Merge "Migrate setPermittedInputMethods to policy engine" into udc-dev am: 1e9f13da34 (7e4987de) · Commits · e / os / android_frameworks_base

core/api/test-current.txt

+6 −0

Original line number	Diff line number	Diff line
		@@ -536,6 +536,12 @@ package android.app.admin {
		field @NonNull public static final android.app.admin.DeviceAdminAuthority DEVICE_ADMIN_AUTHORITY;
		}

		public final class DevicePolicyIdentifiers {
		field public static final String PERMITTED_INPUT_METHODS_POLICY = "permittedInputMethods";
		field public static final String PERSONAL_APPS_SUSPENDED_POLICY = "personalAppsSuspended";
		field public static final String SCREEN_CAPTURE_DISABLED_POLICY = "screenCaptureDisabled";
		}

		public class DevicePolicyManager {
		method @RequiresPermission(anyOf={android.Manifest.permission.MANAGE_USERS, android.Manifest.permission.INTERACT_ACROSS_USERS}) public void acknowledgeNewUserDisclaimer();
		method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void calculateHasIncompatibleAccounts();

core/java/android/app/admin/DevicePolicyIdentifiers.java

+4 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		package android.app.admin;

		import android.annotation.NonNull;
		import android.annotation.TestApi;
		import android.os.UserManager;

		import java.util.Objects;
		@@ -118,6 +119,7 @@ public final class DevicePolicyIdentifiers {
		*
		* @hide
		*/
		@TestApi
		public static final String PERMITTED_INPUT_METHODS_POLICY = "permittedInputMethods";

		/**
		@@ -125,6 +127,7 @@ public final class DevicePolicyIdentifiers {
		*
		* @hide
		*/
		@TestApi
		public static final String PERSONAL_APPS_SUSPENDED_POLICY = "personalAppsSuspended";

		/**
		@@ -132,6 +135,7 @@ public final class DevicePolicyIdentifiers {
		*
		* @hide
		*/
		@TestApi
		public static final String SCREEN_CAPTURE_DISABLED_POLICY = "screenCaptureDisabled";

		/**

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java

+1 −2

Original line number	Diff line number	Diff line
		@@ -130,12 +130,11 @@ final class DevicePolicyEngine {
		<V> void setLocalPolicy(
		@NonNull PolicyDefinition<V> policyDefinition,
		@NonNull EnforcingAdmin enforcingAdmin,
		@NonNull PolicyValue<V> value,
		@Nullable PolicyValue<V> value,
		int userId,
		boolean skipEnforcePolicy) {
		Objects.requireNonNull(policyDefinition);
		Objects.requireNonNull(enforcingAdmin);
		Objects.requireNonNull(value);

		synchronized (mLock) {
		PolicyState<V> localPolicyState = getLocalPolicyStateLocked(policyDefinition, userId);

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+82 −48

Original line number	Diff line number	Diff line
		@@ -12214,18 +12214,23 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}

		synchronized (getLockObject()) {
		ActiveAdmin admin;
		if (isPermissionCheckFlagEnabled()) {
		admin = enforcePermissionAndGetEnforcingAdmin(
		who, MANAGE_DEVICE_POLICY_INPUT_METHODS,
		caller.getPackageName(), userId).getActiveAdmin();
		if (isPolicyEngineForFinanceFlagEnabled()) {
		EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackageName);
		mDevicePolicyEngine.setLocalPolicy(
		PolicyDefinition.PERMITTED_INPUT_METHODS,
		admin,
		packageList == null
		? null
		: new StringSetPolicyValue(new HashSet<>(packageList)),
		userId);
		} else {
		admin = getParentOfAdminIfRequired(
		getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()), calledOnParentInstance);
		}
		ActiveAdmin admin = getParentOfAdminIfRequired(
		getProfileOwnerOrDeviceOwnerLocked(caller.getUserId()),
		calledOnParentInstance);
		admin.permittedInputMethods = packageList;
		saveSettingsLocked(caller.getUserId());
		}
		}

		DevicePolicyEventLogger
		.createEvent(DevicePolicyEnums.SET_PERMITTED_INPUT_METHODS)
		@@ -12272,21 +12277,20 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}

		synchronized (getLockObject()) {
		ActiveAdmin admin;
		if (isPermissionCheckFlagEnabled()) {
		if (isPolicyEngineForFinanceFlagEnabled()) {
		int affectedUser = calledOnParentInstance ? getProfileParentId(
		caller.getUserId()) : caller.getUserId();
		admin = enforcePermissionAndGetEnforcingAdmin(
		who, MANAGE_DEVICE_POLICY_INPUT_METHODS, caller.getPackageName(),
		affectedUser).getActiveAdmin();
		Set<String> policy = mDevicePolicyEngine.getResolvedPolicy(
		PolicyDefinition.PERMITTED_INPUT_METHODS, affectedUser);
		return policy == null ? null : new ArrayList<>(policy);
		} else {
		admin = getParentOfAdminIfRequired(
		ActiveAdmin admin = getParentOfAdminIfRequired(
		getProfileOwnerOrDeviceOwnerLocked(
		caller.getUserId()), calledOnParentInstance);
		}
		return admin.permittedInputMethods;
		}
		}
		}

