Merge "Enforce DISALLOW_ADD_MANAGED_PROFILE"

            "com.android.server.action.BUGREPORT_SHARING_DECLINED";

            "com.android.server.action.BUGREPORT_SHARING_DECLINED";

    /**

    /**

     * Action: Bugreport has been collected and is dispatched to {@link DevicePolicyManagerService}.

     * Action: Bugreport has been collected and is dispatched to {@code DevicePolicyManagerService}.

     *

     *

     * @hide

     * @hide

     */

     */

    public @interface UserProvisioningState {}

    public @interface UserProvisioningState {}

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_USER} and

     * {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_USER} and

    public static final int CODE_OK = 0;

    public static final int CODE_OK = 0;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the device already has a device

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the device already has a device

    public static final int CODE_HAS_DEVICE_OWNER = 1;

    public static final int CODE_HAS_DEVICE_OWNER = 1;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the user has a profile owner and for

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the user has a profile owner and for

    public static final int CODE_USER_HAS_PROFILE_OWNER = 2;

    public static final int CODE_USER_HAS_PROFILE_OWNER = 2;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the user isn't running.

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the user isn't running.

    public static final int CODE_USER_NOT_RUNNING = 3;

    public static final int CODE_USER_NOT_RUNNING = 3;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} if the device has already been setup and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} if the device has already been setup and

    public static final int CODE_ACCOUNTS_NOT_EMPTY = 6;

    public static final int CODE_ACCOUNTS_NOT_EMPTY = 6;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} if the user is not a system user.

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} if the user is not a system user.

    public static final int CODE_NOT_SYSTEM_USER = 7;

    public static final int CODE_NOT_SYSTEM_USER = 7;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} and {@link #ACTION_PROVISION_MANAGED_USER}

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} and {@link #ACTION_PROVISION_MANAGED_USER}

    public static final int CODE_HAS_PAIRED = 8;

    public static final int CODE_HAS_PAIRED = 8;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} and

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} and

     * {@link #ACTION_PROVISION_MANAGED_USER} on devices which do not support managed users.

     * {@link #ACTION_PROVISION_MANAGED_USER} on devices which do not support managed users.

    public static final int CODE_MANAGED_USERS_NOT_SUPPORTED = 9;

    public static final int CODE_MANAGED_USERS_NOT_SUPPORTED = 9;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_USER} if the user is a system user.

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_USER} if the user is a system user.

     *

     *

    public static final int CODE_SYSTEM_USER = 10;

    public static final int CODE_SYSTEM_USER = 10;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the user cannot have more

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the user cannot have more

     * managed profiles.

     * managed profiles.

    public static final int CODE_CANNOT_ADD_MANAGED_PROFILE = 11;

    public static final int CODE_CANNOT_ADD_MANAGED_PROFILE = 11;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_USER} and

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_USER} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} on devices not running with split system

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} on devices not running with split system

    public static final int CODE_NOT_SYSTEM_USER_SPLIT = 12;

    public static final int CODE_NOT_SYSTEM_USER_SPLIT = 12;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_USER} and

     * {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_USER} and

    public static final int CODE_DEVICE_ADMIN_NOT_SUPPORTED = 13;

    public static final int CODE_DEVICE_ADMIN_NOT_SUPPORTED = 13;

    /**

    /**

     * Result code for {@link checkProvisioningPreCondition}.

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the device the user is a

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the device the user is a

     * system user on a split system user device.

     * system user on a split system user device.

    public static final int CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER = 14;

    public static final int CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER = 14;

    /**

    /**

     * Result codes for {@link checkProvisioningPreCondition} indicating all the provisioning pre

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when adding a managed profile is

     * disallowed by {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}.

     *

     * @hide

     */

    public static final int CODE_ADD_MANAGED_PROFILE_DISALLOWED = 15;

    /**

     * Result codes for {@link #checkProvisioningPreCondition} indicating all the provisioning pre

     * conditions.

     * conditions.

