Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +68 −138 Original line number Diff line number Diff line Loading @@ -11874,29 +11874,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { throw new IllegalArgumentException("Invalid package name: " + validationResult); } if (Flags.setApplicationRestrictionsCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, caller.getPackageName(), caller.getUserId() ); if (restrictions == null || restrictions.isEmpty()) { mDevicePolicyEngine.removeLocalPolicy( PolicyDefinition.APPLICATION_RESTRICTIONS(packageName), enforcingAdmin, caller.getUserId()); } else { mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.APPLICATION_RESTRICTIONS(packageName), enforcingAdmin, new BundlePolicyValue(restrictions), caller.getUserId()); } setBackwardsCompatibleAppRestrictions( caller, packageName, restrictions, caller.getUserHandle()); } else { final boolean isRoleHolder; if (who != null) { // DO or PO Loading Loading @@ -11943,7 +11920,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { caller.getUserHandle()); }); } } DevicePolicyEventLogger .createEvent(DevicePolicyEnums.SET_APPLICATION_RESTRICTIONS) Loading @@ -11953,31 +11929,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { .write(); } /** * Set app restrictions in user manager for DPC callers only to keep backwards compatibility * for the old getApplicationRestrictions API. */ private void setBackwardsCompatibleAppRestrictions( CallerIdentity caller, String packageName, Bundle restrictions, UserHandle userHandle) { if ((caller.hasAdminComponent() && (isProfileOwner(caller) || isDefaultDeviceOwner(caller))) || (caller.hasPackage() && isCallerDelegate(caller, DELEGATION_APP_RESTRICTIONS))) { Bundle restrictionsToApply = restrictions == null || restrictions.isEmpty() ? getAppRestrictionsSetByAnyAdmin(packageName, userHandle) : restrictions; mInjector.binderWithCleanCallingIdentity(() -> { mUserManager.setApplicationRestrictions(packageName, restrictionsToApply, userHandle); }); } else { // Notify package of changes via an intent - only sent to explicitly registered // receivers. Sending here because For DPCs, this is being sent in UMS. final Intent changeIntent = new Intent(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED); changeIntent.setPackage(packageName); changeIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); mContext.sendBroadcastAsUser(changeIntent, userHandle); } } private Bundle getAppRestrictionsSetByAnyAdmin(String packageName, UserHandle userHandle) { LinkedHashMap<EnforcingAdmin, PolicyValue<Bundle>> policies = mDevicePolicyEngine.getLocalPoliciesSetByAdmins( Loading Loading @@ -13257,26 +13208,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String packageName, boolean parent) { final CallerIdentity caller = getCallerIdentity(who, callerPackage); // IMPORTANT: The code behind the if branch is OUTDATED and requires additional work before // enabling the feature flag below. // TODO(b/369141952): Update DPM.getApplicationRestrictions coexistence code if (Flags.setApplicationRestrictionsCoexistence()) { EnforcingAdmin enforcingAdmin = enforceCanQueryAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, caller.getPackageName(), caller.getUserId() ); LinkedHashMap<EnforcingAdmin, PolicyValue<Bundle>> policies = mDevicePolicyEngine.getLocalPoliciesSetByAdmins( PolicyDefinition.APPLICATION_RESTRICTIONS(packageName), caller.getUserId()); if (policies.isEmpty() || !policies.containsKey(enforcingAdmin)) { return Bundle.EMPTY; } return policies.get(enforcingAdmin).getValue(); } else { final boolean isRoleHolder; if (who != null) { // Caller is DO or PO. They cannot call this on parent Loading Loading @@ -13320,7 +13251,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { }); } } } /** * Returns the apps that are non-exempt from some policies (such as suspension), and populates Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +68 −138 Original line number Diff line number Diff line Loading @@ -11874,29 +11874,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { throw new IllegalArgumentException("Invalid package name: " + validationResult); } if (Flags.setApplicationRestrictionsCoexistence()) { EnforcingAdmin enforcingAdmin = enforcePermissionAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, caller.getPackageName(), caller.getUserId() ); if (restrictions == null || restrictions.isEmpty()) { mDevicePolicyEngine.removeLocalPolicy( PolicyDefinition.APPLICATION_RESTRICTIONS(packageName), enforcingAdmin, caller.getUserId()); } else { mDevicePolicyEngine.setLocalPolicy( PolicyDefinition.APPLICATION_RESTRICTIONS(packageName), enforcingAdmin, new BundlePolicyValue(restrictions), caller.getUserId()); } setBackwardsCompatibleAppRestrictions( caller, packageName, restrictions, caller.getUserHandle()); } else { final boolean isRoleHolder; if (who != null) { // DO or PO Loading Loading @@ -11943,7 +11920,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { caller.getUserHandle()); }); } } DevicePolicyEventLogger .createEvent(DevicePolicyEnums.SET_APPLICATION_RESTRICTIONS) Loading @@ -11953,31 +11929,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { .write(); } /** * Set app restrictions in user manager for DPC callers only to keep backwards compatibility * for the old getApplicationRestrictions API. */ private void setBackwardsCompatibleAppRestrictions( CallerIdentity caller, String packageName, Bundle restrictions, UserHandle userHandle) { if ((caller.hasAdminComponent() && (isProfileOwner(caller) || isDefaultDeviceOwner(caller))) || (caller.hasPackage() && isCallerDelegate(caller, DELEGATION_APP_RESTRICTIONS))) { Bundle restrictionsToApply = restrictions == null || restrictions.isEmpty() ? getAppRestrictionsSetByAnyAdmin(packageName, userHandle) : restrictions; mInjector.binderWithCleanCallingIdentity(() -> { mUserManager.setApplicationRestrictions(packageName, restrictionsToApply, userHandle); }); } else { // Notify package of changes via an intent - only sent to explicitly registered // receivers. Sending here because For DPCs, this is being sent in UMS. final Intent changeIntent = new Intent(Intent.ACTION_APPLICATION_RESTRICTIONS_CHANGED); changeIntent.setPackage(packageName); changeIntent.addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY); mContext.sendBroadcastAsUser(changeIntent, userHandle); } } private Bundle getAppRestrictionsSetByAnyAdmin(String packageName, UserHandle userHandle) { LinkedHashMap<EnforcingAdmin, PolicyValue<Bundle>> policies = mDevicePolicyEngine.getLocalPoliciesSetByAdmins( Loading Loading @@ -13257,26 +13208,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { String packageName, boolean parent) { final CallerIdentity caller = getCallerIdentity(who, callerPackage); // IMPORTANT: The code behind the if branch is OUTDATED and requires additional work before // enabling the feature flag below. // TODO(b/369141952): Update DPM.getApplicationRestrictions coexistence code if (Flags.setApplicationRestrictionsCoexistence()) { EnforcingAdmin enforcingAdmin = enforceCanQueryAndGetEnforcingAdmin( who, MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, caller.getPackageName(), caller.getUserId() ); LinkedHashMap<EnforcingAdmin, PolicyValue<Bundle>> policies = mDevicePolicyEngine.getLocalPoliciesSetByAdmins( PolicyDefinition.APPLICATION_RESTRICTIONS(packageName), caller.getUserId()); if (policies.isEmpty() || !policies.containsKey(enforcingAdmin)) { return Bundle.EMPTY; } return policies.get(enforcingAdmin).getValue(); } else { final boolean isRoleHolder; if (who != null) { // Caller is DO or PO. They cannot call this on parent Loading Loading @@ -13320,7 +13251,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { }); } } } /** * Returns the apps that are non-exempt from some policies (such as suspension), and populates
