From c29f62c7388f550da2c7368c5dbc0aec7d1564fe Mon Sep 17 00:00:00 2001 From: Makoto Onuki Date: Tue, 7 Jun 2016 12:19:46 -0700 Subject: [PATCH] Push DO/PO package names from DPMS to PM Bug 29126573 Change-Id: I95ea1559f6acf5d2f0e1b0953568cdfc938e83b9 --- .../app/admin/DevicePolicyManagerInternal.java | 12 --- .../android/content/pm/PackageManagerInternal.java | 13 ++++ .../android/server/am/ActivityManagerService.java | 11 +-- .../android/server/pm/PackageManagerService.java | 28 +++++-- .../com/android/server/pm/ProtectedPackages.java | 89 ++++++++++++++++++++++ .../devicepolicy/DevicePolicyManagerService.java | 23 +----- .../com/android/server/devicepolicy/Owners.java | 24 +++++- .../DevicePolicyManagerServiceTestable.java | 4 +- 8 files changed, 153 insertions(+), 51 deletions(-) create mode 100644 services/core/java/com/android/server/pm/ProtectedPackages.java diff --git a/core/java/android/app/admin/DevicePolicyManagerInternal.java b/core/java/android/app/admin/DevicePolicyManagerInternal.java index 54a2f7aff7d6..e98bb7e7a9fd 100644 --- a/core/java/android/app/admin/DevicePolicyManagerInternal.java +++ b/core/java/android/app/admin/DevicePolicyManagerInternal.java @@ -17,7 +17,6 @@ package android.app.admin; import android.content.Intent; -import android.os.UserHandle; import java.util.List; @@ -74,17 +73,6 @@ public abstract class DevicePolicyManagerInternal { public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy); /** - * Checks if a given package has a device or a profile owner for the given user. - *

- * Note: does not support negative userIds like {@link UserHandle#USER_ALL} - * - * @param packageName The package to check - * @param userId the userId to check for. - * @return true if package has a device or profile owner, false otherwise. - */ - public abstract boolean hasDeviceOwnerOrProfileOwner(String packageName, int userId); - - /** * Creates an intent to show the admin support dialog to let the user know that the package is * suspended by the admin. This assumes that {@param packageName} is suspended by the * device/profile owner. The caller should check if the package is suspended or not. diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java index 13ebb823bd78..14f7727e61a0 100644 --- a/core/java/android/content/pm/PackageManagerInternal.java +++ b/core/java/android/content/pm/PackageManagerInternal.java @@ -18,6 +18,7 @@ package android.content.pm; import android.content.ComponentName; import android.content.pm.PackageManager.NameNotFoundException; +import android.util.SparseArray; import java.util.List; @@ -147,4 +148,16 @@ public abstract class PackageManagerInternal { */ public abstract ComponentName getHomeActivitiesAsUser(List allHomeCandidates, int userId); + + /** + * Called by DeviceOwnerManagerService to set the package names of device owner and profile + * owners. + */ + public abstract void setDeviceAndProfileOwnerPackages( + int deviceOwnerUserId, String deviceOwner, SparseArray profileOwners); + + /** + * Whether a package's data be cleared. + */ + public abstract boolean canPackageBeWiped(int userId, String packageName); } diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index 32aeea809b87..109a80c5b014 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -5374,17 +5374,18 @@ public final class ActivityManagerService extends ActivityManagerNative userId = mUserController.handleIncomingUser(pid, uid, userId, false, ALLOW_FULL_ONLY, "clearApplicationUserData", null); - final DevicePolicyManagerInternal dpmi = LocalServices - .getService(DevicePolicyManagerInternal.class); - if (dpmi != null && dpmi.hasDeviceOwnerOrProfileOwner(packageName, userId)) { - throw new SecurityException("Cannot clear data for a device owner or a profile owner"); - } long callingId = Binder.clearCallingIdentity(); try { IPackageManager pm = AppGlobals.getPackageManager(); int pkgUid = -1; synchronized(this) { + if (getPackageManagerInternalLocked().canPackageBeWiped( + userId, packageName)) { + throw new SecurityException( + "Cannot clear data for a device owner or a profile owner"); + } + try { pkgUid = pm.getPackageUid(packageName, MATCH_UNINSTALLED_PACKAGES, userId); } catch (RemoteException e) { diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 27ca62af5955..e71758c15628 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -102,11 +102,11 @@ import static com.android.server.pm.PermissionsState.PERMISSION_OPERATION_SUCCES import android.Manifest; import android.annotation.NonNull; import android.annotation.Nullable; +import android.annotation.UserIdInt; import android.app.ActivityManager; import android.app.ActivityManagerNative; import android.app.IActivityManager; import android.app.ResourcesManager; -import android.app.admin.DevicePolicyManagerInternal; import android.app.admin.IDevicePolicyManager; import android.app.admin.SecurityLog; import android.app.backup.IBackupManager; @@ -622,6 +622,8 @@ public