Merge "Clean up fully rolled out SecurityLogV2Enabled" into main
diff --git a/core/api/current.txt b/core/api/current.txt
index d8eac41..861be40 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -7968,7 +7968,7 @@
field public static final String PERMISSION_GRANT_POLICY = "permissionGrant";
field public static final String PERSISTENT_PREFERRED_ACTIVITY_POLICY = "persistentPreferredActivity";
field public static final String RESET_PASSWORD_TOKEN_POLICY = "resetPasswordToken";
- field @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") public static final String SECURITY_LOGGING_POLICY = "securityLogging";
+ field public static final String SECURITY_LOGGING_POLICY = "securityLogging";
field public static final String STATUS_BAR_DISABLED_POLICY = "statusBarDisabled";
field @FlaggedApi("android.app.admin.flags.policy_engine_migration_v2_enabled") public static final String USB_DATA_SIGNALING_POLICY = "usbDataSignaling";
field public static final String USER_CONTROL_DISABLED_PACKAGES_POLICY = "userControlDisabledPackages";
diff --git a/core/api/system-current.txt b/core/api/system-current.txt
index 2d3d891..e1e63cc 100644
--- a/core/api/system-current.txt
+++ b/core/api/system-current.txt
@@ -201,7 +201,7 @@
field public static final String MANAGE_DEFAULT_APPLICATIONS = "android.permission.MANAGE_DEFAULT_APPLICATIONS";
field public static final String MANAGE_DEVICE_ADMINS = "android.permission.MANAGE_DEVICE_ADMINS";
field public static final String MANAGE_DEVICE_POLICY_APP_EXEMPTIONS = "android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS";
- field @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") public static final String MANAGE_DEVICE_POLICY_AUDIT_LOGGING = "android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING";
+ field public static final String MANAGE_DEVICE_POLICY_AUDIT_LOGGING = "android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING";
field @FlaggedApi("android.permission.flags.enhanced_confirmation_mode_apis_enabled") public static final String MANAGE_ENHANCED_CONFIRMATION_STATES = "android.permission.MANAGE_ENHANCED_CONFIRMATION_STATES";
field public static final String MANAGE_ETHERNET_NETWORKS = "android.permission.MANAGE_ETHERNET_NETWORKS";
field public static final String MANAGE_FACTORY_RESET_PROTECTION = "android.permission.MANAGE_FACTORY_RESET_PROTECTION";
@@ -1296,7 +1296,7 @@
}
public final class DevicePolicyIdentifiers {
- field @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") public static final String AUDIT_LOGGING_POLICY = "auditLogging";
+ field public static final String AUDIT_LOGGING_POLICY = "auditLogging";
}
public class DevicePolicyKeyguardService extends android.app.Service {
@@ -1308,7 +1308,7 @@
public class DevicePolicyManager {
method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public int checkProvisioningPrecondition(@NonNull String, @NonNull String);
- method @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void clearAuditLogEventCallback();
+ method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void clearAuditLogEventCallback();
method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public android.os.UserHandle createAndProvisionManagedProfile(@NonNull android.app.admin.ManagedProfileProvisioningParams) throws android.app.admin.ProvisioningException;
method @Nullable public android.content.Intent createProvisioningIntentFromNfcIntent(@NonNull android.content.Intent);
method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void finalizeWorkProfileProvisioning(@NonNull android.os.UserHandle, @Nullable android.accounts.Account);
@@ -1328,7 +1328,7 @@
method @Nullable public android.content.ComponentName getProfileOwner() throws java.lang.IllegalArgumentException;
method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}) public String getProfileOwnerNameAsUser(int) throws java.lang.IllegalArgumentException;
method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}) public int getUserProvisioningState();
- method @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public boolean isAuditLogEnabled();
+ method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public boolean isAuditLogEnabled();
method public boolean isDeviceManaged();
method @FlaggedApi("android.app.admin.flags.device_theft_api_enabled") @RequiresPermission(android.Manifest.permission.QUERY_DEVICE_STOLEN_STATE) public boolean isDevicePotentiallyStolen();
method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public boolean isDeviceProvisioned();
@@ -1344,8 +1344,8 @@
method @RequiresPermission(android.Manifest.permission.TRIGGER_LOST_MODE) public void sendLostModeLocationUpdate(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.lang.Boolean>);
