Loading core/java/android/app/admin/DevicePolicyManager.java +26 −10 Original line number Diff line number Diff line Loading @@ -1349,6 +1349,9 @@ public class DevicePolicyManager { * Broadcast action: send when any policy admin changes a policy. * This is generally used to find out when a new policy is in effect. * * If the profile owner of an organization-owned managed profile changes some user * restriction explicitly on the parent user, this broadcast will <em>not</em> be * sent to the parent user. * @hide */ @UnsupportedAppUsage Loading Loading @@ -7958,18 +7961,23 @@ public class DevicePolicyManager { * <p> * The calling device admin must be a profile or device owner; if it is not, a security * exception will be thrown. * <p> * The profile owner of an organization-owned managed profile may invoke this method on * the {@link DevicePolicyManager} instance it obtained from * {@link #getParentProfileInstance(ComponentName)}, for enforcing device-wide restrictions. * <p> * See the constants in {@link android.os.UserManager} for the list of restrictions that can * be enforced device-wide. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param key The key of the restriction. See the constants in {@link android.os.UserManager} * for the list of keys. * @param key The key of the restriction. * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void addUserRestriction(@NonNull ComponentName admin, @UserManager.UserRestrictionKey String key) { throwIfParentInstance("addUserRestriction"); if (mService != null) { try { mService.setUserRestriction(admin, key, true); mService.setUserRestriction(admin, key, true, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -7981,18 +7989,22 @@ public class DevicePolicyManager { * <p> * The calling device admin must be a profile or device owner; if it is not, a security * exception will be thrown. * <p> * The profile owner of an organization-owned managed profile may invoke this method on * the {@link DevicePolicyManager} instance it obtained from * {@link #getParentProfileInstance(ComponentName)}, for clearing device-wide restrictions. * <p> * See the constants in {@link android.os.UserManager} for the list of restrictions. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param key The key of the restriction. See the constants in {@link android.os.UserManager} * for the list of keys. * @param key The key of the restriction. * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void clearUserRestriction(@NonNull ComponentName admin, @UserManager.UserRestrictionKey String key) { throwIfParentInstance("clearUserRestriction"); if (mService != null) { try { mService.setUserRestriction(admin, key, false); mService.setUserRestriction(admin, key, false, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -8006,16 +8018,20 @@ public class DevicePolicyManager { * The target user may have more restrictions set by the system or other device owner / profile * owner. To get all the user restrictions currently set, use * {@link UserManager#getUserRestrictions()}. * <p> * The profile owner of an organization-owned managed profile may invoke this method on * the {@link DevicePolicyManager} instance it obtained from * {@link #getParentProfileInstance(ComponentName)}, for retrieving device-wide restrictions * it previously set with {@link #addUserRestriction(ComponentName, String)}. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @throws SecurityException if {@code admin} is not a device or profile owner. */ public @NonNull Bundle getUserRestrictions(@NonNull ComponentName admin) { throwIfParentInstance("getUserRestrictions"); Bundle ret = null; if (mService != null) { try { ret = mService.getUserRestrictions(admin); ret = mService.getUserRestrictions(admin, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading core/java/android/app/admin/IDevicePolicyManager.aidl +2 −2 Original line number Diff line number Diff line Loading @@ -208,8 +208,8 @@ interface IDevicePolicyManager { void setRestrictionsProvider(in ComponentName who, in ComponentName provider); ComponentName getRestrictionsProvider(int userHandle); void setUserRestriction(in ComponentName who, in String key, boolean