Merge "Let managed profile owner retrieve enterprise apn" into tm-dev am: e182078fba (cb816504) · Commits · e / os / android_frameworks_base

core/java/android/app/admin/DevicePolicyManager.java

+25 −13

Original line number	Original line	Diff line number	Diff line
	@@ -11210,7 +11210,9 @@ public class DevicePolicyManager {
	* for enterprise use.		* for enterprise use.
	*		*
	* An example of a supported preferential network service is the Enterprise		* An example of a supported preferential network service is the Enterprise
	* slice on 5G networks.		* slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally
			* configure enterprise APN to set up data call for the preferential network service.
			* These APNs can be added using {@link #addOverrideApn}.
	*		*
	* By default, preferential network service is disabled on the work profile and		* By default, preferential network service is disabled on the work profile and
	* fully managed devices, on supported carriers and devices.		* fully managed devices, on supported carriers and devices.
	@@ -11260,7 +11262,9 @@ public class DevicePolicyManager {
	* {@see PreferentialNetworkServiceConfig}		* {@see PreferentialNetworkServiceConfig}
	*		*
	* An example of a supported preferential network service is the Enterprise		* An example of a supported preferential network service is the Enterprise
	* slice on 5G networks.		* slice on 5G networks. For devices on 4G networks, the profile owner needs to additionally
			* configure enterprise APN to set up data call for the preferential network service.
			* These APNs can be added using {@link #addOverrideApn}.
	*		*
	* By default, preferential network service is disabled on the work profile and fully managed		* By default, preferential network service is disabled on the work profile and fully managed
	* devices, on supported carriers and devices. Admins can explicitly enable it with this API.		* devices, on supported carriers and devices. Admins can explicitly enable it with this API.
	@@ -13782,18 +13786,13 @@ public class DevicePolicyManager {
	}		}

	/**		/**
	* Called by device owner or profile owner to add an override APN.		* Called by device owner or managed profile owner to add an override APN.
	*		*
	* <p>This method may returns {@code -1} if {@code apnSetting} conflicts with an existing		* <p>This method may returns {@code -1} if {@code apnSetting} conflicts with an existing
	* override APN. Update the existing conflicted APN with		* override APN. Update the existing conflicted APN with
	* {@link #updateOverrideApn(ComponentName, int, ApnSetting)} instead of adding a new entry.		* {@link #updateOverrideApn(ComponentName, int, ApnSetting)} instead of adding a new entry.
	* <p>Two override APNs are considered to conflict when all the following APIs return		* <p>Two override APNs are considered to conflict when all the following APIs return
	* the same values on both override APNs:		* the same values on both override APNs:
	* <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
	* Only device owners can add APNs.
	* <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
	* Device and profile owners can add enterprise APNs
	* ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs.
	* <ul>		* <ul>
	* <li>{@link ApnSetting#getOperatorNumeric()}</li>		* <li>{@link ApnSetting#getOperatorNumeric()}</li>
	* <li>{@link ApnSetting#getApnName()}</li>		* <li>{@link ApnSetting#getApnName()}</li>
	@@ -13808,6 +13807,15 @@ public class DevicePolicyManager {
	* <li>{@link ApnSetting#getRoamingProtocol()}</li>		* <li>{@link ApnSetting#getRoamingProtocol()}</li>
	* </ul>		* </ul>
	*		*
			* <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
			* Only device owners can add APNs.
			* <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
			* Both device owners and managed profile owners can add enterprise APNs
			* ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can add other type of APNs.
			* Enterprise APNs are specific to the managed profile and do not override any user-configured
			* VPNs. They are prerequisites for enabling preferential network service on the managed
			* profile on 4G networks ({@link #setPreferentialNetworkServiceConfigs}).
			*
	* @param admin which {@link DeviceAdminReceiver} this request is associated with		* @param admin which {@link DeviceAdminReceiver} this request is associated with
	* @param apnSetting the override APN to insert		* @param apnSetting the override APN to insert
	* @return The {@code id} of inserted override APN. Or {@code -1} when failed to insert into		* @return The {@code id} of inserted override APN. Or {@code -1} when failed to insert into
	@@ -13830,7 +13838,7 @@ public class DevicePolicyManager {
	}		}

