managedprovisioning/task/SetDevicePolicyTask.java

/*
 * Copyright 2014, The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.managedprovisioning.task;

import android.app.AppGlobals;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.pm.IPackageManager;
import android.content.pm.PackageManager;
import android.os.RemoteException;
import android.os.UserHandle;

import com.android.managedprovisioning.ProvisionLogger;
import com.android.managedprovisioning.Utils;

/**
 * This tasks sets a given component as the owner of the device. If provided it also sets a given
 * component as the device initializer, which can perform additional setup steps at the end of
 * provisioning before setting the device as provisioned.
 */
public class SetDevicePolicyTask {
    public static final int ERROR_PACKAGE_NOT_INSTALLED = 0;
    public static final int ERROR_NO_RECEIVER = 1;
    public static final int ERROR_OTHER = 2;

    private final Callback mCallback;
    private final Context mContext;
    private String mAdminPackage;
    private ComponentName mAdminComponent;
    private final String mOwnerName;
    private ComponentName mInitializerComponent;
    private String mInitializerPackageName;

    private PackageManager mPackageManager;
    private DevicePolicyManager mDevicePolicyManager;

    public SetDevicePolicyTask(Context context, String ownerName,
            ComponentName initializerComponent, Callback callback) {
        mCallback = callback;
        mContext = context;
        mOwnerName = ownerName;
        mInitializerComponent = initializerComponent;
        if (mInitializerComponent != null) {
            mInitializerPackageName = initializerComponent.getPackageName();
        }

        mPackageManager = mContext.getPackageManager();
        mDevicePolicyManager = (DevicePolicyManager) mContext.
                getSystemService(Context.DEVICE_POLICY_SERVICE);
    }

    public void run(ComponentName adminComponent) {
        try {
            mAdminComponent = adminComponent;
            mAdminPackage = mAdminComponent.getPackageName();

            enableDevicePolicyApp(mAdminPackage);
            setActiveAdmin(mAdminComponent);
            setDeviceOwner(mAdminPackage, mOwnerName);

            if (mInitializerComponent != null) {
                // For secondary users, set device owner package as profile owner as well, in order
                // to give it DO/PO privileges. This only applies if device initializer is present.
                if (!Utils.isCurrentUserOwner() && !Utils.isManagedProfile(mContext)) {
                    int userId = UserHandle.myUserId();
                    if (!mDevicePolicyManager.setProfileOwner(mAdminComponent, mAdminPackage,
                            userId)) {
                        ProvisionLogger.loge("Fail to set profile owner for user " + userId);
                        mCallback.onError(ERROR_OTHER);
                        return;
                    }
                }
                enableDevicePolicyApp(mInitializerPackageName);
                setActiveAdmin(mInitializerComponent);
                if (!setDeviceInitializer(mInitializerComponent)) {
                    // error reported in setDeviceInitializer
                    return;
                }

            }
        } catch (Exception e) {
            ProvisionLogger.loge("Failure setting device owner or initializer", e);
            mCallback.onError(ERROR_OTHER);
            return;
        }

        mCallback.onSuccess();
    }

    private void enableDevicePolicyApp(String packageName) {
        int enabledSetting = mPackageManager.getApplicationEnabledSetting(packageName);
        if (enabledSetting != PackageManager.COMPONENT_ENABLED_STATE_DEFAULT) {
            mPackageManager.setApplicationEnabledSetting(packageName,
                    PackageManager.COMPONENT_ENABLED_STATE_DEFAULT,
                    // Device policy app may have launched ManagedProvisioning, play nice and don't
                    // kill it as a side-effect of this call.
                    PackageManager.DONT_KILL_APP);
        }
    }

    public void setActiveAdmin(ComponentName component) {
        ProvisionLogger.logd("Setting " + component + " as active admin.");
        mDevicePolicyManager.setActiveAdmin(component, true);
    }

    public void setDeviceOwner(String packageName, String owner) {
        ProvisionLogger.logd("Setting " + packageName + " as device owner " + owner + ".");
        if (!mDevicePolicyManager.isDeviceOwner(packageName)) {
            mDevicePolicyManager.setDeviceOwner(packageName, owner);
        }
    }

    public boolean setDeviceInitializer(ComponentName component) {
        ProvisionLogger.logd("Setting " + component + " as device initializer.");
        if (!mDevicePolicyManager.isDeviceInitializerApp(component.getPackageName())) {
            mDevicePolicyManager.setDeviceInitializer(null, component);
        }
        IPackageManager pm = AppGlobals.getPackageManager();
        try {
            pm.setBlockUninstallForUser(component.getPackageName(), true,
                    UserHandle.getCallingUserId());
        } catch (RemoteException e) {
            ProvisionLogger.loge("Failed to block uninstall of device initializer app", e);
            mCallback.onError(ERROR_OTHER);
            return false;
        }
        return true;
    }

    public abstract static class Callback {
        public abstract void onSuccess();
        public abstract void onError(int errorCode);
    }
}