Merge "Replace isAdb and enforceShell in DPMS"
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 9edd7fb..f9e06dc 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -3240,7 +3240,8 @@
return;
}
Objects.requireNonNull(adminReceiver, "ComponentName is null");
- enforceShell("forceRemoveActiveAdmin");
+ Preconditions.checkCallAuthorization(isAdb(getCallerIdentity()),
+ "Non-shell user attempted to call forceRemoveActiveAdmin");
mInjector.binderWithCleanCallingIdentity(() -> {
synchronized (getLockObject()) {
if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) {
@@ -3319,13 +3320,6 @@
return (admin != null) && admin.testOnlyAdmin;
}
- private void enforceShell(String method) {
- final int callingUid = mInjector.binderGetCallingUid();
- if (callingUid != Process.SHELL_UID && callingUid != Process.ROOT_UID) {
- throw new SecurityException("Non-shell user attempted to call " + method);
- }
- }
-
@Override
public void removeActiveAdmin(ComponentName adminReceiver, int userHandle) {
if (!mHasFeature) {
@@ -7255,10 +7249,10 @@
throw new IllegalArgumentException("Invalid component " + admin
+ " for device owner");
}
- final boolean hasIncompatibleAccountsOrNonAdb =
- hasIncompatibleAccountsOrNonAdbNoLock(userId, admin);
+
+ final CallerIdentity caller = getCallerIdentity();
synchronized (getLockObject()) {
- enforceCanSetDeviceOwnerLocked(admin, userId, hasIncompatibleAccountsOrNonAdb);
+ enforceCanSetDeviceOwnerLocked(caller, admin, userId);
final ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(admin, userId);
if (activeAdmin == null
|| getUserData(userId).mRemovingAdmins.contains(admin)) {
@@ -7267,7 +7261,7 @@
// Shutting down backup manager service permanently.
toggleBackupServiceActive(UserHandle.USER_SYSTEM, /* makeActive= */ false);
- if (isAdb()) {
+ if (isAdb(caller)) {
// Log device owner provisioning was started using adb.
MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_DEVICE_OWNER);
DevicePolicyEventLogger
@@ -7623,10 +7617,9 @@
+ " not installed for userId:" + userHandle);
}
- final boolean hasIncompatibleAccountsOrNonAdb =
- hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who);
+ final CallerIdentity caller = getCallerIdentity();
synchronized (getLockObject()) {
- enforceCanSetProfileOwnerLocked(who, userHandle, hasIncompatibleAccountsOrNonAdb);
+ enforceCanSetProfileOwnerLocked(caller, who, userHandle);
final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
if (admin == null || getUserData(userHandle).mRemovingAdmins.contains(who)) {
@@ -7644,7 +7637,7 @@
return false;
}
- if (isAdb()) {
+ if (isAdb(caller)) {
// Log profile owner provisioning was started using adb.
MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER);
DevicePolicyEventLogger
@@ -7837,6 +7830,7 @@
return;
}
+ final CallerIdentity caller = getCallerIdentity();
if (userHandle != mOwners.getDeviceOwnerUserId() && !mOwners.hasProfileOwner(userHandle)
&& getManagedUserId(userHandle) == -1) {
// No managed device, user or profile, so setting provisioning state makes no sense.
@@ -7848,7 +7842,7 @@
boolean transitionCheckNeeded = true;
// Calling identity/permission checks.
- if (isAdb()) {
+ if (isAdb(caller)) {
// ADB shell can only move directly from un-managed to finalized as part of directly
// setting profile-owner or device-owner.
if (getUserProvisioningState(userHandle) !=
@@ -8211,8 +8205,8 @@
* - SYSTEM_UID
* - adb unless hasIncompatibleAccountsOrNonAdb is true.
*/
- private void enforceCanSetProfileOwnerLocked(@Nullable ComponentName owner, int userHandle,
- boolean hasIncompatibleAccountsOrNonAdb) {
+ private void enforceCanSetProfileOwnerLocked(CallerIdentity caller,
+ @Nullable ComponentName owner, int userHandle) {
UserInfo info = getUserInfo(userHandle);
if (info == null) {
// User doesn't exist.
@@ -8230,9 +8224,9 @@
throw new IllegalStateException("Trying to set the profile owner, but the user "
+ "already has a device owner.");
}
- if (isAdb()) {
+ if (isAdb(caller)) {
if ((mIsWatch || hasUserSetupCompleted(userHandle))
- && hasIncompatibleAccountsOrNonAdb) {
+ && hasIncompatibleAccountsOrNonAdbNoLock(caller, userHandle, owner)) {
throw new IllegalStateException("Not allowed to set the profile owner because "
+ "there are already some accounts on the profile");
}
@@ -8271,16 +8265,15 @@
* The Device owner can only be set by adb or an app with the MANAGE_PROFILE_AND_DEVICE_OWNERS
* permission.
