(globalProxySpec); 1472 } 1473 if (globalProxyExclusionList != null) { 1474 pw.print(prefix); pw.print("globalProxyEclusionList="); 1475 pw.println(globalProxyExclusionList); 1476 } 1477 pw.print(prefix); pw.print("encryptionRequested="); 1478 pw.println(encryptionRequested); 1479 pw.print(prefix); pw.print("disableCamera="); 1480 pw.println(disableCamera); 1481 pw.print(prefix); pw.print("disableCallerId="); 1482 pw.println(disableCallerId); 1483 pw.print(prefix); pw.print("disableContactsSearch="); 1484 pw.println(disableContactsSearch); 1485 pw.print(prefix); pw.print("disableBluetoothContactSharing="); 1486 pw.println(disableBluetoothContactSharing); 1487 pw.print(prefix); pw.print("disableScreenCapture="); 1488 pw.println(disableScreenCapture); 1489 pw.print(prefix); pw.print("requireAutoTime="); 1490 pw.println(requireAutoTime); 1491 pw.print(prefix); pw.print("forceEphemeralUsers="); 1492 pw.println(forceEphemeralUsers); 1493 pw.print(prefix); pw.print("isNetworkLoggingEnabled="); 1494 pw.println(isNetworkLoggingEnabled); 1495 pw.print(prefix); pw.print("disabledKeyguardFeatures="); 1496 pw.println(disabledKeyguardFeatures); 1497 pw.print(prefix); pw.print("crossProfileWidgetProviders="); 1498 pw.println(crossProfileWidgetProviders); 1499 if (permittedAccessiblityServices != null) { 1500 pw.print(prefix); pw.print("permittedAccessibilityServices="); 1501 pw.println(permittedAccessiblityServices); 1502 } 1503 if (permittedInputMethods != null) { 1504 pw.print(prefix); pw.print("permittedInputMethods="); 1505 pw.println(permittedInputMethods); 1506 } 1507 if (permittedNotificationListeners != null) { 1508 pw.print(prefix); pw.print("permittedNotificationListeners="); 1509 pw.println(permittedNotificationListeners); 1510 } 1511 if (keepUninstalledPackages != null) { 1512 pw.print(prefix); pw.print("keepUninstalledPackages="); 1513 pw.println(keepUninstalledPackages); 1514 } 1515 pw.print(prefix); pw.print("organizationColor="); 1516 pw.println(organizationColor); 1517 if (organizationName != null) { 1518 pw.print(prefix); pw.print("organizationName="); 1519 pw.println(organizationName); 1520 } 1521 pw.print(prefix); pw.println("userRestrictions:"); 1522 UserRestrictionsUtils.dumpRestrictions(pw, prefix + " ", userRestrictions); 1523 pw.print(prefix); pw.print("defaultEnabledRestrictionsAlreadySet="); 1524 pw.println(defaultEnabledRestrictionsAlreadySet); 1525 pw.print(prefix); pw.print("isParent="); 1526 pw.println(isParent); 1527 if (parentAdmin != null) { 1528 pw.print(prefix); pw.println("parentAdmin:"); 1529 parentAdmin.dump(prefix + " ", pw); 1530 } 1531 } 1532 } 1533 1534 private void handlePackagesChanged(@Nullable String packageName, int userHandle) { 1535 boolean removedAdmin = false; 1536 if (VERBOSE_LOG) { 1537 Slog.d(LOG_TAG, "Handling package changes package " + packageName 1538 + " for user " + userHandle); 1539 } 1540 DevicePolicyData policy = getUserData(userHandle); 1541 synchronized (this) { 1542 for (int i = policy.mAdminList.size() - 1; i >= 0; i--) { 1543 ActiveAdmin aa = policy.mAdminList.get(i); 1544 try { 1545 // If we're checking all packages or if the specific one we're checking matches, 1546 // then check if the package and receiver still exist. 1547 final String adminPackage = aa.info.getPackageName(); 1548 if (packageName == null || packageName.equals(adminPackage)) { 1549 if (mIPackageManager.getPackageInfo(adminPackage, 0, userHandle) == null 1550 || mIPackageManager.getReceiverInfo(aa.info.getComponent(), 1551 PackageManager.MATCH_DIRECT_BOOT_AWARE 1552 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 1553 userHandle) == null) { 1554 removedAdmin = true; 1555 policy.mAdminList.remove(i); 1556 policy.mAdminMap.remove(aa.info.getComponent()); 1557 } 1558 } 1559 } catch (RemoteException re) { 1560 // Shouldn't happen. 1561 } 1562 } 1563 if (removedAdmin) { 1564 validatePasswordOwnerLocked(policy); 1565 } 1566 1567 boolean removedDelegate = false; 1568 1569 // Check if a delegate was removed. 1570 for (int i = policy.mDelegationMap.size() - 1; i >= 0; i--) { 1571 final String delegatePackage = policy.mDelegationMap.keyAt(i); 1572 if (isRemovedPackage(packageName, delegatePackage, userHandle)) { 1573 policy.mDelegationMap.removeAt(i); 1574 removedDelegate = true; 1575 } 1576 } 1577 1578 // If it's an owner package, we may need to refresh the bound connection. 1579 final ComponentName owner = getOwnerComponent(userHandle); 1580 if ((packageName != null) && (owner != null) 1581 && (owner.getPackageName().equals(packageName))) { 1582 startOwnerService(userHandle, "package-broadcast"); 1583 } 1584 1585 // Persist updates if the removed package was an admin or delegate. 1586 if (removedAdmin || removedDelegate) { 1587 saveSettingsLocked(policy.mUserHandle); 1588 } 1589 } 1590 if (removedAdmin) { 1591 // The removed admin might have disabled camera, so update user restrictions. 1592 pushUserRestrictions(userHandle); 1593 } 1594 } 1595 1596 private boolean isRemovedPackage(String changedPackage, String targetPackage, int userHandle) { 1597 try { 1598 return targetPackage != null 1599 && (changedPackage == null || changedPackage.equals(targetPackage)) 1600 && mIPackageManager.getPackageInfo(targetPackage, 0, userHandle) == null; 1601 } catch (RemoteException e) { 1602 // Shouldn't happen 1603 } 1604 1605 return false; 1606 } 1607 1608 /** 1609 * Unit test will subclass it to inject mocks. 1610 */ 1611 @VisibleForTesting 1612 static class Injector { 1613 1614 public final Context mContext; 1615 1616 Injector(Context context) { 1617 mContext = context; 1618 } 1619 1620 public boolean hasFeature() { 1621 return getPackageManager().hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN); 1622 } 1623 1624 Context createContextAsUser(UserHandle user) throws PackageManager.NameNotFoundException { 1625 final String packageName = mContext.getPackageName(); 1626 return mContext.createPackageContextAsUser(packageName, 0, user); 1627 } 1628 1629 Resources getResources() { 1630 return mContext.getResources(); 1631 } 1632 1633 Owners newOwners() { 1634 return new Owners(getUserManager(), getUserManagerInternal(), 1635 getPackageManagerInternal()); 1636 } 1637 1638 UserManager getUserManager() { 1639 return UserManager.get(mContext); 1640 } 1641 1642 UserManagerInternal getUserManagerInternal() { 1643 return LocalServices.getService(UserManagerInternal.class); 1644 } 1645 1646 PackageManagerInternal getPackageManagerInternal() { 1647 return LocalServices.getService(PackageManagerInternal.class); 1648 } 1649 1650 NotificationManager getNotificationManager() { 1651 return mContext.getSystemService(NotificationManager.class); 1652 } 1653 1654 IIpConnectivityMetrics getIIpConnectivityMetrics() { 1655 return (IIpConnectivityMetrics) IIpConnectivityMetrics.Stub.asInterface( 1656 ServiceManager.getService(IpConnectivityLog.SERVICE_NAME)); 1657 } 1658 1659 PackageManager getPackageManager() { 1660 return mContext.getPackageManager(); 1661 } 1662 1663 PowerManagerInternal getPowerManagerInternal() { 1664 return LocalServices.getService(PowerManagerInternal.class); 1665 } 1666 1667 TelephonyManager getTelephonyManager() { 1668 return TelephonyManager.from(mContext); 1669 } 1670 1671 TrustManager getTrustManager() { 1672 return (TrustManager) mContext.getSystemService(Context.TRUST_SERVICE); 1673 } 1674 1675 AlarmManager getAlarmManager() { 1676 return (AlarmManager) mContext.getSystemService(AlarmManager.class); 1677 } 1678 1679 IWindowManager getIWindowManager() { 1680 return IWindowManager.Stub 1681 .asInterface(ServiceManager.getService(Context.WINDOW_SERVICE)); 1682 } 1683 1684 IActivityManager getIActivityManager() { 1685 return ActivityManager.getService(); 1686 } 1687 1688 IPackageManager getIPackageManager() { 1689 return AppGlobals.getPackageManager(); 1690 } 1691 1692 IBackupManager getIBackupManager() { 1693 return IBackupManager.Stub.asInterface( 1694 ServiceManager.getService(Context.BACKUP_SERVICE)); 1695 } 1696 1697 IAudioService getIAudioService() { 1698 return IAudioService.Stub.asInterface(ServiceManager.getService(Context.AUDIO_SERVICE)); 1699 } 1700 1701 boolean isBuildDebuggable() { 1702 return Build.IS_DEBUGGABLE; 1703 } 1704 1705 LockPatternUtils newLockPatternUtils() { 1706 return new LockPatternUtils(mContext); 1707 } 1708 1709 PasswordBlacklist newPasswordBlacklist(File file) { 1710 return new PasswordBlacklist(file); 1711 } 1712 1713 boolean storageManagerIsFileBasedEncryptionEnabled() { 1714 return StorageManager.isFileEncryptedNativeOnly(); 1715 } 1716 1717 boolean storageManagerIsNonDefaultBlockEncrypted() { 1718 long identity = Binder.clearCallingIdentity(); 1719 try { 1720 return StorageManager.isNonDefaultBlockEncrypted(); 1721 } finally { 1722 Binder.restoreCallingIdentity(identity); 1723 } 1724 } 1725 1726 boolean storageManagerIsEncrypted() { 1727 return StorageManager.isEncrypted(); 1728 } 1729 1730 boolean storageManagerIsEncryptable() { 1731 return StorageManager.isEncryptable(); 1732 } 1733 1734 Looper getMyLooper() { 1735 return Looper.myLooper(); 1736 } 1737 1738 WifiManager getWifiManager() { 1739 return mContext.getSystemService(WifiManager.class); 1740 } 1741 1742 long binderClearCallingIdentity() { 1743 return Binder.clearCallingIdentity(); 1744 } 1745 1746 void binderRestoreCallingIdentity(long token) { 1747 Binder.restoreCallingIdentity(token); 1748 } 1749 1750 int binderGetCallingUid() { 1751 return Binder.getCallingUid(); 1752 } 1753 1754 int binderGetCallingPid() { 1755 return Binder.getCallingPid(); 1756 } 1757 1758 UserHandle binderGetCallingUserHandle() { 1759 return Binder.getCallingUserHandle(); 1760 } 1761 1762 boolean binderIsCallingUidMyUid() { 1763 return getCallingUid() == Process.myUid(); 1764 } 1765 1766 void binderWithCleanCallingIdentity(@NonNull ThrowingRunnable action) { 1767 Binder.withCleanCallingIdentity(action); 1768 } 1769 1770 final int userHandleGetCallingUserId() { 1771 return UserHandle.getUserId(binderGetCallingUid()); 1772 } 1773 1774 File environmentGetUserSystemDirectory(int userId) { 1775 return Environment.getUserSystemDirectory(userId); 1776 } 1777 1778 void powerManagerGoToSleep(long time, int reason, int flags) { 1779 mContext.getSystemService(PowerManager.class).goToSleep(time, reason, flags); 1780 } 1781 1782 void powerManagerReboot(String reason) { 1783 mContext.getSystemService(PowerManager.class).reboot(reason); 1784 } 1785 1786 void recoverySystemRebootWipeUserData(boolean shutdown, String reason, boolean force, 1787 boolean wipeEuicc) throws IOException { 1788 RecoverySystem.rebootWipeUserData(mContext, shutdown, reason, force, wipeEuicc); 1789 } 1790 1791 boolean systemPropertiesGetBoolean(String key, boolean def) { 1792 return SystemProperties.getBoolean(key, def); 1793 } 1794 1795 long systemPropertiesGetLong(String key, long def) { 1796 return SystemProperties.getLong(key, def); 1797 } 1798 1799 String systemPropertiesGet(String key, String def) { 1800 return SystemProperties.get(key, def); 1801 } 1802 1803 String systemPropertiesGet(String key) { 1804 return SystemProperties.get(key); 1805 } 1806 1807 void systemPropertiesSet(String key, String value) { 1808 SystemProperties.set(key, value); 1809 } 1810 1811 boolean userManagerIsSplitSystemUser() { 1812 return UserManager.isSplitSystemUser(); 1813 } 1814 1815 String getDevicePolicyFilePathForSystemUser() { 1816 return "/data/system/"; 1817 } 1818 1819 PendingIntent pendingIntentGetActivityAsUser(Context context, int requestCode, 1820 @NonNull Intent intent, int flags, Bundle options, UserHandle user) { 1821 return PendingIntent.getActivityAsUser( 1822 context, requestCode, intent, flags, options, user); 1823 } 1824 1825 void registerContentObserver(Uri uri, boolean notifyForDescendents, 1826 ContentObserver observer, int userHandle) { 1827 mContext.getContentResolver().registerContentObserver(uri, notifyForDescendents, 1828 observer, userHandle); 1829 } 1830 1831 int settingsSecureGetIntForUser(String name, int def, int userHandle) { 1832 return Settings.Secure.getIntForUser(mContext.getContentResolver(), 1833 name, def, userHandle); 1834 } 1835 1836 String settingsSecureGetStringForUser(String name, int userHandle) { 1837 return Settings.Secure.getStringForUser(mContext.getContentResolver(), name, 1838 userHandle); 1839 } 1840 1841 void settingsSecurePutIntForUser(String name, int value, int userHandle) { 1842 Settings.Secure.putIntForUser(mContext.getContentResolver(), 1843 name, value, userHandle); 1844 } 1845 1846 void settingsSecurePutStringForUser(String name, String value, int userHandle) { 1847 Settings.Secure.putStringForUser(mContext.getContentResolver(), 1848 name, value, userHandle); 1849 } 1850 1851 void settingsGlobalPutStringForUser(String name, String value, int userHandle) { 1852 Settings.Global.putStringForUser(mContext.getContentResolver(), 1853 name, value, userHandle); 1854 } 1855 1856 void settingsSecurePutInt(String name, int value) { 1857 Settings.Secure.putInt(mContext.getContentResolver(), name, value); 1858 } 1859 1860 int settingsGlobalGetInt(String name, int def) { 1861 return Settings.Global.getInt(mContext.getContentResolver(), name, def); 1862 } 1863 1864 String settingsGlobalGetString(String name) { 1865 return Settings.Global.getString(mContext.getContentResolver(), name); 1866 } 1867 1868 void settingsGlobalPutInt(String name, int value) { 1869 Settings.Global.putInt(mContext.getContentResolver(), name, value); 1870 } 1871 1872 void settingsSecurePutString(String name, String value) { 1873 Settings.Secure.putString(mContext.getContentResolver(), name, value); 1874 } 1875 1876 void settingsGlobalPutString(String name, String value) { 1877 Settings.Global.putString(mContext.getContentResolver(), name, value); 1878 } 1879 1880 void settingsSystemPutString(String name, String value) { 1881 Settings.System.putString(mContext.getContentResolver(), name, value); 1882 } 1883 1884 void securityLogSetLoggingEnabledProperty(boolean enabled) { 1885 SecurityLog.setLoggingEnabledProperty(enabled); 1886 } 1887 1888 boolean securityLogGetLoggingEnabledProperty() { 1889 return SecurityLog.getLoggingEnabledProperty(); 1890 } 1891 1892 boolean securityLogIsLoggingEnabled() { 1893 return SecurityLog.isLoggingEnabled(); 1894 } 1895 1896 KeyChainConnection keyChainBindAsUser(UserHandle user) throws InterruptedException { 1897 return KeyChain.bindAsUser(mContext, user); 1898 } 1899 } 1900 1901 /** 1902 * Instantiates the service. 1903 */ 1904 public DevicePolicyManagerService(Context context) { 1905 this(new Injector(context)); 1906 } 1907 1908 @VisibleForTesting 1909 DevicePolicyManagerService(Injector injector) { 1910 mInjector = injector; 1911 mContext = Preconditions.checkNotNull(injector.mContext); 1912 mHandler = new Handler(Preconditions.checkNotNull(injector.getMyLooper())); 1913 mConstants = DevicePolicyConstants.loadFromString( 1914 mInjector.settingsGlobalGetString(Global.DEVICE_POLICY_CONSTANTS)); 1915 1916 mOwners = Preconditions.checkNotNull(injector.newOwners()); 1917 1918 mUserManager = Preconditions.checkNotNull(injector.getUserManager()); 1919 mUserManagerInternal = Preconditions.checkNotNull(injector.getUserManagerInternal()); 1920 mIPackageManager = Preconditions.checkNotNull(injector.getIPackageManager()); 1921 mTelephonyManager = Preconditions.checkNotNull(injector.getTelephonyManager()); 1922 1923 mLocalService = new LocalService(); 1924 mLockPatternUtils = injector.newLockPatternUtils(); 1925 1926 // TODO: why does SecurityLogMonitor need to be created even when mHasFeature == false? 1927 mSecurityLogMonitor = new SecurityLogMonitor(this); 1928 1929 mHasFeature = mInjector.hasFeature(); 1930 mIsWatch = mInjector.getPackageManager() 1931 .hasSystemFeature(PackageManager.FEATURE_WATCH); 1932 mBackgroundHandler = BackgroundThread.getHandler(); 1933 1934 // Needed when mHasFeature == false, because it controls the certificate warning text. 1935 mCertificateMonitor = new CertificateMonitor(this, mInjector, mBackgroundHandler); 1936 1937 mDeviceAdminServiceController = new DeviceAdminServiceController(this, mConstants); 1938 1939 mOverlayPackagesProvider = new OverlayPackagesProvider(mContext); 1940 1941 if (!mHasFeature) { 1942 // Skip the rest of the initialization 1943 return; 1944 } 1945 1946 IntentFilter filter = new IntentFilter(); 1947 filter.addAction(Intent.ACTION_BOOT_COMPLETED); 1948 filter.addAction(ACTION_EXPIRED_PASSWORD_NOTIFICATION); 1949 filter.addAction(Intent.ACTION_USER_ADDED); 1950 filter.addAction(Intent.ACTION_USER_REMOVED); 1951 filter.addAction(Intent.ACTION_USER_STARTED); 1952 filter.addAction(Intent.ACTION_USER_UNLOCKED); 1953 filter.setPriority(IntentFilter.SYSTEM_HIGH_PRIORITY); 1954 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 1955 filter = new IntentFilter(); 1956 filter.addAction(Intent.ACTION_PACKAGE_CHANGED); 1957 filter.addAction(Intent.ACTION_PACKAGE_REMOVED); 1958 filter.addAction(Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE); 1959 filter.addAction(Intent.ACTION_PACKAGE_ADDED); 1960 filter.addDataScheme("package"); 1961 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 1962 filter = new IntentFilter(); 1963 filter.addAction(Intent.ACTION_MANAGED_PROFILE_ADDED); 1964 mContext.registerReceiverAsUser(mReceiver, UserHandle.ALL, filter, null, mHandler); 1965 1966 LocalServices.addService(DevicePolicyManagerInternal.class, mLocalService); 1967 1968 mSetupContentObserver = new SetupContentObserver(mHandler); 1969 } 1970 1971 /** 1972 * Creates and loads the policy data from xml. 1973 * @param userHandle the user for whom to load the policy data 1974 * @return 1975 */ 1976 @NonNull 1977 DevicePolicyData getUserData(int userHandle) { 1978 synchronized (this) { 1979 DevicePolicyData policy = mUserData.get(userHandle); 1980 if (policy == null) { 1981 policy = new DevicePolicyData(userHandle); 1982 mUserData.append(userHandle, policy); 1983 loadSettingsLocked(policy, userHandle); 1984 } 1985 return policy; 1986 } 1987 } 1988 1989 /** 1990 * Creates and loads the policy data from xml for data that is shared between 1991 * various profiles of a user. In contrast to {@link #getUserData(int)} 1992 * it allows access to data of users other than the calling user. 1993 * 1994 * This function should only be used for shared data, e.g. everything regarding 1995 * passwords and should be removed once multiple screen locks are present. 1996 * @param userHandle the user for whom to load the policy data 1997 * @return 1998 */ 1999 DevicePolicyData getUserDataUnchecked(int userHandle) { 2000 long ident = mInjector.binderClearCallingIdentity(); 2001 try { 2002 return getUserData(userHandle); 2003 } finally { 2004 mInjector.binderRestoreCallingIdentity(ident); 2005 } 2006 } 2007 2008 void removeUserData(int userHandle) { 2009 synchronized (this) { 2010 if (userHandle == UserHandle.USER_SYSTEM) { 2011 Slog.w(LOG_TAG, "Tried to remove device policy file for user 0! Ignoring."); 2012 return; 2013 } 2014 mOwners.removeProfileOwner(userHandle); 2015 mOwners.writeProfileOwner(userHandle); 2016 2017 DevicePolicyData policy = mUserData.get(userHandle); 2018 if (policy != null) { 2019 mUserData.remove(userHandle); 2020 } 2021 File policyFile = new File(mInjector.environmentGetUserSystemDirectory(userHandle), 2022 DEVICE_POLICIES_XML); 2023 policyFile.delete(); 2024 Slog.i(LOG_TAG, "Removed device policy file " + policyFile.getAbsolutePath()); 2025 } 2026 updateScreenCaptureDisabledInWindowManager(userHandle, false /* default value */); 2027 } 2028 2029 void loadOwners() { 2030 synchronized (this) { 2031 mOwners.load(); 2032 setDeviceOwnerSystemPropertyLocked(); 2033 findOwnerComponentIfNecessaryLocked(); 2034 migrateUserRestrictionsIfNecessaryLocked(); 2035 maybeSetDefaultDeviceOwnerUserRestrictionsLocked(); 2036 2037 // TODO PO may not have a class name either due to b/17652534. Address that too. 2038 2039 updateDeviceOwnerLocked(); 2040 } 2041 } 2042 2043 /** Apply default restrictions that haven't been applied to device owners yet. */ 2044 private void maybeSetDefaultDeviceOwnerUserRestrictionsLocked() { 2045 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 2046 if (deviceOwner != null) { 2047 maybeSetDefaultRestrictionsForAdminLocked(mOwners.getDeviceOwnerUserId(), 2048 deviceOwner, UserRestrictionsUtils.getDefaultEnabledForDeviceOwner()); 2049 } 2050 } 2051 2052 /** Apply default restrictions that haven't been applied to profile owners yet. */ 2053 private void maybeSetDefaultProfileOwnerUserRestrictions() { 2054 synchronized (this) { 2055 for (final int userId : mOwners.getProfileOwnerKeys()) { 2056 final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 2057 // The following restrictions used to be applied to managed profiles by different 2058 // means (via Settings or by disabling components). Now they are proper user 2059 // restrictions so we apply them to managed profile owners. Non-managed secondary 2060 // users didn't have those restrictions so we skip them to keep existing behavior. 2061 if (profileOwner == null || !mUserManager.isManagedProfile(userId)) { 2062 continue; 2063 } 2064 maybeSetDefaultRestrictionsForAdminLocked(userId, profileOwner, 2065 UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); 2066 ensureUnknownSourcesRestrictionForProfileOwnerLocked( 2067 userId, profileOwner, false /* newOwner */); 2068 } 2069 } 2070 } 2071 2072 /** 2073 * Checks whether {@link UserManager#DISALLOW_INSTALL_UNKNOWN_SOURCES} should be added to the 2074 * set of restrictions for this profile owner. 2075 */ 2076 private void ensureUnknownSourcesRestrictionForProfileOwnerLocked(int userId, 2077 ActiveAdmin profileOwner, boolean newOwner) { 2078 if (newOwner || mInjector.settingsSecureGetIntForUser( 2079 Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId) != 0) { 2080 profileOwner.ensureUserRestrictions().putBoolean( 2081 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, true); 2082 saveUserRestrictionsLocked(userId); 2083 mInjector.settingsSecurePutIntForUser( 2084 Settings.Secure.UNKNOWN_SOURCES_DEFAULT_REVERSED, 0, userId); 2085 } 2086 } 2087 2088 /** 2089 * Apply default restrictions that haven't been applied to a given admin yet. 2090 */ 2091 private void maybeSetDefaultRestrictionsForAdminLocked( 2092 int userId, ActiveAdmin admin, Set<String> defaultRestrictions) { 2093 if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) { 2094 return; // The same set of default restrictions has been already applied. 2095 } 2096 Slog.i(LOG_TAG, "New user restrictions need to be set by default for user " + userId); 2097 2098 if (VERBOSE_LOG) { 2099 Slog.d(LOG_TAG,"Default enabled restrictions: " 2100 + defaultRestrictions 2101 + ". Restrictions already enabled: " 2102 + admin.defaultEnabledRestrictionsAlreadySet); 2103 } 2104 2105 final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions); 2106 restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet); 2107 if (!restrictionsToSet.isEmpty()) { 2108 for (final String restriction : restrictionsToSet) { 2109 admin.ensureUserRestrictions().putBoolean(restriction, true); 2110 } 2111 admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet); 2112 Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet); 2113 saveUserRestrictionsLocked(userId); 2114 } 2115 } 2116 2117 private void setDeviceOwnerSystemPropertyLocked() { 2118 final boolean deviceProvisioned = 2119 mInjector.settingsGlobalGetInt(Settings.Global.DEVICE_PROVISIONED, 0) != 0; 2120 final boolean hasDeviceOwner = mOwners.hasDeviceOwner(); 2121 // If the device is not provisioned and there is currently no device owner, do not set the 2122 // read-only system property yet, since Device owner may still be provisioned. 2123 if (!hasDeviceOwner && !deviceProvisioned) { 2124 return; 2125 } 2126 // Still at the first stage of CryptKeeper double bounce, mOwners.hasDeviceOwner is 2127 // always false at this point. 2128 if (StorageManager.inCryptKeeperBounce()) { 2129 return; 2130 } 2131 2132 if (!mInjector.systemPropertiesGet(PROPERTY_DEVICE_OWNER_PRESENT, "").isEmpty()) { 2133 Slog.w(LOG_TAG, "Trying to set ro.device_owner, but it has already been set?"); 2134 } else { 2135 final String value = Boolean.toString(hasDeviceOwner); 2136 mInjector.systemPropertiesSet(PROPERTY_DEVICE_OWNER_PRESENT, value); 2137 Slog.i(LOG_TAG, "Set ro.device_owner property to " + value); 2138 2139 if (hasDeviceOwner && mInjector.securityLogGetLoggingEnabledProperty()) { 2140 mSecurityLogMonitor.start(); 2141 maybePauseDeviceWideLoggingLocked(); 2142 } 2143 } 2144 } 2145 2146 private void findOwnerComponentIfNecessaryLocked() { 2147 if (!mOwners.hasDeviceOwner()) { 2148 return; 2149 } 2150 final ComponentName doComponentName = mOwners.getDeviceOwnerComponent(); 2151 2152 if (!TextUtils.isEmpty(doComponentName.getClassName())) { 2153 return; // Already a full component name. 2154 } 2155 2156 final ComponentName doComponent = findAdminComponentWithPackageLocked( 2157 doComponentName.getPackageName(), 2158 mOwners.getDeviceOwnerUserId()); 2159 if (doComponent == null) { 2160 Slog.e(LOG_TAG, "Device-owner isn't registered as device-admin"); 2161 } else { 2162 mOwners.setDeviceOwnerWithRestrictionsMigrated( 2163 doComponent, 2164 mOwners.getDeviceOwnerName(), 2165 mOwners.getDeviceOwnerUserId(), 2166 !mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()); 2167 mOwners.writeDeviceOwner(); 2168 if (VERBOSE_LOG) { 2169 Log.v(LOG_TAG, "Device owner component filled in"); 2170 } 2171 } 2172 } 2173 2174 /** 2175 * We didn't use to persist user restrictions for each owners but only persisted in user 2176 * manager. 2177 */ 2178 private void migrateUserRestrictionsIfNecessaryLocked() { 2179 boolean migrated = false; 2180 // Migrate for the DO. Basically all restrictions should be considered to be set by DO, 2181 // except for the "system controlled" ones. 2182 if (mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()) { 2183 if (VERBOSE_LOG) { 2184 Log.v(LOG_TAG, "Migrating DO user restrictions"); 2185 } 2186 migrated = true; 2187 2188 // Migrate user 0 restrictions to DO. 2189 final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 2190 2191 migrateUserRestrictionsForUser(UserHandle.SYSTEM, deviceOwnerAdmin, 2192 /* exceptionList =*/ null, /* isDeviceOwner =*/ true); 2193 2194 // Push DO user restrictions to user manager. 2195 pushUserRestrictions(UserHandle.USER_SYSTEM); 2196 2197 mOwners.setDeviceOwnerUserRestrictionsMigrated(); 2198 } 2199 2200 // Migrate for POs. 2201 2202 // The following restrictions can be set on secondary users by the device owner, so we 2203 // assume they're not from the PO. 2204 final Set<String> secondaryUserExceptionList = Sets.newArraySet( 2205 UserManager.DISALLOW_OUTGOING_CALLS, 2206 UserManager.DISALLOW_SMS); 2207 2208 for (UserInfo ui : mUserManager.getUsers()) { 2209 final int userId = ui.id; 2210 if (mOwners.getProfileOwnerUserRestrictionsNeedsMigration(userId)) { 2211 if (VERBOSE_LOG) { 2212 Log.v(LOG_TAG, "Migrating PO user restrictions for user " + userId); 2213 } 2214 migrated = true; 2215 2216 final ActiveAdmin profileOwnerAdmin = getProfileOwnerAdminLocked(userId); 2217 2218 final Set<String> exceptionList = 2219 (userId == UserHandle.USER_SYSTEM) ? null : secondaryUserExceptionList; 2220 2221 migrateUserRestrictionsForUser(ui.getUserHandle(), profileOwnerAdmin, 2222 exceptionList, /* isDeviceOwner =*/ false); 2223 2224 // Note if a secondary user has no PO but has a DA that disables camera, we 2225 // don't get here and won't push the camera user restriction to UserManager 2226 // here. That's okay because we'll push user restrictions anyway when a user 2227 // starts. But we still do it because we want to let user manager persist 2228 // upon migration. 2229 pushUserRestrictions(userId); 2230 2231 mOwners.setProfileOwnerUserRestrictionsMigrated(userId); 2232 } 2233 } 2234 if (VERBOSE_LOG && migrated) { 2235 Log.v(LOG_TAG, "User restrictions migrated."); 2236 } 2237 } 2238 2239 private void migrateUserRestrictionsForUser(UserHandle user, ActiveAdmin admin, 2240 Set<String> exceptionList, boolean isDeviceOwner) { 2241 final Bundle origRestrictions = mUserManagerInternal.getBaseUserRestrictions( 2242 user.getIdentifier()); 2243 2244 final Bundle newBaseRestrictions = new Bundle(); 2245 final Bundle newOwnerRestrictions = new Bundle(); 2246 2247 for (String key : origRestrictions.keySet()) { 2248 if (!origRestrictions.getBoolean(key)) { 2249 continue; 2250 } 2251 final boolean canOwnerChange = isDeviceOwner 2252 ? UserRestrictionsUtils.canDeviceOwnerChange(key) 2253 : UserRestrictionsUtils.canProfileOwnerChange(key, user.getIdentifier()); 2254 2255 if (!canOwnerChange || (exceptionList!= null && exceptionList.contains(key))) { 2256 newBaseRestrictions.putBoolean(key, true); 2257 } else { 2258 newOwnerRestrictions.putBoolean(key, true); 2259 } 2260 } 2261 2262 if (VERBOSE_LOG) { 2263 Log.v(LOG_TAG, "origRestrictions=" + origRestrictions); 2264 Log.v(LOG_TAG, "newBaseRestrictions=" + newBaseRestrictions); 2265 Log.v(LOG_TAG, "newOwnerRestrictions=" + newOwnerRestrictions); 2266 } 2267 mUserManagerInternal.setBaseUserRestrictionsByDpmsForMigration(user.getIdentifier(), 2268 newBaseRestrictions); 2269 2270 if (admin != null) { 2271 admin.ensureUserRestrictions().clear(); 2272 admin.ensureUserRestrictions().putAll(newOwnerRestrictions); 2273 } else { 2274 Slog.w(LOG_TAG, "ActiveAdmin for DO/PO not found. user=" + user.getIdentifier()); 2275 } 2276 saveSettingsLocked(user.getIdentifier()); 2277 } 2278 2279 private ComponentName findAdminComponentWithPackageLocked(String packageName, int userId) { 2280 final DevicePolicyData policy = getUserData(userId); 2281 final int n = policy.mAdminList.size(); 2282 ComponentName found = null; 2283 int nFound = 0; 2284 for (int i = 0; i < n; i++) { 2285 final ActiveAdmin admin = policy.mAdminList.get(i); 2286 if (packageName.equals(admin.info.getPackageName())) { 2287 // Found! 2288 if (nFound == 0) { 2289 found = admin.info.getComponent(); 2290 } 2291 nFound++; 2292 } 2293 } 2294 if (nFound > 1) { 2295 Slog.w(LOG_TAG, "Multiple DA found; assume the first one is DO."); 2296 } 2297 return found; 2298 } 2299 2300 /** 2301 * Set an alarm for an upcoming event - expiration warning, expiration, or post-expiration 2302 * reminders. Clears alarm if no expirations are configured. 2303 */ 2304 private void setExpirationAlarmCheckLocked(Context context, int userHandle, boolean parent) { 2305 final long expiration = getPasswordExpirationLocked(null, userHandle, parent); 2306 final long now = System.currentTimeMillis(); 2307 final long timeToExpire = expiration - now; 2308 final long alarmTime; 2309 if (expiration == 0) { 2310 // No expirations are currently configured: Cancel alarm. 2311 alarmTime = 0; 2312 } else if (timeToExpire <= 0) { 2313 // The password has already expired: Repeat every 24 hours. 2314 alarmTime = now + MS_PER_DAY; 2315 } else { 2316 // Selecting the next alarm time: Roll forward to the next 24 hour multiple before 2317 // the expiration time. 2318 long alarmInterval = timeToExpire % MS_PER_DAY; 2319 if (alarmInterval == 0) { 2320 alarmInterval = MS_PER_DAY; 2321 } 2322 alarmTime = now + alarmInterval; 2323 } 2324 2325 long token = mInjector.binderClearCallingIdentity(); 2326 try { 2327 int affectedUserHandle = parent ? getProfileParentId(userHandle) : userHandle; 2328 AlarmManager am = mInjector.getAlarmManager(); 2329 PendingIntent pi = PendingIntent.getBroadcastAsUser(context, REQUEST_EXPIRE_PASSWORD, 2330 new Intent(ACTION_EXPIRED_PASSWORD_NOTIFICATION), 2331 PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_UPDATE_CURRENT, 2332 UserHandle.of(affectedUserHandle)); 2333 am.cancel(pi); 2334 if (alarmTime != 0) { 2335 am.set(AlarmManager.RTC, alarmTime, pi); 2336 } 2337 } finally { 2338 mInjector.binderRestoreCallingIdentity(token); 2339 } 2340 } 2341 2342 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) { 2343 ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who); 2344 if (admin != null 2345 && who.getPackageName().equals(admin.info.getActivityInfo().packageName) 2346 && who.getClassName().equals(admin.info.getActivityInfo().name)) { 2347 return admin; 2348 } 2349 return null; 2350 } 2351 2352 ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle, boolean parent) { 2353 if (parent) { 2354 enforceManagedProfile(userHandle, "call APIs on the parent profile"); 2355 } 2356 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 2357 if (admin != null && parent) { 2358 admin = admin.getParentActiveAdmin(); 2359 } 2360 return admin; 2361 } 2362 2363 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy) 2364 throws SecurityException { 2365 final int callingUid = mInjector.binderGetCallingUid(); 2366 2367 ActiveAdmin result = getActiveAdminWithPolicyForUidLocked(who, reqPolicy, callingUid); 2368 if (result != null) { 2369 return result; 2370 } 2371 2372 if (who != null) { 2373 final int userId = UserHandle.getUserId(callingUid); 2374 final DevicePolicyData policy = getUserData(userId); 2375 ActiveAdmin admin = policy.mAdminMap.get(who); 2376 if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { 2377 throw new SecurityException("Admin " + admin.info.getComponent() 2378 + " does not own the device"); 2379 } 2380 if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { 2381 throw new SecurityException("Admin " + admin.info.getComponent() 2382 + " does not own the profile"); 2383 } 2384 throw new SecurityException("Admin " + admin.info.getComponent() 2385 + " did not specify uses-policy for: " 2386 + admin.info.getTagForPolicy(reqPolicy)); 2387 } else { 2388 throw new SecurityException("No active admin owned by uid " 2389 + mInjector.binderGetCallingUid() + " for policy #" + reqPolicy); 2390 } 2391 } 2392 2393 ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy, boolean parent) 2394 throws SecurityException { 2395 if (parent) { 2396 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), 2397 "call APIs on the parent profile"); 2398 } 2399 ActiveAdmin admin = getActiveAdminForCallerLocked(who, reqPolicy); 2400 return parent ? admin.getParentActiveAdmin() : admin; 2401 } 2402 /** 2403 * Find the admin for the component and userId bit of the uid, then check 2404 * the admin's uid matches the uid. 2405 */ 2406 private ActiveAdmin getActiveAdminForUidLocked(ComponentName who, int uid) { 2407 final int userId = UserHandle.getUserId(uid); 2408 final DevicePolicyData policy = getUserData(userId); 2409 ActiveAdmin admin = policy.mAdminMap.get(who); 2410 if (admin == null) { 2411 throw new SecurityException("No active admin " + who); 2412 } 2413 if (admin.getUid() != uid) { 2414 throw new SecurityException("Admin " + who + " is not owned by uid " + uid); 2415 } 2416 return admin; 2417 } 2418 2419 private ActiveAdmin getActiveAdminWithPolicyForUidLocked(ComponentName who, int reqPolicy, 2420 int uid) { 2421 // Try to find an admin which can use reqPolicy 2422 final int userId = UserHandle.getUserId(uid); 2423 final DevicePolicyData policy = getUserData(userId); 2424 if (who != null) { 2425 ActiveAdmin admin = policy.mAdminMap.get(who); 2426 if (admin == null) { 2427 throw new SecurityException("No active admin " + who); 2428 } 2429 if (admin.getUid() != uid) { 2430 throw new SecurityException("Admin " + who + " is not owned by uid " + uid); 2431 } 2432 if (isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, userId)) { 2433 return admin; 2434 } 2435 } else { 2436 for (ActiveAdmin admin : policy.mAdminList) { 2437 if (admin.getUid() == uid && isActiveAdminWithPolicyForUserLocked(admin, reqPolicy, 2438 userId)) { 2439 return admin; 2440 } 2441 } 2442 } 2443 2444 return null; 2445 } 2446 2447 @VisibleForTesting 2448 boolean isActiveAdminWithPolicyForUserLocked(ActiveAdmin admin, int reqPolicy, 2449 int userId) { 2450 final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userId); 2451 final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userId); 2452 2453 if (reqPolicy == DeviceAdminInfo.USES_POLICY_DEVICE_OWNER) { 2454 return ownsDevice; 2455 } else if (reqPolicy == DeviceAdminInfo.USES_POLICY_PROFILE_OWNER) { 2456 // DO always has the PO power. 2457 return ownsDevice || ownsProfile; 2458 } else { 2459 return admin.info.usesPolicy(reqPolicy); 2460 } 2461 } 2462 2463 void sendAdminCommandLocked(ActiveAdmin admin, String action) { 2464 sendAdminCommandLocked(admin, action, null); 2465 } 2466 2467 void sendAdminCommandLocked(ActiveAdmin admin, String action, BroadcastReceiver result) { 2468 sendAdminCommandLocked(admin, action, null, result); 2469 } 2470 2471 void sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras, 2472 BroadcastReceiver result) { 2473 sendAdminCommandLocked(admin, action, adminExtras, result, false); 2474 } 2475 2476 /** 2477 * Send an update to one specific admin, get notified when that admin returns a result. 2478 * 2479 * @return whether the broadcast was successfully sent 2480 */ 2481 boolean sendAdminCommandLocked(ActiveAdmin admin, String action, Bundle adminExtras, 2482 BroadcastReceiver result, boolean inForeground) { 2483 Intent intent = new Intent(action); 2484 intent.setComponent(admin.info.getComponent()); 2485 if (UserManager.isDeviceInDemoMode(mContext)) { 2486 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 2487 } 2488 if (action.equals(DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING)) { 2489 intent.putExtra("expiration", admin.passwordExpirationDate); 2490 } 2491 if (inForeground) { 2492 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 2493 } 2494 if (adminExtras != null) { 2495 intent.putExtras(adminExtras); 2496 } 2497 if (mInjector.getPackageManager().queryBroadcastReceiversAsUser( 2498 intent, 2499 PackageManager.MATCH_DEBUG_TRIAGED_MISSING, 2500 admin.getUserHandle()).isEmpty()) { 2501 return false; 2502 } 2503 if (result != null) { 2504 mContext.sendOrderedBroadcastAsUser(intent, admin.getUserHandle(), 2505 null, result, mHandler, Activity.RESULT_OK, null, null); 2506 } else { 2507 mContext.sendBroadcastAsUser(intent, admin.getUserHandle()); 2508 } 2509 return true; 2510 } 2511 2512 /** 2513 * Send an update to all admins of a user that enforce a specified policy. 2514 */ 2515 void sendAdminCommandLocked(String action, int reqPolicy, int userHandle, Bundle adminExtras) { 2516 final DevicePolicyData policy = getUserData(userHandle); 2517 final int count = policy.mAdminList.size(); 2518 for (int i = 0; i < count; i++) { 2519 final ActiveAdmin admin = policy.mAdminList.get(i); 2520 if (admin.info.usesPolicy(reqPolicy)) { 2521 sendAdminCommandLocked(admin, action, adminExtras, null); 2522 } 2523 } 2524 } 2525 2526 /** 2527 * Send an update intent to all admins of a user and its profiles. Only send to admins that 2528 * enforce a specified policy. 2529 */ 2530 private void sendAdminCommandToSelfAndProfilesLocked(String action, int reqPolicy, 2531 int userHandle, Bundle adminExtras) { 2532 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userHandle); 2533 for (int profileId : profileIds) { 2534 sendAdminCommandLocked(action, reqPolicy, profileId, adminExtras); 2535 } 2536 } 2537 2538 /** 2539 * Sends a broadcast to each profile that share the password unlock with the given user id. 2540 */ 2541 private void sendAdminCommandForLockscreenPoliciesLocked( 2542 String action, int reqPolicy, int userHandle) { 2543 final Bundle extras = new Bundle(); 2544 extras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 2545 if (isSeparateProfileChallengeEnabled(userHandle)) { 2546 sendAdminCommandLocked(action, reqPolicy, userHandle, extras); 2547 } else { 2548 sendAdminCommandToSelfAndProfilesLocked(action, reqPolicy, userHandle, extras); 2549 } 2550 } 2551 2552 void removeActiveAdminLocked(final ComponentName adminReceiver, final int userHandle) { 2553 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 2554 DevicePolicyData policy = getUserData(userHandle); 2555 if (admin != null && !policy.mRemovingAdmins.contains(adminReceiver)) { 2556 policy.mRemovingAdmins.add(adminReceiver); 2557 sendAdminCommandLocked(admin, 2558 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED, 2559 new BroadcastReceiver() { 2560 @Override 2561 public void onReceive(Context context, Intent intent) { 2562 removeAdminArtifacts(adminReceiver, userHandle); 2563 removePackageIfRequired(adminReceiver.getPackageName(), userHandle); 2564 } 2565 }); 2566 } 2567 } 2568 2569 2570 public DeviceAdminInfo findAdmin(ComponentName adminName, int userHandle, 2571 boolean throwForMissingPermission) { 2572 if (!mHasFeature) { 2573 return null; 2574 } 2575 enforceFullCrossUsersPermission(userHandle); 2576 ActivityInfo ai = null; 2577 try { 2578 ai = mIPackageManager.getReceiverInfo(adminName, 2579 PackageManager.GET_META_DATA | 2580 PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS | 2581 PackageManager.MATCH_DIRECT_BOOT_AWARE | 2582 PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userHandle); 2583 } catch (RemoteException e) { 2584 // shouldn't happen. 2585 } 2586 if (ai == null) { 2587 throw new IllegalArgumentException("Unknown admin: " + adminName); 2588 } 2589 2590 if (!permission.BIND_DEVICE_ADMIN.equals(ai.permission)) { 2591 final String message = "DeviceAdminReceiver " + adminName + " must be protected with " 2592 + permission.BIND_DEVICE_ADMIN; 2593 Slog.w(LOG_TAG, message); 2594 if (throwForMissingPermission && 2595 ai.applicationInfo.targetSdkVersion > Build.VERSION_CODES.M) { 2596 throw new IllegalArgumentException(message); 2597 } 2598 } 2599 2600 try { 2601 return new DeviceAdminInfo(mContext, ai); 2602 } catch (XmlPullParserException | IOException e) { 2603 Slog.w(LOG_TAG, "Bad device admin requested for user=" + userHandle + ": " + adminName, 2604 e); 2605 return null; 2606 } 2607 } 2608 2609 private File getPolicyFileDirectory(@UserIdInt int userId) { 2610 return userId == UserHandle.USER_SYSTEM 2611 ? new File(mInjector.getDevicePolicyFilePathForSystemUser()) 2612 : mInjector.environmentGetUserSystemDirectory(userId); 2613 } 2614 2615 private JournaledFile makeJournaledFile(@UserIdInt int userId) { 2616 final String base = new File(getPolicyFileDirectory(userId), DEVICE_POLICIES_XML) 2617 .getAbsolutePath(); 2618 if (VERBOSE_LOG) { 2619 Log.v(LOG_TAG, "Opening " + base); 2620 } 2621 return new JournaledFile(new File(base), new File(base + ".tmp")); 2622 } 2623 2624 private void saveSettingsLocked(int userHandle) { 2625 DevicePolicyData policy = getUserData(userHandle); 2626 JournaledFile journal = makeJournaledFile(userHandle); 2627 FileOutputStream stream = null; 2628 try { 2629 stream = new FileOutputStream(journal.chooseForWrite(), false); 2630 XmlSerializer out = new FastXmlSerializer(); 2631 out.setOutput(stream, StandardCharsets.UTF_8.name()); 2632 out.startDocument(null, true); 2633 2634 out.startTag(null, "policies"); 2635 if (policy.mRestrictionsProvider != null) { 2636 out.attribute(null, ATTR_PERMISSION_PROVIDER, 2637 policy.mRestrictionsProvider.flattenToString()); 2638 } 2639 if (policy.mUserSetupComplete) { 2640 out.attribute(null, ATTR_SETUP_COMPLETE, 2641 Boolean.toString(true)); 2642 } 2643 if (policy.mPaired) { 2644 out.attribute(null, ATTR_DEVICE_PAIRED, 2645 Boolean.toString(true)); 2646 } 2647 if (policy.mDeviceProvisioningConfigApplied) { 2648 out.attribute(null, ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED, 2649 Boolean.toString(true)); 2650 } 2651 if (policy.mUserProvisioningState != DevicePolicyManager.STATE_USER_UNMANAGED) { 2652 out.attribute(null, ATTR_PROVISIONING_STATE, 2653 Integer.toString(policy.mUserProvisioningState)); 2654 } 2655 if (policy.mPermissionPolicy != DevicePolicyManager.PERMISSION_POLICY_PROMPT) { 2656 out.attribute(null, ATTR_PERMISSION_POLICY, 2657 Integer.toString(policy.mPermissionPolicy)); 2658 } 2659 2660 // Serialize delegations. 2661 for (int i = 0; i < policy.mDelegationMap.size(); ++i) { 2662 final String delegatePackage = policy.mDelegationMap.keyAt(i); 2663 final List<String> scopes = policy.mDelegationMap.valueAt(i); 2664 2665 // Every "delegation" tag serializes the information of one delegate-scope pair. 2666 for (String scope : scopes) { 2667 out.startTag(null, "delegation"); 2668 out.attribute(null, "delegatePackage", delegatePackage); 2669 out.attribute(null, "scope", scope); 2670 out.endTag(null, "delegation"); 2671 } 2672 } 2673 2674 final int N = policy.mAdminList.size(); 2675 for (int i=0; i<N; i++) { 2676 ActiveAdmin ap = policy.mAdminList.get(i); 2677 if (ap != null) { 2678 out.startTag(null, "admin"); 2679 out.attribute(null, "name", ap.info.getComponent().flattenToString()); 2680 ap.writeToXml(out); 2681 out.endTag(null, "admin"); 2682 } 2683 } 2684 2685 if (policy.mPasswordOwner >= 0) { 2686 out.startTag(null, "password-owner"); 2687 out.attribute(null, "value", Integer.toString(policy.mPasswordOwner)); 2688 out.endTag(null, "password-owner"); 2689 } 2690 2691 if (policy.mFailedPasswordAttempts != 0) { 2692 out.startTag(null, "failed-password-attempts"); 2693 out.attribute(null, "value", Integer.toString(policy.mFailedPasswordAttempts)); 2694 out.endTag(null, "failed-password-attempts"); 2695 } 2696 2697 // For FDE devices only, we save this flag so we can report on password sufficiency 2698 // before the user enters their password for the first time after a reboot. For 2699 // security reasons, we don't want to store the full set of active password metrics. 