Add metrics for DevicePolicyManagerService methods (Part 1)
CTS tests will be added in a later CL.
Bug: 119911940
Test: Manual
Change-Id: I040deec232e40b223821a5c521661310f78e6cba
diff --git a/core/java/android/app/admin/DevicePolicyEventLogger.java b/core/java/android/app/admin/DevicePolicyEventLogger.java
index f39a5f4..c89d868 100644
--- a/core/java/android/app/admin/DevicePolicyEventLogger.java
+++ b/core/java/android/app/admin/DevicePolicyEventLogger.java
@@ -16,6 +16,8 @@
package android.app.admin;
+import android.annotation.Nullable;
+import android.content.ComponentName;
import android.stats.devicepolicy.nano.StringList;
import android.util.StatsLog;
@@ -34,7 +36,7 @@
*
* DevicePolicyEventLogger
* .createEvent(DevicePolicyEnums.USER_RESTRICTION_CHANGED)
- * .setAdminPackageName(who)
+ * .setAdmin(who)
* .setString(key)
* .setBoolean(enabledFromThisOwner)
* .write();
@@ -170,12 +172,20 @@
/**
* Sets the package name of the admin application.
*/
- public DevicePolicyEventLogger setAdminPackageName(String packageName) {
+ public DevicePolicyEventLogger setAdmin(@Nullable String packageName) {
mAdminPackageName = packageName;
return this;
}
/**
+ * Retrieves the package name of the admin application from the {@link ComponentName}.
+ */
+ public DevicePolicyEventLogger setAdmin(@Nullable ComponentName componentName) {
+ mAdminPackageName = (componentName != null ? componentName.getPackageName() : null);
+ return this;
+ }
+
+ /**
* Returns the package name of the admin application.
*/
@VisibleForTesting
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index f68f4d7..a7dbdcb 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -109,6 +109,7 @@
import android.app.admin.DeviceAdminInfo;
import android.app.admin.DeviceAdminReceiver;
import android.app.admin.DevicePolicyCache;
+import android.app.admin.DevicePolicyEventLogger;
import android.app.admin.DevicePolicyManager;
import android.app.admin.DevicePolicyManagerInternal;
import android.app.admin.NetworkEvent;
@@ -195,6 +196,7 @@
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.ParcelableKeyGenParameterSpec;
import android.service.persistentdata.PersistentDataBlockManager;
+import android.stats.devicepolicy.DevicePolicyEnums;
import android.telephony.TelephonyManager;
import android.telephony.data.ApnSetting;
import android.text.TextUtils;
@@ -205,7 +207,6 @@
import android.util.Pair;
import android.util.Slog;
import android.util.SparseArray;
-import android.util.StatsLog;
import android.util.Xml;
import android.view.IWindowManager;
import android.view.accessibility.AccessibilityManager;
@@ -4051,6 +4052,12 @@
}
maybeLogPasswordComplexitySet(who, userId, parent, metrics);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PASSWORD_QUALITY)
+ .setAdmin(who)
+ .setInt(quality)
+ .setBoolean(parent)
+ .write();
}
/**
@@ -4164,6 +4171,11 @@
}
maybeLogPasswordComplexitySet(who, userId, parent, metrics);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PASSWORD_MINIMUM_LENGTH)
+ .setAdmin(who)
+ .setInt(length)
+ .write();
}
@Override
@@ -4391,6 +4403,11 @@
}
maybeLogPasswordComplexitySet(who, userId, parent, metrics);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PASSWORD_MINIMUM_UPPER_CASE)
+ .setAdmin(who)
+ .setInt(length)
+ .write();
}
@Override
@@ -4414,6 +4431,11 @@
}
maybeLogPasswordComplexitySet(who, userId, parent, metrics);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PASSWORD_MINIMUM_LOWER_CASE)
+ .setAdmin(who)
+ .setInt(length)
+ .write();
}
@Override
@@ -4440,6 +4462,11 @@
}
maybeLogPasswordComplexitySet(who, userId, parent, metrics);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PASSWORD_MINIMUM_LETTERS)
+ .setAdmin(who)
+ .setInt(length)
+ .write();
}
@Override
@@ -4466,6 +4493,11 @@
}
maybeLogPasswordComplexitySet(who, userId, parent, metrics);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PASSWORD_MINIMUM_NUMERIC)
+ .setAdmin(who)
+ .setInt(length)
+ .write();
}
@Override
@@ -4492,6 +4524,11 @@
}
maybeLogPasswordComplexitySet(who, userId, parent, metrics);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PASSWORD_MINIMUM_SYMBOLS)
+ .setAdmin(who)
+ .setInt(length)
+ .write();
}
@Override
@@ -4518,6 +4555,11 @@
}
maybeLogPasswordComplexitySet(who, userId, parent, metrics);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PASSWORD_MINIMUM_NON_LETTER)
+ .setAdmin(who)
+ .setInt(length)
+ .write();
}
@Override
@@ -5285,6 +5327,10 @@
mInjector.binderRestoreCallingIdentity(ident);
}
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.LOCK_NOW)
+ .setInt(flags)
+ .write();
}
@Override
@@ -5363,6 +5409,12 @@
final long id = mInjector.binderClearCallingIdentity();
try {
