Add APIs to check whether a device is financed. (3806294d) · Commits · e / os / android_frameworks_base

core/api/current.txt

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -7894,6 +7894,7 @@ package android.app.admin {
	method @Deprecated public boolean isCallerApplicationRestrictionsManagingPackage();		method @Deprecated public boolean isCallerApplicationRestrictionsManagingPackage();
	method public boolean isCommonCriteriaModeEnabled(@Nullable android.content.ComponentName);		method public boolean isCommonCriteriaModeEnabled(@Nullable android.content.ComponentName);
	method public boolean isComplianceAcknowledgementRequired();		method public boolean isComplianceAcknowledgementRequired();
			method public boolean isDeviceFinanced();
	method public boolean isDeviceIdAttestationSupported();		method public boolean isDeviceIdAttestationSupported();
	method public boolean isDeviceOwnerApp(String);		method public boolean isDeviceOwnerApp(String);
	method public boolean isEphemeralUser(@NonNull android.content.ComponentName);		method public boolean isEphemeralUser(@NonNull android.content.ComponentName);

core/api/system-current.txt

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1261,6 +1261,7 @@ package android.app.admin {
	method @Nullable public CharSequence getDeviceOwnerOrganizationName();		method @Nullable public CharSequence getDeviceOwnerOrganizationName();
	method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.os.UserHandle getDeviceOwnerUser();		method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public android.os.UserHandle getDeviceOwnerUser();
	method @NonNull @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public android.app.admin.DevicePolicyState getDevicePolicyState();		method @NonNull @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public android.app.admin.DevicePolicyState getDevicePolicyState();
			method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public String getFinancedDeviceKioskRoleHolder();
	method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public java.util.List<java.lang.String> getPermittedAccessibilityServices(int);		method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public java.util.List<java.lang.String> getPermittedAccessibilityServices(int);
	method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public java.util.List<java.lang.String> getPermittedInputMethodsForCurrentUser();		method @Nullable @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.QUERY_ADMIN_POLICY}) public java.util.List<java.lang.String> getPermittedInputMethodsForCurrentUser();
	method @NonNull @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public java.util.List<android.os.UserHandle> getPolicyManagedProfiles(@NonNull android.os.UserHandle);		method @NonNull @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public java.util.List<android.os.UserHandle> getPolicyManagedProfiles(@NonNull android.os.UserHandle);

core/java/android/app/admin/DevicePolicyManager.java

+51 −0

Original line number	Original line	Diff line number	Diff line
	@@ -16902,4 +16902,55 @@ public class DevicePolicyManager {
	}		}
	return false;		return false;
	}		}

			/**
			* Returns {@code true} if this device is marked as a financed device.
			*
			* <p>A financed device can be entered into lock task mode (see {@link #setLockTaskPackages})
			* by the holder of the role {@link android.app.role.RoleManager#ROLE_FINANCED_DEVICE_KIOSK}.
			* If this occurs, Device Owners and Profile Owners that have set lock task packages or
			* features, or that attempt to set lock task packages or features, will receive a callback
			* indicating that it could not be set. See {@link PolicyUpdateReceiver#onPolicyChanged} and
			* {@link PolicyUpdateReceiver#onPolicySetResult}.
			*
			* <p>To be informed of changes to this status you can subscribe to the broadcast
			* {@link ACTION_DEVICE_FINANCING_STATE_CHANGED}.
			*
			* @throws SecurityException if the caller is not a device owner, profile owner of an
			* organization-owned managed profile, profile owner on the primary user or holder of one of the
			* following roles: {@link android.app.role.RoleManager.ROLE_DEVICE_POLICY_MANAGEMENT},
			* android.app.role.RoleManager.ROLE_SYSTEM_SUPERVISION.
			*/
			public boolean isDeviceFinanced() {
			if (mService != null) {
			try {
			return mService.isDeviceFinanced(mContext.getPackageName());
			} catch (RemoteException e) {
			throw e.rethrowFromSystemServer();
			}
			}
			return false;
			}

