Reset permission policy to default when device owner goes away

Otherwise after the Device Owner is gone, runtime permissions might still be auto granted/denied. I understand that there are many other policies that we don't reset after the device/profile owner goes away (e.g. keyguard enabled/disabled). At least now we have a single method when we could clear the ones that we care about. Bug: 21889278 Change-Id: I6997655e6ef6d474bd25ae1c323eca5b17944b16
author: Esteban Talavera <etalavera@google.com> 2015-06-24 15:23:42 +0100
committer: Esteban Talavera <etalavera@google.com> 2015-06-24 17:19:19 +0100
commit: 28b9570d0235eca305dc76c006a54c8a85cf5db8 (patch)
tree: 083b105955af757896615039a086697e1e63db51 /services/devicepolicy
parent: 2e5615467e40856e758631cea542da804de01a7d (diff)
download: frameworks_base-28b9570d0235eca305dc76c006a54c8a85cf5db8.zip
frameworks_base-28b9570d0235eca305dc76c006a54c8a85cf5db8.tar.gz
frameworks_base-28b9570d0235eca305dc76c006a54c8a85cf5db8.tar.bz2
1 files changed, 31 insertions, 35 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index e44a7ab..491b412 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -4214,20 +4214,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             throw new SecurityException("clearDeviceOwner can only be called by the device owner");
         }
         synchronized (this) {
-            long ident = Binder.clearCallingIdentity();
-            try {
-                clearUserRestrictions(new UserHandle(UserHandle.USER_OWNER));
-                AppGlobals.getPackageManager().updatePermissionFlagsForAllApps(
-                        PackageManager.FLAG_PERMISSION_POLICY_FIXED,
-                        0, UserHandle.USER_OWNER);
-                if (mDeviceOwner != null) {
-                    mDeviceOwner.clearDeviceOwner();
-                    mDeviceOwner.writeOwnerFile();
-                    updateDeviceOwnerLocked();
-                }
-            } catch (RemoteException re) {
-            } finally {
-                Binder.restoreCallingIdentity(ident);
+            clearUserPoliciesLocked(new UserHandle(UserHandle.USER_OWNER));
+            if (mDeviceOwner != null) {
+                mDeviceOwner.clearDeviceOwner();
+                mDeviceOwner.writeOwnerFile();
+                updateDeviceOwnerLocked();
             }
         }
     }
@@ -4378,34 +4369,39 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             return;
         }
         UserHandle callingUser = Binder.getCallingUserHandle();
-        int userId = callingUser.getIdentifier();
         // Check if this is the profile owner who is calling
         getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
         synchronized (this) {
-            // Reset some of the profile-owner policies
-            DevicePolicyData policy = getUserData(userId);
-            policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT;
-            policy.mDelegatedCertInstallerPackage = null;
-            policy.mStatusBarDisabled = false;
-            saveSettingsLocked(userId);
-
-            long ident = Binder.clearCallingIdentity();
-            try {
-                clearUserRestrictions(callingUser);
-                AppGlobals.getPackageManager().updatePermissionFlagsForAllApps(
-                        PackageManager.FLAG_PERMISSION_POLICY_FIXED,
-                        0, callingUser.getIdentifier());
-                if (mDeviceOwner != null) {
-                    mDeviceOwner.removeProfileOwner(userId);
-                    mDeviceOwner.writeOwnerFile();
-                }
-            } catch (RemoteException re) {
-            } finally {
-                Binder.restoreCallingIdentity(ident);
+            clearUserPoliciesLocked(callingUser);
+            if (mDeviceOwner != null) {
+                mDeviceOwner.removeProfileOwner(callingUser.getIdentifier());
+                mDeviceOwner.writeOwnerFile();
             }
         }
     }
 
+    private void clearUserPoliciesLocked(UserHandle userHandle) {
+        int userId = userHandle.getIdentifier();
+        // Reset some of the user-specific policies
+        DevicePolicyData policy = getUserData(userId);
+        policy.mPermissionPolicy = DevicePolicyManager.PERMISSION_POLICY_PROMPT;
+        policy.mDelegatedCertInstallerPackage = null;
+        policy.mStatusBarDisabled = false;
+        saveSettingsLocked(userId);
+
+        final long ident = Binder.clearCallingIdentity();
+        try {
+            clearUserRestrictions(userHandle);
+            AppGlobals.getPackageManager().updatePermissionFlagsForAllApps(
+                    PackageManager.FLAG_PERMISSION_POLICY_FIXED,
+                    0  /* flagValues */, userHandle.getIdentifier());
+        } catch (RemoteException re) {
+        } finally {
+            Binder.restoreCallingIdentity(ident);
+        }
+    }
+
+
     private void clearUserRestrictions(UserHandle userHandle) {
         AudioManager audioManager =
                 (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE);
author	Esteban Talavera <etalavera@google.com>	2015-06-24 15:23:42 +0100
committer	Esteban Talavera <etalavera@google.com>	2015-06-24 17:19:19 +0100
commit	28b9570d0235eca305dc76c006a54c8a85cf5db8 (patch)
tree	083b105955af757896615039a086697e1e63db51 /services/devicepolicy
parent	2e5615467e40856e758631cea542da804de01a7d (diff)
download	frameworks_base-28b9570d0235eca305dc76c006a54c8a85cf5db8.zip frameworks_base-28b9570d0235eca305dc76c006a54c8a85cf5db8.tar.gz frameworks_base-28b9570d0235eca305dc76c006a54c8a85cf5db8.tar.bz2