method @Deprecated @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS) public boolean setActiveProfileOwner(@NonNull android.content.ComponentName, String) throws java.lang.IllegalArgumentException;
method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS) public void setApplicationExemptions(@NonNull String, @NonNull java.util.Set<java.lang.Integer>) throws android.content.pm.PackageManager.NameNotFoundException;
- method @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEnabled(boolean);
- method @FlaggedApi("android.app.admin.flags.security_log_v2_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEventCallback(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.util.List<android.app.admin.SecurityLog.SecurityEvent>>);
+ method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEnabled(boolean);
+ method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING) public void setAuditLogEventCallback(@NonNull java.util.concurrent.Executor, @NonNull java.util.function.Consumer<java.util.List<android.app.admin.SecurityLog.SecurityEvent>>);
method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public void setDeviceProvisioningConfigApplied();
method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setDpcDownloaded(boolean);
method @FlaggedApi("android.app.admin.flags.device_policy_size_tracking_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setMaxPolicyStorageLimit(int);
diff --git a/core/java/android/app/admin/DevicePolicyIdentifiers.java b/core/java/android/app/admin/DevicePolicyIdentifiers.java
index eeaf0b3..156512a 100644
--- a/core/java/android/app/admin/DevicePolicyIdentifiers.java
+++ b/core/java/android/app/admin/DevicePolicyIdentifiers.java
@@ -17,7 +17,6 @@
package android.app.admin;
import static android.app.admin.flags.Flags.FLAG_POLICY_ENGINE_MIGRATION_V2_ENABLED;
-import static android.app.admin.flags.Flags.FLAG_SECURITY_LOG_V2_ENABLED;
import android.annotation.FlaggedApi;
import android.annotation.NonNull;
@@ -50,7 +49,6 @@
/**
* String identifier for {@link DevicePolicyManager#setSecurityLoggingEnabled}.
*/
- @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED)
public static final String SECURITY_LOGGING_POLICY = "securityLogging";
/**
@@ -58,7 +56,6 @@
*
* @hide
*/
- @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED)
@SystemApi
public static final String AUDIT_LOGGING_POLICY = "auditLogging";
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index ba1dc56..5088ea6 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -60,7 +60,6 @@
import static android.app.admin.flags.Flags.FLAG_DEVICE_POLICY_SIZE_TRACKING_ENABLED;
import static android.app.admin.flags.Flags.FLAG_HEADLESS_DEVICE_OWNER_PROVISIONING_FIX_ENABLED;
import static android.app.admin.flags.Flags.FLAG_HEADLESS_DEVICE_OWNER_SINGLE_USER_ENABLED;
-import static android.app.admin.flags.Flags.FLAG_SECURITY_LOG_V2_ENABLED;
import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled;
import static android.app.admin.flags.Flags.onboardingConsentlessBugreports;
import static android.app.admin.flags.Flags.FLAG_IS_MTE_POLICY_ENFORCED;
@@ -14335,7 +14334,6 @@
* @hide
*/
@SystemApi
- @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED)
@RequiresPermission(permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING)
public void setAuditLogEnabled(boolean enabled) {
throwIfParentInstance("setAuditLogEnabled");
@@ -14352,7 +14350,6 @@
* @hide
*/
@SystemApi
- @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED)
@RequiresPermission(permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING)
public boolean isAuditLogEnabled() {
throwIfParentInstance("isAuditLogEnabled");
@@ -14374,7 +14371,6 @@
* @hide
*/
@SystemApi
- @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED)
@RequiresPermission(permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING)
public void setAuditLogEventCallback(
@NonNull @CallbackExecutor Executor executor,
@@ -14401,7 +14397,6 @@
* @hide
*/
@SystemApi
- @FlaggedApi(FLAG_SECURITY_LOG_V2_ENABLED)
@RequiresPermission(permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING)
public void clearAuditLogEventCallback() {
throwIfParentInstance("clearAuditLogEventCallback");
diff --git a/core/java/android/app/admin/flags/flags.aconfig b/core/java/android/app/admin/flags/flags.aconfig
index 9148e3c..56f4792 100644
--- a/core/java/android/app/admin/flags/flags.aconfig
+++ b/core/java/android/app/admin/flags/flags.aconfig
@@ -105,6 +105,7 @@
bug: "289520697"
}
+# Fully rolled out and must not be used.
flag {
name: "security_log_v2_enabled"
is_exported: true
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index 2dd560c..91c3370 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml
@@ -3836,7 +3836,6 @@
<!-- Allows an application to use audit logging API.
