Merge "arc: Restrict only removal of first account" into main

        @Readable

        public static final String SHOW_NOTIFICATION_SNOOZE = "show_notification_snooze";

       /**

         * 1 if it is allowed to remove the primary GAIA account. 0 by default.

         * @hide

         */

        public static final String ALLOW_PRIMARY_GAIA_ACCOUNT_REMOVAL_FOR_TESTS =

                "allow_primary_gaia_account_removal_for_tests";

        /**

         * List of TV inputs that are currently hidden. This is a string

         * containing the IDs of all hidden TV inputs. Each ID is encoded by

         UI is handled by ActivityManagerService -->

    <bool name="config_customUserSwitchUi">false</bool>

    <!-- Flag specifying whether the first account added can be removed or renamed. By default,

    this ability is enabled. When false, user will not be able to remove the first account. -->

    <bool name="config_canRemoveFirstAccount">true</bool>

    <!-- Used together with config_canRemoveOrRenameFirstAccount when set to false. By default, this

    is blank. Check if the first account is of this account type. If it is, then disable

    remove/rename. -->

    <string name="config_accountTypeToKeepFirstAccount"></string>

    <!-- A array of regex to treat a SMS as VVM SMS if the message body matches.

         Each item represents an entry, which consists of two parts:

         a comma (,) separated list of MCCMNC the regex applies to, followed by a semicolon (;), and

  <java-symbol type="bool" name="config_startDreamImmediatelyOnDock" />

  <java-symbol type="bool" name="config_carDockEnablesAccelerometer" />

  <java-symbol type="bool" name="config_customUserSwitchUi" />

  <java-symbol type="bool" name="config_canRemoveFirstAccount" />

  <java-symbol type="string" name="config_accountTypeToKeepFirstAccount" />

  <java-symbol type="bool" name="config_deskDockEnablesAccelerometer" />

  <java-symbol type="bool" name="config_disableMenuKeyInLockScreen" />

  <java-symbol type="bool" name="config_enableCarDockHomeLaunch" />

             newHashSet(

                 Settings.Secure.ACCESSIBILITY_SOFT_KEYBOARD_MODE,

                 Settings.Secure.ACCESSIBILITY_SPEAK_PASSWORD, // Deprecated since O.

                 Settings.Secure.ALLOW_PRIMARY_GAIA_ACCOUNT_REMOVAL_FOR_TESTS,

                 Settings.Secure.ALLOWED_GEOLOCATION_ORIGINS,

                 Settings.Secure.ALWAYS_ON_VPN_APP,

                 Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN,

import android.os.SystemClock;

import android.os.UserHandle;

import android.os.UserManager;

import android.provider.Settings;

import android.stats.devicepolicy.DevicePolicyEnums;

import android.text.TextUtils;

import android.util.EventLog;

            }

            return;

        }

        if (isFirstAccountRemovalDisabled(account)) {

            try {

                response.onError(

                        AccountManager.ERROR_CODE_MANAGEMENT_DISABLED_FOR_ACCOUNT_TYPE,

                        "User cannot remove the first "

                                + account.type

                                + " account on the device.");

            } catch (RemoteException re) {

                Log.w(TAG, "RemoteException while removing account", re);

            }

            return;

        }

        final long identityToken = clearCallingIdentity();

        UserAccounts accounts = getUserAccounts(userId);

        cancelNotification(getSigninRequiredNotificationId(accounts, account), accounts);

                    account.type);

            throw new SecurityException(msg);

        }

        if (isFirstAccountRemovalDisabled(account)) {

            Log.e(TAG, "Cannot remove the first " + account.type + " account on the device.");

            return false;

        }

        UserAccounts accounts = getUserAccountsForCaller();

        final long accountId = accounts.accountsDb.findDeAccountId(account);

        logRecord(

        }

    }

    /**

     * Returns true if the config_canRemoveOrRenameFirstUser is false, and the given account type

     * matches the one provided by config_accountTypeToKeepFirstUser.

     */

    private boolean isFirstAccountRemovalDisabled(Account account) {

        // Skip if not targeting the first user.

        int userId = UserHandle.getCallingUserId();

        if (userId != 0) {

            return false;

        }

        // Skip if we are allowed to remove/rename first account.

        if (mContext.getResources()

                .getBoolean(com.android.internal.R.bool.config_canRemoveFirstAccount)) {

            return false;

        }

        // Skip if needed for testing.

        if (Settings.Secure.getIntForUser(

                mContext.getContentResolver(),

                Settings.Secure.ALLOW_PRIMARY_GAIA_ACCOUNT_REMOVAL_FOR_TESTS,

                0 /* default */,

                0 /* userHandle */) != 0) {

            return false;

        }

        // Skip if not targeting desired account.

        String typeToKeep =

                mContext.getResources()

                        .getString(

                                com.android.internal.R.string.config_accountTypeToKeepFirstAccount);

        if (typeToKeep.isEmpty() || !typeToKeep.equals(account.type)) {

            return false;

        }

        // Only restrict first account.

        UserAccounts accounts = getUserAccounts(0 /* userId */);

        Account[] accountsOfType = getAccountsFromCache(accounts, typeToKeep,

                Process.SYSTEM_UID, "android" /* packageName */, false);

        return accountsOfType.length > 0 && accountsOfType[0].equals(account);

    }

    private final class AccountManagerInternalImpl extends AccountManagerInternal {

        private final Object mLock = new Object();