Merge "Migrate personal apps suspension to policy engine" into udc-dev

            // Given that the parent user has just started, profile should be locked.

            updatePersonalAppsSuspension(profileUserHandle, false /* unlocked */);

        } else {

            suspendPersonalAppsInternal(userHandle, false);

            suspendPersonalAppsInternal(userHandle, profileUserHandle, false);

        }

    }

        }

        // Unsuspend personal apps if needed.

        suspendPersonalAppsInternal(parentId, false);

        suspendPersonalAppsInternal(parentId, getManagedUserId(parentId), false);

        // Notify FRP agent, LSS and WindowManager to ensure they don't hold on to stale policies.

        final int frpAgentUid = getFrpManagementAgentUid();

        }

        final int parentUserId = getProfileParentId(profileUserId);

        suspendPersonalAppsInternal(parentUserId, shouldSuspend);

        suspendPersonalAppsInternal(parentUserId, profileUserId, shouldSuspend);

        return shouldSuspend;

    }

        return notificationState;

    }

    private void suspendPersonalAppsInternal(int userId, boolean suspended) {

        if (getUserData(userId).mAppsSuspended == suspended) {

    private void suspendPersonalAppsInternal(

            int parentUserId, int profileUserId, boolean suspended) {

        if (getUserData(parentUserId).mAppsSuspended == suspended) {

            return;

        }

        Slogf.i(LOG_TAG, "%s personal apps for user %d", suspended ? "Suspending" : "Unsuspending",

                userId);

                parentUserId);

        if (isPolicyEngineForFinanceFlagEnabled()) {

            // TODO(b/280602237): migrate properly

            ActiveAdmin profileOwner = getProfileOwnerAdminLocked(profileUserId);

            if (profileOwner != null) {

                EnforcingAdmin admin = EnforcingAdmin.createEnterpriseEnforcingAdmin(

                        profileOwner.info.getComponent(),

                        profileUserId,

                        profileOwner);

                mDevicePolicyEngine.setLocalPolicy(

                        PolicyDefinition.PERSONAL_APPS_SUSPENDED,

                        admin,

                        new BooleanPolicyValue(suspended),

                        parentUserId);

            }

        } else {

            if (suspended) {

            suspendPersonalAppsInPackageManager(userId);

                suspendPersonalAppsInPackageManager(parentUserId);

            } else {

                mInjector.getPackageManagerInternal().unsuspendForSuspendingPackage(

                    PLATFORM_PACKAGE_NAME, userId);

                        PLATFORM_PACKAGE_NAME, parentUserId);

            }

        }

        synchronized (getLockObject()) {

            getUserData(userId).mAppsSuspended = suspended;

            saveSettingsLocked(userId);

            getUserData(parentUserId).mAppsSuspended = suspended;

            saveSettingsLocked(parentUserId);

        }

    }

            PolicyEnforcerCallbacks::setScreenCaptureDisabled,

            new BooleanPolicySerializer());

    static PolicyDefinition<Boolean> PERSONAL_APPS_SUSPENDED = new PolicyDefinition<>(

            new NoArgsPolicyKey(DevicePolicyIdentifiers.PERSONAL_APPS_SUSPENDED_POLICY),

            new MostRecent<>(),

            POLICY_FLAG_LOCAL_ONLY_POLICY,

            PolicyEnforcerCallbacks::setPersonalAppsSuspended,

            new BooleanPolicySerializer());

    private static final Map<String, PolicyDefinition<?>> POLICY_DEFINITIONS = new HashMap<>();

    private static Map<String, Integer> USER_RESTRICTION_FLAGS = new HashMap<>();

                PERMITTED_INPUT_METHODS);

        POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.SCREEN_CAPTURE_DISABLED_POLICY,

                SCREEN_CAPTURE_DISABLED);

        POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.PERSONAL_APPS_SUSPENDED_POLICY,

                PERSONAL_APPS_SUSPENDED);

        // User Restriction Policies

        USER_RESTRICTION_FLAGS.put(UserManager.DISALLOW_MODIFY_ACCOUNTS, /* flags= */ 0);

package com.android.server.devicepolicy;

import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.app.AppGlobals;

import android.view.IWindowManager;

import com.android.internal.os.BackgroundThread;

import com.android.internal.util.ArrayUtils;

import com.android.server.LocalServices;

import com.android.server.pm.UserManagerInternal;

import com.android.server.utils.Slogf;

            }

        });

    }

    static boolean setPersonalAppsSuspended(

            @Nullable Boolean suspended, @NonNull Context context, int userId,

            @NonNull PolicyKey policyKey) {

        Binder.withCleanCallingIdentity(() -> {

            if (suspended != null && suspended) {

                suspendPersonalAppsInPackageManager(context, userId);

            } else {

                LocalServices.getService(PackageManagerInternal.class)

                        .unsuspendForSuspendingPackage(PLATFORM_PACKAGE_NAME, userId);

            }

        });

        return true;

    }

    private static void suspendPersonalAppsInPackageManager(Context context, int userId) {

        final String[] appsToSuspend = PersonalAppsSuspensionHelper.forUser(context, userId)

                .getPersonalAppsForSuspension();

        final String[] failedApps = LocalServices.getService(PackageManagerInternal.class)

                .setPackagesSuspendedByAdmin(userId, appsToSuspend, true);

        if (!ArrayUtils.isEmpty(failedApps)) {

            Slogf.wtf(LOG_TAG, "Failed to suspend apps: " + String.join(",", failedApps));

        }

    }

}

     * Tests the case when the user turns the profile back on when the apps are already suspended.

     */

    @Test

    @Ignore("b/277916462")

    public void testMaximumProfileTimeOff_turnOnAfterDeadline() throws Exception {

        prepareMocksForSetMaximumProfileTimeOff();