Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7fbe61dc authored by Alex Chau's avatar Alex Chau
Browse files

Update on a few DevicePolicyManager APIs for affiliated PO 

- Disallow managed profile from disabling keyguard and statusBar as it
  has no effect
- Removed the ability for affiliated profile owner to set device owner
  lockscreen message, as the message is not per user but set globally,
  where the original intention is to set a per user lockscreen message
- Updated javadoc accordingly

Bug: 64383519
Test: Invoking setKeyguardDisabled and setStatusBarDisabled with managed profile fails
Change-Id: Ib3fdf44f55a7c5913ea38647c582bc962329c842
parent 0ff8dabf

core/java/android/app/admin/DevicePolicyManager.java

+13 −6
Original line number Diff line number Diff line
@@ -7518,7 +7518,8 @@ public class DevicePolicyManager { 
    }



    /**

     * Called by a device owner to disable the keyguard altogether.

     * Called by a device owner or profile owner of secondary users that is affiliated with the

     * device to disable the keyguard altogether.

     * <p>

     * Setting the keyguard to disabled has the same effect as choosing "None" as the screen lock

     * type. However, this call has no effect if a password, pin or pattern is currently set. If a
@@ -7533,7 +7534,10 @@ public class DevicePolicyManager { 
     * @param disabled {@code true} disables the keyguard, {@code false} reenables it.

     * @return {@code false} if attempting to disable the keyguard while a lock password was in

     *         place. {@code true} otherwise.

     * @throws SecurityException if {@code admin} is not a device owner.

     * @throws SecurityException if {@code admin} is not the device owner, or a profile owner of

     * secondary user that is affiliated with the device.

     * @see #isAffiliatedUser

     * @see #getSecondaryUsers

     */

    public boolean setKeyguardDisabled(@NonNull ComponentName admin, boolean disabled) {

        throwIfParentInstance("setKeyguardDisabled");
@@ -7545,9 +7549,9 @@ public class DevicePolicyManager { 
    }



    /**

     * Called by device owner to disable the status bar. Disabling the status bar blocks

     * notifications, quick settings and other screen overlays that allow escaping from a single use

     * device.

     * Called by device owner or profile owner of secondary users  that is affiliated with the

     * device to disable the status bar. Disabling the status bar blocks notifications, quick

     * settings and other screen overlays that allow escaping from a single use device.

     * <p>

     * <strong>Note:</strong> This method has no effect for LockTask mode. The behavior of the

     * status bar in LockTask mode can be configured with
@@ -7558,7 +7562,10 @@ public class DevicePolicyManager { 
     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param disabled {@code true} disables the status bar, {@code false} reenables it.

     * @return {@code false} if attempting to disable the status bar failed. {@code true} otherwise.

     * @throws SecurityException if {@code admin} is not a device owner.

     * @throws SecurityException if {@code admin} is not the device owner, or a profile owner of

     * secondary user that is affiliated with the device.

     * @see #isAffiliatedUser

     * @see #getSecondaryUsers

     */

    public boolean setStatusBarDisabled(@NonNull ComponentName admin, boolean disabled) {

        throwIfParentInstance("setStatusBarDisabled");

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+7 −6
Original line number Diff line number Diff line
@@ -7190,13 +7190,8 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
            return;

        }



        final int userId = mInjector.userHandleGetCallingUserId();

        synchronized (this) {

            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

            if (!isUserAffiliatedWithDeviceLocked(userId)) {

                throw new SecurityException("Admin " + who +

                        " is neither the device owner or affiliated user's profile owner.");

            }

            getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER);

            long token = mInjector.binderClearCallingIdentity();

            try {

                mLockPatternUtils.setDeviceOwnerInfo(info != null ? info.toString() : null);
@@ -9663,6 +9658,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
                        " is neither the device owner or affiliated user's profile owner.");

            }

        }

        if (isManagedProfile(userId)) {

            throw new SecurityException("Managed profile cannot disable keyguard");

        }



        long ident = mInjector.binderClearCallingIdentity();

        try {
@@ -9689,6 +9687,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager { 
                throw new SecurityException("Admin " + who +

                        " is neither the device owner or affiliated user's profile owner.");

            }

            if (isManagedProfile(userId)) {

                throw new SecurityException("Managed profile cannot disable status bar");

            }

            DevicePolicyData policy = getUserData(userId);

            if (policy.mStatusBarDisabled != disabled) {

                boolean isLockTaskMode = false;