Loading core/api/current.txt +2 −2 Original line number Original line Diff line number Diff line Loading @@ -8038,8 +8038,8 @@ package android.app.admin { method public boolean isUsbDataSignalingEnabled(); method public boolean isUsbDataSignalingEnabled(); method public boolean isUsingUnifiedPassword(@NonNull android.content.ComponentName); method public boolean isUsingUnifiedPassword(@NonNull android.content.ComponentName); method @NonNull public java.util.List<android.os.UserHandle> listForegroundAffiliatedUsers(); method @NonNull public java.util.List<android.os.UserHandle> listForegroundAffiliatedUsers(); method @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_LOCK, conditional=true) public void lockNow(); method @RequiresPermission(value="android.permission.LOCK_DEVICE", conditional=true) public void lockNow(); method @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_LOCK, conditional=true) public void lockNow(int); method @RequiresPermission(value="android.permission.LOCK_DEVICE", conditional=true) public void lockNow(int); method public int logoutUser(@NonNull android.content.ComponentName); method public int logoutUser(@NonNull android.content.ComponentName); method public void reboot(@NonNull android.content.ComponentName); method public void reboot(@NonNull android.content.ComponentName); method public void removeActiveAdmin(@NonNull android.content.ComponentName); method public void removeActiveAdmin(@NonNull android.content.ComponentName); core/java/android/app/admin/DevicePolicyManager.java +14 −13 Original line number Original line Diff line number Diff line Loading @@ -18,6 +18,7 @@ package android.app.admin; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.LOCK_DEVICE; import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL; Loading Loading @@ -6305,10 +6306,10 @@ public class DevicePolicyManager { * (PIN, pattern, or password). This API is intended for use only by device admins. * (PIN, pattern, or password). This API is intended for use only by device admins. * <p> * <p> * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have * the LOCK_DEVICE permission or the device must have the device admin feature; if neither is * the LOCK_DEVICE permission or the device must have the * true, then the method will return without completing any action. Before version * device admin feature; if neither is true, then the method will return without completing * {@link android.os.Build.VERSION_CODES#R}, the device needed the device admin feature, * any action. Before version {@link android.os.Build.VERSION_CODES#R}, * regardless of the caller's permissions. * the device needed the device admin feature, regardless of the caller's permissions. * <p> * <p> * The calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * The calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * to be able to call this method; if it has not, a security exception will be thrown. * to be able to call this method; if it has not, a security exception will be thrown. Loading @@ -6328,7 +6329,8 @@ public class DevicePolicyManager { * @throws SecurityException if the calling application does not own an active administrator * @throws SecurityException if the calling application does not own an active administrator * that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} */ */ @RequiresPermission(value = MANAGE_DEVICE_POLICY_LOCK, conditional = true) @SuppressLint("RequiresPermission") @RequiresPermission(value = LOCK_DEVICE, conditional = true) public void lockNow() { public void lockNow() { lockNow(0); lockNow(0); } } Loading @@ -6339,14 +6341,13 @@ public class DevicePolicyManager { * <p> * <p> * This method secures the device in response to an urgent situation, such as a lost or stolen * This method secures the device in response to an urgent situation, such as a lost or stolen * device. After this method is called, the device must be unlocked using strong authentication * device. After this method is called, the device must be unlocked using strong authentication * (PIN, pattern, or password). This API is for use only by device admins and holders of the * (PIN, pattern, or password). This API is intended for use only by device admins. * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK} permission. * <p> * <p> * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have * the LOCK_DEVICE permission or the device must have the device admin feature; if neither is * the LOCK_DEVICE permission or the device must have the * true, then the method will return without completing any action. Before version * device admin feature; if neither is true, then the method will return without completing any * {@link android.os.Build.VERSION_CODES#R}, the device needed the device admin feature, * action. Before version {@link android.os.Build.VERSION_CODES#R}, the device needed the device * regardless of the caller's permissions. * admin feature, regardless of the caller's permissions. * <p> * <p> * A calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * A calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * to be able to call this method; if it has not, a security exception will be thrown. * to be able to call this method; if it has not, a security exception will be thrown. Loading Loading @@ -6375,7 +6376,7 @@ public class DevicePolicyManager { * @param flags May be 0 or {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY}. * @param flags May