DPM: Notify DO/PO of security updates.
We add a variant of notifyPendingSystemUpdate method which takes an
additional isSecurityPatch boolean flag. This information, if available,
will be persisted and available to device and profile owners when they
call getPendingSystemUpdate method.
Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.DeviceOwnerTest#testPendingSystemUpdate
Test: gts-tradefed run gts -m GtsGmscoreHostTestCases -t com.google.android.gts.devicepolicy.ManagedProfileTest#testPendingSystemUpdate
Bug: 33102479
Bug: 30961046
Change-Id: If3f1b765bb18a359836ac43ac9a0a9f29e9f8428
diff --git a/core/java/android/app/admin/DevicePolicyManager.java b/core/java/android/app/admin/DevicePolicyManager.java
index b8bc7f1..0da89eb 100644
--- a/core/java/android/app/admin/DevicePolicyManager.java
+++ b/core/java/android/app/admin/DevicePolicyManager.java
@@ -1438,6 +1438,7 @@
}
return false;
}
+
/**
* Return true if the given administrator component is currently being removed
* for the user.
@@ -1454,7 +1455,6 @@
return false;
}
-
/**
* Return a list of all currently active device administrators' component
* names. If there are no administrators {@code null} may be
@@ -6199,12 +6199,18 @@
}
/**
- * Callable by the system update service to notify device owners about pending updates.
- * The caller must hold {@link android.Manifest.permission#NOTIFY_PENDING_SYSTEM_UPDATE}
- * permission.
+ * Called by the system update service to notify device and profile owners of pending system
+ * updates.
*
- * @param updateReceivedTime The time as given by {@link System#currentTimeMillis()} indicating
- * when the current pending update was first available. -1 if no update is available.
+ * The caller must hold {@link android.Manifest.permission#NOTIFY_PENDING_SYSTEM_UPDATE}
+ * permission. This method should only be used when it is unknown whether the pending system
+ * update is a security patch. Otherwise, use
+ * {@link #notifyPendingSystemUpdate(long, boolean)}.
+ *
+ * @param updateReceivedTime The time as given by {@link System#currentTimeMillis()}
+ * indicating when the current pending update was first available. {@code -1} if no
+ * update is available.
+ * @see #notifyPendingSystemUpdate(long, boolean)
* @hide
*/
@SystemApi
@@ -6212,7 +6218,36 @@
throwIfParentInstance("notifyPendingSystemUpdate");
if (mService != null) {
try {
- mService.notifyPendingSystemUpdate(updateReceivedTime);
+ mService.notifyPendingSystemUpdate(SystemUpdateInfo.of(updateReceivedTime));
+ } catch (RemoteException re) {
+ throw re.rethrowFromSystemServer();
+ }
+ }
+ }
+
+ /**
+ * Called by the system update service to notify device and profile owners of pending system
+ * updates.
+ *
+ * The caller must hold {@link android.Manifest.permission#NOTIFY_PENDING_SYSTEM_UPDATE}
+ * permission. This method should be used instead of {@link #notifyPendingSystemUpdate(long)}
+ * when it is known whether the pending system update is a security patch.
+ *
+ * @param updateReceivedTime The time as given by {@link System#currentTimeMillis()}
+ * indicating when the current pending update was first available. {@code -1} if no
+ * update is available.
+ * @param isSecurityPatch {@code true} if this system update is purely a security patch;
+ * {@code false} if not.
+ * @see #notifyPendingSystemUpdate(long)
+ * @hide
+ */
+ @SystemApi
+ public void notifyPendingSystemUpdate(long updateReceivedTime, boolean isSecurityPatch) {
+ throwIfParentInstance("notifyPendingSystemUpdate");
+ if (mService != null) {
+ try {
+ mService.notifyPendingSystemUpdate(SystemUpdateInfo.of(updateReceivedTime,
+ isSecurityPatch));
} catch (RemoteException re) {
throw re.rethrowFromSystemServer();
}