Add basic inversion lock detection to DPMS.
For now enable it on ENG builds only.
(I'll change the condition in master so I'll get WTFs from qt-release devices
too.)
This will detect calling into DPMS with the following locks held:
APP_OPS
POWER
USER
PACKAGES
STORAGE
WINDOW
ACTIVITY
DPMS
On marlin-eng pi-dev, each guard() takes ~25us.
LockGuard.guard(): count=7246, total=175.1ms, avg=0.024ms
Used the following command to ensure all locks are replaced.
$ grep synchronized /android/pi-dev/frameworks/base/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | sed -e 's/ *//' | uniq
Bug: 74553426
Test: Manual test with an intentional lock inversion.
Change-Id: Id59d562d7c275b6ea127a211284496f5d64f9f93
diff --git a/services/core/java/com/android/server/LockGuard.java b/services/core/java/com/android/server/LockGuard.java
index b744917..5ce16c4 100644
--- a/services/core/java/com/android/server/LockGuard.java
+++ b/services/core/java/com/android/server/LockGuard.java
@@ -16,10 +16,14 @@
package com.android.server;
+import android.annotation.Nullable;
+import android.text.TextUtils;
import android.util.ArrayMap;
import android.util.ArraySet;
import android.util.Slog;
+import com.android.internal.os.BackgroundThread;
+
import java.io.FileDescriptor;
import java.io.PrintWriter;
@@ -60,8 +64,6 @@
public class LockGuard {
private static final String TAG = "LockGuard";
- public static final boolean ENABLED = false;
-
/**
* Well-known locks ordered by fixed index. Locks with a specific index
* should never be acquired while holding a lock of a lower index.
@@ -73,8 +75,9 @@
public static final int INDEX_STORAGE = 4;
public static final int INDEX_WINDOW = 5;
public static final int INDEX_ACTIVITY = 6;
+ public static final int INDEX_DPMS = 7;
- private static Object[] sKnownFixed = new Object[INDEX_ACTIVITY + 1];
+ private static Object[] sKnownFixed = new Object[INDEX_DPMS + 1];
private static ArrayMap<Object, LockInfo> sKnown = new ArrayMap<>(0, true);
@@ -84,6 +87,9 @@
/** Child locks that can be acquired while this lock is already held */
public ArraySet<Object> children = new ArraySet<>(0, true);
+
+ /** If true, do wtf instead of a warning log. */
+ public boolean doWtf;
}
private static LockInfo findOrCreateLockInfo(Object lock) {
@@ -114,9 +120,9 @@
if (child == null) continue;
if (Thread.holdsLock(child)) {
- Slog.w(TAG, "Calling thread " + Thread.currentThread().getName() + " is holding "
- + lockToString(child) + " while trying to acquire "
- + lockToString(lock), new Throwable());
+ doLog(lock, "Calling thread " + Thread.currentThread().getName()
+ + " is holding " + lockToString(child) + " while trying to acquire "
+ + lockToString(lock));
triggered = true;
}
}
@@ -145,13 +151,30 @@
for (int i = 0; i < index; i++) {
final Object lock = sKnownFixed[i];
if (lock != null && Thread.holdsLock(lock)) {
- Slog.w(TAG, "Calling thread " + Thread.currentThread().getName() + " is holding "
- + lockToString(i) + " while trying to acquire "
- + lockToString(index), new Throwable());
+
+ // Note in this case sKnownFixed may not contain a lock at the given index,
+ // which is okay and in that case we just don't do a WTF.
+ final Object targetMayBeNull = sKnownFixed[index];
+ doLog(targetMayBeNull, "Calling thread " + Thread.currentThread().getName()
+ + " is holding " + lockToString(i) + " while trying to acquire "
+ + lockToString(index));
}
}
}
+ private static void doLog(@Nullable Object lock, String message) {
+ if (lock != null && findOrCreateLockInfo(lock).doWtf) {
+
+ // Don't want to call into ActivityManager with any lock held, so let's just call it
+ // from a new thread. We don't want to use known threads (e.g. BackgroundThread) either
+ // because they may be stuck too.
+ final Throwable stackTrace = new RuntimeException(message);
+ new Thread(() -> Slog.wtf(TAG, stackTrace)).start();
+ return;
+ }
+ Slog.w(TAG, message, new Throwable());
+ }
+
/**
* Report the given lock with a well-known label.
*/
@@ -165,19 +188,33 @@
* Report the given lock with a well-known index.
*/
public static Object installLock(Object lock, int index) {
+ return installLock(lock, index, /*doWtf=*/ false);
+ }
+
+ /**
+ * Report the given lock with a well-known index.
+ */
+ public static Object installLock(Object lock, int index, boolean doWtf) {
sKnownFixed[index] = lock;
+ final LockInfo info = findOrCreateLockInfo(lock);
+ info.doWtf = doWtf;
+ info.label = "Lock-" + lockToString(index);
return lock;
}
public static Object installNewLock(int index) {
+ return installNewLock(index, /*doWtf=*/ false);
+ }
+
+ public static Object installNewLock(int index, boolean doWtf) {
final Object lock = new Object();
- installLock(lock, index);
+ installLock(lock, index, doWtf);
return lock;
}
private static String lockToString(Object lock) {
final LockInfo info = sKnown.get(lock);
- if (info != null) {
+ if (info != null && !TextUtils.isEmpty(info.label)) {
return info.label;
} else {
return "0x" + Integer.toHexString(System.identityHashCode(lock));
@@ -193,6 +230,7 @@
case INDEX_STORAGE: return "STORAGE";
case INDEX_WINDOW: return "WINDOW";
case INDEX_ACTIVITY: return "ACTIVITY";
+ case INDEX_DPMS: return "DPMS";
default: return Integer.toString(index);
}
}
diff --git a/services/core/java/com/android/server/ThreadPriorityBooster.java b/services/core/java/com/android/server/ThreadPriorityBooster.java
index cc9ac0d..53e8ce4 100644
--- a/services/core/java/com/android/server/ThreadPriorityBooster.java
+++ b/services/core/java/com/android/server/ThreadPriorityBooster.java
@@ -25,6 +25,8 @@
*/
public class ThreadPriorityBooster {
+ private static final boolean ENABLE_LOCK_GUARD = false;
+
private volatile int mBoostToPriority;
private final int mLockGuardIndex;
@@ -50,7 +52,7 @@
}
}
state.regionCounter++;
- if (LockGuard.ENABLED) {
+ if (ENABLE_LOCK_GUARD) {
LockGuard.guard(mLockGuardIndex);
}
}
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 90e8a9c..36dc121 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -108,7 +108,6 @@
import android.app.admin.SecurityLog.SecurityEvent;
import android.app.admin.SystemUpdateInfo;
import android.app.admin.SystemUpdatePolicy;
-import android.app.backup.BackupManager;
import android.app.backup.IBackupManager;
import android.app.backup.ISelectBackupTransportCallback;
import android.app.trust.TrustManager;
@@ -220,6 +219,8 @@
import com.android.internal.util.XmlUtils;
import com.android.internal.widget.LockPatternUtils;
import com.android.server.LocalServices;
+import com.android.server.LockGuard;
+import com.android.server.StatLogger;
import com.android.server.SystemServerInitThreadPool;
import com.android.server.SystemService;
import com.android.server.devicepolicy.DevicePolicyManagerService.ActiveAdmin.TrustAgentInfo;
@@ -462,21 +463,60 @@
* Whether or not device admin feature is supported. If it isn't return defaults for all
* public methods.
*/
- boolean mHasFeature;
+ final boolean mHasFeature;
/**
* Whether or not this device is a watch.
*/
- boolean mIsWatch;
+ final boolean mIsWatch;
private final CertificateMonitor mCertificateMonitor;
private final SecurityLogMonitor mSecurityLogMonitor;
+
+ @GuardedBy("getLockObject()")
private NetworkLogger mNetworkLogger;
private final AtomicBoolean mRemoteBugreportServiceIsActive = new AtomicBoolean();
private final AtomicBoolean mRemoteBugreportSharingAccepted = new AtomicBoolean();
- private SetupContentObserver mSetupContentObserver;
+ private final SetupContentObserver mSetupContentObserver;
+
+ private static boolean ENABLE_LOCK_GUARD = Build.IS_ENG
+ || (SystemProperties.getInt("debug.dpm.lock_guard", 0) == 1);
+
+ interface Stats {
+ int LOCK_GUARD_GUARD = 0;
+
+ int COUNT = LOCK_GUARD_GUARD + 1;
+ }
+
+ private final StatLogger mStatLogger = new StatLogger(new String[] {
+ "LockGuard.guard()",
+ });
+
+ private final Object mLockDoNoUseDirectly = LockGuard.installNewLock(
+ LockGuard.INDEX_DPMS, /* doWtf=*/ true);
+
+ final Object getLockObject() {
+ if (ENABLE_LOCK_GUARD) {
+ final long start = mStatLogger.getTime();
+ LockGuard.guard(LockGuard.INDEX_DPMS);
+ mStatLogger.logDurationStat(Stats.LOCK_GUARD_GUARD, start);
+ }
+ return mLockDoNoUseDirectly;
+ }
+
+ /**
+ * Check if the current thread holds the DPMS lock, and if not, do a WTF.
+ *
+ * (Doing this check too much may be costly, so don't call it in a hot path.)