be 0 or {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY}. * @throws SecurityException if the calling application does not own an active administrator * @throws SecurityException if the calling application does not own an active administrator * that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} and the does not hold * that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} and the does not hold * the {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK} permission, or * the {@link android.Manifest.permission#LOCK_DEVICE} permission, or * the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is passed by an * the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is passed by an * application that is not a profile owner of a managed profile. * application that is not a profile owner of a managed profile. * @throws IllegalArgumentException if the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is * @throws IllegalArgumentException if the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is Loading @@ -6384,7 +6385,7 @@ public class DevicePolicyManager { * flag is passed when {@link #getStorageEncryptionStatus} does not return * flag is passed when {@link #getStorageEncryptionStatus} does not return * {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}. * {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}. */ */ @RequiresPermission(value = MANAGE_DEVICE_POLICY_LOCK, conditional = true) @RequiresPermission(value = LOCK_DEVICE, conditional = true) public void lockNow(@LockNowFlag int flags) { public void lockNow(@LockNowFlag int flags) { if (mService != null) { if (mService != null) { try { try { Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +3 −3 Original line number Original line Diff line number Diff line Loading @@ -6010,10 +6010,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Make sure the caller has any active admin with the right policy or // Make sure the caller has any active admin with the right policy or // the required permission. // the required permission. if (isUnicornFlagEnabled()) { if (isUnicornFlagEnabled()) { admin = enforcePermissionAndGetEnforcingAdmin( admin = enforcePermissionsAndGetEnforcingAdmin( /* admin= */ null, /* admin= */ null, /* permission= */ MANAGE_DEVICE_POLICY_LOCK, /* permissions= */ new String[]{MANAGE_DEVICE_POLICY_LOCK, LOCK_DEVICE}, USES_POLICY_FORCE_LOCK, /* deviceAdminPolicy= */ USES_POLICY_FORCE_LOCK, caller.getPackageName(), caller.getPackageName(), getAffectedUser(parent) getAffectedUser(parent) ).getActiveAdmin(); ).getActiveAdmin(); Loading
core/api/current.txt +2 −2 Original line number Original line Diff line number Diff line Loading @@ -8038,8 +8038,8 @@ package android.app.admin { method public boolean isUsbDataSignalingEnabled(); method public boolean isUsbDataSignalingEnabled(); method public boolean isUsingUnifiedPassword(@NonNull android.content.ComponentName); method public boolean isUsingUnifiedPassword(@NonNull android.content.ComponentName); method @NonNull public java.util.List<android.os.UserHandle> listForegroundAffiliatedUsers(); method @NonNull public java.util.List<android.os.UserHandle> listForegroundAffiliatedUsers(); method @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_LOCK, conditional=true) public void lockNow(); method @RequiresPermission(value="android.permission.LOCK_DEVICE", conditional=true) public void lockNow(); method @RequiresPermission(value=android.Manifest.permission.MANAGE_DEVICE_POLICY_LOCK, conditional=true) public void lockNow(int); method @RequiresPermission(value="android.permission.LOCK_DEVICE", conditional=true) public void lockNow(int); method public int logoutUser(@NonNull android.content.ComponentName); method public int logoutUser(@NonNull android.content.ComponentName); method public void reboot(@NonNull android.content.ComponentName); method public void reboot(@NonNull android.content.ComponentName); method public void removeActiveAdmin(@NonNull android.content.ComponentName); method public void removeActiveAdmin(@NonNull android.content.ComponentName);
core/java/android/app/admin/DevicePolicyManager.java +14 −13 Original line number Original line Diff line number Diff line Loading @@ -18,6 +18,7 @@ package android.app.admin; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.LOCK_DEVICE; import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_ACCOUNT_MANAGEMENT; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL; import static android.Manifest.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL; Loading Loading @@ -6305,10 +6306,10 @@ public class DevicePolicyManager { * (PIN, pattern, or password). This API is intended for use only by device admins. * (PIN, pattern, or password). This API is intended for use only by device admins. * <p> * <p> * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have * the LOCK_DEVICE permission or the device must have the device admin feature; if neither is * the LOCK_DEVICE permission or the device must have the * true, then the method will return without completing any action. Before version * device admin feature; if neither is true, then the method will return without completing * {@link android.os.Build.VERSION_CODES#R}, the device needed the device admin feature, * any action. Before version {@link android.os.Build.VERSION_CODES#R}, * regardless of the caller's permissions. * the device needed the device admin feature, regardless of the caller's