Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a3bf231f authored by Kholoud Mohamed's avatar Kholoud Mohamed Committed by Android (Google) Code Review
Browse files

Merge changes from topic "protectedPackages" 

* changes:
  Allow non-DPC admins to use DeviceAdminService
  Give precedence to protectedPackages set locally
  Resolve policies that could be set locally and globally
parents f8b6f7b8 3c8d8c6f

core/api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -8160,6 +8160,7 @@ package android.app.admin { 
    field @NonNull public static final android.app.admin.TargetUser GLOBAL;

    field @NonNull public static final android.app.admin.TargetUser LOCAL_USER;

    field @NonNull public static final android.app.admin.TargetUser PARENT_USER;

    field @NonNull public static final android.app.admin.TargetUser UNKNOWN_USER;

  }















  public final class UnsafeStateException extends java.lang.IllegalStateException implements android.os.Parcelable {

























core/java/android/app/admin/DeviceAdminService.java



+6
−0




























Original line number
Diff line number
Diff line








@@ -20,6 +20,7 @@ import android.content.ComponentName;













import android.content.Intent;















import android.os.IBinder;





























// TODO(b/263363091): Restrict to DPC and holders of a new role permission and update javadocs















/**















 * Base class for a service that device owner/profile owners can optionally have.















 *









@@ -45,6 +46,11 @@ import android.os.IBinder;













 *















 * <p>Note the process may still be killed if the system is under heavy memory pressure, in which















 * case the process will be re-started later.













 *













 * <p>Starting from Android {@link android.os.Build.VERSION_CODES#UPSIDE_DOWN_CAKE},













 * non-DPC admins can also optionally implement this service using the details













 * mentioned above to ensure they receive policy update broadcasts













 * (see {@link PolicyUpdatesReceiver}).















 */















public class DeviceAdminService extends Service {















    private final IDeviceAdminServiceImpl mImpl;

































core/java/android/app/admin/DevicePolicyManager.java



+6
−0




























Original line number
Diff line number
Diff line








@@ -4005,6 +4005,12 @@ public class DevicePolicyManager {













     */















    public static final String LOCK_TASK_POLICY = "lockTask";



























    // TODO: Expose this as SystemAPI once we add the query API













    /**













     * @hide













     */













    public static final String USER_CONTROL_DISABLED_PACKAGES = "userControlDisabledPackages";



























    /**















     * This object is a single place to tack on invalidation and disable calls.  All















     * binder caches in this class derive from this Config, so all can be invalidated or

































core/java/android/app/admin/PolicyUpdatesReceiver.java



+4
−1




























Original line number
Diff line number
Diff line








@@ -32,7 +32,6 @@ import java.lang.annotation.Retention;













import java.lang.annotation.RetentionPolicy;















import java.util.Objects;





























// TODO(b/261432333): Add more detailed javadocs on using DeviceAdminService.















/**















 * Base class for implementing a policy update receiver. This class provides a convenience for















 * interpreting the raw intent actions ({@link #ACTION_DEVICE_POLICY_SET_RESULT} and









@@ -43,6 +42,10 @@ import java.util.Objects;













 *















 * <p>When publishing your {@code PolicyUpdatesReceiver} subclass as a receiver, it must















 * require the {@link android.Manifest.permission#BIND_DEVICE_ADMIN} permission.













 *













 * <p>Admins can implement {@link DeviceAdminService} to ensure they receive all policy updates













 * (for policies they have set) via {@link #onPolicyChanged} by constantly being bound to by the













 * system. For more information see {@link DeviceAdminService}.















 */















public abstract class PolicyUpdatesReceiver extends BroadcastReceiver {















    private static String TAG = "PolicyUpdatesReceiver";

































core/java/android/app/admin/TargetUser.java



+14
−0




























Original line number
Diff line number
Diff line








@@ -43,6 +43,11 @@ public final class TargetUser {













     */















    public static final int GLOBAL_USER_ID = -3;





























    /**













     * @hide













     */













    public static final int UNKNOWN_USER_ID = -3;





























    /**















     * Indicates that the policy relates to the user the admin is installed on.















     */









@@ -61,6 +66,15 @@ public final class TargetUser {













    @NonNull















    public static final TargetUser GLOBAL = new TargetUser(GLOBAL_USER_ID);





























    /**













     * Indicates that the policy relates to some unknown user on the device. For example, if Admin1













     * has set a global policy on a device and Admin2 has set a conflicting local













     * policy on some other secondary user, Admin1 will get a policy update callback with













     * {@code UNKNOWN_USER} as the target user.













     */













    @NonNull













    public static final TargetUser UNKNOWN_USER = new TargetUser(UNKNOWN_USER_ID);





























    private final int mUserId;































    /**