Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b6a9f94d authored by Alex Chau's avatar Alex Chau
Browse files

Add getDisallowedSystemApps to DevicePolicyManager 

- The getDisallowedSystemApps is based on OverlayPacakgesProvider which
  is moved from ManagedProvisinoing
- getDisallowedSystemApps will be used by ManagedProvisioning
- createAndManageUser will now use getDisallowedSystemApps to disable
  disallowed system apps when creating users
- LEAVE_ALL_SYSTEM_APPS_ENABLED can be passed to createAndManageUser to
  enable all system apps
- ACTION_MANAGED_USER_CREATED will be broadcasted to ManagedProvisioning
  after managed user is created to take a system app snapshot

Bug: 65842187
Test: OverlayPackagesProviderTest passes
Test: Disallowed system apps does not appear in device owenr, managed
      profile, and managed users
Test: System app snapshot is created after provisinoing device owner,
      managed profile and managed users
Change-Id: I86f870f7814b5700cf5539e889fb6998514d110f
parent 1f940bf5

api/current.txt

+1 −0
Original line number Diff line number Diff line
@@ -6561,6 +6561,7 @@ package android.app.admin { 
    field public static final int KEYGUARD_DISABLE_TRUST_AGENTS = 16; // 0x10

    field public static final int KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS = 8; // 0x8

    field public static final int KEYGUARD_DISABLE_WIDGETS_ALL = 1; // 0x1

    field public static final int LEAVE_ALL_SYSTEM_APPS_ENABLED = 16; // 0x10

    field public static final int LOCK_TASK_FEATURE_GLOBAL_ACTIONS = 16; // 0x10

    field public static final int LOCK_TASK_FEATURE_HOME = 4; // 0x4

    field public static final int LOCK_TASK_FEATURE_KEYGUARD = 32; // 0x20

core/java/android/app/admin/DevicePolicyManager.java

+40 −4
Original line number Diff line number Diff line
@@ -3480,6 +3480,16 @@ public class DevicePolicyManager { 
    @SdkConstant(SdkConstantType.ACTIVITY_INTENT_ACTION)

    public static final String ACTION_START_ENCRYPTION

            = "android.app.action.START_ENCRYPTION";



    /**

     * Broadcast action: notify managed provisioning that new managed user is created.

     *

     * @hide

     */

    @SdkConstant(SdkConstantType.BROADCAST_INTENT_ACTION)

    public static final String ACTION_MANAGED_USER_CREATED =

            "android.app.action.MANAGED_USER_CREATED";



    /**

     * Widgets are enabled in keyguard

     */
@@ -6205,20 +6215,25 @@ public class DevicePolicyManager { 
    public static final int MAKE_USER_DEMO = 0x0004;



    /**

     * Flag used by {@link #createAndManageUser} to specificy that the newly created user should be

     * Flag used by {@link #createAndManageUser} to specify that the newly created user should be

     * started in the background as part of the user creation.

     */

    // TODO: Investigate solutions for the case where reboot happens before setup is completed.

    public static final int START_USER_IN_BACKGROUND = 0x0008;



    /**

     * Flag used by {@link #createAndManageUser} to specify that the newly created user should skip

     * the disabling of system apps during provisioning.

     */

    public static final int LEAVE_ALL_SYSTEM_APPS_ENABLED = 0x0010;



    /**

     * @hide

     */

    @IntDef(

            flag = true,

            prefix = {"SKIP_", "MAKE_USER_", "START_"},

            prefix = {"SKIP_", "MAKE_USER_", "START_", "LEAVE_"},

            value = {SKIP_SETUP_WIZARD, MAKE_USER_EPHEMERAL, MAKE_USER_DEMO,

                    START_USER_IN_BACKGROUND}

                    START_USER_IN_BACKGROUND, LEAVE_ALL_SYSTEM_APPS_ENABLED}

    )

    @Retention(RetentionPolicy.SOURCE)

    public @interface CreateAndManageUserFlags {}
@@ -8664,4 +8679,25 @@ public class DevicePolicyManager { 
         */

        void onApplicationUserDataCleared(String packageName, boolean succeeded);

    }



    /**

     * Returns set of system apps that should be removed during provisioning.

     *

     * @param admin Which {@link DeviceAdminReceiver} this request is associated with.

     * @param userId ID of the user to be provisioned.

     * @param provisioningAction action indicating type of provisioning, should be one of

     * {@link #ACTION_PROVISION_MANAGED_DEVICE}, {@link #ACTION_PROVISION_MANAGED_PROFILE} or

     * {@link #ACTION_PROVISION_MANAGED_USER}.

     *

     * @hide

     */

    public Set<String> getDisallowedSystemApps(ComponentName admin, int userId,

            String provisioningAction) {

        try {

            return new ArraySet<>(

                    mService.getDisallowedSystemApps(admin, userId, provisioningAction));

        } catch (RemoteException re) {

            throw re.rethrowFromSystemServer();

        }

    }

}

core/java/android/app/admin/IDevicePolicyManager.aidl

+2 −0
Original line number Diff line number Diff line
@@ -375,4 +375,6 @@ interface IDevicePolicyManager { 


    void setLogoutEnabled(in ComponentName admin, boolean enabled);

    boolean isLogoutEnabled();



    List<String> getDisallowedSystemApps(in ComponentName admin, int userId, String provisioningAction);

}

core/java/android/os/UserManagerInternal.java

+2 −1
Original line number Diff line number Diff line
@@ -130,7 +130,8 @@ public abstract class UserManagerInternal { 
     * <p>Called by the {@link com.android.server.devicepolicy.DevicePolicyManagerService} when

     * createAndManageUser is called by the device owner.

     */

    public abstract UserInfo createUserEvenWhenDisallowed(String name, int flags);

    public abstract UserInfo createUserEvenWhenDisallowed(String name, int flags,

            String[] disallowedPackages);



    /**

     * Same as {@link UserManager#removeUser(int userHandle)}, but bypasses the check for

core/res/AndroidManifest.xml

+1 −0
Original line number Diff line number Diff line
@@ -407,6 +407,7 @@ 
    <protected-broadcast android:name="android.internal.policy.action.BURN_IN_PROTECTION" />

    <protected-broadcast android:name="android.app.action.SYSTEM_UPDATE_POLICY_CHANGED" />

    <protected-broadcast android:name="android.app.action.DEVICE_OWNER_CHANGED" />

    <protected-broadcast android:name="android.app.action.MANAGED_USER_CREATED" />



    <!-- Added in N -->

    <protected-broadcast android:name="android.intent.action.ANR" />