Merge "Add API to get enforcing admins for policies" into udc-qpr-dev am: 70c488a63b am: cb6cf47cd2 (8e5ff2e1) · Commits · e / os / android_frameworks_base

core/java/android/app/admin/DevicePolicyManager.java

+28 −0

Original line number	Diff line number	Diff line
		@@ -11805,6 +11805,34 @@ public class DevicePolicyManager {
		return null;
		}

		/**
		* Returns the list of {@link EnforcingAdmin}s who have set this restriction.
		*
		* <p>Note that for {@link #POLICY_SUSPEND_PACKAGES} it returns the PO or DO to keep the
		* behavior the same as before the bug fix for b/192245204.
		*
		* <p>This API is only callable by the system UID
		*
		* @param userId The user for whom to retrieve the information.
		* @param restriction The restriction enforced by admins. It could be any user restriction or
		* policy like {@link DevicePolicyManager#POLICY_DISABLE_CAMERA} and
		* {@link DevicePolicyManager#POLICY_DISABLE_SCREEN_CAPTURE}.
		*
		* @hide
		*/
		public @NonNull Set<EnforcingAdmin> getEnforcingAdminsForRestriction(int userId,
		@NonNull String restriction) {
		if (mService != null) {
		try {
		return new HashSet<>(mService.getEnforcingAdminsForRestriction(
		userId, restriction));
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}
		return null;
		}

		/**
		* Hide or unhide packages. When a package is hidden it is unavailable for use, but the data and
		* actual package file remain. This function can be called by a device owner, profile owner, or

core/java/android/app/admin/EnforcingAdmin.aidl

0 → 100644

+19 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2023 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package android.app.admin;

		parcelable EnforcingAdmin;
		No newline at end of file

core/java/android/app/admin/EnforcingAdmin.java

+26 −2

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ package android.app.admin;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		import android.annotation.SystemApi;
		import android.content.ComponentName;
		import android.os.Parcel;
		import android.os.Parcelable;
		import android.os.UserHandle;
		@@ -37,6 +38,11 @@ public final class EnforcingAdmin implements Parcelable {
		private final Authority mAuthority;
		private final UserHandle mUserHandle;

		/**
		* @hide
		*/
		private final ComponentName mComponentName;

		/**
		* Creates an enforcing admin with the given params.
		*/
		@@ -46,6 +52,21 @@ public final class EnforcingAdmin implements Parcelable {
		mPackageName = Objects.requireNonNull(packageName);
		mAuthority = Objects.requireNonNull(authority);
		mUserHandle = Objects.requireNonNull(userHandle);
		mComponentName = null;
		}

		/**
		* Creates an enforcing admin with the given params.
		*
		* @hide
		*/
		public EnforcingAdmin(
		@NonNull String packageName, @NonNull Authority authority,
		@NonNull UserHandle userHandle, @Nullable ComponentName componentName) {
		mPackageName = Objects.requireNonNull(packageName);
		mAuthority = Objects.requireNonNull(authority);
		mUserHandle = Objects.requireNonNull(userHandle);
		mComponentName = componentName;
		}

		private EnforcingAdmin(Parcel source) {
		@@ -53,6 +74,7 @@ public final class EnforcingAdmin implements Parcelable {
		mUserHandle = new UserHandle(source.readInt());
		mAuthority = Objects.requireNonNull(
		source.readParcelable(Authority.class.getClassLoader()));
		mComponentName = source.readParcelable(ComponentName.class.getClassLoader());
		}

		/**
		@@ -86,7 +108,8 @@ public final class EnforcingAdmin implements Parcelable {
		EnforcingAdmin other = (EnforcingAdmin) o;
		return Objects.equals(mPackageName, other.mPackageName)
		&& Objects.equals(mAuthority, other.mAuthority)
		&& Objects.equals(mUserHandle, other.mUserHandle);
		&& Objects.equals(mUserHandle, other.mUserHandle)
		&& Objects.equals(mComponentName, other.mComponentName);
		}

		@Override
		@@ -97,7 +120,7 @@ public final class EnforcingAdmin implements Parcelable {
		@Override
		public String toString() {
		return "EnforcingAdmin { mPackageName= " + mPackageName + ", mAuthority= " + mAuthority
		+ ", mUserHandle= " + mUserHandle + " }";
		+ ", mUserHandle= " + mUserHandle + ", mComponentName= " + mComponentName + " }";
		}

		@Override
		@@ -110,6 +133,7 @@ public final class EnforcingAdmin implements Parcelable {
		dest.writeString(mPackageName);
		dest.writeInt(mUserHandle.getIdentifier());
		dest.writeParcelable(mAuthority, flags);
		dest.writeParcelable(mComponentName, flags);
		}

		@NonNull

core/java/android/app/admin/IDevicePolicyManager.aidl

+2 −0

Original line number	Diff line number	Diff line
		@@ -54,6 +54,7 @@ import android.security.keystore.ParcelableKeyGenParameterSpec;
		import android.telephony.data.ApnSetting;
		import com.android.internal.infra.AndroidFuture;
		import android.app.admin.DevicePolicyState;
		import android.app.admin.EnforcingAdmin;

		import java.util.List;