			/**
			* Returns the package name of the application holding the role:
			* {@link android.app.role.RoleManager#ROLE_FINANCED_DEVICE_KIOSK}.
			*
			* @return the package name of the application holding the role or {@code null} if the role is
			* not held by any applications.
			* @hide
			*/
			@SystemApi
			@RequiresPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)
			@Nullable
			public String getFinancedDeviceKioskRoleHolder() {
			if (mService != null) {
			try {
			return mService.getFinancedDeviceKioskRoleHolder(mContext.getPackageName());
			} catch (RemoteException e) {
			throw e.rethrowFromSystemServer();
			}
			}
			return null;
			}
	}		}

core/java/android/app/admin/IDevicePolicyManager.aidl

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -605,4 +605,7 @@ interface IDevicePolicyManager {
	void setOverrideKeepProfilesRunning(boolean enabled);		void setOverrideKeepProfilesRunning(boolean enabled);

	boolean triggerDevicePolicyEngineMigration(boolean forceMigration);		boolean triggerDevicePolicyEngineMigration(boolean forceMigration);

			boolean isDeviceFinanced(String callerPackageName);
			String getFinancedDeviceKioskRoleHolder(String callerPackageName);
	}		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+106 −31

Original line number	Original line	Diff line number	Diff line
	@@ -77,6 +77,7 @@ import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WALLPAPER;
	import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIFI;		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIFI;
	import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WINDOWS;		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WINDOWS;
	import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIPE_DATA;		import static android.Manifest.permission.MANAGE_DEVICE_POLICY_WIPE_DATA;
			import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS;
	import static android.Manifest.permission.QUERY_ADMIN_POLICY;		import static android.Manifest.permission.QUERY_ADMIN_POLICY;
	import static android.Manifest.permission.REQUEST_PASSWORD_COMPLEXITY;		import static android.Manifest.permission.REQUEST_PASSWORD_COMPLEXITY;
	import static android.Manifest.permission.SET_TIME;		import static android.Manifest.permission.SET_TIME;
	@@ -3965,7 +3966,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	}		}
	Objects.requireNonNull(adminReceiver, "ComponentName is null");		Objects.requireNonNull(adminReceiver, "ComponentName is null");
	Preconditions.checkCallAuthorization(isAdb(getCallerIdentity())		Preconditions.checkCallAuthorization(isAdb(getCallerIdentity())
	\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS),		\|\| hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS),
	"Caller must be shell or hold MANAGE_PROFILE_AND_DEVICE_OWNERS to call "		"Caller must be shell or hold MANAGE_PROFILE_AND_DEVICE_OWNERS to call "
	+ "forceRemoveActiveAdmin");		+ "forceRemoveActiveAdmin");
	mInjector.binderWithCleanCallingIdentity(() -> {		mInjector.binderWithCleanCallingIdentity(() -> {
	@@ -9479,7 +9480,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	isDefaultDeviceOwner(caller) \|\| canManageUsers(caller) \|\| isFinancedDeviceOwner(		isDefaultDeviceOwner(caller) \|\| canManageUsers(caller) \|\| isFinancedDeviceOwner(
	caller) \|\| hasCallingOrSelfPermission(		caller) \|\| hasCallingOrSelfPermission(
	permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		MANAGE_PROFILE_AND_DEVICE_OWNERS));
	return mOwners.hasDeviceOwner();		return mOwners.hasDeviceOwner();
	}		}

