Merge "Remove DevicePolicy from UserManagerInternal"

     */

    public abstract boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userHandle);

    /**

     * Empty implementation.

     */

@SuppressLint("UseIcu")

public class DevicePolicyManager {

    /** @hide */

    public static final String DEPRECATE_USERMANAGERINTERNAL_DEVICEPOLICY_FLAG =

            "deprecate_usermanagerinternal_devicepolicy";

    /** @hide */

    public static final boolean DEPRECATE_USERMANAGERINTERNAL_DEVICEPOLICY_DEFAULT = false;

    private static String TAG = "DevicePolicyManager";

    private final Context mContext;

     * Returns whether new "turn off work" behavior is enabled via feature flag.

     */

    public abstract boolean isKeepProfilesRunningEnabled();

    /**

     * True if either the entire device or the user is organization managed.

     */

    public abstract boolean isUserOrganizationManaged(@UserIdInt int userId);

}

 */

package android.app.admin;

import android.annotation.UserIdInt;

import com.android.server.LocalServices;

/**

     */

    public abstract boolean isDeviceProvisioned();

    /**

     * True if either the entire device or the user is organization managed.

     */

    public abstract boolean isUserOrganizationManaged(@UserIdInt int userHandle);

    /**

     * Empty implementation.

     */

        public boolean isDeviceProvisioned() {

            return false;

        }

        @Override

        public boolean isUserOrganizationManaged(int userHandle) {

            return false;

        }

    }

}

import static android.Manifest.permission.READ_CONTACTS;

import static android.Manifest.permission.SET_AND_VERIFY_LOCKSCREEN_CREDENTIALS;

import static android.Manifest.permission.SET_INITIAL_LOCK;

import static android.app.admin.DevicePolicyManager.DEPRECATE_USERMANAGERINTERNAL_DEVICEPOLICY_DEFAULT;

import static android.app.admin.DevicePolicyManager.DEPRECATE_USERMANAGERINTERNAL_DEVICEPOLICY_FLAG;

import static android.app.admin.DevicePolicyResources.Strings.Core.PROFILE_ENCRYPTED_DETAIL;

import static android.app.admin.DevicePolicyResources.Strings.Core.PROFILE_ENCRYPTED_MESSAGE;

import static android.app.admin.DevicePolicyResources.Strings.Core.PROFILE_ENCRYPTED_TITLE;

import android.os.UserManager;

import android.os.storage.IStorageManager;

import android.os.storage.StorageManager;

import android.provider.DeviceConfig;

import android.provider.Settings;

import android.provider.Settings.Secure;

import android.security.AndroidKeyStoreMaintenance;

     * if we are running an automotive build.

     */

    private void disableEscrowTokenOnNonManagedDevicesIfNeeded(int userId) {

        // TODO(b/258213147): Remove

        final long identity = Binder.clearCallingIdentity();

        try {

            if (DeviceConfig.getBoolean(DeviceConfig.NAMESPACE_DEVICE_POLICY_MANAGER,

                    DEPRECATE_USERMANAGERINTERNAL_DEVICEPOLICY_FLAG,

                    DEPRECATE_USERMANAGERINTERNAL_DEVICEPOLICY_DEFAULT)) {

                if (mInjector.getDeviceStateCache().isUserOrganizationManaged(userId)) {

                    Slog.i(TAG, "Organization managed users can have escrow token");

                    return;

                }

            } else {

                final UserManagerInternal userManagerInternal = mInjector.getUserManagerInternal();

                // Managed profile should have escrow enabled

                    Slog.i(TAG, "Corp-owned device can have escrow token");

                    return;

                }

            }

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

        // If the device is yet to be provisioned (still in SUW), there is still

        // a chance that Device Owner will be set on the device later, so postpone