+ */
+ final void ensureLocked() {
+ if (Thread.holdsLock(mLockDoNoUseDirectly)) {
+ return;
+ }
+ Slog.wtfStack(LOG_TAG, "Not holding DPMS lock.");
+ }
@VisibleForTesting
final TransferOwnershipMetadataManager mTransferOwnershipMetadataManager;
@@ -627,8 +667,10 @@
}
}
+ @GuardedBy("getLockObject()")
final SparseArray<DevicePolicyData> mUserData = new SparseArray<>();
- @GuardedBy("DevicePolicyManagerService.this")
+
+ @GuardedBy("getLockObject()")
final SparseArray<PasswordMetrics> mUserPasswordMetrics = new SparseArray<>();
final Handler mHandler;
@@ -649,7 +691,7 @@
*/
if (Intent.ACTION_USER_STARTED.equals(action)
&& userHandle == mOwners.getDeviceOwnerUserId()) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
if (isNetworkLoggingEnabledInternalLocked()) {
setNetworkLoggingActiveInternal(true);
}
@@ -684,14 +726,14 @@
if (Intent.ACTION_USER_ADDED.equals(action)) {
sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_ADDED, userHandle);
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
// It might take a while for the user to become affiliated. Make security
// and network logging unavailable in the meantime.
maybePauseDeviceWideLoggingLocked();
}
} else if (Intent.ACTION_USER_REMOVED.equals(action)) {
sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_REMOVED, userHandle);
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
// Check whether the user is affiliated, *before* removing its data.
boolean isRemovedUserAffiliated = isUserAffiliatedWithDeviceLocked(userHandle);
removeUserData(userHandle);
@@ -705,7 +747,7 @@
}
} else if (Intent.ACTION_USER_STARTED.equals(action)) {
sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_STARTED, userHandle);
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
maybeSendAdminEnabledBroadcastLocked(userHandle);
// Reset the policy data
mUserData.remove(userHandle);
@@ -716,7 +758,7 @@
} else if (Intent.ACTION_USER_SWITCHED.equals(action)) {
sendDeviceOwnerUserCommand(DeviceAdminReceiver.ACTION_USER_SWITCHED, userHandle);
} else if (Intent.ACTION_USER_UNLOCKED.equals(action)) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
maybeSendAdminEnabledBroadcastLocked(userHandle);
}
} else if (Intent.ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE.equals(action)) {
@@ -741,7 +783,7 @@
}
private void sendDeviceOwnerUserCommand(String action, int userHandle) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
if (deviceOwner != null) {
Bundle extras = new Bundle();
@@ -1662,7 +1704,7 @@
+ " for user " + userHandle);
}
DevicePolicyData policy = getUserData(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
for (int i = policy.mAdminList.size() - 1; i >= 0; i--) {
ActiveAdmin aa = policy.mAdminList.get(i);
try {
@@ -2091,6 +2133,7 @@
if (!mHasFeature) {
// Skip the rest of the initialization
+ mSetupContentObserver = null;
return;
}
@@ -2132,7 +2175,7 @@
*/
@NonNull
DevicePolicyData getUserData(int userHandle) {
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = mUserData.get(userHandle);
if (policy == null) {
policy = new DevicePolicyData(userHandle);
@@ -2173,7 +2216,7 @@
}
void removeUserData(int userHandle) {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (userHandle == UserHandle.USER_SYSTEM) {
Slog.w(LOG_TAG, "Tried to remove device policy file for user 0! Ignoring.");
return;
@@ -2199,7 +2242,7 @@
}
void loadOwners() {
- synchronized (this) {
+ synchronized (getLockObject()) {
mOwners.load();
setDeviceOwnerSystemPropertyLocked();
findOwnerComponentIfNecessaryLocked();
@@ -2223,7 +2266,7 @@
/** Apply default restrictions that haven't been applied to profile owners yet. */
private void maybeSetDefaultProfileOwnerUserRestrictions() {
- synchronized (this) {
+ synchronized (getLockObject()) {
for (final int userId : mOwners.getProfileOwnerKeys()) {
final ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
// The following restrictions used to be applied to managed profiles by different
@@ -2513,6 +2556,7 @@
}
ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle) {
+ ensureLocked();
ActiveAdmin admin = getUserData(userHandle).mAdminMap.get(who);
if (admin != null
&& who.getPackageName().equals(admin.info.getActivityInfo().packageName)
@@ -2523,6 +2567,7 @@
}
ActiveAdmin getActiveAdminUncheckedLocked(ComponentName who, int userHandle, boolean parent) {
+ ensureLocked();
if (parent) {
enforceManagedProfile(userHandle, "call APIs on the parent profile");
}
@@ -2535,6 +2580,7 @@
ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy)
throws SecurityException {
+ ensureLocked();
final int callingUid = mInjector.binderGetCallingUid();
ActiveAdmin result = getActiveAdminWithPolicyForUidLocked(who, reqPolicy, callingUid);
@@ -2565,6 +2611,7 @@
ActiveAdmin getActiveAdminForCallerLocked(ComponentName who, int reqPolicy, boolean parent)
throws SecurityException {
+ ensureLocked();
if (parent) {
enforceManagedProfile(mInjector.userHandleGetCallingUserId(),
"call APIs on the parent profile");
@@ -2577,6 +2624,7 @@
* the admin's uid matches the uid.
*/
private ActiveAdmin getActiveAdminForUidLocked(ComponentName who, int uid) {
+ ensureLocked();
final int userId = UserHandle.getUserId(uid);
final DevicePolicyData policy = getUserData(userId);
ActiveAdmin admin = policy.mAdminMap.get(who);
@@ -2591,6 +2639,7 @@
private ActiveAdmin getActiveAdminWithPolicyForUidLocked(ComponentName who, int reqPolicy,
int uid) {
+ ensureLocked();
// Try to find an admin which can use reqPolicy
final int userId = UserHandle.getUserId(uid);
final DevicePolicyData policy = getUserData(userId);
@@ -2620,6 +2669,7 @@
@VisibleForTesting
boolean isActiveAdminWithPolicyForUserLocked(ActiveAdmin admin, int reqPolicy,
int userId) {
+ ensureLocked();
final boolean ownsDevice = isDeviceOwner(admin.info.getComponent(), userId);
final boolean ownsProfile = isProfileOwner(admin.info.getComponent(), userId);
@@ -3319,14 +3369,14 @@
updateUserSetupCompleteAndPaired();
List<String> packageList;
- synchronized (this) {
+ synchronized (getLockObject()) {
packageList = getKeepUninstalledPackagesLocked();
}
if (packageList != null) {
mInjector.getPackageManagerInternal().setKeepUninstalledPackages(packageList);
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
if (deviceOwner != null) {
// Push the force-ephemeral-users policy to the user manager.
@@ -3379,7 +3429,7 @@
private void ensureDeviceOwnerUserStarted() {
final int userId;
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!mOwners.hasDeviceOwner()) {
return;
}
@@ -3436,7 +3486,7 @@
// before reboot
Set<Integer> usersWithProfileOwners;
Set<Integer> usersWithData;
- synchronized(this) {
+ synchronized (getLockObject()) {
usersWithProfileOwners = mOwners.getProfileOwnerKeys();
usersWithData = new ArraySet<>();
for (int i = 0; i < mUserData.size(); i++) {
@@ -3460,7 +3510,7 @@
final Bundle adminExtras = new Bundle();
adminExtras.putParcelable(Intent.EXTRA_USER, UserHandle.of(userHandle));
- synchronized (this) {
+ synchronized (getLockObject()) {
final long now = System.currentTimeMillis();
List<ActiveAdmin> admins = getActiveAdminsForLockscreenPoliciesLocked(
@@ -3496,7 +3546,7 @@
}
enforceManageUsers();
- synchronized (this) {
+ synchronized (getLockObject()) {
final DevicePolicyData policy = getUserData(userHandle.getIdentifier());
boolean changed = false;
@@ -3515,7 +3565,7 @@
if (!mHasFeature) {
return Collections.<String> emptySet();
}
- synchronized (this) {
+ synchronized (getLockObject()) {
final DevicePolicyData policy = getUserData(userHandle.getIdentifier());
return policy.mAcceptedCaCertificates;
}
@@ -3542,7 +3592,7 @@
DevicePolicyData policy = getUserData(userHandle);
DeviceAdminInfo info = findAdmin(adminReceiver, userHandle,
/* throwForMissingPermission= */ true);
- synchronized (this) {
+ synchronized (getLockObject()) {
checkActiveAdminPrecondition(adminReceiver, info, policy);
long ident = mInjector.binderClearCallingIdentity();
try {
@@ -3592,7 +3642,7 @@
}
private void pushActiveAdminPackages() {
- synchronized (this) {
+ synchronized (getLockObject()) {
final List<UserInfo> users = mUserManager.getUsers();
for (int i = users.size() - 1; i >= 0; --i) {
final int userId = users.get(i).id;
@@ -3603,7 +3653,7 @@
}
private void pushAllMeteredRestrictedPackages() {
- synchronized (this) {
+ synchronized (getLockObject()) {
final List<UserInfo> users = mUserManager.getUsers();
for (int i = users.size() - 1; i >= 0; --i) {
final int userId = users.get(i).id;
@@ -3681,7 +3731,7 @@
return false;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
return getActiveAdminUncheckedLocked(adminReceiver, userHandle) != null;
}
}
@@ -3692,7 +3742,7 @@
return false;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policyData = getUserData(userHandle);
return policyData.mRemovingAdmins.contains(adminReceiver);
}
@@ -3704,7 +3754,7 @@
return false;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin administrator = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
if (administrator == null) {
throw new SecurityException("No active admin " + adminReceiver);
@@ -3721,7 +3771,7 @@
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
if (N <= 0) {
@@ -3741,7 +3791,7 @@
return false;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(userHandle);
final int N = policy.mAdminList.size();
for (int i=0; i<N; i++) {
@@ -3762,7 +3812,7 @@
enforceShell("forceRemoveActiveAdmin");
long ident = mInjector.binderClearCallingIdentity();
try {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!isAdminTestOnlyLocked(adminReceiver, userHandle)) {
throw new SecurityException("Attempt to remove non-test admin "
+ adminReceiver + " " + userHandle);
@@ -3842,7 +3892,7 @@
}
enforceFullCrossUsersPermission(userHandle);
enforceUserUnlocked(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
if (admin == null) {
return;
@@ -3884,7 +3934,7 @@
validateQualityConstant(quality);
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
final PasswordMetrics metrics = ap.minimumPasswordMetrics;
@@ -3903,7 +3953,6 @@
* be the correct one upon boot.
* This should be called whenever the password or the admin policies have changed.
