Loading core/api/current.txt +2 −0 Original line number Diff line number Diff line Loading @@ -6930,6 +6930,7 @@ package android.app.admin { method public void addPersistentPreferredActivity(@NonNull android.content.ComponentName, android.content.IntentFilter, @NonNull android.content.ComponentName); method public void addUserRestriction(@NonNull android.content.ComponentName, String); method public boolean bindDeviceAdminServiceAsUser(@NonNull android.content.ComponentName, android.content.Intent, @NonNull android.content.ServiceConnection, int, @NonNull android.os.UserHandle); method public boolean canAdminGrantSensorsPermissions(); method public void clearApplicationUserData(@NonNull android.content.ComponentName, @NonNull String, @NonNull java.util.concurrent.Executor, @NonNull android.app.admin.DevicePolicyManager.OnClearApplicationUserDataListener); method public void clearCrossProfileIntentFilters(@NonNull android.content.ComponentName); method @Deprecated public void clearDeviceOwnerApp(String); Loading Loading @@ -7227,6 +7228,7 @@ package android.app.admin { field public static final String EXTRA_PROVISIONING_LOGO_URI = "android.app.extra.PROVISIONING_LOGO_URI"; field public static final String EXTRA_PROVISIONING_MAIN_COLOR = "android.app.extra.PROVISIONING_MAIN_COLOR"; field public static final String EXTRA_PROVISIONING_MODE = "android.app.extra.PROVISIONING_MODE"; field public static final String EXTRA_PROVISIONING_PERMISSION_GRANT_OPT_OUT = "android.app.extra.PROVISIONING_PERMISSION_GRANT_OPT_OUT"; field public static final String EXTRA_PROVISIONING_SERIAL_NUMBER = "android.app.extra.PROVISIONING_SERIAL_NUMBER"; field public static final String EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS = "android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS"; field public static final String EXTRA_PROVISIONING_SKIP_ENCRYPTION = "android.app.extra.PROVISIONING_SKIP_ENCRYPTION"; core/api/system-current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -870,6 +870,7 @@ package android.app.admin { } public class DevicePolicyManager { method public boolean canAdminGrantSensorsPermissionsForUser(int); method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS) public boolean getBluetoothContactSharingDisabled(@NonNull android.os.UserHandle); method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public String getDeviceOwner(); method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.content.ComponentName getDeviceOwnerComponentOnAnyUser(); Loading core/api/test-current.txt +2 −0 Original line number Diff line number Diff line Loading @@ -464,6 +464,7 @@ package android.app.admin { } public final class FullyManagedDeviceProvisioningParams implements android.os.Parcelable { method public boolean canDeviceOwnerGrantSensorsPermissions(); method public int describeContents(); method @NonNull public android.content.ComponentName getDeviceAdminComponentName(); method public long getLocalTime(); Loading @@ -478,6 +479,7 @@ package android.app.admin { public static final class FullyManagedDeviceProvisioningParams.Builder { ctor public FullyManagedDeviceProvisioningParams.Builder(@NonNull android.content.ComponentName, @NonNull String); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams build(); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams.Builder setDeviceOwnerCanGrantSensorsPermissions(boolean); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams.Builder setLeaveAllSystemAppsEnabled(boolean); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams.Builder setLocalTime(long); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams.Builder setLocale(@Nullable java.util.Locale); Loading core/java/android/app/admin/DevicePolicyCache.java +12 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,13 @@ public abstract class DevicePolicyCache { */ public abstract int getPermissionPolicy(@UserIdInt int userHandle); /** * Caches {@link DevicePolicyManager#canAdminGrantSensorsPermissionsForUser(int)} for the * given user. */ public abstract boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userHandle); /** * Empty implementation. */ Loading @@ -77,5 +84,10 @@ public abstract class DevicePolicyCache { public int getPermissionPolicy(int userHandle) { return DevicePolicyManager.PERMISSION_POLICY_PROMPT; } @Override public boolean canAdminGrantSensorsPermissionsForUser(int userHandle) { return false; } } } core/java/android/app/admin/DevicePolicyManager.java +79 −0 Original line number Diff line number Diff line Loading @@ -979,6 +979,19 @@ public class DevicePolicyManager { public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM = "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM"; /** * A boolean extra indicating the admin of a fully-managed device opts out of controlling * permission grants for sensor-related permissions, * see {@link #setPermissionGrantState(ComponentName, String, String, int)}. * * The default for this extra is {@code false} - by default, the admin of a fully-managed * device has the ability to grant sensors-related permissions. * * <p>Use with {@link #ACTION_PROVISION_MANAGED_DEVICE} only. */ public static final String EXTRA_PROVISIONING_PERMISSION_GRANT_OPT_OUT = "android.app.extra.PROVISIONING_PERMISSION_GRANT_OPT_OUT"; /** * A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the * android package archive at the download location specified in {@link Loading Loading @@ -10520,6 +10533,13 @@ public class DevicePolicyManager { * As this policy only acts on runtime permission requests, it only applies to applications * built with a {@code targetSdkVersion} of {@link android.os.Build.VERSION_CODES#M} or later. * * <p> * NOTE: On devices running {@link android.os.Build.VERSION_CODES#S} and above, an auto-grant * policy will not apply to certain sensors-related permissions on some configurations. * See {@link #setPermissionGrantState(ComponentName, String, String, int)} for the list of * permissions affected, and the behavior change for managed profiles and fully-managed * devices. * * @param admin Which profile or device owner this request is associated with. * @param policy One of the policy constants {@link #PERMISSION_POLICY_PROMPT}, * {@link #PERMISSION_POLICY_AUTO_GRANT} and {@link #PERMISSION_POLICY_AUTO_DENY}. Loading Loading @@ -10578,6 +10598,31 @@ public class DevicePolicyManager { * application built with a {@code targetSdkVersion} < * {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to * {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted. * <p> * NOTE: On devices running {@link android.os.Build.VERSION_CODES#S} and above, control over * the following, sensors-related, permissions is restricted: * <ul> * <li>Manifest.permission.ACCESS_FINE_LOCATION</li> * <li>Manifest.permission.ACCESS_BACKGROUND_LOCATION</li> * <li>Manifest.permission.ACCESS_COARSE_LOCATION</li> * <li>Manifest.permission.CAMERA</li> * <li>Manifest.permission.RECORD_AUDIO</li> * <li>Manifest.permission.RECORD_BACKGROUND_AUDIO</li> * <li>Manifest.permission.ACTIVITY_RECOGNITION</li> * <li>Manifest.permission.BODY_SENSORS</li> * </ul> * <p> * A profile owner may not grant these permissions (i.e. call this method with any of the * permissions listed above and {@code grantState} of {@code #PERMISSION_GRANT_STATE_GRANTED}), * but may deny them. * <p> * A device owner, by default, may continue granting these permissions. However, for increased * user control, the admin may opt out of controlling grants for these permissions by including * {@link #EXTRA_PROVISIONING_PERMISSION_GRANT_OPT_OUT} in the provisioning parameters. In that * case the device owner's control will be limited do denying these permissions. * <p> * Attempts by the admin to grant these permissions, when the admin is restricted from doing * so, will be silently ignored (no exception will be thrown). * * @param admin Which profile or device owner this request is associated with. * @param packageName The application to grant or revoke a permission to. Loading Loading @@ -13271,4 +13316,38 @@ public class DevicePolicyManager { } } } /** * Returns true if the caller is running on a device where the admin can grant * permissions related to device sensors. * This is a signal that the device is a fully-managed device where personal usage is * discouraged. * The list of permissions is listed in * {@link #setPermissionGrantState(ComponentName, String, String, int)}. * * May be called by any app. * @return true if the app can grant device sensors-related permissions, false otherwise. */ public boolean canAdminGrantSensorsPermissions() { return canAdminGrantSensorsPermissionsForUser(myUserId()); } /** * Returns true if the admin can control grants of sensors-related permissions, for * a given user. * * @hide * @param userId The ID of the user to check. * @return if the admin may grant these permissions, false otherwise. */ @SystemApi public boolean canAdminGrantSensorsPermissionsForUser(int userId) { if (mService == null) { return false; } try { return mService.canAdminGrantSensorsPermissionsForUser(userId); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } } Loading
