Merge "Add API to allow DMRH to set max policy storage limit per admin" into main

    method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.os.UserHandle getDeviceOwnerUser();

    method @NonNull @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public android.app.admin.DevicePolicyState getDevicePolicyState();

    method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public String getFinancedDeviceKioskRoleHolder();

    method @FlaggedApi("android.app.admin.flags.device_policy_size_tracking_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public int getMaxPolicyStorageLimit();

    method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public java.util.List<java.lang.String> getPermittedAccessibilityServices(int);

    method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public java.util.List<java.lang.String> getPermittedInputMethodsForCurrentUser();

    method @NonNull @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public java.util.List<android.os.UserHandle> getPolicyManagedProfiles(@NonNull android.os.UserHandle);

    method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_POLICY_APP_EXEMPTIONS) public void setApplicationExemptions(@NonNull String, @NonNull java.util.Set<java.lang.Integer>) throws android.content.pm.PackageManager.NameNotFoundException;

    method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public void setDeviceProvisioningConfigApplied();

    method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setDpcDownloaded(boolean);

    method @FlaggedApi("android.app.admin.flags.device_policy_size_tracking_enabled") @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setMaxPolicyStorageLimit(int);

    method @Deprecated @RequiresPermission(value=android.Manifest.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS, conditional=true) public void setProfileOwnerCanAccessDeviceIds(@NonNull android.content.ComponentName);

    method public void setSecondaryLockscreenEnabled(@NonNull android.content.ComponentName, boolean);

    method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setUserProvisioningState(int, @NonNull android.os.UserHandle);

import static android.Manifest.permission.SET_TIME;

import static android.Manifest.permission.SET_TIME_ZONE;

import static android.app.admin.flags.Flags.FLAG_ESIM_MANAGEMENT_ENABLED;

import static android.app.admin.flags.Flags.FLAG_DEVICE_POLICY_SIZE_TRACKING_ENABLED;

import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled;

import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM;

import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1;

        }

        return new HashSet<>();

    }

    /**

     * Controls the maximum storage size allowed for policies associated with an admin.

     * Setting a limit of -1 effectively removes any storage restrictions.

     *

     * @param storageLimit Maximum storage allowed in bytes. Use -1 to disable limits.

     *

     * @hide

     */

    @SystemApi

    @RequiresPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)

    @FlaggedApi(FLAG_DEVICE_POLICY_SIZE_TRACKING_ENABLED)

    public void setMaxPolicyStorageLimit(int storageLimit) {

        if (mService != null) {

            try {

                mService.setMaxPolicyStorageLimit(mContext.getPackageName(), storageLimit);

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

    }

    /**

     * Retrieves the current maximum storage limit for policies associated with an admin.

     *

     * @return The maximum storage limit in bytes, or -1 if no limit is enforced.

     *

     * @hide

     */

    @SystemApi

    @RequiresPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)

    @FlaggedApi(FLAG_DEVICE_POLICY_SIZE_TRACKING_ENABLED)

    public int getMaxPolicyStorageLimit() {

        if (mService != null) {

            try {

                return mService.getMaxPolicyStorageLimit(mContext.getPackageName());

            } catch (RemoteException e) {

                throw e.rethrowFromSystemServer();

            }

        }

        return -1;

    }

}

 No newline at end of file

    int getContentProtectionPolicy(in ComponentName who, String callerPackageName);

    int[] getSubscriptionIds(String callerPackageName);

    void setMaxPolicyStorageLimit(String packageName, int storageLimit);

    int getMaxPolicyStorageLimit(String packageName);

}

            DevicePolicyIdentifiers.getIdentifierForUserRestriction(

                    UserManager.DISALLOW_CELLULAR_2G);

    //TODO(b/295504706) : Speak to security team to decide what to set Policy_Size_Limit

    private static final int DEFAULT_POLICY_SIZE_LIMIT = -1;

    private final Context mContext;

    private final UserManager mUserManager;

     * Map containing the current set of admins in each user with active policies.

     */

    private final SparseArray<Set<EnforcingAdmin>> mEnforcingAdmins;

    private final SparseArray<HashMap<EnforcingAdmin, Integer>> mAdminPolicySize;

    //TODO(b/295504706) : Speak to security team to decide what to set Policy_Size_Limit

    private static final int POLICY_SIZE_LIMIT = 99999;

    private int mPolicySizeLimit = DEFAULT_POLICY_SIZE_LIMIT;

    private final DeviceAdminServiceController mDeviceAdminServiceController;

    DevicePolicyEngine(

            existingPolicySize = sizeOf(policyState.getPoliciesSetByAdmins().get(admin));

        }

        int policySize = sizeOf(value);

        if (currentAdminPoliciesSize + policySize - existingPolicySize < POLICY_SIZE_LIMIT) {

        // Policy size limit is disabled if mPolicySizeLimit is -1.

        if (mPolicySizeLimit == -1

                || currentAdminPoliciesSize + policySize - existingPolicySize < mPolicySizeLimit) {

            increasePolicySizeForAdmin(

                    admin, /* policySizeDiff = */ policySize - existingPolicySize);

            return true;

        }

    }

    /**

     * Updates the max allowed size limit for policies per admin. Setting it to -1, disables

     * the limitation.