2700 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 2701 out.startTag(null, TAG_PASSWORD_VALIDITY); 2702 out.attribute(null, ATTR_VALUE, 2703 Boolean.toString(policy.mPasswordValidAtLastCheckpoint)); 2704 out.endTag(null, TAG_PASSWORD_VALIDITY); 2705 } 2706 2707 for (int i = 0; i < policy.mAcceptedCaCertificates.size(); i++) { 2708 out.startTag(null, TAG_ACCEPTED_CA_CERTIFICATES); 2709 out.attribute(null, ATTR_NAME, policy.mAcceptedCaCertificates.valueAt(i)); 2710 out.endTag(null, TAG_ACCEPTED_CA_CERTIFICATES); 2711 } 2712 2713 for (int i=0; i<policy.mLockTaskPackages.size(); i++) { 2714 String component = policy.mLockTaskPackages.get(i); 2715 out.startTag(null, TAG_LOCK_TASK_COMPONENTS); 2716 out.attribute(null, "name", component); 2717 out.endTag(null, TAG_LOCK_TASK_COMPONENTS); 2718 } 2719 2720 if (policy.mLockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE) { 2721 out.startTag(null, TAG_LOCK_TASK_FEATURES); 2722 out.attribute(null, ATTR_VALUE, Integer.toString(policy.mLockTaskFeatures)); 2723 out.endTag(null, TAG_LOCK_TASK_FEATURES); 2724 } 2725 2726 if (policy.mStatusBarDisabled) { 2727 out.startTag(null, TAG_STATUS_BAR); 2728 out.attribute(null, ATTR_DISABLED, Boolean.toString(policy.mStatusBarDisabled)); 2729 out.endTag(null, TAG_STATUS_BAR); 2730 } 2731 2732 if (policy.doNotAskCredentialsOnBoot) { 2733 out.startTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML); 2734 out.endTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML); 2735 } 2736 2737 for (String id : policy.mAffiliationIds) { 2738 out.startTag(null, TAG_AFFILIATION_ID); 2739 out.attribute(null, ATTR_ID, id); 2740 out.endTag(null, TAG_AFFILIATION_ID); 2741 } 2742 2743 if (policy.mLastSecurityLogRetrievalTime >= 0) { 2744 out.startTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL); 2745 out.attribute(null, ATTR_VALUE, 2746 Long.toString(policy.mLastSecurityLogRetrievalTime)); 2747 out.endTag(null, TAG_LAST_SECURITY_LOG_RETRIEVAL); 2748 } 2749 2750 if (policy.mLastBugReportRequestTime >= 0) { 2751 out.startTag(null, TAG_LAST_BUG_REPORT_REQUEST); 2752 out.attribute(null, ATTR_VALUE, 2753 Long.toString(policy.mLastBugReportRequestTime)); 2754 out.endTag(null, TAG_LAST_BUG_REPORT_REQUEST); 2755 } 2756 2757 if (policy.mLastNetworkLogsRetrievalTime >= 0) { 2758 out.startTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL); 2759 out.attribute(null, ATTR_VALUE, 2760 Long.toString(policy.mLastNetworkLogsRetrievalTime)); 2761 out.endTag(null, TAG_LAST_NETWORK_LOG_RETRIEVAL); 2762 } 2763 2764 if (policy.mAdminBroadcastPending) { 2765 out.startTag(null, TAG_ADMIN_BROADCAST_PENDING); 2766 out.attribute(null, ATTR_VALUE, 2767 Boolean.toString(policy.mAdminBroadcastPending)); 2768 out.endTag(null, TAG_ADMIN_BROADCAST_PENDING); 2769 } 2770 2771 if (policy.mInitBundle != null) { 2772 out.startTag(null, TAG_INITIALIZATION_BUNDLE); 2773 policy.mInitBundle.saveToXml(out); 2774 out.endTag(null, TAG_INITIALIZATION_BUNDLE); 2775 } 2776 2777 if (policy.mPasswordTokenHandle != 0) { 2778 out.startTag(null, TAG_PASSWORD_TOKEN_HANDLE); 2779 out.attribute(null, ATTR_VALUE, 2780 Long.toString(policy.mPasswordTokenHandle)); 2781 out.endTag(null, TAG_PASSWORD_TOKEN_HANDLE); 2782 } 2783 2784 if (policy.mCurrentInputMethodSet) { 2785 out.startTag(null, TAG_CURRENT_INPUT_METHOD_SET); 2786 out.endTag(null, TAG_CURRENT_INPUT_METHOD_SET); 2787 } 2788 2789 for (final String cert : policy.mOwnerInstalledCaCerts) { 2790 out.startTag(null, TAG_OWNER_INSTALLED_CA_CERT); 2791 out.attribute(null, ATTR_ALIAS, cert); 2792 out.endTag(null, TAG_OWNER_INSTALLED_CA_CERT); 2793 } 2794 2795 out.endTag(null, "policies"); 2796 2797 out.endDocument(); 2798 stream.flush(); 2799 FileUtils.sync(stream); 2800 stream.close(); 2801 journal.commit(); 2802 sendChangedNotification(userHandle); 2803 } catch (XmlPullParserException | IOException e) { 2804 Slog.w(LOG_TAG, "failed writing file", e); 2805 try { 2806 if (stream != null) { 2807 stream.close(); 2808 } 2809 } catch (IOException ex) { 2810 // Ignore 2811 } 2812 journal.rollback(); 2813 } 2814 } 2815 2816 private void sendChangedNotification(int userHandle) { 2817 Intent intent = new Intent(DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED); 2818 intent.setFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 2819 long ident = mInjector.binderClearCallingIdentity(); 2820 try { 2821 mContext.sendBroadcastAsUser(intent, new UserHandle(userHandle)); 2822 } finally { 2823 mInjector.binderRestoreCallingIdentity(ident); 2824 } 2825 } 2826 2827 private void loadSettingsLocked(DevicePolicyData policy, int userHandle) { 2828 JournaledFile journal = makeJournaledFile(userHandle); 2829 FileInputStream stream = null; 2830 File file = journal.chooseForRead(); 2831 boolean needsRewrite = false; 2832 try { 2833 stream = new FileInputStream(file); 2834 XmlPullParser parser = Xml.newPullParser(); 2835 parser.setInput(stream, StandardCharsets.UTF_8.name()); 2836 2837 int type; 2838 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT 2839 && type != XmlPullParser.START_TAG) { 2840 } 2841 String tag = parser.getName(); 2842 if (!"policies".equals(tag)) { 2843 throw new XmlPullParserException( 2844 "Settings do not start with policies tag: found " + tag); 2845 } 2846 2847 // Extract the permission provider component name if available 2848 String permissionProvider = parser.getAttributeValue(null, ATTR_PERMISSION_PROVIDER); 2849 if (permissionProvider != null) { 2850 policy.mRestrictionsProvider = ComponentName.unflattenFromString(permissionProvider); 2851 } 2852 String userSetupComplete = parser.getAttributeValue(null, ATTR_SETUP_COMPLETE); 2853 if (userSetupComplete != null && Boolean.toString(true).equals(userSetupComplete)) { 2854 policy.mUserSetupComplete = true; 2855 } 2856 String paired = parser.getAttributeValue(null, ATTR_DEVICE_PAIRED); 2857 if (paired != null && Boolean.toString(true).equals(paired)) { 2858 policy.mPaired = true; 2859 } 2860 String deviceProvisioningConfigApplied = parser.getAttributeValue(null, 2861 ATTR_DEVICE_PROVISIONING_CONFIG_APPLIED); 2862 if (deviceProvisioningConfigApplied != null 2863 && Boolean.toString(true).equals(deviceProvisioningConfigApplied)) { 2864 policy.mDeviceProvisioningConfigApplied = true; 2865 } 2866 String provisioningState = parser.getAttributeValue(null, ATTR_PROVISIONING_STATE); 2867 if (!TextUtils.isEmpty(provisioningState)) { 2868 policy.mUserProvisioningState = Integer.parseInt(provisioningState); 2869 } 2870 String permissionPolicy = parser.getAttributeValue(null, ATTR_PERMISSION_POLICY); 2871 if (!TextUtils.isEmpty(permissionPolicy)) { 2872 policy.mPermissionPolicy = Integer.parseInt(permissionPolicy); 2873 } 2874 // Check for delegation compatibility with pre-O. 2875 // TODO(edmanp) remove in P. 2876 { 2877 final String certDelegate = parser.getAttributeValue(null, 2878 ATTR_DELEGATED_CERT_INSTALLER); 2879 if (certDelegate != null) { 2880 List<String> scopes = policy.mDelegationMap.get(certDelegate); 2881 if (scopes == null) { 2882 scopes = new ArrayList<>(); 2883 policy.mDelegationMap.put(certDelegate, scopes); 2884 } 2885 if (!scopes.contains(DELEGATION_CERT_INSTALL)) { 2886 scopes.add(DELEGATION_CERT_INSTALL); 2887 needsRewrite = true; 2888 } 2889 } 2890 final String appRestrictionsDelegate = parser.getAttributeValue(null, 2891 ATTR_APPLICATION_RESTRICTIONS_MANAGER); 2892 if (appRestrictionsDelegate != null) { 2893 List<String> scopes = policy.mDelegationMap.get(appRestrictionsDelegate); 2894 if (scopes == null) { 2895 scopes = new ArrayList<>(); 2896 policy.mDelegationMap.put(appRestrictionsDelegate, scopes); 2897 } 2898 if (!scopes.contains(DELEGATION_APP_RESTRICTIONS)) { 2899 scopes.add(DELEGATION_APP_RESTRICTIONS); 2900 needsRewrite = true; 2901 } 2902 } 2903 } 2904 2905 type = parser.next(); 2906 int outerDepth = parser.getDepth(); 2907 policy.mLockTaskPackages.clear(); 2908 policy.mAdminList.clear(); 2909 policy.mAdminMap.clear(); 2910 policy.mAffiliationIds.clear(); 2911 policy.mOwnerInstalledCaCerts.clear(); 2912 while ((type=parser.next()) != XmlPullParser.END_DOCUMENT 2913 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 2914 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 2915 continue; 2916 } 2917 tag = parser.getName(); 2918 if ("admin".equals(tag)) { 2919 String name = parser.getAttributeValue(null, "name"); 2920 try { 2921 DeviceAdminInfo dai = findAdmin( 2922 ComponentName.unflattenFromString(name), userHandle, 2923 /* throwForMissingPermission= */ false); 2924 if (VERBOSE_LOG 2925 && (UserHandle.getUserId(dai.getActivityInfo().applicationInfo.uid) 2926 != userHandle)) { 2927 Slog.w(LOG_TAG, "findAdmin returned an incorrect uid " 2928 + dai.getActivityInfo().applicationInfo.uid + " for user " 2929 + userHandle); 2930 } 2931 if (dai != null) { 2932 ActiveAdmin ap = new ActiveAdmin(dai, /* parent */ false); 2933 ap.readFromXml(parser); 2934 policy.mAdminMap.put(ap.info.getComponent(), ap); 2935 } 2936 } catch (RuntimeException e) { 2937 Slog.w(LOG_TAG, "Failed loading admin " + name, e); 2938 } 2939 } else if ("delegation".equals(tag)) { 2940 // Parse delegation info. 2941 final String delegatePackage = parser.getAttributeValue(null, 2942 "delegatePackage"); 2943 final String scope = parser.getAttributeValue(null, "scope"); 2944 2945 // Get a reference to the scopes list for the delegatePackage. 2946 List<String> scopes = policy.mDelegationMap.get(delegatePackage); 2947 // Or make a new list if none was found. 2948 if (scopes == null) { 2949 scopes = new ArrayList<>(); 2950 policy.mDelegationMap.put(delegatePackage, scopes); 2951 } 2952 // Add the new scope to the list of delegatePackage if it's not already there. 2953 if (!scopes.contains(scope)) { 2954 scopes.add(scope); 2955 } 2956 } else if ("failed-password-attempts".equals(tag)) { 2957 policy.mFailedPasswordAttempts = Integer.parseInt( 2958 parser.getAttributeValue(null, "value")); 2959 } else if ("password-owner".equals(tag)) { 2960 policy.mPasswordOwner = Integer.parseInt( 2961 parser.getAttributeValue(null, "value")); 2962 } else if (TAG_ACCEPTED_CA_CERTIFICATES.equals(tag)) { 2963 policy.mAcceptedCaCertificates.add(parser.getAttributeValue(null, ATTR_NAME)); 2964 } else if (TAG_LOCK_TASK_COMPONENTS.equals(tag)) { 2965 policy.mLockTaskPackages.add(parser.getAttributeValue(null, "name")); 2966 } else if (TAG_LOCK_TASK_FEATURES.equals(tag)) { 2967 policy.mLockTaskFeatures = Integer.parseInt( 2968 parser.getAttributeValue(null, ATTR_VALUE)); 2969 } else if (TAG_STATUS_BAR.equals(tag)) { 2970 policy.mStatusBarDisabled = Boolean.parseBoolean( 2971 parser.getAttributeValue(null, ATTR_DISABLED)); 2972 } else if (DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML.equals(tag)) { 2973 policy.doNotAskCredentialsOnBoot = true; 2974 } else if (TAG_AFFILIATION_ID.equals(tag)) { 2975 policy.mAffiliationIds.add(parser.getAttributeValue(null, ATTR_ID)); 2976 } else if (TAG_LAST_SECURITY_LOG_RETRIEVAL.equals(tag)) { 2977 policy.mLastSecurityLogRetrievalTime = Long.parseLong( 2978 parser.getAttributeValue(null, ATTR_VALUE)); 2979 } else if (TAG_LAST_BUG_REPORT_REQUEST.equals(tag)) { 2980 policy.mLastBugReportRequestTime = Long.parseLong( 2981 parser.getAttributeValue(null, ATTR_VALUE)); 2982 } else if (TAG_LAST_NETWORK_LOG_RETRIEVAL.equals(tag)) { 2983 policy.mLastNetworkLogsRetrievalTime = Long.parseLong( 2984 parser.getAttributeValue(null, ATTR_VALUE)); 2985 } else if (TAG_ADMIN_BROADCAST_PENDING.equals(tag)) { 2986 String pending = parser.getAttributeValue(null, ATTR_VALUE); 2987 policy.mAdminBroadcastPending = Boolean.toString(true).equals(pending); 2988 } else if (TAG_INITIALIZATION_BUNDLE.equals(tag)) { 2989 policy.mInitBundle = PersistableBundle.restoreFromXml(parser); 2990 } else if ("active-password".equals(tag)) { 2991 // Remove password metrics from saved settings, as we no longer wish to store 2992 // these on disk 2993 needsRewrite = true; 2994 } else if (TAG_PASSWORD_VALIDITY.equals(tag)) { 2995 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 2996 // This flag is only used for FDE devices 2997 policy.mPasswordValidAtLastCheckpoint = Boolean.parseBoolean( 2998 parser.getAttributeValue(null, ATTR_VALUE)); 2999 } 3000 } else if (TAG_PASSWORD_TOKEN_HANDLE.equals(tag)) { 3001 policy.mPasswordTokenHandle = Long.parseLong( 3002 parser.getAttributeValue(null, ATTR_VALUE)); 3003 } else if (TAG_CURRENT_INPUT_METHOD_SET.equals(tag)) { 3004 policy.mCurrentInputMethodSet = true; 3005 } else if (TAG_OWNER_INSTALLED_CA_CERT.equals(tag)) { 3006 policy.mOwnerInstalledCaCerts.add(parser.getAttributeValue(null, ATTR_ALIAS)); 3007 } else { 3008 Slog.w(LOG_TAG, "Unknown tag: " + tag); 3009 XmlUtils.skipCurrentTag(parser); 3010 } 3011 } 3012 } catch (FileNotFoundException e) { 3013 // Don't be noisy, this is normal if we haven't defined any policies. 3014 } catch (NullPointerException | NumberFormatException | XmlPullParserException | IOException 3015 | IndexOutOfBoundsException e) { 3016 Slog.w(LOG_TAG, "failed parsing " + file, e); 3017 } 3018 try { 3019 if (stream != null) { 3020 stream.close(); 3021 } 3022 } catch (IOException e) { 3023 // Ignore 3024 } 3025 3026 // Generate a list of admins from the admin map 3027 policy.mAdminList.addAll(policy.mAdminMap.values()); 3028 3029 // Might need to upgrade the file by rewriting it 3030 if (needsRewrite) { 3031 saveSettingsLocked(userHandle); 3032 } 3033 3034 validatePasswordOwnerLocked(policy); 3035 updateMaximumTimeToLockLocked(userHandle); 3036 updateLockTaskPackagesLocked(policy.mLockTaskPackages, userHandle); 3037 updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle); 3038 if (policy.mStatusBarDisabled) { 3039 setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle); 3040 } 3041 } 3042 3043 private void updateLockTaskPackagesLocked(List<String> packages, int userId) { 3044 long ident = mInjector.binderClearCallingIdentity(); 3045 try { 3046 mInjector.getIActivityManager() 3047 .updateLockTaskPackages(userId, packages.toArray(new String[packages.size()])); 3048 } catch (RemoteException e) { 3049 // Not gonna happen. 3050 } finally { 3051 mInjector.binderRestoreCallingIdentity(ident); 3052 } 3053 } 3054 3055 private void updateLockTaskFeaturesLocked(int flags, int userId) { 3056 long ident = mInjector.binderClearCallingIdentity(); 3057 try { 3058 mInjector.getIActivityManager() 3059 .updateLockTaskFeatures(userId, flags); 3060 } catch (RemoteException e) { 3061 // Not gonna happen. 3062 } finally { 3063 mInjector.binderRestoreCallingIdentity(ident); 3064 } 3065 } 3066 3067 private void updateDeviceOwnerLocked() { 3068 long ident = mInjector.binderClearCallingIdentity(); 3069 try { 3070 // TODO This is to prevent DO from getting "clear data"ed, but it should also check the 3071 // user id and also protect all other DAs too. 3072 final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 3073 if (deviceOwnerComponent != null) { 3074 mInjector.getIActivityManager() 3075 .updateDeviceOwner(deviceOwnerComponent.getPackageName()); 3076 } 3077 } catch (RemoteException e) { 3078 // Not gonna happen. 3079 } finally { 3080 mInjector.binderRestoreCallingIdentity(ident); 3081 } 3082 } 3083 3084 static void validateQualityConstant(int quality) { 3085 switch (quality) { 3086 case DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED: 3087 case DevicePolicyManager.PASSWORD_QUALITY_BIOMETRIC_WEAK: 3088 case DevicePolicyManager.PASSWORD_QUALITY_SOMETHING: 3089 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC: 3090 case DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX: 3091 case DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC: 3092 case DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC: 3093 case DevicePolicyManager.PASSWORD_QUALITY_COMPLEX: 3094 case DevicePolicyManager.PASSWORD_QUALITY_MANAGED: 3095 return; 3096 } 3097 throw new IllegalArgumentException("Invalid quality constant: 0x" 3098 + Integer.toHexString(quality)); 3099 } 3100 3101 void validatePasswordOwnerLocked(DevicePolicyData policy) { 3102 if (policy.mPasswordOwner >= 0) { 3103 boolean haveOwner = false; 3104 for (int i = policy.mAdminList.size() - 1; i >= 0; i--) { 3105 if (policy.mAdminList.get(i).getUid() == policy.mPasswordOwner) { 3106 haveOwner = true; 3107 break; 3108 } 3109 } 3110 if (!haveOwner) { 3111 Slog.w(LOG_TAG, "Previous password owner " + policy.mPasswordOwner 3112 + " no longer active; disabling"); 3113 policy.mPasswordOwner = -1; 3114 } 3115 } 3116 } 3117 3118 @VisibleForTesting 3119 @Override 3120 void systemReady(int phase) { 3121 if (!mHasFeature) { 3122 return; 3123 } 3124 switch (phase) { 3125 case SystemService.PHASE_LOCK_SETTINGS_READY: 3126 onLockSettingsReady(); 3127 break; 3128 case SystemService.PHASE_BOOT_COMPLETED: 3129 ensureDeviceOwnerUserStarted(); // TODO Consider better place to do this. 3130 break; 3131 } 3132 } 3133 3134 private void onLockSettingsReady() { 3135 getUserData(UserHandle.USER_SYSTEM); 3136 loadOwners(); 3137 cleanUpOldUsers(); 3138 maybeSetDefaultProfileOwnerUserRestrictions(); 3139 handleStartUser(UserHandle.USER_SYSTEM); 3140 3141 // Register an observer for watching for user setup complete and settings changes. 3142 mSetupContentObserver.register(); 3143 // Initialize the user setup state, to handle the upgrade case. 3144 updateUserSetupCompleteAndPaired(); 3145 3146 List<String> packageList; 3147 synchronized (this) { 3148 packageList = getKeepUninstalledPackagesLocked(); 3149 } 3150 if (packageList != null) { 3151 mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList); 3152 } 3153 3154 synchronized (this) { 3155 // push the force-ephemeral-users policy to the user manager. 3156 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 3157 if (deviceOwner != null) { 3158 mUserManagerInternal.setForceEphemeralUsers(deviceOwner.forceEphemeralUsers); 3159 } 3160 } 3161 } 3162 3163 private void ensureDeviceOwnerUserStarted() { 3164 final int userId; 3165 synchronized (this) { 3166 if (!mOwners.hasDeviceOwner()) { 3167 return; 3168 } 3169 userId = mOwners.getDeviceOwnerUserId(); 3170 } 3171 if (VERBOSE_LOG) { 3172 Log.v(LOG_TAG, "Starting non-system DO user: " + userId); 3173 } 3174 if (userId != UserHandle.USER_SYSTEM) { 3175 try { 3176 mInjector.getIActivityManager().startUserInBackground(userId); 3177 3178 // STOPSHIP Prevent the DO user from being killed. 3179 3180 } catch (RemoteException e) { 3181 Slog.w(LOG_TAG, "Exception starting user", e); 3182 } 3183 } 3184 } 3185 3186 @Override 3187 void handleStartUser(int userId) { 3188 updateScreenCaptureDisabledInWindowManager(userId, 3189 getScreenCaptureDisabled(null, userId)); 3190 pushUserRestrictions(userId); 3191 3192 startOwnerService(userId, "start-user"); 3193 } 3194 3195 @Override 3196 void handleUnlockUser(int userId) { 3197 startOwnerService(userId, "unlock-user"); 3198 } 3199 3200 @Override 3201 void handleStopUser(int userId) { 3202 stopOwnerService(userId, "stop-user"); 3203 } 3204 3205 private void startOwnerService(int userId, String actionForLog) { 3206 final ComponentName owner = getOwnerComponent(userId); 3207 if (owner != null) { 3208 mDeviceAdminServiceController.startServiceForOwner( 3209 owner.getPackageName(), userId, actionForLog); 3210 } 3211 } 3212 3213 private void stopOwnerService(int userId, String actionForLog) { 3214 mDeviceAdminServiceController.stopServiceForOwner(userId, actionForLog); 3215 } 3216 3217 private void cleanUpOldUsers() { 3218 // This is needed in case the broadcast {@link Intent.ACTION_USER_REMOVED} was not handled 3219 // before reboot 3220 Set<Integer> usersWithProfileOwners; 3221 Set<Integer> usersWithData; 3222 synchronized(this) { 3223 usersWithProfileOwners = mOwners.getProfileOwnerKeys(); 3224 usersWithData = new ArraySet<>(); 3225 for (int i = 0; i < mUserData.size(); i++) { 3226 usersWithData.add(mUserData.keyAt(i)); 3227 } 3228 } 3229 List<UserInfo> allUsers = mUserManager.getUsers(); 3230 3231 Set<Integer> deletedUsers = new ArraySet<>(); 3232 deletedUsers.addAll(usersWithProfileOwners); 3233 deletedUsers.addAll(usersWithData); 3234 for (UserInfo userInfo : allUsers) { 3235 deletedUsers.remove(userInfo.id); 3236 } 3237 for (Integer userId : deletedUsers) { 3238 removeUserData(userId); 3239 } 3240 } 3241 3242 private void handlePasswordExpirationNotification(int userHandle) { 3243 final Bundle adminExtras = new Bundle(); 3244 adminExtras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle)); 3245 3246 synchronized (this) { 3247 final long now = System.currentTimeMillis(); 3248 3249 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 3250 userHandle, /* parent */ false); 3251 final int N = admins.size(); 3252 for (int i = 0; i < N; i++) { 3253 ActiveAdmin admin = admins.get(i); 3254 if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD) 3255 && admin.passwordExpirationTimeout > 0L 3256 && now >= admin.passwordExpirationDate - EXPIRATION_GRACE_PERIOD_MS 3257 && admin.passwordExpirationDate > 0L) { 3258 sendAdminCommandLocked(admin, 3259 DeviceAdminReceiver.ACTION_PASSWORD_EXPIRING, adminExtras, null); 3260 } 3261 } 3262 setExpirationAlarmCheckLocked(mContext, userHandle, /* parent */ false); 3263 } 3264 } 3265 3266 /** 3267 * Clean up internal state when the set of installed trusted CA certificates changes. 3268 * 3269 * @param userHandle user to check for. This must be a real user and not, for example, 3270 * {@link UserHandle#ALL}. 3271 * @param installedCertificates the full set of certificate authorities currently installed for 3272 * {@param userHandle}. After calling this function, {@code mAcceptedCaCertificates} will 3273 * correspond to some subset of this. 3274 */ 3275 protected void onInstalledCertificatesChanged(final UserHandle userHandle, 3276 final @NonNull Collection<String> installedCertificates) { 3277 if (!mHasFeature) { 3278 return; 3279 } 3280 enforceManageUsers(); 3281 3282 synchronized (this) { 3283 final DevicePolicyData policy = getUserData(userHandle.getIdentifier()); 3284 3285 boolean changed = false; 3286 changed |= policy.mAcceptedCaCertificates.retainAll(installedCertificates); 3287 changed |= policy.mOwnerInstalledCaCerts.retainAll(installedCertificates); 3288 if (changed) { 3289 saveSettingsLocked(userHandle.getIdentifier()); 3290 } 3291 } 3292 } 3293 3294 /** 3295 * Internal method used by {@link CertificateMonitor}. 3296 */ 3297 protected Set<String> getAcceptedCaCertificates(final UserHandle userHandle) { 3298 if (!mHasFeature) { 3299 return Collections.<String> emptySet(); 3300 } 3301 synchronized (this) { 3302 final DevicePolicyData policy = getUserData(userHandle.getIdentifier()); 3303 return policy.mAcceptedCaCertificates; 3304 } 3305 } 3306 3307 /** 3308 * @param adminReceiver The admin to add 3309 * @param refreshing true = update an active admin, no error 3310 */ 3311 @Override 3312 public void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle) { 3313 if (!mHasFeature) { 3314 return; 3315 } 3316 setActiveAdmin(adminReceiver, refreshing, userHandle, null); 3317 } 3318 3319 private void setActiveAdmin(ComponentName adminReceiver, boolean refreshing, int userHandle, 3320 Bundle onEnableData) { 3321 mContext.enforceCallingOrSelfPermission( 3322 android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); 3323 enforceFullCrossUsersPermission(userHandle); 3324 3325 DevicePolicyData policy = getUserData(userHandle); 3326 DeviceAdminInfo info = findAdmin(adminReceiver, userHandle, 3327 /* throwForMissingPermission= */ true); 3328 synchronized (this) { 3329 checkActiveAdminPrecondition(adminReceiver, info, policy); 3330 long ident = mInjector.binderClearCallingIdentity(); 3331 try { 3332 final ActiveAdmin existingAdmin 3333 = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3334 if (!refreshing && existingAdmin != null) { 3335 throw new IllegalArgumentException("Admin is already added"); 3336 } 3337 ActiveAdmin newAdmin = new ActiveAdmin(info, /* parent */ false); 3338 newAdmin.testOnlyAdmin = 3339 (existingAdmin != null) ? existingAdmin.testOnlyAdmin 3340 : isPackageTestOnly(adminReceiver.getPackageName(), userHandle); 3341 policy.mAdminMap.put(adminReceiver, newAdmin); 3342 int replaceIndex = -1; 3343 final int N = policy.mAdminList.size(); 3344 for (int i=0; i < N; i++) { 3345 ActiveAdmin oldAdmin = policy.mAdminList.get(i); 3346 if (oldAdmin.info.getComponent().equals(adminReceiver)) { 3347 replaceIndex = i; 3348 break; 3349 } 3350 } 3351 if (replaceIndex == -1) { 3352 policy.mAdminList.add(newAdmin); 3353 enableIfNecessary(info.getPackageName(), userHandle); 3354 } else { 3355 policy.mAdminList.set(replaceIndex, newAdmin); 3356 } 3357 saveSettingsLocked(userHandle); 3358 sendAdminCommandLocked(newAdmin, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 3359 onEnableData, null); 3360 } finally { 3361 mInjector.binderRestoreCallingIdentity(ident); 3362 } 3363 } 3364 } 3365 3366 private void transferActiveAdminUncheckedLocked(ComponentName incomingReceiver, 3367 ComponentName outgoingReceiver, int userHandle) { 3368 final DevicePolicyData policy = getUserData(userHandle); 3369 final DeviceAdminInfo incomingDeviceInfo = findAdmin(incomingReceiver, userHandle, 3370 /* throwForMissingPermission= */ true); 3371 final ActiveAdmin adminToTransfer = policy.mAdminMap.get(outgoingReceiver); 3372 final int oldAdminUid = adminToTransfer.getUid(); 3373 3374 adminToTransfer.transfer(incomingDeviceInfo); 3375 policy.mAdminMap.remove(outgoingReceiver); 3376 policy.mAdminMap.put(incomingReceiver, adminToTransfer); 3377 if (policy.mPasswordOwner == oldAdminUid) { 3378 policy.mPasswordOwner = adminToTransfer.getUid(); 3379 } 3380 3381 saveSettingsLocked(userHandle); 3382 //TODO: Make sure we revert back when we detect a failure. 3383 sendAdminCommandLocked(adminToTransfer, DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 3384 null, null); 3385 } 3386 3387 private void checkActiveAdminPrecondition(ComponentName adminReceiver, DeviceAdminInfo info, 3388 DevicePolicyData policy) { 3389 if (info == null) { 3390 throw new IllegalArgumentException("Bad admin: " + adminReceiver); 3391 } 3392 if (!info.getActivityInfo().applicationInfo.isInternal()) { 3393 throw new IllegalArgumentException("Only apps in internal storage can be active admin: " 3394 + adminReceiver); 3395 } 3396 if (info.getActivityInfo().applicationInfo.isInstantApp()) { 3397 throw new IllegalArgumentException("Instant apps cannot be device admins: " 3398 + adminReceiver); 3399 } 3400 if (policy.mRemovingAdmins.contains(adminReceiver)) { 3401 throw new IllegalArgumentException( 3402 "Trying to set an admin which is being removed"); 3403 } 3404 } 3405 3406 @Override 3407 public boolean isAdminActive(ComponentName adminReceiver, int userHandle) { 3408 if (!mHasFeature) { 3409 return false; 3410 } 3411 enforceFullCrossUsersPermission(userHandle); 3412 synchronized (this) { 3413 return getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null; 3414 } 3415 } 3416 3417 @Override 3418 public boolean isRemovingAdmin(ComponentName adminReceiver, int userHandle) { 3419 if (!mHasFeature) { 3420 return false; 3421 } 3422 enforceFullCrossUsersPermission(userHandle); 3423 synchronized (this) { 3424 DevicePolicyData policyData = getUserData(userHandle); 3425 return policyData.mRemovingAdmins.contains(adminReceiver); 3426 } 3427 } 3428 3429 @Override 3430 public boolean hasGrantedPolicy(ComponentName adminReceiver, int policyId, int userHandle) { 3431 if (!mHasFeature) { 3432 return false; 3433 } 3434 enforceFullCrossUsersPermission(userHandle); 3435 synchronized (this) { 3436 ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3437 if (administrator == null) { 3438 throw new SecurityException("No active admin " + adminReceiver); 3439 } 3440 return administrator.info.usesPolicy(policyId); 3441 } 3442 } 3443 3444 @Override 3445 @SuppressWarnings("unchecked") 3446 public List<ComponentName> getActiveAdmins(int userHandle) { 3447 if (!mHasFeature) { 3448 return Collections.EMPTY_LIST; 3449 } 3450 3451 enforceFullCrossUsersPermission(userHandle); 3452 synchronized (this) { 3453 DevicePolicyData policy = getUserData(userHandle); 3454 final int N = policy.mAdminList.size(); 3455 if (N <= 0) { 3456 return null; 3457 } 3458 ArrayList<ComponentName> res = new ArrayList<ComponentName>(N); 3459 for (int i=0; i<N; i++) { 3460 res.add(policy.mAdminList.get(i).info.getComponent()); 3461 } 3462 return res; 3463 } 3464 } 3465 3466 @Override 3467 public boolean packageHasActiveAdmins(String packageName, int userHandle) { 3468 if (!mHasFeature) { 3469 return false; 3470 } 3471 enforceFullCrossUsersPermission(userHandle); 3472 synchronized (this) { 3473 DevicePolicyData policy = getUserData(userHandle); 3474 final int N = policy.mAdminList.size(); 3475 for (int i=0; i<N; i++) { 3476 if (policy.mAdminList.get(i).info.getPackageName().equals(packageName)) { 3477 return true; 3478 } 3479 } 3480 return false; 3481 } 3482 } 3483 3484 public void forceRemoveActiveAdmin(ComponentName adminReceiver, int userHandle) { 3485 if (!mHasFeature) { 3486 return; 3487 } 3488 Preconditions.checkNotNull(adminReceiver, "ComponentName is null"); 3489 enforceShell("forceRemoveActiveAdmin"); 3490 long ident = mInjector.binderClearCallingIdentity(); 3491 try { 3492 synchronized (this) { 3493 if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) { 3494 throw new SecurityException("Attempt to remove non-test admin " 3495 + adminReceiver + " " + userHandle); 3496 } 3497 3498 // If admin is a device or profile owner tidy that up first. 3499 if (isDeviceOwner(adminReceiver, userHandle)) { 3500 clearDeviceOwnerLocked(getDeviceOwnerAdminLocked(), userHandle); 3501 } 3502 if (isProfileOwner(adminReceiver, userHandle)) { 3503 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, 3504 userHandle, /* parent */ false); 3505 clearProfileOwnerLocked(admin, userHandle); 3506 } 3507 } 3508 // Remove the admin skipping sending the broadcast. 3509 removeAdminArtifacts(adminReceiver, userHandle); 3510 Slog.i(LOG_TAG, "Admin " + adminReceiver + " removed from user " + userHandle); 3511 } finally { 3512 mInjector.binderRestoreCallingIdentity(ident); 3513 } 3514 } 3515 3516 private void clearDeviceOwnerUserRestrictionLocked(UserHandle userHandle) { 3517 // ManagedProvisioning/DPC sets DISALLOW_ADD_USER. Clear to recover to the original state 3518 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_USER, userHandle)) { 3519 mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false, userHandle); 3520 } 3521 } 3522 3523 /** 3524 * Return if a given package has testOnly="true", in which case we'll relax certain rules 3525 * for CTS. 3526 * 3527 * DO NOT use this method except in {@link #setActiveAdmin}. Use {@link #isAdminTestOnlyLocked} 3528 * to check wehter an active admin is test-only or not. 3529 * 3530 * The system allows this flag to be changed when an app is updated, which is not good 3531 * for us. So we persist the flag in {@link ActiveAdmin} when an admin is first installed, 3532 * and used the persisted version in actual checks. (See b/31382361 and b/28928996) 3533 */ 3534 private boolean isPackageTestOnly(String packageName, int userHandle) { 3535 final ApplicationInfo ai; 3536 try { 3537 ai = mIPackageManager.getApplicationInfo(packageName, 3538 (PackageManager.MATCH_DIRECT_BOOT_AWARE 3539 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE), userHandle); 3540 } catch (RemoteException e) { 3541 throw new IllegalStateException(e); 3542 } 3543 if (ai == null) { 3544 throw new IllegalStateException("Couldn't find package: " 3545 + packageName + " on user " + userHandle); 3546 } 3547 return (ai.flags & ApplicationInfo.FLAG_TEST_ONLY) != 0; 3548 } 3549 3550 /** 3551 * See {@link #isPackageTestOnly}. 3552 */ 3553 private boolean isAdminTestOnlyLocked(ComponentName who, int userHandle) { 3554 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 3555 return (admin != null) && admin.testOnlyAdmin; 3556 } 3557 3558 private void enforceShell(String method) { 3559 final int callingUid = Binder.getCallingUid(); 3560 if (callingUid != Process.SHELL_UID && callingUid != Process.ROOT_UID) { 3561 throw new SecurityException("Non-shell user attempted to call " + method); 3562 } 3563 } 3564 3565 @Override 3566 public void removeActiveAdmin(ComponentName adminReceiver, int userHandle) { 3567 if (!mHasFeature) { 3568 return; 3569 } 3570 enforceFullCrossUsersPermission(userHandle); 3571 enforceUserUnlocked(userHandle); 3572 synchronized (this) { 3573 ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 3574 if (admin == null) { 3575 return; 3576 } 3577 // Active device/profile owners must remain active admins. 3578 if (isDeviceOwner(adminReceiver, userHandle) 3579 || isProfileOwner(adminReceiver, userHandle)) { 3580 Slog.e(LOG_TAG, "Device/profile owner cannot be removed: component=" + 3581 adminReceiver); 3582 return; 3583 } 3584 if (admin.getUid() != mInjector.binderGetCallingUid()) { 3585 mContext.enforceCallingOrSelfPermission( 3586 android.Manifest.permission.MANAGE_DEVICE_ADMINS, null); 3587 } 3588 long ident = mInjector.binderClearCallingIdentity(); 3589 try { 3590 removeActiveAdminLocked(adminReceiver, userHandle); 3591 } finally { 3592 mInjector.binderRestoreCallingIdentity(ident); 3593 } 3594 } 3595 } 3596 3597 @Override 3598 public boolean isSeparateProfileChallengeAllowed(int userHandle) { 3599 ComponentName profileOwner = getProfileOwner(userHandle); 3600 // Profile challenge is supported on N or newer release. 3601 return profileOwner != null && 3602 getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M; 3603 } 3604 3605 @Override 3606 public void setPasswordQuality(ComponentName who, int quality, boolean parent) { 3607 if (!mHasFeature) { 3608 return; 3609 } 3610 Preconditions.checkNotNull(who, "ComponentName is null"); 3611 validateQualityConstant(quality); 3612 3613 synchronized (this) { 3614 ActiveAdmin ap = getActiveAdminForCallerLocked( 3615 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3616 if (ap.minimumPasswordMetrics.quality != quality) { 3617 ap.minimumPasswordMetrics.quality = quality; 3618 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 3619 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 3620 } 3621 } 3622 } 3623 3624 /** 3625 * Updates flag in memory that tells us whether the user's password currently satisfies the 3626 * requirements set by all of the user's active admins. This should be called before 3627 * {@link #saveSettingsLocked} whenever the password or the admin policies have changed. 3628 */ 3629 @GuardedBy("DevicePolicyManagerService.this") 3630 private void updatePasswordValidityCheckpointLocked(int userHandle) { 3631 DevicePolicyData policy = getUserData(userHandle); 3632 policy.mPasswordValidAtLastCheckpoint = isActivePasswordSufficientForUserLocked( 3633 policy, policy.mUserHandle, false); 3634 } 3635 3636 @Override 3637 public int getPasswordQuality(ComponentName who, int userHandle, boolean parent) { 3638 if (!mHasFeature) { 3639 return PASSWORD_QUALITY_UNSPECIFIED; 3640 } 3641 enforceFullCrossUsersPermission(userHandle); 3642 synchronized (this) { 3643 int mode = PASSWORD_QUALITY_UNSPECIFIED; 3644 3645 if (who != null) { 3646 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 3647 return admin != null ? admin.minimumPasswordMetrics.quality : mode; 3648 } 3649 3650 // Return the strictest policy across all participating admins. 3651 List<ActiveAdmin> admins = 3652 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 3653 final int N = admins.size(); 3654 for (int i = 0; i < N; i++) { 3655 ActiveAdmin admin = admins.get(i); 3656 if (mode < admin.minimumPasswordMetrics.quality) { 3657 mode = admin.minimumPasswordMetrics.quality; 3658 } 3659 } 3660 return mode; 3661 } 3662 } 3663 3664 private List<ActiveAdmin> getActiveAdminsForLockscreenPoliciesLocked( 3665 int userHandle, boolean parent) { 3666 if (!parent && isSeparateProfileChallengeEnabled(userHandle)) { 3667 // If this user has a separate challenge, only return its restrictions. 3668 return getUserDataUnchecked(userHandle).mAdminList; 3669 } else { 3670 // Return all admins for this user and the profiles that are visible from this 3671 // user that do not use a separate work challenge. 3672 ArrayList<ActiveAdmin> admins = new ArrayList<ActiveAdmin>(); 3673 for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { 3674 DevicePolicyData policy = getUserData(userInfo.id); 3675 if (!userInfo.isManagedProfile()) { 3676 admins.addAll(policy.mAdminList); 3677 } else { 3678 // For managed profiles, we always include the policies set on the parent 3679 // profile. Additionally, we include the ones set on the managed profile 3680 // if no separate challenge is in place. 3681 boolean hasSeparateChallenge = isSeparateProfileChallengeEnabled(userInfo.id); 3682 final int N = policy.mAdminList.size(); 3683 for (int i = 0; i < N; i++) { 3684 ActiveAdmin admin = policy.mAdminList.get(i); 3685 if (admin.hasParentActiveAdmin()) { 3686 admins.add(admin.getParentActiveAdmin()); 3687 } 3688 if (!hasSeparateChallenge) { 3689 admins.add(admin); 3690 } 3691 } 3692 } 3693 } 3694 return admins; 3695 } 3696 } 3697 3698 private boolean isSeparateProfileChallengeEnabled(int userHandle) { 3699 long ident = mInjector.binderClearCallingIdentity(); 3700 try { 3701 return mLockPatternUtils.isSeparateProfileChallengeEnabled(userHandle); 3702 } finally { 3703 mInjector.binderRestoreCallingIdentity(ident); 3704 } 3705 } 3706 3707 @Override 3708 public void setPasswordMinimumLength(ComponentName who, int length, boolean parent) { 3709 if (!mHasFeature) { 3710 return; 3711 } 3712 Preconditions.checkNotNull(who, "ComponentName is null"); 3713 synchronized (this) { 3714 ActiveAdmin ap = getActiveAdminForCallerLocked( 3715 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3716 if (ap.minimumPasswordMetrics.length != length) { 3717 ap.minimumPasswordMetrics.length = length; 3718 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 3719 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 3720 } 3721 } 3722 } 3723 3724 @Override 3725 public int getPasswordMinimumLength(ComponentName who, int userHandle, boolean parent) { 3726 return getStrictestPasswordRequirement(who, userHandle, parent, 3727 admin -> admin.minimumPasswordMetrics.length, PASSWORD_QUALITY_UNSPECIFIED); 3728 } 3729 3730 @Override 3731 public void setPasswordHistoryLength(ComponentName who, int length, boolean parent) { 3732 if (!mHasFeature) { 3733 return; 3734 } 3735 Preconditions.checkNotNull(who, "ComponentName is null"); 3736 synchronized (this) { 3737 ActiveAdmin ap = getActiveAdminForCallerLocked( 3738 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3739 if (ap.passwordHistoryLength != length) { 3740 ap.passwordHistoryLength = length; 3741 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 3742 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 3743 } 3744 } 3745 } 3746 3747 @Override 3748 public int getPasswordHistoryLength(ComponentName who, int userHandle, boolean parent) { 3749 return getStrictestPasswordRequirement(who, userHandle, parent, 3750 admin -> admin.passwordHistoryLength, PASSWORD_QUALITY_UNSPECIFIED); 3751 } 3752 3753 @Override 3754 public void setPasswordExpirationTimeout(ComponentName who, long timeout, boolean parent) { 3755 if (!mHasFeature) { 3756 return; 3757 } 3758 Preconditions.checkNotNull(who, "ComponentName is null"); 3759 Preconditions.checkArgumentNonnegative(timeout, "Timeout must be >= 0 ms"); 3760 final int userHandle = mInjector.userHandleGetCallingUserId(); 3761 synchronized (this) { 3762 ActiveAdmin ap = getActiveAdminForCallerLocked( 3763 who, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD, parent); 3764 // Calling this API automatically bumps the expiration date 3765 final long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L; 3766 ap.passwordExpirationDate = expiration; 3767 ap.passwordExpirationTimeout = timeout; 3768 if (timeout > 0L) { 3769 Slog.w(LOG_TAG, "setPasswordExpiration(): password will expire on " 3770 + DateFormat.getDateTimeInstance(DateFormat.DEFAULT, DateFormat.DEFAULT) 3771 .format(new Date(expiration))); 3772 } 3773 saveSettingsLocked(userHandle); 3774 3775 // in case this is the first one, set the alarm on the appropriate user. 3776 setExpirationAlarmCheckLocked(mContext, userHandle, parent); 3777 } 3778 } 3779 3780 /** 3781 * Return a single admin's expiration cycle time, or the min of all cycle times. 3782 * Returns 0 if not configured. 3783 */ 3784 @Override 3785 public long getPasswordExpirationTimeout(ComponentName who, int userHandle, boolean parent) { 3786 if (!mHasFeature) { 3787 return 0L; 3788 } 3789 enforceFullCrossUsersPermission(userHandle); 3790 synchronized (this) { 3791 long timeout = 0L; 3792 3793 if (who != null) { 3794 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 3795 return admin != null ? admin.passwordExpirationTimeout : timeout; 3796 } 3797 3798 // Return the strictest policy across all participating admins. 3799 List<ActiveAdmin> admins = 3800 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 3801 final int N = admins.size(); 3802 for (int i = 0; i < N; i++) { 3803 ActiveAdmin admin = admins.get(i); 3804 if (timeout == 0L || (admin.passwordExpirationTimeout != 0L 3805 && timeout > admin.passwordExpirationTimeout)) { 3806 timeout = admin.passwordExpirationTimeout; 3807 } 3808 } 3809 return timeout; 3810 } 3811 } 3812 3813 @Override 3814 public boolean addCrossProfileWidgetProvider(ComponentName admin, String packageName) { 3815 final int userId = UserHandle.getCallingUserId(); 3816 List<String> changedProviders = null; 3817 3818 synchronized (this) { 3819 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 3820 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 3821 if (activeAdmin.crossProfileWidgetProviders == null) { 3822 activeAdmin.crossProfileWidgetProviders = new ArrayList<>(); 3823 } 3824 List<String> providers = activeAdmin.crossProfileWidgetProviders; 3825 if (!providers.contains(packageName)) { 3826 providers.add(packageName); 3827 changedProviders = new ArrayList<>(providers); 3828 saveSettingsLocked(userId); 3829 } 3830 } 3831 3832 if (changedProviders != null) { 3833 mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders); 3834 return true; 3835 } 3836 3837 return false; 3838 } 3839 3840 @Override 3841 public boolean removeCrossProfileWidgetProvider(ComponentName admin, String packageName) { 3842 final int userId = UserHandle.getCallingUserId(); 3843 List<String> changedProviders = null; 3844 3845 synchronized (this) { 3846 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 3847 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 3848 if (activeAdmin.crossProfileWidgetProviders == null 3849 || activeAdmin.crossProfileWidgetProviders.isEmpty()) { 3850 return false; 3851 } 3852 List<String> providers = activeAdmin.crossProfileWidgetProviders; 3853 if (providers.remove(packageName)) { 3854 changedProviders = new ArrayList<>(providers); 3855 saveSettingsLocked(userId); 3856 } 3857 } 3858 3859 if (changedProviders != null) { 3860 mLocalService.notifyCrossProfileProvidersChanged(userId, changedProviders); 3861 return true; 3862 } 3863 3864 return false; 3865 } 3866 3867 @Override 3868 public List<String> getCrossProfileWidgetProviders(ComponentName admin) { 3869 synchronized (this) { 3870 ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin, 3871 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 3872 if (activeAdmin.crossProfileWidgetProviders == null 3873 || activeAdmin.crossProfileWidgetProviders.isEmpty()) { 3874 return null; 3875 } 3876 if (mInjector.binderIsCallingUidMyUid()) { 3877 return new ArrayList<>(activeAdmin.crossProfileWidgetProviders); 3878 } else { 3879 return activeAdmin.crossProfileWidgetProviders; 3880 } 3881 } 3882 } 3883 3884 /** 3885 * Return a single admin's expiration date/time, or the min (soonest) for all admins. 3886 * Returns 0 if not configured. 3887 */ 3888 private long getPasswordExpirationLocked(ComponentName who, int userHandle, boolean parent) { 3889 long timeout = 0L; 3890 3891 if (who != null) { 3892 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 3893 return admin != null ? admin.passwordExpirationDate : timeout; 3894 } 3895 3896 // Return the strictest policy across all participating admins. 3897 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 3898 final int N = admins.size(); 3899 for (int i = 0; i < N; i++) { 3900 ActiveAdmin admin = admins.get(i); 3901 if (timeout == 0L || (admin.passwordExpirationDate != 0 3902 && timeout > admin.passwordExpirationDate)) { 3903 timeout = admin.passwordExpirationDate; 3904 } 3905 } 3906 return timeout; 3907 } 3908 3909 @Override 3910 public long getPasswordExpiration(ComponentName who, int userHandle, boolean parent) { 3911 if (!mHasFeature) { 3912 return 0L; 3913 } 3914 enforceFullCrossUsersPermission(userHandle); 3915 synchronized (this) { 3916 return getPasswordExpirationLocked(who, userHandle, parent); 3917 } 3918 } 3919 3920 @Override 3921 public void setPasswordMinimumUpperCase(ComponentName who, int length, boolean parent) { 3922 if (!mHasFeature) { 3923 return; 3924 } 3925 Preconditions.checkNotNull(who, "ComponentName is null"); 3926 synchronized (this) { 3927 ActiveAdmin ap = getActiveAdminForCallerLocked( 3928 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3929 if (ap.minimumPasswordMetrics.upperCase != length) { 3930 ap.minimumPasswordMetrics.upperCase = length; 3931 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 3932 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 3933 } 3934 } 3935 } 3936 3937 @Override 3938 public int getPasswordMinimumUpperCase(ComponentName who, int userHandle, boolean parent) { 3939 return getStrictestPasswordRequirement(who, userHandle, parent, 3940 admin -> admin.minimumPasswordMetrics.upperCase, PASSWORD_QUALITY_COMPLEX); 3941 } 3942 3943 @Override 3944 public void setPasswordMinimumLowerCase(ComponentName who, int length, boolean parent) { 3945 Preconditions.checkNotNull(who, "ComponentName is null"); 3946 synchronized (this) { 3947 ActiveAdmin ap = getActiveAdminForCallerLocked( 3948 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3949 if (ap.minimumPasswordMetrics.lowerCase != length) { 3950 ap.minimumPasswordMetrics.lowerCase = length; 3951 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 3952 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 3953 } 3954 } 3955 } 3956 3957 @Override 3958 public int getPasswordMinimumLowerCase(ComponentName who, int userHandle, boolean parent) { 3959 return getStrictestPasswordRequirement(who, userHandle, parent, 3960 admin -> admin.minimumPasswordMetrics.lowerCase, PASSWORD_QUALITY_COMPLEX); 3961 } 3962 3963 @Override 3964 public void setPasswordMinimumLetters(ComponentName who, int length, boolean parent) { 3965 if (!mHasFeature) { 3966 return; 3967 } 3968 Preconditions.checkNotNull(who, "ComponentName is null"); 3969 synchronized (this) { 3970 ActiveAdmin ap = getActiveAdminForCallerLocked( 3971 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3972 if (ap.minimumPasswordMetrics.letters != length) { 3973 ap.minimumPasswordMetrics.letters = length; 3974 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 3975 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 3976 } 3977 } 3978 } 3979 3980 @Override 3981 public int getPasswordMinimumLetters(ComponentName who, int userHandle, boolean parent) { 3982 return getStrictestPasswordRequirement(who, userHandle, parent, 3983 admin -> admin.minimumPasswordMetrics.letters, PASSWORD_QUALITY_COMPLEX); 3984 } 3985 3986 @Override 3987 public void setPasswordMinimumNumeric(ComponentName who, int length, boolean parent) { 3988 if (!mHasFeature) { 3989 return; 3990 } 3991 Preconditions.checkNotNull(who, "ComponentName is null"); 3992 synchronized (this) { 3993 ActiveAdmin ap = getActiveAdminForCallerLocked( 3994 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 3995 if (ap.minimumPasswordMetrics.numeric != length) { 3996 ap.minimumPasswordMetrics.numeric = length; 3997 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 3998 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 3999 } 4000 } 4001 } 4002 4003 @Override 4004 public int getPasswordMinimumNumeric(ComponentName who, int userHandle, boolean parent) { 4005 return getStrictestPasswordRequirement(who, userHandle, parent, 4006 admin -> admin.minimumPasswordMetrics.numeric, PASSWORD_QUALITY_COMPLEX); 4007 } 4008 4009 @Override 4010 public void setPasswordMinimumSymbols(ComponentName who, int length, boolean parent) { 4011 if (!mHasFeature) { 4012 return; 4013 } 4014 Preconditions.checkNotNull(who, "ComponentName is null"); 4015 synchronized (this) { 4016 ActiveAdmin ap = getActiveAdminForCallerLocked( 4017 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4018 if (ap.minimumPasswordMetrics.symbols != length) { 4019 ap.minimumPasswordMetrics.symbols = length; 4020 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 4021 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 4022 } 4023 } 4024 } 4025 4026 @Override 4027 public int getPasswordMinimumSymbols(ComponentName who, int userHandle, boolean parent) { 4028 return getStrictestPasswordRequirement(who, userHandle, parent, 4029 admin -> admin.minimumPasswordMetrics.symbols, PASSWORD_QUALITY_COMPLEX); 4030 } 4031 4032 @Override 4033 public void setPasswordMinimumNonLetter(ComponentName who, int length, boolean parent) { 4034 if (!mHasFeature) { 4035 return; 4036 } 4037 Preconditions.checkNotNull(who, "ComponentName is null"); 4038 synchronized (this) { 4039 ActiveAdmin ap = getActiveAdminForCallerLocked( 4040 who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4041 if (ap.minimumPasswordMetrics.nonLetter != length) { 4042 ap.minimumPasswordMetrics.nonLetter = length; 4043 updatePasswordValidityCheckpointLocked(mInjector.userHandleGetCallingUserId()); 4044 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 4045 } 4046 } 4047 } 4048 4049 @Override 4050 public int getPasswordMinimumNonLetter(ComponentName who, int userHandle, boolean parent) { 4051 return getStrictestPasswordRequirement(who, userHandle, parent, 4052 admin -> admin.minimumPasswordMetrics.nonLetter, PASSWORD_QUALITY_COMPLEX); 4053 } 4054 4055 /** 4056 * Calculates strictest (maximum) value for a given password property enforced by admin[s]. 