	/**		/**
	* Called by device owner or profile owner to update an override APN.		* Called by device owner or managed profile owner to update an override APN.
	*		*
	* <p>This method may returns {@code false} if there is no override APN with the given		* <p>This method may returns {@code false} if there is no override APN with the given
	* {@code apnId}.		* {@code apnId}.
	@@ -13840,7 +13848,7 @@ public class DevicePolicyManager {
	* <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:		* <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
	* Only device owners can update APNs.		* Only device owners can update APNs.
	* <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:		* <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
	* Device and profile owners can update enterprise APNs		* Both device owners and managed profile owners can update enterprise APNs
	* ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can update other type of APNs.		* ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can update other type of APNs.
	*		*
	* @param admin which {@link DeviceAdminReceiver} this request is associated with		* @param admin which {@link DeviceAdminReceiver} this request is associated with
	@@ -13867,14 +13875,14 @@ public class DevicePolicyManager {
	}		}

	/**		/**
	* Called by device owner or profile owner to remove an override APN.		* Called by device owner or managed profile owner to remove an override APN.
	*		*
	* <p>This method may returns {@code false} if there is no override APN with the given		* <p>This method may returns {@code false} if there is no override APN with the given
	* {@code apnId}.		* {@code apnId}.
	* <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:		* <p> Before Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
	* Only device owners can remove APNs.		* Only device owners can remove APNs.
	* <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:		* <p> Starting from Android version {@link android.os.Build.VERSION_CODES#TIRAMISU}:
	* Device and profile owners can remove enterprise APNs		* Both device owners and managed profile owners can remove enterprise APNs
	* ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can remove other type of APNs.		* ({@link ApnSetting#TYPE_ENTERPRISE}), while only device owners can remove other type of APNs.
	*		*
	* @param admin which {@link DeviceAdminReceiver} this request is associated with		* @param admin which {@link DeviceAdminReceiver} this request is associated with
	@@ -13899,7 +13907,8 @@ public class DevicePolicyManager {
	}		}

	/**		/**
	* Called by device owner to get all override APNs inserted by device owner.		* Called by device owner or managed profile owner to get all override APNs inserted by
			* device owner or managed profile owner previously using {@link #addOverrideApn}.
	*		*
	* @param admin which {@link DeviceAdminReceiver} this request is associated with		* @param admin which {@link DeviceAdminReceiver} this request is associated with
	* @return A list of override APNs inserted by device owner.		* @return A list of override APNs inserted by device owner.
	@@ -13924,6 +13933,9 @@ public class DevicePolicyManager {
	* <p> Override APNs are separated from other APNs on the device, and can only be inserted or		* <p> Override APNs are separated from other APNs on the device, and can only be inserted or
	* modified by the device owner. When enabled, only override APNs are in use, any other APNs		* modified by the device owner. When enabled, only override APNs are in use, any other APNs
	* are ignored.		* are ignored.
			* <p>Note: Enterprise APNs added by managed profile owners do not need to be enabled by
			* this API. They are part of the preferential network service config and is controlled by
			* {@link #setPreferentialNetworkServiceConfigs}.
	*		*
	* @param admin which {@link DeviceAdminReceiver} this request is associated with		* @param admin which {@link DeviceAdminReceiver} this request is associated with
	* @param enabled {@code true} if override APNs should be enabled, {@code false} otherwise		* @param enabled {@code true} if override APNs should be enabled, {@code false} otherwise

