Expose some hidden APIs in DevicePolicyManager as SystemAPIs (8b100eb3) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+17 −0

Original line number	Diff line number	Diff line
		@@ -965,6 +965,7 @@ package android.app.admin {
		}

		public class DevicePolicyManager {
		method public int checkProvisioningPreCondition(@NonNull String, @NonNull String);
		method @Nullable public android.content.Intent createProvisioningIntentFromNfcIntent(@NonNull android.content.Intent);
		method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS) public boolean getBluetoothContactSharingDisabled(@NonNull android.os.UserHandle);
		method @Nullable @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public String getDeviceOwner();
		@@ -990,6 +991,7 @@ package android.app.admin {
		method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public void setDeviceProvisioningConfigApplied();
		method @Deprecated @RequiresPermission(value=android.Manifest.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS, conditional=true) public void setProfileOwnerCanAccessDeviceIds(@NonNull android.content.ComponentName);
		method public void setSecondaryLockscreenEnabled(@NonNull android.content.ComponentName, boolean);
		method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setUserProvisioningState(int, @NonNull android.os.UserHandle);
		field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED";
		field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED";
		field public static final String ACTION_BIND_SECONDARY_LOCKSCREEN_SERVICE = "android.app.action.BIND_SECONDARY_LOCKSCREEN_SERVICE";
		@@ -1003,6 +1005,21 @@ package android.app.admin {
		field public static final String ACTION_SET_PROFILE_OWNER = "android.app.action.SET_PROFILE_OWNER";
		field @Deprecated public static final String ACTION_STATE_USER_SETUP_COMPLETE = "android.app.action.STATE_USER_SETUP_COMPLETE";
		field public static final String ACTION_UPDATE_DEVICE_MANAGEMENT_ROLE_HOLDER = "android.app.action.UPDATE_DEVICE_MANAGEMENT_ROLE_HOLDER";
		field public static final int CODE_ACCOUNTS_NOT_EMPTY = 6; // 0x6
		field public static final int CODE_CANNOT_ADD_MANAGED_PROFILE = 11; // 0xb
		field public static final int CODE_DEVICE_ADMIN_NOT_SUPPORTED = 13; // 0xd
		field public static final int CODE_HAS_DEVICE_OWNER = 1; // 0x1
		field public static final int CODE_HAS_PAIRED = 8; // 0x8
		field public static final int CODE_MANAGED_USERS_NOT_SUPPORTED = 9; // 0x9
		field public static final int CODE_NONSYSTEM_USER_EXISTS = 5; // 0x5
		field public static final int CODE_NOT_SYSTEM_USER = 7; // 0x7
		field public static final int CODE_OK = 0; // 0x0
		field public static final int CODE_PROVISIONING_NOT_ALLOWED_FOR_NON_DEVELOPER_USERS = 15; // 0xf
		field public static final int CODE_SYSTEM_USER = 10; // 0xa
		field public static final int CODE_UNKNOWN_ERROR = -1; // 0xffffffff
		field public static final int CODE_USER_HAS_PROFILE_OWNER = 2; // 0x2
		field public static final int CODE_USER_NOT_RUNNING = 3; // 0x3
		field public static final int CODE_USER_SETUP_COMPLETED = 4; // 0x4
		field public static final String EXTRA_PROFILE_OWNER_NAME = "android.app.extra.PROFILE_OWNER_NAME";
		field @Deprecated public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_ICON_URI = "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_ICON_URI";
		field @Deprecated public static final String EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_LABEL = "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_LABEL";

core/api/test-current.txt

+0 −16

Original line number	Diff line number	Diff line
		@@ -437,7 +437,6 @@ package android.app {
		package android.app.admin {