*/
- @GuardedBy("DevicePolicyManagerService.this")
private void updatePasswordValidityCheckpointLocked(int userHandle, boolean parent) {
final int credentialOwner = getCredentialOwner(userHandle, parent);
DevicePolicyData policy = getUserData(credentialOwner);
@@ -3926,7 +3975,7 @@
return PASSWORD_QUALITY_UNSPECIFIED;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
int mode = PASSWORD_QUALITY_UNSPECIFIED;
if (who != null) {
@@ -3998,7 +4047,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
final PasswordMetrics metrics = ap.minimumPasswordMetrics;
@@ -4023,7 +4072,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
if (ap.passwordHistoryLength != length) {
@@ -4052,7 +4101,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
Preconditions.checkArgumentNonnegative(timeout, "Timeout must be >= 0 ms");
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_EXPIRE_PASSWORD, parent);
// Calling this API automatically bumps the expiration date
@@ -4086,7 +4135,7 @@
return 0L;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
long timeout = 0L;
if (who != null) {
@@ -4114,7 +4163,7 @@
final int userId = UserHandle.getCallingUserId();
List<String> changedProviders = null;
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (activeAdmin.crossProfileWidgetProviders == null) {
@@ -4141,7 +4190,7 @@
final int userId = UserHandle.getCallingUserId();
List<String> changedProviders = null;
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (activeAdmin.crossProfileWidgetProviders == null
@@ -4165,7 +4214,7 @@
@Override
public List<String> getCrossProfileWidgetProviders(ComponentName admin) {
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(admin,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (activeAdmin.crossProfileWidgetProviders == null
@@ -4211,7 +4260,7 @@
return 0L;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
return getPasswordExpirationLocked(who, userHandle, parent);
}
}
@@ -4223,7 +4272,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
final PasswordMetrics metrics = ap.minimumPasswordMetrics;
@@ -4245,7 +4294,7 @@
public void setPasswordMinimumLowerCase(ComponentName who, int length, boolean parent) {
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
final PasswordMetrics metrics = ap.minimumPasswordMetrics;
@@ -4270,7 +4319,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
final PasswordMetrics metrics = ap.minimumPasswordMetrics;
@@ -4295,7 +4344,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
final PasswordMetrics metrics = ap.minimumPasswordMetrics;
@@ -4320,7 +4369,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
final PasswordMetrics metrics = ap.minimumPasswordMetrics;
@@ -4345,7 +4394,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
final PasswordMetrics metrics = ap.minimumPasswordMetrics;
@@ -4372,7 +4421,7 @@
return 0;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
if (who != null) {
final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
return admin != null ? getter.apply(admin) : 0;
@@ -4404,7 +4453,7 @@
enforceFullCrossUsersPermission(userHandle);
enforceUserUnlocked(userHandle, parent);
- synchronized (this) {
+ synchronized (getLockObject()) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_LIMIT_PASSWORD, parent);
@@ -4435,7 +4484,7 @@
enforceFullCrossUsersPermission(userHandle);
enforceManagedProfile(userHandle, "call APIs refering to the parent profile");
- synchronized (this) {
+ synchronized (getLockObject()) {
final int targetUser = getProfileParentId(userHandle);
enforceUserUnlocked(targetUser, false);
int credentialOwner = getCredentialOwner(userHandle, false);
@@ -4502,7 +4551,7 @@
@Override
public int getCurrentFailedPasswordAttempts(int userHandle, boolean parent) {
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!isCallerWithSystemUid()) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
@@ -4523,7 +4572,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
getActiveAdminForCallerLocked(
@@ -4548,7 +4597,7 @@
return 0;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = (who != null)
? getActiveAdminUncheckedLocked(who, userHandle, parent)
: getAdminWithMinimumFailedPasswordsForWipeLocked(userHandle, parent);
@@ -4562,7 +4611,7 @@
return UserHandle.USER_NULL;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getAdminWithMinimumFailedPasswordsForWipeLocked(
userHandle, parent);
return admin != null ? admin.getUserHandle().getIdentifier() : UserHandle.USER_NULL;
@@ -4623,7 +4672,7 @@
/* PO or DO could do an untrusted reset in certain conditions. */
private boolean canUserHaveUntrustedCredentialReset(@UserIdInt int userId) {
- synchronized (this) {
+ synchronized (getLockObject()) {
// An active DO or PO might be able to fo an untrusted credential reset
for (final ActiveAdmin admin : getUserData(userId).mAdminList) {
if (!isActiveAdminWithPolicyForUserLocked(admin,
@@ -4649,7 +4698,7 @@
enforceNotManagedProfile(userHandle, "clear the active password");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
// If caller has PO (or DO) it can change the password, so see if that's the case first.
ActiveAdmin admin = getActiveAdminWithPolicyForUidLocked(
null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, callingUid);
@@ -4719,7 +4768,7 @@
private boolean resetPasswordInternal(String password, long tokenHandle, byte[] token,
int flags, int callingUid, int userHandle) {
int quality;
- synchronized (this) {
+ synchronized (getLockObject()) {
quality = getPasswordQuality(null, userHandle, /* parent */ false);
if (quality == DevicePolicyManager.PASSWORD_QUALITY_MANAGED) {
quality = PASSWORD_QUALITY_UNSPECIFIED;
@@ -4829,7 +4878,7 @@
mLockPatternUtils.requireStrongAuth(STRONG_AUTH_REQUIRED_AFTER_DPM_LOCK_NOW,
UserHandle.USER_ALL);
}
- synchronized (this) {
+ synchronized (getLockObject()) {
int newOwner = requireEntry ? callingUid : -1;
if (policy.mPasswordOwner != newOwner) {
policy.mPasswordOwner = newOwner;
@@ -4852,7 +4901,7 @@
}
private void setDoNotAskCredentialsOnBoot() {
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
if (!policyData.doNotAskCredentialsOnBoot) {
policyData.doNotAskCredentialsOnBoot = true;
@@ -4865,7 +4914,7 @@
public boolean getDoNotAskCredentialsOnBoot() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.QUERY_DO_NOT_ASK_CREDENTIALS_ON_BOOT, null);
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
return policyData.doNotAskCredentialsOnBoot;
}
@@ -4878,7 +4927,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_FORCE_LOCK, parent);
if (ap.maximumTimeToUnlock != timeMs) {
@@ -4952,7 +5001,7 @@
return 0;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
if (who != null) {
final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
return admin != null ? admin.maximumTimeToUnlock : 0;
@@ -4994,7 +5043,7 @@
}
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent);
if (ap.strongAuthUnlockTimeout != timeoutMs) {
@@ -5015,7 +5064,7 @@
return DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS;
}
enforceFullCrossUsersPermission(userId);
- synchronized (this) {
+ synchronized (getLockObject()) {
if (who != null) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId, parent);
return admin != null ? admin.strongAuthUnlockTimeout : 0;
@@ -5053,7 +5102,7 @@
}
final int callingUserId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// This API can only be called by an active device admin,
// so try to retrieve it to check that the caller is one.
final ActiveAdmin admin = getActiveAdminForCallerLocked(
@@ -5122,7 +5171,7 @@
}
private void enforceProfileOrDeviceOwner(ComponentName who) {
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
}
}
@@ -5130,7 +5179,7 @@
@Override
public boolean approveCaCert(String alias, int userId, boolean approval) {
enforceManageUsers();
- synchronized (this) {
+ synchronized (getLockObject()) {
Set<String> certs = getUserData(userId).mAcceptedCaCertificates;
boolean changed = (approval ? certs.add(alias) : certs.remove(alias));
if (!changed) {
@@ -5145,7 +5194,7 @@
@Override
public boolean isCaCertApproved(String alias, int userId) {
enforceManageUsers();
- synchronized (this) {
+ synchronized (getLockObject()) {
return getUserData(userId).mAcceptedCaCertificates.contains(alias);
}
}
@@ -5157,7 +5206,7 @@
isSecure |= mLockPatternUtils.isSecure(getProfileParentId(userInfo.id));
}
if (!isSecure) {
- synchronized (this) {
+ synchronized (getLockObject()) {
getUserData(userInfo.id).mAcceptedCaCertificates.clear();
saveSettingsLocked(userInfo.id);
}
@@ -5188,7 +5237,7 @@
mInjector.binderRestoreCallingIdentity(id);
}
- synchronized (this) {
+ synchronized (getLockObject()) {
getUserData(userHandle.getIdentifier()).mOwnerInstalledCaCerts.add(alias);
saveSettingsLocked(userHandle.getIdentifier());
}
@@ -5210,7 +5259,7 @@
mInjector.binderRestoreCallingIdentity(id);
}
- synchronized (this) {
+ synchronized (getLockObject()) {
if (getUserData(userId).mOwnerInstalledCaCerts.removeAll(Arrays.asList(aliases))) {
saveSettingsLocked(userId);
}
@@ -5295,7 +5344,7 @@
}
} else {
// Caller provided - check it is the device owner.
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
}
@@ -5555,7 +5604,7 @@
// Retrieve the user ID of the calling process.
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure calling process is device/profile owner.
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
// Ensure the delegate is installed (skip this for DELEGATION_CERT_INSTALL in pre-N).
@@ -5616,7 +5665,7 @@
// Retrieve the user ID of the calling process.
final int callingUid = mInjector.binderGetCallingUid();
final int userId = UserHandle.getUserId(callingUid);
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure calling process is device/profile owner.
if (who != null) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -5659,7 +5708,7 @@
// Retrieve the user ID of the calling process.
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure calling process is device/profile owner.
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
final DevicePolicyData policy = getUserData(userId);
@@ -5698,7 +5747,7 @@
// Retrieve the UID and user ID of the calling process.
final int callingUid = mInjector.binderGetCallingUid();
final int userId = UserHandle.getUserId(callingUid);
- synchronized (this) {
+ synchronized (getLockObject()) {
// Retrieve user policy data.
final DevicePolicyData policy = getUserData(userId);
// Retrieve the list of delegation scopes granted to callerPackage.
@@ -5737,7 +5786,7 @@
String scope) {
// If a ComponentName is given ensure it is a device or profile owner according to policy.
if (who != null) {
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, reqPolicy);
}
// If no ComponentName is given ensure calling process has scope delegation.
@@ -5756,7 +5805,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized(this) {
+ synchronized (getLockObject()) {
// Ensure calling process is device/profile owner.