     *

     *

     * @hide

     * @hide

            CODE_USER_SETUP_COMPLETED, CODE_NOT_SYSTEM_USER, CODE_HAS_PAIRED,

            CODE_USER_SETUP_COMPLETED, CODE_NOT_SYSTEM_USER, CODE_HAS_PAIRED,

            CODE_MANAGED_USERS_NOT_SUPPORTED, CODE_SYSTEM_USER, CODE_CANNOT_ADD_MANAGED_PROFILE,

            CODE_MANAGED_USERS_NOT_SUPPORTED, CODE_SYSTEM_USER, CODE_CANNOT_ADD_MANAGED_PROFILE,

            CODE_NOT_SYSTEM_USER_SPLIT, CODE_DEVICE_ADMIN_NOT_SUPPORTED,

            CODE_NOT_SYSTEM_USER_SPLIT, CODE_DEVICE_ADMIN_NOT_SUPPORTED,

            CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER})

            CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER, CODE_ADD_MANAGED_PROFILE_DISALLOWED})

    public @interface ProvisioningPreCondition {}

    public @interface ProvisioningPreCondition {}

    /**

    /**

    }

    }

    /**

    /**

     * Returns if provisioning a managed profile or device is possible or not.

     * Returns whether it is possible for the caller to initiate provisioning of a managed profile

     * or device, setting itself as the device or profile owner.

     *

     * @param action One of {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * @param action One of {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_PROFILE}.

     * {@link #ACTION_PROVISION_MANAGED_PROFILE}.

     * @return if provisioning a managed profile or device is possible or not.

     * @return whether provisioning a managed profile or device is possible.

     * @throws IllegalArgumentException if the supplied action is not valid.

     * @throws IllegalArgumentException if the supplied action is not valid.

     */

     */

    public boolean isProvisioningAllowed(String action) {

    public boolean isProvisioningAllowed(@NonNull String action) {

        throwIfParentInstance("isProvisioningAllowed");

        throwIfParentInstance("isProvisioningAllowed");

        try {

        try {

            return mService.isProvisioningAllowed(action);

            return mService.isProvisioningAllowed(action, mContext.getPackageName());

        } catch (RemoteException re) {

        } catch (RemoteException re) {

            throw re.rethrowFromSystemServer();

            throw re.rethrowFromSystemServer();

        }

        }

    }

    }

    /**

    /**

     * Checks if provisioning a managed profile or device is possible and returns one of the

     * Checks whether it is possible to initiate provisioning a managed device,

     * {@link ProvisioningPreCondition}.

     * profile or user, setting the given package as owner.

     *

     *

     * @param action One of {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * @param action One of {@link #ACTION_PROVISION_MANAGED_DEVICE},

     *        {@link #ACTION_PROVISION_MANAGED_PROFILE},

     *        {@link #ACTION_PROVISION_MANAGED_PROFILE},

     *        {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE},

     *        {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE},

     *        {@link #ACTION_PROVISION_MANAGED_USER}

     *        {@link #ACTION_PROVISION_MANAGED_USER}

     * @param packageName The package of the component that would be set as device, user, or profile

     *        owner.

     * @return A {@link ProvisioningPreCondition} value indicating whether provisioning is allowed.

     * @hide

     * @hide

     */

     */

    public @ProvisioningPreCondition int checkProvisioningPreCondition(String action) {

    public @ProvisioningPreCondition int checkProvisioningPreCondition(

            String action, @NonNull String packageName) {

        try {

        try {

            return mService.checkProvisioningPreCondition(action);

            return mService.checkProvisioningPreCondition(action, packageName);

        } catch (RemoteException re) {

        } catch (RemoteException re) {

            throw re.rethrowFromSystemServer();

            throw re.rethrowFromSystemServer();

        }

        }

     * @hide

     * @hide

     * Force update user setup completed status. This API has no effect on user build.

     * Force update user setup completed status. This API has no effect on user build.

