Merge "Add API to check if device policy role qualification is bypassable" into tm-dev (caf50b5f) · Commits · e / os / android_frameworks_base

core/api/system-current.txt

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1114,6 +1114,7 @@ package android.app.admin {
	method public void setSecondaryLockscreenEnabled(@NonNull android.content.ComponentName, boolean);		method public void setSecondaryLockscreenEnabled(@NonNull android.content.ComponentName, boolean);
	method @RequiresPermission(android.Manifest.permission.UPDATE_DEVICE_MANAGEMENT_RESOURCES) public void setStrings(@NonNull java.util.Set<android.app.admin.DevicePolicyStringResource>);		method @RequiresPermission(android.Manifest.permission.UPDATE_DEVICE_MANAGEMENT_RESOURCES) public void setStrings(@NonNull java.util.Set<android.app.admin.DevicePolicyStringResource>);
	method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setUserProvisioningState(int, @NonNull android.os.UserHandle);		method @RequiresPermission(android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS) public void setUserProvisioningState(int, @NonNull android.os.UserHandle);
			method @RequiresPermission(android.Manifest.permission.MANAGE_ROLE_HOLDERS) public boolean shouldAllowBypassingDevicePolicyManagementRoleQualification();
	field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED";		field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED";
	field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED";		field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED";
	field public static final String ACTION_BIND_SECONDARY_LOCKSCREEN_SERVICE = "android.app.action.BIND_SECONDARY_LOCKSCREEN_SERVICE";		field public static final String ACTION_BIND_SECONDARY_LOCKSCREEN_SERVICE = "android.app.action.BIND_SECONDARY_LOCKSCREEN_SERVICE";

core/java/android/app/admin/DevicePolicyManager.java

+19 −0

Original line number	Original line	Diff line number	Diff line
	@@ -15765,4 +15765,23 @@ public class DevicePolicyManager {
	}		}
	return deviceManagerConfig;		return deviceManagerConfig;
	}		}

			/**
			* @return {@code true} if bypassing the device policy management role qualification is allowed
			* with the current state of the device.
			*
			* @hide
			*/
			@SystemApi
			@RequiresPermission(android.Manifest.permission.MANAGE_ROLE_HOLDERS)
			public boolean shouldAllowBypassingDevicePolicyManagementRoleQualification() {
			if (mService != null) {
			try {
			return mService.shouldAllowBypassingDevicePolicyManagementRoleQualification();
			} catch (RemoteException e) {
			throw e.rethrowFromSystemServer();
			}
			}
			return false;
			}
	}		}

core/java/android/app/admin/IDevicePolicyManager.aidl

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -558,4 +558,6 @@ interface IDevicePolicyManager {
	void setStrings(in List<DevicePolicyStringResource> strings);		void setStrings(in List<DevicePolicyStringResource> strings);
	void resetStrings(in String[] stringIds);		void resetStrings(in String[] stringIds);
	ParcelableResource getString(String stringId);		ParcelableResource getString(String stringId);

			boolean shouldAllowBypassingDevicePolicyManagementRoleQualification();
	}		}

services/devicepolicy/java/com/android/server/devicepolicy/BaseIDevicePolicyManager.java

+5 −0

Original line number	Original line	Diff line number	Diff line
	@@ -189,4 +189,9 @@ abstract class BaseIDevicePolicyManager extends IDevicePolicyManager.Stub {
	public ParcelableResource getString(String stringId) {		public ParcelableResource getString(String stringId) {
	return null;		return null;
	}		}

			@Override
			public boolean shouldAllowBypassingDevicePolicyManagementRoleQualification() {
			return false;
			}
	}		}

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+14 −0

Original line number	Original line	Diff line number	Diff line
	@@ -18790,4 +18790,18 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	mInjector.binderWithCleanCallingIdentity(() -> Settings.Secure.putInt(		mInjector.binderWithCleanCallingIdentity(() -> Settings.Secure.putInt(
	mContext.getContentResolver(), MANAGED_PROVISIONING_DPC_DOWNLOADED, setTo));		mContext.getContentResolver(), MANAGED_PROVISIONING_DPC_DOWNLOADED, setTo));
	}		}

			@Override
			public boolean shouldAllowBypassingDevicePolicyManagementRoleQualification() {
			Preconditions.checkCallAuthorization(hasCallingOrSelfPermission(
			android.Manifest.permission.MANAGE_ROLE_HOLDERS));
			return mInjector.binderWithCleanCallingIdentity(() -> {
			if (mUserManager.getUserCount() > 1) {
			return false;
			}
			AccountManager am = AccountManager.get(mContext);
			Account[] accounts = am.getAccounts();
			return accounts.length == 0;
			});
			}
	}		}