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
final DevicePolicyData policy = getUserData(userId);
@@ -5887,7 +5936,7 @@
enforceFullCrossUsersPermission(mInjector.userHandleGetCallingUserId());
final ActiveAdmin admin;
- synchronized (this) {
+ synchronized (getLockObject()) {
admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA);
}
String internalReason = "DevicePolicyManager.wipeDataWithReason() from "
@@ -5970,7 +6019,7 @@
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(comp, userHandle);
if (admin == null) {
result.sendResult(null);
@@ -6009,7 +6058,7 @@
}
validateQualityConstant(metrics.quality);
- synchronized (this) {
+ synchronized (getLockObject()) {
mUserPasswordMetrics.put(userHandle, metrics);
}
}
@@ -6033,7 +6082,7 @@
long ident = mInjector.binderClearCallingIdentity();
try {
- synchronized (this) {
+ synchronized (getLockObject()) {
policy.mFailedPasswordAttempts = 0;
updatePasswordValidityCheckpointLocked(userId, /* parent */ false);
updatePasswordExpirationsLocked(userId);
@@ -6086,7 +6135,7 @@
ActiveAdmin strictestAdmin = null;
final long ident = mInjector.binderClearCallingIdentity();
try {
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(userHandle);
policy.mFailedPasswordAttempts++;
saveSettingsLocked(userHandle);
@@ -6146,7 +6195,7 @@
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.BIND_DEVICE_ADMIN, null);
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(userHandle);
if (policy.mFailedPasswordAttempts != 0 || policy.mPasswordOwner >= 0) {
long ident = mInjector.binderClearCallingIdentity();
@@ -6221,7 +6270,7 @@
if (!mHasFeature) {
return null;
}
- synchronized(this) {
+ synchronized (getLockObject()) {
Preconditions.checkNotNull(who, "ComponentName is null");
// Only check if system user has set global proxy. We don't allow other users to set it.
@@ -6276,7 +6325,7 @@
return null;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized(this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
// Scan through active admins and find if anyone has already
// set the global proxy.
@@ -6296,7 +6345,7 @@
@Override
public void setRecommendedGlobalProxy(ComponentName who, ProxyInfo proxyInfo) {
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
long token = mInjector.binderClearCallingIdentity();
@@ -6365,7 +6414,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Check for permissions
// Only system user can set storage encryption
if (userHandle != UserHandle.USER_SYSTEM) {
@@ -6416,7 +6465,7 @@
return false;
}
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
// Check for permissions if a particular caller is specified
if (who != null) {
// When checking for a single caller, status is based on caller's request
@@ -6519,7 +6568,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (ap.disableScreenCapture != disabled) {
@@ -6539,7 +6588,7 @@
if (!mHasFeature) {
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
if (who != null) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
return (admin != null) ? admin.disableScreenCapture : false;
@@ -6581,7 +6630,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (admin.requireAutoTime != required) {
@@ -6609,7 +6658,7 @@
if (!mHasFeature) {
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
if (deviceOwner != null && deviceOwner.requireAutoTime) {
// If the device owner enforces auto time, we don't need to check the PO's
@@ -6640,7 +6689,7 @@
"Cannot force ephemeral users on systems without split system user.");
}
boolean removeAllUsers = false;
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin deviceOwner =
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
if (deviceOwner.forceEphemeralUsers != forceEphemeralUsers) {
@@ -6666,7 +6715,7 @@
return false;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin deviceOwner =
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
return deviceOwner.forceEphemeralUsers;
@@ -6674,7 +6723,7 @@
}
private void ensureDeviceOwnerAndAllUsersAffiliated(ComponentName who) throws SecurityException {
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
if (!areAllUsersAffiliatedWithDeviceLocked()) {
throw new SecurityException("Not all users are affiliated.");
@@ -6701,7 +6750,7 @@
}
final long currentTime = System.currentTimeMillis();
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
if (currentTime > policyData.mLastBugReportRequestTime) {
policyData.mLastBugReportRequestTime = currentTime;
@@ -6736,7 +6785,7 @@
void sendDeviceOwnerCommand(String action, Bundle extras) {
int deviceOwnerUserId;
ComponentName deviceOwnerComponent;
- synchronized (this) {
+ synchronized (getLockObject()) {
deviceOwnerUserId = mOwners.getDeviceOwnerUserId();
deviceOwnerComponent = mOwners.getDeviceOwnerComponent();
}
@@ -6765,13 +6814,17 @@
mContext.sendBroadcastAsUser(intent, UserHandle.of(userId));
}
- private synchronized String getDeviceOwnerRemoteBugreportUri() {
- return mOwners.getDeviceOwnerRemoteBugreportUri();
+ private String getDeviceOwnerRemoteBugreportUri() {
+ synchronized (getLockObject()) {
+ return mOwners.getDeviceOwnerRemoteBugreportUri();
+ }
}
- private synchronized void setDeviceOwnerRemoteBugreportUriAndHash(String bugreportUri,
+ private void setDeviceOwnerRemoteBugreportUriAndHash(String bugreportUri,
String bugreportHash) {
- mOwners.setDeviceOwnerRemoteBugreportUriAndHash(bugreportUri, bugreportHash);
+ synchronized (getLockObject()) {
+ mOwners.setDeviceOwnerRemoteBugreportUriAndHash(bugreportUri, bugreportHash);
+ }
}
private void registerRemoteBugreportReceivers() {
@@ -6833,7 +6886,7 @@
mRemoteBugreportSharingAccepted.set(true);
String bugreportUriString = null;
String bugreportHash = null;
- synchronized (this) {
+ synchronized (getLockObject()) {
bugreportUriString = getDeviceOwnerRemoteBugreportUri();
bugreportHash = mOwners.getDeviceOwnerRemoteBugreportHash();
}
@@ -6870,7 +6923,7 @@
Uri bugreportUri = Uri.parse(bugreportUriString);
pfd = mContext.getContentResolver().openFileDescriptor(bugreportUri, "r");
- synchronized (this) {
+ synchronized (getLockObject()) {
Intent intent = new Intent(DeviceAdminReceiver.ACTION_BUGREPORT_SHARE);
intent.setComponent(mOwners.getDeviceOwnerComponent());
intent.setDataAndType(bugreportUri, RemoteBugreportUtils.BUGREPORT_MIMETYPE);
@@ -6911,7 +6964,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_DISABLE_CAMERA);
if (ap.disableCamera != disabled) {
@@ -6937,7 +6990,7 @@
if (!mHasFeature) {
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
if (who != null) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
return (admin != null) ? admin.disableCamera : false;
@@ -6978,7 +7031,7 @@
which = which & PROFILE_KEYGUARD_FEATURES;
}
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent);
if (ap.disabledKeyguardFeatures != which) {
@@ -7005,7 +7058,7 @@
enforceFullCrossUsersPermission(userHandle);
final long ident = mInjector.binderClearCallingIdentity();
try {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (who != null) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent);
return (admin != null) ? admin.disabledKeyguardFeatures : 0;
@@ -7053,7 +7106,7 @@
}
Preconditions.checkNotNull(packageList, "packageList is null");
final int userHandle = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO or a keep uninstalled packages delegate.
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
DELEGATION_KEEP_UNINSTALLED_PACKAGES);
@@ -7074,7 +7127,7 @@
return null;
}
// TODO In split system user mode, allow apps on user 0 to query the list
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO or a keep uninstalled packages delegate.
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
DELEGATION_KEEP_UNINSTALLED_PACKAGES);
@@ -7099,7 +7152,7 @@
}
final boolean hasIncompatibleAccountsOrNonAdb =
hasIncompatibleAccountsOrNonAdbNoLock(userId, admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
enforceCanSetDeviceOwnerLocked(admin, userId, hasIncompatibleAccountsOrNonAdb);
final ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(admin, userId);
if (activeAdmin == null
@@ -7168,7 +7221,7 @@
}
public boolean isDeviceOwner(ComponentName who, int userId) {
- synchronized (this) {
+ synchronized (getLockObject()) {
return mOwners.hasDeviceOwner()
&& mOwners.getDeviceOwnerUserId() == userId
&& mOwners.getDeviceOwnerComponent().equals(who);
@@ -7176,7 +7229,7 @@
}
private boolean isDeviceOwnerPackage(String packageName, int userId) {
- synchronized (this) {
+ synchronized (getLockObject()) {
return mOwners.hasDeviceOwner()
&& mOwners.getDeviceOwnerUserId() == userId
&& mOwners.getDeviceOwnerPackageName().equals(packageName);
@@ -7184,7 +7237,7 @@
}
private boolean isProfileOwnerPackage(String packageName, int userId) {
- synchronized (this) {
+ synchronized (getLockObject()) {
return mOwners.hasProfileOwner(userId)
&& mOwners.getProfileOwnerPackage(userId).equals(packageName);
}
@@ -7203,7 +7256,7 @@
if (!callingUserOnly) {
enforceManageUsers();
}
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!mOwners.hasDeviceOwner()) {
return null;
}
@@ -7221,7 +7274,7 @@
return UserHandle.USER_NULL;
}
enforceManageUsers();
- synchronized (this) {
+ synchronized (getLockObject()) {
return mOwners.hasDeviceOwner() ? mOwners.getDeviceOwnerUserId() : UserHandle.USER_NULL;
}
}
@@ -7236,7 +7289,7 @@
return null;
}
enforceManageUsers();
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!mOwners.hasDeviceOwner()) {
return null;
}
@@ -7250,6 +7303,7 @@
/** Returns the active device owner or {@code null} if there is no device owner. */
@VisibleForTesting
ActiveAdmin getDeviceOwnerAdminLocked() {
+ ensureLocked();
ComponentName component = mOwners.getDeviceOwnerComponent();
if (component == null) {
return null;
@@ -7280,7 +7334,7 @@
} catch (NameNotFoundException e) {
throw new SecurityException(e);
}
- synchronized (this) {
+ synchronized (getLockObject()) {
final ComponentName deviceOwnerComponent = mOwners.getDeviceOwnerComponent();
final int deviceOwnerUserId = mOwners.getDeviceOwnerUserId();
if (!mOwners.hasDeviceOwner()
@@ -7368,7 +7422,7 @@
}
final boolean hasIncompatibleAccountsOrNonAdb =
hasIncompatibleAccountsOrNonAdbNoLock(userHandle, who);
- synchronized (this) {
+ synchronized (getLockObject()) {
enforceCanSetProfileOwnerLocked(who, userHandle, hasIncompatibleAccountsOrNonAdb);
final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
@@ -7414,7 +7468,7 @@
final int userId = mInjector.userHandleGetCallingUserId();
enforceNotManagedProfile(userId, "clear profile owner");
enforceUserUnlocked(userId);
- synchronized (this) {
+ synchronized (getLockObject()) {
// Check if this is the profile owner who is calling
final ActiveAdmin admin =
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -7457,7 +7511,7 @@
return;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
long token = mInjector.binderClearCallingIdentity();
try {
@@ -7546,7 +7600,7 @@
+ "device or profile owner is set.");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
boolean transitionCheckNeeded = true;
// Calling identity/permission checks.
