Merge "Allow primary user profile owner to set device restrictions" into lmp-dev

    }

    }

    /**

    /**

     * Sets the name of the Managed profile. In the device owner case it sets the name of the user

     * Sets the name of the profile. In the device owner case it sets the name of the user

     * which it is called from. Only the profile owner or device owner can call this. If this is

     * which it is called from. Only a profile owner or device owner can call this. If this is

     * never called by the profile or device owner, the name will be set to default values.

     * never called by the profile or device owner, the name will be set to default values.

     *

     *

     * @see #isProfileOwnerApp

     * @see #isProfileOwnerApp

}

}

    /**

    /**

     * Used to determine if a particular package is registered as the Profile Owner for the

     * Used to determine if a particular package is registered as the profile owner for the

     * current user. A profile owner is a special device admin that has additional privileges

     * current user. A profile owner is a special device admin that has additional privileges

     * within the managed profile.

     * within the profile.

     *

     *

     * @param packageName The package name of the app to compare with the registered profile owner.

     * @param packageName The package name of the app to compare with the registered profile owner.

     * @return Whether or not the package is registered as the profile owner.

     * @return Whether or not the package is registered as the profile owner.

    /**

    /**

     * Called by a profile or device owner to set the application restrictions for a given target

     * Called by a profile or device owner to set the application restrictions for a given target

     * application running in the managed profile.

     * application running in the profile.

     *

     *

     * <p>The provided {@link Bundle} consists of key-value pairs, where the types of values may be

     * <p>The provided {@link Bundle} consists of key-value pairs, where the types of values may be

     * boolean, int, String, or String[].

     * boolean, int, String, or String[].

    }

    }

    /**

    /**

     * Called by a profile owner to set whether caller-Id information from the managed

     * Called by a profile owner of a managed profile to set whether caller-Id information from

     * profile will be shown for incoming calls.

     * the managed profile will be shown in the parent profile, for incoming calls.

     *

     *

     * <p>The calling device admin must be a profile owner. If it is not, a

     * <p>The calling device admin must be a profile owner. If it is not, a

     * security exception will be thrown.

     * security exception will be thrown.

    }

    }

    /**

    /**

     * Determine whether or not caller-Id information has been disabled.

     * Called by a profile owner of a managed profile to determine whether or not caller-Id

     * information has been disabled.

     *

     *

     * <p>The calling device admin must be a profile owner. If it is not, a

     * <p>The calling device admin must be a profile owner. If it is not, a

     * security exception will be thrown.

     * security exception will be thrown.

    }

    }

    /**

    /**

     * Called by the profile owner so that some intents sent in the managed profile can also be

     * Called by the profile owner of a managed profile so that some intents sent in the managed

     * resolved in the parent, or vice versa.

     * profile can also be resolved in the parent, or vice versa.

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param filter The {@link IntentFilter} the intent has to match to be also resolved in the

     * @param filter The {@link IntentFilter} the intent has to match to be also resolved in the

     * other profile

     * other profile

    }

    }

    /**

    /**

     * Called by a profile owner to remove the cross-profile intent filters that go from the

     * Called by a profile owner of a managed profile to remove the cross-profile intent filters

     * managed profile to the parent, or from the parent to the managed profile.

     * that go from the managed profile to the parent, or from the parent to the managed profile.

     * Only removes those that have been set by the profile owner.

     * Only removes those that have been set by the profile owner.

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     */

     */

    /**

    /**

     * Called by a profile or device owner to get the application restrictions for a given target

     * Called by a profile or device owner to get the application restrictions for a given target

     * application running in the managed profile.

     * application running in the profile.

     *

     *

     * <p>The calling device admin must be a profile or device owner; if it is not, a security

     * <p>The calling device admin must be a profile or device owner; if it is not, a security

     * exception will be thrown.

     * exception will be thrown.

    /**

    /**

     * Called by profile or device owner to re-enable a system app that was disabled by default

     * Called by profile or device owner to re-enable a system app that was disabled by default

     * when the managed profile was created. This can only be called from a profile or device

     * when the user was initialized.

     * owner running within a managed profile.

     *

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param packageName The package to be re-enabled in the current profile.

     * @param packageName The package to be re-enabled in the current profile.

    /**

    /**

     * Called by profile or device owner to re-enable system apps by intent that were disabled

     * Called by profile or device owner to re-enable system apps by intent that were disabled

     * by default when the managed profile was created. This can only be called from a profile

     * by default when the user was initialized.

     * or device owner running within a managed profile.

     *

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param intent An intent matching the app(s) to be installed. All apps that resolve for this

     * @param intent An intent matching the app(s) to be installed. All apps that resolve for this

    }

    }

    /**

    /**

     * Called by the profile owner to enable widget providers from a given package

     * Called by the profile owner of a managed profile to enable widget providers from a

     * to be available in the parent profile. As a result the user will be able to

     * given package to be available in the parent profile. As a result the user will be able to

     * add widgets from the white-listed package running under the profile to a widget

     * add widgets from the white-listed package running under the profile to a widget

     * host which runs under the device owner, for example the home screen. Note that

     * host which runs under the parent profile, for example the home screen. Note that

     * a package may have zero or more provider components, where each component

     * a package may have zero or more provider components, where each component

     * provides a different widget type.

