Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3d9eb78f authored by Julia Reynolds's avatar Julia Reynolds
Browse files

Apply lockdowns when user restrictions are set. 

Previously DMAgent would apply these lockdowns before/
after setting the matching user restrictions.

Bug: 16701642
Bug: 16945830
Bug: 16944983
Change-Id: Ib4f7145055687f12408d6ccacd8e6380406a32b2
parent 14a4e352

api/current.txt

+3 −3
Original line number Diff line number Diff line
@@ -23029,9 +23029,9 @@ package android.os { 
    method public boolean isUserRunning(android.os.UserHandle);

    method public boolean isUserRunningOrStopping(android.os.UserHandle);

    method public boolean setRestrictionsChallenge(java.lang.String);

    method public void setUserRestriction(java.lang.String, boolean);

    method public void setUserRestrictions(android.os.Bundle);

    method public void setUserRestrictions(android.os.Bundle, android.os.UserHandle);

    method public deprecated void setUserRestriction(java.lang.String, boolean);

    method public deprecated void setUserRestrictions(android.os.Bundle);

    method public deprecated void setUserRestrictions(android.os.Bundle, android.os.UserHandle);

    field public static final java.lang.String DISALLOW_ADD_USER = "no_add_user";

    field public static final java.lang.String DISALLOW_ADJUST_VOLUME = "no_adjust_volume";

    field public static final java.lang.String DISALLOW_APPS_CONTROL = "no_control_apps";

core/java/android/os/UserManager.java

+20 −0
Original line number Diff line number Diff line
@@ -499,7 +499,12 @@ public class UserManager { 
     * Sets all the user-wide restrictions for this user.

     * Requires the MANAGE_USERS permission.

     * @param restrictions the Bundle containing all the restrictions.

     * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(

     * android.content.ComponentName, String)} or

     * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(

     * android.content.ComponentName, String)} instead.

     */

    @Deprecated

    public void setUserRestrictions(Bundle restrictions) {

        setUserRestrictions(restrictions, Process.myUserHandle());

    }
@@ -509,7 +514,12 @@ public class UserManager { 
     * Requires the MANAGE_USERS permission.

     * @param restrictions the Bundle containing all the restrictions.

     * @param userHandle the UserHandle of the user for whom to set the restrictions.

     * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(

     * android.content.ComponentName, String)} or

     * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(

     * android.content.ComponentName, String)} instead.

     */

    @Deprecated

    public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) {

        try {

            mService.setUserRestrictions(restrictions, userHandle.getIdentifier());
@@ -523,7 +533,12 @@ public class UserManager { 
     * Requires the MANAGE_USERS permission.

     * @param key the key of the restriction

     * @param value the value for the restriction

     * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(

     * android.content.ComponentName, String)} or

     * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(

     * android.content.ComponentName, String)} instead.

     */

    @Deprecated

    public void setUserRestriction(String key, boolean value) {

        Bundle bundle = getUserRestrictions();

        bundle.putBoolean(key, value);
@@ -537,7 +552,12 @@ public class UserManager { 
     * @param key the key of the restriction

     * @param value the value for the restriction

     * @param userHandle the user whose restriction is to be changed.

     * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction(

     * android.content.ComponentName, String)} or

     * {@link android.app.admin.DevicePolicyManager#clearUserRestriction(

     * android.content.ComponentName, String)} instead.

     */

    @Deprecated

    public void setUserRestriction(String key, boolean value, UserHandle userHandle) {

        Bundle bundle = getUserRestrictions(userHandle);

        bundle.putBoolean(key, value);

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+67 −3
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package com.android.server.devicepolicy; 
import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;



import android.app.admin.DevicePolicyManagerInternal;



import com.android.internal.R;

import com.android.internal.os.storage.ExternalStorageFormatter;

import com.android.internal.util.FastXmlSerializer;
@@ -58,6 +59,7 @@ import android.net.ConnectivityManager; 
import android.net.Uri;

import android.content.pm.PackageManager.NameNotFoundException;

import android.database.ContentObserver;

import android.hardware.usb.UsbManager;

import android.net.ProxyInfo;

import android.os.Binder;

import android.os.Bundle;
@@ -3417,8 +3419,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        synchronized (this) {

            long ident = Binder.clearCallingIdentity();

            try {

                mUserManager.setUserRestrictions(new Bundle(),

                        new UserHandle(UserHandle.USER_OWNER));

                clearUserRestrictions(new UserHandle(UserHandle.USER_OWNER));

                if (mDeviceOwner != null) {

                    mDeviceOwner.clearDeviceOwner();

                    mDeviceOwner.writeOwnerFile();
@@ -3481,7 +3482,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        synchronized (this) {

            long ident = Binder.clearCallingIdentity();

            try {

                mUserManager.setUserRestrictions(new Bundle(), callingUser);

                clearUserRestrictions(callingUser);

                if (mDeviceOwner != null) {

                    mDeviceOwner.removeProfileOwner(callingUser.getIdentifier());

                    mDeviceOwner.writeOwnerFile();
@@ -3492,6 +3493,19 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 
        }

