Merge changes I9e940e5b,Iaa27f34a,I2291984c,I95d8ec76

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.util.ArrayList;

import java.util.Collections;

import java.util.List;

import java.util.Set;

import java.util.concurrent.TimeoutException;

            // Calling out without a lock held.

            mUiAutomationConnection.adoptShellPermissionIdentity(Process.myUid(), null);

        } catch (RemoteException re) {

            Log.e(LOG_TAG, "Error executing adopting shell permission identity!", re);

            throw re.rethrowFromSystemServer();

        }

    }

            // Calling out without a lock held.

            mUiAutomationConnection.adoptShellPermissionIdentity(Process.myUid(), permissions);

        } catch (RemoteException re) {

            Log.e(LOG_TAG, "Error executing adopting shell permission identity!", re);

            throw re.rethrowFromSystemServer();

        }

    }

            // Calling out without a lock held.

            mUiAutomationConnection.dropShellPermissionIdentity();

        } catch (RemoteException re) {

            Log.e(LOG_TAG, "Error executing dropping shell permission identity!", re);

            throw re.rethrowFromSystemServer();

        }

    }

            final List<String> permissions = mUiAutomationConnection.getAdoptedShellPermissions();

            return permissions == null ? ALL_PERMISSIONS : new ArraySet<>(permissions);

        } catch (RemoteException re) {

            Log.e(LOG_TAG, "Error getting adopted shell permissions", re);

            return Collections.emptySet();

            throw re.rethrowFromSystemServer();

        }

    }

    private static final String KEEP_PROFILES_RUNNING_FLAG = "enable_keep_profiles_running";

    private static final boolean DEFAULT_KEEP_PROFILES_RUNNING_FLAG = false;

    // TODO(b/261999445) remove the flag after rollout.

    private static final String HEADLESS_FLAG = "headless";

    private static final boolean DEFAULT_HEADLESS_FLAG = true;

    /**

     * This feature flag is checked once after boot and this value us used until the next reboot to

     * avoid needing to handle the flag changing on the fly.

                    }

                } catch (RemoteException re) {

                    // Shouldn't happen.

                    Slogf.wtf(LOG_TAG, "Error handling package changes", re);

                }

            }

            if (removedAdmin) {

                    && mIPackageManager.getPackageInfo(targetPackage, 0, userHandle) == null;

        } catch (RemoteException e) {

            // Shouldn't happen

            Slogf.wtf(LOG_TAG, "Error checking isRemovedPackage", e);

        }

        return false;

                    null, null, null, PLATFORM_PACKAGE_NAME, userHandle);

        } catch (RemoteException ignored) {

            // shouldn't happen.

            Slogf.wtf(LOG_TAG, "Error handling new package installed", ignored);

        }

    }

                    packageName, MATCH_DIRECT_BOOT_AWARE | MATCH_DIRECT_BOOT_UNAWARE, userId);

        } catch (RemoteException e) {

            // Shouldn't happen.

            Slogf.wtf(LOG_TAG, "Error getting application info", e);

            return;

        }

        if (appInfo == null) {

        ensureLocked();

        // Try to find an admin which can use reqPolicy

        final ComponentName poAdminComponent = mOwners.getProfileOwnerComponent(userId);

        final ComponentName doAdminComponent = mOwners.getDeviceOwnerComponent();

        if (poAdminComponent != null) {

            return getProfileOwnerLocked(userId);

                        | PackageManager.MATCH_DIRECT_BOOT_UNAWARE, userHandle);

            } catch (RemoteException e) {

                // shouldn't happen.

                Slogf.wtf(LOG_TAG, "Error getting receiver info", e);

                return null;

            }

        });

            }

        } catch (RemoteException re) {

            // Shouldn't happen

            Slogf.wtf(LOG_TAG, "Error forcing wipe user", re);

        } finally {

            if (!success) SecurityLog.writeEvent(SecurityLog.TAG_WIPE_FAILURE);

        }

                Preconditions.checkCallAuthorization(frpManagementAgentUid == caller.getUid()

                                || hasCallingPermission(permission.MASTER_CLEAR),

                        "Must be called by the FRP management agent on device");

                // TODO(b/261999445): Remove

                if (isHeadlessFlagEnabled()) {

                    admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();

                } else {

                    admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                            UserHandle.getUserId(frpManagementAgentUid));

                }

            } else {

                Preconditions.checkCallAuthorization(

                        isDefaultDeviceOwner(caller)

                hasCallingOrSelfPermission(permission.TRIGGER_LOST_MODE));

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

            // TODO(b/261999445): Remove

            ActiveAdmin admin;

            if (isHeadlessFlagEnabled()) {

                admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();

            } else {

                admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                        UserHandle.USER_SYSTEM);

            }

            Preconditions.checkState(admin != null,

                    "Lost mode location updates can only be sent on an organization-owned device.");

            mInjector.binderWithCleanCallingIdentity(() -> {

    // be disabled device-wide.

    private void pushScreenCapturePolicy(int adminUserId) {

        // Update screen capture device-wide if disabled by the DO or COPE PO on the parent profile.

