Add API to check if device policy role qualification is bypassable (47020d16) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -1114,6 +1114,7 @@ package android.app.admin {
		method public void setSecondaryLockscreenEnabled(@NonNull android.content.ComponentName, boolean);
		method @RequiresPermission(android.Manifest.permission.UPDATE_DEVICE_MANAGEMENT_RESOURCES) public void setStrings(@NonNull java.util.Set<android.app.admin.DevicePolicyStringResource>);
		method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setUserProvisioningState(int, @NonNull android.os.UserHandle);
		method @RequiresPermission(android.Manifest.permission.MANAGE_ROLE_HOLDERS) public boolean shouldAllowBypassingDevicePolicyManagementRoleQualification();
		field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED";
		field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED";
		field public static final String ACTION_BIND_SECONDARY_LOCKSCREEN_SERVICE = "android.app.action.BIND_SECONDARY_LOCKSCREEN_SERVICE";

+19 −0

Original line number	Diff line number	Diff line
		@@ -15760,4 +15760,23 @@ public class DevicePolicyManager {
		}
		return deviceManagerConfig;
		}

		/**
		* @return {@code true} if bypassing the device policy management role qualification is allowed
		* with the current state of the device.
		*
		* @hide
		*/
		@SystemApi
		@RequiresPermission(android.Manifest.permission.MANAGE_ROLE_HOLDERS)
		public boolean shouldAllowBypassingDevicePolicyManagementRoleQualification() {
		if (mService != null) {
		try {
		return mService.shouldAllowBypassingDevicePolicyManagementRoleQualification();
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}
		return false;
		}
		}

+2 −0

Original line number	Diff line number	Diff line
		@@ -558,4 +558,6 @@ interface IDevicePolicyManager {
		void setStrings(in List<DevicePolicyStringResource> strings);
		void resetStrings(in String[] stringIds);
		ParcelableResource getString(String stringId);

		boolean shouldAllowBypassingDevicePolicyManagementRoleQualification();
		}

+5 −0

Original line number	Diff line number	Diff line
		@@ -189,4 +189,9 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub {
		public ParcelableResource getString(String stringId) {
		return null;
		}

		@Override
		public boolean shouldAllowBypassingDevicePolicyManagementRoleQualification() {
		return false;
		}
		}

+14 −0

Original line number	Diff line number	Diff line
		@@ -18790,4 +18790,18 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		mInjector.binderWithCleanCallingIdentity(() -> Settings.Secure.putInt(
		mContext.getContentResolver(), MANAGED_PROVISIONING_DPC_DOWNLOADED, setTo));
		}

		@Override
		public boolean shouldAllowBypassingDevicePolicyManagementRoleQualification() {
		Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
		android.Manifest.permission.MANAGE_ROLE_HOLDERS));
		return mInjector.binderWithCleanCallingIdentity(() -> {
		if (mUserManager.getUserCount() > 1) {
		return false;
		}
		AccountManager am = AccountManager.get(mContext);
		Account[] accounts = am.getAccounts();
		return accounts.length == 0;
		});
		}
		}