1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.android.server.devicepolicy; 17 18 import android.annotation.UserIdInt; 19 import android.app.admin.DevicePolicyCache; 20 import android.app.admin.DevicePolicyManager; 21 import android.os.UserHandle; 22 import android.util.IndentingPrintWriter; 23 import android.util.SparseBooleanArray; 24 import android.util.SparseIntArray; 25 26 import com.android.internal.annotations.GuardedBy; 27 28 /** 29 * Implementation of {@link DevicePolicyCache}, to which {@link DevicePolicyManagerService} pushes 30 * policies. 31 * 32 * TODO Move other copies of policies into this class too. 33 */ 34 public class DevicePolicyCacheImpl extends DevicePolicyCache { 35 /** 36 * Lock object. For simplicity we just always use this as the lock. We could use each object 37 * as a lock object to make it more fine-grained, but that'd make copy-paste error-prone. 38 */ 39 private final Object mLock = new Object(); 40 41 /** 42 * Indicates which user is screen capture disallowed on. Can be {@link UserHandle#USER_NULL}, 43 * {@link UserHandle#USER_ALL} or a concrete user ID. 44 */ 45 @GuardedBy("mLock") 46 private int mScreenCaptureDisallowedUser = UserHandle.USER_NULL; 47 48 @GuardedBy("mLock") 49 private final SparseIntArray mPasswordQuality = new SparseIntArray(); 50 51 @GuardedBy("mLock") 52 private final SparseIntArray mPermissionPolicy = new SparseIntArray(); 53 54 /** Maps to {@code ActiveAdmin.mAdminCanGrantSensorsPermissions}. 55 * 56 * <p>For users affiliated with the device, they inherit the policy from {@code DO} so 57 * it will map to the {@code DO}'s policy. Otherwise it will map to the admin of the requesting 58 * user. 59 */ 60 @GuardedBy("mLock") 61 private final SparseBooleanArray mCanGrantSensorsPermissions = new SparseBooleanArray(); 62 onUserRemoved(int userHandle)63 public void onUserRemoved(int userHandle) { 64 synchronized (mLock) { 65 mPasswordQuality.delete(userHandle); 66 mPermissionPolicy.delete(userHandle); 67 mCanGrantSensorsPermissions.delete(userHandle); 68 } 69 } 70 71 @Override isScreenCaptureAllowed(int userHandle)72 public boolean isScreenCaptureAllowed(int userHandle) { 73 synchronized (mLock) { 74 return mScreenCaptureDisallowedUser != UserHandle.USER_ALL 75 && mScreenCaptureDisallowedUser != userHandle; 76 } 77 } 78 getScreenCaptureDisallowedUser()79 public int getScreenCaptureDisallowedUser() { 80 synchronized (mLock) { 81 return mScreenCaptureDisallowedUser; 82 } 83 } 84 setScreenCaptureDisallowedUser(int userHandle)85 public void setScreenCaptureDisallowedUser(int userHandle) { 86 synchronized (mLock) { 87 mScreenCaptureDisallowedUser = userHandle; 88 } 89 } 90 91 @Override getPasswordQuality(@serIdInt int userHandle)92 public int getPasswordQuality(@UserIdInt int userHandle) { 93 synchronized (mLock) { 94 return mPasswordQuality.get(userHandle, 95 DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED); 96 } 97 } 98 99 /** Updat the password quality cache for the given user */ setPasswordQuality(int userHandle, int quality)100 public void setPasswordQuality(int userHandle, int quality) { 101 synchronized (mLock) { 102 mPasswordQuality.put(userHandle, quality); 103 } 104 } 105 106 @Override getPermissionPolicy(@serIdInt int userHandle)107 public int getPermissionPolicy(@UserIdInt int userHandle) { 108 synchronized (mLock) { 109 return mPermissionPolicy.get(userHandle, 110 DevicePolicyManager.PERMISSION_POLICY_PROMPT); 111 } 112 } 113 114 /** Update the permission policy for the given user. */ setPermissionPolicy(@serIdInt int userHandle, int policy)115 public void setPermissionPolicy(@UserIdInt int userHandle, int policy) { 116 synchronized (mLock) { 117 mPermissionPolicy.put(userHandle, policy); 118 } 119 } 120 121 @Override canAdminGrantSensorsPermissionsForUser(@serIdInt int userId)122 public boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userId) { 123 synchronized (mLock) { 124 return mCanGrantSensorsPermissions.get(userId, false); 125 } 126 } 127 128 /** Sets ahmin control over permission grants for user. */ setAdminCanGrantSensorsPermissions(@serIdInt int userId, boolean canGrant)129 public void setAdminCanGrantSensorsPermissions(@UserIdInt int userId, boolean canGrant) { 130 synchronized (mLock) { 131 mCanGrantSensorsPermissions.put(userId, canGrant); 132 } 133 } 134 135 /** Dump content */ dump(IndentingPrintWriter pw)136 public void dump(IndentingPrintWriter pw) { 137 pw.println("Device policy cache:"); 138 pw.increaseIndent(); 139 pw.println("Screen capture disallowed user: " + mScreenCaptureDisallowedUser); 140 pw.println("Password quality: " + mPasswordQuality.toString()); 141 pw.println("Permission policy: " + mPermissionPolicy.toString()); 142 pw.println("Admin can grant sensors permission: " 143 + mCanGrantSensorsPermissions.toString()); 144 pw.decreaseIndent(); 145 } 146 } 147