Clean up app restrictions when removing DO or PO
+ don't send broadcast when clearing already empty restrictions.
Bug: 149075700
Test: manual, set TestDPC as a DO, set restriction, remove DO.
Test: manual, set TestDPC in COMP, set restriction, migrate to COPE.
Change-Id: Ib85ee3937c43cde1cca0dad8117cd0f8dd642fd8
diff --git a/services/core/java/com/android/server/pm/UserManagerService.java b/services/core/java/com/android/server/pm/UserManagerService.java
index fc70af4..c716fce 100644
--- a/services/core/java/com/android/server/pm/UserManagerService.java
+++ b/services/core/java/com/android/server/pm/UserManagerService.java
@@ -3153,13 +3153,17 @@
/**
* Removes the app restrictions file for a specific package and user id, if it exists.
+ *
+ * @return whether there were any restrictions.
*/
- private static void cleanAppRestrictionsForPackageLAr(String pkg, @UserIdInt int userId) {
- File dir = Environment.getUserSystemDirectory(userId);
- File resFile = new File(dir, packageToRestrictionsFileName(pkg));
+ private static boolean cleanAppRestrictionsForPackageLAr(String pkg, @UserIdInt int userId) {
+ final File dir = Environment.getUserSystemDirectory(userId);
+ final File resFile = new File(dir, packageToRestrictionsFileName(pkg));
if (resFile.exists()) {
resFile.delete();
+ return true;
}
+ return false;
}
/**
@@ -4003,17 +4007,24 @@
if (restrictions != null) {
restrictions.setDefusable(true);
}
+ final boolean changed;
synchronized (mAppRestrictionsLock) {
if (restrictions == null || restrictions.isEmpty()) {
- cleanAppRestrictionsForPackageLAr(packageName, userId);
+ changed = cleanAppRestrictionsForPackageLAr(packageName, userId);
} else {
// Write the restrictions to XML
writeApplicationRestrictionsLAr(packageName, restrictions, userId);
+ // TODO(b/154323615): avoid unnecessary broadcast when there is no change.
+ changed = true;
}
}
+ if (!changed) {
+ return;
+ }
+
// Notify package of changes via an intent - only sent to explicitly registered receivers.
- Intent changeIntent = new Intent(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED);
+ final Intent changeIntent = new Intent(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED);
changeIntent.setPackage(packageName);
changeIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
mContext.sendBroadcastAsUser(changeIntent, UserHandle.of(userId));
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 2c0d4c0..dfe76cb 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -2703,7 +2703,6 @@
final ComponentName doAdminReceiver = doAdmin.info.getComponent();
clearDeviceOwnerLocked(doAdmin, doUserId);
Slog.i(LOG_TAG, "Removing admin artifacts...");
- // TODO(b/149075700): Clean up application restrictions in UserManager.
removeAdminArtifacts(doAdminReceiver, doUserId);
Slog.i(LOG_TAG, "Migration complete.");
@@ -8766,6 +8765,7 @@
saveSettingsLocked(UserHandle.USER_SYSTEM);
clearUserPoliciesLocked(userId);
clearOverrideApnUnchecked();
+ clearApplicationRestrictions(userId);
mOwners.clearDeviceOwner();
mOwners.writeDeviceOwner();
@@ -8779,6 +8779,19 @@
toggleBackupServiceActive(UserHandle.USER_SYSTEM, true);
}
+ private void clearApplicationRestrictions(int userId) {
+ // Changing app restrictions involves disk IO, offload it to the background thread.
+ mBackgroundHandler.post(() -> {
+ final List<PackageInfo> installedPackageInfos = mInjector.getPackageManager(userId)
+ .getInstalledPackages(MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE);
+ final UserHandle userHandle = UserHandle.of(userId);
+ for (final PackageInfo packageInfo : installedPackageInfos) {
+ mInjector.getUserManager().setApplicationRestrictions(
+ packageInfo.packageName, null /* restrictions */, userHandle);
+ }
+ });
+ }
+
@Override
public boolean setProfileOwner(ComponentName who, String ownerName, int userHandle) {
if (!mHasFeature) {
@@ -8898,6 +8911,7 @@
policyData.mOwnerInstalledCaCerts.clear();
saveSettingsLocked(userId);
clearUserPoliciesLocked(userId);
+ clearApplicationRestrictions(userId);
mOwners.removeProfileOwner(userId);
mOwners.writeProfileOwner(userId);
deleteTransferOwnershipBundleLocked(userId);
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java
index 74e7f8c..a0b9d9d 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceMigrationTest.java
@@ -62,6 +62,10 @@
mContext = getContext();
+ // Make createContextAsUser to work.
+ mContext.packageName = "com.android.frameworks.servicestests";
+ getServices().addPackageContext(UserHandle.of(0), mContext);
+
when(getServices().packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
.thenReturn(true);
}
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 09d1d3a..57039e5 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -196,6 +196,11 @@
anyInt(),
any(UserHandle.class));
+ // Make createContextAsUser to work.
+ mContext.packageName = "com.android.frameworks.servicestests";
+ getServices().addPackageContext(UserHandle.of(0), mContext);
+ getServices().addPackageContext(UserHandle.of(DpmMockContext.CALLER_USER_HANDLE), mContext);
+
// By default, pretend all users are running and unlocked.
when(getServices().userManager.isUserUnlocked(anyInt())).thenReturn(true);
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
index 8625a1e..20716ab 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
@@ -460,6 +460,15 @@
}
@Override
+ public Context createContextAsUser(UserHandle user, int flags) {
+ try {
+ return mMockSystemServices.createPackageContextAsUser(packageName, flags, user);
+ } catch (PackageManager.NameNotFoundException e) {
+ throw new IllegalStateException(e);
+ }
+ }
+
+ @Override
public ContentResolver getContentResolver() {
return mMockSystemServices.contentResolver;
}