class PackageManagerService extends IPackageManager.Stub { @GuardedBy("mPackages") final ArraySet mFrozenPackages = new ArraySet<>(); + final ProtectedPackages mProtectedPackages = new ProtectedPackages(); + boolean mRestoredSettings; // System configuration read by SystemConfig. @@ -16396,9 +16398,7 @@ public class PackageManagerService extends IPackageManager.Stub { enforceCrossUserPermission(Binder.getCallingUid(), userId, true /* requireFullPermission */, false /* checkShell */, "clear application data"); - final DevicePolicyManagerInternal dpmi = LocalServices - .getService(DevicePolicyManagerInternal.class); - if (dpmi != null && dpmi.hasDeviceOwnerOrProfileOwner(packageName, userId)) { + if (mProtectedPackages.canPackageBeWiped(userId, packageName)) { throw new SecurityException("Cannot clear data for a device owner or a profile owner"); } // Queue up an async operation since the package deletion may take a little while. @@ -17725,10 +17725,8 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); + Binder.getCallingPid() + ", uid=" + uid + ", package uid=" + pkgSetting.appId); } - // Don't allow changing profile and device owners. Calling into DPMS, so no locking. - final DevicePolicyManagerInternal dpmi = LocalServices - .getService(DevicePolicyManagerInternal.class); - if (dpmi != null && dpmi.hasDeviceOwnerOrProfileOwner(packageName, userId)) { + // Don't allow changing profile and device owners. + if (mProtectedPackages.canPackageStateBeChanged(userId, packageName)) { throw new SecurityException("Cannot disable a device owner or a profile owner"); } } @@ -20825,6 +20823,20 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName()); int userId) { return PackageManagerService.this.getHomeActivitiesAsUser(allHomeCandidates, userId); } + + @Override + public void setDeviceAndProfileOwnerPackages( + int deviceOwnerUserId, String deviceOwnerPackage, + SparseArray profileOwnerPackages) { + mProtectedPackages.setDeviceAndProfileOwnerPackages( + deviceOwnerUserId, deviceOwnerPackage, profileOwnerPackages); + } + + @Override + public boolean canPackageBeWiped(int userId, String packageName) { + return mProtectedPackages.canPackageBeWiped(userId, + packageName); + } } @Override diff --git a/services/core/java/com/android/server/pm/ProtectedPackages.java b/services/core/java/com/android/server/pm/ProtectedPackages.java new file mode 100644 index 000000000000..7bdea181473e --- /dev/null +++ b/services/core/java/com/android/server/pm/ProtectedPackages.java @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.pm; + +import android.annotation.UserIdInt; +import android.os.UserHandle; +import android.util.SparseArray; + +/** + * Manages package names that need special protection. + * + * TODO: This class should persist the information by itself, and also keeps track of device admin + * packages for all users. Then PMS.isPackageDeviceAdmin() should use it instead of talking + * to DPMS. + */ +public class ProtectedPackages { + @UserIdInt + private int mDeviceOwnerUserId; + + private String mDeviceOwnerPackage; + + private SparseArray mProfileOwnerPackages; + + private final Object mLock = new Object(); + + /** + * Sets the device/profile owner information. + */ + public void setDeviceAndProfileOwnerPackages( + int deviceOwnerUserId, String deviceOwnerPackage, + SparseArray profileOwnerPackages) { + synchronized (mLock) { + mDeviceOwnerUserId = deviceOwnerUserId; + mDeviceOwnerPackage = + (deviceOwnerUserId == UserHandle.USER_NULL) ? null : deviceOwnerPackage; + mProfileOwnerPackages = (profileOwnerPackages == null) ? null + : profileOwnerPackages.clone(); + } + } + + private boolean hasDeviceOwnerOrProfileOwner(int userId, String packageName) { + if (packageName == null) { + return false; + } + synchronized (mLock) { + if (mDeviceOwnerPackage != null) { + if ((mDeviceOwnerUserId == userId) + && (packageName.equals(mDeviceOwnerPackage))) { + return true; + } + } + if (mProfileOwnerPackages != null) { + if (packageName.equals(mProfileOwnerPackages.get(userId))) { + return true; + } + } + } + return false; + } + + /** + * Whether a package or the components in a package's enabled state can be changed + * by other callers than itself. + */ + public boolean canPackageStateBeChanged(@UserIdInt int userId, String packageName) { + return hasDeviceOwnerOrProfileOwner(userId, packageName); + } + + /** + * Whether a package's data be cleared. + */ + public boolean canPackageBeWiped(@UserIdInt int userId, String packageName) { + return hasDeviceOwnerOrProfileOwner(userId, packageName); + } +} diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index 9a7e64b3a923..4692a57406d1 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -1338,7 +1338,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } Owners newOwners() { - return new Owners(mContext, getUserManager(), getUserManagerInternal()); + return new Owners(getUserManager(), getUserManagerInternal(), + getPackageManagerInternal()); } UserManager