Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0be80ff9 authored by Eran Messeri's avatar Eran Messeri
Browse files

COPE: Allow use of password quality API 

Allow the Device Policy Client of a company-owned, personally-enabled
device to device-wide set password requirements using the
deprecated password quality API.

DPC of a work profile on a personal device still cannot use the
deprecated API device-wide.

Bug: 165573442
Test: atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testDevicePolicyManagerParentSupport
Change-Id: Icac0cc9028e760d8470e03f3e91386f667646c7f
parent 5664e559

core/java/android/app/admin/DevicePolicyManager.java

+3 −1
Original line number Diff line number Diff line
@@ -3014,7 +3014,9 @@ public class DevicePolicyManager { 
     * Apps targeting {@link android.os.Build.VERSION_CODES#R} and below can call this method on the

     * {@link DevicePolicyManager} instance returned by

     * {@link #getParentProfileInstance(ComponentName)} in order to set restrictions on the parent

     * profile. Apps targeting {@link android.os.Build.VERSION_CODES#S} and above will get a

     * profile. Apps targeting {@link android.os.Build.VERSION_CODES#S} and above, with the

     * exception of a profile owner on an organization-owned device (as can be identified by

     * {@link #isOrganizationOwnedDeviceWithManagedProfile}), will get a

     * {@code IllegalArgumentException} when calling this method on the parent

     * {@link DevicePolicyManager} instance.

     *

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+4 −3
Original line number Diff line number Diff line
@@ -3391,9 +3391,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
                getTargetSdk(profileOwner.getPackageName(), userHandle) > Build.VERSION_CODES.M;

    }













    private boolean canSetPasswordQualityOnParent(String packageName, int userId) {













    private boolean canSetPasswordQualityOnParent(String packageName, final CallerIdentity caller) {















        return !mInjector.isChangeEnabled(













                PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT, packageName, userId);













                PREVENT_SETTING_PASSWORD_QUALITY_ON_PARENT, packageName, caller.getUserId())













            || isProfileOwnerOfOrganizationOwnedDevice(caller);















    }





























    private boolean isPasswordLimitingAdminTargetingP(CallerIdentity caller) {










@@ -3422,7 +3423,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {













                || isPasswordLimitingAdminTargetingP(caller));





























        final boolean qualityMayApplyToParent =













                canSetPasswordQualityOnParent(who.getPackageName(), caller.getUserId());













                canSetPasswordQualityOnParent(who.getPackageName(), caller);















        if (!qualityMayApplyToParent) {















            Preconditions.checkCallAuthorization(!parent,















                    "Profile Owner may not apply password quality requirements device-wide");