Merge "Revert "Revert "A few permission fixes.""" into udc-dev

import static android.Manifest.permission.MANAGE_DEVICE_POLICY_DISPLAY;

import static android.Manifest.permission.MANAGE_DEVICE_POLICY_FACTORY_RESET;

import static android.Manifest.permission.MANAGE_DEVICE_POLICY_FUN;

import static android.Manifest.permission.MANAGE_DEVICE_POLICY_INPUT_METHODS;

import static android.Manifest.permission.MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES;

import static android.Manifest.permission.MANAGE_DEVICE_POLICY_KEYGUARD;

import static android.Manifest.permission.MANAGE_DEVICE_POLICY_LOCALE;

        }

        CallerIdentity caller;

        if (isPermissionCheckFlagEnabled()) {

        if (isPolicyEngineForFinanceFlagEnabled()) {

            caller = getCallerIdentity(who, callerPackageName);

        } else {

            caller = getCallerIdentity(who);

        int userId = getProfileParentUserIfRequested(

                caller.getUserId(), calledOnParentInstance);

        if (calledOnParentInstance) {

            if (!isPermissionCheckFlagEnabled()) {

            if (!isPolicyEngineForFinanceFlagEnabled()) {

                Preconditions.checkCallAuthorization(

                        isProfileOwnerOfOrganizationOwnedDevice(caller));

            }

                    "Permitted input methods must allow all input methods or only "

                            + "system input methods when called on the parent instance of an "

                            + "organization-owned device");

        } else if (!isPermissionCheckFlagEnabled()) {

        } else if (!isPolicyEngineForFinanceFlagEnabled()) {

            Preconditions.checkCallAuthorization(

                    isDefaultDeviceOwner(caller) || isProfileOwner(caller));

        }

        synchronized (getLockObject()) {

            if (isPolicyEngineForFinanceFlagEnabled()) {

                EnforcingAdmin admin = getEnforcingAdminForCaller(who, callerPackageName);

                EnforcingAdmin admin = enforcePermissionAndGetEnforcingAdmin(

                        who, MANAGE_DEVICE_POLICY_INPUT_METHODS,

                        caller.getPackageName(), userId);

                mDevicePolicyEngine.setLocalPolicy(

                        PolicyDefinition.PERMITTED_INPUT_METHODS,

                        admin,

    public void setUserRestrictionGlobally(String callerPackage, String key) {

        final CallerIdentity caller = getCallerIdentity(callerPackage);

        EnforcingAdmin admin = enforcePermissionForUserRestriction(

                /* who= */ null,

                key,

                caller.getPackageName(),

                UserHandle.USER_ALL

        );

        checkCanExecuteOrThrowUnsafe(DevicePolicyManager.OPERATION_SET_USER_RESTRICTION);

        if (!isPolicyEngineForFinanceFlagEnabled()) {

            throw new IllegalArgumentException("Invalid restriction key: " + key);

        }

        EnforcingAdmin admin = enforcePermissionForUserRestriction(

                /* who= */ null,

                key,

                caller.getPackageName(),

                UserHandle.USER_ALL

        );

        setGlobalUserRestrictionInternal(admin, key, /* enabled= */ true);

        logUserRestrictionCall(key, /* enabled= */ true, /* parent= */ false, caller);

            MANAGE_DEVICE_POLICY_DISPLAY,

            MANAGE_DEVICE_POLICY_FACTORY_RESET,

            MANAGE_DEVICE_POLICY_FUN,

            MANAGE_DEVICE_POLICY_INPUT_METHODS,

            MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES,

            MANAGE_DEVICE_POLICY_KEYGUARD,

            MANAGE_DEVICE_POLICY_LOCALE,

                    MANAGE_DEVICE_POLICY_BLUETOOTH,

                    MANAGE_DEVICE_POLICY_CALLS,

                    MANAGE_DEVICE_POLICY_CAMERA,

                    MANAGE_DEVICE_POLICY_CERTIFICATES,

                    MANAGE_DEVICE_POLICY_DEBUGGING_FEATURES,

                    MANAGE_DEVICE_POLICY_DISPLAY,

                    MANAGE_DEVICE_POLICY_FACTORY_RESET,

                    MANAGE_DEVICE_POLICY_INPUT_METHODS,

                    MANAGE_DEVICE_POLICY_INSTALL_UNKNOWN_SOURCES,

                    MANAGE_DEVICE_POLICY_KEYGUARD,

                    MANAGE_DEVICE_POLICY_LOCALE,

                    MANAGE_DEVICE_POLICY_ACROSS_USERS,

                    MANAGE_DEVICE_POLICY_AIRPLANE_MODE,

                    MANAGE_DEVICE_POLICY_APPS_CONTROL,

                    MANAGE_DEVICE_POLICY_CERTIFICATES,

                    MANAGE_DEVICE_POLICY_COMMON_CRITERIA_MODE,

                    MANAGE_DEVICE_POLICY_DEFAULT_SMS,

                    MANAGE_DEVICE_POLICY_LOCALE,

    //Map of Permission to Delegate Scope.

    private static final HashMap<String, String> DELEGATE_SCOPES = new HashMap<>();

    {

        DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, DELEGATION_PERMISSION_GRANT);

        DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_APP_RESTRICTIONS, DELEGATION_APP_RESTRICTIONS);

        DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_BLOCK_UNINSTALL, DELEGATION_BLOCK_UNINSTALL);

        DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_SECURITY_LOGGING, DELEGATION_SECURITY_LOGGING);

        DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_CERTIFICATES, DELEGATION_CERT_INSTALL);

        DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_PACKAGE_STATE, DELEGATION_PACKAGE_ACCESS);

        DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_RUNTIME_PERMISSIONS, DELEGATION_PERMISSION_GRANT);

        DELEGATE_SCOPES.put(MANAGE_DEVICE_POLICY_SECURITY_LOGGING, DELEGATION_SECURITY_LOGGING);

    }

    private static final HashMap<String, String> CROSS_USER_PERMISSIONS =