getUserManager() { @@ -8134,26 +8135,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override - public boolean hasDeviceOwnerOrProfileOwner(String packageName, int userId) { - if (!mHasFeature || packageName == null) { - return false; - } - if (userId < 0) { - throw new UnsupportedOperationException("userId should be >= 0"); - } - synchronized (DevicePolicyManagerService.this) { - if (packageName.equals(mOwners.getProfileOwnerPackage(userId))) { - return true; - } - if (userId == mOwners.getDeviceOwnerUserId() - && packageName.equals(mOwners.getDeviceOwnerPackageName())) { - return true; - } - } - return false; - } - - @Override public Intent createPackageSuspendedDialogIntent(String packageName, int userId) { Intent intent = new Intent(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS); intent.putExtra(Intent.EXTRA_USER_ID, userId); diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java index b316cbd96453..cb39ebd0e3b0 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/Owners.java @@ -19,6 +19,7 @@ package com.android.server.devicepolicy; import android.app.admin.SystemUpdatePolicy; import android.content.ComponentName; import android.content.Context; +import android.content.pm.PackageManagerInternal; import android.content.pm.UserInfo; import android.os.Environment; import android.os.UserHandle; @@ -28,6 +29,7 @@ import android.util.ArrayMap; import android.util.AtomicFile; import android.util.Log; import android.util.Slog; +import android.util.SparseArray; import android.util.Xml; import com.android.internal.util.FastXmlSerializer; @@ -86,6 +88,7 @@ class Owners { private final UserManager mUserManager; private final UserManagerInternal mUserManagerInternal; + private final PackageManagerInternal mPackageManagerInternal; // Internal state for the device owner package. private OwnerInfo mDeviceOwner; @@ -98,10 +101,12 @@ class Owners { // Local system update policy controllable by device owner. private SystemUpdatePolicy mSystemUpdatePolicy; - public Owners(Context context, UserManager userManager, - UserManagerInternal userManagerInternal) { + public Owners(UserManager userManager, + UserManagerInternal userManagerInternal, + PackageManagerInternal packageManagerInternal) { mUserManager = userManager; mUserManagerInternal = userManagerInternal; + mPackageManagerInternal = packageManagerInternal; } /** @@ -145,6 +150,17 @@ class Owners { Slog.w(TAG, String.format("User %d has both DO and PO, which is not supported", getDeviceOwnerUserId())); } + pushToPackageManager(); + } + + private void pushToPackageManager() { + final SparseArray po = new SparseArray<>(); + for (int i = mProfileOwners.size() - 1; i >= 0; i--) { + po.put(mProfileOwners.keyAt(i), mProfileOwners.valueAt(i).packageName); + } + mPackageManagerInternal.setDeviceAndProfileOwnerPackages( + mDeviceOwnerUserId, (mDeviceOwner != null ? mDeviceOwner.packageName : null), + po); } String getDeviceOwnerPackageName() { @@ -190,6 +206,7 @@ class Owners { mDeviceOwnerUserId = userId; mUserManagerInternal.setDeviceManaged(true); + pushToPackageManager(); } void clearDeviceOwner() { @@ -197,6 +214,7 @@ class Owners { mDeviceOwnerUserId = UserHandle.USER_NULL; mUserManagerInternal.setDeviceManaged(false); + pushToPackageManager(); } void setProfileOwner(ComponentName admin, String ownerName, int userId) { @@ -205,11 +223,13 @@ class Owners { /* userRestrictionsMigrated =*/ true, /* remoteBugreportUri =*/ null, /* remoteBugreportHash =*/ null)); mUserManagerInternal.setUserManaged(userId, true); + pushToPackageManager(); } void removeProfileOwner(int userId) { mProfileOwners.remove(userId); mUserManagerInternal.setUserManaged(userId, false); + pushToPackageManager(); } ComponentName getProfileOwnerComponent(int userId) { diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java index 744443f1d7e7..6cb4a8238727 100644 --- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java +++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java @@ -28,10 +28,8 @@ import android.os.PowerManagerInternal; import android.os.UserHandle; import android.os.UserManager; import android.os.UserManagerInternal; -import android.os.storage.StorageManager; import android.telephony.TelephonyManager; import android.util.ArrayMap; -import android.util.Log; import android.util.Pair; import android.view.IWindowManager; @@ -57,7 +55,7 @@ public class DevicePolicyManagerServiceTestable extends DevicePolicyManagerServi private final File mProfileOwnerBase; public OwnersTestable(DpmMockContext context) { - super(context, context.userManager, context.userManagerInternal); + super(context.userManager, context.userManagerInternal, context.packageManagerInternal); mLegacyFile = new File(context.dataDir, LEGACY_FILE); mDeviceOwnerFile = new File(context.dataDir, DEVICE_OWNER_FILE); mProfileOwnerBase = new File(context.dataDir, PROFILE_OWNER_FILE_BASE); -- 2.11.0