	@@ -9648,7 +9649,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	}		}
	if (!callingUserOnly) {		if (!callingUserOnly) {
	Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())		Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())
	\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		\|\| hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));
	}		}
	synchronized (getLockObject()) {		synchronized (getLockObject()) {
	if (!mOwners.hasDeviceOwner()) {		if (!mOwners.hasDeviceOwner()) {
	@@ -9698,7 +9699,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	return null;		return null;
	}		}
	Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())		Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())
	\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		\|\| hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	synchronized (getLockObject()) {		synchronized (getLockObject()) {
	if (!mOwners.hasDeviceOwner()) {		if (!mOwners.hasDeviceOwner()) {
	@@ -10102,7 +10103,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	}		}
	final CallerIdentity caller = getCallerIdentity();		final CallerIdentity caller = getCallerIdentity();
	Preconditions.checkCallAuthorization(canManageUsers(caller)		Preconditions.checkCallAuthorization(canManageUsers(caller)
	\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		\|\| hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	if (userHandle != caller.getUserId()) {		if (userHandle != caller.getUserId()) {
	Preconditions.checkCallAuthorization(canManageUsers(caller)		Preconditions.checkCallAuthorization(canManageUsers(caller)
	@@ -10120,7 +10121,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	return;		return;
	}		}
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	final CallerIdentity caller = getCallerIdentity();		final CallerIdentity caller = getCallerIdentity();
	final long id = mInjector.binderClearCallingIdentity();		final long id = mInjector.binderClearCallingIdentity();
	@@ -10433,7 +10434,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	return null;		return null;
	}		}
	Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())		Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())
	\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		\|\| hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));
	return getProfileOwnerNameUnchecked(userHandle);		return getProfileOwnerNameUnchecked(userHandle);
	}		}

	@@ -10640,7 +10641,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	return;		return;
	}		}
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	if ((mIsWatch \|\| hasUserSetupCompleted(userHandle))) {		if ((mIsWatch \|\| hasUserSetupCompleted(userHandle))) {
	Preconditions.checkState(isSystemUid(caller),		Preconditions.checkState(isSystemUid(caller),
	@@ -10664,7 +10665,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	boolean hasIncompatibleAccountsOrNonAdb) {		boolean hasIncompatibleAccountsOrNonAdb) {
	if (!isAdb(caller)) {		if (!isAdb(caller)) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));
	}		}

	final int code = checkDeviceOwnerProvisioningPreConditionLocked(owner,		final int code = checkDeviceOwnerProvisioningPreConditionLocked(owner,
	@@ -15921,7 +15922,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	private boolean canWriteCredentialManagerPolicy(CallerIdentity caller) {		private boolean canWriteCredentialManagerPolicy(CallerIdentity caller) {
	return (isProfileOwner(caller) && isManagedProfile(caller.getUserId()))		return (isProfileOwner(caller) && isManagedProfile(caller.getUserId()))
	\|\| isDefaultDeviceOwner(caller)		\|\| isDefaultDeviceOwner(caller)
	\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);		\|\| hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS);
	}		}

