Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24c5702e authored by Sinduran Sivarajan's avatar Sinduran Sivarajan Committed by Automerger Merge Worker
Browse files

Merge "Disable "Developer options" by default for managed profiles." into udc-dev am: 1137108c 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/31566045



Change-Id: I3e1540bb946909179c3a9abbcc53f65ab8d775c0
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 4362ac16 1137108c

services/core/java/com/android/server/pm/UserRestrictionsUtils.java

+2 −1
Original line number Diff line number Diff line
@@ -282,7 +282,8 @@ public class UserRestrictionsUtils { 
     * in settings. So it is handled separately.

     */

    private static final Set<String> DEFAULT_ENABLED_FOR_MANAGED_PROFILES = Sets.newArraySet(

            UserManager.DISALLOW_BLUETOOTH_SHARING

            UserManager.DISALLOW_BLUETOOTH_SHARING,

            UserManager.DISALLOW_DEBUGGING_FEATURES

    );



    /**

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+30 −21
Original line number Diff line number Diff line
@@ -2663,13 +2663,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
     * Apply default restrictions that haven't been applied to a given admin yet.

     */

    private void maybeSetDefaultRestrictionsForAdminLocked(int userId, ActiveAdmin admin) {

        Set<String> defaultRestrictions =

                UserRestrictionsUtils.getDefaultEnabledForManagedProfiles();

        if (defaultRestrictions.equals(admin.defaultEnabledRestrictionsAlreadySet)) {

        final Set<String> restrictionsToSet =

            new ArraySet<>(UserRestrictionsUtils.getDefaultEnabledForManagedProfiles());

        restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet);

        if (restrictionsToSet.isEmpty()) {

            return; // The same set of default restrictions has been already applied.

        }

        if (isPolicyEngineForFinanceFlagEnabled()) {

            for (String restriction : defaultRestrictions) {

            for (String restriction : restrictionsToSet) {

                mDevicePolicyEngine.setLocalPolicy(

                        PolicyDefinition.getPolicyDefinitionForUserRestriction(restriction),

                        EnforcingAdmin.createEnterpriseEnforcingAdmin(
@@ -2678,9 +2679,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
                        new BooleanPolicyValue(true),

                        userId);

            }

            admin.defaultEnabledRestrictionsAlreadySet.addAll(defaultRestrictions);

            admin.defaultEnabledRestrictionsAlreadySet.addAll(restrictionsToSet);

            Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " +

                    defaultRestrictions);

                    restrictionsToSet);

            return;

        }









@@ -2688,14 +2689,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {



























        if (VERBOSE_LOG) {















            Slogf.d(LOG_TAG, "Default enabled restrictions: "













                    + defaultRestrictions













                    + restrictionsToSet















                    + ". Restrictions already enabled: "















                    + admin.defaultEnabledRestrictionsAlreadySet);















        }

























        final Set<String> restrictionsToSet = new ArraySet<>(defaultRestrictions);













        restrictionsToSet.removeAll(admin.defaultEnabledRestrictionsAlreadySet);













        if (!restrictionsToSet.isEmpty()) {















        for (final String restriction : restrictionsToSet) {















            admin.ensureUserRestrictions().putBoolean(restriction, true);















        }









@@ -2703,7 +2700,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        Slogf.i(LOG_TAG, "Enabled the following restrictions by default: " + restrictionsToSet);















        saveUserRestrictionsLocked(userId);















    }













    }





























    private void setDeviceOwnershipSystemPropertyLocked() {















        final boolean deviceProvisioned =










@@ -10192,7 +10188,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                return false;















            }



























            if (isAdb(caller)) {













            boolean isAdb = isAdb(caller);













            if (isAdb) {















                // Log profile owner provisioning was started using adb.















                MetricsLogger.action(mContext, PROVISIONING_ENTRY_POINT_ADB, LOG_TAG_PROFILE_OWNER);















                DevicePolicyEventLogger









@@ -10214,7 +10211,19 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                    maybeSetDefaultRestrictionsForAdminLocked(userHandle, admin);















                    ensureUnknownSourcesRestrictionForProfileOwnerLocked(userHandle, admin,















                            true /* newOwner */);













                    if (isAdb) {













                        // DISALLOW_DEBUGGING_FEATURES is being added to newly-created













                        // work profile by default due to b/382064697 . This would have













                        //  impacted certain CTS test flows when they interact with the













                        // work profile via ADB (for example installing an app into the













                        // work profile). Remove DISALLOW_DEBUGGING_FEATURES here to













                        // reduce the potential impact.













                        setLocalUserRestrictionInternal(













                            EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userHandle),













                            UserManager.DISALLOW_DEBUGGING_FEATURES, false, userHandle);















                    }













                }



























                sendOwnerChangedBroadcast(DevicePolicyManager.ACTION_PROFILE_OWNER_CHANGED,















                        userHandle);















            });