Merge "Use MATCH_ANY_USER when checking for system apps" into main
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 9ed645b..d5013517 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -12215,34 +12215,30 @@
* permittedList or are a system app.
*/
private boolean checkPackagesInPermittedListOrSystem(List<String> enabledPackages,
- List<String> permittedList, int userIdToCheck) {
+ List<String> permittedList, int userId) {
long id = mInjector.binderClearCallingIdentity();
try {
- // If we have an enabled packages list for a managed profile the packages
- // we should check are installed for the parent user.
- UserInfo user = getUserInfo(userIdToCheck);
- if (user.isManagedProfile()) {
- userIdToCheck = user.profileGroupId;
- }
-
for (String enabledPackage : enabledPackages) {
- boolean systemService = false;
+ if (permittedList.contains(enabledPackage)) {
+ continue;
+ }
try {
ApplicationInfo applicationInfo = mIPackageManager.getApplicationInfo(
- enabledPackage, PackageManager.MATCH_UNINSTALLED_PACKAGES,
- userIdToCheck);
+ enabledPackage, PackageManager.MATCH_ANY_USER, userId);
if (applicationInfo == null) {
+ Slogf.wtf(LOG_TAG, "Can't find ApplicationInfo for %s", enabledPackage);
return false;
}
- systemService = (applicationInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0;
+ if (!applicationInfo.isSystemApp()) {
+ Slogf.w(LOG_TAG,
+ "Enabled package neither permitted nor system: %s", enabledPackage);
+ return false;
+ }
} catch (RemoteException e) {
Slogf.i(LOG_TAG, "Can't talk to package managed", e);
}
- if (!systemService && !permittedList.contains(enabledPackage)) {
- return false;
- }
}
} finally {
mInjector.binderRestoreCallingIdentity(id);
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index e72d9e7..b7483d6 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -70,14 +70,14 @@
import static org.junit.Assert.fail;
import static org.junit.Assume.assumeTrue;
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.anyBoolean;
-import static org.mockito.Matchers.anyInt;
-import static org.mockito.Matchers.anyLong;
-import static org.mockito.Matchers.anyObject;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Matchers.eq;
-import static org.mockito.Matchers.isNull;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.anyLong;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isNull;
+import static org.mockito.ArgumentMatchers.longThat;
import static org.mockito.Mockito.clearInvocations;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doReturn;
@@ -1733,12 +1733,20 @@
pi.applicationInfo.flags = flags;
doReturn(pi).when(getServices().ipackageManager).getPackageInfo(
eq(packageName),
- anyLong(),
+ longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) == 0),
+ eq(userId));
+ doReturn(pi).when(getServices().ipackageManager).getPackageInfo(
+ eq(packageName),
+ longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) != 0),
+ anyInt());
+ doReturn(pi.applicationInfo).when(getServices().ipackageManager).getApplicationInfo(
+ eq(packageName),
+ longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) == 0),
eq(userId));
doReturn(pi.applicationInfo).when(getServices().ipackageManager).getApplicationInfo(
eq(packageName),
- anyLong(),
- eq(userId));
+ longThat(flg -> (flg & PackageManager.MATCH_ANY_USER) != 0),
+ anyInt());
doReturn(true).when(getServices().ipackageManager).isPackageAvailable(packageName, userId);
// Setup application UID with the PackageManager
getServices().addTestPackageUid(packageName, uid);
@@ -1757,7 +1765,7 @@
mServiceContext.packageName = mRealTestContext.getPackageName();
mServiceContext.applicationInfo = new ApplicationInfo();
mServiceContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
- when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
+ when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);
StringParceledListSlice oneCert = asSlice(new String[] {"1"});
StringParceledListSlice fourCerts = asSlice(new String[] {"1", "2", "3", "4"});
@@ -4551,7 +4559,7 @@
mContext.packageName = admin1.getPackageName();
mContext.applicationInfo = new ApplicationInfo();
- when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
+ when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);
// setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the
// feature is disabled because there are non-affiliated secondary users.
