Merge "Headless DO implementation" into main (915f5e23) · Commits · e / os / android_frameworks_base

AconfigFlags.bp

+7 −0

Original line number	Diff line number	Diff line
		@@ -855,6 +855,13 @@ java_aconfig_library {
		defaults: ["framework-minus-apex-aconfig-java-defaults"],
		}

		java_aconfig_library {
		name: "device_policy_aconfig_flags_lib_host",
		aconfig_declarations: "device_policy_aconfig_flags",
		host_supported: true,
		defaults: ["framework-minus-apex-aconfig-java-defaults"],
		}

		cc_aconfig_library {
		name: "device_policy_aconfig_flags_c_lib",
		aconfig_declarations: "device_policy_aconfig_flags",

core/api/current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -7840,6 +7840,7 @@ package android.app.admin {
		method public void writeToParcel(android.os.Parcel, int);
		field @NonNull public static final android.os.Parcelable.Creator<android.app.admin.DeviceAdminInfo> CREATOR;
		field public static final int HEADLESS_DEVICE_OWNER_MODE_AFFILIATED = 1; // 0x1
		field @FlaggedApi("android.app.admin.flags.headless_device_owner_single_user_enabled") public static final int HEADLESS_DEVICE_OWNER_MODE_SINGLE_USER = 2; // 0x2
		field public static final int HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED = 0; // 0x0
		field public static final int USES_ENCRYPTED_STORAGE = 7; // 0x7
		field public static final int USES_POLICY_DISABLE_CAMERA = 8; // 0x8

core/api/system-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -1389,6 +1389,7 @@ package android.app.admin {
		field public static final int STATUS_DEVICE_ADMIN_NOT_SUPPORTED = 13; // 0xd
		field public static final int STATUS_HAS_DEVICE_OWNER = 1; // 0x1
		field public static final int STATUS_HAS_PAIRED = 8; // 0x8
		field @FlaggedApi("android.app.admin.flags.headless_device_owner_single_user_enabled") public static final int STATUS_HEADLESS_ONLY_SYSTEM_USER = 17; // 0x11
		field public static final int STATUS_HEADLESS_SYSTEM_USER_MODE_NOT_SUPPORTED = 16; // 0x10
		field public static final int STATUS_MANAGED_USERS_NOT_SUPPORTED = 9; // 0x9
		field public static final int STATUS_NONSYSTEM_USER_EXISTS = 5; // 0x5

core/java/android/app/admin/DeviceAdminInfo.java

+16 −1

Original line number	Diff line number	Diff line
		@@ -16,8 +16,10 @@

		package android.app.admin;

		import android.annotation.FlaggedApi;
		import android.annotation.IntDef;
		import android.annotation.NonNull;
		import android.app.admin.flags.Flags;
		import android.compat.annotation.UnsupportedAppUsage;
		import android.content.ComponentName;
		import android.content.Context;
		@@ -176,7 +178,18 @@ public final class DeviceAdminInfo implements Parcelable {
		*/
		public static final int HEADLESS_DEVICE_OWNER_MODE_AFFILIATED = 1;

		@IntDef({HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED, HEADLESS_DEVICE_OWNER_MODE_AFFILIATED})
		/**
		* Value for {@link #getHeadlessDeviceOwnerMode} which indicates that this DPC should be
		* provisioned into the first secondary user when on a Headless System User Mode device.
		*
		* <p>This mode only allows a single secondary user on the device blocking the creation of
		* additional secondary users.
		*/
		@FlaggedApi(Flags.FLAG_HEADLESS_DEVICE_OWNER_SINGLE_USER_ENABLED)
		public static final int HEADLESS_DEVICE_OWNER_MODE_SINGLE_USER = 2;

		@IntDef({HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED, HEADLESS_DEVICE_OWNER_MODE_AFFILIATED,
		HEADLESS_DEVICE_OWNER_MODE_SINGLE_USER})
		@Retention(RetentionPolicy.SOURCE)
		private @interface HeadlessDeviceOwnerMode {}