	@Override		@Override
	@@ -16424,7 +16425,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	Objects.requireNonNull(packageName, "packageName is null");		Objects.requireNonNull(packageName, "packageName is null");
	final CallerIdentity caller = getCallerIdentity();		final CallerIdentity caller = getCallerIdentity();
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	long originalId = mInjector.binderClearCallingIdentity();		long originalId = mInjector.binderClearCallingIdentity();
	try {		try {
	@@ -17157,7 +17158,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	// Only adb or system apps with the right permission can mark a profile owner on		// Only adb or system apps with the right permission can mark a profile owner on
	// organization-owned device.		// organization-owned device.
	if (!(isAdb(caller) \|\| hasCallingPermission(permission.MARK_DEVICE_ORGANIZATION_OWNED)		if (!(isAdb(caller) \|\| hasCallingPermission(permission.MARK_DEVICE_ORGANIZATION_OWNED)
	\|\| hasCallingPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS))) {		\|\| hasCallingPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS))) {
	throw new SecurityException(		throw new SecurityException(
	"Only the system can mark a profile owner of organization-owned device.");		"Only the system can mark a profile owner of organization-owned device.");
	}		}
	@@ -17758,7 +17759,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	@Override		@Override
	public void forceUpdateUserSetupComplete(@UserIdInt int userId) {		public void forceUpdateUserSetupComplete(@UserIdInt int userId) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	boolean isUserCompleted = mInjector.settingsSecureGetIntForUser(		boolean isUserCompleted = mInjector.settingsSecureGetIntForUser(
	Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0;		Settings.Secure.USER_SETUP_COMPLETE, 0, userId) != 0;
	@@ -18696,7 +18697,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	public List<String> getDisallowedSystemApps(ComponentName admin, int userId,		public List<String> getDisallowedSystemApps(ComponentName admin, int userId,
	String provisioningAction) throws RemoteException {		String provisioningAction) throws RemoteException {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	return new ArrayList<>(		return new ArrayList<>(
	mOverlayPackagesProvider.getNonRequiredApps(admin, userId, provisioningAction));		mOverlayPackagesProvider.getNonRequiredApps(admin, userId, provisioningAction));
	@@ -19513,7 +19514,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	return false;		return false;
	}		}
	Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())		Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())
	\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		\|\| hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	long id = mInjector.binderClearCallingIdentity();		long id = mInjector.binderClearCallingIdentity();
	try {		try {
	@@ -19540,7 +19541,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	return false;		return false;
	}		}
	Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())		Preconditions.checkCallAuthorization(canManageUsers(getCallerIdentity())
	\|\| hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		\|\| hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	return mInjector.binderWithCleanCallingIdentity(() -> isUnattendedManagedKioskUnchecked());		return mInjector.binderWithCleanCallingIdentity(() -> isUnattendedManagedKioskUnchecked());
	}		}
	@@ -20520,7 +20521,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	@Override		@Override
	public void clearOrganizationIdForUser(int userHandle) {		public void clearOrganizationIdForUser(int userHandle) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	synchronized (getLockObject()) {		synchronized (getLockObject()) {
	final ActiveAdmin owner = getDeviceOrProfileOwnerAdminLocked(userHandle);		final ActiveAdmin owner = getDeviceOrProfileOwnerAdminLocked(userHandle);
	@@ -20542,7 +20543,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

	final CallerIdentity caller = getCallerIdentity(callerPackage);		final CallerIdentity caller = getCallerIdentity(callerPackage);
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	provisioningParams.logParams(callerPackage);		provisioningParams.logParams(callerPackage);

	@@ -20640,7 +20641,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	public void finalizeWorkProfileProvisioning(UserHandle managedProfileUser,		public void finalizeWorkProfileProvisioning(UserHandle managedProfileUser,
	Account migratedAccount) {		Account migratedAccount) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	if (!isManagedProfile(managedProfileUser.getIdentifier())) {		if (!isManagedProfile(managedProfileUser.getIdentifier())) {
	throw new IllegalStateException("Given user is not a managed profile");		throw new IllegalStateException("Given user is not a managed profile");
	@@ -20742,15 +20743,65 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	}		}

	private boolean isCallerDevicePolicyManagementRoleHolder(CallerIdentity caller) {		private boolean isCallerDevicePolicyManagementRoleHolder(CallerIdentity caller) {
			return doesCallerHoldRole(caller, RoleManager.ROLE_DEVICE_POLICY_MANAGEMENT);
			}

			private boolean isCallerSystemSupervisionRoleHolder(CallerIdentity caller) {
			return doesCallerHoldRole(caller, RoleManager.ROLE_SYSTEM_SUPERVISION);
			}

			/**
			* Check if the caller is holding the given role on the calling user.
			*
			* @param caller the caller you wish to check
			* @param role the name of the role to check for.
			* @return {@code true} if the caller holds the role, {@code false} otherwise.
			*/
			private boolean doesCallerHoldRole(CallerIdentity caller, String role) {
	int callerUid = caller.getUid();		int callerUid = caller.getUid();
	String devicePolicyManagementRoleHolderPackageName =		String roleHolderPackageName =
	getRoleHolderPackageName(mContext, RoleManager.ROLE_DEVICE_POLICY_MANAGEMENT);		getRoleHolderPackageNameOnUser(role, caller.getUserId());
	int roleHolderUid = mInjector.getPackageManagerInternal().getPackageUid(		int roleHolderUid = mInjector.getPackageManagerInternal().getPackageUid(
	devicePolicyManagementRoleHolderPackageName, 0, caller.getUserId());		roleHolderPackageName, 0, caller.getUserId());