services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java

+36 −5

Original line number	Original line	Diff line number	Diff line
	@@ -1937,6 +1937,9 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	updatePasswordQualityCacheForUserGroup(userHandle);		updatePasswordQualityCacheForUserGroup(userHandle);
	mPolicyCache.onUserRemoved(userHandle);		mPolicyCache.onUserRemoved(userHandle);

			if (isManagedProfile(userHandle)) {
			clearManagedProfileApnUnchecked();
			}
	isOrgOwned = mOwners.isProfileOwnerOfOrganizationOwnedDevice(userHandle);		isOrgOwned = mOwners.isProfileOwnerOfOrganizationOwnedDevice(userHandle);

	mOwners.removeProfileOwner(userHandle);		mOwners.removeProfileOwner(userHandle);
	@@ -8760,6 +8763,18 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	}		}
	}		}

			private void clearManagedProfileApnUnchecked() {
			if (!mHasTelephonyFeature) {
			return;
			}
			final List<ApnSetting> apns = getOverrideApnsUnchecked();
			for (ApnSetting apn : apns) {
			if (apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
			removeOverrideApnUnchecked(apn.getId());
			}
			}
			}

	private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) {		private void clearDeviceOwnerLocked(ActiveAdmin admin, int userId) {
	mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner");		mDeviceAdminServiceController.stopServiceForOwner(userId, "clear-device-owner");

	@@ -12100,6 +12115,10 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	}		}
	}		}

			private boolean isManagedProfileOwner(CallerIdentity caller) {
			return isProfileOwner(caller) && isManagedProfile(caller.getUserId());
			}

	private boolean isDefaultSupervisor(CallerIdentity caller) {		private boolean isDefaultSupervisor(CallerIdentity caller) {
	final String supervisor = mContext.getResources().getString(		final String supervisor = mContext.getResources().getString(
	com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);		com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);
	@@ -16300,7 +16319,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	final CallerIdentity caller = getCallerIdentity(who);		final CallerIdentity caller = getCallerIdentity(who);
	if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {		if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
	Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)		Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
	\|\| isProfileOwner(caller));		\|\| isManagedProfileOwner(caller));
	} else {		} else {
	Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));		Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));
	}		}
	@@ -16328,7 +16347,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE		if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE
	&& apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {		&& apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
	Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)		Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
	\|\| isProfileOwner(caller));		\|\| isManagedProfileOwner(caller));
	} else {		} else {
	Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));		Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));
	}		}
	@@ -16356,7 +16375,7 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	ApnSetting apn = getApnSetting(apnId);		ApnSetting apn = getApnSetting(apnId);
	if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {		if (apn != null && apn.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
	Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)		Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
	\|\| isProfileOwner(caller));		\|\| isManagedProfileOwner(caller));
	} else {		} else {
	Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));		Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));
	}		}
	@@ -16401,8 +16420,20 @@ public class DevicePolicyManagerService extends BaseIDevicePolicyManager {
	}		}
	Objects.requireNonNull(who, "ComponentName is null");		Objects.requireNonNull(who, "ComponentName is null");
	final CallerIdentity caller = getCallerIdentity(who);		final CallerIdentity caller = getCallerIdentity(who);
	Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller));		Preconditions.checkCallAuthorization(isDefaultDeviceOwner(caller)
	return getOverrideApnsUnchecked();		\|\| isManagedProfileOwner(caller));
			List<ApnSetting> apnSettings = getOverrideApnsUnchecked();
			if (isProfileOwner(caller)) {
			List<ApnSetting> apnSettingList = new ArrayList<>();
			for (ApnSetting apnSetting : apnSettings) {
			if (apnSetting.getApnTypeBitmask() == ApnSetting.TYPE_ENTERPRISE) {
			apnSettingList.add(apnSetting);
			}
			}
			return apnSettingList;
			} else {
			return apnSettings;
			}
	}		}

	private List<ApnSetting> getOverrideApnsUnchecked() {		private List<ApnSetting> getOverrideApnsUnchecked() {