Merge changes I9fcca11e,I3637559d into main
* changes:
Don't enforce policies that has the flag turned off
Add bundle policy size verifier
diff --git a/core/java/android/app/admin/BundlePolicyValue.java b/core/java/android/app/admin/BundlePolicyValue.java
index 4f70604..cb5e986 100644
--- a/core/java/android/app/admin/BundlePolicyValue.java
+++ b/core/java/android/app/admin/BundlePolicyValue.java
@@ -32,7 +32,7 @@
public BundlePolicyValue(Bundle value) {
super(value);
if (Flags.devicePolicySizeTrackingInternalEnabled()) {
- PolicySizeVerifier.enforceMaxParcelableFieldsLength(value);
+ PolicySizeVerifier.enforceMaxBundleFieldsLength(value);
}
}
diff --git a/core/java/android/app/admin/IntentFilterPolicyKey.java b/core/java/android/app/admin/IntentFilterPolicyKey.java
index 63c3a4cb..7526a7b 100644
--- a/core/java/android/app/admin/IntentFilterPolicyKey.java
+++ b/core/java/android/app/admin/IntentFilterPolicyKey.java
@@ -24,7 +24,6 @@
import android.annotation.Nullable;
import android.annotation.SystemApi;
import android.annotation.TestApi;
-import android.app.admin.flags.Flags;
import android.content.IntentFilter;
import android.os.Bundle;
import android.os.Parcel;
@@ -60,9 +59,6 @@
@TestApi
public IntentFilterPolicyKey(@NonNull String identifier, @NonNull IntentFilter filter) {
super(identifier);
- if (Flags.devicePolicySizeTrackingInternalEnabled()) {
- PolicySizeVerifier.enforceMaxParcelableFieldsLength(filter);
- }
mFilter = Objects.requireNonNull(filter);
}
diff --git a/core/java/android/app/admin/PolicySizeVerifier.java b/core/java/android/app/admin/PolicySizeVerifier.java
index 792ebc6..7f8e50e 100644
--- a/core/java/android/app/admin/PolicySizeVerifier.java
+++ b/core/java/android/app/admin/PolicySizeVerifier.java
@@ -17,12 +17,12 @@
package android.app.admin;
import android.content.ComponentName;
+import android.os.Bundle;
import android.os.Parcelable;
import android.os.PersistableBundle;
import com.android.internal.util.Preconditions;
-import java.lang.reflect.Field;
import java.util.ArrayDeque;
import java.util.Queue;
@@ -71,44 +71,51 @@
for (String key : current.keySet()) {
enforceMaxStringLength(key, "key in " + argName);
Object value = current.get(key);
- if (value instanceof String) {
- enforceMaxStringLength((String) value, "string value in " + argName);
- } else if (value instanceof String[]) {
- for (String str : (String[]) value) {
+ if (value instanceof String str) {
+ enforceMaxStringLength(str, "string value in " + argName);
+ } else if (value instanceof String[] strArray) {
+ for (String str : strArray) {
enforceMaxStringLength(str, "string value in " + argName);
}
- } else if (value instanceof PersistableBundle) {
- queue.add((PersistableBundle) value);
+ } else if (value instanceof PersistableBundle persistableBundle) {
+ queue.add(persistableBundle);
}
}
}
}
/**
- * Throw if Parcelable contains any string that's too long to be serialized.
+ * Throw if bundle contains any string that's too long to be serialized. This follows the
+ * serialization logic in BundlePolicySerializer#writeBundle.
*/
- public static void enforceMaxParcelableFieldsLength(Parcelable parcelable) {
- // TODO(b/326662716) rework to protect against infinite recursion.
- if (true) {
- return;
- }
- Class<?> clazz = parcelable.getClass();
-
- Field[] fields = clazz.getDeclaredFields();
- for (Field field : fields) {
- field.setAccessible(true);
- try {
- Object value = field.get(parcelable);
- if (value instanceof String) {
- String stringValue = (String) value;
- enforceMaxStringLength(stringValue, field.getName());
+ public static void enforceMaxBundleFieldsLength(Bundle bundle) {
+ Queue<Bundle> queue = new ArrayDeque<>();
+ queue.add(bundle);
+ while (!queue.isEmpty()) {
+ Bundle current = queue.remove();
+ for (String key : current.keySet()) {
+ enforceMaxStringLength(key, "key in Bundle");
+ Object value = current.get(key);
+ if (value instanceof String str) {
+ enforceMaxStringLength(str, "string value in Bundle with "
+ + "key" + key);
+ } else if (value instanceof String[] strArray) {
+ for (String str : strArray) {
+ enforceMaxStringLength(str, "string value in Bundle with"
+ + " key" + key);
+ }
+ } else if (value instanceof Bundle b) {
+ queue.add(b);
}
-
- if (value instanceof Parcelable) {
- enforceMaxParcelableFieldsLength((Parcelable) value);
+ else if (value instanceof Parcelable[] parcelableArray) {
+ for (Parcelable parcelable : parcelableArray) {
+ if (!(parcelable instanceof Bundle)) {
+ throw new IllegalArgumentException("bundle-array can only hold "
+ + "Bundles");
+ }
+ queue.add((Bundle) parcelable);
+ }
}
- } catch (IllegalAccessException e) {
- e.printStackTrace();
}
}
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 80046b60..c37946b 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -23389,7 +23389,7 @@
DEFAULT_VALUE_PERMISSION_BASED_ACCESS_FLAG);
}
- private boolean isUnicornFlagEnabled() {
+ static boolean isUnicornFlagEnabled() {
return false;
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java b/services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java
index c108deaf..a7adc5b 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/PolicyEnforcerCallbacks.java
@@ -66,6 +66,10 @@
private static final String LOG_TAG = "PolicyEnforcerCallbacks";
static boolean setAutoTimezoneEnabled(@Nullable Boolean enabled, @NonNull Context context) {
+ if (!DevicePolicyManagerService.isUnicornFlagEnabled()) {
+ Slogf.w(LOG_TAG, "Trying to enforce setAutoTimezoneEnabled while flag is off.");
+ return true;
+ }
return Binder.withCleanCallingIdentity(() -> {
Objects.requireNonNull(context);
@@ -79,6 +83,10 @@
static boolean setPermissionGrantState(
@Nullable Integer grantState, @NonNull Context context, int userId,
@NonNull PolicyKey policyKey) {
+ if (!DevicePolicyManagerService.isUnicornFlagEnabled()) {
+ Slogf.w(LOG_TAG, "Trying to enforce setPermissionGrantState while flag is off.");
+ return true;
+ }
return Boolean.TRUE.equals(Binder.withCleanCallingIdentity(() -> {
if (!(policyKey instanceof PackagePermissionPolicyKey)) {
throw new IllegalArgumentException("policyKey is not of type "