Loading core/java/android/app/admin/DevicePolicyManager.java +4 −74 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package android.app.admin; import static android.app.admin.flags.Flags.FLAG_SPLIT_CREATE_MANAGED_PROFILE_ENABLED; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.LOCK_DEVICE; Loading Loading @@ -57,10 +58,9 @@ import static android.Manifest.permission.SET_TIME_ZONE; import static android.app.admin.DeviceAdminInfo.HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED; import static android.app.admin.flags.Flags.FLAG_DEVICE_THEFT_API_ENABLED; import static android.app.admin.flags.Flags.FLAG_REMOVE_MANAGED_PROFILE_ENABLED; import static android.app.admin.flags.Flags.FLAG_SECONDARY_LOCKSCREEN_API_ENABLED; import static android.app.admin.flags.Flags.FLAG_SPLIT_CREATE_MANAGED_PROFILE_ENABLED; import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled; import static android.app.admin.flags.Flags.onboardingConsentlessBugreports; import static android.app.admin.flags.Flags.FLAG_SECONDARY_LOCKSCREEN_API_ENABLED; import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM; import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1; import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE; Loading Loading @@ -10766,8 +10766,8 @@ public class DevicePolicyManager { * in the calling user, as well as the parent user of an organization-owned managed profile via * the {@link DevicePolicyManager} instance returned by * {@link #getParentProfileInstance(ComponentName)}. App restrictions set by the device policy * management role holder are returned by * {@link UserManager#getApplicationRestrictions(String)} but the target application should use * management role holder are not returned by * {@link UserManager#getApplicationRestrictions(String)}. The target application should use * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} to retrieve * them, alongside any app restrictions the profile or device owner might have set. * Loading Loading @@ -10796,42 +10796,6 @@ public class DevicePolicyManager { } } /** * Similar to the public variant of {@link #setApplicationRestrictions} but for use by the * system. * * <p>Called by a system service only, meaning that the caller's UID must be equal to * {@link Process#SYSTEM_UID}. * * @throws SecurityException if caller is not permitted to set Mte policy * @throws UnsupportedOperationException if the device does not support MTE * @param systemEntity The service entity that adds the restriction. A application restriction * set by a service entity can only be cleared by the same entity. This can * be just the calling package name, or any string of the caller's choice * can be used. * @param packageName The name of the package to update restricted settings for. * @param settings A {@link Bundle} to be parsed by the receiving application, conveying a new * set of active restrictions. * @throws SecurityException if {@code admin} is not a device or profile owner. * @see #setDelegatedScopes * @see #DELEGATION_APP_RESTRICTIONS * @see UserManager#KEY_RESTRICTIONS_PENDING * @hide */ @WorkerThread public void setApplicationRestrictionsBySystem( @NonNull String systemEntity, String packageName, Bundle settings) { throwIfParentInstance("setApplicationRestrictions"); if (mService != null) { try { mService.setApplicationRestrictionsBySystem( systemEntity, packageName, myUserId(), settings); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** * Sets a list of configuration features to enable for a trust agent component. This is meant to * be used in conjunction with {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which disables all trust Loading Loading @@ -12258,40 +12222,6 @@ public class DevicePolicyManager { return null; } /** * Similar to the public variant of {@link #getApplicationRestrictions} but for use by the * system. * * <p>Called by a system service only, meaning that the caller's UID must be equal to * {@link Process#SYSTEM_UID}. * * @param systemEntity The service entity that adds the restriction. A application restriction * set by a service entity can only be cleared by the same entity. This can * be just the calling package name, or any string of the caller's choice * can be used. * @param packageName The name of the package to fetch restricted settings of. * @return {@link Bundle} of settings corresponding to what was set last time * {@link DevicePolicyManager#setApplicationRestrictions} was called, or an empty * {@link Bundle} if no restrictions have been set. * @throws SecurityException if {@code admin} is not a device or profile owner. * @see #setDelegatedScopes * @see #DELEGATION_APP_RESTRICTIONS * @hide */ @WorkerThread public @NonNull Bundle getApplicationRestrictionsBySystem( @NonNull String systemEntity, @NonNull String packageName) { if (mService != null) { try { return mService.getApplicationRestrictionsBySystem( systemEntity, packageName, myUserId()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return null; } /** * Called by a profile owner, device