    }



    private void clearUserRestrictions(UserHandle userHandle) {

        AudioManager audioManager =

                (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE);

        Bundle userRestrictions = mUserManager.getUserRestrictions();

        mUserManager.setUserRestrictions(new Bundle(), userHandle);

        if (userRestrictions.getBoolean(UserManager.DISALLOW_ADJUST_VOLUME)) {

            audioManager.setMasterMute(false);

        }

        if (userRestrictions.getBoolean(UserManager.DISALLOW_UNMUTE_MICROPHONE)) {

            audioManager.setMicrophoneMute(false);

        }

    }



    @Override

    public boolean hasUserSetupCompleted() {

        if (!mHasFeature) {
@@ -4034,7 +4048,57 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { 


            long id = Binder.clearCallingIdentity();

            try {

                AudioManager audioManager =

                        (AudioManager) mContext.getSystemService(Context.AUDIO_SERVICE);

                boolean alreadyRestricted = mUserManager.hasUserRestriction(key);



                if (enabled && !alreadyRestricted) {

                    if (UserManager.DISALLOW_CONFIG_WIFI.equals(key)) {

                        Settings.Secure.putIntForUser(mContext.getContentResolver(),

                                Settings.Secure.WIFI_NETWORKS_AVAILABLE_NOTIFICATION_ON, 0,

                                userHandle.getIdentifier());

                    } else if (UserManager.DISALLOW_USB_FILE_TRANSFER.equals(key)) {

                        UsbManager manager =

                                (UsbManager) mContext.getSystemService(Context.USB_SERVICE);

                        manager.setCurrentFunction("none", false);

                    } else if (UserManager.DISALLOW_SHARE_LOCATION.equals(key)) {

                        Settings.Secure.putIntForUser(mContext.getContentResolver(),

                                Settings.Secure.LOCATION_MODE, Settings.Secure.LOCATION_MODE_OFF,

                                userHandle.getIdentifier());

                        Settings.Secure.putStringForUser(mContext.getContentResolver(),

                                Settings.Secure.LOCATION_PROVIDERS_ALLOWED, "",

                                userHandle.getIdentifier());

                    } else if (UserManager.DISALLOW_DEBUGGING_FEATURES.equals(key)) {

                        Settings.Global.putStringForUser(mContext.getContentResolver(),

                                Settings.Global.ADB_ENABLED, "0", userHandle.getIdentifier());

                    } else if (UserManager.ENSURE_VERIFY_APPS.equals(key)) {

                        Settings.Global.putStringForUser(mContext.getContentResolver(),

                                Settings.Global.PACKAGE_VERIFIER_ENABLE, "1",

                                userHandle.getIdentifier());

                        Settings.Global.putStringForUser(mContext.getContentResolver(),

                                Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB, "1",

                                userHandle.getIdentifier());

                    } else if (UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES.equals(key)) {

                        Settings.Secure.putIntForUser(mContext.getContentResolver(),

                                Settings.Secure.INSTALL_NON_MARKET_APPS, 0,

                                userHandle.getIdentifier());

                    } else if (UserManager.DISALLOW_UNMUTE_MICROPHONE.equals(key)) {

                        audioManager.setMicrophoneMute(true);

                    } else if (UserManager.DISALLOW_ADJUST_VOLUME.equals(key)) {

                        audioManager.setMasterMute(true);

                    }

                }



                mUserManager.setUserRestriction(key, enabled, userHandle);



                if (!enabled && alreadyRestricted) {

                    if (UserManager.DISALLOW_UNMUTE_MICROPHONE.equals(key)) {

                        audioManager.setMicrophoneMute(false);

                    } else if (UserManager.DISALLOW_ADJUST_VOLUME.equals(key)) {

                        audioManager.setMasterMute(false);

                    }

                }



            } finally {

                restoreCallingIdentity(id);

            }