     */

    void setMaxPolicyStorageLimit(int storageLimit) {

        if (storageLimit < DEFAULT_POLICY_SIZE_LIMIT && storageLimit != -1) {

            throw new IllegalArgumentException("Can't set a size limit less than the minimum "

                    + "allowed size.");

        }

        mPolicySizeLimit = storageLimit;

    }

    /**

     * Returns the max allowed size limit for policies per admin. -1 means the limitation is

     * disabled.

     */

    int getMaxPolicyStorageLimit() {

        return mPolicySizeLimit;

    }

    public void dump(IndentingPrintWriter pw) {

        synchronized (mLock) {

            pw.println("Local Policies: ");

        private static final String TAG_ENFORCING_ADMIN_AND_SIZE = "enforcing-admin-and-size";

        private static final String TAG_ENFORCING_ADMIN = "enforcing-admin";

        private static final String TAG_POLICY_SUM_SIZE = "policy-sum-size";

        private static final String TAG_MAX_POLICY_SIZE_LIMIT = "max-policy-size-limit";

        private static final String ATTR_USER_ID = "user-id";

        private static final String ATTR_POLICY_SUM_SIZE = "size";

            writeGlobalPoliciesInner(serializer);

            writeEnforcingAdminsInner(serializer);

            writeEnforcingAdminSizeInner(serializer);

            writeMaxPolicySizeInner(serializer);

        }

        private void writeLocalPoliciesInner(TypedXmlSerializer serializer) throws IOException {

            }

        }

        private void writeMaxPolicySizeInner(TypedXmlSerializer serializer)

                throws IOException {

            if (!devicePolicySizeTrackingEnabled()) {

                return;

            }

            serializer.startTag(/* namespace= */ null, TAG_MAX_POLICY_SIZE_LIMIT);

            serializer.attributeInt(

                    /* namespace= */ null, ATTR_POLICY_SUM_SIZE, mPolicySizeLimit);

            serializer.endTag(/* namespace= */ null, TAG_MAX_POLICY_SIZE_LIMIT);

        }

        void readFromFileLocked() {

            if (!mFile.exists()) {

                Log.d(TAG, "" + mFile + " doesn't exist");

                    case TAG_ENFORCING_ADMIN_AND_SIZE:

                        readEnforcingAdminAndSizeInner(parser);

                        break;

                    case TAG_MAX_POLICY_SIZE_LIMIT:

                        readMaxPolicySizeInner(parser);

                        break;

                    default:

                        Slogf.wtf(TAG, "Unknown tag " + tag);

                }

            }

            mAdminPolicySize.get(admin.getUserId()).put(admin, size);

        }

        private void readMaxPolicySizeInner(TypedXmlPullParser parser)

                throws XmlPullParserException, IOException {

            if (!devicePolicySizeTrackingEnabled()) {

                return;

            }

            mPolicySizeLimit = parser.getAttributeInt(/* namespace= */ null, ATTR_POLICY_SUM_SIZE);

        }

    }

}

        }

        if (packageList != null) {

            if (!devicePolicySizeTrackingEnabled()) {

                for (String pkg : packageList) {

                    PolicySizeVerifier.enforceMaxPackageNameLength(pkg);

                }

            }

            List<InputMethodInfo> enabledImes = mInjector.binderWithCleanCallingIdentity(() ->

                    InputMethodManagerInternal.get().getEnabledInputMethodListAsUser(userId));

    public void setLockTaskPackages(ComponentName who, String callerPackageName, String[] packages)

            throws SecurityException {

        Objects.requireNonNull(packages, "packages is null");

        if (!devicePolicySizeTrackingEnabled()) {

            for (String pkg : packages) {

                PolicySizeVerifier.enforceMaxPackageNameLength(pkg);

            }

        }

        CallerIdentity caller = getCallerIdentity(who, callerPackageName);

        checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_LOCK_TASK_PACKAGES);

            }

            return adminOwnedSubscriptions;

        });

    }

    @Override

    public void setMaxPolicyStorageLimit(String callerPackageName, int storageLimit) {

        if (!devicePolicySizeTrackingEnabled()) {

            return;

        }

        CallerIdentity caller = getCallerIdentity(callerPackageName);

        enforcePermission(MANAGE_PROFILE_AND_DEVICE_OWNERS, caller.getPackageName(),

                caller.getUserId());

        mDevicePolicyEngine.setMaxPolicyStorageLimit(storageLimit);

    }

    @Override

    public int getMaxPolicyStorageLimit(String callerPackageName) {

        if (!devicePolicySizeTrackingEnabled()) {

            return -1;

        }

        CallerIdentity caller = getCallerIdentity(callerPackageName);

        enforcePermission(MANAGE_PROFILE_AND_DEVICE_OWNERS, caller.getPackageName(),

                caller.getUserId());

        return mDevicePolicyEngine.getMaxPolicyStorageLimit();

    }

}