Merge "Require delegated cert installer and app restriction manager to exist" into nyc-dev

2016-02-10 16:29:34 +00:00
parent aa31c68d53 f03d0a6bfc
commit 1f3895b9d9
2 changed files with 30 additions and 7 deletions
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -2570,6 +2570,11 @@ public class DevicePolicyManager {
     * Delegated certificate installer is a per-user state. The delegated access is persistent until
     * it is later cleared by calling this method with a null value or uninstallling the certificate
     * installer.
+     *<p>
+     * <b>Note:</b>Starting from {@link android.os.Build.VERSION_CODES#N}, if the caller
+     * application's target SDK version is {@link android.os.Build.VERSION_CODES#N} or newer, the
+     * supplied certificate installer package must be installed when calling this API,
+     * otherwise an {@link IllegalArgumentException} will be thrown.
     *
     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
     * @param installerPackage The package name of the certificate installer which will be given
@@ -3650,6 +3655,9 @@ public class DevicePolicyManager {
     * <p>
     * This permission is persistent until it is later cleared by calling this method with a
     * {@code null} value or uninstalling the managing package.
+     * <p>
+     * The supplied application restriction managing package must be installed when calling this
+     * API, otherwise an {@link IllegalArgumentException} will be thrown.
     *
     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.
     * @param packageName The package name which will be given access to application restrictions
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -32,6 +32,7 @@ import android.Manifest.permission;
 import android.accessibilityservice.AccessibilityServiceInfo;
 import android.accounts.AccountManager;
 import android.annotation.NonNull;
+import android.annotation.Nullable;
 import android.app.Activity;
 import android.app.ActivityManager;
 import android.app.ActivityManagerNative;
@@ -2841,16 +2842,16 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
        }
    }

-    private boolean isAdminApiLevelMOrBelow(@NonNull ComponentName who, int userHandle) {
-        DeviceAdminInfo adminInfo = findAdmin(who, userHandle, false);
-        return adminInfo.getActivityInfo().applicationInfo.targetSdkVersion
-                <= Build.VERSION_CODES.M;
-    }
-
    @Override
    public boolean isSeparateProfileChallengeAllowed(int userHandle) {
        ComponentName profileOwner = getProfileOwner(userHandle);
-        return profileOwner != null && !isAdminApiLevelMOrBelow(profileOwner, userHandle);
+        try {
+            // Profile challenge is supported on N or newer release.
+            return profileOwner != null &&
+                    getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M;
+        } catch (RemoteException e) {
+            return false;
+        }
    }

    @Override
@@ -4195,6 +4196,16 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
        int userHandle = UserHandle.getCallingUserId();
        synchronized (this) {
            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+            try {
+                if (getTargetSdk(who.getPackageName(), userHandle) >= Build.VERSION_CODES.N) {
+                    if (installerPackage != null &&
+                            !isPackageInstalledForUser(installerPackage, userHandle)) {
+                        throw new IllegalArgumentException("Package " + installerPackage
+                                + " is not installed on the current user");
+                    }
+                }
+            } catch (RemoteException e) {
+            }
            DevicePolicyData policy = getUserData(userHandle);
            policy.mDelegatedCertInstallerPackage = installerPackage;
            saveSettingsLocked(userHandle);
@@ -6096,6 +6107,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
        final int userHandle = mInjector.userHandleGetCallingUserId();
        synchronized (this) {
            getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
+            if (packageName != null && !isPackageInstalledForUser(packageName, userHandle)) {
+                throw new IllegalArgumentException("Package " + packageName + " is not installed "
+                        + "on the current user");
+            }
            DevicePolicyData policy = getUserData(userHandle);
            policy.mApplicationRestrictionsManagingPackage = packageName;
            saveSettingsLocked(userHandle);