Loading core/java/android/app/admin/DevicePolicyManager.java +19 −8 Original line number Diff line number Diff line Loading @@ -5860,21 +5860,27 @@ public class DevicePolicyManager { * a secure video output. See {@link android.view.Display#FLAG_SECURE} for more details about * secure surfaces and secure displays. * <p> * The calling device admin must be a device or profile owner. If it is not, a security * This method can be called on the {@link DevicePolicyManager} instance, returned by * {@link #getParentProfileInstance(ComponentName)}, where the calling device admin must be * the profile owner of an organization-owned managed profile. If it is not, a security * exception will be thrown. * <p> * If the caller is device owner or called on the parent instance by a profile owner of an * organization-owned managed profile, then the restriction will be applied to all users. * <p> * From version {@link android.os.Build.VERSION_CODES#M} disabling screen capture also blocks * assist requests for all activities of the relevant user. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param disabled Whether screen capture is disabled or not. * @throws SecurityException if {@code admin} is not a device or profile owner. * @throws SecurityException if {@code admin} is not a device or profile owner or if * called on the parent profile and the {@code admin} is not a * profile owner of an organization-owned managed profile. */ public void setScreenCaptureDisabled(@NonNull ComponentName admin, boolean disabled) { throwIfParentInstance("setScreenCaptureDisabled"); if (mService != null) { try { mService.setScreenCaptureDisabled(admin, disabled); mService.setScreenCaptureDisabled(admin, disabled, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -5884,11 +5890,16 @@ public class DevicePolicyManager { /** * Determine whether or not screen capture has been disabled by the calling * admin, if specified, or all admins. * @param admin The name of the admin component to check, or {@code null} to check whether any admins * have disabled screen capture. * <p> * This method can be called on the {@link DevicePolicyManager} instance, * returned by {@link #getParentProfileInstance(ComponentName)}, where the caller must be * the profile owner of an organization-owned managed profile (the calling admin must be * specified). * * @param admin The name of the admin component to check, or {@code null} to check whether any * admins have disabled screen capture. */ public boolean getScreenCaptureDisabled(@Nullable ComponentName admin) { throwIfParentInstance("getScreenCaptureDisabled"); return getScreenCaptureDisabled(admin, myUserId()); } Loading @@ -5896,7 +5907,7 @@ public class DevicePolicyManager { public boolean getScreenCaptureDisabled(@Nullable ComponentName admin, int userHandle) { if (mService != null) { try { return mService.getScreenCaptureDisabled(admin, userHandle); return mService.getScreenCaptureDisabled(admin, userHandle, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading core/java/android/app/admin/IDevicePolicyManager.aidl +2 −2 Original line number Diff line number Diff line Loading @@ -121,8 +121,8 @@ interface IDevicePolicyManager { void setCameraDisabled(in ComponentName who, boolean disabled, boolean parent); boolean getCameraDisabled(in ComponentName who, int userHandle, boolean parent); void setScreenCaptureDisabled(in ComponentName who, boolean disabled); boolean getScreenCaptureDisabled(in ComponentName who, int userHandle); void setScreenCaptureDisabled(in ComponentName who, boolean disabled, boolean parent); boolean getScreenCaptureDisabled(in ComponentName who, int userHandle, boolean parent); void setKeyguardDisabledFeatures(in ComponentName who, int which, boolean parent); int getKeyguardDisabledFeatures(in ComponentName who, int userHandle, boolean parent); Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +25 −19 Original line number Diff line number Diff line Loading @@ -3976,7 +3976,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override void handleStartUser(int userId) { updateScreenCaptureDisabled(userId, getScreenCaptureDisabled(null, userId)); getScreenCaptureDisabled(null, userId, false)); pushUserRestrictions(userId); // When system user is started (device boot), load cache for all users. // This is to mitigate the potential race between loading the cache and keyguard Loading Loading @@ -7587,7 +7587,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { * Set whether the screen capture is disabled for the user managed by the specified admin. */ @Override public void setScreenCaptureDisabled(ComponentName who, boolean disabled) { public void setScreenCaptureDisabled(ComponentName who, boolean disabled, boolean parent) { if (!mHasFeature) { return; } Loading @@ -7595,11 +7595,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final int userHandle = UserHandle.getCallingUserId(); synchronized (getLockObject()) { ActiveAdmin ap = getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); if (parent) { enforceProfileOwnerOfOrganizationOwnedDevice(ap); } if (ap.disableScreenCapture != disabled) { ap.disableScreenCapture = disabled; saveSettingsLocked(userHandle); updateScreenCaptureDisabled(userHandle, disabled); final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; updateScreenCaptureDisabled(affectedUserId, disabled); } } DevicePolicyEventLogger Loading @@ -7614,20 +7618,25 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { * active admin (if given admin is null). */ @Override public boolean getScreenCaptureDisabled(ComponentName who, int userHandle) { public boolean getScreenCaptureDisabled(ComponentName who, int userHandle, boolean parent) { if (!mHasFeature) { return false; } synchronized (getLockObject()) { if (parent) { final ActiveAdmin ap = getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_ORGANIZATION_OWNED_PROFILE_OWNER, parent); enforceProfileOwnerOfOrganizationOwnedDevice(ap); } if (who != null) { ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); return (admin != null) ? admin.disableScreenCapture : false; ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); return (admin != null) && admin.disableScreenCapture; } DevicePolicyData policy = getUserData(userHandle); final int N = policy.mAdminList.size(); for (int i = 0; i < N; i++) { ActiveAdmin admin = policy.mAdminList.get(i); boolean includeParent = isOrganizationOwnedDeviceWithManagedProfile() && !isManagedProfile(userHandle); List<ActiveAdmin> admins = getActiveAdminsForAffectedUser(userHandle, includeParent); for (ActiveAdmin admin: admins) { if (admin.disableScreenCapture) { return true; } Loading @@ -7638,15 +7647,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { private void updateScreenCaptureDisabled(int userHandle, boolean disabled) { mPolicyCache.setScreenCaptureDisabled(userHandle, disabled); mHandler.post(new Runnable() { @Override public void run() { mHandler.post(() -> { try { mInjector.getIWindowManager().refreshScreenCaptureDisabled(userHandle); } catch (RemoteException e) { Log.w(LOG_TAG, "Unable to notify WindowManager.", e); } } }); } Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +19 −8 Original line number Diff line number Diff line Loading @@ -5860,21 +5860,27 @@ public class DevicePolicyManager { * a secure video output. See {@link android.view.Display#FLAG_SECURE} for more details about * secure surfaces and secure displays. * <p> * The calling device admin must be a device or profile owner. If it is not, a security * This method can be called on the {@link DevicePolicyManager} instance, returned by * {@link #getParentProfileInstance(ComponentName)}, where the calling device admin must be * the profile owner of an organization-owned managed profile. If it is not, a security * exception will be thrown. * <p> * If the caller is device owner or called on the parent instance by a profile owner of an * organization-owned managed profile, then the restriction will be applied to all users. * <p> * From version {@link android.os.Build.VERSION_CODES#M} disabling screen capture also blocks * assist requests for all activities of the relevant user. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param disabled Whether screen capture is disabled or not. * @throws SecurityException if {@code admin} is not a device or profile owner. * @throws SecurityException if {@code admin} is not a device or profile owner or if * called on the parent profile and the {@code admin} is not a * profile owner of an organization-owned managed profile. */ public void setScreenCaptureDisabled(@NonNull ComponentName admin, boolean disabled) { throwIfParentInstance("setScreenCaptureDisabled"); if (mService != null) { try { mService.setScreenCaptureDisabled(admin, disabled); mService.setScreenCaptureDisabled(admin, disabled, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -5884,11 +5890,16 @@ public class DevicePolicyManager { /** * Determine whether or not screen capture has been disabled by the calling * admin, if specified, or all admins. * @param admin The name of the admin component to check, or {@code null} to check whether any admins * have disabled screen capture. * <p> * This method can be called on the {@link DevicePolicyManager} instance, * returned by {@link #getParentProfileInstance(ComponentName)}, where the caller must be * the profile owner of an organization-owned managed profile (the calling admin must be * specified). * * @param admin The name of the admin component to check, or {@code null} to check whether any * admins have disabled screen capture. */ public boolean getScreenCaptureDisabled(@Nullable ComponentName admin) { throwIfParentInstance("getScreenCaptureDisabled"); return getScreenCaptureDisabled(admin, myUserId()); } Loading @@ -5896,7 +5907,7 @@ public class DevicePolicyManager { public boolean getScreenCaptureDisabled(@Nullable ComponentName admin, int userHandle) { if (mService != null) { try { return mService.getScreenCaptureDisabled(admin, userHandle); return mService.getScreenCaptureDisabled(admin, userHandle, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +2 −2 Original line number Diff line number Diff line Loading @@ -121,8 +121,8 @@ interface IDevicePolicyManager { void setCameraDisabled(in ComponentName who, boolean disabled, boolean parent); boolean getCameraDisabled(in ComponentName who, int userHandle, boolean parent); void setScreenCaptureDisabled(in ComponentName who, boolean disabled); boolean getScreenCaptureDisabled(in ComponentName who, int userHandle); void setScreenCaptureDisabled(in ComponentName who, boolean disabled, boolean parent); boolean getScreenCaptureDisabled(in ComponentName who, int userHandle, boolean parent); void setKeyguardDisabledFeatures(in ComponentName who, int which, boolean parent); int getKeyguardDisabledFeatures(in ComponentName who, int userHandle, boolean parent); Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +25 −19 Original line number Diff line number Diff line Loading @@ -3976,7 +3976,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { @Override void handleStartUser(int userId) { updateScreenCaptureDisabled(userId, getScreenCaptureDisabled(null, userId)); getScreenCaptureDisabled(null, userId, false)); pushUserRestrictions(userId); // When system user is started (device boot), load cache for all users. // This is to mitigate the potential race between loading the cache and keyguard Loading Loading @@ -7587,7 +7587,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { * Set whether the screen capture is disabled for the user managed by the specified admin. */ @Override public void setScreenCaptureDisabled(ComponentName who, boolean disabled) { public void setScreenCaptureDisabled(ComponentName who, boolean disabled, boolean parent) { if (!mHasFeature) { return; } Loading @@ -7595,11 +7595,15 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { final int userHandle = UserHandle.getCallingUserId(); synchronized (getLockObject()) { ActiveAdmin ap = getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); DeviceAdminInfo.USES_POLICY_PROFILE_OWNER, parent); if (parent) { enforceProfileOwnerOfOrganizationOwnedDevice(ap); } if (ap.disableScreenCapture != disabled) { ap.disableScreenCapture = disabled; saveSettingsLocked(userHandle); updateScreenCaptureDisabled(userHandle, disabled); final int affectedUserId = parent ? getProfileParentId(userHandle) : userHandle; updateScreenCaptureDisabled(affectedUserId, disabled); } } DevicePolicyEventLogger Loading @@ -7614,20 +7618,25 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { * active admin (if given admin is null). */ @Override public boolean getScreenCaptureDisabled(ComponentName who, int userHandle) { public boolean getScreenCaptureDisabled(ComponentName who, int userHandle, boolean parent) { if (!mHasFeature) { return false; } synchronized (getLockObject()) { if (parent) { final ActiveAdmin ap = getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_ORGANIZATION_OWNED_PROFILE_OWNER, parent); enforceProfileOwnerOfOrganizationOwnedDevice(ap); } if (who != null) { ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); return (admin != null) ? admin.disableScreenCapture : false; ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle, parent); return (admin != null) && admin.disableScreenCapture; } DevicePolicyData policy = getUserData(userHandle); final int N = policy.mAdminList.size(); for (int i = 0; i < N; i++) { ActiveAdmin admin = policy.mAdminList.get(i); boolean includeParent = isOrganizationOwnedDeviceWithManagedProfile() && !isManagedProfile(userHandle); List<ActiveAdmin> admins = getActiveAdminsForAffectedUser(userHandle, includeParent); for (ActiveAdmin admin: admins) { if (admin.disableScreenCapture) { return true; } Loading @@ -7638,15 +7647,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { private void updateScreenCaptureDisabled(int userHandle, boolean disabled) { mPolicyCache.setScreenCaptureDisabled(userHandle, disabled); mHandler.post(new Runnable() { @Override public void run() { mHandler.post(() -> { try { mInjector.getIWindowManager().refreshScreenCaptureDisabled(userHandle); } catch (RemoteException e) { Log.w(LOG_TAG, "Unable to notify WindowManager.", e); } } }); } Loading