@hide
@SystemApi
- @FlaggedApi("android.app.admin.flags.security_log_v2_enabled")
-->
<permission android:name="android.permission.MANAGE_DEVICE_POLICY_AUDIT_LOGGING"
android:protectionLevel="internal|role" />
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 1290fb7..a80ee0f 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2726,22 +2726,14 @@
return;
}
- if (Flags.securityLogV2Enabled()) {
- boolean auditLoggingEnabled = Boolean.TRUE.equals(
- mDevicePolicyEngine.getResolvedPolicy(
- PolicyDefinition.AUDIT_LOGGING, UserHandle.USER_ALL));
- boolean securityLoggingEnabled = Boolean.TRUE.equals(
- mDevicePolicyEngine.getResolvedPolicy(
- PolicyDefinition.SECURITY_LOGGING, UserHandle.USER_ALL));
- setLoggingConfiguration(securityLoggingEnabled, auditLoggingEnabled);
- mInjector.runCryptoSelfTest();
- } else {
- synchronized (getLockObject()) {
- mSecurityLogMonitor.start(getSecurityLoggingEnabledUser());
- mInjector.runCryptoSelfTest();
- maybePauseDeviceWideLoggingLocked();
- }
- }
+ boolean auditLoggingEnabled = Boolean.TRUE.equals(
+ mDevicePolicyEngine.getResolvedPolicy(
+ PolicyDefinition.AUDIT_LOGGING, UserHandle.USER_ALL));
+ boolean securityLoggingEnabled = Boolean.TRUE.equals(
+ mDevicePolicyEngine.getResolvedPolicy(
+ PolicyDefinition.SECURITY_LOGGING, UserHandle.USER_ALL));
+ setLoggingConfiguration(securityLoggingEnabled, auditLoggingEnabled);
+ mInjector.runCryptoSelfTest();
}
/**
@@ -3399,7 +3391,7 @@
@GuardedBy("getLockObject()")
private void maybeMigrateSecurityLoggingPolicyLocked() {
- if (!Flags.securityLogV2Enabled() || mOwners.isSecurityLoggingMigrated()) {
+ if (mOwners.isSecurityLoggingMigrated()) {
return;
}
@@ -16304,9 +16296,6 @@
@Override
public void enforceSecurityLoggingPolicy(boolean enabled) {
- if (!Flags.securityLogV2Enabled()) {
- return;
- }
Boolean auditLoggingEnabled = mDevicePolicyEngine.getResolvedPolicy(
PolicyDefinition.AUDIT_LOGGING, UserHandle.USER_ALL);
enforceLoggingPolicy(enabled, Boolean.TRUE.equals(auditLoggingEnabled));
@@ -16314,9 +16303,6 @@
@Override
public void enforceAuditLoggingPolicy(boolean enabled) {
- if (!Flags.securityLogV2Enabled()) {
- return;
- }
Boolean securityLoggingEnabled = mDevicePolicyEngine.getResolvedPolicy(
PolicyDefinition.SECURITY_LOGGING, UserHandle.USER_ALL);
enforceLoggingPolicy(Boolean.TRUE.equals(securityLoggingEnabled), enabled);
@@ -18252,45 +18238,20 @@
}
final CallerIdentity caller = getCallerIdentity(who, packageName);
- if (Flags.securityLogV2Enabled()) {
- EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(
- who,
- MANAGE_DEVICE_POLICY_SECURITY_LOGGING,
- caller.getPackageName(),
- caller.getUserId());
- if (enabled) {
- mDevicePolicyEngine.setGlobalPolicy(
- PolicyDefinition.SECURITY_LOGGING,
- admin,
- new BooleanPolicyValue(true));
- } else {
- mDevicePolicyEngine.removeGlobalPolicy(
- PolicyDefinition.SECURITY_LOGGING,
- admin);
- }
+ EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(
+ who,
+ MANAGE_DEVICE_POLICY_SECURITY_LOGGING,
+ caller.getPackageName(),
+ caller.getUserId());
+ if (enabled) {
+ mDevicePolicyEngine.setGlobalPolicy(
+ PolicyDefinition.SECURITY_LOGGING,
+ admin,
+ new BooleanPolicyValue(true));
} else {
- synchronized (getLockObject()) {
- if (who != null) {
- Preconditions.checkCallAuthorization(
- isProfileOwnerOfOrganizationOwnedDevice(caller)
- || isDefaultDeviceOwner(caller));
- } else {
- // A delegate app passes a null admin component, which is expected
- Preconditions.checkCallAuthorization(
- isCallerDelegate(caller, DELEGATION_SECURITY_LOGGING));
- }
-
- if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) {
- return;
- }
