Merge changes from topic "create_manage_cross_user_permissions"

    field public static final String LOADER_USAGE_STATS = "android.permission.LOADER_USAGE_STATS";

    field public static final String LOCATION_HARDWARE = "android.permission.LOCATION_HARDWARE";

    field public static final String MANAGE_DEVICE_LOCK_STATE = "android.permission.MANAGE_DEVICE_LOCK_STATE";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL";

    field public static final String MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL = "android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL";

    field public static final String MANAGE_DEVICE_POLICY_TIME = "android.permission.MANAGE_DEVICE_POLICY_TIME";

    field public static final String MANAGE_DOCUMENTS = "android.permission.MANAGE_DOCUMENTS";

    field public static final String MANAGE_EXTERNAL_STORAGE = "android.permission.MANAGE_EXTERNAL_STORAGE";

    field public static final String MANAGE_MEDIA = "android.permission.MANAGE_MEDIA";

    method @Nullable public String getAlwaysOnVpnPackage(@NonNull android.content.ComponentName);

    method @NonNull @WorkerThread public android.os.Bundle getApplicationRestrictions(@Nullable android.content.ComponentName, String);

    method @Deprecated @Nullable public String getApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName);

    method public boolean getAutoTimeEnabled(@NonNull android.content.ComponentName);

    method @RequiresPermission(anyOf={android.Manifest.permission.SET_TIME, "android.permission.QUERY_ADMIN_POLICY"}, conditional=true) public boolean getAutoTimeEnabled(@NonNull android.content.ComponentName);

    method @Deprecated public boolean getAutoTimeRequired();

    method public boolean getAutoTimeZoneEnabled(@NonNull android.content.ComponentName);

    method @RequiresPermission(anyOf={android.Manifest.permission.SET_TIME_ZONE, "android.permission.QUERY_ADMIN_POLICY"}, conditional=true) public boolean getAutoTimeZoneEnabled(@NonNull android.content.ComponentName);

    method @NonNull public java.util.List<android.os.UserHandle> getBindDeviceAdminTargetUsers(@NonNull android.content.ComponentName);

    method public boolean getBluetoothContactSharingDisabled(@NonNull android.content.ComponentName);

    method public boolean getCameraDisabled(@Nullable android.content.ComponentName);

    method public boolean setApplicationHidden(@NonNull android.content.ComponentName, String, boolean);

    method @WorkerThread public void setApplicationRestrictions(@Nullable android.content.ComponentName, String, android.os.Bundle);

    method @Deprecated public void setApplicationRestrictionsManagingPackage(@NonNull android.content.ComponentName, @Nullable String) throws android.content.pm.PackageManager.NameNotFoundException;

    method public void setAutoTimeEnabled(@NonNull android.content.ComponentName, boolean);

    method @RequiresPermission(value=android.Manifest.permission.SET_TIME, conditional=true) public void setAutoTimeEnabled(@NonNull android.content.ComponentName, boolean);

    method @Deprecated public void setAutoTimeRequired(@NonNull android.content.ComponentName, boolean);

    method public void setAutoTimeZoneEnabled(@NonNull android.content.ComponentName, boolean);

    method @RequiresPermission(value=android.Manifest.permission.SET_TIME_ZONE, conditional=true) public void setAutoTimeZoneEnabled(@NonNull android.content.ComponentName, boolean);

    method public void setBackupServiceEnabled(@NonNull android.content.ComponentName, boolean);

    method public void setBluetoothContactSharingDisabled(@NonNull android.content.ComponentName, boolean);

    method public void setCameraDisabled(@NonNull android.content.ComponentName, boolean);

    method @Deprecated public int setStorageEncryption(@NonNull android.content.ComponentName, boolean);

    method public void setSystemSetting(@NonNull android.content.ComponentName, @NonNull String, String);

    method public void setSystemUpdatePolicy(@NonNull android.content.ComponentName, android.app.admin.SystemUpdatePolicy);

    method public boolean setTime(@NonNull android.content.ComponentName, long);

    method public boolean setTimeZone(@NonNull android.content.ComponentName, String);

    method @RequiresPermission(value=android.Manifest.permission.SET_TIME, conditional=true) public boolean setTime(@NonNull android.content.ComponentName, long);

    method @RequiresPermission(value=android.Manifest.permission.SET_TIME_ZONE, conditional=true) public boolean setTimeZone(@NonNull android.content.ComponentName, String);

    method public void setTrustAgentConfiguration(@NonNull android.content.ComponentName, @NonNull android.content.ComponentName, android.os.PersistableBundle);

    method public void setUninstallBlocked(@Nullable android.content.ComponentName, String, boolean);

    method public void setUsbDataSignalingEnabled(boolean);

package android.app.admin;

import static android.Manifest.permission.QUERY_ADMIN_POLICY;

import static android.Manifest.permission.SET_TIME;

import static android.Manifest.permission.SET_TIME_ZONE;

import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;

import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1;

    }

    /**

     * Called by a device owner, a profile owner for the primary user or a profile

     * owner of an organization-owned managed profile to turn auto time on and off.

