Merge "Always create an EnforcingAdmin with a non-null ActiveAdmin." into udc-dev

                } else {

                    // If the permission maps to no policy (null) this means that any active admin

                    // has permission.

                    return getActiveAdminForUidLocked(null, caller.getUid()) != null;

                    return isCallerActiveAdminOrDelegate(caller, null);

                }

            } catch (SecurityException e) {

                // A security exception means there is not an active admin with permission and

    private EnforcingAdmin getEnforcingAdminForCaller(@Nullable ComponentName who,

            String callerPackageName) {

        CallerIdentity caller = getCallerIdentity(callerPackageName);

        CallerIdentity caller = getCallerIdentity(who, callerPackageName);

        int userId = caller.getUserId();

        ActiveAdmin admin;

        if (isDeviceOwner(caller) || isProfileOwner(caller) || isCallerDelegate(caller)) {

            ComponentName component;

            synchronized (getLockObject()) {

                if (who != null) {

                    admin = getActiveAdminUncheckedLocked(who, userId);

                    component = who;

                } else {

                    admin = getDeviceOrProfileOwnerAdminLocked(userId);

                    component = admin.info.getComponent();

                }

        if (isDeviceOwner(caller) || isProfileOwner(caller)) {

            return EnforcingAdmin.createEnterpriseEnforcingAdmin(who, userId, admin);

            }

        if (isCallerDelegate(caller)) {

            ComponentName profileOwner = mOwners.getProfileOwnerComponent(caller.getUserId());

            ComponentName dpc = profileOwner != null ? profileOwner :

                    mOwners.getDeviceOwnerComponent();

            ActiveAdmin dpcAdmin = getDeviceOrProfileOwnerAdminLocked(caller.getUserId());

            return EnforcingAdmin.createEnterpriseEnforcingAdmin(dpc, userId, dpcAdmin);

            return EnforcingAdmin.createEnterpriseEnforcingAdmin(component, userId, admin);

        }

        if (getActiveAdminUncheckedLocked(who, userId) != null) {

        // Check for non-DPC active admins.

        admin = getActiveAdminForCaller(who, caller);

        if (admin != null) {

            return EnforcingAdmin.createDeviceAdminEnforcingAdmin(who, userId, admin);

        }

        if (admin == null) {

        });

    }

    private ActiveAdmin getActiveAdminForCaller(@Nullable ComponentName who,

            CallerIdentity caller) {

        synchronized (getLockObject()) {

            if (who != null) {

                return getActiveAdminUncheckedLocked(who, caller.getUserId());

            }

            return mInjector.binderWithCleanCallingIdentity(() -> {

                List<ComponentName> activeAdmins = getActiveAdmins(caller.getUserId());

                if (activeAdmins != null) {

                    for (ComponentName admin : activeAdmins) {

                        if (admin.getPackageName().equals(caller.getPackageName())) {

                            return getActiveAdminUncheckedLocked(admin, caller.getUserId());

                        }

                    }

                }

                return null;

            });

        }

    }

    // TODO(b/266808047): This will return false for DeviceAdmins not targetting U, which is

    //  inconsistent with the migration logic that allows migration with old DeviceAdmins.

    private boolean canAddActiveAdminIfPolicyEngineEnabled(String packageName, int userId) {