- mInjector.securityLogSetLoggingEnabledProperty(enabled);
- if (enabled) {
- mSecurityLogMonitor.start(getSecurityLoggingEnabledUser());
- maybePauseDeviceWideLoggingLocked();
- } else {
- mSecurityLogMonitor.stop();
- }
- }
+ mDevicePolicyEngine.removeGlobalPolicy(
+ PolicyDefinition.SECURITY_LOGGING,
+ admin);
}
DevicePolicyEventLogger
.createEvent(DevicePolicyEnums.SET_SECURITY_LOGGING_ENABLED)
@@ -18312,29 +18273,14 @@
return mInjector.securityLogGetLoggingEnabledProperty();
}
- if (Flags.securityLogV2Enabled()) {
- final EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin(
- admin,
- MANAGE_DEVICE_POLICY_SECURITY_LOGGING,
- caller.getPackageName(),
- caller.getUserId());
- final Boolean policy = mDevicePolicyEngine.getGlobalPolicySetByAdmin(
- PolicyDefinition.SECURITY_LOGGING, enforcingAdmin);
- return Boolean.TRUE.equals(policy);
- } else {
- synchronized (getLockObject()) {
- if (admin != null) {
- Preconditions.checkCallAuthorization(
- isProfileOwnerOfOrganizationOwnedDevice(caller)
- || isDefaultDeviceOwner(caller));
- } else {
- // A delegate app passes a null admin component, which is expected
- Preconditions.checkCallAuthorization(
- isCallerDelegate(caller, DELEGATION_SECURITY_LOGGING));
- }
- return mInjector.securityLogGetLoggingEnabledProperty();
- }
- }
+ final EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin(
+ admin,
+ MANAGE_DEVICE_POLICY_SECURITY_LOGGING,
+ caller.getPackageName(),
+ caller.getUserId());
+ final Boolean policy = mDevicePolicyEngine.getGlobalPolicySetByAdmin(
+ PolicyDefinition.SECURITY_LOGGING, enforcingAdmin);
+ return Boolean.TRUE.equals(policy);
}
private void recordSecurityLogRetrievalTime() {
@@ -18410,42 +18356,24 @@
final CallerIdentity caller = getCallerIdentity(admin, packageName);
- if (Flags.securityLogV2Enabled()) {
- EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin(
- admin,
- MANAGE_DEVICE_POLICY_SECURITY_LOGGING,
- caller.getPackageName(),
- caller.getUserId());
+ EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin(
+ admin,
+ MANAGE_DEVICE_POLICY_SECURITY_LOGGING,
+ caller.getPackageName(),
+ caller.getUserId());
- synchronized (getLockObject()) {
- Preconditions.checkCallAuthorization(isOrganizationOwnedDeviceWithManagedProfile()
- || areAllUsersAffiliatedWithDeviceLocked());
- }
-
- Boolean policy = mDevicePolicyEngine.getGlobalPolicySetByAdmin(
- PolicyDefinition.SECURITY_LOGGING, enforcingAdmin);
-
- if (!Boolean.TRUE.equals(policy)) {
- Slogf.e(LOG_TAG, "%s hasn't enabled security logging but tries to retrieve logs",
- caller.getPackageName());
- return null;
- }
- } else {
- if (admin != null) {
- Preconditions.checkCallAuthorization(
- isProfileOwnerOfOrganizationOwnedDevice(caller)
- || isDefaultDeviceOwner(caller));
- } else {
- // A delegate app passes a null admin component, which is expected
- Preconditions.checkCallAuthorization(
- isCallerDelegate(caller, DELEGATION_SECURITY_LOGGING));
- }
+ synchronized (getLockObject()) {
Preconditions.checkCallAuthorization(isOrganizationOwnedDeviceWithManagedProfile()
|| areAllUsersAffiliatedWithDeviceLocked());
+ }
- if (!mInjector.securityLogGetLoggingEnabledProperty()) {
- return null;
- }
+ Boolean policy = mDevicePolicyEngine.getGlobalPolicySetByAdmin(
+ PolicyDefinition.SECURITY_LOGGING, enforcingAdmin);
+
+ if (!Boolean.TRUE.equals(policy)) {
+ Slogf.e(LOG_TAG, "%s hasn't enabled security logging but tries to retrieve logs",
+ caller.getPackageName());
+ return null;
}
recordSecurityLogRetrievalTime();
@@ -18465,10 +18393,6 @@
}
final CallerIdentity caller = getCallerIdentity(callingPackage);
- if (!Flags.securityLogV2Enabled()) {