	return callerUid == roleHolderUid;		return callerUid == roleHolderUid;
	}		}

			/**
			* Return the package name of the role holder on the given user.
			*
			* <p>If the userId passed in is {@link UserHandle.USER_ALL} then every user will be checked and
			* the package name of the role holder on the first user where there is a role holder is
			* returned.
			*
			* @param role the name of the role to check for.
			* @param userId the userId to check for the role holder on.
			* @return the package name of the role holder
			*/
			@Nullable
			private String getRoleHolderPackageNameOnUser(String role, int userId) {
			RoleManager roleManager = mContext.getSystemService(RoleManager.class);

			// Clear calling identity as the RoleManager APIs require privileged permissions.
			return mInjector.binderWithCleanCallingIdentity(() -> {
			List<UserInfo> users;
			// Interpret USER_ALL as meaning "any" user.
			if (userId == UserHandle.USER_ALL) {
			users = mInjector.getUserManagerInternal().getUsers(/excludeDying=/ true);
			} else {
			users = List.of(new UserInfo(userId, /name=/ null, /flags=/ 0));
			}
			for (UserInfo user : users) {
			List<String> roleHolders =
			roleManager.getRoleHoldersAsUser(role, user.getUserHandle());
			if (!roleHolders.isEmpty()) {
			return roleHolders.get(0);
			}
			}
			return null;
			});
			}

	private void resetInteractAcrossProfilesAppOps(@UserIdInt int userId) {		private void resetInteractAcrossProfilesAppOps(@UserIdInt int userId) {
	mInjector.getCrossProfileApps(userId).clearInteractAcrossProfilesAppOps();		mInjector.getCrossProfileApps(userId).clearInteractAcrossProfilesAppOps();
	pregrantDefaultInteractAcrossProfilesAppOps(userId);		pregrantDefaultInteractAcrossProfilesAppOps(userId);
	@@ -20977,7 +21028,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

	final CallerIdentity caller = getCallerIdentity();		final CallerIdentity caller = getCallerIdentity();
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)
	\|\| (hasCallingOrSelfPermission(permission.PROVISION_DEMO_DEVICE)		\|\| (hasCallingOrSelfPermission(permission.PROVISION_DEMO_DEVICE)
	&& provisioningParams.isDemoDevice()));		&& provisioningParams.isDemoDevice()));

	@@ -21165,7 +21216,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	@Override		@Override
	public void resetDefaultCrossProfileIntentFilters(@UserIdInt int userId) {		public void resetDefaultCrossProfileIntentFilters(@UserIdInt int userId) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

	mInjector.binderWithCleanCallingIdentity(() -> {		mInjector.binderWithCleanCallingIdentity(() -> {
	try {		try {
	@@ -21304,7 +21355,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	public void setDeviceOwnerType(@NonNull ComponentName admin,		public void setDeviceOwnerType(@NonNull ComponentName admin,
	@DeviceOwnerType int deviceOwnerType) {		@DeviceOwnerType int deviceOwnerType) {
	Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(		Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
	permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		MANAGE_PROFILE_AND_DEVICE_OWNERS));

	synchronized (getLockObject()) {		synchronized (getLockObject()) {
	setDeviceOwnerTypeLocked(admin, deviceOwnerType);		setDeviceOwnerTypeLocked(admin, deviceOwnerType);
	@@ -21692,7 +21743,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

	public boolean isDpcDownloaded() {		public boolean isDpcDownloaded() {
	Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(		Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
	android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		MANAGE_PROFILE_AND_DEVICE_OWNERS));

	ContentResolver cr = mContext.getContentResolver();		ContentResolver cr = mContext.getContentResolver();

