Merge changes from topic "wipedata" (aa360efe) · Commits · e / os / android_frameworks_base

api/current.txt

+1 −1

Original line number	Diff line number	Diff line
		@@ -6595,7 +6595,7 @@ package android.app.admin {
		method public void uninstallCaCert(android.content.ComponentName, byte[]);
		method public boolean updateOverrideApn(android.content.ComponentName, int, android.telephony.data.ApnSetting);
		method public void wipeData(int);
		method public void wipeDataWithReason(int, java.lang.CharSequence);
		method public void wipeData(int, java.lang.CharSequence);
		field public static final java.lang.String ACTION_ADD_DEVICE_ADMIN = "android.app.action.ADD_DEVICE_ADMIN";
		field public static final java.lang.String ACTION_APPLICATION_DELEGATION_SCOPES_CHANGED = "android.app.action.APPLICATION_DELEGATION_SCOPES_CHANGED";
		field public static final java.lang.String ACTION_DEVICE_ADMIN_SERVICE = "android.app.action.DEVICE_ADMIN_SERVICE";

core/java/android/app/admin/DevicePolicyManager.java

+4 −4

Original line number	Diff line number	Diff line
		@@ -3495,18 +3495,18 @@ public class DevicePolicyManager {
		* that uses {@link DeviceAdminInfo#USES_POLICY_WIPE_DATA}
		* @throws IllegalArgumentException if the input reason string is null or empty.
		*/
		public void wipeDataWithReason(int flags, @NonNull CharSequence reason) {
		throwIfParentInstance("wipeDataWithReason");
		public void wipeData(int flags, @NonNull CharSequence reason) {
		throwIfParentInstance("wipeData");
		Preconditions.checkNotNull(reason, "CharSequence is null");
		wipeDataInternal(flags, reason.toString());
		}

		/**
		* Internal function for both {@link #wipeData(int)} and
		* {@link #wipeDataWithReason(int, CharSequence)} to call.
		* {@link #wipeData(int, CharSequence)} to call.
		*
		* @see #wipeData(int)
		* @see #wipeDataWithReason(int, CharSequence)
		* @see #wipeData(int, CharSequence)
		* @hide
		*/
		private void wipeDataInternal(int flags, @NonNull String wipeReasonForUser) {

core/java/android/os/IUserManager.aidl

+1 −0

Original line number	Diff line number	Diff line
		@@ -101,4 +101,5 @@ interface IUserManager {
		boolean requestQuietModeEnabled(String callingPackage, boolean enableQuietMode, int userHandle, in IntentSender target);
		long getUserStartRealtime();
		long getUserUnlockRealtime();
		boolean isSettingRestrictedForUser(String setting, int userId, String value);
		}

core/java/android/os/UserManager.java

+19 −0

Original line number	Diff line number	Diff line
		@@ -2730,6 +2730,25 @@ public class UserManager {
		}
		}

		/**
		* Checks whether changing a setting to a value is prohibited by the corresponding user
		* restriction.
		*
		* <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction(
		* Context, int, String, boolean)}, which should be in sync with this method.
		*
		* @return true if the change is prohibited, false if the change is allowed.
		*
		* @hide
		*/
		public boolean isSettingRestrictedForUser(String setting, int userId, String value) {
		try {
		return mService.isSettingRestrictedForUser(setting, userId, value);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		}
		}

		/**
		* @hide
		* User that enforces a restriction.

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

+15 −111

Original line number	Diff line number	Diff line
		@@ -16,6 +16,10 @@

		package com.android.providers.settings;

		import static android.os.Process.ROOT_UID;
		import static android.os.Process.SHELL_UID;
		import static android.os.Process.SYSTEM_UID;

		import android.Manifest;
		import android.annotation.NonNull;
		import android.annotation.Nullable;
		@@ -60,9 +64,9 @@ import android.os.UserHandle;
		import android.os.UserManager;
		import android.os.UserManagerInternal;
		import android.provider.Settings;
		import android.provider.SettingsValidators;
		import android.provider.Settings.Global;
		import android.provider.Settings.Secure;
		import android.provider.SettingsValidators;
		import android.text.TextUtils;
		import android.util.ArrayMap;
		import android.util.ArraySet;
		@@ -96,13 +100,10 @@ import java.util.Locale;
		import java.util.Map;
		import java.util.Set;
		import java.util.regex.Pattern;

		import javax.crypto.Mac;
		import javax.crypto.spec.SecretKeySpec;

		import static android.os.Process.ROOT_UID;
		import static android.os.Process.SHELL_UID;
		import static android.os.Process.SYSTEM_UID;


		/**
		* <p>
		@@ -1017,8 +1018,7 @@ public class SettingsProvider extends ContentProvider {

		// If this is a setting that is currently restricted for this user, do not allow
		// unrestricting changes.
		if (name != null && isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value,
		Binder.getCallingUid())) {
		if (name != null && mUserManager.isSettingRestrictedForUser(name, callingUserId, value)) {
		return false;
		}

		@@ -1325,8 +1325,7 @@ public class SettingsProvider extends ContentProvider {

		// If this is a setting that is currently restricted for this user, do not allow
		// unrestricting changes.
		if (name != null && isGlobalOrSecureSettingRestrictedForUser(name, callingUserId, value,
		Binder.getCallingUid())) {
		if (name != null && mUserManager.isSettingRestrictedForUser(name, callingUserId, value)) {
		return false;
		}