		@@ -373,6 +386,8 @@ public final class DeviceAdminInfo implements Parcelable {
		mHeadlessDeviceOwnerMode = HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED;
		} else if (deviceOwnerModeStringValue.equalsIgnoreCase("affiliated")) {
		mHeadlessDeviceOwnerMode = HEADLESS_DEVICE_OWNER_MODE_AFFILIATED;
		} else if (deviceOwnerModeStringValue.equalsIgnoreCase("single_user")) {
		mHeadlessDeviceOwnerMode = HEADLESS_DEVICE_OWNER_MODE_SINGLE_USER;
		} else {
		throw new XmlPullParserException("headless-system-user mode must be valid");
		}

core/java/android/app/admin/DevicePolicyManager.java

+27 −6

Original line number	Diff line number	Diff line
		@@ -84,6 +84,7 @@ import android.app.Activity;
		import android.app.IServiceConnection;
		import android.app.KeyguardManager;
		import android.app.admin.SecurityLog.SecurityEvent;
		import android.app.admin.flags.Flags;
		import android.app.compat.CompatChanges;
		import android.compat.annotation.ChangeId;
		import android.compat.annotation.EnabledSince;
		@@ -2862,6 +2863,19 @@ public class DevicePolicyManager {
		@SystemApi
		public static final int STATUS_HEADLESS_SYSTEM_USER_MODE_NOT_SUPPORTED = 16;

		/**
		* Result code for {@link #checkProvisioningPrecondition}.
		*
		* <p>Returned for {@link #ACTION_PROVISION_MANAGED_DEVICE} when provisioning a DPC into the
		* {@link DeviceAdminInfo#HEADLESS_DEVICE_OWNER_MODE_SINGLE_USER} mode but only the system
		* user exists on the device.
		*
		* @hide
		*/
		@SystemApi
		@FlaggedApi(Flags.FLAG_HEADLESS_DEVICE_OWNER_SINGLE_USER_ENABLED)
		public static final int STATUS_HEADLESS_ONLY_SYSTEM_USER = 17;

		/**
		* Result codes for {@link #checkProvisioningPrecondition} indicating all the provisioning pre
		* conditions.
		@@ -2876,7 +2890,7 @@ public class DevicePolicyManager {
		STATUS_CANNOT_ADD_MANAGED_PROFILE, STATUS_DEVICE_ADMIN_NOT_SUPPORTED,
		STATUS_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER,
		STATUS_PROVISIONING_NOT_ALLOWED_FOR_NON_DEVELOPER_USERS,
		STATUS_HEADLESS_SYSTEM_USER_MODE_NOT_SUPPORTED
		STATUS_HEADLESS_SYSTEM_USER_MODE_NOT_SUPPORTED, STATUS_HEADLESS_ONLY_SYSTEM_USER
		})
		public @interface ProvisioningPrecondition {}

		@@ -9178,9 +9192,11 @@ public class DevicePolicyManager {
		* <p>Calling this after the setup phase of the device owner user has completed is allowed only
		* if the caller is the {@link Process#SHELL_UID Shell UID}, and there are no additional users
		* (except when the device runs on headless system user mode, in which case it could have exact
		* one extra user, which is the current user - the device owner will be set in the
		* {@link UserHandle#SYSTEM system} user and a profile owner will be set in the current user)
		* and no accounts.
		* one extra user, which is the current user.
		*
		* <p>On a headless devices, if it is in affiliated mode the device owner will be set in the
		* {@link UserHandle#SYSTEM system} user. If the device is in single user mode, the device owner
		* will be set in the first secondary user.
		*
		* @param who the component name to be registered as device owner.
		* @param userId ID of the user on which the device owner runs.
		@@ -11371,7 +11387,9 @@ public class DevicePolicyManager {
		* @see UserHandle
		* @return the {@link android.os.UserHandle} object for the created user, or {@code null} if the
		* user could not be created.
		* @throws SecurityException if {@code admin} is not a device owner.
		* @throws SecurityException if headless device is in
		* {@link DeviceAdminInfo#HEADLESS_DEVICE_OWNER_MODE_SINGLE_USER} mode.
		* @throws SecurityException if {@code admin} is not a device owner
		* @throws UserOperationException if the user could not be created and the calling app is
		* targeting {@link android.os.Build.VERSION_CODES#P} and running on
		* {@link android.os.Build.VERSION_CODES#P}.
		@@ -16612,7 +16630,10 @@ public class DevicePolicyManager {
		* before calling this method.
		*
		* <p>Holders of {@link android.Manifest.permission#PROVISION_DEMO_DEVICE} can call this API
		* only if {@link FullyManagedDeviceProvisioningParams#isDemoDevice()} is {@code true}.</p>
		* only if {@link FullyManagedDeviceProvisioningParams#isDemoDevice()} is {@code true}.
		*
		* <p>If headless device is in {@link DeviceAdminInfo#HEADLESS_DEVICE_OWNER_MODE_SINGLE_USER}
		* mode then it sets the device owner on the first secondary user.</p>
		*
		* @param provisioningParams Params required to provision a fully managed device,
		* see {@link FullyManagedDeviceProvisioningParams}.