Clean up split system user code for device policy management

    field public static final int CODE_MANAGED_USERS_NOT_SUPPORTED = 9; // 0x9

    field public static final int CODE_NONSYSTEM_USER_EXISTS = 5; // 0x5

    field public static final int CODE_NOT_SYSTEM_USER = 7; // 0x7

    field public static final int CODE_NOT_SYSTEM_USER_SPLIT = 12; // 0xc

    field @Deprecated public static final int CODE_NOT_SYSTEM_USER_SPLIT = 12; // 0xc

    field public static final int CODE_OK = 0; // 0x0

    field public static final int CODE_PROVISIONING_NOT_ALLOWED_FOR_NON_DEVELOPER_USERS = 15; // 0xf

    field public static final int CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER = 14; // 0xe

    field @Deprecated public static final int CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER = 14; // 0xe

    field public static final int CODE_SYSTEM_USER = 10; // 0xa

    field public static final int CODE_USER_HAS_PROFILE_OWNER = 2; // 0x2

    field public static final int CODE_USER_NOT_RUNNING = 3; // 0x3

    public static final String ACTION_PROVISION_FINANCED_DEVICE =

            "android.app.action.PROVISION_FINANCED_DEVICE";

    /**

     * Activity action: Starts the provisioning flow which sets up a managed device.

     * Must be started with {@link android.app.Activity#startActivityForResult(Intent, int)}.

     *

     * <p>NOTE: This is only supported on split system user devices, and puts the device into a

     * management state that is distinct from that reached by

     * {@link #ACTION_PROVISION_MANAGED_DEVICE} - specifically the device owner runs on the system

     * user, and only has control over device-wide policies, not individual users and their data.

     * The primary benefit is that multiple non-system users are supported when provisioning using

     * this form of device management.

     *

     * <p>During device owner provisioning a device admin app is set as the owner of the device.

     * A device owner has full control over the device. The device owner can not be modified by the

     * user.

     *

     * <p>A typical use case would be a device that is owned by a company, but used by either an

     * employee or client.

     *

     * <p>An intent with this action can be sent only on an unprovisioned device.

     * It is possible to check if provisioning is allowed or not by querying the method

     * {@link #isProvisioningAllowed(String)}.

     *

     * <p>The intent contains the following extras:

     * <ul>

     * <li>{@link #EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME}</li>

     * <li>{@link #EXTRA_PROVISIONING_SKIP_ENCRYPTION}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_ADMIN_EXTRAS_BUNDLE}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_LOGO_URI}, optional</li>

     * <li>{@link #EXTRA_PROVISIONING_MAIN_COLOR}, optional</li>

     * </ul>

     *

     * <p>When device owner provisioning has completed, an intent of the type

     * {@link DeviceAdminReceiver#ACTION_PROFILE_PROVISIONING_COMPLETE} is broadcast to the

     * device owner.

     *

     * <p>From version {@link android.os.Build.VERSION_CODES#O}, when device owner provisioning has

     * completed, along with the above broadcast, activity intent

     * {@link #ACTION_PROVISIONING_SUCCESSFUL} will also be sent to the device owner.

     *

     * <p>If provisioning fails, the device is factory reset.

     *

     * <p>A result code of {@link android.app.Activity#RESULT_OK} implies that the synchronous part

     * of the provisioning flow was successful, although this doesn't guarantee the full flow will

     * succeed. Conversely a result code of {@link android.app.Activity#RESULT_CANCELED} implies

     * that the user backed-out of provisioning, or some precondition for provisioning wasn't met.

     *

     * @hide

     */

    @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION)

    public static final String ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE

        = "android.app.action.PROVISION_MANAGED_SHAREABLE_DEVICE";

    /**

     * Activity action: Finalizes management provisioning, should be used after user-setup

     * has been completed and {@link #getUserProvisioningState()} returns one of:

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_USER} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when provisioning is allowed.

     * {@link #ACTION_PROVISION_MANAGED_PROFILE} and {@link #ACTION_PROVISION_MANAGED_USER}

     * when provisioning is allowed.

     *

     * @hide

     */

    /**

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the device already has a device

     * owner.

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} when the device already has a

     * device owner.

     *

     * @hide

     */

    /**

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the user has a profile owner and for

     * {@link #ACTION_PROVISION_MANAGED_PROFILE} when the profile owner is already set.

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} when the user has a profile owner

     *  and for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the profile owner is already set.

     *

     * @hide

     */

    /**

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} when the user isn't running.

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} when the user isn't running.

     *

     * @hide

     */

    /**

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} if the device has already been setup and

     * for {@link #ACTION_PROVISION_MANAGED_USER} if the user has already been setup.

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} if the device has already been

     * setup and for {@link #ACTION_PROVISION_MANAGED_USER} if the user has already been setup.

     *

     * @hide

     */

    /**

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} if the user is not a system user.

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} if the user is not a system user.

     *

     * @hide

     */

    /**

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} and {@link #ACTION_PROVISION_MANAGED_USER}

     * when the device is a watch and is already paired.

