Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a1f45f65 authored by Ayush Sharma's avatar Ayush Sharma Committed by Android (Google) Code Review
Browse files

Merge changes from topics "WPT_279560135", "WPT_DPM_ROLE_HOLDER" into udc-dev 

* changes:
  Remove flag, switch to work profile for sms dialog
  Throw exception if can't set default sms app on profile
  DPM role holder to control access managed sub api
parents 4cc3a86b a63a2f3e

core/java/android/app/admin/DevicePolicyManager.java

+3 −0
Original line number Diff line number Diff line
@@ -9862,6 +9862,9 @@ public class DevicePolicyManager { 
     *                                  profile owner of an organization-owned managed profile.

     * @throws IllegalArgumentException if called on the parent profile and the package

     *                                  provided is not a pre-installed system package.

     * @throws IllegalStateException while trying to set default sms app on the profile and

     *                             {@link ManagedSubscriptionsPolicy#TYPE_ALL_MANAGED_SUBSCRIPTIONS}

     *                             policy is not set.

     */

    @RequiresPermission(value = MANAGE_DEVICE_POLICY_DEFAULT_SMS, conditional = true)

    public void setDefaultSmsApplication(@Nullable ComponentName admin,

core/java/android/provider/Settings.java

+11 −0
Original line number Diff line number Diff line
@@ -12445,6 +12445,17 @@ public final class Settings { 
        public static final String BYPASS_DEVICE_POLICY_MANAGEMENT_ROLE_QUALIFICATIONS =

                "bypass_device_policy_management_role_qualifications";













        /**













         * Whether work profile telephony feature is enabled for non













         * {@link android.app.role.RoleManager#ROLE_DEVICE_POLICY_MANAGEMENT} holders.













         * ("0" = false, "1" = true).













         *













         * @hide













         */













        @Readable













        public static final String ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS =













                "allow_work_profile_telephony_for_non_dpm_role_holders";



























        /**















         * Indicates whether mobile data should be allowed while the device is being provisioned.















         * This allows the provisioning process to turn off mobile data before the user

































packages/SettingsProvider/test/src/android/provider/SettingsBackupTest.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -116,6 +116,7 @@ public class SettingsBackupTest {













                    Settings.Global.ADD_USERS_WHEN_LOCKED,















                    Settings.Global.AIRPLANE_MODE_ON,















                    Settings.Global.AIRPLANE_MODE_RADIOS,













                    Settings.Global.ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS,















                    Settings.Global.SATELLITE_MODE_RADIOS,















                    Settings.Global.SATELLITE_MODE_ENABLED,















                    Settings.Global.AIRPLANE_MODE_TOGGLEABLE_RADIOS,

































services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java



+35
−49




























Original line number
Diff line number
Diff line








@@ -232,7 +232,6 @@ import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPR













import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPRISE_NO_FALLBACK;















import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;















import static android.provider.DeviceConfig.NAMESPACE_DEVICE_POLICY_MANAGER;













import static android.provider.DeviceConfig.NAMESPACE_TELEPHONY;















import static android.provider.Settings.Global.PRIVATE_DNS_SPECIFIER;















import static android.provider.Settings.Secure.MANAGED_PROVISIONING_DPC_DOWNLOADED;















import static android.provider.Settings.Secure.USER_SETUP_COMPLETE;










@@ -876,10 +875,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













    private static final String KEEP_PROFILES_RUNNING_FLAG = "enable_keep_profiles_running";















    public static final boolean DEFAULT_KEEP_PROFILES_RUNNING_FLAG = true;



























    private static final String ENABLE_WORK_PROFILE_TELEPHONY_FLAG =













            "enable_work_profile_telephony";













    private static final boolean DEFAULT_WORK_PROFILE_TELEPHONY_FLAG = false;



























    // TODO(b/261999445) remove the flag after rollout.















    private static final String HEADLESS_FLAG = "headless";















    private static final boolean DEFAULT_HEADLESS_FLAG = true;