@@ -7616,7 +7670,7 @@
return;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
// Check if this is the profile owner who is calling
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
final int userId = UserHandle.getCallingUserId();
@@ -7664,7 +7718,7 @@
return null;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
return mOwners.getProfileOwnerComponent(userHandle);
}
}
@@ -7881,7 +7935,7 @@
}
private void enforceDeviceOwnerOrManageUsers() {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (getActiveAdminWithPolicyForUidLocked(null, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
mInjector.binderGetCallingUid()) != null) {
return;
@@ -7891,7 +7945,7 @@
}
private void enforceProfileOwnerOrSystemUser() {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (getActiveAdminWithPolicyForUidLocked(null,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid())
!= null) {
@@ -7904,7 +7958,7 @@
private void enforceProfileOwnerOrFullCrossUsersPermission(int userId) {
if (userId == mInjector.userHandleGetCallingUserId()) {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (getActiveAdminWithPolicyForUidLocked(null,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, mInjector.binderGetCallingUid())
!= null) {
@@ -8017,7 +8071,7 @@
protected void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
if (!DumpUtils.checkDumpPermission(mContext, LOG_TAG, pw)) return;
- synchronized (this) {
+ synchronized (getLockObject()) {
pw.println("Current Device Policy Manager state:");
mOwners.dump(" ", pw);
@@ -8048,6 +8102,8 @@
pw.println();
mConstants.dump(" ", pw);
pw.println();
+ mStatLogger.dump(pw, " ");
+ pw.println();
pw.println(" Encryption Status: " + getEncryptionStatusName(getEncryptionStatus()));
}
}
@@ -8076,7 +8132,7 @@
ComponentName activity) {
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
long id = mInjector.binderClearCallingIdentity();
@@ -8095,7 +8151,7 @@
public void clearPackagePersistentPreferredActivities(ComponentName who, String packageName) {
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
long id = mInjector.binderClearCallingIdentity();
@@ -8113,7 +8169,7 @@
@Override
public void setDefaultSmsApplication(ComponentName admin, String packageName) {
Preconditions.checkNotNull(admin, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
mInjector.binderWithCleanCallingIdentity(() ->
@@ -8167,7 +8223,7 @@
Preconditions.checkNotNull(admin, "admin is null");
Preconditions.checkNotNull(agent, "agent is null");
final int userHandle = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(admin,
DeviceAdminInfo.USES_POLICY_DISABLE_KEYGUARD_FEATURES, parent);
ap.trustAgentInfos.put(agent.flattenToString(), new TrustAgentInfo(args));
@@ -8184,7 +8240,7 @@
Preconditions.checkNotNull(agent, "agent null");
enforceFullCrossUsersPermission(userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
final String componentName = agent.flattenToString();
if (admin != null) {
final ActiveAdmin ap = getActiveAdminUncheckedLocked(admin, userHandle, parent);
@@ -8234,7 +8290,7 @@
@Override
public void setRestrictionsProvider(ComponentName who, ComponentName permissionProvider) {
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
int userHandle = UserHandle.getCallingUserId();
@@ -8246,7 +8302,7 @@
@Override
public ComponentName getRestrictionsProvider(int userHandle) {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!isCallerWithSystemUid()) {
throw new SecurityException("Only the system can query the permission provider");
}
@@ -8259,7 +8315,7 @@
public void addCrossProfileIntentFilter(ComponentName who, IntentFilter filter, int flags) {
Preconditions.checkNotNull(who, "ComponentName is null");
int callingUserId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
long id = mInjector.binderClearCallingIdentity();
@@ -8290,7 +8346,7 @@
public void clearCrossProfileIntentFilters(ComponentName who) {
Preconditions.checkNotNull(who, "ComponentName is null");
int callingUserId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
long id = mInjector.binderClearCallingIdentity();
try {
@@ -8397,7 +8453,7 @@
}
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
admin.permittedAccessiblityServices = packageList;
@@ -8413,7 +8469,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.permittedAccessiblityServices;
@@ -8425,7 +8481,7 @@
if (!mHasFeature) {
return null;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
List<String> result = null;
// If we have multiple profiles we return the intersection of the
// permitted lists. This can happen in cases where we have a device
@@ -8492,7 +8548,7 @@
throw new SecurityException(
"Only the system can query if an accessibility service is disabled by admin");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
if (admin == null) {
return false;
@@ -8570,7 +8626,7 @@
}
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
admin.permittedInputMethods = packageList;
@@ -8586,7 +8642,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.permittedInputMethods;
@@ -8606,7 +8662,7 @@
}
int userId = currentUser.id;
- synchronized (this) {
+ synchronized (getLockObject()) {
List<String> result = null;
// If we have multiple profiles we return the intersection of the
// permitted lists. This can happen in cases where we have a device
@@ -8666,7 +8722,7 @@
throw new SecurityException(
"Only the system can query if an input method is disabled by admin");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
if (admin == null) {
return false;
@@ -8692,7 +8748,7 @@
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
admin.permittedNotificationListeners = packageList;
@@ -8708,7 +8764,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(
who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.permittedNotificationListeners;
@@ -8726,7 +8782,7 @@
throw new SecurityException(
"Only the system can query if a notification listener service is permitted");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userId);
if (profileOwner == null || profileOwner.permittedNotificationListeners == null) {
return true;
@@ -8782,7 +8838,7 @@
// Create user.
UserHandle user = null;
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
final int callingUid = mInjector.binderGetCallingUid();
@@ -8871,7 +8927,7 @@
final String ownerName = getProfileOwnerName(Process.myUserHandle().getIdentifier());
setProfileOwner(profileOwner, ownerName, userHandle);
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policyData = getUserData(userHandle);
policyData.mInitBundle = adminExtras;
policyData.mAdminBroadcastPending = true;
@@ -8902,7 +8958,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
Preconditions.checkNotNull(userHandle, "UserHandle is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -8941,7 +8997,7 @@
public boolean switchUser(ComponentName who, UserHandle userHandle) {
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
long id = mInjector.binderClearCallingIdentity();
@@ -8965,7 +9021,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
Preconditions.checkNotNull(userHandle, "UserHandle is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -9000,7 +9056,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
Preconditions.checkNotNull(userHandle, "UserHandle is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -9018,7 +9074,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
final int callingUserId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (!isUserAffiliatedWithDeviceLocked(callingUserId)) {
throw new SecurityException("Admin " + who +
@@ -9070,7 +9126,7 @@
@Override
public List<UserHandle> getSecondaryUsers(ComponentName who) {
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -9094,7 +9150,7 @@
@Override
public boolean isEphemeralUser(ComponentName who) {
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
}
@@ -9129,7 +9185,7 @@
public String[] setPackagesSuspended(ComponentName who, String callerPackage,
String[] packageNames, boolean suspended) {
int callingUserId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or a package access delegate.
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_PACKAGE_ACCESS);
@@ -9151,7 +9207,7 @@
@Override
public boolean isPackageSuspended(ComponentName who, String callerPackage, String packageName) {
int callingUserId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or a package access delegate.
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_PACKAGE_ACCESS);
@@ -9177,7 +9233,7 @@
}
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin activeAdmin =
getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -9216,7 +9272,7 @@
}
private void pushUserRestrictions(int userId) {
- synchronized (this) {
+ synchronized (getLockObject()) {
final boolean isDeviceOwner = mOwners.isDeviceOwnerUserId(userId);
final Bundle userRestrictions;
// Whether device owner enforces camera restriction.
@@ -9263,7 +9319,7 @@
return null;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return activeAdmin.userRestrictions;
@@ -9274,7 +9330,7 @@
public boolean setApplicationHidden(ComponentName who, String callerPackage, String packageName,
boolean hidden) {
int callingUserId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or a package access delegate.
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_PACKAGE_ACCESS);
@@ -9297,7 +9353,7 @@
public boolean isApplicationHidden(ComponentName who, String callerPackage,
String packageName) {
int callingUserId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or a package access delegate.
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_PACKAGE_ACCESS);
@@ -9318,7 +9374,7 @@
@Override
public void enableSystemApp(ComponentName who, String callerPackage, String packageName) {
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or an enable system app delegate.
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_ENABLE_SYSTEM_APP);
@@ -9359,7 +9415,7 @@
@Override
public int enableSystemAppWithIntent(ComponentName who, String callerPackage, Intent intent) {
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or an enable system app delegate.
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_ENABLE_SYSTEM_APP);
@@ -9421,7 +9477,7 @@
@Override
public boolean installExistingPackage(ComponentName who, String callerPackage,
String packageName) {
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a PO or an install existing package delegate
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_INSTALL_EXISTING_PACKAGE);
@@ -9458,7 +9514,7 @@
return;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin ap = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (disabled) {
@@ -9481,7 +9537,7 @@
if (!mHasFeature) {
return null;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(userId);
final int N = policy.mAdminList.size();
ArraySet<String> resultSet = new ArraySet<>();
@@ -9497,7 +9553,7 @@
public void setUninstallBlocked(ComponentName who, String callerPackage, String packageName,
boolean uninstallBlocked) {
final int userId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or a block uninstall delegate
enforceCanManageScope(who, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_BLOCK_UNINSTALL);
@@ -9521,7 +9577,7 @@
// when the package is a system app, or when it is an active device admin.
final int userId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
if (who != null) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
}
@@ -9545,7 +9601,7 @@
return;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (admin.disableCallerId != disabled) {
@@ -9561,7 +9617,7 @@
return false;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.disableCallerId;
@@ -9571,7 +9627,7 @@
@Override
public boolean getCrossProfileCallerIdDisabledForUser(int userId) {
enforceCrossUsersPermission(userId);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
return (admin != null) ? admin.disableCallerId : false;
}
@@ -9583,7 +9639,7 @@
return;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (admin.disableContactsSearch != disabled) {
@@ -9599,7 +9655,7 @@
return false;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.disableContactsSearch;
@@ -9609,7 +9665,7 @@
@Override
public boolean getCrossProfileContactsSearchDisabledForUser(int userId) {
enforceCrossUsersPermission(userId);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
return (admin != null) ? admin.disableContactsSearch : false;
}
@@ -9624,7 +9680,7 @@
final long ident = mInjector.binderClearCallingIdentity();
try {
- synchronized (this) {
+ synchronized (getLockObject()) {
final int managedUserId = getManagedUserId(callingUserId);
if (managedUserId < 0) {
return;
@@ -9682,7 +9738,7 @@
return;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (admin.disableBluetoothContactSharing != disabled) {
@@ -9698,7 +9754,7 @@
return false;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.disableBluetoothContactSharing;
@@ -9710,7 +9766,7 @@
// TODO: Should there be a check to make sure this relationship is
// within a profile group?