core/api/current.txt +2 −0 Original line number Diff line number Diff line Loading @@ -6930,6 +6930,7 @@ package android.app.admin { method public void addPersistentPreferredActivity(@NonNull android.content.ComponentName, android.content.IntentFilter, @NonNull android.content.ComponentName); method public void addUserRestriction(@NonNull android.content.ComponentName, String); method public boolean bindDeviceAdminServiceAsUser(@NonNull android.content.ComponentName, android.content.Intent, @NonNull android.content.ServiceConnection, int, @NonNull android.os.UserHandle); method public boolean canAdminGrantSensorsPermissions(); method public void clearApplicationUserData(@NonNull android.content.ComponentName, @NonNull String, @NonNull java.util.concurrent.Executor, @NonNull android.app.admin.DevicePolicyManager.OnClearApplicationUserDataListener); method public void clearCrossProfileIntentFilters(@NonNull android.content.ComponentName); method @Deprecated public void clearDeviceOwnerApp(String); Loading Loading @@ -7227,6 +7228,7 @@ package android.app.admin { field public static final String EXTRA_PROVISIONING_LOGO_URI = "android.app.extra.PROVISIONING_LOGO_URI"; field public static final String EXTRA_PROVISIONING_MAIN_COLOR = "android.app.extra.PROVISIONING_MAIN_COLOR"; field public static final String EXTRA_PROVISIONING_MODE = "android.app.extra.PROVISIONING_MODE"; field public static final String EXTRA_PROVISIONING_PERMISSION_GRANT_OPT_OUT = "android.app.extra.PROVISIONING_PERMISSION_GRANT_OPT_OUT"; field public static final String EXTRA_PROVISIONING_SERIAL_NUMBER = "android.app.extra.PROVISIONING_SERIAL_NUMBER"; field public static final String EXTRA_PROVISIONING_SKIP_EDUCATION_SCREENS = "android.app.extra.PROVISIONING_SKIP_EDUCATION_SCREENS"; field public static final String EXTRA_PROVISIONING_SKIP_ENCRYPTION = "android.app.extra.PROVISIONING_SKIP_ENCRYPTION";
core/api/system-current.txt +1 −0 Original line number Diff line number Diff line Loading @@ -870,6 +870,7 @@ package android.app.admin { } public class DevicePolicyManager { method public boolean canAdminGrantSensorsPermissionsForUser(int); method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS) public boolean getBluetoothContactSharingDisabled(@NonNull android.os.UserHandle); method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public String getDeviceOwner(); method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.content.ComponentName getDeviceOwnerComponentOnAnyUser(); Loading
core/api/test-current.txt +2 −0 Original line number Diff line number Diff line Loading @@ -464,6 +464,7 @@ package android.app.admin { } public final class FullyManagedDeviceProvisioningParams implements android.os.Parcelable { method public boolean canDeviceOwnerGrantSensorsPermissions(); method public int describeContents(); method @NonNull public android.content.ComponentName getDeviceAdminComponentName(); method public long getLocalTime(); Loading @@ -478,6 +479,7 @@ package android.app.admin { public static final class FullyManagedDeviceProvisioningParams.Builder { ctor public FullyManagedDeviceProvisioningParams.Builder(@NonNull android.content.ComponentName, @NonNull String); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams build(); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams.Builder setDeviceOwnerCanGrantSensorsPermissions(boolean); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams.Builder setLeaveAllSystemAppsEnabled(boolean); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams.Builder setLocalTime(long); method @NonNull public android.app.admin.FullyManagedDeviceProvisioningParams.Builder setLocale(@Nullable java.util.Locale); Loading
core/java/android/app/admin/DevicePolicyCache.java +12 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,13 @@ public abstract class DevicePolicyCache { */ public abstract int getPermissionPolicy(@UserIdInt int userHandle); /** * Caches {@link DevicePolicyManager#canAdminGrantSensorsPermissionsForUser(int)} for the * given user. */ public abstract boolean canAdminGrantSensorsPermissionsForUser(@UserIdInt int userHandle); /** * Empty implementation. */ Loading @@ -77,5 +84,10 @@ public abstract class DevicePolicyCache { public int getPermissionPolicy(int userHandle) { return DevicePolicyManager.PERMISSION_POLICY_PROMPT; } @Override public boolean canAdminGrantSensorsPermissionsForUser(int userHandle) { return false; } } }