		public class DevicePolicyManager {
		method public int checkProvisioningPreCondition(@Nullable String, @NonNull String);
		method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void clearOrganizationId();
		method @RequiresPermission(android.Manifest.permission.CLEAR_FREEZE_PERIOD) public void clearSystemUpdatePolicyFreezePeriodRecord();
		method @Nullable public android.os.UserHandle createAndProvisionManagedProfile(@NonNull android.app.admin.ManagedProfileProvisioningParams) throws android.app.admin.ProvisioningException;
		@@ -465,22 +464,7 @@ package android.app.admin {
		method @RequiresPermission(android.Manifest.permission.MANAGE_DEVICE_ADMINS) public void setNextOperationSafety(int, int);
		field public static final String ACTION_DATA_SHARING_RESTRICTION_APPLIED = "android.app.action.DATA_SHARING_RESTRICTION_APPLIED";
		field public static final String ACTION_DEVICE_POLICY_CONSTANTS_CHANGED = "android.app.action.DEVICE_POLICY_CONSTANTS_CHANGED";
		field public static final int CODE_ACCOUNTS_NOT_EMPTY = 6; // 0x6
		field public static final int CODE_CANNOT_ADD_MANAGED_PROFILE = 11; // 0xb
		field public static final int CODE_DEVICE_ADMIN_NOT_SUPPORTED = 13; // 0xd
		field public static final int CODE_HAS_DEVICE_OWNER = 1; // 0x1
		field public static final int CODE_HAS_PAIRED = 8; // 0x8
		field public static final int CODE_MANAGED_USERS_NOT_SUPPORTED = 9; // 0x9
		field public static final int CODE_NONSYSTEM_USER_EXISTS = 5; // 0x5
		field public static final int CODE_NOT_SYSTEM_USER = 7; // 0x7
		field @Deprecated public static final int CODE_NOT_SYSTEM_USER_SPLIT = 12; // 0xc
		field public static final int CODE_OK = 0; // 0x0
		field public static final int CODE_PROVISIONING_NOT_ALLOWED_FOR_NON_DEVELOPER_USERS = 15; // 0xf
		field @Deprecated public static final int CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER = 14; // 0xe
		field public static final int CODE_SYSTEM_USER = 10; // 0xa
		field public static final int CODE_USER_HAS_PROFILE_OWNER = 2; // 0x2
		field public static final int CODE_USER_NOT_RUNNING = 3; // 0x3
		field public static final int CODE_USER_SETUP_COMPLETED = 4; // 0x4
		field public static final int OPERATION_CLEAR_APPLICATION_USER_DATA = 23; // 0x17
		field public static final int OPERATION_CREATE_AND_MANAGE_USER = 5; // 0x5
		field public static final int OPERATION_INSTALL_CA_CERT = 24; // 0x18

core/java/android/app/admin/DevicePolicyManager.java

+59 −19

Original line number	Diff line number	Diff line
		@@ -2155,6 +2155,17 @@ public class DevicePolicyManager {
		@Retention(RetentionPolicy.SOURCE)
		public @interface UserProvisioningState {}

		/**
		* Result code for {@link #checkProvisioningPreCondition}.
		*
		* <p>Unknown error code returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},
		* {@link #ACTION_PROVISION_MANAGED_PROFILE} and {@link #ACTION_PROVISION_MANAGED_USER}.
		*
		* @hide
		*/
		@SystemApi
		public static final int CODE_UNKNOWN_ERROR = -1;

		/**
		* Result code for {@link #checkProvisioningPreCondition}.
		*
		@@ -2164,7 +2175,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_OK = 0;

		/**
		@@ -2175,7 +2186,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_HAS_DEVICE_OWNER = 1;

		/**
		@@ -2186,7 +2197,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_USER_HAS_PROFILE_OWNER = 2;

		/**
		@@ -2196,7 +2207,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_USER_NOT_RUNNING = 3;

		/**
		@@ -2207,7 +2218,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_USER_SETUP_COMPLETED = 4;

		/**
		@@ -2215,7 +2226,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_NONSYSTEM_USER_EXISTS = 5;

		/**
		@@ -2223,7 +2234,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_ACCOUNTS_NOT_EMPTY = 6;

		/**
		@@ -2233,7 +2244,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_NOT_SYSTEM_USER = 7;

		/**
		@@ -2244,7 +2255,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_HAS_PAIRED = 8;

		/**
		@@ -2256,7 +2267,7 @@ public class DevicePolicyManager {
		* @see {@link PackageManager#FEATURE_MANAGED_USERS}
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_MANAGED_USERS_NOT_SUPPORTED = 9;

		/**
		@@ -2268,7 +2279,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_SYSTEM_USER = 10;

		/**
		@@ -2279,7 +2290,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_CANNOT_ADD_MANAGED_PROFILE = 11;

		/**
		@@ -2289,7 +2300,6 @@ public class DevicePolicyManager {
		* @deprecated not used anymore but can't be removed since it's a @TestApi.
		**/
		@Deprecated
		@TestApi
		public static final int CODE_NOT_SYSTEM_USER_SPLIT = 12;

		/**
		@@ -2301,7 +2311,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_DEVICE_ADMIN_NOT_SUPPORTED = 13;

		/**
		@@ -2323,7 +2333,7 @@ public class DevicePolicyManager {
		*
		* @hide
		*/
		@TestApi
		@SystemApi
		public static final int CODE_PROVISIONING_NOT_ALLOWED_FOR_NON_DEVELOPER_USERS = 15;

