Loading core/java/android/app/admin/DevicePolicyManager.java +19 −4 Original line number Diff line number Diff line Loading @@ -4889,15 +4889,30 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public Bundle getUserRestrictions(@NonNull ComponentName admin) { return getUserRestrictions(admin, myUserId()); Bundle ret = null; if (mService != null) { try { ret = mService.getUserRestrictions(admin); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return ret == null ? new Bundle() : ret; } /** @hide per-user version */ public Bundle getUserRestrictions(@NonNull ComponentName admin, int userHandle) { /** * Called by the system to get the user restrictions for a user. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param userHandle user id the admin is running as. * * @hide */ public Bundle getUserRestrictionsForUser(@NonNull ComponentName admin, int userHandle) { Bundle ret = null; if (mService != null) { try { ret = mService.getUserRestrictions(admin, userHandle); ret = mService.getUserRestrictionsForUser(admin, userHandle); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading core/java/android/app/admin/IDevicePolicyManager.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -169,7 +169,8 @@ interface IDevicePolicyManager { ComponentName getRestrictionsProvider(int userHandle); void setUserRestriction(in ComponentName who, in String key, boolean enable); Bundle getUserRestrictions(in ComponentName who, int userId); Bundle getUserRestrictions(in ComponentName who); Bundle getUserRestrictionsForUser(in ComponentName who, int userId); void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags); void clearCrossProfileIntentFilters(in ComponentName admin); Loading packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java +4 −2 Original line number Diff line number Diff line Loading @@ -78,7 +78,8 @@ public class RestrictedLockUtils { int deviceOwnerUserId = dpm.getDeviceOwnerUserId(); boolean enforcedByDeviceOwner = false; if (deviceOwner != null && deviceOwnerUserId != UserHandle.USER_NULL) { Bundle enforcedRestrictions = dpm.getUserRestrictions(deviceOwner, deviceOwnerUserId); Bundle enforcedRestrictions = dpm.getUserRestrictionsForUser(deviceOwner, deviceOwnerUserId); if (enforcedRestrictions != null && enforcedRestrictions.getBoolean(userRestriction, false)) { enforcedByDeviceOwner = true; Loading @@ -90,7 +91,8 @@ public class RestrictedLockUtils { if (userId != UserHandle.USER_NULL) { profileOwner = dpm.getProfileOwnerAsUser(userId); if (profileOwner != null) { Bundle enforcedRestrictions = dpm.getUserRestrictions(profileOwner, userId); Bundle enforcedRestrictions = dpm.getUserRestrictionsForUser(profileOwner, userId); if (enforcedRestrictions != null && enforcedRestrictions.getBoolean(userRestriction, false)) { enforcedByProfileOwner = true; Loading services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +33 −14 Original line number Diff line number Diff line Loading @@ -5796,8 +5796,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { transitionCheckNeeded = false; } else { // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS. mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); enforceCanManageProfileAndDeviceOwners(); } final DevicePolicyData policyData = getUserData(userHandle); Loading Loading @@ -5990,8 +5989,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } return; } mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); enforceCanManageProfileAndDeviceOwners(); if (hasUserSetupCompleted(userHandle) && !isCallerWithSystemUid()) { throw new IllegalStateException("Cannot set the profile owner on a user which is " + "already set-up"); Loading @@ -6006,8 +6004,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int callingUid = mInjector.binderGetCallingUid(); boolean isAdb = callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID; if (!isAdb) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); enforceCanManageProfileAndDeviceOwners(); } final int code = checkSetDeviceOwnerPreCondition(userId, isAdb); Loading Loading @@ -6663,6 +6660,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (this) { ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); if (admin == null) { return false; } if (admin.permittedAccessiblityServices == null) { return true; } Loading Loading @@ -6833,6 +6833,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (this) { ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); if (admin == null) { return false; } if (admin.permittedInputMethods == null) { return true; } Loading Loading @@ -7103,19 +7106,30 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override public Bundle getUserRestrictions(ComponentName who, int userHandle) { public Bundle getUserRestrictions(ComponentName who) { if (!mHasFeature) { return null; } Preconditions.checkNotNull(who, "ComponentName is null"); synchronized (this) { final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); return activeAdmin.userRestrictions; } } @Override public Bundle getUserRestrictionsForUser(ComponentName who, int userHandle) { if (!mHasFeature) { return null; } Preconditions.checkNotNull(who, "ComponentName is null"); enforceFullCrossUsersPermission(userHandle); enforceCanManageProfileAndDeviceOwners(); synchronized (this) { ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(who, userHandle); if (activeAdmin == null) { throw new SecurityException("No active admin: " + activeAdmin); } if (activeAdmin.getUid() != mInjector.binderGetCallingUid()) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, "Calling uid " + mInjector.binderGetCallingUid() + " neither owns the admin" + " " + who + " nor has MANAGE_PROFILE_AND_DEVICE_OWNERS permission"); return null; } return activeAdmin.userRestrictions; } Loading Loading @@ -8689,6 +8703,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { null); } private void enforceCanManageProfileAndDeviceOwners() { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); } @Override public boolean isUninstallInQueue(final String packageName) { enforceCanManageDeviceAdmin(); Loading Loading
