Merge "Rename PO Device IDs access -> Org Owned device"

    field public static final String GET_PROCESS_STATE_AND_OOM_SCORE = "android.permission.GET_PROCESS_STATE_AND_OOM_SCORE";

    field public static final String GET_RUNTIME_PERMISSIONS = "android.permission.GET_RUNTIME_PERMISSIONS";

    field public static final String GET_TOP_ACTIVITY_INFO = "android.permission.GET_TOP_ACTIVITY_INFO";

    field public static final String GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS = "android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS";

    field @Deprecated public static final String GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS = "android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS";

    field public static final String GRANT_RUNTIME_PERMISSIONS = "android.permission.GRANT_RUNTIME_PERMISSIONS";

    field public static final String GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS = "android.permission.GRANT_RUNTIME_PERMISSIONS_TO_TELEPHONY_DEFAULTS";

    field public static final String HANDLE_CAR_MODE_CHANGES = "android.permission.HANDLE_CAR_MODE_CHANGES";

    method @RequiresPermission(android.Manifest.permission.INTERACT_ACROSS_USERS_FULL) public boolean packageHasActiveAdmins(String);

    method @Deprecated @RequiresPermission("android.permission.MANAGE_DEVICE_ADMINS") public boolean setActiveProfileOwner(@NonNull android.content.ComponentName, String) throws java.lang.IllegalArgumentException;

    method @RequiresPermission(android.Manifest.permission.MANAGE_USERS) public void setDeviceProvisioningConfigApplied();

    method @RequiresPermission(value=android.Manifest.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS, conditional=true) public void setProfileOwnerCanAccessDeviceIds(@NonNull android.content.ComponentName);

    method @Deprecated @RequiresPermission(value=android.Manifest.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS, conditional=true) public void setProfileOwnerCanAccessDeviceIds(@NonNull android.content.ComponentName);

    field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_ALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED";

    field public static final String ACCOUNT_FEATURE_DEVICE_OR_PROFILE_OWNER_DISALLOWED = "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED";

    field public static final String ACTION_PROVISION_FINALIZATION = "android.app.action.PROVISION_FINALIZATION";

    private static final String COMMAND_CLEAR_FREEZE_PERIOD_RECORD = "clear-freeze-period-record";

    private static final String COMMAND_FORCE_NETWORK_LOGS = "force-network-logs";

    private static final String COMMAND_FORCE_SECURITY_LOGS = "force-security-logs";

    private static final String COMMAND_GRANT_PO_DEVICE_ID_ACCESS =

            "grant-profile-owner-device-ids-access";

    private static final String COMMAND_MARK_PO_ON_ORG_OWNED_DEVICE =

            "mark-profile-owner-on-organization-owned-device";

    private IDevicePolicyManager mDevicePolicyManager;

    private int mUserId = UserHandle.USER_SYSTEM;

                "dpm " + COMMAND_FORCE_SECURITY_LOGS + ": makes all security logs available to " +

                "the DPC and triggers DeviceAdminReceiver.onSecurityLogsAvailable() if needed."

                + "\n"

                + "usage: dpm " + COMMAND_GRANT_PO_DEVICE_ID_ACCESS + ": "

                + "usage: dpm " + COMMAND_MARK_PO_ON_ORG_OWNED_DEVICE + ": "

                + "[ --user <USER_ID> | current ] <COMPONENT>\n");

    }

            case COMMAND_FORCE_SECURITY_LOGS:

                runForceSecurityLogs();

                break;

            case COMMAND_GRANT_PO_DEVICE_ID_ACCESS:

                runGrantProfileOwnerDeviceIdsAccess();

            case COMMAND_MARK_PO_ON_ORG_OWNED_DEVICE:

                runMarkProfileOwnerOnOrganizationOwnedDevice();

                break;

            default:

                throw new IllegalArgumentException ("unknown command '" + command + "'");

    }

    private void runGrantProfileOwnerDeviceIdsAccess() throws RemoteException {

    private void runMarkProfileOwnerOnOrganizationOwnedDevice() throws RemoteException {

        parseArgs(/*canHaveName=*/ false);

        mDevicePolicyManager.grantDeviceIdsAccessToProfileOwner(mComponent, mUserId);

        mDevicePolicyManager.markProfileOwnerOnOrganizationOwnedDevice(mComponent, mUserId);

        System.out.println("Success");

    }

    }

    /**

     * Grants the profile owner of the given user access to device identifiers (such as

     * serial number, IMEI and MEID).

     * Deprecated. Use {@code markProfileOwnerOnOrganizationOwnedDevice} instead.

     * Throws UnsupportedOperationException when called.

     *

     * <p>This lets the profile owner request inclusion of device identifiers when calling

     * {@link generateKeyPair}.

     *

     * <p>This grant is necessary to guarantee that profile owners can access device identifiers.

     *

     * <p>Privileged system API - meant to be called by the system, particularly the managed

     * provisioning app, when a work profile is set up.

     * @deprecated Use {@link #markProfileOwnerOnOrganizationOwnedDevice} instead.

     *

     * @hide

     */

    @Deprecated

    @SystemApi

    @RequiresPermission(value = android.Manifest.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS,

            conditional = true)

    public void setProfileOwnerCanAccessDeviceIds(@NonNull ComponentName who) {

        throw new UnsupportedOperationException(

                "This method is deprecated. use markProfileOwnerOnOrganizationOwnedDevice instead"

                        + ".");

    }

    /**

     * Marks the profile owner of the given user as managing an organization-owned device.

     * That will give it access to device identifiers (such as serial number, IMEI and MEID)

     * as well as other privileges.

     *

     * @hide

     */

    @RequiresPermission(value = android.Manifest.permission.MARK_DEVICE_ORGANIZATION_OWNED,

            conditional = true)

    public void markProfileOwnerOnOrganizationOwnedDevice(@NonNull ComponentName who) {

        if (mService == null) {

            return;

        }

        try {

            mService.grantDeviceIdsAccessToProfileOwner(who, myUserId());

            mService.markProfileOwnerOnOrganizationOwnedDevice(who, myUserId());

        } catch (RemoteException re) {

            throw re.rethrowFromSystemServer();

        }

    int getGlobalPrivateDnsMode(in ComponentName admin);

    String getGlobalPrivateDnsHost(in ComponentName admin);

    void grantDeviceIdsAccessToProfileOwner(in ComponentName who, int userId);

    void markProfileOwnerOnOrganizationOwnedDevice(in ComponentName who, int userId);

    void installUpdateFromFile(in ComponentName admin, in ParcelFileDescriptor updateFileDescriptor, in StartInstallingUpdateCallback listener);

    <!-- @SystemApi Allows an app to grant a profile owner access to device identifiers.

         <p>Not for use by third-party applications.

         @deprecated

         @hide -->

    <permission android:name="android.permission.GRANT_PROFILE_OWNER_DEVICE_IDS_ACCESS"

        android:protectionLevel="signature" />

    <!-- Allows an app to mark a profile owner as managing an organization-owned device.

         <p>Not for use by third-party applications.

         @hide -->

    <permission android:name="android.permission.MARK_DEVICE_ORGANIZATION_OWNED"

                android:protectionLevel="signature" />

    <!-- Allows financial apps to read filtered sms messages.

         Protection level: signature|appop  -->

    <permission android:name="android.permission.SMS_FINANCIAL_TRANSACTIONS"