enable); Bundle getUserRestrictions(in ComponentName who); void setUserRestriction(in ComponentName who, in String key, boolean enable, boolean parent); Bundle getUserRestrictions(in ComponentName who, boolean parent); void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags); void clearCrossProfileIntentFilters(in ComponentName admin); Loading services/core/java/android/os/UserManagerInternal.java +3 −3 Original line number Diff line number Diff line Loading @@ -57,7 +57,7 @@ public abstract class UserManagerInternal { * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to set * restrictions enforced by the user. * * @param userId target user id for the local restrictions. * @param originatingUserId user id of the user where the restriction originated. * @param restrictions a bundle of user restrictions. * @param restrictionOwnerType determines which admin {@code userId} corresponds to. * The admin can be either Loading @@ -70,8 +70,8 @@ public abstract class UserManagerInternal { * otherwise it will be applied just on the current user. * @see OwnerType */ public abstract void setDevicePolicyUserRestrictions(int userId, @Nullable Bundle restrictions, @OwnerType int restrictionOwnerType); public abstract void setDevicePolicyUserRestrictions(int originatingUserId, @Nullable Bundle restrictions, @OwnerType int restrictionOwnerType); /** * Returns the "base" user restrictions. Loading services/core/java/com/android/server/pm/UserManagerService.java +17 −13 Original line number Diff line number Diff line Loading @@ -351,6 +351,7 @@ public class UserManagerService extends IUserManager.Stub { * User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService} * that should be applied to all users, including guests. Only non-empty restriction bundles are * stored. * The key is the user id of the user whom the restriction originated from. */ @GuardedBy("mRestrictionsLock") private final SparseArray<Bundle> mDevicePolicyGlobalUserRestrictions = new SparseArray<>(); Loading @@ -364,6 +365,7 @@ public class UserManagerService extends IUserManager.Stub { /** * User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService} * for each user. Only non-empty restriction bundles are stored. * The key is the user id of the user whom the restriction originated from. */ @GuardedBy("mRestrictionsLock") private final SparseArray<Bundle> mDevicePolicyLocalUserRestrictions = new SparseArray<>(); Loading Loading @@ -1621,7 +1623,7 @@ public class UserManagerService extends IUserManager.Stub { /** * See {@link UserManagerInternal#setDevicePolicyUserRestrictions} */ private void setDevicePolicyUserRestrictionsInner(@UserIdInt int userId, private void setDevicePolicyUserRestrictionsInner(@UserIdInt int originatingUserId, @Nullable Bundle restrictions, @UserManagerInternal.OwnerType int restrictionOwnerType) { final Bundle global = new Bundle(); Loading @@ -1635,16 +1637,16 @@ public class UserManagerService extends IUserManager.Stub { synchronized (mRestrictionsLock) { // Update global and local restrictions if they were changed. globalChanged = updateRestrictionsIfNeededLR( userId, global, mDevicePolicyGlobalUserRestrictions); originatingUserId, global, mDevicePolicyGlobalUserRestrictions); localChanged = updateRestrictionsIfNeededLR( userId, local, mDevicePolicyLocalUserRestrictions); originatingUserId, local, mDevicePolicyLocalUserRestrictions); if (restrictionOwnerType == UserManagerInternal.OWNER_TYPE_DEVICE_OWNER) { // Remember the global restriction owner userId to be able to make a distinction // in getUserRestrictionSource on who set local policies. mDeviceOwnerUserId = userId; mDeviceOwnerUserId = originatingUserId; } else { if (mDeviceOwnerUserId == userId) { if (mDeviceOwnerUserId == originatingUserId) { // When profile owner sets restrictions it passes null global bundle and we // reset global restriction owner userId. // This means this user used to have DO, but now the DO is gone and the user Loading @@ -1654,7 +1656,8 @@ public class UserManagerService extends IUserManager.Stub { } } if (DBG) { Log.d(LOG_TAG, "setDevicePolicyUserRestrictions: userId=" + userId Log.d(LOG_TAG, "setDevicePolicyUserRestrictions: " + " originatingUserId=" + originatingUserId + " global=" + global + (globalChanged ? " (changed)" : "") + " local=" + local + (localChanged ? " (changed)" : "") ); Loading @@ -1662,7 +1665,7 @@ public class UserManagerService extends IUserManager.Stub { // Don't call them within the mRestrictionsLock. synchronized (mPackagesLock) { if (localChanged || globalChanged) { writeUserLP(getUserDataNoChecks(userId)); writeUserLP(getUserDataNoChecks(originatingUserId)); } } Loading @@ -1670,7 +1673,7 @@ public class UserManagerService extends IUserManager.Stub { if (globalChanged) { applyUserRestrictionsForAllUsersLR(); } else if (localChanged) { applyUserRestrictionsLR(userId); applyUserRestrictionsLR(originatingUserId); } } } Loading Loading @@ -4507,9 +4510,10 @@ public class UserManagerService extends IUserManager.Stub { private class LocalService extends UserManagerInternal { @Override public void setDevicePolicyUserRestrictions(@UserIdInt int userId, @Nullable Bundle restrictions, @OwnerType int restrictionOwnerType) { UserManagerService.this.setDevicePolicyUserRestrictionsInner(userId, public void setDevicePolicyUserRestrictions(@UserIdInt int originatingUserId, @Nullable Bundle restrictions, @OwnerType int restrictionOwnerType) { UserManagerService.this.setDevicePolicyUserRestrictionsInner(originatingUserId, restrictions, restrictionOwnerType); } Loading services/core/java/com/android/server/pm/UserRestrictionsUtils.java +7 −0 Original line number Diff line number Diff line Loading @@ -410,6 +410,13 @@ public class UserRestrictionsUtils { && PRIMARY_USER_ONLY_RESTRICTIONS.contains(restriction)); } /** * @return true if a restriction is settable by profile owner of an organization owned device. */ public static boolean canProfileOwnerOfOrganizationOwnedDeviceChange(String restriction) { return PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS.contains(restriction); } /** * Returns the user restrictions that default to {@code true} for device owners. * These user restrictions are local, though. ie only for the device owner's user id. Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +26 −10 Original line number Diff line number Diff line Loading @@ -1349,6 +1349,9 @@ public class DevicePolicyManager { * Broadcast action: send when any policy admin changes a policy. * This is generally used to find out when a new policy is in effect. * * If the profile owner of an organization-owned managed profile changes some user * restriction explicitly on the parent user, this broadcast will <em>not</em> be * sent to the parent user. * @hide */ @UnsupportedAppUsage Loading Loading @@ -7958,18 +7961,23 @@ public class DevicePolicyManager { * <p> * The calling device admin must be a profile or device owner; if it is not, a security * exception will be thrown. * <p> * The profile owner of an organization-owned managed profile may invoke this method on * the {@link DevicePolicyManager} instance it obtained from * {@link #getParentProfileInstance(ComponentName)}, for enforcing device-wide restrictions. * <p> * See the constants in {@link android.os.UserManager} for the list of restrictions that can * be enforced device-wide. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param key The key of the restriction. See the constants in {@link android.os.UserManager} * for the list of keys. * @param key The key of the restriction. * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void addUserRestriction(@NonNull ComponentName admin, @UserManager.UserRestrictionKey String key) { throwIfParentInstance("addUserRestriction"); if (mService != null) { try { mService.setUserRestriction(admin, key, true); mService.setUserRestriction(admin, key, true, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -7981,18 +7989,22 @@ public class DevicePolicyManager { * <p> * The calling device admin must be a profile or device owner; if it is not, a security * exception will be thrown. * <p> * The profile owner of an organization-owned managed profile may invoke this method on * the {@link DevicePolicyManager} instance it obtained from * {@link #getParentProfileInstance(ComponentName)}, for clearing device-wide restrictions. * <p> * See the constants in {@link android.os.UserManager} for the list of restrictions. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param key The key of the restriction. See the constants in {@link android.os.UserManager} * for the list of keys. * @param key The key of the restriction. * @throws SecurityException if {@code admin} is not a device or profile owner. */ public void clearUserRestriction(@NonNull ComponentName admin, @UserManager.UserRestrictionKey String key) { throwIfParentInstance("clearUserRestriction"); if (mService != null) { try { mService.setUserRestriction(admin, key, false); mService.setUserRestriction(admin, key, false, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading @@ -8006,16 +8018,20 @@ public class DevicePolicyManager { * The target user may have more restrictions set by the system or other device owner / profile * owner. To get all the user restrictions currently set, use * {@link UserManager#getUserRestrictions()}. * <p> * The profile owner of an organization-owned managed profile may invoke this method on * the {@link DevicePolicyManager} instance it obtained from * {@link #getParentProfileInstance(ComponentName)}, for retrieving device-wide restrictions * it previously set with {@link #addUserRestriction(ComponentName, String)}. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @throws SecurityException if {@code admin} is not a device or profile owner. */ public @NonNull Bundle getUserRestrictions(@NonNull ComponentName admin) { throwIfParentInstance("getUserRestrictions"); Bundle ret = null; if (mService != null) { try { ret = mService.getUserRestrictions(admin); ret = mService.getUserRestrictions(admin, mParentInstance); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +2 −2 Original line number Diff line number Diff line Loading @@ -208,8 +208,8 @@ interface IDevicePolicyManager { void setRestrictionsProvider(in ComponentName who, in ComponentName provider); ComponentName getRestrictionsProvider(int userHandle); void setUserRestriction(in ComponentName who, in String key, boolean enable); Bundle getUserRestrictions(in ComponentName who); void setUserRestriction(in ComponentName who, in String key, boolean enable, boolean parent); Bundle getUserRestrictions(in ComponentName who, boolean parent); void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags); void clearCrossProfileIntentFilters(in ComponentName admin); Loading
services/core/java/android/os/UserManagerInternal.java +3 −3 Original line number Diff line number Diff line Loading @@ -57,7 +57,7 @@ public abstract class UserManagerInternal { * Called by {@link com.android.server.devicepolicy.DevicePolicyManagerService} to set * restrictions enforced by the user. * * @param userId target user id for the local restrictions. * @param originatingUserId user id of the user where the restriction originated. * @param restrictions a bundle of user restrictions. * @param restrictionOwnerType determines which admin {@code userId} corresponds to. * The admin can be either Loading @@ -70,8 +70,8 @@ public abstract class UserManagerInternal { * otherwise it will be applied just on the current user. * @see OwnerType */ public abstract void setDevicePolicyUserRestrictions(int userId, @Nullable Bundle restrictions, @OwnerType int restrictionOwnerType); public abstract void setDevicePolicyUserRestrictions(int originatingUserId, @Nullable Bundle restrictions, @OwnerType int restrictionOwnerType); /** * Returns the "base" user restrictions. Loading
services/core/java/com/android/server/pm/UserManagerService.java +17 −13 Original line number Diff line number Diff line Loading @@ -351,6 +351,7 @@ public class UserManagerService extends IUserManager.Stub { * User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService} * that should be applied to all users, including guests. Only non-empty restriction bundles are * stored. * The key is the user id of the user whom the restriction originated from. */ @GuardedBy("mRestrictionsLock") private final SparseArray<Bundle> mDevicePolicyGlobalUserRestrictions = new SparseArray<>(); Loading @@ -364,6 +365,7 @@ public class UserManagerService extends IUserManager.Stub { /** * User restrictions