owner or a holder of any permission that is associated with * a user restriction to set a user restriction specified by the key. core/java/android/app/admin/DevicePolicyManagerInternal.java +1 −3 Original line number Diff line number Diff line Loading @@ -323,9 +323,7 @@ public abstract class DevicePolicyManagerInternal { /** * Returns a map of admin to {@link Bundle} map of restrictions set by the admins for the * provided {@code packageName} in the provided {@code userId}. * * <p> App restrictions set by the DPC are always put at the front of the returned list. * provided {@code packageName} in the provided {@code userId} */ public abstract List<Bundle> getApplicationRestrictionsPerAdminForUser( String packageName, @UserIdInt int userId); Loading core/java/android/app/admin/IDevicePolicyManager.aidl +0 −2 Original line number Diff line number Diff line Loading @@ -250,8 +250,6 @@ interface IDevicePolicyManager { Bundle getApplicationRestrictions(in ComponentName who, in String callerPackage, in String packageName, in boolean parent); boolean setApplicationRestrictionsManagingPackage(in ComponentName admin, in String packageName); String getApplicationRestrictionsManagingPackage(in ComponentName admin); void setApplicationRestrictionsBySystem(in String systemEntity, in String packageName, in int userId, in Bundle settings); Bundle getApplicationRestrictionsBySystem(in String systemEntity, in String packageName, in int userId); boolean isCallerApplicationRestrictionsManagingPackage(in String callerPackage); void setRestrictionsProvider(in ComponentName who, in ComponentName provider); Loading core/java/android/os/UserManager.java +6 −15 Original line number Diff line number Diff line Loading @@ -6674,12 +6674,9 @@ public class UserManager { * * <p>Starting from Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, * it is possible for there to be multiple managing apps on the device with the ability to set * app restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. * This method will always return the app restrictions set by the DPC, if the DPC has set one. * Beginning from SDK level 36.1, if the DPC has not set any app restriction while other * managing apps have set some, this method will return app restrictions set by one of those * managing apps. There is no guarantee on which managing apps app restriction will be returned. * To retrieve restrictions set by all managing apps, use * restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. * This API will only to return the restrictions set by the DPCs. To retrieve restrictions * set by all managing apps, use * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} instead. * * @param packageName the package name of the calling application Loading @@ -6703,17 +6700,11 @@ public class UserManager { /** * <p>Starting from Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, * it is possible for there to be multiple managing apps on the device with the ability to set * app restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. * This method will always return the app restrictions set by the DPC, if the DPC has set one. * Beginning from SDK level 36.1, if the DPC has not set any app restriction while other * managing apps have set some, this method will return app restrictions set by one of those * managing apps. There is no guarantee on which managing apps app restriction will be returned. * To retrieve restrictions set by all managing apps, use * restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. * This API will only to return the restrictions set by the DPCs. To retrieve restrictions * set by all managing apps, use * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} instead. * * @deprecated Retrieve restrictions set by all agents using * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} and merge the * result. * @hide */ @WorkerThread Loading services/core/java/com/android/server/pm/UserManagerInternal.java +0 −9 Original line number Diff line number Diff line Loading @@ -35,7 +35,6 @@ import com.android.internal.annotations.Keep; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.List; import java.util.Map; /** * @hide Only for use within the system server. Loading Loading @@ -607,14 +606,6 @@ public abstract class UserManagerInternal { */ public abstract @CanBeNULL @UserIdInt int getCommunalProfileId(); /** * Returns list of bundles keyed by package name for all apps with restrictions in the given * user. * This method reads deprecated app restrictions and MUST NOT be used except for migration * purposes during upgrade. */ public abstract Map<String, Bundle> getApplicationRestrictionsForUser(@UserIdInt int userId); /** * Returns the user id of the supervising profile, or {@link android.os.UserHandle#USER_NULL} if * there is no such user. Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +4 −74 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package android.app.admin; import static android.app.admin.flags.Flags.FLAG_SPLIT_CREATE_MANAGED_PROFILE_ENABLED; import static android.Manifest.permission.INTERACT_ACROSS_USERS; import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL; import static android.Manifest.permission.LOCK_DEVICE; Loading Loading @@ -57,10 +58,9 @@ import static android.Manifest.permission.SET_TIME_ZONE; import static android.app.admin.DeviceAdminInfo.HEADLESS_DEVICE_OWNER_MODE_UNSUPPORTED; import static android.app.admin.flags.Flags.FLAG_DEVICE_THEFT_API_ENABLED; import static android.app.admin.flags.Flags.FLAG_REMOVE_MANAGED_PROFILE_ENABLED; import static android.app.admin.flags.Flags.FLAG_SECONDARY_LOCKSCREEN_API_ENABLED; import static android.app.admin.flags.Flags.FLAG_SPLIT_CREATE_MANAGED_PROFILE_ENABLED; import static android.app.admin.flags.Flags.onboardingBugreportV2Enabled; import static android.app.admin.flags.Flags.onboardingConsentlessBugreports; import static android.app.admin.flags.Flags.FLAG_SECONDARY_LOCKSCREEN_API_ENABLED; import static android.content.Intent.LOCAL_FLAG_FROM_SYSTEM; import static android.net.NetworkCapabilities.NET_ENTERPRISE_ID_1; import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE; Loading Loading @@ -10766,8 +10766,8 @@ public class DevicePolicyManager { * in the calling user, as well as the parent user of an organization-owned managed profile via * the {@link DevicePolicyManager} instance returned by * {@link #getParentProfileInstance(ComponentName)}. App restrictions set by the device policy * management role holder are returned by * {@link UserManager#getApplicationRestrictions(String)} but the target application should use * management role holder are not returned by * {@link UserManager#getApplicationRestrictions(String)}. The target application should use * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} to retrieve * them, alongside any app restrictions the profile or device owner might have set. * Loading Loading @@ -10796,42 +10796,6 @@ public class DevicePolicyManager { } } /** * Similar to the public variant of {@link #setApplicationRestrictions} but for use by the * system. * * <p>Called by a system service only, meaning that the caller's UID must be equal to * {@link Process#SYSTEM_UID}. * * @throws SecurityException if caller is not permitted to set Mte policy * @throws UnsupportedOperationException if the device does not support MTE * @param systemEntity The service entity that adds the restriction. A application restriction * set by a service entity can only be cleared by the same entity. This can * be just the calling package name, or any string of the caller's choice * can be used. * @param packageName The name of the package to update restricted settings for. * @param settings A {@link Bundle} to be parsed by the receiving application, conveying a new * set of active restrictions. * @throws SecurityException if {@code admin} is not a device or profile owner. * @see #setDelegatedScopes * @see #DELEGATION_APP_RESTRICTIONS * @see UserManager#KEY_RESTRICTIONS_PENDING * @hide */ @WorkerThread public void setApplicationRestrictionsBySystem( @NonNull String systemEntity, String packageName, Bundle settings) { throwIfParentInstance("setApplicationRestrictions"); if (mService != null) { try { mService.setApplicationRestrictionsBySystem( systemEntity, packageName, myUserId(), settings); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } } /** * Sets a list of configuration features to enable for a trust agent component. This is meant to * be used in conjunction with {@link #KEYGUARD_DISABLE_TRUST_AGENTS}, which disables all trust Loading Loading @@ -12258,40 +12222,6 @@ public class DevicePolicyManager { return null; } /** * Similar to the public variant of {@link #getApplicationRestrictions} but for use by the * system. * * <p>Called by a system service only, meaning that the caller's UID must be equal to * {@link Process#SYSTEM_UID}. * * @param systemEntity The service entity that adds the restriction. A application restriction * set by a service entity can only be cleared by the same entity. This can * be just the calling package name, or any string of the caller's choice * can be used. * @param packageName The name of the package to fetch restricted settings of. * @return {@link Bundle} of settings corresponding to what was set last time * {@link DevicePolicyManager#setApplicationRestrictions} was called, or an empty * {@link Bundle} if no restrictions have been set. * @throws SecurityException if {@code admin} is not a device or profile owner. * @see #setDelegatedScopes * @see #DELEGATION_APP_RESTRICTIONS * @hide */ @WorkerThread public @NonNull Bundle getApplicationRestrictionsBySystem( @NonNull String systemEntity, @NonNull String packageName) { if (mService != null) { try { return mService.getApplicationRestrictionsBySystem( systemEntity, packageName, myUserId()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return null; } /** * Called by a profile owner, device owner or a holder of any permission that is associated with * a user restriction to set a user restriction specified by the key.