4057 */ 4058 private int getStrictestPasswordRequirement(ComponentName who, int userHandle, 4059 boolean parent, Function<ActiveAdmin, Integer> getter, int minimumPasswordQuality) { 4060 if (!mHasFeature) { 4061 return 0; 4062 } 4063 enforceFullCrossUsersPermission(userHandle); 4064 synchronized (this) { 4065 if (who != null) { 4066 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4067 return admin != null ? getter.apply(admin) : 0; 4068 } 4069 4070 int maxValue = 0; 4071 final List<ActiveAdmin> admins = 4072 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4073 final int N = admins.size(); 4074 for (int i = 0; i < N; i++) { 4075 final ActiveAdmin admin = admins.get(i); 4076 if (!isLimitPasswordAllowed(admin, minimumPasswordQuality)) { 4077 continue; 4078 } 4079 final Integer adminValue = getter.apply(admin); 4080 if (adminValue > maxValue) { 4081 maxValue = adminValue; 4082 } 4083 } 4084 return maxValue; 4085 } 4086 } 4087 4088 /* @return the password blacklist set by the admin or {@code null} if none. */ 4089 PasswordBlacklist getAdminPasswordBlacklistLocked(@NonNull ActiveAdmin admin) { 4090 final int userId = UserHandle.getUserId(admin.getUid()); 4091 return admin.passwordBlacklistFile == null ? null : new PasswordBlacklist( 4092 new File(getPolicyFileDirectory(userId), admin.passwordBlacklistFile)); 4093 } 4094 4095 private static final String PASSWORD_BLACKLIST_FILE_PREFIX = "password-blacklist-"; 4096 private static final String PASSWORD_BLACKLIST_FILE_SUFFIX = ""; 4097 4098 @Override 4099 public boolean setPasswordBlacklist(ComponentName who, String name, List<String> blacklist, 4100 boolean parent) { 4101 if (!mHasFeature) { 4102 return false; 4103 } 4104 Preconditions.checkNotNull(who, "who is null"); 4105 4106 synchronized (this) { 4107 final ActiveAdmin admin = getActiveAdminForCallerLocked( 4108 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 4109 final int userId = mInjector.userHandleGetCallingUserId(); 4110 PasswordBlacklist adminBlacklist = getAdminPasswordBlacklistLocked(admin); 4111 4112 if (blacklist == null || blacklist.isEmpty()) { 4113 // Remove the adminBlacklist 4114 admin.passwordBlacklistFile = null; 4115 saveSettingsLocked(userId); 4116 if (adminBlacklist != null) { 4117 adminBlacklist.delete(); 4118 } 4119 return true; 4120 } 4121 4122 // Validate server side 4123 Preconditions.checkNotNull(name, "name is null"); 4124 DevicePolicyManager.enforcePasswordBlacklistSize(blacklist); 4125 4126 // Blacklist is case insensitive so normalize to lower case 4127 final int blacklistSize = blacklist.size(); 4128 for (int i = 0; i < blacklistSize; ++i) { 4129 blacklist.set(i, blacklist.get(i).toLowerCase()); 4130 } 4131 4132 final boolean isNewBlacklist = adminBlacklist == null; 4133 if (isNewBlacklist) { 4134 // Create a new file for the blacklist. There could be multiple admins, each setting 4135 // different blacklists, to restrict a user's credential, for example a managed 4136 // profile can impose restrictions on its parent while the parent is already 4137 // restricted by its own admin. A deterministic naming scheme would be fragile if 4138 // new types of admin are introduced so we generate and save the file name instead. 4139 // This isn't a temporary file but it reuses the name generation logic 4140 final File file; 4141 try { 4142 file = File.createTempFile(PASSWORD_BLACKLIST_FILE_PREFIX, 4143 PASSWORD_BLACKLIST_FILE_SUFFIX, getPolicyFileDirectory(userId)); 4144 } catch (IOException e) { 4145 Slog.e(LOG_TAG, "Failed to make a file for the blacklist", e); 4146 return false; 4147 } 4148 adminBlacklist = mInjector.newPasswordBlacklist(file); 4149 } 4150 4151 if (adminBlacklist.savePasswordBlacklist(name, blacklist)) { 4152 if (isNewBlacklist) { 4153 // The blacklist was saved so point the admin to the file 4154 admin.passwordBlacklistFile = adminBlacklist.getFile().getName(); 4155 saveSettingsLocked(userId); 4156 } 4157 return true; 4158 } 4159 } 4160 4161 return false; 4162 } 4163 4164 @Override 4165 public String getPasswordBlacklistName(ComponentName who, @UserIdInt int userId, 4166 boolean parent) { 4167 if (!mHasFeature) { 4168 return null; 4169 } 4170 Preconditions.checkNotNull(who, "who is null"); 4171 enforceFullCrossUsersPermission(userId); 4172 synchronized (this) { 4173 final ActiveAdmin admin = getActiveAdminForCallerLocked( 4174 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 4175 final PasswordBlacklist blacklist = getAdminPasswordBlacklistLocked(admin); 4176 if (blacklist == null) { 4177 return null; 4178 } 4179 return blacklist.getName(); 4180 } 4181 } 4182 4183 @Override 4184 public boolean isPasswordBlacklisted(@UserIdInt int userId, String password) { 4185 if (!mHasFeature) { 4186 return false; 4187 } 4188 mContext.enforceCallingOrSelfPermission( 4189 android.Manifest.permission.TEST_BLACKLISTED_PASSWORD, null); 4190 return isPasswordBlacklistedInternal(userId, password); 4191 } 4192 4193 private boolean isPasswordBlacklistedInternal(@UserIdInt int userId, String password) { 4194 Preconditions.checkNotNull(password, "Password is null"); 4195 enforceFullCrossUsersPermission(userId); 4196 4197 // Normalize to lower case for case insensitive blacklist match 4198 final String lowerCasePassword = password.toLowerCase(); 4199 4200 synchronized (this) { 4201 final List<ActiveAdmin> admins = 4202 getActiveAdminsForLockscreenPoliciesLocked(userId, /* parent */ false); 4203 final int N = admins.size(); 4204 for (int i = 0; i < N; i++) { 4205 final PasswordBlacklist blacklist 4206 = getAdminPasswordBlacklistLocked(admins.get(i)); 4207 if (blacklist != null) { 4208 if (blacklist.isPasswordBlacklisted(lowerCasePassword)) { 4209 return true; 4210 } 4211 } 4212 } 4213 } 4214 4215 return false; 4216 } 4217 4218 @Override 4219 public boolean isActivePasswordSufficient(int userHandle, boolean parent) { 4220 if (!mHasFeature) { 4221 return true; 4222 } 4223 enforceFullCrossUsersPermission(userHandle); 4224 enforceUserUnlocked(userHandle, parent); 4225 4226 synchronized (this) { 4227 // This API can only be called by an active device admin, 4228 // so try to retrieve it to check that the caller is one. 4229 getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent); 4230 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent)); 4231 return isActivePasswordSufficientForUserLocked(policy, userHandle, parent); 4232 } 4233 } 4234 4235 @Override 4236 public boolean isUsingUnifiedPassword(ComponentName admin) { 4237 if (!mHasFeature) { 4238 return true; 4239 } 4240 final int userId = mInjector.userHandleGetCallingUserId(); 4241 enforceProfileOrDeviceOwner(admin); 4242 enforceManagedProfile(userId, "query unified challenge status"); 4243 return !isSeparateProfileChallengeEnabled(userId); 4244 } 4245 4246 @Override 4247 public boolean isProfileActivePasswordSufficientForParent(int userHandle) { 4248 if (!mHasFeature) { 4249 return true; 4250 } 4251 enforceFullCrossUsersPermission(userHandle); 4252 enforceManagedProfile(userHandle, "call APIs refering to the parent profile"); 4253 4254 synchronized (this) { 4255 final int targetUser = getProfileParentId(userHandle); 4256 enforceUserUnlocked(targetUser, false); 4257 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, false)); 4258 return isActivePasswordSufficientForUserLocked(policy, targetUser, false); 4259 } 4260 } 4261 4262 private boolean isActivePasswordSufficientForUserLocked( 4263 DevicePolicyData policy, int userHandle, boolean parent) { 4264 final int requiredPasswordQuality = getPasswordQuality(null, userHandle, parent); 4265 if (requiredPasswordQuality == PASSWORD_QUALITY_UNSPECIFIED) { 4266 // A special case is when there is no required password quality, then we just return 4267 // true since any password would be sufficient. This is for the scenario when a work 4268 // profile is first created so there is no information about the current password but 4269 // it should be considered sufficient as there is no password requirement either. 4270 // This is useful since it short-circuits the password checkpoint for FDE device below. 4271 return true; 4272 } 4273 4274 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled() 4275 && !policy.mPasswordStateHasBeenSetSinceBoot) { 4276 // Before user enters their password for the first time after a reboot, return the 4277 // value of this flag, which tells us whether the password was valid the last time 4278 // settings were saved. If DPC changes password requirements on boot so that the 4279 // current password no longer meets the requirements, this value will be stale until 4280 // the next time the password is entered. 4281 return policy.mPasswordValidAtLastCheckpoint; 4282 } 4283 4284 if (policy.mActivePasswordMetrics.quality < requiredPasswordQuality) { 4285 return false; 4286 } 4287 if (requiredPasswordQuality >= DevicePolicyManager.PASSWORD_QUALITY_NUMERIC 4288 && policy.mActivePasswordMetrics.length < getPasswordMinimumLength( 4289 null, userHandle, parent)) { 4290 return false; 4291 } 4292 if (requiredPasswordQuality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4293 return true; 4294 } 4295 return policy.mActivePasswordMetrics.upperCase >= getPasswordMinimumUpperCase( 4296 null, userHandle, parent) 4297 && policy.mActivePasswordMetrics.lowerCase >= getPasswordMinimumLowerCase( 4298 null, userHandle, parent) 4299 && policy.mActivePasswordMetrics.letters >= getPasswordMinimumLetters( 4300 null, userHandle, parent) 4301 && policy.mActivePasswordMetrics.numeric >= getPasswordMinimumNumeric( 4302 null, userHandle, parent) 4303 && policy.mActivePasswordMetrics.symbols >= getPasswordMinimumSymbols( 4304 null, userHandle, parent) 4305 && policy.mActivePasswordMetrics.nonLetter >= getPasswordMinimumNonLetter( 4306 null, userHandle, parent); 4307 } 4308 4309 @Override 4310 public int getCurrentFailedPasswordAttempts(int userHandle, boolean parent) { 4311 enforceFullCrossUsersPermission(userHandle); 4312 synchronized (this) { 4313 if (!isCallerWithSystemUid()) { 4314 // This API can only be called by an active device admin, 4315 // so try to retrieve it to check that the caller is one. 4316 getActiveAdminForCallerLocked( 4317 null, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent); 4318 } 4319 4320 DevicePolicyData policy = getUserDataUnchecked(getCredentialOwner(userHandle, parent)); 4321 4322 return policy.mFailedPasswordAttempts; 4323 } 4324 } 4325 4326 @Override 4327 public void setMaximumFailedPasswordsForWipe(ComponentName who, int num, boolean parent) { 4328 if (!mHasFeature) { 4329 return; 4330 } 4331 Preconditions.checkNotNull(who, "ComponentName is null"); 4332 synchronized (this) { 4333 // This API can only be called by an active device admin, 4334 // so try to retrieve it to check that the caller is one. 4335 getActiveAdminForCallerLocked( 4336 who, DeviceAdminInfo.USES_POLICY_WIPE_DATA, parent); 4337 ActiveAdmin ap = getActiveAdminForCallerLocked( 4338 who, DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, parent); 4339 if (ap.maximumFailedPasswordsForWipe != num) { 4340 ap.maximumFailedPasswordsForWipe = num; 4341 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 4342 } 4343 } 4344 } 4345 4346 @Override 4347 public int getMaximumFailedPasswordsForWipe(ComponentName who, int userHandle, boolean parent) { 4348 if (!mHasFeature) { 4349 return 0; 4350 } 4351 enforceFullCrossUsersPermission(userHandle); 4352 synchronized (this) { 4353 ActiveAdmin admin = (who != null) 4354 ? getActiveAdminUncheckedLocked(who, userHandle, parent) 4355 : getAdminWithMinimumFailedPasswordsForWipeLocked(userHandle, parent); 4356 return admin != null ? admin.maximumFailedPasswordsForWipe : 0; 4357 } 4358 } 4359 4360 @Override 4361 public int getProfileWithMinimumFailedPasswordsForWipe(int userHandle, boolean parent) { 4362 if (!mHasFeature) { 4363 return UserHandle.USER_NULL; 4364 } 4365 enforceFullCrossUsersPermission(userHandle); 4366 synchronized (this) { 4367 ActiveAdmin admin = getAdminWithMinimumFailedPasswordsForWipeLocked( 4368 userHandle, parent); 4369 return admin != null ? admin.getUserHandle().getIdentifier() : UserHandle.USER_NULL; 4370 } 4371 } 4372 4373 /** 4374 * Returns the admin with the strictest policy on maximum failed passwords for: 4375 * <ul> 4376 * <li>this user if it has a separate profile challenge, or 4377 * <li>this user and all profiles that don't have their own challenge otherwise. 4378 * </ul> 4379 * <p>If the policy for the primary and any other profile are equal, it returns the admin for 4380 * the primary profile. 4381 * Returns {@code null} if no participating admin has that policy set. 4382 */ 4383 private ActiveAdmin getAdminWithMinimumFailedPasswordsForWipeLocked( 4384 int userHandle, boolean parent) { 4385 int count = 0; 4386 ActiveAdmin strictestAdmin = null; 4387 4388 // Return the strictest policy across all participating admins. 4389 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 4390 final int N = admins.size(); 4391 for (int i = 0; i < N; i++) { 4392 ActiveAdmin admin = admins.get(i); 4393 if (admin.maximumFailedPasswordsForWipe == 4394 ActiveAdmin.DEF_MAXIMUM_FAILED_PASSWORDS_FOR_WIPE) { 4395 continue; // No max number of failed passwords policy set for this profile. 4396 } 4397 4398 // We always favor the primary profile if several profiles have the same value set. 4399 int userId = admin.getUserHandle().getIdentifier(); 4400 if (count == 0 || 4401 count > admin.maximumFailedPasswordsForWipe || 4402 (count == admin.maximumFailedPasswordsForWipe && 4403 getUserInfo(userId).isPrimary())) { 4404 count = admin.maximumFailedPasswordsForWipe; 4405 strictestAdmin = admin; 4406 } 4407 } 4408 return strictestAdmin; 4409 } 4410 4411 private UserInfo getUserInfo(@UserIdInt int userId) { 4412 final long token = mInjector.binderClearCallingIdentity(); 4413 try { 4414 return mUserManager.getUserInfo(userId); 4415 } finally { 4416 mInjector.binderRestoreCallingIdentity(token); 4417 } 4418 } 4419 4420 @Override 4421 public boolean resetPassword(String passwordOrNull, int flags) throws RemoteException { 4422 final int callingUid = mInjector.binderGetCallingUid(); 4423 final int userHandle = mInjector.userHandleGetCallingUserId(); 4424 4425 String password = passwordOrNull != null ? passwordOrNull : ""; 4426 4427 // Password resetting to empty/null is not allowed for managed profiles. 4428 if (TextUtils.isEmpty(password)) { 4429 enforceNotManagedProfile(userHandle, "clear the active password"); 4430 } 4431 4432 synchronized (this) { 4433 // If caller has PO (or DO) it can change the password, so see if that's the case first. 4434 ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked( 4435 null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid); 4436 final boolean preN; 4437 if (admin != null) { 4438 final int targetSdk = getTargetSdk(admin.info.getPackageName(), userHandle); 4439 if (targetSdk >= Build.VERSION_CODES.O) { 4440 throw new SecurityException("resetPassword() is deprecated for DPC targeting O" 4441 + " or later"); 4442 } 4443 preN = targetSdk <= android.os.Build.VERSION_CODES.M; 4444 } else { 4445 // Otherwise, make sure the caller has any active admin with the right policy. 4446 admin = getActiveAdminForCallerLocked(null, 4447 DeviceAdminInfo.USES_POLICY_RESET_PASSWORD); 4448 preN = getTargetSdk(admin.info.getPackageName(), 4449 userHandle) <= android.os.Build.VERSION_CODES.M; 4450 4451 // As of N, password resetting to empty/null is not allowed anymore. 4452 // TODO Should we allow DO/PO to set an empty password? 4453 if (TextUtils.isEmpty(password)) { 4454 if (!preN) { 4455 throw new SecurityException("Cannot call with null password"); 4456 } else { 4457 Slog.e(LOG_TAG, "Cannot call with null password"); 4458 return false; 4459 } 4460 } 4461 // As of N, password cannot be changed by the admin if it is already set. 4462 if (isLockScreenSecureUnchecked(userHandle)) { 4463 if (!preN) { 4464 throw new SecurityException("Admin cannot change current password"); 4465 } else { 4466 Slog.e(LOG_TAG, "Admin cannot change current password"); 4467 return false; 4468 } 4469 } 4470 } 4471 // Do not allow to reset password when current user has a managed profile 4472 if (!isManagedProfile(userHandle)) { 4473 for (UserInfo userInfo : mUserManager.getProfiles(userHandle)) { 4474 if (userInfo.isManagedProfile()) { 4475 if (!preN) { 4476 throw new IllegalStateException( 4477 "Cannot reset password on user has managed profile"); 4478 } else { 4479 Slog.e(LOG_TAG, "Cannot reset password on user has managed profile"); 4480 return false; 4481 } 4482 } 4483 } 4484 } 4485 // Do not allow to reset password when user is locked 4486 if (!mUserManager.isUserUnlocked(userHandle)) { 4487 if (!preN) { 4488 throw new IllegalStateException("Cannot reset password when user is locked"); 4489 } else { 4490 Slog.e(LOG_TAG, "Cannot reset password when user is locked"); 4491 return false; 4492 } 4493 } 4494 } 4495 4496 return resetPasswordInternal(password, 0, null, flags, callingUid, userHandle); 4497 } 4498 4499 private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token, 4500 int flags, int callingUid, int userHandle) { 4501 int quality; 4502 synchronized (this) { 4503 quality = getPasswordQuality(null, userHandle, /* parent */ false); 4504 if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) { 4505 quality = PASSWORD_QUALITY_UNSPECIFIED; 4506 } 4507 final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password); 4508 if (quality != PASSWORD_QUALITY_UNSPECIFIED) { 4509 final int realQuality = metrics.quality; 4510 if (realQuality < quality 4511 && quality != DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4512 Slog.w(LOG_TAG, "resetPassword: password quality 0x" 4513 + Integer.toHexString(realQuality) 4514 + " does not meet required quality 0x" 4515 + Integer.toHexString(quality)); 4516 return false; 4517 } 4518 quality = Math.max(realQuality, quality); 4519 } 4520 int length = getPasswordMinimumLength(null, userHandle, /* parent */ false); 4521 if (password.length() < length) { 4522 Slog.w(LOG_TAG, "resetPassword: password length " + password.length() 4523 + " does not meet required length " + length); 4524 return false; 4525 } 4526 if (quality == DevicePolicyManager.PASSWORD_QUALITY_COMPLEX) { 4527 int neededLetters = getPasswordMinimumLetters(null, userHandle, /* parent */ false); 4528 if(metrics.letters < neededLetters) { 4529 Slog.w(LOG_TAG, "resetPassword: number of letters " + metrics.letters 4530 + " does not meet required number of letters " + neededLetters); 4531 return false; 4532 } 4533 int neededNumeric = getPasswordMinimumNumeric(null, userHandle, /* parent */ false); 4534 if (metrics.numeric < neededNumeric) { 4535 Slog.w(LOG_TAG, "resetPassword: number of numerical digits " + metrics.numeric 4536 + " does not meet required number of numerical digits " 4537 + neededNumeric); 4538 return false; 4539 } 4540 int neededLowerCase = getPasswordMinimumLowerCase( 4541 null, userHandle, /* parent */ false); 4542 if (metrics.lowerCase < neededLowerCase) { 4543 Slog.w(LOG_TAG, "resetPassword: number of lowercase letters " 4544 + metrics.lowerCase 4545 + " does not meet required number of lowercase letters " 4546 + neededLowerCase); 4547 return false; 4548 } 4549 int neededUpperCase = getPasswordMinimumUpperCase( 4550 null, userHandle, /* parent */ false); 4551 if (metrics.upperCase < neededUpperCase) { 4552 Slog.w(LOG_TAG, "resetPassword: number of uppercase letters " 4553 + metrics.upperCase 4554 + " does not meet required number of uppercase letters " 4555 + neededUpperCase); 4556 return false; 4557 } 4558 int neededSymbols = getPasswordMinimumSymbols(null, userHandle, /* parent */ false); 4559 if (metrics.symbols < neededSymbols) { 4560 Slog.w(LOG_TAG, "resetPassword: number of special symbols " + metrics.symbols 4561 + " does not meet required number of special symbols " + neededSymbols); 4562 return false; 4563 } 4564 int neededNonLetter = getPasswordMinimumNonLetter( 4565 null, userHandle, /* parent */ false); 4566 if (metrics.nonLetter < neededNonLetter) { 4567 Slog.w(LOG_TAG, "resetPassword: number of non-letter characters " 4568 + metrics.nonLetter 4569 + " does not meet required number of non-letter characters " 4570 + neededNonLetter); 4571 return false; 4572 } 4573 } 4574 4575 if (isPasswordBlacklistedInternal(userHandle, password)) { 4576 Slog.w(LOG_TAG, "resetPassword: the password is blacklisted"); 4577 return false; 4578 } 4579 } 4580 4581 DevicePolicyData policy = getUserData(userHandle); 4582 if (policy.mPasswordOwner >= 0 && policy.mPasswordOwner != callingUid) { 4583 Slog.w(LOG_TAG, "resetPassword: already set by another uid and not entered by user"); 4584 return false; 4585 } 4586 4587 boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwner(callingUid); 4588 boolean doNotAskCredentialsOnBoot = 4589 (flags & DevicePolicyManager.RESET_PASSWORD_DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0; 4590 if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) { 4591 setDoNotAskCredentialsOnBoot(); 4592 } 4593 4594 // Don't do this with the lock held, because it is going to call 4595 // back in to the service. 4596 final long ident = mInjector.binderClearCallingIdentity(); 4597 final boolean result; 4598 try { 4599 if (token == null) { 4600 if (!TextUtils.isEmpty(password)) { 4601 mLockPatternUtils.saveLockPassword(password, null, quality, userHandle); 4602 } else { 4603 mLockPatternUtils.clearLock(null, userHandle); 4604 } 4605 result = true; 4606 } else { 4607 result = mLockPatternUtils.setLockCredentialWithToken(password, 4608 TextUtils.isEmpty(password) ? LockPatternUtils.CREDENTIAL_TYPE_NONE 4609 : LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, 4610 quality, tokenHandle, token, userHandle); 4611 } 4612 boolean requireEntry = (flags & DevicePolicyManager.RESET_PASSWORD_REQUIRE_ENTRY) != 0; 4613 if (requireEntry) { 4614 mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, 4615 UserHandle.USER_ALL); 4616 } 4617 synchronized (this) { 4618 int newOwner = requireEntry ? callingUid : -1; 4619 if (policy.mPasswordOwner != newOwner) { 4620 policy.mPasswordOwner = newOwner; 4621 saveSettingsLocked(userHandle); 4622 } 4623 } 4624 } finally { 4625 mInjector.binderRestoreCallingIdentity(ident); 4626 } 4627 return result; 4628 } 4629 4630 private boolean isLockScreenSecureUnchecked(int userId) { 4631 long ident = mInjector.binderClearCallingIdentity(); 4632 try { 4633 return mLockPatternUtils.isSecure(userId); 4634 } finally { 4635 mInjector.binderRestoreCallingIdentity(ident); 4636 } 4637 } 4638 4639 private void setDoNotAskCredentialsOnBoot() { 4640 synchronized (this) { 4641 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 4642 if (!policyData.doNotAskCredentialsOnBoot) { 4643 policyData.doNotAskCredentialsOnBoot = true; 4644 saveSettingsLocked(UserHandle.USER_SYSTEM); 4645 } 4646 } 4647 } 4648 4649 @Override 4650 public boolean getDoNotAskCredentialsOnBoot() { 4651 mContext.enforceCallingOrSelfPermission( 4652 android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null); 4653 synchronized (this) { 4654 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 4655 return policyData.doNotAskCredentialsOnBoot; 4656 } 4657 } 4658 4659 @Override 4660 public void setMaximumTimeToLock(ComponentName who, long timeMs, boolean parent) { 4661 if (!mHasFeature) { 4662 return; 4663 } 4664 Preconditions.checkNotNull(who, "ComponentName is null"); 4665 final int userHandle = mInjector.userHandleGetCallingUserId(); 4666 synchronized (this) { 4667 ActiveAdmin ap = getActiveAdminForCallerLocked( 4668 who, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent); 4669 if (ap.maximumTimeToUnlock != timeMs) { 4670 ap.maximumTimeToUnlock = timeMs; 4671 saveSettingsLocked(userHandle); 4672 updateMaximumTimeToLockLocked(userHandle); 4673 } 4674 } 4675 } 4676 4677 private void updateMaximumTimeToLockLocked(@UserIdInt int userId) { 4678 // Update the profile's timeout 4679 if (isManagedProfile(userId)) { 4680 updateProfileLockTimeoutLocked(userId); 4681 } 4682 4683 final long timeMs; 4684 final long ident = mInjector.binderClearCallingIdentity(); 4685 try { 4686 // Update the device timeout 4687 final int parentId = getProfileParentId(userId); 4688 timeMs = getMaximumTimeToLockPolicyFromAdmins( 4689 getActiveAdminsForLockscreenPoliciesLocked(parentId, false)); 4690 4691 final DevicePolicyData policy = getUserDataUnchecked(parentId); 4692 if (policy.mLastMaximumTimeToLock == timeMs) { 4693 return; 4694 } 4695 policy.mLastMaximumTimeToLock = timeMs; 4696 4697 if (policy.mLastMaximumTimeToLock != Long.MAX_VALUE) { 4698 // Make sure KEEP_SCREEN_ON is disabled, since that 4699 // would allow bypassing of the maximum time to lock. 4700 mInjector.settingsGlobalPutInt(Settings.Global.STAY_ON_WHILE_PLUGGED_IN, 0); 4701 } 4702 } finally { 4703 mInjector.binderRestoreCallingIdentity(ident); 4704 } 4705 4706 mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin( 4707 UserHandle.USER_SYSTEM, timeMs); 4708 } 4709 4710 private void updateProfileLockTimeoutLocked(@UserIdInt int userId) { 4711 final long timeMs; 4712 if (isSeparateProfileChallengeEnabled(userId)) { 4713 timeMs = getMaximumTimeToLockPolicyFromAdmins( 4714 getActiveAdminsForLockscreenPoliciesLocked(userId, false /* parent */)); 4715 } else { 4716 timeMs = Long.MAX_VALUE; 4717 } 4718 4719 final DevicePolicyData policy = getUserDataUnchecked(userId); 4720 if (policy.mLastMaximumTimeToLock == timeMs) { 4721 return; 4722 } 4723 policy.mLastMaximumTimeToLock = timeMs; 4724 4725 mInjector.getPowerManagerInternal().setMaximumScreenOffTimeoutFromDeviceAdmin( 4726 userId, policy.mLastMaximumTimeToLock); 4727 } 4728 4729 @Override 4730 public long getMaximumTimeToLock(ComponentName who, int userHandle, boolean parent) { 4731 if (!mHasFeature) { 4732 return 0; 4733 } 4734 enforceFullCrossUsersPermission(userHandle); 4735 synchronized (this) { 4736 if (who != null) { 4737 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 4738 return admin != null ? admin.maximumTimeToUnlock : 0; 4739 } 4740 // Return the strictest policy across all participating admins. 4741 final List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 4742 userHandle, parent); 4743 final long timeMs = getMaximumTimeToLockPolicyFromAdmins(admins); 4744 return timeMs == Long.MAX_VALUE ? 0 : timeMs; 4745 } 4746 } 4747 4748 private long getMaximumTimeToLockPolicyFromAdmins(List<ActiveAdmin> admins) { 4749 long time = Long.MAX_VALUE; 4750 for (final ActiveAdmin admin : admins) { 4751 if (admin.maximumTimeToUnlock > 0 && admin.maximumTimeToUnlock < time) { 4752 time = admin.maximumTimeToUnlock; 4753 } 4754 } 4755 return time; 4756 } 4757 4758 @Override 4759 public void setRequiredStrongAuthTimeout(ComponentName who, long timeoutMs, 4760 boolean parent) { 4761 if (!mHasFeature) { 4762 return; 4763 } 4764 Preconditions.checkNotNull(who, "ComponentName is null"); 4765 Preconditions.checkArgument(timeoutMs >= 0, "Timeout must not be a negative number."); 4766 // timeoutMs with value 0 means that the admin doesn't participate 4767 // timeoutMs is clamped to the interval in case the internal constants change in the future 4768 final long minimumStrongAuthTimeout = getMinimumStrongAuthTimeoutMs(); 4769 if (timeoutMs != 0 && timeoutMs < minimumStrongAuthTimeout) { 4770 timeoutMs = minimumStrongAuthTimeout; 4771 } 4772 if (timeoutMs > DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS) { 4773 timeoutMs = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 4774 } 4775 4776 final int userHandle = mInjector.userHandleGetCallingUserId(); 4777 synchronized (this) { 4778 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 4779 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); 4780 if (ap.strongAuthUnlockTimeout != timeoutMs) { 4781 ap.strongAuthUnlockTimeout = timeoutMs; 4782 saveSettingsLocked(userHandle); 4783 } 4784 } 4785 } 4786 4787 /** 4788 * Return a single admin's strong auth unlock timeout or minimum value (strictest) of all 4789 * admins if who is null. 4790 * Returns 0 if not configured for the provided admin. 4791 */ 4792 @Override 4793 public long getRequiredStrongAuthTimeout(ComponentName who, int userId, boolean parent) { 4794 if (!mHasFeature) { 4795 return DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 4796 } 4797 enforceFullCrossUsersPermission(userId); 4798 synchronized (this) { 4799 if (who != null) { 4800 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId, parent); 4801 return admin != null ? admin.strongAuthUnlockTimeout : 0; 4802 } 4803 4804 // Return the strictest policy across all participating admins. 4805 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(userId, parent); 4806 4807 long strongAuthUnlockTimeout = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS; 4808 for (int i = 0; i < admins.size(); i++) { 4809 final long timeout = admins.get(i).strongAuthUnlockTimeout; 4810 if (timeout != 0) { // take only participating admins into account 4811 strongAuthUnlockTimeout = Math.min(timeout, strongAuthUnlockTimeout); 4812 } 4813 } 4814 return Math.max(strongAuthUnlockTimeout, getMinimumStrongAuthTimeoutMs()); 4815 } 4816 } 4817 4818 private long getMinimumStrongAuthTimeoutMs() { 4819 if (!mInjector.isBuildDebuggable()) { 4820 return MINIMUM_STRONG_AUTH_TIMEOUT_MS; 4821 } 4822 // ideally the property was named persist.sys.min_strong_auth_timeout, but system property 4823 // name cannot be longer than 31 characters 4824 return Math.min(mInjector.systemPropertiesGetLong("persist.sys.min_str_auth_timeo", 4825 MINIMUM_STRONG_AUTH_TIMEOUT_MS), 4826 MINIMUM_STRONG_AUTH_TIMEOUT_MS); 4827 } 4828 4829 @Override 4830 public void lockNow(int flags, boolean parent) { 4831 if (!mHasFeature) { 4832 return; 4833 } 4834 4835 final int callingUserId = mInjector.userHandleGetCallingUserId(); 4836 synchronized (this) { 4837 // This API can only be called by an active device admin, 4838 // so try to retrieve it to check that the caller is one. 4839 final ActiveAdmin admin = getActiveAdminForCallerLocked( 4840 null, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent); 4841 4842 final long ident = mInjector.binderClearCallingIdentity(); 4843 try { 4844 // Evict key 4845 if ((flags & DevicePolicyManager.FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY) != 0) { 4846 enforceManagedProfile( 4847 callingUserId, "set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY"); 4848 if (!isProfileOwner(admin.info.getComponent(), callingUserId)) { 4849 throw new SecurityException("Only profile owner admins can set " 4850 + "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY"); 4851 } 4852 if (parent) { 4853 throw new IllegalArgumentException( 4854 "Cannot set FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY for the parent"); 4855 } 4856 if (!mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 4857 throw new UnsupportedOperationException( 4858 "FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY only applies to FBE devices"); 4859 } 4860 mUserManager.evictCredentialEncryptionKey(callingUserId); 4861 } 4862 4863 // Lock all users unless this is a managed profile with a separate challenge 4864 final int userToLock = (parent || !isSeparateProfileChallengeEnabled(callingUserId) 4865 ? UserHandle.USER_ALL : callingUserId); 4866 mLockPatternUtils.requireStrongAuth( 4867 STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW, userToLock); 4868 4869 // Require authentication for the device or profile 4870 if (userToLock == UserHandle.USER_ALL) { 4871 // Power off the display 4872 mInjector.powerManagerGoToSleep(SystemClock.uptimeMillis(), 4873 PowerManager.GO_TO_SLEEP_REASON_DEVICE_ADMIN, 0); 4874 mInjector.getIWindowManager().lockNow(null); 4875 } else { 4876 mInjector.getTrustManager().setDeviceLockedForUser(userToLock, true); 4877 } 4878 } catch (RemoteException e) { 4879 } finally { 4880 mInjector.binderRestoreCallingIdentity(ident); 4881 } 4882 } 4883 } 4884 4885 @Override 4886 public void enforceCanManageCaCerts(ComponentName who, String callerPackage) { 4887 if (who == null) { 4888 if (!isCallerDelegate(callerPackage, DELEGATION_CERT_INSTALL)) { 4889 mContext.enforceCallingOrSelfPermission(MANAGE_CA_CERTIFICATES, null); 4890 } 4891 } else { 4892 enforceProfileOrDeviceOwner(who); 4893 } 4894 } 4895 4896 private void enforceProfileOrDeviceOwner(ComponentName who) { 4897 synchronized (this) { 4898 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 4899 } 4900 } 4901 4902 @Override 4903 public boolean approveCaCert(String alias, int userId, boolean approval) { 4904 enforceManageUsers(); 4905 synchronized (this) { 4906 Set<String> certs = getUserData(userId).mAcceptedCaCertificates; 4907 boolean changed = (approval ? certs.add(alias) : certs.remove(alias)); 4908 if (!changed) { 4909 return false; 4910 } 4911 saveSettingsLocked(userId); 4912 } 4913 mCertificateMonitor.onCertificateApprovalsChanged(userId); 4914 return true; 4915 } 4916 4917 @Override 4918 public boolean isCaCertApproved(String alias, int userId) { 4919 enforceManageUsers(); 4920 synchronized (this) { 4921 return getUserData(userId).mAcceptedCaCertificates.contains(alias); 4922 } 4923 } 4924 4925 private void removeCaApprovalsIfNeeded(int userId) { 4926 for (UserInfo userInfo : mUserManager.getProfiles(userId)) { 4927 boolean isSecure = mLockPatternUtils.isSecure(userInfo.id); 4928 if (userInfo.isManagedProfile()){ 4929 isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id)); 4930 } 4931 if (!isSecure) { 4932 synchronized (this) { 4933 getUserData(userInfo.id).mAcceptedCaCertificates.clear(); 4934 saveSettingsLocked(userInfo.id); 4935 } 4936 mCertificateMonitor.onCertificateApprovalsChanged(userId); 4937 } 4938 } 4939 } 4940 4941 @Override 4942 public boolean installCaCert(ComponentName admin, String callerPackage, byte[] certBuffer) 4943 throws RemoteException { 4944 if (!mHasFeature) { 4945 return false; 4946 } 4947 enforceCanManageCaCerts(admin, callerPackage); 4948 4949 final String alias; 4950 4951 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 4952 final long id = mInjector.binderClearCallingIdentity(); 4953 try { 4954 alias = mCertificateMonitor.installCaCert(userHandle, certBuffer); 4955 if (alias == null) { 4956 Log.w(LOG_TAG, "Problem installing cert"); 4957 return false; 4958 } 4959 } finally { 4960 mInjector.binderRestoreCallingIdentity(id); 4961 } 4962 4963 synchronized (this) { 4964 getUserData(userHandle.getIdentifier()).mOwnerInstalledCaCerts.add(alias); 4965 saveSettingsLocked(userHandle.getIdentifier()); 4966 } 4967 return true; 4968 } 4969 4970 @Override 4971 public void uninstallCaCerts(ComponentName admin, String callerPackage, String[] aliases) { 4972 if (!mHasFeature) { 4973 return; 4974 } 4975 enforceCanManageCaCerts(admin, callerPackage); 4976 4977 final int userId = mInjector.userHandleGetCallingUserId(); 4978 final long id = mInjector.binderClearCallingIdentity(); 4979 try { 4980 mCertificateMonitor.uninstallCaCerts(UserHandle.of(userId), aliases); 4981 } finally { 4982 mInjector.binderRestoreCallingIdentity(id); 4983 } 4984 4985 synchronized (this) { 4986 if (getUserData(userId).mOwnerInstalledCaCerts.removeAll(Arrays.asList(aliases))) { 4987 saveSettingsLocked(userId); 4988 } 4989 } 4990 } 4991 4992 @Override 4993 public boolean installKeyPair(ComponentName who, String callerPackage, byte[] privKey, 4994 byte[] cert, byte[] chain, String alias, boolean requestAccess, 4995 boolean isUserSelectable) { 4996 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 4997 DELEGATION_CERT_INSTALL); 4998 4999 5000 final int callingUid = mInjector.binderGetCallingUid(); 5001 final long id = mInjector.binderClearCallingIdentity(); 5002 try { 5003 final KeyChainConnection keyChainConnection = 5004 KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid)); 5005 try { 5006 IKeyChainService keyChain = keyChainConnection.getService(); 5007 if (!keyChain.installKeyPair(privKey, cert, chain, alias)) { 5008 return false; 5009 } 5010 if (requestAccess) { 5011 keyChain.setGrant(callingUid, alias, true); 5012 } 5013 keyChain.setUserSelectable(alias, isUserSelectable); 5014 return true; 5015 } catch (RemoteException e) { 5016 Log.e(LOG_TAG, "Installing certificate", e); 5017 } finally { 5018 keyChainConnection.close(); 5019 } 5020 } catch (InterruptedException e) { 5021 Log.w(LOG_TAG, "Interrupted while installing certificate", e); 5022 Thread.currentThread().interrupt(); 5023 } finally { 5024 mInjector.binderRestoreCallingIdentity(id); 5025 } 5026 return false; 5027 } 5028 5029 @Override 5030 public boolean removeKeyPair(ComponentName who, String callerPackage, String alias) { 5031 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5032 DELEGATION_CERT_INSTALL); 5033 5034 final UserHandle userHandle = new UserHandle(UserHandle.getCallingUserId()); 5035 final long id = Binder.clearCallingIdentity(); 5036 try { 5037 final KeyChainConnection keyChainConnection = KeyChain.bindAsUser(mContext, userHandle); 5038 try { 5039 IKeyChainService keyChain = keyChainConnection.getService(); 5040 return keyChain.removeKeyPair(alias); 5041 } catch (RemoteException e) { 5042 Log.e(LOG_TAG, "Removing keypair", e); 5043 } finally { 5044 keyChainConnection.close(); 5045 } 5046 } catch (InterruptedException e) { 5047 Log.w(LOG_TAG, "Interrupted while removing keypair", e); 5048 Thread.currentThread().interrupt(); 5049 } finally { 5050 Binder.restoreCallingIdentity(id); 5051 } 5052 return false; 5053 } 5054 5055 @Override 5056 public boolean generateKeyPair(ComponentName who, String callerPackage, String algorithm, 5057 ParcelableKeyGenParameterSpec parcelableKeySpec, 5058 KeymasterCertificateChain attestationChain) { 5059 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5060 DELEGATION_CERT_INSTALL); 5061 final KeyGenParameterSpec keySpec = parcelableKeySpec.getSpec(); 5062 if (TextUtils.isEmpty(keySpec.getKeystoreAlias())) { 5063 throw new IllegalArgumentException("Empty alias provided."); 5064 } 5065 final String alias = keySpec.getKeystoreAlias(); 5066 // As the caller will be granted access to the key, ensure no UID was specified, as 5067 // it will not have the desired effect. 5068 if (keySpec.getUid() != KeyStore.UID_SELF) { 5069 Log.e(LOG_TAG, "Only the caller can be granted access to the generated keypair."); 5070 return false; 5071 } 5072 5073 final int callingUid = mInjector.binderGetCallingUid(); 5074 5075 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 5076 final long id = mInjector.binderClearCallingIdentity(); 5077 try { 5078 try (KeyChainConnection keyChainConnection = 5079 KeyChain.bindAsUser(mContext, userHandle)) { 5080 IKeyChainService keyChain = keyChainConnection.getService(); 5081 5082 // Copy the provided keySpec, excluding the attestation challenge, which will be 5083 // used later for requesting key attestation record. 5084 final KeyGenParameterSpec noAttestationSpec = 5085 new KeyGenParameterSpec.Builder(keySpec) 5086 .setAttestationChallenge(null) 5087 .build(); 5088 5089 final boolean generationResult = keyChain.generateKeyPair(algorithm, 5090 new ParcelableKeyGenParameterSpec(noAttestationSpec)); 5091 if (!generationResult) { 5092 Log.e(LOG_TAG, "KeyChain failed to generate a keypair."); 5093 return false; 5094 } 5095 5096 // Set a grant for the caller here so that when the client calls 5097 // requestPrivateKey, it will be able to get the key from Keystore. 5098 // Note the use of the calling UID, since the request for the private 5099 // key will come from the client's process, so the grant has to be for 5100 // that UID. 5101 keyChain.setGrant(callingUid, alias, true); 5102 5103 final byte[] attestationChallenge = keySpec.getAttestationChallenge(); 5104 if (attestationChallenge != null) { 5105 final boolean attestationResult = keyChain.attestKey( 5106 alias, attestationChallenge, attestationChain); 5107 if (!attestationResult) { 5108 Log.e(LOG_TAG, String.format( 5109 "Attestation for %s failed, deleting key.", alias)); 5110 keyChain.removeKeyPair(alias); 5111 return false; 5112 } 5113 } 5114 return true; 5115 } 5116 } catch (RemoteException e) { 5117 Log.e(LOG_TAG, "KeyChain error while generating a keypair", e); 5118 } catch (InterruptedException e) { 5119 Log.w(LOG_TAG, "Interrupted while generating keypair", e); 5120 Thread.currentThread().interrupt(); 5121 } finally { 5122 mInjector.binderRestoreCallingIdentity(id); 5123 } 5124 return false; 5125 } 5126 5127 @Override 5128 public boolean setKeyPairCertificate(ComponentName who, String callerPackage, String alias, 5129 byte[] cert, byte[] chain, boolean isUserSelectable) { 5130 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 5131 DELEGATION_CERT_INSTALL); 5132 5133 final int callingUid = mInjector.binderGetCallingUid(); 5134 final long id = mInjector.binderClearCallingIdentity(); 5135 try (final KeyChainConnection keyChainConnection = 5136 KeyChain.bindAsUser(mContext, UserHandle.getUserHandleForUid(callingUid))) { 5137 IKeyChainService keyChain = keyChainConnection.getService(); 5138 if (!keyChain.setKeyPairCertificate(alias, cert, chain)) { 5139 return false; 5140 } 5141 keyChain.setUserSelectable(alias, isUserSelectable); 5142 return true; 5143 } catch (InterruptedException e) { 5144 Log.w(LOG_TAG, "Interrupted while setting keypair certificate", e); 5145 Thread.currentThread().interrupt(); 5146 } catch (RemoteException e) { 5147 Log.e(LOG_TAG, "Failed setting keypair certificate", e); 5148 } finally { 5149 mInjector.binderRestoreCallingIdentity(id); 5150 } 5151 return false; 5152 } 5153 5154 @Override 5155 public void choosePrivateKeyAlias(final int uid, final Uri uri, final String alias, 5156 final IBinder response) { 5157 // Caller UID needs to be trusted, so we restrict this method to SYSTEM_UID callers. 5158 if (!isCallerWithSystemUid()) { 5159 return; 5160 } 5161 5162 final UserHandle caller = mInjector.binderGetCallingUserHandle(); 5163 // If there is a profile owner, redirect to that; otherwise query the device owner. 5164 ComponentName aliasChooser = getProfileOwner(caller.getIdentifier()); 5165 if (aliasChooser == null && caller.isSystem()) { 5166 ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 5167 if (deviceOwnerAdmin != null) { 5168 aliasChooser = deviceOwnerAdmin.info.getComponent(); 5169 } 5170 } 5171 if (aliasChooser == null) { 5172 sendPrivateKeyAliasResponse(null, response); 5173 return; 5174 } 5175 5176 Intent intent = new Intent(DeviceAdminReceiver.ACTION_CHOOSE_PRIVATE_KEY_ALIAS); 5177 intent.setComponent(aliasChooser); 5178 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_SENDER_UID, uid); 5179 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_URI, uri); 5180 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_ALIAS, alias); 5181 intent.putExtra(DeviceAdminReceiver.EXTRA_CHOOSE_PRIVATE_KEY_RESPONSE, response); 5182 intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 5183 5184 final long id = mInjector.binderClearCallingIdentity(); 5185 try { 5186 mContext.sendOrderedBroadcastAsUser(intent, caller, null, new BroadcastReceiver() { 5187 @Override 5188 public void onReceive(Context context, Intent intent) { 5189 final String chosenAlias = getResultData(); 5190 sendPrivateKeyAliasResponse(chosenAlias, response); 5191 } 5192 }, null, Activity.RESULT_OK, null, null); 5193 } finally { 5194 mInjector.binderRestoreCallingIdentity(id); 5195 } 5196 } 5197 5198 private void sendPrivateKeyAliasResponse(final String alias, final IBinder responseBinder) { 5199 final IKeyChainAliasCallback keyChainAliasResponse = 5200 IKeyChainAliasCallback.Stub.asInterface(responseBinder); 5201 // Send the response. It's OK to do this from the main thread because IKeyChainAliasCallback 5202 // is oneway, which means it won't block if the recipient lives in another process. 5203 try { 5204 keyChainAliasResponse.alias(alias); 5205 } catch (Exception e) { 5206 // Caller could throw RuntimeException or RemoteException back across processes. Catch 5207 // everything just to be sure. 5208 Log.e(LOG_TAG, "error while responding to callback", e); 5209 } 5210 } 5211 5212 /** 5213 * Determine whether DPMS should check if a delegate package is already installed before 5214 * granting it new delegations via {@link #setDelegatedScopes}. 5215 */ 5216 private static boolean shouldCheckIfDelegatePackageIsInstalled(String delegatePackage, 5217 int targetSdk, List<String> scopes) { 5218 // 1) Never skip is installed check from N. 5219 if (targetSdk >= Build.VERSION_CODES.N) { 5220 return true; 5221 } 5222 // 2) Skip if DELEGATION_CERT_INSTALL is the only scope being given. 5223 if (scopes.size() == 1 && scopes.get(0).equals(DELEGATION_CERT_INSTALL)) { 5224 return false; 5225 } 5226 // 3) Skip if all previously granted scopes are being cleared. 5227 if (scopes.isEmpty()) { 5228 return false; 5229 } 5230 // Otherwise it should check that delegatePackage is installed. 5231 return true; 5232 } 5233 5234 /** 5235 * Set the scopes of a device owner or profile owner delegate. 5236 * 5237 * @param who the device owner or profile owner. 5238 * @param delegatePackage the name of the delegate package. 5239 * @param scopes the list of delegation scopes to be given to the delegate package. 5240 */ 5241 @Override 5242 public void setDelegatedScopes(ComponentName who, String delegatePackage, 5243 List<String> scopes) throws SecurityException { 5244 Preconditions.checkNotNull(who, "ComponentName is null"); 5245 Preconditions.checkStringNotEmpty(delegatePackage, "Delegate package is null or empty"); 5246 Preconditions.checkCollectionElementsNotNull(scopes, "Scopes"); 5247 // Remove possible duplicates. 5248 scopes = new ArrayList(new ArraySet(scopes)); 5249 // Ensure given scopes are valid. 5250 if (scopes.retainAll(Arrays.asList(DELEGATIONS))) { 5251 throw new IllegalArgumentException("Unexpected delegation scopes"); 5252 } 5253 5254 // Retrieve the user ID of the calling process. 5255 final int userId = mInjector.userHandleGetCallingUserId(); 5256 synchronized (this) { 5257 // Ensure calling process is device/profile owner. 5258 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5259 // Ensure the delegate is installed (skip this for DELEGATION_CERT_INSTALL in pre-N). 5260 if (shouldCheckIfDelegatePackageIsInstalled(delegatePackage, 5261 getTargetSdk(who.getPackageName(), userId), scopes)) { 5262 // Throw when the delegate package is not installed. 5263 if (!isPackageInstalledForUser(delegatePackage, userId)) { 5264 throw new IllegalArgumentException("Package " + delegatePackage 5265 + " is not installed on the current user"); 5266 } 5267 } 5268 5269 // Set the new delegate in user policies. 5270 final DevicePolicyData policy = getUserData(userId); 5271 if (!scopes.isEmpty()) { 5272 policy.mDelegationMap.put(delegatePackage, new ArrayList<>(scopes)); 5273 } else { 5274 // Remove any delegation info if the given scopes list is empty. 5275 policy.mDelegationMap.remove(delegatePackage); 5276 } 5277 5278 // Notify delegate package of updates. 5279 final Intent intent = new Intent( 5280 DevicePolicyManager.ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED); 5281 // Only call receivers registered with Context#registerReceiver (don’t wake delegate). 5282 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); 5283 // Limit components this intent resolves to to the delegate package. 5284 intent.setPackage(delegatePackage); 5285 // Include the list of delegated scopes as an extra. 5286 intent.putStringArrayListExtra(DevicePolicyManager.EXTRA_DELEGATION_SCOPES, 5287 (ArrayList<String>) scopes); 5288 // Send the broadcast. 5289 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 5290 5291 // Persist updates. 5292 saveSettingsLocked(userId); 5293 } 5294 } 5295 5296 /** 5297 * Get the delegation scopes given to a delegate package by a device owner or profile owner. 5298 * 5299 * A DO/PO can get the scopes of any package. A non DO/PO package can get its own scopes by 5300 * passing in {@code null} as the {@code who} parameter and its own name as the 5301 * {@code delegatepackage}. 5302 * 5303 * @param who the device owner or profile owner, or {@code null} if the caller is 5304 * {@code delegatePackage}. 5305 * @param delegatePackage the name of the delegate package whose scopes are to be retrieved. 5306 * @return a list of the delegation scopes currently given to {@code delegatePackage}. 5307 */ 5308 @Override 5309 @NonNull 5310 public List<String> getDelegatedScopes(ComponentName who, 5311 String delegatePackage) throws SecurityException { 5312 Preconditions.checkNotNull(delegatePackage, "Delegate package is null"); 5313 5314 // Retrieve the user ID of the calling process. 5315 final int callingUid = mInjector.binderGetCallingUid(); 5316 final int userId = UserHandle.getUserId(callingUid); 5317 synchronized (this) { 5318 // Ensure calling process is device/profile owner. 