Simplify check during admin removal for whether to cleanup SELinux

Also re-arrange and cleanup Change-Id: I1261e715d8d04b72f8a29b8a24268d75946d24dc
author: Joman Chu <jcchu@tycho.ncsc.mil> 2012-11-16 16:25:51 -0500
committer: Ricardo Cerqueira <cyanogenmod@cerqueira.org> 2013-07-18 21:02:19 +0100
commit: 36d685c5a72aef502af1b08c7fba921b15edb2a3 (patch)
tree: 793266ccb0f58a3fb09ab35eb5d67efc2f10c95e /services
parent: 7adb00f08a5693b74023cd8f4042db97c0cdfa16 (diff)
download: frameworks_base-36d685c5a72aef502af1b08c7fba921b15edb2a3.zip
frameworks_base-36d685c5a72aef502af1b08c7fba921b15edb2a3.tar.gz
frameworks_base-36d685c5a72aef502af1b08c7fba921b15edb2a3.tar.bz2
1 files changed, 99 insertions, 100 deletions
diff --git a/services/java/com/android/server/DevicePolicyManagerService.java b/services/java/com/android/server/DevicePolicyManagerService.java
index 911ca50..a8c5221 100644
--- a/services/java/com/android/server/DevicePolicyManagerService.java
+++ b/services/java/com/android/server/DevicePolicyManagerService.java
@@ -858,8 +858,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
                                 DevicePolicyData policy = getUserData(userHandle);
                                 boolean doProxyCleanup = admin.info.usesPolicy(
                                         DeviceAdminInfo.USES_POLICY_SETS_GLOBAL_PROXY);
-                                boolean doSELinuxCleanup = admin.info.usesPolicy(
-                                        DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX) && admin.isSELinuxAdmin;
+                                boolean doSELinuxCleanup = admin.isSELinuxAdmin;
                                 policy.mAdminList.remove(admin);
                                 policy.mAdminMap.remove(adminReceiver);
                                 validatePasswordOwnerLocked(policy);
@@ -2572,104 +2571,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
     //                      FTT fails a
     //                           FTF fails a,b
 
-    // Cases = 16
-    @Override
-    public boolean isSELinuxAdmin(ComponentName who, int userHandle) {
-        enforceCrossUserPermission(userHandle);
-        synchronized (this) {
-            // Check for permissions
-            if (who == null) {
-                throw new NullPointerException("ComponentName is null");
-            }
-            // Only owner can set SELinux settings
-            if (userHandle != UserHandle.USER_OWNER
-                    || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) {
-                Slog.w(TAG, "Only owner is allowed to set SELinux settings. User "
-                        + UserHandle.getCallingUserId() + " is not permitted.");
-                return false;
-            }
-            //Case F** = 4
-            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
-                    DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX);
-            //Case T** = 4
-            return admin.isSELinuxAdmin;
-        }
-    }
-
-    // Cases = 16
-    @Override
-    public boolean setSELinuxAdmin(ComponentName who, boolean control, int userHandle) {
-        enforceCrossUserPermission(userHandle);
-        synchronized (this) {
-            // Check for permissions
-            if (who == null) {
-                throw new NullPointerException("ComponentName is null");
-            }
-            // Only owner can set SELinux settings
-            if (userHandle != UserHandle.USER_OWNER
-                    || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) {
-                Slog.w(TAG, "Only owner is allowed to set SELinux settings. User "
-                        + UserHandle.getCallingUserId() + " is not permitted.");
-                return false;
-            }
-            // Case F**(*) = 8
-            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
-                    DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX);
-
-            // Case TT*(T) = 2
-            // Case TF*(F) = 2
-            if (admin.isSELinuxAdmin == control) {
-                return true;
-            }
-
-            DevicePolicyData policy = getUserData(userHandle);
-            ActiveAdmin curAdmin = policy.findSELinuxAdminLocked();
-
-            // Case TFF(T) = 1
-            if (control && curAdmin == null) {
-                Slog.v(TAG, "SELinux admin set to " + admin.info.getComponent());
-                admin.isSELinuxAdmin = true;
-
-                admin.sebools = new HashMap<String, Boolean>(seboolsOrig.size());
-                Set<String> seboolnames = seboolsOrig.keySet();
-                for (String sebool : seboolnames) {
-                    boolean value = seboolsOrig.get(sebool);
-                    admin.sebools.put(sebool, value);
-                }
-
-                saveSettingsLocked(userHandle);
-                return true;
-            }
-
-            // Case TTT(F) = 1
-            if (!control && curAdmin.equals(admin)) {
-                boolean setSEpolicyFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY];
-                boolean setPropertyContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS];
-                boolean setFileContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS];
-                boolean setSEappContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS];
-
-                Slog.v(TAG, admin.info.getComponent() + " is no longer a SELinux admin");
-
-                admin.isSELinuxAdmin = false;
-                admin.enforceSELinux = false;
-                admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY] = false;
-                admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS] = false;
-                admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS] = false;
-                admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS] = false;
-
-                saveSettingsLocked(userHandle);
-                syncSELinuxPolicyLocked(policy, setSEpolicyFile,
-                        setPropertyContextsFile, setFileContextsFile,
-                        setSEappContextsFile);
-                return true;
-            }
-
-            //Case TTF(F) = 1
-            //Case TFT(T) = 1
-            return false;
-        }
-    }
-
     /** Resets the state the SELinux values in an ActiveAdmin to the current state of system */
     private static void resetSELinuxAdmin(ActiveAdmin admin) {
         String[] seboolsnames = SELinux.getBooleanNames();
@@ -2771,6 +2672,104 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
         }
     }
 