		@@ -1466,6 +1465,10 @@ public class SettingsProvider extends ContentProvider {
		// Resolve the userId on whose behalf the call is made.
		final int callingUserId = resolveCallingUserIdEnforcingPermissionsLocked(runAsUserId);

		if (name != null && mUserManager.isSettingRestrictedForUser(name, callingUserId, value)) {
		return false;
		}

		// Enforce what the calling package can mutate the system settings.
		enforceRestrictedSystemSettingsMutationForCallingPackage(operation, name, callingUserId);

		@@ -1579,106 +1582,6 @@ public class SettingsProvider extends ContentProvider {
		return false;
		}

		/**
		* Checks whether changing a setting to a value is prohibited by the corresponding user
		* restriction.
		*
		* <p>See also {@link com.android.server.pm.UserRestrictionsUtils#applyUserRestriction(
		* Context, int, String, boolean)}, which should be in sync with this method.
		*
		* @return true if the change is prohibited, false if the change is allowed.
		*/
		private boolean isGlobalOrSecureSettingRestrictedForUser(String setting, int userId,
		String value, int callingUid) {
		String restriction;
		boolean checkAllUser = false;
		switch (setting) {
		case Settings.Secure.LOCATION_MODE:
		// Note LOCATION_MODE will be converted into LOCATION_PROVIDERS_ALLOWED
		// in android.provider.Settings.Secure.putStringForUser(), so we shouldn't come
		// here normally, but we still protect it here from a direct provider write.
		if (String.valueOf(Settings.Secure.LOCATION_MODE_OFF).equals(value)) return false;
		restriction = UserManager.DISALLOW_SHARE_LOCATION;
		break;

		case Settings.Secure.LOCATION_PROVIDERS_ALLOWED:
		// See SettingsProvider.updateLocationProvidersAllowedLocked. "-" is to disable
		// a provider, which should be allowed even if the user restriction is set.
		if (value != null && value.startsWith("-")) return false;
		restriction = UserManager.DISALLOW_SHARE_LOCATION;
		break;

		case Settings.Secure.INSTALL_NON_MARKET_APPS:
		if ("0".equals(value)) return false;
		restriction = UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES;
		break;

		case Settings.Global.ADB_ENABLED:
		if ("0".equals(value)) return false;
		restriction = UserManager.DISALLOW_DEBUGGING_FEATURES;
		break;

		case Settings.Global.PACKAGE_VERIFIER_ENABLE:
		case Settings.Global.PACKAGE_VERIFIER_INCLUDE_ADB:
		if ("1".equals(value)) return false;
		restriction = UserManager.ENSURE_VERIFY_APPS;
		break;

		case Settings.Global.PREFERRED_NETWORK_MODE:
		restriction = UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS;
		break;

		case Settings.Secure.ALWAYS_ON_VPN_APP:
		case Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN:
		// Whitelist system uid (ConnectivityService) and root uid to change always-on vpn
		final int appId = UserHandle.getAppId(callingUid);
		if (appId == Process.SYSTEM_UID \|\| appId == Process.ROOT_UID) {
		return false;
		}
		restriction = UserManager.DISALLOW_CONFIG_VPN;
		break;

		case Settings.Global.SAFE_BOOT_DISALLOWED:
		if ("1".equals(value)) return false;
		restriction = UserManager.DISALLOW_SAFE_BOOT;
		break;

		case Settings.Global.AIRPLANE_MODE_ON:
		if ("0".equals(value)) return false;
		restriction = UserManager.DISALLOW_AIRPLANE_MODE;
		break;

		case Settings.Secure.DOZE_ENABLED:
		case Settings.Secure.DOZE_ALWAYS_ON:
		case Settings.Secure.DOZE_PULSE_ON_PICK_UP:
		case Settings.Secure.DOZE_PULSE_ON_LONG_PRESS:
		case Settings.Secure.DOZE_PULSE_ON_DOUBLE_TAP:
		if ("0".equals(value)) return false;
		restriction = UserManager.DISALLOW_AMBIENT_DISPLAY;
		break;

		case Global.LOCATION_GLOBAL_KILL_SWITCH:
		if ("0".equals(value)) return false;
		restriction = UserManager.DISALLOW_CONFIG_LOCATION;
		checkAllUser = true;
		break;

		default:
		if (setting != null && setting.startsWith(Settings.Global.DATA_ROAMING)) {
		if ("0".equals(value)) return false;
		restriction = UserManager.DISALLOW_DATA_ROAMING;
		break;
		}
		return false;
		}

		if (checkAllUser) {
		return mUserManager.hasUserRestrictionOnAnyUser(restriction);
		} else {
		return mUserManager.hasUserRestriction(restriction, UserHandle.of(userId));
		}
		}

		private int resolveOwningUserIdForSecureSettingLocked(int userId, String setting) {
		return resolveOwningUserIdLocked(userId, sSecureCloneToManagedSettings, setting);
		}
		@@ -1878,8 +1781,9 @@ public class SettingsProvider extends ContentProvider {
		* But helper functions in android.providers.Settings can enable or disable
		* a single provider by using a "+" or "-" prefix before the provider name.
		*
		* <p>See also {@link #isGlobalOrSecureSettingRestrictedForUser()}. If DISALLOW_SHARE_LOCATION
		* is set, the said method will only allow values with the "-" prefix.
		* <p>See also {@link UserManager#isSettingRestrictedForUser()}.
		* If DISALLOW_SHARE_LOCATION is set, the said method will only allow values with
		* the "-" prefix.
		*
		* @returns whether the enabled location providers changed.
		*/