- throw new UnsupportedOperationException("Audit log not enabled");
- }
-
EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(
null /* admin */,
MANAGE_DEVICE_POLICY_AUDIT_LOGGING,
@@ -18493,10 +18417,6 @@
return false;
}
- if (!Flags.securityLogV2Enabled()) {
- throw new UnsupportedOperationException("Audit log not enabled");
- }
-
final CallerIdentity caller = getCallerIdentity(callingPackage);
EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(
null /* admin */,
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java b/services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java
index 2ea5f16..52a7845 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java
@@ -410,9 +410,8 @@
out.startTag(null, TAG_POLICY_ENGINE_MIGRATION);
out.attributeBoolean(null, ATTR_MIGRATED_TO_POLICY_ENGINE, mMigratedToPolicyEngine);
out.attributeBoolean(null, ATTR_MIGRATED_POST_UPGRADE, mPoliciesMigratedPostUpdate);
- if (Flags.securityLogV2Enabled()) {
- out.attributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, mSecurityLoggingMigrated);
- }
+ out.attributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, mSecurityLoggingMigrated);
+
if (Flags.unmanagedModeMigration()) {
out.attributeBoolean(null, ATTR_REQUIRED_PASSWORD_COMPLEXITY_MIGRATED,
mRequiredPasswordComplexityMigrated);
@@ -483,8 +482,8 @@
null, ATTR_MIGRATED_TO_POLICY_ENGINE, false);
mPoliciesMigratedPostUpdate = parser.getAttributeBoolean(
null, ATTR_MIGRATED_POST_UPGRADE, false);
- mSecurityLoggingMigrated = Flags.securityLogV2Enabled()
- && parser.getAttributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, false);
+ mSecurityLoggingMigrated =
+ parser.getAttributeBoolean(null, ATTR_SECURITY_LOG_MIGRATED, false);
mRequiredPasswordComplexityMigrated = Flags.unmanagedModeMigration()
&& parser.getAttributeBoolean(null,
ATTR_REQUIRED_PASSWORD_COMPLEXITY_MIGRATED, false);
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java b/services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java
index dd049303..474c48a 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/SecurityLogMonitor.java
@@ -23,7 +23,6 @@
import android.app.admin.IAuditLogEventsCallback;
import android.app.admin.SecurityLog;
import android.app.admin.SecurityLog.SecurityEvent;
-import android.app.admin.flags.Flags;
import android.os.Handler;
import android.os.IBinder;
import android.os.Process;
@@ -184,28 +183,6 @@
@GuardedBy("mLock")
private final ArrayDeque<SecurityEvent> mAuditLogEventBuffer = new ArrayDeque<>();
- /**
- * Start security logging.
- *
- * @param enabledUser which user logging is enabled on, or USER_ALL to enable logging for all
- * users on the device.
- */
- void start(int enabledUser) {
- Slog.i(TAG, "Starting security logging for user " + enabledUser);
- mEnabledUser = enabledUser;
- mLock.lock();
- try {
- if (mMonitorThread == null) {
- resetLegacyBufferLocked();
- startMonitorThreadLocked();
- } else {
- Slog.i(TAG, "Security log monitor thread is already running");
- }
- } finally {
- mLock.unlock();
- }
- }
-
void stop() {
Slog.i(TAG, "Stopping security logging.");
mLock.lock();
@@ -467,11 +444,11 @@
assignLogId(event);
}
- if (!Flags.securityLogV2Enabled() || mLegacyLogEnabled) {
+ if (mLegacyLogEnabled) {
addToLegacyBufferLocked(dedupedLogs);
}
- if (Flags.securityLogV2Enabled() && mAuditLogEnabled) {
+ if (mAuditLogEnabled) {
addAuditLogEventsLocked(dedupedLogs);
}
}
@@ -548,7 +525,7 @@
saveLastEvents(newLogs);
newLogs.clear();
- if (!Flags.securityLogV2Enabled() || mLegacyLogEnabled) {
+ if (mLegacyLogEnabled) {
notifyDeviceOwnerOrProfileOwnerIfNeeded(force);
}
} catch (IOException e) {