5319 if (who != null) { 5320 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5321 // Or ensure calling process is delegatePackage itself. 5322 } else { 5323 int uid = 0; 5324 try { 5325 uid = mInjector.getPackageManager() 5326 .getPackageUidAsUser(delegatePackage, userId); 5327 } catch(NameNotFoundException e) { 5328 } 5329 if (uid != callingUid) { 5330 throw new SecurityException("Caller with uid " + callingUid + " is not " 5331 + delegatePackage); 5332 } 5333 } 5334 final DevicePolicyData policy = getUserData(userId); 5335 // Retrieve the scopes assigned to delegatePackage, or null if no scope was given. 5336 final List<String> scopes = policy.mDelegationMap.get(delegatePackage); 5337 return scopes == null ? Collections.EMPTY_LIST : scopes; 5338 } 5339 } 5340 5341 /** 5342 * Get a list of packages that were given a specific delegation scopes by a device owner or 5343 * profile owner. 5344 * 5345 * @param who the device owner or profile owner. 5346 * @param scope the scope whose delegates are to be retrieved. 5347 * @return a list of the delegate packages currently given the {@code scope} delegation. 5348 */ 5349 @NonNull 5350 public List<String> getDelegatePackages(ComponentName who, String scope) 5351 throws SecurityException { 5352 Preconditions.checkNotNull(who, "ComponentName is null"); 5353 Preconditions.checkNotNull(scope, "Scope is null"); 5354 if (!Arrays.asList(DELEGATIONS).contains(scope)) { 5355 throw new IllegalArgumentException("Unexpected delegation scope: " + scope); 5356 } 5357 5358 // Retrieve the user ID of the calling process. 5359 final int userId = mInjector.userHandleGetCallingUserId(); 5360 synchronized (this) { 5361 // Ensure calling process is device/profile owner. 5362 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5363 final DevicePolicyData policy = getUserData(userId); 5364 5365 // Create a list to hold the resulting delegate packages. 5366 final List<String> delegatePackagesWithScope = new ArrayList<>(); 5367 // Add all delegations containing scope to the result list. 5368 for (int i = 0; i < policy.mDelegationMap.size(); i++) { 5369 if (policy.mDelegationMap.valueAt(i).contains(scope)) { 5370 delegatePackagesWithScope.add(policy.mDelegationMap.keyAt(i)); 5371 } 5372 } 5373 return delegatePackagesWithScope; 5374 } 5375 } 5376 5377 /** 5378 * Check whether a caller application has been delegated a given scope via 5379 * {@link #setDelegatedScopes} to access privileged APIs on the behalf of a profile owner or 5380 * device owner. 5381 * <p> 5382 * This is done by checking that {@code callerPackage} was granted {@code scope} delegation and 5383 * then comparing the calling UID with the UID of {@code callerPackage} as reported by 5384 * {@link PackageManager#getPackageUidAsUser}. 5385 * 5386 * @param callerPackage the name of the package that is trying to invoke a function in the DPMS. 5387 * @param scope the delegation scope to be checked. 5388 * @return {@code true} if the calling process is a delegate of {@code scope}. 5389 */ 5390 private boolean isCallerDelegate(String callerPackage, String scope) { 5391 Preconditions.checkNotNull(callerPackage, "callerPackage is null"); 5392 if (!Arrays.asList(DELEGATIONS).contains(scope)) { 5393 throw new IllegalArgumentException("Unexpected delegation scope: " + scope); 5394 } 5395 5396 // Retrieve the UID and user ID of the calling process. 5397 final int callingUid = mInjector.binderGetCallingUid(); 5398 final int userId = UserHandle.getUserId(callingUid); 5399 synchronized (this) { 5400 // Retrieve user policy data. 5401 final DevicePolicyData policy = getUserData(userId); 5402 // Retrieve the list of delegation scopes granted to callerPackage. 5403 final List<String> scopes = policy.mDelegationMap.get(callerPackage); 5404 // Check callingUid only if callerPackage has the required scope delegation. 5405 if (scopes != null && scopes.contains(scope)) { 5406 try { 5407 // Retrieve the expected UID for callerPackage. 5408 final int uid = mInjector.getPackageManager() 5409 .getPackageUidAsUser(callerPackage, userId); 5410 // Return true if the caller is actually callerPackage. 5411 return uid == callingUid; 5412 } catch (NameNotFoundException e) { 5413 // Ignore. 5414 } 5415 } 5416 return false; 5417 } 5418 } 5419 5420 /** 5421 * Throw a security exception if a ComponentName is given and it is not a device/profile owner 5422 * or if the calling process is not a delegate of the given scope. 5423 * 5424 * @param who the device owner of profile owner, or null if {@code callerPackage} is a 5425 * {@code scope} delegate. 5426 * @param callerPackage the name of the calling package. Required if {@code who} is 5427 * {@code null}. 5428 * @param reqPolicy the policy used in the API whose access permission is being checked. 5429 * @param scope the delegation scope corresponding to the API being checked. 5430 * @throws SecurityException if {@code who} is given and is not an owner for {@code reqPolicy}; 5431 * or when {@code who} is {@code null} and {@code callerPackage} is not a delegate 5432 * of {@code scope}. 5433 */ 5434 private void enforceCanManageScope(ComponentName who, String callerPackage, int reqPolicy, 5435 String scope) { 5436 // If a ComponentName is given ensure it is a device or profile owner according to policy. 5437 if (who != null) { 5438 synchronized (this) { 5439 getActiveAdminForCallerLocked(who, reqPolicy); 5440 } 5441 // If no ComponentName is given ensure calling process has scope delegation. 5442 } else if (!isCallerDelegate(callerPackage, scope)) { 5443 throw new SecurityException("Caller with uid " + mInjector.binderGetCallingUid() 5444 + " is not a delegate of scope " + scope + "."); 5445 } 5446 } 5447 5448 /** 5449 * Helper function to preserve delegation behavior pre-O when using the deprecated functions 5450 * {@code #setCertInstallerPackage} and {@code #setApplicationRestrictionsManagingPackage}. 5451 */ 5452 private void setDelegatedScopePreO(ComponentName who, 5453 String delegatePackage, String scope) { 5454 Preconditions.checkNotNull(who, "ComponentName is null"); 5455 5456 final int userId = mInjector.userHandleGetCallingUserId(); 5457 synchronized(this) { 5458 // Ensure calling process is device/profile owner. 5459 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 5460 final DevicePolicyData policy = getUserData(userId); 5461 5462 if (delegatePackage != null) { 5463 // Set package as a delegate for scope if it is not already one. 5464 List<String> scopes = policy.mDelegationMap.get(delegatePackage); 5465 if (scopes == null) { 5466 scopes = new ArrayList<>(); 5467 } 5468 if (!scopes.contains(scope)) { 5469 scopes.add(scope); 5470 setDelegatedScopes(who, delegatePackage, scopes); 5471 } 5472 } 5473 5474 // Clear any existing scope delegates. 5475 for (int i = 0; i < policy.mDelegationMap.size(); i++) { 5476 final String currentPackage = policy.mDelegationMap.keyAt(i); 5477 final List<String> currentScopes = policy.mDelegationMap.valueAt(i); 5478 5479 if (!currentPackage.equals(delegatePackage) && currentScopes.contains(scope)) { 5480 final List<String> newScopes = new ArrayList(currentScopes); 5481 newScopes.remove(scope); 5482 setDelegatedScopes(who, currentPackage, newScopes); 5483 } 5484 } 5485 } 5486 } 5487 5488 @Override 5489 public void setCertInstallerPackage(ComponentName who, String installerPackage) 5490 throws SecurityException { 5491 setDelegatedScopePreO(who, installerPackage, DELEGATION_CERT_INSTALL); 5492 } 5493 5494 @Override 5495 public String getCertInstallerPackage(ComponentName who) throws SecurityException { 5496 final List<String> delegatePackages = getDelegatePackages(who, DELEGATION_CERT_INSTALL); 5497 return delegatePackages.size() > 0 ? delegatePackages.get(0) : null; 5498 } 5499 5500 /** 5501 * @return {@code true} if the package is installed and set as always-on, {@code false} if it is 5502 * not installed and therefore not available. 5503 * 5504 * @throws SecurityException if the caller is not a profile or device owner. 5505 * @throws UnsupportedOperationException if the package does not support being set as always-on. 5506 */ 5507 @Override 5508 public boolean setAlwaysOnVpnPackage(ComponentName admin, String vpnPackage, boolean lockdown) 5509 throws SecurityException { 5510 enforceProfileOrDeviceOwner(admin); 5511 5512 final int userId = mInjector.userHandleGetCallingUserId(); 5513 final long token = mInjector.binderClearCallingIdentity(); 5514 try { 5515 if (vpnPackage != null && !isPackageInstalledForUser(vpnPackage, userId)) { 5516 return false; 5517 } 5518 ConnectivityManager connectivityManager = (ConnectivityManager) 5519 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 5520 if (!connectivityManager.setAlwaysOnVpnPackageForUser(userId, vpnPackage, lockdown)) { 5521 throw new UnsupportedOperationException(); 5522 } 5523 } finally { 5524 mInjector.binderRestoreCallingIdentity(token); 5525 } 5526 return true; 5527 } 5528 5529 @Override 5530 public String getAlwaysOnVpnPackage(ComponentName admin) 5531 throws SecurityException { 5532 enforceProfileOrDeviceOwner(admin); 5533 5534 final int userId = mInjector.userHandleGetCallingUserId(); 5535 final long token = mInjector.binderClearCallingIdentity(); 5536 try{ 5537 ConnectivityManager connectivityManager = (ConnectivityManager) 5538 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 5539 return connectivityManager.getAlwaysOnVpnPackageForUser(userId); 5540 } finally { 5541 mInjector.binderRestoreCallingIdentity(token); 5542 } 5543 } 5544 5545 private void forceWipeDeviceNoLock(boolean wipeExtRequested, String reason, boolean wipeEuicc) { 5546 wtfIfInLock(); 5547 5548 if (wipeExtRequested) { 5549 StorageManager sm = (StorageManager) mContext.getSystemService( 5550 Context.STORAGE_SERVICE); 5551 sm.wipeAdoptableDisks(); 5552 } 5553 try { 5554 mInjector.recoverySystemRebootWipeUserData( 5555 /*shutdown=*/ false, reason, /*force=*/ true, /*wipeEuicc=*/ wipeEuicc); 5556 } catch (IOException | SecurityException e) { 5557 Slog.w(LOG_TAG, "Failed requesting data wipe", e); 5558 } 5559 } 5560 5561 private void forceWipeUser(int userId, String wipeReasonForUser) { 5562 try { 5563 IActivityManager am = mInjector.getIActivityManager(); 5564 if (am.getCurrentUser().id == userId) { 5565 am.switchUser(UserHandle.USER_SYSTEM); 5566 } 5567 5568 boolean userRemoved = mUserManagerInternal.removeUserEvenWhenDisallowed(userId); 5569 if (!userRemoved) { 5570 Slog.w(LOG_TAG, "Couldn't remove user " + userId); 5571 } else if (isManagedProfile(userId)) { 5572 sendWipeProfileNotification(wipeReasonForUser); 5573 } 5574 } catch (RemoteException re) { 5575 // Shouldn't happen 5576 } 5577 } 5578 5579 @Override 5580 public void wipeDataWithReason(int flags, String wipeReasonForUser) { 5581 if (!mHasFeature) { 5582 return; 5583 } 5584 Preconditions.checkStringNotEmpty(wipeReasonForUser, "wipeReasonForUser is null or empty"); 5585 enforceFullCrossUsersPermission(mInjector.userHandleGetCallingUserId()); 5586 5587 final ActiveAdmin admin; 5588 synchronized (this) { 5589 admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA); 5590 } 5591 String internalReason = "DevicePolicyManager.wipeDataWithReason() from " 5592 + admin.info.getComponent().flattenToShortString(); 5593 wipeDataNoLock( 5594 admin.info.getComponent(), flags, internalReason, wipeReasonForUser, 5595 admin.getUserHandle().getIdentifier()); 5596 } 5597 5598 private void wipeDataNoLock(ComponentName admin, int flags, String internalReason, 5599 String wipeReasonForUser, int userId) { 5600 wtfIfInLock(); 5601 5602 long ident = mInjector.binderClearCallingIdentity(); 5603 try { 5604 // First check whether the admin is allowed to wipe the device/user/profile. 5605 final String restriction; 5606 if (userId == UserHandle.USER_SYSTEM) { 5607 restriction = UserManager.DISALLOW_FACTORY_RESET; 5608 } else if (isManagedProfile(userId)) { 5609 restriction = UserManager.DISALLOW_REMOVE_MANAGED_PROFILE; 5610 } else { 5611 restriction = UserManager.DISALLOW_REMOVE_USER; 5612 } 5613 if (isAdminAffectedByRestriction(admin, restriction, userId)) { 5614 throw new SecurityException("Cannot wipe data. " + restriction 5615 + " restriction is set for user " + userId); 5616 } 5617 5618 if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) { 5619 if (!isDeviceOwner(admin, userId)) { 5620 throw new SecurityException( 5621 "Only device owner admins can set WIPE_RESET_PROTECTION_DATA"); 5622 } 5623 PersistentDataBlockManager manager = (PersistentDataBlockManager) 5624 mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 5625 if (manager != null) { 5626 manager.wipe(); 5627 } 5628 } 5629 5630 // TODO If split user is enabled and the device owner is set in the primary user 5631 // (rather than system), we should probably trigger factory reset. Current code just 5632 // removes that user (but still clears FRP...) 5633 if (userId == UserHandle.USER_SYSTEM) { 5634 forceWipeDeviceNoLock(/*wipeExtRequested=*/ ( 5635 flags & WIPE_EXTERNAL_STORAGE) != 0, 5636 internalReason, 5637 /*wipeEuicc=*/ (flags & WIPE_EUICC) != 0); 5638 } else { 5639 forceWipeUser(userId, wipeReasonForUser); 5640 } 5641 } finally { 5642 mInjector.binderRestoreCallingIdentity(ident); 5643 } 5644 } 5645 5646 private void sendWipeProfileNotification(String wipeReasonForUser) { 5647 Notification notification = 5648 new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) 5649 .setSmallIcon(android.R.drawable.stat_sys_warning) 5650 .setContentTitle(mContext.getString(R.string.work_profile_deleted)) 5651 .setContentText(wipeReasonForUser) 5652 .setColor(mContext.getColor(R.color.system_notification_accent_color)) 5653 .setStyle(new Notification.BigTextStyle().bigText(wipeReasonForUser)) 5654 .build(); 5655 mInjector.getNotificationManager().notify(SystemMessage.NOTE_PROFILE_WIPED, notification); 5656 } 5657 5658 private void clearWipeProfileNotification() { 5659 mInjector.getNotificationManager().cancel(SystemMessage.NOTE_PROFILE_WIPED); 5660 } 5661 5662 @Override 5663 public void getRemoveWarning(ComponentName comp, final RemoteCallback result, int userHandle) { 5664 if (!mHasFeature) { 5665 return; 5666 } 5667 enforceFullCrossUsersPermission(userHandle); 5668 mContext.enforceCallingOrSelfPermission( 5669 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5670 5671 synchronized (this) { 5672 ActiveAdmin admin = getActiveAdminUncheckedLocked(comp, userHandle); 5673 if (admin == null) { 5674 result.sendResult(null); 5675 return; 5676 } 5677 Intent intent = new Intent(DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLE_REQUESTED); 5678 intent.setFlags(Intent.FLAG_RECEIVER_FOREGROUND); 5679 intent.setComponent(admin.info.getComponent()); 5680 mContext.sendOrderedBroadcastAsUser(intent, new UserHandle(userHandle), 5681 null, new BroadcastReceiver() { 5682 @Override 5683 public void onReceive(Context context, Intent intent) { 5684 result.sendResult(getResultExtras(false)); 5685 } 5686 }, null, Activity.RESULT_OK, null, null); 5687 } 5688 } 5689 5690 /** 5691 * Notify DPMS regarding the metric of the current password. This happens when the user changes 5692 * the password, but also when the user just unlocks the keyguard. In comparison, 5693 * reportPasswordChanged() is only called when the user changes the password. 5694 */ 5695 @Override 5696 public void setActivePasswordState(PasswordMetrics metrics, int userHandle) { 5697 if (!mHasFeature) { 5698 return; 5699 } 5700 enforceFullCrossUsersPermission(userHandle); 5701 mContext.enforceCallingOrSelfPermission( 5702 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5703 5704 // If the managed profile doesn't have a separate password, set the metrics to default 5705 if (isManagedProfile(userHandle) && !isSeparateProfileChallengeEnabled(userHandle)) { 5706 metrics = new PasswordMetrics(); 5707 } 5708 5709 validateQualityConstant(metrics.quality); 5710 DevicePolicyData policy = getUserData(userHandle); 5711 synchronized (this) { 5712 policy.mActivePasswordMetrics = metrics; 5713 policy.mPasswordStateHasBeenSetSinceBoot = true; 5714 } 5715 } 5716 5717 @Override 5718 public void reportPasswordChanged(@UserIdInt int userId) { 5719 if (!mHasFeature) { 5720 return; 5721 } 5722 enforceFullCrossUsersPermission(userId); 5723 5724 // Managed Profile password can only be changed when it has a separate challenge. 5725 if (!isSeparateProfileChallengeEnabled(userId)) { 5726 enforceNotManagedProfile(userId, "set the active password"); 5727 } 5728 5729 mContext.enforceCallingOrSelfPermission( 5730 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5731 5732 DevicePolicyData policy = getUserData(userId); 5733 5734 long ident = mInjector.binderClearCallingIdentity(); 5735 try { 5736 synchronized (this) { 5737 policy.mFailedPasswordAttempts = 0; 5738 updatePasswordValidityCheckpointLocked(userId); 5739 saveSettingsLocked(userId); 5740 updatePasswordExpirationsLocked(userId); 5741 setExpirationAlarmCheckLocked(mContext, userId, /* parent */ false); 5742 5743 // Send a broadcast to each profile using this password as its primary unlock. 5744 sendAdminCommandForLockscreenPoliciesLocked( 5745 DeviceAdminReceiver.ACTION_PASSWORD_CHANGED, 5746 DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, userId); 5747 } 5748 removeCaApprovalsIfNeeded(userId); 5749 } finally { 5750 mInjector.binderRestoreCallingIdentity(ident); 5751 } 5752 } 5753 5754 /** 5755 * Called any time the device password is updated. Resets all password expiration clocks. 5756 */ 5757 private void updatePasswordExpirationsLocked(int userHandle) { 5758 ArraySet<Integer> affectedUserIds = new ArraySet<Integer>(); 5759 List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked( 5760 userHandle, /* parent */ false); 5761 final int N = admins.size(); 5762 for (int i = 0; i < N; i++) { 5763 ActiveAdmin admin = admins.get(i); 5764 if (admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD)) { 5765 affectedUserIds.add(admin.getUserHandle().getIdentifier()); 5766 long timeout = admin.passwordExpirationTimeout; 5767 long expiration = timeout > 0L ? (timeout + System.currentTimeMillis()) : 0L; 5768 admin.passwordExpirationDate = expiration; 5769 } 5770 } 5771 for (int affectedUserId : affectedUserIds) { 5772 saveSettingsLocked(affectedUserId); 5773 } 5774 } 5775 5776 @Override 5777 public void reportFailedPasswordAttempt(int userHandle) { 5778 enforceFullCrossUsersPermission(userHandle); 5779 if (!isSeparateProfileChallengeEnabled(userHandle)) { 5780 enforceNotManagedProfile(userHandle, 5781 "report failed password attempt if separate profile challenge is not in place"); 5782 } 5783 mContext.enforceCallingOrSelfPermission( 5784 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5785 5786 boolean wipeData = false; 5787 ActiveAdmin strictestAdmin = null; 5788 final long ident = mInjector.binderClearCallingIdentity(); 5789 try { 5790 synchronized (this) { 5791 DevicePolicyData policy = getUserData(userHandle); 5792 policy.mFailedPasswordAttempts++; 5793 saveSettingsLocked(userHandle); 5794 if (mHasFeature) { 5795 strictestAdmin = getAdminWithMinimumFailedPasswordsForWipeLocked( 5796 userHandle, /* parent */ false); 5797 int max = strictestAdmin != null 5798 ? strictestAdmin.maximumFailedPasswordsForWipe : 0; 5799 if (max > 0 && policy.mFailedPasswordAttempts >= max) { 5800 wipeData = true; 5801 } 5802 5803 sendAdminCommandForLockscreenPoliciesLocked( 5804 DeviceAdminReceiver.ACTION_PASSWORD_FAILED, 5805 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle); 5806 } 5807 } 5808 } finally { 5809 mInjector.binderRestoreCallingIdentity(ident); 5810 } 5811 5812 if (wipeData && strictestAdmin != null) { 5813 final int userId = strictestAdmin.getUserHandle().getIdentifier(); 5814 Slog.i(LOG_TAG, "Max failed password attempts policy reached for admin: " 5815 + strictestAdmin.info.getComponent().flattenToShortString() 5816 + ". Calling wipeData for user " + userId); 5817 5818 // Attempt to wipe the device/user/profile associated with the admin, as if the 5819 // admin had called wipeData(). That way we can check whether the admin is actually 5820 // allowed to wipe the device (e.g. a regular device admin shouldn't be able to wipe the 5821 // device if the device owner has set DISALLOW_FACTORY_RESET, but the DO should be 5822 // able to do so). 5823 // IMPORTANT: Call without holding the lock to prevent deadlock. 5824 try { 5825 String wipeReasonForUser = mContext.getString( 5826 R.string.work_profile_deleted_reason_maximum_password_failure); 5827 wipeDataNoLock(strictestAdmin.info.getComponent(), 5828 /*flags=*/ 0, 5829 /*reason=*/ "reportFailedPasswordAttempt()", 5830 wipeReasonForUser, 5831 userId); 5832 } catch (SecurityException e) { 5833 Slog.w(LOG_TAG, "Failed to wipe user " + userId 5834 + " after max failed password attempts reached.", e); 5835 } 5836 } 5837 5838 if (mInjector.securityLogIsLoggingEnabled()) { 5839 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, 5840 /*result*/ 0, 5841 /*method strength*/ 1); 5842 } 5843 } 5844 5845 @Override 5846 public void reportSuccessfulPasswordAttempt(int userHandle) { 5847 enforceFullCrossUsersPermission(userHandle); 5848 mContext.enforceCallingOrSelfPermission( 5849 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5850 5851 synchronized (this) { 5852 DevicePolicyData policy = getUserData(userHandle); 5853 if (policy.mFailedPasswordAttempts != 0 || policy.mPasswordOwner >= 0) { 5854 long ident = mInjector.binderClearCallingIdentity(); 5855 try { 5856 policy.mFailedPasswordAttempts = 0; 5857 policy.mPasswordOwner = -1; 5858 saveSettingsLocked(userHandle); 5859 if (mHasFeature) { 5860 sendAdminCommandForLockscreenPoliciesLocked( 5861 DeviceAdminReceiver.ACTION_PASSWORD_SUCCEEDED, 5862 DeviceAdminInfo.USES_POLICY_WATCH_LOGIN, userHandle); 5863 } 5864 } finally { 5865 mInjector.binderRestoreCallingIdentity(ident); 5866 } 5867 } 5868 } 5869 5870 if (mInjector.securityLogIsLoggingEnabled()) { 5871 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1, 5872 /*method strength*/ 1); 5873 } 5874 } 5875 5876 @Override 5877 public void reportFailedFingerprintAttempt(int userHandle) { 5878 enforceFullCrossUsersPermission(userHandle); 5879 mContext.enforceCallingOrSelfPermission( 5880 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5881 if (mInjector.securityLogIsLoggingEnabled()) { 5882 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0, 5883 /*method strength*/ 0); 5884 } 5885 } 5886 5887 @Override 5888 public void reportSuccessfulFingerprintAttempt(int userHandle) { 5889 enforceFullCrossUsersPermission(userHandle); 5890 mContext.enforceCallingOrSelfPermission( 5891 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5892 if (mInjector.securityLogIsLoggingEnabled()) { 5893 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 1, 5894 /*method strength*/ 0); 5895 } 5896 } 5897 5898 @Override 5899 public void reportKeyguardDismissed(int userHandle) { 5900 enforceFullCrossUsersPermission(userHandle); 5901 mContext.enforceCallingOrSelfPermission( 5902 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5903 5904 if (mInjector.securityLogIsLoggingEnabled()) { 5905 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISSED); 5906 } 5907 } 5908 5909 @Override 5910 public void reportKeyguardSecured(int userHandle) { 5911 enforceFullCrossUsersPermission(userHandle); 5912 mContext.enforceCallingOrSelfPermission( 5913 android.Manifest.permission.BIND_DEVICE_ADMIN, null); 5914 5915 if (mInjector.securityLogIsLoggingEnabled()) { 5916 SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_SECURED); 5917 } 5918 } 5919 5920 @Override 5921 public ComponentName setGlobalProxy(ComponentName who, String proxySpec, 5922 String exclusionList) { 5923 if (!mHasFeature) { 5924 return null; 5925 } 5926 synchronized(this) { 5927 Preconditions.checkNotNull(who, "ComponentName is null"); 5928 5929 // Only check if system user has set global proxy. We don't allow other users to set it. 5930 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 5931 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 5932 DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); 5933 5934 // Scan through active admins and find if anyone has already 5935 // set the global proxy. 5936 Set<ComponentName> compSet = policy.mAdminMap.keySet(); 5937 for (ComponentName component : compSet) { 5938 ActiveAdmin ap = policy.mAdminMap.get(component); 5939 if ((ap.specifiesGlobalProxy) && (!component.equals(who))) { 5940 // Another admin already sets the global proxy 5941 // Return it to the caller. 5942 return component; 5943 } 5944 } 5945 5946 // If the user is not system, don't set the global proxy. Fail silently. 5947 if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) { 5948 Slog.w(LOG_TAG, "Only the owner is allowed to set the global proxy. User " 5949 + UserHandle.getCallingUserId() + " is not permitted."); 5950 return null; 5951 } 5952 if (proxySpec == null) { 5953 admin.specifiesGlobalProxy = false; 5954 admin.globalProxySpec = null; 5955 admin.globalProxyExclusionList = null; 5956 } else { 5957 5958 admin.specifiesGlobalProxy = true; 5959 admin.globalProxySpec = proxySpec; 5960 admin.globalProxyExclusionList = exclusionList; 5961 } 5962 5963 // Reset the global proxy accordingly 5964 // Do this using system permissions, as apps cannot write to secure settings 5965 long origId = mInjector.binderClearCallingIdentity(); 5966 try { 5967 resetGlobalProxyLocked(policy); 5968 } finally { 5969 mInjector.binderRestoreCallingIdentity(origId); 5970 } 5971 return null; 5972 } 5973 } 5974 5975 @Override 5976 public ComponentName getGlobalProxyAdmin(int userHandle) { 5977 if (!mHasFeature) { 5978 return null; 5979 } 5980 enforceFullCrossUsersPermission(userHandle); 5981 synchronized(this) { 5982 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 5983 // Scan through active admins and find if anyone has already 5984 // set the global proxy. 5985 final int N = policy.mAdminList.size(); 5986 for (int i = 0; i < N; i++) { 5987 ActiveAdmin ap = policy.mAdminList.get(i); 5988 if (ap.specifiesGlobalProxy) { 5989 // Device admin sets the global proxy 5990 // Return it to the caller. 5991 return ap.info.getComponent(); 5992 } 5993 } 5994 } 5995 // No device admin sets the global proxy. 5996 return null; 5997 } 5998 5999 @Override 6000 public void setRecommendedGlobalProxy(ComponentName who, ProxyInfo proxyInfo) { 6001 synchronized (this) { 6002 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6003 } 6004 long token = mInjector.binderClearCallingIdentity(); 6005 try { 6006 ConnectivityManager connectivityManager = (ConnectivityManager) 6007 mContext.getSystemService(Context.CONNECTIVITY_SERVICE); 6008 connectivityManager.setGlobalProxy(proxyInfo); 6009 } finally { 6010 mInjector.binderRestoreCallingIdentity(token); 6011 } 6012 } 6013 6014 private void resetGlobalProxyLocked(DevicePolicyData policy) { 6015 final int N = policy.mAdminList.size(); 6016 for (int i = 0; i < N; i++) { 6017 ActiveAdmin ap = policy.mAdminList.get(i); 6018 if (ap.specifiesGlobalProxy) { 6019 saveGlobalProxyLocked(ap.globalProxySpec, ap.globalProxyExclusionList); 6020 return; 6021 } 6022 } 6023 // No device admins defining global proxies - reset global proxy settings to none 6024 saveGlobalProxyLocked(null, null); 6025 } 6026 6027 private void saveGlobalProxyLocked(String proxySpec, String exclusionList) { 6028 if (exclusionList == null) { 6029 exclusionList = ""; 6030 } 6031 if (proxySpec == null) { 6032 proxySpec = ""; 6033 } 6034 // Remove white spaces 6035 proxySpec = proxySpec.trim(); 6036 String data[] = proxySpec.split(":"); 6037 int proxyPort = 8080; 6038 if (data.length > 1) { 6039 try { 6040 proxyPort = Integer.parseInt(data[1]); 6041 } catch (NumberFormatException e) {} 6042 } 6043 exclusionList = exclusionList.trim(); 6044 6045 ProxyInfo proxyProperties = new ProxyInfo(data[0], proxyPort, exclusionList); 6046 if (!proxyProperties.isValid()) { 6047 Slog.e(LOG_TAG, "Invalid proxy properties, ignoring: " + proxyProperties.toString()); 6048 return; 6049 } 6050 mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_HOST, data[0]); 6051 mInjector.settingsGlobalPutInt(Settings.Global.GLOBAL_HTTP_PROXY_PORT, proxyPort); 6052 mInjector.settingsGlobalPutString(Settings.Global.GLOBAL_HTTP_PROXY_EXCLUSION_LIST, 6053 exclusionList); 6054 } 6055 6056 /** 6057 * Set the storage encryption request for a single admin. Returns the new total request 6058 * status (for all admins). 6059 */ 6060 @Override 6061 public int setStorageEncryption(ComponentName who, boolean encrypt) { 6062 if (!mHasFeature) { 6063 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6064 } 6065 Preconditions.checkNotNull(who, "ComponentName is null"); 6066 final int userHandle = UserHandle.getCallingUserId(); 6067 synchronized (this) { 6068 // Check for permissions 6069 // Only system user can set storage encryption 6070 if (userHandle != UserHandle.USER_SYSTEM) { 6071 Slog.w(LOG_TAG, "Only owner/system user is allowed to set storage encryption. User " 6072 + UserHandle.getCallingUserId() + " is not permitted."); 6073 return 0; 6074 } 6075 6076 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6077 DeviceAdminInfo.USES_ENCRYPTED_STORAGE); 6078 6079 // Quick exit: If the filesystem does not support encryption, we can exit early. 6080 if (!isEncryptionSupported()) { 6081 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6082 } 6083 6084 // (1) Record the value for the admin so it's sticky 6085 if (ap.encryptionRequested != encrypt) { 6086 ap.encryptionRequested = encrypt; 6087 saveSettingsLocked(userHandle); 6088 } 6089 6090 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 6091 // (2) Compute "max" for all admins 6092 boolean newRequested = false; 6093 final int N = policy.mAdminList.size(); 6094 for (int i = 0; i < N; i++) { 6095 newRequested |= policy.mAdminList.get(i).encryptionRequested; 6096 } 6097 6098 // Notify OS of new request 6099 setEncryptionRequested(newRequested); 6100 6101 // Return the new global request status 6102 return newRequested 6103 ? DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE 6104 : DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; 6105 } 6106 } 6107 6108 /** 6109 * Get the current storage encryption request status for a given admin, or aggregate of all 6110 * active admins. 6111 */ 6112 @Override 6113 public boolean getStorageEncryption(ComponentName who, int userHandle) { 6114 if (!mHasFeature) { 6115 return false; 6116 } 6117 enforceFullCrossUsersPermission(userHandle); 6118 synchronized (this) { 6119 // Check for permissions if a particular caller is specified 6120 if (who != null) { 6121 // When checking for a single caller, status is based on caller's request 6122 ActiveAdmin ap = getActiveAdminUncheckedLocked(who, userHandle); 6123 return ap != null ? ap.encryptionRequested : false; 6124 } 6125 6126 // If no particular caller is specified, return the aggregate set of requests. 6127 // This is short circuited by returning true on the first hit. 6128 DevicePolicyData policy = getUserData(userHandle); 6129 final int N = policy.mAdminList.size(); 6130 for (int i = 0; i < N; i++) { 6131 if (policy.mAdminList.get(i).encryptionRequested) { 6132 return true; 6133 } 6134 } 6135 return false; 6136 } 6137 } 6138 6139 /** 6140 * Get the current encryption status of the device. 6141 */ 6142 @Override 6143 public int getStorageEncryptionStatus(@Nullable String callerPackage, int userHandle) { 6144 if (!mHasFeature) { 6145 // Ok to return current status. 6146 } 6147 enforceFullCrossUsersPermission(userHandle); 6148 6149 // It's not critical here, but let's make sure the package name is correct, in case 6150 // we start using it for different purposes. 6151 ensureCallerPackage(callerPackage); 6152 6153 final ApplicationInfo ai; 6154 try { 6155 ai = mIPackageManager.getApplicationInfo(callerPackage, 0, userHandle); 6156 } catch (RemoteException e) { 6157 throw new SecurityException(e); 6158 } 6159 6160 boolean legacyApp = false; 6161 if (ai.targetSdkVersion <= Build.VERSION_CODES.M) { 6162 legacyApp = true; 6163 } 6164 6165 final int rawStatus = getEncryptionStatus(); 6166 if ((rawStatus == DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER) && legacyApp) { 6167 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE; 6168 } 6169 return rawStatus; 6170 } 6171 6172 /** 6173 * Hook to low-levels: This should report if the filesystem supports encrypted storage. 6174 */ 6175 private boolean isEncryptionSupported() { 6176 // Note, this can be implemented as 6177 // return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6178 // But is provided as a separate internal method if there's a faster way to do a 6179 // simple check for supported-or-not. 6180 return getEncryptionStatus() != DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6181 } 6182 6183 /** 6184 * Hook to low-levels: Reporting the current status of encryption. 6185 * @return A value such as {@link DevicePolicyManager#ENCRYPTION_STATUS_UNSUPPORTED}, 6186 * {@link DevicePolicyManager#ENCRYPTION_STATUS_INACTIVE}, 6187 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY}, 6188 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE_PER_USER}, or 6189 * {@link DevicePolicyManager#ENCRYPTION_STATUS_ACTIVE}. 6190 */ 6191 private int getEncryptionStatus() { 6192 if (mInjector.storageManagerIsFileBasedEncryptionEnabled()) { 6193 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER; 6194 } else if (mInjector.storageManagerIsNonDefaultBlockEncrypted()) { 6195 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE; 6196 } else if (mInjector.storageManagerIsEncrypted()) { 6197 return DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY; 6198 } else if (mInjector.storageManagerIsEncryptable()) { 6199 return DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE; 6200 } else { 6201 return DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED; 6202 } 6203 } 6204 6205 /** 6206 * Hook to low-levels: If needed, record the new admin setting for encryption. 6207 */ 6208 private void setEncryptionRequested(boolean encrypt) { 6209 } 6210 6211 /** 6212 * Set whether the screen capture is disabled for the user managed by the specified admin. 6213 */ 6214 @Override 6215 public void setScreenCaptureDisabled(ComponentName who, boolean disabled) { 6216 if (!mHasFeature) { 6217 return; 6218 } 6219 Preconditions.checkNotNull(who, "ComponentName is null"); 6220 final int userHandle = UserHandle.getCallingUserId(); 6221 synchronized (this) { 6222 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6223 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 6224 if (ap.disableScreenCapture != disabled) { 6225 ap.disableScreenCapture = disabled; 6226 saveSettingsLocked(userHandle); 6227 updateScreenCaptureDisabledInWindowManager(userHandle, disabled); 6228 } 6229 } 6230 } 6231 6232 /** 6233 * Returns whether or not screen capture is disabled for a given admin, or disabled for any 6234 * active admin (if given admin is null). 6235 */ 6236 @Override 6237 public boolean getScreenCaptureDisabled(ComponentName who, int userHandle) { 6238 if (!mHasFeature) { 6239 return false; 6240 } 6241 synchronized (this) { 6242 if (who != null) { 6243 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 6244 return (admin != null) ? admin.disableScreenCapture : false; 6245 } 6246 6247 DevicePolicyData policy = getUserData(userHandle); 6248 final int N = policy.mAdminList.size(); 6249 for (int i = 0; i < N; i++) { 6250 ActiveAdmin admin = policy.mAdminList.get(i); 6251 if (admin.disableScreenCapture) { 6252 return true; 6253 } 6254 } 6255 return false; 6256 } 6257 } 6258 6259 private void updateScreenCaptureDisabledInWindowManager(final int userHandle, 6260 final boolean disabled) { 6261 mHandler.post(new Runnable() { 6262 @Override 6263 public void run() { 6264 try { 6265 mInjector.getIWindowManager().setScreenCaptureDisabled(userHandle, disabled); 6266 } catch (RemoteException e) { 6267 Log.w(LOG_TAG, "Unable to notify WindowManager.", e); 6268 } 6269 } 6270 }); 6271 } 6272 6273 /** 6274 * Set whether auto time is required by the specified admin (must be device or profile owner). 6275 */ 6276 @Override 6277 public void setAutoTimeRequired(ComponentName who, boolean required) { 6278 if (!mHasFeature) { 6279 return; 6280 } 6281 Preconditions.checkNotNull(who, "ComponentName is null"); 6282 final int userHandle = UserHandle.getCallingUserId(); 6283 synchronized (this) { 6284 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 6285 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 6286 if (admin.requireAutoTime != required) { 6287 admin.requireAutoTime = required; 6288 saveSettingsLocked(userHandle); 6289 } 6290 } 6291 6292 // Turn AUTO_TIME on in settings if it is required 6293 if (required) { 6294 long ident = mInjector.binderClearCallingIdentity(); 6295 try { 6296 mInjector.settingsGlobalPutInt(Settings.Global.AUTO_TIME, 1 /* AUTO_TIME on */); 6297 } finally { 6298 mInjector.binderRestoreCallingIdentity(ident); 6299 } 6300 } 6301 } 6302 6303 /** 6304 * Returns whether or not auto time is required by the device owner or any profile owner. 6305 */ 6306 @Override 6307 public boolean getAutoTimeRequired() { 6308 if (!mHasFeature) { 6309 return false; 6310 } 6311 synchronized (this) { 6312 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 6313 if (deviceOwner != null && deviceOwner.requireAutoTime) { 6314 // If the device owner enforces auto time, we don't need to check the PO's 6315 return true; 6316 } 6317 6318 // Now check to see if any profile owner on any user enforces auto time 6319 for (Integer userId : mOwners.getProfileOwnerKeys()) { 6320 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 6321 if (profileOwner != null && profileOwner.requireAutoTime) { 6322 return true; 6323 } 6324 } 6325 6326 return false; 6327 } 6328 } 6329 6330 @Override 6331 public void setForceEphemeralUsers(ComponentName who, boolean forceEphemeralUsers) { 6332 if (!mHasFeature) { 6333 return; 6334 } 6335 Preconditions.checkNotNull(who, "ComponentName is null"); 6336 // Allow setting this policy to true only if there is a split system user. 6337 if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) { 6338 throw new UnsupportedOperationException( 6339 "Cannot force ephemeral users on systems without split system user."); 6340 } 6341 boolean removeAllUsers = false; 6342 synchronized (this) { 6343 final ActiveAdmin deviceOwner = 6344 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6345 if (deviceOwner.forceEphemeralUsers != forceEphemeralUsers) { 6346 deviceOwner.forceEphemeralUsers = forceEphemeralUsers; 6347 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 6348 mUserManagerInternal.setForceEphemeralUsers(forceEphemeralUsers); 6349 removeAllUsers = forceEphemeralUsers; 6350 } 6351 } 6352 if (removeAllUsers) { 6353 long identitity = mInjector.binderClearCallingIdentity(); 6354 try { 6355 mUserManagerInternal.removeAllUsers(); 6356 } finally { 6357 mInjector.binderRestoreCallingIdentity(identitity); 6358 } 6359 } 6360 } 6361 6362 @Override 6363 public boolean getForceEphemeralUsers(ComponentName who) { 6364 if (!mHasFeature) { 6365 return false; 6366 } 6367 Preconditions.checkNotNull(who, "ComponentName is null"); 6368 synchronized (this) { 6369 final ActiveAdmin deviceOwner = 6370 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6371 return deviceOwner.forceEphemeralUsers; 6372 } 6373 } 6374 6375 private void ensureDeviceOwnerAndAllUsersAffiliated(ComponentName who) throws SecurityException { 6376 synchronized (this) { 6377 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 6378 if (!areAllUsersAffiliatedWithDeviceLocked()) { 6379 throw new SecurityException("Not all users are affiliated."); 6380 } 6381 } 6382 } 6383 6384 @Override 6385 public boolean requestBugreport(ComponentName who) { 6386 if (!mHasFeature) { 6387 return false; 6388 } 6389 Preconditions.checkNotNull(who, "ComponentName is null"); 6390 6391 // TODO: If an unaffiliated user is removed, the admin will be able to request a bugreport 6392 // which could still contain data related to that user. Should we disallow that, e.g. until 6393 // next boot? Might not be needed given that this still requires user consent. 6394 ensureDeviceOwnerAndAllUsersAffiliated(who); 6395 6396 if (mRemoteBugreportServiceIsActive.get() 6397 || (getDeviceOwnerRemoteBugreportUri() != null)) { 6398 Slog.d(LOG_TAG, "Remote bugreport wasn't started because there's already one running."); 6399 return false; 6400 } 6401 6402 final long currentTime = System.currentTimeMillis(); 6403 synchronized (this) { 6404 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 6405 if (currentTime > policyData.mLastBugReportRequestTime) { 6406 policyData.mLastBugReportRequestTime = currentTime; 6407 saveSettingsLocked(UserHandle.USER_SYSTEM); 6408 } 6409 } 6410 6411 final long callingIdentity = mInjector.binderClearCallingIdentity(); 6412 try { 6413 mInjector.getIActivityManager().requestBugReport( 6414 ActivityManager.BUGREPORT_OPTION_REMOTE); 6415 6416 mRemoteBugreportServiceIsActive.set(true); 6417 mRemoteBugreportSharingAccepted.set(false); 6418 registerRemoteBugreportReceivers(); 6419 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, 6420 RemoteBugreportUtils.NOTIFICATION_ID, 6421 RemoteBugreportUtils.buildNotification(mContext, 6422 DevicePolicyManager.NOTIFICATION_BUGREPORT_STARTED), UserHandle.ALL); 6423 mHandler.postDelayed(mRemoteBugreportTimeoutRunnable, 6424 RemoteBugreportUtils.REMOTE_BUGREPORT_TIMEOUT_MILLIS); 6425 return true; 6426 } catch (RemoteException re) { 6427 // should never happen 6428 Slog.e(LOG_TAG, "Failed to make remote calls to start bugreportremote service", re); 6429 return false; 6430 } finally { 6431 mInjector.binderRestoreCallingIdentity(callingIdentity); 6432 } 6433 } 6434 6435 synchronized void sendDeviceOwnerCommand(String action, Bundle extras) { 6436 Intent intent = new Intent(action); 6437 intent.setComponent(mOwners.getDeviceOwnerComponent()); 6438 if (extras != null) { 6439 intent.putExtras(extras); 6440 } 6441 mContext.sendBroadcastAsUser(intent, UserHandle.of(mOwners.getDeviceOwnerUserId())); 6442 } 6443 6444 private synchronized String getDeviceOwnerRemoteBugreportUri() { 6445 return mOwners.getDeviceOwnerRemoteBugreportUri(); 6446 } 6447 6448 private synchronized void setDeviceOwnerRemoteBugreportUriAndHash(String bugreportUri, 6449 String bugreportHash) { 6450 mOwners.setDeviceOwnerRemoteBugreportUriAndHash(bugreportUri, bugreportHash); 6451 } 6452 6453 private void registerRemoteBugreportReceivers() { 6454 try { 6455 IntentFilter filterFinished = new IntentFilter( 6456 DevicePolicyManager.ACTION_REMOTE_BUGREPORT_DISPATCH, 6457 RemoteBugreportUtils.BUGREPORT_MIMETYPE); 6458 mContext.registerReceiver(mRemoteBugreportFinishedReceiver, filterFinished); 6459 } catch (IntentFilter.MalformedMimeTypeException e) { 6460 // should never happen, as setting a constant 6461 Slog.w(LOG_TAG, "Failed to set type " + RemoteBugreportUtils.BUGREPORT_MIMETYPE, e); 6462 } 6463 IntentFilter filterConsent = new IntentFilter(); 6464 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_DECLINED); 6465 filterConsent.addAction(DevicePolicyManager.ACTION_BUGREPORT_SHARING_ACCEPTED); 6466 mContext.registerReceiver(mRemoteBugreportConsentReceiver, filterConsent); 6467 } 6468 6469 private void onBugreportFinished(Intent intent) { 6470 mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable); 6471 mRemoteBugreportServiceIsActive.set(false); 6472 Uri bugreportUri = intent.getData(); 6473 String bugreportUriString = null; 6474 if (bugreportUri != null) { 6475 bugreportUriString = bugreportUri.toString(); 6476 } 6477 String bugreportHash = intent.getStringExtra( 6478 DevicePolicyManager.EXTRA_REMOTE_BUGREPORT_HASH); 6479 if (mRemoteBugreportSharingAccepted.get()) { 6480 shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash); 6481 mInjector.getNotificationManager().cancel(LOG_TAG, 6482 RemoteBugreportUtils.NOTIFICATION_ID); 6483 } else { 6484 setDeviceOwnerRemoteBugreportUriAndHash(bugreportUriString, bugreportHash); 6485 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID, 6486 RemoteBugreportUtils.buildNotification(mContext, 6487 DevicePolicyManager.NOTIFICATION_BUGREPORT_FINISHED_NOT_ACCEPTED), 6488 UserHandle.ALL); 6489 } 6490 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6491 } 6492 6493 private void onBugreportFailed() { 6494 mRemoteBugreportServiceIsActive.set(false); 6495 mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP, 6496 RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE); 6497 mRemoteBugreportSharingAccepted.set(false); 6498 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6499 mInjector.getNotificationManager().cancel(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID); 6500 Bundle extras = new Bundle(); 6501 extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON, 6502 DeviceAdminReceiver.BUGREPORT_FAILURE_FAILED_COMPLETING); 6503 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras); 6504 mContext.unregisterReceiver(mRemoteBugreportConsentReceiver); 6505 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6506 } 6507 6508 private void onBugreportSharingAccepted() { 6509 mRemoteBugreportSharingAccepted.set(true); 6510 String bugreportUriString = null; 6511 String bugreportHash = null; 6512 synchronized (this) { 6513 bugreportUriString = getDeviceOwnerRemoteBugreportUri(); 6514 bugreportHash = mOwners.getDeviceOwnerRemoteBugreportHash(); 6515 } 6516 if (bugreportUriString != null) { 6517 shareBugreportWithDeviceOwnerIfExists(bugreportUriString, bugreportHash); 6518 } else if (mRemoteBugreportServiceIsActive.get()) { 6519 mInjector.getNotificationManager().notifyAsUser(LOG_TAG, RemoteBugreportUtils.NOTIFICATION_ID, 6520 RemoteBugreportUtils.buildNotification(mContext, 6521 DevicePolicyManager.NOTIFICATION_BUGREPORT_ACCEPTED_NOT_FINISHED), 6522 UserHandle.ALL); 6523 } 6524 } 6525 6526 private void onBugreportSharingDeclined() { 6527 if (mRemoteBugreportServiceIsActive.get()) { 6528 mInjector.systemPropertiesSet(RemoteBugreportUtils.CTL_STOP, 6529 RemoteBugreportUtils.REMOTE_BUGREPORT_SERVICE); 6530 mRemoteBugreportServiceIsActive.set(false); 6531 mHandler.removeCallbacks(mRemoteBugreportTimeoutRunnable); 6532 mContext.unregisterReceiver(mRemoteBugreportFinishedReceiver); 6533 } 6534 mRemoteBugreportSharingAccepted.set(false); 6535 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6536 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_SHARING_DECLINED, null); 6537 } 6538 6539 private void shareBugreportWithDeviceOwnerIfExists(String bugreportUriString, 6540 String bugreportHash) { 6541 ParcelFileDescriptor pfd = null; 6542 try { 6543 if (bugreportUriString == null) { 6544 throw new FileNotFoundException(); 6545 } 6546 Uri bugreportUri = Uri.parse(bugreportUriString); 6547 pfd = mContext.getContentResolver().openFileDescriptor(bugreportUri, "r"); 6548 6549 synchronized (this) { 6550 Intent intent = new Intent(DeviceAdminReceiver.ACTION_BUGREPORT_SHARE); 6551 intent.setComponent(mOwners.getDeviceOwnerComponent()); 6552 intent.setDataAndType(bugreportUri, RemoteBugreportUtils.BUGREPORT_MIMETYPE); 6553 intent.putExtra(DeviceAdminReceiver.EXTRA_BUGREPORT_HASH, bugreportHash); 6554 intent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); 6555 6556 LocalServices.getService(ActivityManagerInternal.class) 6557 .grantUriPermissionFromIntent(Process.SHELL_UID, 6558 mOwners.getDeviceOwnerComponent().getPackageName(), 6559 intent, mOwners.getDeviceOwnerUserId()); 6560 mContext.sendBroadcastAsUser(intent, UserHandle.of(mOwners.getDeviceOwnerUserId())); 6561 } 6562 } catch (FileNotFoundException e) { 6563 Bundle extras = new Bundle(); 6564 extras.putInt(DeviceAdminReceiver.EXTRA_BUGREPORT_FAILURE_REASON, 6565 DeviceAdminReceiver.BUGREPORT_FAILURE_FILE_NO_LONGER_AVAILABLE); 6566 sendDeviceOwnerCommand(DeviceAdminReceiver.ACTION_BUGREPORT_FAILED, extras); 6567 } finally { 6568 try { 6569 if (pfd != null) { 6570 pfd.close(); 6571 } 6572 } catch (IOException ex) { 6573 // Ignore 6574 } 6575 mRemoteBugreportSharingAccepted.set(false); 6576 setDeviceOwnerRemoteBugreportUriAndHash(null, null); 6577 } 6578 } 6579 6580 /** 6581 * Disables all device cameras according to the specified admin. 