     * Called by a device owner, a profile owner for the primary user, a profile

     * owner of an organization-owned managed profile or, starting from Android

     * {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, holders of the permission

     * {@link android.Manifest.permission#SET_TIME} to turn auto time on and off.

     * Callers are recommended to use {@link UserManager#DISALLOW_CONFIG_DATE_TIME}

     * to prevent the user from changing this setting.

     * <p>

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param enabled Whether time should be obtained automatically from the network or not.

     * @throws SecurityException if caller is not a device owner, a profile owner for the

     * primary user, or a profile owner of an organization-owned managed profile.

     * primary user, or a profile owner of an organization-owned managed profile or a holder of the

     * permission {@link android.Manifest.permission#SET_TIME}.

     */

    @RequiresPermission(value = SET_TIME, conditional = true)

    public void setAutoTimeEnabled(@NonNull ComponentName admin, boolean enabled) {

        if (mService != null) {

            try {

    }

    /**

     * Returns true if auto time is enabled on the device.

     *

     * <p> Starting from Android {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, callers

     * are also able to call this method if they hold the permission

     *{@link android.Manifest.permission#SET_TIME}.

     *

     * @return true if auto time is enabled on the device.

     * @throws SecurityException if caller is not a device owner, a profile owner for the

     * primary user, or a profile owner of an organization-owned managed profile.

     * @throws SecurityException if the caller is not a device owner, a profile

     * owner for the primary user, or a profile owner of an organization-owned managed profile or a

     * holder of the permission {@link android.Manifest.permission#SET_TIME}.

     */

    @RequiresPermission(anyOf = {SET_TIME, QUERY_ADMIN_POLICY}, conditional = true)

    public boolean getAutoTimeEnabled(@NonNull ComponentName admin) {

        if (mService != null) {

            try {

    }

    /**

     * Called by a device owner, a profile owner for the primary user or a profile

     * owner of an organization-owned managed profile to turn auto time zone on and off.

     * Called by a device owner, a profile owner for the primary user, a profile

     * owner of an organization-owned managed profile or, starting from Android

     * {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, holders of the permission

     * {@link android.Manifest.permission#SET_TIME} to turn auto time zone on and off.

     * Callers are recommended to use {@link UserManager#DISALLOW_CONFIG_DATE_TIME}

     * to prevent the user from changing this setting.

     * <p>

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param enabled Whether time zone should be obtained automatically from the network or not.

     * @throws SecurityException if caller is not a device owner, a profile owner for the

     * primary user, or a profile owner of an organization-owned managed profile.

     * primary user, or a profile owner of an organization-owned managed profile or a holder of the

     * permission {@link android.Manifest.permission#SET_TIME_ZONE}.

     */

    @RequiresPermission(value = SET_TIME_ZONE, conditional = true)

    public void setAutoTimeZoneEnabled(@NonNull ComponentName admin, boolean enabled) {

        throwIfParentInstance("setAutoTimeZone");

        if (mService != null) {

    }

    /**

     * Returns true if auto time zone is enabled on the device.

     *

     * <p> Starting from Android {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, callers

     * are also able to call this method if they hold the permission

     *{@link android.Manifest.permission#SET_TIME}.

     *

     * @return true if auto time zone is enabled on the device.

     * @throws SecurityException if caller is not a device owner, a profile owner for the

     * primary user, or a profile owner of an organization-owned managed profile.

     * @throws SecurityException if the caller is not a device owner, a profile

     * owner for the primary user, or a profile owner of an organization-owned managed profile or a

     * holder of the permission {@link android.Manifest.permission#SET_TIME_ZONE}.

     */

    @RequiresPermission(anyOf = {SET_TIME_ZONE, QUERY_ADMIN_POLICY}, conditional = true)

    public boolean getAutoTimeZoneEnabled(@NonNull ComponentName admin) {

        throwIfParentInstance("getAutoTimeZone");

        if (mService != null) {

    }

    /**

     * Called by a device owner or a profile owner of an organization-owned managed

     * profile to set the system wall clock time. This only takes effect if called when

     * {@link android.provider.Settings.Global#AUTO_TIME} is 0, otherwise {@code false}

     * will be returned.

