Loading core/java/android/app/admin/flags/flags.aconfig +10 −0 Original line number Diff line number Diff line Loading @@ -304,6 +304,16 @@ flag { } } flag { name: "delete_private_space_under_restriction" namespace: "enterprise" description: "Delete private space if user restriction is set" bug: "328758346" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "headless_single_user_fixes" namespace: "enterprise" Loading core/res/res/values/strings.xml +7 −0 Original line number Diff line number Diff line Loading @@ -528,6 +528,13 @@ <!-- Shows up as the reason for the work profile deletion when the admin of an organization-owend device relinquishes it. [CHAR LIMIT=NONE] --> <string name="device_ownership_relinquished">Admin relinquished device for personal use</string> <!-- Private space deleted by IT admin notification--> <skip /> <!-- Shows up in the notification's title when the system deletes the private space due to admin policy. [CHAR LIMIT=NONE] --> <string name="private_space_deleted_by_admin">Private space removed</string> <!-- Content text for an expanded notification. The Title of the notification is "Private space removed". This further explains that the private space is deleted by the system as a result of the current admin policy. [CHAR LIMIT=NONE]--> <string name="private_space_deleted_by_admin_details">Your organisation does not allow private spaces on this managed device.</string> <!-- Content title for a notification. This notification indicates that the device is managed and network logging was activated by a device owner. [CHAR LIMIT=NONE]--> <string name="network_logging_notification_title">Device is managed</string> Loading core/res/res/values/symbols.xml +2 −0 Original line number Diff line number Diff line Loading @@ -4482,6 +4482,8 @@ <!-- For device policy --> <java-symbol type="array" name="config_packagesExemptFromSuspension" /> <java-symbol type="string" name="private_space_deleted_by_admin" /> <java-symbol type="string" name="private_space_deleted_by_admin_details" /> <!-- Accessibility take screenshot --> <java-symbol type="string" name="capability_desc_canTakeScreenshot" /> Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +56 −6 Original line number Diff line number Diff line Loading @@ -1300,6 +1300,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Bundle prevRestrictions) { resetCrossProfileIntentFiltersIfNeeded(userId, newRestrictions, prevRestrictions); resetUserVpnIfNeeded(userId, newRestrictions, prevRestrictions); if (Flags.deletePrivateSpaceUnderRestriction()) { removePrivateSpaceIfRestrictionIsSet(userId, newRestrictions, prevRestrictions); } } private void resetUserVpnIfNeeded( Loading Loading @@ -1331,6 +1334,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { UserHandle.of(userId)); } } private void removePrivateSpaceIfRestrictionIsSet( int userId, Bundle newRestrictions, Bundle prevRestrictions) { final boolean newlyEnforced = !prevRestrictions.getBoolean(UserManager.DISALLOW_ADD_PRIVATE_PROFILE) && newRestrictions.getBoolean(UserManager.DISALLOW_ADD_PRIVATE_PROFILE); if (!newlyEnforced) { return; } mDpms.removePrivateSpaceWithinUserGroupIfExists(userId); } } private void clearUserConfiguredVpns(int userId) { Loading Loading @@ -1375,6 +1389,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } /** * Given a parent userId, try removing all private space profiles with its profile group, and * post a notification if at least one private space profile is removed. */ private void removePrivateSpaceWithinUserGroupIfExists(int userId) { boolean removed = false; if (mUserManager.isProfile(userId)) return; for (int profileId : mUserManager.getProfileIdsWithDisabled(userId)) { if (profileId == userId) continue; if (mUserManager.getUserInfo(profileId).isPrivateProfile()) { Slogf.i(LOG_TAG, "Removing private space %d due to DISALLOW_ADD_PRIVATE_PROFILE", profileId); removed |= mUserManager.removeUserEvenWhenDisallowed(profileId); } } if (removed) { mHandler.post(() -> sendPrivateSpaceRemovedNotification(userId)); } } private void sendPrivateSpaceRemovedNotification(int parentUserId) { String notification_details = mContext.getString( R.string.private_space_deleted_by_admin_details); Notification notification = new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) .setSmallIcon(android.R.drawable.stat_sys_warning) .setContentTitle(mContext.getString( R.string.private_space_deleted_by_admin)) .setContentText(notification_details) .setColor(mContext.getColor(R.color.system_notification_accent_color)) .setStyle(new Notification.BigTextStyle().bigText(notification_details)) .build(); mInjector.getNotificationManager().notifyAsUser(/* tag= */ null, SystemMessage.NOTE_PROFILE_WIPED, notification, UserHandle.of(parentUserId)); } private final class UserLifecycleListener implements UserManagerInternal.UserLifecycleListener { @Override Loading Loading @@ -2128,9 +2178,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mDevicePolicyEngine.load(); mContactSystemRoleHolders = fetchOemSystemHolders(/* roleResIds...= */ com.android.internal.R.string.config_defaultSms, com.android.internal.R.string.config_defaultDialer, com.android.internal.R.string.config_systemContacts R.string.config_defaultSms, R.string.config_defaultDialer, R.string.config_systemContacts ); // The binder caches are not enabled until the first invalidation. Loading Loading @@ -10458,7 +10508,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } final String configComponent = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); R.string.config_defaultSupervisionProfileOwnerComponent); if (configComponent != null) { final ComponentName componentName = ComponentName.unflattenFromString(configComponent); if (who.equals(componentName)) { Loading @@ -10468,7 +10518,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Check the system supervision role. final String configPackage = mContext.getResources().getString( com.android.internal.R.string.config_systemSupervision); R.string.config_systemSupervision); return who.getPackageName().equals(configPackage); } Loading Loading @@ -22560,7 +22610,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private String[] getDefaultRoleHolderPackageNameAndSignature() { String packageNameAndSignature = mContext.getString( com.android.internal.R.string.config_devicePolicyManagement); R.string.config_devicePolicyManagement); if (TextUtils.isEmpty(packageNameAndSignature)) { return null; } Loading
core/java/android/app/admin/flags/flags.aconfig +10 −0 Original line number Diff line number Diff line Loading @@ -304,6 +304,16 @@ flag { } } flag { name: "delete_private_space_under_restriction" namespace: "enterprise" description: "Delete private space if user restriction is set" bug: "328758346" metadata { purpose: PURPOSE_BUGFIX } } flag { name: "headless_single_user_fixes" namespace: "enterprise" Loading
core/res/res/values/strings.xml +7 −0 Original line number Diff line number Diff line Loading @@ -528,6 +528,13 @@ <!-- Shows up as the reason for the work profile deletion when the admin of an organization-owend device relinquishes it. [CHAR LIMIT=NONE] --> <string name="device_ownership_relinquished">Admin relinquished device for personal use</string> <!-- Private space deleted by IT admin notification--> <skip /> <!-- Shows up in the notification's title when the system deletes the private space due to admin policy. [CHAR LIMIT=NONE] --> <string name="private_space_deleted_by_admin">Private space removed</string> <!-- Content text for an expanded notification. The Title of the notification is "Private space removed". This further explains that the private space is deleted by the system as a result of the current admin policy. [CHAR LIMIT=NONE]--> <string name="private_space_deleted_by_admin_details">Your organisation does not allow private spaces on this managed device.</string> <!-- Content title for a notification. This notification indicates that the device is managed and network logging was activated by a device owner. [CHAR LIMIT=NONE]--> <string name="network_logging_notification_title">Device is managed</string> Loading
