Loading services/core/java/com/android/server/pm/UserRestrictionsUtils.java +2 −1 Original line number Diff line number Diff line Loading @@ -282,7 +282,8 @@ public class UserRestrictionsUtils { * in settings. So it is handled separately. */ private static final Set<String> DEFAULT_ENABLED_FOR_MANAGED_PROFILES = Sets.newArraySet( UserManager.DISALLOW_BLUETOOTH_SHARING UserManager.DISALLOW_BLUETOOTH_SHARING, UserManager.DISALLOW_DEBUGGING_FEATURES ); /** Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +30 −21 Original line number Diff line number Diff line Loading @@ -2663,13 +2663,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { * Apply default restrictions that haven't been applied to a given admin yet. */ private void maybeSetDefaultRestrictionsForAdminLocked(int userId, ActiveAdmin admin) { Set<String> defaultRestrictions = UserRestrictionsUtils.getDefaultEnabledForManagedProfiles(); if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) { final Set<String> restrictionsToSet = new ArraySet<>(UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet); if (restrictionsToSet.isEmpty()) { return; // The same set of default restrictions has been already applied. } if (isPolicyEngineForFinanceFlagEnabled()) { for (String restriction : defaultRestrictions) { for (String restriction : restrictionsToSet) { mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.getPolicyDefinitionForUserRestriction(restriction), EnforcingAdmin.createEnterpriseEnforcingAdmin( Loading @@ -2678,9 +2679,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { new BooleanPolicyValue(true), userId); } admin.defaultEnabledRestrictionsAlreadySet.addAll(defaultRestrictions); admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet); Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " + defaultRestrictions); restrictionsToSet); return; } Loading @@ -2688,14 +2689,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (VERBOSE_LOG) { Slogf.d(LOG_TAG, "Default enabled restrictions: " + defaultRestrictions + restrictionsToSet + ". Restrictions already enabled: " + admin.defaultEnabledRestrictionsAlreadySet); } final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions); restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet); if (!restrictionsToSet.isEmpty()) { for (final String restriction : restrictionsToSet) { admin.ensureUserRestrictions().putBoolean(restriction, true); } Loading @@ -2703,7 +2700,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet); saveUserRestrictionsLocked(userId); } } private void setDeviceOwnershipSystemPropertyLocked() { final boolean deviceProvisioned = Loading Loading @@ -10192,7 +10188,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } if (isAdb(caller)) { boolean isAdb = isAdb(caller); if (isAdb) { // Log profile owner provisioning was started using adb. MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER); DevicePolicyEventLogger Loading @@ -10214,7 +10211,19 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin); ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin, true /* newOwner */); if (isAdb) { // DISALLOW_DEBUGGING_FEATURES is being added to newly-created // work profile by default due to b/382064697 . This would have // impacted certain CTS test flows when they interact with the // work profile via ADB (for example installing an app into the // work profile). Remove DISALLOW_DEBUGGING_FEATURES here to // reduce the potential impact. setLocalUserRestrictionInternal( EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userHandle), UserManager.DISALLOW_DEBUGGING_FEATURES, false, userHandle); } } sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, userHandle); }); Loading
services/core/java/com/android/server/pm/UserRestrictionsUtils.java +2 −1 Original line number Diff line number Diff line Loading @@ -282,7 +282,8 @@ public class UserRestrictionsUtils { * in settings. So it is handled separately. */ private static final Set<String> DEFAULT_ENABLED_FOR_MANAGED_PROFILES = Sets.newArraySet( UserManager.DISALLOW_BLUETOOTH_SHARING UserManager.DISALLOW_BLUETOOTH_SHARING, UserManager.DISALLOW_DEBUGGING_FEATURES ); /** Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +30 −21 Original line number Diff line number Diff line Loading @@ -2663,13 +2663,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { * Apply default restrictions that haven't been applied to a given admin yet. */ private void maybeSetDefaultRestrictionsForAdminLocked(int userId, ActiveAdmin admin) { Set<String> defaultRestrictions = UserRestrictionsUtils.getDefaultEnabledForManagedProfiles(); if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) { final Set<String> restrictionsToSet = new ArraySet<>(UserRestrictionsUtils.getDefaultEnabledForManagedProfiles()); restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet); if (restrictionsToSet.isEmpty()) { return; // The same set of default restrictions has been already applied. } if (isPolicyEngineForFinanceFlagEnabled()) { for (String restriction : defaultRestrictions) { for (String restriction : restrictionsToSet) { mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.getPolicyDefinitionForUserRestriction(restriction), EnforcingAdmin.createEnterpriseEnforcingAdmin( Loading @@ -2678,9 +2679,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { new BooleanPolicyValue(true), userId); } admin.defaultEnabledRestrictionsAlreadySet.addAll(defaultRestrictions); admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet); Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " + defaultRestrictions); restrictionsToSet); return; } Loading @@ -2688,14 +2689,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { if (VERBOSE_LOG) { Slogf.d(LOG_TAG, "Default enabled restrictions: " + defaultRestrictions + restrictionsToSet + ". Restrictions already enabled: " + admin.defaultEnabledRestrictionsAlreadySet); } final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions); restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet); if (!restrictionsToSet.isEmpty()) { for (final String restriction : restrictionsToSet) { admin.ensureUserRestrictions().putBoolean(restriction, true); } Loading @@ -2703,7 +2700,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet); saveUserRestrictionsLocked(userId); } } private void setDeviceOwnershipSystemPropertyLocked() { final boolean deviceProvisioned = Loading Loading @@ -10192,7 +10188,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } if (isAdb(caller)) { boolean isAdb = isAdb(caller); if (isAdb) { // Log profile owner provisioning was started using adb. MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER); DevicePolicyEventLogger Loading @@ -10214,7 +10211,19 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin); ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin, true /* newOwner */); if (isAdb) { // DISALLOW_DEBUGGING_FEATURES is being added to newly-created // work profile by default due to b/382064697 . This would have // impacted certain CTS test flows when they interact with the // work profile via ADB (for example installing an app into the // work profile). Remove DISALLOW_DEBUGGING_FEATURES here to // reduce the potential impact. setLocalUserRestrictionInternal( EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userHandle), UserManager.DISALLOW_DEBUGGING_FEATURES, false, userHandle); } } sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED, userHandle); });
