Loading core/api/test-current.txt +6 −0 Original line number Diff line number Diff line Loading @@ -536,6 +536,12 @@ package android.app.admin { field @NonNull public static final android.app.admin.DeviceAdminAuthority DEVICE_ADMIN_AUTHORITY; } public final class DevicePolicyIdentifiers { field public static final String PERMITTED_INPUT_METHODS_POLICY = "permittedInputMethods"; field public static final String PERSONAL_APPS_SUSPENDED_POLICY = "personalAppsSuspended"; field public static final String SCREEN_CAPTURE_DISABLED_POLICY = "screenCaptureDisabled"; } public class DevicePolicyManager { method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}) public void acknowledgeNewUserDisclaimer(); method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void calculateHasIncompatibleAccounts(); Loading core/java/android/app/admin/DevicePolicyIdentifiers.java +4 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ package android.app.admin; import android.annotation.NonNull; import android.annotation.TestApi; import android.os.UserManager; import java.util.Objects; Loading Loading @@ -118,6 +119,7 @@ public final class DevicePolicyIdentifiers { * * @hide */ @TestApi public static final String PERMITTED_INPUT_METHODS_POLICY = "permittedInputMethods"; /** Loading @@ -125,6 +127,7 @@ public final class DevicePolicyIdentifiers { * * @hide */ @TestApi public static final String PERSONAL_APPS_SUSPENDED_POLICY = "personalAppsSuspended"; /** Loading @@ -132,6 +135,7 @@ public final class DevicePolicyIdentifiers { * * @hide */ @TestApi public static final String SCREEN_CAPTURE_DISABLED_POLICY = "screenCaptureDisabled"; /** Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java +1 −2 Original line number Diff line number Diff line Loading @@ -130,12 +130,11 @@ final class DevicePolicyEngine { <V> void setLocalPolicy( @NonNull PolicyDefinition<V> policyDefinition, @NonNull EnforcingAdmin enforcingAdmin, @NonNull PolicyValue<V> value, @Nullable PolicyValue<V> value, int userId, boolean skipEnforcePolicy) { Objects.requireNonNull(policyDefinition); Objects.requireNonNull(enforcingAdmin); Objects.requireNonNull(value); synchronized (mLock) { PolicyState<V> localPolicyState = getLocalPolicyStateLocked(policyDefinition, userId); Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +82 −48 Original line number Diff line number Diff line Loading @@ -12214,18 +12214,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (getLockObject()) { ActiveAdmin admin; if (isPermissionCheckFlagEnabled()) { admin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_INPUT_METHODS, caller.getPackageName(), userId).getActiveAdmin(); if (isPolicyEngineForFinanceFlagEnabled()) { EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackageName); mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.PERMITTED_INPUT_METHODS, admin, packageList == null ? null : new StringSetPolicyValue(new HashSet<>(packageList)), userId); } else { admin = getParentOfAdminIfRequired( getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), calledOnParentInstance); } ActiveAdmin admin = getParentOfAdminIfRequired( getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), calledOnParentInstance); admin.permittedInputMethods = packageList; saveSettingsLocked(caller.getUserId()); } } DevicePolicyEventLogger .createEvent(DevicePolicyEnums.SET_PERMITTED_INPUT_METHODS) Loading Loading @@ -12272,21 +12277,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (getLockObject()) { ActiveAdmin admin; if (isPermissionCheckFlagEnabled()) { if (isPolicyEngineForFinanceFlagEnabled()) { int affectedUser = calledOnParentInstance ? getProfileParentId( caller.getUserId()) : caller.getUserId(); admin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_INPUT_METHODS, caller.getPackageName(), affectedUser).getActiveAdmin(); Set<String> policy = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.PERMITTED_INPUT_METHODS, affectedUser); return policy == null ? null : new ArrayList<>(policy); } else { admin = getParentOfAdminIfRequired( ActiveAdmin admin = getParentOfAdminIfRequired( getProfileOwnerOrDeviceOwnerLocked( caller.getUserId()), calledOnParentInstance); } return