Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 67f59928 authored by Jeroen Dhollander's avatar Jeroen Dhollander
Browse files

Make SCREEN_CAPTURE an enum policy. 

Deprecate the boolean SCREEN_CAPTURE_DISABLED and replace it with an
enum SCREEN_CAPTURE policy. Both control the same behavior, but the new
policy matches how we want policies to look going forward.

Bug: 440992241
Test: atest cts/tests/devicepolicy/src/android/devicepolicy/cts/ScreenCaptureDisabledTest.java
Flag: android.app.admin.flags.policy_streamlining
Change-Id: I8d60723d6b3758c2cc5a8f9c2f1b71636a9aeaa1
parent 8bc51c25

core/api/current.txt

+4 −1
Original line number Diff line number Diff line
@@ -8831,7 +8831,10 @@ package android.app.admin { 
  }









  @FlaggedApi("android.app.admin.flags.policy_streamlining") public final class PolicyIdentifier<T> {









    field @FlaggedApi("android.app.admin.flags.policy_streamlining") @NonNull public static final android.app.admin.PolicyIdentifier<java.lang.Boolean> SCREEN_CAPTURE_DISABLED;









    field @FlaggedApi("android.app.admin.flags.policy_streamlining") @NonNull public static final android.app.admin.PolicyIdentifier<java.lang.Integer> SCREEN_CAPTURE;









    field @FlaggedApi("android.app.admin.flags.policy_streamlining") public static final int SCREEN_CAPTURE_ALLOWED = 2; // 0x2









    field @FlaggedApi("android.app.admin.flags.policy_streamlining") public static final int SCREEN_CAPTURE_BLOCKED = 1; // 0x1









    field @Deprecated @FlaggedApi("android.app.admin.flags.policy_streamlining") @NonNull public static final android.app.admin.PolicyIdentifier<java.lang.Boolean> SCREEN_CAPTURE_DISABLED;









  }

















  public abstract class PolicyUpdateReceiver extends android.content.BroadcastReceiver {

























core/api/test-current.txt



+1
−0






























Original line number
Diff line number
Diff line







@@ -631,6 +631,7 @@ package android.app.admin {







    method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public boolean setDeviceOwner(@NonNull android.content.ComponentName, int);









    method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public boolean setDeviceOwnerOnly(@NonNull android.content.ComponentName, int);









    method public void setDeviceOwnerType(@NonNull android.content.ComponentName, int);









    method public void setIntegerPolicy(@NonNull String, int, int);









    method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS) public void setNextOperationSafety(int, int);









    method @RequiresPermission(anyOf={android.Manifest.permission.MARK_DEVICE_ORGANIZATION_OWNED, android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS}, conditional=true) public void setProfileOwnerOnOrganizationOwnedDevice(@NonNull android.content.ComponentName, boolean);









    method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public boolean triggerDevicePolicyEngineMigration(boolean);
































core/java/android/app/admin/DevicePolicyManager.java



+15
−0






























Original line number
Diff line number
Diff line







@@ -18630,4 +18630,19 @@ public class DevicePolicyManager {







        // TODO(b/434920631): Remove this method and use {@link #setPolicy} in tests directly.









        setPolicy(new PolicyIdentifier<Boolean>(key), scope, Boolean.valueOf(value));









    }

















    /**









     * Template free version of setPolicy for integers.









     *









     * @hide









     */









    @TestApi









    @SuppressWarnings("UnflaggedApi") // @TestApi without associated feature.









    public void setIntegerPolicy(









            @NonNull String key,









            @PolicyScope int scope,









            int value) {









        // TODO(b/434920631): Remove this method and use {@link #setPolicy} in tests directly.









        setPolicy(new PolicyIdentifier<Integer>(key), scope, Integer.valueOf(value));









    }









}

























core/java/android/app/admin/PolicyIdentifier.java



+56
−0






























Original line number
Diff line number
Diff line







@@ -19,11 +19,16 @@ package android.app.admin;







import static android.app.admin.flags.Flags.FLAG_POLICY_STREAMLINING;



















import android.annotation.FlaggedApi;









import android.annotation.IntDef;









import android.annotation.NonNull;









import android.annotation.TestApi;









import android.processor.devicepolicy.BooleanPolicyDefinition;









import android.processor.devicepolicy.EnumPolicyDefinition;









import android.processor.devicepolicy.PolicyDefinition;



















import java.lang.annotation.Retention;









import java.lang.annotation.RetentionPolicy;



















/**









 * Represents a type safe identifier for a policy. Use it as a key for









 * {@link DevicePolicyManager.setPolicy setPolicy} and related APIs.








