Add a new WipeData API that allows an input string for the reason to wipe user.
Test: bit FrameworksServicesTests:com.android.server.devicepolicy.DevicePolicyManagerTest
Fix: 31177807
Change-Id: I0b46f4d029d285d5018875f03285551f6b822376
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index 6c859f7..7830623 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -5350,7 +5350,7 @@
}
}
- private void forceWipeUser(int userId) {
+ private void forceWipeUser(int userId, String wipeReasonForUser) {
try {
IActivityManager am = mInjector.getIActivityManager();
if (am.getCurrentUser().id == userId) {
@@ -5361,7 +5361,7 @@
if (!userRemoved) {
Slog.w(LOG_TAG, "Couldn't remove user " + userId);
} else if (isManagedProfile(userId)) {
- sendWipeProfileNotification();
+ sendWipeProfileNotification(wipeReasonForUser);
}
} catch (RemoteException re) {
// Shouldn't happen
@@ -5369,23 +5369,26 @@
}
@Override
- public void wipeData(int flags) {
+ public void wipeDataWithReason(int flags, String wipeReasonForUser) {
if (!mHasFeature) {
return;
}
+ Preconditions.checkStringNotEmpty(wipeReasonForUser, "wipeReasonForUser is null or empty");
enforceFullCrossUsersPermission(mInjector.userHandleGetCallingUserId());
final ActiveAdmin admin;
synchronized (this) {
admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA);
}
- String reason = "DevicePolicyManager.wipeData() from "
+ String internalReason = "DevicePolicyManager.wipeDataWithReason() from "
+ admin.info.getComponent().flattenToShortString();
wipeDataNoLock(
- admin.info.getComponent(), flags, reason, admin.getUserHandle().getIdentifier());
+ admin.info.getComponent(), flags, internalReason, wipeReasonForUser,
+ admin.getUserHandle().getIdentifier());
}
- private void wipeDataNoLock(ComponentName admin, int flags, String reason, int userId) {
+ private void wipeDataNoLock(ComponentName admin, int flags, String internalReason,
+ String wipeReasonForUser, int userId) {
wtfIfInLock();
long ident = mInjector.binderClearCallingIdentity();
@@ -5420,25 +5423,26 @@
// (rather than system), we should probably trigger factory reset. Current code just
// removes that user (but still clears FRP...)
if (userId == UserHandle.USER_SYSTEM) {
- forceWipeDeviceNoLock(/*wipeExtRequested=*/ (flags & WIPE_EXTERNAL_STORAGE) != 0,
- reason, /*wipeEuicc=*/ (flags & WIPE_EUICC) != 0);
+ forceWipeDeviceNoLock(/*wipeExtRequested=*/ (
+ flags & WIPE_EXTERNAL_STORAGE) != 0,
+ internalReason,
+ /*wipeEuicc=*/ (flags & WIPE_EUICC) != 0);
} else {
- forceWipeUser(userId);
+ forceWipeUser(userId, wipeReasonForUser);
}
} finally {
mInjector.binderRestoreCallingIdentity(ident);
}
}
- private void sendWipeProfileNotification() {
- String contentText = mContext.getString(R.string.work_profile_deleted_description_dpm_wipe);
+ private void sendWipeProfileNotification(String wipeReasonForUser) {
Notification notification =
new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN)
.setSmallIcon(android.R.drawable.stat_sys_warning)
.setContentTitle(mContext.getString(R.string.work_profile_deleted))
- .setContentText(contentText)
+ .setContentText(wipeReasonForUser)
.setColor(mContext.getColor(R.color.system_notification_accent_color))
- .setStyle(new Notification.BigTextStyle().bigText(contentText))
+ .setStyle(new Notification.BigTextStyle().bigText(wipeReasonForUser))
.build();
mInjector.getNotificationManager().notify(SystemMessage.NOTE_PROFILE_WIPED, notification);
}
@@ -5610,9 +5614,12 @@
// able to do so).
// IMPORTANT: Call without holding the lock to prevent deadlock.
try {
+ String wipeReasonForUser = mContext.getString(
+ R.string.work_profile_deleted_reason_maximum_password_failure);
wipeDataNoLock(strictestAdmin.info.getComponent(),
/*flags=*/ 0,
/*reason=*/ "reportFailedPasswordAttempt()",
+ wipeReasonForUser,
userId);
} catch (SecurityException e) {
Slog.w(LOG_TAG, "Failed to wipe user " + userId
@@ -5621,7 +5628,8 @@
}
if (mInjector.securityLogIsLoggingEnabled()) {
- SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT, /*result*/ 0,
+ SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISMISS_AUTH_ATTEMPT,
+ /*result*/ 0,
/*method strength*/ 1);
}
}
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 87b0db8..a8bf8f1 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -3421,6 +3421,9 @@
// Even if the caller is the managed profile, the current user is the user 0
when(getServices().iactivityManager.getCurrentUser())
.thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0));
+ // Get mock reason string since we throw an IAE with empty string input.
+ when(mContext.getResources().getString(R.string.work_profile_deleted_description_dpm_wipe)).
+ thenReturn("Just a test string.");
dpm.wipeData(0);
verify(getServices().userManagerInternal).removeUserEvenWhenDisallowed(
@@ -3440,6 +3443,9 @@
UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
UserHandle.of(MANAGED_PROFILE_USER_ID)))
.thenReturn(UserManager.RESTRICTION_SOURCE_SYSTEM);
+ when(mContext.getResources().getString(R.string.work_profile_deleted_description_dpm_wipe)).
+ thenReturn("Just a test string.");
+
mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
// The PO is not allowed to remove the profile if the user restriction was set on the
// profile by the system
@@ -3453,6 +3459,8 @@
UserManager.DISALLOW_FACTORY_RESET,
UserHandle.SYSTEM))
.thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);
+ when(mContext.getResources().getString(R.string.work_profile_deleted_description_dpm_wipe)).
+ thenReturn("Just a test string.");
dpm.wipeData(0);
verify(getServices().recoverySystem).rebootWipeUserData(
@@ -3466,6 +3474,8 @@
UserManager.DISALLOW_FACTORY_RESET,
UserHandle.SYSTEM))
.thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);
+ when(mContext.getResources().getString(R.string.work_profile_deleted_description_dpm_wipe)).
+ thenReturn("Just a test string.");
dpm.wipeData(WIPE_EUICC);
verify(getServices().recoverySystem).rebootWipeUserData(
@@ -3479,6 +3489,8 @@
UserManager.DISALLOW_FACTORY_RESET,
UserHandle.SYSTEM))
.thenReturn(UserManager.RESTRICTION_SOURCE_SYSTEM);
+ when(mContext.getResources().getString(R.string.work_profile_deleted_description_dpm_wipe)).
+ thenReturn("Just a test string.");
// The DO is not allowed to wipe the device if the user restriction was set
// by the system
assertExpectException(SecurityException.class, /* messageRegex= */ null,