// enforceSystemProcess("getCrossProfileCallerIdDisabled can only be called by system");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
return (admin != null) ? admin.disableBluetoothContactSharing : false;
}
@@ -9722,7 +9778,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
Preconditions.checkNotNull(packages, "packages is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
enforceCanCallLockTaskLocked(who);
final int userHandle = mInjector.userHandleGetCallingUserId();
setLockTaskPackagesLocked(userHandle, new ArrayList<>(Arrays.asList(packages)));
@@ -9743,7 +9799,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = mInjector.binderGetCallingUserHandle().getIdentifier();
- synchronized (this) {
+ synchronized (getLockObject()) {
enforceCanCallLockTaskLocked(who);
final List<String> packages = getUserData(userHandle).mLockTaskPackages;
return packages.toArray(new String[packages.size()]);
@@ -9753,7 +9809,7 @@
@Override
public boolean isLockTaskPermitted(String pkg) {
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
return getUserData(userHandle).mLockTaskPackages.contains(pkg);
}
}
@@ -9772,7 +9828,7 @@
"Cannot use LOCK_TASK_FEATURE_NOTIFICATIONS without LOCK_TASK_FEATURE_HOME");
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
enforceCanCallLockTaskLocked(who);
setLockTaskFeaturesLocked(userHandle, flags);
}
@@ -9789,7 +9845,7 @@
public int getLockTaskFeatures(ComponentName who) {
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
enforceCanCallLockTaskLocked(who);
return getUserData(userHandle).mLockTaskFeatures;
}
@@ -9828,7 +9884,7 @@
if (!isCallerWithSystemUid()) {
throw new SecurityException("notifyLockTaskModeChanged can only be called by system");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
final DevicePolicyData policy = getUserData(userHandle);
if (policy.mStatusBarDisabled) {
@@ -9858,7 +9914,7 @@
public void setGlobalSetting(ComponentName who, String setting, String value) {
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
// Some settings are no supported any more. However we do not want to throw a
@@ -9897,7 +9953,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
Preconditions.checkStringNotEmpty(setting, "String setting is null or empty");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (!SYSTEM_SETTINGS_WHITELIST.contains(setting)) {
@@ -9942,7 +9998,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
int callingUserId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (isDeviceOwner(who, callingUserId)) {
@@ -10002,7 +10058,7 @@
@Override
public void setMasterVolumeMuted(ComponentName who, boolean on) {
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
setUserRestriction(who, UserManager.DISALLOW_UNMUTE_DEVICE, on);
}
@@ -10011,7 +10067,7 @@
@Override
public boolean isMasterVolumeMuted(ComponentName who) {
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
AudioManager audioManager =
@@ -10022,7 +10078,7 @@
@Override
public void setUserIcon(ComponentName who, Bitmap icon) {
- synchronized (this) {
+ synchronized (getLockObject()) {
Preconditions.checkNotNull(who, "ComponentName is null");
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -10040,7 +10096,7 @@
public boolean setKeyguardDisabled(ComponentName who, boolean disabled) {
Preconditions.checkNotNull(who, "ComponentName is null");
final int userId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (!isUserAffiliatedWithDeviceLocked(userId)) {
throw new SecurityException("Admin " + who +
@@ -10070,7 +10126,7 @@
@Override
public boolean setStatusBarDisabled(ComponentName who, boolean disabled) {
int userId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (!isUserAffiliatedWithDeviceLocked(userId)) {
throw new SecurityException("Admin " + who +
@@ -10139,7 +10195,7 @@
DevicePolicyData policy = getUserData(userHandle);
if (!policy.mUserSetupComplete) {
policy.mUserSetupComplete = true;
- synchronized (this) {
+ synchronized (getLockObject()) {
saveSettingsLocked(userHandle);
}
}
@@ -10149,7 +10205,7 @@
DevicePolicyData policy = getUserData(userHandle);
if (!policy.mPaired) {
policy.mPaired = true;
- synchronized (this) {
+ synchronized (getLockObject()) {
saveSettingsLocked(userHandle);
}
}
@@ -10166,7 +10222,7 @@
private final Uri mDefaultImeChanged = Settings.Secure.getUriFor(
Settings.Secure.DEFAULT_INPUT_METHOD);
- @GuardedBy("DevicePolicyManagerService.this")
+ @GuardedBy("getLockObject()")
private Set<Integer> mUserIdsWithPendingChangesByOwner = new ArraySet<>();
public SetupContentObserver(Handler handler) {
@@ -10182,7 +10238,7 @@
mInjector.registerContentObserver(mDefaultImeChanged, false, this, UserHandle.USER_ALL);
}
- @GuardedBy("DevicePolicyManagerService.this")
+ @GuardedBy("getLockObject()")
private void addPendingChangeByOwnerLocked(int userId) {
mUserIdsWithPendingChangesByOwner.add(userId);
}
@@ -10192,13 +10248,13 @@
if (mUserSetupComplete.equals(uri) || (mIsWatch && mPaired.equals(uri))) {
updateUserSetupCompleteAndPaired();
} else if (mDeviceProvisioned.equals(uri)) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
// Set PROPERTY_DEVICE_OWNER_PRESENT, for the SUW case where setting the property
// is delayed until device is marked as provisioned.
setDeviceOwnerSystemPropertyLocked();
}
} else if (mDefaultImeChanged.equals(uri)) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
if (mUserIdsWithPendingChangesByOwner.contains(userId)) {
// This change notification was triggered by the owner changing the current
// IME. Ignore it.
@@ -10220,7 +10276,7 @@
@Override
public List<String> getCrossProfileWidgetProviders(int profileId) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
if (mOwners == null) {
return Collections.emptyList();
}
@@ -10244,7 +10300,7 @@
@Override
public void addOnCrossProfileWidgetProvidersChangeListener(
OnCrossProfileWidgetProvidersChangeListener listener) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
if (mWidgetProviderListeners == null) {
mWidgetProviderListeners = new ArrayList<>();
}
@@ -10256,14 +10312,14 @@
@Override
public boolean isActiveAdminWithPolicy(int uid, int reqPolicy) {
- synchronized(DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
return getActiveAdminWithPolicyForUidLocked(null, reqPolicy, uid) != null;
}
}
private void notifyCrossProfileProvidersChanged(int userId, List<String> packages) {
final List<OnCrossProfileWidgetProvidersChangeListener> listeners;
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
listeners = new ArrayList<>(mWidgetProviderListeners);
}
final int listenerCount = listeners.size();
@@ -10352,7 +10408,7 @@
@Override
public void reportSeparateProfileChallengeChanged(@UserIdInt int userId) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
updateMaximumTimeToLockLocked(userId);
}
}
@@ -10364,7 +10420,7 @@
@Override
public CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId) {
- synchronized (DevicePolicyManagerService.this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(userId);
if (!mUserManager.hasUserRestriction(UserManager.DISALLOW_PRINTING,
UserHandle.of(userId))) {
@@ -10426,7 +10482,7 @@
if (DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction) ||
DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction) ||
DevicePolicyManager.POLICY_MANDATORY_BACKUPS.equals(restriction)) {
- synchronized(this) {
+ synchronized (getLockObject()) {
final DevicePolicyData policy = getUserData(userId);
final int N = policy.mAdminList.size();
for (int i = 0; i < N; i++) {
@@ -10485,7 +10541,7 @@
policy.validateAgainstPreviousFreezePeriod(record.first, record.second,
LocalDate.now());
}
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
if (policy == null) {
mOwners.clearSystemUpdatePolicy();
@@ -10502,7 +10558,7 @@
@Override
public SystemUpdatePolicy getSystemUpdatePolicy() {
- synchronized (this) {
+ synchronized (getLockObject()) {
SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy();
if (policy != null && !policy.isValid()) {
Slog.w(LOG_TAG, "Stored system update policy is invalid, return null instead.");
@@ -10535,7 +10591,7 @@
*/
private void updateSystemUpdateFreezePeriodsRecord(boolean saveIfChanged) {
Slog.d(LOG_TAG, "updateSystemUpdateFreezePeriodsRecord");
- synchronized (this) {
+ synchronized (getLockObject()) {
final SystemUpdatePolicy policy = mOwners.getSystemUpdatePolicy();
if (policy == null) {
return;
@@ -10579,7 +10635,7 @@
@Override
public void clearSystemUpdatePolicyFreezePeriodRecord() {
enforceShell("clearSystemUpdatePolicyFreezePeriodRecord");
- synchronized (this) {
+ synchronized (getLockObject()) {
// Print out current record to help diagnosed CTS failures
Slog.i(LOG_TAG, "Clear freeze period record: "
+ mOwners.getSystemUpdateFreezePeriodRecordAsString());
@@ -10597,7 +10653,7 @@
*/
@VisibleForTesting
boolean isCallerDeviceOwner(int callerUid) {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!mOwners.hasDeviceOwner()) {
return false;
}
@@ -10643,7 +10699,7 @@
final long ident = mInjector.binderClearCallingIdentity();
try {
- synchronized (this) {
+ synchronized (getLockObject()) {
// Broadcast to device owner first if there is one.
if (mOwners.hasDeviceOwner()) {
final UserHandle deviceOwnerUser =
@@ -10663,7 +10719,7 @@
}
// Send broadcasts to corresponding profile owners if any.
for (final int userId : runningUserIds) {
- synchronized (this) {
+ synchronized (getLockObject()) {
final ComponentName profileOwnerPackage =
mOwners.getProfileOwnerComponent(userId);
if (profileOwnerPackage != null) {
@@ -10689,7 +10745,7 @@
public void setPermissionPolicy(ComponentName admin, String callerPackage, int policy)
throws RemoteException {
int userId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or a permission grant state delegate.
enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_PERMISSION_GRANT);
@@ -10704,7 +10760,7 @@
@Override
public int getPermissionPolicy(ComponentName admin) throws RemoteException {
int userId = UserHandle.getCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData userPolicy = getUserData(userId);
return userPolicy.mPermissionPolicy;
}
@@ -10714,7 +10770,7 @@
public boolean setPermissionGrantState(ComponentName admin, String callerPackage,
String packageName, String permission, int grantState) throws RemoteException {
UserHandle user = mInjector.binderGetCallingUserHandle();
- synchronized (this) {
+ synchronized (getLockObject()) {
// Ensure the caller is a DO/PO or a permission grant state delegate.
enforceCanManageScope(admin, callerPackage, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER,
DELEGATION_PERMISSION_GRANT);
@@ -10772,7 +10828,7 @@
enforceCanManageScope(admin, callerPackage,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, DELEGATION_PERMISSION_GRANT);
}
- synchronized (this) {
+ synchronized (getLockObject()) {
long ident = mInjector.binderClearCallingIdentity();
try {
int granted = mIPackageManager.checkPermission(permission,
@@ -10910,7 +10966,7 @@
}
private int checkDeviceOwnerProvisioningPreCondition(int deviceOwnerUserId) {
- synchronized (this) {
+ synchronized (getLockObject()) {
// hasIncompatibleAccountsOrNonAdb doesn't matter since the caller is not adb.
return checkDeviceOwnerProvisioningPreConditionLocked(/* owner unknown */ null,
deviceOwnerUserId, /* isAdb= */ false,
@@ -10977,7 +11033,7 @@
* Return device owner or profile owner set on a given user.