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} and

     * {@link #ACTION_PROVISION_MANAGED_USER} when the device is a watch and is already paired.

     *

     * @hide

     */

    /**

     * TODO (b/137101239): clean up split system user codes

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_USER} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} on devices not running with split system

     * user.

     *

     * @hide

     */

     * @deprecated not used anymore but can't be removed since it's a @TestApi.

     **/

    @Deprecated

    @TestApi

    public static final int CODE_NOT_SYSTEM_USER_SPLIT = 12;

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE},

     * {@link #ACTION_PROVISION_MANAGED_PROFILE}, {@link #ACTION_PROVISION_MANAGED_USER} and

     * {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE} on devices which do not support device

     * {@link #ACTION_PROVISION_MANAGED_PROFILE} on devices which do not support device

     * admins.

     *

     * @hide

     * TODO (b/137101239): clean up split system user codes

     * Result code for {@link #checkProvisioningPreCondition}.

     *

     * <p>Returned for {@link #ACTION_PROVISION_MANAGED_PROFILE} when the device the user is a

     * system user on a split system user device.

     *

     * @hide

     * @deprecated not used anymore but can't be removed since it's a @TestApi.

     */

    @Deprecated

    @TestApi

    public static final int CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER = 14;

    }

    /**

     * TODO (b/137101239): remove this method in follow-up CL

     * since it's only used for split system user.

     * Called by a device owner to set whether all users created on the device should be ephemeral.

     * <p>

     * The system user is exempt from this policy - it is never ephemeral.

     * <p>

     * The calling device admin must be the device owner. If it is not, a security exception will be

     * thrown.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param forceEphemeralUsers If true, all the existing users will be deleted and all

     *            subsequently created users will be ephemeral.

     * @throws SecurityException if {@code admin} is not a device owner.

     * @hide

     */

    public void setForceEphemeralUsers(

    }

    /**

     * TODO (b/137101239): remove this method in follow-up CL

     * since it's only used for split system user.

     * @return true if all users are created ephemeral.

     * @throws SecurityException if {@code admin} is not a device owner.

     * @hide

     * profile or user, setting the given package as owner.

     *

     * @param action One of {@link #ACTION_PROVISION_MANAGED_DEVICE},

     *        {@link #ACTION_PROVISION_MANAGED_PROFILE},

     *        {@link #ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE},

     *        {@link #ACTION_PROVISION_MANAGED_USER}

     *        {@link #ACTION_PROVISION_MANAGED_PROFILE}

     * @param packageName The package of the component that would be set as device, user, or profile

     *        owner.

     * @return A {@link ProvisioningPreCondition} value indicating whether provisioning is allowed.

import static android.app.admin.DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED;

import static android.app.admin.DevicePolicyManager.CODE_NONSYSTEM_USER_EXISTS;

import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER;

import static android.app.admin.DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT;

import static android.app.admin.DevicePolicyManager.CODE_OK;

import static android.app.admin.DevicePolicyManager.CODE_PROVISIONING_NOT_ALLOWED_FOR_NON_DEVELOPER_USERS;

import static android.app.admin.DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER;

import static android.app.admin.DevicePolicyManager.CODE_SYSTEM_USER;

import static android.app.admin.DevicePolicyManager.CODE_USER_HAS_PROFILE_OWNER;

import static android.app.admin.DevicePolicyManager.CODE_USER_NOT_RUNNING;

            SystemProperties.set(key, value);

        }

        // TODO (b/137101239): clean up split system user codes

        boolean userManagerIsSplitSystemUser() {

            return UserManager.isSplitSystemUser();

        }

        boolean userManagerIsHeadlessSystemUserMode() {

            return UserManager.isHeadlessSystemUserMode();

        }

        return mInjector.settingsGlobalGetInt(Global.AUTO_TIME_ZONE, 0) > 0;

    }

    // TODO (b/137101239): remove this method in follow-up CL

    // since it's only used for split system user.

    @Override

    public void setForceEphemeralUsers(ComponentName who, boolean forceEphemeralUsers) {

        if (!mHasFeature) {

            return;

        }

        Objects.requireNonNull(who, "ComponentName is null");

        final CallerIdentity caller = getCallerIdentity(who);

        Preconditions.checkCallAuthorization(isDeviceOwner(caller));

        // Allow setting this policy to true only if there is a split system user.

        if (forceEphemeralUsers && !mInjector.userManagerIsSplitSystemUser()) {

            throw new UnsupportedOperationException(

                    "Cannot force ephemeral users on systems without split system user.");

        }

        boolean removeAllUsers = false;

        synchronized (getLockObject()) {

            final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();

            if (deviceOwner.forceEphemeralUsers != forceEphemeralUsers) {

                deviceOwner.forceEphemeralUsers = forceEphemeralUsers;

                saveSettingsLocked(caller.getUserId());

                mUserManagerInternal.setForceEphemeralUsers(forceEphemeralUsers);

                removeAllUsers = forceEphemeralUsers;

            }

        }

        if (removeAllUsers) {

            mInjector.binderWithCleanCallingIdentity(() -> mUserManagerInternal.removeAllUsers());

        }

        throw new UnsupportedOperationException("This method was used by split system user only.");

    }

    // TODO (b/137101239): remove this method in follow-up CL

    // since it's only used for split system user.