     * @throws {@link SecurityException} if the caller has no

     * @throws {@link SecurityException} if the caller has no

     *         {@link android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS} or the caller is

     *         {@code android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS} or the caller is

     *         not {@link UserHandle.SYSTEM_USER}

     *         not {@link UserHandle#SYSTEM_USER}

     */

     */

    public void forceUpdateUserSetupComplete() {

    public void forceUpdateUserSetupComplete() {

        try {

        try {

    boolean setPermissionGrantState(in ComponentName admin, String packageName,

    boolean setPermissionGrantState(in ComponentName admin, String packageName,

            String permission, int grantState);

            String permission, int grantState);

    int getPermissionGrantState(in ComponentName admin, String packageName, String permission);

    int getPermissionGrantState(in ComponentName admin, String packageName, String permission);

    boolean isProvisioningAllowed(String action);

    boolean isProvisioningAllowed(String action, String packageName);

    int checkProvisioningPreCondition(String action);

    int checkProvisioningPreCondition(String action, String packageName);

    void setKeepUninstalledPackages(in ComponentName admin,in List<String> packageList);

    void setKeepUninstalledPackages(in ComponentName admin,in List<String> packageList);

    List<String> getKeepUninstalledPackages(in ComponentName admin);

    List<String> getKeepUninstalledPackages(in ComponentName admin);

    boolean isManagedProfile(in ComponentName admin);

    boolean isManagedProfile(in ComponentName admin);

import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;

import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;

import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY;

import static android.app.admin.DevicePolicyManager.CODE_ACCOUNTS_NOT_EMPTY;

import static android.app.admin.DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED;

import static android.app.admin.DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE;

import static android.app.admin.DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE;

import static android.app.admin.DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED;

import static android.app.admin.DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED;

import static android.app.admin.DevicePolicyManager.CODE_HAS_DEVICE_OWNER;

import static android.app.admin.DevicePolicyManager.CODE_HAS_DEVICE_OWNER;

        mSecurityLogMonitor = new SecurityLogMonitor(this);

        mSecurityLogMonitor = new SecurityLogMonitor(this);

        mHasFeature = mContext.getPackageManager()

        mHasFeature = mInjector.getPackageManager()

                .hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN);

                .hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN);

        mIsWatch = mContext.getPackageManager()

        mIsWatch = mInjector.getPackageManager()

                .hasSystemFeature(PackageManager.FEATURE_WATCH);

                .hasSystemFeature(PackageManager.FEATURE_WATCH);

        if (!mHasFeature) {

        if (!mHasFeature) {

            // Skip the rest of the initialization

            // Skip the rest of the initialization

            }

            }

            try {

            try {

                int uid = mContext.getPackageManager().getPackageUidAsUser(

                int uid = mInjector.getPackageManager().getPackageUidAsUser(

                        policy.mDelegatedCertInstallerPackage, userHandle);

                        policy.mDelegatedCertInstallerPackage, userHandle);

                return uid == callingUid;

                return uid == callingUid;

            } catch (NameNotFoundException e) {

            } catch (NameNotFoundException e) {

        }

        }

    }

    }

    private boolean isDeviceOwnerPackage(String packageName, int userId) {

        synchronized (this) {

            return mOwners.hasDeviceOwner()

                    && mOwners.getDeviceOwnerUserId() == userId

                    && mOwners.getDeviceOwnerPackageName().equals(packageName);

        }

    }

    public boolean isProfileOwner(ComponentName who, int userId) {

    public boolean isProfileOwner(ComponentName who, int userId) {

        final ComponentName profileOwner = getProfileOwner(userId);

        final ComponentName profileOwner = getProfileOwner(userId);

        return who != null && who.equals(profileOwner);

        return who != null && who.equals(profileOwner);

        Preconditions.checkNotNull(packageName, "packageName is null");

        Preconditions.checkNotNull(packageName, "packageName is null");

        final int callingUid = mInjector.binderGetCallingUid();

        final int callingUid = mInjector.binderGetCallingUid();

        try {

        try {

            int uid = mContext.getPackageManager().getPackageUidAsUser(packageName,

            int uid = mInjector.getPackageManager().getPackageUidAsUser(packageName,

                    UserHandle.getUserId(callingUid));

                    UserHandle.getUserId(callingUid));

            if (uid != callingUid) {

            if (uid != callingUid) {

                throw new SecurityException("Invalid packageName");

                throw new SecurityException("Invalid packageName");

