Add assist content admin control (c1ec858e) · Commits · e / os / android_frameworks_base

core/api/current.txt

+2 −0

Original line number	Diff line number	Diff line
		@@ -140,6 +140,7 @@ package android {
		field public static final String MANAGE_DEVICE_POLICY_APPS_CONTROL = "android.permission.MANAGE_DEVICE_POLICY_APPS_CONTROL";
		field public static final String MANAGE_DEVICE_POLICY_APP_RESTRICTIONS = "android.permission.MANAGE_DEVICE_POLICY_APP_RESTRICTIONS";
		field public static final String MANAGE_DEVICE_POLICY_APP_USER_DATA = "android.permission.MANAGE_DEVICE_POLICY_APP_USER_DATA";
		field @FlaggedApi("android.app.admin.flags.assist_content_user_restriction_enabled") public static final String MANAGE_DEVICE_POLICY_ASSIST_CONTENT = "android.permission.MANAGE_DEVICE_POLICY_ASSIST_CONTENT";
		field public static final String MANAGE_DEVICE_POLICY_AUDIO_OUTPUT = "android.permission.MANAGE_DEVICE_POLICY_AUDIO_OUTPUT";
		field public static final String MANAGE_DEVICE_POLICY_AUTOFILL = "android.permission.MANAGE_DEVICE_POLICY_AUTOFILL";
		field public static final String MANAGE_DEVICE_POLICY_BACKUP_SERVICE = "android.permission.MANAGE_DEVICE_POLICY_BACKUP_SERVICE";
		@@ -33857,6 +33858,7 @@ package android.os {
		field public static final String DISALLOW_AIRPLANE_MODE = "no_airplane_mode";
		field public static final String DISALLOW_AMBIENT_DISPLAY = "no_ambient_display";
		field public static final String DISALLOW_APPS_CONTROL = "no_control_apps";
		field @FlaggedApi("android.app.admin.flags.assist_content_user_restriction_enabled") public static final String DISALLOW_ASSIST_CONTENT = "no_assist_content";
		field public static final String DISALLOW_AUTOFILL = "no_autofill";
		field public static final String DISALLOW_BLUETOOTH = "no_bluetooth";
		field public static final String DISALLOW_BLUETOOTH_SHARING = "no_bluetooth_sharing";

core/java/android/app/admin/flags/flags.aconfig

+7 −0

Original line number	Diff line number	Diff line
		@@ -56,6 +56,13 @@ flag {
		bug: "293441361"
		}

		flag {
		name: "assist_content_user_restriction_enabled"
		namespace: "enterprise"
		description: "Prevent work data leakage by sending assist content to privileged apps."
		bug: "322975406"
		}

		flag {
		name: "default_sms_personal_app_suspension_fix_enabled"
		namespace: "enterprise"

core/java/android/os/UserManager.java

+21 −0

Original line number	Diff line number	Diff line
		@@ -1954,6 +1954,26 @@ public class UserManager {
		public static final String DISALLOW_SIM_GLOBALLY =
		"no_sim_globally";

		/**
		* This user restriction specifies if assist content is disallowed from being sent to
		* a privileged app such as the Assistant app. Assist content includes screenshots and
		* information about an app, such as package name.
		*
		* <p>This restriction can only be set by a device owner or a profile owner. When it is set
		* by a device owner, it disables the assist contextual data on the entire device. When it is
		* set by a profile owner, it disables assist content on the profile.
		*
		* <p>Default is <code>false</code>.
		*
		* <p>Key for user restrictions.
		* <p>Type: Boolean
		* @see DevicePolicyManager#addUserRestriction(ComponentName, String)
		* @see DevicePolicyManager#clearUserRestriction(ComponentName, String)
		* @see #getUserRestrictions()
		*/
		@FlaggedApi(android.app.admin.flags.Flags.FLAG_ASSIST_CONTENT_USER_RESTRICTION_ENABLED)
		public static final String DISALLOW_ASSIST_CONTENT = "no_assist_content";

		/**
		* List of key values that can be passed into the various user restriction related methods
		* in {@link UserManager} & {@link DevicePolicyManager}.
		@@ -2042,6 +2062,7 @@ public class UserManager {
		DISALLOW_NEAR_FIELD_COMMUNICATION_RADIO,
		DISALLOW_THREAD_NETWORK,
		DISALLOW_SIM_GLOBALLY,
		DISALLOW_ASSIST_CONTENT,
		})
		@Retention(RetentionPolicy.SOURCE)
		public @interface UserRestrictionKey {}

core/res/AndroidManifest.xml

+7 −0

Original line number	Diff line number	Diff line
		@@ -3617,6 +3617,13 @@
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_THREAD_NETWORK"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to set policy related to sending assist content to a
		privileged app such as the Assistant app.
		@FlaggedApi("android.app.admin.flags.assist_content_user_restriction_enabled")
		-->
		<permission android:name="android.permission.MANAGE_DEVICE_POLICY_ASSIST_CONTENT"
		android:protectionLevel="internal\|role" />

		<!-- Allows an application to set policy related to windows.
		<p>{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is
		required to call APIs protected by this permission on users different to the calling user.

services/core/java/com/android/server/pm/UserRestrictionsUtils.java

+4 −2

Original line number	Diff line number	Diff line
		@@ -154,7 +154,8 @@ public class UserRestrictionsUtils {
		UserManager.DISALLOW_ULTRA_WIDEBAND_RADIO,
		UserManager.DISALLOW_CONFIG_DEFAULT_APPS,
		UserManager.DISALLOW_NEAR_FIELD_COMMUNICATION_RADIO,
		UserManager.DISALLOW_SIM_GLOBALLY
		UserManager.DISALLOW_SIM_GLOBALLY,
		UserManager.DISALLOW_ASSIST_CONTENT
		});

		public static final Set<String> DEPRECATED_USER_RESTRICTIONS = Sets.newArraySet(
		@@ -230,7 +231,8 @@ public class UserRestrictionsUtils {
		UserManager.DISALLOW_RUN_IN_BACKGROUND,
		UserManager.DISALLOW_UNMUTE_MICROPHONE,
		UserManager.DISALLOW_UNMUTE_DEVICE,
		UserManager.DISALLOW_CAMERA
		UserManager.DISALLOW_CAMERA,
		UserManager.DISALLOW_ASSIST_CONTENT
		);

		/**