6582 */ 6583 @Override 6584 public void setCameraDisabled(ComponentName who, boolean disabled) { 6585 if (!mHasFeature) { 6586 return; 6587 } 6588 Preconditions.checkNotNull(who, "ComponentName is null"); 6589 final int userHandle = mInjector.userHandleGetCallingUserId(); 6590 synchronized (this) { 6591 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 6592 DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA); 6593 if (ap.disableCamera != disabled) { 6594 ap.disableCamera = disabled; 6595 saveSettingsLocked(userHandle); 6596 } 6597 } 6598 // Tell the user manager that the restrictions have changed. 6599 pushUserRestrictions(userHandle); 6600 } 6601 6602 /** 6603 * Gets whether or not all device cameras are disabled for a given admin, or disabled for any 6604 * active admins. 6605 */ 6606 @Override 6607 public boolean getCameraDisabled(ComponentName who, int userHandle) { 6608 return getCameraDisabled(who, userHandle, /* mergeDeviceOwnerRestriction= */ true); 6609 } 6610 6611 private boolean getCameraDisabled(ComponentName who, int userHandle, 6612 boolean mergeDeviceOwnerRestriction) { 6613 if (!mHasFeature) { 6614 return false; 6615 } 6616 synchronized (this) { 6617 if (who != null) { 6618 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 6619 return (admin != null) ? admin.disableCamera : false; 6620 } 6621 // First, see if DO has set it. If so, it's device-wide. 6622 if (mergeDeviceOwnerRestriction) { 6623 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 6624 if (deviceOwner != null && deviceOwner.disableCamera) { 6625 return true; 6626 } 6627 } 6628 6629 // Then check each device admin on the user. 6630 DevicePolicyData policy = getUserData(userHandle); 6631 // Determine whether or not the device camera is disabled for any active admins. 6632 final int N = policy.mAdminList.size(); 6633 for (int i = 0; i < N; i++) { 6634 ActiveAdmin admin = policy.mAdminList.get(i); 6635 if (admin.disableCamera) { 6636 return true; 6637 } 6638 } 6639 return false; 6640 } 6641 } 6642 6643 @Override 6644 public void setKeyguardDisabledFeatures(ComponentName who, int which, boolean parent) { 6645 if (!mHasFeature) { 6646 return; 6647 } 6648 Preconditions.checkNotNull(who, "ComponentName is null"); 6649 final int userHandle = mInjector.userHandleGetCallingUserId(); 6650 if (isManagedProfile(userHandle)) { 6651 if (parent) { 6652 which = which & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER; 6653 } else { 6654 which = which & PROFILE_KEYGUARD_FEATURES; 6655 } 6656 } 6657 synchronized (this) { 6658 ActiveAdmin ap = getActiveAdminForCallerLocked( 6659 who, DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent); 6660 if (ap.disabledKeyguardFeatures != which) { 6661 ap.disabledKeyguardFeatures = which; 6662 saveSettingsLocked(userHandle); 6663 } 6664 } 6665 } 6666 6667 /** 6668 * Gets the disabled state for features in keyguard for the given admin, 6669 * or the aggregate of all active admins if who is null. 6670 */ 6671 @Override 6672 public int getKeyguardDisabledFeatures(ComponentName who, int userHandle, boolean parent) { 6673 if (!mHasFeature) { 6674 return 0; 6675 } 6676 enforceFullCrossUsersPermission(userHandle); 6677 final long ident = mInjector.binderClearCallingIdentity(); 6678 try { 6679 synchronized (this) { 6680 if (who != null) { 6681 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); 6682 return (admin != null) ? admin.disabledKeyguardFeatures : 0; 6683 } 6684 6685 final List<ActiveAdmin> admins; 6686 if (!parent && isManagedProfile(userHandle)) { 6687 // If we are being asked about a managed profile, just return keyguard features 6688 // disabled by admins in the profile. 6689 admins = getUserDataUnchecked(userHandle).mAdminList; 6690 } else { 6691 // Otherwise return those set by admins in the user and its profiles. 6692 admins = getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 6693 } 6694 6695 int which = DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE; 6696 final int N = admins.size(); 6697 for (int i = 0; i < N; i++) { 6698 ActiveAdmin admin = admins.get(i); 6699 int userId = admin.getUserHandle().getIdentifier(); 6700 boolean isRequestedUser = !parent && (userId == userHandle); 6701 if (isRequestedUser || !isManagedProfile(userId)) { 6702 // If we are being asked explicitly about this user 6703 // return all disabled features even if its a managed profile. 6704 which |= admin.disabledKeyguardFeatures; 6705 } else { 6706 // Otherwise a managed profile is only allowed to disable 6707 // some features on the parent user. 6708 which |= (admin.disabledKeyguardFeatures 6709 & PROFILE_KEYGUARD_FEATURES_AFFECT_OWNER); 6710 } 6711 } 6712 return which; 6713 } 6714 } finally { 6715 mInjector.binderRestoreCallingIdentity(ident); 6716 } 6717 } 6718 6719 @Override 6720 public void setKeepUninstalledPackages(ComponentName who, String callerPackage, 6721 List<String> packageList) { 6722 if (!mHasFeature) { 6723 return; 6724 } 6725 Preconditions.checkNotNull(packageList, "packageList is null"); 6726 final int userHandle = UserHandle.getCallingUserId(); 6727 synchronized (this) { 6728 // Ensure the caller is a DO or a keep uninstalled packages delegate. 6729 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 6730 DELEGATION_KEEP_UNINSTALLED_PACKAGES); 6731 // Get the device owner 6732 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 6733 // Set list of packages to be kept even if uninstalled. 6734 deviceOwner.keepUninstalledPackages = packageList; 6735 // Save settings. 6736 saveSettingsLocked(userHandle); 6737 // Notify package manager. 6738 mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList); 6739 } 6740 } 6741 6742 @Override 6743 public List<String> getKeepUninstalledPackages(ComponentName who, String callerPackage) { 6744 if (!mHasFeature) { 6745 return null; 6746 } 6747 // TODO In split system user mode, allow apps on user 0 to query the list 6748 synchronized (this) { 6749 // Ensure the caller is a DO or a keep uninstalled packages delegate. 6750 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 6751 DELEGATION_KEEP_UNINSTALLED_PACKAGES); 6752 return getKeepUninstalledPackagesLocked(); 6753 } 6754 } 6755 6756 private List<String> getKeepUninstalledPackagesLocked() { 6757 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 6758 return (deviceOwner != null) ? deviceOwner.keepUninstalledPackages : null; 6759 } 6760 6761 @Override 6762 public boolean setDeviceOwner(ComponentName admin, String ownerName, int userId) { 6763 if (!mHasFeature) { 6764 return false; 6765 } 6766 if (admin == null 6767 || !isPackageInstalledForUser(admin.getPackageName(), userId)) { 6768 throw new IllegalArgumentException("Invalid component " + admin 6769 + " for device owner"); 6770 } 6771 final boolean hasIncompatibleAccountsOrNonAdb = 6772 hasIncompatibleAccountsOrNonAdbNoLock(userId, admin); 6773 synchronized (this) { 6774 enforceCanSetDeviceOwnerLocked(admin, userId, hasIncompatibleAccountsOrNonAdb); 6775 final ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(admin, userId); 6776 if (activeAdmin == null 6777 || getUserData(userId).mRemovingAdmins.contains(admin)) { 6778 throw new IllegalArgumentException("Not active admin: " + admin); 6779 } 6780 6781 // Shutting down backup manager service permanently. 6782 long ident = mInjector.binderClearCallingIdentity(); 6783 try { 6784 if (mInjector.getIBackupManager() != null) { 6785 mInjector.getIBackupManager() 6786 .setBackupServiceActive(UserHandle.USER_SYSTEM, false); 6787 } 6788 } catch (RemoteException e) { 6789 throw new IllegalStateException("Failed deactivating backup service.", e); 6790 } finally { 6791 mInjector.binderRestoreCallingIdentity(ident); 6792 } 6793 6794 if (isAdb()) { 6795 // Log device owner provisioning was started using adb. 6796 MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_DEVICE_OWNER); 6797 } 6798 6799 mOwners.setDeviceOwner(admin, ownerName, userId); 6800 mOwners.writeDeviceOwner(); 6801 updateDeviceOwnerLocked(); 6802 setDeviceOwnerSystemPropertyLocked(); 6803 6804 final Set<String> restrictions = 6805 UserRestrictionsUtils.getDefaultEnabledForDeviceOwner(); 6806 if (!restrictions.isEmpty()) { 6807 for (String restriction : restrictions) { 6808 activeAdmin.ensureUserRestrictions().putBoolean(restriction, true); 6809 } 6810 activeAdmin.defaultEnabledRestrictionsAlreadySet.addAll(restrictions); 6811 Slog.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictions); 6812 6813 saveUserRestrictionsLocked(userId); 6814 } 6815 6816 ident = mInjector.binderClearCallingIdentity(); 6817 try { 6818 // TODO Send to system too? 6819 mContext.sendBroadcastAsUser( 6820 new Intent(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED) 6821 .addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND), 6822 UserHandle.of(userId)); 6823 } finally { 6824 mInjector.binderRestoreCallingIdentity(ident); 6825 } 6826 mDeviceAdminServiceController.startServiceForOwner( 6827 admin.getPackageName(), userId, "set-device-owner"); 6828 6829 Slog.i(LOG_TAG, "Device owner set: " + admin + " on user " + userId); 6830 return true; 6831 } 6832 } 6833 6834 @Override 6835 public boolean hasDeviceOwner() { 6836 enforceDeviceOwnerOrManageUsers(); 6837 return mOwners.hasDeviceOwner(); 6838 } 6839 6840 boolean isDeviceOwner(ActiveAdmin admin) { 6841 return isDeviceOwner(admin.info.getComponent(), admin.getUserHandle().getIdentifier()); 6842 } 6843 6844 public boolean isDeviceOwner(ComponentName who, int userId) { 6845 synchronized (this) { 6846 return mOwners.hasDeviceOwner() 6847 && mOwners.getDeviceOwnerUserId() == userId 6848 && mOwners.getDeviceOwnerComponent().equals(who); 6849 } 6850 } 6851 6852 private boolean isDeviceOwnerPackage(String packageName, int userId) { 6853 synchronized (this) { 6854 return mOwners.hasDeviceOwner() 6855 && mOwners.getDeviceOwnerUserId() == userId 6856 && mOwners.getDeviceOwnerPackageName().equals(packageName); 6857 } 6858 } 6859 6860 private boolean isProfileOwnerPackage(String packageName, int userId) { 6861 synchronized (this) { 6862 return mOwners.hasProfileOwner(userId) 6863 && mOwners.getProfileOwnerPackage(userId).equals(packageName); 6864 } 6865 } 6866 6867 public boolean isProfileOwner(ComponentName who, int userId) { 6868 final ComponentName profileOwner = getProfileOwner(userId); 6869 return who != null && who.equals(profileOwner); 6870 } 6871 6872 @Override 6873 public ComponentName getDeviceOwnerComponent(boolean callingUserOnly) { 6874 if (!mHasFeature) { 6875 return null; 6876 } 6877 if (!callingUserOnly) { 6878 enforceManageUsers(); 6879 } 6880 synchronized (this) { 6881 if (!mOwners.hasDeviceOwner()) { 6882 return null; 6883 } 6884 if (callingUserOnly && mInjector.userHandleGetCallingUserId() != 6885 mOwners.getDeviceOwnerUserId()) { 6886 return null; 6887 } 6888 return mOwners.getDeviceOwnerComponent(); 6889 } 6890 } 6891 6892 @Override 6893 public int getDeviceOwnerUserId() { 6894 if (!mHasFeature) { 6895 return UserHandle.USER_NULL; 6896 } 6897 enforceManageUsers(); 6898 synchronized (this) { 6899 return mOwners.hasDeviceOwner() ? mOwners.getDeviceOwnerUserId() : UserHandle.USER_NULL; 6900 } 6901 } 6902 6903 /** 6904 * Returns the "name" of the device owner. It'll work for non-DO users too, but requires 6905 * MANAGE_USERS. 6906 */ 6907 @Override 6908 public String getDeviceOwnerName() { 6909 if (!mHasFeature) { 6910 return null; 6911 } 6912 enforceManageUsers(); 6913 synchronized (this) { 6914 if (!mOwners.hasDeviceOwner()) { 6915 return null; 6916 } 6917 // TODO This totally ignores the name passed to setDeviceOwner (change for b/20679292) 6918 // Should setDeviceOwner/ProfileOwner still take a name? 6919 String deviceOwnerPackage = mOwners.getDeviceOwnerPackageName(); 6920 return getApplicationLabel(deviceOwnerPackage, UserHandle.USER_SYSTEM); 6921 } 6922 } 6923 6924 /** Returns the active device owner or {@code null} if there is no device owner. */ 6925 @VisibleForTesting 6926 ActiveAdmin getDeviceOwnerAdminLocked() { 6927 ComponentName component = mOwners.getDeviceOwnerComponent(); 6928 if (component == null) { 6929 return null; 6930 } 6931 6932 DevicePolicyData policy = getUserData(mOwners.getDeviceOwnerUserId()); 6933 final int n = policy.mAdminList.size(); 6934 for (int i = 0; i < n; i++) { 6935 ActiveAdmin admin = policy.mAdminList.get(i); 6936 if (component.equals(admin.info.getComponent())) { 6937 return admin; 6938 } 6939 } 6940 Slog.wtf(LOG_TAG, "Active admin for device owner not found. component=" + component); 6941 return null; 6942 } 6943 6944 @Override 6945 public void clearDeviceOwner(String packageName) { 6946 Preconditions.checkNotNull(packageName, "packageName is null"); 6947 final int callingUid = mInjector.binderGetCallingUid(); 6948 try { 6949 int uid = mInjector.getPackageManager().getPackageUidAsUser(packageName, 6950 UserHandle.getUserId(callingUid)); 6951 if (uid != callingUid) { 6952 throw new SecurityException("Invalid packageName"); 6953 } 6954 } catch (NameNotFoundException e) { 6955 throw new SecurityException(e); 6956 } 6957 synchronized (this) { 6958 final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent(); 6959 final int deviceOwnerUserId = mOwners.getDeviceOwnerUserId(); 6960 if (!mOwners.hasDeviceOwner() 6961 || !deviceOwnerComponent.getPackageName().equals(packageName) 6962 || (deviceOwnerUserId != UserHandle.getUserId(callingUid))) { 6963 throw new SecurityException( 6964 "clearDeviceOwner can only be called by the device owner"); 6965 } 6966 enforceUserUnlocked(deviceOwnerUserId); 6967 6968 final ActiveAdmin admin = getDeviceOwnerAdminLocked(); 6969 long ident = mInjector.binderClearCallingIdentity(); 6970 try { 6971 clearDeviceOwnerLocked(admin, deviceOwnerUserId); 6972 removeActiveAdminLocked(deviceOwnerComponent, deviceOwnerUserId); 6973 Intent intent = new Intent(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED); 6974 intent.addFlags(Intent.FLAG_RECEIVER_INCLUDE_BACKGROUND); 6975 mContext.sendBroadcastAsUser(intent, UserHandle.of(deviceOwnerUserId)); 6976 } finally { 6977 mInjector.binderRestoreCallingIdentity(ident); 6978 } 6979 Slog.i(LOG_TAG, "Device owner removed: " + deviceOwnerComponent); 6980 } 6981 } 6982 6983 private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) { 6984 mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner"); 6985 6986 if (admin != null) { 6987 admin.disableCamera = false; 6988 admin.userRestrictions = null; 6989 admin.defaultEnabledRestrictionsAlreadySet.clear(); 6990 admin.forceEphemeralUsers = false; 6991 admin.isNetworkLoggingEnabled = false; 6992 mUserManagerInternal.setForceEphemeralUsers(admin.forceEphemeralUsers); 6993 } 6994 final DevicePolicyData policyData = getUserData(userId); 6995 policyData.mCurrentInputMethodSet = false; 6996 saveSettingsLocked(userId); 6997 final DevicePolicyData systemPolicyData = getUserData(UserHandle.USER_SYSTEM); 6998 systemPolicyData.mLastSecurityLogRetrievalTime = -1; 6999 systemPolicyData.mLastBugReportRequestTime = -1; 7000 systemPolicyData.mLastNetworkLogsRetrievalTime = -1; 7001 saveSettingsLocked(UserHandle.USER_SYSTEM); 7002 clearUserPoliciesLocked(userId); 7003 7004 mOwners.clearDeviceOwner(); 7005 mOwners.writeDeviceOwner(); 7006 updateDeviceOwnerLocked(); 7007 7008 clearDeviceOwnerUserRestrictionLocked(UserHandle.of(userId)); 7009 mInjector.securityLogSetLoggingEnabledProperty(false); 7010 mSecurityLogMonitor.stop(); 7011 setNetworkLoggingActiveInternal(false); 7012 7013 try { 7014 if (mInjector.getIBackupManager() != null) { 7015 // Reactivate backup service. 7016 mInjector.getIBackupManager().setBackupServiceActive(UserHandle.USER_SYSTEM, true); 7017 } 7018 } catch (RemoteException e) { 7019 throw new IllegalStateException("Failed reactivating backup service.", e); 7020 } 7021 } 7022 7023 @Override 7024 public boolean setProfileOwner(ComponentName who, String ownerName, int userHandle) { 7025 if (!mHasFeature) { 7026 return false; 7027 } 7028 if (who == null 7029 || !isPackageInstalledForUser(who.getPackageName(), userHandle)) { 7030 throw new IllegalArgumentException("Component " + who 7031 + " not installed for userId:" + userHandle); 7032 } 7033 final boolean hasIncompatibleAccountsOrNonAdb = 7034 hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who); 7035 synchronized (this) { 7036 enforceCanSetProfileOwnerLocked(who, userHandle, hasIncompatibleAccountsOrNonAdb); 7037 7038 final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 7039 if (admin == null || getUserData(userHandle).mRemovingAdmins.contains(who)) { 7040 throw new IllegalArgumentException("Not active admin: " + who); 7041 } 7042 7043 if (isAdb()) { 7044 // Log profile owner provisioning was started using adb. 7045 MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER); 7046 } 7047 7048 mOwners.setProfileOwner(who, ownerName, userHandle); 7049 mOwners.writeProfileOwner(userHandle); 7050 Slog.i(LOG_TAG, "Profile owner set: " + who + " on user " + userHandle); 7051 7052 final long id = mInjector.binderClearCallingIdentity(); 7053 try { 7054 if (mUserManager.isManagedProfile(userHandle)) { 7055 maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin, 7056 UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); 7057 ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin, 7058 true /* newOwner */); 7059 } 7060 } finally { 7061 mInjector.binderRestoreCallingIdentity(id); 7062 } 7063 mDeviceAdminServiceController.startServiceForOwner( 7064 who.getPackageName(), userHandle, "set-profile-owner"); 7065 return true; 7066 } 7067 } 7068 7069 @Override 7070 public void clearProfileOwner(ComponentName who) { 7071 if (!mHasFeature) { 7072 return; 7073 } 7074 Preconditions.checkNotNull(who, "ComponentName is null"); 7075 7076 final int userId = mInjector.userHandleGetCallingUserId(); 7077 enforceNotManagedProfile(userId, "clear profile owner"); 7078 enforceUserUnlocked(userId); 7079 synchronized (this) { 7080 // Check if this is the profile owner who is calling 7081 final ActiveAdmin admin = 7082 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7083 7084 final long ident = mInjector.binderClearCallingIdentity(); 7085 try { 7086 clearProfileOwnerLocked(admin, userId); 7087 removeActiveAdminLocked(who, userId); 7088 } finally { 7089 mInjector.binderRestoreCallingIdentity(ident); 7090 } 7091 Slog.i(LOG_TAG, "Profile owner " + who + " removed from user " + userId); 7092 } 7093 } 7094 7095 public void clearProfileOwnerLocked(ActiveAdmin admin, int userId) { 7096 mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-profile-owner"); 7097 7098 if (admin != null) { 7099 admin.disableCamera = false; 7100 admin.userRestrictions = null; 7101 admin.defaultEnabledRestrictionsAlreadySet.clear(); 7102 } 7103 final DevicePolicyData policyData = getUserData(userId); 7104 policyData.mCurrentInputMethodSet = false; 7105 policyData.mOwnerInstalledCaCerts.clear(); 7106 saveSettingsLocked(userId); 7107 clearUserPoliciesLocked(userId); 7108 mOwners.removeProfileOwner(userId); 7109 mOwners.writeProfileOwner(userId); 7110 } 7111 7112 @Override 7113 public void setDeviceOwnerLockScreenInfo(ComponentName who, CharSequence info) { 7114 Preconditions.checkNotNull(who, "ComponentName is null"); 7115 if (!mHasFeature) { 7116 return; 7117 } 7118 7119 final int userId = mInjector.userHandleGetCallingUserId(); 7120 synchronized (this) { 7121 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7122 if (!isUserAffiliatedWithDeviceLocked(userId)) { 7123 throw new SecurityException("Admin " + who + 7124 " is neither the device owner or affiliated user's profile owner."); 7125 } 7126 long token = mInjector.binderClearCallingIdentity(); 7127 try { 7128 mLockPatternUtils.setDeviceOwnerInfo(info != null ? info.toString() : null); 7129 } finally { 7130 mInjector.binderRestoreCallingIdentity(token); 7131 } 7132 } 7133 } 7134 7135 @Override 7136 public CharSequence getDeviceOwnerLockScreenInfo() { 7137 return mLockPatternUtils.getDeviceOwnerInfo(); 7138 } 7139 7140 private void clearUserPoliciesLocked(int userId) { 7141 // Reset some of the user-specific policies. 7142 final DevicePolicyData policy = getUserData(userId); 7143 policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT; 7144 // Clear delegations. 7145 policy.mDelegationMap.clear(); 7146 policy.mStatusBarDisabled = false; 7147 policy.mUserProvisioningState = DevicePolicyManager.STATE_USER_UNMANAGED; 7148 policy.mAffiliationIds.clear(); 7149 policy.mLockTaskPackages.clear(); 7150 policy.mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE; 7151 saveSettingsLocked(userId); 7152 7153 try { 7154 mIPackageManager.updatePermissionFlagsForAllApps( 7155 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 7156 0 /* flagValues */, userId); 7157 pushUserRestrictions(userId); 7158 } catch (RemoteException re) { 7159 // Shouldn't happen. 7160 } 7161 } 7162 7163 @Override 7164 public boolean hasUserSetupCompleted() { 7165 return hasUserSetupCompleted(UserHandle.getCallingUserId()); 7166 } 7167 7168 // This checks only if the Setup Wizard has run. Since Wear devices pair before 7169 // completing Setup Wizard, and pairing involves transferring user data, calling 7170 // logic may want to check mIsWatch or mPaired in addition to hasUserSetupCompleted(). 7171 private boolean hasUserSetupCompleted(int userHandle) { 7172 if (!mHasFeature) { 7173 return true; 7174 } 7175 return getUserData(userHandle).mUserSetupComplete; 7176 } 7177 7178 private boolean hasPaired(int userHandle) { 7179 if (!mHasFeature) { 7180 return true; 7181 } 7182 return getUserData(userHandle).mPaired; 7183 } 7184 7185 @Override 7186 public int getUserProvisioningState() { 7187 if (!mHasFeature) { 7188 return DevicePolicyManager.STATE_USER_UNMANAGED; 7189 } 7190 int userHandle = mInjector.userHandleGetCallingUserId(); 7191 return getUserProvisioningState(userHandle); 7192 } 7193 7194 private int getUserProvisioningState(int userHandle) { 7195 return getUserData(userHandle).mUserProvisioningState; 7196 } 7197 7198 @Override 7199 public void setUserProvisioningState(int newState, int userHandle) { 7200 if (!mHasFeature) { 7201 return; 7202 } 7203 7204 if (userHandle != mOwners.getDeviceOwnerUserId() && !mOwners.hasProfileOwner(userHandle) 7205 && getManagedUserId(userHandle) == -1) { 7206 // No managed device, user or profile, so setting provisioning state makes no sense. 7207 throw new IllegalStateException("Not allowed to change provisioning state unless a " 7208 + "device or profile owner is set."); 7209 } 7210 7211 synchronized (this) { 7212 boolean transitionCheckNeeded = true; 7213 7214 // Calling identity/permission checks. 7215 if (isAdb()) { 7216 // ADB shell can only move directly from un-managed to finalized as part of directly 7217 // setting profile-owner or device-owner. 7218 if (getUserProvisioningState(userHandle) != 7219 DevicePolicyManager.STATE_USER_UNMANAGED 7220 || newState != DevicePolicyManager.STATE_USER_SETUP_FINALIZED) { 7221 throw new IllegalStateException("Not allowed to change provisioning state " 7222 + "unless current provisioning state is unmanaged, and new state is " 7223 + "finalized."); 7224 } 7225 transitionCheckNeeded = false; 7226 } else { 7227 // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS. 7228 enforceCanManageProfileAndDeviceOwners(); 7229 } 7230 7231 final DevicePolicyData policyData = getUserData(userHandle); 7232 if (transitionCheckNeeded) { 7233 // Optional state transition check for non-ADB case. 7234 checkUserProvisioningStateTransition(policyData.mUserProvisioningState, newState); 7235 } 7236 policyData.mUserProvisioningState = newState; 7237 saveSettingsLocked(userHandle); 7238 } 7239 } 7240 7241 private void checkUserProvisioningStateTransition(int currentState, int newState) { 7242 // Valid transitions for normal use-cases. 7243 switch (currentState) { 7244 case DevicePolicyManager.STATE_USER_UNMANAGED: 7245 // Can move to any state from unmanaged (except itself as an edge case).. 7246 if (newState != DevicePolicyManager.STATE_USER_UNMANAGED) { 7247 return; 7248 } 7249 break; 7250 case DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE: 7251 case DevicePolicyManager.STATE_USER_SETUP_COMPLETE: 7252 // Can only move to finalized from these states. 7253 if (newState == DevicePolicyManager.STATE_USER_SETUP_FINALIZED) { 7254 return; 7255 } 7256 break; 7257 case DevicePolicyManager.STATE_USER_PROFILE_COMPLETE: 7258 // Current user has a managed-profile, but current user is not managed, so 7259 // rather than moving to finalized state, go back to unmanaged once 7260 // profile provisioning is complete. 7261 if (newState == DevicePolicyManager.STATE_USER_UNMANAGED) { 7262 return; 7263 } 7264 break; 7265 case DevicePolicyManager.STATE_USER_SETUP_FINALIZED: 7266 // Cannot transition out of finalized. 7267 break; 7268 } 7269 7270 // Didn't meet any of the accepted state transition checks above, throw appropriate error. 7271 throw new IllegalStateException("Cannot move to user provisioning state [" + newState + "] " 7272 + "from state [" + currentState + "]"); 7273 } 7274 7275 @Override 7276 public void setProfileEnabled(ComponentName who) { 7277 if (!mHasFeature) { 7278 return; 7279 } 7280 Preconditions.checkNotNull(who, "ComponentName is null"); 7281 synchronized (this) { 7282 // Check if this is the profile owner who is calling 7283 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7284 final int userId = UserHandle.getCallingUserId(); 7285 enforceManagedProfile(userId, "enable the profile"); 7286 // Check if the profile is already enabled. 7287 UserInfo managedProfile = getUserInfo(userId); 7288 if (managedProfile.isEnabled()) { 7289 Slog.e(LOG_TAG, 7290 "setProfileEnabled is called when the profile is already enabled"); 7291 return; 7292 } 7293 long id = mInjector.binderClearCallingIdentity(); 7294 try { 7295 mUserManager.setUserEnabled(userId); 7296 UserInfo parent = mUserManager.getProfileParent(userId); 7297 Intent intent = new Intent(Intent.ACTION_MANAGED_PROFILE_ADDED); 7298 intent.putExtra(Intent.EXTRA_USER, new UserHandle(userId)); 7299 intent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY | 7300 Intent.FLAG_RECEIVER_FOREGROUND); 7301 mContext.sendBroadcastAsUser(intent, new UserHandle(parent.id)); 7302 } finally { 7303 mInjector.binderRestoreCallingIdentity(id); 7304 } 7305 } 7306 } 7307 7308 @Override 7309 public void setProfileName(ComponentName who, String profileName) { 7310 Preconditions.checkNotNull(who, "ComponentName is null"); 7311 int userId = UserHandle.getCallingUserId(); 7312 // Check if this is the profile owner (includes device owner). 7313 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7314 7315 long id = mInjector.binderClearCallingIdentity(); 7316 try { 7317 mUserManager.setUserName(userId, profileName); 7318 } finally { 7319 mInjector.binderRestoreCallingIdentity(id); 7320 } 7321 } 7322 7323 @Override 7324 public ComponentName getProfileOwner(int userHandle) { 7325 if (!mHasFeature) { 7326 return null; 7327 } 7328 7329 synchronized (this) { 7330 return mOwners.getProfileOwnerComponent(userHandle); 7331 } 7332 } 7333 7334 // Returns the active profile owner for this user or null if the current user has no 7335 // profile owner. 7336 @VisibleForTesting 7337 ActiveAdmin getProfileOwnerAdminLocked(int userHandle) { 7338 ComponentName profileOwner = mOwners.getProfileOwnerComponent(userHandle); 7339 if (profileOwner == null) { 7340 return null; 7341 } 7342 DevicePolicyData policy = getUserData(userHandle); 7343 final int n = policy.mAdminList.size(); 7344 for (int i = 0; i < n; i++) { 7345 ActiveAdmin admin = policy.mAdminList.get(i); 7346 if (profileOwner.equals(admin.info.getComponent())) { 7347 return admin; 7348 } 7349 } 7350 return null; 7351 } 7352 7353 @Override 7354 public String getProfileOwnerName(int userHandle) { 7355 if (!mHasFeature) { 7356 return null; 7357 } 7358 enforceManageUsers(); 7359 ComponentName profileOwner = getProfileOwner(userHandle); 7360 if (profileOwner == null) { 7361 return null; 7362 } 7363 return getApplicationLabel(profileOwner.getPackageName(), userHandle); 7364 } 7365 7366 /** 7367 * Canonical name for a given package. 7368 */ 7369 private String getApplicationLabel(String packageName, int userHandle) { 7370 long token = mInjector.binderClearCallingIdentity(); 7371 try { 7372 final Context userContext; 7373 try { 7374 UserHandle handle = new UserHandle(userHandle); 7375 userContext = mContext.createPackageContextAsUser(packageName, 0, handle); 7376 } catch (PackageManager.NameNotFoundException nnfe) { 7377 Log.w(LOG_TAG, packageName + " is not installed for user " + userHandle, nnfe); 7378 return null; 7379 } 7380 ApplicationInfo appInfo = userContext.getApplicationInfo(); 7381 CharSequence result = null; 7382 if (appInfo != null) { 7383 PackageManager pm = userContext.getPackageManager(); 7384 result = pm.getApplicationLabel(appInfo); 7385 } 7386 return result != null ? result.toString() : null; 7387 } finally { 7388 mInjector.binderRestoreCallingIdentity(token); 7389 } 7390 } 7391 7392 /** 7393 * Calls wtfStack() if called with the DPMS lock held. 7394 */ 7395 private void wtfIfInLock() { 7396 if (Thread.holdsLock(this)) { 7397 Slog.wtfStack(LOG_TAG, "Shouldn't be called with DPMS lock held"); 7398 } 7399 } 7400 7401 /** 7402 * The profile owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS 7403 * permission. 7404 * The profile owner can only be set before the user setup phase has completed, 7405 * except for: 7406 * - SYSTEM_UID 7407 * - adb unless hasIncompatibleAccountsOrNonAdb is true. 7408 */ 7409 private void enforceCanSetProfileOwnerLocked(@Nullable ComponentName owner, int userHandle, 7410 boolean hasIncompatibleAccountsOrNonAdb) { 7411 UserInfo info = getUserInfo(userHandle); 7412 if (info == null) { 7413 // User doesn't exist. 7414 throw new IllegalArgumentException( 7415 "Attempted to set profile owner for invalid userId: " + userHandle); 7416 } 7417 if (info.isGuest()) { 7418 throw new IllegalStateException("Cannot set a profile owner on a guest"); 7419 } 7420 if (mOwners.hasProfileOwner(userHandle)) { 7421 throw new IllegalStateException("Trying to set the profile owner, but profile owner " 7422 + "is already set."); 7423 } 7424 if (mOwners.hasDeviceOwner() && mOwners.getDeviceOwnerUserId() == userHandle) { 7425 throw new IllegalStateException("Trying to set the profile owner, but the user " 7426 + "already has a device owner."); 7427 } 7428 if (isAdb()) { 7429 if ((mIsWatch || hasUserSetupCompleted(userHandle)) 7430 && hasIncompatibleAccountsOrNonAdb) { 7431 throw new IllegalStateException("Not allowed to set the profile owner because " 7432 + "there are already some accounts on the profile"); 7433 } 7434 return; 7435 } 7436 enforceCanManageProfileAndDeviceOwners(); 7437 if ((mIsWatch || hasUserSetupCompleted(userHandle)) && !isCallerWithSystemUid()) { 7438 throw new IllegalStateException("Cannot set the profile owner on a user which is " 7439 + "already set-up"); 7440 } 7441 } 7442 7443 /** 7444 * The Device owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS 7445 * permission. 7446 */ 7447 private void enforceCanSetDeviceOwnerLocked(@Nullable ComponentName owner, int userId, 7448 boolean hasIncompatibleAccountsOrNonAdb) { 7449 if (!isAdb()) { 7450 enforceCanManageProfileAndDeviceOwners(); 7451 } 7452 7453 final int code = checkDeviceOwnerProvisioningPreConditionLocked( 7454 owner, userId, isAdb(), hasIncompatibleAccountsOrNonAdb); 7455 switch (code) { 7456 case CODE_OK: 7457 return; 7458 case CODE_HAS_DEVICE_OWNER: 7459 throw new IllegalStateException( 7460 "Trying to set the device owner, but device owner is already set."); 7461 case CODE_USER_HAS_PROFILE_OWNER: 7462 throw new IllegalStateException("Trying to set the device owner, but the user " 7463 + "already has a profile owner."); 7464 case CODE_USER_NOT_RUNNING: 7465 throw new IllegalStateException("User not running: " + userId); 7466 case CODE_NOT_SYSTEM_USER: 7467 throw new IllegalStateException("User is not system user"); 7468 case CODE_USER_SETUP_COMPLETED: 7469 throw new IllegalStateException( 7470 "Cannot set the device owner if the device is already set-up"); 7471 case CODE_NONSYSTEM_USER_EXISTS: 7472 throw new IllegalStateException("Not allowed to set the device owner because there " 7473 + "are already several users on the device"); 7474 case CODE_ACCOUNTS_NOT_EMPTY: 7475 throw new IllegalStateException("Not allowed to set the device owner because there " 7476 + "are already some accounts on the device"); 7477 case CODE_HAS_PAIRED: 7478 throw new IllegalStateException("Not allowed to set the device owner because this " 7479 + "device has already paired"); 7480 default: 7481 throw new IllegalStateException("Unexpected @ProvisioningPreCondition " + code); 7482 } 7483 } 7484 7485 private void enforceUserUnlocked(int userId) { 7486 // Since we're doing this operation on behalf of an app, we only 7487 // want to use the actual "unlocked" state. 7488 Preconditions.checkState(mUserManager.isUserUnlocked(userId), 7489 "User must be running and unlocked"); 7490 } 7491 7492 private void enforceUserUnlocked(@UserIdInt int userId, boolean parent) { 7493 if (parent) { 7494 enforceUserUnlocked(getProfileParentId(userId)); 7495 } else { 7496 enforceUserUnlocked(userId); 7497 } 7498 } 7499 7500 private void enforceManageUsers() { 7501 final int callingUid = mInjector.binderGetCallingUid(); 7502 if (!(isCallerWithSystemUid() || callingUid == Process.ROOT_UID)) { 7503 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_USERS, null); 7504 } 7505 } 7506 7507 private void enforceFullCrossUsersPermission(int userHandle) { 7508 enforceSystemUserOrPermissionIfCrossUser(userHandle, 7509 android.Manifest.permission.INTERACT_ACROSS_USERS_FULL); 7510 } 7511 7512 private void enforceCrossUsersPermission(int userHandle) { 7513 enforceSystemUserOrPermissionIfCrossUser(userHandle, 7514 android.Manifest.permission.INTERACT_ACROSS_USERS); 7515 } 7516 7517 private void enforceSystemUserOrPermission(String permission) { 7518 if (!(isCallerWithSystemUid() || mInjector.binderGetCallingUid() == Process.ROOT_UID)) { 7519 mContext.enforceCallingOrSelfPermission(permission, 7520 "Must be system or have " + permission + " permission"); 7521 } 7522 } 7523 7524 private void enforceSystemUserOrPermissionIfCrossUser(int userHandle, String permission) { 7525 if (userHandle < 0) { 7526 throw new IllegalArgumentException("Invalid userId " + userHandle); 7527 } 7528 if (userHandle == mInjector.userHandleGetCallingUserId()) { 7529 return; 7530 } 7531 enforceSystemUserOrPermission(permission); 7532 } 7533 7534 private void enforceManagedProfile(int userHandle, String message) { 7535 if(!isManagedProfile(userHandle)) { 7536 throw new SecurityException("You can not " + message + " outside a managed profile."); 7537 } 7538 } 7539 7540 private void enforceNotManagedProfile(int userHandle, String message) { 7541 if(isManagedProfile(userHandle)) { 7542 throw new SecurityException("You can not " + message + " for a managed profile."); 7543 } 7544 } 7545 7546 private void enforceDeviceOwnerOrManageUsers() { 7547 synchronized (this) { 7548 if (getActiveAdminWithPolicyForUidLocked(null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER, 7549 mInjector.binderGetCallingUid()) != null) { 7550 return; 7551 } 7552 } 7553 enforceManageUsers(); 7554 } 7555 7556 private void enforceProfileOwnerOrSystemUser() { 7557 synchronized (this) { 7558 if (getActiveAdminWithPolicyForUidLocked(null, 7559 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid()) 7560 != null) { 7561 return; 7562 } 7563 } 7564 Preconditions.checkState(isCallerWithSystemUid(), 7565 "Only profile owner, device owner and system may call this method."); 7566 } 7567 7568 private void enforceProfileOwnerOrFullCrossUsersPermission(int userId) { 7569 if (userId == mInjector.userHandleGetCallingUserId()) { 7570 synchronized (this) { 7571 if (getActiveAdminWithPolicyForUidLocked(null, 7572 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid()) 7573 != null) { 7574 // Device Owner/Profile Owner may access the user it runs on. 7575 return; 7576 } 7577 } 7578 } 7579 // Otherwise, INTERACT_ACROSS_USERS_FULL permission, system UID or root UID is required. 7580 enforceSystemUserOrPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL); 7581 } 7582 7583 private void ensureCallerPackage(@Nullable String packageName) { 7584 if (packageName == null) { 7585 Preconditions.checkState(isCallerWithSystemUid(), 7586 "Only caller can omit package name"); 7587 } else { 7588 final int callingUid = mInjector.binderGetCallingUid(); 7589 final int userId = mInjector.userHandleGetCallingUserId(); 7590 try { 7591 final ApplicationInfo ai = mIPackageManager.getApplicationInfo( 7592 packageName, 0, userId); 7593 Preconditions.checkState(ai.uid == callingUid, "Unmatching package name"); 7594 } catch (RemoteException e) { 7595 // Shouldn't happen 7596 } 7597 } 7598 } 7599 7600 private boolean isCallerWithSystemUid() { 7601 return UserHandle.isSameApp(mInjector.binderGetCallingUid(), Process.SYSTEM_UID); 7602 } 7603 7604 protected int getProfileParentId(int userHandle) { 7605 final long ident = mInjector.binderClearCallingIdentity(); 7606 try { 7607 UserInfo parentUser = mUserManager.getProfileParent(userHandle); 7608 return parentUser != null ? parentUser.id : userHandle; 7609 } finally { 7610 mInjector.binderRestoreCallingIdentity(ident); 7611 } 7612 } 7613 7614 private int getCredentialOwner(int userHandle, boolean parent) { 7615 final long ident = mInjector.binderClearCallingIdentity(); 7616 try { 7617 if (parent) { 7618 UserInfo parentProfile = mUserManager.getProfileParent(userHandle); 7619 if (parentProfile != null) { 7620 userHandle = parentProfile.id; 7621 } 7622 } 7623 return mUserManager.getCredentialOwnerProfile(userHandle); 7624 } finally { 7625 mInjector.binderRestoreCallingIdentity(ident); 7626 } 7627 } 7628 7629 private boolean isManagedProfile(int userHandle) { 7630 final UserInfo user = getUserInfo(userHandle); 7631 return user != null && user.isManagedProfile(); 7632 } 7633 7634 private void enableIfNecessary(String packageName, int userId) { 7635 try { 7636 final ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName, 7637 PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS, userId); 7638 if (ai.enabledSetting 7639 == PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED) { 7640 mIPackageManager.setApplicationEnabledSetting(packageName, 7641 PackageManager.COMPONENT_ENABLED_STATE_DEFAULT, 7642 PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager"); 7643 } 7644 } catch (RemoteException e) { 7645 } 7646 } 7647 7648 @Override 7649 protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) { 7650 if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return; 7651 7652 synchronized (this) { 7653 pw.println("Current Device Policy Manager state:"); 7654 7655 mOwners.dump(" ", pw); 7656 mDeviceAdminServiceController.dump(" ", pw); 7657 int userCount = mUserData.size(); 7658 for (int u = 0; u < userCount; u++) { 7659 DevicePolicyData policy = getUserData(mUserData.keyAt(u)); 7660 pw.println(); 7661 pw.println(" Enabled Device Admins (User " + policy.mUserHandle 7662 + ", provisioningState: " + policy.mUserProvisioningState + "):"); 7663 final int N = policy.mAdminList.size(); 7664 for (int i=0; i<N; i++) { 7665 ActiveAdmin ap = policy.mAdminList.get(i); 7666 if (ap != null) { 7667 pw.print(" "); pw.print(ap.info.getComponent().flattenToShortString()); 7668 pw.println(":"); 7669 ap.dump(" ", pw); 7670 } 7671 } 7672 if (!policy.mRemovingAdmins.isEmpty()) { 7673 pw.println(" Removing Device Admins (User " + policy.mUserHandle + "): " 7674 + policy.mRemovingAdmins); 7675 } 7676 7677 pw.println(" "); 7678 pw.print(" mPasswordOwner="); pw.println(policy.mPasswordOwner); 7679 } 7680 pw.println(); 7681 mConstants.dump(" ", pw); 7682 pw.println(); 7683 pw.println(" Encryption Status: " + getEncryptionStatusName(getEncryptionStatus())); 7684 } 7685 } 7686 7687 private String getEncryptionStatusName(int encryptionStatus) { 7688 switch (encryptionStatus) { 7689 case DevicePolicyManager.ENCRYPTION_STATUS_INACTIVE: 7690 return "inactive"; 7691 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY: 7692 return "block default key"; 7693 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE: 7694 return "block"; 7695 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVE_PER_USER: 7696 return "per-user"; 7697 case DevicePolicyManager.ENCRYPTION_STATUS_UNSUPPORTED: 7698 return "unsupported"; 7699 case DevicePolicyManager.ENCRYPTION_STATUS_ACTIVATING: 7700 return "activating"; 7701 default: 7702 return "unknown"; 7703 } 7704 } 7705 7706 @Override 7707 public void addPersistentPreferredActivity(ComponentName who, IntentFilter filter, 7708 ComponentName activity) { 7709 Preconditions.checkNotNull(who, "ComponentName is null"); 7710 final int userHandle = UserHandle.getCallingUserId(); 7711 synchronized (this) { 7712 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7713 7714 long id = mInjector.binderClearCallingIdentity(); 7715 try { 7716 mIPackageManager.addPersistentPreferredActivity(filter, activity, userHandle); 7717 mIPackageManager.flushPackageRestrictionsAsUser(userHandle); 7718 } catch (RemoteException re) { 7719 // Shouldn't happen 7720 } finally { 7721 mInjector.binderRestoreCallingIdentity(id); 7722 } 7723 } 7724 } 7725 7726 @Override 7727 public void clearPackagePersistentPreferredActivities(ComponentName who, String packageName) { 7728 Preconditions.checkNotNull(who, "ComponentName is null"); 7729 final int userHandle = UserHandle.getCallingUserId(); 7730 synchronized (this) { 7731 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7732 7733 long id = mInjector.binderClearCallingIdentity(); 7734 try { 7735 mIPackageManager.clearPackagePersistentPreferredActivities(packageName, userHandle); 7736 mIPackageManager.flushPackageRestrictionsAsUser(userHandle); 7737 } catch (RemoteException re) { 7738 // Shouldn't happen 7739 } finally { 7740 mInjector.binderRestoreCallingIdentity(id); 7741 } 7742 } 7743 } 7744 7745 @Override 7746 public boolean setApplicationRestrictionsManagingPackage(ComponentName admin, 7747 String packageName) { 7748 try { 7749 setDelegatedScopePreO(admin, packageName, DELEGATION_APP_RESTRICTIONS); 7750 } catch (IllegalArgumentException e) { 7751 return false; 7752 } 7753 return true; 7754 } 7755 7756 @Override 7757 public String getApplicationRestrictionsManagingPackage(ComponentName admin) { 7758 final List<String> delegatePackages = getDelegatePackages(admin, 7759 DELEGATION_APP_RESTRICTIONS); 7760 return delegatePackages.size() > 0 ? delegatePackages.get(0) : null; 7761 } 7762 7763 @Override 7764 public boolean isCallerApplicationRestrictionsManagingPackage(String callerPackage) { 7765 return isCallerDelegate(callerPackage, DELEGATION_APP_RESTRICTIONS); 7766 } 7767 7768 @Override 7769 public void setApplicationRestrictions(ComponentName who, String callerPackage, 7770 String packageName, Bundle settings) { 7771 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 7772 DELEGATION_APP_RESTRICTIONS); 7773 7774 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 7775 final long id = mInjector.binderClearCallingIdentity(); 7776 try { 7777 mUserManager.setApplicationRestrictions(packageName, settings, userHandle); 7778 } finally { 7779 mInjector.binderRestoreCallingIdentity(id); 7780 } 7781 } 7782 7783 @Override 7784 public void setTrustAgentConfiguration(ComponentName admin, ComponentName agent, 7785 PersistableBundle args, boolean parent) { 7786 if (!mHasFeature) { 7787 return; 7788 } 7789 Preconditions.checkNotNull(admin, "admin is null"); 7790 Preconditions.checkNotNull(agent, "agent is null"); 7791 final int userHandle = UserHandle.getCallingUserId(); 7792 synchronized (this) { 7793 ActiveAdmin ap = getActiveAdminForCallerLocked(admin, 7794 DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent); 7795 ap.trustAgentInfos.put(agent.flattenToString(), new TrustAgentInfo(args)); 7796 saveSettingsLocked(userHandle); 7797 } 7798 } 7799 7800 @Override 7801 public List<PersistableBundle> getTrustAgentConfiguration(ComponentName admin, 7802 ComponentName agent, int userHandle, boolean parent) { 7803 if (!mHasFeature) { 7804 return null; 7805 } 7806 Preconditions.checkNotNull(agent, "agent null"); 7807 enforceFullCrossUsersPermission(userHandle); 7808 7809 synchronized (this) { 7810 final String componentName = agent.flattenToString(); 7811 if (admin != null) { 7812 final ActiveAdmin ap = getActiveAdminUncheckedLocked(admin, userHandle, parent); 7813 if (ap == null) return null; 7814 TrustAgentInfo trustAgentInfo = ap.trustAgentInfos.get(componentName); 7815 if (trustAgentInfo == null || trustAgentInfo.options == null) return null; 7816 List<PersistableBundle> result = new ArrayList<>(); 7817 result.add(trustAgentInfo.options); 7818 return result; 7819 } 7820 7821 // Return strictest policy for this user and profiles that are visible from this user. 7822 List<PersistableBundle> result = null; 7823 // Search through all admins that use KEYGUARD_DISABLE_TRUST_AGENTS and keep track 7824 // of the options. If any admin doesn't have options, discard options for the rest 7825 // and return null. 7826 List<ActiveAdmin> admins = 7827 getActiveAdminsForLockscreenPoliciesLocked(userHandle, parent); 7828 boolean allAdminsHaveOptions = true; 7829 final int N = admins.size(); 7830 for (int i = 0; i < N; i++) { 7831 final ActiveAdmin active = admins.get(i); 7832 7833 final boolean disablesTrust = (active.disabledKeyguardFeatures 7834 & DevicePolicyManager.KEYGUARD_DISABLE_TRUST_AGENTS) != 0; 7835 final TrustAgentInfo info = active.trustAgentInfos.get(componentName); 7836 if (info != null && info.options != null && !info.options.isEmpty()) { 7837 if (disablesTrust) { 7838 if (result == null) { 7839 result = new ArrayList<>(); 7840 } 7841 result.add(info.options); 7842 } else { 7843 Log.w(LOG_TAG, "Ignoring admin " + active.info 7844 + " because it has trust options but doesn't declare " 7845 + "KEYGUARD_DISABLE_TRUST_AGENTS"); 7846 } 7847 } else if (disablesTrust) { 7848 allAdminsHaveOptions = false; 7849 break; 7850 } 7851 } 7852 return allAdminsHaveOptions ? result : null; 7853 } 7854 } 7855 7856 @Override 7857 public void setRestrictionsProvider(ComponentName who, ComponentName permissionProvider) { 7858 Preconditions.checkNotNull(who, "ComponentName is null"); 7859 synchronized (this) { 7860 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7861 7862 int userHandle = UserHandle.getCallingUserId(); 7863 DevicePolicyData userData = getUserData(userHandle); 7864 userData.mRestrictionsProvider = permissionProvider; 7865 saveSettingsLocked(userHandle); 7866 } 7867 } 7868 7869 @Override 7870 public ComponentName getRestrictionsProvider(int userHandle) { 7871 synchronized (this) { 7872 if (!isCallerWithSystemUid()) { 7873 throw new SecurityException("Only the system can query the permission provider"); 7874 } 7875 DevicePolicyData userData = getUserData(userHandle); 7876 return userData != null ? userData.mRestrictionsProvider : null; 7877 } 7878 } 7879 7880 @Override 7881 public void addCrossProfileIntentFilter(ComponentName who, IntentFilter filter, int flags) { 7882 Preconditions.checkNotNull(who, "ComponentName is null"); 7883 int callingUserId = UserHandle.getCallingUserId(); 7884 synchronized (this) { 7885 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7886 7887 long id = mInjector.binderClearCallingIdentity(); 7888 try { 7889 UserInfo parent = mUserManager.getProfileParent(callingUserId); 7890 if (parent == null) { 7891 Slog.e(LOG_TAG, "Cannot call addCrossProfileIntentFilter if there is no " 7892 + "parent"); 7893 return; 7894 } 7895 if ((flags & DevicePolicyManager.FLAG_PARENT_CAN_ACCESS_MANAGED) != 0) { 7896 mIPackageManager.addCrossProfileIntentFilter( 7897 filter, who.getPackageName(), callingUserId, parent.id, 0); 7898 } 7899 if ((flags & DevicePolicyManager.FLAG_MANAGED_CAN_ACCESS_PARENT) != 0) { 7900 mIPackageManager.addCrossProfileIntentFilter(filter, who.getPackageName(), 7901 parent.id, callingUserId, 0); 7902 } 7903 } catch (RemoteException re) { 7904 // Shouldn't happen 7905 } finally { 7906 mInjector.binderRestoreCallingIdentity(id); 7907 } 7908 } 7909 } 7910 7911 @Override 7912 public void clearCrossProfileIntentFilters(ComponentName who) { 7913 Preconditions.checkNotNull(who, "ComponentName is null"); 7914 int callingUserId = UserHandle.getCallingUserId(); 7915 synchronized (this) { 7916 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 7917 long id = mInjector.binderClearCallingIdentity(); 7918 try { 7919 UserInfo parent = mUserManager.getProfileParent(callingUserId); 7920 if (parent == null) { 7921 Slog.e(LOG_TAG, "Cannot call clearCrossProfileIntentFilter if there is no " 7922 + "parent"); 7923 return; 7924 } 7925 // Removing those that go from the managed profile to the parent. 