From 0f1e56de1f7daf984f174616c66fb19eaed2b4e5 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Fri, 23 Aug 2019 13:34:25 +0100 Subject: Stop LockSettingsService from calling DevicePolicyManager directly This is a violation of layering (LSS is considered a lower level component than DPM) and source of deadlock due to lock inversion. This change tries to remove most of the direct calls into DPM from LSS. After this, there will only be a handful non-critical invocations remaining: 1. DPM.reportPasswordChanged() This is always called on a handler thread so it's OK (LSS does not hold any hold while calling out). Consider this as a (asynchronous) broadcast. 2. DPMi.reportSeparateProfileChallengeChanged() This is now moved to the handler thread, similar to DPM.reportPasswordChanged(). 3. DPMi.canUserHaveUntrustedCredentialReset() This is still a violation but it will soon be removed as we remove the caching of syhnthetic password alltogether (deprecating old resetPassword()). So I'll leave it for now. Test: atest com.android.server.locksettings Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest Test: atest MixedManagedProfileOwnerTest#testResetPasswordWithToken Test: atest MixedDeviceOwnerTest#testResetPasswordWithToken Bug: 37090873 Bug: 141537958 Change-Id: Ie44cb418ab255bd016c5dd448674beabd362b74c --- core/java/android/os/UserManagerInternal.java | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'core/java/android/os/UserManagerInternal.java') diff --git a/core/java/android/os/UserManagerInternal.java b/core/java/android/os/UserManagerInternal.java index a5b71f64668d..59fb3d9fcdad 100644 --- a/core/java/android/os/UserManagerInternal.java +++ b/core/java/android/os/UserManagerInternal.java @@ -85,12 +85,22 @@ public abstract class UserManagerInternal { */ public abstract void setDeviceManaged(boolean isManaged); + /** + * Returns whether the device is managed by device owner. + */ + public abstract boolean isDeviceManaged(); + /** * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to update * whether the user is managed by profile owner. */ public abstract void setUserManaged(int userId, boolean isManaged); + /** + * whether a profile owner manages this user. + */ + public abstract boolean isUserManaged(int userId); + /** * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to omit * restriction check, because DevicePolicyManager must always be able to set user icon -- cgit v1.2.3