		@Override
		public @Nullable List<String> getPermittedInputMethodsAsUser(@UserIdInt int userId) {
		@@ -12302,10 +12306,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}

		private @Nullable List<String> getPermittedInputMethodsUnchecked(@UserIdInt int userId) {
		synchronized (getLockObject()) {
		List<String> result = null;
		if (isPolicyEngineForFinanceFlagEnabled()) {
		Set<String> policy = mDevicePolicyEngine.getResolvedPolicy(
		PolicyDefinition.PERMITTED_INPUT_METHODS, userId);
		result = policy == null ? null : new ArrayList<>(policy);
		} else {
		synchronized (getLockObject()) {
		// Only device or profile owners can have permitted lists set.
		List<ActiveAdmin> admins = getActiveAdminsForAffectedUserInclPermissionBasedAdminLocked(userId);
		List<ActiveAdmin> admins =
		getActiveAdminsForAffectedUserInclPermissionBasedAdminLocked(
		userId);
		for (ActiveAdmin admin : admins) {
		List<String> fromAdmin = admin.permittedInputMethods;
		if (fromAdmin != null) {
		@@ -12316,6 +12327,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}
		}
		}
		}
		}

		// If we have a permitted list add all system input methods.
		if (result != null) {
		@@ -12333,7 +12346,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		}
		return result;
		}
		}

		@Override
		public boolean isInputMethodPermittedByAdmin(ComponentName who, String packageName,
		@@ -12347,6 +12359,26 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		String.format(NOT_SYSTEM_CALLER_MSG,
		"query if an input method is disabled by admin"));

		if (isPolicyEngineForFinanceFlagEnabled()) {
		int affectedUser = calledOnParentInstance ? getProfileParentId(userHandle) : userHandle;
		Map<EnforcingAdmin, PolicyValue<Set<String>>> policies =
		mDevicePolicyEngine.getLocalPoliciesSetByAdmins(
		PolicyDefinition.PERMITTED_INPUT_METHODS, affectedUser);
		EnforcingAdmin admin = null;
		for (EnforcingAdmin a : policies.keySet()) {
		if (a.getPackageName().equals(who.getPackageName())) {
		if (policies.get(a).getValue() == null) {
		return true;
		} else {
		return checkPackagesInPermittedListOrSystem(
		Collections.singletonList(packageName),
		new ArrayList<>(policies.get(a).getValue()), affectedUser);
		}
		}
		}
		// Admin didn't set a policy
		return false;
		} else {
		synchronized (getLockObject()) {
		ActiveAdmin admin = getParentOfAdminIfRequired(
		getActiveAdminUncheckedLocked(who, userHandle), calledOnParentInstance);
		@@ -12360,6 +12392,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		admin.permittedInputMethods, userHandle);
		}
		}
		}

		@Override
		public boolean setPermittedCrossProfileNotificationListeners(
		@@ -23793,6 +23826,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		public DevicePolicyState getDevicePolicyState() {
		Preconditions.checkCallAuthorization(
		hasCallingOrSelfPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS));

		return mInjector.binderWithCleanCallingIdentity(mDevicePolicyEngine::getDevicePolicyState);
		}

services/devicepolicy/java/com/android/server/devicepolicy/PolicyDefinition.java

+9 −0

Original line number	Diff line number	Diff line
		@@ -308,6 +308,13 @@ final class PolicyDefinition<V> {
		DevicePolicyIdentifiers.ACCOUNT_MANAGEMENT_DISABLED_POLICY, accountType));
		}

		static PolicyDefinition<Set<String>> PERMITTED_INPUT_METHODS = new PolicyDefinition<>(
		new NoArgsPolicyKey(DevicePolicyIdentifiers.PERMITTED_INPUT_METHODS_POLICY),
		new MostRecent<>(),
		POLICY_FLAG_LOCAL_ONLY_POLICY,
		(Set<String> value, Context context, Integer userId, PolicyKey policyKey) -> true,
		new StringSetPolicySerializer());

		private static final Map<String, PolicyDefinition<?>> POLICY_DEFINITIONS = new HashMap<>();
		private static Map<String, Integer> USER_RESTRICTION_FLAGS = new HashMap<>();

		@@ -333,6 +340,8 @@ final class PolicyDefinition<V> {
		GENERIC_APPLICATION_HIDDEN);
		POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.ACCOUNT_MANAGEMENT_DISABLED_POLICY,
		GENERIC_ACCOUNT_MANAGEMENT_DISABLED);
		POLICY_DEFINITIONS.put(DevicePolicyIdentifiers.PERMITTED_INPUT_METHODS_POLICY,
		PERMITTED_INPUT_METHODS);

		// User Restriction Policies
		USER_RESTRICTION_FLAGS.put(UserManager.DISALLOW_MODIFY_ACCOUNTS, /* flags= */ 0);