7926 mIPackageManager.clearCrossProfileIntentFilters( 7927 callingUserId, who.getPackageName()); 7928 // And those that go from the parent to the managed profile. 7929 // If we want to support multiple managed profiles, we will have to only remove 7930 // those that have callingUserId as their target. 7931 mIPackageManager.clearCrossProfileIntentFilters(parent.id, who.getPackageName()); 7932 } catch (RemoteException re) { 7933 // Shouldn't happen 7934 } finally { 7935 mInjector.binderRestoreCallingIdentity(id); 7936 } 7937 } 7938 } 7939 7940 /** 7941 * @return true if all packages in enabledPackages are either in the list 7942 * permittedList or are a system app. 7943 */ 7944 private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages, 7945 List<String> permittedList, int userIdToCheck) { 7946 long id = mInjector.binderClearCallingIdentity(); 7947 try { 7948 // If we have an enabled packages list for a managed profile the packages 7949 // we should check are installed for the parent user. 7950 UserInfo user = getUserInfo(userIdToCheck); 7951 if (user.isManagedProfile()) { 7952 userIdToCheck = user.profileGroupId; 7953 } 7954 7955 for (String enabledPackage : enabledPackages) { 7956 boolean systemService = false; 7957 try { 7958 ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo( 7959 enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES, 7960 userIdToCheck); 7961 systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 7962 } catch (RemoteException e) { 7963 Log.i(LOG_TAG, "Can't talk to package managed", e); 7964 } 7965 if (!systemService && !permittedList.contains(enabledPackage)) { 7966 return false; 7967 } 7968 } 7969 } finally { 7970 mInjector.binderRestoreCallingIdentity(id); 7971 } 7972 return true; 7973 } 7974 7975 private AccessibilityManager getAccessibilityManagerForUser(int userId) { 7976 // Not using AccessibilityManager.getInstance because that guesses 7977 // at the user you require based on callingUid and caches for a given 7978 // process. 7979 IBinder iBinder = ServiceManager.getService(Context.ACCESSIBILITY_SERVICE); 7980 IAccessibilityManager service = iBinder == null 7981 ? null : IAccessibilityManager.Stub.asInterface(iBinder); 7982 return new AccessibilityManager(mContext, service, userId); 7983 } 7984 7985 @Override 7986 public boolean setPermittedAccessibilityServices(ComponentName who, List packageList) { 7987 if (!mHasFeature) { 7988 return false; 7989 } 7990 Preconditions.checkNotNull(who, "ComponentName is null"); 7991 7992 if (packageList != null) { 7993 int userId = UserHandle.getCallingUserId(); 7994 List<AccessibilityServiceInfo> enabledServices = null; 7995 long id = mInjector.binderClearCallingIdentity(); 7996 try { 7997 UserInfo user = getUserInfo(userId); 7998 if (user.isManagedProfile()) { 7999 userId = user.profileGroupId; 8000 } 8001 AccessibilityManager accessibilityManager = getAccessibilityManagerForUser(userId); 8002 enabledServices = accessibilityManager.getEnabledAccessibilityServiceList( 8003 AccessibilityServiceInfo.FEEDBACK_ALL_MASK); 8004 } finally { 8005 mInjector.binderRestoreCallingIdentity(id); 8006 } 8007 8008 if (enabledServices != null) { 8009 List<String> enabledPackages = new ArrayList<String>(); 8010 for (AccessibilityServiceInfo service : enabledServices) { 8011 enabledPackages.add(service.getResolveInfo().serviceInfo.packageName); 8012 } 8013 if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList, 8014 userId)) { 8015 Slog.e(LOG_TAG, "Cannot set permitted accessibility services, " 8016 + "because it contains already enabled accesibility services."); 8017 return false; 8018 } 8019 } 8020 } 8021 8022 synchronized (this) { 8023 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8024 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8025 admin.permittedAccessiblityServices = packageList; 8026 saveSettingsLocked(UserHandle.getCallingUserId()); 8027 } 8028 return true; 8029 } 8030 8031 @Override 8032 public List getPermittedAccessibilityServices(ComponentName who) { 8033 if (!mHasFeature) { 8034 return null; 8035 } 8036 Preconditions.checkNotNull(who, "ComponentName is null"); 8037 8038 synchronized (this) { 8039 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8040 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8041 return admin.permittedAccessiblityServices; 8042 } 8043 } 8044 8045 @Override 8046 public List getPermittedAccessibilityServicesForUser(int userId) { 8047 if (!mHasFeature) { 8048 return null; 8049 } 8050 synchronized (this) { 8051 List<String> result = null; 8052 // If we have multiple profiles we return the intersection of the 8053 // permitted lists. This can happen in cases where we have a device 8054 // and profile owner. 8055 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId); 8056 for (int profileId : profileIds) { 8057 // Just loop though all admins, only device or profiles 8058 // owners can have permitted lists set. 8059 DevicePolicyData policy = getUserDataUnchecked(profileId); 8060 final int N = policy.mAdminList.size(); 8061 for (int j = 0; j < N; j++) { 8062 ActiveAdmin admin = policy.mAdminList.get(j); 8063 List<String> fromAdmin = admin.permittedAccessiblityServices; 8064 if (fromAdmin != null) { 8065 if (result == null) { 8066 result = new ArrayList<>(fromAdmin); 8067 } else { 8068 result.retainAll(fromAdmin); 8069 } 8070 } 8071 } 8072 } 8073 8074 // If we have a permitted list add all system accessibility services. 8075 if (result != null) { 8076 long id = mInjector.binderClearCallingIdentity(); 8077 try { 8078 UserInfo user = getUserInfo(userId); 8079 if (user.isManagedProfile()) { 8080 userId = user.profileGroupId; 8081 } 8082 AccessibilityManager accessibilityManager = 8083 getAccessibilityManagerForUser(userId); 8084 List<AccessibilityServiceInfo> installedServices = 8085 accessibilityManager.getInstalledAccessibilityServiceList(); 8086 8087 if (installedServices != null) { 8088 for (AccessibilityServiceInfo service : installedServices) { 8089 ServiceInfo serviceInfo = service.getResolveInfo().serviceInfo; 8090 ApplicationInfo applicationInfo = serviceInfo.applicationInfo; 8091 if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 8092 result.add(serviceInfo.packageName); 8093 } 8094 } 8095 } 8096 } finally { 8097 mInjector.binderRestoreCallingIdentity(id); 8098 } 8099 } 8100 8101 return result; 8102 } 8103 } 8104 8105 @Override 8106 public boolean isAccessibilityServicePermittedByAdmin(ComponentName who, String packageName, 8107 int userHandle) { 8108 if (!mHasFeature) { 8109 return true; 8110 } 8111 Preconditions.checkNotNull(who, "ComponentName is null"); 8112 Preconditions.checkStringNotEmpty(packageName, "packageName is null"); 8113 if (!isCallerWithSystemUid()){ 8114 throw new SecurityException( 8115 "Only the system can query if an accessibility service is disabled by admin"); 8116 } 8117 synchronized (this) { 8118 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 8119 if (admin == null) { 8120 return false; 8121 } 8122 if (admin.permittedAccessiblityServices == null) { 8123 return true; 8124 } 8125 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8126 admin.permittedAccessiblityServices, userHandle); 8127 } 8128 } 8129 8130 private boolean checkCallerIsCurrentUserOrProfile() { 8131 final int callingUserId = UserHandle.getCallingUserId(); 8132 final long token = mInjector.binderClearCallingIdentity(); 8133 try { 8134 UserInfo currentUser; 8135 UserInfo callingUser = getUserInfo(callingUserId); 8136 try { 8137 currentUser = mInjector.getIActivityManager().getCurrentUser(); 8138 } catch (RemoteException e) { 8139 Slog.e(LOG_TAG, "Failed to talk to activity managed.", e); 8140 return false; 8141 } 8142 8143 if (callingUser.isManagedProfile() && callingUser.profileGroupId != currentUser.id) { 8144 Slog.e(LOG_TAG, "Cannot set permitted input methods for managed profile " 8145 + "of a user that isn't the foreground user."); 8146 return false; 8147 } 8148 if (!callingUser.isManagedProfile() && callingUserId != currentUser.id ) { 8149 Slog.e(LOG_TAG, "Cannot set permitted input methods " 8150 + "of a user that isn't the foreground user."); 8151 return false; 8152 } 8153 } finally { 8154 mInjector.binderRestoreCallingIdentity(token); 8155 } 8156 return true; 8157 } 8158 8159 @Override 8160 public boolean setPermittedInputMethods(ComponentName who, List packageList) { 8161 if (!mHasFeature) { 8162 return false; 8163 } 8164 Preconditions.checkNotNull(who, "ComponentName is null"); 8165 8166 // TODO When InputMethodManager supports per user calls remove 8167 // this restriction. 8168 if (!checkCallerIsCurrentUserOrProfile()) { 8169 return false; 8170 } 8171 8172 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8173 if (packageList != null) { 8174 // InputMethodManager fetches input methods for current user. 8175 // So this can only be set when calling user is the current user 8176 // or parent is current user in case of managed profiles. 8177 InputMethodManager inputMethodManager = 8178 mContext.getSystemService(InputMethodManager.class); 8179 List<InputMethodInfo> enabledImes = inputMethodManager.getEnabledInputMethodList(); 8180 8181 if (enabledImes != null) { 8182 List<String> enabledPackages = new ArrayList<String>(); 8183 for (InputMethodInfo ime : enabledImes) { 8184 enabledPackages.add(ime.getPackageName()); 8185 } 8186 if (!checkPackagesInPermittedListOrSystem(enabledPackages, packageList, 8187 callingUserId)) { 8188 Slog.e(LOG_TAG, "Cannot set permitted input methods, " 8189 + "because it contains already enabled input method."); 8190 return false; 8191 } 8192 } 8193 } 8194 8195 synchronized (this) { 8196 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8197 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8198 admin.permittedInputMethods = packageList; 8199 saveSettingsLocked(callingUserId); 8200 } 8201 return true; 8202 } 8203 8204 @Override 8205 public List getPermittedInputMethods(ComponentName who) { 8206 if (!mHasFeature) { 8207 return null; 8208 } 8209 Preconditions.checkNotNull(who, "ComponentName is null"); 8210 8211 synchronized (this) { 8212 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 8213 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8214 return admin.permittedInputMethods; 8215 } 8216 } 8217 8218 @Override 8219 public List getPermittedInputMethodsForCurrentUser() { 8220 UserInfo currentUser; 8221 try { 8222 currentUser = mInjector.getIActivityManager().getCurrentUser(); 8223 } catch (RemoteException e) { 8224 Slog.e(LOG_TAG, "Failed to make remote calls to get current user", e); 8225 // Activity managed is dead, just allow all IMEs 8226 return null; 8227 } 8228 8229 int userId = currentUser.id; 8230 synchronized (this) { 8231 List<String> result = null; 8232 // If we have multiple profiles we return the intersection of the 8233 // permitted lists. This can happen in cases where we have a device 8234 // and profile owner. 8235 int[] profileIds = mUserManager.getProfileIdsWithDisabled(userId); 8236 for (int profileId : profileIds) { 8237 // Just loop though all admins, only device or profiles 8238 // owners can have permitted lists set. 8239 DevicePolicyData policy = getUserDataUnchecked(profileId); 8240 final int N = policy.mAdminList.size(); 8241 for (int j = 0; j < N; j++) { 8242 ActiveAdmin admin = policy.mAdminList.get(j); 8243 List<String> fromAdmin = admin.permittedInputMethods; 8244 if (fromAdmin != null) { 8245 if (result == null) { 8246 result = new ArrayList<String>(fromAdmin); 8247 } else { 8248 result.retainAll(fromAdmin); 8249 } 8250 } 8251 } 8252 } 8253 8254 // If we have a permitted list add all system input methods. 8255 if (result != null) { 8256 InputMethodManager inputMethodManager = 8257 mContext.getSystemService(InputMethodManager.class); 8258 List<InputMethodInfo> imes = inputMethodManager.getInputMethodList(); 8259 long id = mInjector.binderClearCallingIdentity(); 8260 try { 8261 if (imes != null) { 8262 for (InputMethodInfo ime : imes) { 8263 ServiceInfo serviceInfo = ime.getServiceInfo(); 8264 ApplicationInfo applicationInfo = serviceInfo.applicationInfo; 8265 if ((applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0) { 8266 result.add(serviceInfo.packageName); 8267 } 8268 } 8269 } 8270 } finally { 8271 mInjector.binderRestoreCallingIdentity(id); 8272 } 8273 } 8274 return result; 8275 } 8276 } 8277 8278 @Override 8279 public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName, 8280 int userHandle) { 8281 if (!mHasFeature) { 8282 return true; 8283 } 8284 Preconditions.checkNotNull(who, "ComponentName is null"); 8285 Preconditions.checkStringNotEmpty(packageName, "packageName is null"); 8286 if (!isCallerWithSystemUid()) { 8287 throw new SecurityException( 8288 "Only the system can query if an input method is disabled by admin"); 8289 } 8290 synchronized (this) { 8291 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 8292 if (admin == null) { 8293 return false; 8294 } 8295 if (admin.permittedInputMethods == null) { 8296 return true; 8297 } 8298 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8299 admin.permittedInputMethods, userHandle); 8300 } 8301 } 8302 8303 @Override 8304 public boolean setPermittedCrossProfileNotificationListeners( 8305 ComponentName who, List<String> packageList) { 8306 if (!mHasFeature) { 8307 return false; 8308 } 8309 Preconditions.checkNotNull(who, "ComponentName is null"); 8310 8311 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8312 if (!isManagedProfile(callingUserId)) { 8313 return false; 8314 } 8315 8316 synchronized (this) { 8317 ActiveAdmin admin = getActiveAdminForCallerLocked( 8318 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8319 admin.permittedNotificationListeners = packageList; 8320 saveSettingsLocked(callingUserId); 8321 } 8322 return true; 8323 } 8324 8325 @Override 8326 public List<String> getPermittedCrossProfileNotificationListeners(ComponentName who) { 8327 if (!mHasFeature) { 8328 return null; 8329 } 8330 Preconditions.checkNotNull(who, "ComponentName is null"); 8331 8332 synchronized (this) { 8333 ActiveAdmin admin = getActiveAdminForCallerLocked( 8334 who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8335 return admin.permittedNotificationListeners; 8336 } 8337 } 8338 8339 @Override 8340 public boolean isNotificationListenerServicePermitted(String packageName, int userId) { 8341 if (!mHasFeature) { 8342 return true; 8343 } 8344 8345 Preconditions.checkStringNotEmpty(packageName, "packageName is null or empty"); 8346 if (!isCallerWithSystemUid()) { 8347 throw new SecurityException( 8348 "Only the system can query if a notification listener service is permitted"); 8349 } 8350 synchronized (this) { 8351 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 8352 if (profileOwner == null || profileOwner.permittedNotificationListeners == null) { 8353 return true; 8354 } 8355 return checkPackagesInPermittedListOrSystem(Collections.singletonList(packageName), 8356 profileOwner.permittedNotificationListeners, userId); 8357 8358 } 8359 } 8360 8361 private void maybeSendAdminEnabledBroadcastLocked(int userHandle) { 8362 DevicePolicyData policyData = getUserData(userHandle); 8363 if (policyData.mAdminBroadcastPending) { 8364 // Send the initialization data to profile owner and delete the data 8365 ActiveAdmin admin = getProfileOwnerAdminLocked(userHandle); 8366 boolean clearInitBundle = true; 8367 if (admin != null) { 8368 PersistableBundle initBundle = policyData.mInitBundle; 8369 clearInitBundle = sendAdminCommandLocked(admin, 8370 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED, 8371 initBundle == null ? null : new Bundle(initBundle), 8372 null /* result receiver */, 8373 true /* send in foreground */); 8374 } 8375 if (clearInitBundle) { 8376 // If there's no admin or we've successfully called the admin, clear the init bundle 8377 // otherwise, keep it around 8378 policyData.mInitBundle = null; 8379 policyData.mAdminBroadcastPending = false; 8380 saveSettingsLocked(userHandle); 8381 } 8382 } 8383 } 8384 8385 @Override 8386 public UserHandle createAndManageUser(ComponentName admin, String name, 8387 ComponentName profileOwner, PersistableBundle adminExtras, int flags) { 8388 Preconditions.checkNotNull(admin, "admin is null"); 8389 Preconditions.checkNotNull(profileOwner, "profileOwner is null"); 8390 if (!admin.getPackageName().equals(profileOwner.getPackageName())) { 8391 throw new IllegalArgumentException("profileOwner " + profileOwner + " and admin " 8392 + admin + " are not in the same package"); 8393 } 8394 // Only allow the system user to use this method 8395 if (!mInjector.binderGetCallingUserHandle().isSystem()) { 8396 throw new SecurityException("createAndManageUser was called from non-system user"); 8397 } 8398 final boolean ephemeral = (flags & DevicePolicyManager.MAKE_USER_EPHEMERAL) != 0; 8399 final boolean demo = (flags & DevicePolicyManager.MAKE_USER_DEMO) != 0 8400 && UserManager.isDeviceInDemoMode(mContext); 8401 final boolean leaveAllSystemAppsEnabled = (flags & LEAVE_ALL_SYSTEM_APPS_ENABLED) != 0; 8402 // Create user. 8403 UserHandle user = null; 8404 synchronized (this) { 8405 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8406 8407 final long id = mInjector.binderClearCallingIdentity(); 8408 try { 8409 int userInfoFlags = 0; 8410 if (ephemeral) { 8411 userInfoFlags |= UserInfo.FLAG_EPHEMERAL; 8412 } 8413 if (demo) { 8414 userInfoFlags |= UserInfo.FLAG_DEMO; 8415 } 8416 String[] disallowedPackages = null; 8417 if (!leaveAllSystemAppsEnabled) { 8418 disallowedPackages = mOverlayPackagesProvider.getNonRequiredApps(admin, 8419 UserHandle.myUserId(), ACTION_PROVISION_MANAGED_USER).toArray( 8420 new String[0]); 8421 } 8422 UserInfo userInfo = mUserManagerInternal.createUserEvenWhenDisallowed(name, 8423 userInfoFlags, disallowedPackages); 8424 if (userInfo != null) { 8425 user = userInfo.getUserHandle(); 8426 } 8427 } finally { 8428 mInjector.binderRestoreCallingIdentity(id); 8429 } 8430 } 8431 if (user == null) { 8432 return null; 8433 } 8434 8435 final int userHandle = user.getIdentifier(); 8436 final Intent intent = new Intent(DevicePolicyManager.ACTION_MANAGED_USER_CREATED) 8437 .putExtra(Intent.EXTRA_USER_HANDLE, userHandle) 8438 .putExtra( 8439 DevicePolicyManager.EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED, 8440 leaveAllSystemAppsEnabled) 8441 .setPackage(MANAGED_PROVISIONING_PKG) 8442 .addFlags(Intent.FLAG_RECEIVER_FOREGROUND); 8443 mContext.sendBroadcastAsUser(intent, UserHandle.SYSTEM); 8444 8445 final long id = mInjector.binderClearCallingIdentity(); 8446 try { 8447 final String adminPkg = admin.getPackageName(); 8448 try { 8449 // Install the profile owner if not present. 8450 if (!mIPackageManager.isPackageAvailable(adminPkg, userHandle)) { 8451 mIPackageManager.installExistingPackageAsUser(adminPkg, userHandle, 8452 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 8453 } 8454 } catch (RemoteException e) { 8455 // Does not happen, same process 8456 } 8457 8458 // Set admin. 8459 setActiveAdmin(profileOwner, true, userHandle); 8460 final String ownerName = getProfileOwnerName(Process.myUserHandle().getIdentifier()); 8461 setProfileOwner(profileOwner, ownerName, userHandle); 8462 8463 synchronized (this) { 8464 DevicePolicyData policyData = getUserData(userHandle); 8465 policyData.mInitBundle = adminExtras; 8466 policyData.mAdminBroadcastPending = true; 8467 saveSettingsLocked(userHandle); 8468 } 8469 8470 if ((flags & DevicePolicyManager.SKIP_SETUP_WIZARD) != 0) { 8471 Settings.Secure.putIntForUser(mContext.getContentResolver(), 8472 Settings.Secure.USER_SETUP_COMPLETE, 1, userHandle); 8473 } 8474 8475 if ((flags & START_USER_IN_BACKGROUND) != 0) { 8476 try { 8477 mInjector.getIActivityManager().startUserInBackground(userHandle); 8478 } catch (RemoteException re) { 8479 // Does not happen, same process 8480 } 8481 } 8482 8483 return user; 8484 } catch (Throwable re) { 8485 mUserManager.removeUser(userHandle); 8486 return null; 8487 } finally { 8488 mInjector.binderRestoreCallingIdentity(id); 8489 } 8490 } 8491 8492 @Override 8493 public boolean removeUser(ComponentName who, UserHandle userHandle) { 8494 Preconditions.checkNotNull(who, "ComponentName is null"); 8495 synchronized (this) { 8496 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8497 } 8498 8499 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8500 final long id = mInjector.binderClearCallingIdentity(); 8501 try { 8502 String restriction = isManagedProfile(userHandle.getIdentifier()) 8503 ? UserManager.DISALLOW_REMOVE_MANAGED_PROFILE 8504 : UserManager.DISALLOW_REMOVE_USER; 8505 if (isAdminAffectedByRestriction(who, restriction, callingUserId)) { 8506 Log.w(LOG_TAG, "The device owner cannot remove a user because " 8507 + restriction + " is enabled, and was not set by the device owner"); 8508 return false; 8509 } 8510 return mUserManagerInternal.removeUserEvenWhenDisallowed(userHandle.getIdentifier()); 8511 } finally { 8512 mInjector.binderRestoreCallingIdentity(id); 8513 } 8514 } 8515 8516 private boolean isAdminAffectedByRestriction( 8517 ComponentName admin, String userRestriction, int userId) { 8518 switch(mUserManager.getUserRestrictionSource(userRestriction, UserHandle.of(userId))) { 8519 case UserManager.RESTRICTION_NOT_SET: 8520 return false; 8521 case UserManager.RESTRICTION_SOURCE_DEVICE_OWNER: 8522 return !isDeviceOwner(admin, userId); 8523 case UserManager.RESTRICTION_SOURCE_PROFILE_OWNER: 8524 return !isProfileOwner(admin, userId); 8525 default: 8526 return true; 8527 } 8528 } 8529 8530 @Override 8531 public boolean switchUser(ComponentName who, UserHandle userHandle) { 8532 Preconditions.checkNotNull(who, "ComponentName is null"); 8533 synchronized (this) { 8534 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8535 8536 long id = mInjector.binderClearCallingIdentity(); 8537 try { 8538 int userId = UserHandle.USER_SYSTEM; 8539 if (userHandle != null) { 8540 userId = userHandle.getIdentifier(); 8541 } 8542 return mInjector.getIActivityManager().switchUser(userId); 8543 } catch (RemoteException e) { 8544 Log.e(LOG_TAG, "Couldn't switch user", e); 8545 return false; 8546 } finally { 8547 mInjector.binderRestoreCallingIdentity(id); 8548 } 8549 } 8550 } 8551 8552 @Override 8553 public boolean stopUser(ComponentName who, UserHandle userHandle) { 8554 Preconditions.checkNotNull(who, "ComponentName is null"); 8555 8556 synchronized (this) { 8557 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8558 } 8559 8560 final int userId = userHandle.getIdentifier(); 8561 if (isManagedProfile(userId)) { 8562 Log.w(LOG_TAG, "Managed profile cannot be stopped"); 8563 return false; 8564 } 8565 8566 final long id = mInjector.binderClearCallingIdentity(); 8567 try { 8568 return mInjector.getIActivityManager().stopUser(userId, true /*force*/, null) 8569 == USER_OP_SUCCESS; 8570 } catch (RemoteException e) { 8571 // Same process, should not happen. 8572 return false; 8573 } finally { 8574 mInjector.binderRestoreCallingIdentity(id); 8575 } 8576 } 8577 8578 @Override 8579 public boolean logoutUser(ComponentName who) { 8580 Preconditions.checkNotNull(who, "ComponentName is null"); 8581 8582 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8583 synchronized (this) { 8584 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8585 if (!isUserAffiliatedWithDeviceLocked(callingUserId)) { 8586 throw new SecurityException("Admin " + who + 8587 " is neither the device owner or affiliated user's profile owner."); 8588 } 8589 } 8590 8591 if (isManagedProfile(callingUserId)) { 8592 Log.w(LOG_TAG, "Managed profile cannot be logout"); 8593 return false; 8594 } 8595 8596 final long id = mInjector.binderClearCallingIdentity(); 8597 try { 8598 if (!mInjector.getIActivityManager().switchUser(UserHandle.USER_SYSTEM)) { 8599 Log.w(LOG_TAG, "Failed to switch to primary user"); 8600 return false; 8601 } 8602 return mInjector.getIActivityManager().stopUser(callingUserId, true /*force*/, null) 8603 == USER_OP_SUCCESS; 8604 } catch (RemoteException e) { 8605 // Same process, should not happen. 8606 return false; 8607 } finally { 8608 mInjector.binderRestoreCallingIdentity(id); 8609 } 8610 } 8611 8612 @Override 8613 public List<UserHandle> getSecondaryUsers(ComponentName who) { 8614 Preconditions.checkNotNull(who, "ComponentName is null"); 8615 synchronized (this) { 8616 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 8617 } 8618 8619 final long id = mInjector.binderClearCallingIdentity(); 8620 try { 8621 final List<UserInfo> userInfos = mInjector.getUserManager().getUsers(true 8622 /*excludeDying*/); 8623 final List<UserHandle> userHandles = new ArrayList<>(); 8624 for (UserInfo userInfo : userInfos) { 8625 UserHandle userHandle = userInfo.getUserHandle(); 8626 if (!userHandle.isSystem() && !isManagedProfile(userHandle.getIdentifier())) { 8627 userHandles.add(userInfo.getUserHandle()); 8628 } 8629 } 8630 return userHandles; 8631 } finally { 8632 mInjector.binderRestoreCallingIdentity(id); 8633 } 8634 } 8635 8636 @Override 8637 public boolean isEphemeralUser(ComponentName who) { 8638 Preconditions.checkNotNull(who, "ComponentName is null"); 8639 synchronized (this) { 8640 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8641 } 8642 8643 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8644 final long id = mInjector.binderClearCallingIdentity(); 8645 try { 8646 return mInjector.getUserManager().isUserEphemeral(callingUserId); 8647 } finally { 8648 mInjector.binderRestoreCallingIdentity(id); 8649 } 8650 } 8651 8652 @Override 8653 public Bundle getApplicationRestrictions(ComponentName who, String callerPackage, 8654 String packageName) { 8655 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8656 DELEGATION_APP_RESTRICTIONS); 8657 8658 final UserHandle userHandle = mInjector.binderGetCallingUserHandle(); 8659 final long id = mInjector.binderClearCallingIdentity(); 8660 try { 8661 Bundle bundle = mUserManager.getApplicationRestrictions(packageName, userHandle); 8662 // if no restrictions were saved, mUserManager.getApplicationRestrictions 8663 // returns null, but DPM method should return an empty Bundle as per JavaDoc 8664 return bundle != null ? bundle : Bundle.EMPTY; 8665 } finally { 8666 mInjector.binderRestoreCallingIdentity(id); 8667 } 8668 } 8669 8670 @Override 8671 public String[] setPackagesSuspended(ComponentName who, String callerPackage, 8672 String[] packageNames, boolean suspended) { 8673 int callingUserId = UserHandle.getCallingUserId(); 8674 synchronized (this) { 8675 // Ensure the caller is a DO/PO or a package access delegate. 8676 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8677 DELEGATION_PACKAGE_ACCESS); 8678 8679 long id = mInjector.binderClearCallingIdentity(); 8680 try { 8681 return mIPackageManager.setPackagesSuspendedAsUser( 8682 packageNames, suspended, callingUserId); 8683 } catch (RemoteException re) { 8684 // Shouldn't happen. 8685 Slog.e(LOG_TAG, "Failed talking to the package manager", re); 8686 } finally { 8687 mInjector.binderRestoreCallingIdentity(id); 8688 } 8689 return packageNames; 8690 } 8691 } 8692 8693 @Override 8694 public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) { 8695 int callingUserId = UserHandle.getCallingUserId(); 8696 synchronized (this) { 8697 // Ensure the caller is a DO/PO or a package access delegate. 8698 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8699 DELEGATION_PACKAGE_ACCESS); 8700 8701 long id = mInjector.binderClearCallingIdentity(); 8702 try { 8703 return mIPackageManager.isPackageSuspendedForUser(packageName, callingUserId); 8704 } catch (RemoteException re) { 8705 // Shouldn't happen. 8706 Slog.e(LOG_TAG, "Failed talking to the package manager", re); 8707 } finally { 8708 mInjector.binderRestoreCallingIdentity(id); 8709 } 8710 return false; 8711 } 8712 } 8713 8714 @Override 8715 public void setUserRestriction(ComponentName who, String key, boolean enabledFromThisOwner) { 8716 Preconditions.checkNotNull(who, "ComponentName is null"); 8717 if (!UserRestrictionsUtils.isValidRestriction(key)) { 8718 return; 8719 } 8720 8721 final int userHandle = mInjector.userHandleGetCallingUserId(); 8722 synchronized (this) { 8723 final ActiveAdmin activeAdmin = 8724 getActiveAdminForCallerLocked(who, 8725 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8726 final boolean isDeviceOwner = isDeviceOwner(who, userHandle); 8727 if (isDeviceOwner) { 8728 if (!UserRestrictionsUtils.canDeviceOwnerChange(key)) { 8729 throw new SecurityException("Device owner cannot set user restriction " + key); 8730 } 8731 } else { // profile owner 8732 if (!UserRestrictionsUtils.canProfileOwnerChange(key, userHandle)) { 8733 throw new SecurityException("Profile owner cannot set user restriction " + key); 8734 } 8735 } 8736 8737 // Save the restriction to ActiveAdmin. 8738 final Bundle restrictions = activeAdmin.ensureUserRestrictions(); 8739 if (enabledFromThisOwner) { 8740 restrictions.putBoolean(key, true); 8741 } else { 8742 restrictions.remove(key); 8743 } 8744 saveUserRestrictionsLocked(userHandle); 8745 } 8746 } 8747 8748 private void saveUserRestrictionsLocked(int userId) { 8749 saveSettingsLocked(userId); 8750 pushUserRestrictions(userId); 8751 sendChangedNotification(userId); 8752 } 8753 8754 private void pushUserRestrictions(int userId) { 8755 synchronized (this) { 8756 final boolean isDeviceOwner = mOwners.isDeviceOwnerUserId(userId); 8757 final Bundle userRestrictions; 8758 // Whether device owner enforces camera restriction. 8759 boolean disallowCameraGlobally = false; 8760 8761 if (isDeviceOwner) { 8762 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 8763 if (deviceOwner == null) { 8764 return; // Shouldn't happen. 8765 } 8766 userRestrictions = deviceOwner.userRestrictions; 8767 // DO can disable camera globally. 8768 disallowCameraGlobally = deviceOwner.disableCamera; 8769 } else { 8770 final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId); 8771 userRestrictions = profileOwner != null ? profileOwner.userRestrictions : null; 8772 } 8773 8774 // Whether any admin enforces camera restriction. 8775 final int cameraRestrictionScope = 8776 getCameraRestrictionScopeLocked(userId, disallowCameraGlobally); 8777 8778 mUserManagerInternal.setDevicePolicyUserRestrictions(userId, userRestrictions, 8779 isDeviceOwner, cameraRestrictionScope); 8780 } 8781 } 8782 8783 /** 8784 * Get the scope of camera restriction for a given user if any. 8785 */ 8786 private int getCameraRestrictionScopeLocked(int userId, boolean disallowCameraGlobally) { 8787 if (disallowCameraGlobally) { 8788 return UserManagerInternal.CAMERA_DISABLED_GLOBALLY; 8789 } else if (getCameraDisabled( 8790 /* who= */ null, userId, /* mergeDeviceOwnerRestriction= */ false)) { 8791 return UserManagerInternal.CAMERA_DISABLED_LOCALLY; 8792 } 8793 return UserManagerInternal.CAMERA_NOT_DISABLED; 8794 } 8795 8796 @Override 8797 public Bundle getUserRestrictions(ComponentName who) { 8798 if (!mHasFeature) { 8799 return null; 8800 } 8801 Preconditions.checkNotNull(who, "ComponentName is null"); 8802 synchronized (this) { 8803 final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who, 8804 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 8805 return activeAdmin.userRestrictions; 8806 } 8807 } 8808 8809 @Override 8810 public boolean setApplicationHidden(ComponentName who, String callerPackage, String packageName, 8811 boolean hidden) { 8812 int callingUserId = UserHandle.getCallingUserId(); 8813 synchronized (this) { 8814 // Ensure the caller is a DO/PO or a package access delegate. 8815 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8816 DELEGATION_PACKAGE_ACCESS); 8817 8818 long id = mInjector.binderClearCallingIdentity(); 8819 try { 8820 return mIPackageManager.setApplicationHiddenSettingAsUser( 8821 packageName, hidden, callingUserId); 8822 } catch (RemoteException re) { 8823 // shouldn't happen 8824 Slog.e(LOG_TAG, "Failed to setApplicationHiddenSetting", re); 8825 } finally { 8826 mInjector.binderRestoreCallingIdentity(id); 8827 } 8828 return false; 8829 } 8830 } 8831 8832 @Override 8833 public boolean isApplicationHidden(ComponentName who, String callerPackage, 8834 String packageName) { 8835 int callingUserId = UserHandle.getCallingUserId(); 8836 synchronized (this) { 8837 // Ensure the caller is a DO/PO or a package access delegate. 8838 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8839 DELEGATION_PACKAGE_ACCESS); 8840 8841 long id = mInjector.binderClearCallingIdentity(); 8842 try { 8843 return mIPackageManager.getApplicationHiddenSettingAsUser( 8844 packageName, callingUserId); 8845 } catch (RemoteException re) { 8846 // shouldn't happen 8847 Slog.e(LOG_TAG, "Failed to getApplicationHiddenSettingAsUser", re); 8848 } finally { 8849 mInjector.binderRestoreCallingIdentity(id); 8850 } 8851 return false; 8852 } 8853 } 8854 8855 @Override 8856 public void enableSystemApp(ComponentName who, String callerPackage, String packageName) { 8857 synchronized (this) { 8858 // Ensure the caller is a DO/PO or an enable system app delegate. 8859 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8860 DELEGATION_ENABLE_SYSTEM_APP); 8861 8862 final boolean isDemo = isCurrentUserDemo(); 8863 8864 int userId = UserHandle.getCallingUserId(); 8865 long id = mInjector.binderClearCallingIdentity(); 8866 8867 try { 8868 if (VERBOSE_LOG) { 8869 Slog.v(LOG_TAG, "installing " + packageName + " for " 8870 + userId); 8871 } 8872 8873 int parentUserId = getProfileParentId(userId); 8874 if (!isDemo && !isSystemApp(mIPackageManager, packageName, parentUserId)) { 8875 throw new IllegalArgumentException("Only system apps can be enabled this way."); 8876 } 8877 8878 // Install the app. 8879 mIPackageManager.installExistingPackageAsUser(packageName, userId, 8880 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 8881 if (isDemo) { 8882 // Ensure the app is also ENABLED for demo users. 8883 mIPackageManager.setApplicationEnabledSetting(packageName, 8884 PackageManager.COMPONENT_ENABLED_STATE_ENABLED, 8885 PackageManager.DONT_KILL_APP, userId, "DevicePolicyManager"); 8886 } 8887 } catch (RemoteException re) { 8888 // shouldn't happen 8889 Slog.wtf(LOG_TAG, "Failed to install " + packageName, re); 8890 } finally { 8891 mInjector.binderRestoreCallingIdentity(id); 8892 } 8893 } 8894 } 8895 8896 @Override 8897 public int enableSystemAppWithIntent(ComponentName who, String callerPackage, Intent intent) { 8898 synchronized (this) { 8899 // Ensure the caller is a DO/PO or an enable system app delegate. 8900 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8901 DELEGATION_ENABLE_SYSTEM_APP); 8902 8903 int userId = UserHandle.getCallingUserId(); 8904 long id = mInjector.binderClearCallingIdentity(); 8905 8906 try { 8907 int parentUserId = getProfileParentId(userId); 8908 List<ResolveInfo> activitiesToEnable = mIPackageManager 8909 .queryIntentActivities(intent, 8910 intent.resolveTypeIfNeeded(mContext.getContentResolver()), 8911 PackageManager.MATCH_DIRECT_BOOT_AWARE 8912 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, 8913 parentUserId) 8914 .getList(); 8915 8916 if (VERBOSE_LOG) { 8917 Slog.d(LOG_TAG, "Enabling system activities: " + activitiesToEnable); 8918 } 8919 int numberOfAppsInstalled = 0; 8920 if (activitiesToEnable != null) { 8921 for (ResolveInfo info : activitiesToEnable) { 8922 if (info.activityInfo != null) { 8923 String packageName = info.activityInfo.packageName; 8924 if (isSystemApp(mIPackageManager, packageName, parentUserId)) { 8925 numberOfAppsInstalled++; 8926 mIPackageManager.installExistingPackageAsUser(packageName, userId, 8927 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY); 8928 } else { 8929 Slog.d(LOG_TAG, "Not enabling " + packageName + " since is not a" 8930 + " system app"); 8931 } 8932 } 8933 } 8934 } 8935 return numberOfAppsInstalled; 8936 } catch (RemoteException e) { 8937 // shouldn't happen 8938 Slog.wtf(LOG_TAG, "Failed to resolve intent for: " + intent); 8939 return 0; 8940 } finally { 8941 mInjector.binderRestoreCallingIdentity(id); 8942 } 8943 } 8944 } 8945 8946 private boolean isSystemApp(IPackageManager pm, String packageName, int userId) 8947 throws RemoteException { 8948 ApplicationInfo appInfo = pm.getApplicationInfo(packageName, MATCH_UNINSTALLED_PACKAGES, 8949 userId); 8950 if (appInfo == null) { 8951 throw new IllegalArgumentException("The application " + packageName + 8952 " is not present on this device"); 8953 } 8954 return (appInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 8955 } 8956 8957 @Override 8958 public boolean installExistingPackage(ComponentName who, String callerPackage, 8959 String packageName) { 8960 synchronized (this) { 8961 // Ensure the caller is a PO or an install existing package delegate 8962 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 8963 DELEGATION_INSTALL_EXISTING_PACKAGE); 8964 final int callingUserId = mInjector.userHandleGetCallingUserId(); 8965 if (!isUserAffiliatedWithDeviceLocked(callingUserId)) { 8966 throw new SecurityException("Admin " + who + 8967 " is neither the device owner or affiliated user's profile owner."); 8968 } 8969 8970 final long id = mInjector.binderClearCallingIdentity(); 8971 try { 8972 if (VERBOSE_LOG) { 8973 Slog.v(LOG_TAG, "installing " + packageName + " for " 8974 + callingUserId); 8975 } 8976 8977 // Install the package. 8978 return mIPackageManager.installExistingPackageAsUser(packageName, callingUserId, 8979 0 /*installFlags*/, PackageManager.INSTALL_REASON_POLICY) 8980 == PackageManager.INSTALL_SUCCEEDED; 8981 } catch (RemoteException re) { 8982 // shouldn't happen 8983 return false; 8984 } finally { 8985 mInjector.binderRestoreCallingIdentity(id); 8986 } 8987 } 8988 } 8989 8990 @Override 8991 public void setAccountManagementDisabled(ComponentName who, String accountType, 8992 boolean disabled) { 8993 if (!mHasFeature) { 8994 return; 8995 } 8996 Preconditions.checkNotNull(who, "ComponentName is null"); 8997 synchronized (this) { 8998 ActiveAdmin ap = getActiveAdminForCallerLocked(who, 8999 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9000 if (disabled) { 9001 ap.accountTypesWithManagementDisabled.add(accountType); 9002 } else { 9003 ap.accountTypesWithManagementDisabled.remove(accountType); 9004 } 9005 saveSettingsLocked(UserHandle.getCallingUserId()); 9006 } 9007 } 9008 9009 @Override 9010 public String[] getAccountTypesWithManagementDisabled() { 9011 return getAccountTypesWithManagementDisabledAsUser(UserHandle.getCallingUserId()); 9012 } 9013 9014 @Override 9015 public String[] getAccountTypesWithManagementDisabledAsUser(int userId) { 9016 enforceFullCrossUsersPermission(userId); 9017 if (!mHasFeature) { 9018 return null; 9019 } 9020 synchronized (this) { 9021 DevicePolicyData policy = getUserData(userId); 9022 final int N = policy.mAdminList.size(); 9023 ArraySet<String> resultSet = new ArraySet<>(); 9024 for (int i = 0; i < N; i++) { 9025 ActiveAdmin admin = policy.mAdminList.get(i); 9026 resultSet.addAll(admin.accountTypesWithManagementDisabled); 9027 } 9028 return resultSet.toArray(new String[resultSet.size()]); 9029 } 9030 } 9031 9032 @Override 9033 public void setUninstallBlocked(ComponentName who, String callerPackage, String packageName, 9034 boolean uninstallBlocked) { 9035 final int userId = UserHandle.getCallingUserId(); 9036 synchronized (this) { 9037 // Ensure the caller is a DO/PO or a block uninstall delegate 9038 enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 9039 DELEGATION_BLOCK_UNINSTALL); 9040 9041 long id = mInjector.binderClearCallingIdentity(); 9042 try { 9043 mIPackageManager.setBlockUninstallForUser(packageName, uninstallBlocked, userId); 9044 } catch (RemoteException re) { 9045 // Shouldn't happen. 9046 Slog.e(LOG_TAG, "Failed to setBlockUninstallForUser", re); 9047 } finally { 9048 mInjector.binderRestoreCallingIdentity(id); 9049 } 9050 } 9051 } 9052 9053 @Override 9054 public boolean isUninstallBlocked(ComponentName who, String packageName) { 9055 // This function should return true if and only if the package is blocked by 9056 // setUninstallBlocked(). It should still return false for other cases of blocks, such as 9057 // when the package is a system app, or when it is an active device admin. 9058 final int userId = UserHandle.getCallingUserId(); 9059 9060 synchronized (this) { 9061 if (who != null) { 9062 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9063 } 9064 9065 long id = mInjector.binderClearCallingIdentity(); 9066 try { 9067 return mIPackageManager.getBlockUninstallForUser(packageName, userId); 9068 } catch (RemoteException re) { 9069 // Shouldn't happen. 9070 Slog.e(LOG_TAG, "Failed to getBlockUninstallForUser", re); 9071 } finally { 9072 mInjector.binderRestoreCallingIdentity(id); 9073 } 9074 } 9075 return false; 9076 } 9077 9078 @Override 9079 public void setCrossProfileCallerIdDisabled(ComponentName who, boolean disabled) { 9080 if (!mHasFeature) { 9081 return; 9082 } 9083 Preconditions.checkNotNull(who, "ComponentName is null"); 9084 synchronized (this) { 9085 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9086 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9087 if (admin.disableCallerId != disabled) { 9088 admin.disableCallerId = disabled; 9089 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 9090 } 9091 } 9092 } 9093 9094 @Override 9095 public boolean getCrossProfileCallerIdDisabled(ComponentName who) { 9096 if (!mHasFeature) { 9097 return false; 9098 } 9099 Preconditions.checkNotNull(who, "ComponentName is null"); 9100 synchronized (this) { 9101 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9102 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9103 return admin.disableCallerId; 9104 } 9105 } 9106 9107 @Override 9108 public boolean getCrossProfileCallerIdDisabledForUser(int userId) { 9109 enforceCrossUsersPermission(userId); 9110 synchronized (this) { 9111 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9112 return (admin != null) ? admin.disableCallerId : false; 9113 } 9114 } 9115 9116 @Override 9117 public void setCrossProfileContactsSearchDisabled(ComponentName who, boolean disabled) { 9118 if (!mHasFeature) { 9119 return; 9120 } 9121 Preconditions.checkNotNull(who, "ComponentName is null"); 9122 synchronized (this) { 9123 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9124 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9125 if (admin.disableContactsSearch != disabled) { 9126 admin.disableContactsSearch = disabled; 9127 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 9128 } 9129 } 9130 } 9131 9132 @Override 9133 public boolean getCrossProfileContactsSearchDisabled(ComponentName who) { 9134 if (!mHasFeature) { 9135 return false; 9136 } 9137 Preconditions.checkNotNull(who, "ComponentName is null"); 9138 synchronized (this) { 9139 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9140 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9141 return admin.disableContactsSearch; 9142 } 9143 } 9144 9145 @Override 9146 public boolean getCrossProfileContactsSearchDisabledForUser(int userId) { 9147 enforceCrossUsersPermission(userId); 9148 synchronized (this) { 9149 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9150 return (admin != null) ? admin.disableContactsSearch : false; 9151 } 9152 } 9153 9154 @Override 9155 public void startManagedQuickContact(String actualLookupKey, long actualContactId, 9156 boolean isContactIdIgnored, long actualDirectoryId, Intent originalIntent) { 9157 final Intent intent = QuickContact.rebuildManagedQuickContactsIntent(actualLookupKey, 9158 actualContactId, isContactIdIgnored, actualDirectoryId, originalIntent); 9159 final int callingUserId = UserHandle.getCallingUserId(); 9160 9161 final long ident = mInjector.binderClearCallingIdentity(); 9162 try { 9163 synchronized (this) { 9164 final int managedUserId = getManagedUserId(callingUserId); 9165 if (managedUserId < 0) { 9166 return; 9167 } 9168 if (isCrossProfileQuickContactDisabled(managedUserId)) { 9169 if (VERBOSE_LOG) { 9170 Log.v(LOG_TAG, 9171 "Cross-profile contacts access disabled for user " + managedUserId); 9172 } 9173 return; 9174 } 9175 ContactsInternal.startQuickContactWithErrorToastForUser( 9176 mContext, intent, new UserHandle(managedUserId)); 9177 } 9178 } finally { 9179 mInjector.binderRestoreCallingIdentity(ident); 9180 } 9181 } 9182 9183 /** 9184 * @return true if cross-profile QuickContact is disabled 9185 */ 9186 private boolean isCrossProfileQuickContactDisabled(int userId) { 9187 return getCrossProfileCallerIdDisabledForUser(userId) 9188 && getCrossProfileContactsSearchDisabledForUser(userId); 9189 } 9190 9191 /** 9192 * @return the user ID of the managed user that is linked to the current user, if any. 9193 * Otherwise -1. 9194 */ 9195 public int getManagedUserId(int callingUserId) { 9196 if (VERBOSE_LOG) { 9197 Log.v(LOG_TAG, "getManagedUserId: callingUserId=" + callingUserId); 9198 } 9199 9200 for (UserInfo ui : mUserManager.getProfiles(callingUserId)) { 9201 if (ui.id == callingUserId || !ui.isManagedProfile()) { 9202 continue; // Caller user self, or not a managed profile. Skip. 9203 } 9204 if (VERBOSE_LOG) { 9205 Log.v(LOG_TAG, "Managed user=" + ui.id); 9206 } 9207 return ui.id; 9208 } 9209 if (VERBOSE_LOG) { 9210 Log.v(LOG_TAG, "Managed user not found."); 9211 } 9212 return -1; 9213 } 9214 9215 @Override 9216 public void setBluetoothContactSharingDisabled(ComponentName who, boolean disabled) { 9217 if (!mHasFeature) { 9218 return; 9219 } 9220 Preconditions.checkNotNull(who, "ComponentName is null"); 9221 synchronized (this) { 9222 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9223 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9224 if (admin.disableBluetoothContactSharing != disabled) { 9225 admin.disableBluetoothContactSharing = disabled; 9226 saveSettingsLocked(UserHandle.getCallingUserId()); 9227 } 9228 } 9229 } 9230 9231 @Override 9232 public boolean getBluetoothContactSharingDisabled(ComponentName who) { 9233 if (!mHasFeature) { 9234 return false; 9235 } 9236 Preconditions.checkNotNull(who, "ComponentName is null"); 9237 synchronized (this) { 9238 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 9239 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9240 return admin.disableBluetoothContactSharing; 9241 } 9242 } 9243 9244 @Override 9245 public boolean getBluetoothContactSharingDisabledForUser(int userId) { 9246 // TODO: Should there be a check to make sure this relationship is 9247 // within a profile group? 9248 // enforceSystemProcess("getCrossProfileCallerIdDisabled can only be called by system"); 9249 synchronized (this) { 9250 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 9251 return (admin != null) ? admin.disableBluetoothContactSharing : false; 9252 } 9253 } 9254 9255 @Override 9256 public void setLockTaskPackages(ComponentName who, String[] packages) 9257 throws SecurityException { 9258 Preconditions.checkNotNull(who, "ComponentName is null"); 9259 Preconditions.checkNotNull(packages, "packages is null"); 9260 9261 synchronized (this) { 9262 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9263 final int userHandle = mInjector.userHandleGetCallingUserId(); 9264 if (isUserAffiliatedWithDeviceLocked(userHandle)) { 9265 setLockTaskPackagesLocked(userHandle, new ArrayList<>(Arrays.asList(packages))); 9266 } else { 9267 throw new SecurityException("Admin " + who + 9268 " is neither the device owner or affiliated user's profile owner."); 9269 } 9270 } 9271 } 9272 9273 private void setLockTaskPackagesLocked(int userHandle, List<String> packages) { 9274 DevicePolicyData policy = getUserData(userHandle); 9275 policy.mLockTaskPackages = packages; 9276 9277 // Store the settings persistently. 