@@ -4597,12 +4605,12 @@
setupDeviceOwner();
mContext.packageName = admin1.getPackageName();
mContext.applicationInfo = new ApplicationInfo();
- when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
+ when(mContext.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);
// setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the
// feature is disabled because there are non-affiliated secondary users.
getServices().removeUser(CALLER_USER_HANDLE);
- when(getServices().iipConnectivityMetrics.addNetdEventCallback(anyInt(), anyObject()))
+ when(getServices().iipConnectivityMetrics.addNetdEventCallback(anyInt(), any()))
.thenReturn(true);
// No logs were retrieved so far.
@@ -4667,7 +4675,7 @@
mContext.packageName = admin1.getPackageName();
addManagedProfile(admin1, managedProfileAdminUid, admin1, VERSION_CODES.S);
when(getServices().iipConnectivityMetrics
- .addNetdEventCallback(anyInt(), anyObject())).thenReturn(true);
+ .addNetdEventCallback(anyInt(), any())).thenReturn(true);
// Check no logs have been retrieved so far.
assertThat(dpm.getLastNetworkLogRetrievalTime()).isEqualTo(-1);
@@ -4699,7 +4707,7 @@
mContext.packageName = admin1.getPackageName();
mContext.applicationInfo = new ApplicationInfo();
when(getServices().iipConnectivityMetrics
- .addNetdEventCallback(anyInt(), anyObject())).thenReturn(true);
+ .addNetdEventCallback(anyInt(), any())).thenReturn(true);
// Check no logs have been retrieved so far.
assertThat(dpm.getLastNetworkLogRetrievalTime()).isEqualTo(-1);
@@ -6296,13 +6304,13 @@
mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
assertThat(dpms.isNotificationListenerServicePermitted(
- nonSystemPackage, MANAGED_PROFILE_USER_ID)).isTrue();
+ nonSystemPackage, MANAGED_PROFILE_USER_ID)).isTrue();
assertThat(dpms.isNotificationListenerServicePermitted(
- systemListener, MANAGED_PROFILE_USER_ID)).isTrue();
+ systemListener, MANAGED_PROFILE_USER_ID)).isTrue();
assertThat(dpms.isNotificationListenerServicePermitted(
- nonSystemPackage, UserHandle.USER_SYSTEM)).isTrue();
+ nonSystemPackage, UserHandle.USER_SYSTEM)).isTrue();
assertThat(dpms.isNotificationListenerServicePermitted(
- systemListener, UserHandle.USER_SYSTEM)).isTrue();
+ systemListener, UserHandle.USER_SYSTEM)).isTrue();
// Setting an empty allowlist - only system listeners allowed in managed profile, but
// all allowed in primary profile
@@ -6313,13 +6321,13 @@
mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
assertThat(dpms.isNotificationListenerServicePermitted(
- nonSystemPackage, MANAGED_PROFILE_USER_ID)).isFalse();
+ nonSystemPackage, MANAGED_PROFILE_USER_ID)).isFalse();
assertThat(dpms.isNotificationListenerServicePermitted(
- systemListener, MANAGED_PROFILE_USER_ID)).isTrue();
+ systemListener, MANAGED_PROFILE_USER_ID)).isTrue();
assertThat(dpms.isNotificationListenerServicePermitted(
- nonSystemPackage, UserHandle.USER_SYSTEM)).isTrue();
+ nonSystemPackage, UserHandle.USER_SYSTEM)).isTrue();
assertThat(dpms.isNotificationListenerServicePermitted(
- systemListener, UserHandle.USER_SYSTEM)).isTrue();
+ systemListener, UserHandle.USER_SYSTEM)).isTrue();
}
@Test
@@ -6455,7 +6463,7 @@
if (admin1.getPackageName().equals(callerContext.getPackageName())) {
admin1Context = callerContext;
}
- when(admin1Context.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
+ when(admin1Context.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);
// caller: device admin or delegated certificate installer
callerContext.applicationInfo = new ApplicationInfo();
@@ -6528,7 +6536,7 @@
if (admin1.getPackageName().equals(callerContext.getPackageName())) {
admin1Context = callerContext;
}
- when(admin1Context.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
+ when(admin1Context.resources.getColor(anyInt(), any())).thenReturn(Color.WHITE);
// caller: device admin or delegated certificate installer
callerContext.applicationInfo = new ApplicationInfo();