2 files changed, 37 insertions, 32 deletions

diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DeviceOwner.java b/services/devicepolicy/java/com/android/server/devicepolicy/DeviceOwner.java
index 28ffc57..d5b0804 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DeviceOwner.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DeviceOwner.java
@@ -17,6 +17,7 @@
 package com.android.server.devicepolicy;
 
 import android.app.AppGlobals;
+import android.app.admin.SystemUpdatePolicy;
 import android.content.ComponentName;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
@@ -78,7 +79,7 @@ class DeviceOwner {
     private final HashMap<Integer, OwnerInfo> mProfileOwners = new HashMap<Integer, OwnerInfo>();
 
     // Local system update policy controllable by device owner.
-    private PersistableBundle mSystemUpdatePolicy;
+    private SystemUpdatePolicy mSystemUpdatePolicy;
 
     // Private default constructor.
     private DeviceOwner() {
@@ -115,9 +116,9 @@ class DeviceOwner {
     /**
      * Creates an instance of the device owner object with the device initializer set.
      */
-    static DeviceOwner createWithDeviceInitializer(ComponentName admin, String ownerName) {
+    static DeviceOwner createWithDeviceInitializer(ComponentName admin) {
         DeviceOwner owner = new DeviceOwner();
-        owner.mDeviceInitializer = new OwnerInfo(ownerName, admin);
+        owner.mDeviceInitializer = new OwnerInfo(null, admin);
         return owner;
     }
 
@@ -154,12 +155,8 @@ class DeviceOwner {
         return mDeviceInitializer != null ? mDeviceInitializer.packageName : null;
     }
 
-    String getDeviceInitializerName() {
-        return mDeviceInitializer != null ? mDeviceInitializer.name : null;
-    }
-
-    void setDeviceInitializer(ComponentName admin, String ownerName) {
-        mDeviceInitializer = new OwnerInfo(ownerName, admin);
+    void setDeviceInitializer(ComponentName admin) {
+        mDeviceInitializer = new OwnerInfo(null, admin);
     }
 
     void clearDeviceInitializer() {
@@ -192,11 +189,11 @@ class DeviceOwner {
         return mProfileOwners.keySet();
     }
 
-    PersistableBundle getSystemUpdatePolicy() {
+    SystemUpdatePolicy getSystemUpdatePolicy() {
         return mSystemUpdatePolicy;
     }
 
-    void setSystemUpdatePolicy(PersistableBundle systemUpdatePolicy) {
+    void setSystemUpdatePolicy(SystemUpdatePolicy systemUpdatePolicy) {
         mSystemUpdatePolicy = systemUpdatePolicy;
     }
 