+    // Cases = 8
+    @Override
+    public boolean isSELinuxAdmin(ComponentName who, int userHandle) {
+        enforceCrossUserPermission(userHandle);
+        synchronized (this) {
+            // Check for permissions
+            if (who == null) {
+                throw new NullPointerException("ComponentName is null");
+            }
+            // Only owner can set SELinux settings
+            if (userHandle != UserHandle.USER_OWNER
+                    || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) {
+                Slog.w(TAG, "Only owner is allowed to set SELinux settings. User "
+                        + UserHandle.getCallingUserId() + " is not permitted.");
+                return false;
+            }
+            //Case F** = 4
+            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
+                    DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX);
+            //Case T** = 4
+            return admin.isSELinuxAdmin;
+        }
+    }
+
+    // Cases = 16
+    @Override
+    public boolean setSELinuxAdmin(ComponentName who, boolean control, int userHandle) {
+        enforceCrossUserPermission(userHandle);
+        synchronized (this) {
+            // Check for permissions
+            if (who == null) {
+                throw new NullPointerException("ComponentName is null");
+            }
+            // Only owner can set SELinux settings
+            if (userHandle != UserHandle.USER_OWNER
+                    || UserHandle.getCallingUserId() != UserHandle.USER_OWNER) {
+                Slog.w(TAG, "Only owner is allowed to set SELinux settings. User "
+                        + UserHandle.getCallingUserId() + " is not permitted.");
+                return false;
+            }
+            // Case F**(*) = 8
+            ActiveAdmin admin = getActiveAdminForCallerLocked(who,
+                    DeviceAdminInfo.USES_POLICY_ENFORCE_SELINUX);
+
+            // Case TT*(T) = 2
+            // Case TF*(F) = 2
+            if (admin.isSELinuxAdmin == control) {
+                return true;
+            }
+
+            DevicePolicyData policy = getUserData(userHandle);
+            ActiveAdmin curAdmin = policy.findSELinuxAdminLocked();
+
+            // Case TFF(T) = 1
+            if (control && curAdmin == null) {
+                Slog.v(TAG, "SELinux admin set to " + admin.info.getComponent());
+                admin.isSELinuxAdmin = true;
+
+                admin.sebools = new HashMap<String, Boolean>(seboolsOrig.size());
+                Set<String> seboolnames = seboolsOrig.keySet();
+                for (String sebool : seboolnames) {
+                    boolean value = seboolsOrig.get(sebool);
+                    admin.sebools.put(sebool, value);
+                }
+
+                saveSettingsLocked(userHandle);
+                return true;
+            }
+
+            // Case TTT(F) = 1
+            if (!control && curAdmin.equals(admin)) {
+                boolean setSEpolicyFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY];
+                boolean setPropertyContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS];
+                boolean setFileContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS];
+                boolean setSEappContextsFile = admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS];
+
+                Slog.v(TAG, admin.info.getComponent() + " is no longer a SELinux admin");
+
+                admin.isSELinuxAdmin = false;
+                admin.enforceSELinux = false;
+                admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEPOLICY] = false;
+                admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_PROPCTXS] = false;
+                admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_FILECTXS] = false;
+                admin.isCustomPolicyFile[DevicePolicyManager.SEPOLICY_FILE_SEAPPCTXS] = false;
+
+                saveSettingsLocked(userHandle);
+                syncSELinuxPolicyLocked(policy, setSEpolicyFile,
+                        setPropertyContextsFile, setFileContextsFile,
+                        setSEappContextsFile);
+                return true;
+            }
+
+            //Case TTF(F) = 1
+            //Case TFT(T) = 1
+            return false;
+        }
+    }
+
     @Override
     public boolean getSELinuxEnforcing(ComponentName who, int userHandle) {
         enforceCrossUserPermission(userHandle);
author	Joman Chu <jcchu@tycho.ncsc.mil>	2012-11-16 16:25:51 -0500
committer	Ricardo Cerqueira <cyanogenmod@cerqueira.org>	2013-07-18 21:02:19 +0100
commit	36d685c5a72aef502af1b08c7fba921b15edb2a3 (patch)
tree	793266ccb0f58a3fb09ab35eb5d67efc2f10c95e /services
parent	7adb00f08a5693b74023cd8f4042db97c0cdfa16 (diff)
download	frameworks_base-36d685c5a72aef502af1b08c7fba921b15edb2a3.zip frameworks_base-36d685c5a72aef502af1b08c7fba921b15edb2a3.tar.gz frameworks_base-36d685c5a72aef502af1b08c7fba921b15edb2a3.tar.bz2