diff options
author | Craig Mautner <cmautner@google.com> | 2015-04-15 18:19:30 -0700 |
---|---|---|
committer | Craig Mautner <cmautner@google.com> | 2015-04-23 08:30:20 -0700 |
commit | 5173dc28f341fee92705b07543cf9d2c9694ee3c (patch) | |
tree | 0ef1ed2928a701bfa314ce8c0d20e0a8338522e4 /services/devicepolicy | |
parent | 052324c13774ffcbeeacfcdf4c5b559fc89e060d (diff) | |
download | frameworks_base-5173dc28f341fee92705b07543cf9d2c9694ee3c.zip frameworks_base-5173dc28f341fee92705b07543cf9d2c9694ee3c.tar.gz frameworks_base-5173dc28f341fee92705b07543cf9d2c9694ee3c.tar.bz2 |
Add and remove DeviceInitializer from whitelist
Add the DeviceInitializer to the locktask whitelist when set or when a
new user is created. Remove DeviceInitializer from whitelist when
user setup complete.
Fixes bug 20267837.
Change-Id: I8a33bceb6e6f3d0316a1227b2ed2b713f4ca3a9e
Diffstat (limited to 'services/devicepolicy')
-rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 98 |
1 files changed, 67 insertions, 31 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 80d075d..9bb97f7 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -137,6 +137,7 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.text.DateFormat; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.Date; import java.util.HashMap; @@ -304,7 +305,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final ArrayList<ComponentName> mRemovingAdmins = new ArrayList<>(); // This is the list of component allowed to start lock task mode. - final List<String> mLockTaskPackages = new ArrayList<>(); + List<String> mLockTaskPackages = new ArrayList<>(); boolean mStatusBarEnabledState = true; @@ -1647,17 +1648,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { validatePasswordOwnerLocked(policy); syncDeviceCapabilitiesLocked(policy); updateMaximumTimeToLockLocked(policy); - updateLockTaskPackagesLocked(policy, userHandle); + addDeviceInitializerToLockTaskPackagesLocked(userHandle); + updateLockTaskPackagesLocked(policy.mLockTaskPackages, userHandle); if (!policy.mStatusBarEnabledState) { setStatusBarEnabledStateInternal(policy.mStatusBarEnabledState, userHandle); } } - private void updateLockTaskPackagesLocked(DevicePolicyData policy, int userId) { + private void updateLockTaskPackagesLocked(List<String> packages, int userId) { IActivityManager am = ActivityManagerNative.getDefault(); long ident = Binder.clearCallingIdentity(); try { - am.updateLockTaskPackages(userId, policy.mLockTaskPackages.toArray(new String[0])); + am.updateLockTaskPackages(userId, packages.toArray(new String[packages.size()])); } catch (RemoteException e) { // Not gonna happen. } finally { @@ -4107,14 +4109,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Device owner state does not exist, create it. mDeviceOwner = DeviceOwner.createWithDeviceInitializer( initializer, ownerName); - mDeviceOwner.writeOwnerFile(); - return true; } else { // Device owner already exists, update it. mDeviceOwner.setDeviceInitializer(initializer, ownerName); - mDeviceOwner.writeOwnerFile(); - return true; } + + addDeviceInitializerToLockTaskPackagesLocked(UserHandle.USER_OWNER); + + mDeviceOwner.writeOwnerFile(); + return true; } } @@ -5095,20 +5098,21 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { final IPackageManager ipm = AppGlobals.getPackageManager(); IActivityManager activityManager = ActivityManagerNative.getDefault(); + final int userHandle = user.getIdentifier(); try { // Install the profile owner if not present. - if (!ipm.isPackageAvailable(profileOwnerPkg, user.getIdentifier())) { - ipm.installExistingPackageAsUser(profileOwnerPkg, user.getIdentifier()); + if (!ipm.isPackageAvailable(profileOwnerPkg, userHandle)) { + ipm.installExistingPackageAsUser(profileOwnerPkg, userHandle); } // Start user in background. - activityManager.startUserInBackground(user.getIdentifier()); + activityManager.startUserInBackground(userHandle); } catch (RemoteException e) { Slog.e(LOG_TAG, "Failed to make remote calls for