core/java/android/app/admin/DevicePolicyManagerInternal.java +1 −3 Original line number Diff line number Diff line Loading @@ -323,9 +323,7 @@ public abstract class DevicePolicyManagerInternal { /** * Returns a map of admin to {@link Bundle} map of restrictions set by the admins for the * provided {@code packageName} in the provided {@code userId}. * * <p> App restrictions set by the DPC are always put at the front of the returned list. * provided {@code packageName} in the provided {@code userId} */ public abstract List<Bundle> getApplicationRestrictionsPerAdminForUser( String packageName, @UserIdInt int userId); Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +0 −2 Original line number Diff line number Diff line Loading @@ -250,8 +250,6 @@ interface IDevicePolicyManager { Bundle getApplicationRestrictions(in ComponentName who, in String callerPackage, in String packageName, in boolean parent); boolean setApplicationRestrictionsManagingPackage(in ComponentName admin, in String packageName); String getApplicationRestrictionsManagingPackage(in ComponentName admin); void setApplicationRestrictionsBySystem(in String systemEntity, in String packageName, in int userId, in Bundle settings); Bundle getApplicationRestrictionsBySystem(in String systemEntity, in String packageName, in int userId); boolean isCallerApplicationRestrictionsManagingPackage(in String callerPackage); void setRestrictionsProvider(in ComponentName who, in ComponentName provider); Loading
core/java/android/os/UserManager.java +6 −15 Original line number Diff line number Diff line Loading @@ -6674,12 +6674,9 @@ public class UserManager { * * <p>Starting from Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, * it is possible for there to be multiple managing apps on the device with the ability to set * app restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. * This method will always return the app restrictions set by the DPC, if the DPC has set one. * Beginning from SDK level 36.1, if the DPC has not set any app restriction while other * managing apps have set some, this method will return app restrictions set by one of those * managing apps. There is no guarantee on which managing apps app restriction will be returned. * To retrieve restrictions set by all managing apps, use * restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. * This API will only to return the restrictions set by the DPCs. To retrieve restrictions * set by all managing apps, use * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} instead. * * @param packageName the package name of the calling application Loading @@ -6703,17 +6700,11 @@ public class UserManager { /** * <p>Starting from Android version {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE}, * it is possible for there to be multiple managing apps on the device with the ability to set * app restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. * This method will always return the app restrictions set by the DPC, if the DPC has set one. * Beginning from SDK level 36.1, if the DPC has not set any app restriction while other * managing apps have set some, this method will return app restrictions set by one of those * managing apps. There is no guarantee on which managing apps app restriction will be returned. * To retrieve restrictions set by all managing apps, use * restrictions, e.g. an Enterprise Device Policy Controller (DPC) and a Supervision admin. * This API will only to return the restrictions set by the DPCs. To retrieve restrictions * set by all managing apps, use * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} instead. * * @deprecated Retrieve restrictions set by all agents using * {@link android.content.RestrictionsManager#getApplicationRestrictionsPerAdmin} and merge the * result. * @hide */ @WorkerThread Loading
services/core/java/com/android/server/pm/UserManagerInternal.java +0 −9 Original line number Diff line number Diff line Loading @@ -35,7 +35,6 @@ import com.android.internal.annotations.Keep; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.util.List; import java.util.Map; /** * @hide Only for use within the system server. Loading Loading @@ -607,14 +606,6 @@ public abstract class UserManagerInternal { */ public abstract @CanBeNULL @UserIdInt int getCommunalProfileId(); /** * Returns list of bundles keyed by package name for all apps with restrictions in the given * user. * This method reads deprecated app restrictions and MUST NOT be used except for migration * purposes during upgrade. */ public abstract Map<String, Bundle> getApplicationRestrictionsForUser(@UserIdInt int userId); /** * Returns the user id of the supervising profile, or {@link android.os.UserHandle#USER_NULL} if * there is no such user. Loading