9278 saveSettingsLocked(userHandle); 9279 updateLockTaskPackagesLocked(packages, userHandle); 9280 } 9281 9282 @Override 9283 public String[] getLockTaskPackages(ComponentName who) { 9284 Preconditions.checkNotNull(who, "ComponentName is null"); 9285 9286 final int userHandle = mInjector.binderGetCallingUserHandle().getIdentifier(); 9287 synchronized (this) { 9288 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9289 if (!isUserAffiliatedWithDeviceLocked(userHandle)) { 9290 throw new SecurityException("Admin " + who + 9291 " is neither the device owner or affiliated user's profile owner."); 9292 } 9293 9294 final List<String> packages = getUserData(userHandle).mLockTaskPackages; 9295 return packages.toArray(new String[packages.size()]); 9296 } 9297 } 9298 9299 @Override 9300 public boolean isLockTaskPermitted(String pkg) { 9301 final int userHandle = mInjector.userHandleGetCallingUserId(); 9302 synchronized (this) { 9303 return getUserData(userHandle).mLockTaskPackages.contains(pkg); 9304 } 9305 } 9306 9307 @Override 9308 public void setLockTaskFeatures(ComponentName who, int flags) { 9309 Preconditions.checkNotNull(who, "ComponentName is null"); 9310 final int userHandle = mInjector.userHandleGetCallingUserId(); 9311 synchronized (this) { 9312 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9313 if (!isUserAffiliatedWithDeviceLocked(userHandle)) { 9314 throw new SecurityException("Admin " + who + 9315 " is neither the device owner or affiliated user's profile owner."); 9316 } 9317 setLockTaskFeaturesLocked(userHandle, flags); 9318 } 9319 } 9320 9321 private void setLockTaskFeaturesLocked(int userHandle, int flags) { 9322 DevicePolicyData policy = getUserData(userHandle); 9323 policy.mLockTaskFeatures = flags; 9324 saveSettingsLocked(userHandle); 9325 updateLockTaskFeaturesLocked(flags, userHandle); 9326 } 9327 9328 @Override 9329 public int getLockTaskFeatures(ComponentName who) { 9330 Preconditions.checkNotNull(who, "ComponentName is null"); 9331 final int userHandle = mInjector.userHandleGetCallingUserId(); 9332 synchronized (this) { 9333 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9334 if (!isUserAffiliatedWithDeviceLocked(userHandle)) { 9335 throw new SecurityException("Admin " + who + 9336 " is neither the device owner or affiliated user's profile owner."); 9337 } 9338 return getUserData(userHandle).mLockTaskFeatures; 9339 } 9340 } 9341 9342 private void maybeClearLockTaskPolicyLocked() { 9343 final long ident = mInjector.binderClearCallingIdentity(); 9344 try { 9345 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 9346 for (int i = userInfos.size() - 1; i >= 0; i--) { 9347 int userId = userInfos.get(i).id; 9348 if (isUserAffiliatedWithDeviceLocked(userId)) { 9349 continue; 9350 } 9351 9352 final List<String> lockTaskPackages = getUserData(userId).mLockTaskPackages; 9353 if (!lockTaskPackages.isEmpty()) { 9354 Slog.d(LOG_TAG, 9355 "User id " + userId + " not affiliated. Clearing lock task packages"); 9356 setLockTaskPackagesLocked(userId, Collections.<String>emptyList()); 9357 } 9358 final int lockTaskFeatures = getUserData(userId).mLockTaskFeatures; 9359 if (lockTaskFeatures != DevicePolicyManager.LOCK_TASK_FEATURE_NONE){ 9360 Slog.d(LOG_TAG, 9361 "User id " + userId + " not affiliated. Clearing lock task features"); 9362 setLockTaskFeaturesLocked(userId, DevicePolicyManager.LOCK_TASK_FEATURE_NONE); 9363 } 9364 } 9365 } finally { 9366 mInjector.binderRestoreCallingIdentity(ident); 9367 } 9368 } 9369 9370 @Override 9371 public void notifyLockTaskModeChanged(boolean isEnabled, String pkg, int userHandle) { 9372 if (!isCallerWithSystemUid()) { 9373 throw new SecurityException("notifyLockTaskModeChanged can only be called by system"); 9374 } 9375 synchronized (this) { 9376 final DevicePolicyData policy = getUserData(userHandle); 9377 9378 if (policy.mStatusBarDisabled) { 9379 // Status bar is managed by LockTaskController during LockTask, so we cancel this 9380 // policy when LockTask starts, and reapply it when LockTask ends 9381 setStatusBarDisabledInternal(!isEnabled, userHandle); 9382 } 9383 9384 Bundle adminExtras = new Bundle(); 9385 adminExtras.putString(DeviceAdminReceiver.EXTRA_LOCK_TASK_PACKAGE, pkg); 9386 for (ActiveAdmin admin : policy.mAdminList) { 9387 final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userHandle); 9388 final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userHandle); 9389 if (ownsDevice || ownsProfile) { 9390 if (isEnabled) { 9391 sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_ENTERING, 9392 adminExtras, null); 9393 } else { 9394 sendAdminCommandLocked(admin, DeviceAdminReceiver.ACTION_LOCK_TASK_EXITING); 9395 } 9396 } 9397 } 9398 } 9399 } 9400 9401 @Override 9402 public void setGlobalSetting(ComponentName who, String setting, String value) { 9403 Preconditions.checkNotNull(who, "ComponentName is null"); 9404 9405 synchronized (this) { 9406 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9407 9408 // Some settings are no supported any more. However we do not want to throw a 9409 // SecurityException to avoid breaking apps. 9410 if (GLOBAL_SETTINGS_DEPRECATED.contains(setting)) { 9411 Log.i(LOG_TAG, "Global setting no longer supported: " + setting); 9412 return; 9413 } 9414 9415 if (!GLOBAL_SETTINGS_WHITELIST.contains(setting) 9416 && !UserManager.isDeviceInDemoMode(mContext)) { 9417 throw new SecurityException(String.format( 9418 "Permission denial: device owners cannot update %1$s", setting)); 9419 } 9420 9421 if (Settings.Global.STAY_ON_WHILE_PLUGGED_IN.equals(setting)) { 9422 // ignore if it contradicts an existing policy 9423 long timeMs = getMaximumTimeToLock( 9424 who, mInjector.userHandleGetCallingUserId(), /* parent */ false); 9425 if (timeMs > 0 && timeMs < Long.MAX_VALUE) { 9426 return; 9427 } 9428 } 9429 9430 long id = mInjector.binderClearCallingIdentity(); 9431 try { 9432 mInjector.settingsGlobalPutString(setting, value); 9433 } finally { 9434 mInjector.binderRestoreCallingIdentity(id); 9435 } 9436 } 9437 } 9438 9439 @Override 9440 public void setSystemSetting(ComponentName who, String setting, String value) { 9441 Preconditions.checkNotNull(who, "ComponentName is null"); 9442 Preconditions.checkStringNotEmpty(setting, "String setting is null or empty"); 9443 9444 synchronized (this) { 9445 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9446 9447 if (!SYSTEM_SETTINGS_WHITELIST.contains(setting)) { 9448 throw new SecurityException(String.format( 9449 "Permission denial: device owners cannot update %1$s", setting)); 9450 } 9451 9452 mInjector.binderWithCleanCallingIdentity(() -> mInjector.settingsSystemPutString( 9453 setting, value)); 9454 } 9455 } 9456 9457 @Override 9458 public boolean setTime(ComponentName who, long millis) { 9459 Preconditions.checkNotNull(who, "ComponentName is null in setTime"); 9460 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9461 // Don't allow set time when auto time is on. 9462 if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME, 0) == 1) { 9463 return false; 9464 } 9465 mInjector.binderWithCleanCallingIdentity(() -> mInjector.getAlarmManager().setTime(millis)); 9466 return true; 9467 } 9468 9469 @Override 9470 public boolean setTimeZone(ComponentName who, String timeZone) { 9471 Preconditions.checkNotNull(who, "ComponentName is null in setTimeZone"); 9472 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9473 // Don't allow set timezone when auto timezone is on. 9474 if (mInjector.settingsGlobalGetInt(Global.AUTO_TIME_ZONE, 0) == 1) { 9475 return false; 9476 } 9477 mInjector.binderWithCleanCallingIdentity(() -> 9478 mInjector.getAlarmManager().setTimeZone(timeZone)); 9479 return true; 9480 } 9481 9482 @Override 9483 public void setSecureSetting(ComponentName who, String setting, String value) { 9484 Preconditions.checkNotNull(who, "ComponentName is null"); 9485 int callingUserId = mInjector.userHandleGetCallingUserId(); 9486 9487 synchronized (this) { 9488 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9489 9490 if (isDeviceOwner(who, callingUserId)) { 9491 if (!SECURE_SETTINGS_DEVICEOWNER_WHITELIST.contains(setting) 9492 && !isCurrentUserDemo()) { 9493 throw new SecurityException(String.format( 9494 "Permission denial: Device owners cannot update %1$s", setting)); 9495 } 9496 } else if (!SECURE_SETTINGS_WHITELIST.contains(setting) && !isCurrentUserDemo()) { 9497 throw new SecurityException(String.format( 9498 "Permission denial: Profile owners cannot update %1$s", setting)); 9499 } 9500 if (setting.equals(Settings.Secure.INSTALL_NON_MARKET_APPS)) { 9501 if (getTargetSdk(who.getPackageName(), callingUserId) >= Build.VERSION_CODES.O) { 9502 throw new UnsupportedOperationException(Settings.Secure.INSTALL_NON_MARKET_APPS 9503 + " is deprecated. Please use the user restriction " 9504 + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES + " instead."); 9505 } 9506 if (!mUserManager.isManagedProfile(callingUserId)) { 9507 Slog.e(LOG_TAG, "Ignoring setSecureSetting request for " 9508 + setting + ". User restriction " 9509 + UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES 9510 + " should be used instead."); 9511 } else { 9512 try { 9513 setUserRestriction(who, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES, 9514 (Integer.parseInt(value) == 0) ? true : false); 9515 } catch (NumberFormatException exc) { 9516 Slog.e(LOG_TAG, "Invalid value: " + value + " for setting " + setting); 9517 } 9518 } 9519 return; 9520 } 9521 long id = mInjector.binderClearCallingIdentity(); 9522 try { 9523 if (Settings.Secure.DEFAULT_INPUT_METHOD.equals(setting)) { 9524 final String currentValue = mInjector.settingsSecureGetStringForUser( 9525 Settings.Secure.DEFAULT_INPUT_METHOD, callingUserId); 9526 if (!TextUtils.equals(currentValue, value)) { 9527 // Tell the content observer that the next change will be due to the owner 9528 // changing the value. There is a small race condition here that we cannot 9529 // avoid: Change notifications are sent asynchronously, so it is possible 9530 // that there are prior notifications queued up before the one we are about 9531 // to trigger. This is a corner case that will have no impact in practice. 9532 mSetupContentObserver.addPendingChangeByOwnerLocked(callingUserId); 9533 } 9534 getUserData(callingUserId).mCurrentInputMethodSet = true; 9535 saveSettingsLocked(callingUserId); 9536 } 9537 mInjector.settingsSecurePutStringForUser(setting, value, callingUserId); 9538 } finally { 9539 mInjector.binderRestoreCallingIdentity(id); 9540 } 9541 } 9542 } 9543 9544 @Override 9545 public void setMasterVolumeMuted(ComponentName who, boolean on) { 9546 Preconditions.checkNotNull(who, "ComponentName is null"); 9547 synchronized (this) { 9548 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9549 setUserRestriction(who, UserManager.DISALLOW_UNMUTE_DEVICE, on); 9550 } 9551 } 9552 9553 @Override 9554 public boolean isMasterVolumeMuted(ComponentName who) { 9555 Preconditions.checkNotNull(who, "ComponentName is null"); 9556 synchronized (this) { 9557 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9558 9559 AudioManager audioManager = 9560 (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE); 9561 return audioManager.isMasterMute(); 9562 } 9563 } 9564 9565 @Override 9566 public void setUserIcon(ComponentName who, Bitmap icon) { 9567 synchronized (this) { 9568 Preconditions.checkNotNull(who, "ComponentName is null"); 9569 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9570 9571 int userId = UserHandle.getCallingUserId(); 9572 long id = mInjector.binderClearCallingIdentity(); 9573 try { 9574 mUserManagerInternal.setUserIcon(userId, icon); 9575 } finally { 9576 mInjector.binderRestoreCallingIdentity(id); 9577 } 9578 } 9579 } 9580 9581 @Override 9582 public boolean setKeyguardDisabled(ComponentName who, boolean disabled) { 9583 Preconditions.checkNotNull(who, "ComponentName is null"); 9584 final int userId = mInjector.userHandleGetCallingUserId(); 9585 synchronized (this) { 9586 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9587 if (!isUserAffiliatedWithDeviceLocked(userId)) { 9588 throw new SecurityException("Admin " + who + 9589 " is neither the device owner or affiliated user's profile owner."); 9590 } 9591 } 9592 9593 long ident = mInjector.binderClearCallingIdentity(); 9594 try { 9595 // disallow disabling the keyguard if a password is currently set 9596 if (disabled && mLockPatternUtils.isSecure(userId)) { 9597 return false; 9598 } 9599 mLockPatternUtils.setLockScreenDisabled(disabled, userId); 9600 mInjector.getIWindowManager().dismissKeyguard(null); 9601 } catch (RemoteException e) { 9602 // Same process, does not happen. 9603 } finally { 9604 mInjector.binderRestoreCallingIdentity(ident); 9605 } 9606 return true; 9607 } 9608 9609 @Override 9610 public boolean setStatusBarDisabled(ComponentName who, boolean disabled) { 9611 int userId = UserHandle.getCallingUserId(); 9612 synchronized (this) { 9613 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 9614 if (!isUserAffiliatedWithDeviceLocked(userId)) { 9615 throw new SecurityException("Admin " + who + 9616 " is neither the device owner or affiliated user's profile owner."); 9617 } 9618 DevicePolicyData policy = getUserData(userId); 9619 if (policy.mStatusBarDisabled != disabled) { 9620 boolean isLockTaskMode = false; 9621 try { 9622 isLockTaskMode = mInjector.getIActivityManager().getLockTaskModeState() 9623 != LOCK_TASK_MODE_NONE; 9624 } catch (RemoteException e) { 9625 Slog.e(LOG_TAG, "Failed to get LockTask mode"); 9626 } 9627 if (!isLockTaskMode) { 9628 if (!setStatusBarDisabledInternal(disabled, userId)) { 9629 return false; 9630 } 9631 } 9632 policy.mStatusBarDisabled = disabled; 9633 saveSettingsLocked(userId); 9634 } 9635 } 9636 return true; 9637 } 9638 9639 private boolean setStatusBarDisabledInternal(boolean disabled, int userId) { 9640 long ident = mInjector.binderClearCallingIdentity(); 9641 try { 9642 IStatusBarService statusBarService = IStatusBarService.Stub.asInterface( 9643 ServiceManager.checkService(Context.STATUS_BAR_SERVICE)); 9644 if (statusBarService != null) { 9645 int flags1 = disabled ? STATUS_BAR_DISABLE_MASK : StatusBarManager.DISABLE_NONE; 9646 int flags2 = disabled ? STATUS_BAR_DISABLE2_MASK : StatusBarManager.DISABLE2_NONE; 9647 statusBarService.disableForUser(flags1, mToken, mContext.getPackageName(), userId); 9648 statusBarService.disable2ForUser(flags2, mToken, mContext.getPackageName(), userId); 9649 return true; 9650 } 9651 } catch (RemoteException e) { 9652 Slog.e(LOG_TAG, "Failed to disable the status bar", e); 9653 } finally { 9654 mInjector.binderRestoreCallingIdentity(ident); 9655 } 9656 return false; 9657 } 9658 9659 /** 9660 * We need to update the internal state of whether a user has completed setup or a 9661 * device has paired once. After that, we ignore any changes that reset the 9662 * Settings.Secure.USER_SETUP_COMPLETE or Settings.Secure.DEVICE_PAIRED change 9663 * as we don't trust any apps that might try to reset them. 9664 * <p> 9665 * Unfortunately, we don't know which user's setup state was changed, so we write all of 9666 * them. 9667 */ 9668 void updateUserSetupCompleteAndPaired() { 9669 List<UserInfo> users = mUserManager.getUsers(true); 9670 final int N = users.size(); 9671 for (int i = 0; i < N; i++) { 9672 int userHandle = users.get(i).id; 9673 if (mInjector.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0, 9674 userHandle) != 0) { 9675 DevicePolicyData policy = getUserData(userHandle); 9676 if (!policy.mUserSetupComplete) { 9677 policy.mUserSetupComplete = true; 9678 synchronized (this) { 9679 saveSettingsLocked(userHandle); 9680 } 9681 } 9682 } 9683 if (mIsWatch && mInjector.settingsSecureGetIntForUser(Settings.Secure.DEVICE_PAIRED, 0, 9684 userHandle) != 0) { 9685 DevicePolicyData policy = getUserData(userHandle); 9686 if (!policy.mPaired) { 9687 policy.mPaired = true; 9688 synchronized (this) { 9689 saveSettingsLocked(userHandle); 9690 } 9691 } 9692 } 9693 } 9694 } 9695 9696 private class SetupContentObserver extends ContentObserver { 9697 private final Uri mUserSetupComplete = Settings.Secure.getUriFor( 9698 Settings.Secure.USER_SETUP_COMPLETE); 9699 private final Uri mDeviceProvisioned = Settings.Global.getUriFor( 9700 Settings.Global.DEVICE_PROVISIONED); 9701 private final Uri mPaired = Settings.Secure.getUriFor(Settings.Secure.DEVICE_PAIRED); 9702 private final Uri mDefaultImeChanged = Settings.Secure.getUriFor( 9703 Settings.Secure.DEFAULT_INPUT_METHOD); 9704 9705 @GuardedBy("DevicePolicyManagerService.this") 9706 private Set<Integer> mUserIdsWithPendingChangesByOwner = new ArraySet<>(); 9707 9708 public SetupContentObserver(Handler handler) { 9709 super(handler); 9710 } 9711 9712 void register() { 9713 mInjector.registerContentObserver(mUserSetupComplete, false, this, UserHandle.USER_ALL); 9714 mInjector.registerContentObserver(mDeviceProvisioned, false, this, UserHandle.USER_ALL); 9715 if (mIsWatch) { 9716 mInjector.registerContentObserver(mPaired, false, this, UserHandle.USER_ALL); 9717 } 9718 mInjector.registerContentObserver(mDefaultImeChanged, false, this, UserHandle.USER_ALL); 9719 } 9720 9721 private void addPendingChangeByOwnerLocked(int userId) { 9722 mUserIdsWithPendingChangesByOwner.add(userId); 9723 } 9724 9725 @Override 9726 public void onChange(boolean selfChange, Uri uri, int userId) { 9727 if (mUserSetupComplete.equals(uri) || (mIsWatch && mPaired.equals(uri))) { 9728 updateUserSetupCompleteAndPaired(); 9729 } else if (mDeviceProvisioned.equals(uri)) { 9730 synchronized (DevicePolicyManagerService.this) { 9731 // Set PROPERTY_DEVICE_OWNER_PRESENT, for the SUW case where setting the property 9732 // is delayed until device is marked as provisioned. 9733 setDeviceOwnerSystemPropertyLocked(); 9734 } 9735 } else if (mDefaultImeChanged.equals(uri)) { 9736 synchronized (DevicePolicyManagerService.this) { 9737 if (mUserIdsWithPendingChangesByOwner.contains(userId)) { 9738 // This change notification was triggered by the owner changing the current 9739 // IME. Ignore it. 9740 mUserIdsWithPendingChangesByOwner.remove(userId); 9741 } else { 9742 // This change notification was triggered by the user manually changing the 9743 // current IME. 9744 getUserData(userId).mCurrentInputMethodSet = false; 9745 saveSettingsLocked(userId); 9746 } 9747 } 9748 } 9749 } 9750 } 9751 9752 @VisibleForTesting 9753 final class LocalService extends DevicePolicyManagerInternal { 9754 private List<OnCrossProfileWidgetProvidersChangeListener> mWidgetProviderListeners; 9755 9756 @Override 9757 public List<String> getCrossProfileWidgetProviders(int profileId) { 9758 synchronized (DevicePolicyManagerService.this) { 9759 if (mOwners == null) { 9760 return Collections.emptyList(); 9761 } 9762 ComponentName ownerComponent = mOwners.getProfileOwnerComponent(profileId); 9763 if (ownerComponent == null) { 9764 return Collections.emptyList(); 9765 } 9766 9767 DevicePolicyData policy = getUserDataUnchecked(profileId); 9768 ActiveAdmin admin = policy.mAdminMap.get(ownerComponent); 9769 9770 if (admin == null || admin.crossProfileWidgetProviders == null 9771 || admin.crossProfileWidgetProviders.isEmpty()) { 9772 return Collections.emptyList(); 9773 } 9774 9775 return admin.crossProfileWidgetProviders; 9776 } 9777 } 9778 9779 @Override 9780 public void addOnCrossProfileWidgetProvidersChangeListener( 9781 OnCrossProfileWidgetProvidersChangeListener listener) { 9782 synchronized (DevicePolicyManagerService.this) { 9783 if (mWidgetProviderListeners == null) { 9784 mWidgetProviderListeners = new ArrayList<>(); 9785 } 9786 if (!mWidgetProviderListeners.contains(listener)) { 9787 mWidgetProviderListeners.add(listener); 9788 } 9789 } 9790 } 9791 9792 @Override 9793 public boolean isActiveAdminWithPolicy(int uid, int reqPolicy) { 9794 synchronized(DevicePolicyManagerService.this) { 9795 return getActiveAdminWithPolicyForUidLocked(null, reqPolicy, uid) != null; 9796 } 9797 } 9798 9799 private void notifyCrossProfileProvidersChanged(int userId, List<String> packages) { 9800 final List<OnCrossProfileWidgetProvidersChangeListener> listeners; 9801 synchronized (DevicePolicyManagerService.this) { 9802 listeners = new ArrayList<>(mWidgetProviderListeners); 9803 } 9804 final int listenerCount = listeners.size(); 9805 for (int i = 0; i < listenerCount; i++) { 9806 OnCrossProfileWidgetProvidersChangeListener listener = listeners.get(i); 9807 listener.onCrossProfileWidgetProvidersChanged(userId, packages); 9808 } 9809 } 9810 9811 @Override 9812 public Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin) { 9813 // This method is called from AM with its lock held, so don't take the DPMS lock. 9814 // b/29242568 9815 9816 ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); 9817 if (profileOwner != null) { 9818 return DevicePolicyManagerService.this 9819 .createShowAdminSupportIntent(profileOwner, userId); 9820 } 9821 9822 final Pair<Integer, ComponentName> deviceOwner = 9823 mOwners.getDeviceOwnerUserIdAndComponent(); 9824 if (deviceOwner != null && deviceOwner.first == userId) { 9825 return DevicePolicyManagerService.this 9826 .createShowAdminSupportIntent(deviceOwner.second, userId); 9827 } 9828 9829 // We're not specifying the device admin because there isn't one. 9830 if (useDefaultIfNoAdmin) { 9831 return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); 9832 } 9833 return null; 9834 } 9835 9836 @Override 9837 public Intent createUserRestrictionSupportIntent(int userId, String userRestriction) { 9838 int source; 9839 long ident = mInjector.binderClearCallingIdentity(); 9840 try { 9841 source = mUserManager.getUserRestrictionSource(userRestriction, 9842 UserHandle.of(userId)); 9843 } finally { 9844 mInjector.binderRestoreCallingIdentity(ident); 9845 } 9846 if ((source & UserManager.RESTRICTION_SOURCE_SYSTEM) != 0) { 9847 /* 9848 * In this case, the user restriction is enforced by the system. 9849 * So we won't show an admin support intent, even if it is also 9850 * enforced by a profile/device owner. 9851 */ 9852 return null; 9853 } 9854 boolean enforcedByDo = (source & UserManager.RESTRICTION_SOURCE_DEVICE_OWNER) != 0; 9855 boolean enforcedByPo = (source & UserManager.RESTRICTION_SOURCE_PROFILE_OWNER) != 0; 9856 if (enforcedByDo && enforcedByPo) { 9857 // In this case, we'll show an admin support dialog that does not 9858 // specify the admin. 9859 return DevicePolicyManagerService.this.createShowAdminSupportIntent(null, userId); 9860 } else if (enforcedByPo) { 9861 final ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId); 9862 if (profileOwner != null) { 9863 return DevicePolicyManagerService.this 9864 .createShowAdminSupportIntent(profileOwner, userId); 9865 } 9866 // This could happen if another thread has changed the profile owner since we called 9867 // getUserRestrictionSource 9868 return null; 9869 } else if (enforcedByDo) { 9870 final Pair<Integer, ComponentName> deviceOwner 9871 = mOwners.getDeviceOwnerUserIdAndComponent(); 9872 if (deviceOwner != null) { 9873 return DevicePolicyManagerService.this 9874 .createShowAdminSupportIntent(deviceOwner.second, deviceOwner.first); 9875 } 9876 // This could happen if another thread has changed the device owner since we called 9877 // getUserRestrictionSource 9878 return null; 9879 } 9880 return null; 9881 } 9882 9883 @Override 9884 public boolean isUserAffiliatedWithDevice(int userId) { 9885 return DevicePolicyManagerService.this.isUserAffiliatedWithDeviceLocked(userId); 9886 } 9887 9888 @Override 9889 public void reportSeparateProfileChallengeChanged(@UserIdInt int userId) { 9890 synchronized (DevicePolicyManagerService.this) { 9891 updateMaximumTimeToLockLocked(userId); 9892 } 9893 } 9894 } 9895 9896 private Intent createShowAdminSupportIntent(ComponentName admin, int userId) { 9897 // This method is called with AMS lock held, so don't take DPMS lock 9898 final Intent intent = new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS); 9899 intent.putExtra(Intent.EXTRA_USER_ID, userId); 9900 intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN, admin); 9901 intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); 9902 return intent; 9903 } 9904 9905 @Override 9906 public Intent createAdminSupportIntent(String restriction) { 9907 Preconditions.checkNotNull(restriction); 9908 final int uid = mInjector.binderGetCallingUid(); 9909 final int userId = UserHandle.getUserId(uid); 9910 Intent intent = null; 9911 if (DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction) || 9912 DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction)) { 9913 synchronized(this) { 9914 final DevicePolicyData policy = getUserData(userId); 9915 final int N = policy.mAdminList.size(); 9916 for (int i = 0; i < N; i++) { 9917 final ActiveAdmin admin = policy.mAdminList.get(i); 9918 if ((admin.disableCamera && 9919 DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) || 9920 (admin.disableScreenCapture && DevicePolicyManager 9921 .POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction))) { 9922 intent = createShowAdminSupportIntent(admin.info.getComponent(), userId); 9923 break; 9924 } 9925 } 9926 // For the camera, a device owner on a different user can disable it globally, 9927 // so we need an additional check. 9928 if (intent == null 9929 && DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) { 9930 final ActiveAdmin admin = getDeviceOwnerAdminLocked(); 9931 if (admin != null && admin.disableCamera) { 9932 intent = createShowAdminSupportIntent(admin.info.getComponent(), 9933 mOwners.getDeviceOwnerUserId()); 9934 } 9935 } 9936 } 9937 } else { 9938 // if valid, |restriction| can only be a user restriction 9939 intent = mLocalService.createUserRestrictionSupportIntent(userId, restriction); 9940 } 9941 if (intent != null) { 9942 intent.putExtra(DevicePolicyManager.EXTRA_RESTRICTION, restriction); 9943 } 9944 return intent; 9945 } 9946 9947 /** 9948 * Returns true if specified admin is allowed to limit passwords and has a 9949 * {@code minimumPasswordMetrics.quality} of at least {@code minPasswordQuality} 9950 */ 9951 private static boolean isLimitPasswordAllowed(ActiveAdmin admin, int minPasswordQuality) { 9952 if (admin.minimumPasswordMetrics.quality < minPasswordQuality) { 9953 return false; 9954 } 9955 return admin.info.usesPolicy(DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD); 9956 } 9957 9958 @Override 9959 public void setSystemUpdatePolicy(ComponentName who, SystemUpdatePolicy policy) { 9960 if (policy != null && !policy.isValid()) { 9961 throw new IllegalArgumentException("Invalid system update policy."); 9962 } 9963 synchronized (this) { 9964 getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 9965 if (policy == null) { 9966 mOwners.clearSystemUpdatePolicy(); 9967 } else { 9968 mOwners.setSystemUpdatePolicy(policy); 9969 } 9970 mOwners.writeDeviceOwner(); 9971 } 9972 mContext.sendBroadcastAsUser( 9973 new Intent(DevicePolicyManager.ACTION_SYSTEM_UPDATE_POLICY_CHANGED), 9974 UserHandle.SYSTEM); 9975 } 9976 9977 @Override 9978 public SystemUpdatePolicy getSystemUpdatePolicy() { 9979 synchronized (this) { 9980 SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy(); 9981 if (policy != null && !policy.isValid()) { 9982 Slog.w(LOG_TAG, "Stored system update policy is invalid, return null instead."); 9983 return null; 9984 } 9985 return policy; 9986 } 9987 } 9988 9989 /** 9990 * Checks if the caller of the method is the device owner app. 9991 * 9992 * @param callerUid UID of the caller. 9993 * @return true if the caller is the device owner app 9994 */ 9995 @VisibleForTesting 9996 boolean isCallerDeviceOwner(int callerUid) { 9997 synchronized (this) { 9998 if (!mOwners.hasDeviceOwner()) { 9999 return false; 10000 } 10001 if (UserHandle.getUserId(callerUid) != mOwners.getDeviceOwnerUserId()) { 10002 return false; 10003 } 10004 final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent() 10005 .getPackageName(); 10006 try { 10007 String[] pkgs = mInjector.getIPackageManager().getPackagesForUid(callerUid); 10008 for (String pkg : pkgs) { 10009 if (deviceOwnerPackageName.equals(pkg)) { 10010 return true; 10011 } 10012 } 10013 } catch (RemoteException e) { 10014 return false; 10015 } 10016 } 10017 10018 return false; 10019 } 10020 10021 @Override 10022 public void notifyPendingSystemUpdate(@Nullable SystemUpdateInfo info) { 10023 mContext.enforceCallingOrSelfPermission(permission.NOTIFY_PENDING_SYSTEM_UPDATE, 10024 "Only the system update service can broadcast update information"); 10025 10026 if (UserHandle.getCallingUserId() != UserHandle.USER_SYSTEM) { 10027 Slog.w(LOG_TAG, "Only the system update service in the system user " + 10028 "can broadcast update information."); 10029 return; 10030 } 10031 10032 if (!mOwners.saveSystemUpdateInfo(info)) { 10033 // Pending system update hasn't changed, don't send duplicate notification. 10034 return; 10035 } 10036 10037 final Intent intent = new Intent(DeviceAdminReceiver.ACTION_NOTIFY_PENDING_SYSTEM_UPDATE) 10038 .putExtra(DeviceAdminReceiver.EXTRA_SYSTEM_UPDATE_RECEIVED_TIME, 10039 info == null ? -1 : info.getReceivedTime()); 10040 10041 final long ident = mInjector.binderClearCallingIdentity(); 10042 try { 10043 synchronized (this) { 10044 // Broadcast to device owner first if there is one. 10045 if (mOwners.hasDeviceOwner()) { 10046 final UserHandle deviceOwnerUser = 10047 UserHandle.of(mOwners.getDeviceOwnerUserId()); 10048 intent.setComponent(mOwners.getDeviceOwnerComponent()); 10049 mContext.sendBroadcastAsUser(intent, deviceOwnerUser); 10050 } 10051 } 10052 // Get running users. 10053 final int runningUserIds[]; 10054 try { 10055 runningUserIds = mInjector.getIActivityManager().getRunningUserIds(); 10056 } catch (RemoteException e) { 10057 // Shouldn't happen. 10058 Log.e(LOG_TAG, "Could not retrieve the list of running users", e); 10059 return; 10060 } 10061 // Send broadcasts to corresponding profile owners if any. 10062 for (final int userId : runningUserIds) { 10063 synchronized (this) { 10064 final ComponentName profileOwnerPackage = 10065 mOwners.getProfileOwnerComponent(userId); 10066 if (profileOwnerPackage != null) { 10067 intent.setComponent(profileOwnerPackage); 10068 mContext.sendBroadcastAsUser(intent, UserHandle.of(userId)); 10069 } 10070 } 10071 } 10072 } finally { 10073 mInjector.binderRestoreCallingIdentity(ident); 10074 } 10075 } 10076 10077 @Override 10078 public SystemUpdateInfo getPendingSystemUpdate(ComponentName admin) { 10079 Preconditions.checkNotNull(admin, "ComponentName is null"); 10080 enforceProfileOrDeviceOwner(admin); 10081 10082 return mOwners.getSystemUpdateInfo(); 10083 } 10084 10085 @Override 10086 public void setPermissionPolicy(ComponentName admin, String callerPackage, int policy) 10087 throws RemoteException { 10088 int userId = UserHandle.getCallingUserId(); 10089 synchronized (this) { 10090 // Ensure the caller is a DO/PO or a permission grant state delegate. 10091 enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 10092 DELEGATION_PERMISSION_GRANT); 10093 DevicePolicyData userPolicy = getUserData(userId); 10094 if (userPolicy.mPermissionPolicy != policy) { 10095 userPolicy.mPermissionPolicy = policy; 10096 saveSettingsLocked(userId); 10097 } 10098 } 10099 } 10100 10101 @Override 10102 public int getPermissionPolicy(ComponentName admin) throws RemoteException { 10103 int userId = UserHandle.getCallingUserId(); 10104 synchronized (this) { 10105 DevicePolicyData userPolicy = getUserData(userId); 10106 return userPolicy.mPermissionPolicy; 10107 } 10108 } 10109 10110 @Override 10111 public boolean setPermissionGrantState(ComponentName admin, String callerPackage, 10112 String packageName, String permission, int grantState) throws RemoteException { 10113 UserHandle user = mInjector.binderGetCallingUserHandle(); 10114 synchronized (this) { 10115 // Ensure the caller is a DO/PO or a permission grant state delegate. 10116 enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, 10117 DELEGATION_PERMISSION_GRANT); 10118 long ident = mInjector.binderClearCallingIdentity(); 10119 try { 10120 if (getTargetSdk(packageName, user.getIdentifier()) 10121 < android.os.Build.VERSION_CODES.M) { 10122 return false; 10123 } 10124 if (!isRuntimePermission(permission)) { 10125 return false; 10126 } 10127 final PackageManager packageManager = mInjector.getPackageManager(); 10128 switch (grantState) { 10129 case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: { 10130 mInjector.getPackageManagerInternal().grantRuntimePermission(packageName, 10131 permission, user.getIdentifier(), true /* override policy */); 10132 packageManager.updatePermissionFlags(permission, packageName, 10133 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 10134 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); 10135 } break; 10136 10137 case DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: { 10138 mInjector.getPackageManagerInternal().revokeRuntimePermission(packageName, 10139 permission, user.getIdentifier(), true /* override policy */); 10140 packageManager.updatePermissionFlags(permission, packageName, 10141 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 10142 PackageManager.FLAG_PERMISSION_POLICY_FIXED, user); 10143 } break; 10144 10145 case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: { 10146 packageManager.updatePermissionFlags(permission, packageName, 10147 PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user); 10148 } break; 10149 } 10150 return true; 10151 } catch (SecurityException se) { 10152 return false; 10153 } catch (NameNotFoundException e) { 10154 return false; 10155 } finally { 10156 mInjector.binderRestoreCallingIdentity(ident); 10157 } 10158 } 10159 } 10160 10161 @Override 10162 public int getPermissionGrantState(ComponentName admin, String callerPackage, 10163 String packageName, String permission) throws RemoteException { 10164 PackageManager packageManager = mInjector.getPackageManager(); 10165 10166 UserHandle user = mInjector.binderGetCallingUserHandle(); 10167 if (!isCallerWithSystemUid()) { 10168 // Ensure the caller is a DO/PO or a permission grant state delegate. 10169 enforceCanManageScope(admin, callerPackage, 10170 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT); 10171 } 10172 synchronized (this) { 10173 long ident = mInjector.binderClearCallingIdentity(); 10174 try { 10175 int granted = mIPackageManager.checkPermission(permission, 10176 packageName, user.getIdentifier()); 10177 int permFlags = packageManager.getPermissionFlags(permission, packageName, user); 10178 if ((permFlags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) 10179 != PackageManager.FLAG_PERMISSION_POLICY_FIXED) { 10180 // Not controlled by policy 10181 return DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT; 10182 } else { 10183 // Policy controlled so return result based on permission grant state 10184 return granted == PackageManager.PERMISSION_GRANTED 10185 ? DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED 10186 : DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED; 10187 } 10188 } finally { 10189 mInjector.binderRestoreCallingIdentity(ident); 10190 } 10191 } 10192 } 10193 10194 boolean isPackageInstalledForUser(String packageName, int userHandle) { 10195 try { 10196 PackageInfo pi = mInjector.getIPackageManager().getPackageInfo(packageName, 0, 10197 userHandle); 10198 return (pi != null) && (pi.applicationInfo.flags != 0); 10199 } catch (RemoteException re) { 10200 throw new RuntimeException("Package manager has died", re); 10201 } 10202 } 10203 10204 public boolean isRuntimePermission(String permissionName) throws NameNotFoundException { 10205 final PackageManager packageManager = mInjector.getPackageManager(); 10206 PermissionInfo permissionInfo = packageManager.getPermissionInfo(permissionName, 0); 10207 return (permissionInfo.protectionLevel & PermissionInfo.PROTECTION_MASK_BASE) 10208 == PermissionInfo.PROTECTION_DANGEROUS; 10209 } 10210 10211 @Override 10212 public boolean isProvisioningAllowed(String action, String packageName) { 10213 Preconditions.checkNotNull(packageName); 10214 10215 final int callingUid = mInjector.binderGetCallingUid(); 10216 final long ident = mInjector.binderClearCallingIdentity(); 10217 try { 10218 final int uidForPackage = mInjector.getPackageManager().getPackageUidAsUser( 10219 packageName, UserHandle.getUserId(callingUid)); 10220 Preconditions.checkArgument(callingUid == uidForPackage, 10221 "Caller uid doesn't match the one for the provided package."); 10222 } catch (NameNotFoundException e) { 10223 throw new IllegalArgumentException("Invalid package provided " + packageName, e); 10224 } finally { 10225 mInjector.binderRestoreCallingIdentity(ident); 10226 } 10227 10228 return checkProvisioningPreConditionSkipPermission(action, packageName) == CODE_OK; 10229 } 10230 10231 @Override 10232 public int checkProvisioningPreCondition(String action, String packageName) { 10233 Preconditions.checkNotNull(packageName); 10234 enforceCanManageProfileAndDeviceOwners(); 10235 return checkProvisioningPreConditionSkipPermission(action, packageName); 10236 } 10237 10238 private int checkProvisioningPreConditionSkipPermission(String action, String packageName) { 10239 if (!mHasFeature) { 10240 return CODE_DEVICE_ADMIN_NOT_SUPPORTED; 10241 } 10242 10243 final int callingUserId = mInjector.userHandleGetCallingUserId(); 10244 if (action != null) { 10245 switch (action) { 10246 case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE: 10247 return checkManagedProfileProvisioningPreCondition(packageName, callingUserId); 10248 case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE: 10249 return checkDeviceOwnerProvisioningPreCondition(callingUserId); 10250 case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER: 10251 return checkManagedUserProvisioningPreCondition(callingUserId); 10252 case DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE: 10253 return checkManagedShareableDeviceProvisioningPreCondition(callingUserId); 10254 } 10255 } 10256 throw new IllegalArgumentException("Unknown provisioning action " + action); 10257 } 10258 10259 /** 10260 * The device owner can only be set before the setup phase of the primary user has completed, 10261 * except for adb command if no accounts or additional users are present on the device. 10262 */ 10263 private int checkDeviceOwnerProvisioningPreConditionLocked(@Nullable ComponentName owner, 10264 int deviceOwnerUserId, boolean isAdb, boolean hasIncompatibleAccountsOrNonAdb) { 10265 if (mOwners.hasDeviceOwner()) { 10266 return CODE_HAS_DEVICE_OWNER; 10267 } 10268 if (mOwners.hasProfileOwner(deviceOwnerUserId)) { 10269 return CODE_USER_HAS_PROFILE_OWNER; 10270 } 10271 if (!mUserManager.isUserRunning(new UserHandle(deviceOwnerUserId))) { 10272 return CODE_USER_NOT_RUNNING; 10273 } 10274 if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) { 10275 return CODE_HAS_PAIRED; 10276 } 10277 if (isAdb) { 10278 // if shell command runs after user setup completed check device status. Otherwise, OK. 10279 if (mIsWatch || hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { 10280 if (!mInjector.userManagerIsSplitSystemUser()) { 10281 if (mUserManager.getUserCount() > 1) { 10282 return CODE_NONSYSTEM_USER_EXISTS; 10283 } 10284 if (hasIncompatibleAccountsOrNonAdb) { 10285 return CODE_ACCOUNTS_NOT_EMPTY; 10286 } 10287 } else { 10288 // STOPSHIP Do proper check in split user mode 10289 } 10290 } 10291 return CODE_OK; 10292 } else { 10293 if (!mInjector.userManagerIsSplitSystemUser()) { 10294 // In non-split user mode, DO has to be user 0 10295 if (deviceOwnerUserId != UserHandle.USER_SYSTEM) { 10296 return CODE_NOT_SYSTEM_USER; 10297 } 10298 // In non-split user mode, only provision DO before setup wizard completes 10299 if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) { 10300 return CODE_USER_SETUP_COMPLETED; 10301 } 10302 } else { 10303 // STOPSHIP Do proper check in split user mode 10304 } 10305 return CODE_OK; 10306 } 10307 } 10308 10309 private int checkDeviceOwnerProvisioningPreCondition(int deviceOwnerUserId) { 10310 synchronized (this) { 10311 // hasIncompatibleAccountsOrNonAdb doesn't matter since the caller is not adb. 10312 return checkDeviceOwnerProvisioningPreConditionLocked(/* owner unknown */ null, 10313 deviceOwnerUserId, /* isAdb= */ false, 10314 /* hasIncompatibleAccountsOrNonAdb=*/ true); 10315 } 10316 } 10317 10318 private int checkManagedProfileProvisioningPreCondition(String packageName, int callingUserId) { 10319 if (!hasFeatureManagedUsers()) { 10320 return CODE_MANAGED_USERS_NOT_SUPPORTED; 10321 } 10322 if (callingUserId == UserHandle.USER_SYSTEM 10323 && mInjector.userManagerIsSplitSystemUser()) { 10324 // Managed-profiles cannot be setup on the system user. 10325 return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER; 10326 } 10327 if (getProfileOwner(callingUserId) != null) { 10328 // Managed user cannot have a managed profile. 10329 return CODE_USER_HAS_PROFILE_OWNER; 10330 } 10331 10332 final long ident = mInjector.binderClearCallingIdentity(); 10333 try { 10334 final UserHandle callingUserHandle = UserHandle.of(callingUserId); 10335 final ComponentName ownerAdmin = getOwnerComponent(packageName, callingUserId); 10336 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, 10337 callingUserHandle)) { 10338 // An admin can initiate provisioning if it has set the restriction. 10339 if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin, 10340 UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserId)) { 10341 return CODE_ADD_MANAGED_PROFILE_DISALLOWED; 10342 } 10343 } 10344 boolean canRemoveProfile = true; 10345 if (mUserManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 10346 callingUserHandle)) { 10347 // We can remove a profile if the admin itself has set the restriction. 10348 if (ownerAdmin == null || isAdminAffectedByRestriction(ownerAdmin, 10349 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, 10350 callingUserId)) { 10351 canRemoveProfile = false; 10352 } 10353 } 10354 if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) { 10355 return CODE_CANNOT_ADD_MANAGED_PROFILE; 10356 } 10357 } finally { 10358 mInjector.binderRestoreCallingIdentity(ident); 10359 } 10360 return CODE_OK; 10361 } 10362 10363 private ComponentName getOwnerComponent(String packageName, int userId) { 10364 if (isDeviceOwnerPackage(packageName, userId)) { 10365 return mOwners.getDeviceOwnerComponent(); 10366 } 10367 if (isProfileOwnerPackage(packageName, userId)) { 10368 return mOwners.getProfileOwnerComponent(userId); 10369 } 10370 return null; 10371 } 10372 10373 /** 10374 * Return device owner or profile owner set on a given user. 10375 */ 10376 private @Nullable ComponentName getOwnerComponent(int userId) { 10377 synchronized (this) { 10378 if (mOwners.getDeviceOwnerUserId() == userId) { 10379 return mOwners.getDeviceOwnerComponent(); 10380 } 10381 if (mOwners.hasProfileOwner(userId)) { 10382 return mOwners.getProfileOwnerComponent(userId); 10383 } 10384 } 10385 return null; 10386 } 10387 10388 private int checkManagedUserProvisioningPreCondition(int callingUserId) { 10389 if (!hasFeatureManagedUsers()) { 10390 return CODE_MANAGED_USERS_NOT_SUPPORTED; 10391 } 10392 if (!mInjector.userManagerIsSplitSystemUser()) { 10393 // ACTION_PROVISION_MANAGED_USER only supported on split-user systems. 10394 return CODE_NOT_SYSTEM_USER_SPLIT; 10395 } 10396 if (callingUserId == UserHandle.USER_SYSTEM) { 10397 // System user cannot be a managed user. 10398 return CODE_SYSTEM_USER; 10399 } 10400 if (hasUserSetupCompleted(callingUserId)) { 10401 return CODE_USER_SETUP_COMPLETED; 10402 } 10403 if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) { 10404 return CODE_HAS_PAIRED; 10405 } 10406 return CODE_OK; 10407 } 10408 10409 private int checkManagedShareableDeviceProvisioningPreCondition(int callingUserId) { 10410 if (!mInjector.userManagerIsSplitSystemUser()) { 10411 // ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE only supported on split-user systems. 10412 return CODE_NOT_SYSTEM_USER_SPLIT; 10413 } 10414 return checkDeviceOwnerProvisioningPreCondition(callingUserId); 10415 } 10416 10417 private boolean hasFeatureManagedUsers() { 10418 try { 10419 return mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0); 10420 } catch (RemoteException e) { 10421 return false; 10422 } 10423 } 10424 10425 @Override 10426 public String getWifiMacAddress(ComponentName admin) { 10427 // Make sure caller has DO. 10428 synchronized (this) { 10429 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10430 } 10431 10432 final long ident = mInjector.binderClearCallingIdentity(); 10433 try { 10434 final WifiInfo wifiInfo = mInjector.getWifiManager().getConnectionInfo(); 10435 if (wifiInfo == null) { 10436 return null; 10437 } 10438 return wifiInfo.hasRealMacAddress() ? wifiInfo.getMacAddress() : null; 10439 } finally { 10440 mInjector.binderRestoreCallingIdentity(ident); 10441 } 10442 } 10443 10444 /** 10445 * Returns the target sdk version number that the given packageName was built for 10446 * in the given user. 10447 */ 10448 private int getTargetSdk(String packageName, int userId) { 10449 final ApplicationInfo ai; 10450 try { 10451 ai = mIPackageManager.getApplicationInfo(packageName, 0, userId); 10452 final int targetSdkVersion = ai == null ? 0 : ai.targetSdkVersion; 10453 return targetSdkVersion; 10454 } catch (RemoteException e) { 10455 // Shouldn't happen 10456 return 0; 10457 } 10458 } 10459 10460 @Override 10461 public boolean isManagedProfile(ComponentName admin) { 10462 enforceProfileOrDeviceOwner(admin); 10463 return isManagedProfile(mInjector.userHandleGetCallingUserId()); 10464 } 10465 10466 @Override 10467 public boolean isSystemOnlyUser(ComponentName admin) { 10468 synchronized (this) { 10469 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10470 } 10471 final int callingUserId = mInjector.userHandleGetCallingUserId(); 10472 return UserManager.isSplitSystemUser() && callingUserId == UserHandle.USER_SYSTEM; 10473 } 10474 10475 @Override 10476 public void reboot(ComponentName admin) { 10477 Preconditions.checkNotNull(admin); 10478 // Make sure caller has DO. 10479 synchronized (this) { 10480 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10481 } 10482 long ident = mInjector.binderClearCallingIdentity(); 10483 try { 10484 // Make sure there are no ongoing calls on the device. 