	@@ -21704,7 +21755,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {

	public void setDpcDownloaded(boolean downloaded) {		public void setDpcDownloaded(boolean downloaded) {
	Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(		Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
	android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		MANAGE_PROFILE_AND_DEVICE_OWNERS));

	int setTo = downloaded ? 1 : 0;		int setTo = downloaded ? 1 : 0;

	@@ -21995,7 +22046,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	@Override		@Override
	public List<UserHandle> getPolicyManagedProfiles(@NonNull UserHandle user) {		public List<UserHandle> getPolicyManagedProfiles(@NonNull UserHandle user) {
	Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(		Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
	android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		MANAGE_PROFILE_AND_DEVICE_OWNERS));
	int userId = user.getIdentifier();		int userId = user.getIdentifier();
	return mInjector.binderWithCleanCallingIdentity(() -> {		return mInjector.binderWithCleanCallingIdentity(() -> {
	List<UserInfo> userProfiles = mUserManager.getProfiles(userId);		List<UserInfo> userProfiles = mUserManager.getProfiles(userId);
	@@ -22657,7 +22708,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	@Override		@Override
	public void setOverrideKeepProfilesRunning(boolean enabled) {		public void setOverrideKeepProfilesRunning(boolean enabled) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));
	mKeepProfilesRunning = enabled;		mKeepProfilesRunning = enabled;
	Slog.i(LOG_TAG, "Keep profiles running overridden to: " + enabled);		Slog.i(LOG_TAG, "Keep profiles running overridden to: " + enabled);
	}		}
	@@ -22924,14 +22975,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	@Override		@Override
	public DevicePolicyState getDevicePolicyState() {		public DevicePolicyState getDevicePolicyState() {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));
	return mInjector.binderWithCleanCallingIdentity(mDevicePolicyEngine::getDevicePolicyState);		return mInjector.binderWithCleanCallingIdentity(mDevicePolicyEngine::getDevicePolicyState);
	}		}

	@Override		@Override
	public boolean triggerDevicePolicyEngineMigration(boolean forceMigration) {		public boolean triggerDevicePolicyEngineMigration(boolean forceMigration) {
	Preconditions.checkCallAuthorization(		Preconditions.checkCallAuthorization(
	hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));
	return mInjector.binderWithCleanCallingIdentity(() -> {		return mInjector.binderWithCleanCallingIdentity(() -> {
	boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins();		boolean canForceMigration = forceMigration && !hasNonTestOnlyActiveAdmins();
	if (!canForceMigration && !shouldMigrateToDevicePolicyEngine()) {		if (!canForceMigration && !shouldMigrateToDevicePolicyEngine()) {
	@@ -23290,4 +23341,28 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
	// if the policy engine was ever used?		// if the policy engine was ever used?
	return !mDevicePolicyEngine.hasActivePolicies();		return !mDevicePolicyEngine.hasActivePolicies();
	}		}

			@Override
			public boolean isDeviceFinanced(String callerPackageName) {
			CallerIdentity caller = getCallerIdentity(callerPackageName);
			Preconditions.checkCallAuthorization(isDeviceOwner(caller)
			\|\| isProfileOwnerOfOrganizationOwnedDevice(caller)
			\|\| isProfileOwnerOnUser0(caller)
			\|\| isCallerDevicePolicyManagementRoleHolder(caller)
			\|\| isCallerSystemSupervisionRoleHolder(caller));
			return getFinancedDeviceKioskRoleHolderOnAnyUser() != null;
			};

			@Override
			public String getFinancedDeviceKioskRoleHolder(String callerPackageName) {
			CallerIdentity caller = getCallerIdentity(callerPackageName);
			enforcePermission(MANAGE_PROFILE_AND_DEVICE_OWNERS, caller.getPackageName(),
			caller.getUserId());
			return getFinancedDeviceKioskRoleHolderOnAnyUser();
			}

			private String getFinancedDeviceKioskRoleHolderOnAnyUser() {
			return getRoleHolderPackageNameOnUser(
			RoleManager.ROLE_FINANCED_DEVICE_KIOSK, UserHandle.USER_ALL);
			}
	}		}