set by {@link com.android.server.devicepolicy.DevicePolicyManagerService} * for each user. Only non-empty restriction bundles are stored. * The key is the user id of the user whom the restriction originated from. */ @GuardedBy("mRestrictionsLock") private final SparseArray<Bundle> mDevicePolicyLocalUserRestrictions = new SparseArray<>(); Loading Loading @@ -1621,7 +1623,7 @@ public class UserManagerService extends IUserManager.Stub { /** * See {@link UserManagerInternal#setDevicePolicyUserRestrictions} */ private void setDevicePolicyUserRestrictionsInner(@UserIdInt int userId, private void setDevicePolicyUserRestrictionsInner(@UserIdInt int originatingUserId, @Nullable Bundle restrictions, @UserManagerInternal.OwnerType int restrictionOwnerType) { final Bundle global = new Bundle(); Loading @@ -1635,16 +1637,16 @@ public class UserManagerService extends IUserManager.Stub { synchronized (mRestrictionsLock) { // Update global and local restrictions if they were changed. globalChanged = updateRestrictionsIfNeededLR( userId, global, mDevicePolicyGlobalUserRestrictions); originatingUserId, global, mDevicePolicyGlobalUserRestrictions); localChanged = updateRestrictionsIfNeededLR( userId, local, mDevicePolicyLocalUserRestrictions); originatingUserId, local, mDevicePolicyLocalUserRestrictions); if (restrictionOwnerType == UserManagerInternal.OWNER_TYPE_DEVICE_OWNER) { // Remember the global restriction owner userId to be able to make a distinction // in getUserRestrictionSource on who set local policies. mDeviceOwnerUserId = userId; mDeviceOwnerUserId = originatingUserId; } else { if (mDeviceOwnerUserId == userId) { if (mDeviceOwnerUserId == originatingUserId) { // When profile owner sets restrictions it passes null global bundle and we // reset global restriction owner userId. // This means this user used to have DO, but now the DO is gone and the user Loading @@ -1654,7 +1656,8 @@ public class UserManagerService extends IUserManager.Stub { } } if (DBG) { Log.d(LOG_TAG, "setDevicePolicyUserRestrictions: userId=" + userId Log.d(LOG_TAG, "setDevicePolicyUserRestrictions: " + " originatingUserId=" + originatingUserId + " global=" + global + (globalChanged ? " (changed)" : "") + " local=" + local + (localChanged ? " (changed)" : "") ); Loading @@ -1662,7 +1665,7 @@ public class UserManagerService extends IUserManager.Stub { // Don't call them within the mRestrictionsLock. synchronized (mPackagesLock) { if (localChanged || globalChanged) { writeUserLP(getUserDataNoChecks(userId)); writeUserLP(getUserDataNoChecks(originatingUserId)); } } Loading @@ -1670,7 +1673,7 @@ public class UserManagerService extends IUserManager.Stub { if (globalChanged) { applyUserRestrictionsForAllUsersLR(); } else if (localChanged) { applyUserRestrictionsLR(userId); applyUserRestrictionsLR(originatingUserId); } } } Loading Loading @@ -4507,9 +4510,10 @@ public class UserManagerService extends IUserManager.Stub { private class LocalService extends UserManagerInternal { @Override public void setDevicePolicyUserRestrictions(@UserIdInt int userId, @Nullable Bundle restrictions, @OwnerType int restrictionOwnerType) { UserManagerService.this.setDevicePolicyUserRestrictionsInner(userId, public void setDevicePolicyUserRestrictions(@UserIdInt int originatingUserId, @Nullable Bundle restrictions, @OwnerType int restrictionOwnerType) { UserManagerService.this.setDevicePolicyUserRestrictionsInner(originatingUserId, restrictions, restrictionOwnerType); } Loading
services/core/java/com/android/server/pm/UserRestrictionsUtils.java +7 −0 Original line number Diff line number Diff line Loading @@ -410,6 +410,13 @@ public class UserRestrictionsUtils { && PRIMARY_USER_ONLY_RESTRICTIONS.contains(restriction)); } /** * @return true if a restriction is settable by profile owner of an organization owned device. */ public static boolean canProfileOwnerOfOrganizationOwnedDeviceChange(String restriction) { return PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS.contains(restriction); } /** * Returns the user restrictions that default to {@code true} for device owners. * These user restrictions are local, though. ie only for the device owner's user id. Loading