     * provides a different widget type.

     * <p>

     * <p>

    }

    }

    /**

    /**

     * Called by the profile owner to disable widget providers from a given package

     * Called by the profile owner of a managed profile to disable widget providers from a given

     * to be available in the parent profile. For this method to take effect the

     * package to be available in the parent profile. For this method to take effect the

     * package should have been added via {@link #addCrossProfileWidgetProvider(

     * package should have been added via {@link #addCrossProfileWidgetProvider(

     * android.content.ComponentName, String)}.

     * android.content.ComponentName, String)}.

     * <p>

     * <p>

    }

    }

    /**

    /**

     * Called by the profile owner to query providers from which packages are

     * Called by the profile owner of a managed profile to query providers from which packages are

     * available in the parent profile.

     * available in the parent profile.

     *

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

    /**

    /**

     * Specifies if a user is disallowed from transferring files over

     * Specifies if a user is disallowed from transferring files over

     * USB. This can only be set by device owners. The default value is <code>false</code>.

     * USB. This can only be set by device owners and profile owners on the primary user.

     * The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies if a user is disallowed from configuring Tethering

     * Specifies if a user is disallowed from configuring Tethering

     * & portable hotspots. This can only be set by device owners. The default value is

     * & portable hotspots. This can only be set by device owners and profile owners on the

     * <code>false</code>.

     * primary user. The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies if a user is disallowed from factory resetting

     * Specifies if a user is disallowed from factory resetting

     * from Settings. This can only be set by device owners. The default value is

     * from Settings. This can only be set by device owners and profile owners on the primary user.

     * <code>false</code>.

     * The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies if a user is disallowed from adding new users and

     * Specifies if a user is disallowed from adding new users and

     * profiles. This can only be set by device owners. The default value is <code>false</code>.

     * profiles. This can only be set by device owners and profile owners on the primary user.

     * The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies if a user is disallowed from configuring cell

     * Specifies if a user is disallowed from configuring cell

     * broadcasts. This can only be set by device owners. The default value is <code>false</code>.

     * broadcasts. This can only be set by device owners and profile owners on the primary user.

     * The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies if a user is disallowed from configuring mobile

     * Specifies if a user is disallowed from configuring mobile

     * networks. This can only be set by device owners. The default value is <code>false</code>.

     * networks. This can only be set by device owners and profile owners on the primary user.

     * The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies if a user is disallowed from mounting

     * Specifies if a user is disallowed from mounting

     * physical external media. This can only be set by device owners. The default value is

     * physical external media. This can only be set by device owners and profile owners on the

     * <code>false</code>.

     * primary user. The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies if a user is disallowed from adjusting microphone

     * Specifies if a user is disallowed from adjusting microphone

     * volume. If set, the microphone will be muted. This can only be set by device owners.

     * volume. If set, the microphone will be muted. This can only be set by device owners

     * The default value is <code>false</code>.

     * and profile owners on the primary user. The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies if a user is disallowed from adjusting the master

     * Specifies if a user is disallowed from adjusting the master

     * volume. If set, the master volume will be muted. This can only be set by device owners.

     * volume. If set, the master volume will be muted. This can only be set by device owners

     * The default value is <code>false</code>.

     * and profile owners on the primary user. The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

    /**

    /**

     * Specifies that the user is not allowed to send or receive

     * Specifies that the user is not allowed to send or receive

     * SMS messages. This can only be set by device owners. The default value is <code>false</code>.

     * SMS messages. The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

     * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li>

     * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li>

     * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li>

     * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li>

     *

     *

     * <p>This can only be set by device owners. The default value is <code>false</code>.

     * <p>This can only be set by device owners and profile owners on the primary user.

     * The default value is <code>false</code>.

     *

     *

     * <p/>Key for user restrictions.

     * <p/>Key for user restrictions.

     * <p/>Type: Boolean

     * <p/>Type: Boolean

            ActiveAdmin activeAdmin =

            ActiveAdmin activeAdmin =

                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

                    getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER);

            boolean isDeviceOwner = isDeviceOwner(activeAdmin.info.getPackageName());

            boolean isDeviceOwner = isDeviceOwner(activeAdmin.info.getPackageName());

            if (!isDeviceOwner && DEVICE_OWNER_USER_RESTRICTIONS.contains(key)) {

            if (!isDeviceOwner && userHandle != UserHandle.USER_OWNER

                    && DEVICE_OWNER_USER_RESTRICTIONS.contains(key)) {

                throw new SecurityException("Profile owners cannot set user restriction " + key);

                throw new SecurityException("Profile owners cannot set user restriction " + key);

            }

            }

            boolean alreadyRestricted = mUserManager.hasUserRestriction(key, user);

            boolean alreadyRestricted = mUserManager.hasUserRestriction(key, user);