alias = mCertificateMonitor.installCaCert(userHandle, certBuffer);
+ final boolean isDelegate = (admin == null);
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.INSTALL_CA_CERT)
+ .setAdmin(callerPackage)
+ .setBoolean(isDelegate)
+ .write();
if (alias == null) {
Log.w(LOG_TAG, "Problem installing cert");
return false;
@@ -5422,6 +5474,12 @@
keyChain.setGrant(callingUid, alias, true);
}
keyChain.setUserSelectable(alias, isUserSelectable);
+ final boolean isDelegate = (who == null);
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.INSTALL_KEY_PAIR)
+ .setAdmin(callerPackage)
+ .setBoolean(isDelegate)
+ .write();
return true;
} catch (RemoteException e) {
Log.e(LOG_TAG, "Installing certificate", e);
@@ -6116,6 +6174,11 @@
synchronized (getLockObject()) {
admin = getActiveAdminForCallerLocked(null, DeviceAdminInfo.USES_POLICY_WIPE_DATA);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.WIPE_DATA_WITH_REASON)
+ .setAdmin(admin.info.getComponent())
+ .setInt(flags)
+ .write();
String internalReason = "DevicePolicyManager.wipeDataWithReason() from "
+ admin.info.getComponent().flattenToShortString();
wipeDataNoLock(
@@ -7220,6 +7283,12 @@
SecurityLog.writeEvent(SecurityLog.TAG_KEYGUARD_DISABLED_FEATURES_SET,
who.getPackageName(), userHandle, affectedUserId, which);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_KEYGUARD_DISABLED_FEATURES)
+ .setAdmin(who)
+ .setInt(which)
+ .setBoolean(parent)
+ .write();
}
/**
@@ -9466,7 +9535,14 @@
}
saveUserRestrictionsLocked(userHandle);
}
- StatsLog.write(StatsLog.USER_RESTRICTION_CHANGED, key, enabledFromThisOwner);
+ final int eventId = enabledFromThisOwner
+ ? DevicePolicyEnums.ADD_USER_RESTRICTION
+ : DevicePolicyEnums.REMOVE_USER_RESTRICTION;
+ DevicePolicyEventLogger
+ .createEvent(eventId)
+ .setAdmin(who)
+ .setStrings(key)
+ .write();
if (SecurityLog.isLoggingEnabled()) {
final int eventTag = enabledFromThisOwner
? SecurityLog.TAG_USER_RESTRICTION_ADDED
@@ -10238,6 +10314,11 @@
try {
setUserRestriction(who, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
(Integer.parseInt(value) == 0) ? true : false);
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_SECURE_SETTING)
+ .setAdmin(who)
+ .setStrings(setting, value)
+ .write();
} catch (NumberFormatException exc) {
Slog.e(LOG_TAG, "Invalid value: " + value + " for setting " + setting);
}
@@ -10265,6 +10346,11 @@
mInjector.binderRestoreCallingIdentity(id);
}
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_SECURE_SETTING)
+ .setAdmin(who)
+ .setStrings(setting, value)
+ .write();
}
@Override
@@ -10623,6 +10709,10 @@
synchronized (getLockObject()) {
updateMaximumTimeToLockLocked(userId);
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SEPARATE_PROFILE_CHALLENGE_CHANGED)
+ .setBoolean(isSeparateProfileChallengeEnabled(userId))
+ .write();
}
@Override
@@ -10963,6 +11053,13 @@
saveSettingsLocked(userId);
}
}
+ final boolean isDelegate = (admin == null);
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PERMISSION_POLICY)
+ .setAdmin(callerPackage)
+ .setInt(policy)
+ .setBoolean(isDelegate)
+ .write();
}
@Override
@@ -11014,7 +11111,6 @@
PackageManager.FLAG_PERMISSION_POLICY_FIXED, 0, user);
} break;
}
- return true;
} catch (SecurityException se) {
return false;
} catch (NameNotFoundException e) {
@@ -11023,6 +11119,15 @@
mInjector.binderRestoreCallingIdentity(ident);
}
}
+ final boolean isDelegate = (admin == null);
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_PERMISSION_GRANT_STATE)
+ .setAdmin(callerPackage)
+ .setStrings(permission)
+ .setInt(grantState)
+ .setBoolean(isDelegate)
+ .write();
+ return true;
}
@Override
@@ -11848,6 +11953,11 @@
mSecurityLogMonitor.stop();
}
}
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.SET_SECURITY_LOGGING_ENABLED)
+ .setAdmin(admin)
+ .setBoolean(enabled)
+ .write();
}
@Override
@@ -11885,13 +11995,17 @@
Preconditions.checkNotNull(admin);
ensureDeviceOwnerAndAllUsersAffiliated(admin);
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.RETRIEVE_PRE_REBOOT_SECURITY_LOGS)
+ .setAdmin(admin)
+ .write();
+
if (!mContext.getResources().getBoolean(R.bool.config_supportPreRebootSecurityLogs)
|| !mInjector.securityLogGetLoggingEnabledProperty()) {
return null;
}
recordSecurityLogRetrievalTime();
-
ArrayList<SecurityEvent> output = new ArrayList<SecurityEvent>();
try {
SecurityLog.readPreviousEvents(output);
@@ -11918,6 +12032,10 @@
recordSecurityLogRetrievalTime();
List<SecurityEvent> logs = mSecurityLogMonitor.retrieveLogs();
+ DevicePolicyEventLogger
+ .createEvent(DevicePolicyEnums.RETRIEVE_SECURITY_LOGS)
+ .setAdmin(admin)
+ .write();
return logs != null ? new ParceledListSlice<SecurityEvent>(logs) : null;
}