Handle screen capture disabled state for multiple users

Before this fix, the framework use one single integer to track screen
capture disabled policy across the device. This can be either a real
userId, or the symbolic USER_ALL or USER_NULL for all users or no user.
This has the problem that it can't represent policies from more than
one admin (or policies from both the admin and its parent). In addition,
due to the way DevicePolicyManagerService refreshes policies, when a
non-managed user is started, its default policy state overrides any
existing policy, causing screen capture to be no longer disabled.

Fix this by properly tracking the policy for each user in an set.
We still use USER_ALL in the set to represent screen capture being
disabled for all users.

In Android 14, the screen capture logic is migrated to policy engine
which already contains this fix.

Bug: 305664128
Test: ScreenCaptureDisabledTest
Test: FrameworksServicesTests:DevicePolicyManagerTest
Test: DevicePolicyManagerServiceMigrationTest
Test: MixedDeviceOwnerTest#testScreenCaptureDisabled_assist
      MixedProfileOwnerTest#testScreenCaptureDisabled_assist
      MixedManagedProfileOwnerTest#testScreenCaptureDisabled_assist
Test: MixedManagedProfileOwnerTest#testScreenCaptureDisabled_assist_allowedPrimaryUser
Test: MixedDeviceOwnerTest#testCreateAdminSupportIntent
      MixedProfileOwnerTest#testCreateAdminSupportIntent
      MixedManagedProfileOwnerTest#testCreateAdminSupportIntent
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5f3db5ae9b9cf69c8a4ea73b6ed49ce9d49ba223)
Merged-In: Ib016b740927003f8bd81992f24c722c29ac723b5
Change-Id: Ib016b740927003f8bd81992f24c722c29ac723b5

Author: Rubin Xu

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyCacheImpl.java

@@ -25,6 +25,9 @@
 
 import com.android.internal.annotations.GuardedBy;
 
+import java.util.HashSet;
+import java.util.Set;
+
 /**
  * Implementation of {@link DevicePolicyCache}, to which {@link DevicePolicyManagerService} pushes
  * policies.
@@ -45,6 +48,13 @@ public class DevicePolicyCacheImpl extends DevicePolicyCache {
     @GuardedBy("mLock")
     private int mScreenCaptureDisallowedUser = UserHandle.USER_NULL;
 
+    /**
+     * Indicates if screen capture is disallowed on a specific user or all users if
+     * it contains {@link UserHandle#USER_ALL}.
+     */
+    @GuardedBy("mLock")
+    private Set<Integer> mScreenCaptureDisallowedUsers = new HashSet<>();
+
     @GuardedBy("mLock")
     private final SparseIntArray mPasswordQuality = new SparseIntArray();
 
@@ -71,8 +81,8 @@ public void onUserRemoved(int userHandle) {
     @Override
     public boolean isScreenCaptureAllowed(int userHandle) {
         synchronized (mLock) {
-            return mScreenCaptureDisallowedUser != UserHandle.USER_ALL
-                    && mScreenCaptureDisallowedUser != userHandle;
+            return !mScreenCaptureDisallowedUsers.contains(userHandle)
+                    && !mScreenCaptureDisallowedUsers.contains(UserHandle.USER_ALL);
         }
     }
 
@@ -88,6 +98,16 @@ public void setScreenCaptureDisallowedUser(int userHandle) {
         }
     }
 
+    public void setScreenCaptureDisallowedUser(int userHandle, boolean disallowed) {
+        synchronized (mLock) {
+            if (disallowed) {
+                mScreenCaptureDisallowedUsers.add(userHandle);
+            } else {
+                mScreenCaptureDisallowedUsers.remove(userHandle);
+            }
+        }
+    }
+
     @Override
     public int getPasswordQuality(@UserIdInt int userHandle) {
         synchronized (mLock) {
@@ -136,7 +156,7 @@ public void setAdminCanGrantSensorsPermissions(@UserIdInt int userId, boolean ca
     public void dump(IndentingPrintWriter pw) {
         pw.println("Device policy cache:");
         pw.increaseIndent();
-        pw.println("Screen capture disallowed user: " + mScreenCaptureDisallowedUser);
+        pw.println("Screen capture disallowed users: " + mScreenCaptureDisallowedUsers);
         pw.println("Password quality: " + mPasswordQuality.toString());
         pw.println("Permission policy: " + mPermissionPolicy.toString());
         pw.println("Admin can grant sensors permission: "

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

@@ -7707,30 +7707,20 @@ public void setScreenCaptureDisabled(ComponentName who, boolean disabled, boolea
     // be disabled device-wide.
     private void pushScreenCapturePolicy(int adminUserId) {
         // Update screen capture device-wide if disabled by the DO or COPE PO on the parent profile.
-        ActiveAdmin admin =
-                getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceParentLocked(
+        // Always do this regardless which user this method is called with. Probably a little
+        // wasteful but still safe.
+        ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceParentLocked(
                         UserHandle.USER_SYSTEM);
-        if (admin != null && admin.disableScreenCapture) {
-            setScreenCaptureDisabled(UserHandle.USER_ALL);
-        } else {
-            // Otherwise, update screen capture only for the calling user.
-            admin = getProfileOwnerAdminLocked(adminUserId);
-            if (admin != null && admin.disableScreenCapture) {
-                setScreenCaptureDisabled(adminUserId);
-            } else {
-                setScreenCaptureDisabled(UserHandle.USER_NULL);
-            }
-        }
+        setScreenCaptureDisabled(UserHandle.USER_ALL, admin != null && admin.disableScreenCapture);
+        // Update screen capture only for the calling user.
+        admin = getProfileOwnerAdminLocked(adminUserId);
+        setScreenCaptureDisabled(adminUserId, admin != null && admin.disableScreenCapture);
     }
 
     // Set the latest screen capture policy, overriding any existing ones.
     // userHandle can be one of USER_ALL, USER_NULL or a concrete userId.
-    private void setScreenCaptureDisabled(int userHandle) {
-        int current = mPolicyCache.getScreenCaptureDisallowedUser();
-        if (userHandle == current) {
-            return;
-        }
-        mPolicyCache.setScreenCaptureDisallowedUser(userHandle);
+    private void setScreenCaptureDisabled(int userHandle, boolean disabled) {
+        mPolicyCache.setScreenCaptureDisallowedUser(userHandle, disabled);
         updateScreenCaptureDisabled();
     }
 

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

@@ -5056,7 +5056,7 @@ public void testWipeDataManagedProfileOnOrganizationOwnedDevice() throws Excepti
         // Refresh strong auth timeout
         verify(getServices().lockSettingsInternal).refreshStrongAuthTimeout(UserHandle.USER_SYSTEM);
         // Refresh screen capture
-        verify(getServices().iwindowManager).refreshScreenCaptureDisabled();
+        verify(getServices().iwindowManager, times(2)).refreshScreenCaptureDisabled();
         // Unsuspend personal apps
         verify(getServices().packageManagerInternal)
                 .unsuspendForSuspendingPackage(PLATFORM_PACKAGE_NAME, UserHandle.USER_SYSTEM);