*/
private @Nullable ComponentName getOwnerComponent(int userId) {
- synchronized (this) {
+ synchronized (getLockObject()) {
if (mOwners.getDeviceOwnerUserId() == userId) {
return mOwners.getDeviceOwnerComponent();
}
@@ -11028,7 +11084,7 @@
@Override
public String getWifiMacAddress(ComponentName admin) {
// Make sure caller has DO.
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -11068,7 +11124,7 @@
@Override
public boolean isSystemOnlyUser(ComponentName admin) {
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
final int callingUserId = mInjector.userHandleGetCallingUserId();
@@ -11079,7 +11135,7 @@
public void reboot(ComponentName admin) {
Preconditions.checkNotNull(admin);
// Make sure caller has DO.
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
long ident = mInjector.binderClearCallingIdentity();
@@ -11101,7 +11157,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForUidLocked(who,
mInjector.binderGetCallingUid());
if (!TextUtils.equals(admin.shortSupportMessage, message)) {
@@ -11117,7 +11173,7 @@
return null;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForUidLocked(who,
mInjector.binderGetCallingUid());
return admin.shortSupportMessage;
@@ -11131,7 +11187,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForUidLocked(who,
mInjector.binderGetCallingUid());
if (!TextUtils.equals(admin.longSupportMessage, message)) {
@@ -11147,7 +11203,7 @@
return null;
}
Preconditions.checkNotNull(who, "ComponentName is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForUidLocked(who,
mInjector.binderGetCallingUid());
return admin.longSupportMessage;
@@ -11163,7 +11219,7 @@
if (!isCallerWithSystemUid()) {
throw new SecurityException("Only the system can query support message for user");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
if (admin != null) {
return admin.shortSupportMessage;
@@ -11181,7 +11237,7 @@
if (!isCallerWithSystemUid()) {
throw new SecurityException("Only the system can query support message for user");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle);
if (admin != null) {
return admin.longSupportMessage;
@@ -11198,7 +11254,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = mInjector.userHandleGetCallingUserId();
enforceManagedProfile(userHandle, "set organization color");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
admin.organizationColor = color;
@@ -11214,7 +11270,7 @@
enforceFullCrossUsersPermission(userId);
enforceManageUsers();
enforceManagedProfile(userId, "set organization color");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getProfileOwnerAdminLocked(userId);
admin.organizationColor = color;
saveSettingsLocked(userId);
@@ -11228,7 +11284,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization color");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.organizationColor;
@@ -11242,7 +11298,7 @@
}
enforceFullCrossUsersPermission(userHandle);
enforceManagedProfile(userHandle, "get organization color");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle);
return (profileOwner != null)
? profileOwner.organizationColor
@@ -11258,7 +11314,7 @@
Preconditions.checkNotNull(who, "ComponentName is null");
final int userHandle = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
if (!TextUtils.equals(admin.organizationName, text)) {
@@ -11276,7 +11332,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null");
enforceManagedProfile(mInjector.userHandleGetCallingUserId(), "get organization name");
- synchronized(this) {
+ synchronized (getLockObject()) {
ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.organizationName;
@@ -11289,7 +11345,7 @@
return null;
}
enforceDeviceOwnerOrManageUsers();
- synchronized(this) {
+ synchronized (getLockObject()) {
final ActiveAdmin deviceOwnerAdmin = getDeviceOwnerAdminLocked();
return deviceOwnerAdmin == null ? null : deviceOwnerAdmin.organizationName;
}
@@ -11302,7 +11358,7 @@
}
enforceFullCrossUsersPermission(userHandle);
enforceManagedProfile(userHandle, "get organization name");
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin profileOwner = getProfileOwnerAdminLocked(userHandle);
return (profileOwner != null)
? profileOwner.organizationName
@@ -11318,7 +11374,7 @@
if (!mHasFeature) {
return packageNames;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
final int callingUserId = mInjector.userHandleGetCallingUserId();
@@ -11367,7 +11423,7 @@
if (!mHasFeature) {
return new ArrayList<>();
}
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin admin = getActiveAdminForCallerLocked(who,
DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return admin.meteredDisabledPackages == null
@@ -11387,7 +11443,7 @@
throw new SecurityException(
"Only the system can query restricted pkgs for a specific user");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userId);
if (admin != null && admin.meteredDisabledPackages != null) {
return admin.meteredDisabledPackages.contains(packageName);
@@ -11429,7 +11485,7 @@
final Set<String> affiliationIds = new ArraySet<>(ids);
final int callingUserId = mInjector.userHandleGetCallingUserId();
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
getUserData(callingUserId).mAffiliationIds = affiliationIds;
saveSettingsLocked(callingUserId);
@@ -11456,7 +11512,7 @@
}
Preconditions.checkNotNull(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
return new ArrayList<String>(
getUserData(mInjector.userHandleGetCallingUserId()).mAffiliationIds);
@@ -11469,7 +11525,7 @@
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
return isUserAffiliatedWithDeviceLocked(mInjector.userHandleGetCallingUserId());
}
}
@@ -11530,7 +11586,7 @@
}
Preconditions.checkNotNull(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
if (enabled == mInjector.securityLogGetLoggingEnabledProperty()) {
return;
@@ -11551,7 +11607,7 @@
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!isCallerWithSystemUid()) {
Preconditions.checkNotNull(admin);
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
@@ -11560,12 +11616,14 @@
}
}
- private synchronized void recordSecurityLogRetrievalTime() {
- final long currentTime = System.currentTimeMillis();
- DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
- if (currentTime > policyData.mLastSecurityLogRetrievalTime) {
- policyData.mLastSecurityLogRetrievalTime = currentTime;
- saveSettingsLocked(UserHandle.USER_SYSTEM);
+ private void recordSecurityLogRetrievalTime() {
+ synchronized (getLockObject()) {
+ final long currentTime = System.currentTimeMillis();
+ DevicePolicyData policyData = getUserData(UserHandle.USER_SYSTEM);
+ if (currentTime > policyData.mLastSecurityLogRetrievalTime) {
+ policyData.mLastSecurityLogRetrievalTime = currentTime;
+ saveSettingsLocked(UserHandle.USER_SYSTEM);
+ }
}
}
@@ -11646,7 +11704,7 @@
enforceCanManageDeviceAdmin();
final int userId = mInjector.userHandleGetCallingUserId();
Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
- synchronized (this) {
+ synchronized (getLockObject()) {
return mPackagesToRemove.contains(packageUserPair);
}
}
@@ -11672,7 +11730,7 @@
}
final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
- synchronized (this) {
+ synchronized (getLockObject()) {
mPackagesToRemove.add(packageUserPair);
}
@@ -11707,7 +11765,7 @@
@Override
public boolean isDeviceProvisioned() {
enforceManageUsers();
- synchronized (this) {
+ synchronized (getLockObject()) {
return getUserDataUnchecked(UserHandle.USER_SYSTEM).mUserSetupComplete;
}
}
@@ -11734,7 +11792,7 @@
private void startUninstallIntent(final String packageName, final int userId) {
final Pair<String, Integer> packageUserPair = new Pair<>(packageName, userId);
- synchronized (this) {
+ synchronized (getLockObject()) {
if (!mPackagesToRemove.contains(packageUserPair)) {
// Do nothing if uninstall was not requested or was already started.
return;
@@ -11769,7 +11827,7 @@
* @param userHandle The user for which this admin has to be removed.