permissions. * <p> * <p> * The calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * The calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * to be able to call this method; if it has not, a security exception will be thrown. * to be able to call this method; if it has not, a security exception will be thrown. Loading @@ -6328,7 +6329,8 @@ public class DevicePolicyManager { * @throws SecurityException if the calling application does not own an active administrator * @throws SecurityException if the calling application does not own an active administrator * that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} */ */ @RequiresPermission(value = MANAGE_DEVICE_POLICY_LOCK, conditional = true) @SuppressLint("RequiresPermission") @RequiresPermission(value = LOCK_DEVICE, conditional = true) public void lockNow() { public void lockNow() { lockNow(0); lockNow(0); } } Loading @@ -6339,14 +6341,13 @@ public class DevicePolicyManager { * <p> * <p> * This method secures the device in response to an urgent situation, such as a lost or stolen * This method secures the device in response to an urgent situation, such as a lost or stolen * device. After this method is called, the device must be unlocked using strong authentication * device. After this method is called, the device must be unlocked using strong authentication * (PIN, pattern, or password). This API is for use only by device admins and holders of the * (PIN, pattern, or password). This API is intended for use only by device admins. * {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK} permission. * <p> * <p> * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have * From version {@link android.os.Build.VERSION_CODES#R} onwards, the caller must either have * the LOCK_DEVICE permission or the device must have the device admin feature; if neither is * the LOCK_DEVICE permission or the device must have the * true, then the method will return without completing any action. Before version * device admin feature; if neither is true, then the method will return without completing any * {@link android.os.Build.VERSION_CODES#R}, the device needed the device admin feature, * action. Before version {@link android.os.Build.VERSION_CODES#R}, the device needed the device * regardless of the caller's permissions. * admin feature, regardless of the caller's permissions. * <p> * <p> * A calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * A calling device admin must have requested {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} * to be able to call this method; if it has not, a security exception will be thrown. * to be able to call this method; if it has not, a security exception will be thrown. Loading Loading @@ -6375,7 +6376,7 @@ public class DevicePolicyManager { * @param flags May be 0 or {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY}. * @param flags May be 0 or {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY}. * @throws SecurityException if the calling application does not own an active administrator * @throws SecurityException if the calling application does not own an active administrator * that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} and the does not hold * that uses {@link DeviceAdminInfo#USES_POLICY_FORCE_LOCK} and the does not hold * the {@link android.Manifest.permission#MANAGE_DEVICE_POLICY_LOCK} permission, or * the {@link android.Manifest.permission#LOCK_DEVICE} permission, or * the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is passed by an * the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is passed by an * application that is not a profile owner of a managed profile. * application that is not a profile owner of a managed profile. * @throws IllegalArgumentException if the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is * @throws IllegalArgumentException if the {@link #FLAG_EVICT_CREDENTIAL_ENCRYPTION_KEY} flag is Loading @@ -6384,7 +6385,7 @@ public class DevicePolicyManager { * flag is passed when {@link #getStorageEncryptionStatus} does not return * flag is passed when {@link #getStorageEncryptionStatus} does not return * {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}. * {@link #ENCRYPTION_STATUS_ACTIVE_PER_USER}. */ */ @RequiresPermission(value = MANAGE_DEVICE_POLICY_LOCK, conditional = true) @RequiresPermission(value = LOCK_DEVICE, conditional = true) public void lockNow(@LockNowFlag int flags) { public void lockNow(@LockNowFlag int flags) { if (mService != null) { if (mService != null) { try { try { Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +3 −3 Original line number Original line Diff line number Diff line Loading @@ -6010,10 +6010,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Make sure the caller has any active admin with the right policy or // Make sure the caller has any active admin with the right policy or // the required permission. // the required permission. if (isUnicornFlagEnabled()) { if (isUnicornFlagEnabled()) { admin = enforcePermissionAndGetEnforcingAdmin( admin = enforcePermissionsAndGetEnforcingAdmin( /* admin= */ null, /* admin= */ null, /* permission= */ MANAGE_DEVICE_POLICY_LOCK, /* permissions= */ new String[]{MANAGE_DEVICE_POLICY_LOCK, LOCK_DEVICE}, USES_POLICY_FORCE_LOCK, /* deviceAdminPolicy= */ USES_POLICY_FORCE_LOCK, caller.getPackageName(), caller.getPackageName(), getAffectedUser(parent) getAffectedUser(parent) ).getActiveAdmin(); ).getActiveAdmin();