@@ -254,16 +251,15 @@ class DeviceOwner {
                     String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
                     mDeviceOwner = new OwnerInfo(name, packageName);
                 } else if (tag.equals(TAG_DEVICE_INITIALIZER)) {
-                    String name = parser.getAttributeValue(null, ATTR_NAME);
                     String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
                     String initializerComponentStr =
                             parser.getAttributeValue(null, ATTR_COMPONENT_NAME);
                     ComponentName admin =
                             ComponentName.unflattenFromString(initializerComponentStr);
                     if (admin != null) {
-                        mDeviceInitializer = new OwnerInfo(name, admin);
+                        mDeviceInitializer = new OwnerInfo(null, admin);
                     } else {
-                        mDeviceInitializer = new OwnerInfo(name, packageName);
+                        mDeviceInitializer = new OwnerInfo(null, packageName);
                         Slog.e(TAG, "Error parsing device-owner file. Bad component name " +
                                 initializerComponentStr);
                     }
@@ -291,7 +287,7 @@ class DeviceOwner {
                     }
                     mProfileOwners.put(userId, profileOwnerInfo);
                 } else if (TAG_SYSTEM_UPDATE_POLICY.equals(tag)) {
-                    mSystemUpdatePolicy = PersistableBundle.restoreFromXml(parser);
+                    mSystemUpdatePolicy = SystemUpdatePolicy.restoreFromXml(parser);
                 } else {
                     throw new XmlPullParserException(
                             "Unexpected tag in device owner file: " + tag);
@@ -333,9 +329,6 @@ class DeviceOwner {
             if (mDeviceInitializer != null) {
                 out.startTag(null, TAG_DEVICE_INITIALIZER);
                 out.attribute(null, ATTR_PACKAGE, mDeviceInitializer.packageName);
-                if (mDeviceInitializer.name != null) {
-                    out.attribute(null, ATTR_NAME, mDeviceInitializer.name);
-                }
                 if (mDeviceInitializer.admin != null) {
                     out.attribute(
                             null, ATTR_COMPONENT_NAME, mDeviceInitializer.admin.flattenToString());
@@ -361,11 +354,7 @@ class DeviceOwner {
             // Write system update policy tag
             if (mSystemUpdatePolicy != null) {
                 out.startTag(null, TAG_SYSTEM_UPDATE_POLICY);
-                try {
-                    mSystemUpdatePolicy.saveToXml(out);
-                } catch (XmlPullParserException e) {
-                    Slog.e(TAG, "Failed to save system update policy", e);
-                }
+                mSystemUpdatePolicy.saveToXml(out);
                 out.endTag(null, TAG_SYSTEM_UPDATE_POLICY);
             }
             out.endDocument();
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 43e6f76..822ffd3 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -39,6 +39,7 @@ import android.app.admin.DeviceAdminReceiver;
 import android.app.admin.DevicePolicyManager;
 import android.app.admin.DevicePolicyManagerInternal;
 import android.app.admin.IDevicePolicyManager;
+import android.app.admin.SystemUpdatePolicy;
 import android.app.backup.IBackupManager;
 import android.content.BroadcastReceiver;
 import android.content.ComponentName;
@@ -4163,8 +4164,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     @Override
-    public boolean setDeviceInitializer(ComponentName who, ComponentName initializer,
-            String ownerName) {
+    public boolean setDeviceInitializer(ComponentName who, ComponentName initializer) {
         if (!mHasFeature) {
             return false;
         }
@@ -4183,10 +4183,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
 
             if (mDeviceOwner == null) {
                 // Device owner state does not exist, create it.
-                mDeviceOwner = DeviceOwner.createWithDeviceInitializer(initializer, ownerName);
+                mDeviceOwner = DeviceOwner.createWithDeviceInitializer(initializer);
             } else {
                 // Device owner already exists, update it.
-                mDeviceOwner.setDeviceInitializer(initializer, ownerName);
+                mDeviceOwner.setDeviceInitializer(initializer);
             }
 
             addDeviceInitializerToLockTaskPackagesLocked(UserHandle.USER_OWNER);
@@ -6280,7 +6280,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     @Override
-    public void setSystemUpdatePolicy(ComponentName who, PersistableBundle policy) {
+    public void setSystemUpdatePolicy(ComponentName who, SystemUpdatePolicy policy) {
+        if (policy != null && !policy.isValid()) {
+            throw new IllegalArgumentException("Invalid system update policy.");
+        }
         synchronized (this) {
             getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
             if (policy == null) {
@@ -6296,9 +6299,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     }
 
     @Override
-    public PersistableBundle getSystemUpdatePolicy() {
+    public SystemUpdatePolicy getSystemUpdatePolicy() {
         synchronized (this) {
-            return mDeviceOwner.getSystemUpdatePolicy();
+            SystemUpdatePolicy policy =  mDeviceOwner.getSystemUpdatePolicy();
+            if (policy != null && !policy.isValid()) {
+                Slog.w(LOG_TAG, "Stored system update policy is invalid, return null instead.");
+                return null;
+            }
+            return policy;
         }
     }
 
@@ -6386,10 +6394,18 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
             getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
             long ident = Binder.clearCallingIdentity();
             try {
+                PackageManager packageManager = mContext.getPackageManager();
                 if (granted) {
-                    mContext.getPackageManager().grantPermission(packageName, permission, user);
+                    packageManager.grantRuntimePermission(packageName, permission, user);
+                    packageManager.updatePermissionFlags(permission, packageName,
+                            PackageManager.FLAG_PERMISSION_POLICY_FIXED,
+                            PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
                 } else {
-                    mContext.getPackageManager().revokePermission(packageName, permission, user);
+                    packageManager.revokeRuntimePermission(packageName,
+                            permission, user);
+                    packageManager.updatePermissionFlags(permission, packageName,
+                            PackageManager.FLAG_PERMISSION_POLICY_FIXED,
+                            PackageManager.FLAG_PERMISSION_POLICY_FIXED, user);
                 }
                 return true;
             } catch (SecurityException se) {