Merge "Introduced DO_NOT_ASK_CREDENTIALS_ON_BOOT flag"

author: Andrei Kapishnikov <kapishnikov@google.com> 2015-04-21 16:38:05 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-04-21 16:38:06 +0000
commit: 8d505ff025f16715d47f97d0f74a0cbba6c6391d (patch)
tree: e39c8903b10db812876f8caa0ff101c09ac4549f /services
parent: 2099ee8ab574181627b9dac81e1ec4f3f80bce05 (diff)
parent: 4eb6a36922f5e98fe181c0326cc5721f0e7589ca (diff)
download: frameworks_base-8d505ff025f16715d47f97d0f74a0cbba6c6391d.zip
frameworks_base-8d505ff025f16715d47f97d0f74a0cbba6c6391d.tar.gz
frameworks_base-8d505ff025f16715d47f97d0f74a0cbba6c6391d.tar.bz2
1 files changed, 54 insertions, 0 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index bc0910e..c2e8ccc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -160,6 +160,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
     private static final String ATTR_ENABLED = "enabled";
 
+    private static final String DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML =
+            "do-not-ask-credentials-on-boot";
+
     private static final int REQUEST_EXPIRE_PASSWORD = 5571;
 
     private static final long MS_PER_DAY = 86400 * 1000;
@@ -307,6 +310,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
         String mDelegatedCertInstallerPackage;
 
+        boolean doNotAskCredentialsOnBoot = false;
+
         public DevicePolicyData(int userHandle) {
             mUserHandle = userHandle;
         }
@@ -1456,6 +1461,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                 out.endTag(null, TAG_STATUS_BAR);
             }
 
+            if (policy.doNotAskCredentialsOnBoot) {
+                out.startTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML);
+                out.endTag(null, DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML);
+            }
+
             out.endTag(null, "policies");
 
             out.endDocument();
@@ -1581,6 +1591,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                     policy.mStatusBarEnabledState = Boolean.parseBoolean(
                             parser.getAttributeValue(null, ATTR_ENABLED));
                     XmlUtils.skipCurrentTag(parser);
+                } else if (DO_NOT_ASK_CREDENTIALS_ON_BOOT_XML.equals(tag)) {
+                    policy.doNotAskCredentialsOnBoot = true;
                 } else {
                     Slog.w(LOG_TAG, "Unknown tag: " + tag);
                     XmlUtils.skipCurrentTag(parser);
@@ -2840,6 +2852,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             return false;
         }
 
+        boolean callerIsDeviceOwnerAdmin = isCallerDeviceOwnerOrInitializer(callingUid);
+        boolean doNotAskCredentialsOnBoot =
+                (flags & DevicePolicyManager.DO_NOT_ASK_CREDENTIALS_ON_BOOT) != 0;
+        if (callerIsDeviceOwnerAdmin && doNotAskCredentialsOnBoot) {
+            setDoNotAskCredentialsOnBoot();
+        }
+
         // Don't do this with the lock held, because it is going to call
         // back in to the service.
         long ident = Binder.clearCallingIdentity();
@@ -2868,6 +2887,25 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         return true;
     }
 
+    private void setDoNotAskCredentialsOnBoot() {
+        synchronized (this) {
+            DevicePolicyData policyData = getUserData(UserHandle.USER_OWNER);
+            if (!policyData.doNotAskCredentialsOnBoot) {
+                policyData.doNotAskCredentialsOnBoot = true;
+                saveSettingsLocked(UserHandle.USER_OWNER);
+            }
+        }
+    }
+
+    public boolean getDoNotAskCredentialsOnBoot() {
+        mContext.enforceCallingOrSelfPermission(
+                android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null);
+        synchronized (this) {
+            DevicePolicyData policyData = getUserData(UserHandle.USER_OWNER);
+            return policyData.doNotAskCredentialsOnBoot;
+        }
+    }
+
     public void setMaximumTimeToLock(ComponentName who, long timeMs) {
         if (!mHasFeature) {
             return;
@@ -6036,4 +6074,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             return mDeviceOwner.getSystemUpdatePolicy();
         }
     }
+
+    /**
+     * Checks if the caller of the method is the device owner app or device initialization app.
+     *
+     * @param callerUid UID of the caller.
+     * @return true if the caller is the device owner app or device initializer.
+     */
+    private boolean isCallerDeviceOwnerOrInitializer(int callerUid) {
+        String[] pkgs = mContext.getPackageManager().getPackagesForUid(callerUid);
+        for (String pkg : pkgs) {
+            if (isDeviceOwner(pkg) || isDeviceInitializer(pkg)) {
+                return true;
+            }
+        }
+        return false;
+    }
 }
author	Andrei Kapishnikov <kapishnikov@google.com>	2015-04-21 16:38:05 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-04-21 16:38:06 +0000
commit	8d505ff025f16715d47f97d0f74a0cbba6c6391d (patch)
tree	e39c8903b10db812876f8caa0ff101c09ac4549f /services
parent	2099ee8ab574181627b9dac81e1ec4f3f80bce05 (diff)
parent	4eb6a36922f5e98fe181c0326cc5721f0e7589ca (diff)
download	frameworks_base-8d505ff025f16715d47f97d0f74a0cbba6c6391d.zip frameworks_base-8d505ff025f16715d47f97d0f74a0cbba6c6391d.tar.gz frameworks_base-8d505ff025f16715d47f97d0f74a0cbba6c6391d.tar.bz2