		/**
		@@ -2334,8 +2344,8 @@ public class DevicePolicyManager {
		*/
		@Retention(RetentionPolicy.SOURCE)
		@IntDef(prefix = { "CODE_" }, value = {
		CODE_OK, CODE_HAS_DEVICE_OWNER, CODE_USER_HAS_PROFILE_OWNER, CODE_USER_NOT_RUNNING,
		CODE_USER_SETUP_COMPLETED, CODE_NOT_SYSTEM_USER, CODE_HAS_PAIRED,
		CODE_UNKNOWN_ERROR, CODE_OK, CODE_HAS_DEVICE_OWNER, CODE_USER_HAS_PROFILE_OWNER,
		CODE_USER_NOT_RUNNING, CODE_USER_SETUP_COMPLETED, CODE_NOT_SYSTEM_USER, CODE_HAS_PAIRED,
		CODE_MANAGED_USERS_NOT_SUPPORTED, CODE_SYSTEM_USER, CODE_CANNOT_ADD_MANAGED_PROFILE,
		CODE_NOT_SYSTEM_USER_SPLIT, CODE_DEVICE_ADMIN_NOT_SUPPORTED,
		CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER,
		@@ -11413,9 +11423,9 @@ public class DevicePolicyManager {
		* @return A {@link ProvisioningPreCondition} value indicating whether provisioning is allowed.
		* @hide
		*/
		@TestApi
		@SystemApi
		public @ProvisioningPreCondition int checkProvisioningPreCondition(
		@Nullable String action, @NonNull String packageName) {
		@NonNull String action, @NonNull String packageName) {
		try {
		return mService.checkProvisioningPreCondition(action, packageName);
		} catch (RemoteException re) {
		@@ -12135,8 +12145,10 @@ public class DevicePolicyManager {
		*
		* @param state to store
		* @param userHandle for user
		*
		* @hide
		*/
		@RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)
		public void setUserProvisioningState(@UserProvisioningState int state, int userHandle) {
		if (mService != null) {
		try {
		@@ -12147,6 +12159,34 @@ public class DevicePolicyManager {
		}
		}

		/**
		* Set the {@link UserProvisioningState} for the supplied user. The supplied user has to be
		* manged, otherwise it will throw an {@link IllegalStateException}.
		*
		* <p> For managed users/profiles/devices, only the following state changes are allowed:
		* <ul>
		* <li>{@link #STATE_USER_UNMANAGED} can change to any other state except itself
		* <li>{@link #STATE_USER_SETUP_INCOMPLETE} and {@link #STATE_USER_SETUP_COMPLETE} can only
		* change to {@link #STATE_USER_SETUP_FINALIZED}</li>
		* <li>{@link #STATE_USER_PROFILE_COMPLETE} can only change to
		* {@link #STATE_USER_PROFILE_FINALIZED}</li>
		* <li>{@link #STATE_USER_SETUP_FINALIZED} can't be changed to any other state</li>
		* <li>{@link #STATE_USER_PROFILE_FINALIZED} can only change to
		* {@link #STATE_USER_UNMANAGED}</li>
		* </ul>
		* @param state to store
		* @param userHandle for user
		* @throws IllegalStateException if called with an invalid state change.
		*
		* @hide
		*/
		@SystemApi
		@RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS)
		public void setUserProvisioningState(
		@UserProvisioningState int state, @NonNull UserHandle userHandle) {
		setUserProvisioningState(state, userHandle.getIdentifier());
		}

		/**
		* Indicates the entity that controls the device. Two users are
		* affiliated if the set of ids set by the device owner and the admin of the secondary user.

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+37 −31

Original line number	Diff line number	Diff line
		@@ -9008,7 +9008,12 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
		return;
		}

		Preconditions.checkCallAuthorization(
		hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));

		final CallerIdentity caller = getCallerIdentity();
		final long id = mInjector.binderClearCallingIdentity();
		try {
		if (userHandle != mOwners.getDeviceOwnerUserId() && !mOwners.hasProfileOwner(userHandle)
		&& getManagedUserId(userHandle) == -1
		&& newState != STATE_USER_UNMANAGED) {
		@@ -9022,29 +9027,30 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {

		// Calling identity/permission checks.
		if (isAdb(caller)) {
		// ADB shell can only move directly from un-managed to finalized as part of directly
		// setting profile-owner or device-owner.
		if (getUserProvisioningState(userHandle) !=
		DevicePolicyManager.STATE_USER_UNMANAGED
		// ADB shell can only move directly from un-managed to finalized as part of
		// directly setting profile-owner or device-owner.
		if (getUserProvisioningState(userHandle)
		!= DevicePolicyManager.STATE_USER_UNMANAGED
		\|\| newState != DevicePolicyManager.STATE_USER_SETUP_FINALIZED) {
		throw new IllegalStateException("Not allowed to change provisioning state "
		+ "unless current provisioning state is unmanaged, and new state is "
		+ "finalized.");
		+ "unless current provisioning state is unmanaged, and new state"
		+ "is finalized.");
		}
		transitionCheckNeeded = false;
		} else {
		Preconditions.checkCallAuthorization(
		hasCallingOrSelfPermission(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS));
		}

		final DevicePolicyData policyData = getUserData(userHandle);
		if (transitionCheckNeeded) {
		// Optional state transition check for non-ADB case.
		checkUserProvisioningStateTransition(policyData.mUserProvisioningState, newState);
		checkUserProvisioningStateTransition(policyData.mUserProvisioningState,
		newState);
		}
		policyData.mUserProvisioningState = newState;
		saveSettingsLocked(userHandle);
		}
		} finally {
		mInjector.binderRestoreCallingIdentity(id);
		}
		}

		private void checkUserProvisioningStateTransition(int currentState, int newState) {