admin.permittedInputMethods; } } } @Override public @Nullable List<String> getPermittedInputMethodsAsUser(@UserIdInt int userId) { Loading @@ -12302,10 +12306,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } private @Nullable List<String> getPermittedInputMethodsUnchecked(@UserIdInt int userId) { synchronized (getLockObject()) { List<String> result = null; if (isPolicyEngineForFinanceFlagEnabled()) { Set<String> policy = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.PERMITTED_INPUT_METHODS, userId); result = policy == null ? null : new ArrayList<>(policy); } else { synchronized (getLockObject()) { // Only device or profile owners can have permitted lists set. List<ActiveAdmin> admins = getActiveAdminsForAffectedUserInclPermissionBasedAdminLocked(userId); List<ActiveAdmin> admins = getActiveAdminsForAffectedUserInclPermissionBasedAdminLocked( userId); for (ActiveAdmin admin : admins) { List<String> fromAdmin = admin.permittedInputMethods; if (fromAdmin != null) { Loading @@ -12316,6 +12327,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } } } // If we have a permitted list add all system input methods. if (result != null) { Loading @@ -12333,7 +12346,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } return result; } } @Override public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName, Loading @@ -12347,6 +12359,26 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String.format(NOT_SYSTEM_CALLER_MSG, "query if an input method is disabled by admin")); if (isPolicyEngineForFinanceFlagEnabled()) { int affectedUser = calledOnParentInstance ? getProfileParentId(userHandle) : userHandle; Map<EnforcingAdmin, PolicyValue<Set<String>>> policies = mDevicePolicyEngine.getLocalPoliciesSetByAdmins( PolicyDefinition.PERMITTED_INPUT_METHODS, affectedUser); EnforcingAdmin admin = null; for (EnforcingAdmin a : policies.keySet()) { if (a.getPackageName().equals(who.getPackageName())) { if (policies.get(a).getValue() == null) { return true; } else { return checkPackagesInPermittedListOrSystem( Collections.singletonList(packageName), new ArrayList<>(policies.get(a).getValue()), affectedUser); } } } // Admin didn't set a policy return false; } else { synchronized (getLockObject()) { ActiveAdmin admin = getParentOfAdminIfRequired( getActiveAdminUncheckedLocked(who, userHandle), calledOnParentInstance); Loading @@ -12360,6 +12392,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { admin.permittedInputMethods, userHandle); } } } @Override public boolean setPermittedCrossProfileNotificationListeners( Loading Loading @@ -23793,6 +23826,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public DevicePolicyState getDevicePolicyState() { Preconditions.checkCallAuthorization( hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)); return mInjector.binderWithCleanCallingIdentity(mDevicePolicyEngine::getDevicePolicyState); } services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java +9 −0 Original line number Diff line number Diff line Loading @@ -308,6 +308,13 @@ final class PolicyDefinition<V> { DevicePolicyIdentifiers.ACCOUNT_MANAGEMENT_DISABLED_POLICY, accountType)); } static PolicyDefinition<Set<String>> PERMITTED_INPUT_METHODS = new PolicyDefinition<>( new NoArgsPolicyKey(DevicePolicyIdentifiers.PERMITTED_INPUT_METHODS_POLICY), new MostRecent<>(), POLICY_FLAG_LOCAL_ONLY_POLICY, (Set<String> value, Context context, Integer userId, PolicyKey policyKey) -> true, new StringSetPolicySerializer()); private static final Map<String, PolicyDefinition<?>> POLICY_DEFINITIONS = new HashMap<>(); private static Map<String, Integer> USER_RESTRICTION_FLAGS = new HashMap<>(); Loading @@ -333,6 +340,8 @@ final class PolicyDefinition<V> { GENERIC_APPLICATION_HIDDEN); POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.ACCOUNT_MANAGEMENT_DISABLED_POLICY, GENERIC_ACCOUNT_MANAGEMENT_DISABLED); POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.PERMITTED_INPUT_METHODS_POLICY, PERMITTED_INPUT_METHODS); // User Restriction Policies USER_RESTRICTION_FLAGS.put(UserManager.DISALLOW_MODIFY_ACCOUNTS, /* flags= */ 0); Loading Loading