@@ -3376,9 +3371,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













                onLockSettingsReady();















                loadAdminDataAsync();















                mOwners.systemReady();













                if (isWorkProfileTelephonyEnabled()) {















                applyManagedSubscriptionsPolicyIfRequired();













                }















                break;















            case SystemService.PHASE_ACTIVITY_MANAGER_READY:















                synchronized (getLockObject()) {










@@ -3409,9 +3402,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













            unregisterOnSubscriptionsChangedListener();















            int policyType = getManagedSubscriptionsPolicy().getPolicyType();















            if (policyType == ManagedSubscriptionsPolicy.TYPE_ALL_PERSONAL_SUBSCRIPTIONS) {













                final int parentUserId = getProfileParentId(copeProfileUserId);













                // By default, assign all current and future subs to system user on COPE devices.













                registerListenerToAssignSubscriptionsToUser(parentUserId);













                clearManagedSubscriptionsPolicy();















            } else if (policyType == ManagedSubscriptionsPolicy.TYPE_ALL_MANAGED_SUBSCRIPTIONS) {















                // Add listener to assign all current and future subs to managed profile.















                registerListenerToAssignSubscriptionsToUser(copeProfileUserId);










@@ -7718,11 +7709,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        }















        mLockSettingsInternal.refreshStrongAuthTimeout(parentId);



























        if (isWorkProfileTelephonyEnabled()) {















        clearManagedSubscriptionsPolicy();















        clearLauncherShortcutOverrides();















        updateTelephonyCrossProfileIntentFilters(parentId, UserHandle.USER_NULL, false);













        }



























        Slogf.i(LOG_TAG, "Cleaning up device-wide policies done.");















    }
























@@ -11334,11 +11324,10 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













            synchronized (mSubscriptionsChangedListenerLock) {















                pw.println("Subscription changed listener : " + mSubscriptionsChangedListener);















            }













            pw.println("DPM Flag enable_work_profile_telephony : "













                    + isWorkProfileTelephonyDevicePolicyManagerFlagEnabled());













            pw.println("Telephony Flag enable_work_profile_telephony : "













                    + isWorkProfileTelephonySubscriptionManagerFlagEnabled());



























            pw.println("DPM global setting ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS : "













                    + mInjector.settingsGlobalGetString(













                    Global.ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS));















            mHandler.post(() -> handleDump(pw));















            dumpResources(pw);















        }










@@ -11580,6 +11569,15 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













            Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)















                    || isProfileOwnerOfOrganizationOwnedDevice(caller));















        }

























        if (!parent && isManagedProfile(caller.getUserId())













                && getManagedSubscriptionsPolicy().getPolicyType()













                != ManagedSubscriptionsPolicy.TYPE_ALL_MANAGED_SUBSCRIPTIONS) {













            throw new IllegalStateException(













                    "Default sms application can only be set on the profile, when "













                            + "ManagedSubscriptions policy is set");













        }



























        if (parent) {















            userId = getProfileParentId(mInjector.userHandleGetCallingUserId());















            mInjector.binderWithCleanCallingIdentity(() -> enforcePackageIsSystemPackage(










@@ -15197,8 +15195,14 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {



























    @Override















    public void setGlobalSetting(ComponentName who, String setting, String value) {













        Objects.requireNonNull(who, "ComponentName is null");















        final CallerIdentity caller = getCallerIdentity(who);













        if (Global.ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS.equals(setting)) {













            Preconditions.checkCallAuthorization(isCallerDevicePolicyManagementRoleHolder(caller));













            mInjector.binderWithCleanCallingIdentity(













                    () -> mInjector.settingsGlobalPutString(setting, value));













            return;













        }













        Objects.requireNonNull(who, "ComponentName is null");















        Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));





























        DevicePolicyEventLogger










@@ -23791,26 +23795,6 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {













        suspendAppsForQuietProfiles(keepProfileRunning);















    }



























    private boolean isWorkProfileTelephonyEnabled() {













        return isWorkProfileTelephonyDevicePolicyManagerFlagEnabled()