@@ -89,12 +94,63 @@ public final class PolicyIdentifier<T> {







     * If the scope is set to {@link DevicePolicyManager.POLICY_SCOPE_PARENT_USER} and the caller









     * is not a profile owner of an organization-owned managed profile, a security exception will









     * be thrown.









     *









     * @deprecated Use {@link SCREEN_CAPTURE} instead.









     */









    @FlaggedApi(FLAG_POLICY_STREAMLINING)









    @Deprecated









    @NonNull









    @BooleanPolicyDefinition(









            base = @PolicyDefinition









    )









    // TODO(b/440992241): Remove this definition after we confirm it's not used yet.









    public static final PolicyIdentifier<Boolean> SCREEN_CAPTURE_DISABLED = new PolicyIdentifier<>(









            SCREEN_CAPTURE_DISABLED_KEY);



















    /**









     * Block screen capture. See {@link android.view.Display#FLAG_SECURE} for more details on how









     * blocking works.









     */









    @FlaggedApi(FLAG_POLICY_STREAMLINING)









    public static final int SCREEN_CAPTURE_BLOCKED = 1;



















    /**









     * Allow screen capture.









     */









    @FlaggedApi(FLAG_POLICY_STREAMLINING)









    public static final int SCREEN_CAPTURE_ALLOWED = 2;



















    /**









     * Possible values {@link SCREEN_CAPTURE}









     *









     * @hide









     */









    @Retention(RetentionPolicy.SOURCE)









    @IntDef(prefix = { "SCREEN_CAPTURE_" }, value = {









            SCREEN_CAPTURE_BLOCKED,









            SCREEN_CAPTURE_ALLOWED,









    })









    public @interface ScreenCaptureValue {}



















    private static final String SCREEN_CAPTURE_KEY = "screenCapture";



















    /**









     * Policy that controls whether the screen capture is enabled or disabled. Disabling









     * screen capture also prevents the content from being shown on display devices that do not have









     * a secure video output. See {@link android.view.Display#FLAG_SECURE} for more details about









     * secure surfaces and secure displays.









     * Throws SecurityException if the caller is not permitted to control screen capture policy.









     * If the scope is set to {@link DevicePolicyManager.POLICY_SCOPE_DEVICE} and the caller









     * is not a profile owner of an organization-owned managed profile, a security exception will









     * be thrown.









     */









    @FlaggedApi(FLAG_POLICY_STREAMLINING)









    @NonNull









    @EnumPolicyDefinition(









            base = @PolicyDefinition,









            intDef = ScreenCaptureValue.class,









            defaultValue = SCREEN_CAPTURE_ALLOWED









    )









    public static final PolicyIdentifier<Integer> SCREEN_CAPTURE = new PolicyIdentifier<>(









            SCREEN_CAPTURE_KEY);









}
























services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java



+7
−0






























Original line number
Diff line number
Diff line







@@ -24832,6 +24832,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {







                            "SCREEN_CAPTURE_DISABLED requires a Boolean value");









                }









                setScreenCaptureDisabled(caller, scope, value.getBooleanField());









            } else if (id.equals(PolicyIdentifier.SCREEN_CAPTURE.getId())) {









                if (value.getTag() != PolicyValueTransport.Tag.integerField) {









                    throw new IllegalArgumentException("SCREEN_CAPTURE requires an Integer value");









                }









                boolean isDisabled =









                        value.getIntegerField() == PolicyIdentifier.SCREEN_CAPTURE_BLOCKED;









                setScreenCaptureDisabled(caller, scope, isDisabled);









            } else {









                throw new IllegalArgumentException("Unhandled policy " + id);









            }