Copy the remaining policies on migration.

     * <p>

     * This method may be called on the {@code DevicePolicyManager} instance returned from

     * {@link #getParentProfileInstance(ComponentName)}. Note that only a profile owner on

     * an organization-deviced can affect account types on the parent profile instance.

     * an organization-owned device can affect account types on the parent profile instance.

     *

     * @return a list of account types for which account management has been disabled.

     *

        Slog.i(LOG_TAG, "Clearing the DO...");

        final ComponentName doAdminReceiver = doAdmin.info.getComponent();

        clearDeviceOwnerLocked(doAdmin, doUserId);

        // TODO(b/143516163): If we have a power cut here, we might leave active admin. Consider if

        // it is worth the complexity to make it more robust.

        Slog.i(LOG_TAG, "Removing admin artifacts...");

        // TODO(b/143516163): Clean up application restrictions in UserManager.

        // TODO(b/149075700): Clean up application restrictions in UserManager.

        removeAdminArtifacts(doAdminReceiver, doUserId);

        Slog.i(LOG_TAG, "Migration complete.");

        // The following policies weren't available to PO, but will be available after migration.

        parentAdmin.disableCamera = doAdmin.disableCamera;

        parentAdmin.requireAutoTime = doAdmin.requireAutoTime;

        // TODO(b/143516163): Uncomment once corresponding APIs are available via parent instance.

        // parentAdmin.disableScreenCapture = doAdmin.disableScreenCapture;

        // parentAdmin.accountTypesWithManagementDisabled.addAll(

        //         doAdmin.accountTypesWithManagementDisabled);

        parentAdmin.disableScreenCapture = doAdmin.disableScreenCapture;

        parentAdmin.accountTypesWithManagementDisabled.addAll(

                doAdmin.accountTypesWithManagementDisabled);

        moveDoUserRestrictionsToCopeParent(doAdmin, parentAdmin);

        // TODO(b/143516163): migrate network and security logging state, currently they are

        // turned off when DO is removed.

    }

    private void moveDoUserRestrictionsToCopeParent(ActiveAdmin doAdmin, ActiveAdmin parentAdmin) {

     * a managed profile.

     */

    @GuardedBy("getLockObject()")

    void applyManagedProfileRestrictionIfDeviceOwnerLocked() {

    private void applyManagedProfileRestrictionIfDeviceOwnerLocked() {

        final int doUserId = mOwners.getDeviceOwnerUserId();

        if (doUserId == UserHandle.USER_NULL) {

            logIfVerbose("No DO found, skipping application of restriction.");

                mOwners.systemReady();

                break;

            case SystemService.PHASE_ACTIVITY_MANAGER_READY:

                maybeStartSecurityLogMonitorOnActivityManagerReady();

                synchronized (getLockObject()) {

                    migrateToProfileOnOrganizationOwnedDeviceIfCompLocked();

                    applyManagedProfileRestrictionIfDeviceOwnerLocked();

                }

                maybeStartSecurityLogMonitorOnActivityManagerReady();

                final int userId = getManagedUserId(UserHandle.USER_SYSTEM);

                if (userId >= 0) {

                    updatePersonalAppSuspension(userId, false /* running */);

        <password-history-length value="33" />

        <require_auto_time value="true" />

        <user-restrictions no_bluetooth="true" />

        <disable-screen-capture value="true" />

        <disable-account-management>

            <account-type value="com.google-primary" />

        </disable-account-management>

    </admin>

</policies>

<policies setup-complete="true" provisioning-state="3">

    <admin name="com.android.frameworks.servicestests/com.android.server.devicepolicy.DummyDeviceAdmins$Admin1">

        <policies flags="991"/>

        <disable-account-management>

            <account-type value="com.google-profile" />

        </disable-account-management>

    </admin>

</policies>

import static com.android.server.devicepolicy.DpmTestUtils.writeInputStreamToFile;

import static org.junit.Assert.assertArrayEquals;

import static org.mockito.Matchers.any;

import static org.mockito.Matchers.anyInt;

import static org.mockito.Matchers.eq;

                    33, dpm.getParentProfileInstance(admin1).getPasswordHistoryLength(admin1));

            assertEquals("Password history policy was put into non-parent PO instance",

                    0, dpm.getPasswordHistoryLength(admin1));

            assertTrue("Screen capture restriction wasn't migrated to PO parent instance",

                    dpm.getParentProfileInstance(admin1).getScreenCaptureDisabled(admin1));

            assertArrayEquals("Accounts with management disabled weren't migrated to PO parent",

                    new String[] {"com.google-primary"},

                    dpm.getParentProfileInstance(admin1).getAccountTypesWithManagementDisabled());

            assertArrayEquals("Accounts with management disabled for profile were lost",

                    new String[] {"com.google-profile"},

                    dpm.getAccountTypesWithManagementDisabled());

            assertTrue("User restriction wasn't migrated to PO parent instance",

                    dpm.getParentProfileInstance(admin1).getUserRestrictions(admin1)

                    dpms.getProfileOwnerAdminLocked(COPE_PROFILE_USER_ID)

                            .getEffectiveRestrictions()

                            .containsKey(UserManager.DISALLOW_CONFIG_DATE_TIME));

            // TODO(b/143516163): verify more policies.

        });

    }