     * Called by a device owner, a profile owner of an organization-owned managed

     * profile or, starting from Android {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE},

     * holders of the permission {@link android.Manifest.permission#SET_TIME} to set the system wall

     * clock time. This only takes effect if called when

     * {@link android.provider.Settings.Global#AUTO_TIME} is 0, otherwise {@code false} will be

     * returned.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with

     * @param millis time in milliseconds since the Epoch

     * @return {@code true} if set time succeeded, {@code false} otherwise.

     * @throws SecurityException if {@code admin} is not a device owner or a profile owner

     * of an organization-owned managed profile.

     * of an organization-owned managed profile or a holder of the permission

     * {@link android.Manifest.permission#SET_TIME}.

     */

    @RequiresPermission(value = SET_TIME, conditional = true)

    public boolean setTime(@NonNull ComponentName admin, long millis) {

        throwIfParentInstance("setTime");

        if (mService != null) {

    }

    /**

     * Called by a device owner or a profile owner of an organization-owned managed

     * profile to set the system's persistent default time zone. This only takes

     * effect if called when {@link android.provider.Settings.Global#AUTO_TIME_ZONE}

     * is 0, otherwise {@code false} will be returned.

     * Called by a device owner, a profile owner of an organization-owned managed

     * profile or, starting from Android {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE},

     * holders of the permission {@link android.Manifest.permission#SET_TIME_ZONE} to set the

     * system's persistent default time zone. This only take effect if called when

     * {@link android.provider.Settings.Global#AUTO_TIME_ZONE} is 0, otherwise {@code false} will be

     * returned.

     *

     * @see android.app.AlarmManager#setTimeZone(String)

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with

     *     {@link java.util.TimeZone#getAvailableIDs}

     * @return {@code true} if set timezone succeeded, {@code false} otherwise.

     * @throws SecurityException if {@code admin} is not a device owner or a profile owner

     * of an organization-owned managed profile.

     * of an organization-owned managed profile or a holder of the permissions

     * {@link android.Manifest.permission#SET_TIME_ZONE}.

     */

    @RequiresPermission(value = SET_TIME_ZONE, conditional = true)

    public boolean setTimeZone(@NonNull ComponentName admin, String timeZone) {

        throwIfParentInstance("setTimeZone");

        if (mService != null) {

     */

    public abstract void resetOp(int op, String packageName, @UserIdInt int userId);

    /**

     * Checks if the calling process has been granted permission to apply a device policy on a

     * specific user.

     *

     * The given permission will be checked along with its associated cross-user permission, if it

     * exists and the target user is different to the calling user.

     *

     * @param permission The name of the permission being checked.

     * @param targetUserId The userId of the user which the caller needs permission to act on.

     * @throws SecurityException If the calling process has not been granted the permission.

     */

    public abstract void enforcePermission(String permission, int targetUserId);

    /**

     * Return whether the calling process has been granted permission to apply a device policy on

     * a specific user.

     *

     * The given permission will be checked along with its associated cross-user

     * permission, if it exists and the target user is different to the calling user.

     *

     * @param permission The name of the permission being checked.

     * @param targetUserId The userId of the user which the caller needs permission to act on.

     */

    public abstract boolean hasPermission(String permission, int targetUserId);

    /**

     * Returns whether new "turn off work" behavior is enabled via feature flag.

     */

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS"

                android:protectionLevel="signature|role" />

    <!-- Allows an application to manage date and time device policy. -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_TIME"

                android:protectionLevel="internal|role" />

    <!-- Allows an application to set device policies outside the current user

        that are critical for securing data within the current user.

        <p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_*

            permissions across all users on the device provided they are required for securing data

            within the current user.-->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_SECURITY_CRITICAL"

                android:protectionLevel="internal|role" />

    <!-- Allows an application to set device policies outside the current user

        that are required for securing device ownership without accessing user data.

        <p>Holding this permission allows the use of other held MANAGE_DEVICE_POLICY_*

            permissions across all users on the device provided they do not grant access to user

            data. -->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS"

                android:protectionLevel="internal|role" />

    <!-- Allows an application to set device policies outside the current user.

        <p>Fuller form of {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS}

             that removes the restriction on accessing user data.

        <p>Holding this permission allows the use of any other held MANAGE_DEVICE_POLICY_*

            permissions across all users on the device.-->

    <permission android:name="android.permission.MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL"

                android:protectionLevel="internal|role" />

    <!-- @SystemApi @hide Allows an application to set a device owner on retail demo devices.-->

    <permission android:name="android.permission.PROVISION_DEMO_DEVICE"

                android:protectionLevel="signature|setup" />