        ActiveAdmin admin =

                getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceParentLocked(

        // TODO(b/261999445): remove

        ActiveAdmin admin;

        if (isHeadlessFlagEnabled()) {

            admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceParentLocked(

                    mUserManagerInternal.getProfileParentId(adminUserId));

        } else {

            admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceParentLocked(

                    UserHandle.USER_SYSTEM);

        }

        if (admin != null && admin.disableScreenCapture) {

            setScreenCaptureDisabled(UserHandle.USER_ALL);

        } else {

        return null;

    }

    /**

     * @deprecated Use the version which does not take a user id.

     */

    @Deprecated

    ActiveAdmin getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(int userId) {

        ensureLocked();

        ActiveAdmin admin = getDeviceOwnerAdminLocked();

        return admin;

    }

    ActiveAdmin getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked() {

        ensureLocked();

        ActiveAdmin admin = getDeviceOwnerAdminLocked();

        if (admin == null) {

            admin = getProfileOwnerOfOrganizationOwnedDeviceLocked();

        }

        return admin;

    }

    ActiveAdmin getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceParentLocked(int userId) {

        ensureLocked();

        ActiveAdmin admin = getDeviceOwnerAdminLocked();

            pushUserRestrictions(userId);

        } catch (RemoteException re) {

            // Shouldn't happen.

            Slogf.wtf(LOG_TAG, "Failing in updatePermissionFlagsForAllApps", re);

        }

    }

        });

    }

    @GuardedBy("getLockObject()")

    ActiveAdmin getProfileOwnerOfOrganizationOwnedDeviceLocked() {

        return mInjector.binderWithCleanCallingIdentity(() -> {

            for (UserInfo userInfo : mUserManager.getUsers()) {

                if (userInfo.isManagedProfile()) {

                    if (getProfileOwnerAsUser(userInfo.id) != null

                            && isProfileOwnerOfOrganizationOwnedDevice(userInfo.id)) {

                        ComponentName who = getProfileOwnerAsUser(userInfo.id);

                        return getActiveAdminUncheckedLocked(who, userInfo.id);

                    }

                }

            }

            return null;

        });

    }

    /**

     * This API is cached: invalidate with invalidateBinderCaches().

     */

            }

            return currentUser.id;

        } catch (RemoteException e) {

            Slogf.wtf(LOG_TAG, "cannot get current user");

            Slogf.wtf(LOG_TAG, "cannot get current user", e);

        }

        return UserHandle.USER_NULL;

    }

                mIPackageManager.flushPackageRestrictionsAsUser(userHandle);

            } catch (RemoteException re) {

                // Shouldn't happen

                Slog.wtf(LOG_TAG, "Error adding persistent preferred activity", re);

            } finally {

                mInjector.binderRestoreCallingIdentity(id);

            }

                mIPackageManager.flushPackageRestrictionsAsUser(userHandle);

            } catch (RemoteException re) {

                // Shouldn't happen

                Slogf.wtf(

                        LOG_TAG, "Error when clearing package persistent preferred activities", re);

            } finally {

                mInjector.binderRestoreCallingIdentity(id);

            }

                }

            } catch (RemoteException re) {

                // Shouldn't happen

                Slogf.wtf(LOG_TAG, "Error adding cross profile intent filter", re);

            } finally {

                mInjector.binderRestoreCallingIdentity(id);

            }

                mIPackageManager.clearCrossProfileIntentFilters(parent.id, who.getPackageName());

            } catch (RemoteException re) {

                // Shouldn't happen

                Slogf.wtf(LOG_TAG, "Error clearing cross profile intent filters", re);

            } finally {

                mInjector.binderRestoreCallingIdentity(id);

            }

            }

        } catch (RemoteException e) {

            // shouldn't happen

            Slogf.wtf(LOG_TAG, "Failed to resolve intent for: " + intent);

            Slogf.wtf(LOG_TAG, "Failed to resolve intent for: " + intent, e);

            return 0;