            }

            }

            try {

            try {

                int uid = mContext.getPackageManager().getPackageUidAsUser(

                int uid = mInjector.getPackageManager().getPackageUidAsUser(

                        policy.mApplicationRestrictionsManagingPackage, userHandle);

                        policy.mApplicationRestrictionsManagingPackage, userHandle);

                return uid == callingUid;

                return uid == callingUid;

            } catch (NameNotFoundException e) {

            } catch (NameNotFoundException e) {

            }

            }

            final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent()

            final String deviceOwnerPackageName = mOwners.getDeviceOwnerComponent()

                    .getPackageName();

                    .getPackageName();

            final String[] pkgs = mContext.getPackageManager().getPackagesForUid(callerUid);

            final String[] pkgs = mInjector.getPackageManager().getPackagesForUid(callerUid);

            for (String pkg : pkgs) {

            for (String pkg : pkgs) {

                if (deviceOwnerPackageName.equals(pkg)) {

                if (deviceOwnerPackageName.equals(pkg)) {

            ActivityInfo[] receivers = null;

            ActivityInfo[] receivers = null;

            try {

            try {

                receivers  = mContext.getPackageManager().getPackageInfo(

                receivers  = mInjector.getPackageManager().getPackageInfo(

                        deviceOwnerPackage, PackageManager.GET_RECEIVERS).receivers;

                        deviceOwnerPackage, PackageManager.GET_RECEIVERS).receivers;

            } catch (NameNotFoundException e) {

            } catch (NameNotFoundException e) {

                Log.e(LOG_TAG, "Cannot find device owner package", e);

                Log.e(LOG_TAG, "Cannot find device owner package", e);

                        < android.os.Build.VERSION_CODES.M) {

                        < android.os.Build.VERSION_CODES.M) {

                    return false;

                    return false;

                }

                }

                final PackageManager packageManager = mContext.getPackageManager();

                final PackageManager packageManager = mInjector.getPackageManager();

                switch (grantState) {

                switch (grantState) {

                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {

                    case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {

                        mInjector.getPackageManagerInternal().grantRuntimePermission(packageName,

                        mInjector.getPackageManagerInternal().grantRuntimePermission(packageName,

    @Override

    @Override

    public int getPermissionGrantState(ComponentName admin, String packageName,

    public int getPermissionGrantState(ComponentName admin, String packageName,

            String permission) throws RemoteException {

            String permission) throws RemoteException {

        PackageManager packageManager = mContext.getPackageManager();

        PackageManager packageManager = mInjector.getPackageManager();

        UserHandle user = mInjector.binderGetCallingUserHandle();

        UserHandle user = mInjector.binderGetCallingUserHandle();

        synchronized (this) {

        synchronized (this) {

    }

    }

    @Override

    @Override

    public boolean isProvisioningAllowed(String action) {

    public boolean isProvisioningAllowed(String action, String packageName) {

        return checkProvisioningPreConditionSkipPermission(action) == CODE_OK;

        Preconditions.checkNotNull(packageName);

        final int callingUid = mInjector.binderGetCallingUid();

        final long ident = mInjector.binderClearCallingIdentity();

        try {

            final int uidForPackage = mInjector.getPackageManager().getPackageUidAsUser(

                    packageName, UserHandle.getUserId(callingUid));

            Preconditions.checkArgument(callingUid == uidForPackage,

                    "Caller uid doesn't match the one for the provided package.");

        } catch (NameNotFoundException e) {

            throw new IllegalArgumentException("Invalid package provided " + packageName, e);

        } finally {

            mInjector.binderRestoreCallingIdentity(ident);

        }

        return checkProvisioningPreConditionSkipPermission(action, packageName) == CODE_OK;

    }

    }

    @Override

    @Override

    public int checkProvisioningPreCondition(String action) {

    public int checkProvisioningPreCondition(String action, String packageName) {

        Preconditions.checkNotNull(packageName);

        enforceCanManageProfileAndDeviceOwners();

        enforceCanManageProfileAndDeviceOwners();

        return checkProvisioningPreConditionSkipPermission(action);

        return checkProvisioningPreConditionSkipPermission(action, packageName);