                && isWorkProfileTelephonySubscriptionManagerFlagEnabled();













    }

























    private boolean isWorkProfileTelephonyDevicePolicyManagerFlagEnabled() {













        return DeviceConfig.getBoolean(NAMESPACE_DEVICE_POLICY_MANAGER,













                ENABLE_WORK_PROFILE_TELEPHONY_FLAG, DEFAULT_WORK_PROFILE_TELEPHONY_FLAG);













    }

























    private boolean isWorkProfileTelephonySubscriptionManagerFlagEnabled() {













        final long ident = mInjector.binderClearCallingIdentity();













        try {













            return DeviceConfig.getBoolean(NAMESPACE_TELEPHONY, ENABLE_WORK_PROFILE_TELEPHONY_FLAG,













                    false);













        } finally {













            mInjector.binderRestoreCallingIdentity(ident);













        }













    }



























    @Override















    public void setOverrideKeepProfilesRunning(boolean enabled) {















        Preconditions.checkCallAuthorization(










@@ -23921,24 +23905,26 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {



























    @Override















    public ManagedSubscriptionsPolicy getManagedSubscriptionsPolicy() {













        if (isWorkProfileTelephonyEnabled()) {















        synchronized (getLockObject()) {















            ActiveAdmin admin = getProfileOwnerOfOrganizationOwnedDeviceLocked();















            if (admin != null && admin.mManagedSubscriptionsPolicy != null) {















                return admin.mManagedSubscriptionsPolicy;















            }















        }













        }















        return new ManagedSubscriptionsPolicy(















                ManagedSubscriptionsPolicy.TYPE_ALL_PERSONAL_SUBSCRIPTIONS);















    }





























    @Override















    public void setManagedSubscriptionsPolicy(ManagedSubscriptionsPolicy policy) {













        if (!isWorkProfileTelephonyEnabled()) {













        CallerIdentity caller = getCallerIdentity();

























        if (!isCallerDevicePolicyManagementRoleHolder(caller)













                && !Objects.equals(mInjector.settingsGlobalGetString(













                        Global.ALLOW_WORK_PROFILE_TELEPHONY_FOR_NON_DPM_ROLE_HOLDERS), "1")) {















            throw new UnsupportedOperationException("This api is not enabled");















        }













        CallerIdentity caller = getCallerIdentity();



























        Preconditions.checkCallAuthorization(isProfileOwnerOfOrganizationOwnedDevice(caller),















                "This policy can only be set by a profile owner on an organization-owned "















                        + "device.");

























telephony/common/com/android/internal/telephony/util/TelephonyUtils.java



+0
−9




























Original line number
Diff line number
Diff line








@@ -32,7 +32,6 @@ import android.os.RemoteException;













import android.os.SystemProperties;















import android.os.UserHandle;















import android.os.UserManager;













import android.provider.DeviceConfig;















import android.telephony.SubscriptionManager;















import android.telephony.TelephonyFrameworkInitializer;















import android.telephony.TelephonyManager;










@@ -262,9 +261,6 @@ public final class TelephonyUtils {













     */















    public static void showSwitchToManagedProfileDialogIfAppropriate(Context context,















            int subId, int callingUid, String callingPackage) {













        if (!isSwitchToManagedProfileDialogFlagEnabled()) {













            return;













        }















        final long token = Binder.clearCallingIdentity();















        try {















            UserHandle callingUserHandle = UserHandle.getUserHandleForUid(callingUid);










@@ -302,11 +298,6 @@ public final class TelephonyUtils {













        }















    }





























    public static boolean isSwitchToManagedProfileDialogFlagEnabled() {













        return DeviceConfig.getBoolean(DeviceConfig.NAMESPACE_DEVICE_POLICY_MANAGER,













                "enable_switch_to_managed_profile_dialog", false);













    }





























    private static boolean isUidForeground(Context context, int uid) {















        ActivityManager am = context.getSystemService(ActivityManager.class);















        boolean result = am != null && am.getUidImportance(uid)