core/api/test-current.txt +6 −0 Original line number Diff line number Diff line Loading @@ -536,6 +536,12 @@ package android.app.admin { field @NonNull public static final android.app.admin.DeviceAdminAuthority DEVICE_ADMIN_AUTHORITY; } public final class DevicePolicyIdentifiers { field public static final String PERMITTED_INPUT_METHODS_POLICY = "permittedInputMethods"; field public static final String PERSONAL_APPS_SUSPENDED_POLICY = "personalAppsSuspended"; field public static final String SCREEN_CAPTURE_DISABLED_POLICY = "screenCaptureDisabled"; } public class DevicePolicyManager { method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}) public void acknowledgeNewUserDisclaimer(); method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void calculateHasIncompatibleAccounts(); Loading
core/java/android/app/admin/DevicePolicyIdentifiers.java +4 −0 Original line number Diff line number Diff line Loading @@ -17,6 +17,7 @@ package android.app.admin; import android.annotation.NonNull; import android.annotation.TestApi; import android.os.UserManager; import java.util.Objects; Loading Loading @@ -118,6 +119,7 @@ public final class DevicePolicyIdentifiers { * * @hide */ @TestApi public static final String PERMITTED_INPUT_METHODS_POLICY = "permittedInputMethods"; /** Loading @@ -125,6 +127,7 @@ public final class DevicePolicyIdentifiers { * * @hide */ @TestApi public static final String PERSONAL_APPS_SUSPENDED_POLICY = "personalAppsSuspended"; /** Loading @@ -132,6 +135,7 @@ public final class DevicePolicyIdentifiers { * * @hide */ @TestApi public static final String SCREEN_CAPTURE_DISABLED_POLICY = "screenCaptureDisabled"; /** Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java +1 −2 Original line number Diff line number Diff line Loading @@ -130,12 +130,11 @@ final class DevicePolicyEngine { <V> void setLocalPolicy( @NonNull PolicyDefinition<V> policyDefinition, @NonNull EnforcingAdmin enforcingAdmin, @NonNull PolicyValue<V> value, @Nullable PolicyValue<V> value, int userId, boolean skipEnforcePolicy) { Objects.requireNonNull(policyDefinition); Objects.requireNonNull(enforcingAdmin); Objects.requireNonNull(value); synchronized (mLock) { PolicyState<V> localPolicyState = getLocalPolicyStateLocked(policyDefinition, userId); Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +82 −48 Original line number Diff line number Diff line Loading @@ -12214,18 +12214,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (getLockObject()) { ActiveAdmin admin; if (isPermissionCheckFlagEnabled()) { admin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_INPUT_METHODS, caller.getPackageName(), userId).getActiveAdmin(); if (isPolicyEngineForFinanceFlagEnabled()) { EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackageName); mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.PERMITTED_INPUT_METHODS, admin, packageList == null ? null : new StringSetPolicyValue(new HashSet<>(packageList)), userId); } else { admin = getParentOfAdminIfRequired( getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), calledOnParentInstance); } ActiveAdmin admin = getParentOfAdminIfRequired( getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), calledOnParentInstance); admin.permittedInputMethods = packageList; saveSettingsLocked(caller.getUserId()); } } DevicePolicyEventLogger .createEvent(DevicePolicyEnums.SET_PERMITTED_INPUT_METHODS) Loading Loading @@ -12272,21 +12277,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (getLockObject()) { ActiveAdmin admin; if (isPermissionCheckFlagEnabled()) { if (isPolicyEngineForFinanceFlagEnabled()) { int affectedUser = calledOnParentInstance ? getProfileParentId( caller.getUserId()) : caller.getUserId(); admin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_INPUT_METHODS, caller.getPackageName(), affectedUser).getActiveAdmin(); Set<String> policy = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.PERMITTED_INPUT_METHODS, affectedUser); return policy == null ? null : new ArrayList<>(policy); } else { admin = getParentOfAdminIfRequired( ActiveAdmin admin = getParentOfAdminIfRequired( getProfileOwnerOrDeviceOwnerLocked( caller.getUserId()), calledOnParentInstance); } return