Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 97b68a53 authored by Alex Johnston's avatar Alex Johnston
Browse files

Per-profile user restrictions in org-owned managed profile 

Background
* Some user restrictions should be per-profile
  instead of per-device to allow for more
  granularity.
* For this reason, the profile owner of an
  organization-owned managed profile should
  apply user restrictions the same way as the
  profile owner on the personal user
  (instead of the device owner).

Changes
* Move per-profile user restrictions from
  PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS
  to PROFILE_OWNER_ORGANIZATION_OWNED_LOCAL_RESTRICTIONS
  in UserRestrictionsUtils
* Update UserManager javadocs
* Update DevicePolicyManagerTest

Bug: 148453838
Test: atest com.android.server.devicepolicy.DevicePolicyManagerTest
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testDevicePolicyManagerParentSupport
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testUserRestrictionSetOnParentLogged
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testUserRestrictionsSetOnParentAreNotPersisted
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testPerProfileUserRestrictionOnParent
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testPerDeviceUserRestrictionOnParent
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testCameraDisabledOnParentIsEnforced
      atest com.android.cts.devicepolicy.OrgOwnedProfileOwnerTest#testCameraDisabledOnParentLogged
Change-Id: I431f7b9bf45a24b77f62899794561d6098f2a54b
parent 78a66d6c

core/java/android/os/UserManager.java

+198 −128

File changed.

Preview size limit exceeded, changes collapsed.

services/core/java/com/android/server/pm/UserRestrictionsUtils.java

+15 −15
Original line number Diff line number Diff line
@@ -206,21 +206,9 @@ public class UserRestrictionsUtils { 
     */

    private static final Set<String> PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS =

            Sets.newArraySet(

                    UserManager.DISALLOW_CONFIG_DATE_TIME,

                    UserManager.DISALLOW_CAMERA,

                    UserManager.DISALLOW_BLUETOOTH,

                    UserManager.DISALLOW_BLUETOOTH_SHARING,

                    UserManager.DISALLOW_CONFIG_CELL_BROADCASTS,

                    UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS,

                    UserManager.DISALLOW_CONFIG_PRIVATE_DNS,

                    UserManager.DISALLOW_CONFIG_TETHERING,

                    UserManager.DISALLOW_DATA_ROAMING,

                    UserManager.DISALLOW_SAFE_BOOT,

                    UserManager.DISALLOW_SMS,

                    UserManager.DISALLOW_USB_FILE_TRANSFER,

                    UserManager.DISALLOW_AIRPLANE_MODE,

                    UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA,

                    UserManager.DISALLOW_UNMUTE_MICROPHONE

                    UserManager.DISALLOW_CONFIG_DATE_TIME,

                    UserManager.DISALLOW_CONFIG_PRIVATE_DNS

    );



    /**
@@ -236,7 +224,19 @@ public class UserRestrictionsUtils { 
                    UserManager.DISALLOW_CONTENT_SUGGESTIONS,

                    UserManager.DISALLOW_DEBUGGING_FEATURES,

                    UserManager.DISALLOW_SHARE_LOCATION,

                    UserManager.DISALLOW_OUTGOING_CALLS

                    UserManager.DISALLOW_OUTGOING_CALLS,

                    UserManager.DISALLOW_CAMERA,

                    UserManager.DISALLOW_BLUETOOTH,

                    UserManager.DISALLOW_BLUETOOTH_SHARING,

                    UserManager.DISALLOW_CONFIG_CELL_BROADCASTS,

                    UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS,

                    UserManager.DISALLOW_CONFIG_TETHERING,

                    UserManager.DISALLOW_DATA_ROAMING,

                    UserManager.DISALLOW_SAFE_BOOT,

                    UserManager.DISALLOW_SMS,

                    UserManager.DISALLOW_USB_FILE_TRANSFER,

                    UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA,

                    UserManager.DISALLOW_UNMUTE_MICROPHONE

    );



    /**

services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

+16 −15
Original line number Diff line number Diff line
@@ -1997,19 +1997,9 @@ public class DevicePolicyManagerTest extends DpmTestBase { 


    private static final Set<String> PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS =

            Sets.newSet(

                    UserManager.DISALLOW_CONFIG_DATE_TIME,

                    UserManager.DISALLOW_BLUETOOTH_SHARING,

                    UserManager.DISALLOW_CONFIG_CELL_BROADCASTS,

                    UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS,

                    UserManager.DISALLOW_CONFIG_PRIVATE_DNS,

                    UserManager.DISALLOW_CONFIG_TETHERING,

                    UserManager.DISALLOW_DATA_ROAMING,

                    UserManager.DISALLOW_SAFE_BOOT,

                    UserManager.DISALLOW_SMS,

                    UserManager.DISALLOW_USB_FILE_TRANSFER,

                    UserManager.DISALLOW_AIRPLANE_MODE,

                    UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA,

                    UserManager.DISALLOW_UNMUTE_MICROPHONE

                    UserManager.DISALLOW_CONFIG_DATE_TIME,

                    UserManager.DISALLOW_CONFIG_PRIVATE_DNS

            );



    private static final Set<String> PROFILE_OWNER_ORGANIZATION_OWNED_LOCAL_RESTRICTIONS =
@@ -2021,7 +2011,17 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
                    UserManager.DISALLOW_CONTENT_SUGGESTIONS,

                    UserManager.DISALLOW_DEBUGGING_FEATURES,

                    UserManager.DISALLOW_SHARE_LOCATION,

                    UserManager.DISALLOW_OUTGOING_CALLS

                    UserManager.DISALLOW_OUTGOING_CALLS,

                    UserManager.DISALLOW_BLUETOOTH_SHARING,

                    UserManager.DISALLOW_CONFIG_CELL_BROADCASTS,

                    UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS,

                    UserManager.DISALLOW_CONFIG_TETHERING,

                    UserManager.DISALLOW_DATA_ROAMING,

                    UserManager.DISALLOW_SAFE_BOOT,

                    UserManager.DISALLOW_SMS,

                    UserManager.DISALLOW_USB_FILE_TRANSFER,

                    UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA,

                    UserManager.DISALLOW_UNMUTE_MICROPHONE

            );



    public void testSetUserRestriction_asPoOfOrgOwnedDevice() throws Exception {
@@ -2045,8 +2045,9 @@ public class DevicePolicyManagerTest extends DpmTestBase { 
        parentDpm.setCameraDisabled(admin1, true);

        verify(getServices().userManagerInternal).setDevicePolicyUserRestrictions(

                eq(CALLER_USER_HANDLE),

                MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),

                MockUtils.checkUserRestrictions(CALLER_USER_HANDLE),

                MockUtils.checkUserRestrictions(),

                MockUtils.checkUserRestrictions(UserHandle.USER_SYSTEM,

                        UserManager.DISALLOW_CAMERA),

                eq(false));

        DpmTestUtils.assertRestrictions(

                DpmTestUtils.newRestrictions(UserManager.DISALLOW_CAMERA),