Merge "Let managed profile owner retrieve enterprise apn" into tm-dev am: e182078f

     * for enterprise use.

     *

     * An example of a supported preferential network service is the Enterprise

     * slice on 5G networks.

     * slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally

     * configure enterprise APN to set up data call for the preferential network service.

     * These APNs can be added using {@link #addOverrideApn}.

     *

     * By default, preferential network service is disabled on the work profile and

     * fully managed devices, on supported carriers and devices.

     * {@see PreferentialNetworkServiceConfig}

     *

     * An example of a supported preferential network service is the Enterprise

     * slice on 5G networks.

     * slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally

     * configure enterprise APN to set up data call for the preferential network service.

     * These APNs can be added using {@link #addOverrideApn}.

     *

     * By default, preferential network service is disabled on the work profile and fully managed

     * devices, on supported carriers and devices. Admins can explicitly enable it with this API.

    }

    /**

     * Called by device owner or profile owner to add an override APN.

     * Called by device owner or managed profile owner to add an override APN.

     *

     * <p>This method may returns {@code -1} if {@code apnSetting} conflicts with an existing

     * override APN. Update the existing conflicted APN with

     * {@link #updateOverrideApn(ComponentName, int, ApnSetting)} instead of adding a new entry.

     * <p>Two override APNs are considered to conflict when all the following APIs return

     * the same values on both override APNs:

     * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:

     * Only device owners can add APNs.

     * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:

     * Device and profile owners can add enterprise APNs

     * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs.

     * <ul>

     *   <li>{@link ApnSetting#getOperatorNumeric()}</li>

     *   <li>{@link ApnSetting#getApnName()}</li>

     *   <li>{@link ApnSetting#getRoamingProtocol()}</li>

     * </ul>

     *

     * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:

     * Only device owners can add APNs.

     * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:

     * Both device owners and managed profile owners can add enterprise APNs

     * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs.

     * Enterprise APNs are specific to the managed profile and do not override any user-configured

     * VPNs. They are prerequisites for enabling preferential network service on the managed

     * profile on 4G networks ({@link #setPreferentialNetworkServiceConfigs}).

     *

     * @param admin which {@link DeviceAdminReceiver} this request is associated with

     * @param apnSetting the override APN to insert

     * @return The {@code id} of inserted override APN. Or {@code -1} when failed to insert into

    }

    /**

     * Called by device owner or profile owner to update an override APN.

     * Called by device owner or managed profile owner to update an override APN.

     *

     * <p>This method may returns {@code false} if there is no override APN with the given

     * {@code apnId}.

     * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:

     * Only device owners can update APNs.

     * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:

     * Device and profile owners can update enterprise APNs

     * Both device owners and managed profile owners can update enterprise APNs

     * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can update other type of APNs.

     *

     * @param admin which {@link DeviceAdminReceiver} this request is associated with

    }

    /**

     * Called by device owner or profile owner to remove an override APN.

     * Called by device owner or managed profile owner to remove an override APN.

     *

     * <p>This method may returns {@code false} if there is no override APN with the given

     * {@code apnId}.

     * <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:

     * Only device owners can remove APNs.

     * <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:

     * Device and profile owners can remove enterprise APNs

     * Both device owners and managed profile owners can remove enterprise APNs

     * ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can remove other type of APNs.

     *

     * @param admin which {@link DeviceAdminReceiver} this request is associated with

    }

    /**

     * Called by device owner to get all override APNs inserted by device owner.

     * Called by device owner or managed profile owner to get all override APNs inserted by

     * device owner or managed profile owner previously using {@link #addOverrideApn}.

     *

     * @param admin which {@link DeviceAdminReceiver} this request is associated with

     * @return A list of override APNs inserted by device owner.

     * <p> Override APNs are separated from other APNs on the device, and can only be inserted or

     * modified by the device owner. When enabled, only override APNs are in use, any other APNs

     * are ignored.

     * <p>Note: Enterprise APNs added by managed profile owners do not need to be enabled by

     * this API. They are part of the preferential network service config and is controlled by

     * {@link #setPreferentialNetworkServiceConfigs}.

     *

     * @param admin which {@link DeviceAdminReceiver} this request is associated with

     * @param enabled {@code true} if override APNs should be enabled, {@code false} otherwise

            updatePasswordQualityCacheForUserGroup(userHandle);

            mPolicyCache.onUserRemoved(userHandle);

            if (isManagedProfile(userHandle)) {

                clearManagedProfileApnUnchecked();

            }

            isOrgOwned = mOwners.isProfileOwnerOfOrganizationOwnedDevice(userHandle);

            mOwners.removeProfileOwner(userHandle);

        }

    }

    private void clearManagedProfileApnUnchecked() {

        if (!mHasTelephonyFeature) {

            return;

        }

        final List<ApnSetting> apns = getOverrideApnsUnchecked();

        for (ApnSetting apn : apns) {

            if (apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {

                removeOverrideApnUnchecked(apn.getId());

            }

        }

    }

    private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) {

        mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner");

        }

    }

    private boolean isManagedProfileOwner(CallerIdentity caller) {

        return isProfileOwner(caller) && isManagedProfile(caller.getUserId());

    }

    private boolean isDefaultSupervisor(CallerIdentity caller) {

        final String supervisor = mContext.getResources().getString(

                com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);

        final CallerIdentity caller = getCallerIdentity(who);

        if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {

            Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)

                    || isProfileOwner(caller));

                    || isManagedProfileOwner(caller));

        } else {

            Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));

        }

        if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE

                && apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {

            Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)

                    || isProfileOwner(caller));

                    || isManagedProfileOwner(caller));

        } else {

            Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));

        }

        ApnSetting apn = getApnSetting(apnId);

        if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {

            Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)

                    || isProfileOwner(caller));

                    || isManagedProfileOwner(caller));

        } else {

            Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));

        }

        }

        Objects.requireNonNull(who, "ComponentName is null");

        final CallerIdentity caller = getCallerIdentity(who);

        Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));

        return getOverrideApnsUnchecked();

        Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)

                || isManagedProfileOwner(caller));

        List<ApnSetting> apnSettings = getOverrideApnsUnchecked();

        if (isProfileOwner(caller)) {

            List<ApnSetting> apnSettingList = new ArrayList<>();

            for (ApnSetting apnSetting : apnSettings) {

                if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {

                    apnSettingList.add(apnSetting);

                }

            }

            return apnSettingList;

        } else {

            return apnSettings;

        }

    }

    private List<ApnSetting> getOverrideApnsUnchecked() {