Merge "Reaaply policies on reboot" into udc-dev
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java
index 1027b31..415440b 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java
@@ -1017,8 +1017,12 @@
int userId = user.id;
// Apply local policies present on parent to newly created child profile.
UserInfo parentInfo = mUserManager.getProfileParent(userId);
- if (parentInfo == null || parentInfo.getUserHandle().getIdentifier() == userId) return;
-
+ if (parentInfo == null || parentInfo.getUserHandle().getIdentifier() == userId) {
+ return;
+ }
+ if (!mLocalPolicies.contains(parentInfo.getUserHandle().getIdentifier())) {
+ return;
+ }
for (Map.Entry<PolicyKey, PolicyState<?>> entry : mLocalPolicies.get(
parentInfo.getUserHandle().getIdentifier()).entrySet()) {
enforcePolicyOnUser(userId, entry.getValue());
@@ -1242,6 +1246,31 @@
synchronized (mLock) {
clear();
new DevicePoliciesReaderWriter().readFromFileLocked();
+ reapplyAllPolicies();
+ }
+ }
+
+ private <V> void reapplyAllPolicies() {
+ for (PolicyKey policy : mGlobalPolicies.keySet()) {
+ PolicyState<?> policyState = mGlobalPolicies.get(policy);
+ // Policy definition and value will always be of the same type
+ PolicyDefinition<V> policyDefinition =
+ (PolicyDefinition<V>) policyState.getPolicyDefinition();
+ PolicyValue<V> policyValue = (PolicyValue<V>) policyState.getCurrentResolvedPolicy();
+ enforcePolicy(policyDefinition, policyValue, UserHandle.USER_ALL);
+ }
+ for (int i = 0; i < mLocalPolicies.size(); i++) {
+ int userId = mLocalPolicies.keyAt(i);
+ for (PolicyKey policy : mLocalPolicies.get(userId).keySet()) {
+ PolicyState<?> policyState = mLocalPolicies.get(userId).get(policy);
+ // Policy definition and value will always be of the same type
+ PolicyDefinition<V> policyDefinition =
+ (PolicyDefinition<V>) policyState.getPolicyDefinition();
+ PolicyValue<V> policyValue =
+ (PolicyValue<V>) policyState.getCurrentResolvedPolicy();
+ enforcePolicy(policyDefinition, policyValue, userId);
+
+ }
}
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 4566b3b..d4ab7d3 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2131,7 +2131,7 @@
mUserManagerInternal.addUserLifecycleListener(new UserLifecycleListener());
mDeviceManagementResourcesProvider.load();
- if (isPermissionCheckFlagEnabled()) {
+ if (isPermissionCheckFlagEnabled() || isPolicyEngineForFinanceFlagEnabled()) {
mDevicePolicyEngine.load();
}
@@ -3280,8 +3280,10 @@
policy.validatePasswordOwner();
updateMaximumTimeToLockLocked(userHandle);
- updateLockTaskPackagesLocked(mContext, policy.mLockTaskPackages, userHandle);
- updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle);
+ if (!isPolicyEngineForFinanceFlagEnabled()) {
+ updateLockTaskPackagesLocked(mContext, policy.mLockTaskPackages, userHandle);
+ updateLockTaskFeaturesLocked(policy.mLockTaskFeatures, userHandle);
+ }
if (policy.mStatusBarDisabled) {
setStatusBarDisabledInternal(policy.mStatusBarDisabled, userHandle);
}
@@ -3593,7 +3595,7 @@
}
startOwnerService(userId, "start-user");
- if (isPermissionCheckFlagEnabled()) {
+ if (isPermissionCheckFlagEnabled() || isPolicyEngineForFinanceFlagEnabled()) {
mDevicePolicyEngine.handleStartUser(userId);
}
}
@@ -3620,7 +3622,7 @@
void handleUnlockUser(int userId) {
startOwnerService(userId, "unlock-user");
- if (isPermissionCheckFlagEnabled()) {
+ if (isPermissionCheckFlagEnabled() || isPolicyEngineForFinanceFlagEnabled()) {
mDevicePolicyEngine.handleUnlockUser(userId);
}
}
@@ -3632,7 +3634,7 @@
void handleStopUser(int userId) {
updateNetworkPreferenceForUser(userId, List.of(PreferentialNetworkServiceConfig.DEFAULT));
mDeviceAdminServiceController.stopServicesForUser(userId, /* actionForLog= */ "stop-user");
- if (isPermissionCheckFlagEnabled()) {
+ if (isPermissionCheckFlagEnabled() || isPolicyEngineForFinanceFlagEnabled()) {
mDevicePolicyEngine.handleStopUser(userId);
}
}
@@ -10247,7 +10249,9 @@
policy.mUserProvisioningState = DevicePolicyManager.STATE_USER_UNMANAGED;
policy.mAffiliationIds.clear();
policy.mLockTaskPackages.clear();
- updateLockTaskPackagesLocked(mContext, policy.mLockTaskPackages, userId);
+ if (!isPolicyEngineForFinanceFlagEnabled()) {
+ updateLockTaskPackagesLocked(mContext, policy.mLockTaskPackages, userId);
+ }
policy.mLockTaskFeatures = DevicePolicyManager.LOCK_TASK_FEATURE_NONE;
saveSettingsLocked(userId);
@@ -11037,7 +11041,7 @@
return false;
}
- if (!isPermissionCheckFlagEnabled()) {
+ if (!isPermissionCheckFlagEnabled() && !isPolicyEngineForFinanceFlagEnabled()) {
// TODO: Figure out if something like this needs to be restored for policy engine
final ComponentName profileOwner = getProfileOwnerAsUser(userId);
if (profileOwner == null) {
@@ -14918,6 +14922,7 @@
}
final List<String> lockTaskPackages = getUserData(userId).mLockTaskPackages;
+ // TODO(b/278438525): handle in the policy engine
if (!lockTaskPackages.isEmpty()) {
Slogf.d(LOG_TAG,
"User id " + userId + " not affiliated. Clearing lock task packages");