core/java/android/app/admin/DevicePolicyManager.java +19 −4 Original line number Diff line number Diff line Loading @@ -4889,15 +4889,30 @@ public class DevicePolicyManager { * @throws SecurityException if {@code admin} is not a device or profile owner. */ public Bundle getUserRestrictions(@NonNull ComponentName admin) { return getUserRestrictions(admin, myUserId()); Bundle ret = null; if (mService != null) { try { ret = mService.getUserRestrictions(admin); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } } return ret == null ? new Bundle() : ret; } /** @hide per-user version */ public Bundle getUserRestrictions(@NonNull ComponentName admin, int userHandle) { /** * Called by the system to get the user restrictions for a user. * * @param admin Which {@link DeviceAdminReceiver} this request is associated with. * @param userHandle user id the admin is running as. * * @hide */ public Bundle getUserRestrictionsForUser(@NonNull ComponentName admin, int userHandle) { Bundle ret = null; if (mService != null) { try { ret = mService.getUserRestrictions(admin, userHandle); ret = mService.getUserRestrictionsForUser(admin, userHandle); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } Loading
core/java/android/app/admin/IDevicePolicyManager.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -169,7 +169,8 @@ interface IDevicePolicyManager { ComponentName getRestrictionsProvider(int userHandle); void setUserRestriction(in ComponentName who, in String key, boolean enable); Bundle getUserRestrictions(in ComponentName who, int userId); Bundle getUserRestrictions(in ComponentName who); Bundle getUserRestrictionsForUser(in ComponentName who, int userId); void addCrossProfileIntentFilter(in ComponentName admin, in IntentFilter filter, int flags); void clearCrossProfileIntentFilters(in ComponentName admin); Loading
packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java +4 −2 Original line number Diff line number Diff line Loading @@ -78,7 +78,8 @@ public class RestrictedLockUtils { int deviceOwnerUserId = dpm.getDeviceOwnerUserId(); boolean enforcedByDeviceOwner = false; if (deviceOwner != null && deviceOwnerUserId != UserHandle.USER_NULL) { Bundle enforcedRestrictions = dpm.getUserRestrictions(deviceOwner, deviceOwnerUserId); Bundle enforcedRestrictions = dpm.getUserRestrictionsForUser(deviceOwner, deviceOwnerUserId); if (enforcedRestrictions != null && enforcedRestrictions.getBoolean(userRestriction, false)) { enforcedByDeviceOwner = true; Loading @@ -90,7 +91,8 @@ public class RestrictedLockUtils { if (userId != UserHandle.USER_NULL) { profileOwner = dpm.getProfileOwnerAsUser(userId); if (profileOwner != null) { Bundle enforcedRestrictions = dpm.getUserRestrictions(profileOwner, userId); Bundle enforcedRestrictions = dpm.getUserRestrictionsForUser(profileOwner, userId); if (enforcedRestrictions != null && enforcedRestrictions.getBoolean(userRestriction, false)) { enforcedByProfileOwner = true; Loading
services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +33 −14 Original line number Diff line number Diff line Loading @@ -5796,8 +5796,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { transitionCheckNeeded = false; } else { // For all other cases, caller must have MANAGE_PROFILE_AND_DEVICE_OWNERS. mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); enforceCanManageProfileAndDeviceOwners(); } final DevicePolicyData policyData = getUserData(userHandle); Loading Loading @@ -5990,8 +5989,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } return; } mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); enforceCanManageProfileAndDeviceOwners(); if (hasUserSetupCompleted(userHandle) && !isCallerWithSystemUid()) { throw new IllegalStateException("Cannot set the profile owner on a user which is " + "already set-up"); Loading @@ -6006,8 +6004,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { int callingUid = mInjector.binderGetCallingUid(); boolean isAdb = callingUid == Process.SHELL_UID || callingUid == Process.ROOT_UID; if (!isAdb) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); enforceCanManageProfileAndDeviceOwners(); } final int code = checkSetDeviceOwnerPreCondition(userId, isAdb); Loading Loading @@ -6663,6 +6660,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (this) { ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); if (admin == null) { return false; } if (admin.permittedAccessiblityServices == null) { return true; } Loading Loading @@ -6833,6 +6833,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } synchronized (this) { ActiveAdmin admin = getActiveAdminUncheckedLocked(who, userHandle); if (admin == null) { return false; } if (admin.permittedInputMethods == null) { return true; } Loading Loading @@ -7103,19 +7106,30 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } @Override public Bundle getUserRestrictions(ComponentName who, int userHandle) { public Bundle getUserRestrictions(ComponentName who) { if (!mHasFeature) { return null; } Preconditions.checkNotNull(who, "ComponentName is null"); synchronized (this) { final ActiveAdmin activeAdmin = getActiveAdminForCallerLocked(who, DeviceAdminInfo.USES_POLICY_PROFILE_OWNER); return activeAdmin.userRestrictions; } } @Override public Bundle getUserRestrictionsForUser(ComponentName who, int userHandle) { if (!mHasFeature) { return null; } Preconditions.checkNotNull(who, "ComponentName is null"); enforceFullCrossUsersPermission(userHandle); enforceCanManageProfileAndDeviceOwners(); synchronized (this) { ActiveAdmin activeAdmin = getActiveAdminUncheckedLocked(who, userHandle); if (activeAdmin == null) { throw new SecurityException("No active admin: " + activeAdmin); } if (activeAdmin.getUid() != mInjector.binderGetCallingUid()) { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, "Calling uid " + mInjector.binderGetCallingUid() + " neither owns the admin" + " " + who + " nor has MANAGE_PROFILE_AND_DEVICE_OWNERS permission"); return null; } return activeAdmin.userRestrictions; } Loading Loading @@ -8689,6 +8703,11 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { null); } private void enforceCanManageProfileAndDeviceOwners() { mContext.enforceCallingOrSelfPermission( android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS, null); } @Override public boolean isUninstallInQueue(final String packageName) { enforceCanManageDeviceAdmin(); Loading