10485 if (mTelephonyManager.getCallState() != TelephonyManager.CALL_STATE_IDLE) { 10486 throw new IllegalStateException("Cannot be called with ongoing call on the device"); 10487 } 10488 mInjector.powerManagerReboot(PowerManager.REBOOT_REQUESTED_BY_DEVICE_OWNER); 10489 } finally { 10490 mInjector.binderRestoreCallingIdentity(ident); 10491 } 10492 } 10493 10494 @Override 10495 public void setShortSupportMessage(@NonNull ComponentName who, CharSequence message) { 10496 if (!mHasFeature) { 10497 return; 10498 } 10499 Preconditions.checkNotNull(who, "ComponentName is null"); 10500 final int userHandle = mInjector.userHandleGetCallingUserId(); 10501 synchronized (this) { 10502 ActiveAdmin admin = getActiveAdminForUidLocked(who, 10503 mInjector.binderGetCallingUid()); 10504 if (!TextUtils.equals(admin.shortSupportMessage, message)) { 10505 admin.shortSupportMessage = message; 10506 saveSettingsLocked(userHandle); 10507 } 10508 } 10509 } 10510 10511 @Override 10512 public CharSequence getShortSupportMessage(@NonNull ComponentName who) { 10513 if (!mHasFeature) { 10514 return null; 10515 } 10516 Preconditions.checkNotNull(who, "ComponentName is null"); 10517 synchronized (this) { 10518 ActiveAdmin admin = getActiveAdminForUidLocked(who, 10519 mInjector.binderGetCallingUid()); 10520 return admin.shortSupportMessage; 10521 } 10522 } 10523 10524 @Override 10525 public void setLongSupportMessage(@NonNull ComponentName who, CharSequence message) { 10526 if (!mHasFeature) { 10527 return; 10528 } 10529 Preconditions.checkNotNull(who, "ComponentName is null"); 10530 final int userHandle = mInjector.userHandleGetCallingUserId(); 10531 synchronized (this) { 10532 ActiveAdmin admin = getActiveAdminForUidLocked(who, 10533 mInjector.binderGetCallingUid()); 10534 if (!TextUtils.equals(admin.longSupportMessage, message)) { 10535 admin.longSupportMessage = message; 10536 saveSettingsLocked(userHandle); 10537 } 10538 } 10539 } 10540 10541 @Override 10542 public CharSequence getLongSupportMessage(@NonNull ComponentName who) { 10543 if (!mHasFeature) { 10544 return null; 10545 } 10546 Preconditions.checkNotNull(who, "ComponentName is null"); 10547 synchronized (this) { 10548 ActiveAdmin admin = getActiveAdminForUidLocked(who, 10549 mInjector.binderGetCallingUid()); 10550 return admin.longSupportMessage; 10551 } 10552 } 10553 10554 @Override 10555 public CharSequence getShortSupportMessageForUser(@NonNull ComponentName who, int userHandle) { 10556 if (!mHasFeature) { 10557 return null; 10558 } 10559 Preconditions.checkNotNull(who, "ComponentName is null"); 10560 if (!isCallerWithSystemUid()) { 10561 throw new SecurityException("Only the system can query support message for user"); 10562 } 10563 synchronized (this) { 10564 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 10565 if (admin != null) { 10566 return admin.shortSupportMessage; 10567 } 10568 } 10569 return null; 10570 } 10571 10572 @Override 10573 public CharSequence getLongSupportMessageForUser(@NonNull ComponentName who, int userHandle) { 10574 if (!mHasFeature) { 10575 return null; 10576 } 10577 Preconditions.checkNotNull(who, "ComponentName is null"); 10578 if (!isCallerWithSystemUid()) { 10579 throw new SecurityException("Only the system can query support message for user"); 10580 } 10581 synchronized (this) { 10582 ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); 10583 if (admin != null) { 10584 return admin.longSupportMessage; 10585 } 10586 } 10587 return null; 10588 } 10589 10590 @Override 10591 public void setOrganizationColor(@NonNull ComponentName who, int color) { 10592 if (!mHasFeature) { 10593 return; 10594 } 10595 Preconditions.checkNotNull(who, "ComponentName is null"); 10596 final int userHandle = mInjector.userHandleGetCallingUserId(); 10597 enforceManagedProfile(userHandle, "set organization color"); 10598 synchronized (this) { 10599 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 10600 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10601 admin.organizationColor = color; 10602 saveSettingsLocked(userHandle); 10603 } 10604 } 10605 10606 @Override 10607 public void setOrganizationColorForUser(int color, int userId) { 10608 if (!mHasFeature) { 10609 return; 10610 } 10611 enforceFullCrossUsersPermission(userId); 10612 enforceManageUsers(); 10613 enforceManagedProfile(userId, "set organization color"); 10614 synchronized (this) { 10615 ActiveAdmin admin = getProfileOwnerAdminLocked(userId); 10616 admin.organizationColor = color; 10617 saveSettingsLocked(userId); 10618 } 10619 } 10620 10621 @Override 10622 public int getOrganizationColor(@NonNull ComponentName who) { 10623 if (!mHasFeature) { 10624 return ActiveAdmin.DEF_ORGANIZATION_COLOR; 10625 } 10626 Preconditions.checkNotNull(who, "ComponentName is null"); 10627 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization color"); 10628 synchronized (this) { 10629 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 10630 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10631 return admin.organizationColor; 10632 } 10633 } 10634 10635 @Override 10636 public int getOrganizationColorForUser(int userHandle) { 10637 if (!mHasFeature) { 10638 return ActiveAdmin.DEF_ORGANIZATION_COLOR; 10639 } 10640 enforceFullCrossUsersPermission(userHandle); 10641 enforceManagedProfile(userHandle, "get organization color"); 10642 synchronized (this) { 10643 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle); 10644 return (profileOwner != null) 10645 ? profileOwner.organizationColor 10646 : ActiveAdmin.DEF_ORGANIZATION_COLOR; 10647 } 10648 } 10649 10650 @Override 10651 public void setOrganizationName(@NonNull ComponentName who, CharSequence text) { 10652 if (!mHasFeature) { 10653 return; 10654 } 10655 Preconditions.checkNotNull(who, "ComponentName is null"); 10656 final int userHandle = mInjector.userHandleGetCallingUserId(); 10657 10658 synchronized (this) { 10659 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 10660 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10661 if (!TextUtils.equals(admin.organizationName, text)) { 10662 admin.organizationName = (text == null || text.length() == 0) 10663 ? null : text.toString(); 10664 saveSettingsLocked(userHandle); 10665 } 10666 } 10667 } 10668 10669 @Override 10670 public CharSequence getOrganizationName(@NonNull ComponentName who) { 10671 if (!mHasFeature) { 10672 return null; 10673 } 10674 Preconditions.checkNotNull(who, "ComponentName is null"); 10675 enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization name"); 10676 synchronized(this) { 10677 ActiveAdmin admin = getActiveAdminForCallerLocked(who, 10678 DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10679 return admin.organizationName; 10680 } 10681 } 10682 10683 @Override 10684 public CharSequence getDeviceOwnerOrganizationName() { 10685 if (!mHasFeature) { 10686 return null; 10687 } 10688 enforceDeviceOwnerOrManageUsers(); 10689 synchronized(this) { 10690 final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked(); 10691 return deviceOwnerAdmin == null ? null : deviceOwnerAdmin.organizationName; 10692 } 10693 } 10694 10695 @Override 10696 public CharSequence getOrganizationNameForUser(int userHandle) { 10697 if (!mHasFeature) { 10698 return null; 10699 } 10700 enforceFullCrossUsersPermission(userHandle); 10701 enforceManagedProfile(userHandle, "get organization name"); 10702 synchronized (this) { 10703 ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle); 10704 return (profileOwner != null) 10705 ? profileOwner.organizationName 10706 : null; 10707 } 10708 } 10709 10710 @Override 10711 public void setAffiliationIds(ComponentName admin, List<String> ids) { 10712 if (!mHasFeature) { 10713 return; 10714 } 10715 if (ids == null) { 10716 throw new IllegalArgumentException("ids must not be null"); 10717 } 10718 for (String id : ids) { 10719 if (TextUtils.isEmpty(id)) { 10720 throw new IllegalArgumentException("ids must not contain empty string"); 10721 } 10722 } 10723 10724 final Set<String> affiliationIds = new ArraySet<>(ids); 10725 final int callingUserId = mInjector.userHandleGetCallingUserId(); 10726 synchronized (this) { 10727 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10728 getUserData(callingUserId).mAffiliationIds = affiliationIds; 10729 saveSettingsLocked(callingUserId); 10730 if (callingUserId != UserHandle.USER_SYSTEM && isDeviceOwner(admin, callingUserId)) { 10731 // Affiliation ids specified by the device owner are additionally stored in 10732 // UserHandle.USER_SYSTEM's DevicePolicyData. 10733 getUserData(UserHandle.USER_SYSTEM).mAffiliationIds = affiliationIds; 10734 saveSettingsLocked(UserHandle.USER_SYSTEM); 10735 } 10736 10737 // Affiliation status for any user, not just the calling user, might have changed. 10738 // The device owner user will still be affiliated after changing its affiliation ids, 10739 // but as a result of that other users might become affiliated or un-affiliated. 10740 maybePauseDeviceWideLoggingLocked(); 10741 maybeResumeDeviceWideLoggingLocked(); 10742 maybeClearLockTaskPolicyLocked(); 10743 } 10744 } 10745 10746 @Override 10747 public List<String> getAffiliationIds(ComponentName admin) { 10748 if (!mHasFeature) { 10749 return Collections.emptyList(); 10750 } 10751 10752 Preconditions.checkNotNull(admin); 10753 synchronized (this) { 10754 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 10755 return new ArrayList<String>( 10756 getUserData(mInjector.userHandleGetCallingUserId()).mAffiliationIds); 10757 } 10758 } 10759 10760 @Override 10761 public boolean isAffiliatedUser() { 10762 if (!mHasFeature) { 10763 return false; 10764 } 10765 10766 synchronized (this) { 10767 return isUserAffiliatedWithDeviceLocked(mInjector.userHandleGetCallingUserId()); 10768 } 10769 } 10770 10771 private boolean isUserAffiliatedWithDeviceLocked(int userId) { 10772 if (!mOwners.hasDeviceOwner()) { 10773 return false; 10774 } 10775 if (userId == mOwners.getDeviceOwnerUserId()) { 10776 // The user that the DO is installed on is always affiliated with the device. 10777 return true; 10778 } 10779 if (userId == UserHandle.USER_SYSTEM) { 10780 // The system user is always affiliated in a DO device, even if the DO is set on a 10781 // different user. This could be the case if the DO is set in the primary user 10782 // of a split user device. 10783 return true; 10784 } 10785 final ComponentName profileOwner = getProfileOwner(userId); 10786 if (profileOwner == null) { 10787 return false; 10788 } 10789 final Set<String> userAffiliationIds = getUserData(userId).mAffiliationIds; 10790 final Set<String> deviceAffiliationIds = 10791 getUserData(UserHandle.USER_SYSTEM).mAffiliationIds; 10792 for (String id : userAffiliationIds) { 10793 if (deviceAffiliationIds.contains(id)) { 10794 return true; 10795 } 10796 } 10797 return false; 10798 } 10799 10800 private boolean areAllUsersAffiliatedWithDeviceLocked() { 10801 final long ident = mInjector.binderClearCallingIdentity(); 10802 try { 10803 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 10804 for (int i = 0; i < userInfos.size(); i++) { 10805 int userId = userInfos.get(i).id; 10806 if (!isUserAffiliatedWithDeviceLocked(userId)) { 10807 Slog.d(LOG_TAG, "User id " + userId + " not affiliated."); 10808 return false; 10809 } 10810 } 10811 } finally { 10812 mInjector.binderRestoreCallingIdentity(ident); 10813 } 10814 10815 return true; 10816 } 10817 10818 @Override 10819 public void setSecurityLoggingEnabled(ComponentName admin, boolean enabled) { 10820 if (!mHasFeature) { 10821 return; 10822 } 10823 Preconditions.checkNotNull(admin); 10824 10825 synchronized (this) { 10826 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10827 if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) { 10828 return; 10829 } 10830 mInjector.securityLogSetLoggingEnabledProperty(enabled); 10831 if (enabled) { 10832 mSecurityLogMonitor.start(); 10833 maybePauseDeviceWideLoggingLocked(); 10834 } else { 10835 mSecurityLogMonitor.stop(); 10836 } 10837 } 10838 } 10839 10840 @Override 10841 public boolean isSecurityLoggingEnabled(ComponentName admin) { 10842 if (!mHasFeature) { 10843 return false; 10844 } 10845 10846 synchronized (this) { 10847 if (!isCallerWithSystemUid()) { 10848 Preconditions.checkNotNull(admin); 10849 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 10850 } 10851 return mInjector.securityLogGetLoggingEnabledProperty(); 10852 } 10853 } 10854 10855 private synchronized void recordSecurityLogRetrievalTime() { 10856 final long currentTime = System.currentTimeMillis(); 10857 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 10858 if (currentTime > policyData.mLastSecurityLogRetrievalTime) { 10859 policyData.mLastSecurityLogRetrievalTime = currentTime; 10860 saveSettingsLocked(UserHandle.USER_SYSTEM); 10861 } 10862 } 10863 10864 @Override 10865 public ParceledListSlice<SecurityEvent> retrievePreRebootSecurityLogs(ComponentName admin) { 10866 if (!mHasFeature) { 10867 return null; 10868 } 10869 10870 Preconditions.checkNotNull(admin); 10871 ensureDeviceOwnerAndAllUsersAffiliated(admin); 10872 10873 if (!mContext.getResources().getBoolean(R.bool.config_supportPreRebootSecurityLogs) 10874 || !mInjector.securityLogGetLoggingEnabledProperty()) { 10875 return null; 10876 } 10877 10878 recordSecurityLogRetrievalTime(); 10879 10880 ArrayList<SecurityEvent> output = new ArrayList<SecurityEvent>(); 10881 try { 10882 SecurityLog.readPreviousEvents(output); 10883 return new ParceledListSlice<SecurityEvent>(output); 10884 } catch (IOException e) { 10885 Slog.w(LOG_TAG, "Fail to read previous events" , e); 10886 return new ParceledListSlice<SecurityEvent>(Collections.<SecurityEvent>emptyList()); 10887 } 10888 } 10889 10890 @Override 10891 public ParceledListSlice<SecurityEvent> retrieveSecurityLogs(ComponentName admin) { 10892 if (!mHasFeature) { 10893 return null; 10894 } 10895 10896 Preconditions.checkNotNull(admin); 10897 ensureDeviceOwnerAndAllUsersAffiliated(admin); 10898 10899 if (!mInjector.securityLogGetLoggingEnabledProperty()) { 10900 return null; 10901 } 10902 10903 recordSecurityLogRetrievalTime(); 10904 10905 List<SecurityEvent> logs = mSecurityLogMonitor.retrieveLogs(); 10906 return logs != null ? new ParceledListSlice<SecurityEvent>(logs) : null; 10907 } 10908 10909 private void enforceCanManageDeviceAdmin() { 10910 mContext.enforceCallingOrSelfPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS, 10911 null); 10912 } 10913 10914 private void enforceCanManageProfileAndDeviceOwners() { 10915 mContext.enforceCallingOrSelfPermission( 10916 android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); 10917 } 10918 10919 private void enforceCallerSystemUserHandle() { 10920 final int callingUid = mInjector.binderGetCallingUid(); 10921 final int userId = UserHandle.getUserId(callingUid); 10922 if (userId != UserHandle.USER_SYSTEM) { 10923 throw new SecurityException("Caller has to be in user 0"); 10924 } 10925 } 10926 10927 @Override 10928 public boolean isUninstallInQueue(final String packageName) { 10929 enforceCanManageDeviceAdmin(); 10930 final int userId = mInjector.userHandleGetCallingUserId(); 10931 Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 10932 synchronized (this) { 10933 return mPackagesToRemove.contains(packageUserPair); 10934 } 10935 } 10936 10937 @Override 10938 public void uninstallPackageWithActiveAdmins(final String packageName) { 10939 enforceCanManageDeviceAdmin(); 10940 Preconditions.checkArgument(!TextUtils.isEmpty(packageName)); 10941 10942 final int userId = mInjector.userHandleGetCallingUserId(); 10943 10944 enforceUserUnlocked(userId); 10945 10946 final ComponentName profileOwner = getProfileOwner(userId); 10947 if (profileOwner != null && packageName.equals(profileOwner.getPackageName())) { 10948 throw new IllegalArgumentException("Cannot uninstall a package with a profile owner"); 10949 } 10950 10951 final ComponentName deviceOwner = getDeviceOwnerComponent(/* callingUserOnly= */ false); 10952 if (getDeviceOwnerUserId() == userId && deviceOwner != null 10953 && packageName.equals(deviceOwner.getPackageName())) { 10954 throw new IllegalArgumentException("Cannot uninstall a package with a device owner"); 10955 } 10956 10957 final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 10958 synchronized (this) { 10959 mPackagesToRemove.add(packageUserPair); 10960 } 10961 10962 // All active admins on the user. 10963 final List<ComponentName> allActiveAdmins = getActiveAdmins(userId); 10964 10965 // Active admins in the target package. 10966 final List<ComponentName> packageActiveAdmins = new ArrayList<>(); 10967 if (allActiveAdmins != null) { 10968 for (ComponentName activeAdmin : allActiveAdmins) { 10969 if (packageName.equals(activeAdmin.getPackageName())) { 10970 packageActiveAdmins.add(activeAdmin); 10971 removeActiveAdmin(activeAdmin, userId); 10972 } 10973 } 10974 } 10975 if (packageActiveAdmins.size() == 0) { 10976 startUninstallIntent(packageName, userId); 10977 } else { 10978 mHandler.postDelayed(new Runnable() { 10979 @Override 10980 public void run() { 10981 for (ComponentName activeAdmin : packageActiveAdmins) { 10982 removeAdminArtifacts(activeAdmin, userId); 10983 } 10984 startUninstallIntent(packageName, userId); 10985 } 10986 }, DEVICE_ADMIN_DEACTIVATE_TIMEOUT); // Start uninstall after timeout anyway. 10987 } 10988 } 10989 10990 @Override 10991 public boolean isDeviceProvisioned() { 10992 synchronized (this) { 10993 return getUserDataUnchecked(UserHandle.USER_SYSTEM).mUserSetupComplete; 10994 } 10995 } 10996 10997 private boolean isCurrentUserDemo() { 10998 if (UserManager.isDeviceInDemoMode(mContext)) { 10999 final int userId = mInjector.userHandleGetCallingUserId(); 11000 final long callingIdentity = mInjector.binderClearCallingIdentity(); 11001 try { 11002 return mUserManager.getUserInfo(userId).isDemo(); 11003 } finally { 11004 mInjector.binderRestoreCallingIdentity(callingIdentity); 11005 } 11006 } 11007 return false; 11008 } 11009 11010 private void removePackageIfRequired(final String packageName, final int userId) { 11011 if (!packageHasActiveAdmins(packageName, userId)) { 11012 // Will not do anything if uninstall was not requested or was already started. 11013 startUninstallIntent(packageName, userId); 11014 } 11015 } 11016 11017 private void startUninstallIntent(final String packageName, final int userId) { 11018 final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId); 11019 synchronized (this) { 11020 if (!mPackagesToRemove.contains(packageUserPair)) { 11021 // Do nothing if uninstall was not requested or was already started. 11022 return; 11023 } 11024 mPackagesToRemove.remove(packageUserPair); 11025 } 11026 try { 11027 if (mInjector.getIPackageManager().getPackageInfo(packageName, 0, userId) == null) { 11028 // Package does not exist. Nothing to do. 11029 return; 11030 } 11031 } catch (RemoteException re) { 11032 Log.e(LOG_TAG, "Failure talking to PackageManager while getting package info"); 11033 } 11034 11035 try { // force stop the package before uninstalling 11036 mInjector.getIActivityManager().forceStopPackage(packageName, userId); 11037 } catch (RemoteException re) { 11038 Log.e(LOG_TAG, "Failure talking to ActivityManager while force stopping package"); 11039 } 11040 final Uri packageURI = Uri.parse("package:" + packageName); 11041 final Intent uninstallIntent = new Intent(Intent.ACTION_UNINSTALL_PACKAGE, packageURI); 11042 uninstallIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK); 11043 mContext.startActivityAsUser(uninstallIntent, UserHandle.of(userId)); 11044 } 11045 11046 /** 11047 * Removes the admin from the policy. Ideally called after the admin's 11048 * {@link DeviceAdminReceiver#onDisabled(Context, Intent)} has been successfully completed. 11049 * 11050 * @param adminReceiver The admin to remove 11051 * @param userHandle The user for which this admin has to be removed. 11052 */ 11053 private void removeAdminArtifacts(final ComponentName adminReceiver, final int userHandle) { 11054 synchronized (this) { 11055 final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle); 11056 if (admin == null) { 11057 return; 11058 } 11059 final DevicePolicyData policy = getUserData(userHandle); 11060 final boolean doProxyCleanup = admin.info.usesPolicy( 11061 DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY); 11062 policy.mAdminList.remove(admin); 11063 policy.mAdminMap.remove(adminReceiver); 11064 validatePasswordOwnerLocked(policy); 11065 if (doProxyCleanup) { 11066 resetGlobalProxyLocked(policy); 11067 } 11068 saveSettingsLocked(userHandle); 11069 updateMaximumTimeToLockLocked(userHandle); 11070 policy.mRemovingAdmins.remove(adminReceiver); 11071 11072 Slog.i(LOG_TAG, "Device admin " + adminReceiver + " removed from user " + userHandle); 11073 } 11074 // The removed admin might have disabled camera, so update user 11075 // restrictions. 11076 pushUserRestrictions(userHandle); 11077 } 11078 11079 @Override 11080 public void setDeviceProvisioningConfigApplied() { 11081 enforceManageUsers(); 11082 synchronized (this) { 11083 DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 11084 policy.mDeviceProvisioningConfigApplied = true; 11085 saveSettingsLocked(UserHandle.USER_SYSTEM); 11086 } 11087 } 11088 11089 @Override 11090 public boolean isDeviceProvisioningConfigApplied() { 11091 enforceManageUsers(); 11092 synchronized (this) { 11093 final DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM); 11094 return policy.mDeviceProvisioningConfigApplied; 11095 } 11096 } 11097 11098 /** 11099 * Force update internal persistent state from Settings.Secure.USER_SETUP_COMPLETE. 11100 * 11101 * It's added for testing only. Please use this API carefully if it's used by other system app 11102 * and bare in mind Settings.Secure.USER_SETUP_COMPLETE can be modified by user and other system 11103 * apps. 11104 */ 11105 @Override 11106 public void forceUpdateUserSetupComplete() { 11107 enforceCanManageProfileAndDeviceOwners(); 11108 enforceCallerSystemUserHandle(); 11109 // no effect if it's called from user build 11110 if (!mInjector.isBuildDebuggable()) { 11111 return; 11112 } 11113 final int userId = UserHandle.USER_SYSTEM; 11114 boolean isUserCompleted = mInjector.settingsSecureGetIntForUser( 11115 Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0; 11116 DevicePolicyData policy = getUserData(userId); 11117 policy.mUserSetupComplete = isUserCompleted; 11118 synchronized (this) { 11119 saveSettingsLocked(userId); 11120 } 11121 } 11122 11123 // TODO(b/22388012): When backup is available for secondary users and profiles, consider 11124 // whether there are any privacy/security implications of enabling the backup service here 11125 // if there are other users or profiles unmanaged or managed by a different entity (i.e. not 11126 // affiliated). 11127 @Override 11128 public void setBackupServiceEnabled(ComponentName admin, boolean enabled) { 11129 if (!mHasFeature) { 11130 return; 11131 } 11132 Preconditions.checkNotNull(admin); 11133 synchronized (this) { 11134 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11135 } 11136 11137 final long ident = mInjector.binderClearCallingIdentity(); 11138 try { 11139 IBackupManager ibm = mInjector.getIBackupManager(); 11140 if (ibm != null) { 11141 ibm.setBackupServiceActive(UserHandle.USER_SYSTEM, enabled); 11142 } 11143 } catch (RemoteException e) { 11144 throw new IllegalStateException( 11145 "Failed " + (enabled ? "" : "de") + "activating backup service.", e); 11146 } finally { 11147 mInjector.binderRestoreCallingIdentity(ident); 11148 } 11149 } 11150 11151 @Override 11152 public boolean isBackupServiceEnabled(ComponentName admin) { 11153 Preconditions.checkNotNull(admin); 11154 if (!mHasFeature) { 11155 return true; 11156 } 11157 synchronized (this) { 11158 try { 11159 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11160 IBackupManager ibm = mInjector.getIBackupManager(); 11161 return ibm != null && ibm.isBackupServiceActive(UserHandle.USER_SYSTEM); 11162 } catch (RemoteException e) { 11163 throw new IllegalStateException("Failed requesting backup service state.", e); 11164 } 11165 } 11166 } 11167 11168 @Override 11169 public boolean bindDeviceAdminServiceAsUser( 11170 @NonNull ComponentName admin, @NonNull IApplicationThread caller, 11171 @Nullable IBinder activtiyToken, @NonNull Intent serviceIntent, 11172 @NonNull IServiceConnection connection, int flags, @UserIdInt int targetUserId) { 11173 if (!mHasFeature) { 11174 return false; 11175 } 11176 Preconditions.checkNotNull(admin); 11177 Preconditions.checkNotNull(caller); 11178 Preconditions.checkNotNull(serviceIntent); 11179 Preconditions.checkArgument( 11180 serviceIntent.getComponent() != null || serviceIntent.getPackage() != null, 11181 "Service intent must be explicit (with a package name or component): " 11182 + serviceIntent); 11183 Preconditions.checkNotNull(connection); 11184 Preconditions.checkArgument(mInjector.userHandleGetCallingUserId() != targetUserId, 11185 "target user id must be different from the calling user id"); 11186 11187 if (!getBindDeviceAdminTargetUsers(admin).contains(UserHandle.of(targetUserId))) { 11188 throw new SecurityException("Not allowed to bind to target user id"); 11189 } 11190 11191 final String targetPackage; 11192 synchronized (this) { 11193 targetPackage = getOwnerPackageNameForUserLocked(targetUserId); 11194 } 11195 11196 final long callingIdentity = mInjector.binderClearCallingIdentity(); 11197 try { 11198 // Validate and sanitize the incoming service intent. 11199 final Intent sanitizedIntent = 11200 createCrossUserServiceIntent(serviceIntent, targetPackage, targetUserId); 11201 if (sanitizedIntent == null) { 11202 // Fail, cannot lookup the target service. 11203 return false; 11204 } 11205 // Ask ActivityManager to bind it. Notice that we are binding the service with the 11206 // caller app instead of DevicePolicyManagerService. 11207 return mInjector.getIActivityManager().bindService( 11208 caller, activtiyToken, serviceIntent, 11209 serviceIntent.resolveTypeIfNeeded(mContext.getContentResolver()), 11210 connection, flags, mContext.getOpPackageName(), 11211 targetUserId) != 0; 11212 } catch (RemoteException ex) { 11213 // Same process, should not happen. 11214 } finally { 11215 mInjector.binderRestoreCallingIdentity(callingIdentity); 11216 } 11217 11218 // Failed to bind. 11219 return false; 11220 } 11221 11222 @Override 11223 public @NonNull List<UserHandle> getBindDeviceAdminTargetUsers(@NonNull ComponentName admin) { 11224 if (!mHasFeature) { 11225 return Collections.emptyList(); 11226 } 11227 Preconditions.checkNotNull(admin); 11228 11229 synchronized (this) { 11230 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11231 11232 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11233 final long callingIdentity = mInjector.binderClearCallingIdentity(); 11234 try { 11235 ArrayList<UserHandle> targetUsers = new ArrayList<>(); 11236 if (!isDeviceOwner(admin, callingUserId)) { 11237 // Profile owners can only bind to the device owner. 11238 if (canUserBindToDeviceOwnerLocked(callingUserId)) { 11239 targetUsers.add(UserHandle.of(mOwners.getDeviceOwnerUserId())); 11240 } 11241 } else { 11242 // Caller is the device owner: Look for profile owners that it can bind to. 11243 final List<UserInfo> userInfos = mUserManager.getUsers(/*excludeDying=*/ true); 11244 for (int i = 0; i < userInfos.size(); i++) { 11245 final int userId = userInfos.get(i).id; 11246 if (userId != callingUserId && canUserBindToDeviceOwnerLocked(userId)) { 11247 targetUsers.add(UserHandle.of(userId)); 11248 } 11249 } 11250 } 11251 11252 return targetUsers; 11253 } finally { 11254 mInjector.binderRestoreCallingIdentity(callingIdentity); 11255 } 11256 } 11257 } 11258 11259 private boolean canUserBindToDeviceOwnerLocked(int userId) { 11260 // There has to be a device owner, under another user id. 11261 if (!mOwners.hasDeviceOwner() || userId == mOwners.getDeviceOwnerUserId()) { 11262 return false; 11263 } 11264 11265 // The user must have a profile owner that belongs to the same package as the device owner. 11266 if (!mOwners.hasProfileOwner(userId) || !TextUtils.equals( 11267 mOwners.getDeviceOwnerPackageName(), mOwners.getProfileOwnerPackage(userId))) { 11268 return false; 11269 } 11270 11271 // The user must be affiliated. 11272 return isUserAffiliatedWithDeviceLocked(userId); 11273 } 11274 11275 /** 11276 * Return true if a given user has any accounts that'll prevent installing a device or profile 11277 * owner {@code owner}. 11278 * - If the user has no accounts, then return false. 11279 * - Otherwise, if the owner is unknown (== null), or is not test-only, then return true. 11280 * - Otherwise, if there's any account that does not have ..._ALLOWED, or does have 11281 * ..._DISALLOWED, return true. 11282 * - Otherwise return false. 11283 * 11284 * If the caller is *not* ADB, it also returns true. The returned value shouldn't be used 11285 * when the caller is not ADB. 11286 * 11287 * DO NOT CALL IT WITH THE DPMS LOCK HELD. 11288 */ 11289 private boolean hasIncompatibleAccountsOrNonAdbNoLock( 11290 int userId, @Nullable ComponentName owner) { 11291 if (!isAdb()) { 11292 return true; 11293 } 11294 wtfIfInLock(); 11295 11296 final long token = mInjector.binderClearCallingIdentity(); 11297 try { 11298 final AccountManager am = AccountManager.get(mContext); 11299 final Account accounts[] = am.getAccountsAsUser(userId); 11300 if (accounts.length == 0) { 11301 return false; 11302 } 11303 synchronized (this) { 11304 if (owner == null || !isAdminTestOnlyLocked(owner, userId)) { 11305 Log.w(LOG_TAG, 11306 "Non test-only owner can't be installed with existing accounts."); 11307 return true; 11308 } 11309 } 11310 11311 final String[] feature_allow = 11312 { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED }; 11313 final String[] feature_disallow = 11314 { DevicePolicyManager.ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED }; 11315 11316 boolean compatible = true; 11317 for (Account account : accounts) { 11318 if (hasAccountFeatures(am, account, feature_disallow)) { 11319 Log.e(LOG_TAG, account + " has " + feature_disallow[0]); 11320 compatible = false; 11321 break; 11322 } 11323 if (!hasAccountFeatures(am, account, feature_allow)) { 11324 Log.e(LOG_TAG, account + " doesn't have " + feature_allow[0]); 11325 compatible = false; 11326 break; 11327 } 11328 } 11329 if (compatible) { 11330 Log.w(LOG_TAG, "All accounts are compatible"); 11331 } else { 11332 Log.e(LOG_TAG, "Found incompatible accounts"); 11333 } 11334 return !compatible; 11335 } finally { 11336 mInjector.binderRestoreCallingIdentity(token); 11337 } 11338 } 11339 11340 private boolean hasAccountFeatures(AccountManager am, Account account, String[] features) { 11341 try { 11342 return am.hasFeatures(account, features, null, null).getResult(); 11343 } catch (Exception e) { 11344 Log.w(LOG_TAG, "Failed to get account feature", e); 11345 return false; 11346 } 11347 } 11348 11349 private boolean isAdb() { 11350 final int callingUid = mInjector.binderGetCallingUid(); 11351 return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID; 11352 } 11353 11354 @Override 11355 public synchronized void setNetworkLoggingEnabled(ComponentName admin, boolean enabled) { 11356 if (!mHasFeature) { 11357 return; 11358 } 11359 Preconditions.checkNotNull(admin); 11360 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11361 11362 if (enabled == isNetworkLoggingEnabledInternalLocked()) { 11363 // already in the requested state 11364 return; 11365 } 11366 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 11367 deviceOwner.isNetworkLoggingEnabled = enabled; 11368 if (!enabled) { 11369 deviceOwner.numNetworkLoggingNotifications = 0; 11370 deviceOwner.lastNetworkLoggingNotificationTimeMs = 0; 11371 } 11372 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 11373 11374 setNetworkLoggingActiveInternal(enabled); 11375 } 11376 11377 private synchronized void setNetworkLoggingActiveInternal(boolean active) { 11378 final long callingIdentity = mInjector.binderClearCallingIdentity(); 11379 try { 11380 if (active) { 11381 mNetworkLogger = new NetworkLogger(this, mInjector.getPackageManagerInternal()); 11382 if (!mNetworkLogger.startNetworkLogging()) { 11383 mNetworkLogger = null; 11384 Slog.wtf(LOG_TAG, "Network logging could not be started due to the logging" 11385 + " service not being available yet."); 11386 } 11387 maybePauseDeviceWideLoggingLocked(); 11388 sendNetworkLoggingNotificationLocked(); 11389 } else { 11390 if (mNetworkLogger != null && !mNetworkLogger.stopNetworkLogging()) { 11391 Slog.wtf(LOG_TAG, "Network logging could not be stopped due to the logging" 11392 + " service not being available yet."); 11393 } 11394 mNetworkLogger = null; 11395 mInjector.getNotificationManager().cancel(SystemMessage.NOTE_NETWORK_LOGGING); 11396 } 11397 } finally { 11398 mInjector.binderRestoreCallingIdentity(callingIdentity); 11399 } 11400 } 11401 11402 /** Pauses security and network logging if there are unaffiliated users on the device */ 11403 private void maybePauseDeviceWideLoggingLocked() { 11404 if (!areAllUsersAffiliatedWithDeviceLocked()) { 11405 Slog.i(LOG_TAG, "There are unaffiliated users, security and network logging will be " 11406 + "paused if enabled."); 11407 mSecurityLogMonitor.pause(); 11408 if (mNetworkLogger != null) { 11409 mNetworkLogger.pause(); 11410 } 11411 } 11412 } 11413 11414 /** Resumes security and network logging (if they are enabled) if all users are affiliated */ 11415 private void maybeResumeDeviceWideLoggingLocked() { 11416 if (areAllUsersAffiliatedWithDeviceLocked()) { 11417 final long ident = mInjector.binderClearCallingIdentity(); 11418 try { 11419 mSecurityLogMonitor.resume(); 11420 if (mNetworkLogger != null) { 11421 mNetworkLogger.resume(); 11422 } 11423 } finally { 11424 mInjector.binderRestoreCallingIdentity(ident); 11425 } 11426 } 11427 } 11428 11429 /** Deletes any security and network logs that might have been collected so far */ 11430 private void discardDeviceWideLogsLocked() { 11431 mSecurityLogMonitor.discardLogs(); 11432 if (mNetworkLogger != null) { 11433 mNetworkLogger.discardLogs(); 11434 } 11435 // TODO: We should discard pre-boot security logs here too, as otherwise those 11436 // logs (which might contain data from the user just removed) will be 11437 // available after next boot. 11438 } 11439 11440 @Override 11441 public boolean isNetworkLoggingEnabled(ComponentName admin) { 11442 if (!mHasFeature) { 11443 return false; 11444 } 11445 synchronized (this) { 11446 enforceDeviceOwnerOrManageUsers(); 11447 return isNetworkLoggingEnabledInternalLocked(); 11448 } 11449 } 11450 11451 private boolean isNetworkLoggingEnabledInternalLocked() { 11452 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 11453 return (deviceOwner != null) && deviceOwner.isNetworkLoggingEnabled; 11454 } 11455 11456 /* 11457 * A maximum of 1200 events are returned, and the total marshalled size is in the order of 11458 * 100kB, so returning a List instead of ParceledListSlice is acceptable. 11459 * Ideally this would be done with ParceledList, however it only supports homogeneous types. 11460 * 11461 * @see NetworkLoggingHandler#MAX_EVENTS_PER_BATCH 11462 */ 11463 @Override 11464 public List<NetworkEvent> retrieveNetworkLogs(ComponentName admin, long batchToken) { 11465 if (!mHasFeature) { 11466 return null; 11467 } 11468 Preconditions.checkNotNull(admin); 11469 ensureDeviceOwnerAndAllUsersAffiliated(admin); 11470 11471 synchronized (this) { 11472 if (mNetworkLogger == null 11473 || !isNetworkLoggingEnabledInternalLocked()) { 11474 return null; 11475 } 11476 11477 final long currentTime = System.currentTimeMillis(); 11478 DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM); 11479 if (currentTime > policyData.mLastNetworkLogsRetrievalTime) { 11480 policyData.mLastNetworkLogsRetrievalTime = currentTime; 11481 saveSettingsLocked(UserHandle.USER_SYSTEM); 11482 } 11483 return mNetworkLogger.retrieveLogs(batchToken); 11484 } 11485 } 11486 11487 private void sendNetworkLoggingNotificationLocked() { 11488 final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 11489 if (deviceOwner == null || !deviceOwner.isNetworkLoggingEnabled) { 11490 return; 11491 } 11492 if (deviceOwner.numNetworkLoggingNotifications >= 11493 ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) { 11494 return; 11495 } 11496 final long now = System.currentTimeMillis(); 11497 if (now - deviceOwner.lastNetworkLoggingNotificationTimeMs < MS_PER_DAY) { 11498 return; 11499 } 11500 deviceOwner.numNetworkLoggingNotifications++; 11501 if (deviceOwner.numNetworkLoggingNotifications 11502 >= ActiveAdmin.DEF_MAXIMUM_NETWORK_LOGGING_NOTIFICATIONS_SHOWN) { 11503 deviceOwner.lastNetworkLoggingNotificationTimeMs = 0; 11504 } else { 11505 deviceOwner.lastNetworkLoggingNotificationTimeMs = now; 11506 } 11507 final Intent intent = new Intent(DevicePolicyManager.ACTION_SHOW_DEVICE_MONITORING_DIALOG); 11508 intent.setPackage("com.android.systemui"); 11509 final PendingIntent pendingIntent = PendingIntent.getBroadcastAsUser(mContext, 0, intent, 0, 11510 UserHandle.CURRENT); 11511 Notification notification = 11512 new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) 11513 .setSmallIcon(R.drawable.ic_info_outline) 11514 .setContentTitle(mContext.getString(R.string.network_logging_notification_title)) 11515 .setContentText(mContext.getString(R.string.network_logging_notification_text)) 11516 .setTicker(mContext.getString(R.string.network_logging_notification_title)) 11517 .setShowWhen(true) 11518 .setContentIntent(pendingIntent) 11519 .setStyle(new Notification.BigTextStyle() 11520 .bigText(mContext.getString(R.string.network_logging_notification_text))) 11521 .build(); 11522 mInjector.getNotificationManager().notify(SystemMessage.NOTE_NETWORK_LOGGING, notification); 11523 saveSettingsLocked(mOwners.getDeviceOwnerUserId()); 11524 } 11525 11526 /** 11527 * Return the package name of owner in a given user. 11528 */ 11529 private String getOwnerPackageNameForUserLocked(int userId) { 11530 return mOwners.getDeviceOwnerUserId() == userId 11531 ? mOwners.getDeviceOwnerPackageName() 11532 : mOwners.getProfileOwnerPackage(userId); 11533 } 11534 11535 /** 11536 * @param rawIntent Original service intent specified by caller. It must be explicit. 11537 * @param expectedPackageName The expected package name of the resolved service. 11538 * @return Intent that have component explicitly set. {@code null} if no service is resolved 11539 * with the given intent. 11540 * @throws SecurityException if the intent is resolved to an invalid service. 11541 */ 11542 private Intent createCrossUserServiceIntent( 11543 @NonNull Intent rawIntent, @NonNull String expectedPackageName, 11544 @UserIdInt int targetUserId) throws RemoteException, SecurityException { 11545 ResolveInfo info = mIPackageManager.resolveService( 11546 rawIntent, 11547 rawIntent.resolveTypeIfNeeded(mContext.getContentResolver()), 11548 0, // flags 11549 targetUserId); 11550 if (info == null || info.serviceInfo == null) { 11551 Log.e(LOG_TAG, "Fail to look up the service: " + rawIntent 11552 + " or user " + targetUserId + " is not running"); 11553 return null; 11554 } 11555 if (!expectedPackageName.equals(info.serviceInfo.packageName)) { 11556 throw new SecurityException("Only allow to bind service in " + expectedPackageName); 11557 } 11558 // STOPSHIP(b/37624960): Remove info.serviceInfo.exported before release. 11559 if (info.serviceInfo.exported && !BIND_DEVICE_ADMIN.equals(info.serviceInfo.permission)) { 11560 throw new SecurityException( 11561 "Service must be protected by BIND_DEVICE_ADMIN permission"); 11562 } 11563 // It is the system server to bind the service, it would be extremely dangerous if it 11564 // can be exploited to bind any service. Set the component explicitly to make sure we 11565 // do not bind anything accidentally. 11566 rawIntent.setComponent(info.serviceInfo.getComponentName()); 11567 return rawIntent; 11568 } 11569 11570 @Override 11571 public long getLastSecurityLogRetrievalTime() { 11572 enforceDeviceOwnerOrManageUsers(); 11573 return getUserData(UserHandle.USER_SYSTEM).mLastSecurityLogRetrievalTime; 11574 } 11575 11576 @Override 11577 public long getLastBugReportRequestTime() { 11578 enforceDeviceOwnerOrManageUsers(); 11579 return getUserData(UserHandle.USER_SYSTEM).mLastBugReportRequestTime; 11580 } 11581 11582 @Override 11583 public long getLastNetworkLogRetrievalTime() { 11584 enforceDeviceOwnerOrManageUsers(); 11585 return getUserData(UserHandle.USER_SYSTEM).mLastNetworkLogsRetrievalTime; 11586 } 11587 11588 @Override 11589 public boolean setResetPasswordToken(ComponentName admin, byte[] token) { 11590 if (!mHasFeature) { 11591 return false; 11592 } 11593 if (token == null || token.length < 32) { 11594 throw new IllegalArgumentException("token must be at least 32-byte long"); 11595 } 11596 synchronized (this) { 11597 final int userHandle = mInjector.userHandleGetCallingUserId(); 11598 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11599 11600 DevicePolicyData policy = getUserData(userHandle); 11601 long ident = mInjector.binderClearCallingIdentity(); 11602 try { 11603 if (policy.mPasswordTokenHandle != 0) { 11604 mLockPatternUtils.removeEscrowToken(policy.mPasswordTokenHandle, userHandle); 11605 } 11606 11607 policy.mPasswordTokenHandle = mLockPatternUtils.addEscrowToken(token, userHandle); 11608 saveSettingsLocked(userHandle); 11609 return policy.mPasswordTokenHandle != 0; 11610 } finally { 11611 mInjector.binderRestoreCallingIdentity(ident); 11612 } 11613 } 11614 } 11615 11616 @Override 11617 public boolean clearResetPasswordToken(ComponentName admin) { 11618 if (!mHasFeature) { 11619 return false; 11620 } 11621 synchronized (this) { 11622 final int userHandle = mInjector.userHandleGetCallingUserId(); 11623 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11624 11625 DevicePolicyData policy = getUserData(userHandle); 11626 if (policy.mPasswordTokenHandle != 0) { 11627 long ident = mInjector.binderClearCallingIdentity(); 11628 try { 11629 boolean result = mLockPatternUtils.removeEscrowToken( 11630 policy.mPasswordTokenHandle, userHandle); 11631 policy.mPasswordTokenHandle = 0; 11632 saveSettingsLocked(userHandle); 11633 return result; 11634 } finally { 11635 mInjector.binderRestoreCallingIdentity(ident); 11636 } 11637 } 11638 } 11639 return false; 11640 } 11641 11642 @Override 11643 public boolean isResetPasswordTokenActive(ComponentName admin) { 11644 synchronized (this) { 11645 final int userHandle = mInjector.userHandleGetCallingUserId(); 11646 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11647 11648 DevicePolicyData policy = getUserData(userHandle); 11649 if (policy.mPasswordTokenHandle != 0) { 11650 long ident = mInjector.binderClearCallingIdentity(); 11651 try { 11652 return mLockPatternUtils.isEscrowTokenActive(policy.mPasswordTokenHandle, 11653 userHandle); 11654 } finally { 11655 mInjector.binderRestoreCallingIdentity(ident); 11656 } 11657 } 11658 } 11659 return false; 11660 } 11661 11662 @Override 11663 public boolean resetPasswordWithToken(ComponentName admin, String passwordOrNull, byte[] token, 11664 int flags) { 11665 Preconditions.checkNotNull(token); 11666 synchronized (this) { 11667 final int userHandle = mInjector.userHandleGetCallingUserId(); 11668 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11669 11670 DevicePolicyData policy = getUserData(userHandle); 11671 if (policy.mPasswordTokenHandle != 0) { 11672 final String password = passwordOrNull != null ? passwordOrNull : ""; 11673 return resetPasswordInternal(password, policy.mPasswordTokenHandle, token, 11674 flags, mInjector.binderGetCallingUid(), userHandle); 11675 } else { 11676 Slog.w(LOG_TAG, "No saved token handle"); 11677 } 11678 } 11679 return false; 11680 } 11681 11682 @Override 11683 public boolean isCurrentInputMethodSetByOwner() { 11684 enforceProfileOwnerOrSystemUser(); 11685 return getUserData(mInjector.userHandleGetCallingUserId()).mCurrentInputMethodSet; 11686 } 11687 11688 @Override 11689 public StringParceledListSlice getOwnerInstalledCaCerts(@NonNull UserHandle user) { 11690 final int userId = user.getIdentifier(); 11691 enforceProfileOwnerOrFullCrossUsersPermission(userId); 11692 synchronized (this) { 11693 return new StringParceledListSlice( 11694 new ArrayList<>(getUserData(userId).mOwnerInstalledCaCerts)); 11695 } 11696 } 11697 11698 @Override 11699 public boolean clearApplicationUserData(ComponentName admin, String packageName, 11700 IPackageDataObserver callback) { 11701 Preconditions.checkNotNull(admin, "ComponentName is null"); 11702 synchronized (this) { 11703 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); 11704 } 11705 final int userId = UserHandle.getCallingUserId(); 11706 11707 long ident = mInjector.binderClearCallingIdentity(); 11708 try { 11709 return ActivityManager.getService().clearApplicationUserData(packageName, false, 11710 callback, userId); 11711 } catch(RemoteException re) { 11712 // Same process, should not happen. 11713 } catch (SecurityException se) { 11714 // This can happen e.g. for device admin packages, do not throw out the exception, 11715 // because callers have no means to know beforehand for which packages this might 11716 // happen. 11717 Slog.w(LOG_TAG, "Not allowed to clear application user data for package " + packageName, 11718 se); 11719 } finally { 11720 mInjector.binderRestoreCallingIdentity(ident); 11721 } 11722 11723 if (callback != null) { 11724 try { 11725 // If there was a throw above, we send back that removal failed 11726 callback.onRemoveCompleted(packageName, false); 11727 } catch (RemoteException re) { 11728 // Caller is no longer available, ignore 11729 } 11730 } 11731 return false; 11732 } 11733 11734 @Override 11735 public synchronized void setLogoutEnabled(ComponentName admin, boolean enabled) { 11736 if (!mHasFeature) { 11737 return; 11738 } 11739 Preconditions.checkNotNull(admin); 11740 getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); 11741 11742 if (enabled == isLogoutEnabledInternalLocked()) { 11743 // already in the requested state 11744 return; 11745 } 11746 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 11747 deviceOwner.isLogoutEnabled = enabled; 11748 saveSettingsLocked(mInjector.userHandleGetCallingUserId()); 11749 } 11750 11751 @Override 11752 public boolean isLogoutEnabled() { 11753 if (!mHasFeature) { 11754 return false; 11755 } 11756 synchronized (this) { 11757 return isLogoutEnabledInternalLocked(); 11758 } 11759 } 11760 11761 private boolean isLogoutEnabledInternalLocked() { 11762 ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked(); 11763 return (deviceOwner != null) && deviceOwner.isLogoutEnabled; 11764 } 11765 11766 @Override 11767 public List<String> getDisallowedSystemApps(ComponentName admin, int userId, 11768 String provisioningAction) throws RemoteException { 11769 enforceCanManageProfileAndDeviceOwners(); 11770 return new ArrayList<>( 11771 mOverlayPackagesProvider.getNonRequiredApps(admin, userId, provisioningAction)); 11772 } 11773 11774 //TODO: Add callback information to the javadoc once it is completed. 11775 //TODO: Make transferOwner atomic. 11776 @Override 11777 public void transferOwner(ComponentName admin, ComponentName target, PersistableBundle bundle) { 11778 if (!mHasFeature) { 11779 return; 11780 } 11781 11782 Preconditions.checkNotNull(admin, "Admin cannot be null."); 11783 Preconditions.checkNotNull(target, "Target cannot be null."); 11784 11785 enforceProfileOrDeviceOwner(admin); 11786 11787 if (admin.equals(target)) { 11788 throw new IllegalArgumentException("Provided administrator and target are " 11789 + "the same object."); 11790 } 11791 11792 if (admin.getPackageName().equals(target.getPackageName())) { 11793 throw new IllegalArgumentException("Provided administrator and target have " 11794 + "the same package name."); 11795 } 11796 11797 final int callingUserId = mInjector.userHandleGetCallingUserId(); 11798 final DevicePolicyData policy = getUserData(callingUserId); 11799 final DeviceAdminInfo incomingDeviceInfo = findAdmin(target, callingUserId, 11800 /* throwForMissingPermission= */ true); 11801 checkActiveAdminPrecondition(target, incomingDeviceInfo, policy); 11802 11803 final long id = mInjector.binderClearCallingIdentity(); 11804 try { 11805 //STOPSHIP add support for COMP, DO, edge cases when device is rebooted/work mode off, 11806 //transfer callbacks and broadcast 11807 if (isProfileOwner(admin, callingUserId)) { 11808 transferProfileOwner(admin, target, callingUserId); 11809 } 11810 } finally { 11811 mInjector.binderRestoreCallingIdentity(id); 11812 } 11813 } 11814 11815 /** 11816 * Transfers the profile owner for user with id profileOwnerUserId from admin to target. 11817 */ 11818 private void transferProfileOwner(ComponentName admin, ComponentName target, 11819 int profileOwnerUserId) { 11820 synchronized (this) { 11821 transferActiveAdminUncheckedLocked(target, admin, profileOwnerUserId); 11822 mOwners.transferProfileOwner(target, profileOwnerUserId); 11823 Slog.i(LOG_TAG, "Profile owner set: " + target + " on user " + profileOwnerUserId); 11824 mOwners.writeProfileOwner(profileOwnerUserId); 11825 mDeviceAdminServiceController.startServiceForOwner( 11826 target.getPackageName(), profileOwnerUserId, "transfer-profile-owner"); 11827 } 11828 } 11829} 11830