core/java/android/app/admin/DevicePolicyManager.java +79 −0 Original line number Diff line number Diff line Loading @@ -979,6 +979,19 @@ public class DevicePolicyManager { public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM = "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_CHECKSUM"; /** * A boolean extra indicating the admin of a fully-managed device opts out of controlling * permission grants for sensor-related permissions, * see {@link #setPermissionGrantState(ComponentName, String, String, int)}. * * The default for this extra is {@code false} - by default, the admin of a fully-managed * device has the ability to grant sensors-related permissions. * * <p>Use with {@link #ACTION_PROVISION_MANAGED_DEVICE} only. */ public static final String EXTRA_PROVISIONING_PERMISSION_GRANT_OPT_OUT = "android.app.extra.PROVISIONING_PERMISSION_GRANT_OPT_OUT"; /** * A String extra holding the URL-safe base64 encoded SHA-256 checksum of any signature of the * android package archive at the download location specified in {@link Loading Loading @@ -10520,6 +10533,13 @@ public class DevicePolicyManager { * As this policy only acts on runtime permission requests, it only applies to applications * built with a {@code targetSdkVersion} of {@link android.os.Build.VERSION_CODES#M} or later. * * <p> * NOTE: On devices running {@link android.os.Build.VERSION_CODES#S} and above, an auto-grant * policy will not apply to certain sensors-related permissions on some configurations. * See {@link #setPermissionGrantState(ComponentName, String, String, int)} for the list of * permissions affected, and the behavior change for managed profiles and fully-managed * devices. * * @param admin Which profile or device owner this request is associated with. * @param policy One of the policy constants {@link #PERMISSION_POLICY_PROMPT}, * {@link #PERMISSION_POLICY_AUTO_GRANT} and {@link #PERMISSION_POLICY_AUTO_DENY}. Loading Loading @@ -10578,6 +10598,31 @@ public class DevicePolicyManager { * application built with a {@code targetSdkVersion} < * {@link android.os.Build.VERSION_CODES#M} the app-op matching the permission is set to * {@link android.app.AppOpsManager#MODE_IGNORED}, but the permission stays granted. * <p> * NOTE: On devices running {@link android.os.Build.VERSION_CODES#S} and above, control over * the following, sensors-related, permissions is restricted: * <ul> * <li>Manifest.permission.ACCESS_FINE_LOCATION</li> * <li>Manifest.permission.ACCESS_BACKGROUND_LOCATION</li> * <li>Manifest.permission.ACCESS_COARSE_LOCATION</li> * <li>Manifest.permission.CAMERA</li> * <li>Manifest.permission.RECORD_AUDIO</li> * <li>Manifest.permission.RECORD_BACKGROUND_AUDIO</li> * <li>Manifest.permission.ACTIVITY_RECOGNITION</li> * <li>Manifest.permission.BODY_SENSORS</li> * </ul> * <p> * A profile owner may not grant these permissions (i.e. call this method with any of the * permissions listed above and {@code grantState} of {@code #PERMISSION_GRANT_STATE_GRANTED}), * but may deny them. * <p> * A device owner, by default, may continue granting these permissions. However, for increased * user control, the admin may opt out of controlling grants for these permissions by including * {@link #EXTRA_PROVISIONING_PERMISSION_GRANT_OPT_OUT} in the provisioning parameters. In that * case the device owner's control will be limited do denying these permissions. * <p> * Attempts by the admin to grant these permissions, when the admin is restricted from doing * so, will be silently ignored (no exception will be thrown). * * @param admin Which profile or device owner this request is associated with. * @param packageName The application to grant or revoke a permission to. Loading Loading @@ -13271,4 +13316,38 @@ public class DevicePolicyManager { } } } /** * Returns true if the caller is running on a device where the admin can grant * permissions related to device sensors. * This is a signal that the device is a fully-managed device where personal usage is * discouraged. * The list of permissions is listed in * {@link #setPermissionGrantState(ComponentName, String, String, int)}. * * May be called by any app. * @return true if the app can grant device sensors-related permissions, false otherwise. */ public boolean canAdminGrantSensorsPermissions() { return canAdminGrantSensorsPermissionsForUser(myUserId()); } /** * Returns true if the admin can control grants of sensors-related permissions, for * a given user. * * @hide * @param userId The ID of the user to check. * @return if the admin may grant these permissions, false otherwise. */ @SystemApi public boolean canAdminGrantSensorsPermissionsForUser(int userId) { if (mService == null) { return false; } try { return mService.canAdminGrantSensorsPermissionsForUser(userId); } catch (RemoteException re) { throw re.rethrowFromSystemServer(); } } }