    @Override

    public boolean getForceEphemeralUsers(ComponentName who) {

        if (!mHasFeature) {

            return false;

        }

        Objects.requireNonNull(who, "ComponentName is null");

        final CallerIdentity caller = getCallerIdentity(who);

        Preconditions.checkCallAuthorization(isDeviceOwner(caller));

        synchronized (getLockObject()) {

            final ActiveAdmin deviceOwner = getDeviceOwnerAdminLocked();

            return deviceOwner.forceEphemeralUsers;

        }

        throw new UnsupportedOperationException("This method was used by split system user only.");

    }

    @Override

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE:

                case DevicePolicyManager.ACTION_PROVISION_FINANCED_DEVICE:

                    return checkDeviceOwnerProvisioningPreCondition(callingUserId);

                // TODO (b/137101239): clean up split system user codes

                //  ACTION_PROVISION_MANAGED_USER and ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE

                //  only supported on split-user systems.

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_USER:

                    return checkManagedUserProvisioningPreCondition(callingUserId);

                case DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE:

                    return checkManagedShareableDeviceProvisioningPreCondition(callingUserId);

            }

        }

        throw new IllegalArgumentException("Unknown provisioning action " + action);

            }

        }

        // TODO (b/137101239): clean up split system user codes

        if (isAdb) {

            // If shell command runs after user setup completed check device status. Otherwise, OK.

            if (mIsWatch || hasUserSetupCompleted(UserHandle.USER_SYSTEM)) {

                // In non-headless system user mode, DO can be setup only if

                // there's no non-system user

                if (!mInjector.userManagerIsHeadlessSystemUserMode()

                        && !mInjector.userManagerIsSplitSystemUser()

                        && mUserManager.getUserCount() > 1) {

                    return CODE_NONSYSTEM_USER_EXISTS;

                }

            }

            return CODE_OK;

        } else {

            if (!mInjector.userManagerIsSplitSystemUser()) {

                // In non-split user mode, DO has to be user 0

            // DO has to be user 0

            if (deviceOwnerUserId != UserHandle.USER_SYSTEM) {

                return CODE_NOT_SYSTEM_USER;

            }

            // Only provision DO before setup wizard completes

                // TODO (b/171423186): implement deferred DO setup for headless system user mode

            if (hasUserSetupCompleted(UserHandle.USER_SYSTEM)) {

                return CODE_USER_SETUP_COMPLETED;

            }

            }

            return CODE_OK;

        }

    }

        }

    }

    // TODO (b/137101239): clean up split system user codes

    private int checkManagedProfileProvisioningPreCondition(String packageName,

            @UserIdInt int callingUserId) {

        if (!hasFeatureManagedUsers()) {

            return CODE_MANAGED_USERS_NOT_SUPPORTED;

        }

        if (callingUserId == UserHandle.USER_SYSTEM

                && mInjector.userManagerIsSplitSystemUser()) {

            // Managed-profiles cannot be setup on the system user.

            return CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER;

        }

        if (getProfileOwnerAsUser(callingUserId) != null) {

            // Managed user cannot have a managed profile.

            return CODE_USER_HAS_PROFILE_OWNER;

        return null;

    }

    // TODO (b/137101239): clean up split system user codes

    private int checkManagedUserProvisioningPreCondition(int callingUserId) {

        if (!hasFeatureManagedUsers()) {

            return CODE_MANAGED_USERS_NOT_SUPPORTED;

        }

        if (!mInjector.userManagerIsSplitSystemUser()) {

            // ACTION_PROVISION_MANAGED_USER only supported on split-user systems.

            return CODE_NOT_SYSTEM_USER_SPLIT;

        }

        if (callingUserId == UserHandle.USER_SYSTEM) {

            // System user cannot be a managed user.

            return CODE_SYSTEM_USER;

        }

        if (hasUserSetupCompleted(callingUserId)) {

            return CODE_USER_SETUP_COMPLETED;

        }

        if (mIsWatch && hasPaired(UserHandle.USER_SYSTEM)) {

            return CODE_HAS_PAIRED;

        }

        return CODE_OK;

    }

    // TODO (b/137101239): clean up split system user codes

    private int checkManagedShareableDeviceProvisioningPreCondition(int callingUserId) {

        if (!mInjector.userManagerIsSplitSystemUser()) {

            // ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE only supported on split-user systems.

            return CODE_NOT_SYSTEM_USER_SPLIT;

        }

        return checkDeviceOwnerProvisioningPreCondition(callingUserId);

    }

    private boolean hasFeatureManagedUsers() {

        try {

            return mIPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0);