    }

    }

    private int checkProvisioningPreConditionSkipPermission(String action) {

    private int checkProvisioningPreConditionSkipPermission(String action, String packageName) {

        if (!mHasFeature) {

        if (!mHasFeature) {

            return CODE_DEVICE_ADMIN_NOT_SUPPORTED;

            return CODE_DEVICE_ADMIN_NOT_SUPPORTED;

        }

        }

        if (action != null) {

        if (action != null) {

            switch (action) {

            switch (action) {

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE:

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE:

                    return checkManagedProfileProvisioningPreCondition(callingUserId);

                    return checkManagedProfileProvisioningPreCondition(packageName, callingUserId);

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE:

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE:

                    return checkDeviceOwnerProvisioningPreCondition(callingUserId);

                    return checkDeviceOwnerProvisioningPreCondition(callingUserId);

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER:

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER:

        }

        }

    }

    }

    private int checkManagedProfileProvisioningPreCondition(int callingUserId) {

    private int checkManagedProfileProvisioningPreCondition(String packageName, int callingUserId) {

        if (!hasFeatureManagedUsers()) {

        if (!hasFeatureManagedUsers()) {

            return CODE_MANAGED_USERS_NOT_SUPPORTED;

            return CODE_MANAGED_USERS_NOT_SUPPORTED;

        }

        }

            // Managed user cannot have a managed profile.

            // Managed user cannot have a managed profile.

            return CODE_USER_HAS_PROFILE_OWNER;

            return CODE_USER_HAS_PROFILE_OWNER;

        }

        }

        final long ident = mInjector.binderClearCallingIdentity();

        final long ident = mInjector.binderClearCallingIdentity();

        try {

        try {

             /* STOPSHIP(b/31952368) Reinstate a check similar to this once ManagedProvisioning

            final UserHandle callingUserHandle = UserHandle.of(callingUserId);

                   uses checkProvisioningPreCondition (see ag/1607846) and passes the packageName

            if (mUserManager.hasUserRestriction(

                   there. In isProvisioningAllowed we should check isCallerDeviceOwner, but for

                    UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserHandle)) {

                   managed provisioning we need to check the package that is going to be set as PO

                // The DO can initiate provisioning if the restriction was set by the DO.

                if (mUserManager.hasUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE)) {

                if (!isDeviceOwnerPackage(packageName, callingUserId)

                    if (!isCallerDeviceOwner(callingUid)

                        || isAdminAffectedByRestriction(mOwners.getDeviceOwnerComponent(),

                        || isAdminAffectedByRestriction(mOwners.getDeviceOwnerComponent(),

                                UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserId)) {

                                UserManager.DISALLOW_ADD_MANAGED_PROFILE, callingUserId)) {

                    // Caller is not DO or the restriction was set by the system.

                    // Caller is not DO or the restriction was set by the system.

                    return false;

                    return CODE_ADD_MANAGED_PROFILE_DISALLOWED;

                }

                }

                } */

            }

            // TODO: Allow it if the caller is the DO? DO could just call removeUser() before

            // TODO: Allow it if the caller is the DO? DO could just call removeUser() before

            // provisioning, so not strictly required...

            // provisioning, so not strictly required...

            boolean canRemoveProfile = !mUserManager.hasUserRestriction(

            boolean canRemoveProfile = !mUserManager.hasUserRestriction(

                        UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, UserHandle.of(callingUserId));

                        UserManager.DISALLOW_REMOVE_MANAGED_PROFILE, callingUserHandle);

            if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) {

            if (!mUserManager.canAddMoreManagedProfiles(callingUserId, canRemoveProfile)) {

                return CODE_CANNOT_ADD_MANAGED_PROFILE;

                return CODE_CANNOT_ADD_MANAGED_PROFILE;

            }

            }

                eq(packageName),

                eq(packageName),

                eq(0),

                eq(0),

                eq(userId));

                eq(userId));

        doReturn(ai.uid).when(mMockContext.packageManager).getPackageUidAsUser(

                eq(packageName),

                eq(userId));

    }

    }

    protected void setUpPackageManagerForAdmin(ComponentName admin, int packageUid)

    protected void setUpPackageManagerForAdmin(ComponentName admin, int packageUid)