configureUser", e); } - setActiveAdmin(profileOwnerComponent, true, user.getIdentifier(), adminExtras); - setProfileOwner(profileOwnerComponent, ownerName, user.getIdentifier()); + setActiveAdmin(profileOwnerComponent, true, userHandle, adminExtras); + setProfileOwner(profileOwnerComponent, ownerName, userHandle); return user; } finally { restoreCallingIdentity(id); @@ -5653,29 +5657,26 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { * This function can only be called by the device owner. * @param packages The list of packages allowed to enter lock task mode. */ - public void setLockTaskPackages(ComponentName who, String[] packages) throws SecurityException { + public void setLockTaskPackages(ComponentName who, String[] packages) + throws SecurityException { Preconditions.checkNotNull(who, "ComponentName is null"); synchronized (this) { getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); int userHandle = Binder.getCallingUserHandle().getIdentifier(); - DevicePolicyData policy = getUserData(userHandle); - policy.mLockTaskPackages.clear(); - if (packages != null) { - for (int j = 0; j < packages.length; j++) { - String pkg = packages[j]; - if (pkg != null) { - policy.mLockTaskPackages.add(pkg); - } - } - } - - // Store the settings persistently. - saveSettingsLocked(userHandle); - updateLockTaskPackagesLocked(policy, userHandle); + setLockTaskPackagesLocked(userHandle, new ArrayList<>(Arrays.asList(packages))); } } + private void setLockTaskPackagesLocked(int userHandle, List<String> packages) { + DevicePolicyData policy = getUserData(userHandle); + policy.mLockTaskPackages = packages; + + // Store the settings persistently. + saveSettingsLocked(userHandle); + updateLockTaskPackagesLocked(packages, userHandle); + } + /** * This function returns the list of components allowed to start the task lock mode. */ @@ -5683,13 +5684,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Preconditions.checkNotNull(who, "ComponentName is null"); synchronized (this) { getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); - int userHandle = Binder.getCallingUserHandle().getIdentifier(); - DevicePolicyData policy = getUserData(userHandle); - return policy.mLockTaskPackages.toArray(new String[policy.mLockTaskPackages.size()]); + final List<String> packages = getLockTaskPackagesLocked(userHandle); + return packages.toArray(new String[packages.size()]); } } + private List<String> getLockTaskPackagesLocked(int userHandle) { + final DevicePolicyData policy = getUserData(userHandle); + return policy.mLockTaskPackages; + } + /** * This function lets the caller know whether the given package is allowed to start the * lock task mode. @@ -5953,6 +5958,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (!policy.mUserSetupComplete) { policy.mUserSetupComplete = true; synchronized (this) { + // The DeviceInitializer was whitelisted but now should be removed. + removeDeviceInitializerFromLockTaskPackages(userHandle); saveSettingsLocked(userHandle); } } @@ -5960,6 +5967,35 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } + private void addDeviceInitializerToLockTaskPackagesLocked(int userHandle) { + if (hasUserSetupCompleted(userHandle)) { + return; + } + + final String deviceInitializerPackage = getDeviceInitializer(); + if (deviceInitializerPackage == null) { + return; + } + + final List<String> packages = getLockTaskPackagesLocked(userHandle); + if (!packages.contains(deviceInitializerPackage)) { + packages.add(deviceInitializerPackage); + setLockTaskPackagesLocked(userHandle, packages); + } + } + + private void removeDeviceInitializerFromLockTaskPackages(int userHandle) { + final String deviceInitializerPackage = getDeviceInitializer(); + if (deviceInitializerPackage == null) { + return; + } + + List<String> packages = getLockTaskPackagesLocked(userHandle); + if (packages.remove(deviceInitializerPackage)) { + setLockTaskPackagesLocked(userHandle, packages); + } + } + private class SetupContentObserver extends ContentObserver { private final Uri mUserSetupComplete = Settings.Secure.getUriFor( |