*/
private void removeAdminArtifacts(final ComponentName adminReceiver, final int userHandle) {
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin admin = getActiveAdminUncheckedLocked(adminReceiver, userHandle);
if (admin == null) {
return;
@@ -11799,7 +11857,7 @@
@Override
public void setDeviceProvisioningConfigApplied() {
enforceManageUsers();
- synchronized (this) {
+ synchronized (getLockObject()) {
DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
policy.mDeviceProvisioningConfigApplied = true;
saveSettingsLocked(UserHandle.USER_SYSTEM);
@@ -11809,7 +11867,7 @@
@Override
public boolean isDeviceProvisioningConfigApplied() {
enforceManageUsers();
- synchronized (this) {
+ synchronized (getLockObject()) {
final DevicePolicyData policy = getUserData(UserHandle.USER_SYSTEM);
return policy.mDeviceProvisioningConfigApplied;
}
@@ -11835,7 +11893,7 @@
Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0;
DevicePolicyData policy = getUserData(userId);
policy.mUserSetupComplete = isUserCompleted;
- synchronized (this) {
+ synchronized (getLockObject()) {
saveSettingsLocked(userId);
}
}
@@ -11850,7 +11908,7 @@
return;
}
Preconditions.checkNotNull(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(
admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
if (!enabled) {
@@ -11879,7 +11937,7 @@
if (!mHasFeature) {
return true;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
try {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
IBackupManager ibm = mInjector.getIBackupManager();
@@ -11898,7 +11956,7 @@
return false;
}
Preconditions.checkNotNull(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -11944,18 +12002,20 @@
return success.get();
}
- synchronized private void saveMandatoryBackupTransport(
+ private void saveMandatoryBackupTransport(
ComponentName admin, int callingUid, ComponentName backupTransportComponent) {
- ActiveAdmin activeAdmin =
- getActiveAdminWithPolicyForUidLocked(
- admin,
- DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
- callingUid);
- if (!Objects.equals(backupTransportComponent,
- activeAdmin.mandatoryBackupTransport)) {
- activeAdmin.mandatoryBackupTransport =
- backupTransportComponent;
- saveSettingsLocked(UserHandle.USER_SYSTEM);
+ synchronized (getLockObject()) {
+ ActiveAdmin activeAdmin =
+ getActiveAdminWithPolicyForUidLocked(
+ admin,
+ DeviceAdminInfo.USES_POLICY_DEVICE_OWNER,
+ callingUid);
+ if (!Objects.equals(backupTransportComponent,
+ activeAdmin.mandatoryBackupTransport)) {
+ activeAdmin.mandatoryBackupTransport =
+ backupTransportComponent;
+ saveSettingsLocked(UserHandle.USER_SYSTEM);
+ }
}
}
@@ -11964,7 +12024,7 @@
if (!mHasFeature) {
return null;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin activeAdmin = getDeviceOwnerAdminLocked();
return activeAdmin == null ? null : activeAdmin.mandatoryBackupTransport;
}
@@ -11995,7 +12055,7 @@
}
final String targetPackage;
- synchronized (this) {
+ synchronized (getLockObject()) {
targetPackage = getOwnerPackageNameForUserLocked(targetUserId);
}
@@ -12032,7 +12092,7 @@
}
Preconditions.checkNotNull(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
final int callingUserId = mInjector.userHandleGetCallingUserId();
@@ -12106,7 +12166,7 @@
if (accounts.length == 0) {
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
if (owner == null || !isAdminTestOnlyLocked(owner, userId)) {
Log.w(LOG_TAG,
"Non test-only owner can't be installed with existing accounts.");
@@ -12158,50 +12218,54 @@
}
@Override
- public synchronized void setNetworkLoggingEnabled(ComponentName admin, boolean enabled) {
+ public void setNetworkLoggingEnabled(ComponentName admin, boolean enabled) {
if (!mHasFeature) {
return;
}
- Preconditions.checkNotNull(admin);
- getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
+ synchronized (getLockObject()) {
+ Preconditions.checkNotNull(admin);
+ getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
- if (enabled == isNetworkLoggingEnabledInternalLocked()) {
- // already in the requested state
- return;
- }
- ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
- deviceOwner.isNetworkLoggingEnabled = enabled;
- if (!enabled) {
- deviceOwner.numNetworkLoggingNotifications = 0;
- deviceOwner.lastNetworkLoggingNotificationTimeMs = 0;
- }
- saveSettingsLocked(mInjector.userHandleGetCallingUserId());
+ if (enabled == isNetworkLoggingEnabledInternalLocked()) {
+ // already in the requested state
+ return;
+ }
+ ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
+ deviceOwner.isNetworkLoggingEnabled = enabled;
+ if (!enabled) {
+ deviceOwner.numNetworkLoggingNotifications = 0;
+ deviceOwner.lastNetworkLoggingNotificationTimeMs = 0;
+ }
+ saveSettingsLocked(mInjector.userHandleGetCallingUserId());
- setNetworkLoggingActiveInternal(enabled);
+ setNetworkLoggingActiveInternal(enabled);
+ }
}
- private synchronized void setNetworkLoggingActiveInternal(boolean active) {
- final long callingIdentity = mInjector.binderClearCallingIdentity();
- try {
- if (active) {
- mNetworkLogger = new NetworkLogger(this, mInjector.getPackageManagerInternal());
- if (!mNetworkLogger.startNetworkLogging()) {
+ private void setNetworkLoggingActiveInternal(boolean active) {
+ synchronized (getLockObject()) {
+ final long callingIdentity = mInjector.binderClearCallingIdentity();
+ try {
+ if (active) {
+ mNetworkLogger = new NetworkLogger(this, mInjector.getPackageManagerInternal());
+ if (!mNetworkLogger.startNetworkLogging()) {
+ mNetworkLogger = null;
+ Slog.wtf(LOG_TAG, "Network logging could not be started due to the logging"
+ + " service not being available yet.");
+ }
+ maybePauseDeviceWideLoggingLocked();
+ sendNetworkLoggingNotificationLocked();
+ } else {
+ if (mNetworkLogger != null && !mNetworkLogger.stopNetworkLogging()) {
+ Slog.wtf(LOG_TAG, "Network logging could not be stopped due to the logging"
+ + " service not being available yet.");
+ }
mNetworkLogger = null;
- Slog.wtf(LOG_TAG, "Network logging could not be started due to the logging"
- + " service not being available yet.");
+ mInjector.getNotificationManager().cancel(SystemMessage.NOTE_NETWORK_LOGGING);
}
- maybePauseDeviceWideLoggingLocked();
- sendNetworkLoggingNotificationLocked();
- } else {
- if (mNetworkLogger != null && !mNetworkLogger.stopNetworkLogging()) {
- Slog.wtf(LOG_TAG, "Network logging could not be stopped due to the logging"
- + " service not being available yet.");
- }
- mNetworkLogger = null;
- mInjector.getNotificationManager().cancel(SystemMessage.NOTE_NETWORK_LOGGING);
+ } finally {
+ mInjector.binderRestoreCallingIdentity(callingIdentity);
}
- } finally {
- mInjector.binderRestoreCallingIdentity(callingIdentity);
}
}
@@ -12248,7 +12312,7 @@
if (!mHasFeature) {
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
enforceDeviceOwnerOrManageUsers();
return isNetworkLoggingEnabledInternalLocked();
}
@@ -12274,7 +12338,7 @@
Preconditions.checkNotNull(admin);
ensureDeviceOwnerAndAllUsersAffiliated(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
if (mNetworkLogger == null
|| !isNetworkLoggingEnabledInternalLocked()) {
return null;
@@ -12399,7 +12463,7 @@
if (token == null || token.length < 32) {
throw new IllegalArgumentException("token must be at least 32-byte long");
}
- synchronized (this) {
+ synchronized (getLockObject()) {
final int userHandle = mInjector.userHandleGetCallingUserId();
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -12424,7 +12488,7 @@
if (!mHasFeature) {
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
final int userHandle = mInjector.userHandleGetCallingUserId();
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -12447,7 +12511,7 @@
@Override
public boolean isResetPasswordTokenActive(ComponentName admin) {
- synchronized (this) {
+ synchronized (getLockObject()) {
final int userHandle = mInjector.userHandleGetCallingUserId();
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -12469,7 +12533,7 @@
public boolean resetPasswordWithToken(ComponentName admin, String passwordOrNull, byte[] token,
int flags) {
Preconditions.checkNotNull(token);
- synchronized (this) {
+ synchronized (getLockObject()) {
final int userHandle = mInjector.userHandleGetCallingUserId();
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
@@ -12495,7 +12559,7 @@
public StringParceledListSlice getOwnerInstalledCaCerts(@NonNull UserHandle user) {
final int userId = user.getIdentifier();
enforceProfileOwnerOrFullCrossUsersPermission(userId);
- synchronized (this) {
+ synchronized (getLockObject()) {
return new StringParceledListSlice(
new ArrayList<>(getUserData(userId).mOwnerInstalledCaCerts));
}
@@ -12507,7 +12571,7 @@
Preconditions.checkNotNull(admin, "ComponentName is null");
Preconditions.checkNotNull(packageName, "packageName is null");
Preconditions.checkNotNull(callback, "callback is null");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
}
final int userId = UserHandle.getCallingUserId();
@@ -12535,13 +12599,13 @@
}
@Override
- public synchronized void setLogoutEnabled(ComponentName admin, boolean enabled) {
+ public void setLogoutEnabled(ComponentName admin, boolean enabled) {
if (!mHasFeature) {
return;
}
Preconditions.checkNotNull(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin deviceOwner =
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
@@ -12559,7 +12623,7 @@
if (!mHasFeature) {
return false;
}
- synchronized (this) {
+ synchronized (getLockObject()) {
ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();
return (deviceOwner != null) && deviceOwner.isLogoutEnabled;
}
@@ -12607,7 +12671,7 @@
final long id = mInjector.binderClearCallingIdentity();
try {
- synchronized (this) {
+ synchronized (getLockObject()) {
/*
* We must ensure the whole process is atomic to prevent the device from ending up
* in an invalid state (e.g. no active admin). This could happen if the device
@@ -12713,7 +12777,7 @@
final String startUserSessionMessageString =
startUserSessionMessage != null ? startUserSessionMessage.toString() : null;
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin deviceOwner =
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
@@ -12738,7 +12802,7 @@
final String endUserSessionMessageString =
endUserSessionMessage != null ? endUserSessionMessage.toString() : null;
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin deviceOwner =
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
@@ -12760,7 +12824,7 @@
}
Preconditions.checkNotNull(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin deviceOwner =
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
return deviceOwner.startUserSessionMessage;
@@ -12774,7 +12838,7 @@
}
Preconditions.checkNotNull(admin);
- synchronized (this) {
+ synchronized (getLockObject()) {
final ActiveAdmin deviceOwner =
getActiveAdminForCallerLocked(admin, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
return deviceOwner.endUserSessionMessage;
@@ -12788,7 +12852,7 @@
@Override
@Nullable
public PersistableBundle getTransferOwnershipBundle() {
- synchronized (this) {
+ synchronized (getLockObject()) {
final int callingUserId = mInjector.userHandleGetCallingUserId();
getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);
final File bundleFile = new File(
@@ -12817,7 +12881,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null in addOverrideApn");
Preconditions.checkNotNull(apnSetting, "ApnSetting is null in addOverrideApn");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -12848,7 +12912,7 @@
}
Preconditions.checkNotNull(who, "ComponentName is null in updateOverrideApn");
Preconditions.checkNotNull(apnSetting, "ApnSetting is null in updateOverrideApn");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -12871,7 +12935,7 @@
return false;
}
Preconditions.checkNotNull(who, "ComponentName is null in removeOverrideApn");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -12899,7 +12963,7 @@
return Collections.emptyList();
}
Preconditions.checkNotNull(who, "ComponentName is null in getOverrideApns");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -12937,7 +13001,7 @@
return;
}
Preconditions.checkNotNull(who, "ComponentName is null in setOverrideApnEnabled");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}
@@ -12962,7 +13026,7 @@
return false;
}
Preconditions.checkNotNull(who, "ComponentName is null in isOverrideApnEnabled");
- synchronized (this) {
+ synchronized (getLockObject()) {
getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);
}