        } finally {

            mInjector.binderRestoreCallingIdentity(id);

                        == PackageManager.INSTALL_SUCCEEDED;

            } catch (RemoteException re) {

                // shouldn't happen

                Slogf.wtf(LOG_TAG, "Error installing package", re);

                return false;

            } finally {

                mInjector.binderRestoreCallingIdentity(id);

            return ai == null ? 0 : ai.targetSdkVersion;

        } catch (RemoteException e) {

            // Shouldn't happen

            Slogf.wtf(LOG_TAG, "Error getting application info", e);

            return 0;

        }

    }

        synchronized (getLockObject()) {

            // Only DO or COPE PO can turn on CC mode, so take a shortcut here and only look at

            // their ActiveAdmin, instead of iterating through all admins.

            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

            ActiveAdmin admin;

            // TODO(b/261999445): remove

            if (isHeadlessFlagEnabled()) {

                admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();

            } else {

                admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                        UserHandle.USER_SYSTEM);

            }

            return admin != null ? admin.mCommonCriteriaMode : false;

        }

    }

            }

        } catch (RemoteException e) {

            // Shouldn't happen.

            Slogf.wtf(LOG_TAG, "Error setting application enabled", e);

        }

    }

                    callerPackage);

        } catch (RemoteException e) {

            // Shouldn't happen.

            Slogf.wtf(LOG_TAG, "Error starting user", e);

        } finally {

            mContext.unregisterReceiver(unlockedReceiver);

        }

                }

            } catch (RemoteException e) {

                // Shouldn't happen.

                Slogf.wtf(LOG_TAG, "Error resetting default cross profile intent filters", e);

            }

        });

    }

    }

    private boolean isUsbDataSignalingEnabledInternalLocked() {

        final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

        // TODO(b/261999445): remove

        ActiveAdmin admin;

        if (isHeadlessFlagEnabled()) {

            admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();

        } else {

            admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                    UserHandle.USER_SYSTEM);

        }

        return admin == null || admin.mUsbDataSignalingEnabled;

    }

    @Override

    public int getMinimumRequiredWifiSecurityLevel() {

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

            ActiveAdmin admin;

            // TODO(b/261999445): remove

            if (isHeadlessFlagEnabled()) {

                admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();

            } else {

                admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                        UserHandle.USER_SYSTEM);

            }

            return (admin == null) ? DevicePolicyManager.WIFI_SECURITY_OPEN

                    : admin.mWifiMinimumSecurityLevel;

        }

                        + "a profile owner on an organization-owned device or "

                        + "an app with the QUERY_ADMIN_POLICY permission.");

        synchronized (getLockObject()) {

            final ActiveAdmin admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

            ActiveAdmin admin;

            // TODO(b/261999445): remove

            if (isHeadlessFlagEnabled()) {

                admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();

            } else {

                admin = getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                        UserHandle.USER_SYSTEM);

            }

            return admin != null ? admin.mWifiSsidPolicy : null;

        }

    }

                            || isProfileOwnerOfOrganizationOwnedDevice(caller));

        }

        synchronized (getLockObject()) {

            ActiveAdmin admin =

            // TODO(b/261999445): Remove

            ActiveAdmin admin;

            if (isHeadlessFlagEnabled()) {

                admin =

                        getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();

            } else {

                admin =

                        getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                                UserHandle.USER_SYSTEM);

            }

            if (admin != null) {

                final String memtagProperty = "arm64.memtag.bootctl";

                if (flags == DevicePolicyManager.MTE_ENABLED) {

                        || isProfileOwnerOfOrganizationOwnedDevice(caller)

                        || isSystemUid(caller));

        synchronized (getLockObject()) {

            ActiveAdmin admin =

            // TODO(b/261999445): Remove

            ActiveAdmin admin;

            if (isHeadlessFlagEnabled()) {

                admin =

                        getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked();

            } else {

                admin =

                        getDeviceOwnerOrProfileOwnerOfOrganizationOwnedDeviceLocked(

                                UserHandle.USER_SYSTEM);

            }

            return admin != null

                    ? admin.mtePolicy

                    : DevicePolicyManager.MTE_NOT_CONTROLLED_BY_POLICY;

        }

    }

    private boolean isHeadlessFlagEnabled() {

        return DeviceConfig.getBoolean(

                NAMESPACE_DEVICE_POLICY_MANAGER,

                HEADLESS_FLAG,

                DEFAULT_HEADLESS_FLAG);

    }

}

 No newline at end of file