Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 01c9255e authored by Yanli Wan's avatar Yanli Wan
Browse files

Add support to start financed device provisioning 

* Add intent action used to trigger financed device provisioning
* Add financed device provisioning precondition check

Bug: 135486391
Test: atest DevicePolicyManagerTest
Change-Id: Id0f65816026cd195481022b6b75c3232996ec6e7
parent 2808564d

api/system-current.txt

+1 −0
Original line number Diff line number Diff line
@@ -776,6 +776,7 @@ package android.app.admin { 
    field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED";

    field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED";

    field public static final String ACTION_PROVISION_FINALIZATION = "android.app.action.PROVISION_FINALIZATION";

    field public static final String ACTION_PROVISION_FINANCED_DEVICE = "android.app.action.PROVISION_FINANCED_DEVICE";

    field public static final String ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE = "android.app.action.PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE";

    field public static final String ACTION_SET_PROFILE_OWNER = "android.app.action.SET_PROFILE_OWNER";

    field public static final String ACTION_STATE_USER_SETUP_COMPLETE = "android.app.action.STATE_USER_SETUP_COMPLETE";

core/java/android/app/admin/DevicePolicyManager.java

+40 −0
Original line number Diff line number Diff line
@@ -396,6 +396,42 @@ public class DevicePolicyManager { 
    public static final String ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE =

            "android.app.action.PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE";



    /**

     * Activity action: Starts the provisioning flow which sets up a financed device.

     *

     * <p>During financed device provisioning, a device admin app is downloaded and set as the owner

     * of the device. A device owner has full control over the device. The device owner can not be

     * modified by the user.

     *

     * <p>A typical use case would be a device that is bought from the reseller through financing

     * program.

     *

     * <p>An intent with this action can be sent only on an unprovisioned device.

     *

     * <p>Unlike {@link #ACTION_PROVISION_MANAGED_DEVICE}, the provisioning message can only be sent

     * by a privileged app with the permission

     * {@link android.Manifest.permission#DISPATCH_PROVISIONING_MESSAGE}.

     *

     * <p>The provisioning intent contains the following properties:

     * <ul>

     * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME}</li>

     * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_COOKIE_HEADER}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_LABEL}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_ICON_URI}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_SUPPORT_URL}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_ORGANIZATION_NAME}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}, optional</li>

     * </ul>

     *

     * @hide

     */

    @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION)

    @SystemApi

    public static final String ACTION_PROVISION_FINANCED_DEVICE =

            "android.app.action.PROVISION_FINANCED_DEVICE";



    /**

     * Activity action: Starts the provisioning flow which sets up a managed device.

     * Must be started with {@link android.app.Activity#startActivityForResult(Intent, int)}.
@@ -863,6 +899,7 @@ public class DevicePolicyManager { 
     * The name is displayed only during provisioning.

     *

     * <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE}

     * or {@link #ACTION_PROVISION_FINANCED_DEVICE}

     *

     * @hide

     */
@@ -875,6 +912,7 @@ public class DevicePolicyManager { 
     * during provisioning. If the url is not HTTPS, an error will be shown.

     *

     * <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE}

     * or {@link #ACTION_PROVISION_FINANCED_DEVICE}

     *

     * @hide

     */
@@ -887,6 +925,7 @@ public class DevicePolicyManager { 
     * as the app label of the package.

     *

     * <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE}

     * or {@link #ACTION_PROVISION_FINANCED_DEVICE}

     *

     * @hide

     */
@@ -911,6 +950,7 @@ public class DevicePolicyManager { 
     * {@link android.content.ClipData} of the intent too.

     *

     * <p>Use in an intent with action {@link #ACTION_PROVISION_MANAGED_DEVICE_FROM_TRUSTED_SOURCE}

     * or {@link #ACTION_PROVISION_FINANCED_DEVICE}

     *

     * @hide

     */

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+1 −0
Original line number Diff line number Diff line
@@ -12272,6 +12272,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
                case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE:

                    return checkManagedProfileProvisioningPreCondition(packageName, callingUserId);

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE:

                case DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE:

                    return checkDeviceOwnerProvisioningPreCondition(callingUserId);

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER:

                    return checkManagedUserProvisioningPreCondition(callingUserId);

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

+33 −0
Original line number Diff line number Diff line
@@ -2921,6 +2921,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.packageName = admin1.getPackageName();

        setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, false);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE, false);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,

                false);
@@ -2932,6 +2933,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED);

        assertCheckProvisioningPreCondition(
@@ -2958,6 +2961,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.packageName = admin1.getPackageName();

        setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,

                false);
@@ -2966,6 +2970,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        // Test again when split user is on

        when(getServices().userManagerForMock.isSplitSystemUser()).thenReturn(true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,

                true);
@@ -2977,6 +2982,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED);

        assertCheckProvisioningPreCondition(
@@ -2989,6 +2996,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        when(getServices().userManagerForMock.isSplitSystemUser()).thenReturn(true);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED);

        assertCheckProvisioningPreCondition(
@@ -3014,6 +3023,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.packageName = admin1.getPackageName();

        setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,

                false /* because of non-split user */);
@@ -3027,6 +3037,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(
@@ -3071,6 +3083,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                false/* because of completed device setup */);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                false/* because of completed device setup */);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,

                false/* because of non-split user */);
@@ -3084,6 +3098,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_USER_SETUP_COMPLETED);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_USER_SETUP_COMPLETED);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(
@@ -3100,7 +3116,10 @@ public class DevicePolicyManagerTest extends DpmTestBase { 


        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_HAS_DEVICE_OWNER);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_HAS_DEVICE_OWNER);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, false);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE, false);



        // COMP mode is allowed.

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
@@ -3229,6 +3248,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.packageName = admin1.getPackageName();

        setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                false /* because canAddMoreManagedProfiles returns false */);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
@@ -3243,6 +3263,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER);

        assertCheckProvisioningPreCondition(
@@ -3269,6 +3291,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                true/* it's undefined behavior. Can be changed into false in the future */);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                true/* it's undefined behavior. Can be changed into false in the future */);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                false /* because canAddMoreManagedProfiles returns false */);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
@@ -3283,6 +3307,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER);

        assertCheckProvisioningPreCondition(
@@ -3308,6 +3334,7 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.packageName = admin1.getPackageName();

        setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,

                true);
@@ -3320,6 +3347,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(
@@ -3347,6 +3376,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                true/* it's undefined behavior. Can be changed into false in the future */);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                true/* it's undefined behavior. Can be changed into false in the future */);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);

        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,

                true/* it's undefined behavior. Can be changed into false in the future */);
@@ -3360,6 +3391,8 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,

                DevicePolicyManager.CODE_OK);

        assertCheckProvisioningPreCondition(