*/
- private void enforceCanSetDeviceOwnerLocked(@Nullable ComponentName owner,
- @UserIdInt int userId,
- boolean hasIncompatibleAccountsOrNonAdb) {
- if (!isAdb()) {
+ private void enforceCanSetDeviceOwnerLocked(CallerIdentity caller,
+ @Nullable ComponentName owner, @UserIdInt int userId) {
+ if (!isAdb(caller)) {
Preconditions.checkCallAuthorization(
hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));
}
- final int code = checkDeviceOwnerProvisioningPreConditionLocked(
- owner, userId, isAdb(), hasIncompatibleAccountsOrNonAdb);
+ final int code = checkDeviceOwnerProvisioningPreConditionLocked(owner, userId,
+ isAdb(caller), hasIncompatibleAccountsOrNonAdbNoLock(caller, userId, owner));
if (code != CODE_OK) {
throw new IllegalStateException(computeProvisioningErrorString(code, userId));
}
@@ -11668,7 +11661,8 @@
@Override
public void clearSystemUpdatePolicyFreezePeriodRecord() {
- enforceShell("clearSystemUpdatePolicyFreezePeriodRecord");
+ Preconditions.checkCallAuthorization(isAdb(getCallerIdentity()),
+ "Non-shell user attempted to call clearSystemUpdatePolicyFreezePeriodRecord");
synchronized (getLockObject()) {
// Print out current record to help diagnosed CTS failures
Slog.i(LOG_TAG, "Clear freeze period record: "
@@ -12578,23 +12572,23 @@
@Override
public void markProfileOwnerOnOrganizationOwnedDevice(ComponentName who, int userId) {
+ if (!mHasFeature) {
+ return;
+ }
// As the caller is the system, it must specify the component name of the profile owner
// as a safety check.
Objects.requireNonNull(who);
- if (!mHasFeature) {
- return;
- }
-
+ final CallerIdentity caller = getCallerIdentity();
// Only adb or system apps with the right permission can mark a profile owner on
// organization-owned device.
- if (!(isAdb() || hasCallingPermission(permission.MARK_DEVICE_ORGANIZATION_OWNED))) {
+ if (!(isAdb(caller) || hasCallingPermission(permission.MARK_DEVICE_ORGANIZATION_OWNED))) {
throw new SecurityException(
"Only the system can mark a profile owner of organization-owned device.");
}
- if (isAdb()) {
- if (hasIncompatibleAccountsOrNonAdbNoLock(userId, who)) {
+ if (isAdb(caller)) {
+ if (hasIncompatibleAccountsOrNonAdbNoLock(caller, userId, who)) {
throw new SecurityException(
"Can only be called from ADB if the device has no accounts.");
}
@@ -12915,7 +12909,8 @@
@Override
public long forceSecurityLogs() {
- enforceShell("forceSecurityLogs");
+ Preconditions.checkCallAuthorization(isAdb(getCallerIdentity()),
+ "Non-shell user attempted to call forceSecurityLogs");
if (!mInjector.securityLogGetLoggingEnabledProperty()) {
throw new IllegalStateException("logging is not available");
}
@@ -13283,9 +13278,9 @@
*
* DO NOT CALL IT WITH THE DPMS LOCK HELD.
*/
- private boolean hasIncompatibleAccountsOrNonAdbNoLock(
+ private boolean hasIncompatibleAccountsOrNonAdbNoLock(CallerIdentity caller,
int userId, @Nullable ComponentName owner) {
- if (!isAdb()) {
+ if (!isAdb(caller)) {
return true;
}
wtfIfInLock();
@@ -13340,9 +13335,8 @@
}
}
- private boolean isAdb() {
- final int callingUid = mInjector.binderGetCallingUid();
- return callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID;
+ private boolean isAdb(CallerIdentity caller) {
+ return isShellUid(caller) || isRootUid(caller);
}
@Override
@@ -13404,7 +13398,8 @@
@Override
public long forceNetworkLogs() {
- enforceShell("forceNetworkLogs");
+ Preconditions.checkCallAuthorization(isAdb(getCallerIdentity()),
+ "Non-shell user attempted to call forceNetworkLogs");
synchronized (getLockObject()) {
if (!isNetworkLoggingEnabledInternalLocked()) {
throw new IllegalStateException("logging is not available");