		@@ -274,6 +275,7 @@ interface IDevicePolicyManager {

		Intent createAdminSupportIntent(in String restriction);
		Bundle getEnforcingAdminAndUserDetails(int userId,String restriction);
		List<EnforcingAdmin> getEnforcingAdminsForRestriction(int userId,String restriction);
		boolean setApplicationHidden(in ComponentName admin, in String callerPackage, in String packageName, boolean hidden, boolean parent);
		boolean isApplicationHidden(in ComponentName admin, in String callerPackage, in String packageName, boolean parent);

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+84 −0

Original line number	Diff line number	Diff line
		@@ -15840,6 +15840,83 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return null;
		}

		/**
		* @param restriction The restriction enforced by admin. It could be any user restriction or
		* policy like {@link DevicePolicyManager#POLICY_DISABLE_CAMERA},
		* {@link DevicePolicyManager#POLICY_DISABLE_SCREEN_CAPTURE} and {@link
		* DevicePolicyManager#POLICY_SUSPEND_PACKAGES}.
		*/
		private Set<android.app.admin.EnforcingAdmin> getEnforcingAdminsForRestrictionInternal(
		int userId, @NonNull String restriction) {
		Objects.requireNonNull(restriction);
		Set<android.app.admin.EnforcingAdmin> admins = new HashSet<>();
		// For POLICY_SUSPEND_PACKAGES return PO or DO to keep the behavior same as
		// before the bug fix for b/192245204.
		if (DevicePolicyManager.POLICY_SUSPEND_PACKAGES.equals(
		restriction)) {
		ComponentName profileOwner = mOwners.getProfileOwnerComponent(userId);
		if (profileOwner != null) {
		EnforcingAdmin admin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
		profileOwner, userId);
		admins.add(admin.getParcelableAdmin());
		return admins;
		}
		final Pair<Integer, ComponentName> deviceOwner =
		mOwners.getDeviceOwnerUserIdAndComponent();
		if (deviceOwner != null && deviceOwner.first == userId) {
		EnforcingAdmin admin = EnforcingAdmin.createEnterpriseEnforcingAdmin(
		deviceOwner.second, deviceOwner.first);
		admins.add(admin.getParcelableAdmin());
		return admins;
		}
		} else {
		long ident = mInjector.binderClearCallingIdentity();
		try {
		PolicyDefinition<Boolean> policyDefinition = getPolicyDefinitionForRestriction(
		restriction);
		Boolean value = mDevicePolicyEngine.getResolvedPolicy(policyDefinition, userId);
		if (value != null && value) {
		Map<EnforcingAdmin, PolicyValue<Boolean>> globalPolicies =
		mDevicePolicyEngine.getGlobalPoliciesSetByAdmins(policyDefinition);
		for (EnforcingAdmin admin : globalPolicies.keySet()) {
		if (globalPolicies.get(admin) != null
		&& Boolean.TRUE.equals(globalPolicies.get(admin).getValue())) {
		admins.add(admin.getParcelableAdmin());
		}
		}

		Map<EnforcingAdmin, PolicyValue<Boolean>> localPolicies =
		mDevicePolicyEngine.getLocalPoliciesSetByAdmins(
		policyDefinition, userId);
		for (EnforcingAdmin admin : localPolicies.keySet()) {
		if (localPolicies.get(admin) != null
		&& Boolean.TRUE.equals(localPolicies.get(admin).getValue())) {
		admins.add(admin.getParcelableAdmin());
		}
		}
		return admins;
		}
		} finally {
		mInjector.binderRestoreCallingIdentity(ident);
		}
		}
		return admins;
		}

		private static PolicyDefinition<Boolean> getPolicyDefinitionForRestriction(
		@NonNull String restriction) {
		Objects.requireNonNull(restriction);
		if (DevicePolicyManager.POLICY_DISABLE_CAMERA.equals(restriction)) {
		return PolicyDefinition.getPolicyDefinitionForUserRestriction(
		UserManager.DISALLOW_CAMERA);
		} else if (DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE.equals(restriction)) {
		return PolicyDefinition.SCREEN_CAPTURE_DISABLED;
		} else {
		return PolicyDefinition.getPolicyDefinitionForUserRestriction(restriction);
		}
		}


		/**
		* Excludes restrictions imposed by UserManager.
		*/
		@@ -15878,6 +15955,13 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
		return getEnforcingAdminAndUserDetailsInternal(userId, restriction);
		}

		@Override
		public List<android.app.admin.EnforcingAdmin> getEnforcingAdminsForRestriction(
		int userId, String restriction) {
		Preconditions.checkCallAuthorization(isSystemUid(getCallerIdentity()));
		return new ArrayList<>(getEnforcingAdminsForRestrictionInternal(userId, restriction));
		}

		/**
		* @param restriction The restriction enforced by admin. It could be any user restriction or
		* policy like {@link DevicePolicyManager#POLICY_DISABLE_CAMERA} and