core/res/res/values/symbols.xml +2 −0 Original line number Diff line number Diff line Loading @@ -4482,6 +4482,8 @@ <!-- For device policy --> <java-symbol type="array" name="config_packagesExemptFromSuspension" /> <java-symbol type="string" name="private_space_deleted_by_admin" /> <java-symbol type="string" name="private_space_deleted_by_admin_details" /> <!-- Accessibility take screenshot --> <java-symbol type="string" name="capability_desc_canTakeScreenshot" /> Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +56 −6 Original line number Diff line number Diff line Loading @@ -1300,6 +1300,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { Bundle prevRestrictions) { resetCrossProfileIntentFiltersIfNeeded(userId, newRestrictions, prevRestrictions); resetUserVpnIfNeeded(userId, newRestrictions, prevRestrictions); if (Flags.deletePrivateSpaceUnderRestriction()) { removePrivateSpaceIfRestrictionIsSet(userId, newRestrictions, prevRestrictions); } } private void resetUserVpnIfNeeded( Loading Loading @@ -1331,6 +1334,17 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { UserHandle.of(userId)); } } private void removePrivateSpaceIfRestrictionIsSet( int userId, Bundle newRestrictions, Bundle prevRestrictions) { final boolean newlyEnforced = !prevRestrictions.getBoolean(UserManager.DISALLOW_ADD_PRIVATE_PROFILE) && newRestrictions.getBoolean(UserManager.DISALLOW_ADD_PRIVATE_PROFILE); if (!newlyEnforced) { return; } mDpms.removePrivateSpaceWithinUserGroupIfExists(userId); } } private void clearUserConfiguredVpns(int userId) { Loading Loading @@ -1375,6 +1389,42 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } /** * Given a parent userId, try removing all private space profiles with its profile group, and * post a notification if at least one private space profile is removed. */ private void removePrivateSpaceWithinUserGroupIfExists(int userId) { boolean removed = false; if (mUserManager.isProfile(userId)) return; for (int profileId : mUserManager.getProfileIdsWithDisabled(userId)) { if (profileId == userId) continue; if (mUserManager.getUserInfo(profileId).isPrivateProfile()) { Slogf.i(LOG_TAG, "Removing private space %d due to DISALLOW_ADD_PRIVATE_PROFILE", profileId); removed |= mUserManager.removeUserEvenWhenDisallowed(profileId); } } if (removed) { mHandler.post(() -> sendPrivateSpaceRemovedNotification(userId)); } } private void sendPrivateSpaceRemovedNotification(int parentUserId) { String notification_details = mContext.getString( R.string.private_space_deleted_by_admin_details); Notification notification = new Notification.Builder(mContext, SystemNotificationChannels.DEVICE_ADMIN) .setSmallIcon(android.R.drawable.stat_sys_warning) .setContentTitle(mContext.getString( R.string.private_space_deleted_by_admin)) .setContentText(notification_details) .setColor(mContext.getColor(R.color.system_notification_accent_color)) .setStyle(new Notification.BigTextStyle().bigText(notification_details)) .build(); mInjector.getNotificationManager().notifyAsUser(/* tag= */ null, SystemMessage.NOTE_PROFILE_WIPED, notification, UserHandle.of(parentUserId)); } private final class UserLifecycleListener implements UserManagerInternal.UserLifecycleListener { @Override Loading Loading @@ -2128,9 +2178,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { mDevicePolicyEngine.load(); mContactSystemRoleHolders = fetchOemSystemHolders(/* roleResIds...= */ com.android.internal.R.string.config_defaultSms, com.android.internal.R.string.config_defaultDialer, com.android.internal.R.string.config_systemContacts R.string.config_defaultSms, R.string.config_defaultDialer, R.string.config_systemContacts ); // The binder caches are not enabled until the first invalidation. Loading Loading @@ -10458,7 +10508,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } final String configComponent = mContext.getResources().getString( com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent); R.string.config_defaultSupervisionProfileOwnerComponent); if (configComponent != null) { final ComponentName componentName = ComponentName.unflattenFromString(configComponent); if (who.equals(componentName)) { Loading @@ -10468,7 +10518,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { // Check the system supervision role. final String configPackage = mContext.getResources().getString( com.android.internal.R.string.config_systemSupervision); R.string.config_systemSupervision); return who.getPackageName().equals(configPackage); } Loading Loading @@ -22560,7 +22610,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { private String[] getDefaultRoleHolderPackageNameAndSignature() { String packageNameAndSignature = mContext.getString( com.android.internal.R.string.config_devicePolicyManagement); R.string.config_devicePolicyManagement); if (TextUtils.isEmpty(packageNameAndSignature)) { return null; }