admin.permittedInputMethods; } } } @Override public @Nullable List<String> getPermittedInputMethodsAsUser(@UserIdInt int userId) { Loading @@ -12302,10 +12306,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } private @Nullable List<String> getPermittedInputMethodsUnchecked(@UserIdInt int userId) { synchronized (getLockObject()) { List<String> result = null; if (isPolicyEngineForFinanceFlagEnabled()) { Set<String> policy = mDevicePolicyEngine.getResolvedPolicy( PolicyDefinition.PERMITTED_INPUT_METHODS, userId); result = policy == null ? null : new ArrayList<>(policy); } else { synchronized (getLockObject()) { // Only device or profile owners can have permitted lists set. List<ActiveAdmin> admins = getActiveAdminsForAffectedUserInclPermissionBasedAdminLocked(userId); List<ActiveAdmin> admins = getActiveAdminsForAffectedUserInclPermissionBasedAdminLocked( userId); for (ActiveAdmin admin : admins) { List<String> fromAdmin = admin.permittedInputMethods; if (fromAdmin != null) { Loading @@ -12316,6 +12327,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } } } } // If we have a permitted list add all system input methods. if (result != null) { Loading @@ -12333,7 +12346,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } return result; } } @Override public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName, Loading @@ -12347,6 +12359,26 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String.format(NOT_SYSTEM_CALLER_MSG, "query if an input method is disabled by admin")); if (isPolicyEngineForFinanceFlagEnabled()) { int affectedUser = calledOnParentInstance ? getProfileParentId(userHandle) : userHandle; Map<EnforcingAdmin, PolicyValue<Set<String>>> policies = mDevicePolicyEngine.getLocalPoliciesSetByAdmins( PolicyDefinition.PERMITTED_INPUT_METHODS, affectedUser); EnforcingAdmin admin = null; for (EnforcingAdmin a : policies.keySet()) { if (a.getPackageName().equals(who.getPackageName())) { if (policies.get(a).getValue() == null) { return true; } else { return checkPackagesInPermittedListOrSystem( Collections.singletonList(packageName), new ArrayList<>(policies.get(a).getValue()), affectedUser); } } } // Admin didn't set a policy return false; } else { synchronized (getLockObject()) { ActiveAdmin admin = getParentOfAdminIfRequired( getActiveAdminUncheckedLocked(who, userHandle), calledOnParentInstance); Loading @@ -12360,6 +12392,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { admin.permittedInputMethods, userHandle); } } } @Override public boolean setPermittedCrossProfileNotificationListeners( Loading Loading @@ -23793,6 +23826,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { public DevicePolicyState getDevicePolicyState() { Preconditions.checkCallAuthorization( hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)); return mInjector.binderWithCleanCallingIdentity(mDevicePolicyEngine::getDevicePolicyState); }
services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java +9 −0 Original line number Diff line number Diff line Loading @@ -308,6 +308,13 @@ final class PolicyDefinition<V> { DevicePolicyIdentifiers.ACCOUNT_MANAGEMENT_DISABLED_POLICY, accountType)); } static PolicyDefinition<Set<String>> PERMITTED_INPUT_METHODS = new PolicyDefinition<>( new NoArgsPolicyKey(DevicePolicyIdentifiers.PERMITTED_INPUT_METHODS_POLICY), new MostRecent<>(), POLICY_FLAG_LOCAL_ONLY_POLICY, (Set<String> value, Context context, Integer userId, PolicyKey policyKey) -> true, new StringSetPolicySerializer()); private static final Map<String, PolicyDefinition<?>> POLICY_DEFINITIONS = new HashMap<>(); private static Map<String, Integer> USER_RESTRICTION_FLAGS = new HashMap<>(); Loading @@ -333,6 +340,8 @@ final class PolicyDefinition<V> { GENERIC_APPLICATION_HIDDEN); POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.ACCOUNT_MANAGEMENT_DISABLED_POLICY, GENERIC_ACCOUNT_MANAGEMENT_DISABLED); POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.PERMITTED_INPUT_METHODS_POLICY, PERMITTED_INPUT_METHODS); // User Restriction Policies USER_RESTRICTION_FLAGS.put(UserManager.DISALLOW_MODIFY_ACCOUNTS, /* flags= */ 0); Loading
